use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.
the class CreateGcpContextFlightTest method assertRolesExist.
/**
* Asserts that a provided project has every custom role specified in {@link
* CustomGcpIamRoleMapping}
*/
private void assertRolesExist(Project project) throws IOException {
for (CustomGcpIamRole customRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
String fullRoleName = customRole.getFullyQualifiedRoleName(project.getProjectId());
Role gcpRole = crl.getIamCow().projects().roles().get(fullRoleName).execute();
assertEquals(customRole.getRoleName(), gcpRole.getTitle());
// Role.getIncludedPermissions returns null instead of an empty list, so we handle that here.
List<String> gcpPermissions = Optional.ofNullable(gcpRole.getIncludedPermissions()).orElse(Collections.emptyList());
assertThat(gcpPermissions, containsInAnyOrder(customRole.getIncludedPermissions().toArray()));
}
}
use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.
the class CreateCustomGcpRolesStep method doStep.
@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
String projectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
// First, create the project-level custom roles.
// Multiple WSM roles may share the same GCP role. De-duping here prevents duplicate requests,
// which would lead to unnecessary CONFLICT responses from GCP.
ImmutableSet<CustomGcpIamRole> customProjectRoles = CloudSyncRoleMapping.CUSTOM_GCP_PROJECT_IAM_ROLES.values().stream().collect(ImmutableSet.toImmutableSet());
for (CustomGcpIamRole customProjectRole : customProjectRoles) {
createCustomRole(customProjectRole, projectId);
}
// Second, create the resource-level custom roles.
for (CustomGcpIamRole customResourceRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
createCustomRole(customResourceRole, projectId);
}
return StepResult.getStepResultSuccess();
}
use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.
the class CreateCustomGcpRolesStep method createCustomRole.
/**
* Utility for creating custom roles in GCP from WSM's CustomGcpIamRole objects. These roles will
* be defined at the project level in the specified by projectId.
*/
private void createCustomRole(CustomGcpIamRole customRole, String projectId) throws RetryException {
try {
Role gcpRole = new Role().setIncludedPermissions(customRole.getIncludedPermissions()).setTitle(customRole.getRoleName());
CreateRoleRequest request = new CreateRoleRequest().setRole(gcpRole).setRoleId(customRole.getRoleName());
logger.debug("Creating role {} with permissions {} in project {}", customRole.getRoleName(), customRole.getIncludedPermissions(), projectId);
iamCow.projects().roles().create("projects/" + projectId, request).execute();
} catch (GoogleJsonResponseException googleEx) {
// of role names must be due to duplicate step execution.
if (googleEx.getStatusCode() != HttpStatus.CONFLICT.value()) {
throw new RetryException(googleEx);
}
} catch (IOException e) {
// Retry on IO exceptions thrown by CRL.
throw new RetryException(e);
}
}
use of bio.terra.workspace.service.resource.controlled.cloud.gcp.CustomGcpIamRole in project terra-workspace-manager by DataBiosphere.
the class CreateGcpContextFlightV2Test method assertRolesExist.
/**
* Asserts that a provided project has every custom role specified in {@link
* CustomGcpIamRoleMapping}
*/
private void assertRolesExist(Project project) throws IOException {
for (CustomGcpIamRole customRole : CustomGcpIamRoleMapping.CUSTOM_GCP_RESOURCE_IAM_ROLES.values()) {
String fullRoleName = customRole.getFullyQualifiedRoleName(project.getProjectId());
Role gcpRole = crl.getIamCow().projects().roles().get(fullRoleName).execute();
assertEquals(customRole.getRoleName(), gcpRole.getTitle());
// Role.getIncludedPermissions returns null instead of an empty list, so we handle that here.
List<String> gcpPermissions = Optional.ofNullable(gcpRole.getIncludedPermissions()).orElse(Collections.emptyList());
assertThat(gcpPermissions, containsInAnyOrder(customRole.getIncludedPermissions().toArray()));
}
}
Aggregations