Page Menu
Home
ClusterLabs Projects
Search
Configure Global Search
Log In
Files
F4832434
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Flag For Later
Award Token
Size
116 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/tools/cib_shadow.c b/tools/cib_shadow.c
index 6aa2b3a9ca..04d8e3e4e3 100644
--- a/tools/cib_shadow.c
+++ b/tools/cib_shadow.c
@@ -1,630 +1,630 @@
/*
* Copyright (C) 2004 Andrew Beekhof <andrew@beekhof.net>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include <crm_internal.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/param.h>
#include <crm/crm.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <stdlib.h>
#include <errno.h>
#include <fcntl.h>
#include <crm/msg_xml.h>
#include <crm/common/xml.h>
#include <crm/common/ipc.h>
#include <crm/cib.h>
int exit_code = pcmk_ok;
GMainLoop *mainloop = NULL;
const char *host = NULL;
void usage(const char *cmd, int exit_status);
int command_options = cib_sync_call;
const char *cib_action = NULL;
cib_t *real_cib = NULL;
int dump_data_element(int depth, char **buffer, int *max, int *offset, const char *prefix,
xmlNode * data, gboolean formatted);
void print_xml_diff(FILE * where, xmlNode * diff);
static int force_flag = 0;
static int batch_flag = 0;
static int
print_spaces(char *buffer, int depth, int max)
{
int lpc = 0;
int spaces = 2 * depth;
max--;
/* <= so that we always print 1 space - prevents problems with syslog */
for (lpc = 0; lpc <= spaces && lpc < max; lpc++) {
if (sprintf(buffer + lpc, "%c", ' ') < 1) {
return -1;
}
}
return lpc;
}
static char *
get_shadow_prompt(const char *name)
{
return g_strdup_printf("shadow[%.40s] # ", name);
}
static void
shadow_setup(char *name, gboolean do_switch)
{
const char *prompt = getenv("PS1");
const char *shell = getenv("SHELL");
char *new_prompt = get_shadow_prompt(name);
printf("Setting up shadow instance\n");
if (safe_str_eq(new_prompt, prompt)) {
/* nothing to do */
goto done;
} else if (batch_flag == FALSE && shell != NULL) {
setenv("PS1", new_prompt, 1);
setenv("CIB_shadow", name, 1);
printf("Type Ctrl-D to exit the crm_shadow shell\n");
if (strstr(shell, "bash")) {
execl(shell, shell, "--norc", "--noprofile", NULL);
} else {
execl(shell, shell, "--noprofile", NULL);
}
} else if (do_switch) {
printf("To switch to the named shadow instance, paste the following into your shell:\n");
} else {
printf
("A new shadow instance was created. To begin using it paste the following into your shell:\n");
}
printf(" CIB_shadow=%s ; export CIB_shadow\n", name);
done:
free(new_prompt);
}
static void
shadow_teardown(char *name)
{
const char *prompt = getenv("PS1");
char *our_prompt = get_shadow_prompt(name);
if (prompt != NULL && strstr(prompt, our_prompt)) {
printf("Now type Ctrl-D to exit the crm_shadow shell\n");
} else {
printf
("Please remember to unset the CIB_shadow variable by pasting the following into your shell:\n");
printf(" unset CIB_shadow\n");
}
free(our_prompt);
}
/* *INDENT-OFF* */
static struct crm_option long_options[] = {
/* Top-level Options */
{"help", 0, 0, '?', "\t\tThis text"},
{"version", 0, 0, '$', "\t\tVersion information" },
{"verbose", 0, 0, 'V', "\t\tIncrease debug output"},
{"-spacer-", 1, 0, '-', "\nQueries:"},
{"which", no_argument, NULL, 'w', "\t\tIndicate the active shadow copy"},
{"display", no_argument, NULL, 'p', "\t\tDisplay the contents of the active shadow copy"},
{"edit", no_argument, NULL, 'E', "\t\tEdit the contents of the active shadow copy with your favorite $EDITOR"},
{"diff", no_argument, NULL, 'd', "\t\tDisplay the changes in the active shadow copy\n"},
{"file", no_argument, NULL, 'F', "\t\tDisplay the location of the active shadow copy file\n"},
{"-spacer-", 1, 0, '-', "\nCommands:"},
{"create", required_argument, NULL, 'c', "\tCreate the named shadow copy of the active cluster configuration"},
{"create-empty", required_argument, NULL, 'e', "Create the named shadow copy with an empty cluster configuration. Optional: --validate-with"},
{"commit", required_argument, NULL, 'C', "\tUpload the contents of the named shadow copy to the cluster"},
{"delete", required_argument, NULL, 'D', "\tDelete the contents of the named shadow copy"},
{"reset", required_argument, NULL, 'r', "\tRecreate the named shadow copy from the active cluster configuration"},
{"switch", required_argument, NULL, 's', "\t(Advanced) Switch to the named shadow copy"},
{"-spacer-", 1, 0, '-', "\nAdditional Options:"},
{"force", no_argument, NULL, 'f', "\t\t(Advanced) Force the action to be performed"},
{"batch", no_argument, NULL, 'b', "\t\t(Advanced) Don't spawn a new shell" },
{"all", no_argument, NULL, 'a', "\t\t(Advanced) Upload the entire CIB, including status, with --commit" },
{"validate-with", required_argument, NULL, 'v', "(Advanced) Create an older configuration version" },
{"-spacer-", 1, 0, '-', "\nExamples:", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', "Create a blank shadow configuration:", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', " crm_shadow --create-empty myShadow", pcmk_option_example},
{"-spacer-", 1, 0, '-', "Create a shadow configuration from the running cluster:", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', " crm_shadow --create myShadow", pcmk_option_example},
{"-spacer-", 1, 0, '-', "Display the current shadow configuration:", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', " crm_shadow --display", pcmk_option_example},
{"-spacer-", 1, 0, '-', "Discard the current shadow configuration (named myShadow):", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', " crm_shadow --delete myShadow", pcmk_option_example},
{"-spacer-", 1, 0, '-', "Upload the current shadow configuration (named myShadow) to the running cluster:", pcmk_option_paragraph},
{"-spacer-", 1, 0, '-', " crm_shadow --commit myShadow", pcmk_option_example},
{0, 0, 0, 0}
};
/* *INDENT-ON* */
int
main(int argc, char **argv)
{
int rc = 0;
int flag;
int argerr = 0;
static int command = '?';
const char *validation = NULL;
char *shadow = NULL;
char *shadow_file = NULL;
gboolean full_upload = FALSE;
gboolean dangerous_cmd = FALSE;
struct stat buf;
int option_index = 0;
crm_log_cli_init("crm_shadow");
crm_set_options(NULL, "(query|command) [modifiers]", long_options,
"Perform configuration changes in a sandbox before updating the live cluster."
