RoleGrantCmdlet.java

package io.fathom.cloud.identity.commands;

import io.fathom.cloud.CloudException;
import io.fathom.cloud.commands.AuthenticatedCmdlet;
import io.fathom.cloud.identity.AuthServiceImpl;
import io.fathom.cloud.identity.model.AuthenticatedProject;
import io.fathom.cloud.identity.model.AuthenticatedUser;
import io.fathom.cloud.identity.services.IdentityService;
import io.fathom.cloud.protobuf.IdentityModel.DomainData;
import io.fathom.cloud.protobuf.IdentityModel.RoleData;
import io.fathom.cloud.protobuf.IdentityModel.UserData;
import io.fathom.cloud.server.auth.Auth;
import io.fathom.cloud.server.model.Project;

import javax.inject.Inject;

import org.kohsuke.args4j.Option;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.protobuf.Message;

public class RoleGrantCmdlet extends AuthenticatedCmdlet {
    private static final Logger log = LoggerFactory.getLogger(RoleGrantCmdlet.class);

    public RoleGrantCmdlet() {
        super("id-role-grant");
    }

    @Option(name = "-touser", usage = "user name", required = true)
    public String grantee;

    @Option(name = "-r", usage = "role", required = true)
    public String roleName;

    @Inject
    IdentityService identityService;

    @Override
    public Message run0() throws CloudException {
        if (projectName == null) {
            throw new IllegalArgumentException("Project is required");
        }
        doProjectGrant();
        return null;
    }

    private void doProjectGrant() throws CloudException {
        Auth auth = getAuth();

        Project project = auth.getProject();

        AuthenticatedUser authenticatedUser = ((AuthServiceImpl) authService).toAuthenticatedUser(auth);
        AuthenticatedProject authenticatedProject = identityService.authenticateToProject(authenticatedUser,
                project.getId());

        RoleData role = getRole();

        DomainData domain = identityService.getDefaultDomain();

        UserData grantee = getGrantee(domain);

        log.info("Doing project grant: {} {}", grantee.getName(), role.getName());
        identityService.grantRoleToUserOnProject(authenticatedProject, grantee.getId(), role.getId());
    }

    private UserData getGrantee(DomainData domain) throws CloudException {
        UserData user = identityService.findUserByName(domain.getId(), grantee);
        if (user == null) {
            throw new IllegalArgumentException("Cannot find user: " + grantee);
        }

        return user;
    }

    private RoleData getRole() throws CloudException {
        RoleData role = null;
        for (RoleData r : identityService.listRoles()) {
            if (roleName.equalsIgnoreCase(r.getName())) {
                role = r;
            }
        }
        if (role == null) {
            throw new IllegalArgumentException("Cannot find role: " + roleName);
        }
        return role;
    }
}