This repository has been archived by the owner on Apr 19, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 43
/
grants_test.py
84 lines (71 loc) · 3.5 KB
/
grants_test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
from typing import TYPE_CHECKING
from groupy.client import Groupy
from itests.setup import api_server
if TYPE_CHECKING:
from py._path.local import LocalPath
from tests.setup import SetupTest
def create_graph(setup):
# type: (SetupTest) -> None
"""Create a simple graph structure with some permission grants."""
setup.add_user_to_group("[email protected]", "some-group")
setup.grant_permission_to_group("some-permission", "foo", "some-group")
setup.add_user_to_group("[email protected]", "other-group")
setup.grant_permission_to_group("other-permission", "", "other-group")
setup.grant_permission_to_group("not-gary", "foo", "not-member-group")
setup.grant_permission_to_group("some-permission", "*", "not-member-group")
setup.grant_permission_to_group("some-permission", "bar", "parent-group")
setup.add_group_to_group("some-group", "parent-group")
setup.grant_permission_to_group("twice", "*", "group-one")
setup.grant_permission_to_group("twice", "*", "group-two")
setup.add_group_to_group("child-group", "group-one")
setup.add_group_to_group("child-group", "group-two")
setup.add_user_to_group("[email protected]", "child-group")
setup.add_user_to_group("[email protected]", "not-member-group")
setup.create_user("[email protected]")
setup.add_user_to_group("[email protected]", "np-group", role="np-owner")
setup.add_group_to_group("np-group", "np-parent-group")
setup.grant_permission_to_group("np-permission", "foo", "np-group")
setup.grant_permission_to_group("np-parent-permission", "bar", "np-parent-group")
setup.create_service_account("[email protected]", "some-group")
setup.grant_permission_to_service_account("some-permission", "*", "[email protected]")
setup.create_role_user("[email protected]")
setup.grant_permission_to_group("some-permission", "foo", "[email protected]")
setup.grant_permission_to_group("some-permission", "role", "[email protected]")
def test_list_grants(tmpdir, setup):
# type: (LocalPath, SetupTest) -> None
with setup.transaction():
create_graph(setup)
expected = {
"not-gary": {"users": {"[email protected]": ["foo"]}, "role_users": {}, "service_accounts": {}},
"other-permission": {
"users": {"[email protected]": [""]},
"role_users": {},
"service_accounts": {},
},
"some-permission": {
"users": {"[email protected]": ["bar", "foo"], "[email protected]": ["*"]},
"role_users": {"[email protected]": ["foo", "role"]},
"service_accounts": {"[email protected]": ["*"]},
},
"twice": {"users": {"[email protected]": ["*"]}, "role_users": {}, "service_accounts": {}},
}
with api_server(tmpdir) as api_url:
api_client = Groupy(api_url)
result = api_client._fetch("/grants")
assert result["status"] == "ok"
assert result["data"]["permissions"] == expected
def test_list_grants_of_permission(tmpdir, setup):
# type: (LocalPath, SetupTest) -> None
with setup.transaction():
create_graph(setup)
expected = {
"users": {"[email protected]": ["bar", "foo"], "[email protected]": ["*"]},
"role_users": {"[email protected]": ["foo", "role"]},
"service_accounts": {"[email protected]": ["*"]},
}
with api_server(tmpdir) as api_url:
api_client = Groupy(api_url)
result = api_client._fetch("/grants/some-permission")
assert result["status"] == "ok"
assert result["data"]["permission"] == "some-permission"
assert result["data"]["grants"] == expected