]>
Commit | Line | Data |
---|---|---|
7d1739ad FG |
1 | #!/usr/bin/perl -w |
2 | ||
3 | use strict; | |
4 | ||
5 | use Test::More; | |
6 | use PVE::AccessControl; | |
7 | ||
8 | use Storable qw(dclone); | |
9 | ||
10 | PVE::AccessControl::create_roles(); | |
11 | my $default_user_cfg = {}; | |
12 | PVE::AccessControl::userconfig_force_defaults($default_user_cfg); | |
13 | ||
14 | my $add_default_user_properties = sub { | |
15 | my ($user) = @_; | |
16 | ||
17 | $user->{enable} = 1 if !defined($user->{enable}); | |
18 | $user->{expire} = 0 if !defined($user->{expire}); | |
19 | $user->{email} = undef if !defined($user->{email}); | |
20 | ||
21 | return $user; | |
22 | }; | |
23 | ||
24 | sub default_roles { | |
25 | my $roles = dclone($default_user_cfg->{roles}); | |
26 | return $roles; | |
27 | } | |
28 | ||
29 | sub default_roles_with { | |
30 | my ($extra_roles) = @_; | |
31 | ||
32 | my $roles = default_roles(); | |
33 | ||
34 | foreach my $r (@$extra_roles) { | |
35 | my $role = dclone($r); | |
36 | my $roleid = delete $role->{id}; | |
37 | $roles->{$roleid} = $role; | |
38 | } | |
39 | ||
40 | return $roles; | |
41 | } | |
42 | ||
43 | sub default_users { | |
44 | my $users = dclone($default_user_cfg->{users}); | |
45 | return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users}; | |
46 | } | |
47 | ||
48 | sub default_users_with { | |
49 | my ($extra_users) = @_; | |
50 | ||
51 | my $users = default_users(); | |
52 | ||
53 | foreach my $u (@$extra_users) { | |
54 | my $user = dclone($u); | |
55 | my $userid = delete $user->{id}; | |
56 | $users->{$userid} = $add_default_user_properties->($user); | |
57 | } | |
58 | ||
59 | return $users; | |
60 | } | |
61 | ||
62 | sub default_groups { | |
63 | return {}; | |
64 | } | |
65 | ||
66 | sub default_groups_with { | |
67 | my ($extra_groups) = @_; | |
68 | ||
69 | my $groups = default_groups(); | |
70 | ||
71 | foreach my $g (@$extra_groups) { | |
72 | my $group = dclone($g); | |
73 | my $groupid = delete $group->{id}; | |
74 | $groups->{$groupid} = $group; | |
75 | } | |
76 | ||
77 | return $groups; | |
78 | } | |
79 | ||
80 | sub default_pools { | |
81 | return {}; | |
82 | } | |
83 | ||
84 | sub default_pools_with { | |
85 | my ($extra_pools) = @_; | |
86 | ||
87 | my $pools = default_pools(); | |
88 | ||
89 | foreach my $p (@$extra_pools) { | |
90 | my $pool = dclone($p); | |
91 | my $poolid = delete $pool->{id}; | |
92 | $pools->{$poolid} = $pool; | |
93 | } | |
94 | ||
95 | return $pools; | |
96 | } | |
97 | ||
98 | sub default_pool_vms_with { | |
99 | my ($extra_pools) = @_; | |
100 | ||
101 | my $vms = {}; | |
102 | foreach my $pool (@$extra_pools) { | |
103 | foreach my $vmid (keys %{$pool->{vms}}) { | |
104 | $vms->{$vmid} = $pool->{id}; | |
105 | } | |
106 | } | |
107 | return $vms; | |
108 | } | |
109 | ||
110 | sub default_acls { | |
111 | return {}; | |
112 | } | |
113 | ||
114 | # note: does not support merging paths! | |
115 | sub default_acls_with { | |
116 | my ($extra_acls) = @_; | |
117 | ||
118 | my $acls = default_acls(); | |
119 | ||
120 | foreach my $a (@$extra_acls) { | |
121 | my $acl = dclone($a); | |
122 | my $path = delete $acl->{path}; | |
170cf17b FG |
123 | my $split_path = [ split("/", $path) ]; |
124 | my $node = $acls; | |
125 | for my $p (@$split_path) { | |
126 | next if !$p; | |
127 | $node->{children} = {} if !$node->{children}; | |
128 | $node->{children}->{$p} = {} if !$node->{children}->{$p}; | |
129 | $node = $node->{children}->{$p}; | |
130 | } | |
131 | %$node = ( %$acl ); | |
7d1739ad FG |
132 | } |
133 | ||
134 | return $acls; | |
135 | } | |
136 | ||
137 | my $default_cfg = { | |
138 | test_pam => { | |
139 | 'id' => 'test@pam', | |
140 | 'enable' => 1, | |
141 | 'expire' => 0, | |
142 | 'email' => undef, | |
143 | }, | |
144 | test2_pam => { | |
145 | 'id' => 'test2@pam', | |
146 | 'enable' => 1, | |
147 | 'expire' => 0, | |
148 | 'email' => undef, | |
149 | }, | |
150 | test_pam_with_group => { | |
151 | 'id' => 'test@pam', | |
152 | 'enable' => 1, | |
153 | 'expire' => 0, | |
154 | 'email' => undef, | |
155 | 'groups' => { 'testgroup' => 1 }, | |
156 | }, | |
157 | test2_pam_with_group => { | |
158 | 'id' => 'test2@pam', | |
159 | 'enable' => 1, | |
160 | 'expire' => 0, | |
161 | 'email' => undef, | |
162 | 'groups' => { 'testgroup' => 1 }, | |
163 | }, | |
164 | test3_pam => { | |
165 | 'id' => 'test3@pam', | |
166 | 'enable' => 1, | |
167 | 'expire' => 0, | |
168 | 'email' => undef, | |
169 | 'groups' => { 'another' => 1 }, | |
170 | }, | |
891f7afa FG |
171 | test_pam_with_token => { |
172 | 'id' => 'test@pam', | |
173 | 'enable' => 1, | |
174 | 'expire' => 0, | |
175 | 'email' => undef, | |
176 | 'tokens' => { | |
177 | 'full' => { | |
178 | 'privsep' => 0, | |
179 | 'expire' => 0, | |
180 | }, | |
181 | }, | |
182 | }, | |
183 | test_pam2_with_token => { | |
184 | 'id' => 'test2@pam', | |
185 | 'enable' => 1, | |
186 | 'expire' => 0, | |
187 | 'email' => undef, | |
188 | 'tokens' => { | |
189 | 'full' => { | |
190 | 'privsep' => 0, | |
191 | 'expire' => 0, | |
192 | }, | |
193 | 'privsep' => { | |
194 | 'privsep' => 1, | |
195 | 'expire' => 0, | |
196 | }, | |
197 | 'expired' => { | |
198 | 'privsep' => 0, | |
199 | 'expire' => 1, | |
200 | }, | |
201 | }, | |
202 | }, | |
7d1739ad FG |
203 | test_group_empty => { |
204 | 'id' => 'testgroup', | |
205 | users => {}, | |
206 | }, | |
207 | test_group_single_member => { | |
208 | 'id' => 'testgroup', | |
209 | 'users' => { | |
210 | 'test@pam' => 1, | |
211 | }, | |
212 | }, | |
213 | test_group_members => { | |
214 | 'id' => 'testgroup', | |
215 | 'users' => { | |
216 | 'test@pam' => 1, | |
217 | 'test2@pam' => 1, | |
218 | }, | |
219 | }, | |
220 | test_group_second => { | |
221 | 'id' => 'another', | |
222 | users => { | |
223 | 'test3@pam' => 1, | |
224 | }, | |
225 | }, | |
226 | test_role_single_priv => { | |
227 | 'id' => 'testrolesingle', | |
228 | 'VM.Allocate' => 1, | |
229 | }, | |
230 | test_role_privs => { | |
231 | 'id' => 'testrole', | |
232 | 'VM.Allocate' => 1, | |
233 | 'Datastore.Audit' => 1, | |
234 | }, | |
235 | test_pool_empty => { | |
236 | 'id' => 'testpool', | |
237 | vms => {}, | |
238 | storage => {}, | |
239 | }, | |
240 | test_pool_members => { | |
241 | 'id' => 'testpool', | |
242 | vms => { 123 => 1, 1234 => 1}, | |
243 | storage => { 'local' => 1, 'local-zfs' => 1}, | |
244 | }, | |
245 | test_pool_duplicate_vms => { | |
246 | 'id' => 'test_duplicate_vms', | |
247 | vms => {}, | |
248 | storage => {}, | |
249 | }, | |
250 | test_pool_duplicate_storages => { | |
251 | 'id' => 'test_duplicate_storages', | |
252 | vms => {}, | |
253 | storage => { 'local' => 1, 'local-zfs' => 1}, | |
254 | }, | |
255 | acl_simple_user => { | |
256 | 'path' => '/', | |
257 | users => { | |
258 | 'test@pam' => { | |
259 | 'PVEVMAdmin' => 1, | |
260 | }, | |
261 | }, | |
262 | }, | |
263 | acl_complex_users => { | |
264 | 'path' => '/storage', | |
265 | users => { | |
266 | 'test2@pam' => { | |
267 | 'PVEDatastoreUser' => 1, | |
268 | }, | |
269 | 'test@pam' => { | |
270 | 'PVEDatastoreAdmin' => 1, | |
271 | }, | |
272 | }, | |
273 | }, | |
274 | acl_complex_missing_user => { | |
275 | 'path' => '/storage', | |
276 | users => { | |
277 | 'test2@pam' => { | |
278 | 'PVEDatastoreUser' => 1, | |
279 | }, | |
5654260e DC |
280 | 'test@pam' => { |
281 | 'PVEDatastoreAdmin' => 1, | |
282 | }, | |
7d1739ad FG |
283 | }, |
284 | }, | |
891f7afa FG |
285 | acl_simple_token => { |
286 | 'path' => '/', | |
287 | tokens => { | |
288 | 'test@pam!full' => { | |
289 | 'PVEVMAdmin' => 1, | |
290 | }, | |
291 | }, | |
292 | }, | |
293 | acl_complex_tokens => { | |
294 | 'path' => '/storage', | |
295 | tokens => { | |
296 | 'test2@pam!privsep' => { | |
297 | 'PVEDatastoreUser' => 1, | |
298 | }, | |
299 | 'test2@pam!expired' => { | |
300 | 'PVEDatastoreAdmin' => 1, | |
301 | }, | |
302 | 'test@pam!full' => { | |
303 | 'PVEDatastoreAdmin' => 1, | |
304 | }, | |
305 | }, | |
306 | }, | |
307 | acl_complex_missing_token => { | |
308 | 'path' => '/storage', | |
309 | tokens => { | |
310 | 'test2@pam!expired' => { | |
311 | 'PVEDatastoreAdmin' => 1, | |
312 | }, | |
313 | 'test2@pam!privsep' => { | |
314 | 'PVEDatastoreUser' => 1, | |
315 | }, | |
316 | }, | |
317 | }, | |
7d1739ad FG |
318 | acl_simple_group => { |
319 | 'path' => '/', | |
320 | groups => { | |
321 | 'testgroup' => { | |
322 | 'PVEVMAdmin' => 1, | |
323 | }, | |
324 | }, | |
325 | }, | |
326 | acl_complex_groups => { | |
327 | 'path' => '/storage', | |
328 | groups => { | |
329 | 'testgroup' => { | |
330 | 'PVEDatastoreAdmin' => 1, | |
331 | }, | |
332 | 'another' => { | |
333 | 'PVEDatastoreUser' => 1, | |
334 | }, | |
335 | }, | |
336 | }, | |
337 | acl_simple_group_noprop => { | |
338 | 'path' => '/', | |
339 | groups => { | |
340 | 'testgroup' => { | |
341 | 'PVEVMAdmin' => 0, | |
342 | }, | |
343 | }, | |
344 | }, | |
345 | acl_complex_groups_noprop => { | |
346 | 'path' => '/storage', | |
347 | groups => { | |
348 | 'testgroup' => { | |
349 | 'PVEDatastoreAdmin' => 0, | |
350 | }, | |
351 | 'another' => { | |
352 | 'PVEDatastoreUser' => 0, | |
353 | }, | |
354 | }, | |
355 | }, | |
356 | acl_complex_missing_group => { | |
357 | 'path' => '/storage', | |
358 | groups => { | |
5654260e DC |
359 | 'testgroup' => { |
360 | 'PVEDatastoreAdmin' => 1, | |
361 | }, | |
7d1739ad FG |
362 | 'another' => { |
363 | 'PVEDatastoreUser' => 1, | |
364 | }, | |
365 | }, | |
366 | }, | |
367 | acl_missing_role => { | |
368 | 'path' => '/storage', | |
369 | users => { | |
370 | 'test@pam' => { | |
371 | 'MissingRole' => 1, | |
372 | }, | |
373 | }, | |
374 | }, | |
375 | }; | |
376 | ||
377 | $default_cfg->{'acl_complex_mixed_root'} = { | |
378 | 'path' => '/', | |
379 | users => $default_cfg->{'acl_simple_user'}->{users}, | |
380 | groups => $default_cfg->{'acl_simple_group'}->{groups}, | |
381 | }; | |
382 | ||
383 | $default_cfg->{'acl_complex_mixed_storage'} = { | |
384 | 'path' => '/storage', | |
