fog-proxmox 0.13.0 → 0.15.0

data/spec/identity_spec.rb

@@ -22,18 +22,76 @@ require_relative './proxmox_vcr'
 
 describe Fog::Proxmox::Identity do
   before :all do
-    Excon.defaults[:ssl_ca_file] = 'spec/fixtures/proxmox/pve.home'
     @proxmox_vcr = ProxmoxVCR.new(
       vcr_directory: 'spec/fixtures/proxmox/identity',
       service_class: Fog::Proxmox::Identity
     )
     @service = @proxmox_vcr.service
-    @pve_url = @proxmox_vcr.url
+    @proxmox_url = @proxmox_vcr.url
     @username = @proxmox_vcr.username
     @password = @proxmox_vcr.password
+    @tokenid = @proxmox_vcr.tokenid
+    @token = @proxmox_vcr.token
   end
 
-  it 'checks ticket with path and privs' do
+  it 'authenticates with access ticket' do
+    VCR.use_cassette('auth_access_ticket') do
+      Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                 proxmox_auth_method: Fog::Proxmox::Auth::Token::AccessTicket::NAME, proxmox_username: @username, proxmox_password: @password)
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::AccessTicket::NAME, proxmox_username: @username, proxmox_password: 'wrong_password')
+      end).must_raise Excon::Errors::Unauthorized
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url, proxmox_username: @username, proxmox_password: @password)
+      end).must_raise ArgumentError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::AccessTicket::NAME, proxmox_password: @password)
+      end).must_raise Fog::Proxmox::Auth::Token::AccessTicket::URIError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::AccessTicket::NAME, proxmox_username: @username)
+      end).must_raise Fog::Proxmox::Auth::Token::AccessTicket::URIError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_auth_method: Fog::Proxmox::Auth::Token::AccessTicket::NAME,
+                                   proxmox_username: @username, proxmox_password: 'wrong_password')
+      end).must_raise ArgumentError
+    end
+  end
+
+  it 'authenticates with user token' do
+    VCR.use_cassette('auth_user_token') do
+      Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                 proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME, proxmox_userid: @username, proxmox_tokenid: @tokenid, proxmox_token: @token)
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME, proxmox_userid: @username, proxmox_tokenid: @tokenid, proxmox_token: 'wrong_token')
+      end).must_raise Excon::Errors::Unauthorized
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME,
+                                   proxmox_userid: @username, proxmox_tokenid: @tokenid, proxmox_token: 'wrong_token')
+      end).must_raise ArgumentError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url, proxmox_userid: @username, proxmox_tokenid: @tokenid,
+                                   proxmox_token: 'wrong_token')
+      end).must_raise ArgumentError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME, proxmox_userid: @username, proxmox_token: @token)
+      end).must_raise Fog::Proxmox::Auth::Token::UserToken::URIError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME, proxmox_tokenid: @tokenid, proxmox_token: @token)
+      end).must_raise Fog::Proxmox::Auth::Token::UserToken::URIError
+      _(proc do
+        Fog::Proxmox::Identity.new(proxmox_url: @proxmox_url,
+                                   proxmox_auth_method: Fog::Proxmox::Auth::Token::UserToken::NAME, proxmox_userid: @username, proxmox_tokenid: @tokenid)
+      end).must_raise Fog::Proxmox::Auth::Token::UserToken::URIError
+    end
+  end
+
+  it 'checks access ticket with path and privs' do
     VCR.use_cassette('auth') do
       principal = { username: @username, password: @password, privs: ['User.Modify'], path: 'access', otp: 'proxmox01' }
       permissions = @service.check_permissions(principal)
@@ -44,26 +102,6 @@ describe Fog::Proxmox::Identity do
     end
   end
 
