Example 1 with Account
use of org.finra.gatekeeper.common.services.account.model.Account in project Gatekeeper by FINRAOS.
the class AwsSessionService method getRoleArn.
private String getRoleArn(String alias) throws GatekeeperException {
Account account = accountInformationService.getAccountByAlias(alias);
if (account == null) {
logger.error("No account found with alias: " + alias);
throw new GatekeeperException("No account found with alias: " + alias);
}
account.getAccountId();
StringBuffer sb = new StringBuffer();
sb.append("arn:aws:iam::");
sb.append(account.getAccountId());
sb.append(":role/");
sb.append(roleToAssume);
return sb.toString();
}
Also used :
Account(org.finra.gatekeeper.common.services.account.model.Account)
GatekeeperException(org.finra.gatekeeper.exception.GatekeeperException)
Example 2 with Account
use of org.finra.gatekeeper.common.services.account.model.Account in project Gatekeeper by FINRAOS.
the class AccessRequestServiceTest method initMocks.
@Before
public void initMocks() {
testDate = new Date();
Integer mockMaximum = 180;
// Setting up the spring values
Map<String, Map<String, Integer>> mockDev = new HashMap<>();
Map<String, Integer> mockDba = new HashMap<>();
mockDba.put("dev", 180);
mockDba.put("qa", 180);
mockDba.put("prod", 180);
mockDev.put("datafix", mockDba);
Region[] regions = new Region[] { new Region("us-east-1") };
Account mockAccount = new Account(1234L, "Dev Test", "dev", "dev-test", Arrays.asList(regions));
when(approvalThreshold.getApprovalPolicy(GatekeeperRdsRole.DEV)).thenReturn(mockDev);
when(approvalThreshold.getApprovalPolicy(GatekeeperRdsRole.OPS)).thenReturn(mockDev);
when(approvalThreshold.getApprovalPolicy(GatekeeperRdsRole.DBA)).thenReturn(mockDev);
when(overridePolicy.getMaxDaysForRequest(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(mockMaximum);
List<AWSRdsDatabase> instances = new ArrayList<>();
when(awsRdsDatabase.getApplication()).thenReturn("TestApplication");
when(awsRdsDatabase.getInstanceId()).thenReturn("testId");
when(awsRdsDatabase.getDbName()).thenReturn("testDbName");
when(awsRdsDatabase.getEndpoint()).thenReturn("testEndpoint");
when(awsRdsDatabase.getEngine()).thenReturn("testEngine");
when(awsRdsDatabase.getStatus()).thenReturn("UP");
instances.add(awsRdsDatabase);
// Owner mock
when(ownerRequest.getAccount()).thenReturn("DEV");
when(ownerRequest.getAwsRdsInstances()).thenReturn(instances);
when(ownerRequest.getDays()).thenReturn(1);
when(ownerRequest.getRequestorId()).thenReturn("owner");
when(ownerRequest.getId()).thenReturn(1L);
when(ownerRequest.getAccountSdlc()).thenReturn("dev");
// Non-owner mock
when(nonOwnerRequest.getAccount()).thenReturn("DEV");
when(nonOwnerRequest.getAwsRdsInstances()).thenReturn(instances);
when(nonOwnerRequest.getDays()).thenReturn(1);
when(nonOwnerRequest.getRequestorId()).thenReturn("non-owner");
when(nonOwnerRequest.getId()).thenReturn(2L);
when(nonOwnerRequest.getAccountSdlc()).thenReturn("dev");
Set<String> ownerMemberships = new HashSet<String>();
ownerMemberships.add("TestApplication");
List<UserRole> roles = new ArrayList<>();
UserRole userRole = new UserRole();
userRole.setRole("datafix");
roles.add(userRole);
when(nonOwnerRequest.getRoles()).thenReturn(roles);
when(ownerRequest.getRoles()).thenReturn(roles);
when(ownerRequestWrapper.getInstances()).thenReturn(instances);
when(ownerRequestWrapper.getDays()).thenReturn(1);
when(ownerRequestWrapper.getRequestorId()).thenReturn("owner");
when(ownerRequestWrapper.getAccount()).thenReturn("testAccount");
when(ownerRequestWrapper.getRegion()).thenReturn("testRegion");
when(ownerRequestWrapper.getAccountSdlc()).thenReturn("dev");
when(userEntry.getUserId()).thenReturn("testUserId");
when(userEntry.getName()).thenReturn("testName");
when(userEntry.getEmail()).thenReturn("testEmail@finra.org");
when(user.getUserId()).thenReturn("testUserId");
List<User> users = new ArrayList<>();
users.add(user);
when(ownerRequestWrapper.getUsers()).thenReturn(users);
when(ownerRequest.getUsers()).thenReturn(users);
when(gatekeeperRoleService.getRole()).thenReturn(GatekeeperRdsRole.DEV);
when(gatekeeperRoleService.getUserProfile()).thenReturn(userEntry);
when(runtimeService.createProcessInstanceQuery()).thenReturn(processInstanceQuery);
