def test_role_rule(): from ldap2pg.role import RoleRule from ldap2pg.utils import Settable r = RoleRule( names=['static', 'prefix_{cn}', '{uid}_{member}'], parents=['{uid}', '{member.cn}'], members=[], comment='From {dn}', options={'SUPERUSER': True}, ) assert 5 == len(r.all_fields) assert repr(r) d = r.as_dict() assert 'SUPERUSER' in d['options'] assert ['static', 'prefix_{cn}', '{uid}_{member}'] == d['names'] assert [] == d['members'] assert ['{uid}', '{member.cn}'] == d['parents'] assert 'From {dn}' == d['comment'] vars_ = dict( dn=['cn=group,ou=groups'], cn=['cn'], uid=['uid'], member=[ Settable(_str='cn=m0', cn=['m0']), Settable(_str='cn=m1', cn=['m1']), ], ) roles = list(r.generate(vars_)) assert 4 == len(roles)
def test_role_rule_not_enough_comment(): from ldap2pg.role import RoleRule, CommentError r = RoleRule( names=['{member}'], comment='From {less}', ) vars_ = dict(dn=['cn=group,ou=groups'], member=['m0', 'm1', 'm2'], less=['l0', 'l1']) with pytest.raises(CommentError): list(r.generate(vars_))
def test_role_rule_multiple_comment(): from ldap2pg.role import RoleRule r = RoleRule( names=['{member}'], comment='From {member}', ) vars_ = dict( dn=['cn=group,ou=groups'], member=['m0', 'm1'], ) roles = list(r.generate(vars_)) assert 2 == len(roles)
def test_role_rule_no_comment(): from ldap2pg.role import RoleRule, CommentError r = RoleRule( names=['{member}'], comment='From {desc}', ) vars_ = dict( dn=['cn=group,ou=groups'], desc=[], member=['m0', 'm1'], ) with pytest.raises(CommentError): list(r.generate(vars_))
def test_role_rule_too_many_comments(): from ldap2pg.role import RoleRule, CommentError r = RoleRule( names=['{member}'], comment='From {more}', ) vars_ = dict( dn=['cn=group,ou=groups'], member=['m0', 'm1'], more=['0', '1', '2'], ) with pytest.raises(CommentError): list(r.generate(vars_))
def test_rule(): from ldap2pg.role import RoleRule r = RoleRule( names=['static', 'prefix_{cn}', '{uid}_{member}'], parents=['{uid}', '{member.cn}'], members=[], comment='From {dn}', options={'SUPERUSER': True}, ) map_ = r.attributes_map assert '__self__' in map_ assert 'uid' in map_['__self__'] assert 'member' not in map_['__self__'] assert 'member' in map_ assert 5 == len(r.all_fields) assert repr(r) d = r.as_dict() assert 'SUPERUSER' in d['options'] assert ['static', 'prefix_{cn}', '{uid}_{member}'] == d['names'] assert [] == d['members'] assert ['{uid}', '{member.cn}'] == d['parents'] assert 'From {dn}' == d['comment'] vars_ = dict( __self__=[dict( dn=['cn=group,ou=groups'], cn=['cn'], uid=['uid'], )], member=[ dict( dn=['cn=m0'], cn=['m0'], ), dict( dn=['cn=m1'], cn=['m1'], ), ], ) roles = list(r.generate(vars_)) assert 4 == len(roles)
def test_inspect_roles_duplicate_differents_options(mocker): from ldap2pg.manager import SyncManager, UserError from ldap2pg.role import RoleRule manager = SyncManager() syncmap = [ dict(roles=[ RoleRule(names=['group0']), RoleRule(names=['group1']), RoleRule(names=['bob'], options=dict(LOGIN=True)), RoleRule(names=['bob'], options=dict(LOGIN=False)), ]) ] with pytest.raises(UserError): manager.inspect_ldap(syncmap=syncmap)
def test_role_rule_dynamic_comments(): from ldap2pg.role import RoleRule r = RoleRule( names=['{member}'], comment='From {member}', ) vars_ = dict( __self__=[dict( dn=['cn=group,ou=groups'], member=['m0', 'm1'], )]) roles = list(r.generate(vars_)) assert 2 == len(roles) for role in roles: assert role.name in role.comment
def test_inspect_ldap_unexpected_dn(mocker): ga = mocker.patch('ldap2pg.manager.get_attribute') ql = mocker.patch('ldap2pg.manager.SyncManager.query_ldap') from ldap2pg.manager import SyncManager, RDNError, UserError from ldap2pg.role import RoleRule manager = SyncManager() ga.side_effect = values = [ ['member0_cn', RDNError(), 'member1_cn'], ] ql.return_value = [('dn0', {}, {})] list( manager.inspect_ldap([ dict( description="Test query desc", ldap=dict(on_unexpected_dn='warn'), roles=[RoleRule(names=['{member.cn}'])], ) ])) ga.reset_mock() ga.side_effect = values list( manager.inspect_ldap([ dict(ldap=dict(on_unexpected_dn='ignore'), roles=[RoleRule(names=['{member.cn}'])]) ])) ga.reset_mock() ga.side_effect = values with pytest.raises(UserError): list( manager.inspect_ldap( [dict( ldap=dict(), roles=[RoleRule(names=['{member.cn}'])], )]))
def test_inspect_roles_merge_duplicates(mocker): from ldap2pg.manager import SyncManager from ldap2pg.role import RoleRule manager = SyncManager() syncmap = [ dict(roles=[ RoleRule(names=['group0']), RoleRule(names=['group1']), RoleRule(names=['bob'], parents=['group0']), RoleRule(names=['bob'], parents=['group1']), ]), ] ldaproles, _ = manager.inspect_ldap(syncmap=syncmap) ldaproles = {r: r for r in ldaproles} assert 'group0' in ldaproles assert 'group1' in ldaproles assert 'bob' in ldaproles assert 3 == len(ldaproles) assert 2 == len(ldaproles['bob'].parents)
def test_inspect_ldap_unexpected_dn(mocker): ql = mocker.patch('ldap2pg.manager.SyncManager.query_ldap') from ldap2pg.manager import SyncManager, UserError, LDAPEntry from ldap2pg.role import RoleRule manager = SyncManager() ql.return_value = [ LDAPEntry('dn0', { 'member': ['cn=member0', 'baddn=o0', 'cn=member1'], }) ] list( manager.inspect_ldap([ dict( description="Test query desc", ldapsearch=dict(on_unexpected_dn='warn'), roles=[RoleRule(names=['{member.cn}'])], ) ])) list( manager.inspect_ldap([ dict(ldapsearch=dict(on_unexpected_dn='ignore'), roles=[RoleRule(names=['{member.cn}'])]) ])) with pytest.raises(UserError): list( manager.inspect_ldap([ dict( ldapsearch=dict(), roles=[RoleRule(names=['{member.cn}'])], ) ]))
def test_inspect_ldap_missing_attribute(mocker): ql = mocker.patch('ldap2pg.manager.SyncManager.query_ldap') from ldap2pg.manager import SyncManager, UserError from ldap2pg.role import RoleRule manager = SyncManager() # Don't return member attribute. ql.return_value = [('dn0', {}, {})] with pytest.raises(UserError) as ei: list( manager.inspect_ldap([ dict( ldap=dict(base='...'), # Request member attribute. roles=[RoleRule(names=['{member.cn}'])], ) ])) assert 'Missing attribute member' in str(ei.value)