Moved allowed-drs-imports to config

service/src/main/java/org/databiosphere/workspacedataservice/config/DrsImportProperties.java

@@ -0,0 +1,20 @@
+package org.databiosphere.workspacedataservice.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+@ConfigurationProperties(prefix = "drs")
+public class DrsImportProperties {
+  private List<String> allowedHosts = new ArrayList<>();
+
+  public List<String> getAllowedHosts() {
+    return allowedHosts;
+  }
+
+  public void setAllowedHosts(List<String> allowedHosts) {
+    this.allowedHosts = allowedHosts;
+  }
+}

service/src/main/java/org/databiosphere/workspacedataservice/dataimport/DefaultImportValidator.java

@@ -12,8 +12,10 @@
 import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
+import java.util.stream.Collectors;
 import org.broadinstitute.dsde.workbench.client.sam.model.UserResourcesResponse;
 import org.databiosphere.workspacedataservice.config.DataImportProperties.ImportSourceConfig;
+import org.databiosphere.workspacedataservice.config.DrsImportProperties;
 import org.databiosphere.workspacedataservice.dataimport.protecteddatasupport.ProtectedDataSupport;
 import org.databiosphere.workspacedataservice.generated.ImportRequestServerModel;
 import org.databiosphere.workspacedataservice.generated.ImportRequestServerModel.TypeEnum;
@@ -45,20 +47,23 @@ public class DefaultImportValidator implements ImportValidator {
   private final ProtectedDataSupport protectedDataSupport;
   private final SamDao samDao;
   private final ConnectivityChecker connectivityChecker;
-  private static final Set<Pattern> ALWAYS_ALLOWED_DRS_HOSTS =
-      Set.of(compile("jade\\.datarepo-.*\\.broadinstitute\\.org"));
 
   public DefaultImportValidator(
       ProtectedDataSupport protectedDataSupport,
       SamDao samDao,
       Set<Pattern> allowedHttpsHosts,
       List<ImportSourceConfig> sources,
       @Nullable String allowedRawlsBucket,
-      ConnectivityChecker connectivityChecker) {
+      ConnectivityChecker connectivityChecker,
+      DrsImportProperties drsImportProperties) {
     var allowedHostsBuilder =
         ImmutableMap.<String, Set<Pattern>>builder()
             .put(SCHEME_HTTPS, Sets.union(ALWAYS_ALLOWED_HOSTS, allowedHttpsHosts))
-            .put(SCHEME_DRS, ALWAYS_ALLOWED_DRS_HOSTS);
+            .put(
+                SCHEME_DRS,
+                drsImportProperties.getAllowedHosts().stream()
+                    .map(Pattern::compile)
+                    .collect(Collectors.toSet()));
 
     if (StringUtils.isNotBlank(allowedRawlsBucket)) {
       allowedHostsBuilder.put(SCHEME_GS, Set.of(compile(allowedRawlsBucket)));

service/src/main/java/org/databiosphere/workspacedataservice/dataimport/ImportValidatorConfiguration.java

@@ -2,6 +2,7 @@
 
 import org.databiosphere.workspacedataservice.config.ConfigurationException;
 import org.databiosphere.workspacedataservice.config.DataImportProperties;
+import org.databiosphere.workspacedataservice.config.DrsImportProperties;
 import org.databiosphere.workspacedataservice.dataimport.protecteddatasupport.ProtectedDataSupport;
 import org.databiosphere.workspacedataservice.sam.SamDao;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -20,14 +21,16 @@ ImportValidator getDefaultImportValidator(
       ProtectedDataSupport protectedDataSupport,
       SamDao samDao,
       DataImportProperties dataImportProperties,
-      ConnectivityChecker connectivityChecker) {
+      ConnectivityChecker connectivityChecker,
+      DrsImportProperties drsImportProperties) {
     return new DefaultImportValidator(
         protectedDataSupport,
         samDao,
         dataImportProperties.getAllowedHosts(),
         dataImportProperties.getSources(),
         dataImportProperties.getRawlsBucketName(),
-        connectivityChecker);
+        connectivityChecker,
+        drsImportProperties);
   }
 
