Search in sources :

Example 1 with FlightDebugInfo

use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.

the class CreateGcpContextFlightV2Test method successCreatesProjectAndContext.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void successCreatesProjectAndContext() throws Exception {
    UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
    AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
    // Retry steps once to validate idempotency.
    Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
    FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
    FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlightV2.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
    assertEquals(FlightStatus.SUCCESS, flightState.getFlightStatus());
    String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isPresent());
    String contextProjectId = workspaceService.getAuthorizedRequiredGcpProject(workspaceId, userRequest);
    assertEquals(projectId, contextProjectId);
    // Verify that the policies were properly stored
    Optional<GcpCloudContext> optionalCloudContext = testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest);
    assertTrue(optionalCloudContext.isPresent(), "has cloud context");
    GcpCloudContext cloudContext = optionalCloudContext.get();
    assertTrue(cloudContext.getSamPolicyOwner().isPresent(), "has owner policy");
    assertTrue(cloudContext.getSamPolicyWriter().isPresent(), "has writer policy");
    assertTrue(cloudContext.getSamPolicyReader().isPresent(), "has reader policy");
    assertTrue(cloudContext.getSamPolicyApplication().isPresent(), "has application policy");
    Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
    assertEquals(projectId, project.getProjectId());
    assertEquals("billingAccounts/" + spendUtils.defaultBillingAccountId(), crl.getCloudBillingClientCow().getProjectBillingInfo("projects/" + projectId).getBillingAccountName());
    assertRolesExist(project);
    assertPolicyGroupsSynced(workspaceId, project);
}
Also used : FlightState(bio.terra.stairway.FlightState) Project(com.google.api.services.cloudresourcemanager.v3.model.Project) FlightDebugInfo(bio.terra.stairway.FlightDebugInfo) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) StepStatus(bio.terra.stairway.StepStatus) UUID(java.util.UUID) GcpCloudContext(bio.terra.workspace.service.workspace.model.GcpCloudContext) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 2 with FlightDebugInfo

use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.

the class CreateGcpContextFlightV2Test method errorRevertsChanges.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void errorRevertsChanges() throws Exception {
    UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
    AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
    // Submit a flight class that always errors.
    Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
    FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().undoStepFailures(retrySteps).lastStepFailure(true).build();
    FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlightV2.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
    assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
    String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
    // The Project should exist, but requested to be deleted.
    Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
    assertEquals(projectId, project.getProjectId());
    assertEquals("DELETE_REQUESTED", project.getState());
}
Also used : FlightState(bio.terra.stairway.FlightState) Project(com.google.api.services.cloudresourcemanager.v3.model.Project) FlightDebugInfo(bio.terra.stairway.FlightDebugInfo) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) StepStatus(bio.terra.stairway.StepStatus) UUID(java.util.UUID) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 3 with FlightDebugInfo

use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.

