uc-cdis · Avantol13 · May 20, 2019 · Apr 1, 2019 · Apr 2, 2019 · Apr 2, 2019
diff --git a/fence/rbac/client.py b/fence/rbac/client.py
@@ -72,6 +72,7 @@ def __init__(self, logger=None, arborist_base_url="http://arborist-service/"):
         self._policy_url = self._base_url + "/policy/"
         self._resource_url = self._base_url + "/resource"
         self._role_url = self._base_url + "/role/"
+        self._user_url = self._base_url + "/user"
 
     def healthy(self):
         """
@@ -137,6 +138,14 @@ def get_resource(self, resource_path):
             return None
         return response.json()
 
+    @_arborist_retry()
+    def list_policies_for_user(self, username):
+        """
+        Args:
+            username (str)
+        """
+        response = _request_get_json(requests.get(self._user_url + "/" + username))
+
     @_arborist_retry()
     def list_policies(self):
         """

diff --git a/fence/resources/openid/idp_oauth2.py b/fence/resources/openid/idp_oauth2.py
@@ -72,7 +72,6 @@ def get_value_from_discovery_doc(self, key, default_value):
         Given a key return a value by the recommended method of
         using their discovery url.
         """
-
         return_value = default_value
 
         if self.discovery_doc.status_code == requests.codes.ok:
@@ -120,4 +119,4 @@ def get_user_id(self, code):
         Must implement in inheriting class. Should return dictionary with "email" field
         for successfully logged in user OR "error" field with details of the error.
         """
-        raise NotImplementedError()
+        raise NotImplementedError()
diff --git a/fence/resources/user/__init__.py b/fence/resources/user/__init__.py
@@ -83,6 +83,10 @@ def get_user_info(current_session, username):
         "message": "",
     }
 
+    if hasattr(flask.current_app, "arborist"):
+        policies = flask.current_app.arborist.list_policies_for_user(user.username)
+        info["policies"] = policies
+
     if user.tags is not None and len(user.tags) > 0:
         info["tags"] = {tag.key: tag.value for tag in user.tags}
 

diff --git a/tests/admin/test_admin_groups.py b/tests/admin/test_admin_groups.py
@@ -97,8 +97,9 @@ def test_add_project_to_group_updates_users(db_session, awg_users, awg_groups):
 
 
 def test_delete_group_updates_user_projects(
-    db_session, awg_users, awg_groups, oauth_client
+    db_session, awg_users, awg_groups, oauth_client, mock_arborist_requests
 ):
+    mock_arborist_requests()
     user = db_session.query(User).filter_by(username="awg_user").first()
     user_projects = {
         db_session.query(Project).filter_by(id=item.project_id).first().name
@@ -150,8 +151,9 @@ def test_remove_project_from_group(db_session, awg_groups):
 
 
 def test_remove_project_from_group_updates_user(
-    db_session, awg_users, awg_groups, oauth_client
+    db_session, awg_users, awg_groups, oauth_client, mock_arborist_requests
 ):
+    mock_arborist_requests()
     user = db_session.query(User).filter_by(username="awg_user").first()
     user_projects = {
         db_session.query(Project).filter_by(id=item.project_id).first().name

diff --git a/tests/admin/test_admin_users.py b/tests/admin/test_admin_users.py
@@ -1,9 +1,15 @@
+import pytest
+
 import fence.resources.admin as adm
 from fence.models import User, AccessPrivilege, Project, UserToGroup, Group
-import pytest
 from fence.errors import NotFound, UserError
 
 
+@pytest.fixture(autouse=True)
+def mock_arborist(mock_arborist_requests):
+    mock_arborist_requests()
+
+
 def test_get_user(db_session, awg_users):
     info = adm.get_user_info(db_session, "awg_user")
     assert info["name"] == "awg_user"

diff --git a/tests/admin/test_admin_users_endpoints.py b/tests/admin/test_admin_users_endpoints.py
@@ -37,6 +37,11 @@ def encoded_admin_jwt(kid, rsa_private_key):
     return jwt.encode(claims, key=rsa_private_key, headers=headers, algorithm="RS256")
 
 
+@pytest.fixture(autouse=True)
+def mock_arborist(mock_arborist_requests):
+    mock_arborist_requests()
+
+
 # GET /users/<username> tests
 
 

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -180,8 +180,9 @@ def kid_2():
     return "test-keypair-2"
 
 
-@pytest.fixture(scope="session")
+@pytest.fixture(scope="function")
 def mock_arborist_requests(request):
+
     def do_patch(urls_to_responses=None):
         urls_to_responses = urls_to_responses or {}
         defaults = {"arborist/health": {"GET": ("", 200)}}
@@ -221,7 +222,7 @@ def response(url):
 
 
 @pytest.fixture(scope="session")
-def app(kid, rsa_private_key, rsa_public_key, mock_arborist_requests):
+def app(kid, rsa_private_key, rsa_public_key):
     """
     Flask application fixture.
     """

diff --git a/tests/oidc/core/user_info/test_userinfo.py b/tests/oidc/core/user_info/test_userinfo.py
@@ -1,8 +1,16 @@
 """ test /user endpoint and UserInfo Requests/Response"""
 import json
+
+import pytest
+
 from fence.models import UserGoogleAccount
 
 
+@pytest.fixture(autouse=True)
+def mock_arborist(mock_arborist_requests):
+    mock_arborist_requests()
+
+
 def test_userinfo_standard_claims_get(client, encoded_creds_jwt):
 
     encoded_credentials_jwt = encoded_creds_jwt["jwt"]

diff --git a/tests/scripting/test_fence-create.py b/tests/scripting/test_fence-create.py
@@ -44,6 +44,11 @@
 ROOT_DIR = "./"
 
 
+@pytest.fixture(autouse=True)
+def mock_arborist(mock_arborist_requests):
+    mock_arborist_requests()
+
+
 def test_client_delete(app, db_session, cloud_manager, test_user_a):
     """
     Test that the client delete function correctly cleans up the client's

diff --git a/tests/session/test_session.py b/tests/session/test_session.py
@@ -18,6 +18,13 @@
     from mock import patch
     from mock import call
 
+import pytest
+
+
+@pytest.fixture(autouse=True)
+def mock_arborist(mock_arborist_requests):
+    mock_arborist_requests()
+
 
 def test_session_cookie_creation(app):
     # Test that when we don't modify the session, a