From 034c1e3720ada285406d1d49bf22cde32bcd1c96 Mon Sep 17 00:00:00 2001
From: tlangs <tlangs@broadinstitute.org>
Date: Thu, 25 Jan 2024 11:08:44 -0500
Subject: [PATCH] fix pet signing account creation

---
 .../changesets/20240118_action_service_accounts.xml  |  4 ++--
 .../dsde/workbench/sam/google/GoogleExtensions.scala |  2 +-
 .../workbench/sam/google/PetSigningAccounts.scala    | 12 +++++++-----
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/src/main/resources/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml b/src/main/resources/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml
index f08aa26b2..4c88729fb 100644
--- a/src/main/resources/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml
+++ b/src/main/resources/org/broadinstitute/dsde/sam/liquibase/changesets/20240118_action_service_accounts.xml
@@ -8,7 +8,7 @@
     <changeSet logicalFilePath="dummy" author="tlangs" id="action_service_accounts">
         <createTable tableName="SAM_ACTION_SERVICE_ACCOUNT">
             <column name="resource_id" type="BIGINT">
-                <constraints nullable="false" primaryKey="true" foreignKeyName="FK_SASA_RESOURCE" referencedTableName="SAM_RESOURCE" referencedColumnNames="id"/>
+                <constraints nullable="false" primaryKey="true" foreignKeyName="FK_SASA_RESOURCE" referencedTableName="SAM_RESOURCE" referencedColumnNames="id" onDelete="CASCADE"/>
             </column>
 
             <column name="resource_action_id" type="BIGINT">
@@ -29,7 +29,7 @@
         </createTable>
         <createTable tableName="SAM_PET_SIGNING_ACCOUNT">
             <column name="sam_user_id" type="VARCHAR">
-                <constraints primaryKey="true" foreignKeyName="FK_PET_SIGN_ACCT" referencedTableName="SAM_USER" referencedColumnNames="id"/>
+                <constraints primaryKey="true" foreignKeyName="FK_PET_SIGN_ACCT" referencedTableName="SAM_USER" referencedColumnNames="id" onDelete="CASCADE"/>
             </column>
             <column name="project" type="VARCHAR">
                 <constraints primaryKey="true"/>
diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala
index b16291182..893d8c209 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/GoogleExtensions.scala
@@ -502,7 +502,7 @@ class GoogleExtensions(
       .flatMap {
         case Some(actionServiceAccount) =>
           for {
-            petSigningAccountKey <- petSigningAccounts.getUserPetSigningAccount(samUser, samRequestContext)
+            petSigningAccountKey <- petSigningAccounts.getUserPetSigningAccountKey(samUser, samRequestContext)
           } yield petSigningAccountKey.map((actionServiceAccount, _))
         case None => IO.none[(ActionServiceAccount, String)]
       }
diff --git a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala
index 2daa1ee05..ddcfc7a73 100644
--- a/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala
+++ b/src/main/scala/org/broadinstitute/dsde/workbench/sam/google/PetSigningAccounts.scala
@@ -8,7 +8,7 @@ import cats.implicits.{catsSyntaxApplicativeId, catsSyntaxTuple2Parallel}
 import com.google.api.client.googleapis.json.GoogleJsonResponseException
 import org.broadinstitute.dsde.workbench.google.{GoogleDirectoryDAO, GoogleIamDAO, GoogleProjectDAO}
 import org.broadinstitute.dsde.workbench.model.google._
-import org.broadinstitute.dsde.workbench.model.{PetServiceAccount, PetServiceAccountId, WorkbenchEmail, WorkbenchUserId}
+import org.broadinstitute.dsde.workbench.model.{PetServiceAccount, PetServiceAccountId, WorkbenchEmail, WorkbenchException, WorkbenchUserId}
 import org.broadinstitute.dsde.workbench.sam.config.GoogleServicesConfig
 import org.broadinstitute.dsde.workbench.sam.dataAccess.{DirectoryDAO, LockDetails, PostgresDistributedLockDAO}
 import org.broadinstitute.dsde.workbench.sam.model.api.SamUser
@@ -37,8 +37,10 @@ class PetSigningAccounts(
 
   private[google] def createPetSigningAccountForUser(user: SamUser, samRequestContext: SamRequestContext): IO[PetServiceAccount] = {
     val googleProject = petServiceAccountProject(user)
-    val (petSaName, petSaDisplayName) = toPetSigningAccountFromUser(user)
-    createPetSigningAccount(user, petSaName, petSaDisplayName, googleProject, samRequestContext)
+    for {
+      _ <- getUserPetSigningAccountKey(user, samRequestContext)
+      account <- directoryDAO.loadPetSigningAccount(PetServiceAccountId(user.id, googleProject), samRequestContext)
+    } yield account.getOrElse(throw new WorkbenchException(s"Failed to create Pet Signing Account for ${user}"))
   }
 
   private[google] def createPetSigningAccount(
@@ -108,7 +110,7 @@ class PetSigningAccounts(
       s"fc-${googleServicesConfig.environment.substring(0, Math.min(googleServicesConfig.environment.length(), 5))}-${samUser.id}"
     ) // max 30 characters. subject ID is 21
 
-  private[google] def getUserPetSigningAccount(user: SamUser, samRequestContext: SamRequestContext): IO[Option[String]] = {
+  private[google] def getUserPetSigningAccountKey(user: SamUser, samRequestContext: SamRequestContext): IO[String] = {
     val googleProject = petServiceAccountProject(user)
     val (petSaName, petSaDisplayName) = toPetSigningAccountFromUser(user)
 
@@ -124,7 +126,7 @@ class PetSigningAccounts(
       }
       serviceAccount <- createPetSigningAccount(user, petSaName, petSaDisplayName, googleProject, samRequestContext).unsafeToFuture()
       key <- googleKeyCache.getKey(serviceAccount).unsafeToFuture()
-    } yield Some(key)
+    } yield key
     IO.fromFuture(IO(keyFuture))
   }