示例#1
0
def test_filter_roles():
    from ldap2pg.inspector import PostgresInspector, Role

    inspector = PostgresInspector()
    inspector.roles_blacklist = ['pg_*', 'postgres']

    allroles = [
        Role('postgres'),
        Role('pg_signal_backend'),
        Role('dba', members=['alice']),
        Role('alice'),
        Role('unmanaged'),
    ]
    managedroles = {'alice', 'dba', 'public'}
    allroles, managedroles = inspector.filter_roles(allroles, managedroles)

    assert 3 == len(allroles)
    assert 3 == len(managedroles)
    assert 'dba' in allroles
    assert 'alice' in allroles
    assert 'unmanaged' in allroles
    assert 'unmanaged' not in managedroles
    assert 'postgres' not in allroles
    assert 'postgres' not in managedroles
    assert 'public' in managedroles
示例#2
0
def test_grants_cached(mocker):
    cls = 'ldap2pg.inspector.PostgresInspector'
    pg = mocker.patch(cls + '.process_grants', autospec=True)
    mocker.patch(cls + '.fetch_shared_query', autospec=True)

    from ldap2pg.inspector import Database, PostgresInspector, Schema
    from ldap2pg.privilege import NspAcl

    privileges = dict(cached=NspAcl(
        'cached', inspect=dict(shared_query='shared', keys=['CACHED'])))

    pg.return_value = []
    pool = mocker.Mock(name='pool')
    conn = pool.getconn.return_value
    conn.query.return_value = []
    inspector = PostgresInspector(pool=pool, privileges=privileges)

    db = Database('db', owner='postgres')
    db.schemas['public'] = Schema('public', owners=['owner'])
    grants = inspector.fetch_grants(
        databases=[db],
        roles=['alice', 'public'],
    )

    assert 0 == len(grants)
示例#3
0
def test_grants(mocker):
    pg = mocker.patch('ldap2pg.inspector.PostgresInspector.process_grants',
                      autospec=True)

    from ldap2pg.inspector import PostgresInspector, Grant
    from ldap2pg.privilege import NspAcl

    privileges = dict(
        noinspect=NspAcl(name='noinspect'),
        ro=NspAcl(name='ro', inspect='SQL'),
    )

    pg.return_value = [
        Grant('ro', 'db', None, 'alice'),
        Grant('ro', 'db', None, 'public'),
        Grant('ro', 'db', None, 'unmanaged'),
        Grant('ro', 'db', 'unmanaged', 'alice'),
        Grant('ro', 'db', None, 'alice', owner='unmanaged'),
    ]

    psql = mocker.MagicMock(name='psql')
    psql.itersessions.return_value = [('db', psql)]
    inspector = PostgresInspector(psql=psql, privileges=privileges)

    grants = inspector.fetch_grants(
        schemas=dict(db=dict(public=['owner'])),
        roles=['alice', 'public'],
    )

    assert 2 == len(grants)
    grantees = [a.role for a in grants]
    assert 'public' in grantees
    assert 'alice' in grantees
示例#4
0
def test_process_grants(mocker):
    from ldap2pg.inspector import PostgresInspector, UserError

    inspector = PostgresInspector()
    priv = mocker.Mock(grant_sql='IN {schema} TO {role}')
    priv.name = 'connect'
    rows = [
        (None, 'postgres', True),
        (None, 'pg_signal_backend'),  # Old signature, fallback to True
        ('public', 'alice', True),
    ]

    items = sorted(inspector.process_grants(priv, 'postgres', rows))

    assert 3 == len(items)
    item = items[0]
    assert 'connect' == item.privilege
    assert 'postgres' == item.dbname
    assert 'public' == item.schema
    assert 'alice' == item.role

    # Schema naïve privilege
    priv.grant_sql = 'TO {role}'
    rows = [('public', 'alice')]
    items = sorted(inspector.process_grants(priv, 'postgres', rows))
    assert items[0].schema is None

    with pytest.raises(UserError):
        list(inspector.process_grants(priv, 'db', [('incomplete', )]))
示例#5
0
def test_me(mocker):
    from ldap2pg.inspector import PostgresInspector

    inspector = PostgresInspector(psql=mocker.MagicMock(name='psql'), )
    inspector.inspect_me = [('postgres', True)]
    name, issuper = inspector.fetch_me()

    assert 'postgres' == name
    assert issuper
示例#6
0
def test_me(mocker):
    from ldap2pg.inspector import PostgresInspector

    inspector = PostgresInspector(pool=mocker.MagicMock(name='pool'), )
    conn = inspector.pool.getconn.return_value
    conn.queryone.return_value = ('postgres', True)
    name, issuper = inspector.fetch_me()

    assert 'postgres' == name
    assert issuper
示例#7
0
def test_format_roles_inspect_sql(mocker):
    from ldap2pg.inspector import PostgresInspector

    inspector = PostgresInspector(
        all_roles='SELECT {options}',
        custom_null=None,
        custom_list=['user'],
    )