"\n\nSets up an environment in which configuration tools (cibadmin, crm_resource, etc) work"
" offline instead of against a live cluster, allowing changes to be previewed and tested"
" for side-effects.\n");
if (argc < 2) {
crm_help('?', EX_USAGE);
}
while (1) {
flag = crm_get_option(argc, argv, &option_index);
if (flag == -1 || flag == 0)
break;
switch (flag) {
case 'a':
full_upload = TRUE;
break;
case 'd':
case 'E':
case 'p':
case 'w':
case 'F':
command = flag;
free(shadow);
shadow = NULL;
{
const char *env = getenv("CIB_shadow");
if(env) {
shadow = strdup(env);
} else {
fprintf(stderr, "No active shadow configuration defined\n");
crm_exit(ENOENT);
}
}
break;
case 'v':
validation = optarg;
break;
case 'e':
case 'c':
case 's':
case 'r':
command = flag;
free(shadow);
shadow = strdup(optarg);
break;
case 'C':
case 'D':
command = flag;
dangerous_cmd = TRUE;
free(shadow);
shadow = strdup(optarg);
break;
case 'V':
command_options = command_options | cib_verbose;
crm_bump_log_level(argc, argv);
break;
case '$':
case '?':
crm_help(flag, EX_OK);
break;
case 'f':
command_options |= cib_quorum_override;
force_flag = 1;
break;
case 'b':
batch_flag = 1;
break;
default:
printf("Argument code 0%o (%c)" " is not (?yet?) supported\n", flag, flag);
++argerr;
break;
}
}
if (optind < argc) {
printf("non-option ARGV-elements: ");
while (optind < argc)
printf("%s ", argv[optind++]);
printf("\n");
crm_help('?', EX_USAGE);
}
if (optind > argc) {
++argerr;
}
if (argerr) {
crm_help('?', EX_USAGE);
}
if (command == 'w') {
/* which shadow instance is active? */
const char *local = getenv("CIB_shadow");
if (local == NULL) {
fprintf(stderr, "No shadow instance provided\n");
rc = -ENXIO;
goto done;
}
fprintf(stdout, "%s\n", local);
rc = 0;
goto done;
}
if (shadow == NULL) {
fprintf(stderr, "No shadow instance provided\n");
fflush(stderr);
rc = -EINVAL;
goto done;
} else if (command != 's' && command != 'c') {
const char *local = getenv("CIB_shadow");
if (local != NULL && safe_str_neq(local, shadow) && force_flag == FALSE) {
fprintf(stderr,
"The supplied shadow instance (%s) is not the same as the active one (%s).\n"
" To prevent accidental destruction of the cluster,"
" the --force flag is required in order to proceed.\n", shadow, local);
fflush(stderr);
rc = EX_USAGE;
goto done;
}
}
if (dangerous_cmd && force_flag == FALSE) {
fprintf(stderr, "The supplied command is considered dangerous."
" To prevent accidental destruction of the cluster,"
" the --force flag is required in order to proceed.\n");
fflush(stderr);
rc = EX_USAGE;
goto done;
}
shadow_file = get_shadow_file(shadow);
if (command == 'D') {
/* delete the file */
rc = stat(shadow_file, &buf);
if (rc == 0) {
rc = unlink(shadow_file);
if (rc != 0) {
fprintf(stderr, "Could not remove shadow instance '%s': %s\n", shadow,
strerror(errno));
goto done;
}
}
shadow_teardown(shadow);
goto done;
} else if (command == 'F') {
printf("%s\n", shadow_file);
rc = 0;
goto done;
}
if (command == 'd' || command == 'r' || command == 'c' || command == 'C') {
real_cib = cib_new_no_shadow();
rc = real_cib->cmds->signon(real_cib, crm_system_name, cib_command);
if (rc != pcmk_ok) {
fprintf(stderr, "Signon to CIB failed: %s\n", pcmk_strerror(rc));
goto done;
}
}
rc = stat(shadow_file, &buf);
if (command == 'e' || command == 'c') {
if (rc == 0 && force_flag == FALSE) {
fprintf(stderr, "A shadow instance '%s' already exists.\n"
" To prevent accidental destruction of the cluster,"
" the --force flag is required in order to proceed.\n", shadow);
rc = -ENOTUNIQ;
goto done;
}
} else if (rc != 0) {
fprintf(stderr, "Could not access shadow instance '%s': %s\n", shadow, strerror(errno));
rc = -ENXIO;
goto done;
}
rc = pcmk_ok;
if (command == 'c' || command == 'e' || command == 'r') {
xmlNode *output = NULL;
/* create a shadow instance based on the current cluster config */
if (command == 'c' || command == 'r') {
rc = real_cib->cmds->query(real_cib, NULL, &output, command_options);
if (rc != pcmk_ok) {
fprintf(stderr, "Could not connect to the CIB: %s\n", pcmk_strerror(rc));
goto done;
}
} else {
- output = createEmptyCib(1);
+ output = createEmptyCib(0);
if(validation) {
crm_xml_add(output, XML_ATTR_VALIDATION, validation);
}
printf("Created new %s configuration\n",
crm_element_value(output, XML_ATTR_VALIDATION));
}
rc = write_xml_file(output, shadow_file, FALSE);
free_xml(output);
if (rc < 0) {
fprintf(stderr, "Could not %s the shadow instance '%s': %s\n",
command == 'r' ? "reset" : "create",
shadow, strerror(errno));
goto done;
}
shadow_setup(shadow, FALSE);
rc = pcmk_ok;
} else if (command == 'E') {
const char *err = NULL;
char *editor = getenv("EDITOR");
if (editor == NULL) {
fprintf(stderr, "No value for $EDITOR defined\n");
rc = -EINVAL;
goto done;
}
execlp(editor, "--", shadow_file, NULL);
err = strerror(errno);
fprintf(stderr, "Could not invoke $EDITOR (%s %s): %s\n", editor, shadow_file, err);
rc = -EINVAL;
goto done;
} else if (command == 's') {
shadow_setup(shadow, TRUE);
rc = 0;
goto done;
} else if (command == 'P') {
/* display the current contents */
char *output_s = NULL;
xmlNode *output = filename2xml(shadow_file);
output_s = dump_xml_formatted(output);
printf("%s", output_s);
free(output_s);
free_xml(output);
} else if (command == 'd') {
/* diff against cluster */
xmlNode *diff = NULL;
xmlNode *old_config = NULL;
xmlNode *new_config = filename2xml(shadow_file);
rc = real_cib->cmds->query(real_cib, NULL, &old_config, command_options);
if (rc != pcmk_ok) {
fprintf(stderr, "Could not query the CIB: %s\n", pcmk_strerror(rc));
goto done;
}
diff = diff_xml_object(old_config, new_config, FALSE);
if (diff != NULL) {
print_xml_diff(stdout, diff);
rc = 1;
goto done;
}
rc = 0;
goto done;
} else if (command == 'C') {
/* commit to the cluster */
xmlNode *input = filename2xml(shadow_file);
if (full_upload) {
rc = real_cib->cmds->replace(real_cib, NULL, input, command_options);
} else {
xmlNode *config = first_named_child(input, XML_CIB_TAG_CONFIGURATION);
rc = real_cib->cmds->replace(real_cib, XML_CIB_TAG_CONFIGURATION, config,
command_options);
}
if (rc != pcmk_ok) {
fprintf(stderr, "Could not commit shadow instance '%s' to the CIB: %s\n",
shadow, pcmk_strerror(rc));
return rc;
}
shadow_teardown(shadow);
free_xml(input);
}
done:
free(shadow_file);
free(shadow);
return crm_exit(rc);
}
#define bhead(buffer, offset) ((*buffer) + (*offset))
#define bremain(max, offset) ((*max) - (*offset))
#define update_buffer_head(len) do { \
int total = (*offset) + len + 1; \
if(total >= (*max)) { /* too late */ \
(*buffer) = EOS; return -1; \
} else if(((*max) - total) < 256) { \
(*max) *= 10; \
*buffer = realloc(*buffer, (*max)); \
} \
(*offset) += len; \
} while(0)
int
