diff --git a/front50-core/front50-core.gradle b/front50-core/front50-core.gradle
index 00919eb28..a196e2ee4 100644
--- a/front50-core/front50-core.gradle
+++ b/front50-core/front50-core.gradle
@@ -47,5 +47,6 @@ dependencies {
   // in front50-test to front50-common, but front50-test seems like a better place.
   testImplementation project(":front50-test")
   testImplementation "io.spinnaker.kork:kork-sql-test"
+  testImplementation "com.squareup.retrofit2:retrofit-mock"
 
 }
diff --git a/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ApplicationPermissionsServiceSpec.groovy b/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ApplicationPermissionsServiceSpec.groovy
index 7958a399c..9961bb48b 100644
--- a/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ApplicationPermissionsServiceSpec.groovy
+++ b/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ApplicationPermissionsServiceSpec.groovy
@@ -23,8 +23,7 @@ import com.netflix.spinnaker.front50.config.FiatConfigurationProperties
 import com.netflix.spinnaker.front50.model.application.Application
 import com.netflix.spinnaker.front50.model.application.ApplicationDAO
 import com.netflix.spinnaker.front50.model.application.ApplicationPermissionDAO
-import retrofit2.Call
-import retrofit2.Response
+import retrofit2.mock.Calls
 import spock.lang.Specification
 import spock.lang.Unroll
 
@@ -35,7 +34,6 @@ class ApplicationPermissionsServiceSpec extends Specification {
   def "test application creation will sync roles in fiat"(permission, expectedSyncedRoles) {
     given:
     def fiatService = Mock(FiatService)
-    def syncCall = Mock(Call)
     ApplicationPermissionsService subject = createSubject(
       fiatService,
       Mock(ApplicationPermissionDAO) {
@@ -47,8 +45,7 @@ class ApplicationPermissionsServiceSpec extends Specification {
     subject.createApplicationPermission(permission)
 
     then:
-    1 * fiatService.sync(expectedSyncedRoles) >> syncCall
-    1 * syncCall.execute() >> Response.success(null)
+    1 * fiatService.sync(expectedSyncedRoles) >> Calls.response(null)
 
     where:
     permission                                                  | expectedSyncedRoles
diff --git a/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ServiceAccountsServiceSpec.groovy b/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ServiceAccountsServiceSpec.groovy
index 8f499ebbf..2c4b83596 100644
--- a/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ServiceAccountsServiceSpec.groovy
+++ b/front50-core/src/test/groovy/com/netflix/spinnaker/front50/ServiceAccountsServiceSpec.groovy
@@ -26,17 +26,13 @@ import com.netflix.spinnaker.front50.model.serviceaccount.ServiceAccountDAO
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContext
 import org.springframework.security.core.context.SecurityContextHolder
-import retrofit2.Call
-import retrofit2.Response
+import retrofit2.mock.Calls
 import spock.lang.Specification
 import spock.lang.Subject
 
 class ServiceAccountsServiceSpec extends Specification {
   ServiceAccountDAO serviceAccountDAO = Mock(ServiceAccountDAO)
   FiatService fiatService = Mock(FiatService)
-  Call syncCall = Mock(Call)
-  Call syncSaCall = Mock(Call)
-  Call logoutCall = Mock(Call)
   FiatClientConfigurationProperties fiatClientConfigurationProperties = Mock(FiatClientConfigurationProperties) {
     isEnabled() >> true
   }
@@ -79,8 +75,7 @@ class ServiceAccountsServiceSpec extends Specification {
 
     then:
     1 * fiatPermissionsEvaluator.invalidatePermission(_)
-    1 * fiatService.sync(["test-role"]) >> syncCall
-    1 * syncCall.execute() >> Response.success(null)
+    1 * fiatService.sync(["test-role"]) >> Calls.response(null)
   }
 
   def "deleting multiple service account should call sync once"() {
@@ -106,8 +101,7 @@ class ServiceAccountsServiceSpec extends Specification {
     then:
     1 * serviceAccountDAO.delete("test-svc-acct-1")
     1 * serviceAccountDAO.delete("test-svc-acct-2")
-    1 * fiatService.sync(['test-role-1', 'test-role-2']) >> syncCall
-    1 * syncCall.execute() >> Response.success(null)
+    1 * fiatService.sync(['test-role-1', 'test-role-2']) >> Calls.response(null)
   }
 
   def "unknown managed service accounts should not throw exception"() {
@@ -127,10 +121,8 @@ class ServiceAccountsServiceSpec extends Specification {
     1 * serviceAccountDAO.findById(test1ServiceAccount.id) >> test1ServiceAccount
     1 * serviceAccountDAO.findById(test2ServiceAccount.id) >> { throw new NotFoundException(test2ServiceAccount.id) }
     1 * serviceAccountDAO.delete(test1ServiceAccount.id)
-    1 * fiatService.logoutUser(_) >> logoutCall
-    1 * logoutCall.execute() >> Response.success(null)
-    1 * fiatService.sync(_) >> syncCall
-    1 * syncCall.execute() >> Response.success(1L)
+    1 * fiatService.logoutUser(_) >> Calls.response(null)
+    1 * fiatService.sync(_) >> Calls.response(1L)
     0 * serviceAccountDAO.delete(test2ServiceAccount.id)
   }
 
@@ -157,8 +149,7 @@ class ServiceAccountsServiceSpec extends Specification {
 
     then:
     1 * fiatPermissionsEvaluator.invalidatePermission(_)
-    1 * fiatService.syncServiceAccount("test-svc-acct", ["test-role"]) >> syncSaCall
-    1 * syncSaCall.execute() >> Response.success(1L)
+    1 * fiatService.syncServiceAccount("test-svc-acct", ["test-role"]) >> Calls.response(1L)
     0 * fiatService.sync(["test-role"])
   }
 }