diff --git a/.gitignore b/.gitignore index 834c8f3bb..65b03c4ce 100755 --- a/.gitignore +++ b/.gitignore @@ -241,3 +241,7 @@ dist/* api-postman/* cla-backend/run-python-test-example-*.py + +# LG +out +*.secret diff --git a/aws_env.md b/aws_env.md new file mode 100644 index 000000000..4e53960f3 --- /dev/null +++ b/aws_env.md @@ -0,0 +1,130 @@ +# Setting up AWS environment + +You need to have MFA enabled for your AWS user, your `~/.aws/config` shoudl look like this: +``` +[profile lfproduct-dev] +role_arn = arn:aws:iam::395594542180:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-test] +role_arn = arn:aws:iam::726224182707:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-staging] +role_arn = arn:aws:iam::844390194980:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-prod] +role_arn = arn:aws:iam::716487311010:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[default] +region = us-east-1 +output = json +``` + +It defines 4 profiles to use: `dev`, `staging`, `test` and `prod`. + +You will be using one of them. + + +Your `~/.aws/credentials` file shoudl initially look like this (replace `redacted`): +``` +[lfproduct-long-term] +aws_secret_access_key = [access_key_redacted] +aws_access_key_id = [key_id_redacted] +aws_mfa_device = arn:aws:iam::[arn_number_redacted]:mfa/[your_aws_user_redacted] + +[default] +aws_access_key_id = [key_id_redacted] +aws_secret_access_key = [access_key_redacted] +``` + +Now every 36 hours or less you need to refresh your MFA key by calling: `aws-mfa --force --duration 129600 --profile lfproduct`. + +When called it adds or replaces the following section (`[lfproduct]` which is used as a source profile for `dev`, `test`, `staging` or `prod` in aws config) in `~/.aws/credentials`: +``` +[lfproduct] +assumed_role = False +aws_access_key_id = [key_id_redacted] +aws_secret_access_key = [secret_access_key_redacted] +aws_session_token = [session_token_redacted] +aws_security_token = [session_token_redacted] +expiration = 2024-11-28 16:54:59 [now + 36 hours] + +``` + + +Once you have all of this, you must set a correct set of environment variables to run either `python` or `golang` backends. + +To do so you need to get credentials for a specific profile `lfproduct-`: `dev`, `test`, `staging`, `prod`. To see full one-time set of credentials you can call: +- for `dev`: `` aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session ``. +- for `prod`: `` aws sts assume-role --role-arn arn:aws:iam::716487311010:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-prod-session ``. + +Note - just replace the iam::[number] depending on environment type (`[stage]`) and update `lfproduct-[stage]-name`. + +You can set up a script like `setenv.sh` which will set all required variables, example for `dev`: +``` +#!/bin/bash + +rm -rf /tmp/aws +cp -R /root/.aws /tmp/.aws + +data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" + +export AWS_SDK_LOAD_CONFIG=true +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +export AWS_DEFAULT_REGION='us-east-1' +export DYNAMODB_AWS_REGION='us-east-1' +export REGION='us-east-1' + +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +# export STAGE='local' +export GH_ORG_VALIDATION=false +export DISABLE_LOCAL_PERMISSION_CHECKS=true +export COMPANY_USER_VALIDATION=false +export CLA_SIGNATURE_FILES_BUCKET=cla-signature-files-dev +``` + +Call it via `` . ./setenv.sh `` or `` source setenv.sh `` to execute in the current shell. + +You can reset environment variables by exiting the shell session or calling the following `unsetenv.sh` in the current shell via: `` . ./unsetenv.sh `` or `` source unsetenv.sh ``: +``` +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN +unset GH_ORG_VALIDATION +unset DISABLE_LOCAL_PERMISSION_CHECKS +unset COMPANY_USER_VALIDATION +unset CLA_SIGNATURE_FILES_BUCKET +unset DYNAMODB_AWS_REGION +unset REGION +unset AWS_ROLE_ARN +unset AWS_TOKEN_SERIAL +unset AWS_SDK_LOAD_CONFIG +``` diff --git a/dev.md b/dev.md index 7f818c9a5..4fcfec0f5 100644 --- a/dev.md +++ b/dev.md @@ -133,6 +133,46 @@ locally and simply point to the DEV environment. The `STAGE` environment variable controls where we point. Make sure you export/provide/setup the AWS properties in order to connect. + +When running on Linux it looks like `.venv` sets $HOME to /tmp, and then python backend is looking for the AWS config file in `~/.aws/config` +This means it ends up in `/tmp/.aws/config`. You can use the following scritp to activate your environment (`setenv.secret`) via: `source setenv.secret`: +``` +#!