[pve-devel] [PATCH v3 access-control 03/20] test: add parser/writer tests

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Jan 21 13:54:01 CET 2020


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---

Notes:
    new in v3
    
    probably still not covering all the corner cases - extensions welcome

 test/Makefile         |   2 +-
 test/parser_writer.pl | 848 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 849 insertions(+), 1 deletion(-)
 create mode 100755 test/parser_writer.pl

diff --git a/test/Makefile b/test/Makefile
index 5c9c94e..dc75e4f 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -3,6 +3,7 @@ all:
 
 .PHONY: check
 check:
+	perl -I.. parser_writer.pl
 	perl -I.. perm-test1.pl
 	perl -I.. perm-test2.pl
 	perl -I.. perm-test3.pl
@@ -10,4 +11,3 @@ check:
 	perl -I.. perm-test5.pl
 	perl -I.. perm-test6.pl
 	perl -I.. perm-test7.pl
-
diff --git a/test/parser_writer.pl b/test/parser_writer.pl
new file mode 100755
index 0000000..28c5a8c
--- /dev/null
+++ b/test/parser_writer.pl
@@ -0,0 +1,848 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+use Test::More;
+use PVE::AccessControl;
+
+use Storable qw(dclone);
+
+PVE::AccessControl::create_roles();
+my $default_user_cfg = {};
+PVE::AccessControl::userconfig_force_defaults($default_user_cfg);
+
+my $add_default_user_properties = sub {
+    my ($user) = @_;
+
+    $user->{enable} = 1 if !defined($user->{enable});
+    $user->{expire} = 0 if !defined($user->{expire});
+    $user->{email} = undef if !defined($user->{email});
+
+    return $user;
+};
+
+sub default_roles {
+    my $roles = dclone($default_user_cfg->{roles});
+    return $roles;
+}
+
+sub default_roles_with {
+    my ($extra_roles) = @_;
+
+    my $roles = default_roles();
+
+    foreach my $r (@$extra_roles) {
+	my $role = dclone($r);
+	my $roleid = delete $role->{id};
+	$roles->{$roleid} = $role;
+    }
+
+    return $roles;
+}
+
+sub default_users {
+    my $users = dclone($default_user_cfg->{users});
+    return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users};
+}
+
+sub default_users_with {
+    my ($extra_users) = @_;
+
+    my $users = default_users();
+
+    foreach my $u (@$extra_users) {
+	my $user = dclone($u);
+	my $userid = delete $user->{id};
+	$users->{$userid} = $add_default_user_properties->($user);
+    }
+
+    return $users;
+}
+
+sub default_groups {
+    return {};
+}
+
+sub default_groups_with {
+    my ($extra_groups) = @_;
+
+    my $groups = default_groups();
+
+    foreach my $g (@$extra_groups) {
+	my $group = dclone($g);
+	my $groupid = delete $group->{id};
+	$groups->{$groupid} = $group;
+    }
+
+    return $groups;
+}
+
+sub default_pools {
+    return {};
+}
+
+sub default_pools_with {
+    my ($extra_pools) = @_;
+
+    my $pools = default_pools();
+
+    foreach my $p (@$extra_pools) {
+	my $pool = dclone($p);
+	my $poolid = delete $pool->{id};
+	$pools->{$poolid} = $pool;
+    }
+
+    return $pools;
+}
+
+sub default_pool_vms_with {
+    my ($extra_pools) = @_;
+
+    my $vms = {};
+    foreach my $pool (@$extra_pools) {
+	foreach my $vmid (keys %{$pool->{vms}}) {
+	    $vms->{$vmid} = $pool->{id};
+	}
+    }
+    return $vms;
+}
+
+sub default_acls {
+    return {};
+}
+
+# note: does not support merging paths!
