Merge pull request #97 from browserstack/fix-pending-resolve

feat: add resolve pendingFailures

Author: vedharish

Access/accessrequest_helper.py

@@ -78,6 +78,8 @@
 - {request_id} - Approver: {approver}"
 ERROR_DECLINING_REQUEST_LOG_MSG = "Error in Decline of request {request_id}. \
  Error:{error} .Please contact admin."
+ERROR_MARKING_RESOLVE_FAIL_LOG_MSG = "Error in resolving request {request_id}. \
+ Error:{error} ."
 
 
 def get_request_access(request):
@@ -896,6 +898,22 @@ def decline_group_access(request, request_id, reason):
         )
 
 
+def run_ignore_failure_task(auth_user, access_mapping, request_id, selector):
+    try:
+        if selector == "decline":
+            access_mapping.decline_access()
+        elif selector == "approve":
+            access_mapping.approve_access()
+        notifications.send_mail_for_request_resolve(auth_user, selector, request_id)
+    except Exception as e:
+        logger.exception(e)
+        return create_error_response(
+            error_msg=ERROR_MARKING_RESOLVE_FAIL_LOG_MSG.format(
+                request_id=request_id, error=str(str(e))
+            )
+        )
+
+
 def create_error_response(error_msg):
     json_response = {}
     json_response["error"] = error_msg

Access/admin.py

@@ -9,7 +9,7 @@
     GroupV2,
     MembershipV2,
     GroupAccessMapping,
-    UserIdentity
+    UserIdentity,
 )
 
 

Access/background_task_manager.py

@@ -298,6 +298,7 @@ def run_accept_request(data):
 
     return {"status": False}
 
+
 def accept_request(user_access_mapping):
     try:
         result = run_access_grant.delay(user_access_mapping.request_id)

Access/group_helper.py

@@ -526,6 +526,7 @@ def add_user_to_group(request):
         }
         return context
 
+
 def _check_if_members_in_group(group, selected_members):
     group_members_email = group.get_approved_and_pending_member_emails()
     duplicate_request_emails = set(selected_members).intersection(

Access/models.py

@@ -169,14 +169,14 @@ def getPendingApprovalsCount(self, all_access_modules):
 
     def getFailedGrantsCount(self):
         return (
-            UserAccessMapping.objects.filter(status__in=["grantfailed"]).count()
+            UserAccessMapping.objects.filter(status__in=["GrantFailed"]).count()
             if self.isAdminOrOps()
             else 0
         )
 
     def getFailedRevokesCount(self):
         return (
-            UserAccessMapping.objects.filter(status__in=["revokefailed"]).count()
+            UserAccessMapping.objects.filter(status__in=["RevokeFailed"]).count()
             if self.isAdminOrOps()
             else 0
         )
@@ -570,7 +570,6 @@ def get_all_approved_members(self):
         group_members = self.get_all_members().filter(status="Approved")
         return group_members
 
-
     def get_approved_and_pending_member_emails(self):
         group_member_emails = self.membership_group.filter(
             status__in=["Approved", "Pending"]
@@ -878,10 +877,6 @@ def approve_access(self):
         self.status = "Approved"
         self.save()
 
-    @staticmethod
-    def get_by_id(request_id):
-        return UserAccessMapping.objects.get(request_id=request_id)
-
     def revoking(self, revoker):
         self.revoker = revoker
         self.status = "ProcessingRevoke"

Access/notifications.py

@@ -23,6 +23,7 @@
 )
 USER_ACCESS_REQUEST_GRANT_FAILURE_SUBJECT = "[Enigma][Access Management] {} - {} - {} \
     Failed to Approve Request"
+USER_REQUEST_RESOLVE_SUBJECT = "[Enigma][Access Management] - Request Resolved - {}"
 
 
 def send_new_group_create_notification(auth_user, date_time, new_group, member_list):
@@ -70,12 +71,13 @@ def send_membership_accepted_notification(user, group, membership):
     destination.append(user.email)
     general.emailSES(destination, subject, body)
 
-def send_mulitple_membership_accepted_notification(user_names, group_name, membership):
-    subject = MEMBERSHIP_ACCEPTED_SUBJECT.format(user_names, group_name)
+
+def send_mulitple_membership_accepted_notification(user_names, group, membership):
+    subject = MEMBERSHIP_ACCEPTED_SUBJECT.format(user_names, group.name)
     body = helpers.generateStringFromTemplate(
         filename="membershipAcceptedEmailBody.html",
-        user_name= ",".join(user_names),
-        group_name=group_name,
+        user_name=",".join(user_names),
+        group_name=group.name,
         approver=membership.approver.name,
     )
     destination = []
@@ -264,3 +266,16 @@ def send_decline_group_access_failed(destination, request_id, error):
     except Exception as e:
         logger.exception(str(e))
         logger.error("Something when wrong while sending Email.")
+
+
+def send_mail_for_request_resolve(auth_user, access_type, request_id):
+    destination = [auth_user.email]
+    subject = USER_REQUEST_RESOLVE_SUBJECT.format(request_id)
+    body = helpers.generateStringFromTemplate(
+        filename="requestResolvedEmail.html",
+        user=auth_user.email,
+        request_id=request_id,
+        access_type=access_type,
+    )
+    general.emailSES(destination, subject, body)
+    logger.debug("Email sent for " + subject + " to " + str(destination))

