stackrox · ivan-degtiarenko · Oct 28, 2022 · Oct 25, 2022 · Oct 25, 2022 · Oct 25, 2022
diff --git a/internal/dinosaur/pkg/api/public/api/openapi.yaml b/internal/dinosaur/pkg/api/public/api/openapi.yaml
@@ -608,6 +608,37 @@ paths:
       security:
       - Bearer: []
       summary: Returns the list of supported regions of the supported cloud provider
+  /api/rhacs/v1/cloud_accounts:
+    get:
+      operationId: getCloudAccounts
+      responses:
+        "200":
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/CloudAccountsList'
+          description: Returned list of supported cloud provider regions
+        "401":
+          content:
+            application/json:
+              examples:
+                "401Example":
+                  $ref: '#/components/examples/401Example'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Auth token is invalid
+        "500":
+          content:
+            application/json:
+              examples:
+                "500Example":
+                  $ref: '#/components/examples/500Example'
+              schema:
+                $ref: '#/components/schemas/Error'
+          description: Unexpected error occurred
+      security:
+      - Bearer: []
+      summary: Returns the list of cloud accounts which belong to user's organization
   /api/rhacs/v1/centrals/{id}/metrics/query_range:
     get:
       operationId: getMetricsByRangeQuery
@@ -905,6 +936,11 @@ components:
           topic: __consumer_offsets
         timestamp: 1611670230000
         value: 84154
+    CloudAccountsList:
+      value:
+        cloudAccounts:
+        - cloudAccountId: cloudAccountId
+          cloudProviderId: cloudProviderId
     "400DeletionExample":
       value:
         id: "103"
@@ -1457,6 +1493,25 @@ components:
       required:
       - value
       type: object
+    CloudAccountsList:
+      example:
+        cloudAccounts:
+        - ""
+        - ""
+      properties:
+        cloudAccounts:
+          items:
+            allOf:
+            - $ref: '#/components/schemas/CloudAccount'
+          type: array
+      type: object
+    CloudAccount:
+      properties:
+        cloudAccountId:
+          type: string
+        cloudProviderId:
+          type: string
+      type: object
     Error_allOf:
       properties:
         code:

