Merge pull request #39 from ing-bank/feature/list-all-npa

Add admin ep for listing npa accounts
ing-bank · Sep 12, 2019 · 82bcfa2 · 82bcfa2
2 parents 99ed9de + 48f332a
commit 82bcfa2
Show file tree

Hide file tree

Showing 6 changed files with 67 additions and 5 deletions.
diff --git a/src/it/scala/com/ing/wbaa/rokku/sts/service/db/dao/STSUserAndGroupDAOItTest.scala b/src/it/scala/com/ing/wbaa/rokku/sts/service/db/dao/STSUserAndGroupDAOItTest.scala
@@ -180,5 +180,15 @@ class STSUserAndGroupDAOItTest extends AsyncWordSpec with STSUserAndGroupDAO wit
       }
     }
 
+    "lists NPA user accounts" that {
+      "exists in sts records" in {
+        val testObject = new TestObject
+        val newUser = testObject.userName
+        val newCred = testObject.cred
+        insertAwsCredentials(newUser, newCred, isNpa = true)
+        getAllNPAAccounts.map(l=> assert(l.data.head.accountName == newUser.value))
+      }
+    }
+
   }
 }
diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/RokkuStsService.scala b/src/main/scala/com/ing/wbaa/rokku/sts/RokkuStsService.scala
@@ -34,7 +34,7 @@ trait RokkuStsService
   final val allRoutes: Route =
     toStrictEntity(3.seconds) {
       cors() {
-        adminRoutes ~ userRoutes ~ stsRoutes ~ serverRoutes
+        stsRoutes ~ userRoutes ~ serverRoutes ~ adminRoutes
       }
     }
 

diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/api/AdminApi.scala b/src/main/scala/com/ing/wbaa/rokku/sts/api/AdminApi.scala
@@ -5,7 +5,7 @@ import akka.http.scaladsl.server.{ AuthorizationFailedRejection, Route }
 import com.ing.wbaa.rokku.sts.api.directive.STSDirectives.authorizeToken
 import com.ing.wbaa.rokku.sts.config.StsSettings
 import com.ing.wbaa.rokku.sts.data.aws.{ AwsAccessKey, AwsCredential, AwsSecretKey }
-import com.ing.wbaa.rokku.sts.data.{ AuthenticationUserInfo, BearerToken, UserGroup, UserName }
+import com.ing.wbaa.rokku.sts.data.{ AuthenticationUserInfo, BearerToken, NPAAccount, NPAAccountList, UserGroup, UserName }
 import com.ing.wbaa.rokku.sts.service.db.security.Encryption
 import com.typesafe.scalalogging.LazyLogging
 
@@ -17,7 +17,7 @@ trait AdminApi extends LazyLogging with Encryption {
   protected[this] def stsSettings: StsSettings
 
   val adminRoutes: Route = pathPrefix("admin") {
-    addNPA ~ setAccountStatus
+    listAllNPAs ~ addNPA ~ setAccountStatus
   }
 
   case class ResponseMessage(code: String, message: String, target: String)
@@ -26,6 +26,8 @@ trait AdminApi extends LazyLogging with Encryption {
   import spray.json.DefaultJsonProtocol._
 
   implicit val responseMessageFormat = jsonFormat3(ResponseMessage)
+  implicit val npaAccountFormat = jsonFormat2(NPAAccount)
+  implicit val npaAccountListFormat = jsonFormat1(NPAAccountList)
 
   // Keycloak
   protected[this] def verifyAuthenticationToken(token: BearerToken): Option[AuthenticationUserInfo]
@@ -34,6 +36,8 @@ trait AdminApi extends LazyLogging with Encryption {
 
   protected[this] def setAccountStatus(username: UserName, enabled: Boolean): Future[Boolean]
 
+  protected[this] def getAllNPAAccounts: Future[NPAAccountList]
+
   def userInAdminGroups(userGroups: Set[UserGroup]): Boolean =
     userGroups.exists(g => stsSettings.adminGroups.contains(g.value))
 
@@ -64,6 +68,22 @@ trait AdminApi extends LazyLogging with Encryption {
     }
   }
 
