6 use PVE
::AccessControl
;
8 use Storable
qw(dclone);
10 PVE
::AccessControl
::create_roles
();
11 my $default_user_cfg = {};
12 PVE
::AccessControl
::userconfig_force_defaults
($default_user_cfg);
14 my $add_default_user_properties = sub {
17 $user->{enable
} = 1 if !defined($user->{enable
});
18 $user->{expire
} = 0 if !defined($user->{expire
});
19 $user->{email
} = undef if !defined($user->{email
});
25 my $roles = dclone
($default_user_cfg->{roles
});
29 sub default_roles_with
{
30 my ($extra_roles) = @_;
32 my $roles = default_roles
();
34 foreach my $r (@$extra_roles) {
35 my $role = dclone
($r);
36 my $roleid = delete $role->{id
};
37 $roles->{$roleid} = $role;
44 my $users = dclone
($default_user_cfg->{users
});
45 return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users};
48 sub default_users_with
{
49 my ($extra_users) = @_;
51 my $users = default_users
();
53 foreach my $u (@$extra_users) {
54 my $user = dclone
($u);
55 my $userid = delete $user->{id
};
56 $users->{$userid} = $add_default_user_properties->($user);
66 sub default_groups_with
{
67 my ($extra_groups) = @_;
69 my $groups = default_groups
();
71 foreach my $g (@$extra_groups) {
72 my $group = dclone
($g);
73 my $groupid = delete $group->{id
};
74 $groups->{$groupid} = $group;
84 sub default_pools_with
{
85 my ($extra_pools) = @_;
87 my $pools = default_pools
();
89 foreach my $p (@$extra_pools) {
90 my $pool = dclone
($p);
91 my $poolid = delete $pool->{id
};
92 $pools->{$poolid} = $pool;
98 sub default_pool_vms_with
{
99 my ($extra_pools) = @_;
102 foreach my $pool (@$extra_pools) {
103 foreach my $vmid (keys %{$pool->{vms
}}) {
104 $vms->{$vmid} = $pool->{id
};
114 # note: does not support merging paths!
115 sub default_acls_with
{
116 my ($extra_acls) = @_;
118 my $acls = default_acls
();
120 foreach my $a (@$extra_acls) {
121 my $acl = dclone
($a);
122 my $path = delete $acl->{path
};
123 $acls->{$path} = $acl;
142 test_pam_with_group
=> {
147 'groups' => { 'testgroup' => 1 },
149 test2_pam_with_group
=> {
154 'groups' => { 'testgroup' => 1 },
161 'groups' => { 'another' => 1 },
163 test_group_empty
=> {
167 test_group_single_member
=> {
173 test_group_members
=> {
180 test_group_second
=> {
186 test_role_single_priv
=> {
187 'id' => 'testrolesingle',
193 'Datastore.Audit' => 1,
200 test_pool_members
=> {
202 vms
=> { 123 => 1, 1234 => 1},
203 storage
=> { 'local' => 1, 'local-zfs' => 1},
205 test_pool_duplicate_vms
=> {
206 'id' => 'test_duplicate_vms',
210 test_pool_duplicate_storages
=> {
211 'id' => 'test_duplicate_storages',
213 storage
=> { 'local' => 1, 'local-zfs' => 1},
223 acl_complex_users
=> {
224 'path' => '/storage',
227 'PVEDatastoreUser' => 1,
230 'PVEDatastoreAdmin' => 1,
234 acl_complex_missing_user
=> {
235 'path' => '/storage',
238 'PVEDatastoreUser' => 1,
242 acl_simple_group
=> {
250 acl_complex_groups
=> {
251 'path' => '/storage',
254 'PVEDatastoreAdmin' => 1,
257 'PVEDatastoreUser' => 1,
261 acl_simple_group_noprop
=> {
269 acl_complex_groups_noprop
=> {
270 'path' => '/storage',
273 'PVEDatastoreAdmin' => 0,
276 'PVEDatastoreUser' => 0,
280 acl_complex_missing_group
=> {
281 'path' => '/storage',
284 'PVEDatastoreUser' => 1,
288 acl_missing_role
=> {
289 'path' => '/storage',
298 $default_cfg->{'acl_complex_mixed_root'} = {
300 users
=> $default_cfg->{'acl_simple_user'}->{users
},
301 groups
=> $default_cfg->{'acl_simple_group'}->{groups
},
304 $default_cfg->{'acl_complex_mixed_storage'} = {
305 'path' => '/storage',
306 users
=> $default_cfg->{'acl_complex_users'}->{users
},
307 groups
=> $default_cfg->{'acl_complex_groups'}->{groups
},
310 $default_cfg->{'acl_complex_mixed_root_noprop'} = {
312 users
=> $default_cfg->{'acl_simple_user'}->{users
},
313 groups
=> $default_cfg->{'acl_simple_group_noprop'}->{groups
},
316 $default_cfg->{'acl_complex_mixed_storage_noprop'} = {
317 'path' => '/storage',
