From cc7758b436d80d31ba134cc77bfaf974a3ad1dc9 Mon Sep 17 00:00:00 2001
From: Mariano Fernandez <mariano.fernandez@graviteesource.com>
Date: Thu, 29 Feb 2024 16:02:27 +0100
Subject: [PATCH] feat(cockpit): disable idps when disabling envs and orgs

---
 .../DisableEnvironmentCommandHandler.java     | 17 ++++++++++++-
 .../DisableOrganizationCommandHandler.java    | 23 ++++++++++++++++-
 .../DisableEnvironmentCommandHandlerTest.java | 25 ++++++++++++++++---
 ...DisableOrganizationCommandHandlerTest.java | 20 ++++++++++++++-
 4 files changed, 79 insertions(+), 6 deletions(-)

diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandler.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandler.java
index 426b9fb0f79..02b1d732ccf 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandler.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandler.java
@@ -25,10 +25,13 @@
 import io.gravitee.repository.management.api.search.ApiCriteria;
 import io.gravitee.repository.management.api.search.ApiFieldFilter;
 import io.gravitee.repository.management.model.LifecycleState;
+import io.gravitee.rest.api.model.configuration.identity.IdentityProviderActivationReferenceType;
 import io.gravitee.rest.api.service.EnvironmentService;
 import io.gravitee.rest.api.service.common.ExecutionContext;
+import io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService;
 import io.gravitee.rest.api.service.v4.ApiStateService;
 import io.reactivex.rxjava3.core.Single;
+import java.util.List;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
@@ -41,17 +44,20 @@ public class DisableEnvironmentCommandHandler implements CommandHandler<DisableE
     private final ApiRepository apiRepository;
     private final ApiStateService apiStateService;
     private final AccessPointCrudService accessPointService;
+    private final IdentityProviderActivationService identityProviderActivationService;
 
     public DisableEnvironmentCommandHandler(
         EnvironmentService environmentService,
         ApiStateService apiStateService,
         @Lazy ApiRepository apiRepository,
-        AccessPointCrudService accessPointService
+        AccessPointCrudService accessPointService,
+        IdentityProviderActivationService identityProviderActivationService
     ) {
         this.environmentService = environmentService;
         this.apiStateService = apiStateService;
         this.apiRepository = apiRepository;
         this.accessPointService = accessPointService;
+        this.identityProviderActivationService = identityProviderActivationService;
     }
 
     @Override
@@ -78,6 +84,15 @@ public Single<DisableEnvironmentReply> handle(DisableEnvironmentCommand command)
             // Delete related access points
             this.accessPointService.deleteAccessPoints(AccessPoint.ReferenceType.ENVIRONMENT, environment.getId());
 
+            // Deactivate all identity providers
+            this.identityProviderActivationService.removeAllIdpsFromTarget(
+                    executionContext,
+                    new IdentityProviderActivationService.ActivationTarget(
+                        environment.getId(),
+                        IdentityProviderActivationReferenceType.ENVIRONMENT
+                    )
+                );
+
             log.info("Environment [{}] with id [{}] has been disabled.", environment.getName(), environment.getId());
             return Single.just(new DisableEnvironmentReply(command.getId(), CommandStatus.SUCCEEDED));
         } catch (Exception e) {
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandler.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandler.java
index 0cb039c2539..aa53820dc6c 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandler.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/main/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandler.java
@@ -22,8 +22,12 @@
 import io.gravitee.cockpit.api.command.CommandStatus;
 import io.gravitee.cockpit.api.command.organization.DisableOrganizationCommand;
 import io.gravitee.cockpit.api.command.organization.DisableOrganizationReply;
+import io.gravitee.rest.api.model.configuration.identity.IdentityProviderActivationReferenceType;
 import io.gravitee.rest.api.service.OrganizationService;
+import io.gravitee.rest.api.service.common.ExecutionContext;
+import io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService;
 import io.reactivex.rxjava3.core.Single;
+import java.util.List;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
@@ -33,10 +37,16 @@ public class DisableOrganizationCommandHandler implements CommandHandler<Disable
 
     private final OrganizationService organizationService;
     private final AccessPointCrudService accessPointService;
+    private final IdentityProviderActivationService identityProviderActivationService;
 
-    public DisableOrganizationCommandHandler(OrganizationService organizationService, AccessPointCrudService accessPointService) {
+    public DisableOrganizationCommandHandler(
+        OrganizationService organizationService,
+        AccessPointCrudService accessPointService,
+        IdentityProviderActivationService identityProviderActivationService
+    ) {
         this.organizationService = organizationService;
         this.accessPointService = accessPointService;
+        this.identityProviderActivationService = identityProviderActivationService;
     }
 
     @Override
@@ -53,6 +63,17 @@ public Single<DisableOrganizationReply> handle(DisableOrganizationCommand comman
             // Delete related access points
             this.accessPointService.deleteAccessPoints(AccessPoint.ReferenceType.ORGANIZATION, organization.getId());
 
