Testing

service/src/main/java/bio/terra/workspace/service/iam/SamService.java

@@ -996,7 +996,6 @@ public void createControlledResource(
       ControlledResource resource,
       @Nullable ControlledResourceIamRole privateIamRole,
       @Nullable String assignedUserEmail,
-      @Nullable String applicationEmail,
       AuthenticatedUserRequest userRequest)
       throws InterruptedException {
 
@@ -1017,8 +1016,9 @@ public void createControlledResource(
     // so it always gets the appropriate permissions (the user request is not always
     // from the application, i.e., when a resource is cloned)
     WsmWorkspaceApplication app = null;
-    if (resource.getCategory().equals(ControlledResourceCategory.APPLICATION_PRIVATE)
-        || resource.getCategory().equals(ControlledResourceCategory.APPLICATION_SHARED)) {
+    if (resource.getApplicationId() != null
+        && ((resource.getCategory().equals(ControlledResourceCategory.APPLICATION_PRIVATE)
+            || resource.getCategory().equals(ControlledResourceCategory.APPLICATION_SHARED)))) {
       app =
           applicationService.getWorkspaceApplicationByWorkspaceId(
               resource.getWorkspaceId(), resource.getApplicationId());

service/src/main/java/bio/terra/workspace/service/resource/controlled/flight/create/CreateSamResourceStep.java

@@ -8,9 +8,7 @@
 import bio.terra.workspace.service.iam.SamService;
 import bio.terra.workspace.service.iam.model.ControlledResourceIamRole;
 import bio.terra.workspace.service.resource.controlled.model.ControlledResource;
-import bio.terra.workspace.service.resource.controlled.model.ManagedByType;
 import bio.terra.workspace.service.workspace.WsmApplicationService;
-import bio.terra.workspace.service.workspace.model.WsmWorkspaceApplication;
 import javax.annotation.Nullable;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,22 +41,10 @@ public CreateSamResourceStep(
   @Override
   public StepResult doStep(FlightContext flightContext)
       throws InterruptedException, RetryException {
-    if (resource.getManagedBy().equals(ManagedByType.MANAGED_BY_APPLICATION)
-        && resource.getApplicationId() != null) {
-      WsmWorkspaceApplication app =
-          applicationService.getWorkspaceApplication(
-              resource.getWorkspaceId(), resource.getApplicationId());
 
-      samService.createControlledResource(
-          resource,
-          privateResourceIamRole,
-          assignedUserEmail,
-          app.getApplication().getServiceAccount(),
-          userRequest);
-    } else {
-      samService.createControlledResource(
-          resource, privateResourceIamRole, assignedUserEmail, null, userRequest);
-    }
+    samService.createControlledResource(
+        resource, privateResourceIamRole, assignedUserEmail, userRequest);
+
     return StepResult.getStepResultSuccess();
   }
 

service/src/test/java/bio/terra/workspace/service/iam/SamServiceTest.java

@@ -406,7 +406,7 @@ void workspaceReaderIsSharedResourceReader() throws Exception {
 
     ControlledResource bucketResource =
         ControlledGcpResourceFixtures.makeDefaultControlledGcsBucketBuilder(workspaceUuid).build();
-    samService.createControlledResource(bucketResource, null, null, null, defaultUserRequest());
+    samService.createControlledResource(bucketResource, null, null, defaultUserRequest());
 
     // Workspace reader should have read access on a user-shared resource via inheritance
     assertTrue(
@@ -447,7 +447,6 @@ void workspaceReaderIsNotPrivateResourceReader() throws Exception {
         bucketResource,
         ControlledResourceIamRole.EDITOR,
         userAccessUtils.getDefaultUserEmail(),
-        null,
         defaultUserRequest());
 
     // Workspace reader should not have read access on a private resource.
@@ -472,9 +471,9 @@ void workspaceReaderIsNotPrivateResourceReader() throws Exception {
   void duplicateResourceCreateIgnored() throws Exception {
     ControlledResource bucketResource =
         ControlledGcpResourceFixtures.makeDefaultControlledGcsBucketBuilder(workspaceUuid).build();
-    samService.createControlledResource(bucketResource, null, null, null, defaultUserRequest());
+    samService.createControlledResource(bucketResource, null, null, defaultUserRequest());
     // This duplicate call should complete without throwing.
-    samService.createControlledResource(bucketResource, null, null, null, defaultUserRequest());
+    samService.createControlledResource(bucketResource, null, null, defaultUserRequest());
     // Delete the bucket so we can clean up the workspace.
     samService.deleteControlledResource(bucketResource, defaultUserRequest());
   }
@@ -483,7 +482,7 @@ void duplicateResourceCreateIgnored() throws Exception {
   void duplicateResourceDeleteIgnored() throws Exception {
     ControlledResource bucketResource =
         ControlledGcpResourceFixtures.makeDefaultControlledGcsBucketBuilder(workspaceUuid).build();
-    samService.createControlledResource(bucketResource, null, null, null, defaultUserRequest());
+    samService.createControlledResource(bucketResource, null, null, defaultUserRequest());
 
     samService.deleteControlledResource(bucketResource, defaultUserRequest());
     samService.deleteControlledResource(bucketResource, defaultUserRequest());