Skip google updates on login

uc-cdis · Jan 22, 2025 · df0a682 · df0a682
1 parent f807b88
commit df0a682
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 10 deletions.
diff --git a/fence/blueprints/login/ras.py b/fence/blueprints/login/ras.py
@@ -79,6 +79,7 @@ def post_login(self, user=None, token_result=None, id_from_idp=None):
                 [passport],
                 pkey_cache=PKEY_CACHE,
                 db_session=current_app.scoped_session(),
+                skip_google_updates=True,
             )
             user_ids_from_passports = list(users_from_passports.keys())
 

diff --git a/fence/resources/ga4gh/passports.py b/fence/resources/ga4gh/passports.py
@@ -34,9 +34,7 @@
 
 
 def sync_gen3_users_authz_from_ga4gh_passports(
-    passports,
-    pkey_cache=None,
-    db_session=None,
+    passports, pkey_cache=None, db_session=None, skip_google_updates=False
 ):
     """
     Validate passports and embedded visas, using each valid visa's identity
@@ -49,6 +47,7 @@ def sync_gen3_users_authz_from_ga4gh_passports(
     Args:
         passports (list): a list of raw encoded passport strings, each
                           including header, payload, and signature
+        skip_google_updates (bool): True if google group updates should be skipped. False if otherwise.
 
     Return:
         list: a list of users, each corresponding to a valid visa identity
@@ -151,6 +150,7 @@ def sync_gen3_users_authz_from_ga4gh_passports(
                 ga4gh_visas=ga4gh_visas,
                 expiration=min_visa_expiration,
                 db_session=db_session,
+                skip_google_updates=skip_google_updates,
             )
             users_from_current_passport.append(gen3_user)
 
@@ -366,7 +366,7 @@ def get_or_create_gen3_user_from_iss_sub(issuer, subject_id, db_session=None):
 
 
 def _sync_validated_visa_authorization(
-    gen3_user, ga4gh_visas, expiration, db_session=None
+    gen3_user, ga4gh_visas, expiration, db_session=None, skip_google_updates=False
 ):
     """
     Wrapper around UserSyncer.sync_single_user_visas method, which parses
@@ -383,7 +383,7 @@ def _sync_validated_visa_authorization(
                             that are parsed
         expiration (int): time at which synced Arborist policies and
                           inclusion in any GBAG are set to expire
-
+        skip_google_updates (bool): True if google group updates should be skipped. False if otherwise.
     Return:
         None
     """
@@ -398,6 +398,7 @@ def _sync_validated_visa_authorization(
         ga4gh_visas,
         db_session,
         expires=expiration,
+        skip_google_updates=skip_google_updates,
     )
 
     # after syncing authorization, persist the visas that were parsed successfully.

diff --git a/fence/sync/sync_users.py b/fence/sync/sync_users.py
@@ -941,7 +941,9 @@ def sync_to_db_and_storage_backend(
 
         sess.commit()
 
-    def sync_to_storage_backend(self, user_project, user_info, sess, expires):
+    def sync_to_storage_backend(
+        self, user_project, user_info, sess, expires, skip_google_updates=False
+    ):
         """
         sync user access control to storage backend with given expiration
 
@@ -957,7 +959,9 @@ def sync_to_storage_backend(self, user_project, user_info, sess, expires):
 
             user_info (dict): a dictionary of attributes for a user.
             sess: a sqlalchemy session
-
+            expires (int): time at which synced Arborist policies and
+                   inclusion in any GBAG are set to expire
+            skip_google_updates (bool): True if google group updates should be skipped. False if otherwise.
         Return:
             None
         """
@@ -1005,7 +1009,7 @@ def sync_to_storage_backend(self, user_project, user_info, sess, expires):
             expires=expires,
         )
 
-        if config["GOOGLE_BULK_UPDATES"]:
+        if config["GOOGLE_BULK_UPDATES"] and not skip_google_updates:
             self.logger.info("Updating user's google groups ...")
             update_google_groups_for_users(google_group_user_mapping)
             self.logger.info("Google groups update done!!")
@@ -2426,7 +2430,9 @@ def _pick_sync_type(self, visa):
 
         return sync_client
 
-    def sync_single_user_visas(self, user, ga4gh_visas, sess=None, expires=None):
+    def sync_single_user_visas(
+        self, user, ga4gh_visas, sess=None, expires=None, skip_google_updates=False
+    ):
         """
         Sync a single user's visas during login or DRS/data access
 
@@ -2441,6 +2447,7 @@ def sync_single_user_visas(self, user, ga4gh_visas, sess=None, expires=None):
             sess (sqlalchemy.orm.session.Session): database session
             expires (int): time at which synced Arborist policies and
                            inclusion in any GBAG are set to expire
+            skip_google_updates (bool): True if google group updates should be skipped. False if otherwise.
 
         Return:
             list of successfully parsed visas
@@ -2516,7 +2523,13 @@ def sync_single_user_visas(self, user, ga4gh_visas, sess=None, expires=None):
 
         if user_projects:
             self.logger.info("Sync to storage backend [sync_single_user_visas]")
-            self.sync_to_storage_backend(user_projects, info, sess, expires=expires)
+            self.sync_to_storage_backend(
+                user_projects,
+                info,
+                sess,
+                expires=expires,
+                skip_google_updates=skip_google_updates,
+            )
         else:
             self.logger.info("No users for syncing")