318 users
=> $default_cfg->{'acl_complex_users'}->{users
},
319 groups
=> $default_cfg->{'acl_complex_groups_noprop'}->{groups
},
324 'root@pam' => 'user:root@pam:1:0::::::',
325 'test_pam' => 'user:test@pam:1:0::::::',
326 'test2_pam' => 'user:test2@pam:1:0::::::',
327 'test3_pam' => 'user:test3@pam:1:0::::::',
330 'test_group_empty' => 'group:testgroup:::',
331 'test_group_single_member' => 'group:testgroup:test@pam::',
332 'test_group_members' => 'group:testgroup:test2@pam,test@pam::',
333 'test_group_members_out_of_order' => 'group:testgroup:test@pam,test2@pam::',
334 'test_group_second' => 'group:another:test3@pam::',
337 'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:',
338 'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:',
339 'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:',
340 'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:',
341 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
344 'test_pool_empty' => 'pool:testpool::::',
345 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
346 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
347 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
348 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
349 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
352 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:',
353 'acl_complex_users_1' => 'acl:1:/storage:test@pam:PVEDatastoreAdmin:',
354 'acl_complex_users_2' => 'acl:1:/storage:test2@pam:PVEDatastoreUser:',
355 'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:',
356 'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:',
357 'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:',
358 'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:',
359 'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:',
360 'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:',
361 'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test@pam:PVEVMAdmin:',
362 'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test@pam:PVEDatastoreAdmin:',
363 'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2@pam:PVEDatastoreUser:',
364 'acl_missing_role' => 'acl:1:/storage:test@pam:MissingRole:',
370 name
=> "empty_config",
373 users
=> { 'root@pam' => { enable
=> 1 } },
374 roles
=> default_roles
(),
377 expected_raw
=> "\n\n\n\n",
380 name
=> "default_config",
382 users
=> default_users
(),
383 roles
=> default_roles
(),
385 raw
=> $default_raw->{users
}->{'root@pam'}."\n\n\n\n\n",
388 name
=> "group_empty",
390 users
=> default_users
(),
391 roles
=> default_roles
(),
392 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
395 $default_raw->{users
}->{'root@pam'}."\n\n".
396 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
400 name
=> "group_inexisting_member",
402 users
=> default_users
(),
403 roles
=> default_roles
(),
404 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
407 $default_raw->{users
}->{'root@pam'}."\n\n".
408 "group:testgroup:does_not_exist::".
411 $default_raw->{users
}->{'root@pam'}."\n\n".
412 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
416 name
=> "group_invalid_member",
418 users
=> default_users
(),
419 roles
=> default_roles
(),
422 $default_raw->{users
}->{'root@pam'}."\n\n".
423 'group:inval!d:root@pam:'.
427 name
=> "group_with_one_member",
429 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
430 roles
=> default_roles
(),
431 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
434 $default_raw->{users
}->{'root@pam'}."\n".
435 $default_raw->{users
}->{'test_pam'}."\n\n".
436 $default_raw->{groups
}->{'test_group_single_member'}."\n\n".
440 name
=> "group_with_members",
442 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{test2_pam_with_group
}]),
443 roles
=> default_roles
(),
444 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}]),
447 $default_raw->{users
}->{'root@pam'}."\n".
