use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.
the class ControlledResourceServiceTest method createAiNotebookInstanceNoWriterRoleThrowsBadRequest.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void createAiNotebookInstanceNoWriterRoleThrowsBadRequest() throws Exception {
String instanceId = "create-ai-notebook-instance-shared";
ApiGcpAiNotebookInstanceCreationParameters creationParameters = ControlledResourceFixtures.defaultNotebookCreationParameters().instanceId(instanceId).location(DEFAULT_NOTEBOOK_LOCATION);
ControlledAiNotebookInstanceResource resource = makeNotebookTestResource(workspace.getWorkspaceId(), instanceId, instanceId);
// Shared notebooks not yet implemented.
// Private IAM roles must include writer role.
ControlledResourceIamRole notWriter = ControlledResourceIamRole.READER;
BadRequestException noWriterException = assertThrows(BadRequestException.class, () -> controlledResourceService.createAiNotebookInstance(resource, creationParameters, notWriter, new ApiJobControl().id(UUID.randomUUID().toString()), "fakeResultPath", user.getAuthenticatedRequest()));
assertEquals("A private, controlled AI Notebook instance must have the writer or editor role or else it is not useful.", noWriterException.getMessage());
}
use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.
the class ControlledResourceServiceTest method deleteGcsBucketDo.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void deleteGcsBucketDo() throws Exception {
ControlledGcsBucketResource createdBucket = createDefaultSharedGcsBucket(workspace, user);
// Test idempotency of bucket-specific delete step by retrying it once.
Map<String, StepStatus> retrySteps = new HashMap<>();
retrySteps.put(DeleteGcsBucketStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
jobService.setFlightDebugInfoForTest(FlightDebugInfo.newBuilder().doStepFailures(retrySteps).build());
String jobId = controlledResourceService.deleteControlledResourceAsync(new ApiJobControl().id(UUID.randomUUID().toString()), workspace.getWorkspaceId(), createdBucket.getResourceId(), "fake result path", user.getAuthenticatedRequest());
jobService.waitForJob(jobId);
assertEquals(FlightStatus.SUCCESS, stairwayComponent.get().getFlightState(jobId).getFlightStatus());
// Validate the bucket does not exist.
StorageCow storageCow = crlService.createStorageCow(projectId);
assertNull(storageCow.get(createdBucket.getBucketName()));
assertThrows(ResourceNotFoundException.class, () -> controlledResourceService.getControlledResource(workspace.getWorkspaceId(), createdBucket.getResourceId(), user.getAuthenticatedRequest()));
}
use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.
the class ControlledResourceServiceTest method createAiNotebookInstanceUndo.
@Test
@DisabledIfEnvironmentVariable(named = "TEST_ENV", matches = BUFFER_SERVICE_DISABLED_ENVS_REG_EX)
void createAiNotebookInstanceUndo() throws Exception {
String instanceId = "create-ai-notebook-instance-undo";
String name = "create-ai-notebook-instance-undo-name";
ApiGcpAiNotebookInstanceCreationParameters creationParameters = ControlledResourceFixtures.defaultNotebookCreationParameters().instanceId(instanceId).location(DEFAULT_NOTEBOOK_LOCATION);
ControlledAiNotebookInstanceResource resource = makeNotebookTestResource(workspace.getWorkspaceId(), name, instanceId);
// Test idempotency of undo steps by retrying them once.
Map<String, StepStatus> retrySteps = new HashMap<>();
retrySteps.put(GrantPetUsagePermissionStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
retrySteps.put(CreateAiNotebookInstanceStep.class.getName(), StepStatus.STEP_RESULT_FAILURE_RETRY);
jobService.setFlightDebugInfoForTest(FlightDebugInfo.newBuilder().lastStepFailure(true).undoStepFailures(retrySteps).build());
// Revoke user's Pet SA access, if they have it. Because these tests re-use a common workspace,
// the user may have pet SA access enabled prior to this test.
String serviceAccountEmail = samService.getOrCreatePetSaEmail(projectId, user.getAuthenticatedRequest().getRequiredToken());
petSaService.disablePetServiceAccountImpersonation(workspace.getWorkspaceId(), user.getEmail(), user.getAuthenticatedRequest());
IamCow userIamCow = crlService.getIamCow(user.getAuthenticatedRequest());
// Assert the user does not have access to their pet SA before the flight
// Note this uses user credentials for the IAM cow to validate the user's access.
assertFalse(canImpersonateSa(ServiceAccountName.builder().projectId(projectId).email(serviceAccountEmail).build(), userIamCow));
String jobId = controlledResourceService.createAiNotebookInstance(resource, creationParameters, DEFAULT_ROLE, new ApiJobControl().id(UUID.randomUUID().toString()), "fakeResultPath", user.getAuthenticatedRequest());
jobService.waitForJob(jobId);
assertEquals(FlightStatus.ERROR, stairwayComponent.get().getFlightState(jobId).getFlightStatus());
assertNotFound(resource.toInstanceName(projectId), crlService.getAIPlatformNotebooksCow());
assertThrows(ResourceNotFoundException.class, () -> controlledResourceService.getControlledResource(resource.getWorkspaceId(), resource.getResourceId(), user.getAuthenticatedRequest()));
// This check relies on cloud IAM propagation and is sometimes delayed.
CloudUtils.runWithRetryOnException(() -> throwIfImpersonateSa(ServiceAccountName.builder().projectId(projectId).email(serviceAccountEmail).build(), userIamCow));
}
use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.
the class ControlledGcpResourceApiController method deleteAiNotebookInstance.
@Override
public ResponseEntity<ApiDeleteControlledGcpAiNotebookInstanceResult> deleteAiNotebookInstance(UUID workspaceId, UUID resourceId, @Valid ApiDeleteControlledGcpAiNotebookInstanceRequest body) {
AuthenticatedUserRequest userRequest = getAuthenticatedInfo();
ApiJobControl jobControl = body.getJobControl();
logger.info("deleteAiNotebookInstance workspace {} resource {}", workspaceId.toString(), resourceId.toString());
String jobId = controlledResourceService.deleteControlledResourceAsync(jobControl, workspaceId, resourceId, getAsyncResultEndpoint(jobControl.getId(), "delete-result"), userRequest);
ApiDeleteControlledGcpAiNotebookInstanceResult result = fetchNotebookInstanceDeleteResult(jobId, userRequest);
return new ResponseEntity<>(result, getAsyncResponseCode(result.getJobReport()));
}
use of bio.terra.workspace.generated.model.ApiJobControl in project terra-workspace-manager by DataBiosphere.
the class ControlledAzureResourceApiController method deleteAzureVm.
@Override
public ResponseEntity<ApiDeleteControlledAzureResourceResult> deleteAzureVm(UUID workspaceId, UUID resourceId, @Valid ApiDeleteControlledAzureResourceRequest body) {
features.azureEnabledCheck();
final AuthenticatedUserRequest userRequest = getAuthenticatedInfo();
final ApiJobControl jobControl = body.getJobControl();
logger.info("deleteAzureVm workspace {} resource {}", workspaceId.toString(), resourceId.toString());
final String jobId = controlledResourceService.deleteControlledResourceAsync(jobControl, workspaceId, resourceId, getAsyncResultEndpoint(jobControl.getId(), "delete-result"), userRequest);
return getJobDeleteResult(jobId, userRequest);
}
Aggregations