From f24f192a586d627b9765576bd8442c30d06b501b Mon Sep 17 00:00:00 2001 From: Samuele Varianti <128470180+svariant@users.noreply.github.com> Date: Fri, 5 Jul 2024 15:55:50 +0200 Subject: [PATCH] [VAS-962] feat: Implement authorizer when creating GPD key (#450) --- .../service/ApiManagementService.java | 109 ++++++++---------- .../service/ApiManagementServiceTest.java | 4 +- 2 files changed, 52 insertions(+), 61 deletions(-) diff --git a/src/main/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementService.java b/src/main/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementService.java index 0ab67eabe..595b46241 100644 --- a/src/main/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementService.java +++ b/src/main/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementService.java @@ -46,6 +46,7 @@ public class ApiManagementService { private static final String PRIMARY = "primary"; private static final String SECONDARY = "secondary"; + private final AzureApiManagerClient apimClient; private final ExternalApiClient externalApiClient; @@ -169,33 +170,26 @@ public InstitutionApiKeysResource createSubscriptionKeys(String institutionId, S List apiSubscriptions = this.apimClient.getApiSubscriptions(institutionId); - if (subscriptionCode == Subscription.BO_EXT_EC || subscriptionCode == Subscription.BO_EXT_PSP) { - InstitutionApiKeys apiKeys = apiSubscriptions.stream() - .filter(institutionApiKeys -> institutionApiKeys.getId().equals(subscriptionId)) - .findFirst() - .orElseThrow(() -> new AppException(AppError.APIM_KEY_NOT_FOUND, institutionId)); - - // configure primary key - Authorization authorizationPrimaryKey = buildBOAuthorization(subscriptionCode.getPrefixId(), apiKeys.getPrimaryKey(), institution, true); - this.authorizerConfigClient.createAuthorization(authorizationPrimaryKey); + if ( + subscriptionCode == Subscription.FDR_PSP || + subscriptionCode == Subscription.FDR_ORG || + subscriptionCode == Subscription.GPD || + subscriptionCode == Subscription.BO_EXT_EC || + subscriptionCode == Subscription.BO_EXT_PSP + ) { + List delegationResponse = getDelegationResponse(institutionId, subscriptionCode); - // configure secondary key - Authorization authorizationSecondaryKey = buildBOAuthorization(subscriptionCode.getPrefixId(), apiKeys.getSecondaryKey(), institution, false); - this.authorizerConfigClient.createAuthorization(authorizationSecondaryKey); - } - if (subscriptionCode == Subscription.FDR_ORG || subscriptionCode == Subscription.FDR_PSP) { InstitutionApiKeys apiKeys = apiSubscriptions.stream() .filter(institutionApiKeys -> institutionApiKeys.getId().equals(subscriptionId)) .findFirst() .orElseThrow(() -> new AppException(AppError.APIM_KEY_NOT_FOUND, institutionId)); - List delegationResponse = this.externalApiClient.getBrokerDelegation(null, institutionId, "prod-pagopa", "FULL", null); // configure primary key - Authorization authorizationPrimaryKey = buildFdrAuthorization(subscriptionCode.getPrefixId(), apiKeys.getPrimaryKey(), institution, delegationResponse, true, subscriptionCode); + Authorization authorizationPrimaryKey = buildAuthorization(getAuthorizerDomain(subscriptionCode), subscriptionCode.getPrefixId(), apiKeys.getPrimaryKey(), institution, true, delegationResponse); this.authorizerConfigClient.createAuthorization(authorizationPrimaryKey); // configure secondary key - Authorization authorizationSecondaryKey = buildFdrAuthorization(subscriptionCode.getPrefixId(), apiKeys.getSecondaryKey(), institution, delegationResponse, false, subscriptionCode); + Authorization authorizationSecondaryKey = buildAuthorization(getAuthorizerDomain(subscriptionCode), subscriptionCode.getPrefixId(), apiKeys.getSecondaryKey(), institution, false, delegationResponse); this.authorizerConfigClient.createAuthorization(authorizationSecondaryKey); } @@ -204,6 +198,13 @@ public InstitutionApiKeysResource createSubscriptionKeys(String institutionId, S .build(); } + private List getDelegationResponse(String institutionId, Subscription subscriptionCode) { + if (subscriptionCode == Subscription.FDR_PSP || subscriptionCode == Subscription.FDR_ORG || subscriptionCode == Subscription.GPD) { + return this.externalApiClient.getBrokerDelegation(null, institutionId, "prod-pagopa", "FULL", null); + } + return new ArrayList<>(); + } + /** * Regenerate the primary subscription key to the specified subscription for the given institution. *

