]>
git.proxmox.com Git - pve-access-control.git/blob - src/test/realm_sync_test.pl
8 use Storable
qw(dclone);
10 use PVE
::AccessControl
;
11 use PVE
::API2
::Domains
;
15 "pam" => { type
=> 'pam' },
16 "pve" => { type
=> 'pve' },
17 "syncedrealm" => { type
=> 'ldap' }
21 my $initialusercfg = {
23 'root@pam' => { username
=> 'root', },
24 'user1@syncedrealm' => {
29 'user2@syncedrealm' => {
33 'user3@syncedrealm' => {
39 'group1-syncedrealm' => { users
=> {}, },
40 'group2-syncedrealm' => { users
=> {}, },
44 'user3@syncedrealm' => {},
53 attributes
=> { 'uid' => ['user1'], },
54 dn
=> 'uid=user1,dc=syncedrealm',
57 attributes
=> { 'uid' => ['user2'], },
58 dn
=> 'uid=user2,dc=syncedrealm',
61 attributes
=> { 'uid' => ['user4'], },
62 dn
=> 'uid=user4,dc=syncedrealm',
67 dn
=> 'dc=group1,dc=syncedrealm',
69 'uid=user1,dc=syncedrealm',
73 dn
=> 'dc=group3,dc=syncedrealm',
75 'uid=nonexisting,dc=syncedrealm',
81 my $returned_user_cfg = {};
83 # mocking all cluster and ldap operations
84 my $pve_cluster_module = Test
::MockModule-
>new('PVE::Cluster');
85 $pve_cluster_module->mock(
87 cfs_read_file
=> sub {
89 if ($filename eq 'domains.cfg') { return dclone
($domainscfg); }
90 if ($filename eq 'user.cfg') { return dclone
($initialusercfg); }
91 die "unexpected cfs_read_file";
93 cfs_write_file
=> sub {
94 my ($filename, $data) = @_;
95 if ($filename eq 'user.cfg') {
96 $returned_user_cfg = $data;
99 die "unexpected cfs_read_file";
101 cfs_lock_file
=> sub {
102 my ($filename, $timeout, $code) = @_;
107 my $pve_api_domains = Test
::MockModule-
>new('PVE::API2::Domains');
108 $pve_api_domains->mock(
109 cfs_read_file
=> sub { PVE
::Cluster
::cfs_read_file
(@_); },
110 cfs_write_file
=> sub { PVE
::Cluster
::cfs_write_file
(@_); },
113 my $pve_accesscontrol = Test
::MockModule-
>new('PVE::AccessControl');
114 $pve_accesscontrol->mock(
115 cfs_lock_file
=> sub { PVE
::Cluster
::cfs_lock_file
(@_); },
118 my $pve_rpcenvironment = Test
::MockModule-
>new('PVE::RPCEnvironment');
119 $pve_rpcenvironment->mock(
120 get
=> sub { return bless {}, 'PVE::RPCEnvironment'; },
121 get_user
=> sub { return 'root@pam'; },
123 my ($class, $workertype, $id, $user, $code) = @_;
129 my $pve_ldap_module = Test
::MockModule-
>new('PVE::LDAP');
130 $pve_ldap_module->mock(
131 ldap_connect
=> sub { return {}; },
134 return $sync_response->{user
};
136 query_groups
=> sub {
137 return $sync_response->{groups
};
141 my $pve_auth_ldap = Test
::MockModule-
>new('PVE::Auth::LDAP');
142 $pve_auth_ldap->mock(
143 connect_and_bind
=> sub { return {}; },
148 "non-full without purge",
150 realm
=> 'syncedrealm',
155 'root@pam' => { username
=> 'root', },
156 'user1@syncedrealm' => {
161 'user2@syncedrealm' => {
165 'user3@syncedrealm' => {
169 'user4@syncedrealm' => {
175 'group1-syncedrealm' => {
177 'user1@syncedrealm' => 1,
180 'group2-syncedrealm' => { users
=> {}, },
181 'group3-syncedrealm' => { users
=> {}, },
185 'user3@syncedrealm' => {},
192 "full without purge",
194 realm
=> 'syncedrealm',
195 'remove-vanished' => 'entry;properties',
200 'root@pam' => { username
=> 'root', },
201 'user1@syncedrealm' => {
205 'user2@syncedrealm' => {
209 'user4@syncedrealm' => {
215 'group1-syncedrealm' => {
217 'user1@syncedrealm' => 1,
220 'group3-syncedrealm' => { users
=> {}, }
224 'user3@syncedrealm' => {},
231 "non-full with purge",
233 realm
=> 'syncedrealm',
234 'remove-vanished' => 'acl',
239 'root@pam' => { username
=> 'root', },
240 'user1@syncedrealm' => {
245 'user2@syncedrealm' => {
249 'user3@syncedrealm' => {
253 'user4@syncedrealm' => {
259 'group1-syncedrealm' => {
261 'user1@syncedrealm' => 1,
264 'group2-syncedrealm' => { users
=> {}, },
265 'group3-syncedrealm' => { users
=> {}, },
276 realm
=> 'syncedrealm',
277 'remove-vanished' => 'acl;entry;properties',
282 'root@pam' => { username
=> 'root', },
283 'user1@syncedrealm' => {
287 'user2@syncedrealm' => {
291 'user4@syncedrealm' => {
297 'group1-syncedrealm' => {
299 'user1@syncedrealm' => 1,
302 'group3-syncedrealm' => { users
=> {}, },
311 "don't delete properties, but users and acls",
313 realm
=> 'syncedrealm',
314 'remove-vanished' => 'acl;entry',
319 'root@pam' => { username
=> 'root', },
320 'user1@syncedrealm' => {
325 'user2@syncedrealm' => {
329 'user4@syncedrealm' => {
335 'group1-syncedrealm' => {
337 'user1@syncedrealm' => 1,
340 'group3-syncedrealm' => { users
=> {}, },
350 for my $test (@$tests) {
351 my $name = $test->[0];
352 my $parameters = $test->[1];
353 my $expected = $test->[2];
354 $returned_user_cfg = {};
355 PVE
::API2
::Domains-
>sync($parameters);
356 is_deeply
($returned_user_cfg, $expected, $name);