diff --git a/service/src/main/java/bio/terra/workspace/app/configuration/external/FeatureConfiguration.java b/service/src/main/java/bio/terra/workspace/app/configuration/external/FeatureConfiguration.java index 5ef363d5bb..f0098f4a05 100644 --- a/service/src/main/java/bio/terra/workspace/app/configuration/external/FeatureConfiguration.java +++ b/service/src/main/java/bio/terra/workspace/app/configuration/external/FeatureConfiguration.java @@ -18,7 +18,6 @@ public class FeatureConfiguration { private boolean azureControlPlaneEnabled; private boolean alpha1Enabled; private boolean tpsEnabled; - private boolean bpmGcpEnabled; private boolean temporaryGrantEnabled; private WsmResourceStateRule stateRule; @@ -54,14 +53,6 @@ public void setTpsEnabled(boolean tpsEnabled) { this.tpsEnabled = tpsEnabled; } - public boolean isBpmGcpEnabled() { - return bpmGcpEnabled; - } - - public void setBpmGcpEnabled(boolean bpmGcpEnabled) { - this.bpmGcpEnabled = bpmGcpEnabled; - } - public boolean isTemporaryGrantEnabled() { return temporaryGrantEnabled; } @@ -107,7 +98,6 @@ public void logFeatures() { logger.info("Feature: azure-enabled: {}", isAzureControlPlaneEnabled()); logger.info("Feature: alpha1-enabled: {}", isAlpha1Enabled()); logger.info("Feature: tps-enabled: {}", isTpsEnabled()); - logger.info("Feature: bpm-gcp-enabled: {}", isBpmGcpEnabled()); logger.info("Feature: temporary-grant-enabled: {}", isTemporaryGrantEnabled()); logger.info("Feature: state-rule: {}", getStateRule()); } diff --git a/service/src/main/java/bio/terra/workspace/app/controller/WorkspaceApiController.java b/service/src/main/java/bio/terra/workspace/app/controller/WorkspaceApiController.java index 4b949253a6..aa15db0093 100644 --- a/service/src/main/java/bio/terra/workspace/app/controller/WorkspaceApiController.java +++ b/service/src/main/java/bio/terra/workspace/app/controller/WorkspaceApiController.java @@ -501,9 +501,7 @@ public ResponseEntity createCloudContext( .orElseThrow(() -> MissingSpendProfileException.forWorkspace(workspace.workspaceId())); // Make sure the caller is authorized to use the spend profile - SpendProfile spendProfile = - spendProfileService.authorizeLinking( - spendProfileId, features.isBpmGcpEnabled(), userRequest); + SpendProfile spendProfile = spendProfileService.authorizeLinking(spendProfileId, userRequest); workspaceService.createCloudContext( workspace, cloudPlatform, spendProfile, jobId, userRequest, resultPath); @@ -630,9 +628,7 @@ public ResponseEntity cloneWorkspace( .orElse(workspaceSpendProfileId); SpendProfile spendProfile = null; if (spendProfileId != null) { - spendProfile = - spendProfileService.authorizeLinking( - spendProfileId, features.isBpmGcpEnabled(), petRequest); + spendProfile = spendProfileService.authorizeLinking(spendProfileId, petRequest); } // Accept a target workspace id if one is provided. This allows Rawls to specify an diff --git a/service/src/main/java/bio/terra/workspace/app/controller/shared/WorkspaceApiUtils.java b/service/src/main/java/bio/terra/workspace/app/controller/shared/WorkspaceApiUtils.java index 0268522946..0922da7724 100644 --- a/service/src/main/java/bio/terra/workspace/app/controller/shared/WorkspaceApiUtils.java +++ b/service/src/main/java/bio/terra/workspace/app/controller/shared/WorkspaceApiUtils.java @@ -87,8 +87,7 @@ public static WorkspaceStage getStageFromApiStage(ApiWorkspaceStageModel apiWork if (apiSpendProfile == null) { return null; } - return spendProfileService.authorizeLinking( - new SpendProfileId(apiSpendProfile), features.isBpmGcpEnabled(), userRequest); + return spendProfileService.authorizeLinking(new SpendProfileId(apiSpendProfile), userRequest); } /** diff --git a/service/src/main/java/bio/terra/workspace/service/spendprofile/SpendProfileService.java b/service/src/main/java/bio/terra/workspace/service/spendprofile/SpendProfileService.java index 73c60da647..1baa31dfe2 100644 --- a/service/src/main/java/bio/terra/workspace/service/spendprofile/SpendProfileService.java +++ b/service/src/main/java/bio/terra/workspace/service/spendprofile/SpendProfileService.java @@ -81,9 +81,9 @@ public SpendProfileService( */ @WithSpan public SpendProfile authorizeLinking( - SpendProfileId spendProfileId, boolean bpmEnabled, AuthenticatedUserRequest userRequest) { + SpendProfileId spendProfileId, AuthenticatedUserRequest