From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <d.csapak@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id BB5D86DF20
for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:15 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id B9247259E8
for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:15 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id 9EBB6259D3
for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:13 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7382141C32
for <pve-devel@lists.proxmox.com>; Mon, 28 Mar 2022 14:38:13 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Mon, 28 Mar 2022 14:38:02 +0200
Message-Id: <20220328123807.233098-2-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20220328123807.233098-1-d.csapak@proxmox.com>
References: <20220328123807.233098-1-d.csapak@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.147 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -
Subject: [pve-devel] [PATCH access-control v4 1/4] add regression tests for
realm-sync
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2022 12:38:15 -0000
to fully test the 'end-to-end' sync api call, we have to mock quite
some methods for cluster/rpcenvironment/ldap
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/test/Makefile | 1 +
src/test/realm_sync_test.pl | 338 ++++++++++++++++++++++++++++++++++++
2 files changed, 339 insertions(+)
create mode 100755 src/test/realm_sync_test.pl
diff --git a/src/test/Makefile b/src/test/Makefile
index adaacb9..859a84b 100644
--- a/src/test/Makefile
+++ b/src/test/Makefile
@@ -12,3 +12,4 @@ check:
perl -I.. perm-test6.pl
perl -I.. perm-test7.pl
perl -I.. perm-test8.pl
+ perl -I.. realm_sync_test.pl
diff --git a/src/test/realm_sync_test.pl b/src/test/realm_sync_test.pl
new file mode 100755
index 0000000..2a4a132
--- /dev/null
+++ b/src/test/realm_sync_test.pl
@@ -0,0 +1,338 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Test::MockModule;
+use Test::More;
+use Storable qw(dclone);
+
+use PVE::AccessControl;
+use PVE::API2::Domains;
+
+my $domainscfg = {
+ ids => {
+ "pam" => { type => 'pam' },
+ "pve" => { type => 'pve' },
+ "syncedrealm" => { type => 'ldap' }
+ },
+};
+
+my $initialusercfg = {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => { users => {}, },
+ 'group2-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+};
+
+my $sync_response = {
+ user => [
+ {
+ attributes => { 'uid' => ['user1'], },
+ dn => 'uid=user1,dc=syncedrealm',
+ },
+ {
+ attributes => { 'uid' => ['user2'], },
+ dn => 'uid=user2,dc=syncedrealm',
+ },
+ {
+ attributes => { 'uid' => ['user4'], },
+ dn => 'uid=user4,dc=syncedrealm',
+ },
+ ],
+ groups => [
+ {
+ dn => 'dc=group1,dc=syncedrealm',
+ members => [
+ 'uid=user1,dc=syncedrealm',
+ ],
+ },
+ {
+ dn => 'dc=group3,dc=syncedrealm',
+ members => [
+ 'uid=nonexisting,dc=syncedrealm',
+ ],
+ }
+ ],
+};
+
+my $returned_user_cfg = {};
+
+# mocking all cluster and ldap operations
+my $pve_cluster_module = Test::MockModule->new('PVE::Cluster');
+$pve_cluster_module->mock(
+ cfs_update => sub {},
+ cfs_read_file => sub {
+ my ($filename) = @_;
+ if ($filename eq 'domains.cfg') { return dclone($domainscfg); }
+ if ($filename eq 'user.cfg') { return dclone($initialusercfg); }
+ die "unexpected cfs_read_file";
+ },
+ cfs_write_file => sub {
+ my ($filename, $data) = @_;
+ if ($filename eq 'user.cfg') {
+ $returned_user_cfg = $data;
+ return;
+ }
+ die "unexpected cfs_read_file";
+ },
+ cfs_lock_file => sub {
+ my ($filename, $timeout, $code) = @_;
+ return $code->();
+ },
+);
+
+my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains');
+$pve_api_domains->mock(
+ cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); },
+ cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); },
+);
+
+my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl');
+$pve_accesscontrol->mock(
+ cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); },
+);
+
+my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment');
+$pve_rpcenvironment->mock(
+ get => sub { return bless {}, 'PVE::RPCEnvironment'; },
+ get_user => sub { return 'root@pam'; },
+ fork_worker => sub {
+ my ($class, $workertype, $id, $user, $code) = @_;
+
+ return $code->();
+ },
+);
+
+my $pve_ldap_module = Test::MockModule->new('PVE::LDAP');
+$pve_ldap_module->mock(
+ ldap_connect => sub { return {}; },
+ ldap_bind => sub {},
+ query_users => sub {
+ return $sync_response->{user};
+ },
+ query_groups => sub {
+ return $sync_response->{groups};
+ },
+);
+
+my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP');
+$pve_auth_ldap->mock(
+ connect_and_bind => sub { return {}; },
+);
+
+my $tests = [
+ [
+ "non-full without purge",
+ {
+ realm => 'syncedrealm',
+ full => 0,
+ purge => 0,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group2-syncedrealm' => { users => {}, },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "full without purge",
+ {
+ realm => 'syncedrealm',
+ full => 1,
+ purge => 0,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group3-syncedrealm' => { users => {}, }
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "non-full with purge",
+ {
+ realm => 'syncedrealm',
+ full => 0,
+ purge => 1,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group2-syncedrealm' => { users => {}, },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "full with purge",
+ {
+ realm => 'syncedrealm',
+ full => 1,
+ purge => 1,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {},
+ groups => {},
+ },
+ },
+ },
+ ],
+];
+
+for my $test (@$tests) {
+ my $name = $test->[0];
+ my $parameters = $test->[1];
+ my $expected = $test->[2];
+ $returned_user_cfg = {};
+ PVE::API2::Domains->sync($parameters);
+ is_deeply($returned_user_cfg, $expected, $name);
+}
+
+done_testing();
--
2.30.2