Merge 04192dd into 19fd5d0

uc-cdis · Jun 29, 2021 · 48924c3 · 48924c3
2 parents 19fd5d0 + 04192dd
commit 48924c3
Show file tree

Hide file tree

Showing 2 changed files with 453 additions and 468 deletions.
diff --git a/fence/blueprints/google.py b/fence/blueprints/google.py
@@ -132,6 +132,7 @@ def post(self):
         """
         Register a new service account
         """
+
         user_id = current_token["sub"]
         payload = flask.request.get_json(silent=True) or {}
 
@@ -360,7 +361,7 @@ def get(self, id_):
                       email used for monitoring purposes.
         """
         if id_ == "monitor":
-            return self._get_monitoring_service_account_response()
+            return get_monitoring_service_account_response()
 
         return ("Currently getting a specific service account is not supported.", 400)
 
@@ -372,6 +373,7 @@ def post(self, id_):
         Args:
             id_ (str): Must be "_dry_run", otherwise, error
         """
+
         if id_ != "_dry_run":
             raise UserError("Cannot post with account id_.")
 
@@ -483,25 +485,6 @@ def delete(self, id_):
 
         return self._delete(id_)
 
-    def _get_monitoring_service_account_response(self):
-        """
-        Return a response that includes our app's service account used
-        for monitoring user's Google projects.
-
-        Returns:
-            tuple(dict, int): (response_data, http_status_code)
-        """
-        monitoring_account_email = get_monitoring_service_account_email()
-        if not monitoring_account_email:
-            error = (
-                "No monitoring service account. Fence is not currently "
-                "configured to support user-registration of service accounts."
-            )
-            return {"message": error}, 404
-
-        response = {"service_account_email": monitoring_account_email}
-        return response, 200
-
     def _update_service_account_permissions(self, sa):
         """
         Update the given service account's permissions.
@@ -629,6 +612,26 @@ def post(self):
         return flask.jsonify({"primary_google_service_account": service_account_email})
 
 
+def get_monitoring_service_account_response():
+    """
+    Return a response that includes our app's service account used
+    for monitoring user's Google projects.
+
+    Returns:
+        tuple(dict, int): (response_data, http_status_code)
+    """
+    monitoring_account_email = get_monitoring_service_account_email()
+    if not monitoring_account_email:
+        error = (
+            "No monitoring service account. Fence is not currently "
+            "configured to support user-registration of service accounts."
+        )
+        return {"message": error}, 404
+
+    response = {"service_account_email": monitoring_account_email}
+    return response, 200
+
+
 def _get_service_account_for_patch(id_):
     user_id = current_token["sub"]
 
@@ -807,23 +810,34 @@ def _get_service_account_error_status(sa):
         response["errors"]["google_project_id"]["error"]
         == ValidationErrors.MONITOR_NOT_FOUND
     ):
+        monitor_response = get_monitoring_service_account_response()
+        monitor_account = (
+            monitor_response[0]["service_account_email"]
+            if (monitor_response[1] == 200)
+            else ""
+        )
+
         if response["errors"]["service_account_email"].get("status") == 200:
             response["errors"]["service_account_email"]["status"] = 400
             response["errors"]["service_account_email"][
                 "error"
             ] = ValidationErrors.MONITOR_NOT_FOUND
             response["errors"]["service_account_email"]["error_description"] = (
-                "Fence's monitoring service account was not found on the project so we "
-                "were unable to complete the necessary validation checks."
+                "Fence's monitoring service account {} was not found on the project so we "
+                "were unable to complete the necessary validation checks.".format(
+                    monitor_account
+                )
             )
         if response["errors"]["project_access"].get("status") == 200:
             response["errors"]["project_access"]["status"] = 400
             response["errors"]["project_access"][
                 "error"
             ] = ValidationErrors.MONITOR_NOT_FOUND
             response["errors"]["project_access"]["error_description"] = (
-                "Fence's monitoring service account was not found on the project so we "
-                "were unable to complete the necessary validation checks."
+                "Fence's monitoring service account {} was not found on the project so we "
+                "were unable to complete the necessary validation checks.".format(
+                    monitor_account
+                )
             )
 
     # all statuses must be 200 to be successful