pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Environment level user provisioning

Browse Source
This commit is contained in:
tomdds 2020-02-04 15:16:18 -05:00
parent 17ec944ad5
commit 1a7db62dac
10 changed files with 42 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
alembic/versions/0039308c6351_remove_root_user_info_from_environment.py Normal file
View File

@ -0,0 +1,28 @@
"""Remove root_user_info from Environment
Revision ID: 0039308c6351
Revises: 17da2a475429
Create Date: 2020-02-04 14:37:06.814645
"""
from alembic import op
import sqlalchemy as sa
from sqlalchemy.dialects import postgresql
# revision identifiers, used by Alembic.
revision = '0039308c6351' # pragma: allowlist secret
down_revision = '17da2a475429' # pragma: allowlist secret
branch_labels = None
depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.drop_column('environments', 'root_user_info')
# ### end Alembic commands ###
def downgrade():
# ### commands auto generated by Alembic - please adjust! ###
op.add_column('environments', sa.Column('root_user_info', postgresql.JSONB(astext_type=sa.Text()), autoincrement=False, nullable=True))
# ### end Alembic commands ###

6
atst/domain/environment_roles.py
View File

@ -107,8 +107,10 @@ class EnvironmentRoles(object):
environment_role = EnvironmentRoles.get_by_id(environment_role_id) environment_role = EnvironmentRoles.get_by_id(environment_role_id)
if environment_role.csp_user_id and not environment_role.environment.is_pending: if environment_role.csp_user_id and not environment_role.environment.is_pending:
credentials = environment_role.environment.csp_credentials tenant_id = environment_role.environment.application.portfolio.csp_data.get(
app.csp.cloud.disable_user(credentials, environment_role.csp_user_id) "tenant_id"
)
app.csp.cloud.disable_user(tenant_id, environment_role.csp_user_id)
environment_role.status = EnvironmentRole.Status.DISABLED environment_role.status = EnvironmentRole.Status.DISABLED
db.session.add(environment_role) db.session.add(environment_role)

12
atst/domain/environments.py
View File

@ -130,15 +130,3 @@ class Environments(object):
.all() .all()
) )
return [id_ for id_, in results] return [id_ for id_, in results]
@classmethod
def get_environments_pending_atat_user_creation(cls, now) -> List[UUID]:
"""
Any environment with an active CLIN that has a cloud_id but no `root_user_info`.
"""
results = (
cls.base_provision_query(now)
.filter(Environment.cloud_id != None)
.filter(Environment.root_user_info == None)
).all()
return [id_ for id_, in results]

29
atst/jobs.py
View File

@ -127,20 +127,6 @@ def do_create_environment(csp: CloudProviderInterface, environment_id=None):
db.session.commit() db.session.commit()
def do_create_atat_admin_user(csp: CloudProviderInterface, environment_id=None):
environment = Environments.get(environment_id)
with claim_for_update(environment) as environment:
atat_root_creds = csp.root_creds()
atat_remote_root_user = csp.create_atat_admin_user(
atat_root_creds, environment.cloud_id
)
environment.root_user_info = atat_remote_root_user
db.session.add(environment)
db.session.commit()
def render_email(template_path, context): def render_email(template_path, context):
return app.jinja_env.get_template(template_path).render(context) return app.jinja_env.get_template(template_path).render(context)
@ -180,13 +166,6 @@ def create_environment(self, environment_id=None):
do_work(do_create_environment, self, app.csp.cloud, environment_id=environment_id) do_work(do_create_environment, self, app.csp.cloud, environment_id=environment_id)
@celery.task(bind=True, base=RecordFailure)
def create_atat_admin_user(self, environment_id=None):
do_work(
do_create_atat_admin_user, self, app.csp.cloud, environment_id=environment_id
)
@celery.task(bind=True) @celery.task(bind=True)
def dispatch_provision_portfolio(self): def dispatch_provision_portfolio(self):
""" """
@ -214,11 +193,3 @@ def dispatch_create_environment(self):
pendulum.now() pendulum.now()
): ):
create_environment.delay(environment_id=environment_id) create_environment.delay(environment_id=environment_id)
@celery.task(bind=True)
def dispatch_create_atat_admin_user(self):
for environment_id in Environments.get_environments_pending_atat_user_creation(
pendulum.now()
):
create_atat_admin_user.delay(environment_id=environment_id)