448 $default_raw->{users
}->{'test2_pam'}."\n".
449 $default_raw->{users
}->{'test_pam'}."\n\n".
450 $default_raw->{groups
}->{'test_group_members'}."\n\n".
454 name
=> "custom_role_with_single_priv",
456 users
=> default_users
(),
457 roles
=> default_roles_with
([$default_cfg->{test_role_single_priv
}]),
460 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
461 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
464 name
=> "custom_role_with_privs",
466 users
=> default_users
(),
467 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
470 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
471 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
474 name
=> "custom_role_with_duplicate_privs",
476 users
=> default_users
(),
477 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
480 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
481 $default_raw->{roles
}->{'test_role_privs_duplicate'}."\n\n",
483 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
484 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
487 name
=> "custom_role_with_invalid_priv",
489 users
=> default_users
(),
490 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
493 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
494 $default_raw->{roles
}->{'test_role_privs_invalid'}."\n\n",
496 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
497 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
500 name
=> "pool_empty",
502 users
=> default_users
(),
503 roles
=> default_roles
(),
504 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
507 $default_raw->{users
}->{'root@pam'}."\n\n\n".
508 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
511 name
=> "pool_invalid",
513 users
=> default_users
(),
514 roles
=> default_roles
(),
515 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
518 $default_raw->{users
}->{'root@pam'}."\n\n\n".
519 $default_raw->{pools
}->{'test_pool_invalid'}."\n\n\n",
521 $default_raw->{users
}->{'root@pam'}."\n\n\n".
522 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
525 name
=> "pool_members",
527 users
=> default_users
(),
528 roles
=> default_roles
(),
529 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}]),
530 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
533 $default_raw->{users
}->{'root@pam'}."\n\n\n".
534 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
537 name
=> "pool_duplicate_members",
539 users
=> default_users
(),
540 roles
=> default_roles
(),
541 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}, $default_cfg->{test_pool_duplicate_vms
}, $default_cfg->{test_pool_duplicate_storages
}]),
542 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
545 $default_raw->{users
}->{'root@pam'}."\n\n\n".
546 $default_raw->{pools
}->{'test_pool_members'}."\n".
547 $default_raw->{pools
}->{'test_pool_duplicate_vms'}."\n".
548 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n",
550 $default_raw->{users
}->{'root@pam'}."\n\n\n".
551 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n".
552 $default_raw->{pools
}->{'test_pool_duplicate_vms_expected'}."\n".
553 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
556 name
=> "acl_simple_user",
558 users
=> default_users_with
([$default_cfg->{test_pam
}]),
559 roles
=> default_roles
(),
560 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
563 $default_raw->{users
}->{'root@pam'}."\n".
564 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
565 $default_raw->{acl
}->{'acl_simple_user'}."\n",
568 name
=> "acl_complex_users",
570 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}]),
571 roles
=> default_roles
(),
572 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_users
}]),
575 $default_raw->{users
}->{'root@pam'}."\n".
576 $default_raw->{users
}->{'test2_pam'}."\n".
577 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
578 $default_raw->{acl
}->{'acl_simple_user'}."\n".
579 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
580 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
583 name
=> "acl_complex_missing_user",
585 users
=> default_users_with
([$default_cfg->{test2_pam
}]),
586 roles
=> default_roles
(),
587 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_user
}]),
590 $default_raw->{users
}->{'root@pam'}."\n".
591 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
592 $default_raw->{acl
}->{'acl_simple_user'}."\n".
593 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
594 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
596 $default_raw->{users
}->{'root@pam'}."\n".
597 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
598 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
601 name
=> "acl_simple_group",
603 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
604 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
605 roles
=> default_roles
(),
606 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}]),
609 $default_raw->{users
}->{'root@pam'}."\n".
610 $default_raw->{users
}->{'test_pam'}."\n\n".
611 $default_raw->{groups
}->{'test_group_single_member'}."\n\n\n\n".
