Merge pull request #355 from isb-cgc/sprint_18_sp

GCP and SA verification fixes for Sprint 18
isb-cgc · Aug 23, 2017 · 62007af · 62007af
2 parents 865d55a + d8d5597
commit 62007af
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/accounts/views.py b/accounts/views.py
@@ -315,19 +315,21 @@ def verify_gcp(request, user_id):
                                        'registered_user': registered_user})
 
         if not user_found:
-            message = 'You were not found on the project. You may not register a project you do not belong to.'
+            logger.error("[ERROR] While attempting to register GCP ID {}: ".format(str(gcp_id)))
+            logger.error("User {} was not found on GCP {}.".format(user.email,str(gcp_id)))
+            message = 'Your user email {} was not found in GCP {}. You may not register a project you do not belong to.'.format(user.email,str(gcp_id))
             status='403'
         else:
             return JsonResponse({'roles': roles,
                                 'gcp_id': gcp_id}, status='200')
     except Exception as e:
         if type(e) is HttpError:
             logger.error("[ERROR] While trying to access IAM policies for GCP ID {}:".format(str(gcp_id)))
-            message = 'There was an error accessing your project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.'
+            message = 'There was an error accessing this project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.'
             status = '403'
         else:
             logger.error("[ERROR] While trying to verify GCP ID {}:".format(str(gcp_id)))
-            message = 'There was an error while attempting to verify your project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.'
+            message = 'There was an error while attempting to verify this project. Please verify that you have entered the correct Google Cloud Project ID and set the permissions correctly.'
             status = '500'
         logger.exception(e)
 
@@ -449,15 +451,14 @@ def verify_service_account(gcp_id, service_account, datasets, user_email, is_ref
             if len(dataset_objs):
                 saads = AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa).values_list('authorized_dataset', flat=True), public=False).values_list('whitelist_id',flat=True)
                 ads = dataset_objs.values_list('whitelist_id', flat=True)
-                reg_change = (len(saads) != len(ads))
                 # Only if the lengthes of the 2 dataset lists are the same do we need to check them against one another
                 if not reg_change:
                     for ad in ads:
                         if ad not in saads:
                             reg_change = True
             # but if there are not, it's only not a duplicate if the public dataset isn't yet registered
             else:
-                reg_change = (len(AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa),public=True)) <= 0)
+                reg_change = (len(AuthorizedDataset.objects.filter(id__in=ServiceAccountAuthorizedDatasets.objects.filter(service_account=sa).values_list('authorized_dataset', flat=True), public=True)) <= 0)
             # If this isn't a refresh and the requested datasets aren't changing, we don't need to re-register
             if not reg_change:
                 return {'message': 'Service account {} already exists with these datasets, and so does not need to be registered'.format(str(service_account))}