-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
361 additions
and
179 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -41,32 +41,24 @@ | |
import com.fasterxml.jackson.databind.ObjectMapper; | ||
import io.nats.client.Connection; | ||
import jakarta.ws.rs.NotFoundException; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.UUID; | ||
import lombok.extern.log4j.Log4j2; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.ExtendWith; | ||
import org.keycloak.admin.client.resource.UserResource; | ||
import org.keycloak.representations.idm.UserRepresentation; | ||
import org.mockito.InjectMocks; | ||
import org.mockito.Mock; | ||
import org.mockito.MockedStatic; | ||
import org.mockito.Mockito; | ||
import org.mockito.Spy; | ||
import org.mockito.*; | ||
import org.mockito.junit.jupiter.MockitoExtension; | ||
import org.modelmapper.ModelMapper; | ||
import org.springframework.http.HttpStatus; | ||
import org.springframework.web.server.ResponseStatusException; | ||
import static org.junit.jupiter.api.Assertions.assertEquals; | ||
import static org.junit.jupiter.api.Assertions.assertFalse; | ||
import static org.junit.jupiter.api.Assertions.assertThrows; | ||
import static org.junit.jupiter.api.Assertions.assertTrue; | ||
|
||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.UUID; | ||
|
||
import static org.junit.jupiter.api.Assertions.*; | ||
import static org.mockito.ArgumentMatchers.eq; | ||
import static org.mockito.Mockito.any; | ||
import static org.mockito.Mockito.mock; | ||
import static org.mockito.Mockito.verify; | ||
import static org.mockito.Mockito.when; | ||
import static org.mockito.Mockito.*; | ||
|
||
@Log4j2 | ||
@SuppressWarnings("unused") | ||
|
@@ -150,6 +142,7 @@ public void testSyncAllUsers() { | |
when(userRepresentation.getFirstName()).thenReturn(firstName); | ||
when(userRepresentation.getLastName()).thenReturn(lastName); | ||
when(userRepresentation.getId()).thenReturn(createdUserId); | ||
when(userRepresentation.isEnabled()).thenReturn(true); | ||
when(keycloakService.getUserRepresentationById(any())).thenReturn(userRepresentation); | ||
when(userRepository.existsByIdOrAuthId(any(UUID.class), any(String.class))).thenReturn(false); | ||
when(userRepository.findAll()).thenReturn(List.of(userEntity)); | ||
|
@@ -220,6 +213,7 @@ public void testDisableUserById_UserFound() { | |
UserResource userResourceMock = mock(UserResource.class, Mockito.RETURNS_DEEP_STUBS); | ||
UserRepresentation userRepresentation = new UserRepresentation(); | ||
userRepresentation.setEnabled(true); | ||
userRepresentation.setEmail("[email protected]"); | ||
UserEntity userEntity = new UserEntity(); | ||
userEntity.setId(uuid); | ||
|
||
|
@@ -260,6 +254,7 @@ public void testEnableUserById_UserFound() { | |
UserResource userResourceMock = mock(UserResource.class, Mockito.RETURNS_DEEP_STUBS); | ||
UserRepresentation userRepresentation = new UserRepresentation(); | ||
userRepresentation.setEnabled(false); | ||
userRepresentation.setEmail("[email protected]"); | ||
UserEntity userEntity = new UserEntity(); | ||
userEntity.setId(uuid); | ||
when(userRepository.getByIdOrAuthId(any(String.class))).thenReturn(userEntity); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
...java/ch/bedag/dap/hellodata/sidecars/airflow/service/user/AirflowDisableUserConsumer.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
package ch.bedag.dap.hellodata.sidecars.airflow.service.user; | ||
|
||
import ch.bedag.dap.hellodata.commons.nats.annotation.JetStreamSubscribe; | ||
import ch.bedag.dap.hellodata.commons.sidecars.resources.v1.user.data.SubsystemUserUpdate; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.client.AirflowClient; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.client.user.response.AirflowRole; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.client.user.response.AirflowUserResponse; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.client.user.response.AirflowUsersResponse; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.service.provider.AirflowClientProvider; | ||
import ch.bedag.dap.hellodata.sidecars.airflow.service.resource.AirflowUserResourceProviderService; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.log4j.Log4j2; | ||
import org.apache.commons.collections4.CollectionUtils; | ||
import org.springframework.stereotype.Service; | ||
|
||
import java.io.IOException; | ||
import java.net.URISyntaxException; | ||
import java.util.List; | ||
import java.util.Optional; | ||
import java.util.concurrent.CompletableFuture; | ||
|
||
import static ch.bedag.dap.hellodata.commons.sidecars.events.HDEvent.DISABLE_USER; | ||
import static ch.bedag.dap.hellodata.sidecars.airflow.service.user.AirflowUserUtil.*; | ||
|
||
@Log4j2 | ||
@Service | ||
@RequiredArgsConstructor | ||
@SuppressWarnings("java:S3516") | ||
public class AirflowDisableUserConsumer { | ||
|
||
private final AirflowUserResourceProviderService userResourceProviderService; | ||
private final AirflowClientProvider airflowClientProvider; | ||
private final AirflowUserResourceProviderService airflowUserResourceProviderService; | ||
|
||
|
||
@SuppressWarnings("unused") | ||
@JetStreamSubscribe(event = DISABLE_USER) | ||
public CompletableFuture<Void> disableUser(SubsystemUserUpdate supersetUserUpdate) { | ||
try { | ||
log.info("------- Received airflow user disable request {}", supersetUserUpdate); | ||
|
||
AirflowClient airflowClient = airflowClientProvider.getAirflowClientInstance(); | ||
AirflowUsersResponse users = airflowClient.users(); | ||
List<AirflowRole> allAirflowRoles = CollectionUtils.emptyIfNull(airflowClient.roles().getRoles()).stream().toList(); | ||
|
||
// Airflow only allows unique username and email, so we make sure there is nobody with either of these already existing, before creating a new one | ||
Optional<AirflowUserResponse> userResult = users.getUsers() | ||
.stream() | ||
.filter(user -> user.getEmail().equalsIgnoreCase(supersetUserUpdate.getEmail()) || | ||
user.getUsername().equalsIgnoreCase(supersetUserUpdate.getUsername())) | ||
.findFirst(); | ||
|
||
if (userResult.isPresent()) { | ||
AirflowUserResponse airflowUser = userResult.get(); | ||
removeRoleFromUser(airflowUser, ADMIN_ROLE_NAME, allAirflowRoles); | ||
removeRoleFromUser(airflowUser, VIEWER_ROLE_NAME, allAirflowRoles); | ||
removeRoleFromUser(airflowUser, AF_OPERATOR_ROLE_NAME, allAirflowRoles); | ||
removeAllDataDomainRolesFromUser(airflowUser); | ||
addRoleToUser(airflowUser, PUBLIC_ROLE_NAME, allAirflowRoles); | ||
updateUser(airflowUser, airflowClient, airflowUserResourceProviderService); | ||
userResourceProviderService.publishUsers(); | ||
log.info("User with email: {} disabled", supersetUserUpdate.getEmail()); | ||
} else { | ||
log.warn("User with email: {} not found", supersetUserUpdate.getEmail()); | ||
} | ||
} catch (URISyntaxException | IOException e) { | ||
log.error("Could not disable user {}", supersetUserUpdate.getEmail(), e); | ||
} | ||
return null;//NOSONAR | ||
} | ||
|
||
} |
Oops, something went wrong.