]>
Commit | Line | Data |
---|---|---|
dcdf5789 DC |
1 | #!/usr/bin/perl |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Test::MockModule; | |
7 | use Test::More; | |
8 | use Storable qw(dclone); | |
9 | ||
10 | use PVE::AccessControl; | |
11 | use PVE::API2::Domains; | |
12 | ||
13 | my $domainscfg = { | |
14 | ids => { | |
15 | "pam" => { type => 'pam' }, | |
16 | "pve" => { type => 'pve' }, | |
17 | "syncedrealm" => { type => 'ldap' } | |
18 | }, | |
19 | }; | |
20 | ||
21 | my $initialusercfg = { | |
22 | users => { | |
23 | 'root@pam' => { username => 'root', }, | |
24 | 'user1@syncedrealm' => { | |
25 | username => 'user1', | |
26 | enable => 1, | |
27 | 'keys' => 'some', | |
28 | }, | |
29 | 'user2@syncedrealm' => { | |
30 | username => 'user2', | |
31 | enable => 1, | |
32 | }, | |
33 | 'user3@syncedrealm' => { | |
34 | username => 'user3', | |
35 | enable => 1, | |
36 | }, | |
37 | }, | |
38 | groups => { | |
39 | 'group1-syncedrealm' => { users => {}, }, | |
40 | 'group2-syncedrealm' => { users => {}, }, | |
41 | }, | |
170cf17b FG |
42 | acl_root => { |
43 | users => { | |
44 | 'user3@syncedrealm' => {}, | |
dcdf5789 | 45 | }, |
170cf17b | 46 | groups => {}, |
dcdf5789 DC |
47 | }, |
48 | }; | |
49 | ||
50 | my $sync_response = { | |
51 | user => [ | |
52 | { | |
53 | attributes => { 'uid' => ['user1'], }, | |
54 | dn => 'uid=user1,dc=syncedrealm', | |
55 | }, | |
56 | { | |
57 | attributes => { 'uid' => ['user2'], }, | |
58 | dn => 'uid=user2,dc=syncedrealm', | |
59 | }, | |
60 | { | |
61 | attributes => { 'uid' => ['user4'], }, | |
62 | dn => 'uid=user4,dc=syncedrealm', | |
63 | }, | |
64 | ], | |
65 | groups => [ | |
66 | { | |
67 | dn => 'dc=group1,dc=syncedrealm', | |
68 | members => [ | |
69 | 'uid=user1,dc=syncedrealm', | |
70 | ], | |
71 | }, | |
72 | { | |
73 | dn => 'dc=group3,dc=syncedrealm', | |
74 | members => [ | |
75 | 'uid=nonexisting,dc=syncedrealm', | |
76 | ], | |
77 | } | |
78 | ], | |
79 | }; | |
80 | ||
81 | my $returned_user_cfg = {}; | |
82 | ||
83 | # mocking all cluster and ldap operations | |
84 | my $pve_cluster_module = Test::MockModule->new('PVE::Cluster'); | |
85 | $pve_cluster_module->mock( | |
86 | cfs_update => sub {}, | |
87 | cfs_read_file => sub { | |
88 | my ($filename) = @_; | |
89 | if ($filename eq 'domains.cfg') { return dclone($domainscfg); } | |
90 | if ($filename eq 'user.cfg') { return dclone($initialusercfg); } | |
91 | die "unexpected cfs_read_file"; | |
92 | }, | |
93 | cfs_write_file => sub { | |
94 | my ($filename, $data) = @_; | |
95 | if ($filename eq 'user.cfg') { | |
96 | $returned_user_cfg = $data; | |
97 | return; | |
98 | } | |
99 | die "unexpected cfs_read_file"; | |
100 | }, | |
101 | cfs_lock_file => sub { | |
102 | my ($filename, $timeout, $code) = @_; | |
103 | return $code->(); | |
104 | }, | |
105 | ); | |
106 | ||
107 | my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains'); | |
108 | $pve_api_domains->mock( | |
109 | cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); }, | |
110 | cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); }, | |
111 | ); | |
112 | ||
113 | my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl'); | |
114 | $pve_accesscontrol->mock( | |
115 | cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); }, | |
