Search in sources :

Example 1 with CustomGcpIamRole

use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.

the class CreateGcpContextFlightTest method assertRolesExist.

/**
 * Asserts that a provided project has every custom role specified in {@link
 * CustomGcpIamRoleMapping}
 */
private void assertRolesExist(Project project) throws IOException {
    for (CustomGcpIamRole customRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
        String fullRoleName = customRole.getFullyQualifiedRoleName(project.getProjectId());
        Role gcpRole = crl.getIamCow().projects().roles().get(fullRoleName).execute();
        assertEquals(customRole.getRoleName(), gcpRole.getTitle());
        // Role.getIncludedPermissions returns null instead of an empty list, so we handle that here.
        List<String> gcpPermissions = Optional.ofNullable(gcpRole.getIncludedPermissions()).orElse(Collections.emptyList());
        assertThat(gcpPermissions, containsInAnyOrder(customRole.getIncludedPermissions().toArray()));
    }
}
Also used : CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole) WsmIamRole(bio.terra.workspace.service.iam.model.WsmIamRole) Role(com.google.api.services.iam.v1.model.Role) CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)

Example 2 with CustomGcpIamRole

use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.

the class CreateCustomGcpRolesStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
    String projectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
    // First, create the project-level custom roles.
    // Multiple WSM roles may share the same GCP role. De-duping here prevents duplicate requests,
    // which would lead to unnecessary CONFLICT responses from GCP.
    ImmutableSet<CustomGcpIamRole> customProjectRoles = CloudSyncRoleMapping.CUSTOM_GCP_PROJECT_IAM_ROLES.values().stream().collect(ImmutableSet.toImmutableSet());
    for (CustomGcpIamRole customProjectRole : customProjectRoles) {
        createCustomRole(customProjectRole, projectId);
    }
    // Second, create the resource-level custom roles.
    for (CustomGcpIamRole customResourceRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
        createCustomRole(customResourceRole, projectId);
    }
    return StepResult.getStepResultSuccess();
}
Also used : CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)

Example 3 with CustomGcpIamRole

use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.

the class CreateCustomGcpRolesStep method createCustomRole.

/**
 * Utility for creating custom roles in GCP from WSM's CustomGcpIamRole objects. These roles will
 * be defined at the project level in the specified by projectId.
 */
private void createCustomRole(CustomGcpIamRole customRole, String projectId) throws RetryException {
    try {
        Role gcpRole = new Role().setIncludedPermissions(customRole.getIncludedPermissions()).setTitle(customRole.getRoleName());
        CreateRoleRequest request = new CreateRoleRequest().setRole(gcpRole).setRoleId(customRole.getRoleName());
        logger.debug("Creating role {} with permissions {} in project {}", customRole.getRoleName(), customRole.getIncludedPermissions(), projectId);
        iamCow.projects().roles().create("projects/" + projectId, request).execute();
    } catch (GoogleJsonResponseException googleEx) {
        // of role names must be due to duplicate step execution.
        if (googleEx.getStatusCode() != HttpStatus.CONFLICT.value()) {
            throw new RetryException(googleEx);
        }
    } catch (IOException e) {
        // Retry on IO exceptions thrown by CRL.
        throw new RetryException(e);
    }
}
Also used : CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole) Role(com.google.api.services.iam.v1.model.Role) GoogleJsonResponseException(com.google.api.client.googleapis.json.GoogleJsonResponseException) CreateRoleRequest(com.google.api.services.iam.v1.model.CreateRoleRequest) IOException(java.io.IOException) RetryException(bio.terra.stairway.exception.RetryException)

Example 4 with CustomGcpIamRole

use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.

the class CreateGcpContextFlightV2Test method assertRolesExist.

/**
 * Asserts that a provided project has every custom role specified in {@link
 * CustomGcpIamRoleMapping}
 */
private void assertRolesExist(Project project) throws IOException {
    for (CustomGcpIamRole customRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
        String fullRoleName = customRole.getFullyQualifiedRoleName(project.getProjectId());
        Role gcpRole = crl.getIamCow().projects().roles().get(fullRoleName).execute();
        assertEquals(customRole.getRoleName(), gcpRole.getTitle());
        // Role.getIncludedPermissions returns null instead of an empty list, so we handle that here.
        List<String> gcpPermissions = Optional.ofNullable(gcpRole.getIncludedPermissions()).orElse(Collections.emptyList());
        assertThat(gcpPermissions, containsInAnyOrder(customRole.getIncludedPermissions().toArray()));
    }
}
Also used : CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole) WsmIamRole(bio.terra.workspace.service.iam.model.WsmIamRole) Role(com.google.api.services.iam.v1.model.Role) CustomGcpIamRole(bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)

Aggregations

CustomGcpIamRole (bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole)4 Role (com.google.api.services.iam.v1.model.Role)3 WsmIamRole (bio.terra.workspace.service.iam.model.WsmIamRole)2 RetryException (bio.terra.stairway.exception.RetryException)1 GoogleJsonResponseException (com.google.api.client.googleapis.json.GoogleJsonResponseException)1 CreateRoleRequest (com.google.api.services.iam.v1.model.CreateRoleRequest)1 IOException (java.io.IOException)1