def test_inspect_roles(mocker): p = mocker.patch('ldap2pg.manager.SyncManager.process_pg_roles') ql = mocker.patch('ldap2pg.manager.SyncManager.query_ldap') r = mocker.patch('ldap2pg.manager.SyncManager.process_ldap_entry') psql = mocker.MagicMock() from ldap2pg.manager import SyncManager, Role p.return_value = {Role(name='spurious')} ql.return_value = [mocker.Mock(name='entry')] r.side_effect = [{Role(name='alice')}, {Role(name='bob')}] manager = SyncManager(psql=psql, ldapconn=mocker.Mock()) # Minimal effective syncmap syncmap = dict(db=dict(s=[ dict(roles=[]), dict( ldap=dict(base='ou=users,dc=tld', filter='*', attributes=['cn']), roles=[dict(), dict()], ), ])) manager.inspect(syncmap=syncmap) assert 2 is r.call_count, "sync did not iterate over each rules."
def test_inspect_acls(mocker): mod = 'ldap2pg.manager.' psql = mocker.MagicMock() psql.itersessions.return_value = [('postgres', psql)] dbl = mocker.patch(mod + 'SyncManager.fetch_database_list', autospec=True) dbl.return_value = ['postgres'] mocker.patch(mod + 'SyncManager.process_pg_roles', autospec=True) pa = mocker.patch(mod + 'SyncManager.process_pg_acl_items', autospec=True) la = mocker.patch(mod + 'SyncManager.apply_grant_rules', autospec=True) from ldap2pg.manager import SyncManager, AclItem from ldap2pg.acl import Acl from ldap2pg.utils import make_group_map acl_dict = dict( noinspect=Acl(name='noinspect'), ro=Acl(name='ro', inspect='SQL'), ) pa.return_value = [AclItem('ro', 'postgres', None, 'alice')] la.return_value = [AclItem('ro', 'postgres', None, 'alice')] manager = SyncManager( psql=psql, ldapconn=mocker.Mock(), acl_dict=acl_dict, acl_aliases=make_group_map(acl_dict) ) syncmap = dict(db=dict(schema=[dict(roles=[], grant=dict(acl='ro'))])) databases, _, pgacls, _, ldapacls = manager.inspect(syncmap=syncmap) assert 1 == len(pgacls) assert 1 == len(ldapacls)