Search in sources :

Example 1 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class BreakGlass method execute.

/**
 * Grant break-glass access to the workspace.
 */
@Override
protected void execute() {
    workspaceOption.overrideIfSpecified();
    // check that the SA key files exist and are valid
    ServiceAccountCredentials userProjectsAdminCredentials;
    ServiceAccountCredentials bigQueryCredentials;
    try {
        final List<String> SA_SCOPES = ImmutableList.of("https://www.googleapis.com/auth/cloud-platform");
        userProjectsAdminCredentials = GoogleOauth.getServiceAccountCredential(Path.of(userProjectAdminSAKeyFile).toFile(), SA_SCOPES);
        bigQueryCredentials = GoogleOauth.getServiceAccountCredential(Path.of(bigQuerySAKeyFile).toFile(), SA_SCOPES);
    } catch (IOException ioEx) {
        throw new UserActionableException("Error reading break-glass SA key files.", ioEx);
    }
    // require that the requester is a workspace owner
    Workspace currentWorkspace = Context.requireWorkspace();
    Optional<WorkspaceUser> granteeWorkspaceUser = WorkspaceUser.list(currentWorkspace).stream().filter(user -> user.getEmail().equalsIgnoreCase(granteeEmail)).findAny();
    if (granteeWorkspaceUser.isEmpty() || !granteeWorkspaceUser.get().getRoles().contains(WorkspaceUser.Role.OWNER)) {
        updateRequestsCatalogWithFailure(bigQueryCredentials, "Requestor is not a workspace owner.");
        throw new UserActionableException("The break-glass requester must be an owner of the workspace.");
    }
    // grant the user's proxy group the Editor role on the workspace project
    String granteeProxyGroupEmail = currentWorkspace.grantBreakGlass(granteeEmail, userProjectsAdminCredentials);
    // update the central BigQuery dataset with details of this request
    updateRequestsCatalogWithSuccess(bigQueryCredentials, granteeProxyGroupEmail);
    OUT.println("Break-glass access successfully granted to: " + granteeEmail);
}
Also used : Context(bio.terra.cli.businessobject.Context) BigQueryError(com.google.cloud.bigquery.BigQueryError) Workspace(bio.terra.cli.businessobject.Workspace) WorkspaceUser(bio.terra.cli.businessobject.WorkspaceUser) Date(java.util.Date) TableId(com.google.cloud.bigquery.TableId) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) BigQuery(com.google.cloud.bigquery.BigQuery) BigQueryOptions(com.google.cloud.bigquery.BigQueryOptions) DateTime(com.google.api.client.util.DateTime) BaseCommand(bio.terra.cli.command.shared.BaseCommand) ImmutableList(com.google.common.collect.ImmutableList) Map(java.util.Map) Command(picocli.CommandLine.Command) Path(java.nio.file.Path) CommandLine(picocli.CommandLine) Logger(org.slf4j.Logger) UserActionableException(bio.terra.cli.exception.UserActionableException) InsertAllRequest(com.google.cloud.bigquery.InsertAllRequest) IOException(java.io.IOException) UUID(java.util.UUID) List(java.util.List) GoogleOauth(bio.terra.cli.service.GoogleOauth) WorkspaceOverride(bio.terra.cli.command.shared.options.WorkspaceOverride) InsertAllResponse(com.google.cloud.bigquery.InsertAllResponse) Optional(java.util.Optional) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) SystemException(bio.terra.cli.exception.SystemException) UserActionableException(bio.terra.cli.exception.UserActionableException) ServiceAccountCredentials(com.google.auth.oauth2.ServiceAccountCredentials) IOException(java.io.IOException) WorkspaceUser(bio.terra.cli.businessobject.WorkspaceUser) Workspace(bio.terra.cli.businessobject.Workspace) WorkspaceOverride(bio.terra.cli.command.shared.options.WorkspaceOverride)

Example 2 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class CleanupTestUserWorkspaces method deleteWorkspaces.

/**
 * List all workspaces the test user has access to and try to delete each one that the test user
 * owns. Deletes up to 100 workspaces at a time.
 */
private static void deleteWorkspaces(TestUser testUser, boolean isDryRun) throws IOException {
    System.out.println("Deleting workspaces for testuser " + testUser.email);
    TestContext.clearGlobalContextDir();
    testUser.login();
    // `terra workspace list`
    List<UFWorkspace> listWorkspaces = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
    }, "workspace", "list", "--limit=100");
    List<UFWorkspaceUser> listWorkspaceUsers;
    for (UFWorkspace workspace : listWorkspaces) {
        try {
            // `terra workspace list-users`
            listWorkspaceUsers = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
            }, "workspace", "list-users", "--workspace=" + workspace.id);
            // find the user in the list
            Optional<UFWorkspaceUser> workspaceUser = listWorkspaceUsers.stream().filter(user -> user.email.equalsIgnoreCase(testUser.email)).findAny();
            // skip deleting if the test user is not an owner
            if (workspaceUser.isEmpty() || !workspaceUser.get().roles.contains(WorkspaceUser.Role.OWNER)) {
                System.out.println("Skip deleting workspace because test user is not an owner: id=" + workspace.id + ", testuser=" + testUser.email);
                continue;
            }
            System.out.println("Deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            if (!isDryRun) {
                // `terra workspace delete --workspace=$id`
                TestCommand.runCommandExpectSuccess("workspace", "delete", "--workspace=" + workspace.id, "--quiet");
                System.out.println("Cleaned up workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            }
            deletedWorkspaces.add(workspace.id);
        } catch (Throwable ex) {
            System.out.println("Error deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            ex.printStackTrace();
            failedWorkspaces.add(workspace.id);
            continue;
        }
    }
    // `terra auth revoke`
    TestCommand.runCommandExpectSuccess("auth", "revoke");
}
Also used : UserActionableException(bio.terra.cli.exception.UserActionableException) WorkspaceUser(bio.terra.cli.businessobject.WorkspaceUser) TestCommand(harness.TestCommand) TestUser(harness.TestUser) IOException(java.io.IOException) UUID(java.util.UUID) ArrayList(java.util.ArrayList) List(java.util.List) UFWorkspaceUser(bio.terra.cli.serialization.userfacing.UFWorkspaceUser) UFWorkspace(bio.terra.cli.serialization.userfacing.UFWorkspace) Optional(java.util.Optional) TestContext(harness.TestContext) TypeReference(com.fasterxml.jackson.core.type.TypeReference) UFWorkspaceUser(bio.terra.cli.serialization.userfacing.UFWorkspaceUser) UFWorkspace(bio.terra.cli.serialization.userfacing.UFWorkspace) TypeReference(com.fasterxml.jackson.core.type.TypeReference)

Example 3 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class AddUser method execute.

/**
 * Add an email to the workspace.
 */
@Override
protected void execute() {
    workspaceOption.overrideIfSpecified();
    WorkspaceUser workspaceUser = WorkspaceUser.add(email, role, Context.requireWorkspace());
    formatOption.printReturnValue(new UFWorkspaceUser(workspaceUser), AddUser::printText);
}
Also used : UFWorkspaceUser(bio.terra.cli.serialization.userfacing.UFWorkspaceUser) WorkspaceUser(bio.terra.cli.businessobject.WorkspaceUser) UFWorkspaceUser(bio.terra.cli.serialization.userfacing.UFWorkspaceUser) WorkspaceOverride(bio.terra.cli.command.shared.options.WorkspaceOverride)

Aggregations

WorkspaceUser (bio.terra.cli.businessobject.WorkspaceUser)3 WorkspaceOverride (bio.terra.cli.command.shared.options.WorkspaceOverride)2 UserActionableException (bio.terra.cli.exception.UserActionableException)2 UFWorkspaceUser (bio.terra.cli.serialization.userfacing.UFWorkspaceUser)2 IOException (java.io.IOException)2 List (java.util.List)2 Optional (java.util.Optional)2 UUID (java.util.UUID)2 Context (bio.terra.cli.businessobject.Context)1 Workspace (bio.terra.cli.businessobject.Workspace)1 BaseCommand (bio.terra.cli.command.shared.BaseCommand)1 SystemException (bio.terra.cli.exception.SystemException)1 UFWorkspace (bio.terra.cli.serialization.userfacing.UFWorkspace)1 GoogleOauth (bio.terra.cli.service.GoogleOauth)1 TypeReference (com.fasterxml.jackson.core.type.TypeReference)1 DateTime (com.google.api.client.util.DateTime)1 ServiceAccountCredentials (com.google.auth.oauth2.ServiceAccountCredentials)1 BigQuery (com.google.cloud.bigquery.BigQuery)1 BigQueryError (com.google.cloud.bigquery.BigQueryError)1 BigQueryOptions (com.google.cloud.bigquery.BigQueryOptions)1