Merge pull request #878 from isb-cgc/isb-cgc-prod-sp

Sprint 35

accounts/dcf_support.py

@@ -39,6 +39,7 @@
 DCF_GOOGLE_SA_VERIFY_URL = settings.DCF_GOOGLE_SA_VERIFY_URL
 DCF_GOOGLE_SA_MONITOR_URL = settings.DCF_GOOGLE_SA_MONITOR_URL
 DCF_GOOGLE_SA_URL = settings.DCF_GOOGLE_SA_URL
+DCF_URL_URL = settings.DCF_URL_URL
 
 class DCFCommFailure(Exception):
     """Thrown if we have problems communicating with DCF """
@@ -682,6 +683,34 @@ def _write_dataset_summary(dataset_info, dataset_id, phs_map):
     return is_ok, combo_msg
 
 
+def get_signed_url_from_dcf(user_id, file_uuid):
+    """
+    :raise TokenFailure:
+    :raise InternalTokenError:
+    :raise DCFCommFailure:
+    :raise RefreshTokenExpired:
+    """
+    #
+    # Get a signed URL for a file ID.
+    #
+
+    try:
+        resp = _dcf_call('{}/{}'.format(DCF_URL_URL, file_uuid), user_id)
+    except (TokenFailure, InternalTokenError, RefreshTokenExpired, DCFCommFailure) as e:
+        logger.error("[ERROR] Attempt to contact DCF for signed URL failed (user {})".format(user_id))
+        raise e
+    except Exception as e:
+        logger.error("[ERROR] Attempt to contact DCF for signed URL failed (user {})".format(user_id))
+        raise e
+
+    result = {
+        'uri': resp.text,
+        'code': resp.status_code
+    }
+
+    return result
+
+
 def verify_sa_at_dcf(user_id, gcp_id, service_account_id, datasets, phs_map, sa_in_use):
     """
     :raise TokenFailure:
@@ -712,7 +741,7 @@ def verify_sa_at_dcf(user_id, gcp_id, service_account_id, datasets, phs_map, sa_
     try:
         # DCF requires this to be in the header. OAuth2 library glues this onto the auth header stuff:
         headers = {'Content-Type': 'application/json'}
-
+        logger.info("[INFO] DCF verification request: {} {}".format(json_dumps(sa_data), service_account_id))
         resp = _dcf_call(full_url, user_id, mode=use_mode, post_body=json_dumps(sa_data), headers=headers)
     except (TokenFailure, InternalTokenError, RefreshTokenExpired, DCFCommFailure) as e:
         logger.error("[ERROR] Attempt to contact DCF for SA verification failed (user {})".format(user_id))
@@ -1147,7 +1176,7 @@ def refresh_at_dcf(user_id):
     resp = None
 
     #
-    # Call DCF to drop the linkage. Note that this will immediately remove them from controlled access.
+    # Call DCF to refresh the linkage.
     #
 
     try:

accounts/dcf_views.py

@@ -81,7 +81,7 @@ def oauth2_login(request):
 
         # Found that 'user' scope had to be included to be able to do the user query on callback, and the data scope
         # to do data queries. Starting to recognize a pattern here...
-        oauth = OAuth2Session(client_id, redirect_uri=full_callback, scope=['openid', 'user', 'google_service_account', 'google_link'])
+        oauth = OAuth2Session(client_id, redirect_uri=full_callback, scope=['openid', 'user', 'data', 'google_service_account', 'google_link'])
         authorization_url, state = oauth.authorization_url(DCF_AUTH_URL)
 
         # stash the state string in the session!

accounts/utils.py

@@ -296,3 +296,24 @@ def unreg_gcp(user, gcp_id):
         status=500
 
     return response, status
+
+
+def get_user_gcps(user, gcp_id=None):
+    gcps = []
+    gcp_list = None
+
+    try:
+        if gcp_id:
+            gcp_list = GoogleProject.objects.filter(user=user, active=1)
+        else:
+            gcp_list = GoogleProject.objects.filter(user=user, active=1, project_id=gcp_id)
+
+        for gcp in gcp_list:
+            gcps.append({'gcp_id': gcp.project_id, 'gcp_name': gcp.project_name, 'users': [x.email for x in gcp.users_set.all()]})
+
+    except Exception as e:
+        logger.error("[ERROR] While fetching the GCP project list for user {}:")
+        logger.exception(e)
+
+    return gcps
+