Examples with Traced io.opencensus.contrib.spring.aop.Traced used on opensource projects

Example 16 with Traced

use of io.opencensus.contrib.spring.aop.Traced in project terra-workspace-manager by DataBiosphere.

the class WorkspaceService method validateWorkspaceAndAction.

/**
 * Convenience function that checks existence of a workspace, followed by an authorization check
 * against that workspace.
 *
 * <p>Throws WorkspaceNotFoundException from getWorkspace if the workspace does not exist,
 * regardless of the user's permission.
 *
 * <p>Throws ForbiddenException if the user is not permitted to perform the specified action on
 * the workspace in question.
 *
 * <p>Returns the Workspace object if it exists and the user is permitted to perform the specified
 * action.
 *
 * @param userRequest the user's authenticated request
 * @param workspaceId id of the workspace in question
 * @param action the action to authorize against the workspace
 * @return the workspace, if it exists and the user is permitted to perform the specified action.
 */
@Traced
public Workspace validateWorkspaceAndAction(AuthenticatedUserRequest userRequest, UUID workspaceId, String action) {
    logger.info("validateWorkspaceAndAction - userRequest: {}\nworkspaceId: {}\naction: {}", userRequest, workspaceId, action);
    Workspace workspace = workspaceDao.getWorkspace(workspaceId);
    SamRethrow.onInterrupted(() -> samService.checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), action), "checkAuthz");
    return workspace;
}

Example 17 with Traced

use of io.opencensus.contrib.spring.aop.Traced in project terra-workspace-manager by DataBiosphere.

the class WorkspaceService method createWorkspace.

/**
 * Create a workspace with the specified parameters. Returns workspaceID of the new workspace.
 */
@Traced
public UUID createWorkspace(Workspace workspace, AuthenticatedUserRequest userRequest) {
    String workspaceName = workspace.getDisplayName().orElse("");
    String workspaceId = workspace.getWorkspaceId().toString();
    String jobDescription = String.format("Create workspace: name: '%s' id: '%s'  ", workspaceName, workspaceId);
    JobBuilder createJob = jobService.newJob().description(jobDescription).flightClass(WorkspaceCreateFlight.class).request(workspace).userRequest(userRequest).workspaceId(workspaceId).operationType(OperationType.CREATE).addParameter(WorkspaceFlightMapKeys.WORKSPACE_STAGE, workspace.getWorkspaceStage().name()).addParameter(WorkspaceFlightMapKeys.DISPLAY_NAME, workspaceName).addParameter(WorkspaceFlightMapKeys.DESCRIPTION, workspace.getDescription().orElse(""));
    if (workspace.getSpendProfileId().isPresent()) {
        createJob.addParameter(WorkspaceFlightMapKeys.SPEND_PROFILE_ID, workspace.getSpendProfileId().get().getId());
    }
    // Skip the access check, which would fail since this workspace doesn't exist yet.
    return createJob.submitAndWait(UUID.class, false);
}

Example 18 with Traced

use of io.opencensus.contrib.spring.aop.Traced in project terra-workspace-manager by DataBiosphere.

the class SamService method createWorkspaceWithDefaults.

/**
 * Wrapper around the Sam client to create a workspace resource in Sam.
 *
 * <p>This creates a workspace with the provided ID and requesting user as the sole Owner. Empty
 * reader and writer policies are also created. Errors from the Sam client will be thrown as Sam
 * specific exception types.
 */
@Traced
public void createWorkspaceWithDefaults(AuthenticatedUserRequest userRequest, UUID id) throws InterruptedException {
    ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
    // Sam will throw an error if no owner is specified, so the caller's email is required. It can
    // be looked up using the auth token if that's all the caller provides.
    // If we called WSM as the pet SA and went through the proxy, this becomes the pet SA's email if
    // we use the request email. That caused an issue where the human user wasn't recognized on the
    // workspace.
    String humanUserEmail = getUserEmailFromSam(userRequest);
    CreateResourceRequestV2 workspaceRequest = new CreateResourceRequestV2().resourceId(id.toString()).policies(defaultWorkspacePolicies(humanUserEmail));
    try {
        SamRetry.retry(() -> resourceApi.createResourceV2(SamConstants.SamResource.WORKSPACE, workspaceRequest));
        logger.info("Created Sam resource for workspace {}", id);
    } catch (ApiException apiException) {
        throw SamExceptionFactory.create("Error creating a Workspace resource in Sam", apiException);
    }
    dumpRoleBindings(SamConstants.SamResource.WORKSPACE, id.toString(), userRequest.getRequiredToken());
}

Example 19 with Traced

use of io.opencensus.contrib.spring.aop.Traced in project terra-workspace-manager by DataBiosphere.

the class SamService method listRoleBindings.

/**
 * Wrapper around Sam client to retrieve the full current permissions model of a workspace.
 *
 * <p>This operation is only available to MC_WORKSPACE stage workspaces, as Rawls manages
 * permissions directly on other workspaces.
 */
@Traced
public List<RoleBinding> listRoleBindings(UUID workspaceId, AuthenticatedUserRequest userRequest) throws InterruptedException {
    stageService.assertMcWorkspace(workspaceId, "listRoleBindings");
    checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.READ_IAM);
    ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
    try {
        List<AccessPolicyResponseEntry> samResult = SamRetry.retry(() -> resourceApi.listResourcePolicies(SamConstants.SamResource.WORKSPACE, workspaceId.toString()));
        // callers.
        return samResult.stream().filter(entry -> !entry.getPolicyName().equals(WsmIamRole.MANAGER.toSamRole())).map(entry -> RoleBinding.builder().role(WsmIamRole.fromSam(entry.getPolicyName())).users(entry.getPolicy().getMemberEmails()).build()).collect(Collectors.toList());
    } catch (ApiException apiException) {
        throw SamExceptionFactory.create("Error listing role bindings in Sam", apiException);
    }
}

Example 20 with Traced

use of io.opencensus.contrib.spring.aop.Traced in project terra-workspace-manager by DataBiosphere.

the class SamService method grantWorkspaceRole.

/**
 * Wrapper around Sam client to grant a role to the provided user.
 *
 * <p>This operation is only available to MC_WORKSPACE stage workspaces, as Rawls manages
 * permissions directly on other workspaces.
 *
 * @param workspaceId The workspace this operation takes place in
 * @param userRequest Credentials of the user requesting this operation. Only owners have
 *     permission to modify roles in a workspace.
 * @param role The role being granted.
 * @param email The user being granted a role.
 */
@Traced
public void grantWorkspaceRole(UUID workspaceId, AuthenticatedUserRequest userRequest, WsmIamRole role, String email) throws InterruptedException {
    stageService.assertMcWorkspace(workspaceId, "grantWorkspaceRole");
    checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), samActionToModifyRole(role));
    ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
    try {
        // GCP always uses lowercase email identifiers, so we do the same here for consistency.
        SamRetry.retry(() -> resourceApi.addUserToPolicy(SamConstants.SamResource.WORKSPACE, workspaceId.toString(), role.toSamRole(), email.toLowerCase()));
        logger.info("Granted role {} to user {} in workspace {}", role.toSamRole(), email, workspaceId);
    } catch (ApiException apiException) {
        throw SamExceptionFactory.create("Error granting workspace role in Sam", apiException);
    }
}