From b4f342172aa54aa988f02594b09b68e6557c8d37 Mon Sep 17 00:00:00 2001
From: netr0m <morten.amundsen@bouvet.no>
Date: Wed, 22 May 2024 13:01:28 +0200
Subject: [PATCH] feat: check for various request status types

---
 pkg/pim/client.go | 11 +++++++++--
 pkg/pim/models.go | 25 +++++++++++++++++++++++++
 pkg/pim/utils.go  | 28 ++++++++++++++++++++++++++++
 3 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 pkg/pim/utils.go

diff --git a/pkg/pim/client.go b/pkg/pim/client.go
index db0e651..18fed1b 100644
--- a/pkg/pim/client.go
+++ b/pkg/pim/client.go
@@ -148,13 +148,20 @@ func ValidateRoleAssignmentRequest(scope string, roleAssignmentRequest RoleAssig
 		Payload: roleAssignmentValidationRequest,
 	}, validationResponse)
 
-	if validationResponse.Properties.Status != "Granted" {
+	if IsRoleAssignmentRequestFailed(validationResponse) {
 		log.Printf("ERROR: The role assignment validation failed with status '%s'", validationResponse.Properties.Status)
 		log.Fatalln(validationResponse)
 		return false
 	}
+	if IsRoleAssignmentRequestOK(validationResponse) {
+		return true
+	}
+	if IsRoleAssignmentRequestPending(validationResponse) {
+		log.Printf("WARNING: The role assignment request is pending with status '%s'", validationResponse.Properties.Status)
+		return true
+	}
 
-	return true
+	return false
 }
 
 func RequestRoleAssignment(subjectId string, roleAssignment *RoleAssignment, duration int, reason string, token string) *RoleAssignmentRequestResponse {
diff --git a/pkg/pim/models.go b/pkg/pim/models.go
index 0536575..b0d8fec 100644
--- a/pkg/pim/models.go
+++ b/pkg/pim/models.go
@@ -81,6 +81,31 @@ type ScheduleInfo struct {
 	EndDateTime   interface{}             `json:"endDateTime"`
 }
 
+const (
+	StatusAccepted                    string = "Accepted"
+	StatusAdminApproved               string = "AdminApproved"
+	StatusAdminDenied                 string = "AdminDenied"
+	StatusCanceled                    string = "Canceled"
+	StatusDenied                      string = "Denied"
+	StatusFailed                      string = "Failed"
+	StatusFailedAsResourceIsLocked    string = "FailedAsResourceIsLocked"
+	StatusGranted                     string = "Granted"
+	StatusInvalid                     string = "Invalid"
+	StatusPendingAdminDecision        string = "PendingAdminDecision"
+	StatusPendingApproval             string = "PendingApproval"
+	StatusPendingApprovalProvisioning string = "PendingApprovalProvisioning"
+	StatusPendingEvaluation           string = "PendingEvaluation"
+	StatusPendingExternalProvisioning string = "PendingExternalProvisioning"
+	StatusPendingProvisioning         string = "PendingProvisioning"
+	StatusPendingRevocation           string = "PendingRevocation"
+	StatusPendingScheduleCreation     string = "PendingScheduleCreation"
+	StatusProvisioned                 string = "Provisioned"
+	StatusProvisioningStarted         string = "ProvisioningStarted"
+	StatusRevoked                     string = "Revoked"
+	StatusScheduleCreated             string = "ScheduleCreated"
+	StatusTimedOut                    string = "TimedOut"
+)
+
 type RoleAssignmentValidationProperties struct {
 	LinkedRoleEligibilityScheduleId string                  `json:"linkedRoleEligibilityScheduleId"`
 	TargetRoleAssignmentScheduleId  string                  `json:"targetRoleAssignmentScheduleId"`
diff --git a/pkg/pim/utils.go b/pkg/pim/utils.go
new file mode 100644
index 0000000..3504d58
--- /dev/null
+++ b/pkg/pim/utils.go
@@ -0,0 +1,28 @@
+/*
+Copyright © 2024 netr0m <netr0m@pm.me>
+*/
+package pim
+
+func IsRoleAssignmentRequestFailed(requestResponse *RoleAssignmentRequestResponse) bool {
+	switch requestResponse.Properties.Status {
+	case StatusAdminDenied, StatusCanceled, StatusDenied, StatusFailed, StatusFailedAsResourceIsLocked, StatusInvalid, StatusRevoked, StatusTimedOut:
+		return true
+	}
+	return false
+}
+
+func IsRoleAssignmentRequestPending(requestResponse *RoleAssignmentRequestResponse) bool {
+	switch requestResponse.Properties.Status {
+	case StatusPendingAdminDecision, StatusPendingApproval, StatusPendingApprovalProvisioning, StatusPendingEvaluation, StatusPendingExternalProvisioning, StatusPendingProvisioning, StatusPendingRevocation, StatusPendingScheduleCreation:
+		return true
+	}
+	return false
+}
+
+func IsRoleAssignmentRequestOK(requestResponse *RoleAssignmentRequestResponse) bool {
+	switch requestResponse.Properties.Status {
+	case StatusAccepted, StatusAdminApproved, StatusGranted, StatusProvisioned, StatusProvisioningStarted, StatusScheduleCreated:
+		return true
+	}
+	return false
+}