def disable(cls, application_role):
cls._update_status(application_role, ApplicationRoleStatus.DISABLED)
application_role.deleted = True
for env in application_role.application.environments:
EnvironmentRoles.delete(
application_role_id=application_role.id, environment_id=env.id
)
db.session.add(application_role)
db.session.commit()
def test_disable_checks_env_role_provisioning_status():
environment = EnvironmentFactory.create(
cloud_id="cloud-id", root_user_info={"credentials": "credentials"})
env_role1 = EnvironmentRoleFactory.create(environment=environment)
assert not env_role1.csp_user_id
env_role1 = EnvironmentRoles.disable(env_role1.id)
assert env_role1.disabled
env_role2 = EnvironmentRoleFactory.create(environment=environment,
csp_user_id="123456")
assert env_role2.csp_user_id
env_role2 = EnvironmentRoles.disable(env_role2.id)
assert env_role2.disabled
def access_environment(environment_id):
env_role = EnvironmentRoles.get_by_user_and_environment(
g.current_user.id, environment_id)
login_url = app.csp.cloud.get_environment_login_url(env_role.environment)
return redirect(url_for("atst.csp_environment_access",
login_url=login_url))
def get_members_data(application):
members_data = []
for member in application.members:
permission_sets = filter_perm_sets_data(member)
roles = EnvironmentRoles.get_for_application_member(member.id)
environment_roles = filter_env_roles_data(roles)
env_roles_form_data = filter_env_roles_form_data(
member, application.environments
)
form = UpdateMemberForm(
environment_roles=env_roles_form_data, **permission_sets
)
update_invite_form = None
if member.latest_invitation and member.latest_invitation.can_resend:
update_invite_form = MemberForm(obj=member.latest_invitation)
else:
update_invite_form = MemberForm()
members_data.append(
{
"role_id": member.id,
"user_name": member.user_name,
"permission_sets": permission_sets,
"environment_roles": environment_roles,
"role_status": member.status.value,
"form": form,
"update_invite_form": update_invite_form,
}
)
return members_data
def test_create(application_role, environment, monkeypatch):
environment_role = EnvironmentRoles.create(application_role, environment,
"network admin")
assert environment_role.application_role == application_role
assert environment_role.environment == environment
assert environment_role.role == "network admin"
def get_members_data(application):
members_data = []
for member in application.members:
permission_sets = filter_perm_sets_data(member)
roles = EnvironmentRoles.get_for_application_member(member.id)
environment_roles = filter_env_roles_data(roles)
env_roles_form_data = filter_env_roles_form_data(
member, application.environments)
form = UpdateMemberForm(environment_roles=env_roles_form_data,
**permission_sets)
update_invite_form = (MemberForm(
obj=member.latest_invitation) if member.latest_invitation
and member.latest_invitation.can_resend else
MemberForm())
members_data.append({
"role_id": member.id,
"user_name": member.user_name,
"permission_sets": permission_sets,
"environment_roles": environment_roles,
"role_status": member.display_status,
"form": form,
"update_invite_form": update_invite_form,
})
return sorted(members_data, key=lambda member: member["user_name"])
def test_get_for_application_member(application_role, environment):
EnvironmentRoleFactory.create(application_role=application_role,
environment=environment)
roles = EnvironmentRoles.get_for_application_member(application_role.id)
assert len(roles) == 1
assert roles[0].environment == environment
assert roles[0].application_role == application_role
def test_update_env_role_no_access():
env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value)
assert Environments.update_env_role(env_role.environment,
env_role.application_role, None)
assert not EnvironmentRoles.get(env_role.application_role.id,
env_role.environment.id)
def wrap_environment_role_lookup(user, environment_id=None, **kwargs):
env_role = EnvironmentRoles.get_by_user_and_environment(
user.id, environment_id)
if not env_role:
raise UnauthorizedError(user,
"access environment {}".format(environment_id))
return True
def test_get_for_application_member_does_not_return_deleted(
application_role, environment):
EnvironmentRoleFactory.create(application_role=application_role,
environment=environment,
deleted=True)
roles = EnvironmentRoles.get_for_application_member(application_role.id)
assert len(roles) == 0
def test_disable_checks_env_provisioning_status(session):