19
atst/models/environment.py
View File

@ -1,11 +1,11 @@
from sqlalchemy import Column, ForeignKey, String, UniqueConstraint
from sqlalchemy.orm import relationship
from sqlalchemy.dialects.postgresql import JSONB
from enum import Enum from enum import Enum
from atst.models.base import Base from sqlalchemy import Column, ForeignKey, String, UniqueConstraint
from sqlalchemy.orm import relationship
import atst.models.mixins as mixins import atst.models.mixins as mixins
import atst.models.types as types import atst.models.types as types
from atst.models.base import Base
class Environment( class Environment(
@ -30,7 +30,6 @@ class Environment(
creator = relationship("User") creator = relationship("User")
cloud_id = Column(String) cloud_id = Column(String)
root_user_info = Column(JSONB(none_as_null=True))
roles = relationship( roles = relationship(
"EnvironmentRole", "EnvironmentRole",
@ -70,7 +69,7 @@ class Environment(
@property @property
def provisioning_status(self) -> ProvisioningStatus: def provisioning_status(self) -> ProvisioningStatus:
if self.cloud_id is None or self.root_user_info is None: if self.cloud_id is None:
return self.ProvisioningStatus.PENDING return self.ProvisioningStatus.PENDING
else: else:
return self.ProvisioningStatus.COMPLETED return self.ProvisioningStatus.COMPLETED
@ -91,11 +90,3 @@ class Environment(
@property @property
def history(self): def history(self):
return self.get_changes() return self.get_changes()
@property
def csp_credentials(self):
return (
self.root_user_info.get("credentials")
if self.root_user_info is not None
else None
)

4
atst/queue.py
View File

@ -19,10 +19,6 @@ def update_celery(celery, app):
"task": "atst.jobs.dispatch_create_environment", "task": "atst.jobs.dispatch_create_environment",
"schedule": 60, "schedule": 60,
}, },
"beat-dispatch_create_atat_admin_user": {
"task": "atst.jobs.dispatch_create_atat_admin_user",
"schedule": 60,
},
"beat-dispatch_create_user": { "beat-dispatch_create_user": {
"task": "atst.jobs.dispatch_create_user", "task": "atst.jobs.dispatch_create_user",
"schedule": 60, "schedule": 60,

6
tests/domain/test_environment_roles.py
View File

@ -99,7 +99,6 @@ def test_disable_checks_env_provisioning_status(session):
assert env_role1.disabled assert env_role1.disabled
environment.cloud_id = "cloud-id" environment.cloud_id = "cloud-id"
environment.root_user_info = {"credentials": "credentials"}
session.add(environment) session.add(environment)
session.commit() session.commit()
session.refresh(environment) session.refresh(environment)
@ -111,9 +110,8 @@ def test_disable_checks_env_provisioning_status(session):
def test_disable_checks_env_role_provisioning_status(): def test_disable_checks_env_role_provisioning_status():
environment = EnvironmentFactory.create( environment = EnvironmentFactory.create(cloud_id="cloud-id")
cloud_id="cloud-id", root_user_info={"credentials": "credentials"} environment.application.portfolio.csp_data = {"tenant_id": uuid4().hex}
)
env_role1 = EnvironmentRoleFactory.create(environment=environment) env_role1 = EnvironmentRoleFactory.create(environment=environment)
assert not env_role1.csp_user_id assert not env_role1.csp_user_id
env_role1 = EnvironmentRoles.disable(env_role1.id) env_role1 = EnvironmentRoles.disable(env_role1.id)

