Examples with ControlledResourceIamRole - bio.terra.workspace.service.iam.model.ControlledResourceIamRole

Example 6 with ControlledResourceIamRole

use of bio.terra.workspace.service.iam.model.ControlledResourceIamRole in project terra-workspace-manager by DataBiosphere.

the class ControlledResourceSamPolicyBuilder method addPolicies.

public void addPolicies(CreateResourceRequestV2 request) throws InterruptedException {
    Map<ControlledResourceIamRole, AccessPolicyMembershipV2> policyMap;
    // Owner is always WSM SA
    addWsmResourceOwnerPolicy(request);
    switch(category) {
        case USER_SHARED:
            // All other policies are inherited - nothing more to do
            break;
        case USER_PRIVATE:
            // Double check - this is validated earlier and should never happen.
            if (privateUserEmail == null || privateIamRole == null) {
                throw new InternalLogicException("Flight should never see user-private without a user email and iam role");
            }
            policyMap = makeInitialPolicyMap();
            policyMap.get(privateIamRole).addMemberEmailsItem(privateUserEmail);
            applyPolicyMap(request, policyMap);
            break;
        case APPLICATION_SHARED:
            // Double check - this is validated earlier and should never happen
            if (privateUserEmail != null) {
                throw new InternalLogicException("Flight should never see application-shared with a user email");
            }
            // Application is always editor on its resources; other policies are inherited
            AccessPolicyMembershipV2 editorPolicy = new AccessPolicyMembershipV2().addRolesItem(ControlledResourceIamRole.EDITOR.toSamRole());
            addApplicationResourceEditorPolicy(editorPolicy, userRequest);
            request.putPoliciesItem(ControlledResourceIamRole.EDITOR.toSamRole(), editorPolicy);
            break;
        case APPLICATION_PRIVATE:
            policyMap = makeInitialPolicyMap();
            // Application is always editor
            addApplicationResourceEditorPolicy(policyMap.get(ControlledResourceIamRole.EDITOR), userRequest);
            // if we have an assigned user, set up their permission
            if (privateUserEmail != null) {
                policyMap.get(privateIamRole).addMemberEmailsItem(privateUserEmail);
            }
            applyPolicyMap(request, policyMap);
            break;
    }
}

Also used : InternalLogicException(bio.terra.workspace.common.exception.InternalLogicException) AccessPolicyMembershipV2(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembershipV2) ControlledResourceIamRole(bio.terra.workspace.service.iam.model.ControlledResourceIamRole)

Example 7 with ControlledResourceIamRole

use of bio.terra.workspace.service.iam.model.ControlledResourceIamRole in project terra-workspace-manager by DataBiosphere.

the class CopyBigQueryDatasetDefinitionStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
    final FlightMap inputParameters = flightContext.getInputParameters();
    final FlightMap workingMap = flightContext.getWorkingMap();
    final CloningInstructions effectiveCloningInstructions = inputParameters.get(ControlledResourceKeys.CLONING_INSTRUCTIONS, CloningInstructions.class);
    // TODO: handle cloning a controlled resource with REFERENCE option, PF-812
    if (CloningInstructions.COPY_NOTHING.equals(effectiveCloningInstructions) || CloningInstructions.COPY_REFERENCE.equals(effectiveCloningInstructions)) {
        // nothing further to do here or on following steps
        // Build an empty response object
        final ApiClonedControlledGcpBigQueryDataset result = new ApiClonedControlledGcpBigQueryDataset().dataset(null).sourceWorkspaceId(sourceDataset.getWorkspaceId()).sourceResourceId(sourceDataset.getResourceId()).effectiveCloningInstructions(effectiveCloningInstructions.toApiModel());
        FlightUtils.setResponse(flightContext, result, HttpStatus.OK);
        return StepResult.getStepResultSuccess();
    }
    final String resourceName = FlightUtils.getInputParameterOrWorkingValue(flightContext, ResourceKeys.RESOURCE_NAME, ResourceKeys.PREVIOUS_RESOURCE_NAME, String.class);
    final String description = FlightUtils.getInputParameterOrWorkingValue(flightContext, ResourceKeys.RESOURCE_DESCRIPTION, ResourceKeys.PREVIOUS_RESOURCE_DESCRIPTION, String.class);
    final String datasetName = Optional.ofNullable(inputParameters.get(ControlledResourceKeys.DESTINATION_DATASET_NAME, String.class)).orElse(sourceDataset.getDatasetName());
    workingMap.put(ControlledResourceKeys.DESTINATION_DATASET_NAME, datasetName);
    final UUID destinationWorkspaceId = inputParameters.get(ControlledResourceKeys.DESTINATION_WORKSPACE_ID, UUID.class);
    final String location = FlightUtils.getInputParameterOrWorkingValue(flightContext, ControlledResourceKeys.LOCATION, ControlledResourceKeys.LOCATION, String.class);
    final String destinationProjectId = gcpCloudContextService.getRequiredGcpProject(destinationWorkspaceId);
    final ControlledResourceFields commonFields = ControlledResourceFields.builder().accessScope(sourceDataset.getAccessScope()).assignedUser(sourceDataset.getAssignedUser().orElse(null)).cloningInstructions(sourceDataset.getCloningInstructions()).description(description).managedBy(sourceDataset.getManagedBy()).name(resourceName).resourceId(UUID.randomUUID()).workspaceId(destinationWorkspaceId).build();
    final ControlledBigQueryDatasetResource destinationResource = ControlledBigQueryDatasetResource.builder().projectId(destinationProjectId).datasetName(datasetName).common(commonFields).build();
    final ApiGcpBigQueryDatasetCreationParameters creationParameters = new ApiGcpBigQueryDatasetCreationParameters().datasetId(datasetName).location(location);
    final ControlledResourceIamRole iamRole = IamRoleUtils.getIamRoleForAccessScope(destinationResource.getAccessScope());
    final ControlledBigQueryDatasetResource clonedResource = controlledResourceService.createControlledResourceSync(destinationResource, iamRole, userRequest, creationParameters).castByEnum(WsmResourceType.CONTROLLED_GCP_BIG_QUERY_DATASET);
    workingMap.put(ControlledResourceKeys.CLONED_RESOURCE_DEFINITION, clonedResource);
    final ApiClonedControlledGcpBigQueryDataset apiResult = new ApiClonedControlledGcpBigQueryDataset().dataset(clonedResource.toApiResource()).effectiveCloningInstructions(effectiveCloningInstructions.toApiModel()).sourceWorkspaceId(sourceDataset.getWorkspaceId()).sourceResourceId(sourceDataset.getResourceId());
    workingMap.put(ControlledResourceKeys.CLONE_DEFINITION_RESULT, apiResult);
    if (CloningInstructions.COPY_DEFINITION.equals(effectiveCloningInstructions) || CloningInstructions.COPY_RESOURCE.equals(effectiveCloningInstructions)) {
        // Later steps, if any, don't change the success response, since they only affect
        // internal tables and rows in the dataset.
        FlightUtils.setResponse(flightContext, apiResult, HttpStatus.OK);
    }
    return StepResult.getStepResultSuccess();
}

Also used : CloningInstructions(bio.terra.workspace.service.resource.model.CloningInstructions) FlightMap(bio.terra.stairway.FlightMap) ControlledResourceIamRole(bio.terra.workspace.service.iam.model.ControlledResourceIamRole) ApiGcpBigQueryDatasetCreationParameters(bio.terra.workspace.generated.model.ApiGcpBigQueryDatasetCreationParameters) UUID(java.util.UUID) ControlledResourceFields(bio.terra.workspace.service.resource.controlled.model.ControlledResourceFields) ControlledBigQueryDatasetResource(bio.terra.workspace.service.resource.controlled.cloud.gcp.bqdataset.ControlledBigQueryDatasetResource) ApiClonedControlledGcpBigQueryDataset(bio.terra.workspace.generated.model.ApiClonedControlledGcpBigQueryDataset)

Aggregations

ControlledResourceIamRole (bio.terra.workspace.service.iam.model.ControlledResourceIamRole)7 FlightMap (bio.terra.stairway.FlightMap)3 InternalLogicException (bio.terra.workspace.common.exception.InternalLogicException)3 UUID (java.util.UUID)3 BadRequestException (bio.terra.common.exception.BadRequestException)2 ControlledResource (bio.terra.workspace.service.resource.controlled.model.ControlledResource)2 ControlledResourceFields (bio.terra.workspace.service.resource.controlled.model.ControlledResourceFields)2 CloningInstructions (bio.terra.workspace.service.resource.model.CloningInstructions)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 AccessPolicyMembershipV2 (org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembershipV2)2 ServiceAccountName (bio.terra.cloudres.google.iam.ServiceAccountName)1 ForbiddenException (bio.terra.common.exception.ForbiddenException)1 InternalServerErrorException (bio.terra.common.exception.InternalServerErrorException)1 ValidationException (bio.terra.common.exception.ValidationException)1 SamRetry (bio.terra.common.sam.SamRetry)1 SamExceptionFactory (bio.terra.common.sam.exception.SamExceptionFactory)1 SamConfiguration (bio.terra.workspace.app.configuration.external.SamConfiguration)1 BaseConnectedTest (bio.terra.workspace.common.BaseConnectedTest)1 GcpUtils (bio.terra.workspace.common.utils.GcpUtils)1