DataBiosphere · rjohanek · Aug 27, 2024 · Aug 15, 2024 · Aug 19, 2024 · Aug 19, 2024
@@ -14,7 +14,6 @@ private SnapshotWorkingMapKeys() {}
   public static final String SNAPSHOT_EXISTS = "snapshotExists";
   public static final String SNAPSHOT_HAS_GOOGLE_PROJECT = "snapshotHasGoogleProject";
   public static final String SNAPSHOT_HAS_AZURE_STORAGE_ACCOUNT = "snapshotHasStorageAccount";
-  public static final String SNAPSHOT_AUTH_DOMAIN_GROUPS = "snapshotAuthDomainGroups";
   public static final String DATASET_EXISTS = "datasetExists";
   public static final String STORAGE_ACCOUNT_RESOURCE_NAME = "storageAccountResourceName";
   public static final String STORAGE_ACCOUNT_RESOURCE_TLC = "storageAccountResourceTlc";

@@ -0,0 +1,45 @@
+package bio.terra.service.snapshot.flight.create;
+
+import bio.terra.service.snapshot.flight.SnapshotWorkingMapKeys;
+import bio.terra.service.snapshotbuilder.SnapshotRequestDao;
+import bio.terra.stairway.FlightContext;
+import bio.terra.stairway.Step;
+import bio.terra.stairway.StepResult;
+import bio.terra.stairway.exception.RetryException;
+import java.util.UUID;
+
+public class AddCreatedInfoToSnapshotRequestStep implements Step {
+  private final SnapshotRequestDao snapshotRequestDao;
+  private final UUID snapshotRequestId;
+  private final UUID createdSnapshotId;
+  private final String samGroupCreatedBy;
+
+  public AddCreatedInfoToSnapshotRequestStep(
+      SnapshotRequestDao snapshotRequestDao,
+      UUID snapshotRequestId,
+      UUID snapshotId,
+      String samGroupCreatedBy) {
+    this.snapshotRequestDao = snapshotRequestDao;
+    this.snapshotRequestId = snapshotRequestId;
+    this.createdSnapshotId = snapshotId;
+    this.samGroupCreatedBy = samGroupCreatedBy;
+  }
+
+  @Override
+  public StepResult doStep(FlightContext context) throws InterruptedException, RetryException {
+    var workingMap = context.getWorkingMap();
+    String samGroupName =
+        workingMap.get(SnapshotWorkingMapKeys.SNAPSHOT_FIRECLOUD_GROUP_NAME, String.class);
+
+    snapshotRequestDao.updateCreatedInfo(
+        snapshotRequestId, createdSnapshotId, samGroupName, samGroupCreatedBy);
+    return StepResult.getStepResultSuccess();
+  }
+
+  @Override
+  public StepResult undoStep(FlightContext context) throws InterruptedException {
+    // remove the written information if the flight fails
+    snapshotRequestDao.updateCreatedInfo(snapshotRequestId, null, null, null);
+    return StepResult.getStepResultSuccess();
+  }
+}
@@ -434,10 +434,11 @@ public SnapshotCreateFlight(FlightMap inputParameters, Object applicationContext
 
     if (mode == SnapshotRequestContentsModel.ModeEnum.BYREQUESTID) {
       UUID snapshotRequestId = contents.getRequestIdSpec().getSnapshotRequestId();
-      // Add created snapshot id to the snapshot request.
+      // On the snapshot access request, save information about the created snapshot and about
+      // the Sam group that was added as a DAC.
       addStep(
-          new AddCreatedSnapshotIdToSnapshotRequestStep(
-              snapshotRequestDao, snapshotRequestId, snapshotId));
+          new AddCreatedInfoToSnapshotRequestStep(
+              snapshotRequestDao, snapshotRequestId, snapshotId, tdrServiceAccountEmail));
       // Notify user that snapshot is ready to use.
       addStep(
           new NotifyUserOfSnapshotCreationStep(

@@ -1,22 +1,22 @@
 package bio.terra.service.snapshot.flight.delete;
 
+import bio.terra.common.exception.NotFoundException;
 import bio.terra.service.auth.iam.IamService;
 import bio.terra.service.auth.iam.exception.IamNotFoundException;
 import bio.terra.service.job.DefaultUndoStep;
-import bio.terra.service.snapshot.flight.SnapshotWorkingMapKeys;
+import bio.terra.service.snapshotbuilder.SnapshotAccessRequestModel;
+import bio.terra.service.snapshotbuilder.SnapshotRequestDao;
 import bio.terra.stairway.FlightContext;
 import bio.terra.stairway.StepResult;
 import bio.terra.stairway.exception.RetryException;
-import com.fasterxml.jackson.core.type.TypeReference;
-import java.util.List;
-import java.util.Objects;
 import java.util.UUID;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class DeleteSnapshotDeleteSamGroupStep extends DefaultUndoStep {
   private static Logger logger = LoggerFactory.getLogger(DeleteSnapshotDeleteSamGroupStep.class);
   private final IamService iamService;
+  private final SnapshotRequestDao snapshotRequestDao;
   private final UUID snapshotId;
 
   /**
@@ -27,28 +27,35 @@ public class DeleteSnapshotDeleteSamGroupStep extends DefaultUndoStep {
    * @param iamService
    * @param snapshotId
    */
-  public DeleteSnapshotDeleteSamGroupStep(IamService iamService, UUID snapshotId) {
+  public DeleteSnapshotDeleteSamGroupStep(
+      IamService iamService, SnapshotRequestDao snapshotRequestDao, UUID snapshotId) {
     this.iamService = iamService;
+    this.snapshotRequestDao = snapshotRequestDao;
     this.snapshotId = snapshotId;
   }
 
   @Override
   public StepResult doStep(FlightContext context) throws InterruptedException, RetryException {
-    List<String> authDomains =
-        context
-            .getWorkingMap()
-            .get(SnapshotWorkingMapKeys.SNAPSHOT_AUTH_DOMAIN_GROUPS, new TypeReference<>() {});
-    // Only delete the Sam group if it matches the expected naming pattern
-    var expectedName = IamService.constructSamGroupName(snapshotId.toString());
-    if (Objects.nonNull(authDomains) && authDomains.contains(expectedName)) {
-      try {
-        iamService.deleteGroup(expectedName);
-      } catch (IamNotFoundException ex) {
-        // if group does not exist, nothing to delete)
-      } catch (Exception ex) {
-        logger.error("Error deleting Sam group: {}", expectedName, ex);
-      }
+    // The request will only exist if the snapshot was created with byRequestId mode
+    // If it exists, the request will have the sam group name to be deleted for this snapshot
+    SnapshotAccessRequestModel request;
+    try {
+      request = snapshotRequestDao.getByCreatedSnapshotId(snapshotId);
+    } catch (NotFoundException ex) {
+      // If the request does not exist, nothing to delete
+      return StepResult.getStepResultSuccess();
     }
+
+    var samGroupName = request.samGroupName();
+    try {
+      iamService.deleteGroup(samGroupName);
+    } catch (IamNotFoundException ex) {
+      // If group does not exist, nothing to delete
+    } catch (Exception ex) {
+      // If there is some other error, log and continue
+      logger.error("Error deleting Sam group: {}", samGroupName, ex);
+    }
+
     return StepResult.getStepResultSuccess();
   }
 }
@@ -15,8 +15,6 @@
 import bio.terra.stairway.Step;
 import bio.terra.stairway.StepResult;
 import bio.terra.stairway.StepStatus;
-import java.util.ArrayList;
-import java.util.List;
 import java.util.UUID;
 
 public class DeleteSnapshotPopAndLockDatasetStep implements Step {
@@ -64,16 +62,6 @@ public StepResult doStep(FlightContext context) {
       return StepResult.getStepResultSuccess();
     }
 
