cargo fmt
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
f097eaa80f
commit
237beaed93
@ -23,8 +23,8 @@ use proxmox_sys::linux::tty;
|
||||
|
||||
use proxmox_async::broadcast_future::BroadcastFuture;
|
||||
use proxmox_http::client::{HttpsConnector, RateLimiter};
|
||||
use proxmox_http::ProxyConfig;
|
||||
use proxmox_http::uri::{build_authority, json_object_to_query};
|
||||
use proxmox_http::ProxyConfig;
|
||||
|
||||
use pbs_api_types::percent_encoding::DEFAULT_ENCODE_SET;
|
||||
use pbs_api_types::{Authid, RateLimitConfig, Userid};
|
||||
|
@ -511,44 +511,40 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
|
||||
};
|
||||
|
||||
// should work without ACLs
|
||||
assert!(
|
||||
check_sync_job_read_access(&user_info, root_auth_id, &job)
|
||||
);
|
||||
assert!(
|
||||
check_sync_job_modify_access(&user_info, root_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_read_access(&user_info, root_auth_id, &job));
|
||||
assert!(check_sync_job_modify_access(&user_info, root_auth_id, &job));
|
||||
|
||||
// user without permissions must fail
|
||||
assert!(
|
||||
!check_sync_job_read_access(&user_info, &no_perm_auth_id, &job)
|
||||
);
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &no_perm_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_read_access(
|
||||
&user_info,
|
||||
&no_perm_auth_id,
|
||||
&job
|
||||
));
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&no_perm_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// reading without proper read permissions on either remote or local must fail
|
||||
assert!(
|
||||
!check_sync_job_read_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
|
||||
|
||||
// reading without proper read permissions on local end must fail
|
||||
job.remote = "remote1".to_string();
|
||||
assert!(
|
||||
!check_sync_job_read_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
|
||||
|
||||
// reading without proper read permissions on remote end must fail
|
||||
job.remote = "remote0".to_string();
|
||||
job.store = "localstore1".to_string();
|
||||
assert!(
|
||||
!check_sync_job_read_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_read_access(&user_info, &read_auth_id, &job));
|
||||
|
||||
// writing without proper write permissions on either end must fail
|
||||
job.store = "localstore0".to_string();
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// writing without proper write permissions on local end must fail
|
||||
job.remote = "remote1".to_string();
|
||||
@ -556,72 +552,90 @@ acl:1:/remote/remote1/remotestore1:write@pbs:RemoteSyncOperator
|
||||
// writing without proper write permissions on remote end must fail
|
||||
job.remote = "remote0".to_string();
|
||||
job.store = "localstore1".to_string();
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// reset remote to one where users have access
|
||||
job.remote = "remote1".to_string();
|
||||
|
||||
// user with read permission can only read, but not modify/run
|
||||
assert!(
|
||||
check_sync_job_read_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_read_access(&user_info, &read_auth_id, &job));
|
||||
job.owner = Some(read_auth_id.clone());
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&read_auth_id,
|
||||
&job
|
||||
));
|
||||
job.owner = None;
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&read_auth_id,
|
||||
&job
|
||||
));
|
||||
job.owner = Some(write_auth_id.clone());
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &read_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&read_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// user with simple write permission can modify/run
|
||||
assert!(
|
||||
check_sync_job_read_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(
|
||||
check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_read_access(&user_info, &write_auth_id, &job));
|
||||
assert!(check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// but can't modify/run with deletion
|
||||
job.remove_vanished = Some(true);
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// unless they have Datastore.Prune as well
|
||||
job.store = "localstore2".to_string();
|
||||
assert!(
|
||||
check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// changing owner is not possible
|
||||
job.owner = Some(read_auth_id.clone());
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// also not to the default 'root@pam'
|
||||
job.owner = None;
|
||||
assert!(
|
||||
!check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(!check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
// unless they have Datastore.Modify as well
|
||||
job.store = "localstore3".to_string();
|
||||
job.owner = Some(read_auth_id);
|
||||
assert!(
|
||||
check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
job.owner = None;
|
||||
assert!(
|
||||
check_sync_job_modify_access(&user_info, &write_auth_id, &job)
|
||||
);
|
||||
assert!(check_sync_job_modify_access(
|
||||
&user_info,
|
||||
&write_auth_id,
|
||||
&job
|
||||
));
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ async fn do_update(rpcenv: &mut dyn RpcEnvironment) -> Result<(), Error> {
|
||||
Err(err) => {
|
||||
log::error!("Error reading subscription - {}", err);
|
||||
false
|
||||
},
|
||||
}
|
||||
};
|
||||
|
||||
let param = json!({
|
||||
|
@ -118,37 +118,17 @@ fn test_media_expire_time() -> Result<(), Error> {
|
||||
&MediaStatus::Writable
|
||||
);
|
||||
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 0)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 60)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 120)
|
||||
);
|
||||
assert!(
|
||||
pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 180)
|
||||
);
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 0));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 60));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 120));
|
||||
assert!(pool.media_is_expired(&pool.lookup_media(&tape0_uuid)?, 180));
|
||||
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 0)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 60)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 120)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 180)
|
||||
);
|
||||
assert!(
|
||||
!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 190)
|
||||
);
|
||||
assert!(
|
||||
pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 240)
|
||||
);
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 0));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 60));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 120));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 180));
|
||||
assert!(!pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 190));
|
||||
assert!(pool.media_is_expired(&pool.lookup_media(&tape1_uuid)?, 240));
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
@ -53,16 +53,10 @@ fn create_info_protected(snapshot: &str, partial: bool) -> BackupInfo {
|
||||
#[test]
|
||||
fn test_prune_protected() -> Result<(), Error> {
|
||||
let orig_list = vec![
|
||||
create_info_protected(
|
||||
"host/elsa/2019-11-15T09:39:15Z",
|
||||
false,
|
||||
),
|
||||
create_info_protected("host/elsa/2019-11-15T09:39:15Z", false),
|
||||
create_info("host/elsa/2019-11-15T10:39:15Z", false),
|
||||
create_info("host/elsa/2019-11-15T10:49:15Z", false),
|
||||
create_info_protected(
|
||||
"host/elsa/2019-11-15T10:59:15Z",
|
||||
false,
|
||||
),
|
||||
create_info_protected("host/elsa/2019-11-15T10:59:15Z", false),
|
||||
];
|
||||
|
||||
eprintln!("{:?}", orig_list);
|
||||
@ -194,7 +188,7 @@ fn test_prune_simple() -> Result<(), Error> {
|
||||
create_info("host/elsa/2019-12-04T11:59:15Z", false),
|
||||
create_info("host/elsa/2019-12-04T12:59:15Z", false),
|
||||
];
|
||||
|
||||
|
||||
// keep-last tests
|
||||
|
||||
let list = orig_list.clone();
|
||||
|
Loading…
Reference in New Issue
Block a user