environment = EnvironmentFactory.create()
assert environment.is_pending
env_role1 = EnvironmentRoleFactory.create(environment=environment)
env_role1 = EnvironmentRoles.disable(env_role1.id)
assert env_role1.disabled
environment.cloud_id = "cloud-id"
environment.root_user_info = {"credentials": "credentials"}
session.add(environment)
session.commit()
session.refresh(environment)
assert not environment.is_pending
env_role2 = EnvironmentRoleFactory.create(environment=environment)
env_role2 = EnvironmentRoles.disable(env_role2.id)
assert env_role2.disabled
def test_get_for_update(application_role, environment):
EnvironmentRoleFactory.create(application_role=application_role,
environment=environment,
deleted=True)
role = EnvironmentRoles.get_for_update(application_role.id, environment.id)
assert role
assert role.application_role == application_role
assert role.environment == environment
assert role.deleted
def test_get(application_role, environment):
EnvironmentRoleFactory.create(application_role=application_role,
environment=environment)
environment_role = EnvironmentRoles.get(application_role.id,
environment.id)
assert environment_role
assert environment_role.application_role == application_role
assert environment_role.environment == environment
def portfolio_applications(portfolio_id):
user_env_roles = EnvironmentRoles.for_user(g.current_user.id, portfolio_id)
environment_access = {
env_role.environment_id: env_role.role for env_role in user_env_roles
}
return render_template(
"applications/index.html", environment_access=environment_access
)
def add_applications_to_portfolio(portfolio):
applications = random_applications()
for application_data in applications:
application = Applications.create(
portfolio.owner,
portfolio=portfolio,
name=application_data["name"],
description=application_data["description"],
environment_names=application_data["environments"],
)
users = random.sample(APPLICATION_USERS, k=random.randint(1, 5))
for user_data in users:
try:
user = Users.get_by_dod_id(user_data["dod_id"])
except NotFoundError:
user = Users.create(
user_data["dod_id"],
None,
first_name=user_data["first_name"],
last_name=user_data["last_name"],
email=user_data["email"],
)
app_role = ApplicationRoles.create(
user=user,
application=application,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
ApplicationInvitations.create(portfolio.owner,
app_role,
user_data,
commit=True)
user_environments = random.sample(
application.environments,
k=random.randint(1, len(application.environments)),
)
for env in user_environments:
role = random.choice([e.value for e in CSPRole])
EnvironmentRoles.create(application_role=app_role,
environment=env,
role=role)
def test_disable_completed(application_role, environment):
environment_role = EnvironmentRoleFactory.create(
application_role=application_role,
environment=environment,
status=EnvironmentRole.Status.COMPLETED,
)
environment_role = EnvironmentRoles.disable(environment_role.id)
assert environment_role.disabled
def test_environment_roles_do_not_include_deleted():
member_list = [
{
"role_name": CSPRole.BASIC_ACCESS.value
},
{
"role_name": CSPRole.BASIC_ACCESS.value
},
{
"role_name": CSPRole.BASIC_ACCESS.value
},
]
env = EnvironmentFactory.create(members=member_list)
role_1 = env.roles[0]
role_2 = env.roles[1]
EnvironmentRoles.delete(role_1.application_role_id, env.id)
EnvironmentRoles.disable(role_2.id)
assert len(env.roles) == 2
def do_provision_user(csp: CloudProviderInterface, environment_role_id=None):
environment_role = EnvironmentRoles.get_by_id(environment_role_id)
with claim_for_update(environment_role) as environment_role:
credentials = environment_role.environment.csp_credentials
csp_user_id = csp.create_or_update_user(credentials, environment_role,
environment_role.role)
environment_role.csp_user_id = csp_user_id
environment_role.status = EnvironmentRole.Status.COMPLETED
db.session.add(environment_role)
db.session.commit()
def update_env_role(cls, environment, application_role, new_role):
env_role = EnvironmentRoles.get_for_update(application_role.id,
environment.id)
if env_role and new_role and (env_role.disabled or env_role.deleted):
raise DisabledError("environment_role", env_role.id)
if env_role and env_role.role != new_role and not env_role.disabled:
env_role.role = new_role
db.session.add(env_role)
elif not env_role and new_role:
env_role = EnvironmentRoles.create(
application_role=application_role,
