Search in sources :

Example 1 with PetSaService

use of bio.terra.workspace.service.petserviceaccount.PetSaService in project terra-workspace-manager by DataBiosphere.

the class ReferencedBigQueryDataTableResource method checkAccess.

@Override
public boolean checkAccess(FlightBeanBag context, AuthenticatedUserRequest userRequest) {
    CrlService crlService = context.getCrlService();
    PetSaService petSaService = context.getPetSaService();
    Optional<AuthenticatedUserRequest> maybePetCreds = petSaService.getWorkspacePetCredentials(getWorkspaceId(), userRequest);
    return crlService.canReadBigQueryDataTable(projectId, datasetId, dataTableId, maybePetCreds.orElse(userRequest));
}
Also used : CrlService(bio.terra.workspace.service.crl.CrlService) PetSaService(bio.terra.workspace.service.petserviceaccount.PetSaService) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest)

Example 2 with PetSaService

use of bio.terra.workspace.service.petserviceaccount.PetSaService in project terra-workspace-manager by DataBiosphere.

the class ReferencedGcsBucketResource method checkAccess.

@Override
public boolean checkAccess(FlightBeanBag context, AuthenticatedUserRequest userRequest) {
    CrlService crlService = context.getCrlService();
    PetSaService petSaService = context.getPetSaService();
    // If the resource's workspace has a GCP cloud context, use the SA from that context. Otherwise,
    // use the provided credentials. This cannot use arbitrary pet SA credentials, as they may not
    // have the Storage APIs enabled.
    Optional<AuthenticatedUserRequest> maybePetCreds = petSaService.getWorkspacePetCredentials(getWorkspaceId(), userRequest);
    return crlService.canReadGcsBucket(bucketName, maybePetCreds.orElse(userRequest));
}
Also used : CrlService(bio.terra.workspace.service.crl.CrlService) PetSaService(bio.terra.workspace.service.petserviceaccount.PetSaService) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest)

Example 3 with PetSaService

use of bio.terra.workspace.service.petserviceaccount.PetSaService in project terra-workspace-manager by DataBiosphere.

the class ReferencedGcsObjectResource method checkAccess.

@Override
public boolean checkAccess(FlightBeanBag context, AuthenticatedUserRequest userRequest) {
    CrlService crlService = context.getCrlService();
    PetSaService petSaService = context.getPetSaService();
    // If the resource's workspace has a GCP cloud context, use the SA from that context. Otherwise,
    // use the provided credentials. This cannot use arbitrary pet SA credentials, as they may not
    // have the Storage APIs enabled.
    Optional<AuthenticatedUserRequest> maybePetCreds = petSaService.getWorkspacePetCredentials(getWorkspaceId(), userRequest);
    return crlService.canReadGcsObject(bucketName, objectName, maybePetCreds.orElse(userRequest));
}
Also used : CrlService(bio.terra.workspace.service.crl.CrlService) PetSaService(bio.terra.workspace.service.petserviceaccount.PetSaService) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest)

Example 4 with PetSaService

use of bio.terra.workspace.service.petserviceaccount.PetSaService in project terra-workspace-manager by DataBiosphere.

the class ReferencedBigQueryDatasetResource method checkAccess.

@Override
public boolean checkAccess(FlightBeanBag context, AuthenticatedUserRequest userRequest) {
    // If the resource's workspace has a GCP cloud context, use the SA from that context. Otherwise,
    // use the provided credentials. This cannot use arbitrary pet SA credentials, as they may not
    // have the BigQuery APIs enabled.
    CrlService crlService = context.getCrlService();
    PetSaService petSaService = context.getPetSaService();
    Optional<AuthenticatedUserRequest> maybePetCreds = petSaService.getWorkspacePetCredentials(getWorkspaceId(), userRequest);
    return crlService.canReadBigQueryDataset(projectId, datasetName, maybePetCreds.orElse(userRequest));
}
Also used : CrlService(bio.terra.workspace.service.crl.CrlService) PetSaService(bio.terra.workspace.service.petserviceaccount.PetSaService) AuthenticatedUserRequest(bio.terra.workspace.service.iam.AuthenticatedUserRequest)

Aggregations

CrlService (bio.terra.workspace.service.crl.CrlService)4 AuthenticatedUserRequest (bio.terra.workspace.service.iam.AuthenticatedUserRequest)4 PetSaService (bio.terra.workspace.service.petserviceaccount.PetSaService)4