Examples with GrantRoleRequestBody bio.terra.workspace.model.GrantRoleRequestBody used on opensource projects

Search in sources :

Example 6 with GrantRoleRequestBody

use of bio.terra.workspace.model.GrantRoleRequestBody in project terra-workspace-manager by DataBiosphere.

the class GetRoles method doSetup.

@Override
public void doSetup(List<TestUserSpecification> testUsers, WorkspaceApi workspaceApi) throws Exception {
    super.doSetup(testUsers, workspaceApi);
    for (TestUserSpecification testUser : testUsers) {
        logger.info("Granting role {} for user {} on workspace id {}", IAM_ROLE.toString(), testUser.userEmail, getWorkspaceId().toString());
        final var body = new GrantRoleRequestBody().memberEmail(testUser.userEmail);
        // grant the role
        workspaceApi.grantRole(body, getWorkspaceId(), IAM_ROLE);
    }
}
Also used : GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) TestUserSpecification(bio.terra.testrunner.runner.config.TestUserSpecification)

Example 7 with GrantRoleRequestBody

use of bio.terra.workspace.model.GrantRoleRequestBody in project terra-workspace-manager by DataBiosphere.

the class ReferencedBigQueryResourceLifecycle method doUserJourney.

@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
    ReferencedGcpResourceApi referencedGcpResourceApi = ClientTestUtils.getReferencedGcpResourceClient(testUser, server);
    // Grant secondary users READER permission in the workspace.
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(partialAccessUser.userEmail), getWorkspaceId(), IamRole.READER);
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(noAccessUser.userEmail), getWorkspaceId(), IamRole.READER);
    // Create the references
    GcpBigQueryDatasetResource referencedDataset = BqDatasetUtils.makeBigQueryDatasetReference(referencedBqDatasetAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    bqDatasetResourceId = referencedDataset.getMetadata().getResourceId();
    GcpBigQueryDataTableResource referencedDataTable = BqDatasetUtils.makeBigQueryDataTableReference(referencedBqTableAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    bqDataTableResourceId = referencedDataTable.getMetadata().getResourceId();
    // Get references
    testGetReferences(referencedDataset, referencedDataTable, referencedGcpResourceApi);
    // Clone references
    testCloneReferences(referencedDataset, referencedDataTable, referencedGcpResourceApi, workspaceApi);
    // Validate reference access
    testValidateReferences(testUser);
    // Update the references
    testUpdateReferences(referencedDataset, referencedDataTable, referencedGcpResourceApi);
    // Delete the references
    referencedGcpResourceApi.deleteBigQueryDatasetReference(getWorkspaceId(), bqDatasetResourceId);
    referencedGcpResourceApi.deleteBigQueryDataTableReference(getWorkspaceId(), bqDataTableResourceId);
    // Enumerating all resources with no filters should be empty
    ResourceApi resourceApi = ClientTestUtils.getResourceClient(testUser, server);
    ResourceList enumerateResult = resourceApi.enumerateResources(getWorkspaceId(), 0, 100, null, null);
    assertTrue(enumerateResult.getResources().isEmpty());
}
Also used : ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi) ResourceApi(bio.terra.workspace.api.ResourceApi) ResourceList(bio.terra.workspace.model.ResourceList) GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi) GcpBigQueryDataTableResource(bio.terra.workspace.model.GcpBigQueryDataTableResource) GcpBigQueryDatasetResource(bio.terra.workspace.model.GcpBigQueryDatasetResource)

Example 8 with GrantRoleRequestBody

use of bio.terra.workspace.model.GrantRoleRequestBody in project terra-workspace-manager by DataBiosphere.

the class RemoveUser method doSetup.

