def test_invite():
application = ApplicationFactory.create()
env1 = EnvironmentFactory.create(application=application)
env2 = EnvironmentFactory.create(application=application)
user_data = UserFactory.dictionary()
permission_sets_names = [PermissionSets.EDIT_APPLICATION_TEAM]
invitation = Applications.invite(
application=application,
inviter=application.portfolio.owner,
user_data=user_data,
permission_sets_names=permission_sets_names,
environment_roles_data=[
{
"environment_id": env1.id,
"role": CSPRole.BASIC_ACCESS.value
},
{
"environment_id": env2.id,
"role": None
},
],
)
member_role = invitation.role
assert invitation.dod_id == user_data["dod_id"]
# view application AND edit application team
assert len(member_role.permission_sets) == 2
env_roles = member_role.environment_roles
assert len(env_roles) == 1
assert env_roles[0].environment == env1
def test_create_subscription_succeeds(mock_azure: AzureCloudProvider):
environment = EnvironmentFactory.create()
subscription_id = str(uuid4())
credentials = mock_azure._get_credential_obj(AUTH_CREDENTIALS)
display_name = "Test Subscription"
billing_profile_id = str(uuid4())
sku_id = str(uuid4())
management_group_id = (
environment.cloud_id # environment.csp_details.management_group_id?
)
billing_account_name = (
"?" # environment.application.portfilio.csp_details.billing_account.name?
)
invoice_section_name = "?" # environment.name? or something specific to billing?
mock_azure.sdk.subscription.SubscriptionClient.return_value.subscription_factory.create_subscription.return_value.result.return_value.subscription_link = (
f"subscriptions/{subscription_id}")
result = mock_azure._create_subscription(
credentials,
display_name,
billing_profile_id,
sku_id,
management_group_id,
billing_account_name,
invoice_section_name,
)
assert result == subscription_id
def test_get_portfolio_events_includes_app_and_env_events():
owner = UserFactory.create()
# add portfolio level events
portfolio = PortfolioFactory.create(owner=owner)
portfolio_events = AuditLog.get_portfolio_events(portfolio)
# add application level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
portfolio_and_app_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_events) < len(portfolio_and_app_events)
# add environment level events
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
portfolio_app_and_env_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_and_app_events) < len(portfolio_app_and_env_events)
resource_types = [event.resource_type for event in portfolio_app_and_env_events]
assert "application" in resource_types
assert "application_role" in resource_types
assert "application_invitation" in resource_types
assert "environment" in resource_types
assert "environment_role" in resource_types
def test_create_environment_baseline(csp, session, app):
environment = EnvironmentFactory.create(
root_user_info={"credentials": csp.root_creds()})
do_create_environment_baseline(csp, environment.id)
session.refresh(environment)
assert environment.baseline_info
assert len(app.mailer.messages) > 0
def test_create_environment_succeeds(mock_azure: AzureCloudProvider):
environment = EnvironmentFactory.create()
mock_management_group_create(mock_azure, {"id": "Test Id"})
result = mock_azure.create_environment(AUTH_CREDENTIALS,
environment.creator, environment)
assert result.id == "Test Id"
def test_delete_application(session):
app = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=UserFactory.create(),
application=app)
env1 = EnvironmentFactory.create(application=app)
env2 = EnvironmentFactory.create(application=app)
assert not app.deleted
assert not env1.deleted
assert not env2.deleted
assert not app_role.deleted
Applications.delete(app)
assert app.deleted
assert env1.deleted
assert env2.deleted
assert app_role.deleted
# changes are flushed
assert not session.dirty
def test_create_environment_succeeds(mock_azure: AzureCloudProvider):
environment = EnvironmentFactory.create()
subscription_id = str(uuid4())
mock_azure.sdk.subscription.SubscriptionClient.return_value.subscription_factory.create_subscription.return_value.result.return_value.subscription_link = (
f"subscriptions/{subscription_id}")
result = mock_azure.create_environment(AUTH_CREDENTIALS,
environment.creator, environment)
assert result == subscription_id
def test_dispatch_provision_user(csp, session, celery_app, celery_worker,
monkeypatch):
# Given that I have four environment roles:
# (A) one of which has a completed status
# (B) one of which has an environment that has not been provisioned
# (C) one of which is pending, has a provisioned environment but an inactive application role
# (D) one of which is pending, has a provisioned environment and has an active application role
provisioned_environment = EnvironmentFactory.create(cloud_id="cloud_id",
root_user_info={},
baseline_info={})
unprovisioned_environment = EnvironmentFactory.create()
_er_a = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.COMPLETED)
_er_b = EnvironmentRoleFactory.create(
environment=unprovisioned_environment,
status=EnvironmentRole.Status.PENDING)
_er_c = EnvironmentRoleFactory.create(
environment=unprovisioned_environment,
status=EnvironmentRole.Status.PENDING,
application_role=ApplicationRoleFactory(
status=ApplicationRoleStatus.PENDING),
)
er_d = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.PENDING,
application_role=ApplicationRoleFactory(
status=ApplicationRoleStatus.ACTIVE),
)
mock = Mock()
monkeypatch.setattr("atst.jobs.provision_user", mock)
# When I dispatch the user provisioning task
dispatch_provision_user.run()
