[WR-173] add ApproveAccessRequests to identity client (#226)

tozny · Oct 14, 2021 · 435c392 · 435c392
1 parent c90f13f
commit 435c392
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/identityClient/api.go b/identityClient/api.go
@@ -38,6 +38,7 @@ const (
 	URIReferenceSAMLAttributeNameFormat                     = "URI Reference"
 	DefaultUMAProtectionApplicationRole                     = "uma_protection"
 	AccessRequestOpenState                                  = "open"
+	AccessRequestApprovedState                              = "approved"
 )
 
 var (
@@ -923,6 +924,23 @@ type AccessRequestResponse struct {
 	RealmName             string               `json:"realm_name"`
 }
 
+// ApproveAccessRequestsRequest specifies a list of AccessRequests to approve
+type ApproveAccessRequestsRequest struct {
+	Approvals []AccessRequestDecision `json:"approvals"`
+	RealmName string                  `json:"realm_name"`
+}
+
+// AccessRequestDecision specifies an optional comment and access request to approve or deny
+type AccessRequestDecision struct {
+	AccessRequestID int64  `json:"access_request_id"`
+	Comment         string `json:"comment"`
+}
+
+// AccessRequestsResponse wraps one or more AccessRequest returned from the server
+type AccessRequestsResponse struct {
+	AccessRequests []AccessRequest `json:"access_requests"`
+}
+
 // AccessRequestSearchFilters wraps values to use for filtering
 // what access requests the server should return
 type AccessRequestSearchFilters struct {

diff --git a/identityClient/identityClient.go b/identityClient/identityClient.go
@@ -1153,3 +1153,15 @@ func (c *E3dbIdentityClient) InternalUpsertAccessPolicies(ctx context.Context, p
 	err = e3dbClients.MakeSignedServiceCall(ctx, c.requester, req, c.SigningKeys, c.ClientID, &upsertAccessPolicyResponse)
 	return upsertAccessPolicyResponse, err
 }
+
+// ApproveAccessRequests approves one or more existing AccessRequests
+func (c *E3dbIdentityClient) ApproveAccessRequests(ctx context.Context, params ApproveAccessRequestsRequest) (*AccessRequestsResponse, error) {
+	var accessRequests *AccessRequestsResponse
+	path := c.Host + identityServiceBasePath + pamAccessPathPrefix + "/approve"
+	request, err := e3dbClients.CreateRequest(http.MethodPost, path, params)
+	if err != nil {
+		return accessRequests, err
+	}
+	err = e3dbClients.MakeSignedServiceCall(ctx, c.requester, request, c.SigningKeys, c.ClientID, &accessRequests)
+	return accessRequests, err
+}