Examples with EnvironmentAccessRights - com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights

Example 6 with EnvironmentAccessRights

use of com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights in project cloudbreak by hortonworks.

the class ActorHandler method handleActor.

public void handleActor(EnvironmentAccessRights environmentAccessRights, FmsUser fmsUser, String actorCrn, Supplier<Collection<String>> groupCrnMembershipSupplier, Supplier<Collection<String>> wagMembershipSupplier, Supplier<WorkloadCredential> workloadCredentialSupplier, List<UserManagementProto.CloudIdentity> cloudIdentityList) {
    if (environmentAccessRights.hasEnvironmentAccessRight()) {
        String workloadUsername = fmsUser.getName();
        // Retrieve all information from UMS before modifying to the UmsUsersState or UsersState. This is so that
        // we don't partially modify the state if the member has been deleted after we started the sync
        Collection<String> groupCrnsForMember = groupCrnMembershipSupplier.get();
        Collection<String> workloadAdministrationGroupsForMember = wagMembershipSupplier.get();
        WorkloadCredential workloadCredential = workloadCredentialSupplier.get();
        groupCrnsForMember.forEach(gcrn -> {
            FmsGroup group = crnToFmsGroup.get(gcrn);
            // the group and group membership will be updated on the next sync
            if (group != null) {
                usersStateBuilder.addMemberToGroup(group.getName(), workloadUsername);
            } else {
                LOGGER.warn("{} is a member of unexpected group {}. Group must have been added after UMS state calculation started", workloadUsername, gcrn);
            }
        });
        workloadAdministrationGroupsForMember.stream().filter(wagName -> !wagNamesForOtherEnvironments.contains(wagName)).forEach(wagName -> {
            usersStateBuilder.addGroup(fmsGroupConverter.nameToGroup(wagName));
            usersStateBuilder.addMemberToGroup(wagName, workloadUsername);
        });
        addMemberToInternalTrackingGroup(usersStateBuilder, workloadUsername);
        if (environmentAccessRights.hasAdminFreeIpaRight()) {
            usersStateBuilder.addMemberToGroup(UserSyncConstants.ADMINS_GROUP, workloadUsername);
        }
        umsUsersStateBuilder.addWorkloadCredentials(workloadUsername, workloadCredential);
        umsUsersStateBuilder.addUserCloudIdentities(workloadUsername, cloudIdentityList);
        usersStateBuilder.addUserMetadata(workloadUsername, new UserMetadata(actorCrn, workloadCredential.getVersion()));
        usersStateBuilder.addUser(fmsUser);
    }
}

Also used : FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup) UmsUsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState) Logger(org.slf4j.Logger) Collection(java.util.Collection) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential) LoggerFactory(org.slf4j.LoggerFactory) Set(java.util.Set) FmsGroupConverter(com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsGroupConverter) FmsUser(com.sequenceiq.freeipa.service.freeipa.user.model.FmsUser) Supplier(java.util.function.Supplier) List(java.util.List) UserManagementProto(com.cloudera.thunderhead.service.usermanagement.UserManagementProto) Map(java.util.Map) Objects.requireNonNull(java.util.Objects.requireNonNull) UsersState(com.sequenceiq.freeipa.service.freeipa.user.model.UsersState) UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata) EnvironmentAccessRights(com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights) UserSyncConstants(com.sequenceiq.freeipa.service.freeipa.user.UserSyncConstants) FmsGroup(com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup) UserMetadata(com.sequenceiq.freeipa.service.freeipa.user.model.UserMetadata) WorkloadCredential(com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)

Aggregations

EnvironmentAccessRights (com.sequenceiq.freeipa.service.freeipa.user.model.EnvironmentAccessRights)6 Optional (java.util.Optional)4 UserManagementProto (com.cloudera.thunderhead.service.usermanagement.UserManagementProto)3 FmsGroup (com.sequenceiq.freeipa.service.freeipa.user.model.FmsGroup)3 UmsUsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UmsUsersState)3 UsersState (com.sequenceiq.freeipa.service.freeipa.user.model.UsersState)3 WorkloadCredential (com.sequenceiq.freeipa.service.freeipa.user.model.WorkloadCredential)3 StatusRuntimeException (io.grpc.StatusRuntimeException)3 Collection (java.util.Collection)3 List (java.util.List)3 Map (java.util.Map)3 Set (java.util.Set)3 Supplier (java.util.function.Supplier)3 Maps (com.google.common.collect.Maps)2 GrpcUmsClient (com.sequenceiq.cloudbreak.auth.altus.GrpcUmsClient)2 FmsUserConverter (com.sequenceiq.freeipa.service.freeipa.user.conversion.FmsUserConverter)2 Collectors (java.util.stream.Collectors)2 IntStream (java.util.stream.IntStream)2 Inject (javax.inject.Inject)2 Test (org.junit.jupiter.api.Test)2