diff --git a/BasicSanity.sh b/BasicSanity.sh
index 845a0993a4..faf65f3245 100755
--- a/BasicSanity.sh
+++ b/BasicSanity.sh
@@ -1,105 +1,97 @@
#!/bin/bash
test_home=`dirname $0`
valgrind=""
verbose=""
tests=""
if [ "$test_home" = "." ]; then
test_home="$PWD"
fi
function info() {
printf "$*\n"
}
function error() {
printf " * ERROR: $*\n"
}
info "Test home is:\t$test_home"
while true ; do
case "$1" in
all) tests="pengine cli lrmd fencing"; shift;;
pengine|lrmd|pacemaker_remote|fencing|cli) tests="$tests $1"; shift;;
-V|--verbose) verbose="-V"; shift;;
-v|--valgrind) valgrind="-v"; shift;;
--) shift ; break ;;
"") break;;
*) echo "unknown option: $1"; exit 1;;
esac
done
if [ -z "$tests" ]; then
tests="pengine cli lrmd"
fi
failed=""
for t in $tests; do
info "Executing the $t regression tests"
info "============================================================"
if [ -e $test_home/$t/regression.py ]; then
# Fencing, lrmd need root access
chmod a+x $test_home/$t/regression.py
echo "Enter the root password..."
# sudo doesn't work in builtbot, su doesn't work in travis
if [ x$TRAVIS = x ]; then
su root -c "$test_home/$t/regression.py $verbose"
else
sudo -- $test_home/$t/regression.py $verbose
fi
rc=$?
elif [ $t == "pacemaker_remote" ] && [ -e $test_home/lrmd/regression.py ]; then
# pacemaker_remote
chmod a+x $test_home/lrmd/regression.py
echo "Enter the root password..."
# sudo doesn't work in builtbot, su doesn't work in travis
if [ x$TRAVIS = x ]; then
su root -c "$test_home/$t/regression.py -R $verbose"
else
sudo -- $test_home/$t/regression.py -R $verbose
fi
rc=$?
elif [ -e $test_home/$t ]; then
# pengine, cli
- if [ x$TRAVIS = x ]; then
- su root -c "$test_home/$t/regression.sh $verbose $valgrind"
- else
- sudo -- $test_home/$t/regression.sh $verbose $valgrind
- fi
+ $test_home/$t/regression.sh $verbose $valgrind
rc=$?
elif [ $t = cli -a -e $test_home/tools ]; then
# Running cli tests from the source tree
t=tools
- if [ x$TRAVIS = x ]; then
- su root -c "$test_home/$t/regression.sh $verbose $valgrind"
- else
- sudo -- $test_home/$t/regression.sh $verbose $valgrind
- fi
+ $test_home/$t/regression.sh $verbose $valgrind
rc=$?
else
error "Cannot find $t test in $test_home"
rc=1
fi
if [ $rc != 0 ]; then
info "$t regression tests failed: $rc"
failed="$failed $t"
fi
info "============================================================"
info ""
info ""
done
if [ -z "$failed" ]; then
exit 0
fi
error "regression tests for $failed failed"
exit 1
diff --git a/lib/cib/cib_file.c b/lib/cib/cib_file.c
index d4048547b2..9e8a50511f 100644
--- a/lib/cib/cib_file.c
+++ b/lib/cib/cib_file.c
@@ -1,338 +1,340 @@
/*
* Copyright (c) 2004 International Business Machines
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <crm_internal.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdarg.h>
#include <string.h>
#include <sys/stat.h>
#include <glib.h>
#include <crm/crm.h>
#include <crm/cib/internal.h>
#include <crm/msg_xml.h>
#include <crm/common/ipc.h>
typedef struct cib_file_opaque_s {
int flags;
char *filename;
} cib_file_opaque_t;
int cib_file_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
xmlNode * data, xmlNode ** output_data, int call_options);
int cib_file_perform_op_delegate(cib_t * cib, const char *op, const char *host, const char *section,
xmlNode * data, xmlNode ** output_data, int call_options,
const char *user_name);