612 $default_raw->{acl
}->{'acl_simple_group'}."\n",
615 name
=> "acl_complex_groups",
617 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
618 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
619 roles
=> default_roles
(),
620 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_groups
}]),
623 $default_raw->{users
}->{'root@pam'}."\n".
624 $default_raw->{users
}->{'test2_pam'}."\n".
625 $default_raw->{users
}->{'test3_pam'}."\n".
626 $default_raw->{users
}->{'test_pam'}."\n\n".
627 $default_raw->{groups
}->{'test_group_second'}."\n".
628 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
629 $default_raw->{acl
}->{'acl_simple_group'}."\n".
630 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
631 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
634 name
=> "acl_complex_missing_group",
636 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
637 groups
=> default_groups_with
([$default_cfg->{'test_group_second'}]),
638 roles
=> default_roles
(),
639 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_group
}]),
642 $default_raw->{users
}->{'root@pam'}."\n".
643 $default_raw->{users
}->{'test2_pam'}."\n".
644 $default_raw->{users
}->{'test3_pam'}."\n".
645 $default_raw->{users
}->{'test_pam'}."\n\n".
646 $default_raw->{groups
}->{'test_group_second'}."\n".
647 $default_raw->{acl
}->{'acl_simple_group'}."\n".
648 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
649 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
651 $default_raw->{users
}->{'root@pam'}."\n".
652 $default_raw->{users
}->{'test2_pam'}."\n".
653 $default_raw->{users
}->{'test3_pam'}."\n".
654 $default_raw->{users
}->{'test_pam'}."\n\n".
655 $default_raw->{groups
}->{'test_group_second'}."\n\n\n\n".
656 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
659 name
=> "acl_missing_role",
661 users
=> default_users_with
([$default_cfg->{test_pam
}]),
662 roles
=> default_roles
(),
663 acl
=> default_acls_with
([$default_cfg->{acl_missing_role
}, $default_cfg->{acl_simple_user
}]),
666 $default_raw->{users
}->{'root@pam'}."\n".
667 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
668 $default_raw->{acl
}->{'acl_simple_user'}."\n".
669 $default_raw->{acl
}->{'acl_missing_role'}."\n",
672 name
=> "acl_complex_mixed",
674 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
675 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
676 roles
=> default_roles
(),
677 acl
=> default_acls_with
([
678 $default_cfg->{acl_complex_mixed_root
},
679 $default_cfg->{acl_complex_mixed_storage
},
683 $default_raw->{users
}->{'root@pam'}."\n".
684 $default_raw->{users
}->{'test2_pam'}."\n".
685 $default_raw->{users
}->{'test3_pam'}."\n".
686 $default_raw->{users
}->{'test_pam'}."\n\n".
687 $default_raw->{groups
}->{'test_group_second'}."\n".
688 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
689 $default_raw->{acl
}->{'acl_simple_group'}."\n".
690 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
691 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n".
692 $default_raw->{acl
}->{'acl_simple_user'}."\n".
693 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
694 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
696 $default_raw->{users
}->{'root@pam'}."\n".
697 $default_raw->{users
}->{'test2_pam'}."\n".
698 $default_raw->{users
}->{'test3_pam'}."\n".
699 $default_raw->{users
}->{'test_pam'}."\n\n".
700 $default_raw->{groups
}->{'test_group_second'}."\n".
701 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
702 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
703 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
704 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
707 name
=> "acl_complex_mixed_prop_noprop_no_merge_sort_by_path",
709 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
710 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
711 roles
=> default_roles
(),
712 acl
=> default_acls_with
([
713 $default_cfg->{acl_complex_mixed_root_noprop
},
714 $default_cfg->{acl_complex_mixed_storage_noprop
},
718 $default_raw->{users
}->{'root@pam'}."\n".
719 $default_raw->{users
}->{'test2_pam'}."\n".
720 $default_raw->{users
}->{'test3_pam'}."\n".
721 $default_raw->{users
}->{'test_pam'}."\n\n".
722 $default_raw->{groups
}->{'test_group_second'}."\n".
723 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
724 $default_raw->{acl
}->{'acl_simple_group_noprop'}."\n".
725 $default_raw->{acl
}->{'acl_simple_user'}."\n".