+sub default_acls_with {
+    my ($extra_acls) = @_;
+
+    my $acls = default_acls();
+
+    foreach my $a (@$extra_acls) {
+	my $acl = dclone($a);
+	my $path = delete $acl->{path};
+	$acls->{$path} = $acl;
+    }
+
+    return $acls;
+}
+
+my $default_cfg = {
+    test_pam => {
+	'id' => 'test at pam',
+	'enable' => 1,
+	'expire' => 0,
+	'email' => undef,
+    },
+    test2_pam => {
+	'id' => 'test2 at pam',
+	'enable' => 1,
+	'expire' => 0,
+	'email' => undef,
+    },
+    test_pam_with_group => {
+	'id' => 'test at pam',
+	'enable' => 1,
+	'expire' => 0,
+	'email' => undef,
+	'groups' => { 'testgroup' => 1 },
+    },
+    test2_pam_with_group => {
+	'id' => 'test2 at pam',
+	'enable' => 1,
+	'expire' => 0,
+	'email' => undef,
+	'groups' => { 'testgroup' => 1 },
+    },
+    test3_pam => {
+	'id' => 'test3 at pam',
+	'enable' => 1,
+	'expire' => 0,
+	'email' => undef,
+	'groups' => { 'another' => 1 },
+    },
+    test_group_empty => {
+	'id' => 'testgroup',
+	users => {},
+    },
+    test_group_single_member => {
+	'id' => 'testgroup',
+	'users' => {
+	    'test at pam' => 1,
+	},
+    },
+    test_group_members => {
+	'id' => 'testgroup',
+	'users' => {
+	    'test at pam' => 1,
+	    'test2 at pam' => 1,
+	},
+    },
+    test_group_second => {
+	'id' => 'another',
+	users => {
+	    'test3 at pam' => 1,
+	},
+    },
+    test_role_single_priv => {
+	'id' => 'testrolesingle',
+	'VM.Allocate' => 1,
+    },
+    test_role_privs => {
+	'id' => 'testrole',
+	'VM.Allocate' => 1,
+	'Datastore.Audit' => 1,
+    },
+    test_pool_empty => {
+	'id' => 'testpool',
+	vms => {},
+	storage => {},
+    },
+    test_pool_members => {
+	'id' => 'testpool',
+	vms => { 123 => 1, 1234 => 1},
+	storage => { 'local' => 1, 'local-zfs' => 1},
+    },
+    test_pool_duplicate_vms => {
+	'id' => 'test_duplicate_vms',
+	vms => {},
+	storage => {},
+    },
+    test_pool_duplicate_storages => {
+	'id' => 'test_duplicate_storages',
+	vms => {},
+	storage => { 'local' => 1, 'local-zfs' => 1},
+    },
+    acl_simple_user => {
+	'path' => '/',
+	users => {
+	    'test at pam' => {
+		'PVEVMAdmin' => 1,
+	    },
+	},
+    },
+    acl_complex_users => {
+	'path' => '/storage',
+	users => {
+	    'test2 at pam' => {
+		'PVEDatastoreUser' => 1,
+	    },
+	    'test at pam' => {
+		'PVEDatastoreAdmin' => 1,
+	    },
+	},
+    },
+    acl_complex_missing_user => {
+	'path' => '/storage',
+	users => {
+	    'test2 at pam' => {
+		'PVEDatastoreUser' => 1,
+	    },
+	},
+    },
+    acl_simple_group => {
+	'path' => '/',
+	groups => {
+	    'testgroup' => {
+		'PVEVMAdmin' => 1,
+	    },
+	},
+    },
+    acl_complex_groups => {
+	'path' => '/storage',
+	groups => {
+	    'testgroup' => {
+		'PVEDatastoreAdmin' => 1,
+	    },
+	    'another' => {
+		'PVEDatastoreUser' => 1,
+	    },
+	},
+    },
+    acl_simple_group_noprop => {
+	'path' => '/',
+	groups => {
+	    'testgroup' => {
+		'PVEVMAdmin' => 0,
+	    },
+	},
+    },
+    acl_complex_groups_noprop => {
+	'path' => '/storage',
+	groups => {
+	    'testgroup' => {
+		'PVEDatastoreAdmin' => 0,
+	    },
+	    'another' => {
+		'PVEDatastoreUser' => 0,
+	    },
+	},
+    },
+    acl_complex_missing_group => {
+	'path' => '/storage',
+	groups => {
+	    'another' => {
+		'PVEDatastoreUser' => 1,
+	    },
+	},
+    },
+    acl_missing_role => {
+	'path' => '/storage',
+	users => {
+	    'test at pam' => {
+		'MissingRole' => 1,
+	    },
+	},
+    },
+};
+
+$default_cfg->{'acl_complex_mixed_root'} = {
+	'path' => '/',
+	users => $default_cfg->{'acl_simple_user'}->{users},
+	groups => $default_cfg->{'acl_simple_group'}->{groups},
+};
+
+$default_cfg->{'acl_complex_mixed_storage'} = {
+	'path' => '/storage',
+	users => $default_cfg->{'acl_complex_users'}->{users},
+	groups => $default_cfg->{'acl_complex_groups'}->{groups},
+};
+
+$default_cfg->{'acl_complex_mixed_root_noprop'} = {
+	'path' => '/',
+	users => $default_cfg->{'acl_simple_user'}->{users},
+	groups => $default_cfg->{'acl_simple_group_noprop'}->{groups},
+};
+
+$default_cfg->{'acl_complex_mixed_storage_noprop'} = {
+	'path' => '/storage',
