Merge pull request #111 from Venafi/contacts-support

Fixed policy creation with Teams on VaaS
Venafi · Apr 28, 2022 · 40df511 · 40df511
2 parents 1654907 + f93bcbd
commit 40df511
Show file tree

Hide file tree

Showing 5 changed files with 87 additions and 22 deletions.
diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/ConnectorException.java b/src/main/java/com/venafi/vcert/sdk/connectors/ConnectorException.java
@@ -543,4 +543,27 @@ public TppContactException(String policy, String error) {
 		}
 	}
 
+	public static class UsernameNotFoundException extends ConnectorException {
+
+		private static final long serialVersionUID = 1L;
+		private static final String message = "Username %s is not an existing %s %s or team";
+
+		public UsernameNotFoundException(String username, String platform, String category){
+			super(format(message, username, platform, category));
+		}
+	}
+
+	public static class VaaSUsernameNotFoundException extends UsernameNotFoundException {
+
+		public VaaSUsernameNotFoundException(String username) {
+			super(username, "VaaS", "user");
+		}
+	}
+
+	public static class TPPUsernameNotFoundException extends UsernameNotFoundException {
+
+		public TPPUsernameNotFoundException(String username) {
+			super(username, "TPP", "contact");
+		}
+	}
 }
diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java b/src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java
@@ -201,45 +201,69 @@ private static void addCitToApp(CertificateIssuingTemplate cit, Application appl
 
 	}
 
-	private static List<Application.OwnerIdsAndType> resolveUsersToCloudOwners(String[] usersList, String apiKey, Cloud cloud) {
+	private static List<Application.OwnerIdsAndType> resolveUsersToCloudOwners(String[] usersList, String apiKey, Cloud cloud) throws VCertException {
 		List<Application.OwnerIdsAndType> ownersList = new ArrayList<>();
 
 		if (usersList == null) {
-			// When no user is provided on the list, adds the current one as owner
-			UserDetails userDetails = cloud.authorize(apiKey);
-			Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, userDetails.user().id());
-			ownersList.add(owner);
+			// When no users are provided on the list, adds the api key user as owner
+			Application.OwnerIdsAndType tokenOwner = resolveApiKeyOwner(apiKey, cloud);
+			ownersList.add(tokenOwner);
 		}
 		else {
 			// Resolving the usernames list
 			// Creating a higher level Teams object to cache the response.
-			Teams tResponse = null;
+			Teams teams = null;
 			for (String username: usersList) {
-				UserResponse response = cloud.retrieveUser(username, apiKey);
-				// If the name matches a user, create the entry
-				if (response != null) {
-					Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, response.users().get(0).id());
+				try{
+					Application.OwnerIdsAndType owner = resolveUserToCloudOwner(username, apiKey, cloud);
 					ownersList.add(owner);
-				} else {
-					if (tResponse == null) {
-						tResponse = cloud.retrieveTeams(apiKey);
+				} catch(FeignException fe) {
+					// When no user is found, the framework throws an exception.
+					// Exception status must be 404 Not Found.
+					// Otherwise, a different error occurred and the exception must be thrown.
+					if (fe.status() != 404){
+						throw VCertException.fromFeignException(fe);
 					}
-					if (tResponse != null) {
-						for (Team t : tResponse.teams()) {
-							if (t.name().equals(username)) {
-								Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_TEAM, t.id());
-								ownersList.add(owner);
-								break;
-							}
-						}
+					if (teams == null) {
+						teams = cloud.retrieveTeams(apiKey);
 					}
-
+					Application.OwnerIdsAndType teamOwner = resolveUserToCloudTeam(teams, username, apiKey, cloud);
+					if (teamOwner == null){
+						throw new ConnectorException.VaaSUsernameNotFoundException(username);
+					}
+					ownersList.add(teamOwner);
 				}
 			}
 		}
 		return ownersList;
 	}
 
