Examples with GatekeeperUserEntry org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry used on opensource projects

Example 1 with GatekeeperUserEntry

use of org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry in project Gatekeeper by FINRAOS.

the class GatekeeperOpenLDAPAuthorizationService method loadUser.

protected GatekeeperUserEntry loadUser(String userName) {
    logger.info("Loading info for " + userName);
    LdapQuery query = LdapQueryBuilder.query().base(ldapProperties.getUsersBase()).countLimit(1).searchScope(SearchScope.SUBTREE).attributes(ldapUserId, ldapUserDn, ldapUserEmail, ldapUserName).where("objectClass").is(ldapObjectClass).and(ldapUserId).is(userName);
    List<GatekeeperUserEntry> subjects = ldapTemplate.search(query, getAttributesMapper());
    if (subjects != null && subjects.size() > 0) {
        return subjects.get(0);
    // check to see if account is test account (only if testUsersBase is provided)
    } else if (ldapProperties.getTestUsersBase() != null) {
        query = LdapQueryBuilder.query().base(ldapProperties.getTestUsersBase()).countLimit(1).searchScope(SearchScope.SUBTREE).attributes(ldapUserId, ldapUserDn, ldapUserEmail, ldapUserName).where("objectCategory").is(ldapObjectClass).and(ldapUserId).is(userName);
        subjects = ldapTemplate.search(query, getAttributesMapper());
        // return null;
        if (subjects != null && subjects.size() > 0) {
            return subjects.get(0);
        }
    }
    return null;
}

Example 2 with GatekeeperUserEntry

use of org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry in project Gatekeeper by FINRAOS.

the class GatekeeperRoleServiceTest method initMocks.

@Before
public void initMocks() {
    when(gatekeeperAuthProperties.getLdap()).thenReturn(new GatekeeperAuthProperties.GatekeeperLdapProperties().setUsersCnAttribute("cn").setUsersIdAttribute("sAMAccountName").setUsersEmailAttribute("mail").setUsersDnAttribute("distinguishedName").setGroupsBase("OU=GROUPS").setUsersBase("OU=Locations").setUsersNameAttribute("name"));
    when(gatekeeperRdsAuthProperties.getDbaGroupsPattern()).thenReturn("COMPANY_([a-zA-Z]+)_DBA");
    when(gatekeeperRdsAuthProperties.getOpsGroupsPattern()).thenReturn("COMPANY_([a-zA-Z]+)_OPS");
    when(gatekeeperRdsAuthProperties.getDevGroupsPattern()).thenReturn("COMPANY_([a-zA-Z]+)_DEV_(DEV|QA|QC|PROD)");
    when(userEntry.getEmail()).thenReturn("userEntry@gk.org");
    when(userEntry.getName()).thenReturn("userName");
    when(userEntry.getUserId()).thenReturn("test");
    when(gatekeeperUserProfile.getName()).thenReturn("userName");
    when(gatekeeperAuthProperties.getApproverGroup()).thenReturn("GK_RDS_APPROVER");
    when(gatekeeperRoleService.getUserProfile()).thenReturn(gatekeeperUserProfile);
    when(gatekeeperAuthorizationService.getUser()).thenReturn(new GatekeeperUserEntry("test", "dn", "userEntry@gk.org", "userName"));
    users = new ArrayList<>();
    users.add(userEntry);
    gatekeeperRoleService = new GatekeeperRoleService(gatekeeperAuthorizationService, gatekeeperAuthProperties, gatekeeperRdsAuthProperties);
}

Example 3 with GatekeeperUserEntry

use of org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry in project Gatekeeper by FINRAOS.

the class AuthController method getRole.

@RequestMapping(value = "/getRole", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public Map<String, Object> getRole() {
    Map<String, Object> result = new HashMap<>();
    GatekeeperUserEntry user = gatekeeperRoleService.getUserProfile();
    result.put("userId", user.getUserId());
    result.put("name", user.getName());
    GatekeeperRdsRole role = gatekeeperRoleService.getRole();
    result.put("email", user.getEmail());
    result.put("approvalThreshold", approvalThreshold.getApprovalPolicy(role));
    result.put("role", role);
    switch(role) {
        case APPROVER:
        case DBA:
            result.put("memberships", gatekeeperRoleService.getDbaMemberships());
            return result;
        default:
            {
                result.put("memberships", gatekeeperRoleService.getDevMemberships());
                return result;
            }
    }
}

Example 4 with GatekeeperUserEntry

use of org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry in project Gatekeeper by FINRAOS.

the class AccessRequestService method storeAccessRequest.

/**
 * Store the Access Request and either grant or require approval. Before the access request is written to the database the users
 * provided will be checked against each DB to make sure that the users can be successfully created.
 *
 * @param request
 * @return AccessRequest - if the user/db check succeeds, Map - if theres any
 * @throws GatekeeperException
 */
public AccessRequestCreationResponse storeAccessRequest(AccessRequestWrapper request) throws GatekeeperException {
    GatekeeperUserEntry requestor = gatekeeperRoleService.getUserProfile();
    Integer maxDays = overridePolicy.getMaxDaysForRequest(gatekeeperRoleService.getRole(), request.getRoles(), request.getAccountSdlc());
    if (request.getDays() > maxDays) {
        throw new GatekeeperException("Days requested (" + request.getDays() + ") exceeded the maximum of " + maxDays + " for roles " + request.getRoles() + " on account with SDLC " + request.getAccountSdlc());
    }
    // throw gk in front of all the user id's
    request.getUsers().forEach(u -> u.setUserId("gk_" + u.getUserId()));
    Account theAccount = accountInformationService.getAccountByAlias(request.getAccount());
    AWSEnvironment environment = new AWSEnvironment(theAccount.getAlias().toUpperCase(), request.getRegion());
    AccessRequest accessRequest = new AccessRequest().setAccount(request.getAccount().toUpperCase()).setAccountSdlc(request.getAccountSdlc()).setRegion(request.getRegion()).setDays(request.getDays()).setRequestorId(requestor.getUserId()).setRequestorName(requestor.getName()).setRequestorEmail(requestor.getEmail()).setUsers(request.getUsers()).setAwsRdsInstances(request.getInstances()).setRequestReason(request.getRequestReason()).setRoles(request.getRoles());
    logger.info("Checking Users associated with this access request");
    Map<String, List<String>> checkResult;
    try {
        checkResult = databaseConnectionService.checkUsersAndDbs(request.getRoles(), request.getUsers(), request.getInstances());
    } catch (Exception e) {
        throw new GatekeeperException("Unable to verify the Users for the provided databases");
    }
    if (!checkResult.isEmpty()) {
        return new AccessRequestCreationResponse(AccessRequestCreationOutcome.NOT_CREATED_USER_ISSUE, checkResult);
    }
    logger.info("Storing Access Request");
    accessRequestRepository.save(accessRequest);
    logger.info("Access Request stored with ID: " + accessRequest.getId());
    // Kick off the activiti workflow
    Map<String, Object> variables = new HashMap<>();
    variables.put("accessRequest", accessRequest);
    runtimeService.startProcessInstanceByKey("gatekeeperAccessRequest", variables);
    // Verify that we started a new process instance
    logger.info("Number of process instances: " + runtimeService.createProcessInstanceQuery().count());
    return new AccessRequestCreationResponse(AccessRequestCreationOutcome.CREATED, accessRequest);
}