def test_filter(self): directive = 'to filter=(objectClass=person) by self write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'filter') self.assertEqual(tos[0]['filter'], '(objectClass=person)') self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'self') self.assertEqual(acls[0]['operation'], 'write')
def test_attribute_value(self): directive = 'to dn.base="dc=test" by * read' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'dn') self.assertEqual(tos[0]['dn'], 'dc=test') self.assertEqual(tos[0]['style'], 'base') self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'all') self.assertEqual(acls[0]['operation'], 'read')
def test_attribute_value(self): directive = 'to attrs=userName val.regex="^$" by users write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'attribute') self.assertEqual(tos[0]['attribute'], 'userName') self.assertEqual(tos[0]['value'], '^$') self.assertEqual(tos[0]['style'], 'regex') self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'users') self.assertEqual(acls[0]['operation'], 'write')
def test_filter2(self): directive = 'to filter=(objectClass=person) attrs=userPassword by self write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 2) self.assertEqual(tos[0]['target'], 'filter') self.assertEqual(tos[0]['filter'], '(objectClass=person)') self.assertEqual(tos[1]['target'], 'attributes') self.assertEqual(tos[1]['attributes'], ['userPassword']) self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'self') self.assertEqual(acls[0]['operation'], 'write')
def test_all(self): directive = 'to * by users read by anonymous auth by self write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'all') self.assertEqual(len(acls), 3) self.assertEqual(acls[0]['by'], 'users') self.assertEqual(acls[0]['operation'], 'read') self.assertEqual(acls[1]['by'], 'anonymous') self.assertEqual(acls[1]['operation'], 'auth') self.assertEqual(acls[2]['by'], 'self') self.assertEqual(acls[2]['operation'], 'write')
def test_dn_style3(self): directive = 'to dn.regex=".+,dc=([^,]+),dc=([^,]+)$" by dn.regex="^[^,],ou=Admin,dc=$1,dc=$2$$" write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'dn') self.assertEqual(tos[0]['dn'], '.+,dc=([^,]+),dc=([^,]+)$') self.assertEqual(tos[0]['style'], 'regex') self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'dn') self.assertEqual(acls[0]['dn'], '^[^,],ou=Admin,dc=$1,dc=$2$$') self.assertEqual(acls[0]['style'], 'regex') self.assertEqual(acls[0]['operation'], 'write')
def test_dn_style2(self): directive = 'to dn.regex="(.+,)?ou=People,(dc=[^,]+,dc=[^,]+)$" attrs=userName,userPassword by users write' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 2) self.assertEqual(tos[0]['target'], 'dn') self.assertEqual(tos[0]['dn'], '(.+,)?ou=People,(dc=[^,]+,dc=[^,]+)$') self.assertEqual(tos[0]['style'], 'regex') self.assertEqual(tos[1]['target'], 'attributes') self.assertEqual(tos[1]['attributes'], ['userName', 'userPassword']) self.assertEqual(len(acls), 1) self.assertEqual(acls[0]['by'], 'users') self.assertEqual(acls[0]['operation'], 'write')
def test_attributes(self): directive = 'to attrs=userPassword by self write by anonymous none by users none' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'attributes') self.assertEqual(tos[0]['attributes'], ['userPassword']) self.assertEqual(len(acls), 3) self.assertEqual(acls[0]['by'], 'self') self.assertEqual(acls[0]['operation'], 'write') self.assertEqual(acls[1]['by'], 'anonymous') self.assertEqual(acls[1]['operation'], 'none') self.assertEqual(acls[2]['by'], 'users') self.assertEqual(acls[2]['operation'], 'none')
def test_dn_style1(self): directive = 'to dn.regex="^(.+,)?uid=([^,]+),ou=addressbook,associatedDomain=([^,]+),ou=domains,o=<basedn>$" by dn.exact="uid=$2,ou=users,associatedDomain=$3,ou=domains,o=<basedn>" write by * none' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'dn') self.assertEqual(tos[0]['dn'], '^(.+,)?uid=([^,]+),ou=addressbook,associatedDomain=([^,]+),ou=domains,o=<basedn>$') self.assertEqual(tos[0]['style'], 'regex') self.assertEqual(len(acls), 2) self.assertEqual(acls[0]['by'], 'dn') self.assertEqual(acls[0]['dn'], 'uid=$2,ou=users,associatedDomain=$3,ou=domains,o=<basedn>') self.assertEqual(acls[0]['style'], 'exact') self.assertEqual(acls[0]['operation'], 'write') self.assertEqual(acls[1]['by'], 'all') self.assertEqual(acls[1]['operation'], 'none')
def test_dn_style2(self): directive = 'to dn.subtree="dc=com" by self write by dn.children="dc=example,dc=com" search by anonymous auth' tos, acls = ldap_parser.parse_directive(directive) self.assertEqual(len(tos), 1) self.assertEqual(tos[0]['target'], 'dn') self.assertEqual(tos[0]['dn'], 'dc=com') self.assertEqual(tos[0]['style'], 'subtree') self.assertEqual(len(acls), 3) self.assertEqual(acls[0]['by'], 'self') self.assertEqual(acls[0]['operation'], 'write') self.assertEqual(acls[1]['by'], 'dn') self.assertEqual(acls[1]['dn'], 'dc=example,dc=com') self.assertEqual(acls[1]['style'], 'children') self.assertEqual(acls[1]['operation'], 'search') self.assertEqual(acls[2]['by'], 'anonymous') self.assertEqual(acls[2]['operation'], 'auth')