TSPS-357 Add admin endpoint to get a user's quota and update their quota

common/openapi.yml

@@ -48,6 +48,51 @@ paths:
         500:
           $ref: '#/components/responses/ServerError'
 
+  /api/admin/v1/quota/{pipelineName}/{userId}:
+    parameters:
+      - $ref: '#/components/parameters/PipelineName'
+      - $ref: '#/components/parameters/UserId'
+    get:
+      summary: Get description for a given pipeline.
+      tags: [ admin ]
+      operationId: getQuota
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AdminQuota'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/PermissionDenied'
+        500:
+          $ref: '#/components/responses/ServerError'
+    patch:
+      summary: Update attributes for a given pipeline.
+      tags: [ admin ]
+      operationId: updateQuotaLimit
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdateQuotaLimitRequestBody'
+      responses:
+        200:
+          description: Success
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/AdminQuota'
+        400:
+          $ref: '#/components/responses/BadRequest'
+        403:
+          $ref: '#/components/responses/PermissionDenied'
+        500:
+          $ref: '#/components/responses/ServerError'
+
   # Pipeline related APIs
   /api/pipelines/v1:
     get:
@@ -355,6 +400,14 @@ components:
       schema:
         type: string
 
+    UserId:
+      name: userId
+      in: path
+      description: A string identifier to used to identify a terra user
+      required: true
+      schema:
+        type: string
+
     WorkspaceId:
       name: workspaceId
       in: path
@@ -528,6 +581,21 @@ components:
         workspaceGoogleProject:
           $ref: "#/components/schemas/PipelineWorkspaceGoogleProject"
 
+    AdminQuota:
+      description: |
+        Object containing the use id, pipeline identifier, quota limit, and quota usage of a Pipeline for a user.
+      type: object
+      required: [ userId, pipelineName, quotaLimit, quotaConsumed ]
+      properties:
+        userId:
+          $ref: "#/components/schemas/UserId"
+        pipelineName:
+          $ref: "#/components/schemas/PipelineName"
+        quotaLimit:
+          $ref: "#/components/schemas/QuotaLimit"
+        quotaConsumed:
+          $ref: "#/components/schemas/QuotaConsumed"
+
     AsyncPipelineRunResponse:
       description: Result of an asynchronous pipeline run request.
       type: object
@@ -859,6 +927,15 @@ components:
         wdlMethodVersion:
           $ref: "#/components/schemas/PipelineWdlMethodVersion"
 
+    UpdateQuotaLimitRequestBody:
+      description: |
+        json object containing the admin provided information to update a users quota limit with
+      type: object
+      required: [ quotaLimit ]
+      properties:
+        quotaLimit:
+          $ref: "#/components/schemas/QuotaLimit"
+
     UserId:
       description: |
         The identifier string for the user who submitted a job request.

service/src/main/java/bio/terra/pipelines/app/controller/AdminApiController.java

@@ -1,14 +1,17 @@
 package bio.terra.pipelines.app.controller;
 
+import bio.terra.common.exception.BadRequestException;
 import bio.terra.common.iam.SamUser;
 import bio.terra.common.iam.SamUserFactory;
 import bio.terra.pipelines.app.configuration.external.SamConfiguration;
 import bio.terra.pipelines.common.utils.PipelinesEnum;
 import bio.terra.pipelines.db.entities.Pipeline;
+import bio.terra.pipelines.db.entities.UserQuota;
 import bio.terra.pipelines.dependencies.sam.SamService;
 import bio.terra.pipelines.generated.api.AdminApi;
 import bio.terra.pipelines.generated.model.*;
 import bio.terra.pipelines.service.PipelinesService;
+import bio.terra.pipelines.service.QuotasService;
 import io.swagger.annotations.Api;
 import jakarta.servlet.http.HttpServletRequest;
 import org.slf4j.Logger;
@@ -27,19 +30,22 @@ public class AdminApiController implements AdminApi {
   private final HttpServletRequest request;
   private final PipelinesService pipelinesService;
   private final SamService samService;
+  private final QuotasService quotasService;
 
   @Autowired
   public AdminApiController(
       SamConfiguration samConfiguration,
       SamUserFactory samUserFactory,
       HttpServletRequest request,
       PipelinesService pipelinesService,
-      SamService samService) {
+      SamService samService,
+      QuotasService quotasService) {
     this.samConfiguration = samConfiguration;
     this.samUserFactory = samUserFactory;
     this.request = request;
     this.pipelinesService = pipelinesService;
     this.samService = samService;
+    this.quotasService = quotasService;
   }
 
   private static final Logger logger = LoggerFactory.getLogger(AdminApiController.class);
@@ -58,6 +64,17 @@ public ResponseEntity<ApiAdminPipeline> getPipeline(String pipelineName) {
     return new ResponseEntity<>(pipelineToApiAdminPipeline(updatedPipeline), HttpStatus.OK);
   }
 
