diff --git a/BasicSanity.sh b/BasicSanity.sh index 845a0993a4..faf65f3245 100755 --- a/BasicSanity.sh +++ b/BasicSanity.sh @@ -1,105 +1,97 @@ #!/bin/bash test_home=`dirname $0` valgrind="" verbose="" tests="" if [ "$test_home" = "." ]; then test_home="$PWD" fi function info() { printf "$*\n" } function error() { printf " * ERROR: $*\n" } info "Test home is:\t$test_home" while true ; do case "$1" in all) tests="pengine cli lrmd fencing"; shift;; pengine|lrmd|pacemaker_remote|fencing|cli) tests="$tests $1"; shift;; -V|--verbose) verbose="-V"; shift;; -v|--valgrind) valgrind="-v"; shift;; --) shift ; break ;; "") break;; *) echo "unknown option: $1"; exit 1;; esac done if [ -z "$tests" ]; then tests="pengine cli lrmd" fi failed="" for t in $tests; do info "Executing the $t regression tests" info "============================================================" if [ -e $test_home/$t/regression.py ]; then # Fencing, lrmd need root access chmod a+x $test_home/$t/regression.py echo "Enter the root password..." # sudo doesn't work in builtbot, su doesn't work in travis if [ x$TRAVIS = x ]; then su root -c "$test_home/$t/regression.py $verbose" else sudo -- $test_home/$t/regression.py $verbose fi rc=$? elif [ $t == "pacemaker_remote" ] && [ -e $test_home/lrmd/regression.py ]; then # pacemaker_remote chmod a+x $test_home/lrmd/regression.py echo "Enter the root password..." # sudo doesn't work in builtbot, su doesn't work in travis if [ x$TRAVIS = x ]; then su root -c "$test_home/$t/regression.py -R $verbose" else sudo -- $test_home/$t/regression.py -R $verbose fi rc=$? elif [ -e $test_home/$t ]; then # pengine, cli - if [ x$TRAVIS = x ]; then - su root -c "$test_home/$t/regression.sh $verbose $valgrind" - else - sudo -- $test_home/$t/regression.sh $verbose $valgrind - fi + $test_home/$t/regression.sh $verbose $valgrind rc=$? elif [ $t = cli -a -e $test_home/tools ]; then # Running cli tests from the source tree t=tools - if [ x$TRAVIS = x ]; then - su root -c "$test_home/$t/regression.sh $verbose $valgrind" - else - sudo -- $test_home/$t/regression.sh $verbose $valgrind - fi + $test_home/$t/regression.sh $verbose $valgrind rc=$? else error "Cannot find $t test in $test_home" rc=1 fi if [ $rc != 0 ]; then info "$t regression tests failed: $rc" failed="$failed $t" fi info "============================================================" info "" info "" done if [ -z "$failed" ]; then exit 0 fi error "regression tests for $failed failed" exit 1 diff --git a/lib/cib/cib_file.c b/lib/cib/cib_file.c index d4048547b2..9e8a50511f 100644 --- a/lib/cib/cib_file.c +++ b/lib/cib/cib_file.c @@ -1,338 +1,340 @@ /* * Copyright (c) 2004 International Business Machines * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * */ #include #include #include #include #include #include #include #include #include #include #include #include typedef struct cib_file_opaque_s { int flags; char *filename; } cib_file_opaque_t; int cib_file_perform_op(cib_t * cib, const char *op, const char *host, const char *section, xmlNode * data, xmlNode ** output_data, int call_options); int cib_file_perform_op_delegate(cib_t * cib, const char *op, const char *host, const char *section, xmlNode * data, xmlNode ** output_data, int call_options, const char *user_name); int cib_file_signon(cib_t * cib, const char *name, enum cib_conn_type type); int cib_file_signoff(cib_t * cib); int cib_file_free(cib_t * cib); static