]>
Commit | Line | Data |
---|---|---|
dcdf5789 DC |
1 | #!/usr/bin/perl |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use Test::MockModule; | |
7 | use Test::More; | |
8 | use Storable qw(dclone); | |
9 | ||
10 | use PVE::AccessControl; | |
11 | use PVE::API2::Domains; | |
12 | ||
13 | my $domainscfg = { | |
14 | ids => { | |
15 | "pam" => { type => 'pam' }, | |
16 | "pve" => { type => 'pve' }, | |
17 | "syncedrealm" => { type => 'ldap' } | |
18 | }, | |
19 | }; | |
20 | ||
21 | my $initialusercfg = { | |
22 | users => { | |
23 | 'root@pam' => { username => 'root', }, | |
24 | 'user1@syncedrealm' => { | |
25 | username => 'user1', | |
26 | enable => 1, | |
27 | 'keys' => 'some', | |
28 | }, | |
29 | 'user2@syncedrealm' => { | |
30 | username => 'user2', | |
31 | enable => 1, | |
32 | }, | |
33 | 'user3@syncedrealm' => { | |
34 | username => 'user3', | |
35 | enable => 1, | |
36 | }, | |
37 | }, | |
38 | groups => { | |
39 | 'group1-syncedrealm' => { users => {}, }, | |
40 | 'group2-syncedrealm' => { users => {}, }, | |
41 | }, | |
42 | acl => { | |
43 | '/' => { | |
44 | users => { | |
45 | 'user3@syncedrealm' => {}, | |
46 | }, | |
47 | groups => {}, | |
48 | }, | |
49 | }, | |
50 | }; | |
51 | ||
52 | my $sync_response = { | |
53 | user => [ | |
54 | { | |
55 | attributes => { 'uid' => ['user1'], }, | |
56 | dn => 'uid=user1,dc=syncedrealm', | |
57 | }, | |
58 | { | |
59 | attributes => { 'uid' => ['user2'], }, | |
60 | dn => 'uid=user2,dc=syncedrealm', | |
61 | }, | |
62 | { | |
63 | attributes => { 'uid' => ['user4'], }, | |
64 | dn => 'uid=user4,dc=syncedrealm', | |
65 | }, | |
66 | ], | |
67 | groups => [ | |
68 | { | |
69 | dn => 'dc=group1,dc=syncedrealm', | |
70 | members => [ | |
71 | 'uid=user1,dc=syncedrealm', | |
72 | ], | |
73 | }, | |
74 | { | |
75 | dn => 'dc=group3,dc=syncedrealm', | |
76 | members => [ | |
77 | 'uid=nonexisting,dc=syncedrealm', | |
78 | ], | |
79 | } | |
80 | ], | |
81 | }; | |
82 | ||
83 | my $returned_user_cfg = {}; | |
84 | ||
85 | # mocking all cluster and ldap operations | |
86 | my $pve_cluster_module = Test::MockModule->new('PVE::Cluster'); | |
87 | $pve_cluster_module->mock( | |
88 | cfs_update => sub {}, | |
89 | cfs_read_file => sub { | |
90 | my ($filename) = @_; | |
91 | if ($filename eq 'domains.cfg') { return dclone($domainscfg); } | |
92 | if ($filename eq 'user.cfg') { return dclone($initialusercfg); } | |
93 | die "unexpected cfs_read_file"; | |
94 | }, | |
95 | cfs_write_file => sub { | |
96 | my ($filename, $data) = @_; | |
97 | if ($filename eq 'user.cfg') { | |
98 | $returned_user_cfg = $data; | |
99 | return; | |
100 | } | |
101 | die "unexpected cfs_read_file"; | |
102 | }, | |
103 | cfs_lock_file => sub { | |
104 | my ($filename, $timeout, $code) = @_; | |
105 | return $code->(); | |
106 | }, | |
107 | ); | |
108 | ||
109 | my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains'); | |
110 | $pve_api_domains->mock( | |
111 | cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); }, | |
112 | cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); }, | |
113 | ); | |
114 | ||
115 | my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl'); | |
116 | $pve_accesscontrol->mock( | |
117 | cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); }, | |
118 | ); | |
119 | ||
120 | my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment'); | |
121 | $pve_rpcenvironment->mock( | |
122 | get => sub { return bless {}, 'PVE::RPCEnvironment'; }, | |
123 | get_user => sub { return 'root@pam'; }, | |
124 | fork_worker => sub { | |
125 | my ($class, $workertype, $id, $user, $code) = @_; | |
126 | ||
127 | return $code->(); | |
128 | }, | |
129 | ); | |
130 | ||
131 | my $pve_ldap_module = Test::MockModule->new('PVE::LDAP'); | |
132 | $pve_ldap_module->mock( | |
133 | ldap_connect => sub { return {}; }, | |
134 | ldap_bind => sub {}, | |
135 | query_users => sub { | |
136 | return $sync_response->{user}; | |
137 | }, | |
138 | query_groups => sub { | |
139 | return $sync_response->{groups}; | |
140 | }, | |
141 | ); | |
142 | ||
143 | my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP'); | |
144 | $pve_auth_ldap->mock( | |
145 | connect_and_bind => sub { return {}; }, | |
146 | ); | |
147 | ||
148 | my $tests = [ | |
149 | [ | |
150 | "non-full without purge", | |
151 | { | |
152 | realm => 'syncedrealm', | |
153 | full => 0, | |