when(runtimeService.createProcessInstanceQuery().count()).thenReturn(2L);
// Mocks for getActiveRequest()
when(ownerOneTask.getExecutionId()).thenReturn("ownerOneTask");
when(ownerOneTask.getCreateTime()).thenReturn(new Date(4500000));
when(ownerOneTask.getId()).thenReturn("taskOne");
when(ownerTwoTask.getExecutionId()).thenReturn("ownerTwoTask");
when(ownerTwoTask.getCreateTime()).thenReturn(testDate);
when(ownerTwoTask.getId()).thenReturn("taskTwo");
when(runtimeService.getVariable("ownerOneTask", "accessRequest")).thenReturn(ownerRequest);
when(runtimeService.getVariable("ownerTwoTask", "accessRequest")).thenReturn(nonOwnerRequest);
List<Task> activeTasks = new ArrayList<>();
activeTasks.add(ownerOneTask);
activeTasks.add(ownerTwoTask);
when(taskService.createTaskQuery()).thenReturn(taskQuery);
when(taskService.createTaskQuery().active()).thenReturn(taskQuery);
when(taskService.createTaskQuery().active().list()).thenReturn(activeTasks);
// Mocks for getCompletedRequest()
List<HistoricVariableInstance> taskVars = new ArrayList<>();
when(ownerHistoricVariableInstanceAttempt.getProcessInstanceId()).thenReturn("ownerRequest");
when(ownerHistoricVariableInstanceStatus.getProcessInstanceId()).thenReturn("ownerRequest");
when(ownerHistoricVariableInstanceAccessRequest.getProcessInstanceId()).thenReturn("ownerRequest");
when(nonOwnerHistoricVariableInstanceAttempt.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(nonOwnerHistoricVariableInstanceStatus.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(nonOwnerHistoricVariableInstanceAccessRequest.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(ownerHistoricVariableInstanceAttempt.getValue()).thenReturn(1);
when(ownerHistoricVariableInstanceAttempt.getVariableName()).thenReturn("attempts");
when(ownerHistoricVariableInstanceAttempt.getCreateTime()).thenReturn(new Date(45000));
when(ownerHistoricVariableInstanceStatus.getValue()).thenReturn(RequestStatus.APPROVAL_GRANTED);
when(ownerHistoricVariableInstanceStatus.getVariableName()).thenReturn("requestStatus");
when(ownerHistoricVariableInstanceStatus.getLastUpdatedTime()).thenReturn(new Date(45002));
when(ownerHistoricVariableInstanceAccessRequest.getValue()).thenReturn(ownerRequest);
when(ownerHistoricVariableInstanceAccessRequest.getVariableName()).thenReturn("accessRequest");
when(nonOwnerHistoricVariableInstanceAttempt.getValue()).thenReturn(2);
when(nonOwnerHistoricVariableInstanceAttempt.getVariableName()).thenReturn("attempts");
when(nonOwnerHistoricVariableInstanceAttempt.getCreateTime()).thenReturn(new Date(45002));
when(nonOwnerHistoricVariableInstanceStatus.getValue()).thenReturn(null);
when(nonOwnerHistoricVariableInstanceStatus.getVariableName()).thenReturn("requestStatus");
when(nonOwnerHistoricVariableInstanceStatus.getLastUpdatedTime()).thenReturn(new Date(45003));
when(nonOwnerHistoricVariableInstanceAccessRequest.getValue()).thenReturn(nonOwnerRequest);
when(nonOwnerHistoricVariableInstanceAccessRequest.getVariableName()).thenReturn("accessRequest");
taskVars.add(ownerHistoricVariableInstanceAttempt);
taskVars.add(ownerHistoricVariableInstanceStatus);
taskVars.add(ownerHistoricVariableInstanceAccessRequest);
taskVars.add(nonOwnerHistoricVariableInstanceAttempt);
taskVars.add(nonOwnerHistoricVariableInstanceStatus);
taskVars.add(nonOwnerHistoricVariableInstanceAccessRequest);
when(historyService.createHistoricVariableInstanceQuery()).thenReturn(historicVariableInstanceQuery);
when(historyService.createHistoricVariableInstanceQuery().list()).thenReturn(taskVars);
Map<String, String> statusMap = new HashMap<>();
statusMap.put("testId", "Unknown");
when(accountInformationService.getAccountByAlias(any())).thenReturn(mockAccount);
}
Also used :
Account(org.finra.gatekeeper.common.services.account.model.Account)
Task(org.activiti.engine.task.Task)
Region(org.finra.gatekeeper.common.services.account.model.Region)
HistoricVariableInstance(org.activiti.engine.history.HistoricVariableInstance)
Before(org.junit.Before)
Example 3 with Account
use of org.finra.gatekeeper.common.services.account.model.Account in project Gatekeeper by FINRAOS.
the class AccessRequestServiceTests method initMocks.