+	users => $default_cfg->{'acl_complex_users'}->{users},
+	groups => $default_cfg->{'acl_complex_groups_noprop'}->{groups},
+};
+
+my $default_raw = {
+    users => {
+	'root at pam' => 'user:root at pam:1:0::::::',
+	'test_pam' => 'user:test at pam:1:0::::::',
+	'test2_pam' => 'user:test2 at pam:1:0::::::',
+	'test3_pam' => 'user:test3 at pam:1:0::::::',
+    },
+    groups => {
+	'test_group_empty' => 'group:testgroup:::',
+	'test_group_single_member' => 'group:testgroup:test at pam::',
+	'test_group_members' => 'group:testgroup:test2 at pam,test at pam::',
+	'test_group_members_out_of_order' => 'group:testgroup:test at pam,test2 at pam::',
+	'test_group_second' => 'group:another:test3 at pam::',
+    },
+    roles => {
+	'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:',
+	'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:',
+	'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:',
+	'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:',
+	'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
+    },
+    pools => {
+	'test_pool_empty' => 'pool:testpool::::',
+	'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
+	'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
+	'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
+	'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
+	'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
+    },
+    acl => {
+	'acl_simple_user' => 'acl:1:/:test at pam:PVEVMAdmin:',
+	'acl_complex_users_1' => 'acl:1:/storage:test at pam:PVEDatastoreAdmin:',
+	'acl_complex_users_2' => 'acl:1:/storage:test2 at pam:PVEDatastoreUser:',
+	'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:',
+	'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:',
+	'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:',
+	'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:',
+	'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:',
+	'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:',
+	'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test at pam:PVEVMAdmin:',
+	'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test at pam:PVEDatastoreAdmin:',
+	'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2 at pam:PVEDatastoreUser:',
+	'acl_missing_role' => 'acl:1:/storage:test at pam:MissingRole:',
+    },
+};
+
+my $tests = [
+    {
+	name => "empty_config",
+	config => {},
+	expected_config => {
+	    users => { 'root at pam' => { enable => 1 } },
+	    roles => default_roles(),
+	},
+	raw => "",
+	expected_raw => "\n\n\n\n",
+    },
+    {
+	name => "default_config",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	},
+	raw => $default_raw->{users}->{'root at pam'}."\n\n\n\n\n",
+    },
+    {
+	name => "group_empty",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    groups => default_groups_with([$default_cfg->{'test_group_empty'}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_empty'}."\n\n".
+	       "\n\n",
+    },
+    {
+	name => "group_inexisting_member",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    groups => default_groups_with([$default_cfg->{'test_group_empty'}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n".
+	       "group:testgroup:does_not_exist::".
+	       "\n\n\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_empty'}."\n\n".
+	       "\n\n",
+    },
+    {
+	name => "group_invalid_member",
+	expected_config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n".
+	       'group:inval!d:root at pam:'.
+	       "\n\n",
+    },
+    {
+	name => "group_with_one_member",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}]),
+	    roles => default_roles(),
+	    groups => default_groups_with([$default_cfg->{'test_group_single_member'}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_single_member'}."\n\n".
+	       "\n\n",
+    },
+    {
+	name => "group_with_members",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{test2_pam_with_group}]),
+	    roles => default_roles(),
+	    groups => default_groups_with([$default_cfg->{'test_group_members'}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n".