385 | users => $default_cfg->{'acl_complex_users'}->{users}, | |
386 | groups => $default_cfg->{'acl_complex_groups'}->{groups}, | |
387 | }; | |
388 | ||
389 | $default_cfg->{'acl_complex_mixed_root_noprop'} = { | |
390 | 'path' => '/', | |
391 | users => $default_cfg->{'acl_simple_user'}->{users}, | |
392 | groups => $default_cfg->{'acl_simple_group_noprop'}->{groups}, | |
393 | }; | |
394 | ||
395 | $default_cfg->{'acl_complex_mixed_storage_noprop'} = { | |
396 | 'path' => '/storage', | |
397 | users => $default_cfg->{'acl_complex_users'}->{users}, | |
398 | groups => $default_cfg->{'acl_complex_groups_noprop'}->{groups}, | |
399 | }; | |
400 | ||
401 | my $default_raw = { | |
402 | users => { | |
403 | 'root@pam' => 'user:root@pam:1:0::::::', | |
404 | 'test_pam' => 'user:test@pam:1:0::::::', | |
405 | 'test2_pam' => 'user:test2@pam:1:0::::::', | |
406 | 'test3_pam' => 'user:test3@pam:1:0::::::', | |
407 | }, | |
408 | groups => { | |
409 | 'test_group_empty' => 'group:testgroup:::', | |
410 | 'test_group_single_member' => 'group:testgroup:test@pam::', | |
411 | 'test_group_members' => 'group:testgroup:test2@pam,test@pam::', | |
412 | 'test_group_members_out_of_order' => 'group:testgroup:test@pam,test2@pam::', | |
413 | 'test_group_second' => 'group:another:test3@pam::', | |
414 | }, | |
891f7afa FG |
415 | tokens => { |
416 | 'test_token_simple' => 'token:test@pam!full:0:0::', | |
417 | 'test_token_multi_full' => 'token:test2@pam!full:0:0::', | |
418 | 'test_token_multi_privsep' => 'token:test2@pam!privsep:0:1::', | |
419 | 'test_token_multi_expired' => 'token:test2@pam!expired:1:0::', | |
420 | }, | |
7d1739ad FG |
421 | roles => { |
422 | 'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:', | |
423 | 'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:', | |
424 | 'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:', | |
425 | 'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:', | |
426 | 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:', | |
427 | }, | |
428 | pools => { | |
429 | 'test_pool_empty' => 'pool:testpool::::', | |
430 | 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:', | |
431 | 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:', | |
432 | 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::', | |
433 | 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::', | |
434 | 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:', | |
435 | }, | |
436 | acl => { | |
437 | 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:', | |
438 | 'acl_complex_users_1' => 'acl:1:/storage:test@pam:PVEDatastoreAdmin:', | |
439 | 'acl_complex_users_2' => 'acl:1:/storage:test2@pam:PVEDatastoreUser:', | |
891f7afa FG |
440 | 'acl_simple_token' => 'acl:1:/:test@pam!full:PVEVMAdmin:', |
441 | 'acl_complex_tokens_1' => 'acl:1:/storage:test2@pam!expired,test@pam!full:PVEDatastoreAdmin:', | |
442 | 'acl_complex_tokens_2' => 'acl:1:/storage:test2@pam!privsep:PVEDatastoreUser:', | |
443 | 'acl_complex_tokens_1_missing' => 'acl:1:/storage:test2@pam!expired:PVEDatastoreAdmin:', | |
7d1739ad FG |
444 | 'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:', |
445 | 'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:', | |
446 | 'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:', | |
447 | 'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:', | |
448 | 'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:', | |
449 | 'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:', | |
450 | 'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test@pam:PVEVMAdmin:', | |
451 | 'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test@pam:PVEDatastoreAdmin:', | |
452 | 'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2@pam:PVEDatastoreUser:', | |
453 | 'acl_missing_role' => 'acl:1:/storage:test@pam:MissingRole:', | |
454 | }, | |
455 | }; | |
456 | ||
457 | my $tests = [ | |
458 | { | |
459 | name => "empty_config", | |
460 | config => {}, | |
461 | expected_config => { | |
170cf17b | 462 | acl_root => default_acls(), |
7d1739ad FG |
463 | users => { 'root@pam' => { enable => 1 } }, |
464 | roles => default_roles(), | |
465 | }, | |
466 | raw => "", | |
467 | expected_raw => "\n\n\n\n", | |
468 | }, | |
469 | { | |
470 | name => "default_config", | |
471 | config => { | |
170cf17b | 472 | acl_root => default_acls(), |
7d1739ad FG |
473 | users => default_users(), |
474 | roles => default_roles(), | |
475 | }, | |
476 | raw => $default_raw->{users}->{'root@pam'}."\n\n\n\n\n", | |
477 | }, | |
478 | { | |
479 | name => "group_empty", | |
480 | config => { | |
170cf17b | 481 | acl_root => default_acls(), |
7d1739ad FG |
482 | users => default_users(), |
483 | roles => default_roles(), | |
484 | groups => default_groups_with([$default_cfg->{'test_group_empty'}]), | |
485 | }, | |
486 | raw => "". | |
487 | $default_raw->{users}->{'root@pam'}."\n\n". | |
488 | $default_raw->{groups}->{'test_group_empty'}."\n\n". | |
489 | "\n\n", | |
490 | }, | |
491 | { | |