@Before
public void initMocks() {
testDate = new Date();
// Setting up the spring values
Map<String, Object> mockValues = new HashMap<>();
Map<String, Integer> mockDev = new HashMap<>();
mockDev.put("dev", 48);
mockDev.put("qa", 48);
mockDev.put("prod", 2);
Map<String, Integer> mockOps = new HashMap<>();
mockOps.put("dev", 48);
mockOps.put("qa", 48);
mockOps.put("prod", 2);
Map<String, Integer> mockSupp = new HashMap<>();
mockSupp.put("dev", 48);
mockSupp.put("qa", 48);
mockSupp.put("prod", 2);
mockValues.put("dev", mockDev);
mockValues.put("ops", mockOps);
mockValues.put("support", mockSupp);
Region[] regions = new Region[] { new Region("us-east-1") };
Account mockAccount = new Account(1234L, "Dev Test", "dev", "dev-test", Arrays.asList(regions));
when(approvalPolicy.getApprovalPolicy(GatekeeperRole.DEV)).thenReturn(mockDev);
when(approvalPolicy.getApprovalPolicy(GatekeeperRole.OPS)).thenReturn(mockOps);
when(approvalPolicy.getApprovalPolicy(GatekeeperRole.SUPPORT)).thenReturn(mockSupp);
List<AWSInstance> instances = new ArrayList<>();
when(awsInstance.getApplication()).thenReturn("TestApp");
when(awsInstance.getInstanceId()).thenReturn("testId");
when(awsInstance.getPlatform()).thenReturn("testPlatform");
instances.add(awsInstance);
// Owner mock
when(ownerRequest.getAccount()).thenReturn("DEV");
when(ownerRequest.getInstances()).thenReturn(instances);
when(ownerRequest.getHours()).thenReturn(1);
when(ownerRequest.getRequestorId()).thenReturn("owner");
when(ownerRequest.getId()).thenReturn(1L);
// Non-owner mock
when(nonOwnerRequest.getAccount()).thenReturn("DEV");
when(nonOwnerRequest.getInstances()).thenReturn(instances);
when(nonOwnerRequest.getHours()).thenReturn(1);
when(nonOwnerRequest.getRequestorId()).thenReturn("non-owner");
when(nonOwnerRequest.getId()).thenReturn(2L);
when(nonOwnerRequest.getPlatform()).thenReturn("testPlatform");
Set<String> ownerMemberships = new HashSet<String>();
ownerMemberships.add("TestApp");
when(ownerRequestWrapper.getInstances()).thenReturn(instances);
when(ownerRequestWrapper.getHours()).thenReturn(1);
when(ownerRequestWrapper.getRequestorId()).thenReturn("owner");
when(ownerRequestWrapper.getAccount()).thenReturn("testAccount");
when(ownerRequestWrapper.getRegion()).thenReturn("testRegion");
when(ownerRequestWrapper.getPlatform()).thenReturn("testPlatform");
when(gatekeeperUserEntry.getUserId()).thenReturn("testUserId");
when(gatekeeperUserEntry.getName()).thenReturn("testName");
when(gatekeeperUserEntry.getEmail()).thenReturn("testEmail@finra.org");
when(user.getUserId()).thenReturn("testUserId");
List<User> users = new ArrayList<>();
users.add(user);
when(ownerRequestWrapper.getUsers()).thenReturn(users);
when(ownerRequest.getUsers()).thenReturn(users);
when(gatekeeperLdapService.getRole()).thenReturn(GatekeeperRole.DEV);
when(gatekeeperLdapService.getMemberships()).thenReturn(ownerMemberships);
when(gatekeeperLdapService.getUserProfile()).thenReturn(gatekeeperUserEntry);
when(runtimeService.createProcessInstanceQuery()).thenReturn(processInstanceQuery);
when(runtimeService.createProcessInstanceQuery().count()).thenReturn(2L);
// Mocks for getActiveRequest()
when(ownerOneTask.getExecutionId()).thenReturn("ownerOneTask");
when(ownerOneTask.getCreateTime()).thenReturn(new Date(4500000));
when(ownerOneTask.getId()).thenReturn("taskOne");
when(ownerTwoTask.getExecutionId()).thenReturn("ownerTwoTask");
when(ownerTwoTask.getCreateTime()).thenReturn(testDate);
when(ownerTwoTask.getId()).thenReturn("taskTwo");
when(runtimeService.getVariable("ownerOneTask", "accessRequest")).thenReturn(ownerRequest);
