use of bio.terra.workspace.model.GcpAiNotebookInstanceResource in project terra-workspace-manager by DataBiosphere.
the class PrivateControlledAiNotebookInstanceLifecycle method doUserJourney.
@Override
@SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE")
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
CloudContextMaker.createGcpCloudContext(getWorkspaceId(), workspaceApi);
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(resourceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(otherWorkspaceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
ControlledGcpResourceApi resourceUserApi = ClientTestUtils.getControlledGcpResourceClient(resourceUser, server);
CreatedControlledGcpAiNotebookInstanceResult creationResult = NotebookUtils.makeControlledNotebookUserPrivate(getWorkspaceId(), instanceId, /*location=*/
null, resourceUserApi);
UUID resourceId = creationResult.getAiNotebookInstance().getMetadata().getResourceId();
GcpAiNotebookInstanceResource resource = resourceUserApi.getAiNotebookInstance(getWorkspaceId(), resourceId);
assertEquals(instanceId, resource.getAttributes().getInstanceId(), "Notebook instance id is correct in GET response from WSM");
assertEquals(instanceId, creationResult.getAiNotebookInstance().getAttributes().getInstanceId(), "Notebook instance id is correct in create response from WSM");
assertEquals(resourceUser.userEmail, resource.getMetadata().getControlledResourceMetadata().getPrivateResourceUser().getUserName(), "User is the private user of the notebook");
assertEquals("us-central1-a", resource.getAttributes().getLocation(), "The notebook uses the default location because location is not specified.");
createAControlledAiNotebookInstanceWithoutSpecifiedInstanceId_validInstanceIdIsGenerated(resourceUserApi);
createAControlledAiNotebookInstanceWithoutSpecifiedInstanceId_specifyLocation(resourceUserApi);
String instanceName = String.format("projects/%s/locations/%s/instances/%s", resource.getAttributes().getProjectId(), resource.getAttributes().getLocation(), resource.getAttributes().getInstanceId());
AIPlatformNotebooks userNotebooks = ClientTestUtils.getAIPlatformNotebooksClient(resourceUser);
assertTrue(NotebookUtils.userHasProxyAccess(creationResult, resourceUser, resource.getAttributes().getProjectId()), "Private resource user has access to their notebook");
assertFalse(NotebookUtils.userHasProxyAccess(creationResult, otherWorkspaceUser, resource.getAttributes().getProjectId()), "Other workspace user does not have access to a private notebook");
// The user should be able to stop their notebook.
userNotebooks.projects().locations().instances().stop(instanceName, new StopInstanceRequest());
// The user should not be able to directly delete their notebook.
GoogleJsonResponseException directDeleteForbidden = assertThrows(GoogleJsonResponseException.class, () -> userNotebooks.projects().locations().instances().delete(instanceName).execute());
assertEquals(HttpStatus.SC_FORBIDDEN, directDeleteForbidden.getStatusCode(), "User may not delete notebook directly on GCP");
// Any workspace user should be able to enumerate all created notebooks, even though they can't
// read or write them.
ResourceApi otherUserApi = ClientTestUtils.getResourceClient(otherWorkspaceUser, server);
ResourceList notebookList = otherUserApi.enumerateResources(getWorkspaceId(), 0, 5, ResourceType.AI_NOTEBOOK, StewardshipType.CONTROLLED);
assertEquals(3, notebookList.getResources().size());
MultiResourcesUtils.assertResourceType(ResourceType.AI_NOTEBOOK, notebookList);
// Delete the AI Notebook through WSM.
DeleteControlledGcpAiNotebookInstanceResult deleteResult = resourceUserApi.deleteAiNotebookInstance(new DeleteControlledGcpAiNotebookInstanceRequest().jobControl(new JobControl().id(UUID.randomUUID().toString())), getWorkspaceId(), resourceId);
String deleteJobId = deleteResult.getJobReport().getId();
deleteResult = ClientTestUtils.pollWhileRunning(deleteResult, () -> resourceUserApi.getDeleteAiNotebookInstanceResult(getWorkspaceId(), deleteJobId), DeleteControlledGcpAiNotebookInstanceResult::getJobReport, Duration.ofSeconds(10));
ClientTestUtils.assertJobSuccess("delete ai notebook", deleteResult.getJobReport(), deleteResult.getErrorReport());
// Verify the notebook was deleted from WSM metadata.
ApiException notebookIsMissing = assertThrows(ApiException.class, () -> resourceUserApi.getAiNotebookInstance(getWorkspaceId(), resourceId), "Notebook is deleted from WSM");
assertEquals(HttpStatus.SC_NOT_FOUND, notebookIsMissing.getCode(), "Error from WSM is 404");
// Verify the notebook was deleted from GCP.