int cib_file_inputfd(cib_t * cib) { return -EPROTONOSUPPORT; } static int cib_file_set_connection_dnotify(cib_t * cib, void (*dnotify) (gpointer user_data)) { return -EPROTONOSUPPORT; } static int cib_file_register_notification(cib_t * cib, const char *callback, int enabled) { return -EPROTONOSUPPORT; } cib_t * cib_file_new(const char *cib_location) { cib_file_opaque_t *private = NULL; cib_t *cib = cib_new_variant(); private = calloc(1, sizeof(cib_file_opaque_t)); cib->variant = cib_file; cib->variant_opaque = private; if (cib_location == NULL) { cib_location = getenv("CIB_file"); } private->filename = strdup(cib_location); /* assign variant specific ops */ cib->delegate_fn = cib_file_perform_op_delegate; cib->cmds->signon = cib_file_signon; cib->cmds->signoff = cib_file_signoff; cib->cmds->free = cib_file_free; cib->cmds->inputfd = cib_file_inputfd; cib->cmds->register_notification = cib_file_register_notification; cib->cmds->set_connection_dnotify = cib_file_set_connection_dnotify; return cib; } static xmlNode *in_mem_cib = NULL; static int load_file_cib(const char *filename) { int rc = pcmk_ok; struct stat buf; xmlNode *root = NULL; gboolean dtd_ok = TRUE; const char *ignore_dtd = NULL; xmlNode *status = NULL; rc = stat(filename, &buf); if (rc == 0) { root = filename2xml(filename); if (root == NULL) { return -pcmk_err_schema_validation; } } else { return -ENXIO; } rc = 0; status = find_xml_node(root, XML_CIB_TAG_STATUS, FALSE); if (status == NULL) { create_xml_node(root, XML_CIB_TAG_STATUS); } ignore_dtd = crm_element_value(root, XML_ATTR_VALIDATION); dtd_ok = validate_xml(root, NULL, TRUE); if (dtd_ok == FALSE) { crm_err("CIB does not validate against %s", ignore_dtd); rc = -pcmk_err_schema_validation; goto bail; } in_mem_cib = root; return rc; bail: free_xml(root); root = NULL; return rc; } int cib_file_signon(cib_t * cib, const char *name, enum cib_conn_type type) { int rc = pcmk_ok; cib_file_opaque_t *private = cib->variant_opaque; if (private->filename == FALSE) { rc = -EINVAL; } else { rc = load_file_cib(private->filename); } if (rc == pcmk_ok) { crm_debug("%s: Opened connection to local file '%s'", name, private->filename); cib->state = cib_connected_command; cib->type = cib_command; } else { fprintf(stderr, "%s: Connection to local file '%s' failed: %s\n", name, private->filename, pcmk_strerror(rc)); } return rc; } int cib_file_signoff(cib_t * cib) { int rc = pcmk_ok; cib_file_opaque_t *private = cib->variant_opaque; crm_debug("Signing out of the CIB Service"); if (strstr(private->filename, ".bz2") != NULL) { rc = write_xml_file(in_mem_cib, private->filename, TRUE); } else { rc = write_xml_file(in_mem_cib, private->filename, FALSE); } if (rc > 0) { crm_info("Wrote CIB to %s", private->filename); rc = pcmk_ok; } else { crm_err("Could not write CIB to %s: %s (%d)", private->filename, pcmk_strerror(rc), rc); } free_xml(in_mem_cib); cib->state = cib_disconnected; cib->type = cib_no_connection; return rc; } int cib_file_free(cib_t * cib) { int rc = pcmk_ok; if (cib->state != cib_disconnected) { rc = cib_file_signoff(cib); } if (rc == pcmk_ok) { cib_file_opaque_t *private = cib->variant_opaque; free(private->filename); free(cib->cmds); free(private); free(cib); } else { fprintf(stderr, "Couldn't sign off: %d\n", rc); } return rc; } struct cib_func_entry { const char *op; gboolean read_only; cib_op_t fn; }; /* *INDENT-OFF* */ static struct cib_func_entry