Add hook to CSP when creating environment role

atst/domain/csp/cloud.py

@@ -8,9 +8,23 @@ class CloudProviderInterface:
         """
         raise NotImplementedError()
 
+    def create_role(self, environment_role):  # pragma: no cover
+        """Takes an `atst.model.EnvironmentRole` object and allows the
+        specified user access to the specified cloud entity.
+
+        This _does not_ return a token, but is intended to perform any necessary
+        setup to allow a token to be generated in the future (for example,
+        add the user to the cloud entity in some fashion).
+        """
+        raise NotImplementedError()
+
 
 class MockCloudProvider(CloudProviderInterface):
     def create_application(self, name):
         """Returns an id that represents what would be an application in the
         cloud."""
         return uuid4().hex
+
+    def create_role(self, environment_role):
+        # Currently, there is nothing to mock out, so just do nothing.
+        pass

atst/domain/environment_roles.py

@@ -1,8 +1,16 @@
+from flask import current_app as app
+
 from atst.models.environment_role import EnvironmentRole
 from atst.database import db
 
 
 class EnvironmentRoles(object):
+    @classmethod
+    def create(cls, user, environment, role):
+        env_role = EnvironmentRole(user=user, environment=environment, role=role)
+        app.csp.cloud.create_role(env_role)
+        return env_role
+
     @classmethod
     def get(cls, user_id, environment_id):
         existing_env_role = (

atst/domain/environments.py

@@ -31,7 +31,7 @@ class Environments(object):
 
     @classmethod
     def add_member(cls, environment, user, role):
-        environment_user = EnvironmentRole(
+        environment_user = EnvironmentRoles.create(
             user=user, environment=environment, role=role
         )
         db.session.add(environment_user)
@@ -86,7 +86,7 @@ class Environments(object):
                     updated = True
                     db.session.add(env_role)
                 elif not env_role:
-                    env_role = EnvironmentRole(
+                    env_role = EnvironmentRoles.create(
                         user=workspace_role.user, environment=environment, role=new_role
                     )
                     updated = True