def test_inspect_roles(mocker):
p = mocker.patch('ldap2pg.manager.SyncManager.process_pg_roles')
ql = mocker.patch('ldap2pg.manager.SyncManager.query_ldap')
r = mocker.patch('ldap2pg.manager.SyncManager.process_ldap_entry')
psql = mocker.MagicMock()
from ldap2pg.manager import SyncManager, Role
p.return_value = {Role(name='spurious')}
ql.return_value = [mocker.Mock(name='entry')]
r.side_effect = [{Role(name='alice')}, {Role(name='bob')}]
manager = SyncManager(psql=psql, ldapconn=mocker.Mock())
# Minimal effective syncmap
syncmap = dict(db=dict(s=[
dict(roles=[]),
dict(
ldap=dict(base='ou=users,dc=tld', filter='*', attributes=['cn']),
roles=[dict(), dict()],
),
]))
manager.inspect(syncmap=syncmap)
assert 2 is r.call_count, "sync did not iterate over each rules."
def test_inspect_acls(mocker):
mod = 'ldap2pg.manager.'
psql = mocker.MagicMock()
psql.itersessions.return_value = [('postgres', psql)]
dbl = mocker.patch(mod + 'SyncManager.fetch_database_list', autospec=True)
dbl.return_value = ['postgres']
mocker.patch(mod + 'SyncManager.process_pg_roles', autospec=True)
pa = mocker.patch(mod + 'SyncManager.process_pg_acl_items', autospec=True)
la = mocker.patch(mod + 'SyncManager.apply_grant_rules', autospec=True)
from ldap2pg.manager import SyncManager, AclItem
from ldap2pg.acl import Acl
from ldap2pg.utils import make_group_map
acl_dict = dict(
noinspect=Acl(name='noinspect'),
ro=Acl(name='ro', inspect='SQL'),
)
pa.return_value = [AclItem('ro', 'postgres', None, 'alice')]
la.return_value = [AclItem('ro', 'postgres', None, 'alice')]
manager = SyncManager(
psql=psql, ldapconn=mocker.Mock(), acl_dict=acl_dict,
acl_aliases=make_group_map(acl_dict)
)
syncmap = dict(db=dict(schema=[dict(roles=[], grant=dict(acl='ro'))]))
databases, _, pgacls, _, ldapacls = manager.inspect(syncmap=syncmap)
assert 1 == len(pgacls)
assert 1 == len(ldapacls)