d7478e322a
Celery provides a more robust set of queueing options for both tasks and worker processes. Updates include: - infrastructure necessary to run Celery, including celery entrypoint - backgrounded functions are now imported directly from atst.jobs - update tests as-needed - update kubernetes worker pod command
270 lines
9.4 KiB
Python
270 lines
9.4 KiB
Python
import uuid
|
|
from unittest.mock import Mock
|
|
|
|
from flask import url_for
|
|
|
|
from atst.domain.permission_sets import PermissionSets
|
|
from atst.models import CSPRole
|
|
from atst.forms.data import ENV_ROLE_NO_ACCESS as NO_ACCESS
|
|
|
|
from tests.factories import *
|
|
|
|
|
|
def test_application_team(client, user_session):
|
|
portfolio = PortfolioFactory.create()
|
|
application = ApplicationFactory.create(portfolio=portfolio)
|
|
|
|
user_session(portfolio.owner)
|
|
|
|
response = client.get(url_for("applications.team", application_id=application.id))
|
|
assert response.status_code == 200
|
|
|
|
|
|
def test_update_team_permissions(client, user_session):
|
|
application = ApplicationFactory.create()
|
|
owner = application.portfolio.owner
|
|
app_role = ApplicationRoleFactory.create(
|
|
application=application, permission_sets=[]
|
|
)
|
|
user_session(owner)
|
|
response = client.post(
|
|
url_for("applications.update_team", application_id=application.id),
|
|
data={
|
|
"members-0-role_id": app_role.id,
|
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
actual_perms_names = [perm.name for perm in app_role.permission_sets]
|
|
expected_perms_names = [
|
|
PermissionSets.VIEW_APPLICATION,
|
|
PermissionSets.EDIT_APPLICATION_TEAM,
|
|
PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
]
|
|
assert expected_perms_names == actual_perms_names
|
|
|
|
|
|
def test_update_team_with_bad_permission_sets(client, user_session):
|
|
application = ApplicationFactory.create()
|
|
owner = application.portfolio.owner
|
|
app_role = ApplicationRoleFactory.create(
|
|
application=application, permission_sets=[]
|
|
)
|
|
permission_sets = app_role.permission_sets
|
|
|
|
user_session(owner)
|
|
response = client.post(
|
|
url_for("applications.update_team", application_id=application.id),
|
|
data={
|
|
"members-0-role_id": app_role.id,
|
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"members-0-permission_sets-perms_env_mgmt": "some random string",
|
|
},
|
|
)
|
|
assert response.status_code == 400
|
|
assert app_role.permission_sets == permission_sets
|
|
|
|
|
|
def test_update_team_with_non_app_user(client, user_session):
|
|
application = ApplicationFactory.create()
|
|
owner = application.portfolio.owner
|
|
|
|
user_session(owner)
|
|
response = client.post(
|
|
url_for("applications.update_team", application_id=application.id),
|
|
data={
|
|
"members-0-role_id": str(uuid.uuid4()),
|
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 404
|
|
|
|
|
|
def test_update_team_environment_roles(client, user_session):
|
|
application = ApplicationFactory.create()
|
|
owner = application.portfolio.owner
|
|
app_role = ApplicationRoleFactory.create(
|
|
application=application, permission_sets=[]
|
|
)
|
|
environment = EnvironmentFactory.create(application=application)
|
|
env_role = EnvironmentRoleFactory.create(
|
|
application_role=app_role,
|
|
environment=environment,
|
|
role=CSPRole.NETWORK_ADMIN.value,
|
|
)
|
|
user_session(owner)
|
|
response = client.post(
|
|
url_for("applications.update_team", application_id=application.id),
|
|
data={
|
|
"members-0-role_id": app_role.id,
|
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
"members-0-environment_roles-0-environment_id": environment.id,
|
|
"members-0-environment_roles-0-role": CSPRole.TECHNICAL_READ.value,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
assert env_role.role == CSPRole.TECHNICAL_READ.value
|
|
|
|
|
|
def test_update_team_revoke_environment_access(client, user_session, db, session):
|
|
application = ApplicationFactory.create()
|
|
owner = application.portfolio.owner
|
|
user = UserFactory.create()
|
|
app_role = ApplicationRoleFactory.create(
|
|
application=application, user=user, permission_sets=[]
|
|
)
|
|
environment = EnvironmentFactory.create(application=application)
|
|
env_role = EnvironmentRoleFactory.create(
|
|
application_role=app_role,
|
|
environment=environment,
|
|
role=CSPRole.BASIC_ACCESS.value,
|
|
)
|
|
assert user in environment.users
|
|
|
|
user_session(owner)
|
|
response = client.post(
|
|
url_for("applications.update_team", application_id=application.id),
|
|
data={
|
|
"members-0-role_id": app_role.id,
|
|
"members-0-permission_sets-perms_team_mgmt": PermissionSets.EDIT_APPLICATION_TEAM,
|
|
"members-0-permission_sets-perms_env_mgmt": PermissionSets.EDIT_APPLICATION_ENVIRONMENTS,
|
|
"members-0-permission_sets-perms_del_env": PermissionSets.DELETE_APPLICATION_ENVIRONMENTS,
|
|
"members-0-environment_roles-0-environment_id": environment.id,
|
|
"members-0-environment_roles-0-role": NO_ACCESS,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
env_role_exists = db.exists().where(EnvironmentRole.id == env_role.id)
|
|
assert not session.query(env_role_exists).scalar()
|
|
assert user not in environment.users
|
|
|
|
|
|
def test_create_member(monkeypatch, client, user_session, session):
|
|
job_mock = Mock()
|
|
monkeypatch.setattr("atst.jobs.send_mail.delay", job_mock)
|
|
user = UserFactory.create()
|
|
application = ApplicationFactory.create(
|
|
environments=[{"name": "Naboo"}, {"name": "Endor"}]
|
|
)
|
|
env = application.environments[0]
|
|
env_1 = application.environments[1]
|
|
|
|
user_session(application.portfolio.owner)
|
|
|
|
response = client.post(
|
|
url_for("applications.create_member", application_id=application.id),
|
|
data={
|
|
"user_data-first_name": user.first_name,
|
|
"user_data-last_name": user.last_name,
|
|
"user_data-dod_id": user.dod_id,
|
|
"user_data-email": user.email,
|
|
"environment_roles-0-environment_id": env.id,
|
|
"environment_roles-0-role": "Basic Access",
|
|
"environment_roles-0-environment_name": env.name,
|
|
"environment_roles-1-environment_id": env_1.id,
|
|
"environment_roles-1-role": NO_ACCESS,
|
|
"environment_roles-1-environment_name": env_1.name,
|
|
"permission_sets-perms_env_mgmt": True,
|
|
"permission_sets-perms_team_mgmt": True,
|
|
"permission_sets-perms_del_env": True,
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
expected_url = url_for(
|
|
"applications.team",
|
|
application_id=application.id,
|
|
fragment="application-members",
|
|
_anchor="application-members",
|
|
_external=True,
|
|
)
|
|
assert response.location == expected_url
|
|
assert len(application.roles) == 1
|
|
environment_roles = application.roles[0].environment_roles
|
|
assert len(environment_roles) == 1
|
|
assert environment_roles[0].environment == env
|
|
|
|
invitation = (
|
|
session.query(ApplicationInvitation).filter_by(dod_id=user.dod_id).one()
|
|
)
|
|
assert invitation.role.application == application
|
|
|
|
assert job_mock.called
|
|
|
|
|
|
def test_remove_member_success(client, user_session):
|
|
user = UserFactory.create()
|
|
application = ApplicationFactory.create()
|
|
application_role = ApplicationRoleFactory.create(application=application, user=user)
|
|
|
|
user_session(application.portfolio.owner)
|
|
|
|
response = client.post(
|
|
url_for(
|
|
"applications.remove_member",
|
|
application_id=application.id,
|
|
application_role_id=application_role.id,
|
|
)
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
assert response.location == url_for(
|
|
"applications.team",
|
|
_anchor="application-members",
|
|
_external=True,
|
|
application_id=application.id,
|
|
fragment="application-members",
|
|
)
|
|
|
|
|
|
def test_remove_new_member_success(client, user_session):
|
|
application = ApplicationFactory.create()
|
|
application_role = ApplicationRoleFactory.create(application=application, user=None)
|
|
|
|
user_session(application.portfolio.owner)
|
|
|
|
response = client.post(
|
|
url_for(
|
|
"applications.remove_member",
|
|
application_id=application.id,
|
|
application_role_id=application_role.id,
|
|
)
|
|
)
|
|
|
|
assert response.status_code == 302
|
|
assert response.location == url_for(
|
|
"applications.team",
|
|
_anchor="application-members",
|
|
_external=True,
|
|
application_id=application.id,
|
|
fragment="application-members",
|
|
)
|
|
|
|
|
|
def test_remove_member_failure(client, user_session):
|
|
user = UserFactory.create()
|
|
application = ApplicationFactory.create()
|
|
|
|
user_session(application.portfolio.owner)
|
|
|
|
response = client.post(
|
|
url_for(
|
|
"applications.remove_member",
|
|
application_id=application.id,
|
|
application_role_id=uuid.uuid4(),
|
|
)
|
|
)
|
|
|
|
assert response.status_code == 404
|