def test_inspect_acls(mocker): mod = 'ldap2pg.manager.' psql = mocker.MagicMock() psql.itersessions.return_value = [('postgres', psql)] dbl = mocker.patch(mod + 'SyncManager.fetch_database_list', autospec=True) dbl.return_value = ['postgres'] mocker.patch(mod + 'SyncManager.process_pg_roles', autospec=True) pa = mocker.patch(mod + 'SyncManager.process_pg_acl_items', autospec=True) la = mocker.patch(mod + 'SyncManager.apply_grant_rules', autospec=True) from ldap2pg.manager import SyncManager, AclItem from ldap2pg.acl import Acl from ldap2pg.utils import make_group_map acl_dict = dict( noinspect=Acl(name='noinspect'), ro=Acl(name='ro', inspect='SQL'), ) pa.return_value = [AclItem('ro', 'postgres', None, 'alice')] la.return_value = [AclItem('ro', 'postgres', None, 'alice')] manager = SyncManager( psql=psql, ldapconn=mocker.Mock(), acl_dict=acl_dict, acl_aliases=make_group_map(acl_dict) ) syncmap = dict(db=dict(schema=[dict(roles=[], grant=dict(acl='ro'))])) databases, _, pgacls, _, ldapacls = manager.inspect(syncmap=syncmap) assert 1 == len(pgacls) assert 1 == len(ldapacls)
def test_postprocess_acl_bad_database(): from ldap2pg.manager import SyncManager, Grant, Acl, UserError from ldap2pg.privilege import NspAcl from ldap2pg.utils import make_group_map privileges = dict(ro=NspAcl(name='ro', inspect='SQL')) manager = SyncManager( privileges=privileges, privilege_aliases=make_group_map(privileges), ) acl = Acl([Grant('ro', ['inexistantdb'], None, 'alice')]) schemas = dict(postgres=dict(public=['postgres'])) with pytest.raises(UserError) as ei: manager.postprocess_acl(acl, schemas) assert 'inexistantdb' in str(ei.value)
def test_make_map(): from ldap2pg.utils import make_group_map values = dict(v0=0, v1=1) groups = dict(g0=['v0'], g1=['v1', 'g0'], g2=['g1', 'g0']) aliases = make_group_map(values, groups) wanted = dict( v0=['v0'], v1=['v1'], g0=['v0'], g1=['v0', 'v1'], g2=['v0', 'v1'], ) assert wanted == aliases
def test_inspect_ldap_grants(mocker): la = mocker.patch( 'ldap2pg.manager.SyncManager.apply_grant_rules', autospec=True) from ldap2pg.manager import SyncManager, Grant from ldap2pg.privilege import NspAcl from ldap2pg.utils import make_group_map privileges = dict(ro=NspAcl(name='ro')) la.return_value = [Grant('ro', 'postgres', None, 'alice')] manager = SyncManager( psql=mocker.Mock(), ldapconn=mocker.Mock(), privileges=privileges, privilege_aliases=make_group_map(privileges) ) syncmap = [dict(roles=[], grant=dict(privilege='ro'))] _, grants = manager.inspect_ldap(syncmap=syncmap) assert 1 == len(grants)
def test_inspect_ldap_grants(mocker): from ldap2pg.manager import SyncManager from ldap2pg.privilege import Grant, NspAcl from ldap2pg.utils import make_group_map privileges = dict(ro=NspAcl(name='ro')) manager = SyncManager( psql=mocker.Mock(), ldapconn=mocker.Mock(), privileges=privileges, privilege_aliases=make_group_map(privileges), inspector=mocker.Mock(name='inspector'), ) manager.inspector.roles_blacklist = ['blacklisted'] rule = mocker.Mock(name='grant') rule.generate.return_value = [ Grant('ro', 'postgres', None, 'alice'), Grant('ro', 'postgres', None, 'blacklisted'), ] syncmap = [dict(roles=[], grant=[rule])] _, grants = manager.inspect_ldap(syncmap=syncmap) assert 1 == len(grants)