Search in sources :

Example 1 with WorkspaceApi

use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.

the class WorkspaceApiTestScriptBase method cleanup.

@Override
public void cleanup(List<TestUserSpecification> testUsers) throws Exception {
    assertThat("There must be at least one test user in configs/testusers directory.", testUsers != null && testUsers.size() > 0);
    final WorkspaceApi workspaceApi = ClientTestUtils.getWorkspaceClient(testUsers.get(0), server);
    try {
        doCleanup(testUsers, workspaceApi);
    } catch (Exception ex) {
        logger.debug("Caught exception during cleanup ", ex);
        throw (ex);
    }
}
Also used : WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)

Example 2 with WorkspaceApi

use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.

the class EnumerateResources method doUserJourney.

@Override
public void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
    // Add second user to the workspace as a reader
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(workspaceReader.userEmail), getWorkspaceId(), IamRole.READER);
    // Case 1: fetch all
    ResourceList enumList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null);
    logResult("fetchall", enumList);
    // Make sure we got all of the expected ids
    matchFullResourceList(enumList.getResources());
    // Repeat case 1 as the workspace reader.
    // As this is the first operation after modifying workspace IAM groups, retry here to compensate
    // for the delay in GCP IAM propagation.
    ResourceList readerEnumList = ClientTestUtils.getWithRetryOnException(() -> readerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null));
    logResult("fetchall reader", readerEnumList);
    matchFullResourceList(readerEnumList.getResources());
    // Case 2: fetch by pages
    ResourceList page1List = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, PAGE_SIZE, null, null);
    logResult("page1", page1List);
    assertThat(page1List.getResources().size(), equalTo(PAGE_SIZE));
    ResourceList page2List = ownerResourceApi.enumerateResources(getWorkspaceId(), PAGE_SIZE, PAGE_SIZE, null, null);
    logResult("page2", page2List);
    assertThat(page2List.getResources().size(), equalTo(PAGE_SIZE));
    ResourceList page3List = ownerResourceApi.enumerateResources(getWorkspaceId(), 2 * PAGE_SIZE, PAGE_SIZE, null, null);
    logResult("page3", page3List);
    assertThat(page3List.getResources().size(), lessThan(PAGE_SIZE));
    List<ResourceDescription> descriptionList = new ArrayList<>();
    descriptionList.addAll(page1List.getResources());
    descriptionList.addAll(page2List.getResources());
    descriptionList.addAll(page3List.getResources());
    matchFullResourceList(descriptionList);
    // Case 3: no results if offset is too high
    ResourceList enumEmptyList = ownerResourceApi.enumerateResources(getWorkspaceId(), 10 * PAGE_SIZE, PAGE_SIZE, null, null);
    assertThat(enumEmptyList.getResources().size(), equalTo(0));
    // Case 4: filter by resource type
    ResourceList buckets = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, null);
    logResult("buckets", buckets);
    long expectedBuckets = resourceList.stream().filter(m -> m.getResourceType() == ResourceType.GCS_BUCKET).count();
    logger.info("Counted {} buckets created", expectedBuckets);
    // Note - assertThat exits out on an int -> long compare, so just don't do that.
    long actualBuckets = buckets.getResources().size();
    assertThat(actualBuckets, equalTo(expectedBuckets));
    // Case 5: filter by stewardship type
    ResourceList referencedList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, StewardshipType.REFERENCED);
    logResult("referenced", referencedList);
    long expectedReferenced = resourceList.stream().filter(m -> m.getStewardshipType() == StewardshipType.REFERENCED).count();
    logger.info("Counted {} referenced created", expectedReferenced);
    long actualReferenced = referencedList.getResources().size();
    assertThat(actualReferenced, equalTo(expectedReferenced));
    // Case 6: filter by resource and stewardship
    ResourceList controlledBucketList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED);
    logResult("controlledBucket", controlledBucketList);
    long expectedControlledBuckets = resourceList.stream().filter(m -> (m.getStewardshipType() == StewardshipType.CONTROLLED && m.getResourceType() == ResourceType.GCS_BUCKET)).count();
    logger.info("Counted {} controlled buckets created", expectedControlledBuckets);
    long actualControlledBuckets = controlledBucketList.getResources().size();
    assertThat(actualControlledBuckets, equalTo(expectedControlledBuckets));
    // Case 7: validate error on invalid pagination params
    ApiException invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), -11, 2, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
    assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
    invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), 0, 0, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
    assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ControlledGcpResourceApi(bio.terra.workspace.api.ControlledGcpResourceApi) ClientTestUtils(scripts.utils.ClientTestUtils) CloudContextMaker(scripts.utils.CloudContextMaker) LoggerFactory(org.slf4j.LoggerFactory) ResourceList(bio.terra.workspace.model.ResourceList) ArrayList(java.util.ArrayList) WorkspaceAllocateTestScriptBase(scripts.utils.WorkspaceAllocateTestScriptBase) Matchers.lessThan(org.hamcrest.Matchers.lessThan) MultiResourcesUtils(scripts.utils.MultiResourcesUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi) StewardshipType(bio.terra.workspace.model.StewardshipType) ControlledResourceMetadata(bio.terra.workspace.model.ControlledResourceMetadata) WorkspaceApi(bio.terra.workspace.api.WorkspaceApi) ResourceMetadata(bio.terra.workspace.model.ResourceMetadata) ResourceType(bio.terra.workspace.model.ResourceType) Logger(org.slf4j.Logger) ApiException(bio.terra.workspace.client.ApiException) ApiClient(bio.terra.workspace.client.ApiClient) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) IamRole(bio.terra.workspace.model.IamRole) List(java.util.List) TestUserSpecification(bio.terra.testrunner.runner.config.TestUserSpecification) Matchers.equalTo(org.hamcrest.Matchers.equalTo) GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) ResourceDescription(bio.terra.workspace.model.ResourceDescription) Matchers.greaterThan(org.hamcrest.Matchers.greaterThan) Matchers.containsString(org.hamcrest.Matchers.containsString) ResourceApi(bio.terra.workspace.api.ResourceApi) ResourceList(bio.terra.workspace.model.ResourceList) GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) ResourceDescription(bio.terra.workspace.model.ResourceDescription) ArrayList(java.util.ArrayList) ApiException(bio.terra.workspace.client.ApiException)

