Ca 967 use google_project, remove cromwell auth bucket, remove google…

…Role apis

.gitallowed

@@ -0,0 +1 @@
+core/src/test/scala/org/broadinstitute/dsde/rawls/model/ExecutionModelSpec.scala

core/src/main/resources/swagger/api-docs.yaml

@@ -276,115 +276,6 @@ paths:
             - openid
             - email
             - profile
-  /api/billing/{projectId}/googleRole/{role}/{email}:
-    put:
-      tags:
-        - billing
-      summary: grant a google role to a user and their pet in the billing project
-        the caller owns
-      description: grant a google role to a user and their pet in the billing project
-        the caller owns
-      operationId: grantGoogleRoleToUser
-      parameters:
-        - name: projectId
-          in: path
-          description: Project ID
-          required: true
-          schema:
-            type: string
-        - name: role
-          in: path
-          description: google role of user for project
-          required: true
-          schema:
-            type: string
-        - name: email
-          in: path
-          description: email of user
-          required: true
-          schema:
-            type: string
-      responses:
-        200:
-          description: Successfully Granted Google Role to User
-          content: {}
-        403:
-          description: You must be a project owner granting a role on the whitelist
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-        404:
-          description: User not found
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-        500:
-          description: Rawls Internal Error
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-      security:
-        - authorization:
-            - openid
-            - email
-            - profile
-    delete:
-      tags:
-        - billing
-      summary: remove a google role from a user and their pet in the billing project
-        the caller owns
-      description: remove a google role from a user and their pet in the billing project
-        the caller owns
-      operationId: removeGoogleRoleFromUser
-      parameters:
-        - name: projectId
-          in: path
-          description: Project ID
-          required: true
-          schema:
-            type: string
-        - name: role
-          in: path
-          description: google role of user for project
-          required: true
-          schema:
-            type: string
-        - name: email
-          in: path
-          description: email of user
-          required: true
-          schema:
-            type: string
-      responses:
-        200:
-          description: Successfully Removed Google Role from User
-          content: {}
-        403:
-          description: You must be a project owner removing a role on the whitelist
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-        404:
-          description: User not found
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-        500:
-          description: Rawls Internal Error
-          content:
-            'application/json':
-              schema:
-                $ref: '#/components/schemas/ErrorReport'
-      security:
-        - authorization:
-            - openid
-            - email
-            - profile
   /api/admin/project/registration:
     post:
       tags:
@@ -5421,6 +5312,8 @@ components:
         - name
         - namespace
         - workspaceId
+        - googleProject
+        - workspaceVersion
       type: object
       properties:
         attributes:
@@ -5464,6 +5357,12 @@ components:
         workspaceId:
           type: string
           description: A UUID associated with the workspace
+        googleProject:
+          type: string
+          description: the google project used by the workspace for compute and storage
+        workspaceVersion:
+          type: string
+          description: internal use
       description: ""
     WorkspaceSubmissionStats:
       required:

core/src/main/scala/org/broadinstitute/dsde/rawls/Boot.scala

@@ -254,8 +254,6 @@ object Boot extends IOApp with LazyLogging {
         gcsConfig.getStringList("projectTemplate.owners").asScala
       val projectEditors =
         gcsConfig.getStringList("projectTemplate.editors").asScala
-      val projectOwnerGrantableRoles =
-        gcsConfig.getStringList("projectTemplate.ownerGrantableRoles")
       val requesterPaysRole = gcsConfig.getString("requesterPaysRole")
       val projectTemplate = ProjectTemplate(projectOwners, projectEditors)
 
@@ -274,7 +272,6 @@ object Boot extends IOApp with LazyLogging {
           gcsDAO,
           notificationDAO,
           samDAO,
-          projectOwnerGrantableRoles.asScala,
           requesterPaysRole,
           dmConfig,
           projectTemplate

core/src/main/scala/org/broadinstitute/dsde/rawls/dataaccess/GoogleServicesDAO.scala

@@ -28,9 +28,9 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
   val billingGroupEmail: String
 
   // returns bucket and group information
-  def setupWorkspace(userInfo: UserInfo, projectName: RawlsBillingProjectName, policyGroupsByAccessLevel: Map[WorkspaceAccessLevel, WorkbenchEmail], bucketName: String, labels: Map[String, String], parentSpan: Span = null): Future[GoogleWorkspaceInfo]
+  def setupWorkspace(userInfo: UserInfo, googleProject: GoogleProjectId, policyGroupsByAccessLevel: Map[WorkspaceAccessLevel, WorkbenchEmail], bucketName: String, labels: Map[String, String], parentSpan: Span = null): Future[GoogleWorkspaceInfo]
 
-  def getGoogleProject(projectName: RawlsBillingProjectName): Future[Project]
+  def getGoogleProject(googleProject: GoogleProjectId): Future[Project]
 
   /** Mark all objects in the bucket for deletion, then attempts to delete the bucket from Google Cloud Storage.
     *
@@ -46,9 +46,7 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
     */
   def deleteBucket(bucketName: String): Future[Boolean]
 
-  def getCromwellAuthBucketName(billingProject: RawlsBillingProjectName) = s"cromwell-auth-${billingProject.value}"
-
-  def getStorageLogsBucketName(billingProject: RawlsBillingProjectName) = s"storage-logs-${billingProject.value}"
+  def getStorageLogsBucketName(googleProject: GoogleProjectId) = s"storage-logs-${googleProject.value}"
 
   def isAdmin(userEmail: String): Future[Boolean]
 
@@ -72,12 +70,12 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
     * with. For that reason, the maxResults parameter should be removed in favor of extracting the creation of Storage
     * objects from the service implementation to enable test doubles to be injected.
     *
-    * @param projectName  the name of the project that owns the bucket
+    * @param googleProject  the name of the project that owns the bucket
     * @param bucketName the name of the bucket to query
     * @param maxResults (optional) the page size to use when fetching objects
     * @return the size in bytes of the data stored in the bucket
     */
-  def getBucketUsage(projectName: RawlsBillingProjectName, bucketName: String, maxResults: Option[Long] = None): Future[BigInt]
+  def getBucketUsage(googleProject: GoogleProjectId, bucketName: String, maxResults: Option[Long] = None): Future[BigInt]
 
   /**
     * Gets a Google bucket.
@@ -138,14 +136,13 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
   def checkGenomicsOperationsHealth(implicit executionContext: ExecutionContext): Future[Boolean]
 
   def toGoogleGroupName(groupName: RawlsGroupName): String
-  def toBillingProjectGroupName(billingProjectName: RawlsBillingProjectName, role: ProjectRoles.ProjectRole) = s"PROJECT_${billingProjectName.value}-${role.toString}"
 
   def getUserCredentials(rawlsUserRef: RawlsUserRef): Future[Option[Credential]]
   def getBucketServiceAccountCredential: Credential
   def getServiceAccountRawlsUser(): Future[RawlsUser]
   def getServiceAccountUserInfo(): Future[UserInfo]
 
-  def getBucketDetails(bucket: String, project: RawlsBillingProjectName): Future[WorkspaceBucketOptions]
+  def getBucketDetails(bucket: String, project: GoogleProjectId): Future[WorkspaceBucketOptions]
 
   /**
    * The project creation process is now mostly handled by Deployment Manager.
@@ -156,18 +153,18 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
    * - Polling is handled by CreatingBillingProjectMonitor. Once the deployment is completed, CBPM deletes the deployment, as
    * there is a per-project limit on number of deployments, and then marks the project as fully created.
    */
-  def createProject(projectName: RawlsBillingProjectName, billingAccount: RawlsBillingAccount, dmTemplatePath: String, highSecurityNetwork: Boolean, enableFlowLogs: Boolean, privateIpGoogleAccess: Boolean, requesterPaysRole: String, ownerGroupEmail: WorkbenchEmail, computeUserGroupEmail: WorkbenchEmail, projectTemplate: ProjectTemplate, parentFolderId: Option[String]): Future[RawlsBillingProjectOperationRecord]
+  def createProject(googleProject: GoogleProjectId, billingAccount: RawlsBillingAccount, dmTemplatePath: String, highSecurityNetwork: Boolean, enableFlowLogs: Boolean, privateIpGoogleAccess: Boolean, requesterPaysRole: String, ownerGroupEmail: WorkbenchEmail, computeUserGroupEmail: WorkbenchEmail, projectTemplate: ProjectTemplate, parentFolderId: Option[String]): Future[RawlsBillingProjectOperationRecord]
 
   /**
     *
     */
-  def cleanupDMProject(projectName: RawlsBillingProjectName): Future[Unit]
+  def cleanupDMProject(googleProject: GoogleProjectId): Future[Unit]
 
   /**
     * Removes the IAM policies from the project's existing policies
     * @return true if the policy was actually changed
     */
-  def removePolicyBindings(projectName: RawlsBillingProjectName, policiesToRemove: Map[String, Set[String]]): Future[Boolean] = updatePolicyBindings(projectName) { existingPolicies =>
+  def removePolicyBindings(googleProject: GoogleProjectId, policiesToRemove: Map[String, Set[String]]): Future[Boolean] = updatePolicyBindings(googleProject) { existingPolicies =>
     val updatedKeysWithRemovedPolicies: Map[String, Set[String]] = policiesToRemove.keys.map { k =>
       val existingForKey = existingPolicies.get(k).getOrElse(Set.empty)
       val updatedForKey = existingForKey diff policiesToRemove(k)
@@ -182,37 +179,31 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
     * Adds the IAM policies to the project's existing policies
     * @return true if the policy was actually changed
     */
-  def addPolicyBindings(projectName: RawlsBillingProjectName, policiesToAdd: Map[String, Set[String]]): Future[Boolean] = updatePolicyBindings(projectName) { existingPolicies =>
+  def addPolicyBindings(googleProject: GoogleProjectId, policiesToAdd: Map[String, Set[String]]): Future[Boolean] = updatePolicyBindings(googleProject) { existingPolicies =>
     // |+| is a semigroup: it combines a map's keys by combining their values' members instead of replacing them
     import cats.implicits._
     existingPolicies |+| policiesToAdd
   }
 
   /**
     * Internal function to update project IAM bindings.
-    * @param projectName google project name
+    * @param googleProject google project name
     * @param updatePolicies function (existingPolicies => updatedPolicies). May return policies with no members
     *                       which will be handled appropriately when sent to google.
     * @return true if google was called to update policies, false otherwise
     */
-  protected def updatePolicyBindings(projectName: RawlsBillingProjectName)(updatePolicies: Map[String, Set[String]] => Map[String, Set[String]]): Future[Boolean]
+  protected def updatePolicyBindings(googleProject: GoogleProjectId)(updatePolicies: Map[String, Set[String]] => Map[String, Set[String]]): Future[Boolean]
 
   /**
     *
-    * @param billingProject
     * @param bucketName
     * @param readers emails of users to be granted read access
     * @return bucket name
     */
-  def grantReadAccess(billingProject: RawlsBillingProjectName,
-                      bucketName: String,
-                      readers: Set[WorkbenchEmail]): Future[String]
+  def grantReadAccess(bucketName: String, readers: Set[WorkbenchEmail]): Future[String]
 
   def pollOperation(operationId: OperationId): Future[OperationStatus]
-  def deleteProject(projectName: RawlsBillingProjectName): Future[Unit]
-
-  def addRoleToGroup(projectName: RawlsBillingProjectName, groupEmail: WorkbenchEmail, role: String): Future[Boolean]
-  def removeRoleFromGroup(projectName: RawlsBillingProjectName, groupEmail: WorkbenchEmail, role: String): Future[Boolean]
+  def deleteProject(googleProject: GoogleProjectId): Future[Unit]
 
   def getAccessTokenUsingJson(saKey: String) : Future[String]
   def getUserInfoUsingJson(saKey: String): Future[UserInfo]
@@ -222,7 +213,7 @@ abstract class GoogleServicesDAO(groupsPrefix: String) extends ErrorReportable {
     prefix + s.toLowerCase.replaceAll("[^a-z0-9\\-_]", "-").take(63)
   }
 
-  def addProjectToFolder(projectName: RawlsBillingProjectName, folderId: String): Future[Unit]
+  def addProjectToFolder(googleProject: GoogleProjectId, folderId: String): Future[Unit]
   def getFolderId(folderName: String): Future[Option[String]]
 }