]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/realm_sync_test.pl
2a4a1327dd3aae07200993e96abc6a6a566d35e3
8 use Storable
qw(dclone);
10 use PVE
::AccessControl
;
11 use PVE
::API2
::Domains
;
15 "pam" => { type
=> 'pam' },
16 "pve" => { type
=> 'pve' },
17 "syncedrealm" => { type
=> 'ldap' }
21 my $initialusercfg = {
23 'root@pam' => { username
=> 'root', },
24 'user1@syncedrealm' => {
29 'user2@syncedrealm' => {
33 'user3@syncedrealm' => {
39 'group1-syncedrealm' => { users
=> {}, },
40 'group2-syncedrealm' => { users
=> {}, },
45 'user3@syncedrealm' => {},
55 attributes
=> { 'uid' => ['user1'], },
56 dn
=> 'uid=user1,dc=syncedrealm',
59 attributes
=> { 'uid' => ['user2'], },
60 dn
=> 'uid=user2,dc=syncedrealm',
63 attributes
=> { 'uid' => ['user4'], },
64 dn
=> 'uid=user4,dc=syncedrealm',
69 dn
=> 'dc=group1,dc=syncedrealm',
71 'uid=user1,dc=syncedrealm',
75 dn
=> 'dc=group3,dc=syncedrealm',
77 'uid=nonexisting,dc=syncedrealm',
83 my $returned_user_cfg = {};
85 # mocking all cluster and ldap operations
86 my $pve_cluster_module = Test
::MockModule-
>new('PVE::Cluster');
87 $pve_cluster_module->mock(
89 cfs_read_file
=> sub {
91 if ($filename eq 'domains.cfg') { return dclone
($domainscfg); }
92 if ($filename eq 'user.cfg') { return dclone
($initialusercfg); }
93 die "unexpected cfs_read_file";
95 cfs_write_file
=> sub {
96 my ($filename, $data) = @_;
97 if ($filename eq 'user.cfg') {
98 $returned_user_cfg = $data;
101 die "unexpected cfs_read_file";
103 cfs_lock_file
=> sub {
104 my ($filename, $timeout, $code) = @_;
109 my $pve_api_domains = Test
::MockModule-
>new('PVE::API2::Domains');
110 $pve_api_domains->mock(
111 cfs_read_file
=> sub { PVE
::Cluster
::cfs_read_file
(@_); },
112 cfs_write_file
=> sub { PVE
::Cluster
::cfs_write_file
(@_); },
115 my $pve_accesscontrol = Test
::MockModule-
>new('PVE::AccessControl');
116 $pve_accesscontrol->mock(
117 cfs_lock_file
=> sub { PVE
::Cluster
::cfs_lock_file
(@_); },
120 my $pve_rpcenvironment = Test
::MockModule-
>new('PVE::RPCEnvironment');
121 $pve_rpcenvironment->mock(
122 get
=> sub { return bless {}, 'PVE::RPCEnvironment'; },
123 get_user
=> sub { return 'root@pam'; },
125 my ($class, $workertype, $id, $user, $code) = @_;
131 my $pve_ldap_module = Test
::MockModule-
>new('PVE::LDAP');
132 $pve_ldap_module->mock(
133 ldap_connect
=> sub { return {}; },
136 return $sync_response->{user
};
138 query_groups
=> sub {
139 return $sync_response->{groups
};
143 my $pve_auth_ldap = Test
::MockModule-
>new('PVE::Auth::LDAP');
144 $pve_auth_ldap->mock(
145 connect_and_bind
=> sub { return {}; },
150 "non-full without purge",
152 realm
=> 'syncedrealm',
159 'root@pam' => { username
=> 'root', },
160 'user1@syncedrealm' => {
165 'user2@syncedrealm' => {
169 'user3@syncedrealm' => {
173 'user4@syncedrealm' => {
179 'group1-syncedrealm' => {
181 'user1@syncedrealm' => 1,
184 'group2-syncedrealm' => { users
=> {}, },
185 'group3-syncedrealm' => { users
=> {}, },
190 'user3@syncedrealm' => {},
198 "full without purge",
200 realm
=> 'syncedrealm',
207 'root@pam' => { username
=> 'root', },
208 'user1@syncedrealm' => {
212 'user2@syncedrealm' => {
216 'user4@syncedrealm' => {
222 'group1-syncedrealm' => {
224 'user1@syncedrealm' => 1,
227 'group3-syncedrealm' => { users
=> {}, }
232 'user3@syncedrealm' => {},
240 "non-full with purge",
242 realm
=> 'syncedrealm',
249 'root@pam' => { username
=> 'root', },
250 'user1@syncedrealm' => {
255 'user2@syncedrealm' => {
259 'user3@syncedrealm' => {
263 'user4@syncedrealm' => {
269 'group1-syncedrealm' => {
271 'user1@syncedrealm' => 1,
274 'group2-syncedrealm' => { users
=> {}, },
275 'group3-syncedrealm' => { users
=> {}, },
280 'user3@syncedrealm' => {},
290 realm
=> 'syncedrealm',
297 'root@pam' => { username
=> 'root', },
298 'user1@syncedrealm' => {
302 'user2@syncedrealm' => {
306 'user4@syncedrealm' => {
312 'group1-syncedrealm' => {
314 'user1@syncedrealm' => 1,
317 'group3-syncedrealm' => { users
=> {}, },
329 for my $test (@$tests) {
330 my $name = $test->[0];
331 my $parameters = $test->[1];
332 my $expected = $test->[2];
333 $returned_user_cfg = {};
334 PVE
::API2
::Domains-
>sync($parameters);
335 is_deeply
($returned_user_cfg, $expected, $name);