diff --git a/core/src/main/java/io/aiven/klaw/helpers/HandleDbRequests.java b/core/src/main/java/io/aiven/klaw/helpers/HandleDbRequests.java index b798a18a2b..8722587487 100644 --- a/core/src/main/java/io/aiven/klaw/helpers/HandleDbRequests.java +++ b/core/src/main/java/io/aiven/klaw/helpers/HandleDbRequests.java @@ -188,6 +188,8 @@ boolean validateIfConsumerGroupUsedByAnotherTeam( boolean existsSpecificAclRequest( String topicName, String requestStatus, String env, int tenantId, int associatedAclId); + boolean existsAclSslInTeam(int teamId, int tenantId, String aclSsl); + boolean existsSchemaRequest(String topicName, String requestStatus, String env, int tenantId); boolean existsSchemaRequest( diff --git a/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/HandleDbRequestsJdbc.java b/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/HandleDbRequestsJdbc.java index 5477a51c18..426cd0bd86 100644 --- a/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/HandleDbRequestsJdbc.java +++ b/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/HandleDbRequestsJdbc.java @@ -426,6 +426,11 @@ public boolean existsSpecificAclRequest( topicName, requestStatus, env, tenantId, associatedAclId); } + @Override + public boolean existsAclSslInTeam(int teamId, int tenantId, String aclSsl) { + return jdbcSelectHelper.existsAclSslInTeam(teamId, tenantId, aclSsl); + } + @Override public boolean existsSchemaRequest( String topicName, String requestStatus, String env, int tenantId) { diff --git a/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbc.java b/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbc.java index de91d4194a..3eb5bfa2dd 100644 --- a/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbc.java +++ b/core/src/main/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbc.java @@ -108,6 +108,10 @@ public boolean existsAclRequest( tenantId, env, requestStatus, topicName); } + public boolean existsAclSslInTeam(int teamId, int tenantId, String aclSsl) { + return aclRepo.existsAclSslInTeamInTenant(teamId, tenantId, aclSsl); + } + public boolean existsSpecificAclRequest( String topicName, String requestStatus, String env, int tenantId, int associatedAclId) { log.debug("associatedAclId = {}", associatedAclId); diff --git a/core/src/main/java/io/aiven/klaw/repository/AclRepo.java b/core/src/main/java/io/aiven/klaw/repository/AclRepo.java index 97fa40674e..efa547b425 100644 --- a/core/src/main/java/io/aiven/klaw/repository/AclRepo.java +++ b/core/src/main/java/io/aiven/klaw/repository/AclRepo.java @@ -44,6 +44,12 @@ boolean existsByTeamIdNotAndTenantIdAndConsumergroup( boolean existsByEnvironmentAndTenantId( @Param("envId") String envId, @Param("tenantId") Integer tenantId); + @Query( + value = + "select count(*) > 0 from kwacls where teamid = :teamId and tenantid = :tenantId and aclssl = :aclSsl", + nativeQuery = true) + boolean existsAclSslInTeamInTenant(Integer teamId, Integer tenantId, String aclSsl); + @Query( value = "select count(*) from kwacls where env = :envId and tenantid = :tenantId", nativeQuery = true) diff --git a/core/src/main/java/io/aiven/klaw/service/AclControllerService.java b/core/src/main/java/io/aiven/klaw/service/AclControllerService.java index 6992e432f6..3fa79696b4 100644 --- a/core/src/main/java/io/aiven/klaw/service/AclControllerService.java +++ b/core/src/main/java/io/aiven/klaw/service/AclControllerService.java @@ -744,6 +744,16 @@ private ApiResponse approveClaimAcl( acl.get().setTeamId(aclReq.getRequestingteam()); manageDatabase.getHandleDbRequests().updateAcl(acl.get()); + if (Objects.equals(RequestOperationType.CLAIM.value, aclReq.getRequestOperationType())) { + if (!manageDatabase + .getHandleDbRequests() + .existsAclSslInTeam(aclReq.getTeamId(), aclReq.getTenantId(), aclReq.getAcl_ssl())) { + // Team has no other Acls left with service user so transfer ownership to the next + // team. + // Transfer Service Account ownership + transferServiceUserOwnership(aclReq); + } + } } aclReq.setApprovals(KlawResourceUtils.approvalsToAclApprovalsList(approvals)); String status = @@ -770,11 +780,43 @@ private ApiResponse emailAndReturnClaimUpdate( dbHandle, notifyUserType, commonUtilsService.getLoginUrl()); + return ApiResultStatus.SUCCESS.value.equals(updateAclReqStatus) ? ApiResponse.ok(updateAclReqStatus) : ApiResponse.notOk(updateAclReqStatus); } + private void transferServiceUserOwnership(AclRequests aclReq) { + removeServiceAccountOnTransferOfOwnership(aclReq, aclReq.getTenantId()); + Optional optionalTeam = + manageDatabase.getTeamObjForTenant(aclReq.getTenantId()).stream() + .filter(team -> Objects.equals(team.getTeamId(), aclReq.getRequestingteam())) + .findFirst(); + optionalTeam.ifPresent( + team -> { + if (Objects.equals(RequestOperationType.CLAIM.value, aclReq.getRequestOperationType())) { + ServiceAccounts serviceAccounts = team.getServiceAccounts(); + if (serviceAccounts != null + && serviceAccounts.getServiceAccountsList() != null + && !serviceAccounts.getServiceAccountsList().isEmpty()) { + // add to your team + serviceAccounts.getServiceAccountsList().add(aclReq.getAcl_ssl()); + } else { + serviceAccounts = new ServiceAccounts(); + serviceAccounts.setNumberOfAllowedAccounts(allowedServiceAccountsPerTeam); + serviceAccounts.setServiceAccountsList(new HashSet<>()); + serviceAccounts.getServiceAccountsList().add(aclReq.getAcl_ssl()); + team.setServiceAccounts(serviceAccounts); + } + + // Update team with service account + manageDatabase.getHandleDbRequests().updateTeam(team); + commonUtilsService.updateMetadata( + aclReq.getTenantId(), EntityType.TEAM, MetadataOperationType.UPDATE, null); + } + }); + } + private void saveToTopicHistory(String userDetails, int tenantId, AclRequests aclReq) { String remarksAcl = RequestEntityType.ACL.name() @@ -905,6 +947,7 @@ private void updateServiceAccountsForTeam(AclRequests aclRequest, int tenantId) serviceAccounts.getServiceAccountsList().add(aclRequest.getAcl_ssl()); optionalTeam.get().setServiceAccounts(serviceAccounts); } + // Update team with service account manageDatabase.getHandleDbRequests().updateTeam(optionalTeam.get()); commonUtilsService.updateMetadata( @@ -912,6 +955,27 @@ private void updateServiceAccountsForTeam(AclRequests aclRequest, int tenantId) } } + private void removeServiceAccountOnTransferOfOwnership(AclRequests aclRequest, int tenantId) { + if (Objects.equals(RequestOperationType.CLAIM.value, aclRequest.getRequestOperationType())) { + // remove the service account from the other team as they no longer have any acls using that + // service user left. + Optional origTeam = + manageDatabase.getTeamObjForTenant(tenantId).stream() + .filter(team -> Objects.equals(team.getTeamId(), aclRequest.getTeamId())) + .findFirst(); + origTeam.ifPresent( + team -> { + ServiceAccounts origServiceAccounts = team.getServiceAccounts(); + if (origServiceAccounts != null + && origServiceAccounts.getServiceAccountsList() != null + && origServiceAccounts.getServiceAccountsList().size() > 0) { + origServiceAccounts.getServiceAccountsList().remove(aclRequest.getAcl_ssl()); + } + manageDatabase.getHandleDbRequests().updateTeam(team); + }); + } + } + private ResponseEntity invokeClusterApiAclRequest(int tenantId, AclRequests aclReq) throws KlawException { ResponseEntity response = null; diff --git a/core/src/test/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbcTest.java b/core/src/test/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbcTest.java index cb099e7913..3750336ad4 100644 --- a/core/src/test/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbcTest.java +++ b/core/src/test/java/io/aiven/klaw/helpers/db/rdbms/SelectDataJdbcTest.java @@ -353,4 +353,31 @@ public static Stream doesAclExist() { Arguments.of(101, "TEST", "Topic3", 19292, false), Arguments.of(101, "TEST", "Topic4", 120202, false)); } + + @ParameterizedTest + @MethodSource + public void doesAclSslExistInTeam( + int teamId, int tenantId, String aclSsl, boolean expectedResult) { + + when(aclRepo.existsAclSslInTeamInTenant(teamId, tenantId, aclSsl)).thenReturn(expectedResult); + + assertThat(selectData.existsAclSslInTeam(teamId, tenantId, aclSsl)).isEqualTo(expectedResult); + + verify(aclRepo, times(1)).existsAclSslInTeamInTenant(teamId, tenantId, aclSsl); + } + + public static Stream doesAclSslExistInTeam() { + + return Stream.of( + Arguments.of(1002, 101, "Alice", true), + Arguments.of(1004, 101, "White-Queen", true), + Arguments.of(1002, 101, "Red-Queen", true), + Arguments.of(1004, 101, "Tarrant", true), + Arguments.of(1009, 101, "Hamish", false), + Arguments.of(1, 101, "Hatter", true), + Arguments.of(21, 101, "Caterpillar", false), + Arguments.of(1006, 101, "Cheshire", false), + Arguments.of(1009, 101, "Knave", false), + Arguments.of(1009, 101, "White-Rabbit", false)); + } } diff --git a/core/src/test/java/io/aiven/klaw/service/AclControllerServiceTest.java b/core/src/test/java/io/aiven/klaw/service/AclControllerServiceTest.java index ad756fcf4d..f138a5a652 100644 --- a/core/src/test/java/io/aiven/klaw/service/AclControllerServiceTest.java +++ b/core/src/test/java/io/aiven/klaw/service/AclControllerServiceTest.java @@ -4,6 +4,8 @@ import static io.aiven.klaw.error.KlawErrorMessages.ACL_ERR_107; import static io.aiven.klaw.error.KlawErrorMessages.ACL_ERR_108; import static io.aiven.klaw.service.MailUtils.MailType.ACL_REQUESTED; +import static io.aiven.klaw.service.MailUtils.MailType.ACL_REQUEST_APPROVAL_ADDED; +import static io.aiven.klaw.service.MailUtils.MailType.ACL_REQUEST_APPROVED; import static org.assertj.core.api.Assertions.assertThat; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyBoolean; @@ -23,6 +25,7 @@ import io.aiven.klaw.dao.Approval; import io.aiven.klaw.dao.Env; import io.aiven.klaw.dao.KwClusters; +import io.aiven.klaw.dao.ServiceAccounts; import io.aiven.klaw.dao.Team; import io.aiven.klaw.dao.Topic; import io.aiven.klaw.dao.UserInfo; @@ -96,6 +99,8 @@ public class AclControllerServiceTest { @Captor private ArgumentCaptor aclRequestsCapture; + @Captor private ArgumentCaptor teamCapture; + @BeforeEach public void setUp() throws Exception { utilMethods = new UtilMethods(); @@ -1217,6 +1222,293 @@ public void claimAcl_createClaimRequest() throws KlawException { assertThat(request.getApprovals()).hasSize(2); } + @Order(43) + @Test + public void claimAcl_approveClaim_NotAuthorized() throws KlawException, KlawBadRequestException { + String reqNum = "224"; + stubUserInfo(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(true); + + ApiResponse apiResp = aclControllerService.approveAclRequests(reqNum); + assertThat(apiResp.isSuccess()).isFalse(); + assertThat(apiResp.getMessage()).isEqualTo(ApiResultStatus.NOT_AUTHORIZED.value); + } + + @Order(44) + @Test + public void claimAcl_approveClaim_transferOwnership() + throws KlawException, KlawBadRequestException { + int reqNum = 224; + stubUserInfo(); + Acl acl = createAcl(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(false); + when(commonUtilsService.getTenantId(any())).thenReturn(TENANT_ID); + AclRequests aclReq = getAclClaimRequestDao(reqNum); + when(handleDbRequests.getAclRequest(eq(reqNum), eq(TENANT_ID))) + .thenReturn(getAclClaimRequestDao(reqNum)); + when(handleDbRequests.getAcl(eq(aclReq.getAssociatedAclId()), eq(TENANT_ID))) + .thenReturn((Optional.of(createClaimAcl()))); + ArrayList topics = new ArrayList<>(); + topics.add(createTopic()); + when(manageDatabase.getTopicsForTenant(TENANT_ID)).thenReturn(topics); + when(approvalService.isRequestFullyApproved(any())).thenReturn(true); + // No