[WOR-1781][WOR-1782] APIs to manage workspace settings

core/src/main/resources/org/broadinstitute/dsde/rawls/liquibase/changelog.xml

@@ -127,4 +127,5 @@
     <include file="changesets/20231013_submission_monitor_script.xml" relativeToChangelogFile="true"/>
     <include file="changesets/20231130_limit_clone_workspace_file_transfer.xml" relativeToChangelogFile="true"/>
     <include file="changesets/20240418_workspace_monitor_args.xml" relativeToChangelogFile="true"/>
+    <include file="changesets/20240723_workspace_settings.xml" relativeToChangelogFile="true"/>
 </databaseChangeLog>

core/src/main/resources/org/broadinstitute/dsde/rawls/liquibase/changesets/20240723_workspace_settings.xml

@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog logicalFilePath="dummy" xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.4.xsd">
+    <changeSet logicalFilePath="dummy" author="mtalbott" id="create_WORKSPACE_SETTINGS">
+        <createTable tableName="WORKSPACE_SETTINGS">
+            <column name="id" type="BIGINT" autoIncrement="true">
+                <constraints primaryKey="true"/>
+            </column>
+            <column name="WORKSPACE_ID" type="BINARY(16)">
+                <constraints nullable="false" referencedTableName="WORKSPACE" referencedColumnNames="id" foreignKeyName="FK_WSETTINGS_WORKSPACE_ID" deleteCascade="true"/>
+            </column>
+            <column name="TYPE" type="VARCHAR(254)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="CONFIG" type="JSON">
+                <constraints nullable="false"/>
+            </column>
+            <column name="CREATED_TIME" type="DATETIME(6)" defaultValueComputed="NOW(6)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="LAST_UPDATED" type="DATETIME(6)" defaultValueComputed="NOW(6)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="STATUS" type="VARCHAR(254)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+    </changeSet>
+</databaseChangeLog>

core/src/main/resources/swagger/api-docs.yaml

@@ -4423,6 +4423,78 @@ paths:
                 $ref: '#/components/schemas/ErrorReport'
         500:
           $ref: '#/components/responses/RawlsInternalError'
+  /api/workspaces/v2/{workspaceNamespace}/{workspaceName}/settings:
+    get:
+      tags:
+        - workspaces_v2
+      summary: Get workspace settings
+      description: Get the settings for a workspace
+      operationId: getWorkspaceSettings
+      parameters:
+        - $ref: '#/components/parameters/workspaceNamespacePathParam'
+        - $ref: '#/components/parameters/workspaceNamePathParam'
+      responses:
+        200:
+          description: Success
+          content:
+            'application/json':
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/WorkspaceSettings'
+        403:
+          description: User does not have access to requested workspace
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/ErrorReport'
+        404:
+          description: Workspace not found
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/ErrorReport'
+        500:
+          $ref: '#/components/responses/RawlsInternalError'
+    put:
+      tags:
+        - workspaces_v2
+      summary: Overwrite workspace settings
+      description: Overwrite the settings for a workspace
+      operationId: overwriteWorkspaceSettings
+      parameters:
+        - $ref: '#/components/parameters/workspaceNamespacePathParam'
+        - $ref: '#/components/parameters/workspaceNamePathParam'
+      requestBody:
+          description: New settings for the workspace
+          content:
+            'application/json':
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/WorkspaceSettings'
+          required: true
+      responses:
+        200:
+          description: Success
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/WorkspaceSettings'
+        403:
+          description: User must be an owner of the workspace to overwrite settings
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/ErrorReport'
+        404:
+          description: Workspace not found
+          content:
+            'application/json':
+              schema:
+                $ref: '#/components/schemas/ErrorReport'
+        500:
+          $ref: '#/components/responses/RawlsInternalError'
 components:
   schemas:
     BillingAccount:
@@ -5818,6 +5890,62 @@ components:
             - Deleting
             - DeleteFailed
       description: ""
+    WorkspaceSettings:
+      required:
+        - type
+        - config
+      type: object
+      properties:
+        'type':
+          type: string
+          description: The type of the workspace setting
+          enum:
+            - GcpBucketLifecycle
+        config:
+          description: The configuration of the workspace setting
+          oneOf:
+            - $ref: '#/components/schemas/WorkspaceSettingGcpBucketLifecycleConfig'
+    WorkspaceSettingGcpBucketLifecycleConfig:
+      required:
+        - rules
+      type: object
+      properties:
+        rules:
+          type: array
+          description: The lifecycle rules for the workspace bucket
+          items:
+            $ref: '#/components/schemas/GcpBucketLifecycleRule'
+    GcpBucketLifecycleRule:
+      required:
+        - action
+        - conditions
+      type: object
+      properties:
+        action:
+          $ref: '#/components/schemas/GcpBucketLifecycleAction'
+        conditions:
+          $ref: '#/components/schemas/GcpBucketLifecycleCondition'
+    GcpBucketLifecycleAction:
+      required:
+        - type
+      type: object
+      properties:
+        "type":
+          type: string
+          description: The type of the lifecycle action
+          enum:
+            - Delete
+    GcpBucketLifecycleCondition:
+      type: object
+      properties:
+        age:
+          type: integer
+          description: The age of the object in days
+        matchesPrefix:
+          type: array
+          description: Object name prefixes that this rule applies to
+          items:
+            type: string
     WorkspaceSubmissionStats:
       required:
         - runningSubmissionsCount