116 | ); | |
117 | ||
118 | my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment'); | |
119 | $pve_rpcenvironment->mock( | |
120 | get => sub { return bless {}, 'PVE::RPCEnvironment'; }, | |
121 | get_user => sub { return 'root@pam'; }, | |
122 | fork_worker => sub { | |
123 | my ($class, $workertype, $id, $user, $code) = @_; | |
124 | ||
125 | return $code->(); | |
126 | }, | |
127 | ); | |
128 | ||
129 | my $pve_ldap_module = Test::MockModule->new('PVE::LDAP'); | |
130 | $pve_ldap_module->mock( | |
131 | ldap_connect => sub { return {}; }, | |
132 | ldap_bind => sub {}, | |
133 | query_users => sub { | |
134 | return $sync_response->{user}; | |
135 | }, | |
136 | query_groups => sub { | |
137 | return $sync_response->{groups}; | |
138 | }, | |
139 | ); | |
140 | ||
141 | my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP'); | |
142 | $pve_auth_ldap->mock( | |
143 | connect_and_bind => sub { return {}; }, | |
144 | ); | |
145 | ||
146 | my $tests = [ | |
147 | [ | |
148 | "non-full without purge", | |
149 | { | |
150 | realm => 'syncedrealm', | |
dcdf5789 DC |
151 | scope => 'both', |
152 | }, | |
153 | { | |
154 | users => { | |
155 | 'root@pam' => { username => 'root', }, | |
156 | 'user1@syncedrealm' => { | |
157 | username => 'user1', | |
158 | enable => 1, | |
159 | 'keys' => 'some', | |
160 | }, | |
161 | 'user2@syncedrealm' => { | |
162 | username => 'user2', | |
163 | enable => 1, | |
164 | }, | |
165 | 'user3@syncedrealm' => { | |
166 | username => 'user3', | |
167 | enable => 1, | |
168 | }, | |
169 | 'user4@syncedrealm' => { | |
170 | username => 'user4', | |
171 | enable => 1, | |
172 | }, | |
173 | }, | |
174 | groups => { | |
175 | 'group1-syncedrealm' => { | |
176 | users => { | |
177 | 'user1@syncedrealm' => 1, | |
178 | }, | |
179 | }, | |
180 | 'group2-syncedrealm' => { users => {}, }, | |
181 | 'group3-syncedrealm' => { users => {}, }, | |
182 | }, | |
170cf17b FG |
183 | acl_root => { |
184 | users => { | |
185 | 'user3@syncedrealm' => {}, | |
dcdf5789 | 186 | }, |
170cf17b | 187 | groups => {}, |
dcdf5789 DC |
188 | }, |
189 | }, | |
190 | ], | |
191 | [ | |
192 | "full without purge", | |
193 | { | |
194 | realm => 'syncedrealm', | |
2f58f671 | 195 | 'remove-vanished' => 'entry;properties', |
dcdf5789 DC |
196 | scope => 'both', |
197 | }, | |
198 | { | |
199 | users => { | |
200 | 'root@pam' => { username => 'root', }, | |
201 | 'user1@syncedrealm' => { | |
202 | username => 'user1', | |
203 | enable => 1, | |
204 | }, | |
205 | 'user2@syncedrealm' => { | |
206 | username => 'user2', | |
207 | enable => 1, | |
208 | }, | |
209 | 'user4@syncedrealm' => { | |
210 | username => 'user4', | |
211 | enable => 1, | |
212 | }, | |
213 | }, | |
214 | groups => { | |
215 | 'group1-syncedrealm' => { | |
216 | users => { | |
217 | 'user1@syncedrealm' => 1, | |
218 | }, | |
219 | }, | |
220 | 'group3-syncedrealm' => { users => {}, } | |
221 | }, | |
170cf17b FG |
222 | acl_root => { |
223 | users => { | |
224 | 'user3@syncedrealm' => {}, | |
dcdf5789 | 225 | }, |
170cf17b | 226 | groups => {}, |
dcdf5789 DC |
227 | }, |
228 | }, | |
229 | ], | |
230 | [ | |
231 | "non-full with purge", | |
232 | { | |
233 | realm => 'syncedrealm', | |
2f58f671 | 234 | 'remove-vanished' => 'acl', |
dcdf5789 DC |
235 | scope => 'both', |
236 | }, | |
237 | { | |
238 | users => { | |
239 | 'root@pam' => { username => 'root', }, | |
240 | 'user1@syncedrealm' => { | |
241 | username => 'user1', | |
242 | enable => 1, | |
243 | 'keys' => 'some', | |
244 | }, | |
245 | 'user2@syncedrealm' => { | |
246 | username => 'user2', | |
247 | enable => 1, | |
248 | }, | |
249 | 'user3@syncedrealm' => { | |
250 | username => 'user3', | |
251 | enable => 1, | |
252 | }, | |
253 | 'user4@syncedrealm' => { | |
254 | username => 'user4', | |
255 | enable => 1, | |
256 | }, | |
257 | }, | |
258 | groups => { | |
259 | 'group1-syncedrealm' => { | |
260 | users => { | |
261 | 'user1@syncedrealm' => 1, | |
262 | }, | |
263 | }, | |
264 | 'group2-syncedrealm' => { users => {}, }, | |
265 | 'group3-syncedrealm' => { users => {}, }, | |
266 | }, | |
170cf17b FG |
267 | acl_root => { |
268 | users => {}, | |
269 | groups => {}, | |
dcdf5789 DC |
270 | }, |
271 | }, | |
272 | ], | |
273 | [ | |
274 | "full with purge", | |
275 | { | |
276 | realm => 'syncedrealm', | |
2f58f671 | 277 | 'remove-vanished' => 'acl;entry;properties', |
dcdf5789 DC |
278 | scope => 'both', |
279 | }, | |
280 | { | |
281 | users => { | |
282 | 'root@pam' => { username => 'root', }, | |
283 | 'user1@syncedrealm' => { | |
284 | username => 'user1', | |
285 | enable => 1, | |
286 | }, | |
287 | 'user2@syncedrealm' => { | |
288 | username => 'user2', | |
289 | enable => 1, | |
290 | }, | |
291 | 'user4@syncedrealm' => { | |
292 | username => 'user4', | |
293 | enable => 1, | |
294 | }, | |
295 | }, | |
296 | groups => { | |
297 | 'group1-syncedrealm' => { | |
298 | users => { | |
299 | 'user1@syncedrealm' => 1, | |
300 | }, | |
301 | }, | |
302 | 'group3-syncedrealm' => { users => {}, }, | |
303 | }, | |
170cf17b FG |
304 | acl_root => { |
305 | users => {}, | |
306 | groups => {}, | |
dcdf5789 DC |
307 | }, |
308 | }, | |
309 | ], | |
fa2afa15 DC |
310 | [ |
311 | "don't delete properties, but users and acls", | |
312 | { | |
313 | realm => 'syncedrealm', | |
314 | 'remove-vanished' => 'acl;entry', | |
315 | scope => 'both', | |
316 | }, | |
317 | { | |
318 | users => { | |
319 | 'root@pam' => { username => 'root', }, | |
320 | 'user1@syncedrealm' => { | |
321 | username => 'user1', | |
322 | enable => 1, | |
323 | 'keys' => 'some', | |
324 | }, | |
325 | 'user2@syncedrealm' => { | |
326 | username => 'user2', | |
327 | enable => 1, | |
328 | }, | |
329 | 'user4@syncedrealm' => { | |
330 | username => 'user4', | |
331 | enable => 1, | |
332 | }, | |
333 | }, | |
334 | groups => { | |
335 | 'group1-syncedrealm' => { | |
336 | users => { | |
337 | 'user1@syncedrealm' => 1, | |
338 | }, | |
339 | }, | |
340 | 'group3-syncedrealm' => { users => {}, }, | |
341 | }, | |
170cf17b FG |
342 | acl_root => { |
343 | users => {}, | |
344 | groups => {}, | |
fa2afa15 DC |
345 | }, |
346 | }, | |
347 | ], | |
dcdf5789 DC |
348 | ]; |
349 | ||
350 | for my $test (@$tests) { | |
351 | my $name = $test->[0]; | |
352 | my $parameters = $test->[1]; | |
353 | my $expected = $test->[2]; | |
354 | $returned_user_cfg = {}; | |
355 | PVE::API2::Domains->sync($parameters); | |
356 | is_deeply($returned_user_cfg, $expected, $name); | |
357 | } | |
358 | ||
359 | done_testing(); |