Remove unused code in both the cloud interfaces and environment models. Also add tests for some untested code in the cloud interface.

2020-02-05 14:48:54 -05:00 · 2020-02-05 14:48:54 -05:00 · 13aca270ca
commit 13aca270ca
parent aaa4b401b5
11 changed files with 79 additions and 145 deletions
--- a/atst/domain/csp/cloud/azure_cloud_provider.py
+++ b/atst/domain/csp/cloud/azure_cloud_provider.py
@ -153,9 +153,9 @@ class AzureCloudProvider(CloudProviderInterface):
        creds = self._source_creds(payload.tenant_id)
        credentials = self._get_credential_obj(
            {
-                "client_id": creds.root_sp_client_id,
+                "client_id": creds.tenant_sp_client_id,
-                "secret_key": creds.root_sp_key,
+                "secret_key": creds.tenant_sp_key,
-                "tenant_id": creds.root_tenant_id,
+                "tenant_id": creds.tenant_id,
            },
            resource=self.sdk.cloud.endpoints.resource_manager,
        )
@ -169,43 +169,6 @@ class AzureCloudProvider(CloudProviderInterface):
        return EnvironmentCSPResult(**response)
    def create_atat_admin_user(
        self, auth_credentials: Dict, csp_environment_id: str
    ) -> Dict:
        root_creds = self._root_creds
        credentials = self._get_credential_obj(root_creds)
        sub_client = self.sdk.subscription.SubscriptionClient(credentials)
        subscription = sub_client.subscriptions.get(csp_environment_id)
        managment_principal = self._get_management_service_principal()
        auth_client = self.sdk.authorization.AuthorizationManagementClient(
            credentials,
            # TODO: Determine which subscription this needs to point at
            # Once we're in a multi-sub environment
            subscription.id,
        )
        # Create role assignment for
        role_assignment_id = str(uuid4())
        role_assignment_create_params = auth_client.role_assignments.models.RoleAssignmentCreateParameters(
            role_definition_id=REMOTE_ROOT_ROLE_DEF_ID,
            principal_id=managment_principal.id,
        )
        auth_client.role_assignments.create(
            scope=f"/subscriptions/{subscription.id}/",
            role_assignment_name=role_assignment_id,
            parameters=role_assignment_create_params,
        )
        return {
            "csp_user_id": managment_principal.object_id,
            "credentials": managment_principal.password_credentials,
            "role_name": role_assignment_id,
        }
    def create_application(self, payload: ApplicationCSPPayload):
        creds = self._source_creds(payload.tenant_id)
        credentials = self._get_credential_obj(
--- a/atst/domain/csp/cloud/cloud_provider_interface.py
+++ b/atst/domain/csp/cloud/cloud_provider_interface.py
@ -31,33 +31,6 @@ class CloudProviderInterface:
        """
        raise NotImplementedError()
    def create_atat_admin_user(
        self, auth_credentials: Dict, csp_environment_id: str
    ) -> Dict:
        """Creates a new, programmatic user in the CSP. Grants this user full permissions to administer
        the CSP.
        Arguments:
            auth_credentials -- Object containing CSP account credentials
            csp_environment_id -- ID of the CSP Environment the admin user should be created in
        Returns:
            object: Object representing new remote admin user, including credentials
            Something like:
            {
                "user_id": string,
                "credentials": dict, # structure TBD based on csp
            }
        Raises:
            AuthenticationException: Problem with the credentials
            AuthorizationException: Credentials not authorized for current action(s)
            ConnectionException: Issue with the CSP API connection
            UnknownServerException: Unknown issue on the CSP side
            UserProvisioningException: Problem creating the root user
        """
        raise NotImplementedError()
    def create_or_update_user(
        self, auth_credentials: Dict, user_info, csp_role_id: str
    ) -> str:
--- a/atst/domain/csp/cloud/mock_cloud_provider.py
+++ b/atst/domain/csp/cloud/mock_cloud_provider.py
@ -117,23 +117,6 @@ class MockCloudProvider(CloudProviderInterface):
            subscription_id="subscriptions/60fbbb72-0516-4253-ab18-c92432ba3230"
        )
    def create_atat_admin_user(self, auth_credentials, csp_environment_id):
        self._authorize(auth_credentials)
        self._delay(1, 5)
        self._maybe_raise(self.NETWORK_FAILURE_PCT, self.NETWORK_EXCEPTION)
        self._maybe_raise(self.SERVER_FAILURE_PCT, self.SERVER_EXCEPTION)
        self._maybe_raise(
            self.ATAT_ADMIN_CREATE_FAILURE_PCT,
            UserProvisioningException(
                csp_environment_id, "atat_admin", "Could not create admin user."
