Adds a method to `azure_cloud_provider` to query the Cost Management API
for usage data per invoice. For now, this query is relatively static.
We're always calling the API at the billing invoice section scope,
with the widest timeframe possible (one year), and with the same
requested dataset. As the scope of the application's reporting needs
changes, this function may change to be more general and/or revert back
to the SDK.
The query to find portfolios that are pending provisioning is updated to
check for:
- a period of performance that has started
- a portfolio state machine that has an UNSTARTED or one of the CREATED
states
I left several TODOs to ensure that the orchestration functions
correctly for portfolio.
Like claim_for_update, the claim_many_for_update claims resources with
an expiring lock. This was written to allow the updating of multiple
application roles with a single cloud_id, since multiple application
roles will map to a single Azure Active Directory user.
This adds a query method to return the IDs of the application roles that
should be provisioned as users in Azure. We will provision one Azure
Active Directory user per ATAT user in a portfolio, meaning that one AAD
user might correspond to multiple application roles under a single
portfolio. The query method returns IDs in a nested list grouped by
portfolio and user because of this.
add method for getting app roles that are pending creation
update application_roles query to group by portfolio
check for user existing and role status correct when filtering ApplicationRole for creation
Renames Python classes that refer to Upload to something to FileService.
We added this change because these classes now handle downloading as
well as uploading.
Currently the create call will be consumed by on-demand requests from the frontend, and the 2 stage create will be used by the enviroment management group provisioning to verify an initial subscription was created.
In some functions, we redirect a user based on a parameter in a query
string. This commit adds a function that checks to see if a given url
matches a url pattern of a view function. This will help us ensure that
the url passed as the next parameter isn't malicious.
The tenant ID should be hashed and used as the key for the JSON blob of
relevant creds for any given tenant. Azure CSP interface methods that
need to source creds should call the internal `_source_creds` method,
either with a `tenant_id` or no parameters. That method will source the
creds. If a tenant ID is provided, it will source them from the Key
Vault. If not provided, it will return the default creds for the app
registration in the home tenant.
- Fixes LGTM warnings for an unused import and equality comparisons to
None in SQLAlchemy filters.
- Removes part of a unit test asserting that the claimed_until locking
mechanism works correctly. If I recall correctly, this does not work
in unit tests because the test takes place inside a transaction, and
the database provider does evaluate the current time until the
transaction is written.
Having `get_stage_csp_class` in the csp module meant that any file that interacted with that import path would throw an error in a REPL. This will allow importing of the Azure and Mock providers for interactive dev.