int cib_file_signon(cib_t * cib, const char *name, enum cib_conn_type type);
int cib_file_signoff(cib_t * cib);
int cib_file_free(cib_t * cib);
static int
cib_file_inputfd(cib_t * cib)
{
return -EPROTONOSUPPORT;
}
static int
cib_file_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data))
{
return -EPROTONOSUPPORT;
}
static int
cib_file_register_notification(cib_t * cib, const char *callback, int enabled)
{
return -EPROTONOSUPPORT;
}
cib_t *
cib_file_new(const char *cib_location)
{
cib_file_opaque_t *private = NULL;
cib_t *cib = cib_new_variant();
private = calloc(1, sizeof(cib_file_opaque_t));
cib->variant = cib_file;
cib->variant_opaque = private;
if (cib_location == NULL) {
cib_location = getenv("CIB_file");
}
private->filename = strdup(cib_location);
/* assign variant specific ops */
cib->delegate_fn = cib_file_perform_op_delegate;
cib->cmds->signon = cib_file_signon;
cib->cmds->signoff = cib_file_signoff;
cib->cmds->free = cib_file_free;
cib->cmds->inputfd = cib_file_inputfd;
cib->cmds->register_notification = cib_file_register_notification;
cib->cmds->set_connection_dnotify = cib_file_set_connection_dnotify;
return cib;
}
static xmlNode *in_mem_cib = NULL;
static int
load_file_cib(const char *filename)
{
int rc = pcmk_ok;
struct stat buf;
xmlNode *root = NULL;
gboolean dtd_ok = TRUE;
const char *ignore_dtd = NULL;
xmlNode *status = NULL;
rc = stat(filename, &buf);
if (rc == 0) {
root = filename2xml(filename);
if (root == NULL) {
return -pcmk_err_schema_validation;
}
} else {
return -ENXIO;
}
rc = 0;
status = find_xml_node(root, XML_CIB_TAG_STATUS, FALSE);
if (status == NULL) {
create_xml_node(root, XML_CIB_TAG_STATUS);
}
ignore_dtd = crm_element_value(root, XML_ATTR_VALIDATION);
dtd_ok = validate_xml(root, NULL, TRUE);
if (dtd_ok == FALSE) {
crm_err("CIB does not validate against %s", ignore_dtd);
rc = -pcmk_err_schema_validation;
goto bail;
}
in_mem_cib = root;
return rc;
bail:
free_xml(root);
root = NULL;
return rc;
}
int
cib_file_signon(cib_t * cib, const char *name, enum cib_conn_type type)
{
int rc = pcmk_ok;
cib_file_opaque_t *private = cib->variant_opaque;
if (private->filename == FALSE) {
rc = -EINVAL;
} else {
rc = load_file_cib(private->filename);
}
if (rc == pcmk_ok) {
crm_debug("%s: Opened connection to local file '%s'", name, private->filename);
cib->state = cib_connected_command;
cib->type = cib_command;
} else {
fprintf(stderr, "%s: Connection to local file '%s' failed: %s\n",
name, private->filename, pcmk_strerror(rc));
}
return rc;
}
int
cib_file_signoff(cib_t * cib)
{
int rc = pcmk_ok;
cib_file_opaque_t *private = cib->variant_opaque;
crm_debug("Signing out of the CIB Service");
if (strstr(private->filename, ".bz2") != NULL) {
rc = write_xml_file(in_mem_cib, private->filename, TRUE);
} else {
rc = write_xml_file(in_mem_cib, private->filename, FALSE);
}
if (rc > 0) {
crm_info("Wrote CIB to %s", private->filename);
rc = pcmk_ok;
} else {
crm_err("Could not write CIB to %s: %s (%d)", private->filename, pcmk_strerror(rc), rc);
}
free_xml(in_mem_cib);
cib->state = cib_disconnected;
cib->type = cib_no_connection;
return rc;
}
int
cib_file_free(cib_t * cib)
{
int rc = pcmk_ok;
if (cib->state != cib_disconnected) {
rc = cib_file_signoff(cib);
}
if (rc == pcmk_ok) {
cib_file_opaque_t *private = cib->variant_opaque;
free(private->filename);
free(cib->cmds);
free(private);
free(cib);
} else {
fprintf(stderr, "Couldn't sign off: %d\n", rc);
}
return rc;
