def test_role_sql_is_correct(self): f = open(os.path.join(settings.EXAMPLES_DIR, 'role.yml')) conf = yaml.safe_load(f) perms = new(conf) postgres_perms = postgres.new(perms) plan = postgres_perms.plan() sql = [x.sql for x in plan] self.assertEqual([ '''DO $do$ BEGIN IF NOT EXISTS ( SELECT FROM pg_catalog.pg_roles WHERE rolname = 'test_group') THEN CREATE GROUP test_group; END IF; END $do$;''', '''DO $do$ BEGIN IF NOT EXISTS ( SELECT FROM pg_catalog.pg_roles WHERE rolname = 'test_group_2') THEN CREATE GROUP test_group_2; END IF; END $do$;''' ], sql)
def test_role_permissions_sql_is_correct(self): f = open(os.path.join(settings.EXAMPLES_DIR, 'role_permissions.yml')) conf = yaml.safe_load(f) perms = new(conf) postgres_perms = postgres.new(perms) plan = postgres_perms.plan() sql = [x.sql for x in plan] self.assertEqual([ '''DO $do$ BEGIN IF NOT EXISTS ( SELECT FROM pg_catalog.pg_roles WHERE rolname = 'admin') THEN CREATE GROUP admin; END IF; END $do$;''', 'ALTER GROUP admin ADD USER user_admin;', '''DO $do$ BEGIN IF NOT EXISTS ( SELECT FROM pg_catalog.pg_roles WHERE rolname = 'readonly') THEN CREATE GROUP readonly; END IF; END $do$;''', 'ALTER GROUP readonly ADD USER user_reg;', '\nGRANT ALL ON SCHEMA public TO admin;\n\n', 'GRANT SELECT ON ALL TABLES IN SCHEMA public TO readonly;' ], sql)
def main(): parser = argparse.ArgumentParser(description='Manage database permissions') parser.add_argument('operation', type=str, choices=('apply', 'plan', 'graph', 'export'), help='dpt operation to perform') parser.add_argument('--db', type=str, choices=('postgres', 'redshift'), help='target database system') parser.add_argument('--connection-string', type=str, help='db connection string') parser.add_argument('--config', type=str, help='config file') cli_args = parser.parse_args() if cli_args.operation == 'export': raise NotImplementedError ''' if cli_args.db == 'redshift': redshift.export(cli_args.connection_string) else: return ''' # load the config file conf = None with open(cli_args.config, 'r') as stream: try: conf = yaml.safe_load(stream) except yaml.YAMLError as exc: print(exc) # parse the config file into a dpt graph perms = graph.new(conf) if cli_args.operation == 'graph': pdot = nx.drawing.nx_pydot.to_pydot(perms.graph) name = 'build/{}.png'.format('out') print('saving graph: "{}"'.format(name)) pdot.write_png(name) return if cli_args.db == 'postgres': postgres_perms = postgres.new( perms, cli_args.connection_string, ) if cli_args.operation == 'plan': print('\n\n'.join(stmnt.sql for stmnt in postgres_perms.plan())) elif cli_args.operation == 'apply': postgres_perms.apply() else: raise NotImplementedError
def test_new_graph_policies(self): f = open(os.path.join(settings.EXAMPLES_DIR, 'role_permissions.yml')) conf = yaml.safe_load(f) perms = new(conf) nodes = perms.graph.nodes(data=True) attrs = [attr for n, attr in nodes] self.assertEqual([{ 'id': 'user_admin', 'type': 'USER' }, { 'id': 'user_reg', 'type': 'USER' }, { 'id': 'public', 'type': 'SCHEMA' }, { 'id': 'admin', 'type': 'ROLE' }, { 'id': 'readonly', 'type': 'ROLE' }, { 'id': 'admin', 'type': 'POLICY', 'subject': { 'id': 'admin', 'type': 'ROLE' }, 'target': { 'id': 'public', 'type': 'SCHEMA' }, 'permissions': { 'all': True } }, { 'id': 'readonly', 'type': 'POLICY', 'subject': { 'id': 'readonly', 'type': 'ROLE' }, 'target': { 'id': 'public', 'type': 'SCHEMA' }, 'permissions': { 'select': True } }], attrs)
def test_new_graph_with_users_correct_node_count(self): perms = new({ 'users': [{ 'id': 'user_id_1' }], 'roles': [{ 'id': 'new_group', 'users': [{ 'id': 'user_id_1', }] }] }) nodes = perms.graph.nodes(data=True) self.assertEqual(2, len(nodes), nodes) attrs = [attr for n, attr in nodes] self.assertEqual([{ 'id': 'user_id_1', 'type': 'USER' }, { 'id': 'new_group', 'type': 'ROLE' }], attrs)