[PATCH v2 6/9] Add verify_acl() helper to nfs4acl modules

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Chuck Lever <cel@kernel.org>
To: <linux-nfs@vger.kernel.org>
Cc: Calum Mackay <calum.mackay@oracle.com>,
	aurelien.couderc2002@gmail.com,
	Chuck Lever <chuck.lever@oracle.com>
Subject: [PATCH v2 6/9] Add verify_acl() helper to nfs4acl modules
Date: Tue, 25 Nov 2025 14:49:31 -0500	[thread overview]
Message-ID: <20251125194936.770792-7-cel@kernel.org> (raw)
In-Reply-To: <20251125194936.770792-1-cel@kernel.org>

From: Chuck Lever <chuck.lever@oracle.com>

I'm about to add several new tests that verify a test ACL. This is
common code for all these tests, so introduce a utility function
to verify the test ACL.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
---
 nfs4.0/nfs4acl.py | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/nfs4.0/nfs4acl.py b/nfs4.0/nfs4acl.py
index e1dfcf0ae371..5197b1238ea8 100644
--- a/nfs4.0/nfs4acl.py
+++ b/nfs4.0/nfs4acl.py
@@ -310,6 +310,45 @@ def access_mask_to_str(mask):
     ]
     return " | ".join(name for bit, name in perms if mask & bit) or "(none)"
 
+def verify_acl(returned_acl, expected_acl):
+    """Verify that returned ACL contains expected ACEs
+
+    Server may add additional ACEs, but the requested ones must be present
+    with at least the requested permissions.
+
+    Raises AssertionError if verification fails.
+    """
+    if len(returned_acl) < len(expected_acl):
+        raise AssertionError(
+            "Returned ACL has fewer entries than requested: "
+            "expected at least %d, got %d" % (len(expected_acl), len(returned_acl)))
+
+    # Verify the ACEs we set are present (server may add additional ACEs)
+    for i, expected_ace in enumerate(expected_acl):
+        if i >= len(returned_acl):
+            raise AssertionError("Missing ACE %d in returned ACL" % i)
+        returned_ace = returned_acl[i]
+        if returned_ace.type != expected_ace.type:
+            raise AssertionError(
+                "ACE %d type mismatch: expected %d, got %d" %
+                (i, expected_ace.type, returned_ace.type))
+        if returned_ace.who != expected_ace.who:
+            raise AssertionError(
+                "ACE %d who mismatch: expected %s, got %s" %
+                (i, expected_ace.who, returned_ace.who))
+        # Check that requested permissions are present (server may add more)
+        if (returned_ace.access_mask & expected_ace.access_mask) != expected_ace.access_mask:
+            missing = expected_ace.access_mask & ~returned_ace.access_mask
+            raise AssertionError(
+                "ACE %d access_mask mismatch:\n"
+                "  Expected: %s\n"
+                "  Got:      %s\n"
+                "  Missing:  %s" %
+                (i,
+                 access_mask_to_str(expected_ace.access_mask),
+                 access_mask_to_str(returned_ace.access_mask),
+                 access_mask_to_str(missing)))
+
 def printableacl(acl):
     type_str = ["ACCESS", "DENY"]
     out = ""
-- 
2.51.1

next prev parent reply	other threads:[~2025-11-25 19:49 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-11-25 19:49 [PATCH v2 0/9] pynfs tests for setting ACL+MODE Chuck Lever
2025-11-25 19:49 ` [PATCH v2 1/9] Add helper to report unsupported protocol features Chuck Lever
2025-11-25 19:49 ` [PATCH v2 2/9] Add helper to format attribute bitmaps Chuck Lever
2025-11-25 19:49 ` [PATCH v2 3/9] Add a helper to compute POSIX mode bits from NFSv4 ACLs Chuck Lever
2025-11-25 19:49 ` [PATCH v2 4/9] Add access_mask_to_str() helper to nfs4.0/nfs4acl.py Chuck Lever
2025-11-25 19:49 ` [PATCH v2 5/9] Add make_test_acl() helper to nfs4acl modules Chuck Lever
2025-11-25 19:49 ` Chuck Lever [this message]
2025-11-25 19:49 ` [PATCH v2 7/9] Add verify_mode_and_acl() " Chuck Lever
2025-11-25 19:49 ` [PATCH v2 8/9] Add tests for SETATTR with MODE and ACL Chuck Lever
2025-11-25 19:49 ` [PATCH v2 9/9] Add tests for OPEN(create) with ACLs Chuck Lever

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e1dfcf0ae37 dfblob:5197b1238ea )
 OR (
bs:"[PATCH v2 6/9] Add verify_acl() helper to nfs4acl modules" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20251125194936.770792-7-cel@kernel.org \
    --to=cel@kernel.org \
    --cc=aurelien.couderc2002@gmail.com \
    --cc=calum.mackay@oracle.com \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).