def test_process_grant():
from ldap2pg.validators import grantrule
rule = grantrule(
dict(
acl='ro',
database='postgres',
schema='public',
role='{cn}',
)).as_dict()
assert 'schemas' in rule
assert 'databases' in rule
assert 'privilege' in rule
assert 'acl' not in rule
assert 'roles' in rule
rule = grantrule(
dict(
acl='ro',
database='postgres',
schema='public',
role_attribute='cn',
)).as_dict()
assert 'role_attribute' not in rule
assert '{cn}' in rule['roles']
with pytest.raises(ValueError):
grantrule([])
with pytest.raises(ValueError):
grantrule(dict(missing_privilege=True))
with pytest.raises(ValueError):
grantrule(dict(privilege='toto', role='toto', spurious=True))
with pytest.raises(ValueError):
grantrule(dict(privilege='missing role*'))
def test_extract_static_rules_grants():
from ldap2pg.config import extract_static_rules
from ldap2pg.validators import grantrule
kw = dict(privilege='ro')
config = dict(sync_map=[
dict(
ldap=dict(filter="(filter)"),
grants=[
grantrule(dict(role="static", database=["static"], **kw)),
grantrule(dict(role="{dynamic}", **kw)),
grantrule(dict(roles=["mixed", "{dynamic}"], **kw)),
grantrule(dict(role="dyndatabase", database="{dyn}", **kw)),
grantrule(dict(role="dynschema", schema="{dynamic}", **kw)),
grantrule(dict(role="dynpriv", privilege="{dynamic}")),
],
),
])
extract_static_rules(config)
wanted = dict(sync_map=[
dict(grants=[
grantrule(dict(role="static", database=["static"], **kw)),
]),
dict(grants=[
grantrule(dict(role="mixed", **kw)),
]),
dict(
ldap=dict(filter="(filter)"),
grants=[
grantrule(dict(role="{dynamic}", **kw)),
grantrule(dict(roles=["{dynamic}"], **kw)),
grantrule(dict(role="dyndatabase", database="{dyn}", **kw)),
grantrule(dict(role="dynschema", schema="{dynamic}", **kw)),
grantrule(dict(role="dynpriv", privilege="{dynamic}")),
],
),
])
assert wanted == config