Example 1 with AwsIamRolePermissionRecord
use of com.nike.cerberus.record.AwsIamRolePermissionRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionService method grantIamPrincipalPermission.
/**
* Grants a IAM role permission.
*
* @param safeDepositBoxId The safe deposit box id
* @param iamPrincipalPermission The IAM principal permission
* @param user The user making the changes
* @param dateTime The time of the changes
*/
@Transactional
public void grantIamPrincipalPermission(final String safeDepositBoxId, final IamPrincipalPermission iamPrincipalPermission, final String user, final OffsetDateTime dateTime) {
final Optional<AwsIamRoleRecord> possibleIamRoleRecord = awsIamRoleDao.getIamRole(iamPrincipalPermission.getIamPrincipalArn());
final Optional<Role> role = roleService.getRoleById(iamPrincipalPermission.getRoleId());
if (role.isEmpty()) {
throw ApiException.newBuilder().withApiErrors(DefaultApiError.IAM_ROLE_ROLE_ID_INVALID).build();
}
String iamRoleId;
if (possibleIamRoleRecord.isPresent()) {
iamRoleId = possibleIamRoleRecord.get().getId();
} else {
iamRoleId = uuidSupplier.get();
AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord();
awsIamRoleRecord.setId(iamRoleId);
awsIamRoleRecord.setAwsIamRoleArn(iamPrincipalPermission.getIamPrincipalArn());
awsIamRoleRecord.setCreatedBy(user);
awsIamRoleRecord.setLastUpdatedBy(user);
awsIamRoleRecord.setCreatedTs(dateTime);
awsIamRoleRecord.setLastUpdatedTs(dateTime);
awsIamRoleDao.createIamRole(awsIamRoleRecord);
}
AwsIamRolePermissionRecord permissionRecord = new AwsIamRolePermissionRecord();
permissionRecord.setId(uuidSupplier.get());
permissionRecord.setAwsIamRoleId(iamRoleId);
permissionRecord.setRoleId(iamPrincipalPermission.getRoleId());
permissionRecord.setSdboxId(safeDepositBoxId);
permissionRecord.setCreatedBy(user);
permissionRecord.setLastUpdatedBy(user);
permissionRecord.setCreatedTs(dateTime);
permissionRecord.setLastUpdatedTs(dateTime);
awsIamRoleDao.createIamRolePermission(permissionRecord);
}
Also used :
Role(com.nike.cerberus.domain.Role)
AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord)
AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 2 with AwsIamRolePermissionRecord
use of com.nike.cerberus.record.AwsIamRolePermissionRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionServiceTest method testGetIamPrincipalPermissionsWhenIamRoleIsPresent.
@Test
public void testGetIamPrincipalPermissionsWhenIamRoleIsPresent() {
List<AwsIamRolePermissionRecord> awsIamRolePermissionRecords = new ArrayList<>();
AwsIamRolePermissionRecord awsIamRolePermissionRecord = new AwsIamRolePermissionRecord().setId("id").setCreatedBy("createdBy").setLastUpdatedBy("lastUpdatedBy").setRoleId("roleId").setCreatedTs(OffsetDateTime.MAX).setLastUpdatedTs(OffsetDateTime.MAX);
awsIamRolePermissionRecords.add(awsIamRolePermissionRecord);
AwsIamRoleRecord awsIamRoleRecord = new AwsIamRoleRecord().setAwsIamRoleArn("awsIamRoleArn");
Mockito.when(awsIamRoleDao.getIamRolePermissions("boxId")).thenReturn(awsIamRolePermissionRecords);
Mockito.when(awsIamRoleDao.getIamRoleById(Mockito.anyString())).thenReturn(Optional.of(awsIamRoleRecord));
Set<IamPrincipalPermission> boxIds = iamPrincipalPermissionService.getIamPrincipalPermissions("boxId");
Assert.assertTrue(boxIds.size() == 1);
boxIds.forEach(iamPrincipalPermission -> {
Assert.assertEquals("id", iamPrincipalPermission.getId());
Assert.assertEquals("lastUpdatedBy", iamPrincipalPermission.getLastUpdatedBy());
Assert.assertEquals("createdBy", iamPrincipalPermission.getCreatedBy());
Assert.assertEquals("roleId", iamPrincipalPermission.getRoleId());
Assert.assertEquals("awsIamRoleArn", iamPrincipalPermission.getIamPrincipalArn());
Assert.assertEquals(OffsetDateTime.MAX, iamPrincipalPermission.getCreatedTs());
Assert.assertEquals(OffsetDateTime.MAX, iamPrincipalPermission.getLastUpdatedTs());
});
}
Also used :
ArrayList(java.util.ArrayList)
AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord)
AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord)
IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission)
Test(org.junit.Test)
Example 3 with AwsIamRolePermissionRecord
use of com.nike.cerberus.record.AwsIamRolePermissionRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionService method updateIamPrincipalPermission.
