6 use PVE
::AccessControl
;
8 use Storable
qw(dclone);
10 PVE
::AccessControl
::create_roles
();
11 my $default_user_cfg = {};
12 PVE
::AccessControl
::userconfig_force_defaults
($default_user_cfg);
14 my $add_default_user_properties = sub {
17 $user->{enable
} = 1 if !defined($user->{enable
});
18 $user->{expire
} = 0 if !defined($user->{expire
});
19 $user->{email
} = undef if !defined($user->{email
});
25 my $roles = dclone
($default_user_cfg->{roles
});
29 sub default_roles_with
{
30 my ($extra_roles) = @_;
32 my $roles = default_roles
();
34 foreach my $r (@$extra_roles) {
35 my $role = dclone
($r);
36 my $roleid = delete $role->{id
};
37 $roles->{$roleid} = $role;
44 my $users = dclone
($default_user_cfg->{users
});
45 return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users};
48 sub default_users_with
{
49 my ($extra_users) = @_;
51 my $users = default_users
();
53 foreach my $u (@$extra_users) {
54 my $user = dclone
($u);
55 my $userid = delete $user->{id
};
56 $users->{$userid} = $add_default_user_properties->($user);
66 sub default_groups_with
{
67 my ($extra_groups) = @_;
69 my $groups = default_groups
();
71 foreach my $g (@$extra_groups) {
72 my $group = dclone
($g);
73 my $groupid = delete $group->{id
};
74 $groups->{$groupid} = $group;
84 sub default_pools_with
{
85 my ($extra_pools) = @_;
87 my $pools = default_pools
();
89 foreach my $p (@$extra_pools) {
90 my $pool = dclone
($p);
91 my $poolid = delete $pool->{id
};
92 $pools->{$poolid} = $pool;
98 sub default_pool_vms_with
{
99 my ($extra_pools) = @_;
102 foreach my $pool (@$extra_pools) {
103 foreach my $vmid (keys %{$pool->{vms
}}) {
104 $vms->{$vmid} = $pool->{id
};
114 # note: does not support merging paths!
115 sub default_acls_with
{
116 my ($extra_acls) = @_;
118 my $acls = default_acls
();
120 foreach my $a (@$extra_acls) {
121 my $acl = dclone
($a);
122 my $path = delete $acl->{path
};
123 $acls->{$path} = $acl;
142 test_pam_with_group
=> {
147 'groups' => { 'testgroup' => 1 },
149 test2_pam_with_group
=> {
154 'groups' => { 'testgroup' => 1 },
161 'groups' => { 'another' => 1 },
163 test_pam_with_token
=> {
175 test_pam2_with_token
=> {
195 test_group_empty
=> {
199 test_group_single_member
=> {
205 test_group_members
=> {
212 test_group_second
=> {
218 test_role_single_priv
=> {
219 'id' => 'testrolesingle',
225 'Datastore.Audit' => 1,
232 test_pool_members
=> {
234 vms
=> { 123 => 1, 1234 => 1},
235 storage
=> { 'local' => 1, 'local-zfs' => 1},
237 test_pool_duplicate_vms
=> {
238 'id' => 'test_duplicate_vms',
242 test_pool_duplicate_storages
=> {
243 'id' => 'test_duplicate_storages',
245 storage
=> { 'local' => 1, 'local-zfs' => 1},
255 acl_complex_users
=> {
256 'path' => '/storage',
259 'PVEDatastoreUser' => 1,
262 'PVEDatastoreAdmin' => 1,
266 acl_complex_missing_user
=> {
267 'path' => '/storage',
270 'PVEDatastoreUser' => 1,
273 'PVEDatastoreAdmin' => 1,
277 acl_simple_token
=> {
285 acl_complex_tokens
=> {
286 'path' => '/storage',
288 'test2@pam!privsep' => {
289 'PVEDatastoreUser' => 1,
291 'test2@pam!expired' => {
292 'PVEDatastoreAdmin' => 1,
295 'PVEDatastoreAdmin' => 1,
299 acl_complex_missing_token
=> {
300 'path' => '/storage',
302 'test2@pam!expired' => {
303 'PVEDatastoreAdmin' => 1,
305 'test2@pam!privsep' => {
306 'PVEDatastoreUser' => 1,
310 acl_simple_group
=> {
318 acl_complex_groups
=> {
319 'path' => '/storage',
322 'PVEDatastoreAdmin' => 1,
325 'PVEDatastoreUser' => 1,
329 acl_simple_group_noprop
=> {
337 acl_complex_groups_noprop
=> {
338 'path' => '/storage',
341 'PVEDatastoreAdmin' => 0,
344 'PVEDatastoreUser' => 0,
348 acl_complex_missing_group
=> {
349 'path' => '/storage',
352 'PVEDatastoreAdmin' => 1,
355 'PVEDatastoreUser' => 1,
359 acl_missing_role
=> {
360 'path' => '/storage',
369 $default_cfg->{'acl_complex_mixed_root'} = {
371 users
=> $default_cfg->{'acl_simple_user'}->{users
},
372 groups
=> $default_cfg->{'acl_simple_group'}->{groups
},
375 $default_cfg->{'acl_complex_mixed_storage'} = {
376 'path' => '/storage',
377 users
=> $default_cfg->{'acl_complex_users'}->{users
},
378 groups
=> $default_cfg->{'acl_complex_groups'}->{groups
},
381 $default_cfg->{'acl_complex_mixed_root_noprop'} = {
383 users
=> $default_cfg->{'acl_simple_user'}->{users
},
384 groups
=> $default_cfg->{'acl_simple_group_noprop'}->{groups
},
387 $default_cfg->{'acl_complex_mixed_storage_noprop'} = {
388 'path' => '/storage',
389 users
=> $default_cfg->{'acl_complex_users'}->{users
},
390 groups
=> $default_cfg->{'acl_complex_groups_noprop'}->{groups
},
395 'root@pam' => 'user:root@pam:1:0::::::',
396 'test_pam' => 'user:test@pam:1:0::::::',
397 'test2_pam' => 'user:test2@pam:1:0::::::',
398 'test3_pam' => 'user:test3@pam:1:0::::::',
401 'test_group_empty' => 'group:testgroup:::',
402 'test_group_single_member' => 'group:testgroup:test@pam::',
403 'test_group_members' => 'group:testgroup:test2@pam,test@pam::',
404 'test_group_members_out_of_order' => 'group:testgroup:test@pam,test2@pam::',
405 'test_group_second' => 'group:another:test3@pam::',
408 'test_token_simple' => 'token:test@pam!full:0:0::',
409 'test_token_multi_full' => 'token:test2@pam!full:0:0::',
410 'test_token_multi_privsep' => 'token:test2@pam!privsep:0:1::',
411 'test_token_multi_expired' => 'token:test2@pam!expired:1:0::',
414 'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:',
415 'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:',
416 'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:',
417 'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:',
418 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
421 'test_pool_empty' => 'pool:testpool::::',
422 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
423 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
424 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
425 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
426 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
429 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:',
430 'acl_complex_users_1' => 'acl:1:/storage:test@pam:PVEDatastoreAdmin:',
431 'acl_complex_users_2' => 'acl:1:/storage:test2@pam:PVEDatastoreUser:',
432 'acl_simple_token' => 'acl:1:/:test@pam!full:PVEVMAdmin:',
433 'acl_complex_tokens_1' => 'acl:1:/storage:test2@pam!expired,test@pam!full:PVEDatastoreAdmin:',
434 'acl_complex_tokens_2' => 'acl:1:/storage:test2@pam!privsep:PVEDatastoreUser:',
435 'acl_complex_tokens_1_missing' => 'acl:1:/storage:test2@pam!expired:PVEDatastoreAdmin:',
436 'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:',
437 'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:',
438 'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:',
439 'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:',
440 'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:',
441 'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:',
442 'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test@pam:PVEVMAdmin:',
443 'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test@pam:PVEDatastoreAdmin:',
444 'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2@pam:PVEDatastoreUser:',
445 'acl_missing_role' => 'acl:1:/storage:test@pam:MissingRole:',
451 name
=> "empty_config",
454 users
=> { 'root@pam' => { enable
=> 1 } },
455 roles
=> default_roles
(),
458 expected_raw
=> "\n\n\n\n",
461 name
=> "default_config",
463 users
=> default_users
(),
464 roles
=> default_roles
(),
466 raw
=> $default_raw->{users
}->{'root@pam'}."\n\n\n\n\n",
469 name
=> "group_empty",
471 users
=> default_users
(),
472 roles
=> default_roles
(),
473 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
476 $default_raw->{users
}->{'root@pam'}."\n\n".
477 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
481 name
=> "group_inexisting_member",
483 users
=> default_users
(),
484 roles
=> default_roles
(),
485 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
488 $default_raw->{users
}->{'root@pam'}."\n\n".
489 "group:testgroup:does_not_exist::".
492 $default_raw->{users
}->{'root@pam'}."\n\n".
493 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
497 name
=> "group_invalid_member",
499 users
=> default_users
(),
500 roles
=> default_roles
(),
503 $default_raw->{users
}->{'root@pam'}."\n\n".
504 'group:inval!d:root@pam:'.
508 name
=> "group_with_one_member",
510 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
511 roles
=> default_roles
(),
512 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
515 $default_raw->{users
}->{'root@pam'}."\n".
516 $default_raw->{users
}->{'test_pam'}."\n\n".
517 $default_raw->{groups
}->{'test_group_single_member'}."\n\n".
521 name
=> "group_with_members",
523 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{test2_pam_with_group
}]),
524 roles
=> default_roles
(),
525 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}]),
528 $default_raw->{users
}->{'root@pam'}."\n".
529 $default_raw->{users
}->{'test2_pam'}."\n".
530 $default_raw->{users
}->{'test_pam'}."\n\n".
531 $default_raw->{groups
}->{'test_group_members'}."\n\n".
535 name
=> "token_simple",
537 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
538 roles
=> default_roles
(),
541 $default_raw->{users
}->{'root@pam'}."\n".
542 $default_raw->{users
}->{'test_pam'}."\n".
543 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n",
546 name
=> "token_multi",
548 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{test_pam2_with_token
}]),
549 roles
=> default_roles
(),
552 $default_raw->{users
}->{'root@pam'}."\n".
553 $default_raw->{users
}->{'test2_pam'}."\n".
554 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
555 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
556 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
557 $default_raw->{users
}->{'test_pam'}."\n".
558 $default_raw->{tokens
}->{'test_token_simple'}."\n".
562 name
=> "custom_role_with_single_priv",
564 users
=> default_users
(),
565 roles
=> default_roles_with
([$default_cfg->{test_role_single_priv
}]),
568 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
569 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
572 name
=> "custom_role_with_privs",
574 users
=> default_users
(),
575 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
578 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
579 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
582 name
=> "custom_role_with_duplicate_privs",
584 users
=> default_users
(),
585 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
588 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
589 $default_raw->{roles
}->{'test_role_privs_duplicate'}."\n\n",
591 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
592 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
595 name
=> "custom_role_with_invalid_priv",
597 users
=> default_users
(),
598 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
601 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
602 $default_raw->{roles
}->{'test_role_privs_invalid'}."\n\n",
604 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
605 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
608 name
=> "pool_empty",
610 users
=> default_users
(),
611 roles
=> default_roles
(),
612 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
615 $default_raw->{users
}->{'root@pam'}."\n\n\n".
616 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
619 name
=> "pool_invalid",
621 users
=> default_users
(),
622 roles
=> default_roles
(),
623 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
626 $default_raw->{users
}->{'root@pam'}."\n\n\n".
627 $default_raw->{pools
}->{'test_pool_invalid'}."\n\n\n",
629 $default_raw->{users
}->{'root@pam'}."\n\n\n".
630 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
633 name
=> "pool_members",
635 users
=> default_users
(),
636 roles
=> default_roles
(),
637 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}]),
638 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
641 $default_raw->{users
}->{'root@pam'}."\n\n\n".