492 | name => "group_inexisting_member", | |
493 | config => { | |
170cf17b | 494 | acl_root => default_acls(), |
7d1739ad FG |
495 | users => default_users(), |
496 | roles => default_roles(), | |
497 | groups => default_groups_with([$default_cfg->{'test_group_empty'}]), | |
498 | }, | |
499 | raw => "". | |
500 | $default_raw->{users}->{'root@pam'}."\n\n". | |
501 | "group:testgroup:does_not_exist::". | |
502 | "\n\n\n\n", | |
503 | expected_raw => "". | |
504 | $default_raw->{users}->{'root@pam'}."\n\n". | |
505 | $default_raw->{groups}->{'test_group_empty'}."\n\n". | |
506 | "\n\n", | |
507 | }, | |
508 | { | |
509 | name => "group_invalid_member", | |
510 | expected_config => { | |
170cf17b | 511 | acl_root => default_acls(), |
7d1739ad FG |
512 | users => default_users(), |
513 | roles => default_roles(), | |
514 | }, | |
515 | raw => "". | |
516 | $default_raw->{users}->{'root@pam'}."\n\n". | |
517 | 'group:inval!d:root@pam:'. | |
518 | "\n\n", | |
519 | }, | |
520 | { | |
521 | name => "group_with_one_member", | |
522 | config => { | |
170cf17b | 523 | acl_root => default_acls(), |
7d1739ad FG |
524 | users => default_users_with([$default_cfg->{test_pam_with_group}]), |
525 | roles => default_roles(), | |
526 | groups => default_groups_with([$default_cfg->{'test_group_single_member'}]), | |
527 | }, | |
528 | raw => "". | |
529 | $default_raw->{users}->{'root@pam'}."\n". | |
530 | $default_raw->{users}->{'test_pam'}."\n\n". | |
531 | $default_raw->{groups}->{'test_group_single_member'}."\n\n". | |
532 | "\n\n", | |
533 | }, | |
534 | { | |
535 | name => "group_with_members", | |
536 | config => { | |
170cf17b | 537 | acl_root => default_acls(), |
7d1739ad FG |
538 | users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{test2_pam_with_group}]), |
539 | roles => default_roles(), | |
540 | groups => default_groups_with([$default_cfg->{'test_group_members'}]), | |
541 | }, | |
542 | raw => "". | |
543 | $default_raw->{users}->{'root@pam'}."\n". | |
544 | $default_raw->{users}->{'test2_pam'}."\n". | |
545 | $default_raw->{users}->{'test_pam'}."\n\n". | |
546 | $default_raw->{groups}->{'test_group_members'}."\n\n". | |
547 | "\n\n", | |
548 | }, | |
891f7afa FG |
549 | { |
550 | name => "token_simple", | |
551 | config => { | |
170cf17b | 552 | acl_root => default_acls(), |
891f7afa FG |
553 | users => default_users_with([$default_cfg->{test_pam_with_token}]), |
554 | roles => default_roles(), | |
555 | }, | |
556 | raw => "". | |
557 | $default_raw->{users}->{'root@pam'}."\n". | |
558 | $default_raw->{users}->{'test_pam'}."\n". | |
559 | $default_raw->{tokens}->{'test_token_simple'}."\n\n\n\n\n", | |
560 | }, | |
561 | { | |
562 | name => "token_multi", | |
563 | config => { | |
170cf17b | 564 | acl_root => default_acls(), |
891f7afa FG |
565 | users => default_users_with([$default_cfg->{test_pam_with_token}, $default_cfg->{test_pam2_with_token}]), |
566 | roles => default_roles(), | |
567 | }, | |
568 | raw => "". | |
569 | $default_raw->{users}->{'root@pam'}."\n". | |
570 | $default_raw->{users}->{'test2_pam'}."\n". | |
571 | $default_raw->{tokens}->{'test_token_multi_expired'}."\n". | |
572 | $default_raw->{tokens}->{'test_token_multi_full'}."\n". | |
573 | $default_raw->{tokens}->{'test_token_multi_privsep'}."\n". | |
574 | $default_raw->{users}->{'test_pam'}."\n". | |
575 | $default_raw->{tokens}->{'test_token_simple'}."\n". | |
576 | "\n\n\n\n", | |
577 | }, | |
7d1739ad FG |
578 | { |
579 | name => "custom_role_with_single_priv", | |
580 | config => { | |
170cf17b | 581 | acl_root => default_acls(), |
7d1739ad FG |
582 | users => default_users(), |
583 | roles => default_roles_with([$default_cfg->{test_role_single_priv}]), | |
584 | }, | |
585 | raw => "". | |
586 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
587 | $default_raw->{roles}->{'test_role_single_priv'}."\n\n", | |
588 | }, | |
589 | { | |
590 | name => "custom_role_with_privs", | |
591 | config => { | |
170cf17b | 592 | acl_root => default_acls(), |
7d1739ad FG |
593 | users => default_users(), |
594 | roles => default_roles_with([$default_cfg->{test_role_privs}]), | |
595 | }, | |
596 | raw => "". | |
597 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
598 | $default_raw->{roles}->{'test_role_privs'}."\n\n", | |
599 | }, | |
600 | { | |
601 | name => "custom_role_with_duplicate_privs", | |
602 | config => { | |
170cf17b | 603 | acl_root => default_acls(), |
7d1739ad FG |
604 | users => default_users(), |
605 | roles => default_roles_with([$default_cfg->{test_role_privs}]), | |
606 | }, | |
607 | raw => "". | |
608 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
609 | $default_raw->{roles}->{'test_role_privs_duplicate'}."\n\n", | |
610 | expected_raw => "". | |
611 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
612 | $default_raw->{roles}->{'test_role_privs'}."\n\n", | |
613 | }, | |
614 | { | |
615 | name => "custom_role_with_invalid_priv", | |
616 | config => { | |
170cf17b | 617 | acl_root => default_acls(), |
7d1739ad FG |
618 | users => default_users(), |
619 | roles => default_roles_with([$default_cfg->{test_role_privs}]), | |
620 | }, | |
621 | raw => "". | |
622 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
623 | $default_raw->{roles}->{'test_role_privs_invalid'}."\n\n", | |
624 | expected_raw => "". | |
625 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
626 | $default_raw->{roles}->{'test_role_privs'}."\n\n", | |
627 | }, | |
628 | { | |
629 | name => "pool_empty", | |
630 | config => { | |
170cf17b | 631 | acl_root => default_acls(), |
7d1739ad FG |
632 | users => default_users(), |
633 | roles => default_roles(), | |
634 | pools => default_pools_with([$default_cfg->{test_pool_empty}]), | |
635 | }, | |
636 | raw => "". | |
637 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
638 | $default_raw->{pools}->{'test_pool_empty'}."\n\n\n", | |
639 | }, | |
640 | { | |
641 | name => "pool_invalid", | |
642 | config => { | |
170cf17b | 643 | acl_root => default_acls(), |
7d1739ad FG |
644 | users => default_users(), |
645 | roles => default_roles(), | |
646 | pools => default_pools_with([$default_cfg->{test_pool_empty}]), | |
647 | }, | |
648 | raw => "". | |
649 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
650 | $default_raw->{pools}->{'test_pool_invalid'}."\n\n\n", | |
651 | expected_raw => "". | |
652 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
653 | $default_raw->{pools}->{'test_pool_empty'}."\n\n\n", | |
654 | }, | |
655 | { | |
656 | name => "pool_members", | |
657 | config => { | |
170cf17b | 658 | acl_root => default_acls(), |
7d1739ad FG |
659 | users => default_users(), |
660 | roles => default_roles(), | |
661 | pools => default_pools_with([$default_cfg->{test_pool_members}]), | |
662 | vms => default_pool_vms_with([$default_cfg->{test_pool_members}]), | |
663 | }, | |
664 | raw => "". | |
665 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
666 | $default_raw->{pools}->{'test_pool_members'}."\n\n\n", | |
667 | }, | |
668 | { | |
669 | name => "pool_duplicate_members", | |
670 | config => { | |
170cf17b | 671 | acl_root => default_acls(), |
7d1739ad FG |
672 | users => default_users(), |
673 | roles => default_roles(), | |
674 | pools => default_pools_with([$default_cfg->{test_pool_members}, $default_cfg->{test_pool_duplicate_vms}, $default_cfg->{test_pool_duplicate_storages}]), | |
675 | vms => default_pool_vms_with([$default_cfg->{test_pool_members}]), | |
676 | }, | |
677 | raw => "". | |
678 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
679 | $default_raw->{pools}->{'test_pool_members'}."\n". | |
680 | $default_raw->{pools}->{'test_pool_duplicate_vms'}."\n". | |
681 | $default_raw->{pools}->{'test_pool_duplicate_storages'}."\n", | |
682 | expected_raw => "". | |
683 | $default_raw->{users}->{'root@pam'}."\n\n\n". | |
684 | $default_raw->{pools}->{'test_pool_duplicate_storages'}."\n". | |
685 | $default_raw->{pools}->{'test_pool_duplicate_vms_expected'}."\n". | |
686 | $default_raw->{pools}->{'test_pool_members'}."\n\n\n", | |
687 | }, | |
688 | { | |
689 | name => "acl_simple_user", | |
690 | config => { | |
691 | users => default_users_with([$default_cfg->{test_pam}]), | |
692 | roles => default_roles(), | |
170cf17b | 693 | acl_root => default_acls_with([$default_cfg->{acl_simple_user}]), |
7d1739ad FG |
694 | }, |
695 | raw => "". | |
696 | $default_raw->{users}->{'root@pam'}."\n". | |
697 | $default_raw->{users}->{'test_pam'}."\n\n\n\n\n". | |
698 | $default_raw->{acl}->{'acl_simple_user'}."\n", | |
699 | }, | |
700 | { | |
701 | name => "acl_complex_users", | |
702 | config => { | |
703 | users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{'test2_pam'}]), | |
704 | roles => default_roles(), | |
170cf17b | 705 | acl_root => default_acls_with([$default_cfg->{acl_simple_user}, $default_cfg->{acl_complex_users}]), |
7d1739ad FG |
706 | }, |
707 | raw => "". | |
708 | $default_raw->{users}->{'root@pam'}."\n". | |
709 | $default_raw->{users}->{'test2_pam'}."\n". | |
710 | $default_raw->{users}->{'test_pam'}."\n\n\n\n\n". | |
711 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
712 | $default_raw->{acl}->{'acl_complex_users_1'}."\n". | |
713 | $default_raw->{acl}->{'acl_complex_users_2'}."\n", | |
714 | }, | |
715 | { | |
716 | name => "acl_complex_missing_user", | |
717 | config => { | |
718 | users => default_users_with([$default_cfg->{test2_pam}]), | |
719 | roles => default_roles(), | |
170cf17b | 720 | acl_root => default_acls_with([$default_cfg->{acl_simple_user}, $default_cfg->{acl_complex_missing_user}]), |
7d1739ad FG |
721 | }, |
722 | raw => "". | |
723 | $default_raw->{users}->{'root@pam'}."\n". | |
724 | $default_raw->{users}->{'test2_pam'}."\n\n\n\n\n". | |
725 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
726 | $default_raw->{acl}->{'acl_complex_users_1'}."\n". | |
727 | $default_raw->{acl}->{'acl_complex_users_2'}."\n", | |
7d1739ad FG |
728 | }, |
729 | { | |
730 | name => "acl_simple_group", | |
731 | config => { | |
732 | users => default_users_with([$default_cfg->{test_pam_with_group}]), | |
733 | groups => default_groups_with([$default_cfg->{'test_group_single_member'}]), | |
734 | roles => default_roles(), | |
170cf17b | 735 | acl_root => default_acls_with([$default_cfg->{acl_simple_group}]), |
7d1739ad FG |
736 | }, |
737 | raw => "". | |
738 | $default_raw->{users}->{'root@pam'}."\n". | |
739 | $default_raw->{users}->{'test_pam'}."\n\n". | |
740 | $default_raw->{groups}->{'test_group_single_member'}."\n\n\n\n". | |
741 | $default_raw->{acl}->{'acl_simple_group'}."\n", | |
742 | }, | |
743 | { | |
744 | name => "acl_complex_groups", | |
745 | config => { | |
746 | users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]), | |
747 | groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]), | |
748 | roles => default_roles(), | |
170cf17b | 749 | acl_root => default_acls_with([$default_cfg->{acl_simple_group}, $default_cfg->{acl_complex_groups}]), |
7d1739ad FG |
750 | }, |
751 | raw => "". | |
752 | $default_raw->{users}->{'root@pam'}."\n". | |
753 | $default_raw->{users}->{'test2_pam'}."\n". | |
754 | $default_raw->{users}->{'test3_pam'}."\n". | |
755 | $default_raw->{users}->{'test_pam'}."\n\n". | |
756 | $default_raw->{groups}->{'test_group_second'}."\n". | |
757 | $default_raw->{groups}->{'test_group_members'}."\n\n\n\n". | |
758 | $default_raw->{acl}->{'acl_simple_group'}."\n". | |
759 | $default_raw->{acl}->{'acl_complex_groups_1'}."\n". | |
760 | $default_raw->{acl}->{'acl_complex_groups_2'}."\n", | |
761 | }, | |
762 | { | |
763 | name => "acl_complex_missing_group", | |
764 | config => { | |
765 | users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]), | |
766 | groups => default_groups_with([$default_cfg->{'test_group_second'}]), | |
767 | roles => default_roles(), | |
170cf17b | 768 | acl_root => default_acls_with([$default_cfg->{acl_simple_group}, $default_cfg->{acl_complex_missing_group}]), |
7d1739ad FG |
769 | }, |
770 | raw => "". | |
771 | $default_raw->{users}->{'root@pam'}."\n". | |
772 | $default_raw->{users}->{'test2_pam'}."\n". | |
773 | $default_raw->{users}->{'test3_pam'}."\n". | |
774 | $default_raw->{users}->{'test_pam'}."\n\n". | |
775 | $default_raw->{groups}->{'test_group_second'}."\n". | |
776 | $default_raw->{acl}->{'acl_simple_group'}."\n". | |
777 | $default_raw->{acl}->{'acl_complex_groups_1'}."\n". | |
778 | $default_raw->{acl}->{'acl_complex_groups_2'}."\n", | |
779 | expected_raw => "". | |
780 | $default_raw->{users}->{'root@pam'}."\n". | |
781 | $default_raw->{users}->{'test2_pam'}."\n". | |
782 | $default_raw->{users}->{'test3_pam'}."\n". | |
783 | $default_raw->{users}->{'test_pam'}."\n\n". | |
784 | $default_raw->{groups}->{'test_group_second'}."\n\n\n\n". | |
5654260e DC |
785 | $default_raw->{acl}->{'acl_simple_group'}."\n". |
786 | $default_raw->{acl}->{'acl_complex_groups_1'}."\n". | |
7d1739ad FG |
787 | $default_raw->{acl}->{'acl_complex_groups_2'}."\n", |
788 | }, | |
891f7afa FG |
789 | { |
790 | name => "acl_simple_token", | |
791 | config => { | |
792 | users => default_users_with([$default_cfg->{test_pam_with_token}]), | |
793 | roles => default_roles(), | |
170cf17b | 794 | acl_root => default_acls_with([$default_cfg->{acl_simple_token}]), |
891f7afa FG |
795 | }, |
796 | raw => "". | |
797 | $default_raw->{users}->{'root@pam'}."\n". | |
798 | $default_raw->{users}->{'test_pam'}."\n". | |
799 | $default_raw->{tokens}->{'test_token_simple'}."\n\n\n\n\n". | |
800 | $default_raw->{acl}->{'acl_simple_token'}."\n", | |
801 | }, | |
802 | { | |
803 | name => "acl_complex_tokens", | |
804 | config => { | |
805 | users => default_users_with([$default_cfg->{test_pam_with_token}, $default_cfg->{'test_pam2_with_token'}]), | |
806 | roles => default_roles(), | |
170cf17b | 807 | acl_root => default_acls_with([$default_cfg->{acl_simple_token}, $default_cfg->{acl_complex_tokens}]), |
891f7afa FG |
808 | }, |
809 | raw => "". | |
810 | $default_raw->{users}->{'root@pam'}."\n". | |
811 | $default_raw->{users}->{'test2_pam'}."\n". | |
812 | $default_raw->{tokens}->{'test_token_multi_expired'}."\n". | |
813 | $default_raw->{tokens}->{'test_token_multi_full'}."\n". | |
814 | $default_raw->{tokens}->{'test_token_multi_privsep'}."\n". | |
815 | $default_raw->{users}->{'test_pam'}."\n". | |
816 | $default_raw->{tokens}->{'test_token_simple'}."\n\n\n\n\n". | |
817 | $default_raw->{acl}->{'acl_simple_token'}."\n". | |
818 | $default_raw->{acl}->{'acl_complex_tokens_1'}."\n". | |
819 | $default_raw->{acl}->{'acl_complex_tokens_2'}."\n", | |
820 | }, | |
821 | { | |
822 | name => "acl_complex_missing_token", | |
823 | config => { | |
824 | users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{test_pam2_with_token}]), | |
825 | roles => default_roles(), | |
170cf17b | 826 | acl_root => default_acls_with([$default_cfg->{acl_complex_missing_token}]), |
891f7afa FG |
827 | }, |
828 | raw => "". | |
829 | $default_raw->{users}->{'root@pam'}."\n". | |
830 | $default_raw->{users}->{'test2_pam'}."\n". | |