when(runtimeService.getVariable("ownerTwoTask", "accessRequest")).thenReturn(nonOwnerRequest);
List<Task> activeTasks = new ArrayList<>();
activeTasks.add(ownerOneTask);
activeTasks.add(ownerTwoTask);
when(taskService.createTaskQuery()).thenReturn(taskQuery);
when(taskService.createTaskQuery().active()).thenReturn(taskQuery);
when(taskService.createTaskQuery().active().list()).thenReturn(activeTasks);
// Mocks for getCompletedRequest()
List<HistoricVariableInstance> taskVars = new ArrayList<>();
when(ownerHistoricVariableInstanceAttempt.getProcessInstanceId()).thenReturn("ownerRequest");
when(ownerHistoricVariableInstanceStatus.getProcessInstanceId()).thenReturn("ownerRequest");
when(ownerHistoricVariableInstanceAccessRequest.getProcessInstanceId()).thenReturn("ownerRequest");
when(nonOwnerHistoricVariableInstanceAttempt.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(nonOwnerHistoricVariableInstanceStatus.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(nonOwnerHistoricVariableInstanceAccessRequest.getProcessInstanceId()).thenReturn("nonOwnerRequest");
when(ownerHistoricVariableInstanceAttempt.getValue()).thenReturn(1);
when(ownerHistoricVariableInstanceAttempt.getVariableName()).thenReturn("attempts");
when(ownerHistoricVariableInstanceAttempt.getCreateTime()).thenReturn(new Date(45000));
when(ownerHistoricVariableInstanceStatus.getValue()).thenReturn(RequestStatus.APPROVAL_GRANTED);
when(ownerHistoricVariableInstanceStatus.getVariableName()).thenReturn("requestStatus");
when(ownerHistoricVariableInstanceStatus.getLastUpdatedTime()).thenReturn(new Date(45002));
when(ownerHistoricVariableInstanceAccessRequest.getValue()).thenReturn(ownerRequest);
when(ownerHistoricVariableInstanceAccessRequest.getVariableName()).thenReturn("accessRequest");
when(nonOwnerHistoricVariableInstanceAttempt.getValue()).thenReturn(2);
when(nonOwnerHistoricVariableInstanceAttempt.getVariableName()).thenReturn("attempts");
when(nonOwnerHistoricVariableInstanceAttempt.getCreateTime()).thenReturn(new Date(45002));
when(nonOwnerHistoricVariableInstanceStatus.getValue()).thenReturn(null);
when(nonOwnerHistoricVariableInstanceStatus.getVariableName()).thenReturn("requestStatus");
when(nonOwnerHistoricVariableInstanceStatus.getLastUpdatedTime()).thenReturn(new Date(45003));
when(nonOwnerHistoricVariableInstanceAccessRequest.getValue()).thenReturn(nonOwnerRequest);
when(nonOwnerHistoricVariableInstanceAccessRequest.getVariableName()).thenReturn("accessRequest");
taskVars.add(ownerHistoricVariableInstanceAttempt);
taskVars.add(ownerHistoricVariableInstanceStatus);
taskVars.add(ownerHistoricVariableInstanceAccessRequest);
taskVars.add(nonOwnerHistoricVariableInstanceAttempt);
taskVars.add(nonOwnerHistoricVariableInstanceStatus);
taskVars.add(nonOwnerHistoricVariableInstanceAccessRequest);
when(historyService.createHistoricVariableInstanceQuery()).thenReturn(historicVariableInstanceQuery);
when(historyService.createHistoricVariableInstanceQuery().list()).thenReturn(taskVars);
Map<String, String> statusMap = new HashMap<>();
statusMap.put("testId", "Unknown");
when(ssmService.checkInstancesWithSsm(any(), any())).thenReturn(statusMap);
when(accountInformationService.getAccountByAlias(any())).thenReturn(mockAccount);
}
Also used :
Account(org.finra.gatekeeper.common.services.account.model.Account)
Task(org.activiti.engine.task.Task)
Region(org.finra.gatekeeper.common.services.account.model.Region)
HistoricVariableInstance(org.activiti.engine.history.HistoricVariableInstance)
Before(org.junit.Before)
Example 4 with Account
use of org.finra.gatekeeper.common.services.account.model.Account in project Gatekeeper by FINRAOS.
the class AccessRequestService method isApprovalNeeded.
public boolean isApprovalNeeded(AccessRequest request) throws Exception {
Map<String, Integer> policy = approvalPolicy.getApprovalPolicy(gatekeeperRoleService.getRole());
// We have to associate the policy to the SDLC of the requested account. The name of the account provided by the ui will not always be "dev" "qa" or "prod", but they will need to associate with those SDLC's
Account theAccount = accountInformationService.getAccountByAlias(request.getAccount());
switch(gatekeeperRoleService.getRole()) {
case APPROVER:
return false;
case SUPPORT:
return request.getHours() > policy.get(theAccount.getSdlc().toLowerCase());
case DEV:
case OPS:
return request.getHours() > policy.get(theAccount.getSdlc().toLowerCase()) || !isRequestorOwnerOfInstances(request);
default:
// should NEVER happen.
throw new Exception("Could not determine Role");
}
}
Also used :
Account(org.finra.gatekeeper.common.services.account.model.Account)
GatekeeperException(org.finra.gatekeeper.exception.GatekeeperException)
Example 5 with Account
use of org.finra.gatekeeper.common.services.account.model.Account in project Gatekeeper by FINRAOS.
the class AwsSessionServiceTests method before.
@Before
public void before() {
awsEnvironment = new AWSEnvironment("Dev", "us-west-2");
Mockito.when(gatekeeperAwsProperties.getSessionTimeout()).thenReturn(900000);
Mockito.when(gatekeeperAwsProperties.getSessionTimeoutPad()).thenReturn(60000);
Mockito.when(gatekeeperAwsProperties.getProxyHost()).thenReturn("testproxy");
Mockito.when(gatekeeperAwsProperties.getProxyPort()).thenReturn("100");
List<Region> regions = new ArrayList<>();
Region testRegion1 = new Region();
Region testRegion2 = new Region();
testRegion1.setName("us-west-2");
testRegion2.setName("us-east-1");
regions.add(testRegion1);
regions.add(testRegion2);
Account fakeAccount = new Account();
fakeAccount.setAccountId(123L);
fakeAccount.setAlias("hello");
fakeAccount.setRegions(regions);
fakeAccount.setSdlc("Test");
fakeAccount.setName("Test Account");
AssumeRoleResult fakeRoleResult = new AssumeRoleResult();
// ( ͡° ͜ʖ ͡°)
Credentials fakeFreshCredentials = new Credentials();
fakeFreshCredentials.setAccessKeyId("testing");
fakeFreshCredentials.setSecretAccessKey("s3cr3t");
fakeFreshCredentials.setSessionToken("s35510nt0k3n");
fakeRoleResult.setCredentials(fakeFreshCredentials);
when(accountInformationService.getAccountByAlias("Dev")).thenReturn(fakeAccount);
when(awsSecurityTokenServiceClient.assumeRole(any())).thenReturn(fakeRoleResult);
when(awsSessionFactory.createEc2Session(any())).thenReturn(amazonEC2Client);
when(awsSessionFactory.createSsmSession(any())).thenReturn(awsSimpleSystemsManagementClient);
}
Also used :
Account(org.finra.gatekeeper.common.services.account.model.Account)
ArrayList(java.util.ArrayList)
Region(org.finra.gatekeeper.common.services.account.model.Region)
AssumeRoleResult(com.amazonaws.services.securitytoken.model.AssumeRoleResult)
AWSEnvironment(org.finra.gatekeeper.services.aws.model.AWSEnvironment)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
Before(org.junit.Before)
Aggregations
Account (org.finra.gatekeeper.common.services.account.model.Account)6
Region (org.finra.gatekeeper.common.services.account.model.Region)3
GatekeeperException (org.finra.gatekeeper.exception.GatekeeperException)3
Before (org.junit.Before)3
HistoricVariableInstance (org.activiti.engine.history.HistoricVariableInstance)2
Task (org.activiti.engine.task.Task)2
AWSEnvironment (org.finra.gatekeeper.services.aws.model.AWSEnvironment)2
AssumeRoleResult (com.amazonaws.services.securitytoken.model.AssumeRoleResult)1
Credentials (com.amazonaws.services.securitytoken.model.Credentials)1
ArrayList (java.util.ArrayList)1
GatekeeperUserEntry (org.finra.gatekeeper.common.services.user.model.GatekeeperUserEntry)1
AccessRequestCreationResponse (org.finra.gatekeeper.services.accessrequest.model.response.AccessRequestCreationResponse)1
