def test_sync_roles_locally_removed_roles_are_removed_from_db(self): syncer = RBACDefinitionsDBSyncer() # Initial state, DB is empty, we sync with two roles defined on disk self.assertEqual(len(Role.get_all()), 0) api1 = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1', permission_grants=[]) api2 = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2', permission_grants=[]) created_role_dbs, deleted_role_dbs = syncer.sync_roles( role_definition_apis=[api1, api2]) self.assertEqual(len(created_role_dbs), 2) self.assertItemsEqual(deleted_role_dbs, []) # Assert role and grants have been created in the DB self.assertEqual(len(Role.get_all()), 2) self.assertRoleDBObjectExists(role_db=created_role_dbs[0]) self.assertRoleDBObjectExists(role_db=created_role_dbs[1]) # We sync again, this time with one role (role 1) removed locally created_role_dbs, deleted_role_dbs = syncer.sync_roles( role_definition_apis=[api2]) self.assertEqual(len(created_role_dbs), 1) self.assertEqual(len(deleted_role_dbs), 2) # Assert role and grants have been created in the DB self.assertEqual(len(Role.get_all()), 1) self.assertRoleDBObjectExists(role_db=created_role_dbs[0]) self.assertEqual(Role.get_all()[0].name, 'test_role_2')
def test_sync_roles_single_role_definition_two_grants(self): syncer = RBACDefinitionsDBSyncer() # One role with two grants permission_grants = [{ 'resource_uid': 'pack:mapack1', 'permission_types': ['pack_all'] }, { 'resource_uid': 'pack:mapack2', 'permission_types': ['rule_view', 'action_view'] }] api = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2', permission_grants=permission_grants) created_role_dbs, deleted_role_dbs = syncer.sync_roles( role_definition_apis=[api]) self.assertEqual(len(created_role_dbs), 1) self.assertItemsEqual(deleted_role_dbs, []) self.assertEqual(created_role_dbs[0].name, 'test_role_2') self.assertEqual(created_role_dbs[0].description, 'test description 2') self.assertEqual(len(created_role_dbs[0].permission_grants), 2) # Assert role and grants have been created in the DB self.assertRoleDBObjectExists(role_db=created_role_dbs[0]) for permission_grant_id in created_role_dbs[0].permission_grants: self.assertGrantDBObjectExists(permission_grant_id)
def load_role_definition_from_file(self, file_path): """ Load role definition from file. :param file_path: Path to the role definition file. :type file_path: ``str`` :return: Role definition. :rtype: :class:`RoleDefinitionFileFormatAPI` """ content = self._meta_loader.load(file_path) role_definition_api = RoleDefinitionFileFormatAPI(**content) role_definition_api.validate() return role_definition_api
def load_role_definition_from_file(self, file_path): """ Load role definition from file. :param file_path: Path to the role definition file. :type file_path: ``str`` :return: Role definition. :rtype: :class:`RoleDefinitionFileFormatAPI` """ content = self._meta_loader.load(file_path) if not content: msg = ('Role definition file "%s" is empty and invalid' % file_path) raise ValueError(msg) role_definition_api = RoleDefinitionFileFormatAPI(**content) role_definition_api = role_definition_api.validate() return role_definition_api
def test_sync_roles_single_role_definition_no_grants(self): syncer = RBACDefinitionsDBSyncer() # One role with no grants api = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1', permission_grants=[]) created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api]) self.assertEqual(len(created_role_dbs), 1) self.assertItemsEqual(deleted_role_dbs, []) self.assertEqual(created_role_dbs[0].name, 'test_role_1') self.assertEqual(created_role_dbs[0].description, 'test description 1') self.assertItemsEqual(created_role_dbs[0].permission_grants, []) # Assert role has been created in the DB self.assertRoleDBObjectExists(role_db=created_role_dbs[0])