core/src/main/scala/org/broadinstitute/dsde/rawls/dataaccess/GoogleServicesDAO.scala

@@ -6,6 +6,7 @@ import com.google.api.services.cloudbilling.model.ProjectBillingInfo
 import com.google.api.services.cloudresourcemanager.model.Project
 import com.google.api.services.directory.model.Group
 import com.google.api.services.storage.model.{Bucket, BucketAccessControl, StorageObject}
+import com.google.cloud.storage.BucketInfo.LifecycleRule
 import org.broadinstitute.dsde.rawls.google.AccessContextManagerDAO
 import org.broadinstitute.dsde.rawls.model.WorkspaceAccessLevels._
 import org.broadinstitute.dsde.rawls.model._
@@ -63,6 +64,8 @@ trait GoogleServicesDAO extends ErrorReportable {
    */
   def deleteBucket(bucketName: String): Future[Boolean]
 
+  def setBucketLifecycle(bucketName: String, lifecycle: List[LifecycleRule]): Future[Unit]
+
   def isAdmin(userEmail: String): Future[Boolean]
 
   def isLibraryCurator(userEmail: String): Future[Boolean]

core/src/main/scala/org/broadinstitute/dsde/rawls/dataaccess/HttpGoogleServicesDAO.scala

@@ -18,12 +18,7 @@ import com.google.api.client.googleapis.json.GoogleJsonResponseException
 import com.google.api.client.http.{HttpRequest, HttpRequestInitializer, HttpResponseException, InputStreamContent}
 import com.google.api.client.json.gson.GsonFactory
 import com.google.api.services.cloudbilling.Cloudbilling
-import com.google.api.services.cloudbilling.model.{
-  BillingAccount,
-  ListBillingAccountsResponse,
-  ProjectBillingInfo,
-  TestIamPermissionsRequest
-}
+import com.google.api.services.cloudbilling.model.{BillingAccount, ListBillingAccountsResponse, ProjectBillingInfo, TestIamPermissionsRequest}
 import com.google.api.services.cloudresourcemanager.CloudResourceManager
 import com.google.api.services.cloudresourcemanager.model._
 import com.google.api.services.compute.{Compute, ComputeScopes}
@@ -41,7 +36,7 @@ import com.google.api.services.storage.{Storage, StorageScopes}
 import com.google.auth.oauth2.ServiceAccountCredentials
 import com.google.cloud.Identity
 import com.google.cloud.storage.Storage.BucketSourceOption
-import com.google.cloud.storage.{Cors, HttpMethod, StorageClass, StorageException}
+import com.google.cloud.storage.{BucketInfo, Cors, HttpMethod, StorageClass, StorageException}
 import io.opentelemetry.api.common.AttributeKey
 import org.apache.commons.lang3.StringUtils
 import org.broadinstitute.dsde.rawls.dataaccess.CloudResourceManagerV2Model.{Folder, FolderSearchResponse}
@@ -52,11 +47,7 @@ import org.broadinstitute.dsde.rawls.metrics.GoogleInstrumentedService
 import org.broadinstitute.dsde.rawls.model.UserAuthJsonSupport._
 import org.broadinstitute.dsde.rawls.model.WorkspaceAccessLevels._
 import org.broadinstitute.dsde.rawls.model._
-import org.broadinstitute.dsde.rawls.util.TracingUtils.{
-  setTraceSpanAttribute,
-  traceFutureWithParent,
-  traceNakedWithParent
-}
+import org.broadinstitute.dsde.rawls.util.TracingUtils.{setTraceSpanAttribute, traceFutureWithParent, traceNakedWithParent}
 import org.broadinstitute.dsde.rawls.util.{FutureSupport, HttpClientUtilsStandard}
 import org.broadinstitute.dsde.rawls.{RawlsException, RawlsExceptionWithErrorReport}
 import org.broadinstitute.dsde.workbench.google.{GoogleCredentialModes, HttpGoogleIamDAO}
@@ -331,6 +322,13 @@ class HttpGoogleServicesDAO(val clientSecrets: GoogleClientSecrets,
     }
   }
 
