use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.
the class SamIam method createDatasetResourceInner.
private Map<IamRole, String> createDatasetResourceInner(AuthenticatedUserRequest userReq, UUID datasetId) throws ApiException {
CreateResourceCorrectRequest req = new CreateResourceCorrectRequest();
req.setResourceId(datasetId.toString());
req.addPoliciesItem(IamRole.STEWARD.toString(), createAccessPolicy(IamRole.STEWARD.toString(), Collections.singletonList(samConfig.getStewardsGroupEmail())));
req.addPoliciesItem(IamRole.CUSTODIAN.toString(), createAccessPolicy(IamRole.CUSTODIAN.toString(), Collections.singletonList(userReq.getEmail())));
req.addPoliciesItem(IamRole.INGESTER.toString(), new AccessPolicyMembership().roles(Collections.singletonList(IamRole.INGESTER.toString())));
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
logger.debug(req.toString());
// create the resource in sam
createResourceCorrectCall(samResourceApi.getApiClient(), IamResourceType.DATASET.toString(), req);
// we'll want all of these roles to have read access to the underlying data,
// so we sync and return the emails for the policies that get created by SAM
Map<IamRole, String> policies = new HashMap<>();
for (IamRole role : Arrays.asList(IamRole.STEWARD, IamRole.CUSTODIAN, IamRole.INGESTER)) {
String policy = syncOnePolicy(userReq, IamResourceType.DATASET, datasetId, role);
policies.put(role, policy);
}
return policies;
}
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.
the class SamIam method addPolicyMemberInner.
private PolicyModel addPolicyMemberInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId, String policyName, String userEmail) throws ApiException {
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
samResourceApi.addUserToPolicy(iamResourceType.toString(), resourceId.toString(), policyName, userEmail);
AccessPolicyMembership result = samResourceApi.getPolicy(iamResourceType.toString(), resourceId.toString(), policyName);
return new PolicyModel().name(policyName).members(result.getMemberEmails());
}
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.
the class SamIam method deletePolicyMemberInner.
private PolicyModel deletePolicyMemberInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId, String policyName, String userEmail) throws ApiException {
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
samResourceApi.removeUserFromPolicy(iamResourceType.toString(), resourceId.toString(), policyName, userEmail);
AccessPolicyMembership result = samResourceApi.getPolicy(iamResourceType.toString(), resourceId.toString(), policyName);
return new PolicyModel().name(policyName).members(result.getMemberEmails());
}
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership in project jade-data-repo by DataBiosphere.
the class SamIam method createSnapshotResourceInner.
private Map<IamRole, String> createSnapshotResourceInner(AuthenticatedUserRequest userReq, UUID snapshotId, List<String> readersList) throws ApiException {
CreateResourceCorrectRequest req = new CreateResourceCorrectRequest();
if (readersList == null) {
readersList = Collections.emptyList();
}
// Add the as custodian to the reader policy
List<String> fullReadersList = new ArrayList<>(readersList);
String custodianEmail = userReq.getEmail();
fullReadersList.add(custodianEmail);
req.setResourceId(snapshotId.toString());
req.addPoliciesItem(IamRole.STEWARD.toString(), createAccessPolicy(IamRole.STEWARD.toString(), Collections.singletonList(samConfig.getStewardsGroupEmail())));
req.addPoliciesItem(IamRole.CUSTODIAN.toString(), createAccessPolicy(IamRole.CUSTODIAN.toString(), Collections.singletonList(custodianEmail)));
req.addPoliciesItem(IamRole.READER.toString(), createAccessPolicy(IamRole.READER.toString(), fullReadersList));
req.addPoliciesItem(IamRole.DISCOVERER.toString(), new AccessPolicyMembership().roles(Collections.singletonList(IamRole.DISCOVERER.toString())));
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
logger.debug("SAM request: " + req.toString());
// create the resource in sam
createResourceCorrectCall(samResourceApi.getApiClient(), IamResourceType.DATASNAPSHOT.toString(), req);
// sync the policies
Map<IamRole, String> policies = new HashMap<>();
String policy = syncOnePolicy(userReq, IamResourceType.DATASNAPSHOT, snapshotId, IamRole.READER);
policies.put(IamRole.READER, policy);
policy = syncOnePolicy(userReq, IamResourceType.DATASNAPSHOT, snapshotId, IamRole.CUSTODIAN);
policies.put(IamRole.CUSTODIAN, policy);
return policies;
}
Aggregations