use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.
the class CreateGcpContextFlightV2Test method successCreatesProjectAndContext.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void successCreatesProjectAndContext() throws Exception {
UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
// Retry steps once to validate idempotency.
Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlightV2.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
assertEquals(FlightStatus.SUCCESS, flightState.getFlightStatus());
String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isPresent());
String contextProjectId = workspaceService.getAuthorizedRequiredGcpProject(workspaceId, userRequest);
assertEquals(projectId, contextProjectId);
// Verify that the policies were properly stored
Optional<GcpCloudContext> optionalCloudContext = testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest);
assertTrue(optionalCloudContext.isPresent(), "has cloud context");
GcpCloudContext cloudContext = optionalCloudContext.get();
assertTrue(cloudContext.getSamPolicyOwner().isPresent(), "has owner policy");
assertTrue(cloudContext.getSamPolicyWriter().isPresent(), "has writer policy");
assertTrue(cloudContext.getSamPolicyReader().isPresent(), "has reader policy");
assertTrue(cloudContext.getSamPolicyApplication().isPresent(), "has application policy");
Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
assertEquals(projectId, project.getProjectId());
assertEquals("billingAccounts/" + spendUtils.defaultBillingAccountId(), crl.getCloudBillingClientCow().getProjectBillingInfo("projects/" + projectId).getBillingAccountName());
assertRolesExist(project);
assertPolicyGroupsSynced(workspaceId, project);
}
use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.
the class CreateGcpContextFlightV2Test method errorRevertsChanges.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void errorRevertsChanges() throws Exception {
UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
// Submit a flight class that always errors.
Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().undoStepFailures(retrySteps).lastStepFailure(true).build();
FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlightV2.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
// The Project should exist, but requested to be deleted.
Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
assertEquals(projectId, project.getProjectId());
assertEquals("DELETE_REQUESTED", project.getState());
}
use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.
the class RemoveUserFromWorkspaceFlightTest method removeUserFromWorkspaceFlightDoUndo.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void removeUserFromWorkspaceFlightDoUndo() throws Exception {
// Create a workspace as the default test user
Workspace request = Workspace.builder().workspaceId(UUID.randomUUID()).workspaceStage(WorkspaceStage.MC_WORKSPACE).spendProfileId(spendUtils.defaultSpendId()).build();
UUID workspaceId = workspaceService.createWorkspace(request, userAccessUtils.defaultUserAuthRequest());
// Add the secondary test user as a writer
samService.grantWorkspaceRole(workspaceId, userAccessUtils.defaultUserAuthRequest(), WsmIamRole.WRITER, userAccessUtils.getSecondUserEmail());
samService.dumpRoleBindings(SamResource.WORKSPACE, workspaceId.toString(), userAccessUtils.defaultUserAuthRequest().getRequiredToken());
// Create a GCP context as default user
String makeContextJobId = UUID.randomUUID().toString();
workspaceService.createGcpCloudContext(workspaceId, makeContextJobId, userAccessUtils.defaultUserAuthRequest());
jobService.waitForJob(makeContextJobId);
AsyncJobResult<CloudContextHolder> createContextJobResult = jobService.retrieveAsyncJobResult(makeContextJobId, CloudContextHolder.class, userAccessUtils.defaultUserAuthRequest());
assertEquals(StatusEnum.SUCCEEDED, createContextJobResult.getJobReport().getStatus());
GcpCloudContext cloudContext = createContextJobResult.getResult().getGcpCloudContext();
// Create a private dataset for secondary user
String datasetId = RandomStringUtils.randomAlphabetic(8);
ControlledBigQueryDatasetResource privateDataset = buildPrivateDataset(workspaceId, datasetId, cloudContext.getGcpProjectId());
assertNotNull(privateDataset);
// Validate with Sam that secondary user can read their private resource
assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
// Run the "removeUser" flight to the very end, then undo it, retrying steps along the way.
