def test_postprocess_acl_inexistant_privilege():
from ldap2pg.manager import SyncManager, Acl, Grant, UserError
manager = SyncManager()
with pytest.raises(UserError):
manager.postprocess_acl(
acl=Acl([Grant('inexistant')]),
schemas=dict(postgres=dict(public=['postgres'])),
)
def test_postprocess_grants():
from ldap2pg.manager import SyncManager, Grant, Acl
from ldap2pg.privilege import DefAcl
manager = SyncManager(
privileges=dict(ro=DefAcl(name='ro')),
privilege_aliases=dict(ro=['ro']),
)
# No owners
acl = manager.postprocess_acl(Acl(), schemas=dict())
assert 0 == len(acl)
acl = Acl([Grant(privilege='ro', dbname=['db'], schema=None)])
acl = manager.postprocess_acl(
acl, schemas=dict(db=dict(
public=['postgres', 'owner'],
ns=['owner'],
)),
)
# One grant per schema, per owner
assert 3 == len(acl)
def test_postprocess_acl_bad_database():
from ldap2pg.manager import SyncManager, Grant, Acl, UserError
from ldap2pg.privilege import NspAcl
from ldap2pg.utils import make_group_map
privileges = dict(ro=NspAcl(name='ro', inspect='SQL'))
manager = SyncManager(
privileges=privileges, privilege_aliases=make_group_map(privileges),
)
acl = Acl([Grant('ro', ['inexistantdb'], None, 'alice')])
schemas = dict(postgres=dict(public=['postgres']))
with pytest.raises(UserError) as ei:
manager.postprocess_acl(acl, schemas)
assert 'inexistantdb' in str(ei.value)