diff --git a/alembic/versions/828d8c188dce_update_environment_roles_enum_list.py b/alembic/versions/828d8c188dce_update_environment_roles_enum_list.py new file mode 100644 index 00000000..450ece6e --- /dev/null +++ b/alembic/versions/828d8c188dce_update_environment_roles_enum_list.py @@ -0,0 +1,58 @@ +"""update environment_roles enum list + +Revision ID: 828d8c188dce +Revises: 5d7198d34b91 +Create Date: 2020-01-08 16:08:03.879881 + +""" +from alembic import op +import sqlalchemy as sa + +# revision identifiers, used by Alembic. +revision = '828d8c188dce' # pragma: allowlist secret +down_revision = '5d7198d34b91' # pragma: allowlist secret +branch_labels = None +depends_on = None + + +def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### + conn = op.get_bind() + conn.execute( + """ + UPDATE environment_roles + SET role = NULL + """ + ) + + op.alter_column( + "environment_roles", + "role", + type_=sa.Enum( + "ADMIN", + "BILLING_READ", + "CONTRIBUTOR", + name="role", + native_enum=False, + ), + existing_type=sa.VARCHAR(), + nullable=True, + ) + # ### end Alembic commands ### + + +def downgrade(): + # ### commands auto generated by Alembic - please adjust! ### + op.alter_column( + "environment_roles", + "status", + type_=sa.VARCHAR(), + existing_type=sa.Enum( + "ADMIN", + "BILLING_READ", + "CONTRIBUTOR", + name="status", + native_enum=False, + ), + ) + # ### end Alembic commands ### diff --git a/atst/forms/data.py b/atst/forms/data.py index 5f1f9532..bb728686 100644 --- a/atst/forms/data.py +++ b/atst/forms/data.py @@ -14,7 +14,7 @@ SERVICE_BRANCHES = [ ] ENV_ROLE_NO_ACCESS = "No Access" -ENV_ROLES = [(role.value, role.value) for role in CSPRole] + [ +ENV_ROLES = [(role.name, role.value) for role in CSPRole] + [ (ENV_ROLE_NO_ACCESS, ENV_ROLE_NO_ACCESS) ] diff --git a/atst/models/environment_role.py b/atst/models/environment_role.py index 5b3a2c27..21f033e0 100644 --- a/atst/models/environment_role.py +++ b/atst/models/environment_role.py @@ -9,10 +9,9 @@ import atst.models.types as types class CSPRole(Enum): - BASIC_ACCESS = "Basic Access" - NETWORK_ADMIN = "Network Admin" - BUSINESS_READ = "Business Read-only" - TECHNICAL_READ = "Technical Read-only" + ADMIN = "Admin" + BILLING_READ = "Billing Read-only" + CONTRIBUTOR = "Contributor" class EnvironmentRole( @@ -26,7 +25,7 @@ class EnvironmentRole( ) environment = relationship("Environment") - role = Column(String()) + role = Column(SQLAEnum(CSPRole, native_enum=False), nullable=True) application_role_id = Column( UUID(as_uuid=True), ForeignKey("application_roles.id"), nullable=False diff --git a/atst/routes/applications/settings.py b/atst/routes/applications/settings.py index 92226e89..60010d02 100644 --- a/atst/routes/applications/settings.py +++ b/atst/routes/applications/settings.py @@ -99,7 +99,7 @@ def filter_env_roles_form_data(member, environments): if len(env_roles_set) == 1: (env_role,) = env_roles_set - env_data["role"] = env_role.role + env_data["role"] = env_role.role.name env_data["disabled"] = env_role.disabled env_roles_form_data.append(env_data) diff --git a/templates/applications/fragments/members.html b/templates/applications/fragments/members.html index d6fb7290..6f240272 100644 --- a/templates/applications/fragments/members.html +++ b/templates/applications/fragments/members.html @@ -126,7 +126,7 @@ {{ env.environment_name }} - : {{ env.role }} + : {{ env.role.value }} {% endfor %} diff --git a/tests/domain/test_applications.py b/tests/domain/test_applications.py index 50ae8038..9fda3114 100644 --- a/tests/domain/test_applications.py +++ b/tests/domain/test_applications.py @@ -147,7 +147,7 @@ def test_invite(): user_data=user_data, permission_sets_names=permission_sets_names, environment_roles_data=[ - {"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value}, + {"environment_id": env1.id, "role": CSPRole.ADMIN}, {"environment_id": env2.id, "role": None}, ], ) @@ -173,8 +173,8 @@ def test_invite_to_nonexistent_environment(): inviter=application.portfolio.owner, user_data=user_data, environment_roles_data=[ - {"environment_id": env1.id, "role": CSPRole.BASIC_ACCESS.value}, - {"environment_id": uuid4(), "role": CSPRole.BASIC_ACCESS.value}, + {"environment_id": env1.id, "role": CSPRole.ADMIN}, + {"environment_id": uuid4(), "role": CSPRole.ADMIN}, ], ) diff --git a/tests/domain/test_environments.py b/tests/domain/test_environments.py index 298f2675..ff4b8605 100644 --- a/tests/domain/test_environments.py +++ b/tests/domain/test_environments.py @@ -26,8 +26,8 @@ def test_create_environments(): def test_update_env_role(): - env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value) - new_role = CSPRole.TECHNICAL_READ.value + env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN) + new_role = CSPRole.BILLING_READ Environments.update_env_role( env_role.environment, env_role.application_role, new_role ) @@ -35,7 +35,7 @@ def test_update_env_role(): def test_update_env_role_no_access(): - env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value) + env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN) Environments.update_env_role(env_role.environment, env_role.application_role, None) assert not EnvironmentRoles.get( @@ -46,15 +46,13 @@ def test_update_env_role_no_access(): def test_update_env_role_disabled_role(): - env_role = EnvironmentRoleFactory.create(role=CSPRole.BASIC_ACCESS.value) + env_role = EnvironmentRoleFactory.create(role=CSPRole.ADMIN) Environments.update_env_role(env_role.environment, env_role.application_role, None) # An exception should be raised when a new role is passed to Environments.update_env_role with pytest.raises(DisabledError): Environments.update_env_role( - env_role.environment, - env_role.application_role, - CSPRole.TECHNICAL_READ.value, + env_role.environment, env_role.application_role, CSPRole.BILLING_READ, ) assert env_role.role is None diff --git a/tests/factories.py b/tests/factories.py index 8ed74dd0..0b2eae2c 100644 --- a/tests/factories.py +++ b/tests/factories.py @@ -255,7 +255,7 @@ class EnvironmentRoleFactory(Base): model = EnvironmentRole environment = factory.SubFactory(EnvironmentFactory) - role = random.choice([e.value for e in CSPRole]) + role = random.choice([e for e in CSPRole]) application_role = factory.SubFactory(ApplicationRoleFactory) diff --git a/tests/models/test_environments.py b/tests/models/test_environments.py index 759a6df8..4360cc93 100644 --- a/tests/models/test_environments.py +++ b/tests/models/test_environments.py @@ -28,7 +28,7 @@ def test_add_user_to_environment(): EnvironmentRoleFactory.create( application_role=application_role, environment=dev_environment, - role=CSPRole.BASIC_ACCESS.value, + role=CSPRole.ADMIN, ) assert developer in dev_environment.users @@ -75,9 +75,9 @@ def test_environment_provisioning_status(env_data, expected_status): def test_environment_roles_do_not_include_deleted(): member_list = [ - {"role_name": CSPRole.BASIC_ACCESS.value}, - {"role_name": CSPRole.BASIC_ACCESS.value}, - {"role_name": CSPRole.BASIC_ACCESS.value}, + {"role_name": CSPRole.ADMIN}, + {"role_name": CSPRole.ADMIN}, + {"role_name": CSPRole.ADMIN}, ] env = EnvironmentFactory.create(members=member_list) role_1 = env.roles[0] diff --git a/tests/routes/applications/test_init.py b/tests/routes/applications/test_init.py index b014bf27..6691d5d9 100644 --- a/tests/routes/applications/test_init.py +++ b/tests/routes/applications/test_init.py @@ -9,9 +9,7 @@ def test_environment_access_with_env_role(client, user_session): app_role = ApplicationRoleFactory.create( user=user, application=environment.application ) - EnvironmentRoleFactory.create( - application_role=app_role, environment=environment, role="developer" - ) + EnvironmentRoleFactory.create(application_role=app_role, environment=environment) user_session(user) response = client.get( url_for("applications.access_environment", environment_id=environment.id) diff --git a/tests/routes/applications/test_new.py b/tests/routes/applications/test_new.py index 045ac19e..f3f54c44 100644 --- a/tests/routes/applications/test_new.py +++ b/tests/routes/applications/test_new.py @@ -153,7 +153,7 @@ def test_post_new_member(monkeypatch, client, user_session, session): "user_data-dod_id": user.dod_id, "user_data-email": user.email, "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, @@ -201,7 +201,7 @@ def test_post_update_member(client, user_session): ), data={ "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, diff --git a/tests/routes/applications/test_settings.py b/tests/routes/applications/test_settings.py index e2c8169f..b1b1980c 100644 --- a/tests/routes/applications/test_settings.py +++ b/tests/routes/applications/test_settings.py @@ -129,11 +129,11 @@ def test_edit_application_environments_obj(app, client, user_session): env = application.environments[0] app_role1 = ApplicationRoleFactory.create(application=application) env_role1 = EnvironmentRoleFactory.create( - application_role=app_role1, environment=env, role=CSPRole.BASIC_ACCESS.value + application_role=app_role1, environment=env, role=CSPRole.ADMIN ) app_role2 = ApplicationRoleFactory.create(application=application, user=None) env_role2 = EnvironmentRoleFactory.create( - application_role=app_role2, environment=env, role=CSPRole.NETWORK_ADMIN.value + application_role=app_role2, environment=env, role=CSPRole.CONTRIBUTOR ) user_session(portfolio.owner) @@ -180,7 +180,7 @@ def test_get_members_data(app, client, user_session): environments=[ { "name": "testing", - "members": [{"user": user, "role_name": CSPRole.BASIC_ACCESS.value}], + "members": [{"user": user, "role_name": CSPRole.ADMIN}], } ], ) @@ -402,7 +402,7 @@ def test_create_member(monkeypatch, client, user_session, session): "user_data-dod_id": user.dod_id, "user_data-email": user.email, "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, @@ -511,10 +511,10 @@ def test_update_member(client, user_session, session): env_2 = EnvironmentFactory.create(application=application) # add user to two of the environments: env and env_1 updated_role = EnvironmentRoleFactory.create( - environment=env, application_role=app_role, role=CSPRole.BASIC_ACCESS.value + environment=env, application_role=app_role, role=CSPRole.ADMIN ) suspended_role = EnvironmentRoleFactory.create( - environment=env_1, application_role=app_role, role=CSPRole.BASIC_ACCESS.value + environment=env_1, application_role=app_role, role=CSPRole.ADMIN ) user_session(application.portfolio.owner) @@ -528,13 +528,13 @@ def test_update_member(client, user_session, session): ), data={ "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": CSPRole.TECHNICAL_READ.value, + "environment_roles-0-role": "CONTRIBUTOR", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-environment_name": env_1.name, "environment_roles-1-disabled": "True", "environment_roles-2-environment_id": env_2.id, - "environment_roles-2-role": CSPRole.NETWORK_ADMIN.value, + "environment_roles-2-role": "BILLING_READ", "environment_roles-2-environment_name": env_2.name, "perms_env_mgmt": True, "perms_team_mgmt": True, @@ -565,7 +565,7 @@ def test_update_member(client, user_session, session): environment_roles = application.roles[0].environment_roles # check that the user has roles in the correct envs assert len(environment_roles) == 3 - assert updated_role.role == CSPRole.TECHNICAL_READ.value + assert updated_role.role == CSPRole.CONTRIBUTOR assert suspended_role.disabled @@ -695,7 +695,7 @@ def test_handle_create_member(monkeypatch, set_g, session): "user_data-dod_id": user.dod_id, "user_data-email": user.email, "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, @@ -718,7 +718,7 @@ def test_handle_create_member(monkeypatch, set_g, session): assert job_mock.called -def test_handle_update_member(set_g): +def test_handle_update_member_success(set_g): user = UserFactory.create() application = ApplicationFactory.create( environments=[{"name": "Naboo"}, {"name": "Endor"}] @@ -732,7 +732,7 @@ def test_handle_update_member(set_g): form_data = ImmutableMultiDict( { "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, @@ -772,7 +772,7 @@ def test_handle_update_member_with_error(set_g, monkeypatch, mock_logger): form_data = ImmutableMultiDict( { "environment_roles-0-environment_id": env.id, - "environment_roles-0-role": "Basic Access", + "environment_roles-0-role": "ADMIN", "environment_roles-0-environment_name": env.name, "environment_roles-1-environment_id": env_1.id, "environment_roles-1-role": NO_ACCESS, diff --git a/tests/test_access.py b/tests/test_access.py index 4cc6a6a2..8b26010c 100644 --- a/tests/test_access.py +++ b/tests/test_access.py @@ -213,7 +213,7 @@ def test_applications_access_environment_access(get_url_assert_status): "environments": [ { "name": "thebar", - "members": [{"user": dev, "role_name": "devops"}], + "members": [{"user": dev, "role_name": "ADMIN"}], } ], } diff --git a/tests/test_jobs.py b/tests/test_jobs.py index c60794fa..1ea793f0 100644 --- a/tests/test_jobs.py +++ b/tests/test_jobs.py @@ -24,7 +24,7 @@ from tests.factories import ( PortfolioFactory, ApplicationRoleFactory, ) -from atst.models import EnvironmentRole, ApplicationRoleStatus +from atst.models import CSPRole, EnvironmentRole, ApplicationRoleStatus @pytest.fixture(autouse=True, scope="function") @@ -293,7 +293,7 @@ def test_do_provision_user(csp, session): environment_role = EnvironmentRoleFactory.create( environment=provisioned_environment, status=EnvironmentRole.Status.PENDING, - role="my_role", + role="ADMIN", ) # When I call the user provisoning task @@ -302,7 +302,7 @@ def test_do_provision_user(csp, session): session.refresh(environment_role) # I expect that the CSP create_or_update_user method will be called csp.create_or_update_user.assert_called_once_with( - credentials, environment_role, "my_role" + credentials, environment_role, CSPRole.ADMIN ) # I expect that the EnvironmentRole now has a csp_user_id assert environment_role.csp_user_id