+            var context = new ExecutionContext(organization.getId());
+
+            // Deactivate all identity providers
+            this.identityProviderActivationService.removeAllIdpsFromTarget(
+                    context,
+                    new IdentityProviderActivationService.ActivationTarget(
+                        organization.getId(),
+                        IdentityProviderActivationReferenceType.ORGANIZATION
+                    )
+                );
+
             log.info("Organization [{}] with id [{}] has been disabled.", organization.getName(), organization.getId());
             return Single.just(new DisableOrganizationReply(command.getId(), CommandStatus.SUCCEEDED));
         } catch (Exception e) {
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandlerTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandlerTest.java
index d33548fc788..df4d46ab598 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandlerTest.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableEnvironmentCommandHandlerTest.java
@@ -31,8 +31,10 @@
 import io.gravitee.repository.management.model.Api;
 import io.gravitee.repository.management.model.LifecycleState;
 import io.gravitee.rest.api.model.EnvironmentEntity;
+import io.gravitee.rest.api.model.configuration.identity.IdentityProviderActivationReferenceType;
 import io.gravitee.rest.api.service.EnvironmentService;
 import io.gravitee.rest.api.service.common.ExecutionContext;
+import io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService;
 import io.gravitee.rest.api.service.exceptions.EnvironmentNotFoundException;
 import io.gravitee.rest.api.service.v4.ApiStateService;
 import java.util.List;
@@ -63,11 +65,21 @@ class DisableEnvironmentCommandHandlerTest {
     @Mock
     private AccessPointCrudService accessPointService;
 
+    @Mock
+    private IdentityProviderActivationService idpActivationService;
+
     private DisableEnvironmentCommandHandler cut;
 
     @BeforeEach
     void setUp() {
-        cut = new DisableEnvironmentCommandHandler(environmentService, apiStateService, apiRepository, accessPointService);
+        cut =
+            new DisableEnvironmentCommandHandler(
+                environmentService,
+                apiStateService,
+                apiRepository,
+                accessPointService,
+                idpActivationService
+            );
     }
 
     @Test
@@ -77,7 +89,9 @@ void handleType() {
 
     @Test
     void handleSuccessfulCommand() {
-        when(environmentService.findByCockpitId(ENV_COCKPIT_ID)).thenReturn(EnvironmentEntity.builder().id(ENV_APIM_ID).build());
+        var apimEnvironment = EnvironmentEntity.builder().id(ENV_APIM_ID).build();
+        var context = new ExecutionContext(apimEnvironment);
+        when(environmentService.findByCockpitId(ENV_COCKPIT_ID)).thenReturn(apimEnvironment);
         when(
             apiRepository.search(
                 eq(new ApiCriteria.Builder().environmentId(ENV_APIM_ID).state(LifecycleState.STARTED).build()),
@@ -92,8 +106,13 @@ void handleSuccessfulCommand() {
             .awaitDone(1, TimeUnit.SECONDS)
             .assertValue(reply -> reply.getCommandStatus().equals(CommandStatus.SUCCEEDED));
 
-        verify(apiStateService).stop(any(ExecutionContext.class), eq(API_ID), eq(USER_ID));
+        verify(apiStateService).stop(eq(context), eq(API_ID), eq(USER_ID));
         verify(accessPointService).deleteAccessPoints(AccessPoint.ReferenceType.ENVIRONMENT, ENV_APIM_ID);
+        verify(idpActivationService)
+            .removeAllIdpsFromTarget(
+                eq(context),
+                eq(new IdentityProviderActivationService.ActivationTarget(ENV_APIM_ID, IdentityProviderActivationReferenceType.ENVIRONMENT))
+            );
     }
 
     @Test
diff --git a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandlerTest.java b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandlerTest.java
index 700fa50cd4c..71b49f7b1cb 100644
--- a/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandlerTest.java
+++ b/gravitee-apim-rest-api/gravitee-apim-rest-api-service/src/test/java/io/gravitee/rest/api/service/cockpit/command/handler/DisableOrganizationCommandHandlerTest.java
@@ -16,6 +16,7 @@
 package io.gravitee.rest.api.service.cockpit.command.handler;
 
 import static org.junit.jupiter.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
@@ -26,8 +27,12 @@
 import io.gravitee.cockpit.api.command.organization.DisableOrganizationCommand;
 import io.gravitee.cockpit.api.command.organization.DisableOrganizationPayload;
 import io.gravitee.rest.api.model.OrganizationEntity;
+import io.gravitee.rest.api.model.configuration.identity.IdentityProviderActivationReferenceType;
 import io.gravitee.rest.api.service.OrganizationService;
+import io.gravitee.rest.api.service.common.ExecutionContext;
+import io.gravitee.rest.api.service.configuration.identity.IdentityProviderActivationService;
 import io.gravitee.rest.api.service.exceptions.OrganizationNotFoundException;
+import java.util.List;
 import java.util.concurrent.TimeUnit;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -47,11 +52,14 @@ class DisableOrganizationCommandHandlerTest {
     @Mock
     private AccessPointCrudService accessPointService;
 
+    @Mock
+    private IdentityProviderActivationService idpActivationService;
+
     private DisableOrganizationCommandHandler cut;
 
     @BeforeEach
     void setUp() {
-        cut = new DisableOrganizationCommandHandler(organizationService, accessPointService);
+        cut = new DisableOrganizationCommandHandler(organizationService, accessPointService, idpActivationService);
     }
 
     @Test
@@ -73,6 +81,16 @@ void handleSuccessfulCommand() {
             .assertValue(reply -> reply.getCommandStatus().equals(CommandStatus.SUCCEEDED));
 
         verify(accessPointService).deleteAccessPoints(AccessPoint.ReferenceType.ORGANIZATION, ORG_APIM_ID);
+        verify(idpActivationService)
+            .removeAllIdpsFromTarget(
+                eq(new ExecutionContext(ORG_APIM_ID)),
+                eq(
+                    new IdentityProviderActivationService.ActivationTarget(
+                        ORG_APIM_ID,
+                        IdentityProviderActivationReferenceType.ORGANIZATION
+                    )
+                )
+            );
     }
 
     @Test