Examples with AWSEnvironment org.finra.gatekeeper.services.aws.model.AWSEnvironment used on opensource projects

Example 6 with AWSEnvironment

use of org.finra.gatekeeper.services.aws.model.AWSEnvironment in project Gatekeeper by FINRAOS.

the class AccessRequestService method storeAccessRequest.

/**
 * Store the Access Request and either grant or require approval. Before the access request is written to the database the users
 * provided will be checked against each DB to make sure that the users can be successfully created.
 *
 * @param request
 * @return AccessRequest - if the user/db check succeeds, Map - if theres any
 * @throws GatekeeperException
 */
public AccessRequestCreationResponse storeAccessRequest(AccessRequestWrapper request) throws GatekeeperException {
    GatekeeperUserEntry requestor = gatekeeperRoleService.getUserProfile();
    Integer maxDays = overridePolicy.getMaxDaysForRequest(gatekeeperRoleService.getRole(), request.getRoles(), request.getAccountSdlc());
    if (request.getDays() > maxDays) {
        throw new GatekeeperException("Days requested (" + request.getDays() + ") exceeded the maximum of " + maxDays + " for roles " + request.getRoles() + " on account with SDLC " + request.getAccountSdlc());
    }
    // throw gk in front of all the user id's
    request.getUsers().forEach(u -> u.setUserId("gk_" + u.getUserId()));
    Account theAccount = accountInformationService.getAccountByAlias(request.getAccount());
    AWSEnvironment environment = new AWSEnvironment(theAccount.getAlias().toUpperCase(), request.getRegion());
    AccessRequest accessRequest = new AccessRequest().setAccount(request.getAccount().toUpperCase()).setAccountSdlc(request.getAccountSdlc()).setRegion(request.getRegion()).setDays(request.getDays()).setRequestorId(requestor.getUserId()).setRequestorName(requestor.getName()).setRequestorEmail(requestor.getEmail()).setUsers(request.getUsers()).setAwsRdsInstances(request.getInstances()).setRequestReason(request.getRequestReason()).setRoles(request.getRoles());
    logger.info("Checking Users associated with this access request");
    Map<String, List<String>> checkResult;
    try {
        checkResult = databaseConnectionService.checkUsersAndDbs(request.getRoles(), request.getUsers(), request.getInstances());
    } catch (Exception e) {
        throw new GatekeeperException("Unable to verify the Users for the provided databases");
    }
    if (!checkResult.isEmpty()) {
        return new AccessRequestCreationResponse(AccessRequestCreationOutcome.NOT_CREATED_USER_ISSUE, checkResult);
    }
    logger.info("Storing Access Request");
    accessRequestRepository.save(accessRequest);
    logger.info("Access Request stored with ID: " + accessRequest.getId());
    // Kick off the activiti workflow
    Map<String, Object> variables = new HashMap<>();
    variables.put("accessRequest", accessRequest);
    runtimeService.startProcessInstanceByKey("gatekeeperAccessRequest", variables);
    // Verify that we started a new process instance
    logger.info("Number of process instances: " + runtimeService.createProcessInstanceQuery().count());
    return new AccessRequestCreationResponse(AccessRequestCreationOutcome.CREATED, accessRequest);
}