feat: add writing managed accounts feature in terraform provider

BeyondTrust · Nov 6, 2024 · 5fbb8d0 · 5fbb8d0
1 parent cddb485
commit 5fbb8d0
Show file tree

Hide file tree

Showing 5 changed files with 569 additions and 31 deletions.
diff --git a/TestClient.go b/TestClient.go
@@ -5,9 +5,9 @@ import (
 	"time"
 
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/authentication"
+	"github.com/BeyondTrust/go-client-library-passwordsafe/api/entities"
 	logging "github.com/BeyondTrust/go-client-library-passwordsafe/api/logging"
 	managed_accounts "github.com/BeyondTrust/go-client-library-passwordsafe/api/managed_account"
-	"github.com/BeyondTrust/go-client-library-passwordsafe/api/secrets"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/utils"
 
 	//"os"
@@ -26,9 +26,9 @@ func main() {
 	// create a zap logger wrapper
 	zapLogger := logging.NewZapLogger(logger)
 
-	apiUrl := "https://example.com:443/BeyondTrust/api/public/v3/"
-	clientId := ""
-	clientSecret := ""
+	apiUrl := "https://jury2310.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3"
+	clientId := "6138d050-e266-4b05-9ced-35e7dd5093ae"
+	clientSecret := "71svdPLh2AR97sPs5gfPjGjpqSUxZTKSPmEvvbMx89o="
 	separator := "/"
 	certificate := ""
 	certificateKey := ""
@@ -79,38 +79,51 @@ func main() {
 		return
 	}
 
-	// instantiating secret obj
-	secretObj, _ := secrets.NewSecretObj(*authenticate, zapLogger, maxFileSecretSizeBytes)
-
-	secretPaths := []string{"fake/Client", "fake/test_file_1"}
-
-	gotSecrets, _ := secretObj.GetSecrets(secretPaths, separator)
-
-	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Warn(fmt.Sprintf("%v", gotSecrets))
-
-	// getting single secret
-	gotSecret, _ := secretObj.GetSecret("fake/Test1", separator)
-
-	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Warn(fmt.Sprintf("Secret Test: %v", gotSecret))
-
 	// instantiating managed account obj
 	manageAccountObj, _ := managed_accounts.NewManagedAccountObj(*authenticate, zapLogger)
 
-	newSecretPaths := []string{"fake/account01", "fake/account01"}
-
-	//managedAccountList := strings.Split(paths, ",")
-	gotManagedAccounts, _ := manageAccountObj.GetSecrets(newSecretPaths, separator)
+	account := entities.AccountDetails{
+		AccountName:                       "ManagedAccountTestqw",
+		Password:                          "Passw0rd101!*",
+		DomainName:                        "exampleDomain",
+		UserPrincipalName:                 "[email protected]",
+		SAMAccountName:                    "samAccount",
+		DistinguishedName:                 "CN=example,CN=Users,DC=domain,DC=com",
+		PrivateKey:                        "privateKey",
+		Passphrase:                        "passphrase",
+		PasswordFallbackFlag:              true,
+		LoginAccountFlag:                  false,
+		Description:                       "Sample account for testing",
+		ApiEnabled:                        true,
+		ReleaseNotificationEmail:          "[email protected]",
+		ChangeServicesFlag:                false,
+		RestartServicesFlag:               false,
+		ChangeTasksFlag:                   true,
+		MaxReleaseDuration:                300000,
+		ISAReleaseDuration:                180,
+		MaxConcurrentRequests:             5,
+		AutoManagementFlag:                false,
+		DSSAutoManagementFlag:             false,
+		CheckPasswordFlag:                 true,
+		ResetPasswordOnMismatchFlag:       false,
+		ChangePasswordAfterAnyReleaseFlag: true,
+		ChangeFrequencyDays:               1,
+		ChangeTime:                        "",
+		NextChangeDate:                    "2023-12-01",
+		UseOwnCredentials:                 true,
+		ChangeWindowsAutoLogonFlag:        true,
+		ChangeComPlusFlag:                 false,
+		ObjectID:                          "uniqueObjectID",
+	}
 
-	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccounts))
+	// creating a managed account in system_integration_test managed system.
+	createResponse, err := manageAccountObj.ManageAccountCreateFlow("system_integration_test", account)
 
-	// getting single managed account
-	gotManagedAccount, _ := manageAccountObj.GetSecret("fake/account04", separator)
+	if err != nil {
+		zapLogger.Debug(fmt.Sprintf(" %v", err))
+	}
 
-	// WARNING: Do not log secrets in production code, the following log statement logs test secrets for testing purposes:
-	zapLogger.Warn(fmt.Sprintf("%v", gotManagedAccount))
+	zapLogger.Warn(fmt.Sprintf("Created Managed Account: %v", createResponse.AccountName))
 
