def test_user_can_access_decorator_application_level(set_current_user,
request_ctx):
ccpo = UserFactory.create_ccpo()
port_admin = UserFactory.create()
app_user = UserFactory.create()
rando = UserFactory.create()
portfolio = PortfolioFactory.create(owner=port_admin,
applications=[{
"name": "Mos Eisley"
}])
app = portfolio.applications[0]
ApplicationRoleFactory.create(application=app, user=app_user)
request_ctx.g.portfolio = portfolio
request_ctx.g.application = app
@user_can_access_decorator(Permissions.VIEW_APPLICATION)
def _stroll_into_mos_eisley(*args, **kwargs):
return True
set_current_user(ccpo)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(port_admin)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(app_user)
assert _stroll_into_mos_eisley(application_id=app.id)
set_current_user(rando)
with pytest.raises(UnauthorizedError):
_stroll_into_mos_eisley(application_id=app.id)
def test_for_user_returns_portfolios_for_applications_user_invited_to():
bob = UserFactory.create()
portfolio = PortfolioFactory.create()
application = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(application=application,
user=bob,
status=ApplicationRoleStatus.ACTIVE)
assert portfolio in Portfolios.for_user(user=bob)
def test_application_members_excludes_deleted(session):
app = ApplicationFactory.create()
member_role = ApplicationRoleFactory.create(
application=app, status=ApplicationRoleStatus.ACTIVE)
disabled_role = ApplicationRoleFactory.create(
application=app, status=ApplicationRoleStatus.DISABLED)
disabled_role.deleted = True
session.add(disabled_role)
session.commit()
assert len(app.members) == 1
assert app.members[0].id == member_role.id
def test_for_user_does_not_include_deleted_application_roles():
user1 = UserFactory.create()
user2 = UserFactory.create()
portfolio = PortfolioFactory.create()
app = ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(status=ApplicationRoleStatus.ACTIVE,
user=user1,
application=app)
assert len(Portfolios.for_user(user1)) == 1
ApplicationRoleFactory.create(status=ApplicationRoleStatus.ACTIVE,
user=user2,
application=app,
deleted=True)
assert len(Portfolios.for_user(user2)) == 0
def test_get_portfolio_events_includes_app_and_env_events():
owner = UserFactory.create()
# add portfolio level events
portfolio = PortfolioFactory.create(owner=owner)
portfolio_events = AuditLog.get_portfolio_events(portfolio)
# add application level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
portfolio_and_app_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_events) < len(portfolio_and_app_events)
# add environment level events
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
portfolio_app_and_env_events = AuditLog.get_portfolio_events(portfolio)
assert len(portfolio_and_app_events) < len(portfolio_app_and_env_events)
resource_types = [event.resource_type for event in portfolio_app_and_env_events]
assert "application" in resource_types
assert "application_role" in resource_types
assert "application_invitation" in resource_types
assert "environment" in resource_types
assert "environment_role" in resource_types
def test_deleted_application_roles_are_ignored(session):
user = UserFactory.create()
app = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=app)
assert len(user.application_roles) == 1
app_role.deleted = True
session.add(app_role)
session.commit()
assert len(user.application_roles) == 0
def test_has_application_permission():
role_one = PermissionSets.get(PermissionSets.EDIT_APPLICATION_TEAM)
role_two = PermissionSets.get(PermissionSets.EDIT_APPLICATION_ENVIRONMENTS)
app_role = ApplicationRoleFactory.create(
permission_sets=[role_one, role_two])
different_user = UserFactory.create()
assert Authorization.has_application_permission(
app_role.user, app_role.application, Permissions.EDIT_ENVIRONMENT)
assert not Authorization.has_portfolio_permission(
app_role.user, app_role.application, Permissions.DELETE_ENVIRONMENT)
assert not Authorization.has_portfolio_permission(
different_user, app_role.application, Permissions.DELETE_ENVIRONMENT)
def test_for_user():
user = UserFactory.create()
portfolio = PortfolioFactory.create()
for _x in range(4):
ApplicationFactory.create(portfolio=portfolio)
ApplicationRoleFactory.create(
application=portfolio.applications[0],
user=user,
status=ApplicationRoleStatus.ACTIVE,
)
ApplicationRoleFactory.create(
application=portfolio.applications[1],
user=user,
status=ApplicationRoleStatus.ACTIVE,
)
ApplicationRoleFactory.create(
application=portfolio.applications[2],
user=user,
status=ApplicationRoleStatus.PENDING,
)
assert len(portfolio.applications) == 4
user_applications = Applications.for_user(user, portfolio)
assert len(user_applications) == 2
def test_dispatch_provision_user(csp, session, celery_app, celery_worker,
monkeypatch):
# Given that I have four environment roles:
# (A) one of which has a completed status
# (B) one of which has an environment that has not been provisioned
# (C) one of which is pending, has a provisioned environment but an inactive application role
# (D) one of which is pending, has a provisioned environment and has an active application role
provisioned_environment = EnvironmentFactory.create(cloud_id="cloud_id",
root_user_info={},
baseline_info={})
unprovisioned_environment = EnvironmentFactory.create()
_er_a = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.COMPLETED)
_er_b = EnvironmentRoleFactory.create(
environment=unprovisioned_environment,
status=EnvironmentRole.Status.PENDING)
_er_c = EnvironmentRoleFactory.create(
environment=unprovisioned_environment,
status=EnvironmentRole.Status.PENDING,
application_role=ApplicationRoleFactory(
status=ApplicationRoleStatus.PENDING),
)
er_d = EnvironmentRoleFactory.create(
environment=provisioned_environment,
status=EnvironmentRole.Status.PENDING,
application_role=ApplicationRoleFactory(
status=ApplicationRoleStatus.ACTIVE),
)
mock = Mock()
monkeypatch.setattr("atst.jobs.provision_user", mock)
# When I dispatch the user provisioning task
dispatch_provision_user.run()
# I expect it to dispatch only one call, to EnvironmentRole D
mock.delay.assert_called_once_with(environment_role_id=er_d.id)
def test_delete_environment(session):
env = EnvironmentFactory.create(application=ApplicationFactory.create())
env_role = EnvironmentRoleFactory.create(
application_role=ApplicationRoleFactory.create(
application=env.application),
environment=env,
)
assert not env.deleted
assert not env_role.deleted
Environments.delete(env)
assert env.deleted
assert env_role.deleted
# did not flush
assert session.dirty
Environments.delete(env, commit=True)
assert env.deleted
assert env_role.deleted
# flushed the change
assert not session.dirty
def test_delete_application(session):
app = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=UserFactory.create(),
application=app)
env1 = EnvironmentFactory.create(application=app)
env2 = EnvironmentFactory.create(application=app)
assert not app.deleted
assert not env1.deleted
assert not env2.deleted
assert not app_role.deleted
Applications.delete(app)
assert app.deleted
assert env1.deleted
assert env2.deleted
assert app_role.deleted
# changes are flushed
assert not session.dirty
def test_get_application_events():
# add in some portfolio level events
portfolio = PortfolioFactory.create()
Portfolios.update(portfolio, {"name": "New Name"})
# add app level events
application = ApplicationFactory.create(portfolio=portfolio)
Applications.update(application, {"name": "Star Cruiser"})
app_role = ApplicationRoleFactory.create(application=application)
app_invite = ApplicationInvitationFactory.create(role=app_role)
env = EnvironmentFactory.create(application=application)
env_role = EnvironmentRoleFactory.create(environment=env, application_role=app_role)
# add rando app
rando_app = ApplicationFactory.create(portfolio=portfolio)
events = AuditLog.get_application_events(application)
for event in events:
assert event.application_id == application.id
assert not event.application_id == rando_app.id
resource_types = [event.resource_type for event in events]
assert "portfolio" not in resource_types
def test_post_update_member(client, user_session):
user = UserFactory.create()
application = ApplicationFactory.create(environments=[{
"name": "Naboo"
}, {
"name": "Endor"
}])
(env, env_1) = application.environments
app_role = ApplicationRoleFactory(application=application)
user_session(application.portfolio.owner)
response = client.post(
url_for(
"applications.update_new_application_step_3",
application_id=application.id,
application_role_id=app_role.id,
),
data={
"environment_roles-0-environment_id": env.id,
"environment_roles-0-role": "Basic Access",
"environment_roles-0-environment_name": env.name,
"environment_roles-1-environment_id": env_1.id,
"environment_roles-1-role": NO_ACCESS,
"environment_roles-1-environment_name": env_1.name,
"perms_env_mgmt": True,
"perms_team_mgmt": True,
"perms_del_env": True,
},
)
assert response.status_code == 302
expected_url = url_for(
"applications.view_new_application_step_3",
application_id=application.id,
_external=True,
)
assert response.location == expected_url
assert len(application.roles) == 1
assert len(app_role.environment_roles) == 1
assert app_role.environment_roles[0].environment == env