/bin/bash +rm -rf /tmp/aws +cp -R ~/.aws /tmp/.aws +export AWS_SDK_LOAD_CONFIG=1 +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +``` + +And the following one to unset the environment: +``` +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_SDK_LOAD_CONFIG=1 +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +``` + +Please refer to [aws_env.md](aws_env.md) for more details. + ## Run the Python Backend ```bash @@ -162,6 +202,9 @@ open http://localhost:5000/v2/health open http://localhost:5000/v2/user/ ``` +To expose service running on the localhost to the outside world use: `` ./utils/ngrok.sh ``. +And then tets via: `` API_URL='https://[redacted].ngrok-free.app' ./scripts/health.sh `` from another host (anywhere in the world). + ## Building and Running the Go Backend Current Endpoints: @@ -331,9 +374,9 @@ First build and setup the environment. Then simply run it: ```bash # Mac -./cla-mac +./bin/cla-mac # or linux -./cla +./bin/cla ``` You should see the typical diagnostic details on startup indicating that it diff --git a/setenv.sh b/setenv.sh new file mode 100644 index 000000000..00bf366e8 --- /dev/null +++ b/setenv.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +rm -rf /tmp/aws +cp -R /root/.aws /tmp/.aws + +dev_arn="$(cat ./product-contractors-role.dev.secret)" +data="$(aws sts assume-role --role-arn ${dev_arn} --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export GITHUB_OAUTH_TOKEN="$(cat /etc/github/oauth)" +export DOCUSIGN_INTEGRATOR_KEY="$(cat ./DOCUSIGN_INTEGRATOR_KEY.secret)" +export DOCUSIGN_USER_ID="$(cat ./DOCUSIGN_USER_ID.secret)" +export DOCUSIGN_AUTH_SERVER="$(cat ./DOCUSIGN_AUTH_SERVER.secret)" +export DOCUSIGN_ROOT_URL="$(cat ./DOCUSIGN_ROOT_URL.secret)" +export DOCUSIGN_ACCOUNT_ID="$(cat ./DOCUSIGN_ACCOUNT_ID.secret)" + +export AWS_SDK_LOAD_CONFIG=true +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +export AWS_DEFAULT_REGION='us-east-1' +export DYNAMODB_AWS_REGION='us-east-1' +export REGION='us-east-1' + +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +# export STAGE='local' +export GH_ORG_VALIDATION=false +export DISABLE_LOCAL_PERMISSION_CHECKS=true +export COMPANY_USER_VALIDATION=false +export CLA_SIGNATURE_FILES_BUCKET=cla-signature-files-dev diff --git a/sign-flow.md b/sign-flow.md new file mode 100644 index 000000000..c2533e844 --- /dev/null +++ b/sign-flow.md @@ -0,0 +1,62 @@ +EasyCLA Sign Flow: Sequence Overview + +1. *User Creates a Pull Request (PR)* + ◦ A contributor initiates a PR in the repository hosted on GitHub, Gerrit, or GitLab. +2. *Repository Triggers Activity Endpoint* +• The repository platform sends a request to EasyCLA’s Python endpoint: + ◦ v2/repository-provider/{provider}/activity +3. *EasyCLA Checks User Authorization* + ◦ EasyCLA internally verifies if the users involved in the PR are authorized to contribute to the repository. +4. *Update Repository with User Status* + ◦ EasyCLA communicates back to the repository provider, updating the status of each user as either *signed* or *not signed*. +5. *User Initiates Sign Process* + ◦ If a user is marked as *not signed*, they are prompted to begin the signing process and are redirected to the EasyCLA Contributor Console. +6. *Contributor Chooses Sign Type* +• Upon reaching the Contributor Console, the user selects one of two options: + ▪︎ *Individual Contributor* + ◦ *Corporate Contributor* +7. *Individual Contributor Flow* +• *a. Initiate Individual Signature Request* +• The system invokes the Go-based endpoint: + ▪︎ v4/request-individual-signature + ◦ This action creates a new signature record with `signed = false` and initiates the signing process. +• *a1. Redirect to DocuSign* + ◦ The API handles the integration with DocuSign, preparing a callback and redirect URL, and redirects the user to DocuSign for signing. +• *a2. Completion of Signing* +• Once the user completes the signing on DocuSign, a callback is triggered to: + ▪︎ v4/signed/individual/{installation_id}/{github_repository_id}/{change_request_id} + ◦ This endpoint updates the signature record’s `signed` flag to `true`, completing the process. +8. *Corporate Contributor Flow* +• *b. Initiate Corporate Signature Process* +9. *Redirect to Company Search* + ▪︎ The user is redirected to a company search interface within the Contributor Console. +10. *Search for Company* +• Upon selecting a company, the system calls the Go-based search endpoint: + • v3/organization/search?companyName=Info&include-signing-entity-name=false + ▪︎ This retrieves the relevant company information. +11. *Check and Prepare Employee Signature* +• The system invokes the Python endpoint: + • v2/check-prepare-employee-signature + • This checks whether the company follows a Corporate CLA (CCLA) or an Entity CLA (ECLA) flow. +• *i. If Company Has a CCLA:* + ◦ The system verifies if the user is authorized. + ◦ If *not authorized*, it prompts the user to contact the existing CLA manager for authorization. +• The Go-based endpoint sends a notification to CLA managers: + ◦ v4/notify-cla-managers + • An email is sent to the CLA managers, and the process ends. +• *ii. If Company Does Not Have a CCLA:* + ◦ The system checks if the user is a CLA manager. +• *A. User is a CLA Manager:* +• Assigns CLA manager designee permissions via: + ◦ v4/company/{companySFID}/user/{userLFID}/claGroupID/{claGroupID}/is-cla-manager-designee +• Verifies the assigned role: + ◦ v4/company/{companySFID}/user/{userLFID}/claGroupID/{claGroupID}/is-cla-manager-designee +• If the role is confirmed, it calls the endpoint to request a corporate signature: + ◦ v4/request-corporate-signature + ◦ This creates the signature record, completing the