def test_diff_acls(mocker): from ldap2pg.acl import Acl, AclItem from ldap2pg.manager import SyncManager acl = Acl(name='connect', revoke='REVOKE {role}', grant='GRANT {role}') nogrant = Acl(name='nogrant', revoke='REVOKE') norvk = Acl(name='norvk', grant='GRANT') m = SyncManager(acl_dict={a.name: a for a in [acl, nogrant, norvk]}) item0 = AclItem(acl=acl.name, dbname='backend', role='daniel') pgacls = set([ item0, AclItem(acl=acl.name, dbname='backend', role='alice'), AclItem(acl=norvk.name, role='torevoke'), ]) ldapacls = set([ item0, AclItem(acl=acl.name, dbname='backend', role='david'), AclItem(acl=nogrant.name, role='togrant'), ]) queries = [q.args[0] for q in m.diff(pgacls=pgacls, ldapacls=ldapacls)] assert not fnfilter(queries, "REVOKE daniel*") assert fnfilter(queries, "REVOKE alice*") assert fnfilter(queries, "GRANT david*")
def test_diff_roles(mocker): from ldap2pg.manager import SyncManager, Role, RoleSet m = SyncManager() pgroles = RoleSet([ Role('drop-me'), Role('alter-me'), Role('nothing'), ]) ldaproles = RoleSet([ Role('alter-me', options=dict(LOGIN=True)), Role('nothing'), Role('create-me') ]) queries = [q.args[0] for q in m.diff(pgroles, set(), ldaproles, set())] assert fnfilter(queries, "ALTER ROLE alter-me WITH* LOGIN*;") assert fnfilter(queries, "CREATE ROLE create-me *;") assert fnfilter(queries, '*DROP ROLE drop-me;*') assert not fnfilter(queries, '*nothing*')