Examples with Project com.google.api.services.cloudresourcemanager.v3.model.Project used on opensource projects

Search in sources :

Example 41 with Project

use of com.google.api.services.cloudresourcemanager.v3.model.Project in project terra-cli by DataBiosphere.

the class Workspace method grantBreakGlass.

/**
 * Grant break-glass access to a user of this workspace. The Editor and Project IAM Admin roles
 * are granted to the user's proxy group.
 *
 * @param granteeEmail email of the workspace user requesting break-glass access
 * @param userProjectsAdminCredentials credentials for a SA that has permission to set IAM policy
 *     on workspace projects in this WSM deployment (e.g. WSM application SA)
 * @return the proxy group email of the workspace user that was granted break-glass access
 */
public String grantBreakGlass(String granteeEmail, ServiceAccountCredentials userProjectsAdminCredentials) {
    // fetch the user's proxy group email from SAM
    String granteeProxyGroupEmail = SamService.fromContext().getProxyGroupEmail(granteeEmail);
    logger.debug("granteeProxyGroupEmail: {}", granteeProxyGroupEmail);
    // grant the Editor role to the user's proxy group email on the workspace project
    CloudResourceManagerCow resourceManagerCow = CrlUtils.createCloudResourceManagerCow(userProjectsAdminCredentials);
    try {
        Policy policy = resourceManagerCow.projects().getIamPolicy(googleProjectId, new GetIamPolicyRequest()).execute();
        List<Binding> updatedBindings = Optional.ofNullable(policy.getBindings()).orElse(new ArrayList<>());
        updatedBindings.add(new Binding().setRole("roles/editor").setMembers(ImmutableList.of("group:" + granteeProxyGroupEmail)));
        updatedBindings.add(new Binding().setRole("roles/resourcemanager.projectIamAdmin").setMembers(ImmutableList.of("group:" + granteeProxyGroupEmail)));
        policy.setBindings(updatedBindings);
        resourceManagerCow.projects().setIamPolicy(googleProjectId, new SetIamPolicyRequest().setPolicy(policy)).execute();
    } catch (IOException ioEx) {
        throw new SystemException("Error granting the Editor and Project IAM Admin roles to the user's proxy group.", ioEx);
    }
    return granteeProxyGroupEmail;
}
Also used : Policy(com.google.api.services.cloudresourcemanager.v3.model.Policy) Binding(com.google.api.services.cloudresourcemanager.v3.model.Binding) CloudResourceManagerCow(bio.terra.cloudres.google.cloudresourcemanager.CloudResourceManagerCow) SystemException(bio.terra.cli.exception.SystemException) SetIamPolicyRequest(com.google.api.services.cloudresourcemanager.v3.model.SetIamPolicyRequest) IOException(java.io.IOException) GetIamPolicyRequest(com.google.api.services.cloudresourcemanager.v3.model.GetIamPolicyRequest)

Example 42 with Project

use of com.google.api.services.cloudresourcemanager.v3.model.Project in project terra-resource-buffer by DataBiosphere.

the class CreateProjectStep method doStep.

@Override
public StepResult doStep(FlightContext flightContext) throws RetryException {
    String projectId = flightContext.getWorkingMap().get(GOOGLE_PROJECT_ID, String.class);
    try {
        Project project = new Project().setProjectId(projectId).setLabels(createLabelMap(flightContext, gcpProjectConfig)).setParent("folders/" + gcpProjectConfig.getParentFolderId());
        OperationCow<?> operation = rmCow.operations().operationCow(rmCow.projects().create(project).execute());
        pollUntilSuccess(operation, Duration.ofSeconds(5), Duration.ofMinutes(5));
        Project createdProject = rmCow.projects().get(projectId).execute();
        flightContext.getWorkingMap().put(GOOGLE_PROJECT_NUMBER, getNumber(createdProject));
    } catch (IOException | InterruptedException e) {
        logger.info("Error when creating GCP project", e);
        return new StepResult(StepStatus.STEP_RESULT_FAILURE_RETRY, e);
    }
    return StepResult.getStepResultSuccess();
}
Also used : Project(com.google.api.services.cloudresourcemanager.v3.model.Project) IOException(java.io.IOException)

Example 43 with Project

use of com.google.api.services.cloudresourcemanager.v3.model.Project in project terra-resource-buffer by DataBiosphere.

the class BufferIntegrationTest method assertProjectMatch.

private void assertProjectMatch(CloudResourceUid resourceUid, GcpProjectConfig gcpProjectConfig) throws Exception {
    Project project = rmCow.projects().get(resourceUid.getGoogleProjectUid().getProjectId()).execute();
    assertEquals("ACTIVE", project.getState());
}
Also used : Project(com.google.api.services.cloudresourcemanager.v3.model.Project)

Example 44 with Project

use of com.google.api.services.cloudresourcemanager.v3.model.Project in project terra-resource-buffer by DataBiosphere.

the class CreateProjectFlightIntegrationTest method testCreateGoogleProject_createGkeSA_true.

