From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id BB5D86DF20 for ; Mon, 28 Mar 2022 14:38:15 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B9247259E8 for ; Mon, 28 Mar 2022 14:38:15 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 9EBB6259D3 for ; Mon, 28 Mar 2022 14:38:13 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7382141C32 for ; Mon, 28 Mar 2022 14:38:13 +0200 (CEST) From: Dominik Csapak To: pve-devel@lists.proxmox.com Date: Mon, 28 Mar 2022 14:38:02 +0200 Message-Id: <20220328123807.233098-2-d.csapak@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220328123807.233098-1-d.csapak@proxmox.com> References: <20220328123807.233098-1-d.csapak@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.147 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH access-control v4 1/4] add regression tests for realm-sync X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2022 12:38:15 -0000 to fully test the 'end-to-end' sync api call, we have to mock quite some methods for cluster/rpcenvironment/ldap Signed-off-by: Dominik Csapak --- src/test/Makefile | 1 + src/test/realm_sync_test.pl | 338 ++++++++++++++++++++++++++++++++++++ 2 files changed, 339 insertions(+) create mode 100755 src/test/realm_sync_test.pl diff --git a/src/test/Makefile b/src/test/Makefile index adaacb9..859a84b 100644 --- a/src/test/Makefile +++ b/src/test/Makefile @@ -12,3 +12,4 @@ check: perl -I.. perm-test6.pl perl -I.. perm-test7.pl perl -I.. perm-test8.pl + perl -I.. realm_sync_test.pl diff --git a/src/test/realm_sync_test.pl b/src/test/realm_sync_test.pl new file mode 100755 index 0000000..2a4a132 --- /dev/null +++ b/src/test/realm_sync_test.pl @@ -0,0 +1,338 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use Test::MockModule; +use Test::More; +use Storable qw(dclone); + +use PVE::AccessControl; +use PVE::API2::Domains; + +my $domainscfg = { + ids => { + "pam" => { type => 'pam' }, + "pve" => { type => 'pve' }, + "syncedrealm" => { type => 'ldap' } + }, +}; + +my $initialusercfg = { + users => { + 'root@pam' => { username => 'root', }, + 'user1@syncedrealm' => { + username => 'user1', + enable => 1, + 'keys' => 'some', + }, + 'user2@syncedrealm' => { + username => 'user2', + enable => 1, + }, + 'user3@syncedrealm' => { + username => 'user3', + enable => 1, + }, + }, + groups => { + 'group1-syncedrealm' => { users => {}, }, + 'group2-syncedrealm' => { users => {}, }, + }, + acl => { + '/' => { + users => { + 'user3@syncedrealm' => {}, + }, + groups => {}, + }, + }, +}; + +my $sync_response = { + user => [ + { + attributes => { 'uid' => ['user1'], }, + dn => 'uid=user1,dc=syncedrealm', + }, + { + attributes => { 'uid' => ['user2'], }, + dn => 'uid=user2,dc=syncedrealm', + }, + { + attributes => { 'uid' => ['user4'], }, + dn => 'uid=user4,dc=syncedrealm', + }, + ], + groups => [ + { + dn => 'dc=group1,dc=syncedrealm', + members => [ + 'uid=user1,dc=syncedrealm', + ], + }, + { + dn => 'dc=group3,dc=syncedrealm', + members => [ + 'uid=nonexisting,dc=syncedrealm', + ], + } + ], +}; + +my $returned_user_cfg = {}; + +# mocking all cluster and ldap operations +my $pve_cluster_module = Test::MockModule->new('PVE::Cluster'); +$pve_cluster_module->mock( + cfs_update => sub {}, + cfs_read_file => sub { + my ($filename) = @_; + if ($filename eq 'domains.cfg') { return dclone($domainscfg); } + if ($filename eq 'user.cfg') { return dclone($initialusercfg); } + die "unexpected cfs_read_file"; + }, + cfs_write_file => sub { + my ($filename, $data) = @_; + if ($filename eq 'user.cfg') { + $returned_user_cfg = $data; + return; + } + die "unexpected cfs_read_file"; + }, + cfs_lock_file => sub { + my ($filename, $timeout, $code) = @_; + return $code->(); + }, +); + +my $pve_api_domains = Test::MockModule->new('PVE::API2::Domains'); +$pve_api_domains->mock( + cfs_read_file => sub { PVE::Cluster::cfs_read_file(@_); }, + cfs_write_file => sub { PVE::Cluster::cfs_write_file(@_); }, +); + +my $pve_accesscontrol = Test::MockModule->new('PVE::AccessControl'); +$pve_accesscontrol->mock( + cfs_lock_file => sub { PVE::Cluster::cfs_lock_file(@_); }, +); + +my $pve_rpcenvironment = Test::MockModule->new('PVE::RPCEnvironment'); +$pve_rpcenvironment->mock( + get => sub { return bless {}, 'PVE::RPCEnvironment'; }, + get_user => sub { return 'root@pam'; }, + fork_worker => sub { + my ($class, $workertype, $id, $user, $code) = @_; + + return $code->(); + }, +); + +my $pve_ldap_module = Test::MockModule->new('PVE::LDAP'); +$pve_ldap_module->mock( + ldap_connect => sub { return {}; }, + ldap_bind => sub {}, + query_users => sub { + return $sync_response->{user}; + }, + query_groups => sub { + return $sync_response->{groups}; + }, +); + +my $pve_auth_ldap = Test::MockModule->new('PVE::Auth::LDAP'); +$pve_auth_ldap->mock( + connect_and_bind => sub { return {}; }, +); + +my $tests = [ + [ + "non-full without purge", + { + realm => 'syncedrealm', + full => 0, + purge => 0, + scope => 'both', + }, + { + users => { + 'root@pam' => { username => 'root', }, + 'user1@syncedrealm' => { + username => 'user1', + enable => 1, + 'keys' => 'some', + }, + 'user2@syncedrealm' => { + username => 'user2', + enable => 1, + }, + 'user3@syncedrealm' => { + username => 'user3', + enable => 1, + }, + 'user4@syncedrealm' => { + username => 'user4', + enable => 1, + }, + }, + groups => { + 'group1-syncedrealm' => { + users => { + 'user1@syncedrealm' => 1, + }, + }, + 'group2-syncedrealm' => { users => {}, }, + 'group3-syncedrealm' => { users => {}, }, + }, + acl => { + '/' => { + users => { + 'user3@syncedrealm' => {}, + }, + groups => {}, + }, + }, + }, + ], + [ + "full without purge", + { + realm => 'syncedrealm', + full => 1, + purge => 0, + scope => 'both', + }, + { + users => { + 'root@pam' => { username => 'root', }, + 'user1@syncedrealm' => { + username => 'user1', + enable => 1, + }, + 'user2@syncedrealm' => { + username => 'user2', + enable => 1, + }, + 'user4@syncedrealm' => { + username => 'user4', + enable => 1, + }, + }, + groups => { + 'group1-syncedrealm' => { + users => { + 'user1@syncedrealm' => 1, + }, + }, + 'group3-syncedrealm' => { users => {}, } + }, + acl => { + '/' => { + users => { + 'user3@syncedrealm' => {}, + }, + groups => {}, + }, + }, + }, + ], + [ + "non-full with purge", + { + realm => 'syncedrealm', + full => 0, + purge => 1, + scope => 'both', + }, + { + users => { + 'root@pam' => { username => 'root', }, + 'user1@syncedrealm' => { + username => 'user1', + enable => 1, + 'keys' => 'some', + }, + 'user2@syncedrealm' => { + username => 'user2', + enable => 1, + }, + 'user3@syncedrealm' => { + username => 'user3', + enable => 1, + }, + 'user4@syncedrealm' => { + username => 'user4', + enable => 1, + }, + }, + groups => { + 'group1-syncedrealm' => { + users => { + 'user1@syncedrealm' => 1, + }, + }, + 'group2-syncedrealm' => { users => {}, }, + 'group3-syncedrealm' => { users => {}, }, + }, + acl => { + '/' => { + users => { + 'user3@syncedrealm' => {}, + }, + groups => {}, + }, + }, + }, + ], + [ + "full with purge", + { + realm => 'syncedrealm', + full => 1, + purge => 1, + scope => 'both', + }, + { + users => { + 'root@pam' => { username => 'root', }, + 'user1@syncedrealm' => { + username => 'user1', + enable => 1, + }, + 'user2@syncedrealm' => { + username => 'user2', + enable => 1, + }, + 'user4@syncedrealm' => { + username => 'user4', + enable => 1, + }, + }, + groups => { + 'group1-syncedrealm' => { + users => { + 'user1@syncedrealm' => 1, + }, + }, + 'group3-syncedrealm' => { users => {}, }, + }, + acl => { + '/' => { + users => {}, + groups => {}, + }, + }, + }, + ], +]; + +for my $test (@$tests) { + my $name = $test->[0]; + my $parameters = $test->[1]; + my $expected = $test->[2]; + $returned_user_cfg = {}; + PVE::API2::Domains->sync($parameters); + is_deeply($returned_user_cfg, $expected, $name); +} + +done_testing(); -- 2.30.2