cib_file_ops[] = { {CIB_OP_QUERY, TRUE, cib_process_query}, {CIB_OP_MODIFY, FALSE, cib_process_modify}, {CIB_OP_APPLY_DIFF, FALSE, cib_process_diff}, {CIB_OP_BUMP, FALSE, cib_process_bump}, {CIB_OP_REPLACE, FALSE, cib_process_replace}, {CIB_OP_CREATE, FALSE, cib_process_create}, {CIB_OP_DELETE, FALSE, cib_process_delete}, {CIB_OP_ERASE, FALSE, cib_process_erase}, {CIB_OP_UPGRADE, FALSE, cib_process_upgrade}, }; /* *INDENT-ON* */ int cib_file_perform_op(cib_t * cib, const char *op, const char *host, const char *section, xmlNode * data, xmlNode ** output_data, int call_options) { return cib_file_perform_op_delegate(cib, op, host, section, data, output_data, call_options, NULL); } int cib_file_perform_op_delegate(cib_t * cib, const char *op, const char *host, const char *section, xmlNode * data, xmlNode ** output_data, int call_options, const char *user_name) { int rc = pcmk_ok; char *effective_user = NULL; gboolean query = FALSE; gboolean changed = FALSE; xmlNode *request = NULL; xmlNode *output = NULL; xmlNode *cib_diff = NULL; xmlNode *result_cib = NULL; cib_op_t *fn = NULL; int lpc = 0; static int max_msg_types = DIMOF(cib_file_ops); crm_info("%s on %s", op, section); call_options |= (cib_no_mtime | cib_inhibit_bcast | cib_scope_local); if (cib->state == cib_disconnected) { return -ENOTCONN; } if (output_data != NULL) { *output_data = NULL; } if (op == NULL) { return -EINVAL; } for (lpc = 0; lpc < max_msg_types; lpc++) { if (safe_str_eq(op, cib_file_ops[lpc].op)) { fn = &(cib_file_ops[lpc].fn); query = cib_file_ops[lpc].read_only; break; } } if (fn == NULL) { return -EPROTONOSUPPORT; } cib->call_id++; request = cib_create_op(cib->call_id, "dummy-token", op, host, section, data, call_options, user_name); #if ENABLE_ACL - crm_acl_get_set_user(request, F_CIB_USER, user_name); - crm_trace("Performing %s operation as %s", op, crm_element_value(request, F_CIB_USER)); + if(user_name) { + crm_xml_add(request, XML_ACL_TAG_USER, user_name); + } + crm_trace("Performing %s operation as %s", op, user_name); #endif rc = cib_perform_op(op, call_options, fn, query, section, request, data, TRUE, &changed, in_mem_cib, &result_cib, &cib_diff, &output); free_xml(request); if (rc == -pcmk_err_schema_validation) { validate_xml_verbose(result_cib); } if (rc != pcmk_ok) { free_xml(result_cib); } else if (query == FALSE) { xml_log_patchset(LOG_DEBUG, "cib:diff", cib_diff); free_xml(in_mem_cib); in_mem_cib = result_cib; } free_xml(cib_diff); if (cib->op_callback != NULL) { cib->op_callback(NULL, cib->call_id, rc, output); } if (output_data && output) { if(output == in_mem_cib) { *output_data = copy_xml(output); } else { *output_data = output; } } else if(output != in_mem_cib) { free_xml(output); } free(effective_user); return rc; } diff --git a/tools/regression.sh b/tools/regression.sh index 87985f53c7..8c436e959b 100755 --- a/tools/regression.sh +++ b/tools/regression.sh @@ -1,598 +1,589 @@ #!/bin/bash : ${shadow=tools-regression} test_home=`dirname $0` num_errors=0 num_passed=0 GREP_OPTIONS= verbose=0 tests="dates tools acls" function test_assert() { target=$1; shift cib=$1; shift app=`echo "$cmd" | sed 's/\ .