1 files changed, 75 insertions, 2 deletions

diff --git a/perl/t/report.t b/perl/t/report.t
index a18b995..1dc69f7 100755
--- a/perl/t/report.t
+++ b/perl/t/report.t
@@ -1,13 +1,13 @@
 #!/usr/bin/perl -w
 #
-# t/report.t -- Tests for the wallet reporting interface.
+# Tests for the wallet reporting interface.
 #
 # Written by Russ Allbery <rra@stanford.edu>
 # Copyright 2008, 2009, 2010 Board of Trustees, Leland Stanford Jr. University
 #
 # See LICENSE for licensing terms.
 
-use Test::More tests => 83;
+use Test::More tests => 151;
 
 use Wallet::Admin;
 use Wallet::Report;
@@ -166,6 +166,79 @@ is ($server->flag_clear ('base', 'service/admin', 'unchanging'), 1,
 is (scalar (@lines), 0, ' and now there are no objects in the report');
 is ($report->error, undef, ' with no error');
 
+# All of our ACLs should be in use.
+@lines = $report->acls ('unused');
+is (scalar (@lines), 0, 'Searching for unused ACLs returns nothing');
+is ($report->error, undef, ' with no error');
+
+# Create some unused ACLs that should show up in the report.
+is ($server->acl_create ('third'), 1, 'Creating an empty ACL succeeds');
+is ($server->acl_create ('fourth'), 1, ' and creating another succeeds');
+@lines = $report->acls ('unused');
+is (scalar (@lines), 2, ' and now we see two unused ACLs');
+is ($server->error, undef, ' with no error');
+is ($lines[0][0], 4, ' and the first has the right ID');
+is ($lines[0][1], 'third', ' and the right name');
+is ($lines[1][0], 5, ' and the second has the right ID');
+is ($lines[1][1], 'fourth', ' and the right name');
+
+# Use one of those ACLs and ensure it drops out of the report.  Test that we
+# try all of the possible ACL types.
+for my $type (qw/get store show destroy flags/) {
+    is ($server->acl ('base', 'service/admin', $type, 'fourth'), 1,
+        "Setting ACL $type to fourth succeeds");
+    @lines = $report->acls ('unused');
+    is (scalar (@lines), 1, ' and now we see only one unused ACL');
+    is ($lines[0][0], 4, ' with the right ID');
+    is ($lines[0][1], 'third', ' and the right name');
+    is ($server->acl ('base', 'service/admin', $type, ''), 1,
+        ' and clearing the ACL succeeds');
+    @lines = $report->acls ('unused');
+    is (scalar (@lines), 2, ' and now we see two unused ACLs');
+    is ($lines[0][0], 4, ' and the first has the right ID');
+    is ($lines[0][1], 'third', ' and the right name');
+    is ($lines[1][0], 5, ' and the second has the right ID');
+    is ($lines[1][1], 'fourth', ' and the right name');
+}
+
+# The naming audit returns nothing if there's no naming policy.
+@lines = $report->audit ('objects', 'name');
+is (scalar (@lines), 0, 'Searching for naming violations finds none');
+is ($report->error, undef, ' with no error');
+
+# Set a naming policy and then look for objects that fail that policy.  We
+# have to deactivate this policy until now so that it doesn't prevent the
+# creation of that name originally, which is the reason for the variable
+# reference.
+our $naming_active = 1;
+package Wallet::Config;
+sub verify_name {
+    my ($type, $name) = @_;
+    return unless $naming_active;
+    return 'admin not allowed' if $name eq 'service/admin';
+    return;
+}
+package main;
+@lines = $report->audit ('objects', 'name');
+is (scalar (@lines), 1, 'Searching for naming violations finds one');
+is ($lines[0][0], 'base', ' and the first has the right type');
+is ($lines[0][1], 'service/admin', ' and the right name');
+
+# Set an ACL naming policy and then look for objects that fail that policy.
+# Use the same deactivation trick as above.
+package Wallet::Config;
+sub verify_acl_name {
+    my ($name) = @_;
+    return unless $naming_active;
+    return 'second not allowed' if $name eq 'second';
+    return;
+}
+package main;
+@lines = $report->audit ('acls', 'name');
+is (scalar (@lines), 1, 'Searching for ACL naming violations finds one');
+is ($lines[0][0], 3, ' and the first has the right ID');
+is ($lines[0][1], 'second', ' and the right name');
+
 # Clean up.
 $admin->destroy;
 unlink 'wallet-db';