diff --git a/backend/dataall/core/environment/api/queries.py b/backend/dataall/core/environment/api/queries.py
index b963c0272..a1bd9bc57 100644
--- a/backend/dataall/core/environment/api/queries.py
+++ b/backend/dataall/core/environment/api/queries.py
@@ -21,9 +21,14 @@
list_environments,
list_groups,
list_valid_environments,
+ get_consumption_role_policies,
+)
+from dataall.core.environment.api.types import (
+ Environment,
+ EnvironmentSearchResult,
+ EnvironmentSimplifiedSearchResult,
+ RoleManagedPolicy,
)
-from dataall.core.environment.api.types import Environment, EnvironmentSearchResult, EnvironmentSimplifiedSearchResult
-
getTrustAccount = gql.QueryField(
name='getTrustAccount',
@@ -204,3 +209,14 @@
resolver=get_pivot_role_name,
test_scope='Environment',
)
+
+getConsumptionRolePolicies = gql.QueryField(
+ name='getConsumptionRolePolicies',
+ args=[
+ gql.Argument(name='environmentUri', type=gql.NonNullableType(gql.String)),
+ gql.Argument(name='IAMRoleName', type=gql.NonNullableType(gql.String)),
+ ],
+ type=gql.ArrayType(RoleManagedPolicy),
+ resolver=get_consumption_role_policies,
+ test_scope='Environment',
+)
diff --git a/backend/dataall/core/environment/api/resolvers.py b/backend/dataall/core/environment/api/resolvers.py
index 7c3fe23b2..84665cf6d 100644
--- a/backend/dataall/core/environment/api/resolvers.py
+++ b/backend/dataall/core/environment/api/resolvers.py
@@ -178,15 +178,16 @@ def get_parent_organization(context: Context, source, **kwargs):
return org
-def get_policies(context: Context, source, **kwargs):
- environment = EnvironmentService.find_environment_by_uri(uri=source.environmentUri)
- return PolicyManager(
- role_name=source.IAMRoleName,
- environmentUri=environment.environmentUri,
- account=environment.AwsAccountId,
- region=environment.region,
- resource_prefix=environment.resourcePrefix,
- ).get_all_policies()
+# used from ConsumptionRole type as field resolver
+def resolve_consumption_role_policies(context: Context, source, **kwargs):
+ return EnvironmentService.resolve_consumption_role_policies(
+ uri=source.environmentUri, IAMRoleName=source.IAMRoleName
+ )
+
+
+# used from getConsumptionRolePolicies query -- query resolver
+def get_consumption_role_policies(context: Context, source, environmentUri, IAMRoleName):
+ return EnvironmentService.resolve_consumption_role_policies(uri=environmentUri, IAMRoleName=IAMRoleName)
def resolve_environment_networks(context: Context, source, **kwargs):
diff --git a/backend/dataall/core/environment/api/types.py b/backend/dataall/core/environment/api/types.py
index 95756d9d9..229593dd8 100644
--- a/backend/dataall/core/environment/api/types.py
+++ b/backend/dataall/core/environment/api/types.py
@@ -3,7 +3,7 @@
from dataall.core.environment.api.resolvers import (
get_environment_stack,
get_parent_organization,
- get_policies,
+ resolve_consumption_role_policies,
resolve_environment_networks,
resolve_parameters,
resolve_user_role,
@@ -180,7 +180,9 @@
gql.Field(name='created', type=gql.String),
gql.Field(name='updated', type=gql.String),
gql.Field(name='deleted', type=gql.String),
- gql.Field(name='managedPolicies', type=gql.ArrayType(RoleManagedPolicy), resolver=get_policies),
+ gql.Field(
+ name='managedPolicies', type=gql.ArrayType(RoleManagedPolicy), resolver=resolve_consumption_role_policies