dump_data_element(int depth, char **buffer, int *max, int *offset, const char *prefix,
xmlNode * data, gboolean formatted)
{
int printed = 0;
int has_children = 0;
xmlNode *child = NULL;
const char *name = NULL;
CRM_CHECK(data != NULL, return 0);
name = crm_element_name(data);
CRM_CHECK(name != NULL, return 0);
CRM_CHECK(buffer != NULL && *buffer != NULL, return 0);
crm_trace("Dumping %s...", name);
if (prefix) {
printed = snprintf(bhead(buffer, offset), bremain(max, offset), "%s", prefix);
update_buffer_head(printed);
}
if (formatted) {
printed = print_spaces(bhead(buffer, offset), depth, bremain(max, offset));
update_buffer_head(printed);
}
printed = snprintf(bhead(buffer, offset), bremain(max, offset), "<%s", name);
update_buffer_head(printed);
if (data) {
xmlAttrPtr xIter = NULL;
for (xIter = data->properties; xIter; xIter = xIter->next) {
const char *prop_name = (const char *)xIter->name;
const char *prop_value = crm_element_value(data, prop_name);
crm_trace("Dumping <%s %s=\"%s\"...", name, prop_name, prop_value);
printed =
snprintf(bhead(buffer, offset), bremain(max, offset), " %s=\"%s\"", prop_name,
prop_value);
update_buffer_head(printed);
}
}
has_children = xml_has_children(data);
printed = snprintf(bhead(buffer, offset), bremain(max, offset), "%s>%s",
has_children == 0 ? "/" : "", formatted ? "\n" : "");
update_buffer_head(printed);
if (has_children == 0) {
return 0;
}
for (child = __xml_first_child(data); child != NULL; child = __xml_next(child)) {
if (dump_data_element(depth + 1, buffer, max, offset, prefix, child, formatted) < 0) {
return -1;
}
}
if (prefix) {
printed = snprintf(bhead(buffer, offset), bremain(max, offset), "%s", prefix);
update_buffer_head(printed);
}
if (formatted) {
printed = print_spaces(bhead(buffer, offset), depth, bremain(max, offset));
update_buffer_head(printed);
}
printed =
snprintf(bhead(buffer, offset), bremain(max, offset), "</%s>%s", name,
formatted ? "\n" : "");
update_buffer_head(printed);
crm_trace("Dumped %s...", name);
return has_children;
}
void
print_xml_diff(FILE * where, xmlNode * diff)
{
char *buffer = NULL;
xmlNode *child = NULL;
int max = 1024, len = 0;
gboolean is_first = TRUE;
xmlNode *added = find_xml_node(diff, "diff-added", FALSE);
xmlNode *removed = find_xml_node(diff, "diff-removed", FALSE);
is_first = TRUE;
for (child = __xml_first_child(removed); child != NULL; child = __xml_next(child)) {
len = 0;
max = 1024;
free(buffer);
buffer = calloc(1, max);
if (is_first) {
is_first = FALSE;
} else {
fprintf(where, " --- \n");
}
CRM_CHECK(dump_data_element(0, &buffer, &max, &len, "-", child, TRUE) >= 0, continue);
fprintf(where, "%s", buffer);
}
is_first = TRUE;
for (child = __xml_first_child(added); child != NULL; child = __xml_next(child)) {
len = 0;
max = 1024;
free(buffer);
buffer = calloc(1, max);
if (is_first) {
is_first = FALSE;
} else {
fprintf(where, " +++ \n");
}
CRM_CHECK(dump_data_element(0, &buffer, &max, &len, "+", child, TRUE) >= 0, continue);
fprintf(where, "%s", buffer);
}
}
diff --git a/tools/regression.acls.exp b/tools/regression.acls.exp
index f9850528f0..c6a76729fe 100644
--- a/tools/regression.acls.exp
+++ b/tools/regression.acls.exp
@@ -1,1468 +1,1731 @@
+Created new pacemaker-1.3 configuration
Setting up shadow instance
A new shadow instance was created. To begin using it paste the following into your shell:
CIB_shadow=tools-regression ; export CIB_shadow
=#=#=#= Begin test: Configure some ACLs =#=#=#=
=#=#=#= Current cib after: Configure some ACLs =#=#=#=
-<cib epoch="1" num_updates="0" admin_epoch="0" >
+<cib epoch="1" num_updates="0" admin_epoch="0">
<configuration>
<crm_config/>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: Configure some ACLs - OK (0) =#=#=#=
* Passed: cibadmin - Configure some ACLs
=#=#=#= Begin test: Enable ACLs =#=#=#=
=#=#=#= Current cib after: Enable ACLs =#=#=#=
-<cib epoch="2" num_updates="0" admin_epoch="0" >
+<cib epoch="2" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: Enable ACLs - OK (0) =#=#=#=
* Passed: crm_attribute - Enable ACLs
=#=#=#= Begin test: Set cluster option =#=#=#=
=#=#=#= Current cib after: Set cluster option =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: Set cluster option - OK (0) =#=#=#=
* Passed: crm_attribute - Set cluster option
+=#=#=#= Begin test: New ACL =#=#=#=
+=#=#=#= Current cib after: New ACL =#=#=#=
+<cib epoch="4" num_updates="0" admin_epoch="0">
+ <configuration>
+ <crm_config>
+ <cluster_property_set id="cib-bootstrap-options">
+ <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
+ <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
+ </cluster_property_set>
+ </crm_config>
+ <nodes/>
+ <resources/>
+ <constraints/>
+ <acls>
+ <acl_user id="l33t-haxor">
+ <deny id="crook-nothing" xpath="/cib"/>
+ </acl_user>
+ <acl_user id="niceguy">
+ <role_ref id="observer"/>
+ </acl_user>
+ <acl_role id="observer">
+ <read id="observer-read-1" xpath="/cib"/>
+ <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
+ <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
+ </acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ </acls>
+ </configuration>
+ <status/>
+</cib>
+=#=#=#= End test: New ACL - OK (0) =#=#=#=
+* Passed: cibadmin - New ACL
+=#=#=#= Begin test: Another ACL =#=#=#=
+=#=#=#= Current cib after: Another ACL =#=#=#=
+<cib epoch="5" num_updates="0" admin_epoch="0">
+ <configuration>
+ <crm_config>
+ <cluster_property_set id="cib-bootstrap-options">
+ <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
+ <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
+ </cluster_property_set>
+ </crm_config>
+ <nodes/>
+ <resources/>
+ <constraints/>
+ <acls>
+ <acl_user id="l33t-haxor">
+ <deny id="crook-nothing" xpath="/cib"/>
+ </acl_user>
+ <acl_user id="niceguy">
+ <role_ref id="observer"/>
+ </acl_user>
+ <acl_role id="observer">
+ <read id="observer-read-1" xpath="/cib"/>
+ <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
+ <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
+ </acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ </acls>
+ </configuration>
+ <status/>
+</cib>
+=#=#=#= End test: Another ACL - OK (0) =#=#=#=
+* Passed: cibadmin - Another ACL
+=#=#=#= Begin test: Updated ACL =#=#=#=
+=#=#=#= Current cib after: Updated ACL =#=#=#=
+<cib epoch="6" num_updates="0" admin_epoch="0">
+ <configuration>
+ <crm_config>
+ <cluster_property_set id="cib-bootstrap-options">
+ <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
+ <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
+ </cluster_property_set>
+ </crm_config>
+ <nodes/>
+ <resources/>
+ <constraints/>
+ <acls>
+ <acl_user id="l33t-haxor">
+ <deny id="crook-nothing" xpath="/cib"/>
+ </acl_user>
+ <acl_user id="niceguy">
+ <role_ref id="observer"/>