Access/views.py

@@ -22,6 +22,7 @@
     get_decline_access_request,
     accept_group_access,
     run_accept_request_task,
+    run_ignore_failure_task,
 )
 from Access.models import User, UserAccessMapping, GroupAccessMapping
 
@@ -611,7 +612,9 @@ def mark_revoked(request):
         for mapping_object in requests:
             logger.info(
                 "Marking access revoke - %s by user %s",
-                mapping_object.request_id, request.user.user)
+                mapping_object.request_id,
+                request.user.user,
+            )
             mapping_object.revoke(revoker=request.user.user)
             success_list.append(mapping_object.request_id)
         json_response["msg"] = "Success"
@@ -621,23 +624,114 @@ def mark_revoked(request):
         json_response["error"] = "Error Revoking User Access"
     return JsonResponse(json_response, status=403)
 
+
 def individual_resolve(request):
-    json_response = {"status_list":[]}
+    json_response = {"status_list": []}
     try:
-        request_ids = request.GET.getlist('requestId')
+        request_ids = request.GET.getlist("requestId")
         if not request_ids:
             raise Exception("Request id not found in the request")
 
         for request_id in request_ids:
-            user_access_mapping = UserAccessMapping.get_by_id(request_id)
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
             if user_access_mapping.status.lower() in ["grantfailed", "approved"]:
-                response = run_accept_request_task(False, user_access_mapping, request.user, user_access_mapping.request_id, user_access_mapping.access.access_label)
+                response = run_accept_request_task(
+                    False,
+                    user_access_mapping,
+                    request.user,
+                    user_access_mapping.request_id,
+                    user_access_mapping.access.access_label,
+                )
                 json_response["status_list"] += response["status"]
             else:
                 json_response["status_list"].append({'title': 'The Request ('+request_id+') is already resolved.', 'msg': 'The request is already in final state.'})
         return render(request,'EnigmaOps/accessStatus.html',json_response)
     except Exception as e:
         logger.exception(str(e))
+        json_response["error"] = {
+            "error_msg": "Bad request",
+            "msg": "Error in request not found OR Invalid request type",
+        }
+        return render(request, "BSOps/accessStatus.html", json_response)
+
+
+@login_required
+@user_with_permission([PERMISSION_CONSTANTS["DEFAULT_APPROVER_PERMISSION"]])
+def ignore_failure(request, selector):
+    try:
+        json_response = {"status_list": []}
+        request_ids = request.GET.getlist("requestId")
+        for request_id in request_ids:
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
+            if user_access_mapping.status.lower() in ["grantfailed", "revokefailed"]:
+                run_ignore_failure_task(
+                    request.user,
+                    user_access_mapping,
+                    user_access_mapping.request_id,
+                    selector,
+                )
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is now being ignored. Mark - "
+                        + selector,
+                        "msg": "A email will be sent after the requested access is ignored",
+                    }
+                )
+            else:
+                logger.debug("Cannot ignore " + request_id)
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is already resolved.",
+                        "msg": "The request is already in final state.",
+                    }
+                )
+        return render(request, "BSOps/accessStatus.html", json_response)
+    except Exception as e:
+        logger.debug("Error in request not found OR Invalid request type")
+        logger.exception(e)
+        json_response = {}
+        json_response["error"] = {
+            "error_msg": str(e),
+            "msg": "Error in request not found OR Invalid request type",
+        }
+        return render(request, "BSOps/accessStatus.html", json_response)
+
+
+@login_required
+@user_with_permission([PERMISSION_CONSTANTS["DEFAULT_APPROVER_PERMISSION"]])
+def resolve_bulk(request):
+    try:
+        json_response = {"status_list": []}
+        request_ids = request.GET.getlist("requestId")
+        for request_id in request_ids:
+            user_access_mapping = UserAccessMapping.get_access_request(request_id)
+            if user_access_mapping.status.lower() in ["grantfailed"]:
+                response = run_accept_request_task(
+                    False,
+                    user_access_mapping,
+                    request.user,
+                    user_access_mapping.request_id,
+                    user_access_mapping.access.access_label,
+                )
+                json_response["status_list"] += response["status"]
+            else:
+                json_response["status_list"].append(
+                    {
+                        "title": "The Request ("
+                        + request_id
+                        + ") is already resolved.",
+                        "msg": "The request is already in final state.",
+                    }
+                )
+        return render(request, "BSOps/accessStatus.html", json_response)
+    except Exception as e:
+        logger.debug("Error in request not found OR Invalid request type")
+        logger.exception(e)
+        json_response = {}
         json_response['error'] = {'error_msg': "Bad request", 'msg': "Error in request not found OR Invalid request type"}
         return render(request,'EnigmaOps/accessStatus.html',json_response)
 

