From a209d3e5543dc6d6717836f1c1b0217d906d7788 Mon Sep 17 00:00:00 2001 From: Jonathon Saunders Date: Tue, 28 Jan 2025 08:54:41 -0800 Subject: [PATCH] Address pr comments --- .../leonardo/app/CromwellAppInstall.scala | 16 +++++++++-- .../app/CromwellRunnerAppInstall.scala | 10 ++++++- .../leonardo/app/WdsAppInstall.scala | 10 ++++++- .../leonardo/app/WorkflowsAppInstall.scala | 10 ++++++- .../http/service/LeoAppServiceInterp.scala | 1 + .../leonardo/monitor/LeoMetricsMonitor.scala | 21 +++++++++++---- .../leonardo/monitor/MonitorAtBoot.scala | 27 ++++++++++++++++--- 7 files changed, 81 insertions(+), 14 deletions(-) diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellAppInstall.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellAppInstall.scala index 17adb9f5bb..1b3f136165 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellAppInstall.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellAppInstall.scala @@ -8,7 +8,11 @@ import org.broadinstitute.dsde.workbench.leonardo.app.AppInstall.getAzureDatabas import org.broadinstitute.dsde.workbench.leonardo.{AppContext, WsmControlledDatabaseResource} import org.broadinstitute.dsde.workbench.leonardo.app.Database.ControlledDatabase import org.broadinstitute.dsde.workbench.leonardo.auth.SamAuthProvider -import org.broadinstitute.dsde.workbench.leonardo.config.{AzureEnvironmentConverter, CoaAppConfig} +import org.broadinstitute.dsde.workbench.leonardo.config.{ + AzureEnvironmentConverter, + AzureHostingModeConfig, + CoaAppConfig +} import org.broadinstitute.dsde.workbench.leonardo.dao._ import org.broadinstitute.dsde.workbench.leonardo.http._ import org.broadinstitute.dsde.workbench.leonardo.util.AppCreationException @@ -71,7 +75,15 @@ class CromwellAppInstall[F[_]](config: CoaAppConfig, // Get the pet userToken tokenOpt <- samDao.getCachedArbitraryPetAccessToken(params.app.auditInfo.creator) - userToken <- F.pure(tokenOpt.getOrElse("")) // Empty token when running on Azure. + userToken <- ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + F.fromOption( + tokenOpt, + AppCreationException(s"Pet not found for user ${params.app.auditInfo.creator}", Some(ctx.traceId)) + ) + case true => + F.pure("") // No pet user token in Azure. + } values = List( // azure resources configs diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellRunnerAppInstall.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellRunnerAppInstall.scala index f6890e3103..4d711e4c20 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellRunnerAppInstall.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/CromwellRunnerAppInstall.scala @@ -96,7 +96,15 @@ class CromwellRunnerAppInstall[F[_]](config: CromwellRunnerAppConfig, // Get the pet userToken tokenOpt <- samDao.getCachedArbitraryPetAccessToken(params.app.auditInfo.creator) - userToken <- F.pure(tokenOpt.getOrElse("")) // Empty token when running on Azure. + userToken <- ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + F.fromOption( + tokenOpt, + AppCreationException(s"Pet not found for user ${params.app.auditInfo.creator}", Some(ctx.traceId)) + ) + case true => + F.pure("") // No pet user token in Azure. + } values = List( // azure resources configs diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WdsAppInstall.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WdsAppInstall.scala index c6506da3e6..c7ddb183cd 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WdsAppInstall.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WdsAppInstall.scala @@ -62,7 +62,15 @@ class WdsAppInstall[F[_]](config: WdsAppConfig, // Get the pet userToken tokenOpt <- samDao.getCachedArbitraryPetAccessToken(params.app.auditInfo.creator) - userToken <- F.pure(tokenOpt.getOrElse("")) // Empty token when running on Azure. + userToken <- ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + F.fromOption( + tokenOpt, + AppCreationException(s"Pet not found for user ${params.app.auditInfo.creator}", Some(ctx.traceId)) + ) + case true => + F.pure("") // No pet user token in Azure. + } valuesList = List( diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WorkflowsAppInstall.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WorkflowsAppInstall.scala index 259e946a50..abaf0cf897 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WorkflowsAppInstall.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/app/WorkflowsAppInstall.scala @@ -69,7 +69,15 @@ class WorkflowsAppInstall[F[_]](config: WorkflowsAppConfig, // Get the pet userToken tokenOpt <- samDao.getCachedArbitraryPetAccessToken(params.app.auditInfo.creator) - userToken <- F.pure(tokenOpt.getOrElse("")) // Empty token when running on Azure. + userToken <- ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + F.fromOption( + tokenOpt, + AppCreationException(s"Pet not found for user ${params.app.auditInfo.creator}", Some(ctx.traceId)) + ) + case true => + F.pure("") // No pet user token in Azure. + } values = List( diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/http/service/LeoAppServiceInterp.