+ </acl_user>
+ <acl_role id="observer">
+ <read id="observer-read-1" xpath="/cib"/>
+ <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
+ <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
+ </acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ </acls>
+ </configuration>
+ <status/>
+</cib>
+=#=#=#= End test: Updated ACL - OK (0) =#=#=#=
+* Passed: cibadmin - Updated ACL
+<cib epoch="3" num_updates="0" admin_epoch="0">
+ <configuration>
+ <crm_config>
+ <cluster_property_set id="cib-bootstrap-options">
+ <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
+ <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
+ </cluster_property_set>
+ </crm_config>
+ <nodes/>
+ <resources/>
+ <constraints/>
+ <acls>
+ <acl_user id="l33t-haxor">
+ <deny id="crook-nothing" xpath="/cib"/>
+ </acl_user>
+ <acl_user id="niceguy">
+ <role_ref id="observer"/>
+ </acl_user>
+ <acl_role id="observer">
+ <read id="observer-read-1" xpath="/cib"/>
+ <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
+ <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
+ </acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ </acls>
+ </configuration>
+ <status/>
+</cib>
=#=#=#= Begin test: unknownguy: Query configuration =#=#=#=
Call failed: Permission denied
=#=#=#= Current cib after: unknownguy: Query configuration =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: unknownguy: Query configuration - Permission denied (13) =#=#=#=
* Passed: cibadmin - unknownguy: Query configuration
=#=#=#= Begin test: unknownguy: Set enable-acl =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: unknownguy: Set enable-acl =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: unknownguy: Set enable-acl - Permission denied (13) =#=#=#=
* Passed: crm_attribute - unknownguy: Set enable-acl
=#=#=#= Begin test: unknownguy: Set stonith-enabled =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: unknownguy: Set stonith-enabled =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: unknownguy: Set stonith-enabled - Permission denied (13) =#=#=#=
* Passed: crm_attribute - unknownguy: Set stonith-enabled
=#=#=#= Begin test: unknownguy: Create a resource =#=#=#=
Call failed: Permission denied
=#=#=#= Current cib after: unknownguy: Create a resource =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: unknownguy: Create a resource - Permission denied (13) =#=#=#=
* Passed: cibadmin - unknownguy: Create a resource
=#=#=#= Begin test: l33t-haxor: Query configuration =#=#=#=
Call failed: Permission denied
=#=#=#= Current cib after: l33t-haxor: Query configuration =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Query configuration - Permission denied (13) =#=#=#=
* Passed: cibadmin - l33t-haxor: Query configuration
=#=#=#= Begin test: l33t-haxor: Set enable-acl =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: l33t-haxor: Set enable-acl =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Set enable-acl - Permission denied (13) =#=#=#=
* Passed: crm_attribute - l33t-haxor: Set enable-acl
=#=#=#= Begin test: l33t-haxor: Set stonith-enabled =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: l33t-haxor: Set stonith-enabled =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Set stonith-enabled - Permission denied (13) =#=#=#=
* Passed: crm_attribute - l33t-haxor: Set stonith-enabled
=#=#=#= Begin test: l33t-haxor: Create a resource =#=#=#=
Call failed: Permission denied
=#=#=#= Current cib after: l33t-haxor: Create a resource =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Create a resource - Permission denied (13) =#=#=#=
* Passed: cibadmin - l33t-haxor: Create a resource
=#=#=#= Begin test: niceguy: Query configuration =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Current cib after: niceguy: Query configuration =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Query configuration - OK (0) =#=#=#=
* Passed: cibadmin - niceguy: Query configuration
=#=#=#= Begin test: niceguy: Set enable-acl =#=#=#=
Error performing operation: Permission denied
Error setting enable-acl=false (section=crm_config, set=<null>): Permission denied
=#=#=#= Current cib after: niceguy: Set enable-acl =#=#=#=
-<cib epoch="3" num_updates="0" admin_epoch="0" >
+<cib epoch="3" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Set enable-acl - Permission denied (13) =#=#=#=
* Passed: crm_attribute - niceguy: Set enable-acl
=#=#=#= Begin test: niceguy: Set stonith-enabled =#=#=#=
=#=#=#= Current cib after: niceguy: Set stonith-enabled =#=#=#=
-<cib epoch="4" num_updates="0" admin_epoch="0" >
+<cib epoch="4" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Set stonith-enabled - OK (0) =#=#=#=
* Passed: crm_attribute - niceguy: Set stonith-enabled
=#=#=#= Begin test: niceguy: Create a resource =#=#=#=
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Create a resource =#=#=#=
-<cib epoch="4" num_updates="0" admin_epoch="0" >
+<cib epoch="4" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Create a resource - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Create a resource
=#=#=#= Begin test: root: Query configuration =#=#=#=
-<cib epoch="4" num_updates="0" admin_epoch="0" >
+<cib epoch="4" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Current cib after: root: Query configuration =#=#=#=
-<cib epoch="4" num_updates="0" admin_epoch="0" >
+<cib epoch="4" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="false"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: root: Query configuration - OK (0) =#=#=#=
* Passed: cibadmin - root: Query configuration
=#=#=#= Begin test: root: Set stonith-enabled =#=#=#=
=#=#=#= Current cib after: root: Set stonith-enabled =#=#=#=
-<cib epoch="5" num_updates="0" admin_epoch="0" >
+<cib epoch="5" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources/>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: root: Set stonith-enabled - OK (0) =#=#=#=
* Passed: crm_attribute - root: Set stonith-enabled
=#=#=#= Begin test: root: Create a resource =#=#=#=
=#=#=#= Current cib after: root: Create a resource =#=#=#=
-<cib epoch="6" num_updates="0" admin_epoch="0" >
+<cib epoch="6" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy"/>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: root: Create a resource - OK (0) =#=#=#=
* Passed: cibadmin - root: Create a resource
=#=#=#= Begin test: l33t-haxor: Create a resource meta attribute =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: l33t-haxor: Create a resource meta attribute =#=#=#=
-<cib epoch="6" num_updates="0" admin_epoch="0" >
+<cib epoch="6" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy"/>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Create a resource meta attribute - Permission denied (13) =#=#=#=