28
tests/domain/test_environments.py
View File

@ -185,31 +185,3 @@ class TestGetEnvironmentsPendingCreate(EnvQueryTest):
app_data={"cloud_id": uuid4().hex}, app_data={"cloud_id": uuid4().hex},
) )
assert len(Environments.get_environments_pending_creation(self.NOW)) == 0 assert len(Environments.get_environments_pending_creation(self.NOW)) == 0
class TestGetEnvironmentsPendingAtatUserCreation(EnvQueryTest):
def test_with_provisioned_environment(self):
self.create_portfolio_with_clins(
[(self.YESTERDAY, self.TOMORROW)],
{"cloud_id": uuid4().hex, "root_user_info": {}},
)
assert (
len(Environments.get_environments_pending_atat_user_creation(self.NOW)) == 0
)
def test_with_unprovisioned_environment(self):
self.create_portfolio_with_clins(
[(self.YESTERDAY, self.TOMORROW)], app_data={"cloud_id": uuid4().hex},
)
assert (
len(Environments.get_environments_pending_atat_user_creation(self.NOW)) == 0
)
def test_with_unprovisioned_expired_clins_environment(self):
self.create_portfolio_with_clins(
[(self.YESTERDAY, self.YESTERDAY)],
{"cloud_id": uuid4().hex, "root_user_info": None},
)
assert (
len(Environments.get_environments_pending_atat_user_creation(self.NOW)) == 0
)

14
tests/models/test_environments.py
View File

@ -54,18 +54,8 @@ def test_audit_event_for_environment_deletion(session):
@pytest.mark.parametrize( @pytest.mark.parametrize(
"env_data,expected_status", "env_data,expected_status",
[ [
[ [{"cloud_id": None,}, Environment.ProvisioningStatus.PENDING],
{"cloud_id": None, "root_user_info": None}, [{"cloud_id": 1}, Environment.ProvisioningStatus.COMPLETED],
Environment.ProvisioningStatus.PENDING,
],
[
{"cloud_id": 1, "root_user_info": None},
Environment.ProvisioningStatus.PENDING,
],
[
{"cloud_id": 1, "root_user_info": {}},
Environment.ProvisioningStatus.COMPLETED,
],
], ],
) )
def test_environment_provisioning_status(env_data, expected_status): def test_environment_provisioning_status(env_data, expected_status):

39
tests/test_jobs.py
View File

@ -12,14 +12,12 @@ from atst.jobs import (
dispatch_create_environment, dispatch_create_environment,
dispatch_create_application, dispatch_create_application,
dispatch_create_user, dispatch_create_user,
dispatch_create_atat_admin_user,
dispatch_provision_portfolio, dispatch_provision_portfolio,
create_environment, create_environment,
do_create_user, do_create_user,
do_provision_portfolio, do_provision_portfolio,
do_create_environment, do_create_environment,
do_create_application, do_create_application,
do_create_atat_admin_user,
) )
from tests.factories import ( from tests.factories import (
EnvironmentFactory, EnvironmentFactory,
@ -153,14 +151,6 @@ def test_create_user_job(session, csp):
assert app_role.cloud_id assert app_role.cloud_id
def test_create_atat_admin_user(csp, session):
environment = EnvironmentFactory.create(cloud_id="something")
do_create_atat_admin_user(csp, environment.id)
session.refresh(environment)
assert environment.root_user_info
def test_dispatch_create_environment(session, monkeypatch): def test_dispatch_create_environment(session, monkeypatch):
# Given that I have a portfolio with an active CLIN and two environments, # Given that I have a portfolio with an active CLIN and two environments,
# one of which is deleted # one of which is deleted
@ -231,36 +221,9 @@ def test_dispatch_create_user(monkeypatch):
mock.delay.assert_called_once_with(application_role_ids=[app_role.id]) mock.delay.assert_called_once_with(application_role_ids=[app_role.id])
def test_dispatch_create_atat_admin_user(session, monkeypatch):
portfolio = PortfolioFactory.create(
applications=[
{"environments": [{"cloud_id": uuid4().hex, "root_user_info": None}]}
],
task_orders=[
{
"create_clins": [
{
"start_date": pendulum.now().subtract(days=1),
"end_date": pendulum.now().add(days=1),
}
]
}
],
)
mock = Mock()
monkeypatch.setattr("atst.jobs.create_atat_admin_user", mock)
environment = portfolio.applications[0].environments[0]
dispatch_create_atat_admin_user.run()
mock.delay.assert_called_once_with(environment_id=environment.id)
def test_create_environment_no_dupes(session, celery_app, celery_worker): def test_create_environment_no_dupes(session, celery_app, celery_worker):
portfolio = PortfolioFactory.create( portfolio = PortfolioFactory.create(
applications=[ applications=[{"environments": [{"cloud_id": uuid4().hex}]}],
{"environments": [{"cloud_id": uuid4().hex, "root_user_info": {}}]}
],
task_orders=[ task_orders=[
{ {
"create_clins": [ "create_clins": [