use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class ProfileControllerTest method testMe_userBeforeSuccessCloudProjectConflict.
@Test
public void testMe_userBeforeSuccessCloudProjectConflict() throws Exception {
createUser();
when(fireCloudService.isRequesterEnabledInFirecloud()).thenReturn(true);
String projectName = BILLING_PROJECT_PREFIX + user.getUserId();
doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName);
doThrow(new ApiException(HttpStatus.CONFLICT.value(), "conflict")).when(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
Profile profile = cloudProfileController.getMe().getBody();
// When a conflict occurs in dev, log the exception but continue.
assertProfile(profile, PRIMARY_EMAIL, CONTACT_EMAIL, FAMILY_NAME, GIVEN_NAME, DataAccessLevel.UNREGISTERED, TIMESTAMP, projectName + "-2", true);
verify(fireCloudService).registerUser(CONTACT_EMAIL, GIVEN_NAME, FAMILY_NAME);
verify(fireCloudService).createAllOfUsBillingProject(projectName);
verify(fireCloudService).createAllOfUsBillingProject(projectName + "-1");
verify(fireCloudService).createAllOfUsBillingProject(projectName + "-2");
verify(fireCloudService).addUserToBillingProject(PRIMARY_EMAIL, projectName + "-2");
}
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class AuthInterceptorTest method preHandleGet_firecloudLookupFails.
@Test
public void preHandleGet_firecloudLookupFails() throws Exception {
when(handler.getMethod()).thenReturn(getProfileApiMethod("getBillingProjects"));
when(request.getMethod()).thenReturn(HttpMethods.GET);
when(request.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("Bearer foo");
Userinfoplus userInfo = new Userinfoplus();
userInfo.setEmail("bob@bad-domain.org");
when(userInfoService.getUserInfo("foo")).thenReturn(userInfo);
when(fireCloudService.getMe()).thenThrow(new ApiException(HttpServletResponse.SC_NOT_FOUND, "blah"));
assertThat(interceptor.preHandle(request, response, handler)).isFalse();
verify(response).sendError(HttpServletResponse.SC_NOT_FOUND);
}
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class ProfileController method initializeUserIfNeeded.
private User initializeUserIfNeeded() {
UserAuthentication userAuthentication = userAuthenticationProvider.get();
User user = userAuthentication.getUser();
if (userAuthentication.getUserType() == UserType.SERVICE_ACCOUNT) {
// Service accounts don't need further initialization.
return user;
}
// On first sign-in, create a FC user, billing project, and set the first sign in time.
if (user.getFirstSignInTime() == null) {
// instead use the freeTierBillingProjectStatus.
if (user.getFreeTierBillingProjectName() == null) {
String billingProjectName = createFirecloudUserAndBillingProject(user);
user.setFreeTierBillingProjectName(billingProjectName);
user.setFreeTierBillingProjectStatus(BillingProjectStatus.PENDING);
}
user.setFirstSignInTime(new Timestamp(clock.instant().toEpochMilli()));
try {
return userDao.save(user);
} catch (ObjectOptimisticLockingFailureException e) {
log.log(Level.WARNING, "version conflict for user update", e);
throw new ConflictException("Failed due to concurrent modification");
}
}
// Free tier billing project setup is complete; nothing to do.
if (BillingProjectStatus.READY.equals(user.getFreeTierBillingProjectStatus())) {
return user;
}
// On subsequent sign-ins to the first, attempt to complete the setup of the FC billing project
// and mark the Workbench's project setup as completed. FC project creation is asynchronous, so
// first confirm whether Firecloud claims the project setup is complete.