@@ -250,7 +251,7 @@ private void updateAuthorization(String institutionId, String subscriptionId, St .findFirst() .orElseThrow(() -> new AppException(AppError.APIM_KEY_NOT_FOUND, institutionId)); - String authorizationId = createAuthorizationBOId(subscriptionPrefixId, institutionId, isPrimaryKey); + String authorizationId = createAuthorizationId(subscriptionPrefixId, institutionId, isPrimaryKey); Authorization authorization = this.authorizerConfigClient.getAuthorization(authorizationId); if (authorization == null) { throw new AppException(AppError.AUTHORIZATION_NOT_FOUND, institutionId); @@ -269,56 +270,33 @@ private InstitutionResponse getInstitutionResponse(String institutionId) { return institution; } - private Authorization buildBOAuthorization( + private Authorization buildAuthorization( + String domain, String subscriptionPrefixId, String subscriptionKey, InstitutionResponse institution, - boolean isPrimaryKey - ) { - log.info(institution.toString()); - return Authorization.builder() - .id(createAuthorizationBOId(subscriptionPrefixId, institution.getId(), isPrimaryKey)) - .domain("backoffice_external") - .subscriptionKey(subscriptionKey) - .description(String.format("%s key configuration for backoffice external", isPrimaryKey ? PRIMARY : SECONDARY)) - .owner(AuthorizationOwner.builder() - .id(institution.getTaxCode()) - .name(institution.getDescription()) - .type(RoleType.fromSelfcareRole(institution.getTaxCode(), institution.getInstitutionType().name())) - .build()) - .authorizedEntities(Collections.singletonList(AuthorizationEntity.builder() - .name(institution.getDescription()) - .value(institution.getTaxCode()) - .values(null) - .build())) - .otherMetadata(Collections.emptyList()) - .build(); - } - - private Authorization buildFdrAuthorization( - String subscriptionPrefixId, - String subscriptionKey, - InstitutionResponse institution, - List delegationResponse, boolean isPrimaryKey, - Subscription subscriptionCode) { - - ArrayList authorizedEntities = new ArrayList<>(delegationResponse.stream() - .map(elem -> AuthorizationEntity.builder() - .name(elem.getInstitutionName()) - .value(elem.getTaxCode()) - .build()) - .toList()); + List delegationResponse + ) { + List authorizedEntities = new ArrayList<>(); + if (delegationResponse != null && !delegationResponse.isEmpty()) { + authorizedEntities = new ArrayList<>(delegationResponse.stream() + .map(elem -> AuthorizationEntity.builder() + .name(elem.getInstitutionName()) + .value(elem.getTaxCode()) + .build()) + .toList()); + } authorizedEntities.add(AuthorizationEntity.builder() .name(institution.getDescription()) .value(institution.getTaxCode()) .build()); - log.info(institution.toString()); + return Authorization.builder() - .id(createAuthorizationBOId(subscriptionPrefixId, institution.getId(), isPrimaryKey)) - .domain("fdr") + .id(createAuthorizationId(subscriptionPrefixId, institution.getId(), isPrimaryKey)) + .domain(domain) .subscriptionKey(subscriptionKey) - .description(String.format("%s key configuration for %s", isPrimaryKey ? PRIMARY : SECONDARY, subscriptionCode.name())) + .description(String.format("%s key configuration for %s", isPrimaryKey ? PRIMARY : SECONDARY, domain)) .owner(AuthorizationOwner.builder() .id(institution.getTaxCode()) .name(institution.getDescription()) @@ -329,7 +307,7 @@ private Authorization buildFdrAuthorization( .build(); } - private String createAuthorizationBOId(String subscriptionPrefixId, String institutionId, boolean isPrimaryKey) { + private String createAuthorizationId(String subscriptionPrefixId, String institutionId, boolean isPrimaryKey) { return String.format("%s%s_%s", subscriptionPrefixId, institutionId, isPrimaryKey ? PRIMARY : SECONDARY); } @@ -349,5 +327,18 @@ private void createUserIfNotExist(String institutionId, InstitutionResponse inst private char getEnvironment() { return environment.toLowerCase().charAt(0); } + + private String getAuthorizerDomain(Subscription subType) { + if (subType == Subscription.BO_EXT_EC || subType == Subscription.BO_EXT_PSP) { + return "backoffice_external"; + } + if (subType == Subscription.GPD) { + return "gpd"; + } + if (subType == Subscription.FDR_PSP || subType == Subscription.FDR_ORG) { + return "fdr"; + } + return null; + } } diff --git a/src/test/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementServiceTest.java b/src/test/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementServiceTest.java index f1e991ec7..9de116ff3 100644 --- a/src/test/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementServiceTest.java +++ b/src/test/java/it/pagopa/selfcare/pagopa/backoffice/service/ApiManagementServiceTest.java @@ -148,7 +148,7 @@ void createSubscriptionKeys() throws IOException { "response/externalapi/institution_response.json", InstitutionResponse.class)); when(apimClient.getApiSubscriptions(any())).thenReturn(Collections.singletonList(new InstitutionApiKeys())); - InstitutionApiKeysResource institutionApiKeys = service.createSubscriptionKeys(INSTITUTION_ID, Subscription.GPD); + InstitutionApiKeysResource institutionApiKeys = service.createSubscriptionKeys(INSTITUTION_ID, Subscription.BIZ); assertNotNull(institutionApiKeys); assertNotNull(institutionApiKeys.getInstitutionApiKeys()); @@ -169,7 +169,7 @@ void createSubscriptionKeysWithoutAPIMUser() throws IOException { "response/externalapi/institution_response.json", InstitutionResponse.class)); when(apimClient.getApiSubscriptions(any())).thenReturn(Collections.singletonList(new InstitutionApiKeys())); - InstitutionApiKeysResource institutionApiKeys = service.createSubscriptionKeys(INSTITUTION_ID, Subscription.GPD); + InstitutionApiKeysResource institutionApiKeys = service.createSubscriptionKeys(INSTITUTION_ID, Subscription.BIZ); assertNotNull(institutionApiKeys); assertNotNull(institutionApiKeys.getInstitutionApiKeys());