Example 1 with WorkspaceApi
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class WorkspaceApiTestScriptBase method cleanup.
@Override
public void cleanup(List<TestUserSpecification> testUsers) throws Exception {
assertThat("There must be at least one test user in configs/testusers directory.", testUsers != null && testUsers.size() > 0);
final WorkspaceApi workspaceApi = ClientTestUtils.getWorkspaceClient(testUsers.get(0), server);
try {
doCleanup(testUsers, workspaceApi);
} catch (Exception ex) {
logger.debug("Caught exception during cleanup ", ex);
throw (ex);
}
}
Also used :
WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)
Example 2 with WorkspaceApi
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class EnumerateResources method doUserJourney.
@Override
public void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
// Add second user to the workspace as a reader
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(workspaceReader.userEmail), getWorkspaceId(), IamRole.READER);
// Case 1: fetch all
ResourceList enumList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null);
logResult("fetchall", enumList);
// Make sure we got all of the expected ids
matchFullResourceList(enumList.getResources());
// Repeat case 1 as the workspace reader.
// As this is the first operation after modifying workspace IAM groups, retry here to compensate
// for the delay in GCP IAM propagation.
ResourceList readerEnumList = ClientTestUtils.getWithRetryOnException(() -> readerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, null));
logResult("fetchall reader", readerEnumList);
matchFullResourceList(readerEnumList.getResources());
// Case 2: fetch by pages
ResourceList page1List = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, PAGE_SIZE, null, null);
logResult("page1", page1List);
assertThat(page1List.getResources().size(), equalTo(PAGE_SIZE));
ResourceList page2List = ownerResourceApi.enumerateResources(getWorkspaceId(), PAGE_SIZE, PAGE_SIZE, null, null);
logResult("page2", page2List);
assertThat(page2List.getResources().size(), equalTo(PAGE_SIZE));
ResourceList page3List = ownerResourceApi.enumerateResources(getWorkspaceId(), 2 * PAGE_SIZE, PAGE_SIZE, null, null);
logResult("page3", page3List);
assertThat(page3List.getResources().size(), lessThan(PAGE_SIZE));
List<ResourceDescription> descriptionList = new ArrayList<>();
descriptionList.addAll(page1List.getResources());
descriptionList.addAll(page2List.getResources());
descriptionList.addAll(page3List.getResources());
matchFullResourceList(descriptionList);
// Case 3: no results if offset is too high
ResourceList enumEmptyList = ownerResourceApi.enumerateResources(getWorkspaceId(), 10 * PAGE_SIZE, PAGE_SIZE, null, null);
assertThat(enumEmptyList.getResources().size(), equalTo(0));
// Case 4: filter by resource type
ResourceList buckets = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, null);
logResult("buckets", buckets);
long expectedBuckets = resourceList.stream().filter(m -> m.getResourceType() == ResourceType.GCS_BUCKET).count();
logger.info("Counted {} buckets created", expectedBuckets);
// Note - assertThat exits out on an int -> long compare, so just don't do that.