the class RemoveUserFromWorkspaceFlightTest method removeUserFromWorkspaceFlightDoUndo.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void removeUserFromWorkspaceFlightDoUndo() throws Exception {
    // Create a workspace as the default test user
    Workspace request = Workspace.builder().workspaceId(UUID.randomUUID()).workspaceStage(WorkspaceStage.MC_WORKSPACE).spendProfileId(spendUtils.defaultSpendId()).build();
    UUID workspaceId = workspaceService.createWorkspace(request, userAccessUtils.defaultUserAuthRequest());
    // Add the secondary test user as a writer
    samService.grantWorkspaceRole(workspaceId, userAccessUtils.defaultUserAuthRequest(), WsmIamRole.WRITER, userAccessUtils.getSecondUserEmail());
    samService.dumpRoleBindings(SamResource.WORKSPACE, workspaceId.toString(), userAccessUtils.defaultUserAuthRequest().getRequiredToken());
    // Create a GCP context as default user
    String makeContextJobId = UUID.randomUUID().toString();
    workspaceService.createGcpCloudContext(workspaceId, makeContextJobId, userAccessUtils.defaultUserAuthRequest());
    jobService.waitForJob(makeContextJobId);
    AsyncJobResult<CloudContextHolder> createContextJobResult = jobService.retrieveAsyncJobResult(makeContextJobId, CloudContextHolder.class, userAccessUtils.defaultUserAuthRequest());
    assertEquals(StatusEnum.SUCCEEDED, createContextJobResult.getJobReport().getStatus());
    GcpCloudContext cloudContext = createContextJobResult.getResult().getGcpCloudContext();
    // Create a private dataset for secondary user
    String datasetId = RandomStringUtils.randomAlphabetic(8);
    ControlledBigQueryDatasetResource privateDataset = buildPrivateDataset(workspaceId, datasetId, cloudContext.getGcpProjectId());
    assertNotNull(privateDataset);
    // Validate with Sam that secondary user can read their private resource
    assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
    // Run the "removeUser" flight to the very end, then undo it, retrying steps along the way.
    Map<String, StepStatus> retrySteps = new HashMap<>();
    retrySteps.put(RemoveUserFromSamStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(CheckUserStillInWorkspaceStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(ClaimUserPrivateResourcesStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(RemovePrivateResourceAccessStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(MarkPrivateResourcesAbandonedStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(RevokePetUsagePermissionStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(ReleasePrivateResourceCleanupClaimsStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    FlightDebugInfo failingDebugInfo = FlightDebugInfo.newBuilder().undoStepFailures(retrySteps).lastStepFailure(true).build();
    FlightMap inputParameters = new FlightMap();
    inputParameters.put(WorkspaceFlightMapKeys.WORKSPACE_ID, workspaceId.toString());
    inputParameters.put(WorkspaceFlightMapKeys.USER_TO_REMOVE, userAccessUtils.getSecondUserEmail());
    inputParameters.put(WorkspaceFlightMapKeys.ROLE_TO_REMOVE, ControlledResourceIamRole.WRITER.name());
    // Auth info comes from default user, as they are the ones "making this request"
    inputParameters.put(JobMapKeys.AUTH_USER_INFO.getKeyName(), userAccessUtils.defaultUserAuthRequest());
    FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), RemoveUserFromWorkspaceFlight.class, inputParameters, STAIRWAY_FLIGHT_TIMEOUT, failingDebugInfo);
    assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
    // Validate that secondary user is still a workspace writer and can still read their private
    // resource.
    assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.WRITE));
    assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
    // Run the flight again, this time to success. Retry each do step once.
    FlightDebugInfo passingDebugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
    FlightState passingFlightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), RemoveUserFromWorkspaceFlight.class, inputParameters, STAIRWAY_FLIGHT_TIMEOUT, passingDebugInfo);
    assertEquals(FlightStatus.SUCCESS, passingFlightState.getFlightStatus());
    // Verify the secondary user can no longer access the workspace or their private resource
    assertFalse(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.WRITE));
    assertFalse(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
    // Cleanup
    workspaceService.deleteWorkspace(workspaceId, userAccessUtils.defaultUserAuthRequest());
}
Also used : FlightDebugInfo(bio.terra.stairway.FlightDebugInfo) HashMap(java.util.HashMap) StepStatus(bio.terra.stairway.StepStatus) CloudContextHolder(bio.terra.workspace.service.workspace.model.CloudContextHolder) FlightState(bio.terra.stairway.FlightState) FlightMap(bio.terra.stairway.FlightMap) UUID(java.util.UUID) ControlledBigQueryDatasetResource(bio.terra.workspace.service.resource.controlled.cloud.gcp.bqdataset.ControlledBigQueryDatasetResource) GcpCloudContext(bio.terra.workspace.service.workspace.model.GcpCloudContext) Workspace(bio.terra.workspace.service.workspace.model.Workspace) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) Test(org.junit.jupiter.api.Test) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 4 with FlightDebugInfo

use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.

the class CreateAzureContextFlightTest method errorRevertsChanges.