* Passed: crm_resource - l33t-haxor: Create a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Query a resource meta attribute =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: l33t-haxor: Query a resource meta attribute =#=#=#=
-<cib epoch="6" num_updates="0" admin_epoch="0" >
+<cib epoch="6" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy"/>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Query a resource meta attribute - Permission denied (13) =#=#=#=
* Passed: crm_resource - l33t-haxor: Query a resource meta attribute
=#=#=#= Begin test: l33t-haxor: Remove a resource meta attribute =#=#=#=
Error performing operation: Permission denied
=#=#=#= Current cib after: l33t-haxor: Remove a resource meta attribute =#=#=#=
-<cib epoch="6" num_updates="0" admin_epoch="0" >
+<cib epoch="6" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy"/>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: l33t-haxor: Remove a resource meta attribute - Permission denied (13) =#=#=#=
* Passed: crm_resource - l33t-haxor: Remove a resource meta attribute
=#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#=
=#=#=#= Current cib after: niceguy: Create a resource meta attribute =#=#=#=
-<cib epoch="7" num_updates="0" admin_epoch="0" >
+<cib epoch="7" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Stopped"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Create a resource meta attribute - OK (0) =#=#=#=
* Passed: crm_resource - niceguy: Create a resource meta attribute
=#=#=#= Begin test: niceguy: Query a resource meta attribute =#=#=#=
Stopped
=#=#=#= Current cib after: niceguy: Query a resource meta attribute =#=#=#=
-<cib epoch="7" num_updates="0" admin_epoch="0" >
+<cib epoch="7" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Stopped"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Query a resource meta attribute - OK (0) =#=#=#=
* Passed: crm_resource - niceguy: Query a resource meta attribute
=#=#=#= Begin test: niceguy: Remove a resource meta attribute =#=#=#=
Deleted dummy option: id=dummy-meta_attributes-target-role name=target-role
=#=#=#= Current cib after: niceguy: Remove a resource meta attribute =#=#=#=
-<cib epoch="8" num_updates="0" admin_epoch="0" >
+<cib epoch="8" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes"/>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
+ <acl_user id="badidea">
+ <read id="badidea-resources" xpath="//meta_attributes"/>
+ </acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Remove a resource meta attribute - OK (0) =#=#=#=
* Passed: crm_resource - niceguy: Remove a resource meta attribute
=#=#=#= Begin test: niceguy: Create a resource meta attribute =#=#=#=
=#=#=#= Current cib after: niceguy: Create a resource meta attribute =#=#=#=
-<cib epoch="9" num_updates="0" admin_epoch="0" >
- <configuration>
- <crm_config>
- <cluster_property_set id="cib-bootstrap-options">
- <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
- <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
- <nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
- </cluster_property_set>
- </crm_config>
- <nodes/>
- <resources>
- <primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
- <meta_attributes id="dummy-meta_attributes">
- <nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
- </meta_attributes>
- </primitive>
- </resources>
- <constraints/>
- <acls>
- <acl_user id="l33t-haxor">
- <deny id="crook-nothing" xpath="/cib"/>
- </acl_user>
- <acl_user id="niceguy">
- <role_ref id="observer"/>
- </acl_user>
- <acl_role id="observer">
- <read id="observer-read-1" xpath="/cib"/>
- <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
- <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
- </acl_role>
- </acls>
- </configuration>
- <status/>
-</cib>
-=#=#=#= End test: niceguy: Create a resource meta attribute - OK (0) =#=#=#=
-* Passed: crm_resource - niceguy: Create a resource meta attribute
-=#=#=#= Begin test: New ACL =#=#=#=
-=#=#=#= Current cib after: New ACL =#=#=#=
-<cib epoch="10" num_updates="0" admin_epoch="0" >
+<cib epoch="9" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
-=#=#=#= End test: New ACL - OK (0) =#=#=#=
-* Passed: cibadmin - New ACL
+=#=#=#= End test: niceguy: Create a resource meta attribute - OK (0) =#=#=#=
+* Passed: crm_resource - niceguy: Create a resource meta attribute
=#=#=#= Begin test: badidea: Query configuration - implied deny =#=#=#=
<cib>
<configuration>
<resources>
<primitive id="dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
</configuration>
</cib>
=#=#=#= Current cib after: badidea: Query configuration - implied deny =#=#=#=
-<cib epoch="10" num_updates="0" admin_epoch="0" >
+<cib epoch="10" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: badidea: Query configuration - implied deny - OK (0) =#=#=#=
* Passed: cibadmin - badidea: Query configuration - implied deny
-=#=#=#= Begin test: Updated ACL =#=#=#=
-=#=#=#= Current cib after: Updated ACL =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
- <configuration>
- <crm_config>
- <cluster_property_set id="cib-bootstrap-options">
- <nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
- <nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
- <nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
- </cluster_property_set>
- </crm_config>
- <nodes/>
- <resources>
- <primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
- <meta_attributes id="dummy-meta_attributes">
- <nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
- </meta_attributes>
- </primitive>
- </resources>
- <constraints/>
- <acls>
- <acl_user id="l33t-haxor">
- <deny id="crook-nothing" xpath="/cib"/>
- </acl_user>
- <acl_user id="niceguy">
- <role_ref id="observer"/>
- </acl_user>
- <acl_role id="observer">
- <read id="observer-read-1" xpath="/cib"/>
- <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
- <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
- </acl_role>
- <acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
- <read id="badidea-resources" xpath="//meta_attributes"/>
- </acl_user>
- </acls>
- </configuration>
- <status/>
-</cib>
-=#=#=#= End test: Updated ACL - OK (0) =#=#=#=
-* Passed: cibadmin - Updated ACL
-=#=#=#= Begin test: badidea: Query configuration - explicit deny =#=#=#=
+=#=#=#= Begin test: betteridea: Query configuration - explicit deny =#=#=#=
<cib>
<configuration>
<resources>
<primitive id="dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
</configuration>
</cib>
-=#=#=#= Current cib after: badidea: Query configuration - explicit deny =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+=#=#=#= Current cib after: betteridea: Query configuration - explicit deny =#=#=#=