process. +• *B. User is Not a CLA Manager:* +• Fetches company administrators using: + ◦ v4/company/{companySFID}/admin +• Sends an invitation to become a company admin via: + ◦ /user/{userID}/invite-company-admin + ◦ An email is sent to the user to invite them as a company admin, concluding the process. diff --git a/unsetenv.sh b/unsetenv.sh new file mode 100644 index 000000000..6786d186c --- /dev/null +++ b/unsetenv.sh @@ -0,0 +1,27 @@ +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN +unset GH_ORG_VALIDATION +unset DISABLE_LOCAL_PERMISSION_CHECKS +unset COMPANY_USER_VALIDATION +unset CLA_SIGNATURE_FILES_BUCKET +unset DYNAMODB_AWS_REGION +unset REGION +unset AWS_ROLE_ARN +unset AWS_TOKEN_SERIAL +unset AWS_SDK_LOAD_CONFIG +unset GITHUB_OAUTH_TOKEN +unset DOCUSIGN_INTEGRATOR_KEY +unset DOCUSIGN_USER_ID +unset DOCUSIGN_AUTH_SERVER +unset DOCUSIGN_ROOT_URL +unset DOCUSIGN_ACCOUNT_ID diff --git a/utils/describe_table.sh b/utils/describe_table.sh new file mode 100755 index 000000000..61251770c --- /dev/null +++ b/utils/describe_table.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb describe-table --table-name cla-dev-signatures diff --git a/utils/example_pytest.sh b/utils/example_pytest.sh new file mode 100755 index 000000000..f50d37b0c --- /dev/null +++ b/utils/example_pytest.sh @@ -0,0 +1,2 @@ +#!/bin/bash +pytest -vvv -s cla/tests/unit/test_docusign_models.py -p no:warnings -k test_request_individual_signature diff --git a/utils/health_python_v2.sh b/utils/health_python_v2.sh new file mode 100755 index 000000000..03c73f08f --- /dev/null +++ b/utils/health_python_v2.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# API_URL=https://[xyz].ngrok-free.app (defaults to localhost:5000) +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi +curl -s "${API_URL}/v2/health" | jq -r '.' diff --git a/utils/lookup_company.sh b/utils/lookup_company.sh new file mode 100755 index 000000000..ff7ce8c8f --- /dev/null +++ b/utils/lookup_company.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-companies --index-name company-name-index --key-condition-expression "company_name = :name" --expression-attribute-values '{":name":{"S":"Google LLC"}}' diff --git a/utils/lookup_project.sh b/utils/lookup_project.sh new file mode 100755 index 000000000..68e84f2ae --- /dev/null +++ b/utils/lookup_project.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-projects --index-name project-name-lower-search-index --key-condition-expression "project_name_lower = :name" --expression-attribute-values '{":name":{"S":"child group earths"}}' diff --git a/utils/lookup_user.sh b/utils/lookup_user.sh new file mode 100755 index 000000000..230809fb6 --- /dev/null +++ b/utils/lookup_user.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-users --index-name github-username-index --key-condition-expression "user_github_username = :name" --expression-attribute-values '{":name":{"S":"lukaszgryglicki"}}' diff --git a/utils/ngrok.sh b/utils/ngrok.sh new file mode 100755 index 000000000..829abad2f --- /dev/null +++ b/utils/ngrok.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ngrok http http://localhost:5000 diff --git a/utils/request_corporate_signature_go_post.sh b/utils/request_corporate_signature_go_post.sh new file mode 100755 index 000000000..eccb101a4 --- /dev/null +++ b/utils/request_corporate_signature_go_post.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# API_URL=https://[xyz].ngrok-free.app (defaults to localhost:5000) +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# TOKEN='...' - Auth0 JWT bearer token +# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" ./utils/request_corporate_signature_go_post.sh 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' +# TODO: this is WIP atm (due to AUTH0 token and X-ACL missing) + +if [ -z "$TOKEN" ] +then + source ./auth0_token.secret +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ -z "$1" ] +then + echo "$0: you need to specify company_id as a 1st parameter" + exit 1 +fi +export company_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 2 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 3 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 4 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v4/request-corporate-signature' -d '{\"project_id\":\"${project_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v4/request-corporate-signature" -d "{\"project_id\":\"${project_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_employee_signature_go_post.sh b/utils/request_employee_signature_go_post.sh new file mode 100755 index 000000000..b610d1a90 --- /dev/null +++ b/utils/request_employee_signature_go_post.