Search in sources :

Example 11 with ApiException

use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.

the class ProfileControllerTest method testMe_userBeforeSuccessCloudProjectConflict.

@Test
public void testMe_userBeforeSuccessCloudProjectConflict() throws Exception {
    createUser();
    when(fireCloudService.isRequesterEnabledInFirecloud()).thenReturn(true);
    String projectName = BILLING_PROJECT_PREFIX + user.getUserId();
    doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName);
    doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
    Profile profile = cloudProfileController.getMe().getBody();
    // When a conflict occurs in dev, log the exception but continue.
    assertProfile(profile, PRIMARY_EMAIL, CONTACT_EMAIL, FAMILY_NAME, GIVEN_NAME, DataAccessLevel.UNREGISTERED, TIMESTAMP, projectName + "-2", true);
    verify(fireCloudService).registerUser(CONTACT_EMAIL, GIVEN_NAME, FAMILY_NAME);
    verify(fireCloudService).createAllOfUsBillingProject(projectName);
    verify(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
    verify(fireCloudService).createAllOfUsBillingProject(projectName + "-2");
    verify(fireCloudService).addUserToBillingProject(PRIMARY_EMAIL, projectName + "-2");
}
Also used : Profile(org.pmiops.workbench.model.Profile) ApiException(org.pmiops.workbench.firecloud.ApiException) DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest) Test(org.junit.Test)

Example 12 with ApiException

use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.

the class AuthInterceptorTest method preHandleGet_firecloudLookupFails.

@Test
public void preHandleGet_firecloudLookupFails() throws Exception {
    when(handler.getMethod()).thenReturn(getProfileApiMethod("getBillingProjects"));
    when(request.getMethod()).thenReturn(HttpMethods.GET);
    when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("Bearer foo");
    Userinfoplus userInfo = new Userinfoplus();
    userInfo.setEmail("bob@bad-domain.org");
    when(userInfoService.getUserInfo("foo")).thenReturn(userInfo);
    when(fireCloudService.getMe()).thenThrow(new ApiException(HttpServletResponse.SC_NOT_FOUND, "blah"));
    assertThat(interceptor.preHandle(request, response, handler)).isFalse();
    verify(response).sendError(HttpServletResponse.SC_NOT_FOUND);
}
Also used : Userinfoplus(com.google.api.services.oauth2.model.Userinfoplus) ApiException(org.pmiops.workbench.firecloud.ApiException) Test(org.junit.Test)

Example 13 with ApiException

use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.

the class ProfileController method initializeUserIfNeeded.

