pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge conflict

Browse Source
This commit is contained in:
Philip Kalinsky 2020-01-28 15:06:48 -05:00 committed by tomdds
parent ece4b20bcf
commit 1378fcfc15
6 changed files with 57 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
atst/domain/csp/cloud/azure_cloud_provider.py
View File

@ -24,6 +24,8 @@ from .models import (
BillingProfileTenantAccessCSPResult, BillingProfileTenantAccessCSPResult,
BillingProfileVerificationCSPPayload, BillingProfileVerificationCSPPayload,
BillingProfileVerificationCSPResult, BillingProfileVerificationCSPResult,
EnvironmentCSPPayload,
EnvironmentCSPResult,
KeyVaultCredentials, KeyVaultCredentials,
ManagementGroupCSPResponse, ManagementGroupCSPResponse,
ProductPurchaseCSPPayload, ProductPurchaseCSPPayload,
@ -135,24 +137,25 @@ class AzureCloudProvider(CloudProviderInterface):
exc_info=1, exc_info=1,
) )
def create_environment(self, auth_credentials: Dict, user, environment): def create_environment(self, payload: EnvironmentCSPPayload):
# since this operation would only occur within a tenant, should we source the tenant creds = self._source_creds(payload.tenant_id)
# via lookup from environment once we've created the portfolio csp data schema credentials = self._get_credential_obj(
# something like this: {
# environment_tenant = environment.application.portfolio.csp_data.get('tenant_id', None) "client_id": creds.root_sp_client_id,
# though we'd probably source the whole credentials for these calls from the portfolio csp "secret_key": creds.root_sp_key,
# data, as it would have to be where we store the creds for the at-at user within the portfolio tenant "tenant_id": creds.root_tenant_id,
# credentials = self._get_credential_obj(environment.application.portfolio.csp_data.get_creds()) },
credentials = self._get_credential_obj(self._root_creds) resource=AZURE_MANAGEMENT_API,
display_name = f"{environment.application.name}_{environment.name}_{environment.id}" # proposed format
management_group_id = "?" # management group id chained from environment
parent_id = "?" # from environment.application
management_group = self._create_management_group(
credentials, management_group_id, display_name, parent_id,
) )
return ManagementGroupCSPResponse(**management_group) response = self._create_management_group(
credentials,
payload.management_group_name,
payload.display_name,
payload.parent_id,
)
return EnvironmentCSPResult(**response)
def create_atat_admin_user( def create_atat_admin_user(
self, auth_credentials: Dict, csp_environment_id: str self, auth_credentials: Dict, csp_environment_id: str

37
atst/domain/csp/cloud/mock_cloud_provider.py
View File

@ -35,6 +35,8 @@ from .models import (
SubscriptionCreationCSPResult, SubscriptionCreationCSPResult,
SubscriptionVerificationCSPPayload, SubscriptionVerificationCSPPayload,
SuscriptionVerificationCSPResult, SuscriptionVerificationCSPResult,
EnvironmentCSPPayload,
EnvironmentCSPResult,
TaskOrderBillingCreationCSPPayload, TaskOrderBillingCreationCSPPayload,
TaskOrderBillingCreationCSPResult, TaskOrderBillingCreationCSPResult,
TaskOrderBillingVerificationCSPPayload, TaskOrderBillingVerificationCSPPayload,
@ -91,34 +93,6 @@ class MockCloudProvider(CloudProviderInterface):
def get_secret(self, secret_key: str, default=dict()): def get_secret(self, secret_key: str, default=dict()):
return default return default
def create_environment(self, auth_credentials, user, environment):
self._authorize(auth_credentials)
self._delay(1, 5)
self._maybe_raise(self.NETWORK_FAILURE_PCT, self.NETWORK_EXCEPTION)
self._maybe_raise(self.SERVER_FAILURE_PCT, self.SERVER_EXCEPTION)
self._maybe_raise(
self.ENV_CREATE_FAILURE_PCT,
EnvironmentCreationException(
environment.id, "Could not create environment."
),
)
csp_environment_id = self._id()
self._delay(1, 5)
self._maybe_raise(self.NETWORK_FAILURE_PCT, self.NETWORK_EXCEPTION)
self._maybe_raise(self.SERVER_FAILURE_PCT, self.SERVER_EXCEPTION)
self._maybe_raise(
self.ATAT_ADMIN_CREATE_FAILURE_PCT,
BaselineProvisionException(
csp_environment_id, "Could not create environment baseline."
),
)
self._maybe_raise(self.UNAUTHORIZED_RATE, self.AUTHORIZATION_EXCEPTION)
return csp_environment_id
def create_subscription(self, payload: SubscriptionCreationCSPPayload): def create_subscription(self, payload: SubscriptionCreationCSPPayload):
return self.create_subscription_creation(payload) return self.create_subscription_creation(payload)
@ -482,6 +456,13 @@ class MockCloudProvider(CloudProviderInterface):
return UserCSPResult(id=str(uuid4())) return UserCSPResult(id=str(uuid4()))
def create_environment(self, payload: EnvironmentCSPPayload):
self._maybe_raise(self.UNAUTHORIZED_RATE, GeneralCSPException)
return EnvironmentCSPResult(
id=f"{AZURE_MGMNT_PATH}{payload.management_group_name}"
)
def get_credentials(self, scope="portfolio", tenant_id=None): def get_credentials(self, scope="portfolio", tenant_id=None):
return self.root_creds() return self.root_creds()

8
atst/domain/csp/cloud/models.py
View File

@ -358,6 +358,14 @@ class ApplicationCSPResult(ManagementGroupCSPResponse):
pass pass
class EnvironmentCSPPayload(ManagementGroupCSPPayload):
pass
class EnvironmentCSPResult(ManagementGroupCSPResponse):
pass
class KeyVaultCredentials(BaseModel): class KeyVaultCredentials(BaseModel):
root_sp_client_id: Optional[str] root_sp_client_id: Optional[str]
root_sp_key: Optional[str] root_sp_key: Optional[str]

2
atst/domain/environments.py
View File

@ -124,7 +124,7 @@ class Environments(object):
Any environment with an active CLIN that doesn't yet have a `cloud_id`. Any environment with an active CLIN that doesn't yet have a `cloud_id`.
""" """
results = ( results = (
cls.base_provision_query(now).filter(Environment.cloud_id == None).all() cls.base_provision_query(now).filter(Application.cloud_id != None).all()
) )
return [id_ for id_, in results] return [id_ for id_, in results]

36
atst/jobs.py
View File

@ -12,7 +12,11 @@ from atst.domain.portfolios import Portfolios
from atst.domain.application_roles import ApplicationRoles from atst.domain.application_roles import ApplicationRoles
from atst.models.utils import claim_for_update, claim_many_for_update from atst.models.utils import claim_for_update, claim_many_for_update
from atst.utils.localization import translate from atst.utils.localization import translate
from atst.domain.csp.cloud.models import ApplicationCSPPayload, UserCSPPayload from atst.domain.csp.cloud.models import (
ApplicationCSPPayload,
EnvironmentCSPPayload,
UserCSPPayload,
)
class RecordFailure(celery.Task): class RecordFailure(celery.Task):
@ -109,34 +113,20 @@ def do_create_environment(csp: CloudProviderInterface, environment_id=None):
with claim_for_update(environment) as environment: with claim_for_update(environment) as environment:
if environment.cloud_id is not None: if environment.cloud_id is not None:
# TODO: Return value for this?
return return
user = environment.creator csp_details = environment.application.portfolio.csp_data
parent_id = environment.application.cloud_id
tenant_id = csp_details.get("tenant_id")
payload = EnvironmentCSPPayload(
tenant_id=tenant_id, display_name=application.name, parent_id=parent_id
)
# we'll need to do some checking in this job for cases where it's retrying env_result = csp.create_environment(payload)
# when a failure occured after some successful steps environment.cloud_id = env_result.id
# (e.g. if environment.cloud_id is not None, then we can skip first step)
# credentials either from a given user or pulled from config?
# if using global creds, do we need to log what user authorized action?
atat_root_creds = csp.root_creds()
# user is needed because baseline root account in the environment will
# be assigned to the requesting user, open question how to handle duplicate
# email addresses across new environments
csp_environment_id = csp.create_environment(atat_root_creds, user, environment)
environment.cloud_id = csp_environment_id
db.session.add(environment) db.session.add(environment)
db.session.commit() db.session.commit()
body = render_email(
"emails/application/environment_ready.txt", {"environment": environment}
)
app.mailer.send(
[environment.creator.email], translate("email.environment_ready"), body
)
def do_create_atat_admin_user(csp: CloudProviderInterface, environment_id=None): def do_create_atat_admin_user(csp: CloudProviderInterface, environment_id=None):
environment = Environments.get(environment_id) environment = Environments.get(environment_id)

10
tests/domain/cloud/test_azure_csp.py
View File

@ -20,6 +20,8 @@ from atst.domain.csp.cloud.models import (
BillingProfileTenantAccessCSPResult, BillingProfileTenantAccessCSPResult,
BillingProfileVerificationCSPPayload, BillingProfileVerificationCSPPayload,
BillingProfileVerificationCSPResult, BillingProfileVerificationCSPResult,
EnvironmentCSPPayload,
EnvironmentCSPResult,
ProductPurchaseCSPPayload, ProductPurchaseCSPPayload,
ProductPurchaseCSPResult, ProductPurchaseCSPResult,
ProductPurchaseVerificationCSPPayload, ProductPurchaseVerificationCSPPayload,
@ -57,12 +59,14 @@ def mock_management_group_create(mock_azure, spec_dict):
def test_create_environment_succeeds(mock_azure: AzureCloudProvider): def test_create_environment_succeeds(mock_azure: AzureCloudProvider):
environment = EnvironmentFactory.create() environment = EnvironmentFactory.create()
mock_management_group_create(mock_azure, {"id": "Test Id"}) mock_management_group_create(mock_azure, {"id": "Test Id"})
result = mock_azure.create_environment( mock_azure = mock_get_secret(mock_azure, lambda *a, **k: json.dumps(MOCK_CREDS))
AUTH_CREDENTIALS, environment.creator, environment
payload = EnvironmentCSPPayload(
tenant_id="1234", display_name=environment.name, parent_id=str(uuid4())
) )
result = mock_azure.create_environment(payload)
assert result.id == "Test Id" assert result.id == "Test Id"