def test_diff_not_rename():
from ldap2pg.role import Role, RoleSet
pgmanagedroles = RoleSet()
pgallroles = pgmanagedroles.union({
Role('ambigue_from'),
Role('AMBIGUE_FROM'),
Role('Ambigue_To'),
Role('bothmin'),
Role('BothMix'),
})
ldaproles = RoleSet([
Role('Ambigue_From'),
Role('ambigue_to'),
Role('AMBIGUE_TO'),
Role('bothmin'),
Role('Bothmin'),
Role('BothMix'),
Role('bothmix'),
])
queries = [q.args[0] for q in pgmanagedroles.diff(ldaproles, pgallroles)]
assert not fnfilter(queries, '* RENAME TO *')
assert fnfilter(queries, '*CREATE ROLE "Ambigue_From"*')
assert fnfilter(queries, '*CREATE ROLE "ambigue_to"*')
assert fnfilter(queries, '*CREATE ROLE "AMBIGUE_TO"*')
def test_diff():
from ldap2pg.role import Role, RoleSet
pgmanagedroles = RoleSet([
Role('drop-me'),
Role('alter-me', members=['rename-me']),
Role('nothing'),
Role('public'),
Role('rename-me'),
])
pgallroles = pgmanagedroles.union({
Role('reuse-me'),
Role('dont-touch-me'),
})
ldaproles = RoleSet([
Role('reuse-me'),
Role('alter-me', options=dict(LOGIN=True), members=['Rename-Me']),
Role('nothing'),
Role('create-me'),
Role('Rename-Me'),
])
queries = [q.args[0] for q in pgmanagedroles.diff(ldaproles, pgallroles)]
assert fnfilter(queries, 'ALTER ROLE "alter-me" WITH* LOGIN*;')
assert fnfilter(queries, 'CREATE ROLE "create-me" *;')
assert fnfilter(queries, '*DROP ROLE "drop-me";*')
assert not fnfilter(queries, 'CREATE ROLE "reuse-me" *')
assert not fnfilter(queries, '*nothing*')
assert not fnfilter(queries, '*dont-touch-me*')
assert not fnfilter(queries, '*public*')
def test_resolve_membership():
from ldap2pg.role import RoleSet, Role
alice = Role('alice')
bob = Role('bob', members=['oscar'])
oscar = Role('oscar', parents=['alice', 'bob'])
roles = RoleSet([alice, bob, oscar])
roles.resolve_membership()
assert not oscar.parents
assert 'oscar' in alice.members
def test_diff_rename_members():
from ldap2pg.role import Role, RoleSet
pgmanagedroles = RoleSet()
pgallroles = pgmanagedroles.union({
Role('parent', members=['min2mix', 'min2min']),
Role('min2mix'),
Role('min2min'),
})
ldaproles = RoleSet([
Role('parent', members=['Min2Mix', 'min2min']),
Role('Min2Mix'),
Role('min2min'),
])
queries = [q.args[0] for q in pgmanagedroles.diff(ldaproles, pgallroles)]
# Don't modify membership.
assert not fnfilter(queries, '*GRANT*')
assert not fnfilter(queries, '*REVOKE*')
def test_diff_rename():
from ldap2pg.role import Role, RoleSet
pgmanagedroles = RoleSet([
Role('min2min'),
Role('min2mix'),
Role('min2maj'),
])
pgallroles = pgmanagedroles.union({
Role('Mix2Min'),
Role('Mix2Mix'),
Role('Mix2Maj'),
Role('MAJ2MIN'),
Role('MAJ2MIX'),
Role('MAJ2MAJ'),
})
ldaproles = RoleSet([
Role('min2min'),
Role('Min2Mix'),
Role('MIN2MAJ'),
Role('mix2min'),
Role('Mix2Mix'),
Role('MIX2MAJ'),
Role('maj2min'),
Role('Maj2Mix'),
Role('MAJ2MAJ'),
])
queries = [q.args[0] for q in pgmanagedroles.diff(ldaproles, pgallroles)]
assert fnfilter(queries, '*"MAJ2MIX" RENAME TO "Maj2Mix";')
assert fnfilter(queries, '*"MAJ2MIN" RENAME TO "maj2min";')
assert fnfilter(queries, '*"min2mix" RENAME TO "Min2Mix";')
assert fnfilter(queries, '*"min2maj" RENAME TO "MIN2MAJ";')
assert fnfilter(queries, '*"Mix2Maj" RENAME TO "MIX2MAJ";')
assert fnfilter(queries, '*"Mix2Min" RENAME TO "mix2min";')
assert not fnfilter(queries, '*CREATE ROLE*')
def test_resolve_membership():
from ldap2pg.role import RoleSet, Role
alice = Role('alice')
bob = Role('bob', members=['oscar'])
oscar = Role('oscar', parents=['alice', 'bob'])
roles = RoleSet([alice, bob, oscar])
roles.resolve_membership()
assert not oscar.parents
assert 'oscar' in alice.members
alice.parents = ['unknown']
with pytest.raises(ValueError):
roles.resolve_membership()
def test_flatten():
from ldap2pg.role import RoleSet, Role
roles = RoleSet()
roles.add(Role('parent0', members=['child0', 'child1']))
roles.add(Role('parent1', members=['child2', 'child3']))
roles.add(Role('parent2', members=['child4']))
roles.add(Role('child0', members=['subchild0']))
roles.add(Role('child1', members=['subchild1', 'subchild2']))
roles.add(Role('child2', members=['outer0']))
roles.add(Role('child3'))
roles.add(Role('child4'))
roles.add(Role('subchild0'))
roles.add(Role('subchild1'))
roles.add(Role('subchild2'))
order = list(roles.flatten())
wanted = [
'subchild0',
'child0',
'subchild1',
'subchild2',
'child1',
'child2',
'child3',
'child4',
'parent0',
'parent1',
'parent2',
]
assert wanted == order