From c2d0930115361214d34d2570e34e2a145315f5cf Mon Sep 17 00:00:00 2001 From: alessandron Date: Mon, 22 May 2023 17:04:27 +0200 Subject: [PATCH 1/2] Add CSV column to map permission for Viewer role on folder --- example.csv | 14 +++++++------- script/core.py | 6 +++++- tests/test_core.py | 19 +++++++++++-------- 3 files changed, 23 insertions(+), 16 deletions(-) diff --git a/example.csv b/example.csv index 939d30f..2ce10f6 100644 --- a/example.csv +++ b/example.csv @@ -1,7 +1,7 @@ -ZBV/LDAP-Gruppe,Grafana-Team-Name,Grafana-Team-ID,Grafana-Folder-Name,Grafana-Folder-UUID,Grafana-Folder-Permissions -mathematicians,mathematicians,2,math,math_folder,Admin -mathematicians,smart people,2,all,all,View -scientists,scientists,2,science,science_folder,Admin -scientists,smart people,2,all,all,View -chemists,chemists,2,chemistry,chemistry_folder,Admin -chemists,smart people,2,all,all,View \ No newline at end of file +ZBV/LDAP-Gruppe,Grafana-Team-Name,Grafana-Team-ID,Grafana-Folder-Name,Grafana-Folder-UUID,Grafana-Folder-Permissions,Grafana-Folder-Permissions-For-Viewer +mathematicians,mathematicians,2,math,math_folder,Admin,View +mathematicians,smart people,2,all,all,View,View +scientists,scientists,2,science,science_folder,Admin, +scientists,smart people,2,all,all,View, +chemists,chemists,2,chemistry,chemistry_folder,Admin, +chemists,smart people,2,all,all,View, diff --git a/script/core.py b/script/core.py index 90aa7c2..628d62e 100644 --- a/script/core.py +++ b/script/core.py @@ -69,6 +69,7 @@ def read_mapping_from_csv(bind): folder_name = line[3] folder_uuid = line[4] permission = line[5] + permission_for_viewer = line[6] if not team in result["teams"]: result["teams"][team] = {"ldap": []} if not ldap in result["teams"][team]["ldap"]: @@ -78,6 +79,9 @@ def read_mapping_from_csv(bind): access = {"teamId": team, "permission": permission} if not access in result["folders"][folder_uuid]["permissions"]: result["folders"][folder_uuid]["permissions"].append(access) + viewer_access = {"role": "Viewer", "permission": permission_for_viewer} + if permission_for_viewer != "" and not viewer_access in result["folders"][folder_uuid]["permissions"]: + result["folders"][folder_uuid]["permissions"].append(viewer_access) else: is_header = False return result @@ -175,7 +179,7 @@ def update_folders(folders): create_folder(folders[folder_id]["name"], folder_id) permissions = folders[folder_id]["permissions"] for permission in permissions: - permission["teamId"] = get_id_of_team(permission["teamId"]) + permission["teamId"] = get_id_of_team(permission["teamId"]) if not "role" in permission else 0 permission["permission"] = PERMISSION_MAP[permission["permission"]] update_folder_permissions(folder_id, permissions) diff --git a/tests/test_core.py b/tests/test_core.py index 1acf0a8..c541cd4 100644 --- a/tests/test_core.py +++ b/tests/test_core.py @@ -31,16 +31,18 @@ def test_reads_mapping(self, mock_read_csv): "header3", "header4", "header5", - "header6"], + "header6", + "header7"], ["test_ldap_group", "test_grafana_team", "test_grafana_team-id", "test_grafana_folder_name", "test_grafana_folder_uid", - "test_grafana_folder_permission"] + "test_grafana_folder_permission", + "test_grafana_folder_permission_for_viewer"] ] - mapping = core.read_mapping_from_csv() + mapping = core.read_mapping_from_csv("") self.assertTrue("teams" in mapping) self.assertTrue("test_grafana_team" in mapping["teams"]) @@ -51,7 +53,8 @@ def test_reads_mapping(self, mock_read_csv): self.assertTrue("name" in mapping["folders"]["test_grafana_folder_uid"]) self.assertTrue("permissions" in mapping["folders"]["test_grafana_folder_uid"]) self.assertEqual("test_grafana_folder_name", mapping["folders"]["test_grafana_folder_uid"]["name"]) - self.assertEqual([{"teamId": "test_grafana_team", "permission": "test_grafana_folder_permission"}], + self.assertEqual([{"teamId": "test_grafana_team", "permission": "test_grafana_folder_permission"}, + {"role": "Viewer", "permission": "test_grafana_folder_permission_for_viewer"}], mapping["folders"]["test_grafana_folder_uid"]["permissions"]) @@ -379,7 +382,7 @@ def test_locks_and_unlocks(self, mock_setup_ldap, mock_unlock, mock_remove_unuse mock_config.return_value = True mock_lock.return_value = True - core.startUserSync("") + core.startUserSync("", "", "") self.assertEqual(mock_lock.call_count, 1) self.assertEqual(mock_unlock.call_count, 1) @@ -405,7 +408,7 @@ def