From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH access-control v4 1/4] add regression tests for realm-sync
Date: Mon, 28 Mar 2022 14:38:02 +0200 [thread overview]
Message-ID: <20220328123807.233098-2-d.csapak@proxmox.com> (raw)
In-Reply-To: <20220328123807.233098-1-d.csapak@proxmox.com>
to fully test the 'end-to-end' sync api call, we have to mock quite
some methods for cluster/rpcenvironment/ldap
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
src/test/Makefile | 1 +
src/test/realm_sync_test.pl | 338 ++++++++++++++++++++++++++++++++++++
2 files changed, 339 insertions(+)
create mode 100755 src/test/realm_sync_test.pl
diff --git a/src/test/Makefile b/src/test/Makefile
index adaacb9..859a84b 100644
--- a/src/test/Makefile
+++ b/src/test/Makefile
@@ -12,3 +12,4 @@ check:
perl -I.. perm-test6.pl
perl -I.. perm-test7.pl
perl -I.. perm-test8.pl
+ perl -I.. realm_sync_test.pl
diff --git a/src/test/realm_sync_test.pl b/src/test/realm_sync_test.pl
new file mode 100755
index 0000000..2a4a132
--- /dev/null
+++ b/src/test/realm_sync_test.pl
@@ -0,0 +1,338 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use Test::MockModule;
+use Test::More;
+use Storable qw(dclone);
+
+use PVE::AccessControl;
+use PVE::API2::Domains;
+
+my $domainscfg = {
+ ids => {
+ "pam" => { type => 'pam' },
+ "pve" => { type => 'pve' },
+ "syncedrealm" => { type => 'ldap' }
+ },
+};
+
+my $initialusercfg = {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => { users => {}, },
+ 'group2-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+};
+
+my $sync_response = {
+ user => [
+ {
+ attributes => { 'uid' => ['user1'], },
+ dn => 'uid=user1,dc=syncedrealm',
+ },
+ {
+ attributes => { 'uid' => ['user2'], },
+ dn => 'uid=user2,dc=syncedrealm',
+ },
+ {
+ attributes => { 'uid' => ['user4'], },
+ dn => 'uid=user4,dc=syncedrealm',
+ },
+ ],
+ groups => [
+ {
+ dn => 'dc=group1,dc=syncedrealm',
+ members => [
+ 'uid=user1,dc=syncedrealm',
+ ],
+ },
+ {
+ dn => 'dc=group3,dc=syncedrealm',
+ members => [
+ 'uid=nonexisting,dc=syncedrealm',
+ ],
+ }
+ ],
+};
+
+my $returned_user_cfg = {};
+
+# mocking all cluster and ldap operations
+my $pve_cluster_module = Test::MockModule->new('PVE::Cluster');
+$pve_cluster_module->mock(
+ cfs_update => sub {},
+ cfs_read_file => sub {
+ my ($filename) = @_;
+ if ($filename eq 'domains.cfg') { return dclone($domainscfg); }
+ if ($filename eq 'user.cfg') { return dclone($initialusercfg); }
+ die "unexpected cfs_read_file";
+ },
+ cfs_write_file => sub {
+ my ($filename, $data) = @_;
+ if ($filename eq 'user.cfg') {
+ $returned_user_cfg = $data;
+ return;
+ }
+ die "unexpected cfs_read_file";
+ },
+ cfs_lock_file => sub {
+ my ($filename, $timeout, $code) = @_;
+ return $code->();
+ },
+);
+
+my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains');
+$pve_api_domains->mock(
+ cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); },
+ cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); },
+);
+
+my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl');
+$pve_accesscontrol->mock(
+ cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); },
+);
+
+my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment');
+$pve_rpcenvironment->mock(
+ get => sub { return bless {}, 'PVE::RPCEnvironment'; },
+ get_user => sub { return 'root@pam'; },
+ fork_worker => sub {
+ my ($class, $workertype, $id, $user, $code) = @_;
+
+ return $code->();
+ },
+);
+
+my $pve_ldap_module = Test::MockModule->new('PVE::LDAP');
+$pve_ldap_module->mock(
+ ldap_connect => sub { return {}; },
+ ldap_bind => sub {},
+ query_users => sub {
+ return $sync_response->{user};
+ },
+ query_groups => sub {
+ return $sync_response->{groups};
+ },
+);
+
+my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP');
+$pve_auth_ldap->mock(
+ connect_and_bind => sub { return {}; },
+);
+
+my $tests = [
+ [
+ "non-full without purge",
+ {
+ realm => 'syncedrealm',
+ full => 0,
+ purge => 0,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group2-syncedrealm' => { users => {}, },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "full without purge",
+ {
+ realm => 'syncedrealm',
+ full => 1,
+ purge => 0,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group3-syncedrealm' => { users => {}, }
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "non-full with purge",
+ {
+ realm => 'syncedrealm',
+ full => 0,
+ purge => 1,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ 'keys' => 'some',
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user3@syncedrealm' => {
+ username => 'user3',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group2-syncedrealm' => { users => {}, },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {
+ 'user3@syncedrealm' => {},
+ },
+ groups => {},
+ },
+ },
+ },
+ ],
+ [
+ "full with purge",
+ {
+ realm => 'syncedrealm',
+ full => 1,
+ purge => 1,
+ scope => 'both',
+ },
+ {
+ users => {
+ 'root@pam' => { username => 'root', },
+ 'user1@syncedrealm' => {
+ username => 'user1',
+ enable => 1,
+ },
+ 'user2@syncedrealm' => {
+ username => 'user2',
+ enable => 1,
+ },
+ 'user4@syncedrealm' => {
+ username => 'user4',
+ enable => 1,
+ },
+ },
+ groups => {
+ 'group1-syncedrealm' => {
+ users => {
+ 'user1@syncedrealm' => 1,
+ },
+ },
+ 'group3-syncedrealm' => { users => {}, },
+ },
+ acl => {
+ '/' => {
+ users => {},
+ groups => {},
+ },
+ },
+ },
+ ],
+];
+
+for my $test (@$tests) {
+ my $name = $test->[0];
+ my $parameters = $test->[1];
+ my $expected = $test->[2];
+ $returned_user_cfg = {};
+ PVE::API2::Domains->sync($parameters);
+ is_deeply($returned_user_cfg, $expected, $name);
+}
+
+done_testing();
--
2.30.2
next prev parent reply other threads:[~2022-03-28 12:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 12:38 [pve-devel] [PATCH access-control/manager/docs v4] fix #3668: improving realm sync Dominik Csapak
2022-03-28 12:38 ` Dominik Csapak [this message]
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 2/4] fix #3668: realm-sync: replace 'full' and 'purge' options with 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 3/4] convert regression tests to new 'remove-vanished' parameter Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH access-control v4 4/4] add realm-sync regression test for new 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH manager v4 1/1] ui: realm sync: replace 'full' and 'purge' with 'remove-vanished' Dominik Csapak
2022-03-28 12:38 ` [pve-devel] [PATCH docs v4 1/1] update documentation about sync-options Dominik Csapak
2022-04-26 12:27 ` [pve-devel] applied-series: [PATCH access-control/manager/docs v4] fix #3668: improving realm sync Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328123807.233098-2-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox