def test_diff_acls(mocker):
from ldap2pg.acl import Acl, AclItem
from ldap2pg.manager import SyncManager
acl = Acl(name='connect', revoke='REVOKE {role}', grant='GRANT {role}')
nogrant = Acl(name='nogrant', revoke='REVOKE')
norvk = Acl(name='norvk', grant='GRANT')
m = SyncManager(acl_dict={a.name: a for a in [acl, nogrant, norvk]})
item0 = AclItem(acl=acl.name, dbname='backend', role='daniel')
pgacls = set([
item0,
AclItem(acl=acl.name, dbname='backend', role='alice'),
AclItem(acl=norvk.name, role='torevoke'),
])
ldapacls = set([
item0,
AclItem(acl=acl.name, dbname='backend', role='david'),
AclItem(acl=nogrant.name, role='togrant'),
])
queries = [q.args[0] for q in m.diff(pgacls=pgacls, ldapacls=ldapacls)]
assert not fnfilter(queries, "REVOKE daniel*")
assert fnfilter(queries, "REVOKE alice*")
assert fnfilter(queries, "GRANT david*")
def test_diff_roles(mocker):
from ldap2pg.manager import SyncManager, Role, RoleSet
m = SyncManager()
pgroles = RoleSet([
Role('drop-me'),
Role('alter-me'),
Role('nothing'),
])
ldaproles = RoleSet([
Role('alter-me', options=dict(LOGIN=True)),
Role('nothing'),
Role('create-me')
])
queries = [q.args[0] for q in m.diff(pgroles, set(), ldaproles, set())]
assert fnfilter(queries, "ALTER ROLE alter-me WITH* LOGIN*;")
assert fnfilter(queries, "CREATE ROLE create-me *;")
assert fnfilter(queries, '*DROP ROLE drop-me;*')
assert not fnfilter(queries, '*nothing*')