Example 3 with WorkspaceApi

use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.

the class EnablePet method doUserJourney.

@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi userWorkspaceApi) throws Exception {
    // Validate that the user cannot impersonate their pet before calling this endpoint.
    GoogleApi samGoogleApi = SamClientUtils.samGoogleApi(testUser, server);
    String petSaEmail = SamRetry.retry(() -> samGoogleApi.getPetServiceAccount(projectId));
    Iam userIamClient = ClientTestUtils.getGcpIamClient(testUser);
    assertFalse(canImpersonateSa(userIamClient, petSaEmail));
    userWorkspaceApi.enablePet(getWorkspaceId());
    assertTrue(canImpersonateSa(userIamClient, petSaEmail));
    // Validate that calling this endpoint as the pet does not grant the pet permission to
    // impersonate itself.
    String rawPetSaToken = SamRetry.retry(() -> samGoogleApi.getPetServiceAccountToken(projectId, ClientTestUtils.TEST_USER_SCOPES));
    AccessToken petSaToken = new AccessToken(rawPetSaToken, null);
    WorkspaceApi petSaWorkspaceApi = ClientTestUtils.getWorkspaceClientFromToken(petSaToken, server);
    petSaWorkspaceApi.enablePet(getWorkspaceId());
    // Add second user to the workspace as a reader.
    userWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(secondUser.userEmail), getWorkspaceId(), IamRole.READER);
    // Validate the second user cannot impersonate either user's pet.
    GoogleApi secondUserSamGoogleApi = SamClientUtils.samGoogleApi(secondUser, server);
    String secondUserPetSaEmail = SamRetry.retry(() -> secondUserSamGoogleApi.getPetServiceAccount(projectId));
    Iam secondUserIamClient = ClientTestUtils.getGcpIamClient(secondUser);
    assertFalse(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
    assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
    // Enable the second user to impersonate their pet
    WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(secondUser, server);
    secondUserWorkspaceApi.enablePet(getWorkspaceId());
    assertTrue(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
    // Second user still cannot impersonate first user's pet
    assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
    // Remove second user from workspace. This should revoke their permission to impersonate their
    // pet.
    userWorkspaceApi.removeRole(getWorkspaceId(), IamRole.READER, secondUser.userEmail);
    assertTrue(ClientTestUtils.getWithRetryOnException(() -> assertCannotImpersonateSa(secondUserIamClient, secondUserPetSaEmail)));
}
Also used : GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) Iam(com.google.api.services.iam.v1.Iam) GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi) WorkspaceApi(bio.terra.workspace.api.WorkspaceApi) AccessToken(com.google.auth.oauth2.AccessToken)

