Search in sources :

Example 1 with AccessPolicyResponseEntry

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-cli by DataBiosphere.

the class SpendProfileUser method listUsersInMap.

/**
 * Get the users of the default WSM spend profile in a map, to make it easy to lookup a particular
 * user.
 *
 * @return a map of email -> spend profile user object
 */
private static Map<String, SpendProfileUser> listUsersInMap() {
    // call SAM to get the users + policies for the WSM default spend profile resource
    List<AccessPolicyResponseEntry> accessPolicies = SpendProfileManagerService.fromContext().listUsersOfDefaultSpendProfile();
    // convert the SAM objects (policy -> list of emails) to CLI objects (email -> list of policies)
    Map<String, SpendProfileUser> spendProfileUsers = new HashMap<>();
    accessPolicies.forEach(accessPolicy -> {
        SpendProfilePolicy spendPolicy = SpendProfilePolicy.valueOf(accessPolicy.getPolicyName().toUpperCase());
        for (String email : accessPolicy.getPolicy().getMemberEmails()) {
            // lowercase the email so there is a consistent way of looking up the email address
            // the email address casing in SAM may not match the case of what is provided by the
            // user
            String emailLowercase = email.toLowerCase();
            SpendProfileUser spendProfileUser = spendProfileUsers.get(emailLowercase);
            if (spendProfileUser == null) {
                spendProfileUser = new SpendProfileUser(emailLowercase, new ArrayList<>());
                spendProfileUsers.put(emailLowercase, spendProfileUser);
            }
            spendProfileUser.policies.add(spendPolicy);
        }
    });
    return spendProfileUsers;
}
Also used : HashMap(java.util.HashMap) AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry) ArrayList(java.util.ArrayList) SpendProfilePolicy(bio.terra.cli.service.SpendProfileManagerService.SpendProfilePolicy)

Example 2 with AccessPolicyResponseEntry

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-workspace-manager by DataBiosphere.

the class SamService method listRoleBindings.

/**
 * Wrapper around Sam client to retrieve the full current permissions model of a workspace.
 *
 * <p>This operation is only available to MC_WORKSPACE stage workspaces, as Rawls manages
 * permissions directly on other workspaces.
 */
@Traced
public List<RoleBinding> listRoleBindings(UUID workspaceId, AuthenticatedUserRequest userRequest) throws InterruptedException {
    stageService.assertMcWorkspace(workspaceId, "listRoleBindings");
    checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.READ_IAM);
    ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
    try {
        List<AccessPolicyResponseEntry> samResult = SamRetry.retry(() -> resourceApi.listResourcePolicies(SamConstants.SamResource.WORKSPACE, workspaceId.toString()));
        // callers.
        return samResult.stream().filter(entry -> !entry.getPolicyName().equals(WsmIamRole.MANAGER.toSamRole())).map(entry -> RoleBinding.builder().role(WsmIamRole.fromSam(entry.getPolicyName())).users(entry.getPolicy().getMemberEmails()).build()).collect(Collectors.toList());
    } catch (ApiException apiException) {
        throw SamExceptionFactory.create("Error listing role bindings in Sam", apiException);
    }
}
Also used : RoleBinding(bio.terra.workspace.service.iam.model.RoleBinding) CreateResourceRequestV2(org.broadinstitute.dsde.workbench.client.sam.model.CreateResourceRequestV2) WsmIamRole(bio.terra.workspace.service.iam.model.WsmIamRole) ControlledResource(bio.terra.workspace.service.resource.controlled.model.ControlledResource) StatusApi(org.broadinstitute.dsde.workbench.client.sam.api.StatusApi) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) InternalServerErrorException(bio.terra.common.exception.InternalServerErrorException) SamRetry(bio.terra.common.sam.SamRetry) Map(java.util.Map) GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi) AccessPolicyResponseEntryV2(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntryV2) ImmutableSet(com.google.common.collect.ImmutableSet) ServiceAccountName(bio.terra.cloudres.google.iam.ServiceAccountName) Set(java.util.Set) FullyQualifiedResourceId(org.broadinstitute.dsde.workbench.client.sam.model.FullyQualifiedResourceId) UUID(java.util.UUID) SamWorkspaceAction(bio.terra.workspace.service.iam.model.SamConstants.SamWorkspaceAction) Collectors(java.util.stream.Collectors) ControlledResourceCategory(bio.terra.workspace.service.resource.controlled.model.ControlledResourceCategory) SamExceptionFactory(bio.terra.common.sam.exception.SamExceptionFactory) List(java.util.List) ControlledResourceIamRole(bio.terra.workspace.service.iam.model.ControlledResourceIamRole) Optional(java.util.Optional) SystemStatus(org.broadinstitute.dsde.workbench.client.sam.model.SystemStatus) SamConfiguration(bio.terra.workspace.app.configuration.external.SamConfiguration) HashMap(java.util.HashMap) ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException) GcpUtils(bio.terra.workspace.common.utils.GcpUtils) ArrayList(java.util.ArrayList) SamConstants(bio.terra.workspace.service.iam.model.SamConstants) ImmutableList(com.google.common.collect.ImmutableList) AccessPolicyMembershipV2(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembershipV2) InternalLogicException(bio.terra.workspace.common.exception.InternalLogicException) Traced(io.opencensus.contrib.spring.aop.Traced) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) Nullable(javax.annotation.Nullable) AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry) Logger(org.slf4j.Logger) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) ApiClient(org.broadinstitute.dsde.workbench.client.sam.ApiClient) IOException(java.io.IOException) ResourceAndAccessPolicy(org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy) ForbiddenException(bio.terra.common.exception.ForbiddenException) HttpStatus(org.springframework.http.HttpStatus) Component(org.springframework.stereotype.Component) OkHttpClient(okhttp3.OkHttpClient) UsersApi(org.broadinstitute.dsde.workbench.client.sam.api.UsersApi) VisibleForTesting(com.google.common.annotations.VisibleForTesting) StageService(bio.terra.workspace.service.stage.StageService) AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException) Traced(io.opencensus.contrib.spring.aop.Traced)