acl_ssl service name left owned by the team. + when(manageDatabase + .getHandleDbRequests() + .existsAclSslInTeam(aclReq.getTeamId(), aclReq.getTenantId(), aclReq.getAcl_ssl())) + .thenReturn(false); + when(manageDatabase.getTeamObjForTenant(eq(TENANT_ID))) + .thenReturn(getTeamsListWithServiceAccounts(aclReq)); + + ApiResponse apiResp = aclControllerService.approveAclRequests(String.valueOf(reqNum)); + + verify(handleDbRequests, times(2)).updateTeam(teamCapture.capture()); + List teamsCaptured = teamCapture.getAllValues(); + for (Team team : teamsCaptured) { + if (team.getTeamId().equals(aclReq.getRequestingteam())) { + // Requesting team gets ownership + assertThat(team.getServiceAccounts().getServiceAccountsList().contains(aclReq.getAcl_ssl())) + .isTrue(); + } else if (team.getTeamId().equals(aclReq.getTeamId())) { + // Previous team only had one ACl so they do not get to keep the service Account in their + // list + assertThat(team.getServiceAccounts().getServiceAccountsList()).isEmpty(); + } + } + verify(handleDbRequests).claimAclRequest(any(), eq(RequestStatus.APPROVED)); + verify(mailService) + .sendMail( + eq(aclReq.getTopicname()), + eq(aclReq.getAclType()), + eq(""), + eq(aclReq.getRequestor()), + eq(aclReq.getApprover()), + eq(aclReq.getTeamId()), + any(), + eq(ACL_REQUEST_APPROVED), + any()); + } + + @Order(45) + @Test + public void + claimAcl_approveClaim_transferOwnership_noOwnershipChange_As_PreviousTeamStillHasAnotherAcl() + throws KlawException, KlawBadRequestException { + int reqNum = 224; + stubUserInfo(); + Acl acl = createAcl(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(false); + when(commonUtilsService.getTenantId(any())).thenReturn(TENANT_ID); + AclRequests aclReq = getAclClaimRequestDao(reqNum); + when(handleDbRequests.getAclRequest(eq(reqNum), eq(TENANT_ID))) + .thenReturn(getAclClaimRequestDao(reqNum)); + when(handleDbRequests.getAcl(eq(aclReq.getAssociatedAclId()), eq(TENANT_ID))) + .thenReturn((Optional.of(createClaimAcl()))); + ArrayList topics = new ArrayList<>(); + topics.add(createTopic()); + when(manageDatabase.getTopicsForTenant(TENANT_ID)).thenReturn(topics); + when(approvalService.isRequestFullyApproved(any())).thenReturn(true); + // Another acl_ssl (service acc) is owned by the team. + when(manageDatabase + .getHandleDbRequests() + .existsAclSslInTeam(aclReq.getTeamId(), aclReq.getTenantId(), aclReq.getAcl_ssl())) + .thenReturn(true); + when(manageDatabase.getTeamObjForTenant(eq(TENANT_ID))) + .thenReturn(getTeamsListWithServiceAccounts(aclReq)); + + ApiResponse apiResp = aclControllerService.approveAclRequests(String.valueOf(reqNum)); + + verify(handleDbRequests).claimAclRequest(any(), eq(RequestStatus.APPROVED)); + verify(mailService) + .sendMail( + eq(aclReq.getTopicname()), + eq(aclReq.getAclType()), + eq(""), + eq(aclReq.getRequestor()), + eq(aclReq.getApprover()), + eq(aclReq.getTeamId()), + any(), + eq(ACL_REQUEST_APPROVED), + any()); + } + + @Order(46) + @Test + public void claimAcl_approveClaim_Not_fullyApproved_doNot_transferOwnership() + throws KlawException, KlawBadRequestException { + int reqNum = 224; + stubUserInfo(); + Acl acl = createAcl(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(false); + when(commonUtilsService.getTenantId(any())).thenReturn(TENANT_ID); + AclRequests aclReq = getAclClaimRequestDao(reqNum); + when(handleDbRequests.getAclRequest(eq(reqNum), eq(TENANT_ID))) + .thenReturn(getAclClaimRequestDao(reqNum)); + when(handleDbRequests.getAcl(eq(aclReq.getAssociatedAclId()), eq(TENANT_ID))) + .thenReturn((Optional.of(createClaimAcl()))); + ArrayList topics = new ArrayList<>(); + topics.add(createTopic()); + when(manageDatabase.getTopicsForTenant(TENANT_ID)).thenReturn(topics); + when(approvalService.isRequestFullyApproved(any())).thenReturn(false); + + ApiResponse apiResp = aclControllerService.approveAclRequests(String.valueOf(reqNum)); + + verify(handleDbRequests, times(0)).updateTeam(any()); + verify(handleDbRequests).claimAclRequest(any(), eq(RequestStatus.CREATED)); + verify(mailService) + .sendMail( + eq(aclReq.getTopicname()), + eq(aclReq.getAclType()), + eq(""), + eq(aclReq.getRequestor()), + eq(aclReq.getApprover()), + eq(aclReq.getTeamId()), + any(), + eq(ACL_REQUEST_APPROVAL_ADDED), + any()); + } + + @Order(47) + @Test + public void + claimAcl_approveClaim_transferOwnership_AddToNewowner_NullServiceAccountShouldNotThrowError() + throws KlawException, KlawBadRequestException { + int reqNum = 224; + stubUserInfo(); + Acl acl = createAcl(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(false); + when(commonUtilsService.getTenantId(any())).thenReturn(TENANT_ID); + AclRequests aclReq = getAclClaimRequestDao(reqNum); + when(handleDbRequests.getAclRequest(eq(reqNum), eq(TENANT_ID))) + .thenReturn(getAclClaimRequestDao(reqNum)); + when(handleDbRequests.getAcl(eq(aclReq.getAssociatedAclId()), eq(TENANT_ID))) + .thenReturn((Optional.of(createClaimAcl()))); + ArrayList topics = new ArrayList<>(); + topics.add(createTopic()); + when(manageDatabase.getTopicsForTenant(TENANT_ID)).thenReturn(topics); + when(approvalService.isRequestFullyApproved(any())).thenReturn(true); + List existingTeams = getTeamsListWithServiceAccounts(aclReq); + for (Team team : existingTeams) { + if (team.getTeamId().equals(aclReq.getRequestingteam())) { + team.getServiceAccounts().setServiceAccountsList(null); + } + } + // Another acl_ssl (service acc) is owned by the team. + when(manageDatabase + .getHandleDbRequests() + .existsAclSslInTeam(aclReq.getTeamId(), aclReq.getTenantId(), aclReq.getAcl_ssl())) + .thenReturn(false); + when(manageDatabase.getTeamObjForTenant(eq(TENANT_ID))).thenReturn(existingTeams); + + ApiResponse apiResp = aclControllerService.approveAclRequests(String.valueOf(reqNum)); + + verify(handleDbRequests, times(2)).updateTeam(teamCapture.capture()); + List teamsCaptured = teamCapture.getAllValues(); + assertThat(teamsCaptured).hasSize(2); + for (Team team : teamsCaptured) { + if (team.getTeamId().equals(aclReq.getRequestingteam())) { + // Requesting team gets ownership added + assertThat(team.getServiceAccounts().getServiceAccountsList().contains(aclReq.getAcl_ssl())) + .isTrue(); + } else if (team.getTeamId().equals(aclReq.getTeamId())) { + assertThat(team.getServiceAccounts().getServiceAccountsList()).isEmpty(); + } + // The existing owner team doesnt have it removed as they have another acl that uses that + // account. + } + verify(handleDbRequests).claimAclRequest(any(), eq(RequestStatus.APPROVED)); + verify(mailService) + .sendMail( + eq(aclReq.getTopicname()), + eq(aclReq.getAclType()), + eq(""), + eq(aclReq.getRequestor()), + eq(aclReq.getApprover()), + eq(aclReq.getTeamId()), + any(), + eq(ACL_REQUEST_APPROVED), + any()); + } + + @Order(48) + @Test + public void + claimAcl_approveClaim_transferOwnership_AddToNewowner_removeFromPreviousOwner_NullServiceAccountShouldNotThrowError() + throws KlawException, KlawBadRequestException { + int reqNum = 224; + stubUserInfo(); + Acl acl = createAcl(); + when(commonUtilsService.isNotAuthorizedUser(any(), eq(PermissionType.APPROVE_SUBSCRIPTIONS))) + .thenReturn(false); + when(commonUtilsService.getTenantId(any())).thenReturn(TENANT_ID); + AclRequests aclReq = getAclClaimRequestDao(reqNum); + when(handleDbRequests.getAclRequest(eq(reqNum), eq(TENANT_ID))) + .thenReturn(getAclClaimRequestDao(reqNum)); + when(handleDbRequests.getAcl(eq(aclReq.getAssociatedAclId()), eq(TENANT_ID))) + .thenReturn((Optional.of(createClaimAcl()))); + ArrayList topics = new