*//'` printf "* Running: $app - $desc\n" 1>&2 printf "=#=#=#= Begin test: $desc =#=#=#=\n" eval $VALGRIND_CMD $cmd 2>&1 rc=$? if [ x$cib != x0 ]; then printf "=#=#=#= Current cib after: $desc =#=#=#=\n" CIB_user=root cibadmin -Q fi printf "=#=#=#= End test: $desc - `crm_error $rc` ($rc) =#=#=#=\n" if [ $rc -ne $target ]; then num_errors=`expr $num_errors + 1` printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc" printf "* Failed (rc=%.3d): %-14s - %s\n" $rc $app "$desc (`which $app`)" 1>&2 return exit 1 else printf "* Passed: %-14s - %s\n" $app "$desc" num_passed=`expr $num_passed + 1` fi } function usage() { echo "Usage: ./regression.sh [-s(ave)] [-x] [-v(erbose)]" exit $1 } done=0 do_save=0 VALGRIND_CMD= while test "$done" = "0"; do case "$1" in -t) tests=$2; shift; shift;; -V|--verbose) verbose=1; shift;; -v|--valgrind) export G_SLICE=always-malloc VALGRIND_CMD="valgrind -q --gen-suppressions=all --show-reachable=no --leak-check=full --trace-children=no --time-stamp=yes --num-callers=20 --suppressions=/usr/share/pacemaker/tests/valgrind-pcmk.suppressions" shift;; -x) set -x; shift;; -s) do_save=1; shift;; -p) PATH="$2:$PATH"; export PATH; shift 1;; -?) usage 0;; -*) echo "unknown option: $1"; usage 1;; *) done=1;; esac done -case "$tests" in - *acls*) - if [ $USER != root ]; then - echo "You need to be root to run the ACL regression tests" - exit 1 - fi - ;; -esac - if [ "x$VALGRIND_CMD" = "x" -a -x $test_home/crm_simulate ]; then xml_home=`dirname ${test_home}` echo "Using local binaries from: $test_home, schemas from $xml_home" export PATH="$test_home:$PATH" export PCMK_schema_directory=${xml_home}/xml fi function test_tools() { export CIB_shadow_dir=$test_home $VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1 export CIB_shadow=$shadow desc="Validate CIB" cmd="cibadmin -Q" test_assert 0 desc="Configure something before erasing" cmd="crm_attribute -n cluster-delay -v 60s" test_assert 0 desc="Require --force for CIB erasure" cmd="cibadmin -E" test_assert 22 desc="Allow CIB erasure with --force" cmd="cibadmin -E --force" test_assert 0 desc="Query CIB" cmd="cibadmin -Q > /tmp/$$.existing.xml" test_assert 0 desc="Set cluster option" cmd="crm_attribute -n cluster-delay -v 60s" test_assert 0 desc="Query new cluster option" cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay" test_assert 0 desc="Query cluster options" cmd="cibadmin -Q -o crm_config > /tmp/$$.opt.xml" test_assert 0 desc="Set no-quorum policy" cmd="crm_attribute -n no-quorum-policy -v ignore" test_assert 0 desc="Delete nvpair" cmd="cibadmin -D -o crm_config --xml-text ''" test_assert 0 desc="Create operaton should fail" cmd="cibadmin -C -o crm_config --xml-file /tmp/$$.opt.xml" test_assert 76 desc="Modify cluster options section" cmd="cibadmin -M -o crm_config --xml-file /tmp/$$.opt.xml" test_assert 0 desc="Query updated cluster option" cmd="cibadmin -Q -o crm_config | grep cib-bootstrap-options-cluster-delay" test_assert 0 desc="Set duplicate cluster option" cmd="crm_attribute -n cluster-delay -v 40s -s duplicate" test_assert 0 desc="Setting multiply defined cluster option should fail" cmd="crm_attribute -n cluster-delay -v 30s" test_assert 76 desc="Set cluster option with -s" cmd="crm_attribute -n cluster-delay -v 30s -s duplicate" test_assert 0 desc="Delete cluster option with -i" cmd="crm_attribute -n cluster-delay -D -i cib-bootstrap-options-cluster-delay" test_assert 0 desc="Create node1 and bring it online" cmd="crm_simulate --live-check --in-place --node-up=node1" test_assert 0 desc="Create node attribute" cmd="crm_attribute -n ram -v 1024M -U node1 -t nodes" test_assert 0 desc="Query new node attribute" cmd="cibadmin -Q -o