@Test
void errorRevertsChanges() throws Exception {
    UUID workspaceId = azureTestUtils.createWorkspace(workspaceService);
    AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
    // There should be no cloud context initially.
    assertTrue(workspaceService.getAuthorizedAzureCloudContext(workspaceId, userRequest).isEmpty());
    // Submit a flight class that always errors.
    FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().lastStepFailure(true).build();
    FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateAzureContextFlight.class, azureTestUtils.createAzureContextInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
    assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
    // There should be no cloud context created.
    assertTrue(workspaceService.getAuthorizedAzureCloudContext(workspaceId, userRequest).isEmpty());
}
Also used : FlightState(bio.terra.stairway.FlightState) FlightDebugInfo(bio.terra.stairway.FlightDebugInfo) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) UUID(java.util.UUID) Test(org.junit.jupiter.api.Test) BaseAzureTest(bio.terra.workspace.common.BaseAzureTest)

Example 5 with FlightDebugInfo

use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.

the class CreateGcpContextFlightTest method successCreatesProjectAndContext.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void successCreatesProjectAndContext() throws Exception {
    UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
    AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
    // Retry steps once to validate idempotency.
    Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
    FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
    FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlight.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
    assertEquals(FlightStatus.SUCCESS, flightState.getFlightStatus());
    String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
    assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isPresent());
    String contextProjectId = workspaceService.getAuthorizedRequiredGcpProject(workspaceId, userRequest);
    assertEquals(projectId, contextProjectId);
    Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
    assertEquals(projectId, project.getProjectId());
    assertEquals("billingAccounts/" + spendUtils.defaultBillingAccountId(), crl.getCloudBillingClientCow().getProjectBillingInfo("projects/" + projectId).getBillingAccountName());
    assertRolesExist(project);
    assertPolicyGroupsSynced(workspaceId, project);
}
Also used : FlightState(bio.terra.stairway.FlightState) Project(com.google.api.services.cloudresourcemanager.v3.model.Project) FlightDebugInfo(bio.terra.stairway.FlightDebugInfo) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) StepStatus(bio.terra.stairway.StepStatus) UUID(java.util.UUID) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Aggregations

FlightDebugInfo (bio.terra.stairway.FlightDebugInfo)13 Test (org.junit.jupiter.api.Test)13 BaseConnectedTest (bio.terra.workspace.common.BaseConnectedTest)12 FlightState (bio.terra.stairway.FlightState)10 StepStatus (bio.terra.stairway.StepStatus)10 AuthenticatedUserRequest (bio.terra.workspace.service.iam.AuthenticatedUserRequest)9 DisabledIfEnvironmentVariable (org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)9 UUID (java.util.UUID)8 Workspace (bio.terra.workspace.service.workspace.model.Workspace)6 HashMap (java.util.HashMap)6 FlightMap (bio.terra.stairway.FlightMap)5 Project (com.google.api.services.cloudresourcemanager.v3.model.Project)5 ControlledBigQueryDatasetResource (bio.terra.workspace.service.resource.controlled.cloud.gcp.bqdataset.ControlledBigQueryDatasetResource)3 CreateWorkspaceStep (bio.terra.workspace.service.workspace.flight.CreateWorkspaceStep)3 CreateWorkspaceAuthzStep (bio.terra.workspace.service.workspace.flight.CreateWorkspaceAuthzStep)2 GcpCloudContext (bio.terra.workspace.service.workspace.model.GcpCloudContext)2 BaseAzureTest (bio.terra.workspace.common.BaseAzureTest)1 CheckSamWorkspaceAuthzStep (bio.terra.workspace.service.workspace.flight.CheckSamWorkspaceAuthzStep)1 CloudContextHolder (bio.terra.workspace.service.workspace.model.CloudContextHolder)1