BillingProjectStatus status = null;
try {
status = fireCloudService.getBillingProjectMemberships().stream().filter(m -> user.getFreeTierBillingProjectName().equals(m.getProjectName())).map(m -> fcToWorkbenchBillingMap.get(m.getCreationStatus())).findFirst().orElse(BillingProjectStatus.NONE);
} catch (ApiException e) {
log.log(Level.WARNING, "failed to retrieve billing projects, continuing", e);
return user;
}
switch(status) {
case NONE:
case PENDING:
log.log(Level.INFO, "free tier project is still initializing, continuing");
return user;
case ERROR:
log.log(Level.SEVERE, String.format("free tier project %s failed to be created", user.getFreeTierBillingProjectName()));
user.setFreeTierBillingProjectStatus(status);
return userDao.save(user);
case READY:
break;
default:
log.log(Level.SEVERE, String.format("unrecognized status '%s'", status));
return user;
}
// notebooks.
try {
fireCloudService.grantGoogleRoleToUser(user.getFreeTierBillingProjectName(), FireCloudService.BIGQUERY_JOB_USER_GOOGLE_ROLE, user.getEmail());
} catch (ApiException e) {
log.log(Level.WARNING, "granting BigQuery role on created free tier billing project failed", e);
// Allow the user to continue, as most workbench functionality will still be usable.
return user;
}
log.log(Level.INFO, "free tier project initialized and BigQuery role granted");
user.setFreeTierBillingProjectStatus(BillingProjectStatus.READY);
return userDao.save(user);
}
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class WorkspacesController method cloneWorkspace.
@Override
public ResponseEntity<CloneWorkspaceResponse> cloneWorkspace(String workspaceNamespace, String workspaceId, CloneWorkspaceRequest body) {
Workspace workspace = body.getWorkspace();
if (Strings.isNullOrEmpty(workspace.getNamespace())) {
throw new BadRequestException("missing required field 'workspace.namespace'");
} else if (Strings.isNullOrEmpty(workspace.getName())) {
throw new BadRequestException("missing required field 'workspace.name'");
} else if (workspace.getResearchPurpose() == null) {
throw new BadRequestException("missing required field 'workspace.researchPurpose'");
}
User user = userProvider.get();
if (workspaceService.getByName(workspace.getNamespace(), workspace.getName()) != null) {
throw new ConflictException(String.format("Workspace %s/%s already exists", workspace.getNamespace(), workspace.getName()));
}
// Retrieving the workspace is done first, which acts as an access check.
String fromBucket = null;
try {
fromBucket = fireCloudService.getWorkspace(workspaceNamespace, workspaceId).getWorkspace().getBucketName();
} catch (ApiException e) {
if (e.getCode() == 404) {
log.log(Level.INFO, "Firecloud workspace not found", e);
throw new NotFoundException(String.format("workspace %s/%s not found or not accessible", workspaceNamespace, workspaceId));
}
log.log(Level.SEVERE, "Firecloud server error", e);
throw new ServerErrorException();
}
org.pmiops.workbench.db.model.Workspace fromWorkspace = workspaceService.getRequiredWithCohorts(workspaceNamespace, workspaceId);
if (fromWorkspace == null) {
throw new NotFoundException(String.format("Workspace %s/%s not found", workspaceNamespace, workspaceId));
}
FirecloudWorkspaceId fcWorkspaceId = generateFirecloudWorkspaceId(workspace.getNamespace(), workspace.getName());
fireCloudService.cloneWorkspace(workspaceNamespace, workspaceId, fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName());
org.pmiops.workbench.firecloud.model.Workspace toFcWorkspace = null;
try {
toFcWorkspace = fireCloudService.getWorkspace(fcWorkspaceId.getWorkspaceNamespace(), fcWorkspaceId.getWorkspaceName()).getWorkspace();
} catch (ApiException e) {
log.log(Level.SEVERE, "Firecloud error retrieving newly cloned workspace", e);
throw new ServerErrorException();
}
// feasibly copy within a single API request.