GoogleJsonResponseException notebookNotFound = assertThrows(GoogleJsonResponseException.class, () -> userNotebooks.projects().locations().instances().get(instanceName).execute(), "Notebook is deleted from GCP");
// GCP may respond with either 403 or 404 depending on how quickly this is called after deleting
// the notebook. Either response is valid in this case.
assertThat("Error from GCP is 403 or 404", notebookNotFound.getStatusCode(), anyOf(equalTo(HttpStatus.SC_NOT_FOUND), equalTo(HttpStatus.SC_FORBIDDEN)));
}
use of bio.terra.workspace.model.GcpAiNotebookInstanceResource in project terra-workspace-manager by DataBiosphere.
the class MultiResourcesUtils method makeResources.
/**
* Make 7 resources as a representative sample of WSM resource types. This creates a controlled
* shared GCS bucket, private GCS bucket, shared BQ dataset, and private AI notebook, as well as
* references to each of those buckets and datasets.
*
* <p>This method intentionally does not create one of every WSM resource type, as that leads to
* several bloated tests. Each resource type should be tested individually in a relevant
* standalone test.
*
* @param referencedGcpResourceApi api for referenced resources
* @param controlledGcpResourceApi api for controlled resources
* @param workspaceId workspace where we allocate
* @return list of resources
* @throws Exception whatever might come up
*/
public static List<ResourceMetadata> makeResources(ReferencedGcpResourceApi referencedGcpResourceApi, ControlledGcpResourceApi controlledGcpResourceApi, UUID workspaceId) throws Exception {
// Create a shared GCS bucket, a private GCS bucket, and a shared BQ dataset
GcpGcsBucketResource sharedBucket = GcsBucketUtils.makeControlledGcsBucketUserShared(controlledGcpResourceApi, workspaceId, makeName(), CloningInstructionsEnum.NOTHING).getGcpBucket();
GcpGcsBucketResource privateBucket = GcsBucketUtils.makeControlledGcsBucketUserPrivate(controlledGcpResourceApi, workspaceId, makeName(), CloningInstructionsEnum.NOTHING).getGcpBucket();
GcpBigQueryDatasetResource sharedDataset = BqDatasetUtils.makeControlledBigQueryDatasetUserShared(controlledGcpResourceApi, workspaceId, makeName(), null, CloningInstructionsEnum.NOTHING);
GcpAiNotebookInstanceResource notebook = NotebookUtils.makeControlledNotebookUserPrivate(workspaceId, /*instanceId=*/
null, /*location=*/
null, controlledGcpResourceApi).getAiNotebookInstance();
// Create references to the above buckets and datasets
GcpGcsBucketResource sharedBucketReference = GcsBucketUtils.makeGcsBucketReference(sharedBucket.getAttributes(), referencedGcpResourceApi, workspaceId, makeName(), CloningInstructionsEnum.NOTHING);
GcpGcsBucketResource privateBucketReference = GcsBucketUtils.makeGcsBucketReference(privateBucket.getAttributes(), referencedGcpResourceApi, workspaceId, makeName(), CloningInstructionsEnum.NOTHING);
GcpBigQueryDatasetResource datasetReference = BqDatasetUtils.makeBigQueryDatasetReference(sharedDataset.getAttributes(), referencedGcpResourceApi, workspaceId, makeName());
return List.of(sharedBucket.getMetadata(), privateBucket.getMetadata(), sharedDataset.getMetadata(), notebook.getMetadata(), sharedBucketReference.getMetadata(), privateBucketReference.getMetadata(), datasetReference.getMetadata());
}
use of bio.terra.workspace.model.GcpAiNotebookInstanceResource in project terra-cli by DataBiosphere.
the class GcpNotebook method createControlled.
/**
* Create a GCP notebook as a controlled resource in the workspace.
*
* @return the resource that was created
*/
public static GcpNotebook createControlled(CreateGcpNotebookParams createParams) {
validateEnvironmentVariableName(createParams.resourceFields.name);
// call WSM to create the resource
GcpAiNotebookInstanceResource createdResource = WorkspaceManagerService.fromContext().createControlledGcpNotebookInstance(Context.requireWorkspace().getId(), createParams);
logger.info("Created GCP notebook: {}", createdResource);
// convert the WSM object to a CLI object
Context.requireWorkspace().listResourcesAndSync();
return new GcpNotebook(createdResource);
}
Aggregations