use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.
the class BreakGlass method execute.
/**
* Grant break-glass access to the workspace.
*/
@Override
protected void execute() {
workspaceOption.overrideIfSpecified();
// check that the SA key files exist and are valid
ServiceAccountCredentials userProjectsAdminCredentials;
ServiceAccountCredentials bigQueryCredentials;
try {
final List<String> SA_SCOPES = ImmutableList.of("https://www.googleapis.com/auth/cloud-platform");
userProjectsAdminCredentials = GoogleOauth.getServiceAccountCredential(Path.of(userProjectAdminSAKeyFile).toFile(), SA_SCOPES);
bigQueryCredentials = GoogleOauth.getServiceAccountCredential(Path.of(bigQuerySAKeyFile).toFile(), SA_SCOPES);
} catch (IOException ioEx) {
throw new UserActionableException("Error reading break-glass SA key files.", ioEx);
}
// require that the requester is a workspace owner
Workspace currentWorkspace = Context.requireWorkspace();
Optional<WorkspaceUser> granteeWorkspaceUser = WorkspaceUser.list(currentWorkspace).stream().filter(user -> user.getEmail().equalsIgnoreCase(granteeEmail)).findAny();
if (granteeWorkspaceUser.isEmpty() || !granteeWorkspaceUser.get().getRoles().contains(WorkspaceUser.Role.OWNER)) {
updateRequestsCatalogWithFailure(bigQueryCredentials, "Requestor is not a workspace owner.");
throw new UserActionableException("The break-glass requester must be an owner of the workspace.");
}
// grant the user's proxy group the Editor role on the workspace project
String granteeProxyGroupEmail = currentWorkspace.grantBreakGlass(granteeEmail, userProjectsAdminCredentials);
// update the central BigQuery dataset with details of this request
updateRequestsCatalogWithSuccess(bigQueryCredentials, granteeProxyGroupEmail);
OUT.println("Break-glass access successfully granted to: " + granteeEmail);
}
use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.
the class CleanupTestUserWorkspaces method deleteWorkspaces.
/**
* List all workspaces the test user has access to and try to delete each one that the test user
* owns. Deletes up to 100 workspaces at a time.
*/
private static void deleteWorkspaces(TestUser testUser, boolean isDryRun) throws IOException {
System.out.println("Deleting workspaces for testuser " + testUser.email);
TestContext.clearGlobalContextDir();
testUser.login();
// `terra workspace list`
List<UFWorkspace> listWorkspaces = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
}, "workspace", "list", "--limit=100");
List<UFWorkspaceUser> listWorkspaceUsers;
for (UFWorkspace workspace : listWorkspaces) {
try {
// `terra workspace list-users`
listWorkspaceUsers = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
}, "workspace", "list-users", "--workspace=" + workspace.id);
// find the user in the list
Optional<UFWorkspaceUser> workspaceUser = listWorkspaceUsers.stream().filter(user -> user.email.equalsIgnoreCase(testUser.email)).findAny();
// skip deleting if the test user is not an owner
if (workspaceUser.isEmpty() || !workspaceUser.get().roles.contains(WorkspaceUser.Role.OWNER)) {
System.out.println("Skip deleting workspace because test user is not an owner: id=" + workspace.id + ", testuser=" + testUser.email);
continue;
}
System.out.println("Deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
if (!isDryRun) {
// `terra workspace delete --workspace=$id`
TestCommand.runCommandExpectSuccess("workspace", "delete", "--workspace=" + workspace.id, "--quiet");
System.out.println("Cleaned up workspace: id=" + workspace.id + ", testuser=" + testUser.email);
}
deletedWorkspaces.add(workspace.id);
} catch (Throwable ex) {
System.out.println("Error deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
ex.printStackTrace();
failedWorkspaces.add(workspace.id);
continue;
}
}
// `terra auth revoke`
TestCommand.runCommandExpectSuccess("auth", "revoke");
}
use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.
the class AddUser method execute.
/**
* Add an email to the workspace.
*/
@Override
protected void execute() {
workspaceOption.overrideIfSpecified();
WorkspaceUser workspaceUser = WorkspaceUser.add(email, role, Context.requireWorkspace());
formatOption.printReturnValue(new UFWorkspaceUser(workspaceUser), AddUser::printText);
}
Aggregations