def disable(cls, application_role): cls._update_status(application_role, ApplicationRoleStatus.DISABLED) application_role.deleted = True for env in application_role.application.environments: EnvironmentRoles.delete( application_role_id=application_role.id, environment_id=env.id ) db.session.add(application_role) db.session.commit()
def test_disable_checks_env_role_provisioning_status(): environment = EnvironmentFactory.create( cloud_id="cloud-id", root_user_info={"credentials": "credentials"}) env_role1 = EnvironmentRoleFactory.create(environment=environment) assert not env_role1.csp_user_id env_role1 = EnvironmentRoles.disable(env_role1.id) assert env_role1.disabled env_role2 = EnvironmentRoleFactory.create(environment=environment, csp_user_id="123456") assert env_role2.csp_user_id env_role2 = EnvironmentRoles.disable(env_role2.id) assert env_role2.disabled
def access_environment(environment_id): env_role = EnvironmentRoles.get_by_user_and_environment( g.current_user.id, environment_id) login_url = app.csp.cloud.get_environment_login_url(env_role.environment) return redirect(url_for("atst.csp_environment_access", login_url=login_url))
def get_members_data(application): members_data = [] for member in application.members: permission_sets = filter_perm_sets_data(member) roles = EnvironmentRoles.get_for_application_member(member.id) environment_roles = filter_env_roles_data(roles) env_roles_form_data = filter_env_roles_form_data( member, application.environments ) form = UpdateMemberForm( environment_roles=env_roles_form_data, **permission_sets ) update_invite_form = None if member.latest_invitation and member.latest_invitation.can_resend: update_invite_form = MemberForm(obj=member.latest_invitation) else: update_invite_form = MemberForm() members_data.append( { "role_id": member.id, "user_name": member.user_name, "permission_sets": permission_sets, "environment_roles": environment_roles, "role_status": member.status.value, "form": form, "update_invite_form": update_invite_form, } ) return members_data
def test_create(application_role, environment, monkeypatch): environment_role = EnvironmentRoles.create(application_role, environment, "network admin") assert environment_role.application_role == application_role assert environment_role.environment == environment assert environment_role.role == "network admin"
def get_members_data(application): members_data = [] for member in application.members: permission_sets = filter_perm_sets_data(member) roles = EnvironmentRoles.get_for_application_member(member.id) environment_roles = filter_env_roles_data(roles) env_roles_form_data = filter_env_roles_form_data( member, application.environments) form = UpdateMemberForm(environment_roles=env_roles_form_data, **permission_sets) update_invite_form = (MemberForm( obj=member.latest_invitation) if member.latest_invitation and member.latest_invitation.can_resend else MemberForm()) members_data.append({ "role_id": member.id, "user_name": member.user_name, "permission_sets": permission_sets, "environment_roles": environment_roles, "role_status": member.display_status, "form": form, "update_invite_form": update_invite_form, }) return sorted(members_data, key=lambda member: member["user_name"])
def test_get_for_application_member(application_role, environment): EnvironmentRoleFactory.create(application_role=application_role, environment=environment) roles = EnvironmentRoles.get_for_application_member(application_role.id) assert len(roles) == 1 assert roles[0].environment == environment assert roles[0].application_role == application_role
def test_update_env_role_no_access(): env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value) assert Environments.update_env_role(env_role.environment, env_role.application_role, None) assert not EnvironmentRoles.get(env_role.application_role.id, env_role.environment.id)
def wrap_environment_role_lookup(user, environment_id=None, **kwargs): env_role = EnvironmentRoles.get_by_user_and_environment( user.id, environment_id) if not env_role: raise UnauthorizedError(user, "access environment {}".format(environment_id)) return True
def test_get_for_application_member_does_not_return_deleted( application_role, environment): EnvironmentRoleFactory.create(application_role=application_role, environment=environment, deleted=True) roles = EnvironmentRoles.get_for_application_member(application_role.id) assert len(roles) == 0