long actualBuckets = buckets.getResources().size();
assertThat(actualBuckets, equalTo(expectedBuckets));
// Case 5: filter by stewardship type
ResourceList referencedList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, null, StewardshipType.REFERENCED);
logResult("referenced", referencedList);
long expectedReferenced = resourceList.stream().filter(m -> m.getStewardshipType() == StewardshipType.REFERENCED).count();
logger.info("Counted {} referenced created", expectedReferenced);
long actualReferenced = referencedList.getResources().size();
assertThat(actualReferenced, equalTo(expectedReferenced));
// Case 6: filter by resource and stewardship
ResourceList controlledBucketList = ownerResourceApi.enumerateResources(getWorkspaceId(), 0, RESOURCE_COUNT, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED);
logResult("controlledBucket", controlledBucketList);
long expectedControlledBuckets = resourceList.stream().filter(m -> (m.getStewardshipType() == StewardshipType.CONTROLLED && m.getResourceType() == ResourceType.GCS_BUCKET)).count();
logger.info("Counted {} controlled buckets created", expectedControlledBuckets);
long actualControlledBuckets = controlledBucketList.getResources().size();
assertThat(actualControlledBuckets, equalTo(expectedControlledBuckets));
// Case 7: validate error on invalid pagination params
ApiException invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), -11, 2, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
invalidPaginationException = assertThrows(ApiException.class, () -> ownerResourceApi.enumerateResources(getWorkspaceId(), 0, 0, ResourceType.GCS_BUCKET, StewardshipType.CONTROLLED));
assertThat(invalidPaginationException.getMessage(), containsString("Invalid pagination"));
}
Also used :
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
ControlledGcpResourceApi(bio.terra.workspace.api.ControlledGcpResourceApi)
ClientTestUtils(scripts.utils.ClientTestUtils)
CloudContextMaker(scripts.utils.CloudContextMaker)
LoggerFactory(org.slf4j.LoggerFactory)
ResourceList(bio.terra.workspace.model.ResourceList)
ArrayList(java.util.ArrayList)
WorkspaceAllocateTestScriptBase(scripts.utils.WorkspaceAllocateTestScriptBase)
Matchers.lessThan(org.hamcrest.Matchers.lessThan)
MultiResourcesUtils(scripts.utils.MultiResourcesUtils)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi)
StewardshipType(bio.terra.workspace.model.StewardshipType)
ControlledResourceMetadata(bio.terra.workspace.model.ControlledResourceMetadata)
WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)
ResourceMetadata(bio.terra.workspace.model.ResourceMetadata)
ResourceType(bio.terra.workspace.model.ResourceType)
Logger(org.slf4j.Logger)
ApiException(bio.terra.workspace.client.ApiException)
ApiClient(bio.terra.workspace.client.ApiClient)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
IamRole(bio.terra.workspace.model.IamRole)
List(java.util.List)
TestUserSpecification(bio.terra.testrunner.runner.config.TestUserSpecification)
Matchers.equalTo(org.hamcrest.Matchers.equalTo)
GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody)
ResourceDescription(bio.terra.workspace.model.ResourceDescription)
Matchers.greaterThan(org.hamcrest.Matchers.greaterThan)
Matchers.containsString(org.hamcrest.Matchers.containsString)
ResourceApi(bio.terra.workspace.api.ResourceApi)
ResourceList(bio.terra.workspace.model.ResourceList)
GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody)
ResourceDescription(bio.terra.workspace.model.ResourceDescription)
ArrayList(java.util.ArrayList)
ApiException(bio.terra.workspace.client.ApiException)
Example 3 with WorkspaceApi
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class EnablePet method doUserJourney.
@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi userWorkspaceApi) throws Exception {
// Validate that the user cannot impersonate their pet before calling this endpoint.
GoogleApi samGoogleApi = SamClientUtils.samGoogleApi(testUser, server);
String petSaEmail = SamRetry.retry(() -> samGoogleApi.getPetServiceAccount(projectId));
Iam userIamClient = ClientTestUtils.getGcpIamClient(testUser);
assertFalse(canImpersonateSa(userIamClient, petSaEmail));
userWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(userIamClient, petSaEmail));
// Validate that calling this endpoint as the pet does not grant the pet permission to
// impersonate itself.
String rawPetSaToken = SamRetry.retry(() -> samGoogleApi.getPetServiceAccountToken(projectId, ClientTestUtils.TEST_USER_SCOPES));
AccessToken petSaToken = new AccessToken(rawPetSaToken, null);
WorkspaceApi petSaWorkspaceApi = ClientTestUtils.getWorkspaceClientFromToken(petSaToken, server);
petSaWorkspaceApi.enablePet(getWorkspaceId());
// Add second user to the workspace as a reader.
userWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(secondUser.userEmail), getWorkspaceId(), IamRole.READER);
// Validate the second user cannot impersonate either user's pet.