private User initializeUserIfNeeded() {
    UserAuthentication userAuthentication = userAuthenticationProvider.get();
    User user = userAuthentication.getUser();
    if (userAuthentication.getUserType() == UserType.SERVICE_ACCOUNT) {
        // Service accounts don't need further initialization.
        return user;
    }
    // On first sign-in, create a FC user, billing project, and set the first sign in time.
    if (user.getFirstSignInTime() == null) {
        // instead use the freeTierBillingProjectStatus.
        if (user.getFreeTierBillingProjectName() == null) {
            String billingProjectName = createFirecloudUserAndBillingProject(user);
            user.setFreeTierBillingProjectName(billingProjectName);
            user.setFreeTierBillingProjectStatus(BillingProjectStatus.PENDING);
        }
        user.setFirstSignInTime(new Timestamp(clock.instant().toEpochMilli()));
        try {
            return userDao.save(user);
        } catch (ObjectOptimisticLockingFailureException e) {
            log.log(Level.WARNING, "version conflict for user update", e);
            throw new ConflictException("Failed due to concurrent modification");
        }
    }
    // Free tier billing project setup is complete; nothing to do.
    if (BillingProjectStatus.READY.equals(user.getFreeTierBillingProjectStatus())) {
        return user;
    }
    // On subsequent sign-ins to the first, attempt to complete the setup of the FC billing project
    // and mark the Workbench's project setup as completed. FC project creation is asynchronous, so
    // first confirm whether Firecloud claims the project setup is complete.
    BillingProjectStatus status = null;
    try {
        status = fireCloudService.getBillingProjectMemberships().stream().filter(m -> user.getFreeTierBillingProjectName().equals(m.getProjectName())).map(m -> fcToWorkbenchBillingMap.get(m.getCreationStatus())).findFirst().orElse(BillingProjectStatus.NONE);
    } catch (ApiException e) {
        log.log(Level.WARNING, "failed to retrieve billing projects, continuing", e);
        return user;
    }
    switch(status) {
        case NONE:
        case PENDING:
            log.log(Level.INFO, "free tier project is still initializing, continuing");
            return user;
        case ERROR:
            log.log(Level.SEVERE, String.format("free tier project %s failed to be created", user.getFreeTierBillingProjectName()));
            user.setFreeTierBillingProjectStatus(status);
            return userDao.save(user);
        case READY:
            break;
        default:
            log.log(Level.SEVERE, String.format("unrecognized status '%s'", status));
            return user;
    }
    // notebooks.
    try {
        fireCloudService.grantGoogleRoleToUser(user.getFreeTierBillingProjectName(), FireCloudService.BIGQUERY_JOB_USER_GOOGLE_ROLE, user.getEmail());
    } catch (ApiException e) {
        log.log(Level.WARNING, "granting BigQuery role on created free tier billing project failed", e);
        // Allow the user to continue, as most workbench functionality will still be usable.
        return user;
    }
    log.log(Level.INFO, "free tier project initialized and BigQuery role granted");
    user.setFreeTierBillingProjectStatus(BillingProjectStatus.READY);
    return userDao.save(user);
}
Also used : Message(javax.mail.Message) ObjectOptimisticLockingFailureException(org.springframework.orm.ObjectOptimisticLockingFailureException) IdVerificationListResponse(org.pmiops.workbench.model.IdVerificationListResponse) Provider(javax.inject.Provider) MailChimpService(org.pmiops.workbench.mailchimp.MailChimpService) FireCloudService(org.pmiops.workbench.firecloud.FireCloudService) MessagingException(javax.mail.MessagingException) Autowired(org.springframework.beans.factory.annotation.Autowired) EmailException(org.pmiops.workbench.exceptions.EmailException) DirectoryService(org.pmiops.workbench.google.DirectoryService) Authority(org.pmiops.workbench.model.Authority) CreateAccountRequest(org.pmiops.workbench.model.CreateAccountRequest) Map(java.util.Map) CloudStorageService(org.pmiops.workbench.google.CloudStorageService) User(org.pmiops.workbench.db.model.User) Profile(org.pmiops.workbench.model.Profile) UserService(org.pmiops.workbench.db.dao.UserService) UserDao(org.pmiops.workbench.db.dao.UserDao) Transport(javax.mail.Transport) ImmutableMap(com.google.common.collect.ImmutableMap) Timestamp(java.sql.Timestamp) AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired) InvitationVerificationRequest(org.pmiops.workbench.model.InvitationVerificationRequest) ConflictException(org.pmiops.workbench.exceptions.ConflictException) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) List(java.util.List) Address(com.blockscore.models.Address) BillingProjectStatus(org.pmiops.workbench.model.BillingProjectStatus) WorkbenchEnvironment(org.pmiops.workbench.config.WorkbenchEnvironment) UnsupportedEncodingException(java.io.UnsupportedEncodingException) UserType(org.pmiops.workbench.auth.UserAuthentication.UserType) BillingProjectMembership(org.pmiops.workbench.model.BillingProjectMembership) UsernameTakenResponse(org.pmiops.workbench.model.UsernameTakenResponse) ApiException(org.pmiops.workbench.firecloud.ApiException) Function(java.util.function.Function) ArrayList(java.util.ArrayList) Level(java.util.logging.Level) InternetAddress(javax.mail.internet.InternetAddress) ProfileService(org.pmiops.workbench.auth.ProfileService) BadRequestException(org.pmiops.workbench.exceptions.BadRequestException) ExceptionUtils(org.pmiops.workbench.exceptions.ExceptionUtils) Properties(java.util.Properties) IdVerificationRequest(org.pmiops.workbench.model.IdVerificationRequest) IdVerificationReviewRequest(org.pmiops.workbench.model.IdVerificationReviewRequest) BlockscoreIdVerificationStatus(org.pmiops.workbench.model.BlockscoreIdVerificationStatus) IOException(java.io.IOException) MimeMessage(javax.mail.internet.MimeMessage) BlockscoreService(org.pmiops.workbench.blockscore.BlockscoreService) UserAuthentication(org.pmiops.workbench.auth.UserAuthentication) HttpStatus(org.springframework.http.HttpStatus) ServerErrorException(org.pmiops.workbench.exceptions.ServerErrorException) WorkbenchConfig(org.pmiops.workbench.config.WorkbenchConfig) Clock(java.time.Clock) Session(javax.mail.Session) EmailVerificationStatus(org.pmiops.workbench.model.EmailVerificationStatus) Person(com.blockscore.models.Person) ResponseEntity(org.springframework.http.ResponseEntity) CreationStatusEnum(org.pmiops.workbench.firecloud.model.BillingProjectMembership.CreationStatusEnum) BillingProjectStatus(org.pmiops.workbench.model.BillingProjectStatus) User(org.pmiops.workbench.db.model.User) ConflictException(org.pmiops.workbench.exceptions.ConflictException) UserAuthentication(org.pmiops.workbench.auth.UserAuthentication) Timestamp(java.sql.Timestamp) ObjectOptimisticLockingFailureException(org.springframework.orm.ObjectOptimisticLockingFailureException) ApiException(org.pmiops.workbench.firecloud.ApiException)

Example 14 with ApiException

use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.

the class WorkspacesController method cloneWorkspace.