def test_disable_checks_env_provisioning_status(session): environment = EnvironmentFactory.create() assert environment.is_pending env_role1 = EnvironmentRoleFactory.create(environment=environment) env_role1 = EnvironmentRoles.disable(env_role1.id) assert env_role1.disabled environment.cloud_id = "cloud-id" environment.root_user_info = {"credentials": "credentials"} session.add(environment) session.commit() session.refresh(environment) assert not environment.is_pending env_role2 = EnvironmentRoleFactory.create(environment=environment) env_role2 = EnvironmentRoles.disable(env_role2.id) assert env_role2.disabled
def test_get_for_update(application_role, environment): EnvironmentRoleFactory.create(application_role=application_role, environment=environment, deleted=True) role = EnvironmentRoles.get_for_update(application_role.id, environment.id) assert role assert role.application_role == application_role assert role.environment == environment assert role.deleted
def test_get(application_role, environment): EnvironmentRoleFactory.create(application_role=application_role, environment=environment) environment_role = EnvironmentRoles.get(application_role.id, environment.id) assert environment_role assert environment_role.application_role == application_role assert environment_role.environment == environment
def portfolio_applications(portfolio_id): user_env_roles = EnvironmentRoles.for_user(g.current_user.id, portfolio_id) environment_access = { env_role.environment_id: env_role.role for env_role in user_env_roles } return render_template( "applications/index.html", environment_access=environment_access )
def add_applications_to_portfolio(portfolio): applications = random_applications() for application_data in applications: application = Applications.create( portfolio.owner, portfolio=portfolio, name=application_data["name"], description=application_data["description"], environment_names=application_data["environments"], ) users = random.sample(APPLICATION_USERS, k=random.randint(1, 5)) for user_data in users: try: user = Users.get_by_dod_id(user_data["dod_id"]) except NotFoundError: user = Users.create( user_data["dod_id"], None, first_name=user_data["first_name"], last_name=user_data["last_name"], email=user_data["email"], ) app_role = ApplicationRoles.create( user=user, application=application, permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM], ) ApplicationInvitations.create(portfolio.owner, app_role, user_data, commit=True) user_environments = random.sample( application.environments, k=random.randint(1, len(application.environments)), ) for env in user_environments: role = random.choice([e.value for e in CSPRole]) EnvironmentRoles.create(application_role=app_role, environment=env, role=role)
def test_disable_completed(application_role, environment): environment_role = EnvironmentRoleFactory.create( application_role=application_role, environment=environment, status=EnvironmentRole.Status.COMPLETED, ) environment_role = EnvironmentRoles.disable(environment_role.id) assert environment_role.disabled
def test_environment_roles_do_not_include_deleted(): member_list = [ { "role_name": CSPRole.BASIC_ACCESS.value }, { "role_name": CSPRole.BASIC_ACCESS.value }, { "role_name": CSPRole.BASIC_ACCESS.value }, ] env = EnvironmentFactory.create(members=member_list) role_1 = env.roles[0] role_2 = env.roles[1] EnvironmentRoles.delete(role_1.application_role_id, env.id) EnvironmentRoles.disable(role_2.id) assert len(env.roles) == 2
def do_provision_user(csp: CloudProviderInterface, environment_role_id=None): environment_role = EnvironmentRoles.get_by_id(environment_role_id) with claim_for_update(environment_role) as environment_role: credentials = environment_role.environment.csp_credentials csp_user_id = csp.create_or_update_user(credentials, environment_role, environment_role.role) environment_role.csp_user_id = csp_user_id environment_role.status = EnvironmentRole.Status.COMPLETED db.session.add(environment_role) db.session.commit()
def update_env_role(cls, environment, application_role, new_role): env_role = EnvironmentRoles.get_for_update(application_role.id, environment.id) if env_role and new_role and (env_role.disabled or env_role.deleted): raise DisabledError("environment_role", env_role.id) if env_role and env_role.role != new_role and not env_role.disabled: env_role.role = new_role db.session.add(env_role) elif not env_role and new_role: env_role = EnvironmentRoles.create( application_role=application_role, environment=environment, role=new_role, ) db.session.add(env_role) if env_role and not new_role and not env_role.disabled: EnvironmentRoles.disable(env_role.id) db.session.commit()
def test_environment_roles(): application = ApplicationFactory.create() environment1 = EnvironmentFactory.create(application=application) environment2 = EnvironmentFactory.create(application=application) user = UserFactory.create() application_role = ApplicationRoleFactory.create(application=application, user=user) environment_role1 = EnvironmentRoleFactory.create( environment=environment1, application_role=application_role) EnvironmentRoleFactory.create(environment=environment2, application_role=application_role, deleted=True) assert not EnvironmentRoles.get_by_user_and_environment( user.id, environment2.id)
def update_env_role(cls, environment, application_role, new_role): updated = False if new_role is None: updated = EnvironmentRoles.delete(application_role.id, environment.id) else: env_role = EnvironmentRoles.get(application_role.id, environment.id) if env_role and env_role.role != new_role: env_role.role = new_role updated = True db.session.add(env_role) elif not env_role: env_role = EnvironmentRoles.create( application_role=application_role, environment=environment, role=new_role, ) updated = True db.session.add(env_role) if updated: db.session.commit() return updated
def test_get_members_data(app, client, user_session): user = UserFactory.create() application = ApplicationFactory.create(environments=[{ "name": "testing", "members": [{ "user": user, "role_name": CSPRole.BASIC_ACCESS.value }], }]) environment = application.environments[0] app_role = ApplicationRoles.get(user_id=user.id, application_id=application.id) env_role = EnvironmentRoles.get(application_role_id=app_role.id, environment_id=environment.id) user_session(application.portfolio.owner) with captured_templates(app) as templates: response = app.test_client().get( url_for("applications.settings", application_id=application.id)) assert response.status_code == 200 _, context = templates[-1] member = context["members"][0] assert member["role_id"] == app_role.id assert member["user_name"] == user.full_name assert member["permission_sets"] == { "perms_team_mgmt": False, "perms_env_mgmt": False, "perms_del_env": False, } assert member["environment_roles"] == [{ "environment_id": str(environment.id), "environment_name": environment.name, "role": env_role.role, }] assert member["role_status"] assert isinstance(member["form"], UpdateMemberForm)
def test_for_user(application_role): portfolio = application_role.application.portfolio user = application_role.user # create roles for 2 environments associated with application_role fixture env_role_1 = EnvironmentRoleFactory.create( application_role=application_role) env_role_2 = EnvironmentRoleFactory.create( application_role=application_role) # create role for environment in a different app in same portfolio application = ApplicationFactory.create(portfolio=portfolio) env_role_3 = EnvironmentRoleFactory.create( application_role=ApplicationRoleFactory.create(application=application, user=user)) # create role for environment for random user in app2 rando_app_role = ApplicationRoleFactory.create(application=application) rando_env_role = EnvironmentRoleFactory.create( application_role=rando_app_role) env_roles = EnvironmentRoles.for_user(user.id, portfolio.id) assert len(env_roles) == 3 assert env_roles == [env_role_1, env_role_2, env_role_3] assert not rando_env_role in env_roles
def dispatch_provision_user(self): for (environment_role_id ) in EnvironmentRoles.get_environment_roles_pending_creation(): provision_user.delay(environment_role_id=environment_role_id)
def revoke_access(cls, environment, target_user): EnvironmentRoles.delete(environment.id, target_user.id)
def test_delete(application_role, environment, monkeypatch): env_role = EnvironmentRoleFactory.create(application_role=application_role, environment=environment) assert EnvironmentRoles.delete(application_role.id, environment.id) assert not EnvironmentRoles.delete(application_role.id, environment.id)
def test_get_by_user_and_environment(application_role, environment): expected_role = EnvironmentRoleFactory.create( application_role=application_role, environment=environment) actual_role = EnvironmentRoles.get_by_user_and_environment( application_role.user.id, environment.id) assert expected_role == actual_role