use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-cli by DataBiosphere.
the class SpendProfileUser method listUsersInMap.
/**
* Get the users of the default WSM spend profile in a map, to make it easy to lookup a particular
* user.
*
* @return a map of email -> spend profile user object
*/
private static Map<String, SpendProfileUser> listUsersInMap() {
// call SAM to get the users + policies for the WSM default spend profile resource
List<AccessPolicyResponseEntry> accessPolicies = SpendProfileManagerService.fromContext().listUsersOfDefaultSpendProfile();
// convert the SAM objects (policy -> list of emails) to CLI objects (email -> list of policies)
Map<String, SpendProfileUser> spendProfileUsers = new HashMap<>();
accessPolicies.forEach(accessPolicy -> {
SpendProfilePolicy spendPolicy = SpendProfilePolicy.valueOf(accessPolicy.getPolicyName().toUpperCase());
for (String email : accessPolicy.getPolicy().getMemberEmails()) {
// lowercase the email so there is a consistent way of looking up the email address
// the email address casing in SAM may not match the case of what is provided by the
// user
String emailLowercase = email.toLowerCase();
SpendProfileUser spendProfileUser = spendProfileUsers.get(emailLowercase);
if (spendProfileUser == null) {
spendProfileUser = new SpendProfileUser(emailLowercase, new ArrayList<>());
spendProfileUsers.put(emailLowercase, spendProfileUser);
}
spendProfileUser.policies.add(spendPolicy);
}
});
return spendProfileUsers;
}
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-workspace-manager by DataBiosphere.
the class SamService method listRoleBindings.
/**
* Wrapper around Sam client to retrieve the full current permissions model of a workspace.
*
* <p>This operation is only available to MC_WORKSPACE stage workspaces, as Rawls manages
* permissions directly on other workspaces.
*/
@Traced
public List<RoleBinding> listRoleBindings(UUID workspaceId, AuthenticatedUserRequest userRequest) throws InterruptedException {
stageService.assertMcWorkspace(workspaceId, "listRoleBindings");
checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.READ_IAM);
ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
try {
List<AccessPolicyResponseEntry> samResult = SamRetry.retry(() -> resourceApi.listResourcePolicies(SamConstants.SamResource.WORKSPACE, workspaceId.toString()));
// callers.
return samResult.stream().filter(entry -> !entry.getPolicyName().equals(WsmIamRole.MANAGER.toSamRole())).map(entry -> RoleBinding.builder().role(WsmIamRole.fromSam(entry.getPolicyName())).users(entry.getPolicy().getMemberEmails()).build()).collect(Collectors.toList());
} catch (ApiException apiException) {
throw SamExceptionFactory.create("Error listing role bindings in Sam", apiException);
}
}
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project jade-data-repo by DataBiosphere.
the class SamIam method retrievePoliciesInner.
private List<PolicyModel> retrievePoliciesInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId) throws ApiException {
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
List<AccessPolicyResponseEntry> results = samResourceApi.listResourcePolicies(iamResourceType.toString(), resourceId.toString());
return results.stream().map(entry -> new PolicyModel().name(entry.getPolicyName()).members(entry.getPolicy().getMemberEmails())).collect(Collectors.toList());
}
Aggregations