pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
atst/tests/domain/test_application_roles.py
dandds 1b45502fe5 SQLAlchemy query for finding ApplicationRoles ready for provisioning. 
This adds a query method to return the IDs of the application roles that
should be provisioned as users in Azure. We will provision one Azure
Active Directory user per ATAT user in a portfolio, meaning that one AAD
user might correspond to multiple application roles under a single
portfolio. The query method returns IDs in a nested list grouped by
portfolio and user because of this.

add method for getting app roles that are pending creation

update application_roles query to group by portfolio

check for user existing and role status correct when filtering ApplicationRole for creation
2020-02-02 14:03:17 -05:00

156 lines
5.4 KiB
Python
Raw Blame History

import pytest
from atst.domain.application_roles import ApplicationRoles
from atst.domain.environment_roles import EnvironmentRoles
from atst.domain.exceptions import NotFoundError
from atst.domain.permission_sets import PermissionSets
from atst.models import ApplicationRoleStatus
from tests.factories import *
def test_create_application_role():
application = ApplicationFactory.create()
user = UserFactory.create()
application_role = ApplicationRoles.create(
application=application,
user=user,
permission_set_names=[PermissionSets.EDIT_APPLICATION_TEAM],
)
assert application_role.permission_sets == PermissionSets.get_many(
[PermissionSets.EDIT_APPLICATION_TEAM, PermissionSets.VIEW_APPLICATION]
)
assert application_role.application == application
assert application_role.user == user
def test_enabled_application_role():
application = ApplicationFactory.create()
user = UserFactory.create()
app_role = ApplicationRoleFactory.create(
application=application, user=user, status=ApplicationRoleStatus.DISABLED
)
assert app_role.status == ApplicationRoleStatus.DISABLED
ApplicationRoles.enable(app_role, app_role.user)
assert app_role.status == ApplicationRoleStatus.ACTIVE
def test_get():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=application)
assert ApplicationRoles.get(user.id, application.id)
assert app_role.application == application
assert app_role.user == user
def test_get_handles_invalid_id():
user = UserFactory.create()
application = ApplicationFactory.create()
with pytest.raises(NotFoundError):
ApplicationRoles.get(user.id, application.id)
def test_get_by_id():
user = UserFactory.create()
application = ApplicationFactory.create()
app_role = ApplicationRoleFactory.create(user=user, application=application)
assert ApplicationRoles.get_by_id(app_role.id) == app_role
app_role.status = ApplicationRoleStatus.DISABLED
with pytest.raises(NotFoundError):
ApplicationRoles.get_by_id(app_role.id)
def test_disable(session):
application = ApplicationFactory.create()
user = UserFactory.create()
member_role = ApplicationRoleFactory.create(
application=application, user=user, status=ApplicationRoleStatus.ACTIVE
)
environment = EnvironmentFactory.create(application=application)
environment_role = EnvironmentRoleFactory.create(
application_role=member_role, environment=environment
)
assert member_role.status == ApplicationRoleStatus.ACTIVE
ApplicationRoles.disable(member_role)
session.refresh(member_role)
session.refresh(environment_role)
assert member_role.status == ApplicationRoleStatus.DISABLED
assert environment_role.deleted
def test_get_pending_creation():
# ready Applications belonging to the same Portfolio
portfolio_one = PortfolioFactory.create()
ready_app = ApplicationFactory.create(cloud_id="123", portfolio=portfolio_one)
ready_app2 = ApplicationFactory.create(cloud_id="321", portfolio=portfolio_one)
# ready Application belonging to a new Portfolio
ready_app3 = ApplicationFactory.create(cloud_id="567")
unready_app = ApplicationFactory.create()
# two distinct Users
user_one = UserFactory.create()
user_two = UserFactory.create()
# Two ApplicationRoles belonging to the same User and
# different Applications. These should sort together because
# they are all under the same portfolio (portfolio_one).
role_one = ApplicationRoleFactory.create(
user=user_one, application=ready_app, status=ApplicationRoleStatus.ACTIVE
)
role_two = ApplicationRoleFactory.create(
user=user_one, application=ready_app2, status=ApplicationRoleStatus.ACTIVE
)
# An ApplicationRole belonging to a different User. This will
# be included but sort separately because it belongs to a
# different user.
role_three = ApplicationRoleFactory.create(
user=user_two, application=ready_app, status=ApplicationRoleStatus.ACTIVE
)
# An ApplicationRole belonging to one of the existing users
# but under a different portfolio. It will sort separately.
role_four = ApplicationRoleFactory.create(
user=user_one, application=ready_app3, status=ApplicationRoleStatus.ACTIVE
)
# This ApplicationRole will not be in the results because its
# application is not ready (implicitly, its cloud_id is not
# set.)
ApplicationRoleFactory.create(
user=UserFactory.create(),
application=unready_app,
status=ApplicationRoleStatus.ACTIVE,
)
# This ApplicationRole will not be in the results because it
# does not have a user associated.
ApplicationRoleFactory.create(
user=None, application=ready_app, status=ApplicationRoleStatus.ACTIVE,
)
# This ApplicationRole will not be in the results because its
# status is not ACTIVE.
ApplicationRoleFactory.create(
user=UserFactory.create(),
application=unready_app,
status=ApplicationRoleStatus.DISABLED,
)
app_ids = ApplicationRoles.get_pending_creation()
expected_ids = [[role_one.id, role_two.id], [role_three.id], [role_four.id]]
# Sort them to produce the same order.
assert sorted(app_ids) == sorted(expected_ids)
Reference in New Issue View Git Blame Copy Permalink