nodes | grep node1-ram" test_assert 0 desc="Digest calculation" cmd="cibadmin -Q | cibadmin -5 -p 2>&1 > /dev/null" test_assert 0 # This update will fail because it has version numbers desc="Replace operation should fail" cmd="cibadmin -R --xml-file /tmp/$$.existing.xml" test_assert 205 desc="Default standby value" cmd="crm_standby -N node1 -G" test_assert 0 desc="Set standby status" cmd="crm_standby -N node1 -v true" test_assert 0 desc="Query standby value" cmd="crm_standby -N node1 -G" test_assert 0 desc="Delete standby value" cmd="crm_standby -N node1 -D" test_assert 0 desc="Create a resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 0 desc="Create a resource meta attribute" cmd="crm_resource -r dummy --meta -p is-managed -v false" test_assert 0 desc="Query a resource meta attribute" cmd="crm_resource -r dummy --meta -g is-managed" test_assert 0 desc="Remove a resource meta attribute" cmd="crm_resource -r dummy --meta -d is-managed" test_assert 0 desc="Create a resource attribute" cmd="crm_resource -r dummy -p delay -v 10s" test_assert 0 desc="List the configured resources" cmd="crm_resource -L" test_assert 0 desc="Set a resource's fail-count" cmd="crm_failcount -r dummy -v 10 -N node1" test_assert 0 desc="Require a destination when migrating a resource that is stopped" cmd="crm_resource -r dummy -M" test_assert 22 desc="Don't support migration to non-existant locations" cmd="crm_resource -r dummy -M -N i.dont.exist" test_assert 6 desc="Create a fencing resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 0 desc="Bring resources online" cmd="crm_simulate --live-check --in-place -S" test_assert 0 desc="Try to move a resource to its existing location" cmd="crm_resource -r dummy --move --host node1" test_assert 22 desc="Move a resource from its existing location" cmd="crm_resource -r dummy --move" test_assert 0 desc="Clear out constraints generated by --move" cmd="crm_resource -r dummy --clear" test_assert 0 desc="Default ticket granted state" cmd="crm_ticket -t ticketA -G granted -d false" test_assert 0 desc="Set ticket granted state" cmd="crm_ticket -t ticketA -r --force" test_assert 0 desc="Query ticket granted state" cmd="crm_ticket -t ticketA -G granted" test_assert 0 desc="Delete ticket granted state" cmd="crm_ticket -t ticketA -D granted --force" test_assert 0 desc="Make a ticket standby" cmd="crm_ticket -t ticketA -s" test_assert 0 desc="Query ticket standby state" cmd="crm_ticket -t ticketA -G standby" test_assert 0 desc="Activate a ticket" cmd="crm_ticket -t ticketA -a" test_assert 0 desc="Delete ticket standby state" cmd="crm_ticket -t ticketA -D standby" test_assert 0 desc="Ban a resource on unknown node" cmd="crm_resource -r dummy -B -N host1" test_assert 6 desc="Create two more nodes and bring them online" cmd="crm_simulate --live-check --in-place --node-up=node2 --node-up=node3" test_assert 0 desc="Ban dummy from node1" cmd="crm_resource -r dummy -B -N node1" test_assert 0 desc="Ban dummy from node2" cmd="crm_resource -r dummy -B -N node2" test_assert 0 desc="Relocate resources due to ban" cmd="crm_simulate --live-check --in-place -S" test_assert 0 desc="Move dummy to node1" cmd="crm_resource -r dummy -M -N node1" test_assert 0 desc="Clear implicit constraints for dummy on node2" cmd="crm_resource -r dummy -U -N node2" test_assert 0 } function test_dates() { for y in 06 07 08 09 10 11 12 13 14 15 16 17 18; do desc="20$y-W01-7" cmd="iso8601 -d '20$y-W01-7 00Z'" test_assert 0 0 desc="20$y-W01-7 - round-trip" cmd="iso8601 -d '20$y-W01-7 00Z' -W -E '20$y-W01-7 00:00:00Z'" test_assert 0 0 desc="20$y-W01-1" cmd="iso8601 -d '20$y-W01-1 00Z'" test_assert 0 0 desc="20$y-W01-1 - round-trip" cmd="iso8601 -d '20$y-W01-1 00Z' -W -E '20$y-W01-1 00:00:00Z'" test_assert 0 0 done desc="2009-W53-07" cmd="iso8601 -d '2009-W53-7 00:00:00Z' -W -E '2009-W53-7 00:00:00Z'" test_assert 0 0 desc="2009-01-31 + 1 Month" cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P1M -E '2009-02-28 00:00:00Z'" test_assert 0 0 desc="2009-01-31 + 2 Months" cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P2M -E '2009-03-31 00:00:00Z'" test_assert 0 0 desc="2009-01-31 + 3 Months" cmd="iso8601 -d '2009-01-31 00:00:00Z' -D P3M -E '2009-04-30 00:00:00Z'" test_assert 0 0 desc="2009-03-31 - 1 Month" cmd="iso8601 -d '2009-03-31 00:00:00Z' -D P-1M -E '2009-02-28 00:00:00Z'" test_assert 0 0 } function test_acls() { export CIB_shadow_dir=$test_home $VALGRIND_CMD crm_shadow --batch --force --create-empty $shadow 2>&1 export CIB_shadow=$shadow cat</tmp/$$.acls.xml EOF desc="Configure some ACLs" cmd="cibadmin -M -o acls --xml-file /tmp/$$.acls.xml" test_assert 0 desc="Enable ACLs" cmd="crm_attribute -n enable-acl -v true" test_assert 0 desc="Set cluster option" cmd="crm_attribute -n no-quorum-policy -v ignore" test_assert 0 export CIB_user=unknownguy desc="$CIB_user: Query configuration" cmd="cibadmin -Q" test_assert 13 desc="$CIB_user: Set enable-acl" cmd="crm_attribute -n enable-acl -v false" test_assert 13 desc="$CIB_user: Set stonith-enabled" cmd="crm_attribute -n stonith-enabled -v false" test_assert 13 desc="$CIB_user: Create a resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 13 export CIB_user=l33t-haxor desc="$CIB_user: Query configuration" cmd="cibadmin -Q" test_assert 13 desc="$CIB_user: Set enable-acl" cmd="crm_attribute -n enable-acl -v false" test_assert 13 desc="$CIB_user: Set stonith-enabled" cmd="crm_attribute -n stonith-enabled -v false" test_assert 13 desc="$CIB_user: Create a resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 13 export CIB_user=niceguy desc="$CIB_user: Query configuration" cmd="cibadmin -Q" test_assert 0 desc="$CIB_user: Set enable-acl" cmd="crm_attribute -n enable-acl -v false" test_assert 13 desc="$CIB_user: Set stonith-enabled" cmd="crm_attribute -n stonith-enabled -v false" test_assert 0 desc="$CIB_user: Create a resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 13 export CIB_user=root desc="$CIB_user: Query configuration" cmd="cibadmin -Q" test_assert 0 desc="$CIB_user: Set stonith-enabled" cmd="crm_attribute -n stonith-enabled -v true" test_assert 0 desc="$CIB_user: Create a resource" cmd="cibadmin -C -o resources --xml-text ''" test_assert 0 export CIB_user=l33t-haxor desc="$CIB_user: Create a resource meta attribute" cmd="crm_resource -r dummy --meta -p target-role -v Stopped" test_assert 13 desc="$CIB_user: Query a resource meta attribute" cmd="crm_resource -r dummy --meta -g target-role" test_assert 13 desc="$CIB_user: Remove a resource meta attribute" cmd="crm_resource -r dummy --meta -d target-role" test_assert 13 export CIB_user=niceguy desc="$CIB_user: Create a resource meta attribute" cmd="crm_resource -r dummy --meta -p target-role -v Stopped" test_assert 0 desc="$CIB_user: Query a resource meta attribute" cmd="crm_resource -r dummy --meta -g