Search in sources :

Example 1 with AccessPolicyMembership

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.

the class SamIam method createDatasetResourceInner.

private Map<IamRole, String> createDatasetResourceInner(AuthenticatedUserRequest userReq, UUID datasetId) throws ApiException {
    CreateResourceCorrectRequest req = new CreateResourceCorrectRequest();
    req.setResourceId(datasetId.toString());
    req.addPoliciesItem(IamRole.STEWARD.toString(), createAccessPolicy(IamRole.STEWARD.toString(), Collections.singletonList(samConfig.getStewardsGroupEmail())));
    req.addPoliciesItem(IamRole.CUSTODIAN.toString(), createAccessPolicy(IamRole.CUSTODIAN.toString(), Collections.singletonList(userReq.getEmail())));
    req.addPoliciesItem(IamRole.INGESTER.toString(), new AccessPolicyMembership().roles(Collections.singletonList(IamRole.INGESTER.toString())));
    ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
    logger.debug(req.toString());
    // create the resource in sam
    createResourceCorrectCall(samResourceApi.getApiClient(), IamResourceType.DATASET.toString(), req);
    // we'll want all of these roles to have read access to the underlying data,
    // so we sync and return the emails for the policies that get created by SAM
    Map<IamRole, String> policies = new HashMap<>();
    for (IamRole role : Arrays.asList(IamRole.STEWARD, IamRole.CUSTODIAN, IamRole.INGESTER)) {
        String policy = syncOnePolicy(userReq, IamResourceType.DATASET, datasetId, role);
        policies.put(role, policy);
    }
    return policies;
}
Also used : HashMap(java.util.HashMap) IamRole(bio.terra.service.iam.IamRole) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)

Example 2 with AccessPolicyMembership

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.

the class SamIam method addPolicyMemberInner.

private PolicyModel addPolicyMemberInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId, String policyName, String userEmail) throws ApiException {
    ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
    samResourceApi.addUserToPolicy(iamResourceType.toString(), resourceId.toString(), policyName, userEmail);
    AccessPolicyMembership result = samResourceApi.getPolicy(iamResourceType.toString(), resourceId.toString(), policyName);
    return new PolicyModel().name(policyName).members(result.getMemberEmails());
}
Also used : PolicyModel(bio.terra.model.PolicyModel) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)

Example 3 with AccessPolicyMembership

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.

the class SamIam method deletePolicyMemberInner.

private PolicyModel deletePolicyMemberInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId, String policyName, String userEmail) throws ApiException {
    ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
    samResourceApi.removeUserFromPolicy(iamResourceType.toString(), resourceId.toString(), policyName, userEmail);
    AccessPolicyMembership result = samResourceApi.getPolicy(iamResourceType.toString(), resourceId.toString(), policyName);
    return new PolicyModel().name(policyName).members(result.getMemberEmails());
}
Also used : PolicyModel(bio.terra.model.PolicyModel) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)

Example 4 with AccessPolicyMembership

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.

the class SamIam method createSnapshotResourceInner.

private Map<IamRole, String> createSnapshotResourceInner(AuthenticatedUserRequest userReq, UUID snapshotId, List<String> readersList) throws ApiException {
    CreateResourceCorrectRequest req = new CreateResourceCorrectRequest();
    if (readersList == null) {
        readersList = Collections.emptyList();
    }
    // Add the as custodian to the reader policy
    List<String> fullReadersList = new ArrayList<>(readersList);
    String custodianEmail = userReq.getEmail();
    fullReadersList.add(custodianEmail);
    req.setResourceId(snapshotId.toString());
    req.addPoliciesItem(IamRole.STEWARD.toString(), createAccessPolicy(IamRole.STEWARD.toString(), Collections.singletonList(samConfig.getStewardsGroupEmail())));
    req.addPoliciesItem(IamRole.CUSTODIAN.toString(), createAccessPolicy(IamRole.CUSTODIAN.toString(), Collections.singletonList(custodianEmail)));
    req.addPoliciesItem(IamRole.READER.toString(), createAccessPolicy(IamRole.READER.toString(), fullReadersList));
    req.addPoliciesItem(IamRole.DISCOVERER.toString(), new AccessPolicyMembership().roles(Collections.singletonList(IamRole.DISCOVERER.toString())));
    ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
    logger.debug("SAM request: " + req.toString());
    // create the resource in sam
    createResourceCorrectCall(samResourceApi.getApiClient(), IamResourceType.DATASNAPSHOT.toString(), req);
    // sync the policies
    Map<IamRole, String> policies = new HashMap<>();
    String policy = syncOnePolicy(userReq, IamResourceType.DATASNAPSHOT, snapshotId, IamRole.READER);
    policies.put(IamRole.READER, policy);
    policy = syncOnePolicy(userReq, IamResourceType.DATASNAPSHOT, snapshotId, IamRole.CUSTODIAN);
    policies.put(IamRole.CUSTODIAN, policy);
    return policies;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) IamRole(bio.terra.service.iam.IamRole) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)

Aggregations

ResourcesApi (org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)4 AccessPolicyMembership (org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)4 PolicyModel (bio.terra.model.PolicyModel)2 IamRole (bio.terra.service.iam.IamRole)2 HashMap (java.util.HashMap)2 ArrayList (java.util.ArrayList)1