831 | $default_raw->{tokens}->{'test_token_multi_expired'}."\n". | |
832 | $default_raw->{tokens}->{'test_token_multi_full'}."\n". | |
833 | $default_raw->{tokens}->{'test_token_multi_privsep'}."\n". | |
834 | $default_raw->{users}->{'test_pam'}."\n". | |
835 | $default_raw->{acl}->{'acl_simple_token'}."\n". | |
836 | $default_raw->{acl}->{'acl_complex_tokens_1'}."\n". | |
837 | $default_raw->{acl}->{'acl_complex_tokens_2'}."\n", | |
838 | expected_raw => "". | |
839 | $default_raw->{users}->{'root@pam'}."\n". | |
840 | $default_raw->{users}->{'test2_pam'}."\n". | |
841 | $default_raw->{tokens}->{'test_token_multi_expired'}."\n". | |
842 | $default_raw->{tokens}->{'test_token_multi_full'}."\n". | |
843 | $default_raw->{tokens}->{'test_token_multi_privsep'}."\n". | |
844 | $default_raw->{users}->{'test_pam'}."\n\n\n\n\n". | |
845 | $default_raw->{acl}->{'acl_complex_tokens_1_missing'}."\n". | |
846 | $default_raw->{acl}->{'acl_complex_tokens_2'}."\n", | |
847 | }, | |
7d1739ad FG |
848 | { |
849 | name => "acl_missing_role", | |
850 | config => { | |
851 | users => default_users_with([$default_cfg->{test_pam}]), | |
852 | roles => default_roles(), | |
170cf17b | 853 | acl_root => default_acls_with([$default_cfg->{acl_simple_user}]), |
7d1739ad FG |
854 | }, |
855 | raw => "". | |
856 | $default_raw->{users}->{'root@pam'}."\n". | |
857 | $default_raw->{users}->{'test_pam'}."\n\n\n\n\n". | |
858 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
859 | $default_raw->{acl}->{'acl_missing_role'}."\n", | |
21f523a5 FG |
860 | expected_raw => "". |
861 | $default_raw->{users}->{'root@pam'}."\n". | |
862 | $default_raw->{users}->{'test_pam'}."\n\n\n\n\n". | |
863 | $default_raw->{acl}->{'acl_simple_user'}."\n", | |
7d1739ad FG |
864 | }, |
865 | { | |
866 | name => "acl_complex_mixed", | |
867 | config => { | |
868 | users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]), | |
869 | groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]), | |
870 | roles => default_roles(), | |
170cf17b | 871 | acl_root => default_acls_with([ |
7d1739ad FG |
872 | $default_cfg->{acl_complex_mixed_root}, |
873 | $default_cfg->{acl_complex_mixed_storage}, | |
874 | ]), | |
875 | }, | |
876 | raw => "". | |
877 | $default_raw->{users}->{'root@pam'}."\n". | |
878 | $default_raw->{users}->{'test2_pam'}."\n". | |
879 | $default_raw->{users}->{'test3_pam'}."\n". | |
880 | $default_raw->{users}->{'test_pam'}."\n\n". | |
881 | $default_raw->{groups}->{'test_group_second'}."\n". | |
882 | $default_raw->{groups}->{'test_group_members'}."\n\n\n\n". | |
883 | $default_raw->{acl}->{'acl_simple_group'}."\n". | |
884 | $default_raw->{acl}->{'acl_complex_groups_1'}."\n". | |
885 | $default_raw->{acl}->{'acl_complex_groups_2'}."\n". | |
886 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
887 | $default_raw->{acl}->{'acl_complex_users_1'}."\n". | |
888 | $default_raw->{acl}->{'acl_complex_users_2'}."\n", | |
889 | expected_raw => "". | |
890 | $default_raw->{users}->{'root@pam'}."\n". | |
891 | $default_raw->{users}->{'test2_pam'}."\n". | |
892 | $default_raw->{users}->{'test3_pam'}."\n". | |
893 | $default_raw->{users}->{'test_pam'}."\n\n". | |
894 | $default_raw->{groups}->{'test_group_second'}."\n". | |
895 | $default_raw->{groups}->{'test_group_members'}."\n\n\n\n". | |
896 | $default_raw->{acl}->{'acl_complex_mixed_1'}."\n". | |
897 | $default_raw->{acl}->{'acl_complex_mixed_2'}."\n". | |
898 | $default_raw->{acl}->{'acl_complex_mixed_3'}."\n", | |
899 | }, | |
900 | { | |
901 | name => "acl_complex_mixed_prop_noprop_no_merge_sort_by_path", | |
902 | config => { | |
903 | users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]), | |
904 | groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]), | |
905 | roles => default_roles(), | |
170cf17b | 906 | acl_root => default_acls_with([ |
7d1739ad FG |
907 | $default_cfg->{acl_complex_mixed_root_noprop}, |
908 | $default_cfg->{acl_complex_mixed_storage_noprop}, | |
909 | ]), | |
910 | }, | |
911 | raw => "". | |
912 | $default_raw->{users}->{'root@pam'}."\n". | |
913 | $default_raw->{users}->{'test2_pam'}."\n". | |
914 | $default_raw->{users}->{'test3_pam'}."\n". | |
915 | $default_raw->{users}->{'test_pam'}."\n\n". | |
916 | $default_raw->{groups}->{'test_group_second'}."\n". | |
917 | $default_raw->{groups}->{'test_group_members'}."\n\n\n\n". | |
918 | $default_raw->{acl}->{'acl_simple_group_noprop'}."\n". | |
919 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
920 | $default_raw->{acl}->{'acl_complex_groups_1_noprop'}."\n". | |
921 | $default_raw->{acl}->{'acl_complex_groups_2_noprop'}."\n". | |
922 | $default_raw->{acl}->{'acl_complex_users_1'}."\n". | |
923 | $default_raw->{acl}->{'acl_complex_users_2'}."\n", | |
924 | }, | |
925 | { | |
926 | name => "sort_roles_and_privs", | |
927 | raw => "". | |
928 | $default_raw->{users}->{'root@pam'}."\n". | |
929 | $default_raw->{roles}->{'test_role_single_priv'}."\n\n". | |
