Example 11 with ApiException
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class ProfileControllerTest method testMe_userBeforeSuccessCloudProjectConflict.
@Test
public void testMe_userBeforeSuccessCloudProjectConflict() throws Exception {
createUser();
when(fireCloudService.isRequesterEnabledInFirecloud()).thenReturn(true);
String projectName = BILLING_PROJECT_PREFIX + user.getUserId();
doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName);
doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
Profile profile = cloudProfileController.getMe().getBody();
// When a conflict occurs in dev, log the exception but continue.
assertProfile(profile, PRIMARY_EMAIL, CONTACT_EMAIL, FAMILY_NAME, GIVEN_NAME, DataAccessLevel.UNREGISTERED, TIMESTAMP, projectName + "-2", true);
verify(fireCloudService).registerUser(CONTACT_EMAIL, GIVEN_NAME, FAMILY_NAME);
verify(fireCloudService).createAllOfUsBillingProject(projectName);
verify(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
verify(fireCloudService).createAllOfUsBillingProject(projectName + "-2");
verify(fireCloudService).addUserToBillingProject(PRIMARY_EMAIL, projectName + "-2");
}
Also used :
Profile(org.pmiops.workbench.model.Profile)
ApiException(org.pmiops.workbench.firecloud.ApiException)
DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)
Test(org.junit.Test)
Example 12 with ApiException
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class AuthInterceptorTest method preHandleGet_firecloudLookupFails.
@Test
public void preHandleGet_firecloudLookupFails() throws Exception {
when(handler.getMethod()).thenReturn(getProfileApiMethod("getBillingProjects"));
when(request.getMethod()).thenReturn(HttpMethods.GET);
when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("Bearer foo");
Userinfoplus userInfo = new Userinfoplus();
userInfo.setEmail("bob@bad-domain.org");
when(userInfoService.getUserInfo("foo")).thenReturn(userInfo);
when(fireCloudService.getMe()).thenThrow(new ApiException(HttpServletResponse.SC_NOT_FOUND, "blah"));
assertThat(interceptor.preHandle(request, response, handler)).isFalse();
verify(response).sendError(HttpServletResponse.SC_NOT_FOUND);
}
Also used :
Userinfoplus(com.google.api.services.oauth2.model.Userinfoplus)
ApiException(org.pmiops.workbench.firecloud.ApiException)
Test(org.junit.Test)
Example 13 with ApiException
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class ProfileController method initializeUserIfNeeded.
private User initializeUserIfNeeded() {
UserAuthentication userAuthentication = userAuthenticationProvider.get();
User user = userAuthentication.getUser();
if (userAuthentication.getUserType() == UserType.SERVICE_ACCOUNT) {
// Service accounts don't need further initialization.
return user;
}
// On first sign-in, create a FC user, billing project, and set the first sign in time.
if (user.getFirstSignInTime() == null) {
// instead use the freeTierBillingProjectStatus.
if (user.getFreeTierBillingProjectName() == null) {
String billingProjectName = createFirecloudUserAndBillingProject(user);
user.setFreeTierBillingProjectName(billingProjectName);
user.setFreeTierBillingProjectStatus(BillingProjectStatus.PENDING);
}
user.setFirstSignInTime(new Timestamp(clock.instant().toEpochMilli()));
try {
return userDao.save(user);
} catch (ObjectOptimisticLockingFailureException e) {
log.log(Level.WARNING, "version conflict for user update", e);
throw new ConflictException("Failed due to concurrent modification");
}
}
// Free tier billing project setup is complete; nothing to do.
if (BillingProjectStatus.READY.equals(user.getFreeTierBillingProjectStatus())) {
return user;
}
// On subsequent sign-ins to the first, attempt to complete the setup of the FC billing project
// and mark the Workbench's project setup as completed. FC project creation is asynchronous, so
// first confirm whether Firecloud claims the project setup is complete.
BillingProjectStatus status = null;
try {
status = fireCloudService.getBillingProjectMemberships().stream().filter(m -> user.getFreeTierBillingProjectName().equals(m.getProjectName())).map(m -> fcToWorkbenchBillingMap.get(m.getCreationStatus())).findFirst().orElse(BillingProjectStatus.NONE);
} catch (ApiException e) {
log.log(Level.WARNING, "failed to retrieve billing projects, continuing", e);
return user;
}
switch(status) {
case NONE:
case PENDING:
log.log(Level.INFO, "free tier project is still initializing, continuing");
return user;
case ERROR:
log.log(Level.SEVERE, String.format("free tier project %s failed to be created", user.getFreeTierBillingProjectName()));
user.setFreeTierBillingProjectStatus(status);
return userDao.save(user);
case READY:
break;
default:
log.log(Level.SEVERE, String.format("unrecognized status '%s'", status));
return user;
}
// notebooks.
try {
fireCloudService.grantGoogleRoleToUser(user.getFreeTierBillingProjectName(), FireCloudService.BIGQUERY_JOB_USER_GOOGLE_ROLE, user.getEmail());
} catch (ApiException e) {
log.log(Level.WARNING, "granting BigQuery role on created free tier billing project failed", e);
// Allow the user to continue, as most workbench functionality will still be usable.
return user;
}
log.log(Level.INFO, "free tier project initialized and BigQuery role granted");
user.setFreeTierBillingProjectStatus(BillingProjectStatus.READY);
return userDao.save(user);
}
Also used :
Message(javax.mail.Message)
ObjectOptimisticLockingFailureException(org.springframework.orm.ObjectOptimisticLockingFailureException)
IdVerificationListResponse(org.pmiops.workbench.model.IdVerificationListResponse)
Provider(javax.inject.Provider)
MailChimpService(org.pmiops.workbench.mailchimp.MailChimpService)
FireCloudService(org.pmiops.workbench.firecloud.FireCloudService)
MessagingException(javax.mail.MessagingException)
Autowired(org.springframework.beans.factory.annotation.Autowired)
EmailException(org.pmiops.workbench.exceptions.EmailException)
DirectoryService(org.pmiops.workbench.google.DirectoryService)
Authority(org.pmiops.workbench.model.Authority)
CreateAccountRequest(org.pmiops.workbench.model.CreateAccountRequest)
Map(java.util.Map)
CloudStorageService(org.pmiops.workbench.google.CloudStorageService)
User(org.pmiops.workbench.db.model.User)
Profile(org.pmiops.workbench.model.Profile)
UserService(org.pmiops.workbench.db.dao.UserService)
UserDao(org.pmiops.workbench.db.dao.UserDao)
Transport(javax.mail.Transport)
ImmutableMap(com.google.common.collect.ImmutableMap)
Timestamp(java.sql.Timestamp)
AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)
InvitationVerificationRequest(org.pmiops.workbench.model.InvitationVerificationRequest)
ConflictException(org.pmiops.workbench.exceptions.ConflictException)
Logger(java.util.logging.Logger)
Collectors(java.util.stream.Collectors)
RestController(org.springframework.web.bind.annotation.RestController)
List(java.util.List)
Address(com.blockscore.models.Address)
BillingProjectStatus(org.pmiops.workbench.model.BillingProjectStatus)
WorkbenchEnvironment(org.pmiops.workbench.config.WorkbenchEnvironment)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
UserType(org.pmiops.workbench.auth.UserAuthentication.UserType)
BillingProjectMembership(org.pmiops.workbench.model.BillingProjectMembership)
UsernameTakenResponse(org.pmiops.workbench.model.UsernameTakenResponse)
ApiException(org.pmiops.workbench.firecloud.ApiException)
Function(java.util.function.Function)
ArrayList(java.util.ArrayList)
Level(java.util.logging.Level)
InternetAddress(javax.mail.internet.InternetAddress)
ProfileService(org.pmiops.workbench.auth.ProfileService)
BadRequestException(org.pmiops.workbench.exceptions.BadRequestException)
ExceptionUtils(org.pmiops.workbench.exceptions.ExceptionUtils)
Properties(java.util.Properties)
IdVerificationRequest(org.pmiops.workbench.model.IdVerificationRequest)
IdVerificationReviewRequest(org.pmiops.workbench.model.IdVerificationReviewRequest)
BlockscoreIdVerificationStatus(org.pmiops.workbench.model.BlockscoreIdVerificationStatus)
IOException(java.io.IOException)
MimeMessage(javax.mail.internet.MimeMessage)
BlockscoreService(org.pmiops.workbench.blockscore.BlockscoreService)
UserAuthentication(org.pmiops.workbench.auth.UserAuthentication)
HttpStatus(org.springframework.http.HttpStatus)
ServerErrorException(org.pmiops.workbench.exceptions.ServerErrorException)
WorkbenchConfig(org.pmiops.workbench.config.WorkbenchConfig)
Clock(java.time.Clock)
Session(javax.mail.Session)
EmailVerificationStatus(org.pmiops.workbench.model.EmailVerificationStatus)
Person(com.blockscore.models.Person)
ResponseEntity(org.springframework.http.ResponseEntity)
CreationStatusEnum(org.pmiops.workbench.firecloud.model.BillingProjectMembership.CreationStatusEnum)
BillingProjectStatus(org.pmiops.workbench.model.BillingProjectStatus)
User(org.pmiops.workbench.db.model.User)
ConflictException(org.pmiops.workbench.exceptions.ConflictException)
UserAuthentication(org.pmiops.workbench.auth.UserAuthentication)
Timestamp(java.sql.Timestamp)
ObjectOptimisticLockingFailureException(org.springframework.orm.ObjectOptimisticLockingFailureException)
ApiException(org.pmiops.workbench.firecloud.ApiException)
Example 14 with ApiException
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class WorkspacesController method cloneWorkspace.
@Override
public ResponseEntity<CloneWorkspaceResponse> cloneWorkspace(String workspaceNamespace, String workspaceId, CloneWorkspaceRequest body) {
Workspace workspace = body.getWorkspace();
if (Strings.isNullOrEmpty(workspace.getNamespace())) {
throw new BadRequestException("missing required field 'workspace.namespace'");
} else if (Strings.isNullOrEmpty(workspace.getName())) {
throw new BadRequestException("missing required field 'workspace.name'");
} else if (workspace.getResearchPurpose() == null) {
throw new BadRequestException("missing required field 'workspace.researchPurpose'");
}
User user = userProvider.get();
if (workspaceService.getByName(workspace.getNamespace(), workspace.getName()) != null) {
throw new ConflictException(String.format("Workspace %s/%s already exists", workspace.getNamespace(), workspace.getName()));
}
// Retrieving the workspace is done first, which acts as an access check.
String fromBucket = null;
try {
fromBucket = fireCloudService.getWorkspace(workspaceNamespace, workspaceId).getWorkspace().getBucketName();
} catch (ApiException e) {
if (e.getCode() == 404) {
log.log(Level.INFO, "Firecloud workspace not found", e);
throw new NotFoundException(String.format("workspace %s/%s not found or not accessible", workspaceNamespace, workspaceId));
}
log.log(Level.SEVERE, "Firecloud server error", e);
throw new ServerErrorException();
}
org.pmiops.workbench.db.model.Workspace fromWorkspace = workspaceService.getRequiredWithCohorts(workspaceNamespace, workspaceId);
if (fromWorkspace == null) {
throw new NotFoundException(String.format("Workspace %s/%s not found", workspaceNamespace, workspaceId));
}
FirecloudWorkspaceId fcWorkspaceId = generateFirecloudWorkspaceId(workspace.getNamespace(), workspace.getName());
fireCloudService.cloneWorkspace(workspaceNamespace, workspaceId, fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName());
org.pmiops.workbench.firecloud.model.Workspace toFcWorkspace = null;
try {
toFcWorkspace = fireCloudService.getWorkspace(fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName()).getWorkspace();
} catch (ApiException e) {
log.log(Level.SEVERE, "Firecloud error retrieving newly cloned workspace", e);
throw new ServerErrorException();
}
// feasibly copy within a single API request.
for (Blob b : cloudStorageService.getBlobList(fromBucket, NOTEBOOKS_WORKSPACE_DIRECTORY)) {
if (!NOTEBOOK_PATTERN.matcher(b.getName()).matches()) {
continue;
}
if (b.getSize() != null && b.getSize() / 1e6 > MAX_NOTEBOOK_SIZE_MB) {
throw new FailedPreconditionException(String.format("workspace %s/%s contains a notebook larger than %dMB: '%s'; cannot clone - please " + "remove this notebook, reduce its size, or contact the workspace owner", workspaceNamespace, workspaceId, MAX_NOTEBOOK_SIZE_MB, b.getName()));
}
cloudStorageService.copyBlob(b.getBlobId(), BlobId.of(toFcWorkspace.getBucketName(), b.getName()));
}
// The final step in the process is to clone the AoU representation of the
// workspace. The implication here is that we may generate orphaned
// Firecloud workspaces / buckets, but a user should not be able to see
// half-way cloned workspaces via AoU - so it will just appear as a
// transient failure.
org.pmiops.workbench.db.model.Workspace toWorkspace = FROM_CLIENT_WORKSPACE.apply(body.getWorkspace());
org.pmiops.workbench.db.model.Workspace dbWorkspace = new org.pmiops.workbench.db.model.Workspace();
Timestamp now = new Timestamp(clock.instant().toEpochMilli());
dbWorkspace.setFirecloudName(fcWorkspaceId.getWorkspaceName());
dbWorkspace.setWorkspaceNamespace(fcWorkspaceId.getWorkspaceNamespace());
dbWorkspace.setCreator(user);
dbWorkspace.setCreationTime(now);
dbWorkspace.setLastModifiedTime(now);
dbWorkspace.setVersion(1);
dbWorkspace.setName(toWorkspace.getName());
ResearchPurpose researchPurpose = body.getWorkspace().getResearchPurpose();
setResearchPurposeDetails(dbWorkspace, researchPurpose);
if (researchPurpose.getReviewRequested()) {
// Use a consistent timestamp.
