]>
Commit | Line | Data |
---|---|---|
dcdf5789 DC |
1 | #!/usr/bin/perl |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Test::MockModule; | |
7 | use Test::More; | |
8 | use Storable qw(dclone); | |
9 | ||
10 | use PVE::AccessControl; | |
11 | use PVE::API2::Domains; | |
12 | ||
13 | my $domainscfg = { | |
14 | ids => { | |
15 | "pam" => { type => 'pam' }, | |
16 | "pve" => { type => 'pve' }, | |
17 | "syncedrealm" => { type => 'ldap' } | |
18 | }, | |
19 | }; | |
20 | ||
21 | my $initialusercfg = { | |
22 | users => { | |
23 | 'root@pam' => { username => 'root', }, | |
24 | 'user1@syncedrealm' => { | |
25 | username => 'user1', | |
26 | enable => 1, | |
27 | 'keys' => 'some', | |
28 | }, | |
29 | 'user2@syncedrealm' => { | |
30 | username => 'user2', | |
31 | enable => 1, | |
32 | }, | |
33 | 'user3@syncedrealm' => { | |
34 | username => 'user3', | |
35 | enable => 1, | |
36 | }, | |
37 | }, | |
38 | groups => { | |
39 | 'group1-syncedrealm' => { users => {}, }, | |
40 | 'group2-syncedrealm' => { users => {}, }, | |
41 | }, | |
42 | acl => { | |
43 | '/' => { | |
44 | users => { | |
45 | 'user3@syncedrealm' => {}, | |
46 | }, | |
47 | groups => {}, | |
48 | }, | |
49 | }, | |
50 | }; | |
51 | ||
52 | my $sync_response = { | |
53 | user => [ | |
54 | { | |
55 | attributes => { 'uid' => ['user1'], }, | |
56 | dn => 'uid=user1,dc=syncedrealm', | |
57 | }, | |
58 | { | |
59 | attributes => { 'uid' => ['user2'], }, | |
60 | dn => 'uid=user2,dc=syncedrealm', | |
61 | }, | |
62 | { | |
63 | attributes => { 'uid' => ['user4'], }, | |
64 | dn => 'uid=user4,dc=syncedrealm', | |
65 | }, | |
66 | ], | |
67 | groups => [ | |
68 | { | |
69 | dn => 'dc=group1,dc=syncedrealm', | |
70 | members => [ | |
71 | 'uid=user1,dc=syncedrealm', | |
72 | ], | |
73 | }, | |
74 | { | |
75 | dn => 'dc=group3,dc=syncedrealm', | |
76 | members => [ | |
77 | 'uid=nonexisting,dc=syncedrealm', | |
78 | ], | |
79 | } | |
80 | ], | |
81 | }; | |
82 | ||
83 | my $returned_user_cfg = {}; | |
84 | ||
85 | # mocking all cluster and ldap operations | |
86 | my $pve_cluster_module = Test::MockModule->new('PVE::Cluster'); | |
87 | $pve_cluster_module->mock( | |
88 | cfs_update => sub {}, | |
89 | cfs_read_file => sub { | |
90 | my ($filename) = @_; | |
91 | if ($filename eq 'domains.cfg') { return dclone($domainscfg); } | |
92 | if ($filename eq 'user.cfg') { return dclone($initialusercfg); } | |
93 | die "unexpected cfs_read_file"; | |
94 | }, | |
95 | cfs_write_file => sub { | |
96 | my ($filename, $data) = @_; | |
97 | if ($filename eq 'user.cfg') { | |
98 | $returned_user_cfg = $data; | |
99 | return; | |
100 | } | |
101 | die "unexpected cfs_read_file"; | |
102 | }, | |
103 | cfs_lock_file => sub { | |
104 | my ($filename, $timeout, $code) = @_; | |
105 | return $code->(); | |
106 | }, | |
107 | ); | |
108 | ||
109 | my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains'); | |
110 | $pve_api_domains->mock( | |
111 | cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); }, | |
112 | cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); }, | |
113 | ); | |
114 | ||
115 | my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl'); | |
116 | $pve_accesscontrol->mock( | |
117 | cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); }, | |
