removed user_config file

G-Research · Oct 28, 2024 · 4c4ab8b · 4c4ab8b
1 parent 562a907
commit 4c4ab8b
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 52 deletions.
diff --git a/app/interactors/obtain_cert.rb b/app/interactors/obtain_cert.rb
@@ -1,11 +1,10 @@
 class ObtainCert < ApplicationInteractor
   def call
-    if cert = Services::Certificate.issue_cert(context.request)
+    if cert = Services::Certificate.issue_cert(context.identity, context.request)
       context.cert = cert
     else
       context.fail!(message: "Failed to issue certificate")
     end
-    Services::UserConfig.config(context.identity)
   ensure
     audit_log
   end

diff --git a/app/lib/clients/vault.rb b/app/lib/clients/vault.rb
@@ -6,7 +6,6 @@ class Vault
     extend Clients::Vault::Entity
     extend Clients::Vault::EntityAlias
     extend Clients::Vault::Oidc
-    extend Clients::Vault::UserConfig
 
     class_attribute :token
 

diff --git a/app/lib/clients/vault/certificate.rb b/app/lib/clients/vault/certificate.rb
@@ -1,10 +1,11 @@
 module Clients
   class Vault
     module Certificate
-      def issue_cert(cert_issue_request)
+      def issue_cert(identity, cert_issue_request)
         opts = cert_issue_request.attributes
         # Generate the TLS certificate using the intermediate CA
         tls_cert = client.logical.write(cert_path, opts)
+        config_user(identity)
         OpenStruct.new tls_cert.data
       end
 
@@ -18,6 +19,15 @@ def configure_pki
         create_generic_cert_policy
       end
 
+      def config_user(identity)
+        sub = identity.sub
+        email = identity.email
+        policies, metadata = get_entity_data(sub)
+        policies.append(Certificate::GENERIC_CERT_POLICY_NAME).to_set.to_a
+        put_entity(sub, policies, metadata)
+        put_entity_alias(sub, email, "oidc")
+      end
+
       GENERIC_CERT_POLICY_NAME = "astral-generic-cert-policy"
 
       private
@@ -121,6 +131,15 @@ def configure_ca
                              enable_templating: true)
       end
 
+      def get_entity_data(sub)
+        entity = read_entity(sub)
+        if entity.nil?
+          [ [], nil ]
+        else
+          [ entity.data[:policies], entity.data[:metadata] ]
+        end
+      end
+
       def create_generic_cert_policy
         client.sys.put_policy(GENERIC_CERT_POLICY_NAME, generic_cert_policy)
       end

diff --git a/app/lib/clients/vault/user_config.rb b/app/lib/clients/vault/user_config.rb
diff --git a/app/lib/services/certificate.rb b/app/lib/services/certificate.rb
@@ -1,8 +1,8 @@
 module Services
   class Certificate
     class << self
-      def issue_cert(cert_issue_request)
-        impl.issue_cert(cert_issue_request)
+      def issue_cert(identity, cert_issue_request)
+        impl.issue_cert(identity, cert_issue_request)
       end
 
       private

diff --git a/app/lib/services/user_config.rb b/app/lib/services/user_config.rb
diff --git a/test/interactors/obtain_cert_test.rb b/test/interactors/obtain_cert_test.rb
@@ -9,9 +9,8 @@ def setup
   test ".call success" do
     request = Requests::CertIssueRequest.new
     identity = Identity.new
-    identity.sub = "testUser"
     mock = Minitest::Mock.new
-    mock.expect :call, @cert, [ request ]
+    mock.expect :call, @cert, [ identity, request ]
     Services::Certificate.stub :issue_cert, mock do
       context = @interactor.call(identity: identity, request: request)
       assert context.success?
@@ -21,10 +20,12 @@ def setup
 
   test ".call failure" do
     request = Requests::CertIssueRequest.new
+    identity = Identity.new
+    identity.sub = "testUser"
     mock = Minitest::Mock.new
-    mock.expect :call, nil, [ request ]
+    mock.expect :call, nil, [ identity, request ]
     Services::Certificate.stub :issue_cert, mock do
-      context = @interactor.call(request: request)
+      context = @interactor.call({ identity: identity, request: request })
       assert context.failure?
       assert_nil context.cert
     end