Example 1 with AccessPolicyResponseEntry
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-cli by DataBiosphere.
the class SpendProfileUser method listUsersInMap.
/**
* Get the users of the default WSM spend profile in a map, to make it easy to lookup a particular
* user.
*
* @return a map of email -> spend profile user object
*/
private static Map<String, SpendProfileUser> listUsersInMap() {
// call SAM to get the users + policies for the WSM default spend profile resource
List<AccessPolicyResponseEntry> accessPolicies = SpendProfileManagerService.fromContext().listUsersOfDefaultSpendProfile();
// convert the SAM objects (policy -> list of emails) to CLI objects (email -> list of policies)
Map<String, SpendProfileUser> spendProfileUsers = new HashMap<>();
accessPolicies.forEach(accessPolicy -> {
SpendProfilePolicy spendPolicy = SpendProfilePolicy.valueOf(accessPolicy.getPolicyName().toUpperCase());
for (String email : accessPolicy.getPolicy().getMemberEmails()) {
// lowercase the email so there is a consistent way of looking up the email address
// the email address casing in SAM may not match the case of what is provided by the
// user
String emailLowercase = email.toLowerCase();
SpendProfileUser spendProfileUser = spendProfileUsers.get(emailLowercase);
if (spendProfileUser == null) {
spendProfileUser = new SpendProfileUser(emailLowercase, new ArrayList<>());
spendProfileUsers.put(emailLowercase, spendProfileUser);
}
spendProfileUser.policies.add(spendPolicy);
}
});
return spendProfileUsers;
}
Also used :
HashMap(java.util.HashMap)
AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)
ArrayList(java.util.ArrayList)
SpendProfilePolicy(bio.terra.cli.service.SpendProfileManagerService.SpendProfilePolicy)
Example 2 with AccessPolicyResponseEntry
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project terra-workspace-manager by DataBiosphere.
the class SamService method listRoleBindings.
/**
* Wrapper around Sam client to retrieve the full current permissions model of a workspace.
*
* <p>This operation is only available to MC_WORKSPACE stage workspaces, as Rawls manages
* permissions directly on other workspaces.
*/
@Traced
public List<RoleBinding> listRoleBindings(UUID workspaceId, AuthenticatedUserRequest userRequest) throws InterruptedException {
stageService.assertMcWorkspace(workspaceId, "listRoleBindings");
checkAuthz(userRequest, SamConstants.SamResource.WORKSPACE, workspaceId.toString(), SamWorkspaceAction.READ_IAM);
ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
try {
List<AccessPolicyResponseEntry> samResult = SamRetry.retry(() -> resourceApi.listResourcePolicies(SamConstants.SamResource.WORKSPACE, workspaceId.toString()));
// callers.
return samResult.stream().filter(entry -> !entry.getPolicyName().equals(WsmIamRole.MANAGER.toSamRole())).map(entry -> RoleBinding.builder().role(WsmIamRole.fromSam(entry.getPolicyName())).users(entry.getPolicy().getMemberEmails()).build()).collect(Collectors.toList());
} catch (ApiException apiException) {
throw SamExceptionFactory.create("Error listing role bindings in Sam", apiException);
}
}
Also used :
RoleBinding(bio.terra.workspace.service.iam.model.RoleBinding)
CreateResourceRequestV2(org.broadinstitute.dsde.workbench.client.sam.model.CreateResourceRequestV2)
WsmIamRole(bio.terra.workspace.service.iam.model.WsmIamRole)
ControlledResource(bio.terra.workspace.service.resource.controlled.model.ControlledResource)
StatusApi(org.broadinstitute.dsde.workbench.client.sam.api.StatusApi)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
InternalServerErrorException(bio.terra.common.exception.InternalServerErrorException)
SamRetry(bio.terra.common.sam.SamRetry)
Map(java.util.Map)
GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi)
AccessPolicyResponseEntryV2(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntryV2)
ImmutableSet(com.google.common.collect.ImmutableSet)
ServiceAccountName(bio.terra.cloudres.google.iam.ServiceAccountName)
Set(java.util.Set)
FullyQualifiedResourceId(org.broadinstitute.dsde.workbench.client.sam.model.FullyQualifiedResourceId)
UUID(java.util.UUID)
SamWorkspaceAction(bio.terra.workspace.service.iam.model.SamConstants.SamWorkspaceAction)
Collectors(java.util.stream.Collectors)
ControlledResourceCategory(bio.terra.workspace.service.resource.controlled.model.ControlledResourceCategory)
SamExceptionFactory(bio.terra.common.sam.exception.SamExceptionFactory)
List(java.util.List)
ControlledResourceIamRole(bio.terra.workspace.service.iam.model.ControlledResourceIamRole)
Optional(java.util.Optional)
SystemStatus(org.broadinstitute.dsde.workbench.client.sam.model.SystemStatus)
SamConfiguration(bio.terra.workspace.app.configuration.external.SamConfiguration)
HashMap(java.util.HashMap)
ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException)
GcpUtils(bio.terra.workspace.common.utils.GcpUtils)
ArrayList(java.util.ArrayList)
SamConstants(bio.terra.workspace.service.iam.model.SamConstants)
ImmutableList(com.google.common.collect.ImmutableList)
AccessPolicyMembershipV2(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembershipV2)
InternalLogicException(bio.terra.workspace.common.exception.InternalLogicException)
Traced(io.opencensus.contrib.spring.aop.Traced)
ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)
Nullable(javax.annotation.Nullable)
AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)
Logger(org.slf4j.Logger)
GoogleCredentials(com.google.auth.oauth2.GoogleCredentials)
ApiClient(org.broadinstitute.dsde.workbench.client.sam.ApiClient)
IOException(java.io.IOException)
ResourceAndAccessPolicy(org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy)
ForbiddenException(bio.terra.common.exception.ForbiddenException)
HttpStatus(org.springframework.http.HttpStatus)
Component(org.springframework.stereotype.Component)
OkHttpClient(okhttp3.OkHttpClient)
UsersApi(org.broadinstitute.dsde.workbench.client.sam.api.UsersApi)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
StageService(bio.terra.workspace.service.stage.StageService)
AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)
ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)
ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException)
Traced(io.opencensus.contrib.spring.aop.Traced)
Example 3 with AccessPolicyResponseEntry
use of org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry in project jade-data-repo by DataBiosphere.
