def test_sync_roles_single_role_definition_three_grants(self): syncer = RBACDefinitionsDBSyncer() # One role with two grants permission_grants = [{ 'resource_uid': 'pack:mapack1', 'permission_types': ['pack_all'] }, { 'resource_uid': 'pack:mapack2', 'permission_types': ['rule_view', 'action_view'] }, { 'permission_types': ['sensor_list', 'action_list'] }] api = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2', permission_grants=permission_grants) created_role_dbs, deleted_role_dbs = syncer.sync_roles( role_definition_apis=[api]) self.assertEqual(len(created_role_dbs), 1) self.assertItemsEqual(deleted_role_dbs, []) self.assertEqual(created_role_dbs[0].name, 'test_role_2') self.assertEqual(created_role_dbs[0].description, 'test description 2') self.assertEqual(len(created_role_dbs[0].permission_grants), 3) # Assert role and grants have been created in the DB self.assertRoleDBObjectExists(role_db=created_role_dbs[0]) for permission_grant_id in created_role_dbs[0].permission_grants: self.assertGrantDBObjectExists(permission_grant_id) grant_db = PermissionGrant.get_by_id( str(created_role_dbs[0].permission_grants[0])) self.assertEqual(grant_db.resource_uid, permission_grants[0]['resource_uid']) self.assertEqual(grant_db.resource_type, 'pack') self.assertEqual(grant_db.permission_types, permission_grants[0]['permission_types']) grant_db = PermissionGrant.get_by_id( str(created_role_dbs[0].permission_grants[2])) self.assertEqual(grant_db.resource_uid, None) self.assertEqual(grant_db.resource_type, None) self.assertEqual(grant_db.permission_types, permission_grants[2]['permission_types'])
def test_sync_roles_single_role_definition_three_grants(self): syncer = RBACDefinitionsDBSyncer() # One role with two grants permission_grants = [ { 'resource_uid': 'pack:mapack1', 'permission_types': ['pack_all'] }, { 'resource_uid': 'pack:mapack2', 'permission_types': ['rule_view', 'action_view'] }, { 'permission_types': ['sensor_list', 'action_list'] } ] api = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2', permission_grants=permission_grants) created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api]) self.assertEqual(len(created_role_dbs), 1) self.assertItemsEqual(deleted_role_dbs, []) self.assertEqual(created_role_dbs[0].name, 'test_role_2') self.assertEqual(created_role_dbs[0].description, 'test description 2') self.assertEqual(len(created_role_dbs[0].permission_grants), 3) # Assert role and grants have been created in the DB self.assertRoleDBObjectExists(role_db=created_role_dbs[0]) for permission_grant_id in created_role_dbs[0].permission_grants: self.assertGrantDBObjectExists(permission_grant_id) grant_db = PermissionGrant.get_by_id(str(created_role_dbs[0].permission_grants[0])) self.assertEqual(grant_db.resource_uid, permission_grants[0]['resource_uid']) self.assertEqual(grant_db.resource_type, 'pack') self.assertEqual(grant_db.permission_types, permission_grants[0]['permission_types']) grant_db = PermissionGrant.get_by_id(str(created_role_dbs[0].permission_grants[2])) self.assertEqual(grant_db.resource_uid, None) self.assertEqual(grant_db.resource_type, None) self.assertEqual(grant_db.permission_types, permission_grants[2]['permission_types'])
def assertGrantDBObjectExists(self, permission_grant_id): result = PermissionGrant.get_by_id(str(permission_grant_id)) self.assertTrue(result) self.assertEqual(permission_grant_id, str(result.id))
def assertGrantDBObjectExists(self, permission_grant_id): result = PermissionGrant.get_by_id(str(permission_grant_id)) self.assertTrue(result) self.assertEqual(permission_grant_id, str(result.id))