def update_environment(environment_id):
environment = Environments.get(environment_id)
application = environment.application
env_form = EditEnvironmentForm(obj=environment, formdata=http_request.form)
if env_form.validate():
Environments.update(environment=environment, name=env_form.name.data)
flash("application_environments_updated")
return redirect(
url_for(
"applications.settings",
application_id=application.id,
fragment="application-environments",
_anchor="application-environments",
active_toggler=environment.id,
active_toggler_section="edit",
))
else:
return (
render_settings_page(
application=application,
active_toggler=environment.id,
active_toggler_section="edit",
),
400,
)
def handle_update_member(application_id, application_role_id, form_data):
app_role = ApplicationRoles.get_by_id(application_role_id)
application = Applications.get(application_id)
existing_env_roles_data = filter_env_roles_form_data(
app_role, application.environments)
form = UpdateMemberForm(formdata=form_data,
environment_roles=existing_env_roles_data)
if form.validate():
try:
ApplicationRoles.update_permission_sets(
app_role, form.data["permission_sets"])
for env_role in form.environment_roles:
environment = Environments.get(env_role.environment_id.data)
new_role = None if env_role.disabled.data else env_role.data[
"role"]
Environments.update_env_role(environment, app_role, new_role)
flash("application_member_updated", user_name=app_role.user_name)
except GeneralCSPException as exc:
log_error(exc)
flash(
"application_member_update_error",
user_name=app_role.user_name,
)
else:
pass
def test_update_env_role_no_access():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
Environments.update_env_role(env_role.environment,
env_role.application_role, None)
assert not EnvironmentRoles.get(env_role.application_role.id,
env_role.environment.id)
assert env_role.role is None
assert env_role.disabled
def create(cls, user, portfolio, name, description, environment_names=None):
application = Application(
portfolio=portfolio, name=name, description=description
)
db.session.add(application)
if environment_names:
Environments.create_many(user, application, environment_names)
db.session.commit()
return application
def update(cls, application, new_data):
if "name" in new_data:
application.name = new_data["name"]
if "description" in new_data:
application.description = new_data["description"]
if "environment_names" in new_data:
Environments.create_many(g.current_user, application,
new_data["environment_names"])
db.session.add(application)
commit_or_raise_already_exists_error(message="application")
return application
def delete(cls, application):
for env in application.environments:
Environments.delete(env)
application.deleted = True
for role in application.roles:
role.deleted = True
role.status = ApplicationRoleStatus.DISABLED
db.session.add(role)
db.session.add(application)
db.session.commit()
def update(cls, application, new_data):
if "name" in new_data:
application.name = new_data["name"]
if "description" in new_data:
application.description = new_data["description"]
if "environment_names" in new_data:
Environments.create_many(
g.current_user, application, new_data["environment_names"]
)
db.session.add(application)
db.session.commit()
return application
def delete_environment(environment_id):
environment = Environments.get(environment_id)
Environments.delete(environment=environment, commit=True)
flash("environment_deleted", environment_name=environment.name)
return redirect(
url_for(
"applications.settings",
application_id=environment.application_id,
_anchor="application-environments",
fragment="application-environments",
))
def do_create_environment(csp: CloudProviderInterface, environment_id=None):
environment = Environments.get(environment_id)
with claim_for_update(environment) as environment:
if environment.cloud_id is not None:
