use of org.broadinstitute.dsde.workbench.client.sam.model.CreateResourceRequestV2 in project terra-workspace-manager by DataBiosphere.
the class SamService method createControlledResource.
/**
* Create a controlled resource in Sam.
*
* @param resource The WSM representation of the resource to create.
* @param privateIamRole The IAM role to grant on a private resource. It is required for
* user-private resources and optional for application-private resources.
* @param assignedUserEmail Email identifier of the assigned user of this resource. Same
* constraints as privateIamRoles.
* @param userRequest Credentials to use for talking to Sam.
*/
@Traced
public void createControlledResource(ControlledResource resource, @Nullable ControlledResourceIamRole privateIamRole, @Nullable String assignedUserEmail, AuthenticatedUserRequest userRequest) throws InterruptedException {
// We need the WSM SA for setting controlled resource policies
initializeWsmServiceAccount();
FullyQualifiedResourceId workspaceParentFqId = new FullyQualifiedResourceId().resourceId(resource.getWorkspaceId().toString()).resourceTypeName(SamConstants.SamResource.WORKSPACE);
CreateResourceRequestV2 resourceRequest = new CreateResourceRequestV2().resourceId(resource.getResourceId().toString()).parent(workspaceParentFqId);
var builder = new ControlledResourceSamPolicyBuilder(this, privateIamRole, assignedUserEmail, userRequest, ControlledResourceCategory.get(resource.getAccessScope(), resource.getManagedBy()));
builder.addPolicies(resourceRequest);
try {
// We use the user request for the create, but could equally well use the WSM SA.
// The creating token has no effect on the resource policies.
ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
SamRetry.retry(() -> resourceApi.createResourceV2(resource.getCategory().getSamResourceName(), resourceRequest));
logger.info("Created Sam controlled resource {}", resource.getResourceId());
dumpRoleBindings(resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), getWsmServiceAccountToken());
} catch (ApiException apiException) {
// Do nothing if the resource to create already exists, this may not be the first time do is
// called. Other exceptions still need to be surfaced.
// Resource IDs are randomly generated, so we trust that the caller must have created
// an existing Sam resource.
logger.info("Sam API error while creating a controlled resource, code is " + apiException.getCode());
if (apiException.getCode() == HttpStatus.CONFLICT.value()) {
logger.info("Sam error was CONFLICT on creation request. This means the resource already " + "exists but is not an error so no exception thrown.");
return;
}
throw SamExceptionFactory.create("Error creating controlled resource in Sam", apiException);
}
}
use of org.broadinstitute.dsde.workbench.client.sam.model.CreateResourceRequestV2 in project terra-cli by DataBiosphere.
the class SamService method createResource.
/**
* Call the SAM "/api/resources/v2/{resourceTypeName}" POST endpoint to create a new resource with
* the given policies (i.e. not default owner policy).
*
* @param resourceType type of resource
* @param resourceId id of resource
* @param policies list of policies on the resource
*/
public void createResource(String resourceType, String resourceId, Map<String, AccessPolicyMembershipV2> policies) {
CreateResourceRequestV2 request = new CreateResourceRequestV2().resourceId(resourceId).policies(policies);
logger.debug("create resource request: {}", request);
callWithRetries(() -> new ResourcesApi(apiClient).createResourceV2(resourceType, request), "Error creating SAM resource.");
}
use of org.broadinstitute.dsde.workbench.client.sam.model.CreateResourceRequestV2 in project terra-workspace-manager by DataBiosphere.
the class SamService method createWorkspaceWithDefaults.
/**
* Wrapper around the Sam client to create a workspace resource in Sam.
*
* <p>This creates a workspace with the provided ID and requesting user as the sole Owner. Empty
* reader and writer policies are also created. Errors from the Sam client will be thrown as Sam
* specific exception types.
*/
@Traced
public void createWorkspaceWithDefaults(AuthenticatedUserRequest userRequest, UUID id) throws InterruptedException {
ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
// Sam will throw an error if no owner is specified, so the caller's email is required. It can
// be looked up using the auth token if that's all the caller provides.
// If we called WSM as the pet SA and went through the proxy, this becomes the pet SA's email if
// we use the request email. That caused an issue where the human user wasn't recognized on the
// workspace.
String humanUserEmail = getUserEmailFromSam(userRequest);
CreateResourceRequestV2 workspaceRequest = new CreateResourceRequestV2().resourceId(id.toString()).policies(defaultWorkspacePolicies(humanUserEmail));
try {
SamRetry.retry(() -> resourceApi.createResourceV2(SamConstants.SamResource.WORKSPACE, workspaceRequest));
logger.info("Created Sam resource for workspace {}", id);
} catch (ApiException apiException) {
throw SamExceptionFactory.create("Error creating a Workspace resource in Sam", apiException);
}
dumpRoleBindings(SamConstants.SamResource.WORKSPACE, id.toString(), userRequest.getRequiredToken());
}
Aggregations