930 | $default_raw->{roles}->{'test_role_privs_out_of_order'}."\n\n", | |
931 | expected_raw => "". | |
932 | $default_raw->{users}->{'root@pam'}."\n\n\n\n". | |
933 | $default_raw->{roles}->{'test_role_privs'}."\n". | |
934 | $default_raw->{roles}->{'test_role_single_priv'}."\n\n", | |
935 | }, | |
936 | { | |
937 | name => "sort_users_and_group_members", | |
938 | raw => "". | |
939 | $default_raw->{users}->{'test2_pam'}."\n". | |
940 | $default_raw->{users}->{'root@pam'}."\n". | |
941 | $default_raw->{users}->{'test_pam'}."\n\n". | |
942 | $default_raw->{groups}->{'test_group_members_out_of_order'}."\n\n". | |
943 | "\n\n", | |
944 | expected_raw => "". | |
945 | $default_raw->{users}->{'root@pam'}."\n". | |
946 | $default_raw->{users}->{'test2_pam'}."\n". | |
947 | $default_raw->{users}->{'test_pam'}."\n\n". | |
948 | $default_raw->{groups}->{'test_group_members'}."\n\n". | |
949 | "\n\n", | |
950 | }, | |
951 | { | |
952 | name => "sort_user_groups_and_acls", | |
953 | raw => "". | |
954 | $default_raw->{users}->{'test2_pam'}."\n". | |
955 | $default_raw->{users}->{'root@pam'}."\n". | |
956 | $default_raw->{users}->{'test_pam'}."\n\n". | |
957 | $default_raw->{users}->{'test3_pam'}."\n". | |
958 | $default_raw->{groups}->{'test_group_members_out_of_order'}."\n\n\n\n". | |
959 | $default_raw->{groups}->{'test_group_second'}."\n". | |
960 | $default_raw->{acl}->{'acl_simple_user'}."\n". | |
961 | $default_raw->{acl}->{'acl_simple_group'}."\n". | |
962 | $default_raw->{acl}->{'acl_complex_users_1'}."\n". | |
963 | $default_raw->{acl}->{'acl_complex_users_2'}."\n". | |
964 | $default_raw->{acl}->{'acl_complex_groups_1'}."\n". | |
965 | $default_raw->{acl}->{'acl_complex_groups_2'}."\n", | |
966 | expected_raw => "". | |
967 | $default_raw->{users}->{'root@pam'}."\n". | |
968 | $default_raw->{users}->{'test2_pam'}."\n". | |
969 | $default_raw->{users}->{'test3_pam'}."\n". | |
970 | $default_raw->{users}->{'test_pam'}."\n\n". | |
971 | $default_raw->{groups}->{'test_group_second'}."\n". | |
972 | $default_raw->{groups}->{'test_group_members'}."\n\n\n\n". | |
973 | $default_raw->{acl}->{'acl_complex_mixed_1'}."\n". | |
974 | $default_raw->{acl}->{'acl_complex_mixed_2'}."\n". | |
975 | $default_raw->{acl}->{'acl_complex_mixed_3'}."\n", | |
976 | }, | |
977 | { | |
978 | name => 'default_values', | |
979 | config => { | |
980 | users => { | |
981 | 'root@pam' => { | |
982 | enable => 0, | |
983 | expire => 0, | |
984 | email => undef, | |
985 | }, | |
986 | 'test@pam' => { | |
987 | enable => 0, | |
988 | expire => 0, | |
989 | email => undef, | |
891f7afa FG |
990 | tokens => { |
991 | 'test' => { | |
992 | expire => 0, | |
993 | privsep => 0, | |
994 | }, | |
995 | }, | |
7d1739ad FG |
996 | }, |
997 | }, | |
998 | roles => default_roles_with([{ id => 'testrole' }]), | |
999 | groups => default_groups_with([$default_cfg->{test_group_empty}]), | |
1000 | pools => default_pools_with([$default_cfg->{test_pool_empty}]), | |
170cf17b | 1001 | acl_root => {}, |
7d1739ad FG |
1002 | }, |
1003 | raw => "". | |
1004 | 'user:root@pam'."\n". | |
891f7afa FG |
1005 | 'user:test@pam'."\n". |
1006 | 'token:test@pam!test'."\n\n". | |
7d1739ad FG |
1007 | 'group:testgroup'."\n\n". |
1008 | 'pool:testpool'."\n\n". | |
1009 | 'role:testrole'."\n\n". | |
1010 | 'acl::/:', | |
1011 | expected_raw => "". | |
1012 | 'user:root@pam:0:0::::::'."\n". | |
891f7afa FG |
1013 | 'user:test@pam:0:0::::::'."\n". |
1014 | 'token:test@pam!test:0:0::'."\n\n". | |
7d1739ad FG |
1015 | 'group:testgroup:::'."\n\n". |
1016 | 'pool:testpool::::'."\n\n". | |
1017 | 'role:testrole::'."\n\n", | |
1018 | }, | |
1019 | ]; | |
1020 | ||
1021 | ||
1022 | my $number_of_tests_run = 0; | |
1023 | foreach my $t (@$tests) { | |
1024 | my $expected_config = $t->{expected_config} // $t->{config}; | |
1025 | my $expected_raw = $t->{expected_raw} // $t->{raw}; | |
1026 | if (defined($t->{raw})) { | |
1027 | my $parsed = PVE::AccessControl::parse_user_config($t->{name}, $t->{raw}); | |
1028 | if (defined($expected_config)) { | |
1029 | is_deeply($parsed, $expected_config, "$t->{name}_parse"); | |
1030 | $number_of_tests_run++; | |
1031 | } | |
1032 | if (defined($t->{expected_raw}) && !defined($t->{config})) { | |
1033 | is(PVE::AccessControl::write_user_config($t->{name}, $parsed), $t->{expected_raw}, "$t->{name}_rewrite"); | |
1034 | $number_of_tests_run++; | |
1035 | } | |
1036 | ||
1037 | } | |
1038 | if (defined($t->{config})) { | |
1039 | my $written = PVE::AccessControl::write_user_config($t->{name}, $t->{config}); | |
1040 | if (defined($expected_raw)) { | |
1041 | is($written, $expected_raw, "$t->{name}_write"); | |
1042 | $number_of_tests_run++; | |
1043 | } | |
1044 | if (defined($t->{expected_config}) && !defined($t->{raw})) { | |
1045 | is_deeply(PVE::AccessControl::parse_user_config($t->{name}, $t->{written}), $t->{expected_config}, "$t->{name}_reparse"); | |
1046 | $number_of_tests_run++; | |
1047 | } | |
1048 | } | |
1049 | }; | |
1050 | ||
1051 | done_testing( $number_of_tests_run); |