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
-=#=#=#= End test: badidea: Query configuration - explicit deny - OK (0) =#=#=#=
-* Passed: cibadmin - badidea: Query configuration - explicit deny
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+=#=#=#= End test: betteridea: Query configuration - explicit deny - OK (0) =#=#=#=
+* Passed: cibadmin - betteridea: Query configuration - explicit deny
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
</configuration>
<status/>
</cib>
=#=#=#= Begin test: niceguy: Replace - remove acls =#=#=#=
__xml_acl_check: 400 access denied to /cib/configuration/acls: default
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Replace - remove acls =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Replace - remove acls - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Replace - remove acls
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
<primitive id="dummy2" class="ocf" provider="pacemaker" type="Dummy"/>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Begin test: niceguy: Replace - create resource =#=#=#=
__xml_acl_check: 400 access denied to /cib/configuration/resources/primitive[@id='dummy2']: default
__xml_acl_post_process: Cannot add new node primitive at /cib/configuration/resources/primitive[@id='dummy2']
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Replace - create resource =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Replace - create resource - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Replace - create resource
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="false"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Begin test: niceguy: Replace - modify attribute =#=#=#=
__xml_acl_check: 400 access denied to /cib/configuration/crm_config/cluster_property_set[@id='cib-bootstrap-options']/nvpair[@id='cib-bootstrap-options-enable-acl'][@value]: default
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Replace - modify attribute =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Replace - modify attribute - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Replace - modify attribute
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Begin test: niceguy: Replace - delete attribute =#=#=#=
__xml_acl_check: 400 access denied to /cib/configuration/crm_config/cluster_property_set[@id='cib-bootstrap-options']/nvpair[@id='cib-bootstrap-options-enable-acl']: default
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Replace - delete attribute =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Replace - delete attribute - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Replace - delete attribute
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy" description="nothing interesting">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= Begin test: niceguy: Replace - create attribute =#=#=#=
__xml_acl_check: 400 access denied to /cib/configuration/resources/primitive[@id='dummy'][@description]: default
Call failed: Permission denied
=#=#=#= Current cib after: niceguy: Replace - create attribute =#=#=#=
-<cib epoch="11" num_updates="0" admin_epoch="0" >
+<cib epoch="11" num_updates="0" admin_epoch="0">
<configuration>
<crm_config>
<cluster_property_set id="cib-bootstrap-options">
<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl" value="true"/>
<nvpair id="cib-bootstrap-options-no-quorum-policy" name="no-quorum-policy" value="ignore"/>
<nvpair id="cib-bootstrap-options-stonith-enabled" name="stonith-enabled" value="true"/>
</cluster_property_set>
</crm_config>
<nodes/>
<resources>
<primitive id="dummy" class="ocf" provider="pacemaker" type="Dummy">
<meta_attributes id="dummy-meta_attributes">
<nvpair id="dummy-meta_attributes-target-role" name="target-role" value="Started"/>
</meta_attributes>
</primitive>
</resources>
<constraints/>
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
<acl_user id="badidea">
- <deny id="badidea-nothing" xpath="/cib"/>
<read id="badidea-resources" xpath="//meta_attributes"/>
</acl_user>
+ <acl_user id="betteridea">
+ <deny id="betteridea-nothing" xpath="/cib"/>
+ <read id="betteridea-resources" xpath="//meta_attributes"/>
+ </acl_user>
</acls>
</configuration>
<status/>
</cib>
=#=#=#= End test: niceguy: Replace - create attribute - Permission denied (13) =#=#=#=
* Passed: cibadmin - niceguy: Replace - create attribute
diff --git a/tools/regression.sh b/tools/regression.sh
index 8c436e959b..52dbdf187e 100755
--- a/tools/regression.sh
+++ b/tools/regression.sh
@@ -1,589 +1,602 @@
#!/bin/bash
: ${shadow=tools-regression}
test_home=`dirname $0`
num_errors=0
num_passed=0
GREP_OPTIONS=
verbose=0
tests="dates tools acls"
function test_assert() {
target=$1; shift
cib=$1; shift
app=`echo "$cmd" | sed 's/\ .*//'`
printf "* Running: $app - $desc\n" 1>&2
printf "=#=#=#= Begin test: $desc =#=#=#=\n"
eval $VALGRIND_CMD $cmd 2>&1
rc=$?
if [ x$cib != x0 ]; then
printf "=#=#=#= Current cib after: $desc =#=#=#=\n"
CIB_user=root cibadmin -Q
fi
printf "=#=#=#= End test: $desc - `crm_error $rc` ($rc) =#=#=#=\n"
if [ $rc -ne $target ]; then
num_errors=`expr $num_errors + 1`
printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc"
printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc (`which $app`)" 1>&2
return
exit 1
else
printf "* Passed: %-14s - %s\n" $app "$desc"
num_passed=`expr $num_passed + 1`
fi
}
function usage() {
echo "Usage: ./regression.sh [-s(ave)] [-x] [-v(erbose)]"
exit $1
}
done=0
do_save=0
VALGRIND_CMD=
while test "$done" = "0"; do
case "$1" in
-t) tests=$2; shift; shift;;
-V|--verbose) verbose=1; shift;;
-v|--valgrind)
export G_SLICE=always-malloc
VALGRIND_CMD="valgrind -q --gen-suppressions=all --show-reachable=no --leak-check=full --trace-children=no --time-stamp=yes --num-callers=20 --suppressions=/usr/share/pacemaker/tests/valgrind-pcmk.suppressions"
shift;;
-x) set -x; shift;;
-s) do_save=1; shift;;
-p) PATH="$2:$PATH"; export PATH; shift 1;;
-?) usage 0;;
-*) echo "unknown option: $1"; usage 1;;
*) done=1;;
esac
done
if [ "x$VALGRIND_CMD" = "x" -a -x $test_home/crm_simulate ]; then
xml_home=`dirname ${test_home}`
echo "Using local binaries from: $test_home, schemas from $xml_home"
export PATH="$test_home:$PATH"
export PCMK_schema_directory=${xml_home}/xml
fi
function test_tools() {
export CIB_shadow_dir=$test_home
$VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1
export CIB_shadow=$shadow
desc="Validate CIB"
cmd="cibadmin -Q"
test_assert 0
desc="Configure something before erasing"
cmd="crm_attribute -n cluster-delay -v 60s"
test_assert 0
desc="Require --force for CIB erasure"
cmd="cibadmin -E"
test_assert 22
desc="Allow CIB erasure with --force"
cmd="cibadmin -E --force"
test_assert 0