118 | ); | |
119 | ||
120 | my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment'); | |
121 | $pve_rpcenvironment->mock( | |
122 | get => sub { return bless {}, 'PVE::RPCEnvironment'; }, | |
123 | get_user => sub { return 'root@pam'; }, | |
124 | fork_worker => sub { | |
125 | my ($class, $workertype, $id, $user, $code) = @_; | |
126 | ||
127 | return $code->(); | |
128 | }, | |
129 | ); | |
130 | ||
131 | my $pve_ldap_module = Test::MockModule->new('PVE::LDAP'); | |
132 | $pve_ldap_module->mock( | |
133 | ldap_connect => sub { return {}; }, | |
134 | ldap_bind => sub {}, | |
135 | query_users => sub { | |
136 | return $sync_response->{user}; | |
137 | }, | |
138 | query_groups => sub { | |
139 | return $sync_response->{groups}; | |
140 | }, | |
141 | ); | |
142 | ||
143 | my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP'); | |
144 | $pve_auth_ldap->mock( | |
145 | connect_and_bind => sub { return {}; }, | |
146 | ); | |
147 | ||
148 | my $tests = [ | |
149 | [ | |
150 | "non-full without purge", | |
151 | { | |
152 | realm => 'syncedrealm', | |
dcdf5789 DC |
153 | scope => 'both', |
154 | }, | |
155 | { | |
156 | users => { | |
157 | 'root@pam' => { username => 'root', }, | |
158 | 'user1@syncedrealm' => { | |
159 | username => 'user1', | |
160 | enable => 1, | |
161 | 'keys' => 'some', | |
162 | }, | |
163 | 'user2@syncedrealm' => { | |
164 | username => 'user2', | |
165 | enable => 1, | |
166 | }, | |
167 | 'user3@syncedrealm' => { | |
168 | username => 'user3', | |
169 | enable => 1, | |
170 | }, | |
171 | 'user4@syncedrealm' => { | |
172 | username => 'user4', | |
173 | enable => 1, | |
174 | }, | |
175 | }, | |
176 | groups => { | |
177 | 'group1-syncedrealm' => { | |
178 | users => { | |
179 | 'user1@syncedrealm' => 1, | |
180 | }, | |
181 | }, | |
182 | 'group2-syncedrealm' => { users => {}, }, | |
183 | 'group3-syncedrealm' => { users => {}, }, | |
184 | }, | |
185 | acl => { | |
186 | '/' => { | |
187 | users => { | |
188 | 'user3@syncedrealm' => {}, | |
189 | }, | |
190 | groups => {}, | |
191 | }, | |
192 | }, | |
193 | }, | |
194 | ], | |
195 | [ | |
196 | "full without purge", | |
197 | { | |
198 | realm => 'syncedrealm', | |
2f58f671 | 199 | 'remove-vanished' => 'entry;properties', |
dcdf5789 DC |
200 | scope => 'both', |
201 | }, | |
202 | { | |
203 | users => { | |
204 | 'root@pam' => { username => 'root', }, | |
205 | 'user1@syncedrealm' => { | |
206 | username => 'user1', | |
207 | enable => 1, | |
208 | }, | |
209 | 'user2@syncedrealm' => { | |
210 | username => 'user2', | |
211 | enable => 1, | |
212 | }, | |
213 | 'user4@syncedrealm' => { | |
214 | username => 'user4', | |
215 | enable => 1, | |
216 | }, | |
217 | }, | |
218 | groups => { | |
219 | 'group1-syncedrealm' => { | |
220 | users => { | |
221 | 'user1@syncedrealm' => 1, | |
222 | }, | |
223 | }, | |
224 | 'group3-syncedrealm' => { users => {}, } | |
225 | }, | |
226 | acl => { | |
227 | '/' => { | |
228 | users => { | |
229 | 'user3@syncedrealm' => {}, | |
230 | }, | |
231 | groups => {}, | |
232 | }, | |
233 | }, | |
234 | }, | |
235 | ], | |
236 | [ | |
237 | "non-full with purge", | |
238 | { | |
239 | realm => 'syncedrealm', | |
2f58f671 | 240 | 'remove-vanished' => 'acl', |
dcdf5789 DC |
