6 use PVE
::AccessControl
;
8 use Storable
qw(dclone);
10 PVE
::AccessControl
::create_roles
();
11 my $default_user_cfg = {};
12 PVE
::AccessControl
::userconfig_force_defaults
($default_user_cfg);
14 my $add_default_user_properties = sub {
17 $user->{enable
} = 1 if !defined($user->{enable
});
18 $user->{expire
} = 0 if !defined($user->{expire
});
19 $user->{email
} = undef if !defined($user->{email
});
25 my $roles = dclone
($default_user_cfg->{roles
});
29 sub default_roles_with
{
30 my ($extra_roles) = @_;
32 my $roles = default_roles
();
34 foreach my $r (@$extra_roles) {
35 my $role = dclone
($r);
36 my $roleid = delete $role->{id
};
37 $roles->{$roleid} = $role;
44 my $users = dclone
($default_user_cfg->{users
});
45 return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users};
48 sub default_users_with
{
49 my ($extra_users) = @_;
51 my $users = default_users
();
53 foreach my $u (@$extra_users) {
54 my $user = dclone
($u);
55 my $userid = delete $user->{id
};
56 $users->{$userid} = $add_default_user_properties->($user);
66 sub default_groups_with
{
67 my ($extra_groups) = @_;
69 my $groups = default_groups
();
71 foreach my $g (@$extra_groups) {
72 my $group = dclone
($g);
73 my $groupid = delete $group->{id
};
74 $groups->{$groupid} = $group;
84 sub default_pools_with
{
85 my ($extra_pools) = @_;
87 my $pools = default_pools
();
89 foreach my $p (@$extra_pools) {
90 my $pool = dclone
($p);
91 my $poolid = delete $pool->{id
};
92 $pools->{$poolid} = $pool;
98 sub default_pool_vms_with
{
99 my ($extra_pools) = @_;
102 foreach my $pool (@$extra_pools) {
103 foreach my $vmid (keys %{$pool->{vms
}}) {
104 $vms->{$vmid} = $pool->{id
};
114 # note: does not support merging paths!
115 sub default_acls_with
{
116 my ($extra_acls) = @_;
118 my $acls = default_acls
();
120 foreach my $a (@$extra_acls) {
121 my $acl = dclone
($a);
122 my $path = delete $acl->{path
};
123 $acls->{$path} = $acl;
142 test_pam_with_group
=> {
147 'groups' => { 'testgroup' => 1 },
149 test2_pam_with_group
=> {
154 'groups' => { 'testgroup' => 1 },
161 'groups' => { 'another' => 1 },
163 test_pam_with_token
=> {
175 test_pam2_with_token
=> {
195 test_group_empty
=> {
199 test_group_single_member
=> {
205 test_group_members
=> {
212 test_group_second
=> {
218 test_role_single_priv
=> {
219 'id' => 'testrolesingle',
225 'Datastore.Audit' => 1,
232 test_pool_members
=> {
234 vms
=> { 123 => 1, 1234 => 1},
235 storage
=> { 'local' => 1, 'local-zfs' => 1},
237 test_pool_duplicate_vms
=> {
238 'id' => 'test_duplicate_vms',
242 test_pool_duplicate_storages
=> {
243 'id' => 'test_duplicate_storages',
245 storage
=> { 'local' => 1, 'local-zfs' => 1},
255 acl_complex_users
=> {
256 'path' => '/storage',
259 'PVEDatastoreUser' => 1,
262 'PVEDatastoreAdmin' => 1,
266 acl_complex_missing_user
=> {
267 'path' => '/storage',
270 'PVEDatastoreUser' => 1,
274 acl_simple_token
=> {
282 acl_complex_tokens
=> {
283 'path' => '/storage',
285 'test2@pam!privsep' => {
286 'PVEDatastoreUser' => 1,
288 'test2@pam!expired' => {
289 'PVEDatastoreAdmin' => 1,
292 'PVEDatastoreAdmin' => 1,
296 acl_complex_missing_token
=> {
297 'path' => '/storage',
299 'test2@pam!expired' => {
300 'PVEDatastoreAdmin' => 1,
302 'test2@pam!privsep' => {
303 'PVEDatastoreUser' => 1,
307 acl_simple_group
=> {
315 acl_complex_groups
=> {
316 'path' => '/storage',
319 'PVEDatastoreAdmin' => 1,
322 'PVEDatastoreUser' => 1,
326 acl_simple_group_noprop
=> {
334 acl_complex_groups_noprop
=> {
335 'path' => '/storage',
338 'PVEDatastoreAdmin' => 0,
341 'PVEDatastoreUser' => 0,
345 acl_complex_missing_group
=> {
346 'path' => '/storage',
349 'PVEDatastoreUser' => 1,
353 acl_missing_role
=> {
354 'path' => '/storage',
363 $default_cfg->{'acl_complex_mixed_root'} = {
365 users
=> $default_cfg->{'acl_simple_user'}->{users