userRequest) { - SpendProfile spend = null; + SpendProfile spend; if (spendProfiles.containsKey(spendProfileId)) { if (!Rethrow.onInterrupted( () -> @@ -96,20 +96,9 @@ public SpendProfile authorizeLinking( throw SpendUnauthorizedException.linkUnauthorized(spendProfileId); } spend = spendProfiles.get(spendProfileId); - } else if (bpmEnabled) { + } else { // profiles returned from BPM means we are auth'ed spend = getSpendProfileFromBpm(userRequest, spendProfileId); - } else { - if (!Rethrow.onInterrupted( - () -> - samService.isAuthorized( - userRequest, - SamConstants.SamResource.SPEND_PROFILE, - spendProfileId.getId(), - SamConstants.SamSpendProfileAction.LINK), - "isAuthorized")) { - throw SpendUnauthorizedException.linkUnauthorized(spendProfileId); - } } if (spend == null) { diff --git a/service/src/main/resources/application.yml b/service/src/main/resources/application.yml index fea7c8bb54..79a1ea8952 100644 --- a/service/src/main/resources/application.yml +++ b/service/src/main/resources/application.yml @@ -285,8 +285,6 @@ feature: alpha1-enabled: false # tps-enabled - Controls whether Terra Policy Service is called. It is always built into WSM tps-enabled: false - # bpm-enabled-gcp - Controls whether spend profile checks are made for GCP workspaces - bpm-gcp-enabled: false # temporary-grant-enabled - Controls whether temporary direct ACL grants are made on creates temporary-grant-enabled: false # state-rule - see WsmResourceStateRule - default to original state rule diff --git a/service/src/test/java/bio/terra/workspace/common/BaseAzureConnectedTest.java b/service/src/test/java/bio/terra/workspace/common/BaseAzureConnectedTest.java index 7f9caafcab..a54b16cf92 100644 --- a/service/src/test/java/bio/terra/workspace/common/BaseAzureConnectedTest.java +++ b/service/src/test/java/bio/terra/workspace/common/BaseAzureConnectedTest.java @@ -65,10 +65,7 @@ protected void createLandingZone() { protected SpendProfileId initSpendProfileMock() { Mockito.when( mockSpendProfileService() - .authorizeLinking( - Mockito.eq(azureTestUtils.getSpendProfileId()), - Mockito.eq(true), - Mockito.any())) + .authorizeLinking(Mockito.eq(azureTestUtils.getSpendProfileId()), Mockito.any())) .thenReturn( new SpendProfile( azureTestUtils.getSpendProfileId(), diff --git a/service/src/test/java/bio/terra/workspace/connected/WorkspaceConnectedTestUtils.java b/service/src/test/java/bio/terra/workspace/connected/WorkspaceConnectedTestUtils.java index d1cd72376c..4fb51c947c 100644 --- a/service/src/test/java/bio/terra/workspace/connected/WorkspaceConnectedTestUtils.java +++ b/service/src/test/java/bio/terra/workspace/connected/WorkspaceConnectedTestUtils.java @@ -43,7 +43,7 @@ public Workspace createWorkspaceWithGcpContext(AuthenticatedUserRequest userRequ // make the authorize request. SpendProfile spendProfile = spendProfileService.authorizeLinking( - workspace.getSpendProfileId().orElseThrow(), features.isBpmGcpEnabled(), userRequest); + workspace.getSpendProfileId().orElseThrow(), userRequest); String gcpContextJobId = UUID.randomUUID().toString(); workspaceService.createCloudContext( diff --git a/service/src/test/java/bio/terra/workspace/pact/ProfileApiTest.java b/service/src/test/java/bio/terra/workspace/pact/ProfileApiTest.java index b85e50a049..f6fbe45283 100644 --- a/service/src/test/java/bio/terra/workspace/pact/ProfileApiTest.java +++ b/service/src/test/java/bio/terra/workspace/pact/ProfileApiTest.java @@ -104,7 +104,7 @@ public void testAuthorizingLinkingOfAnAzureProfile(MockServer mockServer) { var spendProfileId = new SpendProfileId(dummyAzureProfileId); var service = new SpendProfileService(samService, config, OpenTelemetry.noop()); - service.authorizeLinking(spendProfileId, true, userRequest); + service.authorizeLinking(spendProfileId, userRequest); } @Test @@ -121,7 +121,7 @@ public void testAuthorizingLinkingOfGCPProfile(MockServer mockServer) { var spendProfileId = new SpendProfileId(dummyGCPProfileId); var service = new SpendProfileService(samService, config, OpenTelemetry.noop()); - service.authorizeLinking(spendProfileId, true, userRequest); + service.authorizeLinking(spendProfileId, userRequest); } @Test @@ -139,6 +139,6 @@ public void testAuthorizingLinkingOfAnNonexistantProfile(MockServer mockServer) var service = new