use of bio.terra.workspace.service.workspace.exceptions.RetryableCrlException in project terra-workspace-manager by DataBiosphere.
the class GcpCloudSyncStep method doStep.
@Override
public StepResult doStep(FlightContext flightContext) throws InterruptedException, RetryException {
String gcpProjectId = flightContext.getWorkingMap().get(GCP_PROJECT_ID, String.class);
FlightMap workingMap = flightContext.getWorkingMap();
// Read Sam groups for each workspace role.
Map<WsmIamRole, String> workspaceRoleGroupsMap = workingMap.get(WorkspaceFlightMapKeys.IAM_GROUP_EMAIL_MAP, new TypeReference<>() {
});
try {
Policy currentPolicy = resourceManagerCow.projects().getIamPolicy(gcpProjectId, new GetIamPolicyRequest()).execute();
List<Binding> newBindings = new ArrayList<>();
// Add all existing bindings to ensure we don't accidentally clobber existing permissions.
newBindings.addAll(currentPolicy.getBindings());
// Add appropriate project-level roles for each WSM IAM role.
workspaceRoleGroupsMap.forEach((role, email) -> newBindings.add(bindingForRole(role, email, gcpProjectId)));
Policy newPolicy = new Policy().setVersion(currentPolicy.getVersion()).setBindings(newBindings).setEtag(currentPolicy.getEtag());
SetIamPolicyRequest iamPolicyRequest = new SetIamPolicyRequest().setPolicy(newPolicy);
logger.info("Setting new Cloud Context IAM policy: " + iamPolicyRequest.toPrettyString());
resourceManagerCow.projects().setIamPolicy(gcpProjectId, iamPolicyRequest).execute();
} catch (IOException e) {
throw new RetryableCrlException("Error setting IAM permissions", e);
}
return StepResult.getStepResultSuccess();
}
Aggregations