HomeClusterLabs Projects

Test: cts-cli: Update test outputs for later ACL denial detection

Description

Test: cts-cli: Update test outputs for later ACL denial detection

We no longer get a <failed> object in the cib_process_create() output in
the case of ACL denial. This is because the denial is caught later
instead of at attribute set time. See previous commit message for more
details.

To address the other test output changes specifically:

  • Previously, the denial happened when update_cib_object() -> copy_in_properties() -> crm_xml_add() called pcmkcheck_acl(). We made it past the creation of the <primitive> element, and that was allowed during pcmkapply_creation_acl(). However, the first attempt to set an attribute caused crm_xml_add() to error, which in turn caused update_cib_object() and add_cib_object() to error, leaving an empty <primitive> element.
  • Now, we don't set any attributes explicitly; we copy the whole subtree. So we get our first error message from pcmkcheck_acl() later, and it reflects the fact that <primitive id="dummy"> was copied with its attributes. cib_perform_op() -> xml_acl_disable() -> pcmkapply_creation_acl() (recursive) -> pcmk__check_acl().

Signed-off-by: Reid Wahl <nrwahl@protonmail.com>

Details

Provenance
nrwahl2Authored on Apr 5 2024, 3:53 AM
Parents
rPb1fe4013d08f: Refactor: libcib: Drop update_cib_object()
Branches
Unknown
Tags
Unknown