@Override
protected void doSetup(List<TestUserSpecification> testUsers, WorkspaceApi ownerWorkspaceApi) throws Exception {
    super.doSetup(testUsers, ownerWorkspaceApi);
    assertThat("There must be at least three test users defined for this test.", testUsers != null && testUsers.size() > 2);
    TestUserSpecification workspaceOwner = testUsers.get(0);
    this.privateResourceUser = testUsers.get(1);
    this.sharedResourceUser = testUsers.get(2);
    assertNotEquals(privateResourceUser.userEmail, sharedResourceUser.userEmail, "The two test users are distinct");
    // Add one user as a reader, and one as both a reader and writer.
    ownerWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(privateResourceUser.userEmail), getWorkspaceId(), IamRole.READER);
    ownerWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(privateResourceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
    ownerWorkspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(sharedResourceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
    // Create a GCP cloud context.
    projectId = CloudContextMaker.createGcpCloudContext(getWorkspaceId(), ownerWorkspaceApi);
    // Create a shared GCS bucket with one object inside.
    ControlledGcpResourceApi ownerResourceApi = ClientTestUtils.getControlledGcpResourceClient(workspaceOwner, server);
    String sharedBucketName = BUCKET_PREFIX + UUID.randomUUID();
    sharedBucket = makeControlledGcsBucketUserShared(ownerResourceApi, getWorkspaceId(), sharedBucketName, CloningInstructionsEnum.NOTHING);
    GcsBucketUtils.addFileToBucket(sharedBucket, workspaceOwner, projectId);
    // Create a private GCS bucket for privateResourceUser with one object inside.
    String privateBucketName = BUCKET_PREFIX + UUID.randomUUID();
    ControlledGcpResourceApi privateUserResourceApi = ClientTestUtils.getControlledGcpResourceClient(privateResourceUser, server);
    privateBucket = makeControlledGcsBucketUserPrivate(privateUserResourceApi, getWorkspaceId(), privateBucketName, CloningInstructionsEnum.NOTHING);
    GcsBucketUtils.addFileToBucket(privateBucket, privateResourceUser, projectId);
    // Create a private BQ dataset for privateResourceUser and populate it.
    String datasetResourceName = RandomStringUtils.randomAlphabetic(8).toLowerCase();
    privateDataset = BqDatasetUtils.makeControlledBigQueryDatasetUserPrivate(privateUserResourceApi, getWorkspaceId(), datasetResourceName, null, CloningInstructionsEnum.NOTHING);
    BqDatasetUtils.populateBigQueryDataset(privateDataset, privateResourceUser, projectId);
    // Create a private notebook for privateResourceUser.
    String notebookInstanceId = RandomStringUtils.randomAlphabetic(8).toLowerCase();
    privateNotebook = NotebookUtils.makeControlledNotebookUserPrivate(getWorkspaceId(), notebookInstanceId, /*location=*/
    null, privateUserResourceApi);
}
Also used : GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) ControlledGcpResourceApi(bio.terra.workspace.api.ControlledGcpResourceApi) TestUserSpecification(bio.terra.testrunner.runner.config.TestUserSpecification)

Example 9 with GrantRoleRequestBody

use of bio.terra.workspace.model.GrantRoleRequestBody in project terra-workspace-manager by DataBiosphere.

the class PrivateControlledAiNotebookInstanceLifecycle method doUserJourney.