-    try {
-      List<String> authDomains =
-          new ArrayList<>(
-              snapshotService.retrieveAuthDomains(snapshot.getId(), authenticatedUserRequest));
-      map.put(SnapshotWorkingMapKeys.SNAPSHOT_AUTH_DOMAIN_GROUPS, authDomains);
-    } catch (Exception ex) {
-      // Do nothing if we can't retrieve the auth domains
-      // No Sam groups will be deleted
-    }
-
     // Now we've confirmed the snapshot exists, let's check on the source dataset
     UUID datasetId = snapshot.getSourceDataset().getId();
     map.put(DatasetWorkingMapKeys.DATASET_ID, datasetId);

@@ -27,6 +27,7 @@
 import bio.terra.service.snapshot.flight.LockSnapshotStep;
 import bio.terra.service.snapshot.flight.UnlockSnapshotStep;
 import bio.terra.service.snapshotbuilder.SnapshotBuilderService;
+import bio.terra.service.snapshotbuilder.SnapshotRequestDao;
 import bio.terra.service.tabulardata.google.bigquery.BigQuerySnapshotPdao;
 import bio.terra.stairway.Flight;
 import bio.terra.stairway.FlightMap;
@@ -45,6 +46,7 @@ public SnapshotDeleteFlight(FlightMap inputParameters, Object applicationContext
     SnapshotService snapshotService = appContext.getBean(SnapshotService.class);
     SnapshotBuilderService snapshotBuilderService =
         appContext.getBean(SnapshotBuilderService.class);
+    SnapshotRequestDao snapshotRequestDao = appContext.getBean(SnapshotRequestDao.class);
     FireStoreDependencyDao dependencyDao = appContext.getBean(FireStoreDependencyDao.class);
     FireStoreDao fileDao = appContext.getBean(FireStoreDao.class);
     BigQuerySnapshotPdao bigQuerySnapshotPdao = appContext.getBean(BigQuerySnapshotPdao.class);
@@ -113,7 +115,7 @@ public SnapshotDeleteFlight(FlightMap inputParameters, Object applicationContext
 
     // Now that we no longer have the resources in SAM, we can delete the underlying Sam group
     // that was created for snapshots byRequestId
-    addStep(new DeleteSnapshotDeleteSamGroupStep(iamClient, snapshotId));
+    addStep(new DeleteSnapshotDeleteSamGroupStep(iamClient, snapshotRequestDao, snapshotId));
 
     // Primary Data Deletion
     // Note: Must delete primary data before metadata; it relies on being able to retrieve the

@@ -28,7 +28,9 @@ public record SnapshotAccessRequestModel(
     Instant statusUpdatedDate,
     SnapshotAccessRequestStatus status,
     UUID createdSnapshotId,
-    String flightid) {
+    String flightid,
+    String samGroupName,
+    String samGroupCreatedByTerraId) {
 
   @VisibleForTesting
   static String generateSummaryForCriteria(
@@ -137,6 +139,7 @@ public SnapshotAccessRequestResponse toApiResponse(SnapshotBuilderSettings setti
         .createdDate(createdDate != null ? createdDate.toString() : null)
         .statusUpdatedDate(statusUpdatedDate != null ? statusUpdatedDate.toString() : null)
         .createdSnapshotId(createdSnapshotId)
-        .summary(generateSummaryFromSnapshotSpecification(settings));
+        .summary(generateSummaryFromSnapshotSpecification(settings))
+        .authGroupName(samGroupName);
   }
 }
@@ -37,7 +37,9 @@ public class SnapshotRequestDao {
   private static final String STATUS_UPDATED_DATE = "status_updated_date";
   private static final String STATUS = "status";
   private static final String FLIGHT_ID = "flightid";
-  private static final String CREATED_SNAPSHOT_ID = "created_snapshot_id";
+  public static final String CREATED_SNAPSHOT_ID = "created_snapshot_id";
+  public static final String SAM_GROUP_NAME = "sam_group_name";
+  public static final String SAM_GROUP_CREATED_BY = "sam_group_created_by";
   private static final String AUTHORIZED_RESOURCES = "authorized_resources";
   private static final String NOT_FOUND_MESSAGE =
       "Snapshot Access Request with given id does not exist.";
@@ -55,7 +57,9 @@ public class SnapshotRequestDao {
               DaoUtils.getInstant(rs, STATUS_UPDATED_DATE),
               SnapshotAccessRequestStatus.valueOf(rs.getString(STATUS)),
               rs.getObject(CREATED_SNAPSHOT_ID, UUID.class),
-              rs.getString(FLIGHT_ID));
+              rs.getString(FLIGHT_ID),
+              rs.getString(SAM_GROUP_NAME),
+              rs.getString(SAM_GROUP_CREATED_BY));
 
