Search in sources :

Example 1 with ApiJobControl

use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.

the class ControlledResourceServiceTest method createAiNotebookInstanceNoWriterRoleThrowsBadRequest.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void createAiNotebookInstanceNoWriterRoleThrowsBadRequest() throws Exception {
    String instanceId = "create-ai-notebook-instance-shared";
    ApiGcpAiNotebookInstanceCreationParameters creationParameters = ControlledResourceFixtures.defaultNotebookCreationParameters().instanceId(instanceId).location(DEFAULT_NOTEBOOK_LOCATION);
    ControlledAiNotebookInstanceResource resource = makeNotebookTestResource(workspace.getWorkspaceId(), instanceId, instanceId);
    // Shared notebooks not yet implemented.
    // Private IAM roles must include writer role.
    ControlledResourceIamRole notWriter = ControlledResourceIamRole.READER;
    BadRequestException noWriterException = assertThrows(BadRequestException.class, () -> controlledResourceService.createAiNotebookInstance(resource, creationParameters, notWriter, new ApiJobControl().id(UUID.randomUUID().toString()), "fakeResultPath", user.getAuthenticatedRequest()));
    assertEquals("A private, controlled AI Notebook instance must have the writer or editor role or else it is not useful.", noWriterException.getMessage());
}
Also used : ApiGcpAiNotebookInstanceCreationParameters(bio.terra.workspace.generated.model.ApiGcpAiNotebookInstanceCreationParameters) BadRequestException(bio.terra.common.exception.BadRequestException) ControlledResourceIamRole(bio.terra.workspace.service.iam.model.ControlledResourceIamRole) ControlledAiNotebookInstanceResource(bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.ControlledAiNotebookInstanceResource) ApiJobControl(bio.terra.workspace.generated.model.ApiJobControl) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 2 with ApiJobControl

use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.

the class ControlledResourceServiceTest method deleteGcsBucketDo.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void deleteGcsBucketDo() throws Exception {
    ControlledGcsBucketResource createdBucket = createDefaultSharedGcsBucket(workspace, user);
    // Test idempotency of bucket-specific delete step by retrying it once.
    Map<String, StepStatus> retrySteps = new HashMap<>();
    retrySteps.put(DeleteGcsBucketStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    jobService.setFlightDebugInfoForTest(FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build());
    String jobId = controlledResourceService.deleteControlledResourceAsync(new ApiJobControl().id(UUID.randomUUID().toString()), workspace.getWorkspaceId(), createdBucket.getResourceId(), "fake result path", user.getAuthenticatedRequest());
    jobService.waitForJob(jobId);
    assertEquals(FlightStatus.SUCCESS, stairwayComponent.get().getFlightState(jobId).getFlightStatus());
    // Validate the bucket does not exist.
    StorageCow storageCow = crlService.createStorageCow(projectId);
    assertNull(storageCow.get(createdBucket.getBucketName()));
    assertThrows(ResourceNotFoundException.class, () -> controlledResourceService.getControlledResource(workspace.getWorkspaceId(), createdBucket.getResourceId(), user.getAuthenticatedRequest()));
}
Also used : DeleteGcsBucketStep(bio.terra.workspace.service.resource.controlled.cloud.gcp.gcsbucket.DeleteGcsBucketStep) HashMap(java.util.HashMap) StepStatus(bio.terra.stairway.StepStatus) StorageCow(bio.terra.cloudres.google.storage.StorageCow) ControlledGcsBucketResource(bio.terra.workspace.service.resource.controlled.cloud.gcp.gcsbucket.ControlledGcsBucketResource) ApiJobControl(bio.terra.workspace.generated.model.ApiJobControl) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 3 with ApiJobControl

use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.

the class ControlledResourceServiceTest method createAiNotebookInstanceUndo.

@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void createAiNotebookInstanceUndo() throws Exception {
    String instanceId = "create-ai-notebook-instance-undo";
    String name = "create-ai-notebook-instance-undo-name";
    ApiGcpAiNotebookInstanceCreationParameters creationParameters = ControlledResourceFixtures.defaultNotebookCreationParameters().instanceId(instanceId).location(DEFAULT_NOTEBOOK_LOCATION);
    ControlledAiNotebookInstanceResource resource = makeNotebookTestResource(workspace.getWorkspaceId(), name, instanceId);
    // Test idempotency of undo steps by retrying them once.
    Map<String, StepStatus> retrySteps = new HashMap<>();
    retrySteps.put(GrantPetUsagePermissionStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    retrySteps.put(CreateAiNotebookInstanceStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
    jobService.setFlightDebugInfoForTest(FlightDebugInfo.newBuilder().lastStepFailure(true).undoStepFailures(retrySteps).build());
    // Revoke user's Pet SA access, if they have it. Because these tests re-use a common workspace,
    // the user may have pet SA access enabled prior to this test.
    String serviceAccountEmail = samService.getOrCreatePetSaEmail(projectId, user.getAuthenticatedRequest().getRequiredToken());
    petSaService.disablePetServiceAccountImpersonation(workspace.getWorkspaceId(), user.getEmail(), user.getAuthenticatedRequest());
    IamCow userIamCow = crlService.getIamCow(user.getAuthenticatedRequest());
    // Assert the user does not have access to their pet SA before the flight
    // Note this uses user credentials for the IAM cow to validate the user's access.
    assertFalse(canImpersonateSa(ServiceAccountName.builder().projectId(projectId).email(serviceAccountEmail).build(), userIamCow));
    String jobId = controlledResourceService.createAiNotebookInstance(resource, creationParameters, DEFAULT_ROLE, new ApiJobControl().id(UUID.randomUUID().toString()), "fakeResultPath", user.getAuthenticatedRequest());
    jobService.waitForJob(jobId);
    assertEquals(FlightStatus.ERROR, stairwayComponent.get().getFlightState(jobId).getFlightStatus());
    assertNotFound(resource.toInstanceName(projectId), crlService.getAIPlatformNotebooksCow());
    assertThrows(ResourceNotFoundException.class, () -> controlledResourceService.getControlledResource(resource.getWorkspaceId(), resource.getResourceId(), user.getAuthenticatedRequest()));
    // This check relies on cloud IAM propagation and is sometimes delayed.
    CloudUtils.runWithRetryOnException(() -> throwIfImpersonateSa(ServiceAccountName.builder().projectId(projectId).email(serviceAccountEmail).build(), userIamCow));
}
Also used : HashMap(java.util.HashMap) ApiGcpAiNotebookInstanceCreationParameters(bio.terra.workspace.generated.model.ApiGcpAiNotebookInstanceCreationParameters) CreateAiNotebookInstanceStep(bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.CreateAiNotebookInstanceStep) StepStatus(bio.terra.stairway.StepStatus) ControlledAiNotebookInstanceResource(bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.ControlledAiNotebookInstanceResource) GrantPetUsagePermissionStep(bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.GrantPetUsagePermissionStep) IamCow(bio.terra.cloudres.google.iam.IamCow) ApiJobControl(bio.terra.workspace.generated.model.ApiJobControl) Test(org.junit.jupiter.api.Test) BaseConnectedTest(bio.terra.workspace.common.BaseConnectedTest) DisabledIfEnvironmentVariable(org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)

