def test_remove_group_owner(ldap_connection, group):
"""removes any owners of the given group.
Args:
ldap_connection:
obj: A bound mock mock_ldap_connection
group:
obj: dict:
common_name:
str: A common name of a group AD object.
name:
str: A name of a group AD object.
"""
group_distinct_name = (
"CN=%s,OU=Roles,OU=Security,OU=Groups,DC=AD2012,DC=LAB" %
group["common_name"])
clear_role_owners(ldap_connection, group["common_name"])
update_when_changed(ldap_connection, group_distinct_name)
fake_group = get_fake_group(ldap_connection, group["common_name"])
put_in_inbound_queue(fake_group, "group")
# wait for the fake group to be ingested by rbac_ledger_sync
time.sleep(3)
role_id = get_role_id_from_cn(group["common_name"])
role_owners = get_role_owners(role_id)
assert len(role_owners) is 0
def is_user_the_role_owner(role_common_name, user_common_name):
"""Checks to see if a given user is an owner of the given role/group in
rethinkDB.
Args:
user_common_name:
str: string containing the common name of an AD user object.
role_common_name:
str: string containing the common name of an AD role/group object.
Returns:
bool:
True: if the user is an owner of the given group.
False: if the user is not an owner of the given group.
"""
role_id = get_role_id_from_cn(role_common_name)
user_distinct_name = ("CN=%s,OU=Users,OU=Accounts,DC=AD2012,DC=LAB" %
user_common_name)
next_id = get_user_next_id(remote_id=user_distinct_name)
role_owners = get_role_owners(role_id)
user_is_role_owner = False
if len(role_owners) is 1:
if role_owners[0]["related_id"] == next_id:
user_is_role_owner = True
return user_is_role_owner