/**
* Updates a IAM role permission.
*
* @param safeDepositBoxId The safe deposit box id
* @param iamPrincipalPermission The IAM principal permission
* @param user The user making the changes
* @param dateTime The time of the changes
*/
@Transactional
public void updateIamPrincipalPermission(final String safeDepositBoxId, final IamPrincipalPermission iamPrincipalPermission, final String user, final OffsetDateTime dateTime) {
final Optional<AwsIamRoleRecord> iamRole = awsIamRoleDao.getIamRole(iamPrincipalPermission.getIamPrincipalArn());
if (iamRole.isEmpty()) {
String msg = "Unable to update permissions for IAM role that doesn't exist.";
throw ApiException.newBuilder().withApiErrors(CustomApiError.createCustomApiError(DefaultApiError.ENTITY_NOT_FOUND, msg)).withExceptionMessage(msg).build();
}
AwsIamRolePermissionRecord record = new AwsIamRolePermissionRecord();
record.setSdboxId(safeDepositBoxId);
record.setAwsIamRoleId(iamRole.get().getId());
record.setRoleId(iamPrincipalPermission.getRoleId());
record.setLastUpdatedBy(user);
record.setLastUpdatedTs(dateTime);
awsIamRoleDao.updateIamRolePermission(record);
}
Also used :
AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord)
AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 4 with AwsIamRolePermissionRecord
use of com.nike.cerberus.record.AwsIamRolePermissionRecord in project cerberus by Nike-Inc.
the class IamPrincipalPermissionService method getIamPrincipalPermissions.
public Set<IamPrincipalPermission> getIamPrincipalPermissions(final String safeDepositBoxId) {
final Set<IamPrincipalPermission> iamPrincipalPermissionSet = Sets.newHashSet();
final List<AwsIamRolePermissionRecord> permissionRecords = awsIamRoleDao.getIamRolePermissions(safeDepositBoxId);
permissionRecords.forEach(r -> {
final Optional<AwsIamRoleRecord> iamRoleRecord = awsIamRoleDao.getIamRoleById(r.getAwsIamRoleId());
if (iamRoleRecord.isPresent()) {
final IamPrincipalPermission permission = new IamPrincipalPermission();
permission.setId(r.getId());
permission.setIamPrincipalArn(iamRoleRecord.get().getAwsIamRoleArn());
permission.setRoleId(r.getRoleId());
permission.setCreatedBy(r.getCreatedBy());
permission.setLastUpdatedBy(r.getLastUpdatedBy());
permission.setCreatedTs(r.getCreatedTs());
permission.setLastUpdatedTs(r.getLastUpdatedTs());
iamPrincipalPermissionSet.add(permission);
}
});
return iamPrincipalPermissionSet;
}
Also used :
AwsIamRoleRecord(com.nike.cerberus.record.AwsIamRoleRecord)
AwsIamRolePermissionRecord(com.nike.cerberus.record.AwsIamRolePermissionRecord)
IamPrincipalPermission(com.nike.cerberus.domain.IamPrincipalPermission)
Aggregations
AwsIamRolePermissionRecord (com.nike.cerberus.record.AwsIamRolePermissionRecord)4
AwsIamRoleRecord (com.nike.cerberus.record.AwsIamRoleRecord)4
IamPrincipalPermission (com.nike.cerberus.domain.IamPrincipalPermission)2
Transactional (org.springframework.transaction.annotation.Transactional)2
Role (com.nike.cerberus.domain.Role)1
ArrayList (java.util.ArrayList)1
Test (org.junit.Test)1