target-role" test_assert 0 desc="$CIB_user: Remove a resource meta attribute" cmd="crm_resource -r dummy --meta -d target-role" test_assert 0 desc="$CIB_user: Create a resource meta attribute" cmd="crm_resource -r dummy --meta -p target-role -v Started" test_assert 0 export CIB_user=root desc="New ACL" cmd="cibadmin --create -o acls --xml-text ''" test_assert 0 export CIB_user=badidea desc="$CIB_user: Query configuration - implied deny" cmd="cibadmin -Q" test_assert 0 export CIB_user=root desc="Updated ACL" cmd="cibadmin --replace -o acls --xml-text ''" test_assert 0 export CIB_user=badidea desc="$CIB_user: Query configuration - explicit deny" cmd="cibadmin -Q" test_assert 0 CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --delete --xml-text '' sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql export CIB_user=niceguy # Make sure we're rejecting things for the right reasons export PCMK_trace_functions=__xml_acl_check,__xml_acl_post_process desc="$CIB_user: Replace - remove acls" cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V" test_assert 13 CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -C -o resources --xml-text '' sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql desc="$CIB_user: Replace - create resource" cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V" test_assert 13 CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" crm_attribute -n enable-acl -v false sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql desc="$CIB_user: Replace - modify attribute" cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V" test_assert 13 CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --replace --xml-text '' sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml sed -i 's/num_updates=.1/num_updates=\"0/g' /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql desc="$CIB_user: Replace - delete attribute" cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V" test_assert 13 CIB_user=root cibadmin -Q > /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin --modify --xml-text '' sed -i 's/epoch=.12/epoch=\"11/g' /tmp/$$.haxor.xml CIB_user=root CIB_file=/tmp/$$.haxor.xml CIB_shadow="" cibadmin -Ql desc="$CIB_user: Replace - create attribute" cmd="cibadmin --replace --xml-file /tmp/$$.haxor.xml -V" test_assert 13 rm -rf /tmp/$$.haxor.xml } for t in $tests; do echo "Testing $t" test_$t > $test_home/regression.$t.out sed -i -e 's/cib-last-written.*>/>/'\ -e 's/ last-run=\"[0-9]*\"//' \ -e 's/crm_feature_set="[^"]*"//'\ -e 's/validate-with="[^"]*"//'\ -e 's/.*__xml_acl_check/__xml_acl_check/g'\ -e 's/.*__xml_acl_post_process/__xml_acl_post_process/g'\ -e 's/ last-rc-change=\"[0-9]*\"//' $test_home/regression.$t.out if [ $do_save = 1 ]; then cp $test_home/regression.$t.out $test_home/regression.$t.exp fi done failed=0 echo -e "\n\nResults" for t in $tests; do if [ $do_save = 1 ]; then cp $test_home/regression.$t.out $test_home/regression.$t.exp fi if [ $verbose = 1 ]; then diff -u $test_home/regression.$t.exp $test_home/regression.$t.out else diff -wu $test_home/regression.$t.exp $test_home/regression.$t.out fi if [ $? != 0 ]; then failed=1 fi done echo -e "\n\nSummary" for t in $tests; do grep -e "^*" $test_home/regression.$t.out done if [ $num_errors != 0 ]; then echo $num_errors tests failed exit 1 elif [ $failed = 1 ]; then echo $num_passed tests passed but diff failed exit 2 else echo $num_passed tests passed exit 0 fi