            ),
        )
        self._maybe_raise(self.UNAUTHORIZED_RATE, self.AUTHORIZATION_EXCEPTION)
        return {"id": self._id(), "credentials": self._auth_credentials}
    def create_tenant(self, payload: TenantCSPPayload):
        """
        payload is an instance of TenantCSPPayload data class
--- a/atst/domain/environment_roles.py
+++ b/atst/domain/environment_roles.py
@ -106,7 +106,7 @@ class EnvironmentRoles(object):
    def disable(cls, environment_role_id):
        environment_role = EnvironmentRoles.get_by_id(environment_role_id)
-        if environment_role.csp_user_id and not environment_role.environment.is_pending:
+        if environment_role.csp_user_id and not environment_role.environment.cloud_id:
            tenant_id = environment_role.environment.application.portfolio.csp_data.get(
                "tenant_id"
            )
--- a/atst/domain/environments.py
+++ b/atst/domain/environments.py
@ -126,7 +126,7 @@ class Environments(object):
        results = (
            cls.base_provision_query(now)
            .filter(Application.cloud_id != None)
-            .filter(Environment.cloud_id == None)
+            .filter(Environment.cloud_id.is_(None))
            .all()
        )
        return [id_ for id_, in results]
--- a/atst/models/environment.py
+++ b/atst/models/environment.py
@ -1,5 +1,3 @@
 from enum import Enum
 from sqlalchemy import Column, ForeignKey, String, UniqueConstraint
 from sqlalchemy.orm import relationship
@ -43,10 +41,6 @@ class Environment(
        ),
    )
    class ProvisioningStatus(Enum):
        PENDING = "pending"
        COMPLETED = "completed"
    @property
    def users(self):
        return {r.application_role.user for r in self.roles}
@ -67,17 +61,6 @@ class Environment(
    def portfolio_id(self):
        return self.application.portfolio_id
    @property
    def provisioning_status(self) -> ProvisioningStatus:
        if self.cloud_id is None:
            return self.ProvisioningStatus.PENDING
        else:
            return self.ProvisioningStatus.COMPLETED
    @property
    def is_pending(self):
        return self.provisioning_status == self.ProvisioningStatus.PENDING
    def __repr__(self):
        return "<Environment(name='{}', num_users='{}', application='{}', portfolio='{}', id='{}')>".format(
            self.name,
--- a/atst/routes/applications/settings.py
+++ b/atst/routes/applications/settings.py
@ -39,7 +39,6 @@ def get_environments_obj_for_app(application):
            {
                "id": env.id,
                "name": env.name,
                "pending": env.is_pending,
                "edit_form": EditEnvironmentForm(obj=env),
                "member_count": len(env.roles),
                "members": sorted(
--- a/tests/domain/cloud/test_azure_csp.py
+++ b/tests/domain/cloud/test_azure_csp.py
@ -2,11 +2,11 @@ import json
 from unittest.mock import Mock, patch
 from uuid import uuid4
 import pendulum
 import pydantic
 import pytest
 from tests.factories import ApplicationFactory, EnvironmentFactory
 from tests.mock_azure import AUTH_CREDENTIALS, mock_azure
 import pendulum
 import pydantic
 from atst.domain.csp.cloud import AzureCloudProvider
 from atst.domain.csp.cloud.models import (
@ -52,6 +52,7 @@ from atst.domain.csp.cloud.models import (
    TenantPrincipalCSPResult,
    TenantPrincipalOwnershipCSPPayload,
    TenantPrincipalOwnershipCSPResult,
    UserCSPPayload,
 )
 BILLING_ACCOUNT_NAME = "52865e4c-52e8-5a6c-da6b-c58f0814f06f:7ea5de9d-b8ce-4901-b1c5-d864320c7b03_2019-05-31"
@ -107,20 +108,6 @@ def test_create_application_succeeds(mock_azure: AzureCloudProvider):
    assert result.id == "Test Id"
 def test_create_atat_admin_user_succeeds(mock_azure: AzureCloudProvider):
    environment_id = str(uuid4())
    csp_user_id = str(uuid4)
    mock_azure.sdk.graphrbac.GraphRbacManagementClient.return_value.service_principals.create.return_value.object_id = (
        csp_user_id
    )
    result = mock_azure.create_atat_admin_user(AUTH_CREDENTIALS, environment_id)
    assert result.get("csp_user_id") == csp_user_id
 def test_create_policy_definition_succeeds(mock_azure: AzureCloudProvider):
    subscription_id = str(uuid4())
    management_group_id = str(uuid4())
@ -882,3 +869,72 @@ def test_set_secret(mock_azure: AzureCloudProvider):
        )
        assert mock_azure.set_secret("secret key", "secret_value") == "my secret"
 def test_create_active_directory_user(mock_azure: AzureCloudProvider):