for (Blob b : cloudStorageService.getBlobList(fromBucket, NOTEBOOKS_WORKSPACE_DIRECTORY)) {
if (!NOTEBOOK_PATTERN.matcher(b.getName()).matches()) {
continue;
}
if (b.getSize() != null && b.getSize() / 1e6 > MAX_NOTEBOOK_SIZE_MB) {
throw new FailedPreconditionException(String.format("workspace %s/%s contains a notebook larger than %dMB: '%s'; cannot clone - please " + "remove this notebook, reduce its size, or contact the workspace owner", workspaceNamespace, workspaceId, MAX_NOTEBOOK_SIZE_MB, b.getName()));
}
cloudStorageService.copyBlob(b.getBlobId(), BlobId.of(toFcWorkspace.getBucketName(), b.getName()));
}
// The final step in the process is to clone the AoU representation of the
// workspace. The implication here is that we may generate orphaned
// Firecloud workspaces / buckets, but a user should not be able to see
// half-way cloned workspaces via AoU - so it will just appear as a
// transient failure.
org.pmiops.workbench.db.model.Workspace toWorkspace = FROM_CLIENT_WORKSPACE.apply(body.getWorkspace());
org.pmiops.workbench.db.model.Workspace dbWorkspace = new org.pmiops.workbench.db.model.Workspace();
Timestamp now = new Timestamp(clock.instant().toEpochMilli());
dbWorkspace.setFirecloudName(fcWorkspaceId.getWorkspaceName());
dbWorkspace.setWorkspaceNamespace(fcWorkspaceId.getWorkspaceNamespace());
dbWorkspace.setCreator(user);
dbWorkspace.setCreationTime(now);
dbWorkspace.setLastModifiedTime(now);
dbWorkspace.setVersion(1);
dbWorkspace.setName(toWorkspace.getName());
ResearchPurpose researchPurpose = body.getWorkspace().getResearchPurpose();
setResearchPurposeDetails(dbWorkspace, researchPurpose);
if (researchPurpose.getReviewRequested()) {
// Use a consistent timestamp.
dbWorkspace.setTimeRequested(now);
}
dbWorkspace.setReviewRequested(researchPurpose.getReviewRequested());
// Clone the previous description, by default.
if (Strings.isNullOrEmpty(toWorkspace.getDescription())) {
dbWorkspace.setDescription(fromWorkspace.getDescription());
} else {
dbWorkspace.setDescription(toWorkspace.getDescription());
}
dbWorkspace.setCdrVersion(fromWorkspace.getCdrVersion());
dbWorkspace.setDataAccessLevel(fromWorkspace.getDataAccessLevel());
writeWorkspaceConfigFile(toFcWorkspace, dbWorkspace.getCdrVersion());
org.pmiops.workbench.db.model.WorkspaceUserRole permissions = new org.pmiops.workbench.db.model.WorkspaceUserRole();
permissions.setRole(WorkspaceAccessLevel.OWNER);
permissions.setWorkspace(dbWorkspace);
permissions.setUser(user);
dbWorkspace.addWorkspaceUserRole(permissions);
dbWorkspace = workspaceService.saveAndCloneCohorts(fromWorkspace, dbWorkspace);
CloneWorkspaceResponse resp = new CloneWorkspaceResponse();
resp.setWorkspace(TO_SINGLE_CLIENT_WORKSPACE_FROM_FC_AND_DB.apply(dbWorkspace, toFcWorkspace));
return ResponseEntity.ok(resp);
}
use of org.pmiops.workbench.firecloud.ApiException in project workbench by all-of-us.
the class AuthDomainController method removeUserFromAuthDomain.
@Override
@AuthorityRequired({ Authority.MANAGE_GROUP })
public ResponseEntity<Void> removeUserFromAuthDomain(String groupName, AuthDomainRequest request) {
User user = userDao.findUserByEmail(request.getEmail());
DataAccessLevel previousAccess = user.getDataAccessLevel();
try {
fireCloudService.removeUserFromGroup(request.getEmail(), groupName);
} catch (ApiException e) {
ExceptionUtils.convertFirecloudException(e);
}
// TODO(calbach): Teardown any active clusters here.
user.setDataAccessLevel(DataAccessLevel.REVOKED);
user.setDisabled(true);
userDao.save(user);
userService.logAdminUserAction(user.getUserId(), "user access to " + groupName + " domain", previousAccess, DataAccessLevel.REVOKED);
return ResponseEntity.status(HttpStatus.NO_CONTENT).build();
}
Aggregations