Merge pull request #2532 from GSA-TTS/main

GSA-TTS · Oct 18, 2023 · 1f05d43 · 1f05d43
2 parents f822e12 + 9f2a27c
commit 1f05d43
Show file tree

Hide file tree

Showing 15 changed files with 499 additions and 13 deletions.
diff --git a/.github/ISSUE_TEMPLATE/helpdesk-issue.yaml b/.github/ISSUE_TEMPLATE/helpdesk-issue.yaml
@@ -53,7 +53,6 @@ body:
         
         Place all files and screenshots in the [Google Drive Helpdesk folder](https://drive.google.com/drive/folders/1jgb2YRxaFOjKS6CwZsBTqUsbzUCzktic) and link to that folder here.
 
-        Delete the files from Zendesk when you are done.
   - type: input
     id: gdrive-link
     attributes:

diff --git a/backend/audit/intakelib/checks/runners.py b/backend/audit/intakelib/checks/runners.py
@@ -98,7 +98,6 @@ def run_all_checks(ir, list_of_checks, section_name=None):
             errors.append(res)
     for fun in list_of_checks:
         res = fun(ir)
-        print(fun)
         if isinstance(res, list) and all(map(lambda v: isinstance(v, tuple), res)):
             errors = errors + res
         elif isinstance(res, tuple):

diff --git a/backend/audit/intakelib/mapping_notes_to_sefa.py b/backend/audit/intakelib/mapping_notes_to_sefa.py
@@ -43,7 +43,6 @@ def extract_notes_to_sefa(file):
 
     ir = extract_workbook_as_ir(file)
     run_all_general_checks(ir, FORM_SECTIONS.NOTES_TO_SEFA)
-    print("Done running all general checks")
     new_ir = run_all_notes_to_sefa_transforms(ir)
     run_all_notes_to_sefa_checks(new_ir)
     result = _extract_generic_data(new_ir, params)

