Merge 0232562 into 19fd5d0

uc-cdis · Jun 28, 2021 · 5d1434a · 5d1434a
2 parents 19fd5d0 + 0232562
commit 5d1434a
Show file tree

Hide file tree

Showing 2 changed files with 452 additions and 468 deletions.
diff --git a/fence/blueprints/google.py b/fence/blueprints/google.py
@@ -132,6 +132,7 @@ def post(self):
         """
         Register a new service account
         """
+
         user_id = current_token["sub"]
         payload = flask.request.get_json(silent=True) or {}
 
@@ -360,7 +361,7 @@ def get(self, id_):
                       email used for monitoring purposes.
         """
         if id_ == "monitor":
-            return self._get_monitoring_service_account_response()
+            return get_monitoring_service_account_response()
 
         return ("Currently getting a specific service account is not supported.", 400)
 
@@ -372,6 +373,7 @@ def post(self, id_):
         Args:
             id_ (str): Must be "_dry_run", otherwise, error
         """
+
         if id_ != "_dry_run":
             raise UserError("Cannot post with account id_.")
 
@@ -483,25 +485,6 @@ def delete(self, id_):
 
         return self._delete(id_)
 
-    def _get_monitoring_service_account_response(self):
-        """
-        Return a response that includes our app's service account used
-        for monitoring user's Google projects.
-
-        Returns:
-            tuple(dict, int): (response_data, http_status_code)
-        """
-        monitoring_account_email = get_monitoring_service_account_email()
-        if not monitoring_account_email:
-            error = (
-                "No monitoring service account. Fence is not currently "
-                "configured to support user-registration of service accounts."
-            )
-            return {"message": error}, 404
-
-        response = {"service_account_email": monitoring_account_email}
-        return response, 200
-
     def _update_service_account_permissions(self, sa):
         """
         Update the given service account's permissions.
@@ -601,6 +584,26 @@ def patch(self, id_):
         return error_response, status
 
 
+def get_monitoring_service_account_response():
+    """
+    Return a response that includes our app's service account used
+    for monitoring user's Google projects.
+
+    Returns:
+        tuple(dict, int): (response_data, http_status_code)
+    """
+    monitoring_account_email = get_monitoring_service_account_email()
+    if not monitoring_account_email:
+        error = (
+            "No monitoring service account. Fence is not currently "
+            "configured to support user-registration of service accounts."
+        )
+        return {"message": error}, 404
+
+    response = {"service_account_email": monitoring_account_email}
+    return response, 200
+
+
 class GoogleCredentialsPrimarySA(Resource):
     """
     For ``/google/primary_google_service_account`` endpoint.
@@ -807,23 +810,33 @@ def _get_service_account_error_status(sa):
         response["errors"]["google_project_id"]["error"]
         == ValidationErrors.MONITOR_NOT_FOUND
     ):
+        monitor_account = (
+            get_monitoring_service_account_response()[0]["service_account_email"]
+            if (get_monitoring_service_account_response()[1] == 200)
+            else ""
+        )
+
         if response["errors"]["service_account_email"].get("status") == 200:
             response["errors"]["service_account_email"]["status"] = 400
             response["errors"]["service_account_email"][
                 "error"
             ] = ValidationErrors.MONITOR_NOT_FOUND
             response["errors"]["service_account_email"]["error_description"] = (
-                "Fence's monitoring service account was not found on the project so we "
-                "were unable to complete the necessary validation checks."
+                "Fence's monitoring service account {} was not found on the project so we "
+                "were unable to complete the necessary validation checks.".format(
+                    monitor_account
+                )
             )
         if response["errors"]["project_access"].get("status") == 200:
             response["errors"]["project_access"]["status"] = 400
             response["errors"]["project_access"][
                 "error"
             ] = ValidationErrors.MONITOR_NOT_FOUND
             response["errors"]["project_access"]["error_description"] = (
-                "Fence's monitoring service account was not found on the project so we "
-                "were unable to complete the necessary validation checks."
+                "Fence's monitoring service account {} was not found on the project so we "
+                "were unable to complete the necessary validation checks.".format(
+                    monitor_account
+                )
             )
 
     # all statuses must be 200 to be successful