PaladinCloud · santhosh-challa · Apr 14, 2023 · Apr 14, 2023
diff --git a/...n-api-admin/src/main/java/com/tmobile/pacman/api/admin/controller/AccountsController.java b/...n-api-admin/src/main/java/com/tmobile/pacman/api/admin/controller/AccountsController.java
@@ -11,6 +11,7 @@
 import io.swagger.annotations.ApiParam;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -28,6 +29,7 @@
 public class AccountsController {
     private static final Logger log = LoggerFactory.getLogger(AccountsController.class);
 
+
     @ApiOperation(httpMethod = "GET", value = "API to fetch list of accounts", response = Response.class, produces = MediaType.APPLICATION_JSON_VALUE)
     @GetMapping(produces =  MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<Object> getAccounts(@ApiParam(value = "provide page number", required = true) @RequestParam("page") Integer page,
@@ -69,11 +71,15 @@ public ResponseEntity<Object> deleteAccount(@ApiParam(value = "provide account n
     @ApiOperation(httpMethod = "POST", value = "API to create account", response = Response.class, produces = MediaType.APPLICATION_JSON_VALUE)
     @PostMapping(produces =  MediaType.APPLICATION_JSON_VALUE)
     public ResponseEntity<Object> createAccount(@RequestBody final CreateAccountRequest accountDetails){
+        AccountsService accountsService=null;
         try{
-            AccountsService accountsService= AccountFactory.getService(accountDetails.getPlatform());
+            accountsService= AccountFactory.getService(accountDetails.getPlatform());
             return ResponseUtils.buildSucessResponse(accountsService.addAccount(accountDetails));
         }catch (Exception exception){
             log.error(UNEXPECTED_ERROR_OCCURRED, exception);
+            if(accountsService!=null) {
+                accountsService.deleteAccount(accountDetails.getAccountId());
+            }
             return ResponseUtils.buildFailureResponse(new Exception(UNEXPECTED_ERROR_OCCURRED), exception.getMessage());
         }
     }

diff --git a/...man-api-admin/src/main/java/com/tmobile/pacman/api/admin/domain/CreateAccountRequest.java b/...man-api-admin/src/main/java/com/tmobile/pacman/api/admin/domain/CreateAccountRequest.java
@@ -10,11 +10,7 @@ public class CreateAccountRequest {
     private String roleName;
     private String projectId;
     private String projectName;
-    private Long projectNumber;
-    private String location;
-    private String workloadIdentityProviderId;
-    private String getWorkloadIdentityPoolId;
-    private String serviceAccountEmail;
+    private String secretData;
 
     private String tenantId;
     private String tenantName;

diff --git a/...main/java/com/tmobile/pacman/api/admin/repository/service/AbstractAccountServiceImpl.java b/...main/java/com/tmobile/pacman/api/admin/repository/service/AbstractAccountServiceImpl.java
@@ -29,6 +29,7 @@ public abstract class AbstractAccountServiceImpl implements AccountsService{
     public static final String FAILURE = "Failure";
     public static final String SUCCESS = "Success";
     public static final String SECRET_ALREADY_EXIST_FOR_ACCOUNT = "Secret already exist for account";
+    public static final String PALADINCLOUD_RO = "PALADINCLOUD_RO";
 
     private static final Logger logger=LoggerFactory.getLogger(AbstractAccountServiceImpl.class);
     @Override
@@ -40,6 +41,7 @@ public AccountList getAllAccounts(String columnName, int page, int size, String
             return convertToMap(accountsRepository.findAll(PageRequest.of(page, size, Sort.by(Sort.Direction.ASC, columnName)), searchTerm.toLowerCase()));
         }
     }
+
     private AccountList convertToMap(Page<AccountDetails> entities) {
         AccountList accountList=new AccountList();
         List accountDetailsList= entities.getContent();
@@ -82,7 +84,7 @@ public AccountValidationResponse deleteAccountFromDB(String accountId) {
             response.setMessage("Account deleted successfully");
             response.setValidationStatus(SUCCESS);
         }catch (EmptyResultDataAccessException exception){
-            logger.error("Error in deleting account:{}",exception);
+            logger.error("Error in deleting account: {}",exception);
             response.setValidationStatus(FAILURE);
             response.setErrorDetails("Account doesn't exists");
             response.setMessage("Account deletion failed");
@@ -127,7 +129,10 @@ public void updateConfigProperty(String key, String value, String application) {
         configPropertyService.addUpdateProperties(configPropertyRequest, "", "",
                 AdminUtils.getFormatedStringDate(DATE_FORMAT, new Date()), false);
     }
-
+    public String getSecretData(String secret){
+        String jsonTemplate="{\"secretdata\": \"%s\"}";
+        return String.format(jsonTemplate,secret);
+    }
 