}
struct cib_func_entry {
const char *op;
gboolean read_only;
cib_op_t fn;
};
/* *INDENT-OFF* */
static struct cib_func_entry cib_file_ops[] = {
{CIB_OP_QUERY, TRUE, cib_process_query},
{CIB_OP_MODIFY, FALSE, cib_process_modify},
{CIB_OP_APPLY_DIFF, FALSE, cib_process_diff},
{CIB_OP_BUMP, FALSE, cib_process_bump},
{CIB_OP_REPLACE, FALSE, cib_process_replace},
{CIB_OP_CREATE, FALSE, cib_process_create},
{CIB_OP_DELETE, FALSE, cib_process_delete},
{CIB_OP_ERASE, FALSE, cib_process_erase},
{CIB_OP_UPGRADE, FALSE, cib_process_upgrade},
};
/* *INDENT-ON* */
int
cib_file_perform_op(cib_t * cib, const char *op, const char *host, const char *section,
xmlNode * data, xmlNode ** output_data, int call_options)
{
return cib_file_perform_op_delegate(cib, op, host, section, data, output_data, call_options,
NULL);
}
int
cib_file_perform_op_delegate(cib_t * cib, const char *op, const char *host, const char *section,
xmlNode * data, xmlNode ** output_data, int call_options,
const char *user_name)
{
int rc = pcmk_ok;
char *effective_user = NULL;
gboolean query = FALSE;
gboolean changed = FALSE;
xmlNode *request = NULL;
xmlNode *output = NULL;
xmlNode *cib_diff = NULL;
xmlNode *result_cib = NULL;
cib_op_t *fn = NULL;
int lpc = 0;
static int max_msg_types = DIMOF(cib_file_ops);
crm_info("%s on %s", op, section);
call_options |= (cib_no_mtime | cib_inhibit_bcast | cib_scope_local);
if (cib->state == cib_disconnected) {
return -ENOTCONN;
}
if (output_data != NULL) {
*output_data = NULL;
}
if (op == NULL) {
return -EINVAL;
}
for (lpc = 0; lpc < max_msg_types; lpc++) {
if (safe_str_eq(op, cib_file_ops[lpc].op)) {
fn = &(cib_file_ops[lpc].fn);
query = cib_file_ops[lpc].read_only;
break;
}
}
if (fn == NULL) {
return -EPROTONOSUPPORT;
}
cib->call_id++;
request = cib_create_op(cib->call_id, "dummy-token", op, host, section, data, call_options, user_name);
#if ENABLE_ACL
- crm_acl_get_set_user(request, F_CIB_USER, user_name);
- crm_trace("Performing %s operation as %s", op, crm_element_value(request, F_CIB_USER));
+ if(user_name) {
+ crm_xml_add(request, XML_ACL_TAG_USER, user_name);
+ }
+ crm_trace("Performing %s operation as %s", op, user_name);
#endif
rc = cib_perform_op(op, call_options, fn, query,
section, request, data, TRUE, &changed, in_mem_cib, &result_cib, &cib_diff,
&output);
free_xml(request);
if (rc == -pcmk_err_schema_validation) {
validate_xml_verbose(result_cib);
}
if (rc != pcmk_ok) {
free_xml(result_cib);
} else if (query == FALSE) {
xml_log_patchset(LOG_DEBUG, "cib:diff", cib_diff);
free_xml(in_mem_cib);
in_mem_cib = result_cib;
}
free_xml(cib_diff);
if (cib->op_callback != NULL) {
cib->op_callback(NULL, cib->call_id, rc, output);
}
if (output_data && output) {
if(output == in_mem_cib) {
*output_data = copy_xml(output);
} else {
*output_data = output;
}
} else if(output != in_mem_cib) {
free_xml(output);
}
free(effective_user);
return rc;
}
diff --git a/tools/regression.sh b/tools/regression.sh
index 87985f53c7..8c436e959b 100755
--- a/tools/regression.sh
+++ b/tools/regression.sh
@@ -1,598 +1,589 @@
#!/bin/bash
: ${shadow=tools-regression}
test_home=`dirname $0`
num_errors=0
num_passed=0
GREP_OPTIONS=
verbose=0
tests="dates tools acls"
function test_assert() {
target=$1; shift
cib=$1; shift
app=`echo "$cmd" | sed 's/\ .*//'`
printf "* Running: $app - $desc\n" 1>&2
printf "=#=#=#= Begin test: $desc =#=#=#=\n"
eval $VALGRIND_CMD $cmd 2>&1
rc=$?
if [ x$cib != x0 ]; then
printf "=#=#=#= Current cib after: $desc =#=#=#=\n"
CIB_user=root cibadmin -Q
fi
printf "=#=#=#= End test: $desc - `crm_error $rc` ($rc) =#=#=#=\n"
if [ $rc -ne $target ]; then
num_errors=`expr $num_errors + 1`
printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc"
printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc (`which $app`)" 1>&2
return
exit 1
else
printf "* Passed: %-14s - %s\n" $app "$desc"
num_passed=`expr $num_passed + 1`
fi
}
function usage() {
echo "Usage: ./regression.sh [-s(ave)] [-x] [-v(erbose)]"
exit $1
}
done=0
do_save=0
VALGRIND_CMD=
while test "$done" = "0"; do
case "$1" in
-t) tests=$2; shift; shift;;
-V|--verbose) verbose=1; shift;;
-v|--valgrind)
export G_SLICE=always-malloc
VALGRIND_CMD="valgrind -q --gen-suppressions=all --show-reachable=no --leak-check=full --trace-children=no --time-stamp=yes --num-callers=20 --suppressions=/usr/share/pacemaker/tests/valgrind-pcmk.suppressions"
shift;;
-x) set -x; shift;;
-s) do_save=1; shift;;
-p) PATH="$2:$PATH"; export PATH; shift 1;;
-?) usage 0;;
-*) echo "unknown option: $1"; usage 1;;
*) done=1;;
esac
done
-case "$tests" in
- *acls*)
- if [ $USER != root ]; then
- echo "You need to be root to run the ACL regression tests"
- exit 1
- fi
- ;;
-esac
-
if [ "x$VALGRIND_CMD" = "x" -a -x $test_home/crm_simulate ]; then
xml_home=`dirname ${test_home}`
echo "Using local binaries from: $test_home, schemas from $xml_home"
export PATH="$test_home:$PATH"
export PCMK_schema_directory=${xml_home}/xml
fi
function test_tools() {
export CIB_shadow_dir=$test_home
$VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1
export CIB_shadow=$shadow
desc="Validate CIB"
cmd="cibadmin -Q"
test_assert 0
desc="Configure something before erasing"
cmd="crm_attribute -n cluster-delay -v 60s"
test_assert 0
desc="Require --force for CIB erasure"
cmd="cibadmin -E"
test_assert 22
desc="Allow CIB erasure with --force"
cmd="cibadmin -E --force"
test_assert 0
desc="Query CIB"
cmd="cibadmin -Q > /tmp/$$.existing.xml"
test_assert 0
desc="Set cluster option"
cmd="crm_attribute -n cluster-delay -v 60s"
test_assert 0
desc="Query new cluster option"
cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Query cluster options"
cmd="cibadmin -Q -o crm_config > /tmp/$$.opt.xml"
test_assert 0
desc="Set no-quorum policy"
cmd="crm_attribute -n no-quorum-policy -v ignore"
test_assert 0
desc="Delete nvpair"
cmd="cibadmin -D -o crm_config --xml-text '<nvpair id=\"cib-bootstrap-options-cluster-delay\"/>'"
test_assert 0
desc="Create operaton should fail"
cmd="cibadmin -C -o crm_config --xml-file /tmp/$$.opt.xml"
test_assert 76
desc="Modify cluster options section"
cmd="cibadmin -M -o crm_config --xml-file /tmp/$$.opt.xml"
test_assert 0
desc="Query updated cluster option"
cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Set duplicate cluster option"
cmd="crm_attribute -n cluster-delay -v 40s -s duplicate"
test_assert 0
desc="Setting multiply defined cluster option should fail"
cmd="crm_attribute -n cluster-delay -v 30s"
test_assert 76
desc="Set cluster option with -s"
cmd="crm_attribute -n cluster-delay -v 30s -s duplicate"
test_assert 0
desc="Delete cluster option with -i"
cmd="crm_attribute -n cluster-delay -D -i cib-bootstrap-options-cluster-delay"
test_assert 0
desc="Create node1 and bring it online"
cmd="crm_simulate --live-check --in-place --node-up=node1"
test_assert 0
desc="Create node attribute"
cmd="crm_attribute -n ram -v 1024M -U node1 -t nodes"
test_assert 0
desc="Query new node attribute"
cmd="cibadmin -Q -o nodes | grep node1-ram"
test_assert 0
desc="Digest calculation"
cmd="cibadmin -Q | cibadmin -5 -p 2>&1 > /dev/null"
test_assert 0
# This update will fail because it has version numbers
desc="Replace operation should fail"
cmd="cibadmin -R --xml-file /tmp/$$.existing.xml"
test_assert 205
desc="Default standby value"
cmd="crm_standby -N node1 -G"
test_assert 0
desc="Set standby status"
cmd="crm_standby -N node1 -v true"
test_assert 0
desc="Query standby value"
cmd="crm_standby -N node1 -G"
test_assert 0
desc="Delete standby value"
cmd="crm_standby -N node1 -D"
test_assert 0
desc="Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 0
desc="Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p is-managed -v false"
test_assert 0
desc="Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g is-managed"
test_assert 0
desc="Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d is-managed"
test_assert 0
desc="Create a resource attribute"
cmd="crm_resource -r dummy -p delay -v 10s"
test_assert 0
desc="List the configured resources"
cmd="crm_resource -L"
test_assert 0
desc="Set a resource's fail-count"
cmd="crm_failcount -r dummy -v 10 -N node1"
test_assert 0
desc="Require a destination when migrating a resource that is stopped"
cmd="crm_resource -r dummy -M"
test_assert 22
desc="Don't support migration to non-existant locations"
cmd="crm_resource -r dummy -M -N i.dont.exist"
test_assert 6
desc="Create a fencing resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"Fence\" class=\"stonith\" type=\"fence_true\"/>'"
test_assert 0
desc="Bring resources online"
cmd="crm_simulate --live-check --in-place -S"
test_assert 0
desc="Try to move a resource to its existing location"
cmd="crm_resource -r dummy --move --host node1"
test_assert 22
desc="Move a resource from its existing location"
cmd="crm_resource -r dummy --move"
test_assert 0
desc="Clear out constraints generated by --move"
cmd="crm_resource -r dummy --clear"
test_assert 0
desc="Default ticket granted state"
cmd="crm_ticket -t ticketA -G granted -d false"
test_assert 0
desc="Set ticket granted state"
cmd="crm_ticket -t ticketA -r --force"
test_assert 0
desc="Query ticket granted state"
cmd="crm_ticket -t ticketA -G granted"
test_assert 0
desc="Delete ticket granted state"
cmd="crm_ticket -t ticketA -D granted --force"
test_assert 0
desc="Make a ticket standby"
cmd="crm_ticket -t ticketA -s"
test_assert 0
desc="Query ticket standby state"
cmd="crm_ticket -t ticketA -G standby"
test_assert 0
desc="Activate a ticket"
cmd="crm_ticket -t ticketA -a"
test_assert 0
desc="Delete ticket standby state"
cmd="crm_ticket -t ticketA -D standby"
test_assert 0
desc="Ban a resource on unknown node"
cmd="crm_resource -r dummy -B -N host1"
test_assert 6
desc="Create two more nodes and bring them online"
cmd="crm_simulate --live-check --in-place --node-up=node2 --node-up=node3"
test_assert 0
desc="Ban dummy from node1"
cmd="crm_resource -r dummy -B -N node1"
test_assert 0
desc="Ban dummy from node2"
cmd="crm_resource -r dummy -B -N node2"
test_assert 0
desc="Relocate resources due to ban"
cmd="crm_simulate --live-check --in-place -S"
test_assert 0
desc="Move dummy to node1"
cmd="crm_resource -r dummy -M -N node1"
test_assert 0
desc="Clear implicit constraints for dummy on node2"
cmd="crm_resource -r dummy -U -N node2"
test_assert 0
}
function test_dates() {
for y in 06 07 08 09 10 11 12 13 14 15 16 17 18; do
desc="20$y-W01-7"
cmd="iso8601 -d '20$y-W01-7 00Z'"
test_assert 0 0
desc="20$y-W01-7 - round-trip"
cmd="iso8601 -d '20$y-W01-7 00Z' -W -E '20$y-W01-7 00:00:00Z'"
test_assert 0 0
desc="20$y-W01-1"
cmd="iso8601 -d '20$y-W01-1 00Z'"
test_assert 0 0
desc="20$y-W01-1 - round-trip"
cmd="iso8601 -d '20$y-W01-1 00Z' -W -E '20$y-W01-1 00:00:00Z'"
test_assert 0 0
done
desc="2009-W53-07"
cmd="iso8601 -d '2009-W53-7 00:00:00Z' -W -E '2009-W53-7 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 1 Month"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P1M -E '2009-02-28 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 2 Months"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P2M -E '2009-03-31 00:00:00Z'"
test_assert 0 0
desc="2009-01-31 + 3 Months"
cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P3M -E '2009-04-30 00:00:00Z'"
test_assert 0 0
desc="2009-03-31 - 1 Month"
cmd="iso8601 -d '2009-03-31 00:00:00Z' -D P-1M -E '2009-02-28 00:00:00Z'"
test_assert 0 0
}
function test_acls() {
export CIB_shadow_dir=$test_home
$VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1
export CIB_shadow=$shadow
cat<<EOF>/tmp/$$.acls.xml
<acls>
<acl_user id="l33t-haxor">
<deny id="crook-nothing" xpath="/cib"/>
</acl_user>
<acl_user id="niceguy">
<role_ref id="observer"/>
</acl_user>
<acl_role id="observer">
<read id="observer-read-1" xpath="/cib"/>
<write id="observer-write-1" xpath="//nvpair[@name='stonith-enabled']"/>
<write id="observer-write-2" xpath="//nvpair[@name='target-role']"/>
</acl_role>
</acls>
EOF
desc="Configure some ACLs"
cmd="cibadmin -M -o acls --xml-file /tmp/$$.acls.xml"
test_assert 0
desc="Enable ACLs"
cmd="crm_attribute -n enable-acl -v true"
test_assert 0
desc="Set cluster option"
cmd="crm_attribute -n no-quorum-policy -v ignore"
test_assert 0
export CIB_user=unknownguy
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 13
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 13
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=l33t-haxor
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 13
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 13
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=niceguy
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 0
desc="$CIB_user: Set enable-acl"
cmd="crm_attribute -n enable-acl -v false"
test_assert 13
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v false"
test_assert 0
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 13
export CIB_user=root
desc="$CIB_user: Query configuration"
cmd="cibadmin -Q"
test_assert 0
desc="$CIB_user: Set stonith-enabled"
cmd="crm_attribute -n stonith-enabled -v true"
test_assert 0
desc="$CIB_user: Create a resource"
cmd="cibadmin -C -o resources --xml-text '<primitive id=\"dummy\" class=\"ocf\" provider=\"pacemaker\" type=\"Dummy\"/>'"
test_assert 0
export CIB_user=l33t-haxor
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Stopped"
test_assert 13
desc="$CIB_user: Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g target-role"
test_assert 13
desc="$CIB_user: Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d target-role"
test_assert 13
export CIB_user=niceguy
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Stopped"
test_assert 0
desc="$CIB_user: Query a resource meta attribute"
cmd="crm_resource -r dummy --meta -g target-role"