Example 4 with ApiJobControl

use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.

the class ControlledGcpResourceApiController method deleteAiNotebookInstance.

@Override
public ResponseEntity<ApiDeleteControlledGcpAiNotebookInstanceResult> deleteAiNotebookInstance(UUID workspaceId, UUID resourceId, @Valid ApiDeleteControlledGcpAiNotebookInstanceRequest body) {
    AuthenticatedUserRequest userRequest = getAuthenticatedInfo();
    ApiJobControl jobControl = body.getJobControl();
    logger.info("deleteAiNotebookInstance workspace {} resource {}", workspaceId.toString(), resourceId.toString());
    String jobId = controlledResourceService.deleteControlledResourceAsync(jobControl, workspaceId, resourceId, getAsyncResultEndpoint(jobControl.getId(), "delete-result"), userRequest);
    ApiDeleteControlledGcpAiNotebookInstanceResult result = fetchNotebookInstanceDeleteResult(jobId, userRequest);
    return new ResponseEntity<>(result, getAsyncResponseCode(result.getJobReport()));
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) ApiDeleteControlledGcpAiNotebookInstanceResult(bio.terra.workspace.generated.model.ApiDeleteControlledGcpAiNotebookInstanceResult) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) ApiJobControl(bio.terra.workspace.generated.model.ApiJobControl)

Example 5 with ApiJobControl

use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.

the class ControlledAzureResourceApiController method deleteAzureVm.

@Override
public ResponseEntity<ApiDeleteControlledAzureResourceResult> deleteAzureVm(UUID workspaceId, UUID resourceId, @Valid ApiDeleteControlledAzureResourceRequest body) {
    features.azureEnabledCheck();
    final AuthenticatedUserRequest userRequest = getAuthenticatedInfo();
    final ApiJobControl jobControl = body.getJobControl();
    logger.info("deleteAzureVm workspace {} resource {}", workspaceId.toString(), resourceId.toString());
    final String jobId = controlledResourceService.deleteControlledResourceAsync(jobControl, workspaceId, resourceId, getAsyncResultEndpoint(jobControl.getId(), "delete-result"), userRequest);
    return getJobDeleteResult(jobId, userRequest);
}
Also used : AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest) ApiJobControl(bio.terra.workspace.generated.model.ApiJobControl)

Aggregations

ApiJobControl (bio.terra.workspace.generated.model.ApiJobControl)11 AuthenticatedUserRequest (bio.terra.workspace.service.iam.AuthenticatedUserRequest)6 BaseConnectedTest (bio.terra.workspace.common.BaseConnectedTest)4 ApiGcpAiNotebookInstanceCreationParameters (bio.terra.workspace.generated.model.ApiGcpAiNotebookInstanceCreationParameters)4 ControlledAiNotebookInstanceResource (bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.ControlledAiNotebookInstanceResource)4 Test (org.junit.jupiter.api.Test)4 DisabledIfEnvironmentVariable (org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)4 StepStatus (bio.terra.stairway.StepStatus)3 HashMap (java.util.HashMap)3 JobService (bio.terra.workspace.service.job.JobService)2 CreateAiNotebookInstanceStep (bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.CreateAiNotebookInstanceStep)2 GrantPetUsagePermissionStep (bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.GrantPetUsagePermissionStep)2 IamCow (bio.terra.cloudres.google.iam.IamCow)1 ServiceAccountName (bio.terra.cloudres.google.iam.ServiceAccountName)1 InstanceName (bio.terra.cloudres.google.notebooks.InstanceName)1 StorageCow (bio.terra.cloudres.google.storage.StorageCow)1 BadRequestException (bio.terra.common.exception.BadRequestException)1 ApiDeleteControlledGcpAiNotebookInstanceResult (bio.terra.workspace.generated.model.ApiDeleteControlledGcpAiNotebookInstanceResult)1 ControlledResourceIamRole (bio.terra.workspace.service.iam.model.ControlledResourceIamRole)1 NotebookCloudSyncStep (bio.terra.workspace.service.resource.controlled.cloud.gcp.ainotebook.NotebookCloudSyncStep)1