Examples with AuditProjectAccessRequest org.pmiops.workbench.model.AuditProjectAccessRequest used on opensource projects

Search in sources :

Example 1 with AuditProjectAccessRequest

use of org.pmiops.workbench.model.AuditProjectAccessRequest in project workbench by all-of-us.

the class CloudTaskUserControllerTest method testBulkProjectAudit.

@Test
public void testBulkProjectAudit() throws Exception {
    doReturn(ImmutableList.of()).when(mockCloudResourceManagerService).getAllProjectsForUser(userA);
    doReturn(ImmutableList.of(new Project().setName("aou-rw-test-123").setParent(new ResourceId().setType("folder").setId("123")))).when(mockCloudResourceManagerService).getAllProjectsForUser(userB);
    controller.auditProjectAccess(new AuditProjectAccessRequest().addUserIdsItem(userA.getUserId()).addUserIdsItem(userB.getUserId()));
    verify(mockCloudResourceManagerService, times(2)).getAllProjectsForUser(any());
}
Also used : Project(com.google.api.services.cloudresourcemanager.model.Project) ResourceId(com.google.api.services.cloudresourcemanager.model.ResourceId) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest) DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest) Test(org.junit.jupiter.api.Test)

Example 2 with AuditProjectAccessRequest

use of org.pmiops.workbench.model.AuditProjectAccessRequest in project workbench by all-of-us.

the class CloudTaskUserController method auditProjectAccess.

@Override
public ResponseEntity<Void> auditProjectAccess(AuditProjectAccessRequest request) {
    int errorCount = 0;
    for (long userId : request.getUserIds()) {
        DbUser user = userDao.findUserByUserId(userId);
        // TODO(RW-2062): Move to using the gcloud api for list all resources when it is available.
        try {
            List<String> unauthorizedLogs = cloudResourceManagerService.getAllProjectsForUser(user).stream().filter(project -> project.getParent() == null || !(ALLOWED_PARENT_IDS.contains(project.getParent().getId()))).map(project -> String.format("%s in %s %s", project.getName(), Optional.ofNullable(project.getParent()).map(ResourceId::getType).orElse("[type unknown]"), Optional.ofNullable(project.getParent()).map(ResourceId::getId).orElse("[id unknown]"))).collect(Collectors.toList());
            if (unauthorizedLogs.size() > 0) {
                log.warning("User " + user.getUsername() + " has access to projects: " + String.join(", ", unauthorizedLogs));
            }
        } catch (IOException e) {
            log.log(Level.SEVERE, "failed to audit project access for user " + user.getUsername(), e);
            errorCount++;
        }
    }
    if (errorCount > 0) {
        log.severe(String.format("encountered errors on %d/%d users", errorCount, request.getUserIds().size()));
        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
    }
    log.info(String.format("successfully audited %d users", request.getUserIds().size()));
    return ResponseEntity.noContent().build();
}
Also used : UserService(org.pmiops.workbench.db.dao.UserService) CloudResourceManagerService(org.pmiops.workbench.google.CloudResourceManagerService) UserDao(org.pmiops.workbench.db.dao.UserDao) ImmutableSet(com.google.common.collect.ImmutableSet) WorkbenchException(org.pmiops.workbench.exceptions.WorkbenchException) Agent(org.pmiops.workbench.actionaudit.Agent) SynchronizeUserAccessRequest(org.pmiops.workbench.model.SynchronizeUserAccessRequest) AccessModuleStatus(org.pmiops.workbench.model.AccessModuleStatus) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest) Set(java.util.Set) IOException(java.io.IOException) DbAccessModuleName(org.pmiops.workbench.db.model.DbAccessModule.DbAccessModuleName) Logger(java.util.logging.Logger) Collectors(java.util.stream.Collectors) RestController(org.springframework.web.bind.annotation.RestController) Level(java.util.logging.Level) AccessModuleService(org.pmiops.workbench.access.AccessModuleService) HttpStatus(org.springframework.http.HttpStatus) List(java.util.List) ResourceId(com.google.api.services.cloudresourcemanager.model.ResourceId) Optional(java.util.Optional) ResponseEntity(org.springframework.http.ResponseEntity) DbUser(org.pmiops.workbench.db.model.DbUser) ResourceId(com.google.api.services.cloudresourcemanager.model.ResourceId) IOException(java.io.IOException) DbUser(org.pmiops.workbench.db.model.DbUser)

Example 3 with AuditProjectAccessRequest

use of org.pmiops.workbench.model.AuditProjectAccessRequest in project workbench by all-of-us.

the class TaskQueueService method groupAndPushAuditProjectsTasks.

public void groupAndPushAuditProjectsTasks(List<Long> userIds) {
    WorkbenchConfig workbenchConfig = workbenchConfigProvider.get();
    List<List<Long>> groups = CloudTasksUtils.partitionList(userIds, workbenchConfig.offlineBatch.usersPerAuditTask);
    for (List<Long> group : groups) {
        createAndPushTask(AUDIT_PROJECTS_QUEUE_NAME, AUDIT_PROJECTS_PATH, new AuditProjectAccessRequest().userIds(group));
    }
}
Also used : WorkbenchConfig(org.pmiops.workbench.config.WorkbenchConfig) ArrayList(java.util.ArrayList) List(java.util.List) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest)

Example 4 with AuditProjectAccessRequest

use of org.pmiops.workbench.model.AuditProjectAccessRequest in project workbench by all-of-us.

the class OfflineUserControllerTest method testBulkAuditProjectAccess.

