fix pet signing account creation

broadinstitute · Jan 25, 2024 · 034c1e3 · 034c1e3
1 parent e01aedf
commit 034c1e3
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 8 deletions.
diff --git a/...ces/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml b/...ces/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml
@@ -8,7 +8,7 @@
     <changeSet logicalFilePath="dummy" author="tlangs" id="action_service_accounts">
         <createTable tableName="SAM_ACTION_SERVICE_ACCOUNT">
             <column name="resource_id" type="BIGINT">
-                <constraints nullable="false" primaryKey="true" foreignKeyName="FK_SASA_RESOURCE" referencedTableName="SAM_RESOURCE" referencedColumnNames="id"/>
+                <constraints nullable="false" primaryKey="true" foreignKeyName="FK_SASA_RESOURCE" referencedTableName="SAM_RESOURCE" referencedColumnNames="id" onDelete="CASCADE"/>
             </column>
 
             <column name="resource_action_id" type="BIGINT">
@@ -29,7 +29,7 @@
         </createTable>
         <createTable tableName="SAM_PET_SIGNING_ACCOUNT">
             <column name="sam_user_id" type="VARCHAR">
-                <constraints primaryKey="true" foreignKeyName="FK_PET_SIGN_ACCT" referencedTableName="SAM_USER" referencedColumnNames="id"/>
+                <constraints primaryKey="true" foreignKeyName="FK_PET_SIGN_ACCT" referencedTableName="SAM_USER" referencedColumnNames="id" onDelete="CASCADE"/>
             </column>
             <column name="project" type="VARCHAR">
                 <constraints primaryKey="true"/>

diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala
@@ -502,7 +502,7 @@ class GoogleExtensions(
       .flatMap {
         case Some(actionServiceAccount) =>
           for {
-            petSigningAccountKey <- petSigningAccounts.getUserPetSigningAccount(samUser, samRequestContext)
+            petSigningAccountKey <- petSigningAccounts.getUserPetSigningAccountKey(samUser, samRequestContext)
           } yield petSigningAccountKey.map((actionServiceAccount, _))
         case None => IO.none[(ActionServiceAccount, String)]
       }

diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala
@@ -8,7 +8,7 @@ import cats.implicits.{catsSyntaxApplicativeId, catsSyntaxTuple2Parallel}
 import com.google.api.client.googleapis.json.GoogleJsonResponseException
 import org.broadinstitute.dsde.workbench.google.{GoogleDirectoryDAO, GoogleIamDAO, GoogleProjectDAO}
 import org.broadinstitute.dsde.workbench.model.google._
-import org.broadinstitute.dsde.workbench.model.{PetServiceAccount, PetServiceAccountId, WorkbenchEmail, WorkbenchUserId}
+import org.broadinstitute.dsde.workbench.model.{PetServiceAccount, PetServiceAccountId, WorkbenchEmail, WorkbenchException, WorkbenchUserId}
 import org.broadinstitute.dsde.workbench.sam.config.GoogleServicesConfig
 import org.broadinstitute.dsde.workbench.sam.dataAccess.{DirectoryDAO, LockDetails, PostgresDistributedLockDAO}
 import org.broadinstitute.dsde.workbench.sam.model.api.SamUser
@@ -37,8 +37,10 @@ class PetSigningAccounts(
 
   private[google] def createPetSigningAccountForUser(user: SamUser, samRequestContext: SamRequestContext): IO[PetServiceAccount] = {
     val googleProject = petServiceAccountProject(user)
-    val (petSaName, petSaDisplayName) = toPetSigningAccountFromUser(user)
-    createPetSigningAccount(user, petSaName, petSaDisplayName, googleProject, samRequestContext)
+    for {
+      _ <- getUserPetSigningAccountKey(user, samRequestContext)
+      account <- directoryDAO.loadPetSigningAccount(PetServiceAccountId(user.id, googleProject), samRequestContext)
+    } yield account.getOrElse(throw new WorkbenchException(s"Failed to create Pet Signing Account for ${user}"))
   }
 
   private[google] def createPetSigningAccount(
@@ -108,7 +110,7 @@ class PetSigningAccounts(
       s"fc-${googleServicesConfig.environment.substring(0, Math.min(googleServicesConfig.environment.length(), 5))}-${samUser.id}"
     ) // max 30 characters. subject ID is 21
 
-  private[google] def getUserPetSigningAccount(user: SamUser, samRequestContext: SamRequestContext): IO[Option[String]] = {
+  private[google] def getUserPetSigningAccountKey(user: SamUser, samRequestContext: SamRequestContext): IO[String] = {
     val googleProject = petServiceAccountProject(user)
     val (petSaName, petSaDisplayName) = toPetSigningAccountFromUser(user)
 
@@ -124,7 +126,7 @@ class PetSigningAccounts(
       }
       serviceAccount <- createPetSigningAccount(user, petSaName, petSaDisplayName, googleProject, samRequestContext).unsafeToFuture()
       key <- googleKeyCache.getKey(serviceAccount).unsafeToFuture()
-    } yield Some(key)
+    } yield key
     IO.fromFuture(IO(keyFuture))
   }