# I expect it to dispatch only one call, to EnvironmentRole D
mock.delay.assert_called_once_with(environment_role_id=er_d.id)
def test_environment_job_failure(celery_app, celery_worker):
@celery_app.task(bind=True, base=RecordEnvironmentFailure)
def _fail_hard(self, environment_id=None):
raise ValueError("something bad happened")
environment = EnvironmentFactory.create()
celery_worker.reload()
# Use apply instead of delay since we are testing the on_failure hook only
task = _fail_hard.apply(kwargs={"environment_id": environment.id})
with pytest.raises(ValueError):
task.get()
assert environment.job_failures
job_failure = environment.job_failures[0]
assert job_failure.task == task
def test_delete_environment(session):
env = EnvironmentFactory.create(application=ApplicationFactory.create())
env_role = EnvironmentRoleFactory.create(
application_role=ApplicationRoleFactory.create(
application=env.application),
environment=env,
)
assert not env.deleted
assert not env_role.deleted
Environments.delete(env)
assert env.deleted
assert env_role.deleted
# did not flush
assert session.dirty
Environments.delete(env, commit=True)
assert env.deleted
assert env_role.deleted
# flushed the change
assert not session.dirty
def test_invite_to_nonexistent_environment():
application = ApplicationFactory.create()
env1 = EnvironmentFactory.create(application=application)
user_data = UserFactory.dictionary()
with pytest.raises(NotFoundError):
Applications.invite(
application=application,
inviter=application.portfolio.owner,
user_data=user_data,
environment_roles_data=[
{
"environment_id": env1.id,
"role": CSPRole.BASIC_ACCESS.value
},
{
"environment_id": uuid4(),
"role": CSPRole.BASIC_ACCESS.value
},
],
)
def test_get_application_events():
# add in some portfolio level events
portfolio = PortfolioFactory.create()
Portfolios.update(portfolio, {"name": "New Name"})
# add app level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
# add rando app
rando_app = ApplicationFactory.create(portfolio=portfolio)
events = AuditLog.get_application_events(application)
for event in events:
assert event.application_id == application.id
assert not event.application_id == rando_app.id
resource_types = [event.resource_type for event in events]
assert "portfolio" not in resource_types
def test_do_provision_user(csp, session):
# Given that I have an EnvironmentRole with a provisioned environment
credentials = MockCloudProvider(())._auth_credentials
provisioned_environment = EnvironmentFactory.create(
cloud_id="cloud_id", root_user_info={"credentials": credentials})
environment_role = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.PENDING,
role="my_role",
)
# When I call the user provisoning task
do_provision_user(csp=csp, environment_role_id=environment_role.id)
session.refresh(environment_role)
# I expect that the CSP create_or_update_user method will be called
csp.create_or_update_user.assert_called_once_with(credentials,
environment_role,
"my_role")
# I expect that the EnvironmentRole now has a csp_user_id
assert environment_role.csp_user_id
def test_aws_provision_environment(mock_aws, session):
environment = EnvironmentFactory.create()
do_create_environment(mock_aws, environment_id=environment.id)
do_create_atat_admin_user(mock_aws, environment_id=environment.id)
do_create_environment_baseline(mock_aws, environment_id=environment.id)
session.refresh(environment)
assert "account-id" == environment.cloud_id
assert {
"id": "user-id",
"username": "******",
"credentials": {
"AccessKeyId": "access-key-id",
"SecretAccessKey": "secret-access-key",
},
"resource_id": "user-arn",
} == environment.root_user_info
assert {
"policies": [{
"BillingReadOnly": "policy-arn"
}]
} == environment.baseline_info
def test_update_environment():
environment = EnvironmentFactory.create()
assert environment.name is not "name 2"
Environments.update(environment, name="name 2")
assert environment.name == "name 2"
def test_get_excludes_deleted():
env = EnvironmentFactory.create(deleted=True,
application=ApplicationFactory.create())
with pytest.raises(NotFoundError):
Environments.get(env.id)
def test_application_environments_excludes_deleted():
app = ApplicationFactory.create()
env = EnvironmentFactory.create(application=app)
EnvironmentFactory.create(application=app, deleted=True)
assert len(app.environments) == 1
assert app.environments[0].id == env.id
def test_create_environment_raises_x_when_account_creation_fails(mock_aws):
environment = EnvironmentFactory.create()
with pytest.raises(EnvironmentCreationException):
mock_aws.create_environment(AUTH_CREDENTIALS, environment.creator,
environment)
def test_create_environment_job_is_idempotent(csp, session):
environment = EnvironmentFactory.create(cloud_id=uuid4().hex)
do_create_environment(csp, environment.id)
csp.create_environment.assert_not_called()
def test_create_environment_job(session, csp):
environment = EnvironmentFactory.create()
do_create_environment(csp, environment.id)
session.refresh(environment)
assert environment.cloud_id
def test_create_environment(mock_csp: MockCloudProvider):
environment = EnvironmentFactory.create()
user = UserFactory.create()
environment_id = mock_csp.create_environment(CREDENTIALS, user, environment)
assert isinstance(environment_id, str)
def test_create_atat_admin_user(csp, session):
environment = EnvironmentFactory.create(cloud_id="something")
do_create_atat_admin_user(csp, environment.id)
session.refresh(environment)
assert environment.root_user_info
def test_create_environment_succeeds(mock_aws):
environment = EnvironmentFactory.create()
account_id = mock_aws.create_environment(AUTH_CREDENTIALS,
environment.creator, environment)
assert "account-id" == account_id