Example 4 with WorkspaceApi

use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.

the class GcpWorkspaceCloneTestScriptBase method doSetup.

/**
 * Create a GCP context for the source workspace created by the base class, add reader to the
 * first workspace, and create a second workspace with another GCP context.
 *
 * @param testUsers - test user configurations
 * @param workspaceApi - API with workspace methods
 * @throws Exception whatever checked exceptions get thrown
 */
@Override
protected void doSetup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
    super.doSetup(testUsers, workspaceApi);
    assertThat("There must be at least two test users defined for this test.", testUsers != null && testUsers.size() > 1);
    reader = testUsers.get(1);
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(reader.userEmail), getWorkspaceId(), IamRole.READER);
    sourceProjectId = CloudContextMaker.createGcpCloudContext(getWorkspaceId(), workspaceApi);
    destinationWorkspaceId = UUID.randomUUID();
    WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
    createWorkspace(destinationWorkspaceId, getSpendProfileId(), secondUserWorkspaceApi);
    destinationProjectId = CloudContextMaker.createGcpCloudContext(destinationWorkspaceId, secondUserWorkspaceApi);
}
Also used : GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)

Example 5 with WorkspaceApi

use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.

the class GcpWorkspaceCloneTestScriptBase method doCleanup.

/**
 * Clean up source and destination workspaces.
 */
@Override
protected void doCleanup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
    // Base class cleans up source workspace.
    super.doCleanup(testUsers, workspaceApi);
    // Destination workspace is owner by reader, so they need to clean it up.
    WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
    secondUserWorkspaceApi.deleteWorkspace(destinationWorkspaceId);
}
Also used : WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)

Aggregations

WorkspaceApi (bio.terra.workspace.api.WorkspaceApi)9 GrantRoleRequestBody (bio.terra.workspace.model.GrantRoleRequestBody)4 UUID (java.util.UUID)3 UserActionableException (bio.terra.cli.exception.UserActionableException)2 ControlledGcpResourceApi (bio.terra.workspace.api.ControlledGcpResourceApi)2 ReferencedGcpResourceApi (bio.terra.workspace.api.ReferencedGcpResourceApi)2 ResourceApi (bio.terra.workspace.api.ResourceApi)2 ApiClient (bio.terra.workspace.client.ApiClient)2 ApiException (bio.terra.workspace.client.ApiException)2 CreateCloudContextRequest (bio.terra.workspace.model.CreateCloudContextRequest)2 CreateCloudContextResult (bio.terra.workspace.model.CreateCloudContextResult)2 CreateWorkspaceRequestBody (bio.terra.workspace.model.CreateWorkspaceRequestBody)2 IamRole (bio.terra.workspace.model.IamRole)2 JobControl (bio.terra.workspace.model.JobControl)2 StatusEnum (bio.terra.workspace.model.JobReport.StatusEnum)2 ResourceDescription (bio.terra.workspace.model.ResourceDescription)2 ResourceList (bio.terra.workspace.model.ResourceList)2 WorkspaceDescription (bio.terra.workspace.model.WorkspaceDescription)2 AccessToken (com.google.auth.oauth2.AccessToken)2 ArrayList (java.util.ArrayList)2