+	       "\n\n",
+    },
+    {
+	name => "custom_role_with_single_priv",
+	config => {
+	    users => default_users(),
+	    roles => default_roles_with([$default_cfg->{test_role_single_priv}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_single_priv'}."\n\n",
+    },
+    {
+	name => "custom_role_with_privs",
+	config => {
+	    users => default_users(),
+	    roles => default_roles_with([$default_cfg->{test_role_privs}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs'}."\n\n",
+    },
+    {
+	name => "custom_role_with_duplicate_privs",
+	config => {
+	    users => default_users(),
+	    roles => default_roles_with([$default_cfg->{test_role_privs}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs_duplicate'}."\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs'}."\n\n",
+    },
+    {
+	name => "custom_role_with_invalid_priv",
+	config => {
+	    users => default_users(),
+	    roles => default_roles_with([$default_cfg->{test_role_privs}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs_invalid'}."\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs'}."\n\n",
+    },
+    {
+	name => "pool_empty",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    pools => default_pools_with([$default_cfg->{test_pool_empty}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_empty'}."\n\n\n",
+    },
+    {
+	name => "pool_invalid",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    pools => default_pools_with([$default_cfg->{test_pool_empty}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_invalid'}."\n\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_empty'}."\n\n\n",
+    },
+    {
+	name => "pool_members",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    pools => default_pools_with([$default_cfg->{test_pool_members}]),
+	    vms => default_pool_vms_with([$default_cfg->{test_pool_members}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_members'}."\n\n\n",
+    },
+    {
+	name => "pool_duplicate_members",
+	config => {
+	    users => default_users(),
+	    roles => default_roles(),
+	    pools => default_pools_with([$default_cfg->{test_pool_members}, $default_cfg->{test_pool_duplicate_vms}, $default_cfg->{test_pool_duplicate_storages}]),
+	    vms => default_pool_vms_with([$default_cfg->{test_pool_members}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_members'}."\n".
+	       $default_raw->{pools}->{'test_pool_duplicate_vms'}."\n".
+	       $default_raw->{pools}->{'test_pool_duplicate_storages'}."\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n".
+	       $default_raw->{pools}->{'test_pool_duplicate_storages'}."\n".
+	       $default_raw->{pools}->{'test_pool_duplicate_vms_expected'}."\n".
+	       $default_raw->{pools}->{'test_pool_members'}."\n\n\n",
+    },
+    {
+	name => "acl_simple_user",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_simple_user}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n",
+    },
+    {
+	name => "acl_complex_users",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{'test2_pam'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_simple_user}, $default_cfg->{acl_complex_users}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n",
+    },
+    {
+	name => "acl_complex_missing_user",
+	config => {
+	    users => default_users_with([$default_cfg->{test2_pam}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_complex_missing_user}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n\n\n\n\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n",
+    },
+    {
+	name => "acl_simple_group",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}]),
+	    groups => default_groups_with([$default_cfg->{'test_group_single_member'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_simple_group}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_single_member'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_group'}."\n",
+    },
+    {
+	name => "acl_complex_groups",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
+	    groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_simple_group}, $default_cfg->{acl_complex_groups}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_group'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2'}."\n",
+    },
+    {
+	name => "acl_complex_missing_group",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
+	    groups => default_groups_with([$default_cfg->{'test_group_second'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_complex_missing_group}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{acl}->{'acl_simple_group'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2'}."\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2'}."\n",
+    },
+    {
+	name => "acl_missing_role",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([$default_cfg->{acl_missing_role}, $default_cfg->{acl_simple_user}]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_missing_role'}."\n",
+    },
+    {
+	name => "acl_complex_mixed",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
+	    groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([
+	        $default_cfg->{acl_complex_mixed_root},
+	        $default_cfg->{acl_complex_mixed_storage},
+	    ]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_group'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2'}."\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_2'}."\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_3'}."\n",
+    },
+    {
+	name => "acl_complex_mixed_prop_noprop_no_merge_sort_by_path",
+	config => {
+	    users => default_users_with([$default_cfg->{test_pam_with_group}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
+	    groups => default_groups_with([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
+	    roles => default_roles(),
+	    acl => default_acls_with([
+	        $default_cfg->{acl_complex_mixed_root_noprop},
+	        $default_cfg->{acl_complex_mixed_storage_noprop},
+	    ]),
+	},
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_simple_group_noprop'}."\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_1_noprop'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2_noprop'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n",
+    },
+    {
+	name => "sort_roles_and_privs",
+	raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{roles}->{'test_role_single_priv'}."\n\n".