154 | purge => 0, | |
155 | scope => 'both', | |
156 | }, | |
157 | { | |
158 | users => { | |
159 | 'root@pam' => { username => 'root', }, | |
160 | 'user1@syncedrealm' => { | |
161 | username => 'user1', | |
162 | enable => 1, | |
163 | 'keys' => 'some', | |
164 | }, | |
165 | 'user2@syncedrealm' => { | |
166 | username => 'user2', | |
167 | enable => 1, | |
168 | }, | |
169 | 'user3@syncedrealm' => { | |
170 | username => 'user3', | |
171 | enable => 1, | |
172 | }, | |
173 | 'user4@syncedrealm' => { | |
174 | username => 'user4', | |
175 | enable => 1, | |
176 | }, | |
177 | }, | |
178 | groups => { | |
179 | 'group1-syncedrealm' => { | |
180 | users => { | |
181 | 'user1@syncedrealm' => 1, | |
182 | }, | |
183 | }, | |
184 | 'group2-syncedrealm' => { users => {}, }, | |
185 | 'group3-syncedrealm' => { users => {}, }, | |
186 | }, | |
187 | acl => { | |
188 | '/' => { | |
189 | users => { | |
190 | 'user3@syncedrealm' => {}, | |
191 | }, | |
192 | groups => {}, | |
193 | }, | |
194 | }, | |
195 | }, | |
196 | ], | |
197 | [ | |
198 | "full without purge", | |
199 | { | |
200 | realm => 'syncedrealm', | |
201 | full => 1, | |
202 | purge => 0, | |
203 | scope => 'both', | |
204 | }, | |
205 | { | |
206 | users => { | |
207 | 'root@pam' => { username => 'root', }, | |
208 | 'user1@syncedrealm' => { | |
209 | username => 'user1', | |
210 | enable => 1, | |
211 | }, | |
212 | 'user2@syncedrealm' => { | |
213 | username => 'user2', | |
214 | enable => 1, | |
215 | }, | |
216 | 'user4@syncedrealm' => { | |
217 | username => 'user4', | |
218 | enable => 1, | |
219 | }, | |
220 | }, | |
221 | groups => { | |
222 | 'group1-syncedrealm' => { | |
223 | users => { | |
224 | 'user1@syncedrealm' => 1, | |
225 | }, | |
226 | }, | |
227 | 'group3-syncedrealm' => { users => {}, } | |
228 | }, | |
229 | acl => { | |
230 | '/' => { | |
231 | users => { | |
232 | 'user3@syncedrealm' => {}, | |
233 | }, | |
234 | groups => {}, | |
235 | }, | |
236 | }, | |
237 | }, | |
238 | ], | |
239 | [ | |
240 | "non-full with purge", | |
241 | { | |
242 | realm => 'syncedrealm', | |
243 | full => 0, | |
244 | purge => 1, | |
245 | scope => 'both', | |
246 | }, | |
247 | { | |
248 | users => { | |
249 | 'root@pam' => { username => 'root', }, | |
250 | 'user1@syncedrealm' => { | |
251 | username => 'user1', | |
252 | enable => 1, | |
253 | 'keys' => 'some', | |
254 | }, | |
255 | 'user2@syncedrealm' => { | |
256 | username => 'user2', | |
257 | enable => 1, | |
258 | }, | |
259 | 'user3@syncedrealm' => { | |
260 | username => 'user3', | |
261 | enable => 1, | |
262 | }, | |
263 | 'user4@syncedrealm' => { | |
264 | username => 'user4', | |
265 | enable => 1, | |
266 | }, | |
267 | }, | |
268 | groups => { | |
269 | 'group1-syncedrealm' => { | |
270 | users => { | |
271 | 'user1@syncedrealm' => 1, | |
272 | }, | |
273 | }, | |
274 | 'group2-syncedrealm' => { users => {}, }, | |
275 | 'group3-syncedrealm' => { users => {}, }, | |
276 | }, | |
277 | acl => { | |
278 | '/' => { | |
98df2ebc | 279 | users => {}, |
dcdf5789 DC |
280 | groups => {}, |
281 | }, | |
282 | }, | |
283 | }, | |
284 | ], | |
285 | [ | |
286 | "full with purge", | |
287 | { | |
288 | realm => 'syncedrealm', | |
289 | full => 1, | |
290 | purge => 1, | |
291 | scope => 'both', | |
292 | }, | |
293 | { | |
294 | users => { | |
295 | 'root@pam' => { username => 'root', }, | |
296 | 'user1@syncedrealm' => { | |
297 | username => 'user1', | |
298 | enable => 1, | |
299 | }, | |
300 | 'user2@syncedrealm' => { | |
301 | username => 'user2', | |
302 | enable => 1, | |
303 | }, | |
304 | 'user4@syncedrealm' => { | |
305 | username => 'user4', | |
306 | enable => 1, | |
307 | }, | |
308 | }, | |
309 | groups => { | |
310 | 'group1-syncedrealm' => { | |
311 | users => { | |
312 | 'user1@syncedrealm' => 1, | |
313 | }, | |
314 | }, | |
315 | 'group3-syncedrealm' => { users => {}, }, | |
316 | }, | |
317 | acl => { | |
318 | '/' => { | |
319 | users => {}, | |
320 | groups => {}, | |
321 | }, | |
322 | }, | |
323 | }, | |
324 | ], | |
325 | ]; | |
326 | ||
327 | for my $test (@$tests) { | |
328 | my $name = $test->[0]; | |
329 | my $parameters = $test->[1]; | |
330 | my $expected = $test->[2]; | |
331 | $returned_user_cfg = {}; | |
332 | PVE::API2::Domains->sync($parameters); | |
333 | is_deeply($returned_user_cfg, $expected, $name); | |
334 | } | |
335 | ||
336 | done_testing(); |