    mock_result = Mock()
    mock_result.ok = True
    mock_result.json.return_value = {"id": "id"}
    mock_azure.sdk.requests.post.return_value = mock_result
    payload = UserCSPPayload(
        tenant_id=uuid4().hex,
        display_name="Test Testerson",
        tenant_host_name="testtenant",
        email="test@testerson.test",
        password="asdfghjkl",  # pragma: allowlist secret
    )
    result = mock_azure._create_active_directory_user("token", payload)
    assert result.id == "id"
 def test_update_active_directory_user_email(mock_azure: AzureCloudProvider):
    mock_result = Mock()
    mock_result.ok = True
    mock_azure.sdk.requests.patch.return_value = mock_result
    payload = UserCSPPayload(
        tenant_id=uuid4().hex,
        display_name="Test Testerson",
        tenant_host_name="testtenant",
        email="test@testerson.test",
        password="asdfghjkl",  # pragma: allowlist secret
    )
    result = mock_azure._update_active_directory_user_email(
        "token", uuid4().hex, payload
    )
    assert result
 def test_create_user(mock_azure: AzureCloudProvider):
    with patch.object(
        AzureCloudProvider,
        "_get_tenant_principal_token",
        wraps=mock_azure._get_tenant_principal_token,
    ) as _get_tenant_principal_token:
        _get_tenant_principal_token.return_value = "token"
        mock_result_create = Mock()
        mock_result_create.ok = True
        mock_result_create.json.return_value = {"id": "id"}
        mock_azure.sdk.requests.post.return_value = mock_result_create
        mock_result_update = Mock()
        mock_result_update.ok = True
        mock_azure.sdk.requests.patch.return_value = mock_result_update
        payload = UserCSPPayload(
            tenant_id=uuid4().hex,
            display_name="Test Testerson",
            tenant_host_name="testtenant",
            email="test@testerson.test",
            password="asdfghjkl",  # pragma: allowlist secret
        )
        result = mock_azure.create_user(payload)
        assert result.id == "id"
--- a/tests/domain/cloud/test_mock_csp.py
+++ b/tests/domain/cloud/test_mock_csp.py
@ -28,17 +28,6 @@ def test_create_environment(mock_csp: MockCloudProvider):
    assert isinstance(result, EnvironmentCSPResult)
 def test_create_admin_user(mock_csp: MockCloudProvider):
    admin_user = mock_csp.create_atat_admin_user(CREDENTIALS, "env_id")
    assert isinstance(admin_user["id"], str)
    assert isinstance(admin_user["credentials"], dict)
 def test_create_environment_baseline(mock_csp: MockCloudProvider):
    baseline = mock_csp.create_atat_admin_user(CREDENTIALS, "env_id")
    assert isinstance(baseline, dict)
 def test_create_or_update_user(mock_csp: MockCloudProvider):
    env_role = EnvironmentRoleFactory.create()
    csp_user_id = mock_csp.create_or_update_user(CREDENTIALS, env_role, "csp_role_id")
--- a/tests/domain/test_environment_roles.py
+++ b/tests/domain/test_environment_roles.py
@ -93,7 +93,7 @@ def test_disable_completed(application_role, environment):
 def test_disable_checks_env_provisioning_status(session):
    environment = EnvironmentFactory.create()
-    assert environment.is_pending
+    assert not environment.cloud_id
    env_role1 = EnvironmentRoleFactory.create(environment=environment)
    env_role1 = EnvironmentRoles.disable(env_role1.id)
    assert env_role1.disabled
@ -103,7 +103,7 @@ def test_disable_checks_env_provisioning_status(session):
    session.commit()
    session.refresh(environment)
-    assert not environment.is_pending
+    assert environment.cloud_id
    env_role2 = EnvironmentRoleFactory.create(environment=environment)
    env_role2 = EnvironmentRoles.disable(env_role2.id)
    assert env_role2.disabled
--- a/tests/models/test_environments.py
+++ b/tests/models/test_environments.py
@ -51,18 +51,6 @@ def test_audit_event_for_environment_deletion(session):
    assert after
@pytest.mark.parametrize(
    "env_data,expected_status",
    [
        [{"cloud_id": None,}, Environment.ProvisioningStatus.PENDING],
        [{"cloud_id": 1}, Environment.ProvisioningStatus.COMPLETED],
    ],
 )
 def test_environment_provisioning_status(env_data, expected_status):
    environment = EnvironmentFactory.create(**env_data)
    assert environment.provisioning_status == expected_status
 def test_environment_roles_do_not_include_deleted():
    member_list = [
        {"role_name": CSPRole.ADMIN},