diff --git a/controlpanel/api/cluster.py b/controlpanel/api/cluster.py index 76855baf5..1a1df2459 100644 --- a/controlpanel/api/cluster.py +++ b/controlpanel/api/cluster.py @@ -508,6 +508,8 @@ def create_iam_role(self): assume_role_policy = deepcopy(BASE_ASSUME_ROLE_POLICY) assume_role_policy["Statement"].append(self.oidc_provider_statement) self.aws_role_service.create_role(self.iam_role_name, assume_role_policy) + for env in self.get_deployment_envs(): + self._create_secrets(env_name=env) def grant_bucket_access(self, bucket_arn, access_level, path_arns): self.aws_role_service.grant_bucket_access( diff --git a/controlpanel/api/tasks/handlers/app.py b/controlpanel/api/tasks/handlers/app.py index accc6d68b..0b9d05f8d 100644 --- a/controlpanel/api/tasks/handlers/app.py +++ b/controlpanel/api/tasks/handlers/app.py @@ -28,5 +28,6 @@ class CreateAppAWSRole(BaseModelTaskHandler): name = "create_app_aws_role" def handle(self): - cluster.App(self.object).create_iam_role() + task_user = User.objects.filter(pk=self.task_user_pk).first() + cluster.App(self.object, task_user.github_api_token).create_iam_role() self.complete() diff --git a/tests/api/cluster/test_app.py b/tests/api/cluster/test_app.py index 8fc8662fb..c9b4c6e48 100644 --- a/tests/api/cluster/test_app.py +++ b/tests/api/cluster/test_app.py @@ -1,10 +1,9 @@ # Standard library from copy import deepcopy -from unittest.mock import MagicMock, patch +from unittest.mock import MagicMock, patch, call # Third-party import pytest -from django.conf import settings # First-party/Local from controlpanel.api import cluster, models @@ -13,7 +12,11 @@ @pytest.fixture def app(): - return models.App(slug="test-app", repo_url="https://gitpub.example.com/test-repo", namespace="test-namespace") + return models.App( + slug="test-app", + repo_url="https://gitpub.example.com/test-repo", + namespace="test-namespace", + ) @pytest.fixture @@ -77,13 +80,22 @@ def test_oidc_provider_statement(app, oidc_provider_statement): assert cluster.App(app).oidc_provider_statement == oidc_provider_statement -def test_app_create_iam_role(aws_create_role, app, oidc_provider_statement): +@patch("controlpanel.api.cluster.App.get_deployment_envs") +@patch("controlpanel.api.cluster.App._create_secrets") +def test_app_create_iam_role( + _create_secrets, get_deployment_envs, aws_create_role, app, oidc_provider_statement +): expected_assume_role = deepcopy(BASE_ASSUME_ROLE_POLICY) expected_assume_role["Statement"].append(oidc_provider_statement) + get_deployment_envs.return_value = ["dev", "prod"] cluster.App(app).create_iam_role() aws_create_role.assert_called_with(app.iam_role_name, expected_assume_role) + _create_secrets.assert_has_calls([ + call(env_name="dev"), + call(env_name="prod"), + ]) @pytest.fixture # noqa: F405 diff --git a/tests/api/tasks/test_create_app_aws_role.py b/tests/api/tasks/test_create_app_aws_role.py index a882a9845..b377323fa 100644 --- a/tests/api/tasks/test_create_app_aws_role.py +++ b/tests/api/tasks/test_create_app_aws_role.py @@ -1,5 +1,5 @@ # Standard library -from unittest.mock import patch +from unittest.mock import patch, MagicMock # Third-party import pytest @@ -25,6 +25,7 @@ def test_cluster_not_called_without_valid_app(cluster, complete, users): @pytest.mark.django_db +@patch("controlpanel.api.auth0.ExtendedAuth0", new=MagicMock()) @patch("controlpanel.api.tasks.handlers.base.BaseModelTaskHandler.complete") @patch("controlpanel.api.tasks.handlers.app.cluster") def test_valid_app_and_user(cluster, complete, users): @@ -32,6 +33,6 @@ def test_valid_app_and_user(cluster, complete, users): create_app_aws_role(app.pk, users["superuser"].pk) - cluster.App.assert_called_once_with(app) + cluster.App.assert_called_once_with(app, users["superuser"].github_api_token) cluster.App.return_value.create_iam_role.assert_called_once() complete.assert_called_once()