},
366 groups
=> $default_cfg->{'acl_simple_group'}->{groups
},
369 $default_cfg->{'acl_complex_mixed_storage'} = {
370 'path' => '/storage',
371 users
=> $default_cfg->{'acl_complex_users'}->{users
},
372 groups
=> $default_cfg->{'acl_complex_groups'}->{groups
},
375 $default_cfg->{'acl_complex_mixed_root_noprop'} = {
377 users
=> $default_cfg->{'acl_simple_user'}->{users
},
378 groups
=> $default_cfg->{'acl_simple_group_noprop'}->{groups
},
381 $default_cfg->{'acl_complex_mixed_storage_noprop'} = {
382 'path' => '/storage',
383 users
=> $default_cfg->{'acl_complex_users'}->{users
},
384 groups
=> $default_cfg->{'acl_complex_groups_noprop'}->{groups
},
389 'root@pam' => 'user:root@pam:1:0::::::',
390 'test_pam' => 'user:test@pam:1:0::::::',
391 'test2_pam' => 'user:test2@pam:1:0::::::',
392 'test3_pam' => 'user:test3@pam:1:0::::::',
395 'test_group_empty' => 'group:testgroup:::',
396 'test_group_single_member' => 'group:testgroup:test@pam::',
397 'test_group_members' => 'group:testgroup:test2@pam,test@pam::',
398 'test_group_members_out_of_order' => 'group:testgroup:test@pam,test2@pam::',
399 'test_group_second' => 'group:another:test3@pam::',
402 'test_token_simple' => 'token:test@pam!full:0:0::',
403 'test_token_multi_full' => 'token:test2@pam!full:0:0::',
404 'test_token_multi_privsep' => 'token:test2@pam!privsep:0:1::',
405 'test_token_multi_expired' => 'token:test2@pam!expired:1:0::',
408 'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:',
409 'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:',
410 'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:',
411 'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:',
412 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
415 'test_pool_empty' => 'pool:testpool::::',
416 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
417 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
418 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
419 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
420 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
423 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:',
424 'acl_complex_users_1' => 'acl:1:/storage:test@pam:PVEDatastoreAdmin:',
425 'acl_complex_users_2' => 'acl:1:/storage:test2@pam:PVEDatastoreUser:',
426 'acl_simple_token' => 'acl:1:/:test@pam!full:PVEVMAdmin:',
427 'acl_complex_tokens_1' => 'acl:1:/storage:test2@pam!expired,test@pam!full:PVEDatastoreAdmin:',
428 'acl_complex_tokens_2' => 'acl:1:/storage:test2@pam!privsep:PVEDatastoreUser:',
429 'acl_complex_tokens_1_missing' => 'acl:1:/storage:test2@pam!expired:PVEDatastoreAdmin:',
430 'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:',
431 'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:',
432 'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:',
433 'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:',
434 'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:',
435 'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:',
436 'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test@pam:PVEVMAdmin:',
437 'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test@pam:PVEDatastoreAdmin:',
438 'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2@pam:PVEDatastoreUser:',
439 'acl_missing_role' => 'acl:1:/storage:test@pam:MissingRole:',
445 name
=> "empty_config",
448 users
=> { 'root@pam' => { enable
=> 1 } },
449 roles
=> default_roles
(),
452 expected_raw
=> "\n\n\n\n",
455 name
=> "default_config",
457 users
=> default_users
(),
458 roles
=> default_roles
(),
460 raw
=> $default_raw->{users
}->{'root@pam'}."\n\n\n\n\n",
463 name
=> "group_empty",
465 users
=> default_users
(),
466 roles
=> default_roles
(),
467 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
470 $default_raw->{users
}->{'root@pam'}."\n\n".