@Override
public ResponseEntity<CloneWorkspaceResponse> cloneWorkspace(String workspaceNamespace, String workspaceId, CloneWorkspaceRequest body) {
    Workspace workspace = body.getWorkspace();
    if (Strings.isNullOrEmpty(workspace.getNamespace())) {
        throw new BadRequestException("missing required field 'workspace.namespace'");
    } else if (Strings.isNullOrEmpty(workspace.getName())) {
        throw new BadRequestException("missing required field 'workspace.name'");
    } else if (workspace.getResearchPurpose() == null) {
        throw new BadRequestException("missing required field 'workspace.researchPurpose'");
    }
    User user = userProvider.get();
    if (workspaceService.getByName(workspace.getNamespace(), workspace.getName()) != null) {
        throw new ConflictException(String.format("Workspace %s/%s already exists", workspace.getNamespace(), workspace.getName()));
    }
    // Retrieving the workspace is done first, which acts as an access check.
    String fromBucket = null;
    try {
        fromBucket = fireCloudService.getWorkspace(workspaceNamespace, workspaceId).getWorkspace().getBucketName();
    } catch (ApiException e) {
        if (e.getCode() == 404) {
            log.log(Level.INFO, "Firecloud workspace not found", e);
            throw new NotFoundException(String.format("workspace %s/%s not found or not accessible", workspaceNamespace, workspaceId));
        }
        log.log(Level.SEVERE, "Firecloud server error", e);
        throw new ServerErrorException();
    }
    org.pmiops.workbench.db.model.Workspace fromWorkspace = workspaceService.getRequiredWithCohorts(workspaceNamespace, workspaceId);
    if (fromWorkspace == null) {
        throw new NotFoundException(String.format("Workspace %s/%s not found", workspaceNamespace, workspaceId));
    }
    FirecloudWorkspaceId fcWorkspaceId = generateFirecloudWorkspaceId(workspace.getNamespace(), workspace.getName());
    fireCloudService.cloneWorkspace(workspaceNamespace, workspaceId, fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName());
    org.pmiops.workbench.firecloud.model.Workspace toFcWorkspace = null;
    try {
        toFcWorkspace = fireCloudService.getWorkspace(fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName()).getWorkspace();
    } catch (ApiException e) {
        log.log(Level.SEVERE, "Firecloud error retrieving newly cloned workspace", e);
        throw new ServerErrorException();
    }
    // feasibly copy within a single API request.
    for (Blob b : cloudStorageService.getBlobList(fromBucket, NOTEBOOKS_WORKSPACE_DIRECTORY)) {
        if (!NOTEBOOK_PATTERN.matcher(b.getName()).matches()) {
            continue;
        }
        if (b.getSize() != null && b.getSize() / 1e6 > MAX_NOTEBOOK_SIZE_MB) {
            throw new FailedPreconditionException(String.format("workspace %s/%s contains a notebook larger than %dMB: '%s'; cannot clone - please " + "remove this notebook, reduce its size, or contact the workspace owner", workspaceNamespace, workspaceId, MAX_NOTEBOOK_SIZE_MB, b.getName()));
        }
        cloudStorageService.copyBlob(b.getBlobId(), BlobId.of(toFcWorkspace.getBucketName(), b.getName()));
    }
    // The final step in the process is to clone the AoU representation of the
    // workspace. The implication here is that we may generate orphaned
    // Firecloud workspaces / buckets, but a user should not be able to see
    // half-way cloned workspaces via AoU - so it will just appear as a
    // transient failure.
    org.pmiops.workbench.db.model.Workspace toWorkspace = FROM_CLIENT_WORKSPACE.apply(body.getWorkspace());
    org.pmiops.workbench.db.model.Workspace dbWorkspace = new org.pmiops.workbench.db.model.Workspace();
    Timestamp now = new Timestamp(clock.instant().toEpochMilli());
    dbWorkspace.setFirecloudName(fcWorkspaceId.getWorkspaceName());
    dbWorkspace.setWorkspaceNamespace(fcWorkspaceId.getWorkspaceNamespace());
    dbWorkspace.setCreator(user);
    dbWorkspace.setCreationTime(now);
    dbWorkspace.setLastModifiedTime(now);
    dbWorkspace.setVersion(1);
    dbWorkspace.setName(toWorkspace.getName());
    ResearchPurpose researchPurpose = body.getWorkspace().getResearchPurpose();
    setResearchPurposeDetails(dbWorkspace, researchPurpose);
    if (researchPurpose.getReviewRequested()) {
        // Use a consistent timestamp.
        dbWorkspace.setTimeRequested(now);
    }
    dbWorkspace.setReviewRequested(researchPurpose.getReviewRequested());
    // Clone the previous description, by default.
    if (Strings.isNullOrEmpty(toWorkspace.getDescription())) {
        dbWorkspace.setDescription(fromWorkspace.getDescription());
    } else {
        dbWorkspace.setDescription(toWorkspace.getDescription());
    }
    dbWorkspace.setCdrVersion(fromWorkspace.getCdrVersion());
    dbWorkspace.setDataAccessLevel(fromWorkspace.getDataAccessLevel());
    writeWorkspaceConfigFile(toFcWorkspace, dbWorkspace.getCdrVersion());
    org.pmiops.workbench.db.model.WorkspaceUserRole permissions = new org.pmiops.workbench.db.model.WorkspaceUserRole();
    permissions.setRole(WorkspaceAccessLevel.OWNER);
    permissions.setWorkspace(dbWorkspace);
    permissions.setUser(user);
    dbWorkspace.addWorkspaceUserRole(permissions);
    dbWorkspace = workspaceService.saveAndCloneCohorts(fromWorkspace, dbWorkspace);
    CloneWorkspaceResponse resp = new CloneWorkspaceResponse();
    resp.setWorkspace(TO_SINGLE_CLIENT_WORKSPACE_FROM_FC_AND_DB.apply(dbWorkspace, toFcWorkspace));
    return ResponseEntity.ok(resp);
}
Also used : Blob(com.google.cloud.storage.Blob) User(org.pmiops.workbench.db.model.User) ConflictException(org.pmiops.workbench.exceptions.ConflictException) NotFoundException(org.pmiops.workbench.exceptions.NotFoundException) WorkspaceUserRole(org.pmiops.workbench.db.model.WorkspaceUserRole) Timestamp(java.sql.Timestamp) FirecloudWorkspaceId(org.pmiops.workbench.db.model.Workspace.FirecloudWorkspaceId) CloneWorkspaceResponse(org.pmiops.workbench.model.CloneWorkspaceResponse) FailedPreconditionException(org.pmiops.workbench.exceptions.FailedPreconditionException) BadRequestException(org.pmiops.workbench.exceptions.BadRequestException) ServerErrorException(org.pmiops.workbench.exceptions.ServerErrorException) WorkspaceUserRole(org.pmiops.workbench.db.model.WorkspaceUserRole) Workspace(org.pmiops.workbench.model.Workspace) ApiException(org.pmiops.workbench.firecloud.ApiException) ResearchPurpose(org.pmiops.workbench.model.ResearchPurpose)

