Fixed policy creation with Teams on VaaS

Fixed an issue where a policy specification with a VaaS Team as user would not be created.

Author: rvelaVenafi

src/main/java/com/venafi/vcert/sdk/connectors/ConnectorException.java

@@ -543,4 +543,13 @@ public TppContactException(String policy, String error) {
 		}
 	}
 
+	public static class VaaSUsernameNotFoundException extends ConnectorException {
+
+		private static final long serialVersionUID = 1L;
+		private static final String message = "Username %s is not an existing VaaS user or team";
+
+		public VaaSUsernameNotFoundException(String username){
+			super(format(message, username));
+		}
+	}
 }

src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java

@@ -201,45 +201,69 @@ private static void addCitToApp(CertificateIssuingTemplate cit, Application appl
 
 	}
 
-	private static List<Application.OwnerIdsAndType> resolveUsersToCloudOwners(String[] usersList, String apiKey, Cloud cloud) {
+	private static List<Application.OwnerIdsAndType> resolveUsersToCloudOwners(String[] usersList, String apiKey, Cloud cloud) throws VCertException {
 		List<Application.OwnerIdsAndType> ownersList = new ArrayList<>();
 
 		if (usersList == null) {
-			// When no user is provided on the list, adds the current one as owner
-			UserDetails userDetails = cloud.authorize(apiKey);
-			Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, userDetails.user().id());
-			ownersList.add(owner);
+			// When no users are provided on the list, adds the api key user as owner
+			Application.OwnerIdsAndType tokenOwner = resolveApiKeyOwner(apiKey, cloud);
+			ownersList.add(tokenOwner);
 		}
 		else {
 			// Resolving the usernames list
 			// Creating a higher level Teams object to cache the response.
-			Teams tResponse = null;
+			Teams teams = null;
 			for (String username: usersList) {
-				UserResponse response = cloud.retrieveUser(username, apiKey);
-				// If the name matches a user, create the entry
-				if (response != null) {
-					Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, response.users().get(0).id());
+				try{
+					Application.OwnerIdsAndType owner = resolveUserToCloudOwner(username, apiKey, cloud);
 					ownersList.add(owner);
-				} else {
-					if (tResponse == null) {
-						tResponse = cloud.retrieveTeams(apiKey);
+				} catch(FeignException fe) {
+					// When no user is found, the framework throws an exception.
+					// Exception status must be 404 Not Found.
+					// Otherwise, a different error occurred and the exception must be thrown.
+					if (fe.status() != 404){
+						throw VCertException.fromFeignException(fe);
 					}
-					if (tResponse != null) {
-						for (Team t : tResponse.teams()) {
-							if (t.name().equals(username)) {
-								Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_TEAM, t.id());
-								ownersList.add(owner);
-								break;
-							}
-						}
+					if (teams == null) {
+						teams = cloud.retrieveTeams(apiKey);
 					}
-
+					Application.OwnerIdsAndType teamOwner = resolveUserToCloudTeam(teams, username, apiKey, cloud);
+					if (teamOwner == null){
+						throw new ConnectorException.VaaSUsernameNotFoundException(username);
+					}
+					ownersList.add(teamOwner);
 				}
 			}
 		}
 		return ownersList;
 	}
 
+	private static Application.OwnerIdsAndType resolveApiKeyOwner(String apiKey, Cloud cloud){
+		// When no user is provided on the list, adds the current one as owner
+		UserDetails userDetails = cloud.authorize(apiKey);
+		Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, userDetails.user().id());
+		return owner;
+	}
+
+	private static Application.OwnerIdsAndType resolveUserToCloudOwner(String username, String apiKey, Cloud cloud){
+		UserResponse response = cloud.retrieveUser(username, apiKey);
+		Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_USER, response.users().get(0).id());
+		return owner;
+	}
+
+	private static Application.OwnerIdsAndType resolveUserToCloudTeam(Teams teams, String username, String apiKey, Cloud cloud){
+		if (teams == null) {
+			teams = cloud.retrieveTeams(apiKey);
+		}
+		for (Team t : teams.teams()) {
+			if (t.name().equals(username)) {
+				Application.OwnerIdsAndType owner = createOwner(CloudConstants.OWNER_TYPE_TEAM, t.id());
+				return owner;
+			}
+		}
+		return null;
+	}
+
 	public static Application.OwnerIdsAndType createOwner(String type, String id) {
 		Application.OwnerIdsAndType owner = new Application.OwnerIdsAndType();
 		owner.ownerType(type);

src/test/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorPolicyAT.java

@@ -137,7 +137,7 @@ public void createPolicyWithUsers() throws VCertException {
 		CloudConnector connector = connectorResource.connector();
 		String policyName = CloudTestUtils.getRandomZone();
 		PolicySpecification policySpecification = CloudTestUtils.getPolicySpecification();
-		policySpecification.users(new String[]{"pki-admin@opensource.qa.venafi.io","resource-owner@opensource.qa.venafi.io"});
+		policySpecification.users(new String[]{"RVelaTeam"});
 		connector.setPolicy(policyName, policySpecification);
 		PolicySpecification psReturned = connector.getPolicy(policyName);
 
@@ -194,4 +194,18 @@ public void updatePolicyWithUsers() throws VCertException {
 		Assertions.assertEquals(2, psReturned2.users().length);
 		Assertions.assertEquals("pki-admin@opensource.qa.venafi.io", psReturned2.users()[0]);
 		Assertions.assertEquals("resource-owner@opensource.qa.venafi.io", psReturned2.users()[1]);	}
+
+	@Test
+	@DisplayName("Cloud - Testing policy creation with a team in the users list")
+	public void createPolicyWithTeam() throws VCertException {
+		CloudConnector connector = connectorResource.connector();
+		String policyName = CloudTestUtils.getRandomZone();
+		PolicySpecification policySpecification = CloudTestUtils.getPolicySpecification();
+		policySpecification.users(new String[]{"DevOpsTeam"});
+		connector.setPolicy(policyName, policySpecification);
+		PolicySpecification psReturned = connector.getPolicy(policyName);
+
+		Assertions.assertEquals(1, psReturned.users().length);
+		Assertions.assertEquals("DevOpsTeam", psReturned.users()[0]);
+	}
 }