Added support for Teams on VaaS.

Added validation to not add api Key user as owner when a user list has been declared in the Policy Specification

Author: rvelaVenafi

src/main/java/com/venafi/vcert/sdk/connectors/cloud/Cloud.java

@@ -114,6 +114,10 @@ Response retrieveCertificate(@Param("id") String id, @Param("apiKey") String api
   @RequestLine("GET /v1/users/{id}")
   User retrieveUserById(@Param("id") String id, @Param("apiKey") String apiKey);
 
+  @Headers({"tppl-api-key: {apiKey}", "Content-Type: application/json"})
+  @RequestLine("GET /v1/teams")
+  Teams retrieveTeams(@Param("apiKey") String apiKey);
+
   static Cloud connect() {
 	  return connect((Config)null);
   }

src/main/java/com/venafi/vcert/sdk/connectors/cloud/CloudConnectorUtils.java

@@ -199,16 +199,19 @@ private static void addCitToApp(CertificateIssuingTemplate cit, Application appl
 	private static List<Application.OwnerIdsAndType> resolveOwners(String[] usersList, String apiKey, Cloud cloud) {
 		List<Application.OwnerIdsAndType> ownersList = new ArrayList<>();
 
-		// Adding the current user to the owners list
-		UserDetails userDetails = cloud.authorize(apiKey);
-		String userId = userDetails.user().id();
-		Application.OwnerIdsAndType currentOwner = new Application.OwnerIdsAndType();
-		currentOwner.ownerId(userId);
-		currentOwner.ownerType(CloudConstants.OWNER_TYPE_USER);
-		ownersList.add(currentOwner);
-
-		// Resolving the usernames list
-		if (usersList != null) {
+		if (usersList == null) {
+			// When no user is provided on the list, adds the current one as owner
+			UserDetails userDetails = cloud.authorize(apiKey);
+			String userId = userDetails.user().id();
+			Application.OwnerIdsAndType currentOwner = new Application.OwnerIdsAndType();
+			currentOwner.ownerId(userId);
+			currentOwner.ownerType(CloudConstants.OWNER_TYPE_USER);
+			ownersList.add(currentOwner);
+		}
+		else {
+			// Resolving the usernames list
+			// Creating a higher level Teams object to cache the response.
+			Teams tResponse = null;
 			for (String username: usersList) {
 				UserResponse response = cloud.retrieveUser(username, apiKey);
 				// If the name matches a user, create the entry
@@ -218,11 +221,24 @@ private static List<Application.OwnerIdsAndType> resolveOwners(String[] usersLis
 					owner.ownerType(CloudConstants.OWNER_TYPE_USER);
 					ownersList.add(owner);
 				}else{
-					// TODO: Logic to find Teams by name is not available at VaaS. Update when ready.
+					if (tResponse == null) {
+						tResponse = cloud.retrieveTeams(apiKey);
+					}
+					if (tResponse != null) {
+						for (Team t : tResponse.teams()) {
+							if (t.name().equals(username)) {
+								Application.OwnerIdsAndType owner = new Application.OwnerIdsAndType();
+								owner.ownerId(t.id());
+								owner.ownerType(CloudConstants.OWNER_TYPE_TEAM);
+								ownersList.add(owner);
+								break;
+							}
+						}
+					}
+
 				}
 			}
 		}
-
 		return ownersList;
 	}
 
@@ -235,12 +251,25 @@ public static CloudPolicy getCloudPolicy( String policyName, String apiKey, Clou
 			throw new VCertException("Application "+ zone.appName() + " could not be found");
 		}
 		List<String> usersList = new ArrayList<>();
+		Teams tResponse = null;
 		for (Application.OwnerIdsAndType owner: app.ownerIdsAndTypes()) {
 			if (owner.ownerType().equals(CloudConstants.OWNER_TYPE_USER)) {
 				User user = cloud.retrieveUserById(owner.ownerId(), apiKey);
 				usersList.add(user.username());
 			}else if (owner.ownerType().equals(CloudConstants.OWNER_TYPE_TEAM)) {
-				// TODO: Include Teams logic here when supported by VaaS API.
+				if (tResponse == null){
+					// This validation caches the teams list, so we don't have to call
+					// the teams' endpoint multiple times when iterating owners of type TEAM
+					tResponse = cloud.retrieveTeams(apiKey);
+				}
+				if (tResponse != null){
+					for (Team t : tResponse.teams()) {
+						if (t.id().equals(owner.ownerId())){
+							usersList.add(t.name());
+							break;
+						}
+					}
+				}
 			}
 		}
 		cloudPolicy.owners(usersList.toArray(new String[0]));

src/main/java/com/venafi/vcert/sdk/connectors/cloud/domain/Team.java

@@ -0,0 +1,14 @@
+package com.venafi.vcert.sdk.connectors.cloud.domain;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+@AllArgsConstructor
+public class Team {
+
+    private String id;
+    private String name;
+    private String role;
+    private String companyId;
+}