+	       $default_raw->{roles}->{'test_role_privs_out_of_order'}."\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n\n\n\n".
+	       $default_raw->{roles}->{'test_role_privs'}."\n".
+	       $default_raw->{roles}->{'test_role_single_priv'}."\n\n",
+    },
+    {
+	name => "sort_users_and_group_members",
+	raw => "".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_members_out_of_order'}."\n\n".
+	    "\n\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n".
+	    "\n\n",
+    },
+    {
+	name => "sort_user_groups_and_acls",
+	raw => "".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{groups}->{'test_group_members_out_of_order'}."\n\n\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{acl}->{'acl_simple_user'}."\n".
+	       $default_raw->{acl}->{'acl_simple_group'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_users_2'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_groups_2'}."\n",
+	expected_raw => "".
+	       $default_raw->{users}->{'root at pam'}."\n".
+	       $default_raw->{users}->{'test2_pam'}."\n".
+	       $default_raw->{users}->{'test3_pam'}."\n".
+	       $default_raw->{users}->{'test_pam'}."\n\n".
+	       $default_raw->{groups}->{'test_group_second'}."\n".
+	       $default_raw->{groups}->{'test_group_members'}."\n\n\n\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_1'}."\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_2'}."\n".
+	       $default_raw->{acl}->{'acl_complex_mixed_3'}."\n",
+    },
+    {
+	name => 'default_values',
+	config => {
+	    users => {
+		'root at pam' => {
+		    enable => 0,
+		    expire => 0,
+		    email => undef,
+		},
+		'test at pam' => {
+		    enable => 0,
+		    expire => 0,
+		    email => undef,
+		},
+	    },
+	    roles => default_roles_with([{ id => 'testrole' }]),
+	    groups => default_groups_with([$default_cfg->{test_group_empty}]),
+	    pools => default_pools_with([$default_cfg->{test_pool_empty}]),
+	},
+	raw => "".
+	       'user:root at pam'."\n".
+	       'user:test at pam'."\n\n".
+	       'group:testgroup'."\n\n".
+	       'pool:testpool'."\n\n".
+	       'role:testrole'."\n\n".
+	       'acl::/:',
+	expected_raw => "".
+	       'user:root at pam:0:0::::::'."\n".
+	       'user:test at pam:0:0::::::'."\n\n".
+	       'group:testgroup:::'."\n\n".
+	       'pool:testpool::::'."\n\n".
+	       'role:testrole::'."\n\n",
+    },
+];
+
+
+my $number_of_tests_run = 0;
+foreach my $t (@$tests) {
+    my $expected_config = $t->{expected_config} // $t->{config};
+    my $expected_raw = $t->{expected_raw} // $t->{raw};
+    if (defined($t->{raw})) {
+	my $parsed = PVE::AccessControl::parse_user_config($t->{name}, $t->{raw});
+	if (defined($expected_config)) {
+	    is_deeply($parsed, $expected_config, "$t->{name}_parse");
+	    $number_of_tests_run++;
+	}
+	if (defined($t->{expected_raw}) && !defined($t->{config})) {
+	    is(PVE::AccessControl::write_user_config($t->{name}, $parsed), $t->{expected_raw}, "$t->{name}_rewrite");
+	    $number_of_tests_run++;
+	}
+
+    }
+    if (defined($t->{config})) {
+	my $written = PVE::AccessControl::write_user_config($t->{name}, $t->{config});
+	if (defined($expected_raw)) {
+	    is($written, $expected_raw, "$t->{name}_write");
+	    $number_of_tests_run++;
+	}
+	if (defined($t->{expected_config}) && !defined($t->{raw})) {
+	    is_deeply(PVE::AccessControl::parse_user_config($t->{name}, $t->{written}), $t->{expected_config}, "$t->{name}_reparse");
+	    $number_of_tests_run++;
+	}
+    }
+};
+
+done_testing( $number_of_tests_run);
-- 
2.20.1





More information about the pve-devel mailing list