dbWorkspace.setTimeRequested(now);
}
dbWorkspace.setReviewRequested(researchPurpose.getReviewRequested());
// Clone the previous description, by default.
if (Strings.isNullOrEmpty(toWorkspace.getDescription())) {
dbWorkspace.setDescription(fromWorkspace.getDescription());
} else {
dbWorkspace.setDescription(toWorkspace.getDescription());
}
dbWorkspace.setCdrVersion(fromWorkspace.getCdrVersion());
dbWorkspace.setDataAccessLevel(fromWorkspace.getDataAccessLevel());
writeWorkspaceConfigFile(toFcWorkspace, dbWorkspace.getCdrVersion());
org.pmiops.workbench.db.model.WorkspaceUserRole permissions = new org.pmiops.workbench.db.model.WorkspaceUserRole();
permissions.setRole(WorkspaceAccessLevel.OWNER);
permissions.setWorkspace(dbWorkspace);
permissions.setUser(user);
dbWorkspace.addWorkspaceUserRole(permissions);
dbWorkspace = workspaceService.saveAndCloneCohorts(fromWorkspace, dbWorkspace);
CloneWorkspaceResponse resp = new CloneWorkspaceResponse();
resp.setWorkspace(TO_SINGLE_CLIENT_WORKSPACE_FROM_FC_AND_DB.apply(dbWorkspace, toFcWorkspace));
return ResponseEntity.ok(resp);
}
Also used :
Blob(com.google.cloud.storage.Blob)
User(org.pmiops.workbench.db.model.User)
ConflictException(org.pmiops.workbench.exceptions.ConflictException)
NotFoundException(org.pmiops.workbench.exceptions.NotFoundException)
WorkspaceUserRole(org.pmiops.workbench.db.model.WorkspaceUserRole)
Timestamp(java.sql.Timestamp)
FirecloudWorkspaceId(org.pmiops.workbench.db.model.Workspace.FirecloudWorkspaceId)
CloneWorkspaceResponse(org.pmiops.workbench.model.CloneWorkspaceResponse)
FailedPreconditionException(org.pmiops.workbench.exceptions.FailedPreconditionException)
BadRequestException(org.pmiops.workbench.exceptions.BadRequestException)
ServerErrorException(org.pmiops.workbench.exceptions.ServerErrorException)
WorkspaceUserRole(org.pmiops.workbench.db.model.WorkspaceUserRole)
Workspace(org.pmiops.workbench.model.Workspace)
ApiException(org.pmiops.workbench.firecloud.ApiException)
ResearchPurpose(org.pmiops.workbench.model.ResearchPurpose)
Example 15 with ApiException
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class AuthDomainController method removeUserFromAuthDomain.
@Override
@AuthorityRequired({ Authority.MANAGE_GROUP })
public ResponseEntity<Void> removeUserFromAuthDomain(String groupName, AuthDomainRequest request) {
User user = userDao.findUserByEmail(request.getEmail());
DataAccessLevel previousAccess = user.getDataAccessLevel();
try {
fireCloudService.removeUserFromGroup(request.getEmail(), groupName);
} catch (ApiException e) {
ExceptionUtils.convertFirecloudException(e);
}
// TODO(calbach): Teardown any active clusters here.
user.setDataAccessLevel(DataAccessLevel.REVOKED);
user.setDisabled(true);
userDao.save(user);
userService.logAdminUserAction(user.getUserId(), "user access to " + groupName + " domain", previousAccess, DataAccessLevel.REVOKED);
return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
}
Also used :
User(org.pmiops.workbench.db.model.User)
DataAccessLevel(org.pmiops.workbench.model.DataAccessLevel)
ApiException(org.pmiops.workbench.firecloud.ApiException)
AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)
Aggregations
ApiException (org.pmiops.workbench.firecloud.ApiException)15
User (org.pmiops.workbench.db.model.User)8
Test (org.junit.Test)6
ServerErrorException (org.pmiops.workbench.exceptions.ServerErrorException)5
AuthorityRequired (org.pmiops.workbench.annotations.AuthorityRequired)4
WorkbenchConfig (org.pmiops.workbench.config.WorkbenchConfig)4
Profile (org.pmiops.workbench.model.Profile)4
DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)4
ArrayList (java.util.ArrayList)3
BadRequestException (org.pmiops.workbench.exceptions.BadRequestException)3
Userinfoplus (com.google.api.services.oauth2.model.Userinfoplus)2
ImmutableMap (com.google.common.collect.ImmutableMap)2
Timestamp (java.sql.Timestamp)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
Function (java.util.function.Function)2
Level (java.util.logging.Level)2
Logger (java.util.logging.Logger)2
Collectors (java.util.stream.Collectors)2
Provider (javax.inject.Provider)2