Example 3 with AccessPolicyResponseEntry

use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project jade-data-repo by DataBiosphere.

the class SamIam method retrievePoliciesInner.

private List<PolicyModel> retrievePoliciesInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId) throws ApiException {
    ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
    List<AccessPolicyResponseEntry> results = samResourceApi.listResourcePolicies(iamResourceType.toString(), resourceId.toString());
    return results.stream().map(entry -> new PolicyModel().name(entry.getPolicyName()).members(entry.getPolicy().getMemberEmails())).collect(Collectors.toList());
}
Also used : DataRepoException(bio.terra.common.exception.DataRepoException) Arrays(java.util.Arrays) IamResourceType(bio.terra.service.iam.IamResourceType) AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership) LoggerFactory(org.slf4j.LoggerFactory) Autowired(org.springframework.beans.factory.annotation.Autowired) IamUnauthorizedException(bio.terra.service.iam.exception.IamUnauthorizedException) HashMap(java.util.HashMap) ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException) IamInternalServerErrorException(bio.terra.service.iam.exception.IamInternalServerErrorException) ArrayList(java.util.ArrayList) IamAction(bio.terra.service.iam.IamAction) GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi) Map(java.util.Map) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi) Pair(org.broadinstitute.dsde.workbench.client.sam.Pair) AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry) PolicyModel(bio.terra.model.PolicyModel) Logger(org.slf4j.Logger) ApiClient(org.broadinstitute.dsde.workbench.client.sam.ApiClient) IamBadRequestException(bio.terra.service.iam.exception.IamBadRequestException) ResourceAndAccessPolicy(org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy) IamProviderInterface(bio.terra.service.iam.IamProviderInterface) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) IamRole(bio.terra.service.iam.IamRole) Component(org.springframework.stereotype.Component) List(java.util.List) HttpStatusCodes(com.google.api.client.http.HttpStatusCodes) UserStatusInfo(bio.terra.model.UserStatusInfo) UsersApi(org.broadinstitute.dsde.workbench.client.sam.api.UsersApi) AuthenticatedUserRequest(bio.terra.service.iam.AuthenticatedUserRequest) ConfigurationService(bio.terra.service.configuration.ConfigurationService) Collections(java.util.Collections) IamNotFoundException(bio.terra.service.iam.exception.IamNotFoundException) AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry) PolicyModel(bio.terra.model.PolicyModel) ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)

Aggregations

ArrayList (java.util.ArrayList)3 HashMap (java.util.HashMap)3 AccessPolicyResponseEntry (org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)3 List (java.util.List)2 Map (java.util.Map)2 UUID (java.util.UUID)2 Collectors (java.util.stream.Collectors)2 ApiClient (org.broadinstitute.dsde.workbench.client.sam.ApiClient)2 ApiException (org.broadinstitute.dsde.workbench.client.sam.ApiException)2 GoogleApi (org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi)2 ResourcesApi (org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)2 UsersApi (org.broadinstitute.dsde.workbench.client.sam.api.UsersApi)2 ResourceAndAccessPolicy (org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy)2 Logger (org.slf4j.Logger)2 LoggerFactory (org.slf4j.LoggerFactory)2 Autowired (org.springframework.beans.factory.annotation.Autowired)2 Component (org.springframework.stereotype.Component)2 SpendProfilePolicy (bio.terra.cli.service.SpendProfileManagerService.SpendProfilePolicy)1 ServiceAccountName (bio.terra.cloudres.google.iam.ServiceAccountName)1 DataRepoException (bio.terra.common.exception.DataRepoException)1