environment=environment,
role=new_role,
)
db.session.add(env_role)
if env_role and not new_role and not env_role.disabled:
EnvironmentRoles.disable(env_role.id)
db.session.commit()
def test_environment_roles():
application = ApplicationFactory.create()
environment1 = EnvironmentFactory.create(application=application)
environment2 = EnvironmentFactory.create(application=application)
user = UserFactory.create()
application_role = ApplicationRoleFactory.create(application=application,
user=user)
environment_role1 = EnvironmentRoleFactory.create(
environment=environment1, application_role=application_role)
EnvironmentRoleFactory.create(environment=environment2,
application_role=application_role,
deleted=True)
assert not EnvironmentRoles.get_by_user_and_environment(
user.id, environment2.id)
def update_env_role(cls, environment, application_role, new_role):
updated = False
if new_role is None:
updated = EnvironmentRoles.delete(application_role.id, environment.id)
else:
env_role = EnvironmentRoles.get(application_role.id, environment.id)
if env_role and env_role.role != new_role:
env_role.role = new_role
updated = True
db.session.add(env_role)
elif not env_role:
env_role = EnvironmentRoles.create(
application_role=application_role,
environment=environment,
role=new_role,
)
updated = True
db.session.add(env_role)
if updated:
db.session.commit()
return updated
def test_get_members_data(app, client, user_session):
user = UserFactory.create()
application = ApplicationFactory.create(environments=[{
"name":
"testing",
"members": [{
"user": user,
"role_name": CSPRole.BASIC_ACCESS.value
}],
}])
environment = application.environments[0]
app_role = ApplicationRoles.get(user_id=user.id,
application_id=application.id)
env_role = EnvironmentRoles.get(application_role_id=app_role.id,
environment_id=environment.id)
user_session(application.portfolio.owner)
with captured_templates(app) as templates:
response = app.test_client().get(
url_for("applications.settings", application_id=application.id))
assert response.status_code == 200
_, context = templates[-1]
member = context["members"][0]
assert member["role_id"] == app_role.id
assert member["user_name"] == user.full_name
assert member["permission_sets"] == {
"perms_team_mgmt": False,
"perms_env_mgmt": False,
"perms_del_env": False,
}
assert member["environment_roles"] == [{
"environment_id":
str(environment.id),
"environment_name":
environment.name,
"role":
env_role.role,
}]
assert member["role_status"]
assert isinstance(member["form"], UpdateMemberForm)
def test_for_user(application_role):
portfolio = application_role.application.portfolio
user = application_role.user
# create roles for 2 environments associated with application_role fixture
env_role_1 = EnvironmentRoleFactory.create(
application_role=application_role)
env_role_2 = EnvironmentRoleFactory.create(
application_role=application_role)
# create role for environment in a different app in same portfolio
application = ApplicationFactory.create(portfolio=portfolio)
env_role_3 = EnvironmentRoleFactory.create(
application_role=ApplicationRoleFactory.create(application=application,
user=user))
# create role for environment for random user in app2
rando_app_role = ApplicationRoleFactory.create(application=application)
rando_env_role = EnvironmentRoleFactory.create(
application_role=rando_app_role)
env_roles = EnvironmentRoles.for_user(user.id, portfolio.id)
assert len(env_roles) == 3
assert env_roles == [env_role_1, env_role_2, env_role_3]
assert not rando_env_role in env_roles
def dispatch_provision_user(self):
for (environment_role_id
) in EnvironmentRoles.get_environment_roles_pending_creation():
provision_user.delay(environment_role_id=environment_role_id)
def revoke_access(cls, environment, target_user):
EnvironmentRoles.delete(environment.id, target_user.id)
def test_delete(application_role, environment, monkeypatch):
env_role = EnvironmentRoleFactory.create(application_role=application_role,
environment=environment)
assert EnvironmentRoles.delete(application_role.id, environment.id)
assert not EnvironmentRoles.delete(application_role.id, environment.id)
def test_get_by_user_and_environment(application_role, environment):
expected_role = EnvironmentRoleFactory.create(
application_role=application_role, environment=environment)
actual_role = EnvironmentRoles.get_by_user_and_environment(
application_role.user.id, environment.id)
assert expected_role == actual_role