+ ),
],
)
diff --git a/backend/dataall/core/environment/services/environment_service.py b/backend/dataall/core/environment/services/environment_service.py
index 81579ead6..491f1a622 100644
--- a/backend/dataall/core/environment/services/environment_service.py
+++ b/backend/dataall/core/environment/services/environment_service.py
@@ -1115,3 +1115,15 @@ def get_template_from_resource_bucket(organization_uri, template_name):
)
return S3_client.get_presigned_url(region, resource_bucket, template_key)
+
+ @staticmethod
+ @ResourcePolicyService.has_resource_permission(environment_permissions.GET_ENVIRONMENT)
+ def resolve_consumption_role_policies(uri, IAMRoleName):
+ environment = EnvironmentService.find_environment_by_uri(uri=uri)
+ return PolicyManager(
+ role_name=IAMRoleName,
+ environmentUri=uri,
+ account=environment.AwsAccountId,
+ region=environment.region,
+ resource_prefix=environment.resourcePrefix,
+ ).get_all_policies()
diff --git a/frontend/src/modules/Catalog/components/RequestAccessModal.js b/frontend/src/modules/Catalog/components/RequestAccessModal.js
index d22cd6449..cf9993bbe 100644
--- a/frontend/src/modules/Catalog/components/RequestAccessModal.js
+++ b/frontend/src/modules/Catalog/components/RequestAccessModal.js
@@ -25,6 +25,7 @@ import {
listEnvironmentGroups,
listValidEnvironments,
requestDashboardShare,
+ getConsumptionRolePolicies,
useClient
} from 'services';
import { useNavigate } from 'react-router-dom';
@@ -41,6 +42,8 @@ export const RequestAccessModal = (props) => {
const [groupOptions, setGroupOptions] = useState([]);
const [loadingRoles, setLoadingRoles] = useState(false);
const [roleOptions, setRoleOptions] = useState([]);
+ const [isSharePolicyAttached, setIsSharePolicyAttached] = useState(true);
+ const [policyName, setPolicyName] = useState('');
const fetchEnvironments = useCallback(async () => {
setLoadingEnvs(true);
@@ -109,13 +112,8 @@ export const RequestAccessModal = (props) => {
response.data.listEnvironmentConsumptionRoles.nodes.map((g) => ({
value: g.consumptionRoleUri,
label: [g.consumptionRoleName, ' [', g.IAMRoleArn, ']'].join(''),
- dataallManaged: g.dataallManaged,
- isSharePolicyAttached: g.managedPolicies.find(
- (policy) => policy.policy_type === 'SharePolicy'
- ).attached,
- policyName: g.managedPolicies.find(
- (policy) => policy.policy_type === 'SharePolicy'
- ).policy_name
+ IAMRoleName: g.IAMRoleName,
+ dataallManaged: g.dataallManaged
}))
);
} else {
@@ -128,6 +126,35 @@ export const RequestAccessModal = (props) => {
}
};
+ const fetchRolePolicies = async (environmentUri, IAMRoleName) => {
+ setLoadingRoles(true);
+ try {
+ const response = await client.query(
+ getConsumptionRolePolicies({
+ environmentUri,
+ IAMRoleName
+ })
+ );
+ if (!response.errors) {
+ var isSharePolicyAttached =
+ response.data.getConsumptionRolePolicies.find(
+ (policy) => policy.policy_type === 'SharePolicy'
+ ).attached;
+ setIsSharePolicyAttached(isSharePolicyAttached);
+ var policyName = response.data.getConsumptionRolePolicies.find(
+ (policy) => policy.policy_type === 'SharePolicy'
+ ).policy_name;
+ setPolicyName(policyName);
+ } else {
+ dispatch({ type: SET_ERROR, error: response.errors[0].message });
+ }
+ } catch (e) {