@Override
@SuppressFBWarnings(value = "DLS_DEAD_LOCAL_STORE")
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
    CloudContextMaker.createGcpCloudContext(getWorkspaceId(), workspaceApi);
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(resourceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(otherWorkspaceUser.userEmail), getWorkspaceId(), IamRole.WRITER);
    ControlledGcpResourceApi resourceUserApi = ClientTestUtils.getControlledGcpResourceClient(resourceUser, server);
    CreatedControlledGcpAiNotebookInstanceResult creationResult = NotebookUtils.makeControlledNotebookUserPrivate(getWorkspaceId(), instanceId, /*location=*/
    null, resourceUserApi);
    UUID resourceId = creationResult.getAiNotebookInstance().getMetadata().getResourceId();
    GcpAiNotebookInstanceResource resource = resourceUserApi.getAiNotebookInstance(getWorkspaceId(), resourceId);
    assertEquals(instanceId, resource.getAttributes().getInstanceId(), "Notebook instance id is correct in GET response from WSM");
    assertEquals(instanceId, creationResult.getAiNotebookInstance().getAttributes().getInstanceId(), "Notebook instance id is correct in create response from WSM");
    assertEquals(resourceUser.userEmail, resource.getMetadata().getControlledResourceMetadata().getPrivateResourceUser().getUserName(), "User is the private user of the notebook");
    assertEquals("us-central1-a", resource.getAttributes().getLocation(), "The notebook uses the default location because location is not specified.");
    createAControlledAiNotebookInstanceWithoutSpecifiedInstanceId_validInstanceIdIsGenerated(resourceUserApi);
    createAControlledAiNotebookInstanceWithoutSpecifiedInstanceId_specifyLocation(resourceUserApi);
    String instanceName = String.format("projects/%s/locations/%s/instances/%s", resource.getAttributes().getProjectId(), resource.getAttributes().getLocation(), resource.getAttributes().getInstanceId());
    AIPlatformNotebooks userNotebooks = ClientTestUtils.getAIPlatformNotebooksClient(resourceUser);
    assertTrue(NotebookUtils.userHasProxyAccess(creationResult, resourceUser, resource.getAttributes().getProjectId()), "Private resource user has access to their notebook");
    assertFalse(NotebookUtils.userHasProxyAccess(creationResult, otherWorkspaceUser, resource.getAttributes().getProjectId()), "Other workspace user does not have access to a private notebook");
    // The user should be able to stop their notebook.
    userNotebooks.projects().locations().instances().stop(instanceName, new StopInstanceRequest());
    // The user should not be able to directly delete their notebook.
    GoogleJsonResponseException directDeleteForbidden = assertThrows(GoogleJsonResponseException.class, () -> userNotebooks.projects().locations().instances().delete(instanceName).execute());
    assertEquals(HttpStatus.SC_FORBIDDEN, directDeleteForbidden.getStatusCode(), "User may not delete notebook directly on GCP");
    // Any workspace user should be able to enumerate all created notebooks, even though they can't
    // read or write them.
    ResourceApi otherUserApi = ClientTestUtils.getResourceClient(otherWorkspaceUser, server);
    ResourceList notebookList = otherUserApi.enumerateResources(getWorkspaceId(), 0, 5, ResourceType.AI_NOTEBOOK, StewardshipType.CONTROLLED);
    assertEquals(3, notebookList.getResources().size());
    MultiResourcesUtils.assertResourceType(ResourceType.AI_NOTEBOOK, notebookList);
    // Delete the AI Notebook through WSM.
    DeleteControlledGcpAiNotebookInstanceResult deleteResult = resourceUserApi.deleteAiNotebookInstance(new DeleteControlledGcpAiNotebookInstanceRequest().jobControl(new JobControl().id(UUID.randomUUID().toString())), getWorkspaceId(), resourceId);
    String deleteJobId = deleteResult.getJobReport().getId();
    deleteResult = ClientTestUtils.pollWhileRunning(deleteResult, () -> resourceUserApi.getDeleteAiNotebookInstanceResult(getWorkspaceId(), deleteJobId), DeleteControlledGcpAiNotebookInstanceResult::getJobReport, Duration.ofSeconds(10));
    ClientTestUtils.assertJobSuccess("delete ai notebook", deleteResult.getJobReport(), deleteResult.getErrorReport());
    // Verify the notebook was deleted from WSM metadata.
    ApiException notebookIsMissing = assertThrows(ApiException.class, () -> resourceUserApi.getAiNotebookInstance(getWorkspaceId(), resourceId), "Notebook is deleted from WSM");
    assertEquals(HttpStatus.SC_NOT_FOUND, notebookIsMissing.getCode(), "Error from WSM is 404");
    // Verify the notebook was deleted from GCP.
    GoogleJsonResponseException notebookNotFound = assertThrows(GoogleJsonResponseException.class, () -> userNotebooks.projects().locations().instances().get(instanceName).execute(), "Notebook is deleted from GCP");
    // GCP may respond with either 403 or 404 depending on how quickly this is called after deleting
    // the notebook. Either response is valid in this case.
    assertThat("Error from GCP is 403 or 404", notebookNotFound.getStatusCode(), anyOf(equalTo(HttpStatus.SC_NOT_FOUND), equalTo(HttpStatus.SC_FORBIDDEN)));
}
Also used : GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) CreatedControlledGcpAiNotebookInstanceResult(bio.terra.workspace.model.CreatedControlledGcpAiNotebookInstanceResult) DeleteControlledGcpAiNotebookInstanceRequest(bio.terra.workspace.model.DeleteControlledGcpAiNotebookInstanceRequest) DeleteControlledGcpAiNotebookInstanceResult(bio.terra.workspace.model.DeleteControlledGcpAiNotebookInstanceResult) JobControl(bio.terra.workspace.model.JobControl) AIPlatformNotebooks(com.google.api.services.notebooks.v1.AIPlatformNotebooks) GcpAiNotebookInstanceResource(bio.terra.workspace.model.GcpAiNotebookInstanceResource) StopInstanceRequest(com.google.api.services.notebooks.v1.model.StopInstanceRequest) GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException) ControlledGcpResourceApi(bio.terra.workspace.api.ControlledGcpResourceApi) ResourceApi(bio.terra.workspace.api.ResourceApi) ResourceList(bio.terra.workspace.model.ResourceList) ControlledGcpResourceApi(bio.terra.workspace.api.ControlledGcpResourceApi) UUID(java.util.UUID) ApiException(bio.terra.workspace.client.ApiException) SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)

Example 10 with GrantRoleRequestBody

use of bio.terra.workspace.model.GrantRoleRequestBody in project terra-workspace-manager by DataBiosphere.

the class ReferencedGcsResourceLifecycle method doUserJourney.

