diff --git a/MANIFEST b/MANIFEST index 1847a693..d05a392c 100644 --- a/MANIFEST +++ b/MANIFEST @@ -420,8 +420,9 @@ share/views/sidebar/report/subnets.tt share/views/sidebar/search/device.tt share/views/sidebar/search/node.tt share/views/sidebar/search/port.tt -t/10-sort_port.t -t/11-portsort.t -t/html/portsort.html -t/js/qunit-tap.js -t/js/run_qunit.js +xt/10-sort_port.t +xt/11-portsort.t +xt/20-checkacl.t +xt/html/portsort.html +xt/js/qunit-tap.js +xt/js/run_qunit.js diff --git a/t/10-sort_port.t b/xt/10-sort_port.t similarity index 100% rename from t/10-sort_port.t rename to xt/10-sort_port.t diff --git a/t/11-portsort.t b/xt/11-portsort.t old mode 100755 new mode 100644 similarity index 100% rename from t/11-portsort.t rename to xt/11-portsort.t diff --git a/xt/20-checkacl.t b/xt/20-checkacl.t new file mode 100644 index 00000000..a9b7cb3d --- /dev/null +++ b/xt/20-checkacl.t @@ -0,0 +1,94 @@ +#!/usr/bin/env perl + +use strict; use warnings FATAL => 'all'; +use Test::More 1.302083; + +BEGIN { + use_ok( 'App::Netdisco::Util::Permission', 'check_acl' ); +} + +my @conf = ( + # +ve match -ve match + 'localhost', '!www.example.com', # 0, 1 + '127.0.0.1', '!192.0.2.1', # 2, 3 + '::1', '!2001:db8::1', # 4, 5 + '127.0.0.0/29', '!192.0.2.0/24', # 6, 7 + '::1/128', '!2001:db8::/32', # 8, 9 + + '127.0.0.1-10', '!192.0.2.1-10', # 10,11 + '::1-10', '!2001:db8::1-10', # 12,13 + + qr/^localhost$/, qr/^www.example.com$/, # 14,15 + qr/(?!:www.example.com)/, '!127.0.0.0/29', # 16,17 + '!127.0.0.1-10', qr/(?!:localhost)/, # 18,19 + + 'op:and', # 20 +); + +# name, ipv4, ipv6, v4 prefix, v6 prefix +ok(check_acl('localhost',[$conf[0]]), 'same name'); +ok(check_acl('127.0.0.1',[$conf[2]]), 'same ipv4'); +ok(check_acl('::1',[$conf[4]]), 'same ipv6'); +ok(check_acl('127.0.0.0/29',[$conf[6]]), 'same v4 prefix'); +ok(check_acl('::1/128',[$conf[8]]), 'same v6 prefix'); + +# failed name, ipv4, ipv6, v4 prefix, v6 prefix +is(check_acl('www.microsoft.com',[$conf[0]]), 0, 'failed name'); +is(check_acl('172.20.0.1',[$conf[2]]), 0, 'failed ipv4'); +is(check_acl('2001:db8::5',[$conf[4]]), 0, 'failed ipv6'); +is(check_acl('172.16.1.3/29',[$conf[6]]), 0, 'failed v4 prefix'); +is(check_acl('2001:db8:f00d::/64',[$conf[8]]), 0, 'failed v6 prefix'); + +# negated name, ipv4, ipv6, v4 prefix, v6 prefix +ok(check_acl('localhost',[$conf[1]]), 'not same name'); +ok(check_acl('127.0.0.1',[$conf[3]]), 'not same ipv4'); +ok(check_acl('::1',[$conf[5]]), 'not same ipv6'); +ok(check_acl('127.0.0.0/29',[$conf[7]]), 'not same v4 prefix'); +ok(check_acl('::1/128',[$conf[9]]), 'not same v6 prefix'); + +# v4 range, v6 range +ok(check_acl('127.0.0.1',[$conf[10]]), 'in v4 range'); +ok(check_acl('::1',[$conf[12]]), 'in v6 range'); + +# failed v4 range, v6 range +is(check_acl('172.20.0.1',[$conf[10]]), 0, 'failed v4 range'); +is(check_acl('2001:db8::5',[$conf[12]]), 0, 'failed v6 range'); + +# negated v4 range, v6 range +ok(check_acl('127.0.0.1',[$conf[11]]), 'not in v4 range'); +ok(check_acl('::1',[$conf[13]]), 'not in v6 range'); + +# hostname regexp +ok(check_acl('localhost',[$conf[14]]), 'name regexp'); +ok(check_acl('127.0.0.1',[$conf[14]]), 'IP regexp'); +is(check_acl('www.google.com',[$conf[14]]), 0, 'failed regexp'); + +# OR of prefix, range, regexp, property (2 of, 3 of, 4 of) +ok(check_acl('127.0.0.1',[@conf[8,0]]), 'OR: prefix, name'); +ok(check_acl('127.0.0.1',[@conf[8,12,0]]), 'OR: prefix, range, name'); +ok(check_acl('127.0.0.1',[@conf[8,12,15,0]]), 'OR: prefix, range, regexp, name'); + +# OR of negated prefix, range, regexp, property (2 of, 3 of, 4 of) +ok(check_acl('127.0.0.1',[@conf[17,0]]), 'OR: !prefix, name'); +ok(check_acl('127.0.0.1',[@conf[17,18,0]]), 'OR: !prefix, !range, name'); +ok(check_acl('127.0.0.1',[@conf[17,18,19,0]]), 'OR: !prefix, !range, !regexp, name'); + +# AND of prefix, range, regexp, property (2 of, 3 of, 4 of) +ok(check_acl('127.0.0.1',[@conf[6,0,20]]), 'AND: prefix, name'); +ok(check_acl('127.0.0.1',[@conf[6,10,0,20]]), 'AND: prefix, range, name'); +ok(check_acl('127.0.0.1',[@conf[6,10,14,0,20]]), 'AND: prefix, range, regexp, name'); + +# failed AND on prefix, range, regexp +is(check_acl('127.0.0.1',[@conf[8,10,14,0,20]]), 0, 'failed AND: prefix!, range, regexp, name'); +is(check_acl('127.0.0.1',[@conf[6,12,14,0,20]]), 0, 'failed AND: prefix, range!, regexp, name'); +is(check_acl('127.0.0.1',[@conf[6,10,15,0,20]]), 0, 'failed AND: prefix, range, regexp!, name'); + +# AND of negated prefix, range, regexp, property (2 of, 3 of, 4 of) +ok(check_acl('127.0.0.1',[@conf[9,0,20]]), 'AND: !prefix, name'); +ok(check_acl('127.0.0.1',[@conf[7,11,0,20]]), 'AND: !prefix, !range, name'); +ok(check_acl('127.0.0.1',[@conf[9,13,16,0,20]]), 'AND: !prefix, !range, !regexp, name'); + +# device property +# negated device property + +done_testing; diff --git a/t/html/portsort.html b/xt/html/portsort.html similarity index 100% rename from t/html/portsort.html rename to xt/html/portsort.html diff --git a/t/js/qunit-tap.js b/xt/js/qunit-tap.js similarity index 100% rename from t/js/qunit-tap.js rename to xt/js/qunit-tap.js diff --git a/t/js/run_qunit.js b/xt/js/run_qunit.js similarity index 100% rename from t/js/run_qunit.js rename to xt/js/run_qunit.js