471 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
475 name
=> "group_inexisting_member",
477 users
=> default_users
(),
478 roles
=> default_roles
(),
479 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
482 $default_raw->{users
}->{'root@pam'}."\n\n".
483 "group:testgroup:does_not_exist::".
486 $default_raw->{users
}->{'root@pam'}."\n\n".
487 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
491 name
=> "group_invalid_member",
493 users
=> default_users
(),
494 roles
=> default_roles
(),
497 $default_raw->{users
}->{'root@pam'}."\n\n".
498 'group:inval!d:root@pam:'.
502 name
=> "group_with_one_member",
504 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
505 roles
=> default_roles
(),
506 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
509 $default_raw->{users
}->{'root@pam'}."\n".
510 $default_raw->{users
}->{'test_pam'}."\n\n".
511 $default_raw->{groups
}->{'test_group_single_member'}."\n\n".
515 name
=> "group_with_members",
517 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{test2_pam_with_group
}]),
518 roles
=> default_roles
(),
519 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}]),
522 $default_raw->{users
}->{'root@pam'}."\n".
523 $default_raw->{users
}->{'test2_pam'}."\n".
524 $default_raw->{users
}->{'test_pam'}."\n\n".
525 $default_raw->{groups
}->{'test_group_members'}."\n\n".
529 name
=> "token_simple",
531 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
532 roles
=> default_roles
(),
535 $default_raw->{users
}->{'root@pam'}."\n".
536 $default_raw->{users
}->{'test_pam'}."\n".
537 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n",
540 name
=> "token_multi",
542 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{test_pam2_with_token
}]),
543 roles
=> default_roles
(),
546 $default_raw->{users
}->{'root@pam'}."\n".
547 $default_raw->{users
}->{'test2_pam'}."\n".
548 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
549 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
550 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
551 $default_raw->{users
}->{'test_pam'}."\n".
552 $default_raw->{tokens
}->{'test_token_simple'}."\n".
556 name
=> "custom_role_with_single_priv",
558 users
=> default_users
(),
559 roles
=> default_roles_with
([$default_cfg->{test_role_single_priv
}]),
562 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
563 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
566 name
=> "custom_role_with_privs",
568 users
=> default_users
(),
569 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
572 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
573 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
576 name
=> "custom_role_with_duplicate_privs",
578 users
=> default_users
(),
579 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
582 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
583 $default_raw->{roles
}->{'test_role_privs_duplicate'}."\n\n",
585 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
586 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
589 name
=> "custom_role_with_invalid_priv",
591 users
=> default_users
(),
592 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
595 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
596 $default_raw->{roles
}->{'test_role_privs_invalid'}."\n\n",
598 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
599 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
602 name
=> "pool_empty",
604 users
=> default_users
(),
605 roles
=> default_roles
(),
606 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
609 $default_raw->{users
}->{'root@pam'}."\n\n\n".
610 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
613 name
=> "pool_invalid",
615 users
=> default_users
(),
616 roles
=> default_roles
(),
617 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
620 $default_raw->{users
}->{'root@pam'}."\n\n\n".
621 $default_raw->{pools
}->{'test_pool_invalid'}."\n\n\n",
623 $default_raw->{users
}->{'root@pam'}."\n\n\n".
624 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
627 name
=> "pool_members",
629 users
=> default_users
(),
630 roles
=> default_roles
(),
631 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}]),
632 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
635 $default_raw->{users
}->{'root@pam'}."\n\n\n".
636 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
639 name
=> "pool_duplicate_members",
641 users
=> default_users
(),
642 roles
=> default_roles
(),
643 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}, $default_cfg->{test_pool_duplicate_vms
}, $default_cfg->{test_pool_duplicate_storages
}]),
644 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
647 $default_raw->{users
}->{'root@pam'}."\n\n\n".
648 $default_raw->{pools
}->{'test_pool_members'}."\n".
649 $default_raw->{pools
}->{'test_pool_duplicate_vms'}."\n".
650 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n",
652 $default_raw->{users
}->{'root@pam'}."\n\n\n".
653 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n".
654 $default_raw->{pools
}->{'test_pool_duplicate_vms_expected'}."\n".
655 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
658 name
=> "acl_simple_user",
660 users
=> default_users_with
([$default_cfg->{test_pam
}]),
661 roles
=> default_roles
(),
662 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
665 $default_raw->{users
}->{'root@pam'}."\n".
666 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
667 $default_raw->{acl
}->{'acl_simple_user'}."\n",
670 name
=> "acl_complex_users",
672 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}]),
673 roles
=> default_roles
(),
674 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_users
}]),
677 $default_raw->{users
}->{'root@pam'}."\n".
678 $default_raw->{users
}->{'test2_pam'}."\n".
679 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
680 $default_raw->{acl
}->{'acl_simple_user'}."\n".
681 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
682 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
685 name
=> "acl_complex_missing_user",
687 users
=> default_users_with
([$default_cfg->{test2_pam
}]),
688 roles
=> default_roles
(),
689 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_user
}]),
692 $default_raw->{users
}->{'root@pam'}."\n".
693 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
694 $default_raw->{acl
}->{'acl_simple_user'}."\n".
695 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
696 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
698 $default_raw->{users
}->{'root@pam'}."\n".
699 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
700 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
703 name
=> "acl_simple_group",
705 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
706 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
707 roles
=> default_roles
(),
708 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}]),
711 $default_raw->{users
}->{'root@pam'}."\n".
712 $default_raw->{users
}->{'test_pam'}."\n\n".
713 $default_raw->{groups
}->{'test_group_single_member'}."\n\n\n\n".
714 $default_raw->{acl
}->{'acl_simple_group'}."\n",
717 name
=> "acl_complex_groups",
719 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
720 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
721 roles
=> default_roles
(),
722 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_groups
}]),
725 $default_raw->{users
}->{'root@pam'}."\n".
726 $default_raw->{users
}->{'test2_pam'}."\n".
727 $default_raw->{users
}->{'test3_pam'}."\n".
728 $default_raw->{users
}->{'test_pam'}."\n\n".
729 $default_raw->{groups
}->{'test_group_second'}."\n".
730 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
731 $default_raw->{acl
}->{'acl_simple_group'}."\n".
732 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
733 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
736 name
=> "acl_complex_missing_group",
738 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
739 groups
=> default_groups_with
([$default_cfg->{'test_group_second'}]),
740 roles
=> default_roles
(),
741 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_group
}]),
744 $default_raw->{users
}->{'root@pam'}."\n".
745 $default_raw->{users
}->{'test2_pam'}."\n".
746 $default_raw->{users
}->{'test3_pam'}."\n".
747 $default_raw->{users
}->{'test_pam'}."\n\n".
748 $default_raw->{groups
}->{'test_group_second'}."\n".
749 $default_raw->{acl
}->{'acl_simple_group'}."\n".
750 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
751 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
753 $default_raw->{users
}->{'root@pam'}."\n".
754 $default_raw->{users
}->{'test2_pam'}."\n".
755 $default_raw->{users
}->{'test3_pam'}."\n".
756 $default_raw->{users
}->{'test_pam'}."\n\n".
757 $default_raw->{groups
}->{'test_group_second'}."\n\n\n\n".
758 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
761 name
=> "acl_simple_token",
763 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
764 roles
=> default_roles
(),
765 acl
=> default_acls_with
([$default_cfg->{acl_simple_token
}]),
768 $default_raw->{users
}->{'root@pam'}."\n".
769 $default_raw->{users
}->{'test_pam'}."\n".
