]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/realm_sync_test.pl
8 use Storable
qw(dclone);
10 use PVE
::AccessControl
;
11 use PVE
::API2
::Domains
;
15 "pam" => { type
=> 'pam' },
16 "pve" => { type
=> 'pve' },
17 "syncedrealm" => { type
=> 'ldap' }
21 my $initialusercfg = {
23 'root@pam' => { username
=> 'root', },
24 'user1@syncedrealm' => {
29 'user2@syncedrealm' => {
33 'user3@syncedrealm' => {
39 'group1-syncedrealm' => { users
=> {}, },
40 'group2-syncedrealm' => { users
=> {}, },
45 'user3@syncedrealm' => {},
55 attributes
=> { 'uid' => ['user1'], },
56 dn
=> 'uid=user1,dc=syncedrealm',
59 attributes
=> { 'uid' => ['user2'], },
60 dn
=> 'uid=user2,dc=syncedrealm',
63 attributes
=> { 'uid' => ['user4'], },
64 dn
=> 'uid=user4,dc=syncedrealm',
69 dn
=> 'dc=group1,dc=syncedrealm',
71 'uid=user1,dc=syncedrealm',
75 dn
=> 'dc=group3,dc=syncedrealm',
77 'uid=nonexisting,dc=syncedrealm',
83 my $returned_user_cfg = {};
85 # mocking all cluster and ldap operations
86 my $pve_cluster_module = Test
::MockModule-
>new('PVE::Cluster');
87 $pve_cluster_module->mock(
89 cfs_read_file
=> sub {
91 if ($filename eq 'domains.cfg') { return dclone
($domainscfg); }
92 if ($filename eq 'user.cfg') { return dclone
($initialusercfg); }
93 die "unexpected cfs_read_file";
95 cfs_write_file
=> sub {
96 my ($filename, $data) = @_;
97 if ($filename eq 'user.cfg') {
98 $returned_user_cfg = $data;
101 die "unexpected cfs_read_file";
103 cfs_lock_file
=> sub {
104 my ($filename, $timeout, $code) = @_;
109 my $pve_api_domains = Test
::MockModule-
>new('PVE::API2::Domains');
110 $pve_api_domains->mock(
111 cfs_read_file
=> sub { PVE
::Cluster
::cfs_read_file
(@_); },
112 cfs_write_file
=> sub { PVE
::Cluster
::cfs_write_file
(@_); },
115 my $pve_accesscontrol = Test
::MockModule-
>new('PVE::AccessControl');
116 $pve_accesscontrol->mock(
117 cfs_lock_file
=> sub { PVE
::Cluster
::cfs_lock_file
(@_); },
120 my $pve_rpcenvironment = Test
::MockModule-
>new('PVE::RPCEnvironment');
121 $pve_rpcenvironment->mock(
122 get
=> sub { return bless {}, 'PVE::RPCEnvironment'; },
123 get_user
=> sub { return 'root@pam'; },
125 my ($class, $workertype, $id, $user, $code) = @_;
131 my $pve_ldap_module = Test
::MockModule-
>new('PVE::LDAP');
132 $pve_ldap_module->mock(
133 ldap_connect
=> sub { return {}; },
136 return $sync_response->{user
};
138 query_groups
=> sub {
139 return $sync_response->{groups
};
143 my $pve_auth_ldap = Test
::MockModule-
>new('PVE::Auth::LDAP');
144 $pve_auth_ldap->mock(
145 connect_and_bind
=> sub { return {}; },
150 "non-full without purge",
152 realm
=> 'syncedrealm',
157 'root@pam' => { username
=> 'root', },
158 'user1@syncedrealm' => {
163 'user2@syncedrealm' => {
167 'user3@syncedrealm' => {
171 'user4@syncedrealm' => {
177 'group1-syncedrealm' => {
179 'user1@syncedrealm' => 1,
182 'group2-syncedrealm' => { users
=> {}, },
183 'group3-syncedrealm' => { users
=> {}, },
188 'user3@syncedrealm' => {},
196 "full without purge",
198 realm
=> 'syncedrealm',
199 'remove-vanished' => 'entry;properties',
204 'root@pam' => { username
=> 'root', },
205 'user1@syncedrealm' => {
209 'user2@syncedrealm' => {
213 'user4@syncedrealm' => {
219 'group1-syncedrealm' => {
221 'user1@syncedrealm' => 1,
224 'group3-syncedrealm' => { users
=> {}, }
229 'user3@syncedrealm' => {},
237 "non-full with purge",
239 realm
=> 'syncedrealm',
240 'remove-vanished' => 'acl',
245 'root@pam' => { username
=> 'root', },
246 'user1@syncedrealm' => {
251 'user2@syncedrealm' => {
255 'user3@syncedrealm' => {
259 'user4@syncedrealm' => {
265 'group1-syncedrealm' => {
267 'user1@syncedrealm' => 1,
270 'group2-syncedrealm' => { users
=> {}, },
271 'group3-syncedrealm' => { users
=> {}, },
284 realm
=> 'syncedrealm',
285 'remove-vanished' => 'acl;entry;properties',
290 'root@pam' => { username
=> 'root', },
291 'user1@syncedrealm' => {
295 'user2@syncedrealm' => {
299 'user4@syncedrealm' => {
305 'group1-syncedrealm' => {
307 'user1@syncedrealm' => 1,
310 'group3-syncedrealm' => { users
=> {}, },
321 "don't delete properties, but users and acls",
323 realm
=> 'syncedrealm',
324 'remove-vanished' => 'acl;entry',
329 'root@pam' => { username
=> 'root', },
330 'user1@syncedrealm' => {
335 'user2@syncedrealm' => {
339 'user4@syncedrealm' => {
345 'group1-syncedrealm' => {
347 'user1@syncedrealm' => 1,
350 'group3-syncedrealm' => { users
=> {}, },
362 for my $test (@$tests) {
363 my $name = $test->[0];
364 my $parameters = $test->[1];
365 my $expected = $test->[2];
366 $returned_user_cfg = {};
367 PVE
::API2
::Domains-
>sync($parameters);
368 is_deeply
($returned_user_cfg, $expected, $name);