use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class WorkspaceApiTestScriptBase method cleanup.
@Override
public void cleanup(List<TestUserSpecification> testUsers) throws Exception {
assertThat("There must be at least one test user in configs/testusers directory.", testUsers != null && testUsers.size() > 0);
final WorkspaceApi workspaceApi = ClientTestUtils.getWorkspaceClient(testUsers.get(0), server);
try {
doCleanup(testUsers, workspaceApi);
} catch (Exception ex) {
logger.debug("Caught exception during cleanup ", ex);
throw (ex);
}
}
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class EnumerateResources method doUserJourney.
@Override
public void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
// Add second user to the workspace as a reader
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(workspaceReader.userEmail), getWorkspaceId(), IamRole.READER);
// Case 1: fetch all
ResourceList enumList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null);
logResult("fetchall", enumList);
// Make sure we got all of the expected ids
matchFullResourceList(enumList.getResources());
// Repeat case 1 as the workspace reader.
// As this is the first operation after modifying workspace IAM groups, retry here to compensate
// for the delay in GCP IAM propagation.
ResourceList readerEnumList = ClientTestUtils.getWithRetryOnException(() -> readerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null));
logResult("fetchall reader", readerEnumList);
matchFullResourceList(readerEnumList.getResources());
// Case 2: fetch by pages
ResourceList page1List = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, PAGE_SIZE, null, null);
logResult("page1", page1List);
assertThat(page1List.getResources().size(), equalTo(PAGE_SIZE));
ResourceList page2List = ownerResourceApi.enumerateResources(getWorkspaceId(), PAGE_SIZE, PAGE_SIZE, null, null);
logResult("page2", page2List);
assertThat(page2List.getResources().size(), equalTo(PAGE_SIZE));
ResourceList page3List = ownerResourceApi.enumerateResources(getWorkspaceId(), 2 * PAGE_SIZE, PAGE_SIZE, null, null);
logResult("page3", page3List);
assertThat(page3List.getResources().size(), lessThan(PAGE_SIZE));
List<ResourceDescription> descriptionList = new ArrayList<>();
descriptionList.addAll(page1List.getResources());
descriptionList.addAll(page2List.getResources());
descriptionList.addAll(page3List.getResources());
matchFullResourceList(descriptionList);
// Case 3: no results if offset is too high
ResourceList enumEmptyList = ownerResourceApi.enumerateResources(getWorkspaceId(), 10 * PAGE_SIZE, PAGE_SIZE, null, null);
assertThat(enumEmptyList.getResources().size(), equalTo(0));
// Case 4: filter by resource type
ResourceList buckets = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, null);
logResult("buckets", buckets);
long expectedBuckets = resourceList.stream().filter(m -> m.getResourceType() == ResourceType.GCS_BUCKET).count();
logger.info("Counted {} buckets created", expectedBuckets);
// Note - assertThat exits out on an int -> long compare, so just don't do that.
long actualBuckets = buckets.getResources().size();
assertThat(actualBuckets, equalTo(expectedBuckets));
// Case 5: filter by stewardship type
ResourceList referencedList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, StewardshipType.REFERENCED);
logResult("referenced", referencedList);
long expectedReferenced = resourceList.stream().filter(m -> m.getStewardshipType() == StewardshipType.REFERENCED).count();
logger.info("Counted {} referenced created", expectedReferenced);
long actualReferenced = referencedList.getResources().size();
assertThat(actualReferenced, equalTo(expectedReferenced));
// Case 6: filter by resource and stewardship
ResourceList controlledBucketList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED);
logResult("controlledBucket", controlledBucketList);
long expectedControlledBuckets = resourceList.stream().filter(m -> (m.getStewardshipType() == StewardshipType.CONTROLLED && m.getResourceType() == ResourceType.GCS_BUCKET)).count();
logger.info("Counted {} controlled buckets created", expectedControlledBuckets);
long actualControlledBuckets = controlledBucketList.getResources().size();
assertThat(actualControlledBuckets, equalTo(expectedControlledBuckets));
// Case 7: validate error on invalid pagination params
ApiException invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), -11, 2, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), 0, 0, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
}
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class EnablePet method doUserJourney.
@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi userWorkspaceApi) throws Exception {
// Validate that the user cannot impersonate their pet before calling this endpoint.
GoogleApi samGoogleApi = SamClientUtils.samGoogleApi(testUser, server);
String petSaEmail = SamRetry.retry(() -> samGoogleApi.getPetServiceAccount(projectId));
Iam userIamClient = ClientTestUtils.getGcpIamClient(testUser);
assertFalse(canImpersonateSa(userIamClient, petSaEmail));
userWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(userIamClient, petSaEmail));
// Validate that calling this endpoint as the pet does not grant the pet permission to
// impersonate itself.
String rawPetSaToken = SamRetry.retry(() -> samGoogleApi.getPetServiceAccountToken(projectId, ClientTestUtils.TEST_USER_SCOPES));
AccessToken petSaToken = new AccessToken(rawPetSaToken, null);
WorkspaceApi petSaWorkspaceApi = ClientTestUtils.getWorkspaceClientFromToken(petSaToken, server);
petSaWorkspaceApi.enablePet(getWorkspaceId());
// Add second user to the workspace as a reader.
userWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(secondUser.userEmail), getWorkspaceId(), IamRole.READER);
// Validate the second user cannot impersonate either user's pet.
GoogleApi secondUserSamGoogleApi = SamClientUtils.samGoogleApi(secondUser, server);
String secondUserPetSaEmail = SamRetry.retry(() -> secondUserSamGoogleApi.getPetServiceAccount(projectId));
Iam secondUserIamClient = ClientTestUtils.getGcpIamClient(secondUser);
assertFalse(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Enable the second user to impersonate their pet
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(secondUser, server);
secondUserWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
// Second user still cannot impersonate first user's pet
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Remove second user from workspace. This should revoke their permission to impersonate their
// pet.
userWorkspaceApi.removeRole(getWorkspaceId(), IamRole.READER, secondUser.userEmail);
assertTrue(ClientTestUtils.getWithRetryOnException(() -> assertCannotImpersonateSa(secondUserIamClient, secondUserPetSaEmail)));
}
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class GcpWorkspaceCloneTestScriptBase method doSetup.
/**
* Create a GCP context for the source workspace created by the base class, add reader to the
* first workspace, and create a second workspace with another GCP context.
*
* @param testUsers - test user configurations
* @param workspaceApi - API with workspace methods
* @throws Exception whatever checked exceptions get thrown
*/
@Override
protected void doSetup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
super.doSetup(testUsers, workspaceApi);
assertThat("There must be at least two test users defined for this test.", testUsers != null && testUsers.size() > 1);
reader = testUsers.get(1);
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(reader.userEmail), getWorkspaceId(), IamRole.READER);
sourceProjectId = CloudContextMaker.createGcpCloudContext(getWorkspaceId(), workspaceApi);
destinationWorkspaceId = UUID.randomUUID();
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
createWorkspace(destinationWorkspaceId, getSpendProfileId(), secondUserWorkspaceApi);
destinationProjectId = CloudContextMaker.createGcpCloudContext(destinationWorkspaceId, secondUserWorkspaceApi);
}
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class GcpWorkspaceCloneTestScriptBase method doCleanup.
/**
* Clean up source and destination workspaces.
*/
@Override
protected void doCleanup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
// Base class cleans up source workspace.
super.doCleanup(testUsers, workspaceApi);
// Destination workspace is owner by reader, so they need to clean it up.
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
secondUserWorkspaceApi.deleteWorkspace(destinationWorkspaceId);
}
Aggregations