+  @Override
+  public ResponseEntity<ApiAdminQuota> getQuota(String pipelineName, String userId) {
+    final SamUser authedUser = getAuthenticatedInfo();
+    samService.checkAdminAuthz(authedUser);
+    PipelinesEnum validatedPipelineName =
+        PipelineApiUtils.validatePipelineName(pipelineName, logger);
+
+    UserQuota userQuota = quotasService.getQuotaForUserAndPipeline(userId, validatedPipelineName);
+    return new ResponseEntity<>(userQuotaToApiAdminQuota(userQuota), HttpStatus.OK);
+  }
+
   @Override
   public ResponseEntity<ApiAdminPipeline> updatePipeline(
       String pipelineName, ApiUpdatePipelineRequestBody body) {
@@ -74,6 +91,28 @@ public ResponseEntity<ApiAdminPipeline> updatePipeline(
     return new ResponseEntity<>(pipelineToApiAdminPipeline(updatedPipeline), HttpStatus.OK);
   }
 
+  @Override
+  public ResponseEntity<ApiAdminQuota> updateQuotaLimit(
+      String pipelineName, String userId, ApiUpdateQuotaLimitRequestBody body) {
+    final SamUser authedUser = getAuthenticatedInfo();
+    samService.checkAdminAuthz(authedUser);
+    PipelinesEnum validatedPipelineName =
+        PipelineApiUtils.validatePipelineName(pipelineName, logger);
+
+    // Check if a row exists for this user + pipeline. Throw an error if it doesn't
+    // A row should exist if a user has run into a quota issue before.
+    if (!quotasService.isUserQuotaPresent(userId, validatedPipelineName)) {
+      throw new BadRequestException(
+          String.format(
+              "User quota not found for user %s and pipeline %s",
+              userId, validatedPipelineName.getValue()));
+    }
+    int newQuotaLimit = body.getQuotaLimit();
+    UserQuota userQuota = quotasService.getQuotaForUserAndPipeline(userId, validatedPipelineName);
+    userQuota = quotasService.updateQuotaLimit(userQuota, newQuotaLimit);
+    return new ResponseEntity<>(userQuotaToApiAdminQuota(userQuota), HttpStatus.OK);
+  }
+
   public ApiAdminPipeline pipelineToApiAdminPipeline(Pipeline pipeline) {
     return new ApiAdminPipeline()
         .pipelineName(pipeline.getName().getValue())
@@ -85,4 +124,12 @@ public ApiAdminPipeline pipelineToApiAdminPipeline(Pipeline pipeline) {
         .workspaceGoogleProject(pipeline.getWorkspaceGoogleProject())
         .wdlMethodVersion(pipeline.getWdlMethodVersion());
   }
+
+  public ApiAdminQuota userQuotaToApiAdminQuota(UserQuota userQuota) {
+    return new ApiAdminQuota()
+        .userId(userQuota.getUserId())
+        .pipelineName(userQuota.getPipelineName().getValue())
+        .quotaLimit(userQuota.getQuota())
+        .quotaConsumed(userQuota.getQuotaConsumed());
+  }
 }

service/src/main/java/bio/terra/pipelines/service/QuotasService.java

@@ -75,4 +75,32 @@ public UserQuota updateQuotaConsumed(UserQuota userQuota, int newQuotaConsumed)
     userQuota.setQuotaConsumed(newQuotaConsumed);
     return userQuotasRepository.save(userQuota);
   }
+
+  /**
+   * This method updates the quota limit for a given user quota. This should only be called from the
+   * Admin Controller
+   *
+   * @param userQuota - the user quota to update
+   * @param newQuotaLimit - the new quota limit
+   * @return - the updated user quota
+   */
+  public UserQuota updateQuotaLimit(UserQuota userQuota, int newQuotaLimit) {
+    if (newQuotaLimit < userQuota.getQuotaConsumed()) {
+      throw new InternalServerErrorException(
+          String.format(
+              "New quota limit: %d, is less than the quota consumed: %d",
+              newQuotaLimit, userQuota.getQuotaConsumed()));
+    }
+    userQuota.setQuota(newQuotaLimit);
+    return userQuotasRepository.save(userQuota);
+  }
+
+  /**
+   * @param userId - the user id
+   * @param pipelineName - the pipeline name
+   * @return - true if the user quota is present, false otherwise
+   */
+  public boolean isUserQuotaPresent(String userId, PipelinesEnum pipelineName) {
+    return userQuotasRepository.findByUserIdAndPipelineName(userId, pipelineName).isPresent();
+  }
 }