@Test
public void testBulkAuditProjectAccess() {
    offlineUserController.bulkAuditProjectAccess();
    // Batch size is 2, so we expect 2 groups.
    List<AuditProjectAccessRequest> expectedRequests = ImmutableList.of(new AuditProjectAccessRequest().userIds(ImmutableList.of(1L, 2L)), new AuditProjectAccessRequest().userIds(ImmutableList.of(3L, 4L)));
    for (AuditProjectAccessRequest expected : expectedRequests) {
        verify(mockCloudTasksClient).createTask(matches(Pattern.compile(".*/auditProjectQueue$")), argThat(taskRequest -> expected.equals(cloudTaskToAuditProjectAccessRequest(taskRequest))));
    }
    verifyNoMoreInteractions(mockCloudTasksClient);
}
Also used : ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) TaskQueueService(org.pmiops.workbench.cloudtasks.TaskQueueService) DirtiesContext(org.springframework.test.annotation.DirtiesContext) BeforeEach(org.junit.jupiter.api.BeforeEach) Arrays(java.util.Arrays) ArgumentMatchers.argThat(org.mockito.ArgumentMatchers.argThat) SynchronizeUserAccessRequest(org.pmiops.workbench.model.SynchronizeUserAccessRequest) Autowired(org.springframework.beans.factory.annotation.Autowired) CloudTasksClient(com.google.cloud.tasks.v2.CloudTasksClient) Task(com.google.cloud.tasks.v2.Task) Scope(org.springframework.context.annotation.Scope) DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest) TestConfiguration(org.springframework.boot.test.context.TestConfiguration) ImmutableList(com.google.common.collect.ImmutableList) Mockito.verifyNoMoreInteractions(org.mockito.Mockito.verifyNoMoreInteractions) Gson(com.google.gson.Gson) MockBean(org.springframework.boot.test.mock.mockito.MockBean) UserService(org.pmiops.workbench.db.dao.UserService) Timestamp(java.sql.Timestamp) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest) Import(org.springframework.context.annotation.Import) Mockito.when(org.mockito.Mockito.when) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) Mockito.verify(org.mockito.Mockito.verify) Test(org.junit.jupiter.api.Test) List(java.util.List) WorkbenchConfig(org.pmiops.workbench.config.WorkbenchConfig) ArgumentMatchers.matches(org.mockito.ArgumentMatchers.matches) WorkbenchLocationConfigService(org.pmiops.workbench.config.WorkbenchLocationConfigService) FakeClockConfiguration(org.pmiops.workbench.FakeClockConfiguration) Pattern(java.util.regex.Pattern) DbUser(org.pmiops.workbench.db.model.DbUser) Bean(org.springframework.context.annotation.Bean) ConfigurableBeanFactory(org.springframework.beans.factory.config.ConfigurableBeanFactory) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest) DataJpaTest(org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest) Test(org.junit.jupiter.api.Test)

Example 5 with AuditProjectAccessRequest

use of org.pmiops.workbench.model.AuditProjectAccessRequest in project workbench by all-of-us.

the class TaskQueueService method groupAndPushSynchronizeAccessTasks.

public List<String> groupAndPushSynchronizeAccessTasks(List<Long> userIds) {
    WorkbenchConfig workbenchConfig = workbenchConfigProvider.get();
    List<List<Long>> groups = CloudTasksUtils.partitionList(userIds, workbenchConfig.offlineBatch.usersPerSynchronizeAccessTask);
    List<String> tasknames = new ArrayList<>();
    for (List<Long> group : groups) {
        tasknames.add(createAndPushTask(SYNCHRONIZE_ACCESS_QUEUE_NAME, SYNCHRONIZE_ACCESS_PATH, new AuditProjectAccessRequest().userIds(group)));
    }
    return tasknames;
}
Also used : WorkbenchConfig(org.pmiops.workbench.config.WorkbenchConfig) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) ByteString(com.google.protobuf.ByteString) AuditProjectAccessRequest(org.pmiops.workbench.model.AuditProjectAccessRequest)

Aggregations

AuditProjectAccessRequest (org.pmiops.workbench.model.AuditProjectAccessRequest)5 List (java.util.List)4 WorkbenchConfig (org.pmiops.workbench.config.WorkbenchConfig)3 ResourceId (com.google.api.services.cloudresourcemanager.model.ResourceId)2 ArrayList (java.util.ArrayList)2 Collectors (java.util.stream.Collectors)2 Test (org.junit.jupiter.api.Test)2 UserService (org.pmiops.workbench.db.dao.UserService)2 DbUser (org.pmiops.workbench.db.model.DbUser)2 SynchronizeUserAccessRequest (org.pmiops.workbench.model.SynchronizeUserAccessRequest)2 DataJpaTest (org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest)2 Project (com.google.api.services.cloudresourcemanager.model.Project)1 CloudTasksClient (com.google.cloud.tasks.v2.CloudTasksClient)1 Task (com.google.cloud.tasks.v2.Task)1 ImmutableList (com.google.common.collect.ImmutableList)1 ImmutableSet (com.google.common.collect.ImmutableSet)1 Gson (com.google.gson.Gson)1 ByteString (com.google.protobuf.ByteString)1 IOException (java.io.IOException)1 Timestamp (java.sql.Timestamp)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial