Examples with WorkspaceUser bio.terra.cli.businessobject.WorkspaceUser used on opensource projects

Example 1 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class BreakGlass method execute.

/**
 * Grant break-glass access to the workspace.
 */
@Override
protected void execute() {
    workspaceOption.overrideIfSpecified();
    // check that the SA key files exist and are valid
    ServiceAccountCredentials userProjectsAdminCredentials;
    ServiceAccountCredentials bigQueryCredentials;
    try {
        final List<String> SA_SCOPES = ImmutableList.of("https://www.googleapis.com/auth/cloud-platform");
        userProjectsAdminCredentials = GoogleOauth.getServiceAccountCredential(Path.of(userProjectAdminSAKeyFile).toFile(), SA_SCOPES);
        bigQueryCredentials = GoogleOauth.getServiceAccountCredential(Path.of(bigQuerySAKeyFile).toFile(), SA_SCOPES);
    } catch (IOException ioEx) {
        throw new UserActionableException("Error reading break-glass SA key files.", ioEx);
    }
    // require that the requester is a workspace owner
    Workspace currentWorkspace = Context.requireWorkspace();
    Optional<WorkspaceUser> granteeWorkspaceUser = WorkspaceUser.list(currentWorkspace).stream().filter(user -> user.getEmail().equalsIgnoreCase(granteeEmail)).findAny();
    if (granteeWorkspaceUser.isEmpty() || !granteeWorkspaceUser.get().getRoles().contains(WorkspaceUser.Role.OWNER)) {
        updateRequestsCatalogWithFailure(bigQueryCredentials, "Requestor is not a workspace owner.");
        throw new UserActionableException("The break-glass requester must be an owner of the workspace.");
    }
    // grant the user's proxy group the Editor role on the workspace project
    String granteeProxyGroupEmail = currentWorkspace.grantBreakGlass(granteeEmail, userProjectsAdminCredentials);
    // update the central BigQuery dataset with details of this request
    updateRequestsCatalogWithSuccess(bigQueryCredentials, granteeProxyGroupEmail);
    OUT.println("Break-glass access successfully granted to: " + granteeEmail);
}

Example 2 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class CleanupTestUserWorkspaces method deleteWorkspaces.

/**
 * List all workspaces the test user has access to and try to delete each one that the test user
 * owns. Deletes up to 100 workspaces at a time.
 */
private static void deleteWorkspaces(TestUser testUser, boolean isDryRun) throws IOException {
    System.out.println("Deleting workspaces for testuser " + testUser.email);
    TestContext.clearGlobalContextDir();
    testUser.login();
    // `terra workspace list`
    List<UFWorkspace> listWorkspaces = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
    }, "workspace", "list", "--limit=100");
    List<UFWorkspaceUser> listWorkspaceUsers;
    for (UFWorkspace workspace : listWorkspaces) {
        try {
            // `terra workspace list-users`
            listWorkspaceUsers = TestCommand.runAndParseCommandExpectSuccess(new TypeReference<>() {
            }, "workspace", "list-users", "--workspace=" + workspace.id);
            // find the user in the list
            Optional<UFWorkspaceUser> workspaceUser = listWorkspaceUsers.stream().filter(user -> user.email.equalsIgnoreCase(testUser.email)).findAny();
            // skip deleting if the test user is not an owner
            if (workspaceUser.isEmpty() || !workspaceUser.get().roles.contains(WorkspaceUser.Role.OWNER)) {
                System.out.println("Skip deleting workspace because test user is not an owner: id=" + workspace.id + ", testuser=" + testUser.email);
                continue;
            }
            System.out.println("Deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            if (!isDryRun) {
                // `terra workspace delete --workspace=$id`
                TestCommand.runCommandExpectSuccess("workspace", "delete", "--workspace=" + workspace.id, "--quiet");
                System.out.println("Cleaned up workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            }
            deletedWorkspaces.add(workspace.id);
        } catch (Throwable ex) {
            System.out.println("Error deleting workspace: id=" + workspace.id + ", testuser=" + testUser.email);
            ex.printStackTrace();
            failedWorkspaces.add(workspace.id);
            continue;
        }
    }
    // `terra auth revoke`
    TestCommand.runCommandExpectSuccess("auth", "revoke");
}

Example 3 with WorkspaceUser

use of bio.terra.cli.businessobject.WorkspaceUser in project terra-cli by DataBiosphere.

the class AddUser method execute.

/**
 * Add an email to the workspace.
 */
@Override
protected void execute() {
    workspaceOption.overrideIfSpecified();
    WorkspaceUser workspaceUser = WorkspaceUser.add(email, role, Context.requireWorkspace());
    formatOption.printReturnValue(new UFWorkspaceUser(workspaceUser), AddUser::printText);
}