642 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
645 name
=> "pool_duplicate_members",
647 users
=> default_users
(),
648 roles
=> default_roles
(),
649 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}, $default_cfg->{test_pool_duplicate_vms
}, $default_cfg->{test_pool_duplicate_storages
}]),
650 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
653 $default_raw->{users
}->{'root@pam'}."\n\n\n".
654 $default_raw->{pools
}->{'test_pool_members'}."\n".
655 $default_raw->{pools
}->{'test_pool_duplicate_vms'}."\n".
656 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n",
658 $default_raw->{users
}->{'root@pam'}."\n\n\n".
659 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n".
660 $default_raw->{pools
}->{'test_pool_duplicate_vms_expected'}."\n".
661 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
664 name
=> "acl_simple_user",
666 users
=> default_users_with
([$default_cfg->{test_pam
}]),
667 roles
=> default_roles
(),
668 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
671 $default_raw->{users
}->{'root@pam'}."\n".
672 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
673 $default_raw->{acl
}->{'acl_simple_user'}."\n",
676 name
=> "acl_complex_users",
678 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}]),
679 roles
=> default_roles
(),
680 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_users
}]),
683 $default_raw->{users
}->{'root@pam'}."\n".
684 $default_raw->{users
}->{'test2_pam'}."\n".
685 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
686 $default_raw->{acl
}->{'acl_simple_user'}."\n".
687 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
688 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
691 name
=> "acl_complex_missing_user",
693 users
=> default_users_with
([$default_cfg->{test2_pam
}]),
694 roles
=> default_roles
(),
695 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_missing_user
}]),
698 $default_raw->{users
}->{'root@pam'}."\n".
699 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
700 $default_raw->{acl
}->{'acl_simple_user'}."\n".
701 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
702 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
705 name
=> "acl_simple_group",
707 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
708 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
709 roles
=> default_roles
(),
710 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}]),
713 $default_raw->{users
}->{'root@pam'}."\n".
714 $default_raw->{users
}->{'test_pam'}."\n\n".
715 $default_raw->{groups
}->{'test_group_single_member'}."\n\n\n\n".
716 $default_raw->{acl
}->{'acl_simple_group'}."\n",
719 name
=> "acl_complex_groups",
721 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
722 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
723 roles
=> default_roles
(),
724 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_groups
}]),
727 $default_raw->{users
}->{'root@pam'}."\n".
728 $default_raw->{users
}->{'test2_pam'}."\n".
729 $default_raw->{users
}->{'test3_pam'}."\n".
730 $default_raw->{users
}->{'test_pam'}."\n\n".
731 $default_raw->{groups
}->{'test_group_second'}."\n".
732 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
733 $default_raw->{acl
}->{'acl_simple_group'}."\n".
734 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
735 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
738 name
=> "acl_complex_missing_group",
740 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
741 groups
=> default_groups_with
([$default_cfg->{'test_group_second'}]),
742 roles
=> default_roles
(),
743 acl
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_missing_group
}]),
746 $default_raw->{users
}->{'root@pam'}."\n".
747 $default_raw->{users
}->{'test2_pam'}."\n".
748 $default_raw->{users
}->{'test3_pam'}."\n".
749 $default_raw->{users
}->{'test_pam'}."\n\n".
750 $default_raw->{groups
}->{'test_group_second'}."\n".
751 $default_raw->{acl
}->{'acl_simple_group'}."\n".
752 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
753 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
755 $default_raw->{users
}->{'root@pam'}."\n".
756 $default_raw->{users
}->{'test2_pam'}."\n".
757 $default_raw->{users
}->{'test3_pam'}."\n".
758 $default_raw->{users
}->{'test_pam'}."\n\n".
759 $default_raw->{groups
}->{'test_group_second'}."\n\n\n\n".
760 $default_raw->{acl
}->{'acl_simple_group'}."\n".
761 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
762 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
765 name
=> "acl_simple_token",
767 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
768 roles
=> default_roles
(),
769 acl
=> default_acls_with
([$default_cfg->{acl_simple_token
}]),
772 $default_raw->{users
}->{'root@pam'}."\n".
773 $default_raw->{users
}->{'test_pam'}."\n".
774 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
775 $default_raw->{acl
}->{'acl_simple_token'}."\n",
778 name
=> "acl_complex_tokens",
780 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{'test_pam2_with_token'}]),
781 roles
=> default_roles
(),
782 acl
=> default_acls_with
([$default_cfg->{acl_simple_token
}, $default_cfg->{acl_complex_tokens
}]),
785 $default_raw->{users
}->{'root@pam'}."\n".
786 $default_raw->{users
}->{'test2_pam'}."\n".
787 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
788 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
789 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
790 $default_raw->{users
}->{'test_pam'}."\n".
791 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
792 $default_raw->{acl
}->{'acl_simple_token'}."\n".
793 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
794 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
797 name
=> "acl_complex_missing_token",
799 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{test_pam2_with_token
}]),
800 roles
=> default_roles
(),
801 acl
=> default_acls_with
([$default_cfg->{acl_complex_missing_token
}]),
804 $default_raw->{users
}->{'root@pam'}."\n".
805 $default_raw->{users
}->{'test2_pam'}."\n".
806 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
807 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
808 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
809 $default_raw->{users
}->{'test_pam'}."\n".
810 $default_raw->{acl
}->{'acl_simple_token'}."\n".
811 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
812 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
814 $default_raw->{users
}->{'root@pam'}."\n".
815 $default_raw->{users
}->{'test2_pam'}."\n".
816 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
817 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
818 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
819 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
820 $default_raw->{acl
}->{'acl_complex_tokens_1_missing'}."\n".
821 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
824 name
=> "acl_missing_role",
826 users
=> default_users_with
([$default_cfg->{test_pam
}]),
827 roles
=> default_roles
(),
828 acl
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
831 $default_raw->{users
}->{'root@pam'}."\n".
832 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
833 $default_raw->{acl
}->{'acl_simple_user'}."\n".
834 $default_raw->{acl
}->{'acl_missing_role'}."\n",
836 $default_raw->{users
}->{'root@pam'}."\n".
837 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
838 $default_raw->{acl
}->{'acl_simple_user'}."\n",
841 name
=> "acl_complex_mixed",
843 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
844 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
845 roles
=> default_roles
(),
846 acl
=> default_acls_with
([
847 $default_cfg->{acl_complex_mixed_root
},
848 $default_cfg->{acl_complex_mixed_storage
},
852 $default_raw->{users
}->{'root@pam'}."\n".
853 $default_raw->{users
}->{'test2_pam'}."\n".
854 $default_raw->{users
}->{'test3_pam'}."\n".
855 $default_raw->{users
}->{'test_pam'}."\n\n".
856 $default_raw->{groups
}->{'test_group_second'}."\n".
857 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
858 $default_raw->{acl
}->{'acl_simple_group'}."\n".
859 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
860 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n".
861 $default_raw->{acl
}->{'acl_simple_user'}."\n".
862 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
863 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
865 $default_raw->{users
}->{'root@pam'}."\n".
866 $default_raw->{users
}->{'test2_pam'}."\n".
867 $default_raw->{users
}->{'test3_pam'}."\n".
868 $default_raw->{users
}->{'test_pam'}."\n\n".
869 $default_raw->{groups
}->{'test_group_second'}."\n".
870 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
871 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
872 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
873 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
876 name
=> "acl_complex_mixed_prop_noprop_no_merge_sort_by_path",
878 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
879 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
880 roles
=> default_roles
(),
881 acl
=> default_acls_with
([
882 $default_cfg->{acl_complex_mixed_root_noprop
},
883 $default_cfg->{acl_complex_mixed_storage_noprop
},
887 $default_raw->{users
}->{'root@pam'}."\n".
888 $default_raw->{users
}->{'test2_pam'}."\n".
889 $default_raw->{users
}->{'test3_pam'}."\n".
890 $default_raw->{users
}->{'test_pam'}."\n\n".
891 $default_raw->{groups
}->{'test_group_second'}."\n".
892 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
893 $default_raw->{acl
}->{'acl_simple_group_noprop'}."\n".
894 $default_raw->{acl
}->{'acl_simple_user'}."\n".
895 $default_raw->{acl
}->{'acl_complex_groups_1_noprop'}."\n".
896 $default_raw->{acl
}->{'acl_complex_groups_2_noprop'}."\n".
897 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
898 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
901 name
=> "sort_roles_and_privs",
903 $default_raw->{users
}->{'root@pam'}."\n".
904 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n".
905 $default_raw->{roles
}->{'test_role_privs_out_of_order'}."\n\n",
907 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
908 $default_raw->{roles
}->{'test_role_privs'}."\n".
909 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
912 name
=> "sort_users_and_group_members",
914 $default_raw->{users
}->{'test2_pam'}."\n".
915 $default_raw->{users
}->{'root@pam'}."\n".
916 $default_raw->{users
}->{'test_pam'}."\n\n".
917 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n".
920 $default_raw->{users
}->{'root@pam'}."\n".
921 $default_raw->{users
}->{'test2_pam'}."\n".
922 $default_raw->{users
}->{'test_pam'}."\n\n".
923 $default_raw->{groups
}->{'test_group_members'}."\n\n".
927 name
=> "sort_user_groups_and_acls",
929 $default_raw->{users
}->{'test2_pam'}."\n".
930 $default_raw->{users
}->{'root@pam'}."\n".
931 $default_raw->{users
}->{'test_pam'}."\n\n".
932 $default_raw->{users
}->{'test3_pam'}."\n".
933 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n\n\n".
934 $default_raw->{groups
}->{'test_group_second'}."\n".
935 $default_raw->{acl
}->{'acl_simple_user'}."\n".
936 $default_raw->{acl
}->{'acl_simple_group'}."\n".
937 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
938 $default_raw->{acl
}->{'acl_complex_users_2'}."\n".
939 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
940 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
942 $default_raw->{users
}->{'root@pam'}."\n".
943 $default_raw->{users
}->{'test2_pam'}."\n".
944 $default_raw->{users
}->{'test3_pam'}."\n".
945 $default_raw->{users
}->{'test_pam'}."\n\n".
946 $default_raw->{groups
}->{'test_group_second'}."\n".
947 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
948 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
949 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
950 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
953 name
=> 'default_values',
973 roles
=> default_roles_with
([{ id
=> 'testrole' }]),
974 groups
=> default_groups_with
([$default_cfg->{test_group_empty
}]),
975 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
978 'user:root@pam'."\n".
979 'user:test@pam'."\n".
980 'token:test@pam!test'."\n\n".
981 'group:testgroup'."\n\n".
982 'pool:testpool'."\n\n".
983 'role:testrole'."\n\n".
986 'user:root@pam:0:0::::::'."\n".
987 'user:test@pam:0:0::::::'."\n".
988 'token:test@pam!test:0:0::'."\n\n".
989 'group:testgroup:::'."\n\n".
990 'pool:testpool::::'."\n\n".
991 'role:testrole::'."\n\n",
996 my $number_of_tests_run = 0;
997 foreach my $t (@$tests) {
998 my $expected_config = $t->{expected_config
} // $t->{config
};
999 my $expected_raw = $t->{expected_raw
} // $t->{raw
};
1000 if (defined($t->{raw
})) {
1001 my $parsed = PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{raw
});
1002 if (defined($expected_config)) {
1003 is_deeply
($parsed, $expected_config, "$t->{name}_parse");
1004 $number_of_tests_run++;
1006 if (defined($t->{expected_raw
}) && !defined($t->{config
})) {
1007 is(PVE
::AccessControl
::write_user_config
($t->{name
}, $parsed), $t->{expected_raw
}, "$t->{name}_rewrite");
1008 $number_of_tests_run++;
1012 if (defined($t->{config
})) {
1013 my $written = PVE
::AccessControl
::write_user_config
($t->{name
}, $t->{config
});
1014 if (defined($expected_raw)) {
1015 is($written, $expected_raw, "$t->{name}_write");
1016 $number_of_tests_run++;
1018 if (defined($t->{expected_config
}) && !defined($t->{raw
})) {
1019 is_deeply
(PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{written
}), $t->{expected_config
}, "$t->{name}_reparse");
1020 $number_of_tests_run++;
1025 done_testing
( $number_of_tests_run);