use of org.broadinstitute.dsde.workbench.client.sam.model.FullyQualifiedResourceId in project terra-workspace-manager by DataBiosphere.
the class SamService method createControlledResource.
/**
* Create a controlled resource in Sam.
*
* @param resource The WSM representation of the resource to create.
* @param privateIamRole The IAM role to grant on a private resource. It is required for
* user-private resources and optional for application-private resources.
* @param assignedUserEmail Email identifier of the assigned user of this resource. Same
* constraints as privateIamRoles.
* @param userRequest Credentials to use for talking to Sam.
*/
@Traced
public void createControlledResource(ControlledResource resource, @Nullable ControlledResourceIamRole privateIamRole, @Nullable String assignedUserEmail, AuthenticatedUserRequest userRequest) throws InterruptedException {
// We need the WSM SA for setting controlled resource policies
initializeWsmServiceAccount();
FullyQualifiedResourceId workspaceParentFqId = new FullyQualifiedResourceId().resourceId(resource.getWorkspaceId().toString()).resourceTypeName(SamConstants.SamResource.WORKSPACE);
CreateResourceRequestV2 resourceRequest = new CreateResourceRequestV2().resourceId(resource.getResourceId().toString()).parent(workspaceParentFqId);
var builder = new ControlledResourceSamPolicyBuilder(this, privateIamRole, assignedUserEmail, userRequest, ControlledResourceCategory.get(resource.getAccessScope(), resource.getManagedBy()));
builder.addPolicies(resourceRequest);
try {
// We use the user request for the create, but could equally well use the WSM SA.
// The creating token has no effect on the resource policies.
ResourcesApi resourceApi = samResourcesApi(userRequest.getRequiredToken());
SamRetry.retry(() -> resourceApi.createResourceV2(resource.getCategory().getSamResourceName(), resourceRequest));
logger.info("Created Sam controlled resource {}", resource.getResourceId());
dumpRoleBindings(resource.getCategory().getSamResourceName(), resource.getResourceId().toString(), getWsmServiceAccountToken());
} catch (ApiException apiException) {
// Do nothing if the resource to create already exists, this may not be the first time do is
// called. Other exceptions still need to be surfaced.
// Resource IDs are randomly generated, so we trust that the caller must have created
// an existing Sam resource.
logger.info("Sam API error while creating a controlled resource, code is " + apiException.getCode());
if (apiException.getCode() == HttpStatus.CONFLICT.value()) {
logger.info("Sam error was CONFLICT on creation request. This means the resource already " + "exists but is not an error so no exception thrown.");
return;
}
throw SamExceptionFactory.create("Error creating controlled resource in Sam", apiException);
}
}
Aggregations