Example 15 with ApiException

use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.

the class AuthDomainController method removeUserFromAuthDomain.

@Override
@AuthorityRequired({ Authority.MANAGE_GROUP })
public ResponseEntity<Void> removeUserFromAuthDomain(String groupName, AuthDomainRequest request) {
    User user = userDao.findUserByEmail(request.getEmail());
    DataAccessLevel previousAccess = user.getDataAccessLevel();
    try {
        fireCloudService.removeUserFromGroup(request.getEmail(), groupName);
    } catch (ApiException e) {
        ExceptionUtils.convertFirecloudException(e);
    }
    // TODO(calbach): Teardown any active clusters here.
    user.setDataAccessLevel(DataAccessLevel.REVOKED);
    user.setDisabled(true);
    userDao.save(user);
    userService.logAdminUserAction(user.getUserId(), "user access to  " + groupName + " domain", previousAccess, DataAccessLevel.REVOKED);
    return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
}
Also used : User(org.pmiops.workbench.db.model.User) DataAccessLevel(org.pmiops.workbench.model.DataAccessLevel) ApiException(org.pmiops.workbench.firecloud.ApiException) AuthorityRequired(org.pmiops.workbench.annotations.AuthorityRequired)

Aggregations

ApiException (org.pmiops.workbench.firecloud.ApiException)15 User (org.pmiops.workbench.db.model.User)8 Test (org.junit.Test)6 ServerErrorException (org.pmiops.workbench.exceptions.ServerErrorException)5 AuthorityRequired (org.pmiops.workbench.annotations.AuthorityRequired)4 WorkbenchConfig (org.pmiops.workbench.config.WorkbenchConfig)4 Profile (org.pmiops.workbench.model.Profile)4 DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)4 ArrayList (java.util.ArrayList)3 BadRequestException (org.pmiops.workbench.exceptions.BadRequestException)3 Userinfoplus (com.google.api.services.oauth2.model.Userinfoplus)2 ImmutableMap (com.google.common.collect.ImmutableMap)2 Timestamp (java.sql.Timestamp)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Function (java.util.function.Function)2 Level (java.util.logging.Level)2 Logger (java.util.logging.Logger)2 Collectors (java.util.stream.Collectors)2 Provider (javax.inject.Provider)2