diff --git a/backend/dissemination/README.md b/backend/dissemination/README.md
@@ -90,7 +90,8 @@ When adding a new API version:
 1. Create a copy of an existing API directory within `FAC/backend/dissemination/api` and name it with your version bump of choice.
    - For all files within this directory, replace all instances of the old API version with your new version.
 2. Update `terraform/shared/modules/env/postgrest.tf` to use the new API version.
-3. Update `docker-compose.yml` and `docker-compose-web.yml`:
+3. Update `live` and `deprecated` in `FAC/backend/dissemination/api_versions.py`.
+4. Update `docker-compose.yml` and `docker-compose-web.yml`:
    - Change the values of `PGRST_DB_SCHEMAS` to your new API version. If previous versions of the API are needed, make the value a comma separated list and append your version to it. The first entry is the default, so only add to the front of the list if we are certain the schema should become the new default. See details on this [here](https://postgrest.org/en/stable/references/api/schemas.html#multiple-schemas)
       - This is likely true of TESTED patch version bumps (v1_0_0 to v1_0_1), and *maybe* minor version bumps (v1_0_0 to v1_1_0). MAJOR bumps require change management messaging.
-4. If previous versions of the API are needed, `APIViewTests` will need to be updated. At the time of writing this, it only tests the default API.
+5. If previous versions of the API are needed, `APIViewTests` will need to be updated. At the time of writing this, it only tests the default API.
diff --git a/backend/dissemination/api/api_v1_0_2/base.sql b/backend/dissemination/api/api_v1_0_2/base.sql
@@ -0,0 +1,29 @@
+DO
+$do$
+BEGIN
+   IF EXISTS (
+      SELECT FROM pg_catalog.pg_roles
+      WHERE  rolname = 'authenticator') THEN
+      RAISE NOTICE 'Role "authenticator" already exists. Skipping.';
+   ELSE
+      CREATE ROLE authenticator LOGIN NOINHERIT NOCREATEDB NOCREATEROLE NOSUPERUSER;
+   END IF;
+END
+$do$;
+
+DO
+$do$
+BEGIN
+   IF EXISTS (
+      SELECT FROM pg_catalog.pg_roles
+      WHERE  rolname = 'api_fac_gov') THEN
+      RAISE NOTICE 'Role "api_fac_gov" already exists. Skipping.';
+   ELSE
+      CREATE ROLE api_fac_gov NOLOGIN;
+   END IF;
+END
+$do$;
+
+GRANT api_fac_gov TO authenticator;
+
+NOTIFY pgrst, 'reload schema';
diff --git a/backend/dissemination/api/api_v1_0_2/create_functions.sql b/backend/dissemination/api/api_v1_0_2/create_functions.sql
@@ -0,0 +1,60 @@
+-- WARNING
+-- Under PostgreSQL 12, the functions below work.
+-- Under PostgreSQL 14, these will break.
+--
+-- Note the differences:
+--
+-- raise info 'Works under PostgreSQL 12';
+-- raise info 'request.header.x-magic %', (SELECT current_setting('request.header.x-magic', true));
+-- raise info 'request.jwt.claim.expires %', (SELECT current_setting('request.jwt.claim.expires', true));
+-- raise info 'Works under PostgreSQL 14';
+-- raise info 'request.headers::json->>x-magic %', (SELECT current_setting('request.headers', true)::json->>'x-magic');
+-- raise info 'request.jwt.claims::json->expires %', (SELECT current_setting('request.jwt.claims', true)::json->>'expires');
+--
+-- To quote the work of Dav Pilkey, "remember this now."
+
+create or replace function getter(base text, item text) returns text 
+as $getter$
+begin 
+	return current_setting(concat(base, '.', item), true);
+end;
+$getter$ language plpgsql;
+
+create or replace function get_jwt_claim(item text) returns text 
+as $get_jwt_claim$
+begin 
+	return getter('request.jwt.claim', item);
+end;
+$get_jwt_claim$ language plpgsql;
+
+create or replace function get_header(item text) returns text
+as $get_header$
+begin 
+	raise info 'request.header % %', item, getter('request.header', item);
+	return getter('request.header', item);
+end;
+$get_header$ LANGUAGE plpgsql;
+
+-- https://api-umbrella.readthedocs.io/en/latest/admin/api-backends/http-headers.html
+-- I'd like to go to a model where we provide the API keys. 
+-- However, for now, we're going to look for a role attached to an api.data.gov account.
+-- These come in on `X-Api-Roles` as a comma-separated string.
+create or replace function has_tribal_data_access() returns boolean
+as $has_tribal_data_access$
+declare 
+    roles text;
+begin 
+	select get_header('x-api-roles') into roles;
+    return (roles like '%fac_gov_tribal_access%');
+end;
+$has_tribal_data_access$ LANGUAGE plpgsql;
+
+create or replace function has_public_data_access_only() returns boolean
+as $has_public_data_access_only$
+begin 
+    return not has_tribal_data_access();
+end;
+$has_public_data_access_only$ LANGUAGE plpgsql;
+
+
+NOTIFY pgrst, 'reload schema';
diff --git a/backend/dissemination/api/api_v1_0_2/create_schema.sql b/backend/dissemination/api/api_v1_0_2/create_schema.sql
@@ -0,0 +1,48 @@
+begin;
+
+do
+$$
+begin
+    DROP SCHEMA IF EXISTS api_v1_0_2 CASCADE;
+
+    if not exists (select schema_name from information_schema.schemata where schema_name = 'api_v1_0_2') then
+        create schema api_v1_0_2;
+
+        -- Grant access to tables and views
+        alter default privileges
+            in schema api_v1_0_2
+            grant select
+        -- this includes views
+        on tables
+        to api_fac_gov;
+
+        -- Grant access to sequences, if we have them
+        grant usage on schema api_v1_0_2 to api_fac_gov;
+        grant select, usage on all sequences in schema api_v1_0_2 to api_fac_gov;
+        alter default privileges
+            in schema api_v1_0_2
+            grant select, usage
+        on sequences
+        to api_fac_gov;
+    end if;
+end
+$$
+;
+
+-- This is the description
+COMMENT ON SCHEMA api_v1_0_2 IS
+    'The FAC dissemation API version 1.0.2.'
+;
+
+-- https://postgrest.org/en/stable/references/api/openapi.html
+-- This is the title
+COMMENT ON SCHEMA api_v1_0_2 IS
+$$v1.0.2
+
+A RESTful API that serves data from the SF-SAC.$$;
+
+commit;
+
+notify pgrst,
+       'reload schema';
+