[IA-4295] [IA-4327] Add Sam client to Leonardo, populate workspace ID

[rtitle]

https://broadworkbench.atlassian.net/browse/IA-4327
https://broadworkbench.atlassian.net/browse/IA-4295

Summary of changes

This PR does a few things:

• Populates workspaceId going forward for v1 runtimes, disks, and apps
• Adds the sam-client dependency to Leonardo
• Adds SamApiClientProvider and SamService classes for interacting with Sam using the generated client. Deprecated [Http]SamDAO and [Leo|Sam]AuthProvider.
• Ports functionality from PetClusterServiceAccountProvider over to SamService as a POC (read: logic for retrieving pets, proxy groups).

Note: access control logic is not touched as part of this PR -- that will be a separate pull request.

Testing these changes

What to test

• Unit tests written for new functionality
• Automation tests
• BEE manual testing: create GCP and Azure runtimes/disks/apps of each type, verify workspaceId is always populated
• Test in a BEE: create GCP and Azure runtimes/disks/apps of each type, verify workspaceId is always populated
• Test in RWB: verify runtimes, disks, and apps have workspaceId populated
• Verify logs and metrics for the above

Who tested and where

• This change is covered by automated tests
  • NB: Rerun automation tests on this PR by commenting jenkins retest or jenkins multi-test.
• I validated this change
• Primary reviewer validated this change
• I validated this change in the dev environment

[rtitle]

Added optional workspaceId to the v1 getDisk and listDisks API responses.

(It was already there for runtimes and apps)

[rtitle]

Here is where it looks up the workspaceId from Sam. This code is shared for runtimes, disks, and apps.

[LizBaldo]

Gotcha, so for GCP, Rawls creates the workspace and then calls Sam to create the corresponding resource? So we are more or less guaranteed that the Sam resource has been created by the time Leo makes this call?

[rtitle]

Yup that's correct, there should always be a workspace Sam resource for any Terra workspace in use today. Even so I tried to make this code handle errors and emit logs/metrics, just in case something goes wrong -- we don't want this code to cause runtime creation failures.

[rtitle]

I don't know if it's just me, but my Intellij flags this as a compile error -- adding the Unit type param fixed
it. (Made similar changes in a couple other places.)

[LizBaldo]

Oh interesting, my IntelliJ never yelled at me for that, but it can't hurt, thanks for fixing :)

[rtitle]

Note v1 apps actually have workspaceId as an optional field in the request json. However not all clients are sending it (seems like AoU "allowed" apps are populating it, but not Galaxy). Also Leo does not validate this field, so theoretically a caller could provide any workspace ID at app creation time. For those reasons I'm switching it to the workspace ID retrieved from Sam from the google project (which is validated).

[codecov]

Codecov Report

Attention: Patch coverage is 82.48175% with 24 lines in your changes missing coverage. Please review.

Project coverage is 74.22%. Comparing base (54c8a19) to head (f14f67a).
Report is 1 commits behind head on develop.

Files with missing lines	Patch %	Lines
...kbench/leonardo/dao/sam/SamApiClientProvider.scala	0.00%	9 Missing ⚠️
...ch/leonardo/http/BaselineDependenciesBuilder.scala	0.00%	4 Missing ⚠️
...te/dsde/workbench/leonardo/util/BucketHelper.scala	55.55%	4 Missing ⚠️
.../workbench/leonardo/dao/sam/SamServiceInterp.scala	96.00%	2 Missing ⚠️
...h/leonardo/http/service/RuntimeServiceInterp.scala	86.66%	2 Missing ⚠️
...rkbench/leonardo/auth/CloudAuthTokenProvider.scala	0.00%	1 Missing ⚠️
...rkbench/leonardo/http/GcpDependenciesBuilder.scala	85.71%	1 Missing ⚠️
...ench/leonardo/http/service/DiskServiceInterp.scala	83.33%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #4757      +/-   ##
===========================================
+ Coverage    74.17%   74.22%   +0.05%     
===========================================
  Files          161      164       +3     
  Lines        14941    14981      +40     
  Branches      1226     1243      +17     
===========================================
+ Hits         11082    11120      +38     
- Misses        3859     3861       +2     

Files with missing lines	Coverage Δ
...sde/workbench/leonardo/http/diskRoutesModels.scala	0.00% <ø> (ø)
...ench/leonardo/auth/GcpCloudAuthTokenProvider.scala	0.00% <ø> (ø)
...dsde/workbench/leonardo/auth/SamAuthProvider.scala	58.77% <ø> (+0.44%)	⬆️
...titute/dsde/workbench/leonardo/config/Config.scala	97.76% <ø> (-0.03%)	⬇️
...itute/dsde/workbench/leonardo/dao/HttpSamDAO.scala	18.78% <ø> (ø)
...institute/dsde/workbench/leonardo/dao/SamDAO.scala	0.00% <ø> (ø)
...dsde/workbench/leonardo/dao/sam/SamException.scala	100.00% <100.00%> (ø)
...e/dsde/workbench/leonardo/dao/sam/SamService.scala	100.00% <100.00%> (ø)
...e/workbench/leonardo/db/DiskServiceDbQueries.scala	100.00% <ø> (ø)
...bench/leonardo/http/AzureDependenciesBuilder.scala	97.36% <100.00%> (ø)
... and 12 more

... and 5 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 54c8a19...f14f67a. Read the comment docs.

[LizBaldo]

LGTM, my main comment is around switching to the Sam client instead of the DAO if possible.

[LizBaldo]

Gotcha, so for GCP, Rawls creates the workspace and then calls Sam to create the corresponding resource? So we are more or less guaranteed that the Sam resource has been created by the time Leo makes this call?

[LizBaldo]

Oh interesting, my IntelliJ never yelled at me for that, but it can't hurt, thanks for fixing :)

[rtitle]

Updated the description -- added the generated Sam client to Leo and started using it for certain things (though not access control decisions yet). Unit tests are all passing, will do more manual testing as a next step.

[rtitle]

@LizBaldo no rush but I applied PR feedback, think it's ready for another look. Thanks!

[LizBaldo]

Looks great, so much cleaner. Thanks for addressing all of my comments!

[LizBaldo]

Nice catch 😨

[rtitle]

Did some more smoke testing on a BEE (different runtime/app operations, cloud environments screen, jupyter/rstudio/galaxy). It looks good. Will merge this and keep an eye on things