From a114081d84e1e79d58c252aed8b578621990a0a4 Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Mon, 6 May 2024 19:20:57 -0400 Subject: [PATCH] mgr/smb: add handler unit tests for login_control in share generation Signed-off-by: John Mulligan --- src/pybind/mgr/smb/tests/test_handler.py | 158 +++++++++++++++++++++++ 1 file changed, 158 insertions(+) diff --git a/src/pybind/mgr/smb/tests/test_handler.py b/src/pybind/mgr/smb/tests/test_handler.py index b08339f57ad..2eab2a1cd91 100644 --- a/src/pybind/mgr/smb/tests/test_handler.py +++ b/src/pybind/mgr/smb/tests/test_handler.py @@ -372,6 +372,164 @@ def test_generate_config_ad(thandler): assert cfg['globals']['foo']['options']['realm'] == 'dom1.example.com' +def test_generate_config_with_login_control(thandler): + thandler.internal_store.overwrite( + { + 'clusters.foo': { + 'resource_type': 'ceph.smb.cluster', + 'cluster_id': 'foo', + 'auth_mode': 'active-directory', + 'intent': 'present', + 'domain_settings': { + 'realm': 'dom1.example.com', + 'join_sources': [ + { + 'source_type': 'resource', + 'ref': 'foo1', + } + ], + }, + }, + 'join_auths.foo1': { + 'resource_type': 'ceph.smb.join.auth', + 'auth_id': 'foo1', + 'intent': 'present', + 'auth': { + 'username': 'testadmin', + 'password': 'Passw0rd', + }, + }, + 'shares.foo.s1': { + 'resource_type': 'ceph.smb.share', + 'cluster_id': 'foo', + 'share_id': 's1', + 'intent': 'present', + 'name': 'Ess One', + 'readonly': False, + 'browseable': True, + 'cephfs': { + 'volume': 'cephfs', + 'path': '/', + 'provider': 'samba-vfs', + }, + 'login_control': [ + { + 'name': 'dom1\\alan', + 'category': 'user', + 'access': 'read', + }, + { + 'name': 'dom1\\betsy', + 'category': 'user', + 'access': 'read-write', + }, + { + 'name': 'dom1\\chuck', + 'category': 'user', + 'access': 'admin', + }, + { + 'name': 'dom1\\ducky', + 'category': 'user', + 'access': 'none', + }, + { + 'name': 'dom1\\eggbert', + 'category': 'user', + 'access': 'read', + }, + { + 'name': 'dom1\\guards', + 'category': 'group', + 'access': 'read-write', + }, + ], + }, + } + ) + + cfg = thandler.generate_config('foo') + assert cfg + assert cfg['shares']['Ess One']['options'] + shopts = cfg['shares']['Ess One']['options'] + assert shopts['invalid users'] == 'dom1\\ducky' + assert shopts['read list'] == 'dom1\\alan dom1\\eggbert' + assert shopts['write list'] == 'dom1\\betsy @dom1\\guards' + assert shopts['admin users'] == 'dom1\\chuck' + + +def test_generate_config_with_login_control_restricted(thandler): + thandler.internal_store.overwrite( + { + 'clusters.foo': { + 'resource_type': 'ceph.smb.cluster', + 'cluster_id': 'foo', + 'auth_mode': 'active-directory', + 'intent': 'present', + 'domain_settings': { + 'realm': 'dom1.example.com', + 'join_sources': [ + { + 'source_type': 'resource', + 'ref': 'foo1', + } + ], + }, + }, + 'join_auths.foo1': { + 'resource_type': 'ceph.smb.join.auth', + 'auth_id': 'foo1', + 'intent': 'present', + 'auth': { + 'username': 'testadmin', + 'password': 'Passw0rd', + }, + }, + 'shares.foo.s1': { + 'resource_type': 'ceph.smb.share', + 'cluster_id': 'foo', + 'share_id': 's1', + 'intent': 'present', + 'name': 'Ess One', + 'readonly': False, + 'browseable': True, + 'cephfs': { + 'volume': 'cephfs', + 'path': '/', + 'provider': 'samba-vfs', + }, + 'restrict_access': True, + 'login_control': [ + { + 'name': 'dom1\\alan', + 'category': 'user', + 'access': 'read', + }, + { + 'name': 'dom1\\betsy', + 'category': 'user', + 'access': 'read-write', + }, + { + 'name': 'dom1\\chuck', + 'category': 'user', + 'access': 'none', + }, + ], + }, + } + ) + + cfg = thandler.generate_config('foo') + assert cfg + assert cfg['shares']['Ess One']['options'] + shopts = cfg['shares']['Ess One']['options'] + assert shopts['invalid users'] == 'dom1\\chuck' + assert shopts['valid users'] == 'dom1\\alan dom1\\betsy' + assert shopts['read list'] == 'dom1\\alan' + assert shopts['write list'] == 'dom1\\betsy' + + def test_error_result(): share = smb.resources.Share( cluster_id='foo', -- 2.39.5