[pve-access-control.git] / test / perm-test6.pl

#!/usr/bin/perl -w

use strict;
use PVE::Tools;
use PVE::AccessControl;
use PVE::RPCEnvironment;
use Getopt::Long;

my $rpcenv = PVE::RPCEnvironment->init('cli');

my $cfgfn = "test6.cfg";
$rpcenv->init_request(userconfig => $cfgfn);

sub check_roles {
    my ($user, $path, $expected_result) = @_;

    my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
    my $res = join(',', sort keys %$roles);

    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    print "ROLES:$path:$user:$res\n";
}

sub check_permissions {
    my ($user, $path, $expected_result) = @_;

    my $perm = $rpcenv->permissions($user, $path);
    my $res = join(',', sort keys %$perm);

    die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    $perm = $rpcenv->permissions($user, $path);
    $res = join(',', sort keys %$perm);
    die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
	if $res ne $expected_result;

    print "PERM:$path:$user:$res\n";
}

check_roles('User1@pve', '', '');
check_roles('User2@pve', '', '');
check_roles('User3@pve', '', '');
check_roles('User4@pve', '', '');

check_roles('User1@pve', '/vms', 'RoleTEST1');
check_roles('User2@pve', '/vms', 'RoleTEST1');
check_roles('User3@pve', '/vms', 'NoAccess');
check_roles('User4@pve', '/vms', '');

check_roles('User1@pve', '/vms/100', 'RoleTEST1');
check_roles('User2@pve', '/vms/100', 'RoleTEST1');
check_roles('User3@pve', '/vms/100', 'NoAccess');
check_roles('User4@pve', '/vms/100', '');

check_roles('User1@pve', '/vms/300', 'RoleTEST1');
check_roles('User2@pve', '/vms/300', 'RoleTEST1');
check_roles('User3@pve', '/vms/300', 'NoAccess');
check_roles('User4@pve', '/vms/300', 'RoleTEST1');

check_permissions('User1@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
check_permissions('User2@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
# without pool
check_roles('User3@pve', '/vms/500', 'NoAccess');
# with pool
check_permissions('User3@pve', '/vms/500', '');
# without pool
check_roles('User4@pve', '/vms/500', '');
# with pool
check_permissions('User4@pve', '/vms/500', '');


check_permissions('User1@pve', '/vms/600', 'VM.Console');
check_permissions('User2@pve', '/vms/600', 'VM.Console');
check_permissions('User3@pve', '/vms/600', '');
check_permissions('User4@pve', '/vms/600', 'VM.Console');

check_permissions('User1@pve', '/storage/store1', 'VM.Console,VM.PowerMgmt');
check_permissions('User2@pve', '/storage/store1', 'VM.PowerMgmt');
check_permissions('User3@pve', '/storage/store1', 'VM.PowerMgmt');
check_permissions('User4@pve', '/storage/store1', 'VM.Console');

check_permissions('User1@pve', '/storage/store2', 'VM.PowerMgmt');
check_permissions('User2@pve', '/storage/store2', 'VM.PowerMgmt');
check_permissions('User3@pve', '/storage/store2', 'VM.PowerMgmt');
check_permissions('User4@pve', '/storage/store2', '');

print "all tests passed\n";

exit (0);
Commit	Line	Data
4bc17477 DM	1	#!/usr/bin/perl -w
	2
	3	use strict;
	4	use PVE::Tools;
	5	use PVE::AccessControl;
	6	use PVE::RPCEnvironment;
	7	use Getopt::Long;
	8
	9	my $rpcenv = PVE::RPCEnvironment->init('cli');
	10
	11	my $cfgfn = "test6.cfg";
	12	$rpcenv->init_request(userconfig => $cfgfn);
	13
	14	sub check_roles {
	15	my ($user, $path, $expected_result) = @_;
	16
7e8bcaa7 FG	17	my $roles = PVE::AccessControl::roles($rpcenv->{user_cfg}, $user, $path);
7e8bcaa7 FG	18	my $res = join(',', sort keys %$roles);
4bc17477 DM	19
	20	die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	21	if $res ne $expected_result;
	22
	23	print "ROLES:$path:$user:$res\n";
	24	}
	25
a31f1d85 FG	26	sub check_permissions {
	27	my ($user, $path, $expected_result) = @_;
	28
	29	my $perm = $rpcenv->permissions($user, $path);
	30	my $res = join(',', sort keys %$perm);
	31
	32	die "unexpected result\nneed '${expected_result}'\ngot '$res'\n"
	33	if $res ne $expected_result;
	34
	35	$perm = $rpcenv->permissions($user, $path);
	36	$res = join(',', sort keys %$perm);
	37	die "unexpected result (compiled)\nneed '${expected_result}'\ngot '$res'\n"
	38	if $res ne $expected_result;
	39
	40	print "PERM:$path:$user:$res\n";
	41	}
	42
4bc17477 DM	43	check_roles('User1@pve', '', '');
	44	check_roles('User2@pve', '', '');
	45	check_roles('User3@pve', '', '');
	46	check_roles('User4@pve', '', '');
	47
	48	check_roles('User1@pve', '/vms', 'RoleTEST1');
	49	check_roles('User2@pve', '/vms', 'RoleTEST1');
	50	check_roles('User3@pve', '/vms', 'NoAccess');
	51	check_roles('User4@pve', '/vms', '');
	52
	53	check_roles('User1@pve', '/vms/100', 'RoleTEST1');
	54	check_roles('User2@pve', '/vms/100', 'RoleTEST1');
	55	check_roles('User3@pve', '/vms/100', 'NoAccess');
	56	check_roles('User4@pve', '/vms/100', '');
	57
21f523a5	58	check_roles('User1@pve', '/vms/300', 'RoleTEST1');
4bc17477 DM	59	check_roles('User2@pve', '/vms/300', 'RoleTEST1');
4bc17477 DM	60	check_roles('User3@pve', '/vms/300', 'NoAccess');
21f523a5	61	check_roles('User4@pve', '/vms/300', 'RoleTEST1');
4bc17477	62
a31f1d85 FG	63	check_permissions('User1@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
	64	check_permissions('User2@pve', '/vms/500', 'VM.Console,VM.PowerMgmt');
	65	# without pool
4bc17477	66	check_roles('User3@pve', '/vms/500', 'NoAccess');
a31f1d85 FG	67	# with pool
	68	check_permissions('User3@pve', '/vms/500', '');
	69	# without pool
4bc17477	70	check_roles('User4@pve', '/vms/500', '');
a31f1d85 FG	71	# with pool
	72	check_permissions('User4@pve', '/vms/500', '');
	73
4bc17477	74
a31f1d85 FG	75	check_permissions('User1@pve', '/vms/600', 'VM.Console');
	76	check_permissions('User2@pve', '/vms/600', 'VM.Console');
	77	check_permissions('User3@pve', '/vms/600', '');
	78	check_permissions('User4@pve', '/vms/600', 'VM.Console');
4bc17477	79
a31f1d85 FG	80	check_permissions('User1@pve', '/storage/store1', 'VM.Console,VM.PowerMgmt');
	81	check_permissions('User2@pve', '/storage/store1', 'VM.PowerMgmt');
	82	check_permissions('User3@pve', '/storage/store1', 'VM.PowerMgmt');
	83	check_permissions('User4@pve', '/storage/store1', 'VM.Console');
4bc17477	84
a31f1d85 FG	85	check_permissions('User1@pve', '/storage/store2', 'VM.PowerMgmt');
	86	check_permissions('User2@pve', '/storage/store2', 'VM.PowerMgmt');
	87	check_permissions('User3@pve', '/storage/store2', 'VM.PowerMgmt');
	88	check_permissions('User4@pve', '/storage/store2', '');
4bc17477 DM	89
	90	print "all tests passed\n";
	91
	92	exit (0);