GoogleApi secondUserSamGoogleApi = SamClientUtils.samGoogleApi(secondUser, server);
String secondUserPetSaEmail = SamRetry.retry(() -> secondUserSamGoogleApi.getPetServiceAccount(projectId));
Iam secondUserIamClient = ClientTestUtils.getGcpIamClient(secondUser);
assertFalse(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Enable the second user to impersonate their pet
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(secondUser, server);
secondUserWorkspaceApi.enablePet(getWorkspaceId());
assertTrue(canImpersonateSa(secondUserIamClient, secondUserPetSaEmail));
// Second user still cannot impersonate first user's pet
assertFalse(canImpersonateSa(secondUserIamClient, petSaEmail));
// Remove second user from workspace. This should revoke their permission to impersonate their
// pet.
userWorkspaceApi.removeRole(getWorkspaceId(), IamRole.READER, secondUser.userEmail);
assertTrue(ClientTestUtils.getWithRetryOnException(() -> assertCannotImpersonateSa(secondUserIamClient, secondUserPetSaEmail)));
}
Also used :
GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody)
Iam(com.google.api.services.iam.v1.Iam)
GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi)
WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)
AccessToken(com.google.auth.oauth2.AccessToken)
Example 4 with WorkspaceApi
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class GcpWorkspaceCloneTestScriptBase method doSetup.
/**
* Create a GCP context for the source workspace created by the base class, add reader to the
* first workspace, and create a second workspace with another GCP context.
*
* @param testUsers - test user configurations
* @param workspaceApi - API with workspace methods
* @throws Exception whatever checked exceptions get thrown
*/
@Override
protected void doSetup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
super.doSetup(testUsers, workspaceApi);
assertThat("There must be at least two test users defined for this test.", testUsers != null && testUsers.size() > 1);
reader = testUsers.get(1);
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(reader.userEmail), getWorkspaceId(), IamRole.READER);
sourceProjectId = CloudContextMaker.createGcpCloudContext(getWorkspaceId(), workspaceApi);
destinationWorkspaceId = UUID.randomUUID();
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
createWorkspace(destinationWorkspaceId, getSpendProfileId(), secondUserWorkspaceApi);
destinationProjectId = CloudContextMaker.createGcpCloudContext(destinationWorkspaceId, secondUserWorkspaceApi);
}
Also used :
GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody)
WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)
Example 5 with WorkspaceApi
use of bio.terra.workspace.api.WorkspaceApi in project terra-workspace-manager by DataBiosphere.
the class GcpWorkspaceCloneTestScriptBase method doCleanup.
/**
* Clean up source and destination workspaces.
*/
@Override
protected void doCleanup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
// Base class cleans up source workspace.
super.doCleanup(testUsers, workspaceApi);
// Destination workspace is owner by reader, so they need to clean it up.
WorkspaceApi secondUserWorkspaceApi = ClientTestUtils.getWorkspaceClient(reader, server);
secondUserWorkspaceApi.deleteWorkspace(destinationWorkspaceId);
}
Also used :
WorkspaceApi(bio.terra.workspace.api.WorkspaceApi)
Aggregations
WorkspaceApi (bio.terra.workspace.api.WorkspaceApi)9
GrantRoleRequestBody (bio.terra.workspace.model.GrantRoleRequestBody)4
UUID (java.util.UUID)3
UserActionableException (bio.terra.cli.exception.UserActionableException)2
ControlledGcpResourceApi (bio.terra.workspace.api.ControlledGcpResourceApi)2
ReferencedGcpResourceApi (bio.terra.workspace.api.ReferencedGcpResourceApi)2
ResourceApi (bio.terra.workspace.api.ResourceApi)2
ApiClient (bio.terra.workspace.client.ApiClient)2
ApiException (bio.terra.workspace.client.ApiException)2
CreateCloudContextRequest (bio.terra.workspace.model.CreateCloudContextRequest)2
CreateCloudContextResult (bio.terra.workspace.model.CreateCloudContextResult)2
CreateWorkspaceRequestBody (bio.terra.workspace.model.CreateWorkspaceRequestBody)2
IamRole (bio.terra.workspace.model.IamRole)2
JobControl (bio.terra.workspace.model.JobControl)2
StatusEnum (bio.terra.workspace.model.JobReport.StatusEnum)2
ResourceDescription (bio.terra.workspace.model.ResourceDescription)2
ResourceList (bio.terra.workspace.model.ResourceList)2
WorkspaceDescription (bio.terra.workspace.model.WorkspaceDescription)2
AccessToken (com.google.auth.oauth2.AccessToken)2
ArrayList (java.util.ArrayList)2