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/http/service/LeoAppServiceInterp.scala index 0bd913242e..a40d3b5d05 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/http/service/LeoAppServiceInterp.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/http/service/LeoAppServiceInterp.scala @@ -163,6 +163,7 @@ final class LeoAppServiceInterp[F[_]: Parallel](config: AppServiceConfig, // Retrieve parent workspaceId for the google project parentWorkspaceId <- samService.lookupWorkspaceParentForGoogleProject(userInfo.accessToken.token, googleProject) + // Leo email used to give permissions when running in Azure. leoToken <- authProvider.getLeoAuthToken leoEmail <- samService.getUserEmail(leoToken) notifySamAndCreate = for { diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/LeoMetricsMonitor.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/LeoMetricsMonitor.scala index 08bc4e4887..d98e069d30 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/LeoMetricsMonitor.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/LeoMetricsMonitor.scala @@ -167,11 +167,22 @@ class LeoMetricsMonitor[F[_]](config: LeoMetricsMonitorConfig, appDAO.isProxyAvailable(project, app.appName, serviceName, ctx.traceId) case CloudContext.Azure(_) => for { - tokenOpt <- samDAO.getCachedArbitraryPetAccessToken(app.auditInfo.creator) - token <- F.fromOption( - tokenOpt, - AppCreationException(s"Pet not found for user ${app.auditInfo.creator}", Some(ctx.traceId)) - ) + token <- ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + for { + tokenOpt <- samDAO.getCachedArbitraryPetAccessToken(app.auditInfo.creator) + token <- F.fromOption( + tokenOpt, + AppCreationException(s"Pet not found for user ${app.auditInfo.creator}", Some(ctx.traceId)) + ) + } yield token + case true => + for { + leoAuth <- samDAO.getLeoAuthToken + token = leoAuth.credentials.toString().split(" ")(1) + } yield token + } + authHeader = Authorization(Credentials.Token(AuthScheme.Bearer, token)) relayPath = Uri .unsafeFromString(baseUri.asString) / s"${app.appName.value}-${app.workspaceId.map(_.value.toString).getOrElse("")}" diff --git a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/MonitorAtBoot.scala b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/MonitorAtBoot.scala index 1d9cc53baa..e93bb788ab 100644 --- a/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/MonitorAtBoot.scala +++ b/http/src/main/scala/org/broadinstitute/dsde/workbench/leonardo/monitor/MonitorAtBoot.scala @@ -18,6 +18,7 @@ import org.broadinstitute.dsde.workbench.leonardo.monitor.LeoPubsubMessage.{ DeleteAppMessage, DeleteAppV2Message } +import org.broadinstitute.dsde.workbench.leonardo.util.AppCreationException import org.broadinstitute.dsde.workbench.model.{TraceId, WorkbenchEmail} import org.broadinstitute.dsde.workbench.openTelemetry.OpenTelemetryMetrics import org.typelevel.log4cats.Logger @@ -222,8 +223,7 @@ class MonitorAtBoot[F[_]](publisherQueue: Queue[F, LeoPubsubMessage], appContext.traceId ) ) - leoAuth <- samDAO.getLeoAuthToken - token = leoAuth.credentials.toString().split(" ")(1) + token <- getAuthToken(app.auditInfo.creator) workspaceDescOpt <- wsmClientProvider.getWorkspace( token, workspaceId @@ -266,8 +266,7 @@ class MonitorAtBoot[F[_]](publisherQueue: Queue[F, LeoPubsubMessage], appContext.traceId ) ) - leoAuth <- samDAO.getLeoAuthToken - token = leoAuth.credentials.toString().split(" ")(1) + token <- getAuthToken(app.auditInfo.creator) workspaceDescOpt <- wsmClientProvider.getWorkspace( token, workspaceId @@ -443,6 +442,26 @@ class MonitorAtBoot[F[_]](publisherQueue: Queue[F, LeoPubsubMessage], ) case x => F.raiseError(MonitorAtBootException(s"Unexpected status for runtime ${runtime.id}: ${x}", traceId)) } + + private def getAuthToken(creator: WorkbenchEmail)(implicit + ev: Ask[F, TraceId] + ): F[String] = + ConfigReader.appConfig.azure.hostingModeConfig.enabled match { + case false => + for { + traceId <- ev.ask + tokenOpt <- samDAO.getCachedArbitraryPetAccessToken(creator) + token <- F.fromOption( + tokenOpt, + MonitorAtBootException(s"Pet not found for user ${creator}", traceId) + ) + } yield token + case true => + for { + leoAuth <- samDAO.getLeoAuthToken + token = leoAuth.credentials.toString().split(" ")(1) + } yield token + } } final case class RuntimeToMonitor(