diff --git a/internal/dinosaur/pkg/api/public/api_default.go b/internal/dinosaur/pkg/api/public/api_default.go
diff --git a/internal/dinosaur/pkg/api/public/model_cloud_account.go b/internal/dinosaur/pkg/api/public/model_cloud_account.go
diff --git a/internal/dinosaur/pkg/api/public/model_cloud_accounts_list.go b/internal/dinosaur/pkg/api/public/model_cloud_accounts_list.go
diff --git a/internal/dinosaur/pkg/generated/bindata.go b/internal/dinosaur/pkg/generated/bindata.go
diff --git a/internal/dinosaur/pkg/handlers/cloud_accounts.go b/internal/dinosaur/pkg/handlers/cloud_accounts.go
@@ -0,0 +1,52 @@
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/presenters"
+	"github.com/stackrox/acs-fleet-manager/pkg/auth"
+	"github.com/stackrox/acs-fleet-manager/pkg/client/ocm"
+	"github.com/stackrox/acs-fleet-manager/pkg/errors"
+	"github.com/stackrox/acs-fleet-manager/pkg/handlers"
+)
+
+const rhacsMarketplaceQuotaID = "cluster|rhinfra|rhacs|marketplace"
+
+type cloudAccountsHandler struct {
+	client ocm.AMSClient
+}
+
+// NewCloudAccountsHandler ...
+func NewCloudAccountsHandler(client ocm.AMSClient) *cloudAccountsHandler {
+	return &cloudAccountsHandler{
+		client: client,
+	}
+}
+
+// Get ...
+func (h *cloudAccountsHandler) Get(w http.ResponseWriter, r *http.Request) {
+	cfg := &handlers.HandlerConfig{
+		Action: h.actionFunc(r),
+	}
+	handlers.HandleGet(w, r, cfg)
+}
+
+func (h *cloudAccountsHandler) actionFunc(r *http.Request) func() (i interface{}, serviceError *errors.ServiceError) {
+	return func() (i interface{}, serviceError *errors.ServiceError) {
+		ctx := r.Context()
+		claims, err := auth.GetClaimsFromContext(ctx)
+		if err != nil {
+			return nil, errors.NewWithCause(errors.ErrorUnauthenticated, err, "user not authenticated")
+		}
+		orgID, err := claims.GetOrgID()
+		if err != nil {
+			return nil, errors.NewWithCause(errors.ErrorForbidden, err, "cannot make request without orgID claim")
+		}
+
+		cloudAccounts, err := h.client.GetCustomerCloudAccounts(orgID, []string{rhacsMarketplaceQuotaID})
+		if err != nil {
+			return nil, errors.NewWithCause(errors.ErrorGeneral, err, "failed to fetch cloud accounts from AMS")
+		}
+		return presenters.PresentCloudAccounts(cloudAccounts), nil
+	}
+}
diff --git a/internal/dinosaur/pkg/handlers/cloud_accounts_test.go b/internal/dinosaur/pkg/handlers/cloud_accounts_test.go
@@ -0,0 +1,87 @@
+package handlers
+
+import (
+	"context"
+	"net/http"
+	"testing"
+
+	"github.com/stackrox/acs-fleet-manager/pkg/errors"
+
+	"github.com/google/uuid"
+	v1 "github.com/openshift-online/ocm-sdk-go/accountsmgmt/v1"
+	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/api/public"
+	"github.com/stackrox/acs-fleet-manager/pkg/auth"
+	"github.com/stackrox/acs-fleet-manager/pkg/client/ocm"
+	"github.com/stretchr/testify/assert"
+)
+
+const (
+	JwtKeyFile = "test/support/jwt_private_key.pem"
+	JwtCAFile  = "test/support/jwt_ca.pem"
+)
+
+func TestGetSuccess(t *testing.T) {
+	testCloudAccount, err := v1.NewCloudAccount().
+		CloudAccountID("cloudAccountID").
+		CloudProviderID("cloudProviderID").
+		Build()
+	assert.NoError(t, err)
+	c := ocm.ClientMock{
+		GetCustomerCloudAccountsFunc: func(externalID string, quotaID []string) ([]*v1.CloudAccount, error) {
+			return []*v1.CloudAccount{
+				testCloudAccount,
+			}, nil
+		},
+	}
+	handler := NewCloudAccountsHandler(&c)
+
+	authHelper, err := auth.NewAuthHelper(JwtKeyFile, JwtCAFile, "")
+	assert.NoError(t, err)
+	account, err := authHelper.NewAccount("username", "test-user", "", "org-id-0")
+	assert.NoError(t, err)
+	jwt, err := authHelper.CreateJWTWithClaims(account, nil)
+	assert.NoError(t, err)
+	authenticatedCtx := auth.SetTokenInContext(context.TODO(), jwt)
+	r := &http.Request{}
+	r = r.WithContext(authenticatedCtx)
+
+	res, err := handler.actionFunc(r)()
+	assert.Nil(t, err)
+	cloudAccountsList, ok := res.(public.CloudAccountsList)
+	assert.True(t, ok)
+
+	assert.Len(t, cloudAccountsList.CloudAccounts, 1)
+	assert.Equal(t, cloudAccountsList.CloudAccounts[0].CloudAccountId, testCloudAccount.CloudAccountID())
+	assert.Equal(t, cloudAccountsList.CloudAccounts[0].CloudProviderId, testCloudAccount.CloudProviderID())
+}
+
+func TestGetNoOrgId(t *testing.T) {
+	timesClientCalled := 0
+	c := ocm.ClientMock{
+		GetCustomerCloudAccountsFunc: func(externalID string, quotaID []string) ([]*v1.CloudAccount, error) {
+			timesClientCalled++
+			return []*v1.CloudAccount{}, nil
+		},
+	}
+	handler := NewCloudAccountsHandler(&c)
+
+	authHelper, err := auth.NewAuthHelper(JwtKeyFile, JwtCAFile, "")
+	assert.NoError(t, err)
+	builder := v1.NewAccount().
+		ID(uuid.New().String()).
+		Username("username").
+		FirstName("Max").
+		LastName("M").
+		Email("[email protected]")
+	account, err := builder.Build()
+	assert.NoError(t, err)
+	jwt, err := authHelper.CreateJWTWithClaims(account, nil)
+	assert.NoError(t, err)
+	authenticatedCtx := auth.SetTokenInContext(context.TODO(), jwt)
+	r := &http.Request{}
+	r = r.WithContext(authenticatedCtx)
+
+	_, serviceErr := handler.actionFunc(r)()
+	assert.Equal(t, serviceErr.Code, errors.ErrorForbidden)
+	assert.Equal(t, 0, timesClientCalled)
+}
diff --git a/internal/dinosaur/pkg/presenters/cloud_accounts.go b/internal/dinosaur/pkg/presenters/cloud_accounts.go
@@ -0,0 +1,20 @@
+package presenters
+
+import (
+	amsv1 "github.com/openshift-online/ocm-sdk-go/accountsmgmt/v1"
+	"github.com/stackrox/acs-fleet-manager/internal/dinosaur/pkg/api/public"
+)
+
+// PresentCloudAccounts ...
+func PresentCloudAccounts(cloudAccounts []*amsv1.CloudAccount) public.CloudAccountsList {
+	transformedCloudAccounts := make([]public.CloudAccount, 0, len(cloudAccounts))
+	for _, cloudAccount := range cloudAccounts {
+		transformedCloudAccounts = append(transformedCloudAccounts, public.CloudAccount{
+			CloudAccountId:  cloudAccount.CloudAccountID(),
+			CloudProviderId: cloudAccount.CloudProviderID(),
+		})
+	}
+	return public.CloudAccountsList{
+		CloudAccounts: transformedCloudAccounts,
+	}
+}
diff --git a/internal/dinosaur/pkg/routes/route_loader.go b/internal/dinosaur/pkg/routes/route_loader.go
@@ -89,6 +89,7 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
 	errorsHandler := coreHandlers.NewErrorsHandler()
 	metricsHandler := handlers.NewMetricsHandler(s.Observatorium)
 	serviceStatusHandler := handlers.NewServiceStatusHandler(s.Dinosaur, s.AccessControlListConfig)
+	cloudAccountsHandler := handlers.NewCloudAccountsHandler(s.AMSClient)
 
 	authorizeMiddleware := s.AccessControlListMiddleware.Authorize
 	requireOrgID := auth.NewRequireOrgIDMiddleware().RequireOrgID(errors.ErrorUnauthenticated)
@@ -175,6 +176,11 @@ func (s *options) buildAPIBaseRouter(mainRouter *mux.Router, basePath string, op
 		Name(logger.NewLogEvent("list-regions", "list cloud provider regions").ToString()).
 		Methods(http.MethodGet)
 
+	apiV1CloudAccountsRouter := apiV1Router.PathPrefix("/cloud_accounts").Subrouter()
+	apiV1CloudAccountsRouter.HandleFunc("", cloudAccountsHandler.Get).
+		Name(logger.NewLogEvent("get-cloud-accounts", "list all cloud accounts belonging to user org").ToString()).
+		Methods(http.MethodGet)
+
 	v1Metadata := api.VersionMetadata{
 		ID:          "v1",
 		Collections: v1Collections,