SpendProfileService(samService, config, OpenTelemetry.noop()); assertThrows( SpendUnauthorizedException.class, - () -> service.authorizeLinking(spendProfileId, true, userRequest)); + () -> service.authorizeLinking(spendProfileId, userRequest)); } } diff --git a/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileBpmConnectedTest.java b/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileBpmConnectedTest.java index 475a0ad479..776565c1b7 100644 --- a/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileBpmConnectedTest.java +++ b/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileBpmConnectedTest.java @@ -61,8 +61,7 @@ public void cleanUp() { @DisabledIf("bpmUnavailable") void authorizeLinkingSuccess() { var linkedProfile = - spendProfileService.authorizeLinking( - profile.id(), true, userAccessUtils.thirdUserAuthRequest()); + spendProfileService.authorizeLinking(profile.id(), userAccessUtils.thirdUserAuthRequest()); assertEquals(linkedProfile.billingAccountId(), profile.billingAccountId()); assertEquals(linkedProfile.id(), profile.id()); } @@ -74,7 +73,7 @@ void authorizeLinkingFailure() { SpendUnauthorizedException.class, () -> spendProfileService.authorizeLinking( - profile.id(), true, userAccessUtils.defaultUserAuthRequest())); + profile.id(), userAccessUtils.defaultUserAuthRequest())); } @Test @@ -86,7 +85,6 @@ void authorizeLinkingUnknownId() { () -> spendProfileService.authorizeLinking( new SpendProfileId(UUID.randomUUID().toString()), - true, userAccessUtils.thirdUserAuthRequest())); assert (ex.getStatusCode() == HttpStatus.FORBIDDEN); } diff --git a/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileServiceTest.java b/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileServiceTest.java index 281a0dca8a..e9fc327085 100644 --- a/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileServiceTest.java +++ b/service/src/test/java/bio/terra/workspace/service/spendprofile/SpendProfileServiceTest.java @@ -38,8 +38,7 @@ void authorizeLinkingSuccess() { new SpendProfileService( samService, ImmutableList.of(profile), spendProfileConfiguration, OpenTelemetry.noop()); - assertEquals( - profile, service.authorizeLinking(id, false, userAccessUtils.defaultUserAuthRequest())); + assertEquals(profile, service.authorizeLinking(id, userAccessUtils.defaultUserAuthRequest())); } @Test @@ -54,7 +53,7 @@ void authorizeLinkingSamUnauthorizedThrowsUnauthorized() { assertThrows( SpendUnauthorizedException.class, - () -> service.authorizeLinking(id, false, userAccessUtils.secondUserAuthRequest())); + () -> service.authorizeLinking(id, userAccessUtils.secondUserAuthRequest())); } @Test @@ -67,7 +66,7 @@ void authorizeLinkingUnknownIdThrowsUnauthorized() { SpendUnauthorizedException.class, () -> service.authorizeLinking( - new SpendProfileId("bar"), false, userAccessUtils.defaultUserAuthRequest())); + new SpendProfileId("bar"), userAccessUtils.defaultUserAuthRequest())); } @Test @@ -79,6 +78,6 @@ void parseSpendProfileConfiguration() { SpendProfile.buildGcpSpendProfile( spendUtils.defaultSpendId(), spendUtils.defaultBillingAccountId()), service.authorizeLinking( - spendUtils.defaultSpendId(), false, userAccessUtils.defaultUserAuthRequest())); + spendUtils.defaultSpendId(), userAccessUtils.defaultUserAuthRequest())); } } diff --git a/service/src/test/java/bio/terra/workspace/service/workspace/flight/gcp/RemoveUserFromWorkspaceFlightTest.java b/service/src/test/java/bio/terra/workspace/service/workspace/flight/gcp/RemoveUserFromWorkspaceFlightTest.java index aef8eb54ba..1265021058 100644 --- a/service/src/test/java/bio/terra/workspace/service/workspace/flight/gcp/RemoveUserFromWorkspaceFlightTest.java +++ b/service/src/test/java/bio/terra/workspace/service/workspace/flight/gcp/RemoveUserFromWorkspaceFlightTest.java @@ -113,8 +113,7 @@ void removeUserFromWorkspaceFlightDoUndo() throws Exception { AuthenticatedUserRequest userRequest = userAccessUtils.defaultUser().getAuthenticatedRequest(); String makeContextJobId = UUID.randomUUID().toString(); SpendProfile spendProfile = - spendProfileService.authorizeLinking( - DEFAULT_SPEND_PROFILE_ID, features.isBpmGcpEnabled(), userRequest); + spendProfileService.authorizeLinking(DEFAULT_SPEND_PROFILE_ID, userRequest); workspaceService.createCloudContext( workspace, CloudPlatform.GCP, spendProfile, makeContextJobId, userRequest, null);