desc="Query CIB"
cmd="cibadmin -Q > /tmp/$$.existing.xml"
test_assert 0
desc="Set cluster option"
cmd="crm_attribute -n cluster-delay -v 60s"
test_assert 0
desc="Query new cluster option"
cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Query cluster options"
cmd="cibadmin -Q -o crm_config > /tmp/$$.opt.xml"
test_assert 0
desc="Set no-quorum policy"
cmd="crm_attribute -n no-quorum-policy -v ignore"
test_assert 0
desc="Delete nvpair"
cmd="cibadmin -D -o crm_config --xml-text '<nvpair id=\"cib-bootstrap-options-cluster-delay\"/>'"
test_assert 0
desc="Create operaton should fail"
cmd="cibadmin -C -o crm_config --xml-file /tmp/$$.opt.xml"
test_assert 76
desc="Modify cluster options section"
cmd="cibadmin -M -o crm_config --xml-file /tmp/$$.opt.xml"
test_assert 0
desc="Query updated cluster option"
cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Set duplicate cluster option"
cmd="crm_attribute -n cluster-delay -v 40s -s duplicate"
test_assert 0
desc="Setting multiply defined cluster option should fail"
cmd="crm_attribute -n cluster-delay -v 30s"
test_assert 76
desc="Set cluster option with -s"
cmd="crm_attribute -n cluster-delay -v 30s -s duplicate"
test_assert 0
desc="Delete cluster option with -i"
cmd="crm_attribute -n cluster-delay -D -i cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Create node1 and bring it online"
cmd="crm_simulate --live-check --in-place --node-up=node1"
test_assert 0
desc="Create node attribute"
cmd="crm_attribute -n ram -v 1024M -U node1 -t nodes"
test_assert 0
desc="Query new node attribute"
cmd="cibadmin -Q -o nodes | grep node1-ram"
test_assert 0
desc="Digest calculation"
cmd="cibadmin -Q | cibadmin -5 -p 2>&1 > /dev/null"
test_assert 0
# This update will fail because it has version numbers
desc="Replace operation should fail"
cmd="cibadmin -R --xml-file /tmp/$$.existing.xml"
test_assert 205
desc="Default standby value"
cmd="crm_standby -N node1 -G"
test_assert 0
desc="Set standby status"
cmd="crm_standby -N node1 -v true"
test_assert 0
desc="Query standby value"
cmd="crm_standby -N node1 -G"
test_assert 0
desc="Delete standby value"
cmd="crm_standby -N node1 -D"
test_assert 0
desc="Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 0
desc="Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p is-managed -v false"
test_assert 0
desc="Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g is-managed"
test_assert 0
desc="Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d is-managed"
test_assert 0
desc="Create a resource attribute"
cmd="crm_resource -r dummy -p delay -v 10s"
test_assert 0
desc="List the configured resources"
cmd="crm_resource -L"
test_assert 0
desc="Set a resource's fail-count"
cmd="crm_failcount -r dummy -v 10 -N node1"
test_assert 0
desc="Require a destination when migrating a resource that is stopped"
cmd="crm_resource -r dummy -M"
test_assert 22
desc="Don't support migration to non-existant locations"
cmd="crm_resource -r dummy -M -N i.dont.exist"
test_assert 6
desc="Create a fencing resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"Fence\" class=\"stonith\" type=\"fence_true\"/>'"
test_assert 0
desc="Bring resources online"
cmd="crm_simulate --live-check --in-place -S"
test_assert 0
desc="Try to move a resource to its existing location"
cmd="crm_resource -r dummy --move --host node1"
test_assert 22
desc="Move a resource from its existing location"
cmd="crm_resource -r dummy --move"
test_assert 0
desc="Clear out constraints generated by --move"
cmd="crm_resource -r dummy --clear"
test_assert 0
desc="Default ticket granted state"
cmd="crm_ticket -t ticketA -G granted -d false"
test_assert 0
desc="Set ticket granted state"
cmd="crm_ticket -t ticketA -r --force"
test_assert 0
desc="Query ticket granted state"
cmd="crm_ticket -t ticketA -G granted"
test_assert 0
desc="Delete ticket granted state"
cmd="crm_ticket -t ticketA -D granted --force"
test_assert 0
desc="Make a ticket standby"
cmd="crm_ticket -t ticketA -s"
test_assert 0
desc="Query ticket standby state"
cmd="crm_ticket -t ticketA -G standby"
test_assert 0
desc="Activate a ticket"
cmd="crm_ticket -t ticketA -a"
test_assert 0
desc="Delete ticket standby state"
cmd="crm_ticket -t ticketA -D standby"
test_assert 0
desc="Ban a resource on unknown node"
cmd="crm_resource -r dummy -B -N host1"
test_assert 6
desc="Create two more nodes and bring them online"
cmd="crm_simulate --live-check --in-place --node-up=node2 --node-up=node3"
test_assert 0
desc="Ban dummy from node1"
cmd="crm_resource -r dummy -B -N node1"
test_assert 0
desc="Ban dummy from node2"
cmd="crm_resource -r dummy -B -N node2"
test_assert 0
desc="Relocate resources due to ban"
cmd="crm_simulate --live-check --in-place -S"
test_assert 0
desc="Move dummy to node1"
cmd="crm_resource -r dummy -M -N node1"
test_assert 0
desc="Clear implicit constraints for dummy on node2"
cmd="crm_resource -r dummy -U -N node2"
test_assert 0
}
function test_dates() {
for y in 06 07 08 09 10 11 12 13 14 15 16 17 18; do
desc="20$y-W01-7"
cmd="iso8601 -d '20$y-W01-7 00Z'"
test_assert 0 0
desc="20$y-W01-7 - round-trip"
cmd="iso8601 -d '20$y-W01-7 00Z' -W -E '20$y-W01-7 00:00:00Z'"
test_assert 0 0
desc="20$y-W01-1"
cmd="iso8601 -d '20$y-W01-1 00Z'"
test_assert 0 0
desc="20$y-W01-1 - round-trip"
cmd="iso8601 -d '20$y-W01-1 00Z' -W -E '20$y-W01-1 00:00:00Z'"
test_assert 0 0
done
desc="2009-W53-07"
cmd="iso8601 -d '2009-W53-7 00:00:00Z' -W -E '2009-W53-7 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 1 Month"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P1M -E '2009-02-28 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 2 Months"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P2M -E '2009-03-31 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 3 Months"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P3M -E '2009-04-30 00:00:00Z'"
test_assert 0 0
desc="2009-03-31 - 1 Month"
cmd="iso8601 -d '2009-03-31 00:00:00Z' -D P-1M -E '2009-02-28 00:00:00Z'"
test_assert 0 0
}
+function test_acl_loop() {
-function test_acls() {
- export CIB_shadow_dir=$test_home
- $VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1
- export CIB_shadow=$shadow
-
- cat<<EOF>/tmp/$$.acls.xml
- <acls>
- <acl_user id="l33t-haxor">
- <deny id="crook-nothing" xpath="/cib"/>
- </acl_user>
- <acl_user id="niceguy">
- <role_ref id="observer"/>
- </acl_user>
- <acl_role id="observer">
- <read id="observer-read-1" xpath="/cib"/>
- <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
- <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
- </acl_role>
- </acls>
-EOF
-
- desc="Configure some ACLs"
- cmd="cibadmin -M -o acls --xml-file /tmp/$$.acls.xml"
- test_assert 0
-
- desc="Enable ACLs"
- cmd="crm_attribute -n enable-acl -v true"
