def test_inspect_acls(mocker):
mod = 'ldap2pg.manager.'
psql = mocker.MagicMock()
psql.itersessions.return_value = [('postgres', psql)]
dbl = mocker.patch(mod + 'SyncManager.fetch_database_list', autospec=True)
dbl.return_value = ['postgres']
mocker.patch(mod + 'SyncManager.process_pg_roles', autospec=True)
pa = mocker.patch(mod + 'SyncManager.process_pg_acl_items', autospec=True)
la = mocker.patch(mod + 'SyncManager.apply_grant_rules', autospec=True)
from ldap2pg.manager import SyncManager, AclItem
from ldap2pg.acl import Acl
from ldap2pg.utils import make_group_map
acl_dict = dict(
noinspect=Acl(name='noinspect'),
ro=Acl(name='ro', inspect='SQL'),
)
pa.return_value = [AclItem('ro', 'postgres', None, 'alice')]
la.return_value = [AclItem('ro', 'postgres', None, 'alice')]
manager = SyncManager(
psql=psql, ldapconn=mocker.Mock(), acl_dict=acl_dict,
acl_aliases=make_group_map(acl_dict)
)
syncmap = dict(db=dict(schema=[dict(roles=[], grant=dict(acl='ro'))]))
databases, _, pgacls, _, ldapacls = manager.inspect(syncmap=syncmap)
assert 1 == len(pgacls)
assert 1 == len(ldapacls)
def test_postprocess_acl_bad_database():
from ldap2pg.manager import SyncManager, Grant, Acl, UserError
from ldap2pg.privilege import NspAcl
from ldap2pg.utils import make_group_map
privileges = dict(ro=NspAcl(name='ro', inspect='SQL'))
manager = SyncManager(
privileges=privileges, privilege_aliases=make_group_map(privileges),
)
acl = Acl([Grant('ro', ['inexistantdb'], None, 'alice')])
schemas = dict(postgres=dict(public=['postgres']))
with pytest.raises(UserError) as ei:
manager.postprocess_acl(acl, schemas)
assert 'inexistantdb' in str(ei.value)
def test_make_map():
from ldap2pg.utils import make_group_map
values = dict(v0=0, v1=1)
groups = dict(g0=['v0'], g1=['v1', 'g0'], g2=['g1', 'g0'])
aliases = make_group_map(values, groups)
wanted = dict(
v0=['v0'],
v1=['v1'],
g0=['v0'],
g1=['v0', 'v1'],
g2=['v0', 'v1'],
)
assert wanted == aliases
def test_inspect_ldap_grants(mocker):
la = mocker.patch(
'ldap2pg.manager.SyncManager.apply_grant_rules', autospec=True)
from ldap2pg.manager import SyncManager, Grant
from ldap2pg.privilege import NspAcl
from ldap2pg.utils import make_group_map
privileges = dict(ro=NspAcl(name='ro'))
la.return_value = [Grant('ro', 'postgres', None, 'alice')]
manager = SyncManager(
psql=mocker.Mock(), ldapconn=mocker.Mock(), privileges=privileges,
privilege_aliases=make_group_map(privileges)
)
syncmap = [dict(roles=[], grant=dict(privilege='ro'))]
_, grants = manager.inspect_ldap(syncmap=syncmap)
assert 1 == len(grants)
def test_inspect_ldap_grants(mocker):
from ldap2pg.manager import SyncManager
from ldap2pg.privilege import Grant, NspAcl
from ldap2pg.utils import make_group_map
privileges = dict(ro=NspAcl(name='ro'))
manager = SyncManager(
psql=mocker.Mock(),
ldapconn=mocker.Mock(),
privileges=privileges,
privilege_aliases=make_group_map(privileges),
inspector=mocker.Mock(name='inspector'),
)
manager.inspector.roles_blacklist = ['blacklisted']
rule = mocker.Mock(name='grant')
rule.generate.return_value = [
Grant('ro', 'postgres', None, 'alice'),
Grant('ro', 'postgres', None, 'blacklisted'),
]
syncmap = [dict(roles=[], grant=[rule])]
_, grants = manager.inspect_ldap(syncmap=syncmap)
assert 1 == len(grants)