def test_expand_defacl():
from ldap2pg.privilege import DefAcl, Acl, Grant, UserError
priv = DefAcl('select', grant='ALTER FOR GRANT SELECT')
item0 = Grant('select', Grant.ALL_DATABASES, schema=Grant.ALL_SCHEMAS)
item1 = Grant('select', ['postgres'], schema=['information_schema'])
assert repr(item0.schema)
set_ = Acl([item0, item1])
items = sorted(
set_.expandgrants(
aliases=dict(select=['select']),
privileges={priv.name: priv},
databases=dict(
postgres=dict(information_schema=['postgres'], ),
template1=dict(information_schema=['postgres'], ),
),
),
key=lambda x: x.dbname,
)
assert 3 == len(items)
assert 'postgres' == items[0].dbname
assert 'template1' == items[2].dbname
with pytest.raises(UserError):
list(
set_.expandgrants(
aliases=dict(select=['select']),
privileges={priv.name: priv},
databases=dict(),
))
def test_postprocess_grants():
from ldap2pg.manager import SyncManager, Grant, Acl
from ldap2pg.privilege import DefAcl
manager = SyncManager(
privileges=dict(ro=DefAcl(name='ro')),
privilege_aliases=dict(ro=['ro']),
)
# No owners
acl = manager.postprocess_acl(Acl(), schemas=dict())
assert 0 == len(acl)
acl = Acl([Grant(privilege='ro', dbname=['db'], schema=None)])
acl = manager.postprocess_acl(
acl, schemas=dict(db=dict(
public=['postgres', 'owner'],
ns=['owner'],
)),
)
# One grant per schema, per owner
assert 3 == len(acl)