-  it 'renew expired ticket' do
-    VCR.use_cassette('renew') do
-      @connection_options = {}
-      # ignore enterprise proxy
-      @connection_options[:disable_proxy] = true if ENV['DISABLE_PROXY'] == 'true'
-      # ignore dev certificates on servers
-      @connection_options[:ssl_verify_peer] = false if ENV['SSL_VERIFY_PEER'] == 'false'
-      connection_params = {
-        pve_url: @pve_url,
-        pve_username: @username,
-        pve_password: @password,
-        pve_ticket_lifetime: - (100 * 60 * 60), # ticket has expired from 100 hours
-        connection_options: @connection_options
-      }
-      _(Fog::Proxmox.credentials_has_expired?).must_equal false
-      Fog::Proxmox.authenticate(connection_params)
-      _(Fog::Proxmox.credentials_has_expired?).must_equal true
-    end
-  end
-
   it 'reads server version' do
     VCR.use_cassette('read_version') do
       version = @service.read_version
@@ -207,7 +245,7 @@ describe Fog::Proxmox::Identity do
       _(proc do
         @service.domains.create(ldap_hash)
       end).must_raise Excon::Errors::InternalServerError
-      # # Create 2nd time must fails
+      # Create 2nd time must fails
       _(proc do
         @service.domains.create(ad_hash)
       end).must_raise Excon::Errors::InternalServerError
@@ -217,10 +255,10 @@ describe Fog::Proxmox::Identity do
       ldap.update
       # Find by id
       ad = @service.domains.get ad_hash[:realm]
-      # ad.wont_be_nil
+      _(ad).wont_be_nil
       ad.type.tfa = 'type=yubico,id=1,key=2,url=http://localhost'
       ad.update
-      # # all groups
+      # all groups
       domains_all = @service.domains.all
       _(domains_all).wont_be_nil
       _(domains_all).wont_be_empty
@@ -246,8 +284,12 @@ describe Fog::Proxmox::Identity do
         lastname: 'Sinclar',
         email: 'bobsinclar@proxmox.com'
       }
-      @service.roles.create(roleid: 'PVETestAdmin', privs: 'User.Modify,Group.Allocate')
-      role = @service.roles.get('PVETestAdmin')
+      role_hash = {
+        roleid: 'PVETestAdmin',
+        privs: 'User.Modify,Group.Allocate'
+      }
+      @service.roles.create(role_hash)
+      role = @service.roles.get(role_hash[:roleid])
       _(role).wont_be_nil
       @service.users.create(bob_hash)
       bob = @service.users.get bob_hash[:userid]
@@ -258,6 +300,10 @@ describe Fog::Proxmox::Identity do
       permissions = @service.permissions.all
       _(permissions).wont_be_empty
       _(permissions).must_include permission
+      # Read user permissions
+      _(bob.permissions).wont_be_empty
+      _(bob.permissions.keys).must_include '/access'
+      _(bob.permissions.keys).must_include '/access/groups'
       # Remove ACL to users
       permissions.destroy(type: 'user', roleid: role.roleid, path: '/access', ugid: bob.userid)
       permission = @service.permissions.get('user', role.roleid, '/access', bob.userid)
@@ -266,7 +312,8 @@ describe Fog::Proxmox::Identity do
       bob.destroy
       # Add ACL to groups
       group1 = @service.groups.create(groupid: 'group1', comment: 'Group 1')
-      permission = @service.permissions.create(type: 'group', roleid: role.roleid, path: '/access', ugid: group1.groupid)
+      permission = @service.permissions.create(type: 'group', roleid: role.roleid, path: '/access',
+                                               ugid: group1.groupid)
       _(permission).wont_be_nil
       # Read new permission
       permissions = @service.permissions.all
@@ -278,6 +325,8 @@ describe Fog::Proxmox::Identity do
       _(permissions).must_be_empty
       group1.destroy
       role.destroy
+      role = @service.roles.get(role_hash[:roleid])
+      _(role).must_be_nil
     end
   end
 
@@ -319,4 +368,49 @@ describe Fog::Proxmox::Identity do
       _(pool).must_be_nil
     end
   end
+
+  it 'CRUD user tokens' do
+    VCR.use_cassette('tokens') do
+      # Get user
+      bob_hash = {
+        userid: 'bobsinclar@pve',
+        password: 'bobsinclar1',
+        firstname: 'Bob',
+        lastname: 'Sinclar',
+        email: 'bobsinclar@proxmox.com'
+      }
+      token_hash = {
+        userid: bob_hash[:userid],
+        tokenid: 'bobsinclar1'
+      }
+      @service.users.create(bob_hash)
+      bob = @service.users.get token_hash[:userid]
+      _(bob).wont_be_nil
+      # Create Token
+      token = bob.tokens.create(token_hash)
+      token_info = token.info
+      _(token_info).wont_be_nil
+      # all user tokens
+      tokens_all = bob.tokens.all
+      _(tokens_all).wont_be_nil
+      _(tokens_all).wont_be_empty
+      _(tokens_all).must_include token
+      # Find token info by tokenid
+      token_get = bob.tokens.get(token_hash[:tokenid])
+      _(token_get).wont_be_nil
+      _(token_get).must_equal token
+      # Update
+      token.comment = 'test'
+      token.expire  = 0
+      token.privsep = 0
+      token.update
+      # Delete
+      token.destroy
+      token = bob.tokens.get token_hash[:tokenid]
+      _(token).must_be_nil
+      bob.destroy
+      bob = @service.users.get bob_hash[:userid]
+      _(bob).must_be_nil
+    end
+  end
 end

data/spec/network_spec.rb

@@ -27,11 +27,11 @@ describe Fog::Proxmox::Network do
       service_class: Fog::Proxmox::Network
     )
     @service = @proxmox_vcr.service
-    @pve_url = @proxmox_vcr.url
+    @proxmox_url = @proxmox_vcr.url
     @username = @proxmox_vcr.username
     @password = @proxmox_vcr.password
-    @ticket = @proxmox_vcr.ticket
-    @csrftoken = @proxmox_vcr.csrftoken
+    @tokenid = @proxmox_vcr.tokenid
+    @token = @proxmox_vcr.token
   end
 
   it 'CRUD networks' do

data/spec/proxmox_vcr.rb

@@ -20,35 +20,34 @@
 
 # There are basically two modes of operation for these specs.
 #
-# 1. ENV[PVE_URL] exists: talk to an actual Proxmox server and record HTTP
+# 1. ENV[PROXMOX_URL] exists: talk to an actual Proxmox server and record HTTP
 #    traffic in VCRs at "spec/debug" (credentials are read from the conventional
-#    environment variables: PVE_URL, PVE_USERNAME, PVE_PASSWORD)
+#    environment variables: PROXMOX_URL, PROXMOX_USERNAME, PROXMOX_PASSWORD)
 # 2. otherwise (Travis etc.): use VCRs at "spec/fixtures/proxmox/#{service}"
 
 require 'vcr'
+require 'fog/proxmox/auth/token'
 
 class ProxmoxVCR
   attr_reader :username,
               :password,
-              :ticket,
-              :csrftoken,
+              :tokenid,
+              :token,
               :service,
-              :url,
-              :path,
-              :deadline
+              :url
 
   def initialize(options)
     @vcr_directory = options[:vcr_directory]
     @service_class = options[:service_class]
     @connection_options = options[:connection_options] || {}
 
-    use_recorded = !ENV.key?('PVE_URL') || ENV['USE_VCR'] == 'true'
+    use_recorded = !ENV.key?('PROXMOX_URL') || ENV['USE_VCR'] == 'true'
 
     if use_recorded
       Fog.interval = 0
       @url  = 'https://192.168.56.101:8006/api2/json'
     else
-      @url  = ENV['PVE_URL']
+      @url  = ENV['PROXMOX_URL']
     end
 
     VCR.configure do |config|
@@ -65,27 +64,30 @@ class ProxmoxVCR
       config.debug_logger = nil # use $stderr to debug
     end
 
-    # ignore enterprise proxy
-    @connection_options[:disable_proxy] = true if ENV['DISABLE_PROXY'] == 'true'
-
-    # ignore dev certificates on servers
-    @connection_options[:ssl_verify_peer] = false if ENV['SSL_VERIFY_PEER'] == 'false'
-
-    VCR.use_cassette('identity_ticket') do
-      Fog::Proxmox.clear_credentials
+    VCR.use_cassette('common_auth') do
+      Fog::Proxmox.clear_token_cache
 
