fix(entity): allow to add / remove a service account to / from a group (

#705)
stellio-hub · Jun 28, 2022 · aa1b290 · aa1b290
1 parent ba75af8
commit aa1b290
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 9 deletions.
diff --git a/entity-service/src/main/kotlin/com/egm/stellio/entity/service/IAMListener.kt b/entity-service/src/main/kotlin/com/egm/stellio/entity/service/IAMListener.kt
@@ -49,8 +49,15 @@ class IAMListener(
                 authorizationEvent.contexts
             )
 
+        // events received when adding a service account to a group are using the service account id as subject
+        // so get first the eventual client id in case this is such an event
+        val subjectEntityId =
+            if (authorizationEvent.attributeName == AUTH_TERM_IS_MEMBER_OF)
+                neo4jAuthorizationRepository.getSubjectUri(authorizationEvent.entityId)
+            else authorizationEvent.entityId
+
         entityService.appendEntityAttributes(
-            authorizationEvent.entityId,
+            subjectEntityId,
             parseToNgsiLdAttributes(expandedJsonLdFragment),
             false
         ).also {
@@ -59,7 +66,7 @@ class IAMListener(
                     AUTH_TERM_ROLES ->
                         neo4jAuthorizationRepository.resetRolesCache()
                     AUTH_TERM_IS_MEMBER_OF ->
-                        neo4jAuthorizationRepository.updateSubjectGroups(authorizationEvent.entityId)
+                        neo4jAuthorizationRepository.updateSubjectGroups(subjectEntityId)
                 }
             }
         }
@@ -87,9 +94,16 @@ class IAMListener(
             }
     }
 
-    private fun deleteAttribute(authorizationEvent: AttributeDeleteEvent) =
+    private fun deleteAttribute(authorizationEvent: AttributeDeleteEvent) {
+        // events received when removing a service account from a group are using the service account id as subject
+        // so get first the eventual client id in case this is such an event
+        val subjectEntityId =
+            if (authorizationEvent.attributeName == AUTH_TERM_IS_MEMBER_OF)
+                neo4jAuthorizationRepository.getSubjectUri(authorizationEvent.entityId)
+            else authorizationEvent.entityId
+
         entityService.deleteEntityAttributeInstance(
-            authorizationEvent.entityId,
+            subjectEntityId,
             expandJsonLdTerm(
                 authorizationEvent.attributeName,
                 authorizationEvent.contexts
@@ -99,8 +113,9 @@ class IAMListener(
             if (it) {
                 when (authorizationEvent.attributeName) {
                     AUTH_TERM_IS_MEMBER_OF ->
-                        neo4jAuthorizationRepository.updateSubjectGroups(authorizationEvent.entityId)
+                        neo4jAuthorizationRepository.updateSubjectGroups(subjectEntityId)
                 }
             }
         }
+    }
 }
diff --git a/entity-service/src/test/kotlin/com/egm/stellio/entity/service/IAMListenerTests.kt b/entity-service/src/test/kotlin/com/egm/stellio/entity/service/IAMListenerTests.kt
@@ -164,6 +164,7 @@ class IAMListenerTests {
         val groupMembershipAppendEvent = loadSampleData("events/authorization/GroupMembershipAppendEvent.json")
 
         val mockUpdateResult = mockkClass(UpdateResult::class)
+        every { neo4jAuthorizationRepository.getSubjectUri(any()) } returns userUri
         every {
             entityService.appendEntityAttributes(any(), any(), any())
         } returns mockUpdateResult
@@ -172,6 +173,8 @@ class IAMListenerTests {
         iamListener.processMessage(groupMembershipAppendEvent)
 
         verify {
+            neo4jAuthorizationRepository.getSubjectUri(userUri)
+
             entityService.appendEntityAttributes(
                 userUri,
                 match {
@@ -185,9 +188,7 @@ class IAMListenerTests {
                 },
                 false
             )
-        }
 
-        verify {
             neo4jAuthorizationRepository.updateSubjectGroups(
                 eq(userUri)
             )
@@ -198,18 +199,20 @@ class IAMListenerTests {
     fun `it should parse and transmit group membership deletion event`() {
         val groupMembershipDeleteEvent = loadSampleData("events/authorization/GroupMembershipDeleteEvent.json")
 
+        every { neo4jAuthorizationRepository.getSubjectUri(any()) } returns userUri
         every { entityService.deleteEntityAttributeInstance(any(), any(), any()) } returns true
 
         iamListener.processMessage(groupMembershipDeleteEvent)
 
         verify {
+            neo4jAuthorizationRepository.getSubjectUri(userUri)
+
             entityService.deleteEntityAttributeInstance(
                 userUri,
                 "https://ontology.eglobalmark.com/authorization#isMemberOf",
                 "urn:ngsi-ld:Dataset:7cdad168-96ee-4649-b768-a060ac2ef435".toUri()
             )
-        }
-        verify {
+
             neo4jAuthorizationRepository.updateSubjectGroups(userUri)
         }
     }