+  override def setBucketLifecycle(bucketName: String, lifecycle: List[BucketInfo.LifecycleRule]): Future[Unit] =
+    googleStorageService
+      .setBucketLifecycle(GcsBucketName(bucketName), lifecycle)
+      .compile
+      .drain
+      .unsafeToFuture()
+
   override def isAdmin(userEmail: String): Future[Boolean] =
     hasGoogleRole(adminGroupName, userEmail)
 

core/src/main/scala/org/broadinstitute/dsde/rawls/dataaccess/slick/DataAccess.scala

@@ -27,7 +27,8 @@ trait DataAccess
     with WorkspaceFeatureFlagComponent
     with WorkspaceManagerResourceMonitorRecordComponent
     with FastPassGrantComponent
-    with MultiregionalBucketMigrationHistory {
+    with MultiregionalBucketMigrationHistory
+    with WorkspaceSettingComponent {
 
   this: DriverComponent =>
 

core/src/main/scala/org/broadinstitute/dsde/rawls/dataaccess/slick/WorkspaceSettingComponent.scala

@@ -0,0 +1,107 @@
+package org.broadinstitute.dsde.rawls.dataaccess.slick
+
+import org.broadinstitute.dsde.rawls.model.WorkspaceJsonSupport.GcpBucketLifecycleConfigFormat
+import org.broadinstitute.dsde.rawls.model.WorkspaceSettingConfig.GcpBucketLifecycleConfig
+import org.broadinstitute.dsde.rawls.model.WorkspaceSettingTypes.WorkspaceSettingType
+import org.broadinstitute.dsde.rawls.model._
+
+import java.sql.Timestamp
+import java.util.{Date, UUID}
+
+case class WorkspaceSettingRecord(`type`: String,
+                                  workspaceId: UUID,
+                                  config: String,
+                                  status: String,
+                                  createdTime: Timestamp,
+                                  lastUpdated: Timestamp
+)
+
+object WorkspaceSettingRecord {
+  object SettingStatus extends SlickEnum {
+    type SettingStatus = Value
+    val Pending: Value = Value("Pending")
+    val Applied: Value = Value("Applied")
+    val Deleted: Value = Value("Deleted")
+  }
+
+  def toWorkspaceSettingRecord(workspaceId: UUID, workspaceSettings: WorkspaceSetting): WorkspaceSettingRecord = {
+    import spray.json._
+    import DefaultJsonProtocol._
+    import WorkspaceJsonSupport._
+
+    val currentTime = new Timestamp(new Date().getTime)
+    val configString = workspaceSettings.config.toJson.compactPrint
+    WorkspaceSettingRecord(workspaceSettings.`type`.toString,
+                           workspaceId,
+                           configString,
+                           WorkspaceSettingRecord.SettingStatus.Pending.toString,
+                           currentTime,
+                           currentTime
+    )
+  }
+
+  def toWorkspaceSettings(workspaceSettingRecord: WorkspaceSettingRecord): WorkspaceSetting = {
+    import spray.json._
+
+    val settingType = WorkspaceSettingTypes.withName(workspaceSettingRecord.`type`)
+    val settingConfig = settingType match {
+      case WorkspaceSettingTypes.GcpBucketLifecycle =>
+        workspaceSettingRecord.config.parseJson.convertTo[GcpBucketLifecycleConfig]
+    }
+
+    WorkspaceSetting(settingType, settingConfig)
+  }
+}
+
+trait WorkspaceSettingComponent {
+  this: DriverComponent with WorkspaceComponent =>
+
+  import driver.api._
+  class WorkspaceSettingTable(tag: Tag) extends Table[WorkspaceSettingRecord](tag, "WORKSPACE_SETTINGS") {
+    def `type` = column[String]("type", O.Length(254))
+    def workspaceId = column[UUID]("workspace_id")
+    def config = column[String]("config")