+ dispatch({ type: SET_ERROR, error: e.message });
+ } finally {
+ setLoadingRoles(false);
+ }
+ };
+
useEffect(() => {
if (client && open) {
fetchEnvironments().catch((e) =>
@@ -435,6 +462,15 @@ export const RequestAccessModal = (props) => {
'consumptionRoleObj',
event.target.value
);
+ fetchRolePolicies(
+ values.environment.environmentUri,
+ event.target.value.IAMRoleName
+ ).catch((e) =>
+ dispatch({
+ type: SET_ERROR,
+ error: e.message
+ })
+ );
}}
select
value={values.consumptionRoleObj}
@@ -468,10 +504,9 @@ export const RequestAccessModal = (props) => {
)}
-
{!values.consumptionRole ||
values.consumptionRoleObj.dataallManaged ||
- values.consumptionRoleObj.isSharePolicyAttached ? (
+ isSharePolicyAttached ? (
) : (
@@ -496,16 +531,13 @@ export const RequestAccessModal = (props) => {
{values.consumptionRoleObj &&
!(
values.consumptionRoleObj.dataallManaged ||
- values.consumptionRoleObj.isSharePolicyAttached ||
+ isSharePolicyAttached ||
values.attachMissingPolicies
) ? (
Selected consumption role is managed by
customer, but the share policy{' '}
-
- {values.consumptionRoleObj.policyName}
- {' '}
- is not attached.
+ {policyName} is not attached.
Please attach it or let Data.all attach it for
you.
@@ -556,7 +588,7 @@ export const RequestAccessModal = (props) => {
(values.consumptionRoleObj &&
!(
values.consumptionRoleObj.dataallManaged ||
- values.consumptionRoleObj.isSharePolicyAttached ||
+ isSharePolicyAttached ||
values.attachMissingPolicies
))
}
diff --git a/frontend/src/services/graphql/Environment/getConsumptionRolePolicy.js b/frontend/src/services/graphql/Environment/getConsumptionRolePolicy.js
new file mode 100644
index 000000000..ffff9e5ea
--- /dev/null
+++ b/frontend/src/services/graphql/Environment/getConsumptionRolePolicy.js
@@ -0,0 +1,27 @@
+import { gql } from 'apollo-boost';
+
+export const getConsumptionRolePolicies = ({
+ environmentUri,
+ IAMRoleName
+}) => ({
+ variables: {
+ environmentUri,
+ IAMRoleName
+ },
+ query: gql`
+ query getConsumptionRolePolicies(
+ $environmentUri: String!
+ $IAMRoleName: String!
+ ) {
+ getConsumptionRolePolicies(
+ environmentUri: $environmentUri
+ IAMRoleName: $IAMRoleName
+ ) {
+ policy_type
+ policy_name
+ attached
+ exists
+ }
+ }
+ `
+});
diff --git a/frontend/src/services/graphql/Environment/index.js b/frontend/src/services/graphql/Environment/index.js
index e893e1520..4d3f06e83 100644
--- a/frontend/src/services/graphql/Environment/index.js
+++ b/frontend/src/services/graphql/Environment/index.js
@@ -6,3 +6,4 @@ export * from './listEnvironmentGroups';
export * from './listEnvironments';
export * from './listValidEnvironments';
export * from './searchEnvironmentDataItems';
+export * from './getConsumptionRolePolicy';
diff --git a/frontend/src/services/graphql/Environment/listEnvironmentConsumptionRoles.js b/frontend/src/services/graphql/Environment/listEnvironmentConsumptionRoles.js
index a93028244..823a4240d 100644
--- a/frontend/src/services/graphql/Environment/listEnvironmentConsumptionRoles.js
+++ b/frontend/src/services/graphql/Environment/listEnvironmentConsumptionRoles.js
@@ -28,12 +28,8 @@ export const listEnvironmentConsumptionRoles = ({
environmentUri
groupUri
IAMRoleArn
+ IAMRoleName
dataallManaged
- managedPolicies {
- policy_type
- policy_name
- attached
- }
}
}
}