770 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
771 $default_raw->{acl
}->{'acl_simple_token'}."\n",
774 name
=> "acl_complex_tokens",
776 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{'test_pam2_with_token'}]),
777 roles
=> default_roles
(),
778 acl
=> default_acls_with
([$default_cfg->{acl_simple_token
}, $default_cfg->{acl_complex_tokens
}]),
781 $default_raw->{users
}->{'root@pam'}."\n".
782 $default_raw->{users
}->{'test2_pam'}."\n".
783 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
784 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
785 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
786 $default_raw->{users
}->{'test_pam'}."\n".
787 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
788 $default_raw->{acl
}->{'acl_simple_token'}."\n".
789 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
790 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
793 name
=> "acl_complex_missing_token",
795 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{test_pam2_with_token
}]),
796 roles
=> default_roles
(),
797 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_token
}]),
800 $default_raw->{users
}->{'root@pam'}."\n".
801 $default_raw->{users
}->{'test2_pam'}."\n".
802 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
803 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
804 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
805 $default_raw->{users
}->{'test_pam'}."\n".
806 $default_raw->{acl
}->{'acl_simple_token'}."\n".
807 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
808 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
810 $default_raw->{users
}->{'root@pam'}."\n".
811 $default_raw->{users
}->{'test2_pam'}."\n".
812 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
813 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
814 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
815 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
816 $default_raw->{acl
}->{'acl_complex_tokens_1_missing'}."\n".
817 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
820 name
=> "acl_missing_role",
822 users
=> default_users_with
([$default_cfg->{test_pam
}]),
823 roles
=> default_roles
(),
824 acl
=> default_acls_with
([$default_cfg->{acl_missing_role
}, $default_cfg->{acl_simple_user
}]),
827 $default_raw->{users
}->{'root@pam'}."\n".
828 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
829 $default_raw->{acl
}->{'acl_simple_user'}."\n".
830 $default_raw->{acl
}->{'acl_missing_role'}."\n",
833 name
=> "acl_complex_mixed",
835 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
836 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
837 roles
=> default_roles
(),
838 acl
=> default_acls_with
([
839 $default_cfg->{acl_complex_mixed_root
},
840 $default_cfg->{acl_complex_mixed_storage
},
844 $default_raw->{users
}->{'root@pam'}."\n".
845 $default_raw->{users
}->{'test2_pam'}."\n".
846 $default_raw->{users
}->{'test3_pam'}."\n".
847 $default_raw->{users
}->{'test_pam'}."\n\n".
848 $default_raw->{groups
}->{'test_group_second'}."\n".
849 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
850 $default_raw->{acl
}->{'acl_simple_group'}."\n".
851 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
852 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n".
853 $default_raw->{acl
}->{'acl_simple_user'}."\n".
854 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
855 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
857 $default_raw->{users
}->{'root@pam'}."\n".
858 $default_raw->{users
}->{'test2_pam'}."\n".
859 $default_raw->{users
}->{'test3_pam'}."\n".
860 $default_raw->{users
}->{'test_pam'}."\n\n".
861 $default_raw->{groups
}->{'test_group_second'}."\n".
862 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
863 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
864 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
865 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
868 name
=> "acl_complex_mixed_prop_noprop_no_merge_sort_by_path",
870 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
871 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
872 roles
=> default_roles
(),
873 acl
=> default_acls_with
([
874 $default_cfg->{acl_complex_mixed_root_noprop
},
875 $default_cfg->{acl_complex_mixed_storage_noprop
},
879 $default_raw->{users
}->{'root@pam'}."\n".
880 $default_raw->{users
}->{'test2_pam'}."\n".
881 $default_raw->{users
}->{'test3_pam'}."\n".
882 $default_raw->{users
}->{'test_pam'}."\n\n".
883 $default_raw->{groups
}->{'test_group_second'}."\n".
884 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
885 $default_raw->{acl
}->{'acl_simple_group_noprop'}."\n".
886 $default_raw->{acl
}->{'acl_simple_user'}."\n".
887 $default_raw->{acl
}->{'acl_complex_groups_1_noprop'}."\n".