- test_assert 0
-
- desc="Set cluster option"
- cmd="crm_attribute -n no-quorum-policy -v ignore"
- test_assert 0
+ CIB_user=root cibadmin --replace --xml-text '<resources/>'
+ CIB_user=root cibadmin -Q
export CIB_user=unknownguy
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 13
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 13
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=l33t-haxor
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 13
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 13
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=niceguy
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 0
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 0
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=root
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 0
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v true"
test_assert 0
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 0
export CIB_user=l33t-haxor
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Stopped"
test_assert 13
desc="$CIB_user: Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g target-role"
test_assert 13
desc="$CIB_user: Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d target-role"
test_assert 13
export CIB_user=niceguy
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Stopped"
test_assert 0
desc="$CIB_user: Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g target-role"
test_assert 0
desc="$CIB_user: Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d target-role"
test_assert 0
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Started"
test_assert 0
- export CIB_user=root
- desc="New ACL"
- cmd="cibadmin --create -o acls --xml-text '<acl_user id=\"badidea\"><read id=\"badidea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
- test_assert 0
-
+ sed -i 's/epoch=\"9/epoch=\"10/g' ${CIB_shadow_dir}/shadow.${CIB_shadow}
export CIB_user=badidea
desc="$CIB_user: Query configuration - implied deny"
cmd="cibadmin -Q"
test_assert 0
- export CIB_user=root
- desc="Updated ACL"
- cmd="cibadmin --replace -o acls --xml-text '<acl_user id=\"badidea\"><deny id=\"badidea-nothing\" xpath=\"/cib\"/><read id=\"badidea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
- test_assert 0
-
- export CIB_user=badidea
+ sed -i 's/epoch=\"10/epoch=\"11/g' ${CIB_shadow_dir}/shadow.${CIB_shadow}
+ export CIB_user=betteridea
desc="$CIB_user: Query configuration - explicit deny"
cmd="cibadmin -Q"
test_assert 0
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --delete --xml-text '<acls/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
export CIB_user=niceguy
# Make sure we're rejecting things for the right reasons
export PCMK_trace_functions=__xml_acl_check,__xml_acl_post_process
desc="$CIB_user: Replace - remove acls"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -C -o resources --xml-text '<primitive id="dummy2" class="ocf" provider="pacemaker" type="Dummy"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - create resource"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" crm_attribute -n enable-acl -v false
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - modify attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --replace --xml-text '<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
sed -i 's/num_updates=.1/num_updates=\"0/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - delete attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --modify --xml-text '<primitive id="dummy" description="nothing interesting"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - create attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
rm -rf /tmp/$$.haxor.xml
}
+function test_acls() {
+ export CIB_shadow_dir=$test_home
+ $VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow --validate-with pacemaker-1.3 2>&1
+ export CIB_shadow=$shadow
+
+ cat<<EOF>/tmp/$$.acls.xml
+ <acls>
+ <acl_user id="l33t-haxor">
+ <deny id="crook-nothing" xpath="/cib"/>
+ </acl_user>
+ <acl_user id="niceguy">
+ <role_ref id="observer"/>
+ </acl_user>
+ <acl_role id="observer">
+ <read id="observer-read-1" xpath="/cib"/>
+ <write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
+ <write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
+ </acl_role>
+ </acls>
+EOF
+
+ desc="Configure some ACLs"
+ cmd="cibadmin -M -o acls --xml-file /tmp/$$.acls.xml"
+ test_assert 0
+
+ desc="Enable ACLs"
+ cmd="crm_attribute -n enable-acl -v true"
+ test_assert 0
+
+ desc="Set cluster option"
+ cmd="crm_attribute -n no-quorum-policy -v ignore"
+ test_assert 0
+
+ desc="New ACL"
+ cmd="cibadmin --create -o acls --xml-text '<acl_user id=\"badidea\"><read id=\"badidea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
+ test_assert 0
+
+ desc="Another ACL"
+ cmd="cibadmin --create -o acls --xml-text '<acl_user id=\"betteridea\"><read id=\"betteridea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
+ test_assert 0
+
+ desc="Updated ACL"
+ cmd="cibadmin --replace -o acls --xml-text '<acl_user id=\"betteridea\"><deny id=\"betteridea-nothing\" xpath=\"/cib\"/><read id=\"betteridea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
+ test_assert 0
+
+ sed -i 's/epoch=\"6/epoch=\"3/g' ${CIB_shadow_dir}/shadow.${CIB_shadow}
+
+ test_acl_loop
+}
+
for t in $tests; do
echo "Testing $t"
test_$t > $test_home/regression.$t.out
sed -i -e 's/cib-last-written.*>/>/'\
-e 's/ last-run=\"[0-9]*\"//' \
- -e 's/crm_feature_set="[^"]*"//'\
- -e 's/validate-with="[^"]*"//'\
+ -e 's/crm_feature_set="[^"]*" //'\
+ -e 's/validate-with="[^"]*" //'\
-e 's/.*__xml_acl_check/__xml_acl_check/g'\
-e 's/.*__xml_acl_post_process/__xml_acl_post_process/g'\
-e 's/ last-rc-change=\"[0-9]*\"//' $test_home/regression.$t.out
if [ $do_save = 1 ]; then
cp $test_home/regression.$t.out $test_home/regression.$t.exp
fi
done
failed=0
echo -e "\n\nResults"
for t in $tests; do
if [ $do_save = 1 ]; then
cp $test_home/regression.$t.out $test_home/regression.$t.exp
fi
if [ $verbose = 1 ]; then
diff -u $test_home/regression.$t.exp $test_home/regression.$t.out
else
diff -wu $test_home/regression.$t.exp $test_home/regression.$t.out
fi
if [ $? != 0 ]; then
failed=1
fi
done
echo -e "\n\nSummary"
for t in $tests; do
grep -e "^*" $test_home/regression.$t.out
done
if [ $num_errors != 0 ]; then
echo $num_errors tests failed
exit 1
elif [ $failed = 1 ]; then
echo $num_passed tests passed but diff failed
exit 2
else
echo $num_passed tests passed
exit 0
fi
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Jul 20, 7:29 PM (3 h, 14 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2081325
Default Alt Text
(116 KB)
Attached To
Mode
rP Pacemaker
Attached
Detach File
Event Timeline
Log In to Comment