1#!/usr/bin/env perl 2 3use strict; use warnings; 4 5BEGIN { $ENV{DANCER_ENVDIR} = '/dev/null'; } 6 7use Test::More 1.302083; 8use Test::File::ShareDir::Dist { 'App-Netdisco' => 'share/' }; 9 10BEGIN { 11 use_ok( 'App::Netdisco::Configuration', 'check_acl' ); 12 use_ok( 'App::Netdisco::Util::Permission', 'check_acl' ); 13} 14 15use Dancer qw/:script !pass/; 16 17my @conf = ( 18 # +ve match -ve match 19 'localhost', '!www.example.com', # 0, 1 20 '127.0.0.1', '!192.0.2.1', # 2, 3 21 '::1', '!2001:db8::1', # 4, 5 22 '127.0.0.0/29', '!192.0.2.0/24', # 6, 7 23 '::1/128', '!2001:db8::/32', # 8, 9 24 25 '127.0.0.1-10', '!192.0.2.1-10', # 10,11 26 '::1-10', '!2001:db8::1-10', # 12,13 27 28 qr/^localhost$/, qr/^www.example.com$/, # 14,15 29 qr/(?!:www.example.com)/, '!127.0.0.0/29', # 16,17 30 '!127.0.0.1-10', qr/(?!:localhost)/, # 18,19 31 32 'op:and', # 20 33 'group:groupreftest', # 21 34 '!group:groupreftest', # 22 35); 36 37# name, ipv4, ipv6, v4 prefix, v6 prefix 38ok(check_acl('localhost',[$conf[0]]), 'same name'); 39ok(check_acl('127.0.0.1',[$conf[2]]), 'same ipv4'); 40ok(check_acl('::1',[$conf[4]]), 'same ipv6'); 41ok(check_acl('127.0.0.0/29',[$conf[6]]), 'same v4 prefix'); 42ok(check_acl('::1/128',[$conf[8]]), 'same v6 prefix'); 43 44# failed name, ipv4, ipv6, v4 prefix, v6 prefix 45is(check_acl('www.microsoft.com',[$conf[0]]), 0, 'failed name'); 46is(check_acl('172.20.0.1',[$conf[2]]), 0, 'failed ipv4'); 47is(check_acl('2001:db8::5',[$conf[4]]), 0, 'failed ipv6'); 48is(check_acl('172.16.1.3/29',[$conf[6]]), 0, 'failed v4 prefix'); 49is(check_acl('2001:db8:f00d::/64',[$conf[8]]), 0, 'failed v6 prefix'); 50 51# negated name, ipv4, ipv6, v4 prefix, v6 prefix 52ok(check_acl('localhost',[$conf[1]]), 'not same name'); 53ok(check_acl('127.0.0.1',[$conf[3]]), 'not same ipv4'); 54ok(check_acl('::1',[$conf[5]]), 'not same ipv6'); 55ok(check_acl('127.0.0.0/29',[$conf[7]]), 'not same v4 prefix'); 56ok(check_acl('::1/128',[$conf[9]]), 'not same v6 prefix'); 57 58# v4 range, v6 range 59ok(check_acl('127.0.0.1',[$conf[10]]), 'in v4 range'); 60ok(check_acl('::1',[$conf[12]]), 'in v6 range'); 61 62# failed v4 range, v6 range 63is(check_acl('172.20.0.1',[$conf[10]]), 0, 'failed v4 range'); 64is(check_acl('2001:db8::5',[$conf[12]]), 0, 'failed v6 range'); 65 66# negated v4 range, v6 range 67ok(check_acl('127.0.0.1',[$conf[11]]), 'not in v4 range'); 68ok(check_acl('::1',[$conf[13]]), 'not in v6 range'); 69 70# hostname regexp 71# FIXME ok(check_acl('localhost',[$conf[14]]), 'name regexp'); 72# FIXME ok(check_acl('127.0.0.1',[$conf[14]]), 'IP regexp'); 73is(check_acl('www.google.com',[$conf[14]]), 0, 'failed regexp'); 74 75# OR of prefix, range, regexp, property (2 of, 3 of, 4 of) 76ok(check_acl('127.0.0.1',[@conf[8,0]]), 'OR: prefix, name'); 77ok(check_acl('127.0.0.1',[@conf[8,12,0]]), 'OR: prefix, range, name'); 78ok(check_acl('127.0.0.1',[@conf[8,12,15,0]]), 'OR: prefix, range, regexp, name'); 79 80# OR of negated prefix, range, regexp, property (2 of, 3 of, 4 of) 81ok(check_acl('127.0.0.1',[@conf[17,0]]), 'OR: !prefix, name'); 82ok(check_acl('127.0.0.1',[@conf[17,18,0]]), 'OR: !prefix, !range, name'); 83ok(check_acl('127.0.0.1',[@conf[17,18,19,0]]), 'OR: !prefix, !range, !regexp, name'); 84 85# AND of prefix, range, regexp, property (2 of, 3 of, 4 of) 86ok(check_acl('127.0.0.1',[@conf[6,0,20]]), 'AND: prefix, name'); 87ok(check_acl('127.0.0.1',[@conf[6,10,0,20]]), 'AND: prefix, range, name'); 88# FIXME ok(check_acl('127.0.0.1',[@conf[6,10,14,0,20]]), 'AND: prefix, range, regexp, name'); 89 90# failed AND on prefix, range, regexp 91is(check_acl('127.0.0.1',[@conf[8,10,14,0,20]]), 0, 'failed AND: prefix!, range, regexp, name'); 92is(check_acl('127.0.0.1',[@conf[6,12,14,0,20]]), 0, 'failed AND: prefix, range!, regexp, name'); 93is(check_acl('127.0.0.1',[@conf[6,10,15,0,20]]), 0, 'failed AND: prefix, range, regexp!, name'); 94 95# AND of negated prefix, range, regexp, property (2 of, 3 of, 4 of) 96ok(check_acl('127.0.0.1',[@conf[9,0,20]]), 'AND: !prefix, name'); 97ok(check_acl('127.0.0.1',[@conf[7,11,0,20]]), 'AND: !prefix, !range, name'); 98ok(check_acl('127.0.0.1',[@conf[9,13,16,0,20]]), 'AND: !prefix, !range, !regexp, name'); 99 100# group ref 101is(check_acl('192.0.2.1',[$conf[22]]), 1, '!missing group ref'); 102is(check_acl('192.0.2.1',[$conf[21]]), 0, 'failed missing group ref'); 103setting('host_groups')->{'groupreftest'} = ['192.0.2.1']; 104is(check_acl('192.0.2.1',[$conf[21]]), 1, 'group ref'); 105is(check_acl('192.0.2.1',[$conf[22]]), 0, 'failed !missing group ref'); 106 107# scalar promoted to list 108ok(check_acl('localhost',$conf[0]), 'scalar promoted'); 109ok(check_acl('localhost',$conf[1]), 'not scalar promoted'); 110is(check_acl('www.microsoft.com',$conf[0]), 0, 'failed scalar promoted'); 111 112# device property 113# negated device property 114 115done_testing; 116