Merge pull request #75 from dod-ccpo/authz-permissions

Authz permissions

tests/conftest.py

@@ -1,14 +1,14 @@
 import pytest
 
 from atst.app import make_app, make_deps, make_config
-from tests.mocks import MockApiClient, MockRequestsClient
+from tests.mocks import MockApiClient, MockRequestsClient, MockAuthzClient
 from atst.sessions import DictSessions
 
 
 @pytest.fixture
 def app():
     TEST_DEPS = {
-        "authz_client": MockApiClient("authz"),
+        "authz_client": MockAuthzClient("authz"),
         "requests_client": MockRequestsClient("requests"),
         "authnid_client": MockApiClient("authnid"),
         "sessions": DictSessions(),

tests/mocks.py

@@ -49,7 +49,7 @@ class MockRequestsClient(MockApiClient):
             "id": "66b8ef71-86d3-48ef-abc2-51bfa1732b6b",
             "creator": "49903ae7-da4a-49bf-a6dc-9dff5d004238",
             "body": {},
-            "status": "incomplete"
+            "status": "incomplete",
         }
         return self._get_response("GET", path, 200, json=json)
 
@@ -61,3 +61,47 @@ class MockRequestsClient(MockApiClient):
             "body": {},
         }
         return self._get_response("POST", path, 202, json=json)
+
+
+class MockAuthzClient(MockApiClient):
+    @tornado.gen.coroutine
+    def post(self, path, **kwargs):
+        json = {
+            "atat_permissions": [
+                "view_original_jedi_request",
+                "review_and_approve_jedi_workspace_request",
+                "modify_atat_role_permissions",
+                "create_csp_role",
+                "delete_csp_role",
+                "deactivate_csp_role",
+                "modify_csp_role_permissions",
+                "view_usage_report",
+                "view_usage_dollars",
+                "add_and_assign_csp_roles",
+                "remove_csp_roles",
+                "request_new_csp_role",
+                "assign_and_unassign_atat_role",
+                "view_assigned_atat_role_configurations",
+                "view_assigned_csp_role_configurations",
+                "deactivate_workspace",
+                "view_atat_permissions",
+                "transfer_ownership_of_workspace",
+                "add_application_in_workspace",
+                "delete_application_in_workspace",
+                "deactivate_application_in_workspace",
+                "view_application_in_workspace",
+                "rename_application_in_workspace",
+                "add_environment_in_application",
+                "delete_environment_in_application",
+                "deactivate_environment_in_application",
+                "view_environment_in_application",
+                "rename_environment_in_application",
+                "add_tag_to_workspace",
+                "remove_tag_from_workspace",
+            ],
+            "atat_role": "ccpo",
+            "id": "164497f6-c1ea-4f42-a5ef-101da278c012",
+            "username": None,
+            "workspace_roles": [],
+        }
+        return self._get_response("POST", path, 200, json=json)

tests/test_auth.py

@@ -3,7 +3,7 @@ import pytest
 import tornado.web
 import tornado.gen
 
-MOCK_USER = {"user": {"id": "438567dd-25fa-4d83-a8cc-8aa8366cb24a"}}
+MOCK_USER = {"id": "438567dd-25fa-4d83-a8cc-8aa8366cb24a"}
 @tornado.gen.coroutine
 def _fetch_user_info(c, t):
     return MOCK_USER
@@ -76,3 +76,6 @@ def test_valid_login_creates_session(app, monkeypatch, http_client, base_url):
         raise_error=False,
     )
     assert len(app.sessions.sessions) == 1
+    session = list(app.sessions.sessions.values())[0]
+    assert "atat_permissions" in session["user"]
+    assert isinstance(session["user"]["atat_permissions"], list)