Skip to content

Commit

Permalink
Merge pull request #878 from isb-cgc/isb-cgc-prod-sp
Browse files Browse the repository at this point in the history
Sprint 35
  • Loading branch information
s-paquette authored Jul 18, 2019
2 parents f62d452 + 7b0da2e commit a0bdc01
Show file tree
Hide file tree
Showing 8 changed files with 347 additions and 140 deletions.
33 changes: 31 additions & 2 deletions accounts/dcf_support.py
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
DCF_GOOGLE_SA_VERIFY_URL = settings.DCF_GOOGLE_SA_VERIFY_URL
DCF_GOOGLE_SA_MONITOR_URL = settings.DCF_GOOGLE_SA_MONITOR_URL
DCF_GOOGLE_SA_URL = settings.DCF_GOOGLE_SA_URL
DCF_URL_URL = settings.DCF_URL_URL

class DCFCommFailure(Exception):
"""Thrown if we have problems communicating with DCF """
Expand Down Expand Up @@ -682,6 +683,34 @@ def _write_dataset_summary(dataset_info, dataset_id, phs_map):
return is_ok, combo_msg


def get_signed_url_from_dcf(user_id, file_uuid):
"""
:raise TokenFailure:
:raise InternalTokenError:
:raise DCFCommFailure:
:raise RefreshTokenExpired:
"""
#
# Get a signed URL for a file ID.
#

try:
resp = _dcf_call('{}/{}'.format(DCF_URL_URL, file_uuid), user_id)
except (TokenFailure, InternalTokenError, RefreshTokenExpired, DCFCommFailure) as e:
logger.error("[ERROR] Attempt to contact DCF for signed URL failed (user {})".format(user_id))
raise e
except Exception as e:
logger.error("[ERROR] Attempt to contact DCF for signed URL failed (user {})".format(user_id))
raise e

result = {
'uri': resp.text,
'code': resp.status_code
}

return result


def verify_sa_at_dcf(user_id, gcp_id, service_account_id, datasets, phs_map, sa_in_use):
"""
:raise TokenFailure:
Expand Down Expand Up @@ -712,7 +741,7 @@ def verify_sa_at_dcf(user_id, gcp_id, service_account_id, datasets, phs_map, sa_
try:
# DCF requires this to be in the header. OAuth2 library glues this onto the auth header stuff:
headers = {'Content-Type': 'application/json'}

logger.info("[INFO] DCF verification request: {} {}".format(json_dumps(sa_data), service_account_id))
resp = _dcf_call(full_url, user_id, mode=use_mode, post_body=json_dumps(sa_data), headers=headers)
except (TokenFailure, InternalTokenError, RefreshTokenExpired, DCFCommFailure) as e:
logger.error("[ERROR] Attempt to contact DCF for SA verification failed (user {})".format(user_id))
Expand Down Expand Up @@ -1147,7 +1176,7 @@ def refresh_at_dcf(user_id):
resp = None

#
# Call DCF to drop the linkage. Note that this will immediately remove them from controlled access.
# Call DCF to refresh the linkage.
#

try:
Expand Down
2 changes: 1 addition & 1 deletion accounts/dcf_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ def oauth2_login(request):

# Found that 'user' scope had to be included to be able to do the user query on callback, and the data scope
# to do data queries. Starting to recognize a pattern here...
oauth = OAuth2Session(client_id, redirect_uri=full_callback, scope=['openid', 'user', 'google_service_account', 'google_link'])
oauth = OAuth2Session(client_id, redirect_uri=full_callback, scope=['openid', 'user', 'data', 'google_service_account', 'google_link'])
authorization_url, state = oauth.authorization_url(DCF_AUTH_URL)

# stash the state string in the session!
Expand Down
21 changes: 21 additions & 0 deletions accounts/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,3 +296,24 @@ def unreg_gcp(user, gcp_id):
status=500

return response, status


def get_user_gcps(user, gcp_id=None):
gcps = []
gcp_list = None

try:
if gcp_id:
gcp_list = GoogleProject.objects.filter(user=user, active=1)
else:
gcp_list = GoogleProject.objects.filter(user=user, active=1, project_id=gcp_id)

for gcp in gcp_list:
gcps.append({'gcp_id': gcp.project_id, 'gcp_name': gcp.project_name, 'users': [x.email for x in gcp.users_set.all()]})

except Exception as e:
logger.error("[ERROR] While fetching the GCP project list for user {}:")
logger.exception(e)

return gcps

Loading

0 comments on commit a0bdc01

Please sign in to comment.