+  def listAllNPAs: Route =
+    path("npa" / "list") {
+      get {
+        authorizeToken(verifyAuthenticationToken) { keycloakUserInfo =>
+          if (userInAdminGroups(keycloakUserInfo.userGroups)) {
+            onComplete(getAllNPAAccounts) {
+              case Success(npaData) => complete(npaData)
+              case Failure(ex)      => complete(ResponseMessage("Failed to get NPA list", ex.getMessage, "npa account"))
+            }
+          } else {
+            reject(AuthorizationFailedRejection)
+          }
+        }
+      }
+    }
+
   def setAccountStatus: Route =
     put {
       path("account" / Segment / ("enable" | "disable")) { uid =>

diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/data/NPAAccount.scala b/src/main/scala/com/ing/wbaa/rokku/sts/data/NPAAccount.scala
@@ -0,0 +1,4 @@
+package com.ing.wbaa.rokku.sts.data
+
+case class NPAAccount(accountName: String, enabled: Boolean)
+case class NPAAccountList(data: List[NPAAccount])
diff --git a/src/main/scala/com/ing/wbaa/rokku/sts/service/db/dao/STSUserAndGroupDAO.scala b/src/main/scala/com/ing/wbaa/rokku/sts/service/db/dao/STSUserAndGroupDAO.scala
@@ -3,11 +3,12 @@ package com.ing.wbaa.rokku.sts.service.db.dao
 import java.sql.{ Connection, PreparedStatement, SQLException, SQLIntegrityConstraintViolationException }
 
 import com.ing.wbaa.rokku.sts.data.aws.{ AwsAccessKey, AwsCredential, AwsSecretKey }
-import com.ing.wbaa.rokku.sts.data.{ AccountStatus, NPA, UserGroup, UserName }
+import com.ing.wbaa.rokku.sts.data.{ AccountStatus, NPA, NPAAccount, NPAAccountList, UserGroup, UserName }
 import com.ing.wbaa.rokku.sts.service.db.security.Encryption
 import com.typesafe.scalalogging.LazyLogging
 import org.mariadb.jdbc.MariaDbPoolDataSource
 
+import scala.collection.mutable.ListBuffer
 import scala.concurrent.{ ExecutionContext, Future }
 import scala.util.{ Failure, Success, Try }
 
@@ -212,6 +213,22 @@ trait STSUserAndGroupDAO extends LazyLogging with Encryption {
     }
   }
 
+  def getAllNPAAccounts: Future[NPAAccountList] = {
+    withMariaDbConnection { connection =>
+      val selectNPAs = s"SELECT username, isEnabled FROM $USER_TABLE where isNPA ='1'"
+
+      Future {
+        val preparedStatement: PreparedStatement = connection.prepareStatement(selectNPAs)
+        val listBuffer = new ListBuffer[NPAAccount]
+        val result = preparedStatement.executeQuery()
+        while (result.next()) {
+          listBuffer += NPAAccount(result.getString("username"), result.getBoolean("isEnabled"))
+        }
+        NPAAccountList(listBuffer.toList)
+      }
+    }
+  }
+
   private[this] def doesUsernameExist(userName: UserName): Future[Boolean] =
     withMariaDbConnection { connection =>
       {

diff --git a/src/test/scala/com/ing/wbaa/rokku/sts/api/AdminApiTest.scala b/src/test/scala/com/ing/wbaa/rokku/sts/api/AdminApiTest.scala
@@ -34,6 +34,7 @@ class AdminApiTest extends WordSpec
     override protected[this] def insertAwsCredentials(username: UserName, awsCredential: AwsCredential, isNpa: Boolean): Future[Boolean] = Future(true)
 
     override protected[this] def setAccountStatus(username: UserName, enabled: Boolean): Future[Boolean] = Future.successful(true)
+    override protected[this] def getAllNPAAccounts: Future[NPAAccountList] = Future(NPAAccountList(List(NPAAccount("testNPA", true))))
   }
 
   private[this] val testRoute: Route = new testAdminApi().adminRoutes
@@ -72,7 +73,17 @@ class AdminApiTest extends WordSpec
           assert(rejections.contains(MissingFormFieldRejection("awsSecretKey")))
         }
       }
+      "return OK if user is in admin groups for list NPA's" in {
+        Get("/admin/npa/list") ~> validOAuth2TokenHeader ~> testRoute ~> check {
+          assert(status == StatusCodes.OK)
+          assert(responseAs[String] == """{"data":[{"accountName":"testNPA","enabled":true}]}""")
+        }
+      }
+      "return Rejected if user is not in admin groups for list NPA's" in {
+        Get("/admin/npa/list") ~> notAdminOAuth2TokenHeader ~> testRoute ~> check {
+          assert(rejections.contains(AuthorizationFailedRejection))
+        }
+      }
     }
   }
-
 }