 
 

diff --git a/...rc/main/java/com/tmobile/pacman/api/admin/repository/service/AzureAccountServiceImpl.java b/...rc/main/java/com/tmobile/pacman/api/admin/repository/service/AzureAccountServiceImpl.java
@@ -1,5 +1,6 @@
 package com.tmobile.pacman.api.admin.repository.service;
 
+import com.amazonaws.SdkClientException;
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicSessionCredentials;
 import com.amazonaws.services.secretsmanager.AWSSecretsManager;
@@ -36,6 +37,7 @@ public class AzureAccountServiceImpl extends AbstractAccountServiceImpl implemen
     public static final String SUCCESS = "SUCCESS";
     public static final String SECRET_ALREADY_EXIST_FOR_ACCOUNT = "Secret already exist for account";
 
+
     @Value("${secret.manager.path}")
     private String secretManagerPrefix;
     @Autowired
@@ -110,14 +112,14 @@ public AccountValidationResponse addAccount(CreateAccountRequest accountData) {
         try {
             BasicSessionCredentials credentials = credentialProvider.getBaseAccCredentials();
             String region = System.getenv("REGION");
-
+            String roleName= System.getenv(PALADINCLOUD_RO);
             AWSSecretsManager secretClient = AWSSecretsManagerClientBuilder
                     .standard()
                     .withCredentials(new AWSStaticCredentialsProvider(credentials))
                     .withRegion(region).build();
 
             CreateSecretRequest createRequest = new CreateSecretRequest()
-                    .withName(secretManagerPrefix + "/azure/" + tenantId).withSecretString(getAzureSecretData(accountData.getTenantSecretData()));
+                    .withName(secretManagerPrefix+"/"+roleName+ "/azure/" + tenantId).withSecretString(getSecretData(accountData.getTenantSecretData()));
 
             CreateSecretResult createResponse = secretClient.createSecret(createRequest);
             LOGGER.info("Create secret response: {}", createResponse);
@@ -172,30 +174,35 @@ private AccountValidationResponse validateRequest(CreateAccountRequest accountDa
     public AccountValidationResponse deleteAccount(String tenantId) {
         LOGGER.info("Inside deleteAccount method of AzureAccountServiceImpl. Tenant id: {}",tenantId);
         AccountValidationResponse response=new AccountValidationResponse();
+        try{
+            //find and delete cred file for account
+            response.setType(Constants.AZURE);
+            response.setTenantId(tenantId);
+            response.setValidationStatus(SUCCESS);
+            response.setMessage("Account deleted successfully");
+            BasicSessionCredentials credentials = credentialProvider.getBaseAccCredentials();
+            String region = System.getenv("REGION");
+            String roleName= System.getenv(PALADINCLOUD_RO);
+            AWSSecretsManager secretClient = AWSSecretsManagerClientBuilder
+                    .standard()
+                    .withCredentials(new AWSStaticCredentialsProvider(credentials))
+                    .withRegion(region).build();
+            String secretId=secretManagerPrefix+"/"+roleName+"/azure/"+tenantId;
 
-        //find and delete cred file for account
-        BasicSessionCredentials credentials = credentialProvider.getBaseAccCredentials();
-        String region = System.getenv("REGION");
-
-        AWSSecretsManager secretClient = AWSSecretsManagerClientBuilder
-                .standard()
-                .withCredentials(new AWSStaticCredentialsProvider(credentials))
-                .withRegion(region).build();
-        String secretId=secretManagerPrefix+"/azure/"+tenantId;
-
-        DeleteSecretRequest deleteRequest=new DeleteSecretRequest().withSecretId(secretId).withForceDeleteWithoutRecovery(true);
-        DeleteSecretResult deleteResponse = secretClient.deleteSecret(deleteRequest);
-        LOGGER.info("Delete secret response: {} ",deleteResponse);
-
-        //delete entry from db
-        response=deleteAccountFromDB(tenantId);
+            DeleteSecretRequest deleteRequest=new DeleteSecretRequest().withSecretId(secretId).withForceDeleteWithoutRecovery(true);
+            DeleteSecretResult deleteResponse = secretClient.deleteSecret(deleteRequest);
+            LOGGER.info("Delete secret response: {} ",deleteResponse);
 
-        response.setAccountId(tenantId);
-        response.setType(Constants.AZURE);
+            //delete entry from db
+            response=deleteAccountFromDB(tenantId);
+            response.setType(Constants.AZURE);
+        } catch (SdkClientException e) {
+            LOGGER.error("Error in deleting the creds file json: {}", e.getMessage());
+            response.setValidationStatus(FAILURE);
+            response.setErrorDetails(e.getMessage());
+            response.setMessage("Account deletion failed");
+        }
         return response;
     }
-    private String getAzureSecretData(String secret){
-        String jsonTemplate="{\"secretdata\": \"%s\"}";
-        return String.format(jsonTemplate,secret);
-    }
+
 }