test_locks_and_unlocks_on_connection_error(self, mock_setup_ldap, mock_unloc mock_config.return_value = True mock_lock.return_value = True - core.startUserSync("") + core.startUserSync("", "", "") self.assertEqual(mock_lock.call_count, 1) self.assertEqual(mock_unlock.call_count, 1) @@ -432,7 +435,7 @@ def test_locks_and_unlocks_on_LDAPSocketOpenError(self, mock_setup_ldap, mock_un mock_config.return_value = True mock_lock.return_value = True - core.startUserSync("") + core.startUserSync("", "", "") self.assertEqual(mock_lock.call_count, 1) self.assertEqual(mock_unlock.call_count, 1) @@ -457,7 +460,7 @@ def test_nothing_called_when_locked(self, mock_unlock, mock_remove_unused_items, mock_config.return_value = True mock_lock.return_value = False - core.startUserSync("") + core.startUserSync("", "", "") self.assertEqual(mock_lock.call_count, 1) self.assertFalse(mock_remove_unused_items.called) From 59fee8bc3c8bd2a0afb16510e8416f1b949bb088 Mon Sep 17 00:00:00 2001 From: alessandron Date: Tue, 23 May 2023 13:45:57 +0200 Subject: [PATCH 2/2] Fix test_ldap.py --- tests/test_ldap.py | 58 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 18 deletions(-) diff --git a/tests/test_ldap.py b/tests/test_ldap.py index 217311f..2f6df79 100644 --- a/tests/test_ldap.py +++ b/tests/test_ldap.py @@ -50,43 +50,65 @@ def test_creates_connection(self, mock_configuration, mock_server, mock_connecti class fetch_users_of_group(TestCase): - @patch("script.ldap.get_ntlm_connection") + @patch("script.ldap.connection") @patch("script.ldap.configuration") - def test_retrieves_users_NTML(self, mock_configuration, mock_get_ntlm_connection): + def test_retrieves_users_NTML(self, mock_configuration, mock_connection): mock_configuration.LDAP_USER_SEARCH_BASE.value = "my_search_base" mock_configuration.LDAP_GROUP_DESCRIPTOR = "my_group" mock_configuration.LDAP_IS_NTLM = True mock_configuration.LDAP_MEMBER_ATTRIBUTE = "member" mock_configuration.LDAP_USER_LOGIN_ATTRIBUTE = "uid" - mock_connection = Mock() - mock_connection.extend.standard.paged_search.return_value = [ - {"attributes": {"member": ["uid=my_login, foo=bar"], - "another_attribute": ["i_am_not_retrieved"]}}] - mock_get_ntlm_connection.return_value = mock_connection + mock_configuration.LDAP_USER_NAME_ATTRIBUTE = "name" + mock_configuration.LDAP_USER_MAIL_ATTRIBUTE = "mail" + mock_connection.extend.standard.paged_search.side_effect = [ + [ + { + "attributes": { + "member": ["uid=my_login, foo=bar"], + "another_attribute": ["i_am_not_retrieved"] + } + } + ],[ + { + "attributes": {"uid":"my_login", "name":"my_name","mail":"my_mail"} + } + ] + ] output = ldap.fetch_users_of_group("test_group") - self.assertEqual([{"login": "my_login"}], output) - self.assertEqual(mock_get_ntlm_connection.call_count, 1) + self.assertEqual([{"login": "my_login", "name":"my_name","email":"my_mail"}], output) + self.assertEqual(mock_connection.extend.standard.paged_search.call_count, 2) - @patch("script.ldap.get_ldap_connection") + @patch("script.ldap.connection") @patch("script.ldap.configuration") - def test_retrieves_users(self, mock_configuration, mock_get_ldap_connection): + def test_retrieves_users(self, mock_configuration, mock_connection): mock_configuration.LDAP_USER_SEARCH_BASE.value = "my_search_base" mock_configuration.LDAP_GROUP_DESCRIPTOR = "my_group" mock_configuration.LDAP_IS_NTLM = False mock_configuration.LDAP_MEMBER_ATTRIBUTE = "member" mock_configuration.LDAP_USER_LOGIN_ATTRIBUTE = "uid" - mock_connection = Mock() - mock_connection.extend.standard.paged_search.return_value = [ - {"attributes": {"member": ["uid=my_login, foo=bar"], - "another_attribute": ["i_am_not_retrieved"]}}] - mock_get_ldap_connection.return_value = mock_connection + mock_configuration.LDAP_USER_NAME_ATTRIBUTE = "name" + mock_configuration.LDAP_USER_MAIL_ATTRIBUTE = "mail" + mock_connection.extend.standard.paged_search.side_effect = [ + [ + { + "attributes": { + "member": ["uid=my_login, foo=bar"], + "another_attribute": ["i_am_not_retrieved"] + } + } + ],[ + { + "attributes": {"uid":"my_login", "name":"my_name","mail":"my_mail"} + } + ] + ] output = ldap.fetch_users_of_group("test_group") - self.assertEqual([{"login": "my_login"}], output) - self.assertEqual(mock_get_ldap_connection.call_count, 1) + self.assertEqual([{"login": "my_login", "name":"my_name","email":"my_mail"}], output) + self.assertEqual(mock_connection.extend.standard.paged_search.call_count, 2) class get_users_of_group(TestCase):