src/main/java/com/venafi/vcert/sdk/connectors/cloud/domain/Teams.java

@@ -0,0 +1,15 @@
+package com.venafi.vcert.sdk.connectors.cloud.domain;
+
+import com.google.gson.annotations.SerializedName;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+import java.util.List;
+
+@Data
+@AllArgsConstructor
+public class Teams {
+
+    @SerializedName("teams")
+    private List<Team> teams;
+}

src/main/java/com/venafi/vcert/sdk/connectors/tpp/AbstractTppConnector.java

@@ -125,9 +125,11 @@ public TPPPolicy getTPPPolicy(String policyName) throws VCertException {
 
     protected String[] resolveTPPContacts(String[] contacts) throws VCertException{
         List<String> identitiesIdList = new ArrayList<>();
-        for (String contact: contacts) {
-            IdentityEntry identity = this.getTPPIdentity(contact);
-            identitiesIdList.add(identity.prefixedUniversal());
+        if (contacts != null){
+            for (String contact: contacts) {
+                IdentityEntry identity = this.getTPPIdentity(contact);
+                identitiesIdList.add(identity.prefixedUniversal());
+            }
         }
         return identitiesIdList.toArray(new String[0]);
     }

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppConnectorUtils.java

@@ -330,12 +330,12 @@ private static String[] retrieveUsernamesFromTPPContacts(String policyName, TppA
 			throw new VCertException(contactResponse.error());
 		}
 		if (contactResponse.values() != null) {
-			String[] contacts = (String[]) contactResponse.values();
-			for (String prefixedUniversal : contacts) {
+			Object[] contacts = contactResponse.values();
+			for (Object prefixedUniversal : contacts) {
 				try{
 					ValidateIdentityResponse response = tppAPI.validateIdentity(
 							new ValidateIdentityRequest(
-									new IdentityInformation(prefixedUniversal)
+									new IdentityInformation((String)prefixedUniversal)
 							)
 					);
 					String username = response.id().name();

src/main/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnector.java

@@ -2,28 +2,11 @@
 
 import static org.apache.commons.lang3.StringUtils.isBlank;
 
-import java.util.Map;
-
-import com.google.common.io.CharStreams;
 import com.venafi.vcert.sdk.VCertException;
-import com.venafi.vcert.sdk.certificate.ImportRequest;
-import com.venafi.vcert.sdk.certificate.ImportResponse;
 import com.venafi.vcert.sdk.connectors.ConnectorException.FailedToRevokeTokenException;
 import com.venafi.vcert.sdk.connectors.ConnectorException.MissingAccessTokenException;
 import com.venafi.vcert.sdk.connectors.ConnectorException.MissingRefreshTokenException;
 import com.venafi.vcert.sdk.connectors.TokenConnector;
-import com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRenewalResponse;
-import com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRequestResponse;
-import com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRetrieveResponse;
-import com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateRevokeResponse;
-import com.venafi.vcert.sdk.connectors.tpp.Tpp.CertificateSearchResponse;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.*;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCaTemplateRequest;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCaTemplateResponse;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCertRequest;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCertRequestResponse;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCertRetrieveRequest;
-import com.venafi.vcert.sdk.connectors.tpp.endpoint.ssh.TppSshCertRetrieveResponse;
 import com.venafi.vcert.sdk.endpoint.Authentication;
 import com.venafi.vcert.sdk.endpoint.ConnectorType;
 

src/test/java/com/venafi/vcert/sdk/connectors/tpp/TppTokenConnectorPolicyAT.java

@@ -6,6 +6,7 @@
 import com.venafi.vcert.sdk.connectors.tpp.endpoint.IdentityInformation;
 import com.venafi.vcert.sdk.connectors.tpp.endpoint.ValidateIdentityRequest;
 import com.venafi.vcert.sdk.connectors.tpp.endpoint.ValidateIdentityResponse;
+import com.venafi.vcert.sdk.policy.domain.PolicySpecification;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.Test;
@@ -45,4 +46,19 @@ public void validateIdentity() throws VCertException {
         Assertions.assertNotNull(response);
         Assertions.assertEquals(username, response.id().name());
     }
+
+    @Test
+    @DisplayName("TPP - Create a policy with contacts and retrieve it")
+    public void createAndGetPolicyContacts() throws VCertException {
+        TppTokenConnector connector = connectorResource.connector();
+
+        PolicySpecification policySpecification = TppTestUtils.getPolicySpecification();
+        policySpecification.users(new String[]{"osstestuser"});
+        String zone = TppTestUtils.getRandomZone();
+        connector.setPolicy(zone, policySpecification);
+        PolicySpecification psReturned = connector.getPolicy(zone);
+
+        Assertions.assertEquals(1, psReturned.users().length);
+        Assertions.assertEquals("osstestuser", psReturned.users()[0]);
+    }
 }