 	// signing out
 	_ = authenticate.SignOut()

diff --git a/api/entities/entities.go b/api/entities/entities.go
@@ -31,3 +31,54 @@ type GetTokenResponse struct {
 	TokenType   string `json:"token_type"`
 	Scope       string `json:"scope"`
 }
+
+type ManagedSystemResponse struct {
+	ManagedSystemID int
+	SystemName      string
+}
+
+type CreateManagedAccountsResponse struct {
+	ManagedAccountID int
+	ManagedSystemID  int
+	AccountName      string
+}
+
+type AccountDetails struct {
+	AccountName                       string `validate:"required,max=245"`
+	Password                          string `validate:"required_if=AutoManagementFlag false"`
+	DomainName                        string `validate:"max=50"`
+	UserPrincipalName                 string `validate:"omitempty,max=500"`
+	SAMAccountName                    string `validate:"omitempty,max=20"`
+	DistinguishedName                 string `validate:"omitempty,max=1000"`
+	PrivateKey                        string `validate:"omitempty"`
+	Passphrase                        string `validate:"omitempty,required_if=PrivateKey Encrypted"`
+	PasswordFallbackFlag              bool   `validate:"omitempty"`
+	LoginAccountFlag                  bool   `validate:"omitempty"`
+	Description                       string `validate:"omitempty,max=1024"`
+	PasswordRuleID                    int    `validate:"omitempty,gte=0"`
+	ApiEnabled                        bool   `validate:"omitempty"`
+	ReleaseNotificationEmail          string `validate:"omitempty,email,max=255"`
+	ChangeServicesFlag                bool   `validate:"omitempty"`
+	RestartServicesFlag               bool   `validate:"omitempty"`
+	ChangeTasksFlag                   bool   `validate:"omitempty"`
+	ReleaseDuration                   int    `validate:"omitempty,min=1,max=525600,ltefield=MaxReleaseDuration"`
+	MaxReleaseDuration                int    `validate:"omitempty,min=1,max=525600"`
+	ISAReleaseDuration                int    `validate:"omitempty,min=1,max=525600"`
+	MaxConcurrentRequests             int    `validate:"omitempty,min=0,max=999"`
+	AutoManagementFlag                bool   `validate:"omitempty"`
+	DSSAutoManagementFlag             bool   `validate:"omitempty"`
+	CheckPasswordFlag                 bool   `validate:"omitempty"`
+	ChangePasswordAfterAnyReleaseFlag bool   `validate:"omitempty"`
+	ResetPasswordOnMismatchFlag       bool   `validate:"omitempty"`
+	ChangeFrequencyType               string `validate:"omitempty,oneof=first last xdays"`
+	ChangeFrequencyDays               int    `validate:"omitempty,min=1,max=999"`
+	ChangeTime                        string `validate:"omitempty,datetime=15:04"`
+	NextChangeDate                    string `validate:"omitempty,datetime=2006-01-02"`
+	UseOwnCredentials                 bool   `validate:"omitempty"`
+	WorkgroupID                       *int   `validate:"omitempty"`
+	ChangeWindowsAutoLogonFlag        bool   `validate:"omitempty"`
+	ChangeComPlusFlag                 bool   `validate:"omitempty"`
+	ChangeDComFlag                    bool   `validate:"omitempty"`
+	ChangeSComFlag                    bool   `validate:"omitempty"`
+	ObjectID                          string `validate:"omitempty,max=36"`
+}
diff --git a/api/managed_account/managed_account.go b/api/managed_account/managed_account.go
@@ -15,7 +15,6 @@ import (
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/entities"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/logging"
 	"github.com/BeyondTrust/go-client-library-passwordsafe/api/utils"
-
 	backoff "github.com/cenkalti/backoff/v4"
 )
 
@@ -250,3 +249,146 @@ func (managedAccounObj *ManagedAccountstObj) ManagedAccountRequestCheckIn(reques
 
