-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Integrate PDP with AccessManagement PIP Delegations API (#569)
call access management from pdp
- Loading branch information
1 parent
9a6dcaf
commit 9d503fa
Showing
25 changed files
with
510 additions
and
161 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
using System; | ||
using System.Net.Http; | ||
using System.Net.Http.Headers; | ||
using Altinn.Platform.Authorization.Configuration; | ||
using Microsoft.Extensions.Options; | ||
|
||
namespace Altinn.Platform.Authorization.Clients; | ||
|
||
/// <summary> | ||
/// Client Configuration for Altinn Access Management API | ||
/// </summary> | ||
public class AccessManagementClient | ||
{ | ||
/// <summary> | ||
/// Gets an instance of httpclient from httpclientfactory | ||
/// </summary> | ||
public HttpClient Client { get; } | ||
|
||
/// <summary> | ||
/// Gets an instance of the configuration required by the http client | ||
/// </summary> | ||
public IOptions<PlatformSettings> Settings { get; } | ||
|
||
/// <summary> | ||
/// Initializes the HTTP client for the Altinn Access Management API | ||
/// </summary> | ||
/// <param name="client">The default HTTP client</param> | ||
/// <param name="settings">the settings required by the HTTP client</param> | ||
public AccessManagementClient(HttpClient client, IOptions<PlatformSettings> settings) | ||
{ | ||
Settings = settings; | ||
Client = client; | ||
client.Timeout = new TimeSpan(0, 0, 30); | ||
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
using System.Collections.Generic; | ||
using System.ComponentModel.DataAnnotations; | ||
|
||
namespace Altinn.Platform.Authorization.Models.AccessManagement | ||
{ | ||
/// <summary> | ||
/// Contains attribute match info about user, reportee, resource and resourceMatchType that's being used to check all delegation changes for the resource | ||
/// </summary> | ||
public class DelegationChangeInput | ||
{ | ||
/// <summary> | ||
/// Id and value of the subject getting delegation changes info | ||
/// </summary> | ||
[Required] | ||
public AttributeMatch Subject { get; set; } | ||
|
||
/// <summary> | ||
/// Id and value of party | ||
/// </summary> | ||
[Required] | ||
public AttributeMatch Party { get; set; } | ||
|
||
/// <summary> | ||
/// Gets the Resource's id | ||
/// </summary> | ||
[Required] | ||
public IEnumerable<AttributeMatch> Resource { get; set; } | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
src/Authorization/Services/Implementation/AccessManagementWrapper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Net.Http; | ||
using System.Net.Http.Json; | ||
using System.Net.Mime; | ||
using System.Text; | ||
using System.Text.Json; | ||
using System.Threading.Tasks; | ||
using Altinn.Platform.Authorization.Clients; | ||
using Altinn.Platform.Authorization.Models; | ||
using Altinn.Platform.Authorization.Models.AccessManagement; | ||
using Altinn.Platform.Authorization.Services.Interface; | ||
using Microsoft.Extensions.Logging; | ||
|
||
namespace Altinn.Platform.Authorization.Services.Implementation | ||
{ | ||
/// <summary> | ||
/// Wrapper for the Altinn Access Management API | ||
/// </summary> | ||
public class AccessManagementWrapper : IAccessManagementWrapper | ||
{ | ||
private readonly AccessManagementClient _client; | ||
private readonly ILogger<AccessManagementWrapper> _logger; | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="AccessManagementWrapper"/> class. | ||
/// </summary> | ||
public AccessManagementWrapper(ILogger<AccessManagementWrapper> logger, AccessManagementClient client) | ||
{ | ||
_logger = logger; | ||
_client = client; | ||
} | ||
|
||
/// <summary> | ||
/// Endpoint to find all delegation changes for a given user, reportee and app/resource context | ||
/// </summary> | ||
/// <returns>Input parameter to the request</returns> | ||
public async Task<IEnumerable<DelegationChange>> GetAllDelegationChanges(DelegationChangeInput input) | ||
{ | ||
try | ||
{ | ||
var response = await _client.Client.SendAsync(new(HttpMethod.Post, new Uri(new Uri(_client.Settings.Value.ApiAccessManagementEndpoint), "policyinformation/getdelegationchanges")) | ||
{ | ||
Content = new StringContent(JsonSerializer.Serialize(input), Encoding.UTF8, MediaTypeNames.Application.Json) | ||
}); | ||
|
||
if (response.IsSuccessStatusCode) | ||
{ | ||
return await response.Content.ReadFromJsonAsync<IEnumerable<DelegationChange>>(); | ||
} | ||
|
||
var content = await response.Content.ReadAsStringAsync(); | ||
throw new HttpRequestException(content == string.Empty ? $"received status code {response.StatusCode}" : content); | ||
} | ||
catch (HttpRequestException ex) | ||
{ | ||
_logger.LogError("AccessManagement // AccessManagementWrapper // GetAllDelegationChanges // Failed // Unexpected Exception // Unexpected HttpStatusCode: {statusCode}\n {responseContent}", ex.StatusCode, ex.Message); | ||
throw; | ||
} | ||
catch (Exception ex) | ||
{ | ||
_logger.LogError("AccessManagement // AccessManagementWrapper // GetAllDelegationChanges // Failed // Unexpected Exception // Unexpected Message: {message}", ex.Message); | ||
throw; | ||
} | ||
} | ||
|
||
/// <summary> | ||
/// Endpoint to find all delegation changes for a given user, reportee and app/resource context | ||
/// </summary> | ||
/// <param name="actions">optional funvation pattern for modifying the request sent to Access Management API</param> | ||
/// <returns></returns> | ||
public async Task<IEnumerable<DelegationChange>> GetAllDelegationChanges(params Action<DelegationChangeInput>[] actions) | ||
{ | ||
var input = new DelegationChangeInput() | ||
{ | ||
Resource = new List<AttributeMatch>(), | ||
}; | ||
|
||
actions.ToList().ForEach(action => action(input)); | ||
return await GetAllDelegationChanges(input); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
26 changes: 26 additions & 0 deletions
26
src/Authorization/Services/Interface/IAccessManagementWrapper.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Threading.Tasks; | ||
using Altinn.Platform.Authorization.Models; | ||
using Altinn.Platform.Authorization.Models.AccessManagement; | ||
|
||
namespace Altinn.Platform.Authorization.Services.Interface | ||
{ | ||
/// <summary> | ||
/// The service used to map internal delegation change to delegation change events and push them to the event queue. | ||
/// </summary> | ||
public interface IAccessManagementWrapper | ||
{ | ||
/// <summary> | ||
/// Endpoint to find all delegation changes for a given user, reportee and app/resource context | ||
/// </summary> | ||
/// <returns>Input parameter to the request</returns> | ||
public Task<IEnumerable<DelegationChange>> GetAllDelegationChanges(DelegationChangeInput input); | ||
|
||
/// <summary> | ||
/// Endpoint to find all delegation changes for a given user, reportee and app/resource context | ||
/// </summary> | ||
/// <returns>optional funvation pattern for modifying the request sent to Access Management API</returns> | ||
public Task<IEnumerable<DelegationChange>> GetAllDelegationChanges(params Action<DelegationChangeInput>[] actions); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.