ArrayList<>(); + topics.add(createTopic()); + when(manageDatabase.getTopicsForTenant(TENANT_ID)).thenReturn(topics); + when(approvalService.isRequestFullyApproved(any())).thenReturn(true); + List existingTeams = getTeamsListWithServiceAccounts(aclReq); + for (Team team : existingTeams) { + // Set all service accounts to null + team.getServiceAccounts().setServiceAccountsList(null); + } + // Another acl_ssl (service acc) is owned by the team. + when(manageDatabase + .getHandleDbRequests() + .existsAclSslInTeam(aclReq.getTeamId(), aclReq.getTenantId(), aclReq.getAcl_ssl())) + .thenReturn(false); + when(manageDatabase.getTeamObjForTenant(eq(TENANT_ID))).thenReturn(existingTeams); + + ApiResponse apiResp = aclControllerService.approveAclRequests(String.valueOf(reqNum)); + + verify(handleDbRequests, times(2)).updateTeam(teamCapture.capture()); + List teamsCaptured = teamCapture.getAllValues(); + assertThat(teamsCaptured).hasSize(2); + for (Team team : teamsCaptured) { + if (team.getTeamId().equals(aclReq.getRequestingteam())) { + // Requesting team gets ownership added + assertThat(team.getServiceAccounts().getServiceAccountsList().contains(aclReq.getAcl_ssl())) + .isTrue(); + } else if (team.getTeamId().equals(aclReq.getTeamId())) { + assertThat(team.getServiceAccounts().getServiceAccountsList()).isNullOrEmpty(); + } + // The existing owner team doesnt have it removed as they have another acl that uses that + // account. + } + verify(handleDbRequests).claimAclRequest(any(), eq(RequestStatus.APPROVED)); + verify(mailService) + .sendMail( + eq(aclReq.getTopicname()), + eq(aclReq.getAclType()), + eq(""), + eq(aclReq.getRequestor()), + eq(aclReq.getApprover()), + eq(aclReq.getTeamId()), + any(), + eq(ACL_REQUEST_APPROVED), + any()); + } + + // Add the principal name to the original owning team so it can then be removed and added to the + // other + private static List getTeamsListWithServiceAccounts(AclRequests aclReq) { + List teams = getTeamsList(aclReq.getTeamId(), aclReq.getRequestingteam()); + for (Team team : teams) { + if (team.getTeamId().equals(aclReq.getTeamId())) { + team.getServiceAccounts().getServiceAccountsList().add(aclReq.getAcl_ssl()); + } + } + return teams; + } + private static Topic createTopic() { Topic topic = new Topic(); topic.setTeamId(1008); @@ -1275,6 +1567,36 @@ private AclRequests getAclRequestDao() { return aclReq; } + private AclRequests getAclClaimRequestDao(int reqNum) { + AclRequests aclReq = new AclRequests(); + aclReq.setTopicname("testtopic"); + aclReq.setAclType(AclType.PRODUCER.value); + aclReq.setRequestingteam(1); + aclReq.setReq_no(reqNum); + aclReq.setEnvironment("1"); + aclReq.setRequestor("kwuserb"); + aclReq.setTeamId(1001); + aclReq.setRequestStatus(RequestStatus.CREATED.value); + aclReq.setAclIpPrincipleType(AclIPPrincipleType.PRINCIPAL); + aclReq.setRequestOperationType(RequestOperationType.CLAIM.value); + aclReq.setAssociatedAclId(1000001); + aclReq.setTenantId(TENANT_ID); + return aclReq; + } + + private Acl createClaimAcl() { + Acl acl = new Acl(); + acl.setReq_no(1000001); + acl.setTopicname("testtopic"); + acl.setAclType(AclType.PRODUCER.value); + acl.setEnvironment("1"); + acl.setAclPatternType(AclPatternType.LITERAL.value); + acl.setAclssl("Alice"); + acl.setAclIpPrincipleType(AclIPPrincipleType.PRINCIPAL); + acl.setTeamId(1003); + return acl; + } + private List getAclRequests(String topicPrefix, int size) { List listReqs = new ArrayList<>(); AclRequests aclReq; @@ -1347,4 +1669,18 @@ private Approval createApproval( return approval; } + + private static List getTeamsList(int... teamIds) { + List teams = new ArrayList<>(); + for (int teamId : teamIds) { + Team team = new Team(); + team.setTeamId(teamId); + team.setTenantId(TENANT_ID); + ServiceAccounts acc = new ServiceAccounts(); + acc.setServiceAccountsList(new HashSet<>()); + team.setServiceAccounts(acc); + teams.add(team); + } + return teams; + } }