unit test + admin roles fix

* adding various unit tests * now admin roles are inherited (ex admin-lv2 is admin -> admin-lv3 is admin * adding an exception when requesting groups for none existant role
2015-05-16 23:52:59 +02:00 · 2015-05-16 23:52:59 +02:00 · 0416ebe05b
parent 87820da7d0
commit 0416ebe05b
4 changed files with 60 additions and 8 deletions
--- a/conf/roles.yml
+++ b/conf/roles.yml
@ -1,6 +1,5 @@
 admin-lv3:
    display_name: Administrators Level 3
-    LC_admins: True
    backends:
        ldap:
            groups:
@ -16,6 +15,7 @@ admin-lv3:

 admin-lv2:
    display_name: Administrators Level 2
+    LC_admins: True
    backends:
        ldap:
            groups:
--- a/ldapcherry/exceptions.py
+++ b/ldapcherry/exceptions.py
@ -23,6 +23,11 @@ class DumplicateRoleKey(Exception):
        self.role = role
        self.log = "duplicate role key <%(role)s> in role file" % { 'role' : role}

+class MissingRole(Exception):
+    def __init__(self, role):
+        self.role = role
+        self.log = "role <%(role)s> does not exist in role file" % { 'role' : role}
+
 class DumplicateRoleContent(Exception):
    def __init__(self, role1, role2):
        self.role1 = role1
--- a/ldapcherry/roles.py
+++ b/ldapcherry/roles.py
@ -11,7 +11,7 @@ import sys
 from sets import Set
 from ldapcherry.pyyamlwrapper import loadNoDump
 from ldapcherry.pyyamlwrapper import DumplicatedKey
-from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
+from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
 import yaml

 class CustomDumper(yaml.SafeDumper):
@ -38,6 +38,12 @@ class Roles:
        self.admin_roles = []
        self._nest()

+    def _set_admin(self, role):
+        for r in role['subroles']:
+            self.admin_roles.append(r)
+            self._set_admin(role['subroles'][r])
+
+
    def _is_parent(self, roleid1, roleid2):
        """Test if roleid1 is contained inside roleid2"""

@ -82,10 +88,6 @@ class Roles:
            for backend in role['backends']:
                self.backends.add(backend)

-            # Create the list of roles which are ldapcherry admins
-            if 'LC_admins' in role and role['LC_admins']:
-                self.admin_roles.append(roleid)
-
        # Create the nested groups
        for roleid in self.roles_raw:
            role = self.roles_raw[roleid]
@ -117,6 +119,16 @@ class Roles:
            if p in parents:
                self.roles[p] = nest(p)

+        for roleid in self.roles:
+            role = self.roles[roleid]
+            # Create the list of roles which are ldapcherry admins
+            if 'LC_admins' in role and role['LC_admins']:
+                self.admin_roles.append(roleid)
+                self._set_admin(role)
+
+    def get_admin_roles(self):
+        return self.admin_roles
+
    def dump_nest(self):
        """dump the nested role hierarchy"""
        return yaml.dump(self.roles, Dumper=CustomDumper)
@ -188,6 +200,8 @@ class Roles:

    def get_groups(self, role):
        """get the list of groups from role"""
+        if not role in self.roles_raw:
+            raise MissingRole(role)
        return self.roles_raw[role]['backends']

    def is_admin(self, roles):
--- a/tests/test_Roles.py
+++ b/tests/test_Roles.py
@ -8,7 +8,7 @@ import pytest
 import sys
 from sets import Set
 from ldapcherry.roles import Roles
-from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
+from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
 from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError

 class TestError(object):
@ -42,7 +42,6 @@ class TestError(object):
        else:
            raise AssertionError("expected an exception")

-
    def testNoFile(self):
        try:
            inv = Roles('./tests/cfg/dontexist')
@ -59,6 +58,40 @@ class TestError(object):
        else:
            raise AssertionError("expected an exception")

+    def testGetGroup(self):
+        inv = Roles('./tests/cfg/roles.yml')
+        res = inv.get_groups('users')
+        expected = {
+            'ad': {'groups': ['Domain Users']},
+            'ldap': {'groups': ['cn=users,ou=group,dc=example,dc=com']}
+        }
+        assert res == expected
+
+    def testGetGroupMissingRole(self):
+        inv = Roles('./tests/cfg/roles.yml')
+        try:
+            res = inv.get_groups('notarole')
+        except MissingRole:
+            return
+        else:
+            raise AssertionError("expected an exception")
+
+    def testAdminRoles(self):
+        inv = Roles('./tests/cfg/roles.yml')
+        res = inv.get_admin_roles()
+        expected = ['admin-lv2', 'admin-lv3']
+        assert res == expected
+
+    def testIsAdmin(self):
+        inv = Roles('./tests/cfg/roles.yml')
+        res = inv.is_admin(['admin-lv3', 'users'])
+        assert res == True
+
+    def testIsNotAdmin(self):
+        inv = Roles('./tests/cfg/roles.yml')
+        res = inv.is_admin(['users'])
+        assert res == False
+
    def testGetRole(self):
        inv = Roles('./tests/cfg/roles.yml')
        groups = {