   public SnapshotRequestDao(
       NamedParameterJdbcTemplate jdbcTemplate,
@@ -89,6 +93,24 @@ public SnapshotAccessRequestModel getById(UUID requestId) {
     }
   }
 
+  /**
+   * Get the Snapshot Request associated with the given created snapshot id.
+   *
+   * @param createdSnapshotId associated with one snapshot request.
+   * @return the specified snapshot request or exception if it does not exist.
+   */
+  public SnapshotAccessRequestModel getByCreatedSnapshotId(UUID createdSnapshotId) {
+    String sql = "SELECT * FROM snapshot_request WHERE created_snapshot_id = :created_snapshot_id";
+    MapSqlParameterSource params =
+        new MapSqlParameterSource().addValue(CREATED_SNAPSHOT_ID, createdSnapshotId);
+    try {
+      return jdbcTemplate.queryForObject(sql, params, modelMapper);
+    } catch (EmptyResultDataAccessException ex) {
+      throw new NotFoundException(
+          "No snapshot access requests found for given created snapshot id", ex);
+    }
+  }
+
   /**
    * Return the list of Snapshot Requests associated with the given snapshot id.
    *
@@ -198,16 +220,21 @@ public void updateFlightId(UUID requestId, String flightId) {
   }
 
   @Transactional(propagation = Propagation.REQUIRED, isolation = Isolation.SERIALIZABLE)
-  public void updateCreatedSnapshotId(UUID requestId, UUID snapshotId) {
+  public void updateCreatedInfo(
+      UUID requestId, UUID snapshotId, String samGroupName, String groupCreatedByEmail) {
     String sql =
         """
         UPDATE snapshot_request SET
-        created_snapshot_id = :created_snapshot_id
+        created_snapshot_id = :created_snapshot_id,
+        sam_group_name = :sam_group_name,
+        sam_group_created_by = :sam_group_created_by
         WHERE id = :id
         """;
     MapSqlParameterSource params =
         new MapSqlParameterSource()
             .addValue(CREATED_SNAPSHOT_ID, snapshotId)
+            .addValue(SAM_GROUP_NAME, samGroupName)
+            .addValue(SAM_GROUP_CREATED_BY, groupCreatedByEmail)
             .addValue(ID, requestId);
     if (jdbcTemplate.update(sql, params) == 0) {
       throw new NotFoundException(NOT_FOUND_MESSAGE);

@@ -7543,6 +7543,8 @@ components:
           $ref: '#/components/schemas/UniqueIdProperty'
         summary:
           type: string
+        authGroupName:
+          type: string
 
 
     SnapshotAccessRequestStatus:

@@ -88,4 +88,5 @@
     <include file="changesets/20240731_updatespecificationsagain.yaml" relativeToChangelogFile="true" />
     <include file="changesets/20240816_load_datasetid.yaml" relativeToChangelogFile="true" />
     <include file="changesets/20240822_load_rename_to_load_lock.yaml" relativeToChangelogFile="true" />
+    <include file="changesets/20240816_addsamgrouptorequest.yaml" relativeToChangelogFile="true" />
 </databaseChangeLog>
@@ -0,0 +1,15 @@
+databaseChangeLog:
+  - changeSet:
+      id: add_sam_group_to_request
+      author: rjohanek
+      changes:
+        - addColumn:
+            tableName: snapshot_request
+            columns:
+              - column:
+                  name: sam_group_name
+                  type: varchar(100)
+              - column:
+                  name: sam_group_created_by
+                  type: varchar(256)
+