+      @auth_method = Fog::Proxmox::Auth::Token::AccessTicket::NAME
       @username  = 'root@pam'
       @password  = 'proxmox01'
+      @tokenid = 'root1'
+      @token = 'ed6402b4-641d-46b1-b20a-33ba9ba12f54'
 
       unless use_recorded
-        @username = ENV['PVE_USERNAME'] || options[:username] || @username
-        @password = ENV['PVE_PASSWORD'] || options[:password] || @password
+        @auth_method = ENV['PROXMOX_AUTH_METHOD'] || options[:auth_method] || @auth_method
+        @username = ENV['PROXMOX_USERNAME'] || options[:username] || @username
+        @password = ENV['PROXMOX_PASSWORD'] || options[:password] || @password
+        @tokenid = ENV['PROXMOX_TOKENID'] || options[:tokenid] || @tokenid
+        @token = ENV['PROXMOX_TOKEN'] || options[:token] || @token
       end
 
       connection_params = {
-        pve_url: @url,
-        pve_username: @username,
-        pve_password: @password,
+        proxmox_url: @url,
+        proxmox_auth_method: @auth_method,
+        proxmox_username: @username,
+        proxmox_password: @password,
+        proxmox_tokenid: @tokenid,
+        proxmox_token: @token,
         connection_options: @connection_options
       }
 

data/spec/spec_helper.rb

@@ -23,9 +23,10 @@ require 'simplecov'
 SimpleCov.start do
   add_filter '/spec/'
   add_group 'Core', 'lib/fog/proxmox'
-  add_group 'Identity', 'lib/fog/identity'
-  add_group 'Compute', 'lib/fog/compute'
-  add_group 'Network', 'lib/fog/network'
+  add_group 'Auth', 'lib/fog/proxmox/auth'
+  add_group 'Identity', 'lib/fog/proxmox/identity'
+  add_group 'Compute', 'lib/fog/proxmox/compute'
+  add_group 'Network', 'lib/fog/proxmox/network'
 end
 
 require 'minitest/autorun'

data/tasks/audit.rake

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'bundler/audit/task'
+
+Bundler::Audit::Task.new
+
+desc 'Run audit vulnerabilities'
+task audit: 'bundle:audit'

data/tasks/lint.rake

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+require 'rubocop/rake_task'
+
+RuboCop::RakeTask.new

data/tasks/test.rake

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+# Copyright 2018 Tristan Robert
+
+# This file is part of Fog::Proxmox.
+
+# Fog::Proxmox is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# Fog::Proxmox is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with Fog::Proxmox. If not, see <http://www.gnu.org/licenses/>.
+
+namespace :spec do
+  desc 'Run fog-proxmox spec/*'
+  Rake::TestTask.new do |t|
+    t.name = 'all'
+    t.description = 'Run all specs'
+    t.libs.push %w[lib spec]
+    t.pattern = 'spec/**/*_spec.rb'
+    t.verbose = true
+  end
+
+  desc 'Run fog-proxmox spec/helpers/*'
+  Rake::TestTask.new do |t|
+    t.name = 'helpers'
+    t.description = 'Run helpers tests'
+    t.libs.push %w[lib spec]
+    t.pattern = 'spec/helpers/**/*_spec.rb'
+    t.verbose = true
+  end
+
+  desc 'Run fog-proxmox spec/compute'
+  Rake::TestTask.new do |t|
+    t.name = 'compute'
+    t.description = 'Run compute API tests'
+    t.libs.push %w[lib spec]
+    t.pattern = 'spec/**/compute_spec.rb'
+    t.verbose = true
+  end
+
+  desc 'Run fog-proxmox spec/identity'
+  Rake::TestTask.new do |t|
+    t.name = 'identity'
+    t.description = 'Run identity API tests'
+    t.libs.push %w[lib spec]
+    t.pattern = 'spec/**/identity_spec.rb'
+    t.verbose = true
+  end
+
+  desc 'Run fog-proxmox spec/network'
+  Rake::TestTask.new do |t|
+    t.name = 'network'
+    t.description = 'Run network API tests'
+    t.libs.push %w[lib spec]
+    t.pattern = 'spec/**/network_spec.rb'
+    t.verbose = true
+  end
+end