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_employee_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify company_id as a 2nd parameter" + exit 2 +fi +export company_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify project_id as a 3rd parameter" + exit 3 +fi +export project_id="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url_type as a 4th parameter: github|gitlab|gerrit" + exit 4 +fi +export return_url_type="$4" + +if [ -z "$5" ] +then + echo "$0: you need to specify return_url as a 5th parameter" + exit 5 +fi +export return_url="$5" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-employee-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-employee-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_employee_signature_py_post.sh b/utils/request_employee_signature_py_post.sh new file mode 100755 index 000000000..b610d1a90 --- /dev/null +++ b/utils/request_employee_signature_py_post.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_employee_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify company_id as a 2nd parameter" + exit 2 +fi +export company_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify project_id as a 3rd parameter" + exit 3 +fi +export project_id="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url_type as a 4th parameter: github|gitlab|gerrit" + exit 4 +fi +export return_url_type="$4" + +if [ -z "$5" ] +then + echo "$0: you need to specify return_url as a 5th parameter" + exit 5 +fi +export return_url="$5" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-employee-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-employee-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_individual_signature_go_post.sh b/utils/request_individual_signature_go_post.sh new file mode 100755 index 000000000..cf3ec5712 --- /dev/null +++ b/utils/request_individual_signature_go_post.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# TOKEN='...' - Auth0 JWT bearer token +# XACL='...' - X-ACL header +# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" XACL="$(cat ./x-acl.secret)" ./utils/request_individual_signature_go_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$TOKEN" ] +then + # source ./auth0_token.secret + TOKEN="$(cat ./auth0.token.secret)" +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ -z "$XACL" ] +then + XACL="$(cat ./x-acl.secret)" +fi + +if [ -z "$XACL" ] +then + echo "$0: XACL not specified and unable to obtain one" + exit 2 +fi + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 3 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 4 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 5 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 6 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'X-ACL: ${XACL}' -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v4/request-individual-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "X-ACL: ${XACL}" -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v4/request-individual-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_individual_signature_py_post.sh b/utils/request_individual_signature_py_post.sh new file mode 100755 index 000000000..ce3973415 --- /dev/null +++ b/utils/request_individual_signature_py_post.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_individual_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 2 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 3 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 4 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-individual-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-individual-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/run_tests.sh b/utils/run_tests.sh new file mode 100755 index 000000000..cedf22f97 --- /dev/null +++ b/utils/run_tests.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# PY=1 +# GO=1 +if [ ! -z "$PY" ] +then + cd cla-backend && pytest "cla/tests" -p no:warnings + cd .. +else + echo "$0: skipping python backend tests, specify PY=1 to run them" +fi + +if [ ! -z "$GO" ] +then + cd cla-backend-go && make test + cd .. +else + echo "$0: skipping golang backend tests, specify GO=1 to run them" +fi + diff --git a/utils/scan_projects.sh b/utils/scan_projects.sh new file mode 100755 index 000000000..109422e8e --- /dev/null +++ b/utils/scan_projects.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-projects --max-items 3 diff --git a/utils/scan_signatures.sh b/utils/scan_signatures.sh new file mode 100755 index 000000000..478bed2af --- /dev/null +++ b/utils/scan_signatures.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-signatures --max-items 1 diff --git a/utils/signature_post.sh b/utils/signature_post.sh new file mode 100755 index 000000000..d803c9983 --- /dev/null +++ b/utils/signature_post.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# API_URL=https://[token].ngrok-free.app (defaults to localhost:5000) +# TOKEN='...' - Auth0 JWT bearer token +# BODY='{...}' - signature body + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ -z "$TOKEN" ] +then + source ./auth0_token.secret +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v1/signature' -d '${BODY}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v1/signature" -d "${BODY}" | jq -r '.' diff --git a/utils/signatures_to_json.sh b/utils/signatures_to_json.sh new file mode 100755 index 000000000..32615a660 --- /dev/null +++ b/utils/signatures_to_json.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-signatures --select ALL_ATTRIBUTES --page-size 500 --max-items 100000 --output json > cla-dev-signatures.json.secret