726 $default_raw->{acl
}->{'acl_complex_groups_1_noprop'}."\n".
727 $default_raw->{acl
}->{'acl_complex_groups_2_noprop'}."\n".
728 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
729 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
732 name
=> "sort_roles_and_privs",
734 $default_raw->{users
}->{'root@pam'}."\n".
735 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n".
736 $default_raw->{roles
}->{'test_role_privs_out_of_order'}."\n\n",
738 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
739 $default_raw->{roles
}->{'test_role_privs'}."\n".
740 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
743 name
=> "sort_users_and_group_members",
745 $default_raw->{users
}->{'test2_pam'}."\n".
746 $default_raw->{users
}->{'root@pam'}."\n".
747 $default_raw->{users
}->{'test_pam'}."\n\n".
748 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n".
751 $default_raw->{users
}->{'root@pam'}."\n".
752 $default_raw->{users
}->{'test2_pam'}."\n".
753 $default_raw->{users
}->{'test_pam'}."\n\n".
754 $default_raw->{groups
}->{'test_group_members'}."\n\n".
758 name
=> "sort_user_groups_and_acls",
760 $default_raw->{users
}->{'test2_pam'}."\n".
761 $default_raw->{users
}->{'root@pam'}."\n".
762 $default_raw->{users
}->{'test_pam'}."\n\n".
763 $default_raw->{users
}->{'test3_pam'}."\n".
764 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n\n\n".
765 $default_raw->{groups
}->{'test_group_second'}."\n".
766 $default_raw->{acl
}->{'acl_simple_user'}."\n".
767 $default_raw->{acl
}->{'acl_simple_group'}."\n".
768 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
769 $default_raw->{acl
}->{'acl_complex_users_2'}."\n".
770 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
771 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
773 $default_raw->{users
}->{'root@pam'}."\n".
774 $default_raw->{users
}->{'test2_pam'}."\n".
775 $default_raw->{users
}->{'test3_pam'}."\n".
776 $default_raw->{users
}->{'test_pam'}."\n\n".
777 $default_raw->{groups
}->{'test_group_second'}."\n".
778 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
779 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
780 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
781 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
784 name
=> 'default_values',
798 roles
=> default_roles_with
([{ id
=> 'testrole' }]),
799 groups
=> default_groups_with
([$default_cfg->{test_group_empty
}]),
800 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
803 'user:root@pam'."\n".
804 'user:test@pam'."\n\n".
805 'group:testgroup'."\n\n".
806 'pool:testpool'."\n\n".
807 'role:testrole'."\n\n".
810 'user:root@pam:0:0::::::'."\n".
811 'user:test@pam:0:0::::::'."\n\n".
812 'group:testgroup:::'."\n\n".
813 'pool:testpool::::'."\n\n".
814 'role:testrole::'."\n\n",
819 my $number_of_tests_run = 0;
820 foreach my $t (@$tests) {
821 my $expected_config = $t->{expected_config
} // $t->{config
};
822 my $expected_raw = $t->{expected_raw
} // $t->{raw
};
823 if (defined($t->{raw
})) {
824 my $parsed = PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{raw
});
825 if (defined($expected_config)) {
826 is_deeply
($parsed, $expected_config, "$t->{name}_parse");
827 $number_of_tests_run++;
829 if (defined($t->{expected_raw
}) && !defined($t->{config
})) {
830 is(PVE
::AccessControl
::write_user_config
($t->{name
}, $parsed), $t->{expected_raw
}, "$t->{name}_rewrite");
831 $number_of_tests_run++;
835 if (defined($t->{config
})) {
836 my $written = PVE
::AccessControl
::write_user_config
($t->{name
}, $t->{config
});
837 if (defined($expected_raw)) {
838 is($written, $expected_raw, "$t->{name}_write");
839 $number_of_tests_run++;
841 if (defined($t->{expected_config
}) && !defined($t->{raw
})) {
842 is_deeply
(PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{written
}), $t->{expected_config
}, "$t->{name}_reparse");
843 $number_of_tests_run++;
848 done_testing
( $number_of_tests_run);