+    def status = column[String]("status", O.Length(254))
+    def createdTime = column[Timestamp]("created_time")
+    def lastUpdated = column[Timestamp]("last_updated")
+
+    def * = (`type`, workspaceId, config, status, createdTime, lastUpdated) <> (WorkspaceSettingRecord.tupled,
+                                                                                WorkspaceSettingRecord.unapply
+    )
+  }
+
+  object workspaceSettingQuery extends TableQuery(new WorkspaceSettingTable(_)) {
+    def saveAll(workspaceId: UUID,
+                workspaceSettings: List[WorkspaceSetting]
+    ): ReadWriteAction[List[WorkspaceSetting]] = {
+      val records = workspaceSettings.map(WorkspaceSettingRecord.toWorkspaceSettingRecord(workspaceId, _))
+      (workspaceSettingQuery ++= records).map(_ => workspaceSettings)
+    }
+
+    def updateSettingStatus(workspaceId: UUID,
+                            workspaceSettingType: WorkspaceSettingType,
+                            currentStatus: WorkspaceSettingRecord.SettingStatus.SettingStatus,
+                            newStatus: WorkspaceSettingRecord.SettingStatus.SettingStatus
+    ): ReadWriteAction[Int] =
+      workspaceSettingQuery
+        .filter(record =>
+          record.workspaceId === workspaceId && record.`type` === workspaceSettingType.toString && record.status === currentStatus.toString
+        )
+        .map(rec => (rec.status, rec.lastUpdated))
+        .update((newStatus.toString, new Timestamp(new Date().getTime)))
+
+    def deleteSettingTypeForWorkspaceByStatus(workspaceId: UUID,
+                                              settingType: WorkspaceSettingType,
+                                              status: WorkspaceSettingRecord.SettingStatus.SettingStatus
+    ): ReadWriteAction[Int] =
+      filter(record =>
+        record.workspaceId === workspaceId && record.`type` === settingType.toString && record.status === status.toString
+      ).delete
+
+    def listSettingsForWorkspaceByStatus(workspaceId: UUID,
+                                         status: WorkspaceSettingRecord.SettingStatus.SettingStatus
+    ): ReadAction[List[WorkspaceSetting]] =
+      filter(rec => rec.workspaceId === workspaceId && rec.status === status.toString).result
+        .map(_.map(WorkspaceSettingRecord.toWorkspaceSettings).toList)
+  }
+}

core/src/main/scala/org/broadinstitute/dsde/rawls/webservice/WorkspaceApiServiceV2.scala

@@ -86,6 +86,26 @@ trait WorkspaceApiServiceV2 extends UserInfoDirectives {
                     }
                   }
                 }
+            } ~
+            pathPrefix("settings") {
+              pathEndOrSingleSlash {
+                get {
+                  complete {
+                    workspaceServiceConstructor(ctx)
+                      .getWorkspaceSettings(workspaceName)
+                      .map(StatusCodes.OK -> _)
+                  }
+                } ~
+                  put {
+                    entity(as[List[WorkspaceSetting]]) { settings =>
+                      complete {
+                        workspaceServiceConstructor(ctx)
+                          .setWorkspaceSettings(workspaceName, settings)
+                          .map(StatusCodes.OK -> _)
+                      }
+                    }
+                  }
+              }
             }
         } ~
           pathPrefix("bucketMigration") {