    assert 'rolsuper' in inspector.format_roles_query()
    assert inspector.format_roles_query(name='custom_null') is None
    assert ['user'] == inspector.format_roles_query(name='custom_list')
示例#8
0
def test_process_schema_rows():
    from ldap2pg.inspector import PostgresInspector

    inspector = PostgresInspector()

    rows = ['legacy']
    my = dict(inspector.process_schemas(rows))
    assert 'legacy' in my
    assert my['legacy'] is False

    rows = [['public', ['owner']]]
    my = dict(inspector.process_schemas(rows))
    assert 'public' in my
    assert 'owner' in my['public']
示例#9
0
def test_databases(mocker):
    from ldap2pg.inspector import Database, PostgresInspector

    inspector = PostgresInspector(
        pool=mocker.MagicMock(name='pool'),
        databases=['postgres'],
    )

    conn = inspector.pool.getconn.return_value
    conn.query.return_value = [Database('postgres', 'owner')]

    databases = inspector.fetch_databases()

    assert 'postgres' in databases
示例#10
0
def test_schemas_global_owners(mocker):
    from ldap2pg.inspector import Database, PostgresInspector

    inspector = PostgresInspector(
        schemas=['public'],
        owners=['owner', 'postgres'],
    )
    inspector.roles_blacklist = ['postgres']

    db = Database('db', owner='postgres')
    inspector.fetch_schemas(databases=[db])

    assert 'public' in db.schemas
    assert 'owner' in db.schemas['public'].owners
    assert 'postgres' not in db.schemas['public'].owners
示例#11
0
def test_schemas_global_owners(mocker):
    from ldap2pg.inspector import PostgresInspector

    psql = mocker.MagicMock()
    psql.itersessions.return_value = [('db', psql)]
    inspector = PostgresInspector(psql=psql,
                                  roles_blacklist=['postgres'],
                                  schemas=['public'],
                                  owners=['owner', 'postgres'])

    schemas = inspector.fetch_schemas(databases=['db'])

    assert 'db' in schemas
    assert 'public' in schemas['db']
    assert 'owner' in schemas['db']['public']
    assert 'postgres' not in schemas['db']['public']
示例#12
0
def test_schemas_with_owners(mocker):
    from ldap2pg.inspector import Database, PostgresInspector

    inspector = PostgresInspector(schemas=[
        ('public', ['pubowner', 'postgres']),
        ('ns', ['nsowner']),
    ],
                                  owners=['owner'])

    db = Database('db', owner='postgres')
    inspector.fetch_schemas(databases=[db],
                            managedroles={'pubowner', 'nsowner'})

    assert 'public' in db.schemas
    assert 'pubowner' in db.schemas['public'].owners
    assert 'owner' not in db.schemas['public'].owners
    assert 'postgres' not in db.schemas['public'].owners
    assert 'ns' in db.schemas
    assert 'nsowner' in db.schemas['ns'].owners
示例#13
0
def test_process_grants():
    from ldap2pg.inspector import PostgresInspector, UserError

    inspector = PostgresInspector()
    rows = [
        (None, 'postgres', True),
        (None, 'pg_signal_backend'),  # Old signature, fallback to True
        ('public', 'alice', True),
    ]

    items = sorted(inspector.process_grants('connect', 'postgres', rows))

    assert 3 == len(items)
    item = items[0]
    assert 'connect' == item.privilege
    assert 'postgres' == item.dbname
    assert 'public' == item.schema
    assert 'alice' == item.role

    with pytest.raises(UserError):
        list(inspector.process_grants('priv', 'db', [('incomplete', )]))
示例#14
0
def test_roles(mocker):
    from ldap2pg.inspector import PostgresInspector

    inspector = PostgresInspector(
        psql=mocker.MagicMock(name='psql'),
        databases=['postgres'],
        all_roles=['precreated', 'spurious'],
        roles_blacklist_query=['postgres'],
        managed_roles=None,
    )

    databases, pgallroles, pgmanagedroles = inspector.fetch_roles()

    assert 'postgres' in databases
    assert 'precreated' in pgallroles
    assert 'spurious' in pgallroles
    assert pgallroles < pgmanagedroles

    inspector.queries['managed_roles'] = ['precreated']