EnigmaAutomation/settings.py

@@ -47,11 +47,11 @@
     "social_django",
     "Access",
     "rest_framework",
-    'cid.apps.CidAppConfig',
+    "cid.apps.CidAppConfig",
 ]
 CID_GENERATE = True
-CID_GENERATOR = lambda: f'{time.time()}-{random.random()}'
-CID_HEADER = 'X_CORRELATION_ID'
+CID_GENERATOR = lambda: f"{time.time()}-{random.random()}"
+CID_HEADER = "X_CORRELATION_ID"
 CID_GENERATE = True
 CID_CONCATENATE_IDS = True
 
@@ -203,26 +203,24 @@
 # https://docs.djangoproject.com/en/4.1/ref/settings/#databases
 
 DATABASES = {}
-if data['database']['engine'] == "mysql":
-    DATABASES['default'] = {
-        'ENGINE':   'mysql.connector.django',
-        'CONN_MAX_AGE': 0,
-        'NAME': data['database']['dbname'],
-        'USER': data['database']['username'],
-        'PASSWORD': data['database']['password'],
-        'HOST': data['database']['host'],
-        'PORT': data['database']['port'],
-        'OPTIONS': {
-            'auth_plugin': 'mysql_native_password'
-        }
+if data["database"]["engine"] == "mysql":
+    DATABASES["default"] = {
+        "ENGINE": "mysql.connector.django",
+        "CONN_MAX_AGE": 0,
+        "NAME": data["database"]["dbname"],
+        "USER": data["database"]["username"],
+        "PASSWORD": data["database"]["password"],
+        "HOST": data["database"]["host"],
+        "PORT": data["database"]["port"],
+        "OPTIONS": {"auth_plugin": "mysql_native_password"},
     }
-elif data['database']['engine'] == "sqlite3":
-    DATABASES['default'] = {
+elif data["database"]["engine"] == "sqlite3":
+    DATABASES["default"] = {
         "ENGINE": "django.db.backends.sqlite3",
         "NAME": BASE_DIR / "db.sqlite3",
     }
 else:
-    raise Exception("Database engine %s not recognized" % data['database']['engine'])
+    raise Exception("Database engine %s not recognized" % data["database"]["engine"])
 
 PERMISSION_CONSTANTS = {"DEFAULT_APPROVER_PERMISSION": "ACCESS_APPROVE"}
 
@@ -233,7 +231,7 @@
 
 ACCESS_MODULES = data["access_modules"]
 
-AUTOMATED_EXEC_IDENTIFIER = 'automated-grant'
+AUTOMATED_EXEC_IDENTIFIER = "automated-grant"
 
 LOGGING = {
     'version': 1,
@@ -251,36 +249,36 @@
             'filename': './enigma.log',
             'formatter': 'verbose',
         },
-        'console': {
-            'level': 'INFO',
-            'class': 'logging.StreamHandler',
-            'formatter': 'verbose',
+        "console": {
+            "level": "INFO",
+            "class": "logging.StreamHandler",
+            "formatter": "verbose",
         },
     },
-    'loggers': {
-        'django.request': {
-            'handlers': ['file', 'console'],
-            'level': 'INFO',
-            'propagate': True,
-            'formatter' : 'verbose',
+    "loggers": {
+        "django.request": {
+            "handlers": ["file", "console"],
+            "level": "INFO",
+            "propagate": True,
+            "formatter": "verbose",
         },
-        'inventory': {
-            'handlers': ['file', 'console'],
-            'level': 'INFO',
-            'propagate': True,
-            'formatter' : 'verbose',
+        "inventory": {
+            "handlers": ["file", "console"],
+            "level": "INFO",
+            "propagate": True,
+            "formatter": "verbose",
         },
-        'Access':{
-            'handlers': ['file', 'console'],
-            'level': 'INFO',
-            'propagate': True,
-            'formatter' : 'verbose',
+        "Access": {
+            "handlers": ["file", "console"],
+            "level": "INFO",
+            "propagate": True,
+            "formatter": "verbose",
         },
-        'bootprocess':{
-            'handlers': ['file', 'console'],
-            'level': 'INFO',
-            'propagate': True,
-            'formatter' : 'verbose',
+        "bootprocess": {
+            "handlers": ["file", "console"],
+            "level": "INFO",
+            "propagate": True,
+            "formatter": "verbose",
         },
     },
 }