+	private static Application.OwnerIdsAndType resolveApiKeyOwner(String apiKey, Cloud cloud){
+		// When no user is provided on the list, adds the current one as owner
+		UserDetails userDetails = cloud.authorize(apiKey);
+		Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, userDetails.user().id());
+		return owner;
+	}
+
+	private static Application.OwnerIdsAndType resolveUserToCloudOwner(String username, String apiKey, Cloud cloud){
+		UserResponse response = cloud.retrieveUser(username, apiKey);
+		Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, response.users().get(0).id());
+		return owner;
+	}
+
+	private static Application.OwnerIdsAndType resolveUserToCloudTeam(Teams teams, String username, String apiKey, Cloud cloud){
+		if (teams == null) {
+			teams = cloud.retrieveTeams(apiKey);
+		}
+		for (Team t : teams.teams()) {
+			if (t.name().equals(username)) {
+				Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_TEAM, t.id());
+				return owner;
+			}
+		}
+		return null;
+	}
+
 	public static Application.OwnerIdsAndType createOwner(String type, String id) {
 		Application.OwnerIdsAndType owner = new Application.OwnerIdsAndType();
 		owner.ownerType(type);

diff --git a/src/main/java/com/venafi/vcert/sdk/connectors/tpp/AbstractTppConnector.java b/src/main/java/com/venafi/vcert/sdk/connectors/tpp/AbstractTppConnector.java
@@ -142,6 +142,9 @@ public IdentityEntry getTPPIdentity(String username) throws VCertException{
         BrowseIdentitiesResponse response = getTppAPI().browseIdentities(new BrowseIdentitiesRequest(username, 2,
                 BrowseIdentitiesRequest.ALL_IDENTITIES));
 
+        if (response.identities().length == 0){
+            throw new TPPUsernameNotFoundException(username);
+        }
         if (response.identities().length > 1){
             throw new IdentityExtraneousInformationException(response.identities());
         }

diff --git a/src/test/java/com/venafi/vcert/sdk/TestUtils.java b/src/test/java/com/venafi/vcert/sdk/TestUtils.java
@@ -53,6 +53,7 @@ public class TestUtils {
 	public static final String API_KEY = System.getenv("APIKEY");
 	public static final String CLOUD_ENTRUST_CA_NAME = System.getenv("CLOUD_ENTRUST_CA_NAME");
 	public static final String CLOUD_DIGICERT_CA_NAME = System.getenv("CLOUD_DIGICERT_CA_NAME");
+	public static final String CLOUD_TEAM = System.getenv("CLOUD_TEAM");
 
 	public static final String PEM_RSA_PRIVATE_KEY = "RSA PRIVATE KEY";
 	public static final String PEM_RSA_PRIVATE_KEY_ENCRYPTED = "RSA PRIVATE KEY";

diff --git a/src/test/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorPolicyAT.java b/src/test/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorPolicyAT.java
@@ -194,4 +194,18 @@ public void updatePolicyWithUsers() throws VCertException {
 		Assertions.assertEquals(2, psReturned2.users().length);
 		Assertions.assertEquals("[email protected]", psReturned2.users()[0]);
 		Assertions.assertEquals("[email protected]", psReturned2.users()[1]);	}
+
+	@Test
+	@DisplayName("Cloud - Testing policy creation with a team in the users list")
+	public void createPolicyWithTeam() throws VCertException {
+		CloudConnector connector = connectorResource.connector();
+		String policyName = CloudTestUtils.getRandomZone();
+		PolicySpecification policySpecification = CloudTestUtils.getPolicySpecification();
+		policySpecification.users(new String[]{TestUtils.CLOUD_TEAM});
+		connector.setPolicy(policyName, policySpecification);
+		PolicySpecification psReturned = connector.getPolicy(policyName);
+
+		Assertions.assertEquals(1, psReturned.users().length);
+		Assertions.assertEquals(TestUtils.CLOUD_TEAM, psReturned.users()[0]);
+	}
 }