the class SamIam method retrievePoliciesInner.
private List<PolicyModel> retrievePoliciesInner(AuthenticatedUserRequest userReq, IamResourceType iamResourceType, UUID resourceId) throws ApiException {
ResourcesApi samResourceApi = samResourcesApi(userReq.getRequiredToken());
List<AccessPolicyResponseEntry> results = samResourceApi.listResourcePolicies(iamResourceType.toString(), resourceId.toString());
return results.stream().map(entry -> new PolicyModel().name(entry.getPolicyName()).members(entry.getPolicy().getMemberEmails())).collect(Collectors.toList());
}
Also used :
DataRepoException(bio.terra.common.exception.DataRepoException)
Arrays(java.util.Arrays)
IamResourceType(bio.terra.service.iam.IamResourceType)
AccessPolicyMembership(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyMembership)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
IamUnauthorizedException(bio.terra.service.iam.exception.IamUnauthorizedException)
HashMap(java.util.HashMap)
ApiException(org.broadinstitute.dsde.workbench.client.sam.ApiException)
IamInternalServerErrorException(bio.terra.service.iam.exception.IamInternalServerErrorException)
ArrayList(java.util.ArrayList)
IamAction(bio.terra.service.iam.IamAction)
GoogleApi(org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi)
Map(java.util.Map)
ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)
Pair(org.broadinstitute.dsde.workbench.client.sam.Pair)
AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)
PolicyModel(bio.terra.model.PolicyModel)
Logger(org.slf4j.Logger)
ApiClient(org.broadinstitute.dsde.workbench.client.sam.ApiClient)
IamBadRequestException(bio.terra.service.iam.exception.IamBadRequestException)
ResourceAndAccessPolicy(org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy)
IamProviderInterface(bio.terra.service.iam.IamProviderInterface)
UUID(java.util.UUID)
Collectors(java.util.stream.Collectors)
IamRole(bio.terra.service.iam.IamRole)
Component(org.springframework.stereotype.Component)
List(java.util.List)
HttpStatusCodes(com.google.api.client.http.HttpStatusCodes)
UserStatusInfo(bio.terra.model.UserStatusInfo)
UsersApi(org.broadinstitute.dsde.workbench.client.sam.api.UsersApi)
AuthenticatedUserRequest(bio.terra.service.iam.AuthenticatedUserRequest)
ConfigurationService(bio.terra.service.configuration.ConfigurationService)
Collections(java.util.Collections)
IamNotFoundException(bio.terra.service.iam.exception.IamNotFoundException)
AccessPolicyResponseEntry(org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)
PolicyModel(bio.terra.model.PolicyModel)
ResourcesApi(org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)
Aggregations
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
AccessPolicyResponseEntry (org.broadinstitute.dsde.workbench.client.sam.model.AccessPolicyResponseEntry)3
List (java.util.List)2
Map (java.util.Map)2
UUID (java.util.UUID)2
Collectors (java.util.stream.Collectors)2
ApiClient (org.broadinstitute.dsde.workbench.client.sam.ApiClient)2
ApiException (org.broadinstitute.dsde.workbench.client.sam.ApiException)2
GoogleApi (org.broadinstitute.dsde.workbench.client.sam.api.GoogleApi)2
ResourcesApi (org.broadinstitute.dsde.workbench.client.sam.api.ResourcesApi)2
UsersApi (org.broadinstitute.dsde.workbench.client.sam.api.UsersApi)2
ResourceAndAccessPolicy (org.broadinstitute.dsde.workbench.client.sam.model.ResourceAndAccessPolicy)2
Logger (org.slf4j.Logger)2
LoggerFactory (org.slf4j.LoggerFactory)2
Autowired (org.springframework.beans.factory.annotation.Autowired)2
Component (org.springframework.stereotype.Component)2
SpendProfilePolicy (bio.terra.cli.service.SpendProfileManagerService.SpendProfilePolicy)1
ServiceAccountName (bio.terra.cloudres.google.iam.ServiceAccountName)1
DataRepoException (bio.terra.common.exception.DataRepoException)1
