mirror of
https://github.com/kakwa/ldapcherry
synced 2024-11-22 01:14:21 +01:00
unit test + admin roles fix
* adding various unit tests * now admin roles are inherited (ex admin-lv2 is admin -> admin-lv3 is admin * adding an exception when requesting groups for none existant role
This commit is contained in:
parent
87820da7d0
commit
0416ebe05b
@ -1,6 +1,5 @@
|
||||
admin-lv3:
|
||||
display_name: Administrators Level 3
|
||||
LC_admins: True
|
||||
backends:
|
||||
ldap:
|
||||
groups:
|
||||
@ -16,6 +15,7 @@ admin-lv3:
|
||||
|
||||
admin-lv2:
|
||||
display_name: Administrators Level 2
|
||||
LC_admins: True
|
||||
backends:
|
||||
ldap:
|
||||
groups:
|
||||
|
@ -23,6 +23,11 @@ class DumplicateRoleKey(Exception):
|
||||
self.role = role
|
||||
self.log = "duplicate role key <%(role)s> in role file" % { 'role' : role}
|
||||
|
||||
class MissingRole(Exception):
|
||||
def __init__(self, role):
|
||||
self.role = role
|
||||
self.log = "role <%(role)s> does not exist in role file" % { 'role' : role}
|
||||
|
||||
class DumplicateRoleContent(Exception):
|
||||
def __init__(self, role1, role2):
|
||||
self.role1 = role1
|
||||
|
@ -11,7 +11,7 @@ import sys
|
||||
from sets import Set
|
||||
from ldapcherry.pyyamlwrapper import loadNoDump
|
||||
from ldapcherry.pyyamlwrapper import DumplicatedKey
|
||||
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
|
||||
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
|
||||
import yaml
|
||||
|
||||
class CustomDumper(yaml.SafeDumper):
|
||||
@ -38,6 +38,12 @@ class Roles:
|
||||
self.admin_roles = []
|
||||
self._nest()
|
||||
|
||||
def _set_admin(self, role):
|
||||
for r in role['subroles']:
|
||||
self.admin_roles.append(r)
|
||||
self._set_admin(role['subroles'][r])
|
||||
|
||||
|
||||
def _is_parent(self, roleid1, roleid2):
|
||||
"""Test if roleid1 is contained inside roleid2"""
|
||||
|
||||
@ -82,10 +88,6 @@ class Roles:
|
||||
for backend in role['backends']:
|
||||
self.backends.add(backend)
|
||||
|
||||
# Create the list of roles which are ldapcherry admins
|
||||
if 'LC_admins' in role and role['LC_admins']:
|
||||
self.admin_roles.append(roleid)
|
||||
|
||||
# Create the nested groups
|
||||
for roleid in self.roles_raw:
|
||||
role = self.roles_raw[roleid]
|
||||
@ -117,6 +119,16 @@ class Roles:
|
||||
if p in parents:
|
||||
self.roles[p] = nest(p)
|
||||
|
||||
for roleid in self.roles:
|
||||
role = self.roles[roleid]
|
||||
# Create the list of roles which are ldapcherry admins
|
||||
if 'LC_admins' in role and role['LC_admins']:
|
||||
self.admin_roles.append(roleid)
|
||||
self._set_admin(role)
|
||||
|
||||
def get_admin_roles(self):
|
||||
return self.admin_roles
|
||||
|
||||
def dump_nest(self):
|
||||
"""dump the nested role hierarchy"""
|
||||
return yaml.dump(self.roles, Dumper=CustomDumper)
|
||||
@ -188,6 +200,8 @@ class Roles:
|
||||
|
||||
def get_groups(self, role):
|
||||
"""get the list of groups from role"""
|
||||
if not role in self.roles_raw:
|
||||
raise MissingRole(role)
|
||||
return self.roles_raw[role]['backends']
|
||||
|
||||
def is_admin(self, roles):
|
||||
|
@ -8,7 +8,7 @@ import pytest
|
||||
import sys
|
||||
from sets import Set
|
||||
from ldapcherry.roles import Roles
|
||||
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile
|
||||
from ldapcherry.exceptions import DumplicateRoleKey, MissingKey, DumplicateRoleContent, MissingRolesFile, MissingRole
|
||||
from ldapcherry.pyyamlwrapper import DumplicatedKey, RelationError
|
||||
|
||||
class TestError(object):
|
||||
@ -42,7 +42,6 @@ class TestError(object):
|
||||
else:
|
||||
raise AssertionError("expected an exception")
|
||||
|
||||
|
||||
def testNoFile(self):
|
||||
try:
|
||||
inv = Roles('./tests/cfg/dontexist')
|
||||
@ -59,6 +58,40 @@ class TestError(object):
|
||||
else:
|
||||
raise AssertionError("expected an exception")
|
||||
|
||||
def testGetGroup(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
res = inv.get_groups('users')
|
||||
expected = {
|
||||
'ad': {'groups': ['Domain Users']},
|
||||
'ldap': {'groups': ['cn=users,ou=group,dc=example,dc=com']}
|
||||
}
|
||||
assert res == expected
|
||||
|
||||
def testGetGroupMissingRole(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
try:
|
||||
res = inv.get_groups('notarole')
|
||||
except MissingRole:
|
||||
return
|
||||
else:
|
||||
raise AssertionError("expected an exception")
|
||||
|
||||
def testAdminRoles(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
res = inv.get_admin_roles()
|
||||
expected = ['admin-lv2', 'admin-lv3']
|
||||
assert res == expected
|
||||
|
||||
def testIsAdmin(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
res = inv.is_admin(['admin-lv3', 'users'])
|
||||
assert res == True
|
||||
|
||||
def testIsNotAdmin(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
res = inv.is_admin(['users'])
|
||||
assert res == False
|
||||
|
||||
def testGetRole(self):
|
||||
inv = Roles('./tests/cfg/roles.yml')
|
||||
groups = {
|
||||
|
Loading…
Reference in New Issue
Block a user