feat: implement the user assignment to groups (#473)

* feat: implement the user assignment to groups * feat: add get_group_id fn * fix: fmt
cds-snc · Apr 19, 2024 · 66b329c · 66b329c
1 parent 81cfcd4
commit 66b329c
Show file tree

Hide file tree

Showing 2 changed files with 207 additions and 4 deletions.
diff --git a/app/integrations/aws/identity_store.py b/app/integrations/aws/identity_store.py
@@ -58,8 +58,8 @@ def delete_user(user_id, **kwargs):
     """
     kwargs = resolve_identity_store_id(kwargs)
     kwargs.update({"UserId": user_id})
-    result = execute_aws_api_call("identitystore", "delete_user", **kwargs)
-    return True if result == {} else False
+    response = execute_aws_api_call("identitystore", "delete_user", **kwargs)
+    return True if response == {} else False
 
 
 @handle_aws_api_errors
@@ -81,8 +81,8 @@ def get_user_id(user_name, **kwargs):
             }
         }
     )
-    result = execute_aws_api_call("identitystore", "get_user_id", **kwargs)
-    return result["UserId"] if result else False
+    response = execute_aws_api_call("identitystore", "get_user_id", **kwargs)
+    return response["UserId"] if response else False
 
 
 @handle_aws_api_errors
@@ -94,6 +94,29 @@ def list_users(**kwargs):
     )
 
 
+@handle_aws_api_errors
+def get_group_id(group_name, **kwargs):
+    """Retrieves the group ID of the group
+
+    Args:
+        group_name (str): The name of the group.
+        **kwargs: Additional keyword arguments for the API call.
+    """
+    kwargs = resolve_identity_store_id(kwargs)
+    kwargs.update(
+        {
+            "AlternateIdentifier": {
+                "UniqueAttribute": {
+                    "AttributePath": "displayName",
+                    "AttributeValue": group_name,
+                },
+            }
+        }
+    )
+    response = execute_aws_api_call("identitystore", "get_group_id", **kwargs)
+    return response["GroupId"] if response else False
+
+
 @handle_aws_api_errors
 def list_groups(**kwargs):
     """Retrieves all groups from the AWS Identity Center (identitystore)"""
@@ -103,6 +126,45 @@ def list_groups(**kwargs):
     )
 
 
+@handle_aws_api_errors
+def create_group_membership(group_id, user_id, **kwargs):
+    """Creates a group membership in the AWS Identity Center (identitystore)
+
+    Args:
+        group_id (str): The group ID of the group.
+        user_id (str): The user ID of the user.
+        **kwargs: Additional keyword arguments for the API call.
+
+    Returns:
+        str: The membership ID of the created group membership.
+    """
+    kwargs = resolve_identity_store_id(kwargs)
+    kwargs.update({"GroupId": group_id, "UserId": user_id})
+    response = execute_aws_api_call(
+        "identitystore", "create_group_membership", **kwargs
+    )
+    return response["MembershipId"] if response else False
+
+
+@handle_aws_api_errors
+def delete_group_membership(membership_id, **kwargs):
+    """Deletes a group membership from the AWS Identity Center (identitystore)
+
+    Args:
+        membership_id (str): The membership ID of the group membership, which is the unique identifier representing the assignment of a user to a group.
+        **kwargs: Additional keyword arguments for the API call.
+
+    Returns:
+        bool: True if the group membership was deleted successfully, False otherwise.
+    """
+    kwargs = resolve_identity_store_id(kwargs)
+    kwargs.update({"MembershipId": membership_id})
+    response = execute_aws_api_call(
+        "identitystore", "delete_group_membership", **kwargs
+    )
+    return True if response == {} else False
+
+
 @handle_aws_api_errors
 def list_group_memberships(group_id, **kwargs):
     """Retrieves all group memberships from the AWS Identity Center  (identitystore)"""

diff --git a/app/tests/integrations/aws/test_identity_store.py b/app/tests/integrations/aws/test_identity_store.py
@@ -217,6 +217,50 @@ def test_list_users_with_kwargs(mock_execute_aws_api_call):
     assert result == ["User1", "User2"]
 
