Exemplo n.º 1
0
    def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
        syncer = RBACDefinitionsDBSyncer()

        # Initial state, DB is empty, we sync with two roles defined on disk
        self.assertEqual(len(Role.get_all()), 0)

        api1 = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                           permission_grants=[])
        api2 = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2',
                                           permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api1, api2])
        self.assertEqual(len(created_role_dbs), 2)
        self.assertItemsEqual(deleted_role_dbs, [])

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 2)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertRoleDBObjectExists(role_db=created_role_dbs[1])

        # We sync again, this time with one role (role 1) removed locally
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api2])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertEqual(len(deleted_role_dbs), 2)

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 1)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertEqual(Role.get_all()[0].name, 'test_role_2')
Exemplo n.º 2
0
    def test_sync_roles_locally_removed_roles_are_removed_from_db(self):
        syncer = RBACDefinitionsDBSyncer()

        # Initial state, DB is empty, we sync with two roles defined on disk
        self.assertEqual(len(Role.get_all()), 0)

        api1 = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                           permission_grants=[])
        api2 = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2',
                                           permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api1, api2])
        self.assertEqual(len(created_role_dbs), 2)
        self.assertItemsEqual(deleted_role_dbs, [])

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 2)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertRoleDBObjectExists(role_db=created_role_dbs[1])

        # We sync again, this time with one role (role 1) removed locally
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api2])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertEqual(len(deleted_role_dbs), 2)

        # Assert role and grants have been created in the DB
        self.assertEqual(len(Role.get_all()), 1)
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
        self.assertEqual(Role.get_all()[0].name, 'test_role_2')
Exemplo n.º 3
0
    def test_sync_roles_no_definitions(self):
        syncer = RBACDefinitionsDBSyncer()

        # No definitions
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[])
        self.assertItemsEqual(created_role_dbs, [])
        self.assertItemsEqual(deleted_role_dbs, [])
Exemplo n.º 4
0
    def test_sync_roles_single_role_definition_two_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with two grants
        permission_grants = [
            {
                'resource_uid': 'pack:mapack1',
                'permission_types': ['pack_all']
            },
            {
                'resource_uid': 'pack:mapack2',
                'permission_types': ['rule_view', 'action_view']
            }
        ]
        api = RoleDefinitionFileFormatAPI(name='test_role_2', description='test description 2',
                                          permission_grants=permission_grants)
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_2')
        self.assertEqual(created_role_dbs[0].description, 'test description 2')
        self.assertEqual(len(created_role_dbs[0].permission_grants), 2)

        # Assert role and grants have been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])

        for permission_grant_id in created_role_dbs[0].permission_grants:
            self.assertGrantDBObjectExists(permission_grant_id)
Exemplo n.º 5
0
    def test_sync_roles_no_definitions(self):
        syncer = RBACDefinitionsDBSyncer()

        # No definitions
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[])
        self.assertItemsEqual(created_role_dbs, [])
        self.assertItemsEqual(deleted_role_dbs, [])
Exemplo n.º 6
0
    def test_sync_roles_single_role_definition_two_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with two grants
        permission_grants = [{
            'resource_uid': 'pack:mapack1',
            'permission_types': ['pack_all']
        }, {
            'resource_uid': 'pack:mapack2',
            'permission_types': ['rule_view', 'action_view']
        }]
        api = RoleDefinitionFileFormatAPI(name='test_role_2',
                                          description='test description 2',
                                          permission_grants=permission_grants)
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(
            role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_2')
        self.assertEqual(created_role_dbs[0].description, 'test description 2')
        self.assertEqual(len(created_role_dbs[0].permission_grants), 2)

        # Assert role and grants have been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])

        for permission_grant_id in created_role_dbs[0].permission_grants:
            self.assertGrantDBObjectExists(permission_grant_id)
Exemplo n.º 7
0
    def test_sync_roles_single_role_definition_no_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with no grants
        api = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                          permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_1')
        self.assertEqual(created_role_dbs[0].description, 'test description 1')
        self.assertItemsEqual(created_role_dbs[0].permission_grants, [])

        # Assert role has been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])
Exemplo n.º 8
0
    def test_sync_roles_single_role_definition_no_grants(self):
        syncer = RBACDefinitionsDBSyncer()

        # One role with no grants
        api = RoleDefinitionFileFormatAPI(name='test_role_1', description='test description 1',
                                          permission_grants=[])
        created_role_dbs, deleted_role_dbs = syncer.sync_roles(role_definition_apis=[api])
        self.assertEqual(len(created_role_dbs), 1)
        self.assertItemsEqual(deleted_role_dbs, [])
        self.assertEqual(created_role_dbs[0].name, 'test_role_1')
        self.assertEqual(created_role_dbs[0].description, 'test description 1')
        self.assertItemsEqual(created_role_dbs[0].permission_grants, [])

        # Assert role has been created in the DB
        self.assertRoleDBObjectExists(role_db=created_role_dbs[0])