 	return "", nil
 }
+
+// ManageAccountCreateFlow is responsible for creating a managed accounts in Password Safe.
+func (managedAccounObj *ManagedAccountstObj) ManageAccountCreateFlow(systemNameTarget string, accountDetails entities.AccountDetails) (entities.CreateManagedAccountsResponse, error) {
+
+	var managedSystem *entities.ManagedSystemResponse
+	var createResponse entities.CreateManagedAccountsResponse
+
+	accountDetails, err := utils.ValidateCreateManagedAccountInput(accountDetails)
+
+	if err != nil {
+		return createResponse, err
+	}
+
+	ManagedAccountSytemUrl := managedAccounObj.authenticationObj.ApiUrl.JoinPath("ManagedSystems").String()
+	managedSystemGetSystemsResponse, err := managedAccounObj.ManagedSystemGetSystems(ManagedAccountSytemUrl)
+
+	if err != nil {
+		return createResponse, err
+	}
+
+	for _, v := range managedSystemGetSystemsResponse {
+		if v.SystemName == systemNameTarget {
+			managedSystem = &v
+			break
+		}
+	}
+
+	if managedSystem == nil {
+		return createResponse, fmt.Errorf("managed system %v was not found in managed system list", systemNameTarget)
+	}
+
+	ManagedAccountCreateManagedAccountUrl := managedAccounObj.authenticationObj.ApiUrl.JoinPath("ManagedSystems", fmt.Sprintf("%d", managedSystem.ManagedSystemID), "ManagedAccounts").String()
+	createResponse, err = managedAccounObj.ManagedAccountCreateManagedAccount(accountDetails, ManagedAccountCreateManagedAccountUrl)
+
+	if err != nil {
+		return createResponse, err
+	}
+
+	return createResponse, nil
+
+}
+
+// ManagedAccountCreateManagedAccount calls Secret Safe API Requests enpoint to create managed accounts.
+func (managedAccounObj *ManagedAccountstObj) ManagedAccountCreateManagedAccount(accountDetails entities.AccountDetails, url string) (entities.CreateManagedAccountsResponse, error) {
+	messageLog := fmt.Sprintf("%v %v", "POST", url)
+	managedAccounObj.log.Debug(messageLog)
+
+	accountDetailsJson, err := json.Marshal(accountDetails)
+	if err != nil {
+		return entities.CreateManagedAccountsResponse{}, err
+	}
+
+	accountDetailsJsonString := string(accountDetailsJson)
+
+	managedAccounObj.log.Debug(accountDetailsJsonString)
+
+	b := bytes.NewBufferString(accountDetailsJsonString)
+
+	var body io.ReadCloser
+	var technicalError error
+	var businessError error
+
+	technicalError = backoff.Retry(func() error {
+		body, _, technicalError, businessError = managedAccounObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "POST", *b, "ManagedAccountCreateManagedAccount", "", "")
+		return technicalError
+	}, managedAccounObj.authenticationObj.ExponentialBackOff)
+
+	var CreateManagedAccountsResponse entities.CreateManagedAccountsResponse
+
+	if technicalError != nil {
+		return entities.CreateManagedAccountsResponse{}, technicalError
+	}
+
+	if businessError != nil {
+		return entities.CreateManagedAccountsResponse{}, businessError
+	}
+
+	defer body.Close()
+	bodyBytes, err := io.ReadAll(body)
+
+	if err != nil {
+		return entities.CreateManagedAccountsResponse{}, err
+	}
+
+	err = json.Unmarshal([]byte(bodyBytes), &CreateManagedAccountsResponse)
+
+	if err != nil {
+		managedAccounObj.log.Error(err.Error())
+		return entities.CreateManagedAccountsResponse{}, err
+	}
+
+	return CreateManagedAccountsResponse, nil
+
+}
+
+// ManagedAccountGetSystem is responsible for retrieving managed systems list
+func (managedAccounObj *ManagedAccountstObj) ManagedSystemGetSystems(url string) ([]entities.ManagedSystemResponse, error) {
+	messageLog := fmt.Sprintf("%v %v", "GET", url)
+	managedAccounObj.log.Debug(messageLog)
+
+	var body io.ReadCloser
+	var technicalError error
+	var businessError error
+
+	technicalError = backoff.Retry(func() error {
+		body, _, technicalError, businessError = managedAccounObj.authenticationObj.HttpClient.CallSecretSafeAPI(url, "GET", bytes.Buffer{}, "ManagedSystemGetSystems", "", "")
+		if technicalError != nil {
+			return technicalError
+		}
+		return nil
+
+	}, managedAccounObj.authenticationObj.ExponentialBackOff)
+
+	var managedSystemObject []entities.ManagedSystemResponse
+
+	if technicalError != nil {
+		return managedSystemObject, technicalError
+	}
+
+	if businessError != nil {
+		return managedSystemObject, businessError
+	}
+
+	defer body.Close()
+	bodyBytes, err := io.ReadAll(body)
+
+	if err != nil {
+		return managedSystemObject, err
+	}
+
+	err = json.Unmarshal(bodyBytes, &managedSystemObject)
+	if err != nil {
+		managedAccounObj.log.Error(err.Error())
+		return managedSystemObject, err
+	}
+
+	if len(managedSystemObject) == 0 {
+		return managedSystemObject, fmt.Errorf("empty System Account List")
+	}
+
+	return managedSystemObject, nil
+
+}