 
+@patch.dict(os.environ, {"AWS_SSO_INSTANCE_ID": "test_instance_id"})
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+def test_get_group_id(mock_execute_aws_api_call):
+    mock_execute_aws_api_call.return_value = {"GroupId": "test_group_id"}
+    group_name = "test_group_name"
+
+    result = identity_store.get_group_id(group_name)
+
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "get_group_id",
+        IdentityStoreId="test_instance_id",
+        AlternateIdentifier={
+            "UniqueAttribute": {
+                "AttributePath": "displayName",
+                "AttributeValue": group_name,
+            },
+        },
+    )
+    assert result == "test_group_id"
+
+
+@patch.dict(os.environ, {"AWS_SSO_INSTANCE_ID": "test_instance_id"})
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+def test_get_group_id_no_group(mock_execute_aws_api_call):
+    mock_execute_aws_api_call.return_value = False
+    group_name = "nonexistent_group"
+
+    result = identity_store.get_group_id(group_name)
+
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "get_group_id",
+        IdentityStoreId="test_instance_id",
+        AlternateIdentifier={
+            "UniqueAttribute": {
+                "AttributePath": "displayName",
+                "AttributeValue": group_name,
+            },
+        },
+    )
+    assert result is False
+
+
 @patch.dict(os.environ, {"AWS_SSO_INSTANCE_ID": "test_instance_id"})
 @patch("integrations.aws.identity_store.execute_aws_api_call")
 def test_list_groups(mock_execute_aws_api_call):
@@ -274,6 +318,103 @@ def test_list_groups_with_kwargs(mock_execute_aws_api_call):
     assert result == ["Group1", "Group2"]
 
 
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+@patch("integrations.aws.identity_store.resolve_identity_store_id")
+def test_create_group_membership(
+    mock_resolve_identity_store_id, mock_execute_aws_api_call
+):
+    mock_resolve_identity_store_id.return_value = {
+        "IdentityStoreId": "test_instance_id"
+    }
+    mock_execute_aws_api_call.return_value = {
+        "MembershipId": "test_membership_id",
+        "IdentityStoreId": "test_instance_id",
+    }
+    group_id = "test_group_id"
+    user_id = "test_user_id"
+
+    # Act
+    result = identity_store.create_group_membership(group_id, user_id)
+
+    # Assert
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "create_group_membership",
+        IdentityStoreId="test_instance_id",
+        GroupId=group_id,
+        UserId=user_id,
+    )
+    assert result == "test_membership_id"
+
+
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+@patch("integrations.aws.identity_store.resolve_identity_store_id")
+def test_create_group_membership_unsuccessful(
+    mock_resolve_identity_store_id, mock_execute_aws_api_call
+):
+    mock_resolve_identity_store_id.return_value = {
+        "IdentityStoreId": "test_instance_id"
+    }
+    mock_execute_aws_api_call.return_value = False
+    group_id = "test_group_id"
+    user_id = "test_user_id"
+
+    result = identity_store.create_group_membership(group_id, user_id)
+
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "create_group_membership",
+        IdentityStoreId="test_instance_id",
+        GroupId=group_id,
+        UserId=user_id,
+    )
+    assert result is False
+
+
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+@patch("integrations.aws.identity_store.resolve_identity_store_id")
+def test_delete_group_membership(
+    mock_resolve_identity_store_id, mock_execute_aws_api_call
+):
+    mock_resolve_identity_store_id.return_value = {
+        "IdentityStoreId": "test_instance_id"
+    }
+    mock_execute_aws_api_call.return_value = {}
+    membership_id = "test_membership_id"
+
+    result = identity_store.delete_group_membership(membership_id)
+
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "delete_group_membership",
+        IdentityStoreId="test_instance_id",
+        MembershipId=membership_id,
+    )
+    assert result is True
+
+
+@patch("integrations.aws.identity_store.execute_aws_api_call")
+@patch("integrations.aws.identity_store.resolve_identity_store_id")
+def test_delete_group_membership_resource_not_found(
+    mock_resolve_identity_store_id, mock_execute_aws_api_call
+):
+    mock_resolve_identity_store_id.return_value = {
+        "IdentityStoreId": "test_instance_id"
+    }
+    mock_execute_aws_api_call.return_value = False
+    membership_id = "nonexistent_membership_id"
+
+    result = identity_store.delete_group_membership(membership_id)
+
+    mock_execute_aws_api_call.assert_called_once_with(
+        "identitystore",
+        "delete_group_membership",
+        IdentityStoreId="test_instance_id",
+        MembershipId=membership_id,
+    )
+    assert result is False
+
+
 @patch.dict(os.environ, {"AWS_SSO_INSTANCE_ID": "test_instance_id"})
 @patch("integrations.aws.identity_store.execute_aws_api_call")
 def test_list_group_memberships(mock_execute_aws_api_call):