Map<String, StepStatus> retrySteps = new HashMap<>();
retrySteps.put(RemoveUserFromSamStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(CheckUserStillInWorkspaceStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(ClaimUserPrivateResourcesStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(RemovePrivateResourceAccessStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(MarkPrivateResourcesAbandonedStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(RevokePetUsagePermissionStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(ReleasePrivateResourceCleanupClaimsStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
FlightDebugInfo failingDebugInfo = FlightDebugInfo.newBuilder().undoStepFailures(retrySteps).lastStepFailure(true).build();
FlightMap inputParameters = new FlightMap();
inputParameters.put(WorkspaceFlightMapKeys.WORKSPACE_ID, workspaceId.toString());
inputParameters.put(WorkspaceFlightMapKeys.USER_TO_REMOVE, userAccessUtils.getSecondUserEmail());
inputParameters.put(WorkspaceFlightMapKeys.ROLE_TO_REMOVE, ControlledResourceIamRole.WRITER.name());
// Auth info comes from default user, as they are the ones "making this request"
inputParameters.put(JobMapKeys.AUTH_USER_INFO.getKeyName(), userAccessUtils.defaultUserAuthRequest());
FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), RemoveUserFromWorkspaceFlight.class, inputParameters, STAIRWAY_FLIGHT_TIMEOUT, failingDebugInfo);
assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
// Validate that secondary user is still a workspace writer and can still read their private
// resource.
assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.WRITE));
assertTrue(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
// Run the flight again, this time to success. Retry each do step once.
FlightDebugInfo passingDebugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
FlightState passingFlightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), RemoveUserFromWorkspaceFlight.class, inputParameters, STAIRWAY_FLIGHT_TIMEOUT, passingDebugInfo);
assertEquals(FlightStatus.SUCCESS, passingFlightState.getFlightStatus());
// Verify the secondary user can no longer access the workspace or their private resource
assertFalse(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.WRITE));
assertFalse(samService.isAuthorized(userAccessUtils.secondUserAuthRequest(), privateDataset.getCategory().getSamResourceName(), privateDataset.getResourceId().toString(), SamControlledResourceActions.WRITE_ACTION));
// Cleanup
workspaceService.deleteWorkspace(workspaceId, userAccessUtils.defaultUserAuthRequest());
}
use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.
the class CreateAzureContextFlightTest method errorRevertsChanges.
@Test
void errorRevertsChanges() throws Exception {
UUID workspaceId = azureTestUtils.createWorkspace(workspaceService);
AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
// There should be no cloud context initially.
assertTrue(workspaceService.getAuthorizedAzureCloudContext(workspaceId, userRequest).isEmpty());
// Submit a flight class that always errors.
FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().lastStepFailure(true).build();
FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateAzureContextFlight.class, azureTestUtils.createAzureContextInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
assertEquals(FlightStatus.ERROR, flightState.getFlightStatus());
// There should be no cloud context created.
assertTrue(workspaceService.getAuthorizedAzureCloudContext(workspaceId, userRequest).isEmpty());
}
use of bio.terra.stairway.FlightDebugInfo in project terra-workspace-manager by DataBiosphere.
the class CreateGcpContextFlightTest method successCreatesProjectAndContext.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void successCreatesProjectAndContext() throws Exception {
UUID workspaceId = createWorkspace(spendUtils.defaultSpendId());
AuthenticatedUserRequest userRequest = userAccessUtils.defaultUserAuthRequest();
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isEmpty());
// Retry steps once to validate idempotency.
Map<String, StepStatus> retrySteps = getStepNameToStepStatusMap();
FlightDebugInfo debugInfo = FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build();
FlightState flightState = StairwayTestUtils.blockUntilFlightCompletes(jobService.getStairway(), CreateGcpContextFlight.class, createInputParameters(workspaceId, userRequest), STAIRWAY_FLIGHT_TIMEOUT, debugInfo);
assertEquals(FlightStatus.SUCCESS, flightState.getFlightStatus());
String projectId = flightState.getResultMap().get().get(WorkspaceFlightMapKeys.GCP_PROJECT_ID, String.class);
assertTrue(testUtils.getAuthorizedGcpCloudContext(workspaceId, userRequest).isPresent());
String contextProjectId = workspaceService.getAuthorizedRequiredGcpProject(workspaceId, userRequest);
assertEquals(projectId, contextProjectId);
Project project = crl.getCloudResourceManagerCow().projects().get(projectId).execute();
assertEquals(projectId, project.getProjectId());
assertEquals("billingAccounts/" + spendUtils.defaultBillingAccountId(), crl.getCloudBillingClientCow().getProjectBillingInfo("projects/" + projectId).getBillingAccountName());
assertRolesExist(project);
assertPolicyGroupsSynced(workspaceId, project);
}
Aggregations