   /** Allow import validation to be disabled for some test workflows. */

service/src/main/resources/application-bee.yml

@@ -9,3 +9,8 @@ drshubUrl: https://drshub.${beename}.bee.envs-terra.bio
 # Disable preview of control plane apis
 # This is the default; leaving this property here for easy overriding later
 controlPlanePreview: "off"
+
+# Set the allowed hosts for drs pfb imports
+drs:
+  allowed-hosts:
+    - jade\.datarepo-.*\.broadinstitute\.org

service/src/main/resources/application-dev.yml

@@ -7,3 +7,8 @@ drshubUrl: https://drshub.dsde-dev.broadinstitute.org/
 # Disable preview of control plane apis
 # This is the default; leaving this property here for easy overriding later
 controlPlanePreview: "off"
+
+# Set the allowed hosts for drs pfb imports
+drs:
+  allowed-hosts:
+    - jade\.datarepo-.*\.broadinstitute\.org

service/src/main/resources/application-local.yml

@@ -21,3 +21,7 @@ logging:
   pattern:
     correlation: "%X{requestId} "
 
+# Set the allowed hosts for drs pfb imports
+drs:
+  allowed-hosts:
+    - jade\.datarepo-.*\.broadinstitute\.org

service/src/main/resources/application-prod.yml

@@ -13,3 +13,8 @@ twds:
       - .*service\.azul\.data\.humancellatlas\.org
       - .*redcaptest\.vumc\.org
       - .*redcap\.vumc\.org
+
+# Set the allowed hosts for drs pfb imports
+drs:
+  allowed-hosts:
+    - # TODO: add allowed sage drs hostnames

service/src/main/resources/application-staging.yml

@@ -3,3 +3,8 @@ workspacemanagerurl: https://workspace.dsde-staging.broadinstitute.org/
 leoUrl: https://leonardo.dsde-staging.broadinstitute.org/
 rawlsUrl: https://rawls.dsde-staging.broadinstitute.org/
 drshubUrl: https://drshub.dsde-staging.broadinstitute.org/
+
+# Set the allowed hosts for drs pfb imports
+drs:
+  allowed-hosts:
+    - jade\.datarepo-.*\.broadinstitute\.org

service/src/test/java/org/databiosphere/workspacedataservice/dataimport/DefaultImportValidatorTest.java

@@ -21,6 +21,7 @@
 import org.broadinstitute.dsde.workbench.client.sam.model.UserResourcesResponse;
 import org.databiosphere.workspacedataservice.common.ControlPlaneTestBase;
 import org.databiosphere.workspacedataservice.config.DataImportProperties.ImportSourceConfig;
+import org.databiosphere.workspacedataservice.config.DrsImportProperties;
 import org.databiosphere.workspacedataservice.dataimport.protecteddatasupport.ProtectedDataSupport;
 import org.databiosphere.workspacedataservice.generated.ImportRequestServerModel;
 import org.databiosphere.workspacedataservice.generated.ImportRequestServerModel.TypeEnum;
@@ -50,7 +51,9 @@ static class DefaultImportValidatorTestConfiguration {
     @Bean
     @Primary
     DefaultImportValidator getDefaultImportValidatorForTest(
-        ProtectedDataSupport protectedDataSupport, SamDao samDao) {
+        ProtectedDataSupport protectedDataSupport,
+        SamDao samDao,
+        DrsImportProperties drsImportProperties) {
       return new DefaultImportValidator(
           protectedDataSupport,
           samDao,
@@ -65,14 +68,17 @@ DefaultImportValidator getDefaultImportValidatorForTest(
                   /* requirePrivateWorkspace */ true,
                   /* requireProtectedDataPolicy */ false)),
           /* allowedRawlsBucket */ "test-bucket",
-          new NoopConnectivityChecker());
+          new NoopConnectivityChecker(),
+          drsImportProperties);
     }
   }
 
   @MockitoBean ProtectedDataSupport protectedDataSupport;
 
   @MockitoBean SamDao samDao;
 
+  @MockitoBean DrsImportProperties drsImportProperties;
+
   @Autowired DefaultImportValidator importValidator;
 
   private static final WorkspaceId destinationWorkspaceId = WorkspaceId.of(UUID.randomUUID());
@@ -269,7 +275,8 @@ void connectionFailureInvalidates(Exception ex) throws IOException {
             /* allowedHttpsHosts */ Set.of(Pattern.compile(".*\\.terra\\.bio")),
             /* sources */ List.of(),
             /* allowedRawlsBucket */ "test-bucket",
-            mockConnectivityChecker);
+            mockConnectivityChecker,
+            drsImportProperties);
 
     URI importUri = URI.create("https://127.0.0.1/unit-test");
     ImportRequestServerModel importRequest = new ImportRequestServerModel(TypeEnum.PFB, importUri);