Fix using default duration on auto approved requests (#748)

* set duration returned from preflight in batch ensure request * fix duration passed in * fix messaging when passing in duration * fix potential nil pointer * Ugrade to latest API which includes the Duration on the grant * remove setting override duration --------- Co-authored-by: JoshuaWilkes <[email protected]>
common-fate · Sep 19, 2024 · b114bb5 · b114bb5
1 parent 44d677f
commit b114bb5
Showing 1 changed file with 8 additions and 20 deletions.
diff --git a/pkg/hook/accessrequesthook/accessrequesthook.go b/pkg/hook/accessrequesthook/accessrequesthook.go
@@ -166,6 +166,7 @@ func (h Hook) NoEntitlementAccess(ctx context.Context, cfg *config.Context, inpu
 			req.Justification.Reason = &customReason
 		}
 	}
+
 	// the spinner must be started after prompting for reason, otherwise the prompt gets hidden
 	si := spinner.New(spinner.CharSets[14], 100*time.Millisecond)
 	si.Suffix = " ensuring access..."
@@ -188,15 +189,8 @@ func (h Hook) NoEntitlementAccess(ctx context.Context, cfg *config.Context, inpu
 	for _, g := range res.Msg.Grants {
 		names[eid.New("Access::Grant", g.Grant.Id)] = g.Grant.Name
 
-		exp := "<invalid expiry>"
-
-		if res.Msg.DurationConfiguration != nil {
-			exp = ShortDur(res.Msg.DurationConfiguration.MaxDuration.AsDuration())
-			if res.Msg.DurationConfiguration.DefaultDuration != nil {
-				exp = ShortDur(res.Msg.DurationConfiguration.DefaultDuration.AsDuration())
-
-			}
-		}
+		// default is to show the original duration, except for an active request, where it gets recalculated below to the time remaining
+		exp := ShortDur(g.Grant.Duration.AsDuration())
 
 		switch g.Change {
 		case accessv1alpha1.GrantChange_GRANT_CHANGE_ACTIVATED:
@@ -240,6 +234,8 @@ func (h Hook) NoEntitlementAccess(ctx context.Context, cfg *config.Context, inpu
 
 		switch g.Grant.Status {
 		case accessv1alpha1.GrantStatus_GRANT_STATUS_ACTIVE:
+			// work out how long is remaining on the active grant
+			exp = ShortDur(time.Until(g.Grant.ExpiresAt.AsTime()))
 			color.New(color.FgGreen).Fprintf(os.Stderr, "[ACTIVE] %s is already active for the next %s: %s\n", g.Grant.Name, exp, requestURL(apiURL, g.Grant))
 
 			retry = true
@@ -392,17 +388,8 @@ func DryRun(ctx context.Context, apiURL *url.URL, client accessv1alpha1connect.A
 	for _, g := range res.Msg.Grants {
 		names[eid.New("Access::Grant", g.Grant.Id)] = g.Grant.Name
 
-		exp := "<invalid expiry>"
-
-		if res.Msg.DurationConfiguration != nil {
-			exp = ShortDur(res.Msg.DurationConfiguration.MaxDuration.AsDuration())
-			if res.Msg.DurationConfiguration.DefaultDuration != nil {
-				exp = ShortDur(res.Msg.DurationConfiguration.DefaultDuration.AsDuration())
-			}
-		} else if g.Grant.ExpiresAt != nil {
-			//attempt to work out duration from expiry to preserve backwards compatability with older common fate versions
-			exp = ShortDur(time.Until(g.Grant.ExpiresAt.AsTime()))
-		}
+		// default is to show the original duration, except for an active request, where it gets recalculated below to the time remaining
+		exp := ShortDur(g.Grant.Duration.AsDuration())
 
 		if g.Change > 0 {
 			hasChanges = true
@@ -436,6 +423,7 @@ func DryRun(ctx context.Context, apiURL *url.URL, client accessv1alpha1connect.A
 
 		switch g.Grant.Status {
 		case accessv1alpha1.GrantStatus_GRANT_STATUS_ACTIVE:
+			exp = ShortDur(time.Until(g.Grant.ExpiresAt.AsTime()))
 			color.New(color.FgGreen).Fprintf(os.Stderr, "[ACTIVE] %s is already active for the next %s: %s\n", g.Grant.Name, exp, requestURL(apiURL, g.Grant))
 			continue
 		case accessv1alpha1.GrantStatus_GRANT_STATUS_PENDING: