From 2a5c25bed00795af806d255abad9ee228d0c0605 Mon Sep 17 00:00:00 2001 From: Christopher Tomkins-Tinch Date: Thu, 1 Feb 2024 11:04:36 -0500 Subject: [PATCH 1/2] return user email as part of Terra inspection (if running on Terra) --- pipes/WDL/tasks/tasks_terra.wdl | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pipes/WDL/tasks/tasks_terra.wdl b/pipes/WDL/tasks/tasks_terra.wdl index 275b27d4f..27b70ab11 100644 --- a/pipes/WDL/tasks/tasks_terra.wdl +++ b/pipes/WDL/tasks/tasks_terra.wdl @@ -46,6 +46,7 @@ task check_terra_env { touch google_project_id.txt # create Terra-related output files + touch user_email.txt touch workspace_name.txt touch workspace_namespace.txt touch workspace_bucket_path.txt @@ -70,6 +71,14 @@ task check_terra_env { # (shell-portable regex conditional) echo "Job appears to be running on Terra (GCP project ID: ${GOOGLE_PROJECT_ID})" echo "true" > RUNNING_ON_TERRA + + # get user e-mail for Terra account via firecloud API + curl -s -X 'GET' \ + 'https://api.firecloud.org/me?userDetailsOnly=true' \ + -H 'accept: application/json' \ + -H "Authorization: Bearer $GCLOUD_OAUTH_BEARER_TOKEN" > user_info.json + + USER_EMAIL="$(jq -cr '.userEmail' user_info.json | tee user_email.txt)" else echo "NOT running on Terra" echo "false" > RUNNING_ON_TERRA @@ -201,6 +210,8 @@ task check_terra_env { String google_project_id = read_string("google_project_id.txt") + String user_email = read_string("user_email.txt") + String workspace_id = read_string("workspace_id.txt") String workspace_name = read_string("workspace_name.txt") String workspace_namespace = read_string("workspace_namespace.txt") From cc4805efb6ae423c196b9d6065bf9a2b59986052 Mon Sep 17 00:00:00 2001 From: Christopher Tomkins-Tinch Date: Thu, 1 Feb 2024 12:01:43 -0500 Subject: [PATCH 2/2] check for GCP first --- pipes/WDL/tasks/tasks_terra.wdl | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/pipes/WDL/tasks/tasks_terra.wdl b/pipes/WDL/tasks/tasks_terra.wdl index 27b70ab11..a72505498 100644 --- a/pipes/WDL/tasks/tasks_terra.wdl +++ b/pipes/WDL/tasks/tasks_terra.wdl @@ -62,6 +62,20 @@ task check_terra_env { # write system environment variables to output file env | tee -a env_info.log + # check if running on GCP + if curl -s metadata.google.internal -i | grep -E 'Metadata-Flavor:\s+Google'; then + echo "Cloud platform appears to be GCP"; + echo "true" > RUNNING_ON_GCP + + GCLOUD_OAUTH_BEARER_TOKEN="$(gcloud auth print-access-token)" + + # write gcloud env info to output files + gcloud info | tee -a gcloud_config_info.log + else + echo "NOT running on GCP"; + echo "false" > RUNNING_ON_GCP + fi + GOOGLE_PROJECT_ID="$(gcloud config list --format='value(core.project)')" echo "$GOOGLE_PROJECT_ID" > google_project_id.txt @@ -84,18 +98,6 @@ task check_terra_env { echo "false" > RUNNING_ON_TERRA fi - # check if running on GCP - if curl -s metadata.google.internal -i | grep -E 'Metadata-Flavor:\s+Google'; then - echo "Cloud platform appears to be GCP"; - echo "true" > RUNNING_ON_GCP - - # write gcloud env info to output files - gcloud info | tee -a gcloud_config_info.log - else - echo "NOT running on GCP"; - echo "false" > RUNNING_ON_GCP - fi - if grep --quiet "true" RUNNING_ON_GCP && grep --quiet "true" RUNNING_ON_TERRA; then echo "Running on Terra+GCP" @@ -121,8 +123,6 @@ task check_terra_env { #GOOGLE_PROJECT_ID="$(sed -n -E 's!.*(terra-[0-9a-f]+).*# project to use if requester pays$!\1!p' /cromwell_root/gcs_localization.sh | sort -u)" # ======================================= - GCLOUD_OAUTH_BEARER_TOKEN="$(gcloud auth print-access-token)" - # === request workspace name AND namespace from API, based on bucket path / ID === curl -s -X 'GET' \ "https://api.firecloud.org/api/workspaces/id/${WORKSPACE_ID}?fields=workspace.name%2Cworkspace.namespace%2Cworkspace.googleProject" \