888 $default_raw->{acl
}->{'acl_complex_groups_2_noprop'}."\n".
889 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
890 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
893 name
=> "sort_roles_and_privs",
895 $default_raw->{users
}->{'root@pam'}."\n".
896 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n".
897 $default_raw->{roles
}->{'test_role_privs_out_of_order'}."\n\n",
899 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
900 $default_raw->{roles
}->{'test_role_privs'}."\n".
901 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
904 name
=> "sort_users_and_group_members",
906 $default_raw->{users
}->{'test2_pam'}."\n".
907 $default_raw->{users
}->{'root@pam'}."\n".
908 $default_raw->{users
}->{'test_pam'}."\n\n".
909 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n".
912 $default_raw->{users
}->{'root@pam'}."\n".
913 $default_raw->{users
}->{'test2_pam'}."\n".
914 $default_raw->{users
}->{'test_pam'}."\n\n".
915 $default_raw->{groups
}->{'test_group_members'}."\n\n".
919 name
=> "sort_user_groups_and_acls",
921 $default_raw->{users
}->{'test2_pam'}."\n".
922 $default_raw->{users
}->{'root@pam'}."\n".
923 $default_raw->{users
}->{'test_pam'}."\n\n".
924 $default_raw->{users
}->{'test3_pam'}."\n".
925 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n\n\n".
926 $default_raw->{groups
}->{'test_group_second'}."\n".
927 $default_raw->{acl
}->{'acl_simple_user'}."\n".
928 $default_raw->{acl
}->{'acl_simple_group'}."\n".
929 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
930 $default_raw->{acl
}->{'acl_complex_users_2'}."\n".
931 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
932 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
934 $default_raw->{users
}->{'root@pam'}."\n".
935 $default_raw->{users
}->{'test2_pam'}."\n".
936 $default_raw->{users
}->{'test3_pam'}."\n".
937 $default_raw->{users
}->{'test_pam'}."\n\n".
938 $default_raw->{groups
}->{'test_group_second'}."\n".
939 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
940 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
941 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
942 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
945 name
=> 'default_values',
965 roles
=> default_roles_with
([{ id
=> 'testrole' }]),
966 groups
=> default_groups_with
([$default_cfg->{test_group_empty
}]),
967 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
970 'user:root@pam'."\n".
971 'user:test@pam'."\n".
972 'token:test@pam!test'."\n\n".
973 'group:testgroup'."\n\n".
974 'pool:testpool'."\n\n".
975 'role:testrole'."\n\n".
978 'user:root@pam:0:0::::::'."\n".
979 'user:test@pam:0:0::::::'."\n".
980 'token:test@pam!test:0:0::'."\n\n".
981 'group:testgroup:::'."\n\n".
982 'pool:testpool::::'."\n\n".
983 'role:testrole::'."\n\n",
988 my $number_of_tests_run = 0;
989 foreach my $t (@$tests) {
990 my $expected_config = $t->{expected_config
} // $t->{config
};
991 my $expected_raw = $t->{expected_raw
} // $t->{raw
};
992 if (defined($t->{raw
})) {
993 my $parsed = PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{raw
});
994 if (defined($expected_config)) {
995 is_deeply
($parsed, $expected_config, "$t->{name}_parse");
996 $number_of_tests_run++;
998 if (defined($t->{expected_raw
}) && !defined($t->{config
})) {
999 is(PVE
::AccessControl
::write_user_config
($t->{name
}, $parsed), $t->{expected_raw
}, "$t->{name}_rewrite");
1000 $number_of_tests_run++;
1004 if (defined($t->{config
})) {
1005 my $written = PVE
::AccessControl
::write_user_config
($t->{name
}, $t->{config
});
1006 if (defined($expected_raw)) {
1007 is($written, $expected_raw, "$t->{name}_write");
1008 $number_of_tests_run++;
1010 if (defined($t->{expected_config
}) && !defined($t->{raw
})) {
1011 is_deeply
(PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{written
}), $t->{expected_config
}, "$t->{name}_reparse");
1012 $number_of_tests_run++;
1017 done_testing
( $number_of_tests_run);