def test_apply_grant_rule_all_schema(mocker):
gla = mocker.patch('ldap2pg.manager.expand_attributes', autospec=True)
from ldap2pg.manager import SyncManager
manager = SyncManager()
gla.side_effect = [['alice']]
items = manager.apply_grant_rules(
grant=[
dict(
privilege='connect',
databases=['postgres'],
schema='__all__',
roles=['{cn}'],
)
],
entries=[None],
)
items = list(items)
assert 1 == len(items)
assert 'alice' == items[0].role
assert 'postgres' == items[0].dbname[0]
# Ensure __all__ schema is mapped to object
assert items[0].schema != '__all__'
def test_apply_grant_rule_nodb(mocker):
gla = mocker.patch('ldap2pg.manager.expand_attributes', autospec=True)
from ldap2pg.manager import Grant, SyncManager
manager = SyncManager()
gla.return_value = ['alice']
items = list(manager.apply_grant_rules(
grant=[dict(
privilege='connect',
database='__all__', schema='__any__',
roles=['{cn}'],
)],
entries=[None],
))
assert items[0].dbname is Grant.ALL_DATABASES
def test_apply_grant_rule_nodb(mocker):
gla = mocker.patch('ldap2pg.manager.get_ldap_attribute', autospec=True)
from ldap2pg.manager import AclItem, SyncManager
manager = SyncManager()
gla.return_value = ['alice']
items = list(manager.apply_grant_rules(
grant=[dict(
acl='connect',
database='__all__', schema='__any__',
role_attribute='cn',
)],
entries=[None],
))
assert items[0].dbname is AclItem.ALL_DATABASES
def test_apply_grant_rule_ok(mocker):
gla = mocker.patch('ldap2pg.manager.get_ldap_attribute', autospec=True)
from ldap2pg.manager import SyncManager
manager = SyncManager()
gla.side_effect = [['alice'], ['bob']]
items = manager.apply_grant_rules(
grant=[dict(
acl='connect',
database='postgres',
schema='__any__',
role_attribute='cn',
)],
entries=[None, None],
)
items = list(items)
assert 2 == len(items)
assert 'alice' == items[0].role
assert 'postgres' == items[0].dbname
# Ensure __any__ schema is mapped to None
assert items[0].schema is None
assert 'bob' == items[1].role