SQLAlchemy query for finding ApplicationRoles ready for provisioning.

This adds a query method to return the IDs of the application roles that should be provisioned as users in Azure. We will provision one Azure Active Directory user per ATAT user in a portfolio, meaning that one AAD user might correspond to multiple application roles under a single portfolio. The query method returns IDs in a nested list grouped by portfolio and user because of this. add method for getting app roles that are pending creation update application_roles query to group by portfolio check for user existing and role status correct when filtering ApplicationRole for creation
2020-02-01 11:39:48 -05:00
parent 4511630787
commit 1b45502fe5
2 changed files with 98 additions and 1 deletions
--- a/tests/domain/test_application_roles.py
+++ b/tests/domain/test_application_roles.py
@@ -86,3 +86,70 @@ def test_disable(session):
    session.refresh(environment_role)
    assert member_role.status == ApplicationRoleStatus.DISABLED
    assert environment_role.deleted
+
+
+def test_get_pending_creation():
+
+    # ready Applications belonging to the same Portfolio
+    portfolio_one = PortfolioFactory.create()
+    ready_app = ApplicationFactory.create(cloud_id="123", portfolio=portfolio_one)
+    ready_app2 = ApplicationFactory.create(cloud_id="321", portfolio=portfolio_one)
+
+    # ready Application belonging to a new Portfolio
+    ready_app3 = ApplicationFactory.create(cloud_id="567")
+    unready_app = ApplicationFactory.create()
+
+    # two distinct Users
+    user_one = UserFactory.create()
+    user_two = UserFactory.create()
+
+    # Two ApplicationRoles belonging to the same User and
+    # different Applications. These should sort together because
+    # they are all under the same portfolio (portfolio_one).
+    role_one = ApplicationRoleFactory.create(
+        user=user_one, application=ready_app, status=ApplicationRoleStatus.ACTIVE
+    )
+    role_two = ApplicationRoleFactory.create(
+        user=user_one, application=ready_app2, status=ApplicationRoleStatus.ACTIVE
+    )
+
+    # An ApplicationRole belonging to a different User. This will
+    # be included but sort separately because it belongs to a
+    # different user.
+    role_three = ApplicationRoleFactory.create(
+        user=user_two, application=ready_app, status=ApplicationRoleStatus.ACTIVE
+    )
+
+    # An ApplicationRole belonging to one of the existing users
+    # but under a different portfolio. It will sort separately.
+    role_four = ApplicationRoleFactory.create(
+        user=user_one, application=ready_app3, status=ApplicationRoleStatus.ACTIVE
+    )
+
+    # This ApplicationRole will not be in the results because its
+    # application is not ready (implicitly, its cloud_id is not
+    # set.)
+    ApplicationRoleFactory.create(
+        user=UserFactory.create(),
+        application=unready_app,
+        status=ApplicationRoleStatus.ACTIVE,
+    )
+
+    # This ApplicationRole will not be in the results because it
+    # does not have a user associated.
+    ApplicationRoleFactory.create(
+        user=None, application=ready_app, status=ApplicationRoleStatus.ACTIVE,
+    )
+
+    # This ApplicationRole will not be in the results because its
+    # status is not ACTIVE.
+    ApplicationRoleFactory.create(
+        user=UserFactory.create(),
+        application=unready_app,
+        status=ApplicationRoleStatus.DISABLED,
+    )
+
+    app_ids = ApplicationRoles.get_pending_creation()
+    expected_ids = [[role_one.id, role_two.id], [role_three.id], [role_four.id]]
+    # Sort them to produce the same order.
+    assert sorted(app_ids) == sorted(expected_ids)