# TODO: Return value for this?
return
user = environment.creator
# we'll need to do some checking in this job for cases where it's retrying
# when a failure occured after some successful steps
# (e.g. if environment.cloud_id is not None, then we can skip first step)
# credentials either from a given user or pulled from config?
# if using global creds, do we need to log what user authorized action?
atat_root_creds = csp.root_creds()
# user is needed because baseline root account in the environment will
# be assigned to the requesting user, open question how to handle duplicate
# email addresses across new environments
csp_environment_id = csp.create_environment(atat_root_creds, user,
environment)
environment.cloud_id = csp_environment_id
db.session.add(environment)
db.session.commit()
body = render_email("emails/application/environment_ready.txt",
{"environment": environment})
app.mailer.send([environment.creator.email],
translate("email.environment_ready"), body)
def test_create_environments():
application = ApplicationFactory.create()
environments = Environments.create_many(application.portfolio.owner,
application,
["Staging", "Production"])
for env in environments:
assert env.cloud_id is None
def create(cls,
user,
portfolio,
name,
description,
environment_names=None):
application = Application(portfolio=portfolio,
name=name,
description=description)
db.session.add(application)
if environment_names:
Environments.create_many(user, application, environment_names)
commit_or_raise_already_exists_error(message="application")
return application
def create_demo_portfolio(name, data):
try:
portfolio_owner = Users.get_or_create_by_dod_id("2345678901") # Amanda
# auditor = Users.get_by_dod_id("3453453453") # Sally
except NotFoundError:
print("Could not find demo users; will not create demo portfolio {}".
format(name))
return
portfolio = Portfolios.create(
user=portfolio_owner,
portfolio_attrs={
"name": name,
"defense_component": random_service_branch()
},
)
add_task_orders_to_portfolio(portfolio)
add_members_to_portfolio(portfolio)
for mock_application in data["applications"]:
application = Application(portfolio=portfolio,
name=mock_application.name,
description="")
env_names = [env.name for env in mock_application.environments]
envs = Environments.create_many(portfolio.owner, application,
env_names)
db.session.add(application)
db.session.commit()
def test_update_env_role():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
new_role = CSPRole.TECHNICAL_READ.value
assert Environments.update_env_role(env_role.environment,
env_role.application_role, new_role)
assert env_role.role == new_role
def test_delete_environment(session):
env = EnvironmentFactory.create(application=ApplicationFactory.create())
env_role = EnvironmentRoleFactory.create(
application_role=ApplicationRoleFactory.create(
application=env.application),
environment=env,
)
assert not env.deleted
assert not env_role.deleted
Environments.delete(env)
assert env.deleted
assert env_role.deleted
# did not flush
assert session.dirty
Environments.delete(env, commit=True)
assert env.deleted
assert env_role.deleted
# flushed the change
assert not session.dirty
def new_environment(application_id):
application = Applications.get(application_id)
env_form = EditEnvironmentForm(formdata=http_request.form)
if env_form.validate():
Environments.create(g.current_user,
application=application,
name=env_form.name.data)
flash("environment_added", environment_name=env_form.data["name"])
return redirect(
url_for(
"applications.settings",
application_id=application.id,
fragment="application-environments",
_anchor="application-environments",
))
else:
return (render_settings_page(application=application), 400)
def test_with_unprovisioned_expired_clins_environment(self):
self.create_portfolio_with_clins(
[(self.YESTERDAY, self.YESTERDAY)],
{
"cloud_id": uuid4().hex,
"root_user_info": None
},
)
assert (len(
Environments.get_environments_pending_atat_user_creation(
self.NOW)) == 0)
def do_create_atat_admin_user(csp: CloudProviderInterface,
environment_id=None):
environment = Environments.get(environment_id)
with claim_for_update(environment) as environment:
atat_root_creds = csp.root_creds()
atat_remote_root_user = csp.create_atat_admin_user(
atat_root_creds, environment.cloud_id)
environment.root_user_info = atat_remote_root_user
db.session.add(environment)
db.session.commit()
def handle_update_environment(form, application=None, environment=None):
if form.validate():
try:
if environment:
environment = Environments.update(environment=environment,
name=form.name.data)
flash("application_environments_updated")
else:
environment = Environments.create(g.current_user,
application=application,
name=form.name.data)
flash("environment_added", environment_name=form.name.data)
return environment
except AlreadyExistsError:
flash("application_environments_name_error", name=form.name.data)
return False
else:
return False
def test_with_unprovisioned_environment(self):
self.create_portfolio_with_clins(