241 | scope => 'both', |
242 | }, | |
243 | { | |
244 | users => { | |
245 | 'root@pam' => { username => 'root', }, | |
246 | 'user1@syncedrealm' => { | |
247 | username => 'user1', | |
248 | enable => 1, | |
249 | 'keys' => 'some', | |
250 | }, | |
251 | 'user2@syncedrealm' => { | |
252 | username => 'user2', | |
253 | enable => 1, | |
254 | }, | |
255 | 'user3@syncedrealm' => { | |
256 | username => 'user3', | |
257 | enable => 1, | |
258 | }, | |
259 | 'user4@syncedrealm' => { | |
260 | username => 'user4', | |
261 | enable => 1, | |
262 | }, | |
263 | }, | |
264 | groups => { | |
265 | 'group1-syncedrealm' => { | |
266 | users => { | |
267 | 'user1@syncedrealm' => 1, | |
268 | }, | |
269 | }, | |
270 | 'group2-syncedrealm' => { users => {}, }, | |
271 | 'group3-syncedrealm' => { users => {}, }, | |
272 | }, | |
273 | acl => { | |
274 | '/' => { | |
98df2ebc | 275 | users => {}, |
dcdf5789 DC |
276 | groups => {}, |
277 | }, | |
278 | }, | |
279 | }, | |
280 | ], | |
281 | [ | |
282 | "full with purge", | |
283 | { | |
284 | realm => 'syncedrealm', | |
2f58f671 | 285 | 'remove-vanished' => 'acl;entry;properties', |
dcdf5789 DC |
286 | scope => 'both', |
287 | }, | |
288 | { | |
289 | users => { | |
290 | 'root@pam' => { username => 'root', }, | |
291 | 'user1@syncedrealm' => { | |
292 | username => 'user1', | |
293 | enable => 1, | |
294 | }, | |
295 | 'user2@syncedrealm' => { | |
296 | username => 'user2', | |
297 | enable => 1, | |
298 | }, | |
299 | 'user4@syncedrealm' => { | |
300 | username => 'user4', | |
301 | enable => 1, | |
302 | }, | |
303 | }, | |
304 | groups => { | |
305 | 'group1-syncedrealm' => { | |
306 | users => { | |
307 | 'user1@syncedrealm' => 1, | |
308 | }, | |
309 | }, | |
310 | 'group3-syncedrealm' => { users => {}, }, | |
311 | }, | |
312 | acl => { | |
313 | '/' => { | |
314 | users => {}, | |
315 | groups => {}, | |
316 | }, | |
317 | }, | |
318 | }, | |
319 | ], | |
fa2afa15 DC |
320 | [ |
321 | "don't delete properties, but users and acls", | |
322 | { | |
323 | realm => 'syncedrealm', | |
324 | 'remove-vanished' => 'acl;entry', | |
325 | scope => 'both', | |
326 | }, | |
327 | { | |
328 | users => { | |
329 | 'root@pam' => { username => 'root', }, | |
330 | 'user1@syncedrealm' => { | |
331 | username => 'user1', | |
332 | enable => 1, | |
333 | 'keys' => 'some', | |
334 | }, | |
335 | 'user2@syncedrealm' => { | |
336 | username => 'user2', | |
337 | enable => 1, | |
338 | }, | |
339 | 'user4@syncedrealm' => { | |
340 | username => 'user4', | |
341 | enable => 1, | |
342 | }, | |
343 | }, | |
344 | groups => { | |
345 | 'group1-syncedrealm' => { | |
346 | users => { | |
347 | 'user1@syncedrealm' => 1, | |
348 | }, | |
349 | }, | |
350 | 'group3-syncedrealm' => { users => {}, }, | |
351 | }, | |
352 | acl => { | |
353 | '/' => { | |
354 | users => {}, | |
355 | groups => {}, | |
356 | }, | |
357 | }, | |
358 | }, | |
359 | ], | |
dcdf5789 DC |
360 | ]; |
361 | ||
362 | for my $test (@$tests) { | |
363 | my $name = $test->[0]; | |
364 | my $parameters = $test->[1]; | |
365 | my $expected = $test->[2]; | |
366 | $returned_user_cfg = {}; | |
367 | PVE::API2::Domains->sync($parameters); | |
368 | is_deeply($returned_user_cfg, $expected, $name); | |
369 | } | |
370 | ||
371 | done_testing(); |