    _, _, pgmanagedroles = inspector.fetch_roles()

    assert 'spurious' not in pgmanagedroles

    blacklist = inspector.fetch_roles_blacklist()
    assert ['postgres'] == blacklist
示例#15
0
def test_schemas_with_owners(mocker):
    from ldap2pg.inspector import PostgresInspector

    psql = mocker.MagicMock()
    psql.itersessions.return_value = [('db', psql)]
    inspector = PostgresInspector(psql=psql,
                                  schemas=[
                                      ('public', ['pubowner', 'postgres']),
                                      ('ns', ['nsowner']),
                                  ],
                                  owners=['owner'])

    schemas = inspector.fetch_schemas(databases=['db'],
                                      managedroles={'pubowner', 'nsowner'})

    assert 'db' in schemas
    assert 'public' in schemas['db']
    assert 'pubowner' in schemas['db']['public']
    assert 'owner' not in schemas['db']['public']
    assert 'postgres' not in schemas['db']['public']
    assert 'ns' in schemas['db']
    assert 'nsowner' in schemas['db']['ns']
示例#16
0
def test_grants_cached(mocker):
    cls = 'ldap2pg.inspector.PostgresInspector'
    pg = mocker.patch(cls + '.process_grants', autospec=True)
    mocker.patch(cls + '.fetch_shared_query', autospec=True)

    from ldap2pg.inspector import PostgresInspector
    from ldap2pg.privilege import NspAcl

    privileges = dict(cached=NspAcl(
        'cached', inspect=dict(shared_query='shared', keys=['CACHED'])))

    pg.return_value = []
    psql = mocker.MagicMock(name='psql')
    psql.itersessions.return_value = [('db', mocker.Mock())]
    inspector = PostgresInspector(psql=psql, privileges=privileges)

    grants = inspector.fetch_grants(
        schemas=dict(db=dict(public=['owner'])),
        roles=['alice', 'public'],
    )

    assert 0 == len(grants)
示例#17
0
def test_fetch_cached_query(mocker):
    from ldap2pg.inspector import PostgresInspector

    shared_queries = dict(shared="SELECT pouet;")
    inspector = PostgresInspector(shared_queries=shared_queries)

    psql = mocker.Mock(name='psql')
    psql.return_value = [
        ('KEY0', 'public', 'alice'),
        ('KEY0', 'public', 'alain'),
        ('KEY1', 'public', 'alice'),
        ('KEY2', 'public', 'adrien'),
        ('KEY2', 'public', 'armand'),
    ]

    rows = inspector.fetch_shared_query('shared', ['KEY0'], 'db0', psql)
    assert 2 == len(rows)

    psql.reset_mock()
    rows = inspector.fetch_shared_query('shared', ['KEY1', 'KEY2'], 'db0',
                                        psql)
    assert 3 == len(rows)
    assert not psql.called
示例#18
0
def test_grants(mocker):
    pg = mocker.patch('ldap2pg.inspector.PostgresInspector.process_grants',
                      autospec=True)

    from ldap2pg.inspector import Database, Grant, PostgresInspector, Schema
    from ldap2pg.privilege import NspAcl

    privileges = dict(
        noinspect=NspAcl(name='noinspect'),
        ro=NspAcl(name='ro', inspect='SQL'),
    )

    pg.return_value = [
        Grant('ro', 'db', None, 'alice'),
        Grant('ro', 'db', None, 'public'),
        Grant('ro', 'db', None, 'unmanaged'),
        Grant('ro', 'db', 'unmanaged', 'alice'),
        Grant('ro', 'db', None, 'alice', owner='unmanaged'),
    ]

    pool = mocker.Mock(name='pool')
    conn = pool.getconn.return_value
    conn.query.return_value = []
    inspector = PostgresInspector(pool=pool, privileges=privileges)

    db = Database('db', owner='postgres')
    db.schemas['public'] = Schema('public', owners=['owner'])
    grants = inspector.fetch_grants(
        databases=[db],
        roles=['alice', 'public'],
    )

    assert 2 == len(grants)
    grantees = [a.role for a in grants]
    assert 'public' in grantees
    assert 'alice' in grantees
示例#19
0
def test_generic_fetch(mocker):
    from ldap2pg.inspector import psycopg2, PostgresInspector, UserError

    inspector = PostgresInspector(
        raw_sql='SELECT 1;',
        flat_list=['val0'],
        tuple_list=[['val0']],
    )
    psql = mocker.Mock(name='psql', side_effect=psycopg2.ProgrammingError())

    with pytest.raises(UserError):
        inspector.fetch(psql, 'raw_sql')

    psql = mocker.Mock(name='psql', return_value=[('val0', ), ('val1', )])
    rows = inspector.fetch(psql, 'POUET;', inspector.row1)
    assert ['val0', 'val1'] == rows

    assert [] == inspector.fetch(None, None)
    assert [('val0', )] == inspector.fetch(None, 'flat_list')
    assert [['val0']] == inspector.fetch(None, 'tuple_list')
示例#20
0
def test_generic_fetch(mocker):
    from ldap2pg.inspector import psycopg2, PostgresInspector, UserError

    inspector = PostgresInspector(
        pool=mocker.Mock(name='pool'),
        raw_sql='SELECT 1;',
        flat_list=['val0'],
        tuple_list=[['val0']],
    )
    inspector.pool.getconn.side_effect = psycopg2.ProgrammingError()

    with pytest.raises(UserError):
        inspector.fetch('raw_sql')

    assert [] == inspector.fetch(None)
    assert [('val0', )] == inspector.fetch('flat_list')
    assert [['val0']] == inspector.fetch('tuple_list')