[(self.YESTERDAY, self.TOMORROW)],
{
"cloud_id": uuid4().hex,
"root_user_info": {
"foo": "bar"
},
"baseline_info": None,
},
)
assert (len(
Environments.get_environments_pending_baseline_creation(
self.NOW)) == 1)
def update_member(application_id, application_role_id):
app_role = ApplicationRoles.get_by_id(application_role_id)
form = UpdateMemberForm(http_request.form)
if form.validate():
ApplicationRoles.update_permission_sets(app_role, form.data["permission_sets"])
for env_role in form.environment_roles:
environment = Environments.get(env_role.environment_id.data)
Environments.update_env_role(environment, app_role, env_role.data["role"])
flash("application_member_updated", user_name=app_role.user_name)
else:
pass
# TODO: flash error message
return redirect(
url_for(
"applications.settings",
application_id=application_id,
fragment="application-members",
_anchor="application-members",
)
)
def do_create_environment_baseline(csp: CloudProviderInterface,
environment_id=None):
environment = Environments.get(environment_id)
with claim_for_update(environment) as environment:
# ASAP switch to use remote root user for provisioning
atat_remote_root_creds = environment.root_user_info["credentials"]
baseline_info = csp.create_environment_baseline(
atat_remote_root_creds, environment.cloud_id)
environment.baseline_info = baseline_info
body = render_email("emails/application/environment_ready.txt",
{"environment": environment})
app.mailer.send([environment.creator.email],
translate("email.environment_ready"), body)
db.session.add(environment)
db.session.commit()
def create_demo_portfolio(name, data):
try:
portfolio_owner = Users.get_or_create_by_dod_id(
"2345678901",
**pick(
[
"permission_sets",
"first_name",
"last_name",
"email",
"service_branch",
"phone_number",
"citizenship",
"designation",
"date_latest_training",
],
DEV_USERS["amanda"],
),
) # Amanda
# auditor = Users.get_by_dod_id("3453453453") # Sally
except NotFoundError:
print("Could not find demo users; will not create demo portfolio {}".
format(name))
return
portfolio = Portfolios.create(
user=portfolio_owner,
portfolio_attrs={
"name": name,
"defense_component": random_service_branch()
},
)
add_task_orders_to_portfolio(portfolio)
add_members_to_portfolio(portfolio)
for mock_application in data["applications"]:
application = Application(portfolio=portfolio,
name=mock_application["name"],
description="")
env_names = [env["name"] for env in mock_application["environments"]]
envs = Environments.create_many(portfolio.owner, application,
env_names)
db.session.add(application)
db.session.commit()
def update_environment(environment_id):
environment = Environments.get(environment_id)
application = environment.application
env_form = EditEnvironmentForm(obj=environment, formdata=http_request.form)
updated_environment = handle_update_environment(form=env_form,
application=application,
environment=environment)
if updated_environment:
return redirect(
url_for(
"applications.settings",
application_id=application.id,
fragment="application-environments",
_anchor="application-environments",
))
else:
return (render_settings_page(application=application,
show_flash=True), 400)
def test_update_env_role_disabled_role():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
Environments.update_env_role(env_role.environment,
env_role.application_role, None)
# An exception should be raised when a new role is passed to Environments.update_env_role
with pytest.raises(DisabledError):
Environments.update_env_role(
env_role.environment,
env_role.application_role,
CSPRole.TECHNICAL_READ.value,
)
assert env_role.role is None
assert env_role.disabled
# An exception should not be raised when no new role is passed
Environments.update_env_role(env_role.environment,
env_role.application_role, None)
def test_with_expired_clins(self, session):
self.create_portfolio_with_clins([(self.YESTERDAY, self.YESTERDAY)])
assert len(Environments.get_environments_pending_creation(
self.NOW)) == 0
def test_with_active_clins(self, session):
portfolio = self.create_portfolio_with_clins([(self.YESTERDAY,
self.TOMORROW)])
Environments.get_environments_pending_creation(
self.NOW) == [portfolio.applications[0].environments[0].id]
def test_update_environment():
environment = EnvironmentFactory.create()
assert environment.name is not "name 2"
Environments.update(environment, name="name 2")
assert environment.name == "name 2"
def test_with_future_clins(self, session):
self.create_portfolio_with_clins([(self.TOMORROW, self.TOMORROW)])
assert len(Environments.get_environments_pending_creation(
self.NOW)) == 0
def test_get_excludes_deleted():
env = EnvironmentFactory.create(deleted=True,
application=ApplicationFactory.create())
with pytest.raises(NotFoundError):
Environments.get(env.id)
def test_with_already_provisioned_env(self, session):
self.create_portfolio_with_clins([(self.YESTERDAY, self.TOMORROW)],
env_data={"cloud_id": uuid4().hex})
assert len(Environments.get_environments_pending_creation(
self.NOW)) == 0