Examples with AccessRequestCreationResponse org.finra.gatekeeper.services.accessrequest.model.response.AccessRequestCreationResponse used on opensource projects

Example 1 with AccessRequestCreationResponse

use of org.finra.gatekeeper.services.accessrequest.model.response.AccessRequestCreationResponse in project Gatekeeper by FINRAOS.

the class AccessRequestServiceTest method testStoreAccessRequestDaysBeyondMax.

/**
 * Test for making sure the storeAccessRequest method throws an exception if a prod request for datafix . Makes sure the accessRequestRepository
 * is called and called with the correct object.
 */
@Test(expected = GatekeeperException.class)
public void testStoreAccessRequestDaysBeyondMax() throws GatekeeperException {
    List<User> users = new ArrayList<>();
    users.add(user);
    List<AWSRdsDatabase> instances = new ArrayList<>();
    instances.add(awsRdsDatabase);
    AccessRequestWrapper badReq = new AccessRequestWrapper();
    badReq.setAccountSdlc("prod");
    badReq.setDays(181);
    badReq.setRoles(Arrays.asList(new UserRole("dba")));
    AccessRequestCreationResponse result = accessRequestService.storeAccessRequest(badReq);
    verify(accessRequestRepository, times(0)).save((AccessRequest) result.getResponse());
}

Example 2 with AccessRequestCreationResponse

use of org.finra.gatekeeper.services.accessrequest.model.response.AccessRequestCreationResponse in project Gatekeeper by FINRAOS.

the class AccessRequestServiceTest method testStoreAccessRequest.

/**
 * Test for making sure the storeAccessRequest method works. Makes sure the accessRequestRepository
 * is called and called with the correct object.
 */
@Test
public void testStoreAccessRequest() throws Exception {
    List<User> users = new ArrayList<>();
    users.add(user);
    List<AWSRdsDatabase> instances = new ArrayList<>();
    instances.add(awsRdsDatabase);
    Mockito.when(databaseConnectionService.checkUsersAndDbs(Mockito.any(), Mockito.any(), Mockito.any())).thenReturn(new HashMap<>());
    AccessRequestCreationResponse result = accessRequestService.storeAccessRequest(ownerRequestWrapper);
    Assert.assertTrue(result.getResponse() instanceof AccessRequest);
    AccessRequest response = (AccessRequest) result.getResponse();
    Assert.assertEquals(response.getRequestorEmail(), "testEmail@finra.org");
    Assert.assertEquals(response.getRequestorId(), "testUserId");
    Assert.assertEquals(response.getRequestorName(), "testName");
    Assert.assertEquals(response.getRegion(), "testRegion");
    Assert.assertEquals(response.getAccount(), "TESTACCOUNT");
    Assert.assertEquals(response.getAccountSdlc(), "dev");
    Assert.assertEquals(response.getDays(), new Integer(1));
    Assert.assertEquals(response.getUsers(), users);
    Assert.assertEquals(response.getAwsRdsInstances(), instances);
    verify(accessRequestRepository, times(1)).save(response);
}

Example 3 with AccessRequestCreationResponse

use of org.finra.gatekeeper.services.accessrequest.model.response.AccessRequestCreationResponse in project Gatekeeper by FINRAOS.

the class AccessRequestService method storeAccessRequest.

/**
 * Store the Access Request and either grant or require approval. Before the access request is written to the database the users
 * provided will be checked against each DB to make sure that the users can be successfully created.
 *
 * @param request
 * @return AccessRequest - if the user/db check succeeds, Map - if theres any
 * @throws GatekeeperException
 */
public AccessRequestCreationResponse storeAccessRequest(AccessRequestWrapper request) throws GatekeeperException {
    GatekeeperUserEntry requestor = gatekeeperRoleService.getUserProfile();
    Integer maxDays = overridePolicy.getMaxDaysForRequest(gatekeeperRoleService.getRole(), request.getRoles(), request.getAccountSdlc());
    if (request.getDays() > maxDays) {
        throw new GatekeeperException("Days requested (" + request.getDays() + ") exceeded the maximum of " + maxDays + " for roles " + request.getRoles() + " on account with SDLC " + request.getAccountSdlc());
    }
    // throw gk in front of all the user id's
    request.getUsers().forEach(u -> u.setUserId("gk_" + u.getUserId()));
    Account theAccount = accountInformationService.getAccountByAlias(request.getAccount());
    AWSEnvironment environment = new AWSEnvironment(theAccount.getAlias().toUpperCase(), request.getRegion());
    AccessRequest accessRequest = new AccessRequest().setAccount(request.getAccount().toUpperCase()).setAccountSdlc(request.getAccountSdlc()).setRegion(request.getRegion()).setDays(request.getDays()).setRequestorId(requestor.getUserId()).setRequestorName(requestor.getName()).setRequestorEmail(requestor.getEmail()).setUsers(request.getUsers()).setAwsRdsInstances(request.getInstances()).setRequestReason(request.getRequestReason()).setRoles(request.getRoles());
    logger.info("Checking Users associated with this access request");
    Map<String, List<String>> checkResult;
    try {
        checkResult = databaseConnectionService.checkUsersAndDbs(request.getRoles(), request.getUsers(), request.getInstances());
    } catch (Exception e) {
        throw new GatekeeperException("Unable to verify the Users for the provided databases");
    }
    if (!checkResult.isEmpty()) {
        return new AccessRequestCreationResponse(AccessRequestCreationOutcome.NOT_CREATED_USER_ISSUE, checkResult);
    }
    logger.info("Storing Access Request");
    accessRequestRepository.save(accessRequest);
    logger.info("Access Request stored with ID: " + accessRequest.getId());
    // Kick off the activiti workflow
    Map<String, Object> variables = new HashMap<>();
    variables.put("accessRequest", accessRequest);
    runtimeService.startProcessInstanceByKey("gatekeeperAccessRequest", variables);
    // Verify that we started a new process instance
    logger.info("Number of process instances: " + runtimeService.createProcessInstanceQuery().count());
    return new AccessRequestCreationResponse(AccessRequestCreationOutcome.CREATED, accessRequest);
}