@Test
public void testCreateGoogleProject_createGkeSA_true() throws Exception {
    FlightManager manager = new FlightManager(bufferDao, flightSubmissionFactoryImpl, stairwayComponent, transactionTemplate);
    Pool pool = preparePool(bufferDao, newBasicGcpConfig().kubernetesEngine(new KubernetesEngine().createGkeDefaultServiceAccount(true)));
    String flightId = manager.submitCreationFlight(pool).get();
    ResourceId resourceId = extractResourceIdFromFlightState(blockUntilFlightComplete(stairwayComponent, flightId));
    Project project = assertProjectExists(resourceId);
    String projectId = project.getProjectId();
    String serviceAccountEmail = ServiceAccountName.emailFromAccountId(GKE_SA_NAME, projectId);
    assertServiceAccountExists(project, serviceAccountEmail);
    List<IamBinding> expectedGkeSABindings = new ArrayList<>();
    GKE_SA_ROLES.forEach(r -> expectedGkeSABindings.add(new IamBinding().role(r).addMembersItem("serviceAccount:" + serviceAccountEmail)));
    assertIamBindingsContains(project, expectedGkeSABindings);
}
Also used : Project(com.google.api.services.cloudresourcemanager.v3.model.Project) ResourceId(bio.terra.buffer.common.ResourceId) ArrayList(java.util.ArrayList) Pool(bio.terra.buffer.common.Pool) IntegrationUtils.preparePool(bio.terra.buffer.integration.IntegrationUtils.preparePool) FlightManager(bio.terra.buffer.service.resource.FlightManager) Test(org.junit.jupiter.api.Test) BaseIntegrationTest(bio.terra.buffer.common.BaseIntegrationTest)

Example 45 with Project

use of com.google.api.services.cloudresourcemanager.v3.model.Project in project terra-resource-buffer by DataBiosphere.

the class CreateProjectFlightIntegrationTest method testCreateGoogleProject_blockInternetAccessWithGcrDnsEnabled.

@Test
public void testCreateGoogleProject_blockInternetAccessWithGcrDnsEnabled() throws Exception {
    FlightManager manager = new FlightManager(bufferDao, flightSubmissionFactoryImpl, stairwayComponent, transactionTemplate);
    Pool pool = preparePool(bufferDao, newBasicGcpConfig().network(new bio.terra.buffer.generated.model.Network().enableNetworkMonitoring(true).enablePrivateGoogleAccess(true).enableCloudRegistryPrivateGoogleAccess(true).blockBatchInternetAccess(true)));
    String flightId = manager.submitCreationFlight(pool).get();
    ResourceId resourceId = extractResourceIdFromFlightState(blockUntilFlightComplete(stairwayComponent, flightId));
    Project project = assertProjectExists(resourceId);
    assertNetworkExists(project);
    assertSubnetsExist(project, NetworkMonitoring.ENABLED);
    assertRouteExists(project);
    assertDnsExists(project);
    assertGcrDnsExists(project);
    assertDefaultVpcNotExists(project);
    assertFirewallRulesExistForBlockInternetAccess(project);
}
Also used : Project(com.google.api.services.cloudresourcemanager.v3.model.Project) ResourceId(bio.terra.buffer.common.ResourceId) Network(com.google.api.services.compute.model.Network) Pool(bio.terra.buffer.common.Pool) IntegrationUtils.preparePool(bio.terra.buffer.integration.IntegrationUtils.preparePool) FlightManager(bio.terra.buffer.service.resource.FlightManager) Test(org.junit.jupiter.api.Test) BaseIntegrationTest(bio.terra.buffer.common.BaseIntegrationTest)

Aggregations

Project (com.google.api.services.cloudresourcemanager.v3.model.Project)38 Test (org.junit.jupiter.api.Test)30 BaseIntegrationTest (bio.terra.buffer.common.BaseIntegrationTest)15 Pool (bio.terra.buffer.common.Pool)15 ResourceId (bio.terra.buffer.common.ResourceId)15 IntegrationUtils.preparePool (bio.terra.buffer.integration.IntegrationUtils.preparePool)15 FlightManager (bio.terra.buffer.service.resource.FlightManager)15 IOException (java.io.IOException)13 Binding (com.google.api.services.cloudresourcemanager.v3.model.Binding)10 StepStatus (bio.terra.stairway.StepStatus)9 ArrayList (java.util.ArrayList)9 BaseConnectedTest (bio.terra.workspace.common.BaseConnectedTest)8 List (java.util.List)8 DisabledIfEnvironmentVariable (org.junit.jupiter.api.condition.DisabledIfEnvironmentVariable)8 FlightDebugInfo (bio.terra.stairway.FlightDebugInfo)7 FlightState (bio.terra.stairway.FlightState)7 AuthenticatedUserRequest (bio.terra.workspace.service.iam.AuthenticatedUserRequest)7 GetIamPolicyRequest (com.google.api.services.cloudresourcemanager.v3.model.GetIamPolicyRequest)7 FlightMap (bio.terra.stairway.FlightMap)6 Project (com.blackducksoftware.bdio2.model.Project)6
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial