def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
syncer = RBACDefinitionsDBSyncer()
# Initial state, DB is empty, we sync with two roles defined on disk
self.assertEqual(len(Role.get_all()), 0)
api1 = RoleDefinitionFileFormatAPI(name='test_role_1',
description='test description 1',
permission_grants=[])
api2 = RoleDefinitionFileFormatAPI(name='test_role_2',
description='test description 2',
permission_grants=[])
created_role_dbs, deleted_role_dbs = syncer.sync_roles(
role_definition_apis=[api1, api2])
self.assertEqual(len(created_role_dbs), 2)
self.assertItemsEqual(deleted_role_dbs, [])
# Assert role and grants have been created in the DB
self.assertEqual(len(Role.get_all()), 2)
self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
self.assertRoleDBObjectExists(role_db=created_role_dbs[1])
# We sync again, this time with one role (role 1) removed locally
created_role_dbs, deleted_role_dbs = syncer.sync_roles(
role_definition_apis=[api2])
self.assertEqual(len(created_role_dbs), 1)
self.assertEqual(len(deleted_role_dbs), 2)
# Assert role and grants have been created in the DB
self.assertEqual(len(Role.get_all()), 1)
self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
self.assertEqual(Role.get_all()[0].name, 'test_role_2')
def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
syncer = RBACDefinitionsDBSyncer()
# Initial state, DB is empty, we sync with two roles defined on disk
self.assertEqual(len(Role.get_all()), 0)
api1 = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
permission_grants=[])
api2 = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2',
permission_grants=[])
created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api1, api2])
self.assertEqual(len(created_role_dbs), 2)
self.assertItemsEqual(deleted_role_dbs, [])
# Assert role and grants have been created in the DB
self.assertEqual(len(Role.get_all()), 2)
self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
self.assertRoleDBObjectExists(role_db=created_role_dbs[1])
# We sync again, this time with one role (role 1) removed locally
created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api2])
self.assertEqual(len(created_role_dbs), 1)
self.assertEqual(len(deleted_role_dbs), 2)
# Assert role and grants have been created in the DB
self.assertEqual(len(Role.get_all()), 1)
self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
self.assertEqual(Role.get_all()[0].name, 'test_role_2')
def get_all_roles(exclude_system=False):
"""
Retrieve all the available roles.
:param exclude_system: True to exclude system roles.
:type exclude_system: ``bool``
:rtype: ``list`` of :class:`RoleDB`
"""
if exclude_system:
result = Role.query(system=False)
else:
result = Role.get_all()
return result
def get_all_roles(exclude_system=False):
"""
Retrieve all the available roles.
:param exclude_system: True to exclude system roles.
:type exclude_system: ``bool``
:rtype: ``list`` of :class:`RoleDB`
"""
if exclude_system:
result = Role.query(system=False)
else:
result = Role.get_all()
return result