test_assert 0
desc="$CIB_user: Remove a resource meta attribute"
cmd="crm_resource -r dummy --meta -d target-role"
test_assert 0
desc="$CIB_user: Create a resource meta attribute"
cmd="crm_resource -r dummy --meta -p target-role -v Started"
test_assert 0
export CIB_user=root
desc="New ACL"
cmd="cibadmin --create -o acls --xml-text '<acl_user id=\"badidea\"><read id=\"badidea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
test_assert 0
export CIB_user=badidea
desc="$CIB_user: Query configuration - implied deny"
cmd="cibadmin -Q"
test_assert 0
export CIB_user=root
desc="Updated ACL"
cmd="cibadmin --replace -o acls --xml-text '<acl_user id=\"badidea\"><deny id=\"badidea-nothing\" xpath=\"/cib\"/><read id=\"badidea-resources\" xpath=\"//meta_attributes\"/></acl_user>'"
test_assert 0
export CIB_user=badidea
desc="$CIB_user: Query configuration - explicit deny"
cmd="cibadmin -Q"
test_assert 0
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --delete --xml-text '<acls/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
export CIB_user=niceguy
# Make sure we're rejecting things for the right reasons
export PCMK_trace_functions=__xml_acl_check,__xml_acl_post_process
desc="$CIB_user: Replace - remove acls"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -C -o resources --xml-text '<primitive id="dummy2" class="ocf" provider="pacemaker" type="Dummy"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - create resource"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" crm_attribute -n enable-acl -v false
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - modify attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --replace --xml-text '<nvpair id="cib-bootstrap-options-enable-acl" name="enable-acl"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
sed -i 's/num_updates=.1/num_updates=\"0/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - delete attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --modify --xml-text '<primitive id="dummy" description="nothing interesting"/>'
sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml
CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql
desc="$CIB_user: Replace - create attribute"
cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V"
test_assert 13
rm -rf /tmp/$$.haxor.xml
}
for t in $tests; do
echo "Testing $t"
test_$t > $test_home/regression.$t.out
sed -i -e 's/cib-last-written.*>/>/'\
-e 's/ last-run=\"[0-9]*\"//' \
-e 's/crm_feature_set="[^"]*"//'\
-e 's/validate-with="[^"]*"//'\
-e 's/.*__xml_acl_check/__xml_acl_check/g'\
-e 's/.*__xml_acl_post_process/__xml_acl_post_process/g'\
-e 's/ last-rc-change=\"[0-9]*\"//' $test_home/regression.$t.out
if [ $do_save = 1 ]; then
cp $test_home/regression.$t.out $test_home/regression.$t.exp
fi
done
failed=0
echo -e "\n\nResults"
for t in $tests; do
if [ $do_save = 1 ]; then
cp $test_home/regression.$t.out $test_home/regression.$t.exp
fi
if [ $verbose = 1 ]; then
diff -u $test_home/regression.$t.exp $test_home/regression.$t.out
else
diff -wu $test_home/regression.$t.exp $test_home/regression.$t.out
fi
if [ $? != 0 ]; then
failed=1
fi
done
echo -e "\n\nSummary"
for t in $tests; do
grep -e "^*" $test_home/regression.$t.out
done
if [ $num_errors != 0 ]; then
echo $num_errors tests failed
exit 1
elif [ $failed = 1 ]; then
echo $num_passed tests passed but diff failed
exit 2
else
echo $num_passed tests passed
exit 0
fi