@Override
protected void doUserJourney(TestUserSpecification testUser, WorkspaceApi workspaceApi) throws Exception {
    ReferencedGcpResourceApi referencedGcpResourceApi = ClientTestUtils.getReferencedGcpResourceClient(testUser, server);
    // Grant secondary users READER permission in the workspace.
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(partialAccessUser.userEmail), getWorkspaceId(), IamRole.READER);
    workspaceApi.grantRole(new GrantRoleRequestBody().memberEmail(noAccessUser.userEmail), getWorkspaceId(), IamRole.READER);
    // Create the references
    GcpGcsBucketResource referencedBucket = GcsBucketUtils.makeGcsBucketReference(gcsUniformAccessBucketAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    bucketResourceId = referencedBucket.getMetadata().getResourceId();
    GcpGcsBucketResource fineGrainedBucket = GcsBucketUtils.makeGcsBucketReference(gcsFineGrainedAccessBucketAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    fineGrainedBucketResourceId = fineGrainedBucket.getMetadata().getResourceId();
    GcpGcsObjectResource referencedGcsFile = GcsBucketObjectUtils.makeGcsObjectReference(gcsFileAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    fileResourceId = referencedGcsFile.getMetadata().getResourceId();
    GcpGcsObjectResource referencedGcsFolder = GcsBucketObjectUtils.makeGcsObjectReference(gcsFolderAttributes, referencedGcpResourceApi, getWorkspaceId(), MultiResourcesUtils.makeName(), CloningInstructionsEnum.REFERENCE);
    folderResourceId = referencedGcsFolder.getMetadata().getResourceId();
    // Get the references
    testGetReferences(referencedBucket, fineGrainedBucket, referencedGcsFile, referencedGcsFolder, referencedGcpResourceApi);
    // Create a second workspace to clone references into, owned by the same user
    testCloneReference(referencedBucket, fineGrainedBucket, referencedGcsFile, referencedGcsFolder, referencedGcpResourceApi, workspaceApi);
    // Validate reference access
    testValidateReference(testUser);
    // Update the references
    testUpdateReferences(fineGrainedBucket, referencedGcpResourceApi);
    // Delete the references
    referencedGcpResourceApi.deleteBucketReference(getWorkspaceId(), bucketResourceId);
    referencedGcpResourceApi.deleteBucketReference(getWorkspaceId(), fineGrainedBucketResourceId);
    referencedGcpResourceApi.deleteGcsObjectReference(getWorkspaceId(), fileResourceId);
    referencedGcpResourceApi.deleteGcsObjectReference(getWorkspaceId(), folderResourceId);
    // Enumerating all resources with no filters should be empty
    ResourceApi resourceApi = ClientTestUtils.getResourceClient(testUser, server);
    ResourceList enumerateResult = resourceApi.enumerateResources(getWorkspaceId(), 0, 100, null, null);
    assertTrue(enumerateResult.getResources().isEmpty());
}
Also used : GcpGcsBucketResource(bio.terra.workspace.model.GcpGcsBucketResource) GcpGcsObjectResource(bio.terra.workspace.model.GcpGcsObjectResource) ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi) ResourceApi(bio.terra.workspace.api.ResourceApi) ResourceList(bio.terra.workspace.model.ResourceList) GrantRoleRequestBody(bio.terra.workspace.model.GrantRoleRequestBody) ReferencedGcpResourceApi(bio.terra.workspace.api.ReferencedGcpResourceApi)

Aggregations

GrantRoleRequestBody (bio.terra.workspace.model.GrantRoleRequestBody)14 ResourceApi (bio.terra.workspace.api.ResourceApi)9 ResourceList (bio.terra.workspace.model.ResourceList)9 ControlledGcpResourceApi (bio.terra.workspace.api.ControlledGcpResourceApi)8 ReferencedGcpResourceApi (bio.terra.workspace.api.ReferencedGcpResourceApi)5 ApiException (bio.terra.workspace.client.ApiException)5 TestUserSpecification (bio.terra.testrunner.runner.config.TestUserSpecification)4 UUID (java.util.UUID)4 WorkspaceApi (bio.terra.workspace.api.WorkspaceApi)3 ApiClient (bio.terra.workspace.client.ApiClient)3 WorkspaceApplicationApi (bio.terra.workspace.api.WorkspaceApplicationApi)2 CreatedControlledGcpGcsBucket (bio.terra.workspace.model.CreatedControlledGcpGcsBucket)2 GcpBigQueryDatasetResource (bio.terra.workspace.model.GcpBigQueryDatasetResource)2 GcpGcsBucketResource (bio.terra.workspace.model.GcpGcsBucketResource)2 WorkspaceApplicationDescription (bio.terra.workspace.model.WorkspaceApplicationDescription)2 GcsBucketAccessTester (scripts.utils.GcsBucketAccessTester)2 ClonedControlledGcpBigQueryDataset (bio.terra.workspace.model.ClonedControlledGcpBigQueryDataset)1 ControlledResourceMetadata (bio.terra.workspace.model.ControlledResourceMetadata)1 CreatedControlledGcpAiNotebookInstanceResult (bio.terra.workspace.model.CreatedControlledGcpAiNotebookInstanceResult)1 DataRepoSnapshotResource (bio.terra.workspace.model.DataRepoSnapshotResource)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial