From 7c8766d22900dec8304d68952094dc2ab463e787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 20 Nov 2024 13:45:51 +0000 Subject: [PATCH 01/11] Update gitignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- .gitignore | 4 ++++ cla-backend-go/aaa | 1 + 2 files changed, 5 insertions(+) create mode 100644 cla-backend-go/aaa diff --git a/.gitignore b/.gitignore index 834c8f3bb..65b03c4ce 100755 --- a/.gitignore +++ b/.gitignore @@ -241,3 +241,7 @@ dist/* api-postman/* cla-backend/run-python-test-example-*.py + +# LG +out +*.secret diff --git a/cla-backend-go/aaa b/cla-backend-go/aaa new file mode 100644 index 000000000..f6100a681 --- /dev/null +++ b/cla-backend-go/aaa @@ -0,0 +1 @@ +I'm guessing that my AWS user lgryglicki@contractor.linuxfoundation.org is missing some permissions as both python backend and go backed return error message `not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-east-1:922386791543:parameter/cla-gitlab-app-redirect-uri-dev with an explicit deny in an identity-based policy\n\tstatus code: 400, request id: b15a1dd7-892c-4304-bb92-594990cf52c7" functionName=loadSSMConfig stage=dev From 76912c2e3d28829fb0aa66b356a62aa4657b4e52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 20 Nov 2024 13:48:42 +0000 Subject: [PATCH 02/11] Cleanup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- cla-backend-go/aaa | 1 - 1 file changed, 1 deletion(-) delete mode 100644 cla-backend-go/aaa diff --git a/cla-backend-go/aaa b/cla-backend-go/aaa deleted file mode 100644 index f6100a681..000000000 --- a/cla-backend-go/aaa +++ /dev/null @@ -1 +0,0 @@ -I'm guessing that my AWS user lgryglicki@contractor.linuxfoundation.org is missing some permissions as both python backend and go backed return error message `not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-east-1:922386791543:parameter/cla-gitlab-app-redirect-uri-dev with an explicit deny in an identity-based policy\n\tstatus code: 400, request id: b15a1dd7-892c-4304-bb92-594990cf52c7" functionName=loadSSMConfig stage=dev From dc8e946013baad10e7d1e6d19f2a751528585305 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Tue, 26 Nov 2024 13:53:06 +0000 Subject: [PATCH 03/11] Update dev.md - linux special case MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- dev.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/dev.md b/dev.md index 7f818c9a5..dcf5183b8 100644 --- a/dev.md +++ b/dev.md @@ -133,6 +133,38 @@ locally and simply point to the DEV environment. The `STAGE` environment variable controls where we point. Make sure you export/provide/setup the AWS properties in order to connect. + +When running on Linux it looks like `.venv` sets $HOME to /tmp, and then python backend is looking for the AWS config file in `~/.aws/config` +This means it ends up in `/tmp/.aws/config`. You can use the following scritp to activate your environment (`setenv.secret`) via: `source setenv.secret`: +``` +#!/bin/bash +rm -rf /tmp/aws +cp -R ~/.aws /tmp/.aws +export AWS_SDK_LOAD_CONFIG=1 +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +export AWS_ACCESS_KEY_ID='[redacted]' +export AWS_SECRET_ACCESS_KEY='[redacted]' +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +``` + +And the following one to unset the environment: +``` +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +``` + ## Run the Python Backend ```bash From 33073f440c9e54873412bd3971c899f11252e6a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Tue, 26 Nov 2024 14:05:00 +0000 Subject: [PATCH 04/11] One more typo fix MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- dev.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev.md b/dev.md index dcf5183b8..3462f5c9d 100644 --- a/dev.md +++ b/dev.md @@ -363,9 +363,9 @@ First build and setup the environment. Then simply run it: ```bash # Mac -./cla-mac +./bin/cla-mac # or linux -./cla +./bin/cla ``` You should see the typical diagnostic details on startup indicating that it From f73c4d11bfc18035ee562327d18f9448f74ddf96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 27 Nov 2024 06:08:25 +0000 Subject: [PATCH 05/11] Update docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- aws_env.md | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++ dev.md | 12 ++++- setenv.sh | 27 +++++++++++ unsetenv.sh | 21 +++++++++ 4 files changed, 188 insertions(+), 2 deletions(-) create mode 100644 aws_env.md create mode 100644 setenv.sh create mode 100644 unsetenv.sh diff --git a/aws_env.md b/aws_env.md new file mode 100644 index 000000000..4e53960f3 --- /dev/null +++ b/aws_env.md @@ -0,0 +1,130 @@ +# Setting up AWS environment + +You need to have MFA enabled for your AWS user, your `~/.aws/config` shoudl look like this: +``` +[profile lfproduct-dev] +role_arn = arn:aws:iam::395594542180:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-test] +role_arn = arn:aws:iam::726224182707:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-staging] +role_arn = arn:aws:iam::844390194980:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[profile lfproduct-prod] +role_arn = arn:aws:iam::716487311010:role/product-contractors-role +source_profile = lfproduct +region = us-east-1 +output = json + +[default] +region = us-east-1 +output = json +``` + +It defines 4 profiles to use: `dev`, `staging`, `test` and `prod`. + +You will be using one of them. + + +Your `~/.aws/credentials` file shoudl initially look like this (replace `redacted`): +``` +[lfproduct-long-term] +aws_secret_access_key = [access_key_redacted] +aws_access_key_id = [key_id_redacted] +aws_mfa_device = arn:aws:iam::[arn_number_redacted]:mfa/[your_aws_user_redacted] + +[default] +aws_access_key_id = [key_id_redacted] +aws_secret_access_key = [access_key_redacted] +``` + +Now every 36 hours or less you need to refresh your MFA key by calling: `aws-mfa --force --duration 129600 --profile lfproduct`. + +When called it adds or replaces the following section (`[lfproduct]` which is used as a source profile for `dev`, `test`, `staging` or `prod` in aws config) in `~/.aws/credentials`: +``` +[lfproduct] +assumed_role = False +aws_access_key_id = [key_id_redacted] +aws_secret_access_key = [secret_access_key_redacted] +aws_session_token = [session_token_redacted] +aws_security_token = [session_token_redacted] +expiration = 2024-11-28 16:54:59 [now + 36 hours] + +``` + + +Once you have all of this, you must set a correct set of environment variables to run either `python` or `golang` backends. + +To do so you need to get credentials for a specific profile `lfproduct-`: `dev`, `test`, `staging`, `prod`. To see full one-time set of credentials you can call: +- for `dev`: `` aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session ``. +- for `prod`: `` aws sts assume-role --role-arn arn:aws:iam::716487311010:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-prod-session ``. + +Note - just replace the iam::[number] depending on environment type (`[stage]`) and update `lfproduct-[stage]-name`. + +You can set up a script like `setenv.sh` which will set all required variables, example for `dev`: +``` +#!/bin/bash + +rm -rf /tmp/aws +cp -R /root/.aws /tmp/.aws + +data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" + +export AWS_SDK_LOAD_CONFIG=true +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +export AWS_DEFAULT_REGION='us-east-1' +export DYNAMODB_AWS_REGION='us-east-1' +export REGION='us-east-1' + +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +# export STAGE='local' +export GH_ORG_VALIDATION=false +export DISABLE_LOCAL_PERMISSION_CHECKS=true +export COMPANY_USER_VALIDATION=false +export CLA_SIGNATURE_FILES_BUCKET=cla-signature-files-dev +``` + +Call it via `` . ./setenv.sh `` or `` source setenv.sh `` to execute in the current shell. + +You can reset environment variables by exiting the shell session or calling the following `unsetenv.sh` in the current shell via: `` . ./unsetenv.sh `` or `` source unsetenv.sh ``: +``` +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN +unset GH_ORG_VALIDATION +unset DISABLE_LOCAL_PERMISSION_CHECKS +unset COMPANY_USER_VALIDATION +unset CLA_SIGNATURE_FILES_BUCKET +unset DYNAMODB_AWS_REGION +unset REGION +unset AWS_ROLE_ARN +unset AWS_TOKEN_SERIAL +unset AWS_SDK_LOAD_CONFIG +``` diff --git a/dev.md b/dev.md index 3462f5c9d..819cb6b2e 100644 --- a/dev.md +++ b/dev.md @@ -143,8 +143,11 @@ cp -R ~/.aws /tmp/.aws export AWS_SDK_LOAD_CONFIG=1 export AWS_PROFILE='lfproduct-dev' export AWS_REGION='us-east-1' -export AWS_ACCESS_KEY_ID='[redacted]' -export AWS_SECRET_ACCESS_KEY='[redacted]' +data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" export PRODUCT_DOMAIN='dev.lfcla.com' export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' export PORT='5000' @@ -155,16 +158,21 @@ And the following one to unset the environment: ``` #!/bin/bash rm -rf /tmp/.aws +unset AWS_SDK_LOAD_CONFIG=1 unset AWS_PROFILE unset AWS_REGION unset AWS_ACCESS_KEY_ID unset AWS_SECRET_ACCESS_KEY +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN unset PRODUCT_DOMAIN unset ROOT_DOMAIN unset PORT unset STAGE ``` +Please refer to [aws_env.md](aws_env.md) for more details. + ## Run the Python Backend ```bash diff --git a/setenv.sh b/setenv.sh new file mode 100644 index 000000000..3b9f507ed --- /dev/null +++ b/setenv.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +rm -rf /tmp/aws +cp -R /root/.aws /tmp/.aws + +data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" +export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" +export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" + +export AWS_SDK_LOAD_CONFIG=true +export AWS_PROFILE='lfproduct-dev' +export AWS_REGION='us-east-1' +export AWS_DEFAULT_REGION='us-east-1' +export DYNAMODB_AWS_REGION='us-east-1' +export REGION='us-east-1' + +export PRODUCT_DOMAIN='dev.lfcla.com' +export ROOT_DOMAIN='lfcla.dev.platform.linuxfoundation.org' +export PORT='5000' +export STAGE='dev' +# export STAGE='local' +export GH_ORG_VALIDATION=false +export DISABLE_LOCAL_PERMISSION_CHECKS=true +export COMPANY_USER_VALIDATION=false +export CLA_SIGNATURE_FILES_BUCKET=cla-signature-files-dev diff --git a/unsetenv.sh b/unsetenv.sh new file mode 100644 index 000000000..7d627b33b --- /dev/null +++ b/unsetenv.sh @@ -0,0 +1,21 @@ +#!/bin/bash +rm -rf /tmp/.aws +unset AWS_PROFILE +unset AWS_REGION +unset AWS_ACCESS_KEY_ID +unset AWS_SECRET_ACCESS_KEY +unset PRODUCT_DOMAIN +unset ROOT_DOMAIN +unset PORT +unset STAGE +unset AWS_SESSION_TOKEN +unset AWS_SECURITY_TOKEN +unset GH_ORG_VALIDATION +unset DISABLE_LOCAL_PERMISSION_CHECKS +unset COMPANY_USER_VALIDATION +unset CLA_SIGNATURE_FILES_BUCKET +unset DYNAMODB_AWS_REGION +unset REGION +unset AWS_ROLE_ARN +unset AWS_TOKEN_SERIAL +unset AWS_SDK_LOAD_CONFIG From b18d8958b7bd1eb0b075e8a53ae7bed05fb22b92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Thu, 28 Nov 2024 06:54:48 +0000 Subject: [PATCH 06/11] Uopdate docs and util scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- dev.md | 3 ++ setenv.sh | 1 + unsetenv.sh | 1 + utils/describe_table.sh | 2 + utils/health_python_v2.sh | 7 +++ utils/lookup_company.sh | 2 + utils/lookup_project.sh | 2 + utils/lookup_user.sh | 2 + utils/ngrok.sh | 2 + utils/request_corporate_signature_post.sh | 59 ++++++++++++++++++++++ utils/request_employee_signature_post.sh | 54 ++++++++++++++++++++ utils/request_individual_signature_post.sh | 46 +++++++++++++++++ utils/scan_projects.sh | 2 + utils/scan_signatures.sh | 2 + utils/signature_post.sh | 26 ++++++++++ 15 files changed, 211 insertions(+) create mode 100755 utils/describe_table.sh create mode 100755 utils/health_python_v2.sh create mode 100755 utils/lookup_company.sh create mode 100755 utils/lookup_project.sh create mode 100755 utils/lookup_user.sh create mode 100755 utils/ngrok.sh create mode 100755 utils/request_corporate_signature_post.sh create mode 100755 utils/request_employee_signature_post.sh create mode 100755 utils/request_individual_signature_post.sh create mode 100755 utils/scan_projects.sh create mode 100755 utils/scan_signatures.sh create mode 100755 utils/signature_post.sh diff --git a/dev.md b/dev.md index 819cb6b2e..4fcfec0f5 100644 --- a/dev.md +++ b/dev.md @@ -202,6 +202,9 @@ open http://localhost:5000/v2/health open http://localhost:5000/v2/user/ ``` +To expose service running on the localhost to the outside world use: `` ./utils/ngrok.sh ``. +And then tets via: `` API_URL='https://[redacted].ngrok-free.app' ./scripts/health.sh `` from another host (anywhere in the world). + ## Building and Running the Go Backend Current Endpoints: diff --git a/setenv.sh b/setenv.sh index 3b9f507ed..dbe0d5532 100644 --- a/setenv.sh +++ b/setenv.sh @@ -8,6 +8,7 @@ export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" +export GITHUB_OAUTH_TOKEN="$(cat /etc/github/oauth)" export AWS_SDK_LOAD_CONFIG=true export AWS_PROFILE='lfproduct-dev' diff --git a/unsetenv.sh b/unsetenv.sh index 7d627b33b..6a6eb3b73 100644 --- a/unsetenv.sh +++ b/unsetenv.sh @@ -19,3 +19,4 @@ unset REGION unset AWS_ROLE_ARN unset AWS_TOKEN_SERIAL unset AWS_SDK_LOAD_CONFIG +unset GITHUB_OAUTH_TOKEN diff --git a/utils/describe_table.sh b/utils/describe_table.sh new file mode 100755 index 000000000..61251770c --- /dev/null +++ b/utils/describe_table.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb describe-table --table-name cla-dev-signatures diff --git a/utils/health_python_v2.sh b/utils/health_python_v2.sh new file mode 100755 index 000000000..22788414d --- /dev/null +++ b/utils/health_python_v2.sh @@ -0,0 +1,7 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi +curl -s "${API_URL}/v2/health" | jq -r '.' diff --git a/utils/lookup_company.sh b/utils/lookup_company.sh new file mode 100755 index 000000000..ff7ce8c8f --- /dev/null +++ b/utils/lookup_company.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-companies --index-name company-name-index --key-condition-expression "company_name = :name" --expression-attribute-values '{":name":{"S":"Google LLC"}}' diff --git a/utils/lookup_project.sh b/utils/lookup_project.sh new file mode 100755 index 000000000..68e84f2ae --- /dev/null +++ b/utils/lookup_project.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-projects --index-name project-name-lower-search-index --key-condition-expression "project_name_lower = :name" --expression-attribute-values '{":name":{"S":"child group earths"}}' diff --git a/utils/lookup_user.sh b/utils/lookup_user.sh new file mode 100755 index 000000000..230809fb6 --- /dev/null +++ b/utils/lookup_user.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb query --table-name cla-dev-users --index-name github-username-index --key-condition-expression "user_github_username = :name" --expression-attribute-values '{":name":{"S":"lukaszgryglicki"}}' diff --git a/utils/ngrok.sh b/utils/ngrok.sh new file mode 100755 index 000000000..829abad2f --- /dev/null +++ b/utils/ngrok.sh @@ -0,0 +1,2 @@ +#!/bin/bash +ngrok http http://localhost:5000 diff --git a/utils/request_corporate_signature_post.sh b/utils/request_corporate_signature_post.sh new file mode 100755 index 000000000..58d00533f --- /dev/null +++ b/utils/request_corporate_signature_post.sh @@ -0,0 +1,59 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# TOKEN='...' - Auth0 JWT bearer token +# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" ./utils/request_corporate_signature_post.sh 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' +# TODO: this is WIP atm + +if [ -z "$TOKEN" ] +then + source ./auth0_token.secret +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ -z "$1" ] +then + echo "$0: you need to specify company_id as a 1st parameter" + exit 1 +fi +export company_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 2 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 3 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 4 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v4/request-corporate-signature' -d '{\"project_id\":\"${project_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v4/request-corporate-signature" -d "{\"project_id\":\"${project_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_employee_signature_post.sh b/utils/request_employee_signature_post.sh new file mode 100755 index 000000000..d872e7c51 --- /dev/null +++ b/utils/request_employee_signature_post.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_employee_signature_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify company_id as a 2nd parameter" + exit 2 +fi +export company_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify project_id as a 3rd parameter" + exit 3 +fi +export project_id="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url_type as a 4th parameter: github|gitlab|gerrit" + exit 4 +fi +export return_url_type="$4" + +if [ -z "$5" ] +then + echo "$0: you need to specify return_url as a 5th parameter" + exit 5 +fi +export return_url="$5" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-employee-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-employee-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_individual_signature_post.sh b/utils/request_individual_signature_post.sh new file mode 100755 index 000000000..28aa6b5c5 --- /dev/null +++ b/utils/request_individual_signature_post.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_individual_signature_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 2 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 3 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 4 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-individual-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-individual-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/scan_projects.sh b/utils/scan_projects.sh new file mode 100755 index 000000000..109422e8e --- /dev/null +++ b/utils/scan_projects.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-projects --max-items 3 diff --git a/utils/scan_signatures.sh b/utils/scan_signatures.sh new file mode 100755 index 000000000..478bed2af --- /dev/null +++ b/utils/scan_signatures.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-signatures --max-items 1 diff --git a/utils/signature_post.sh b/utils/signature_post.sh new file mode 100755 index 000000000..d0c81c75e --- /dev/null +++ b/utils/signature_post.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# TOKEN='...' - Auth0 JWT bearer token +# BODY='{...}' - signature body + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ -z "$TOKEN" ] +then + source ./auth0_token.secret +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v1/signature' -d '${BODY}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v1/signature" -d "${BODY}" | jq -r '.' From 1d107c8480616f18c16e14f1d32f096351bc18b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Fri, 29 Nov 2024 06:27:30 +0000 Subject: [PATCH 07/11] Update util scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- setenv.sh | 3 ++- utils/health_python_v2.sh | 2 +- utils/request_corporate_signature_post.sh | 4 ++-- utils/signature_post.sh | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/setenv.sh b/setenv.sh index dbe0d5532..d8601eb6f 100644 --- a/setenv.sh +++ b/setenv.sh @@ -3,7 +3,8 @@ rm -rf /tmp/aws cp -R /root/.aws /tmp/.aws -data="$(aws sts assume-role --role-arn arn:aws:iam::395594542180:role/product-contractors-role --profile lfproduct --role-session-name lfproduct-dev-session)" +dev_arn="$(cat ./product-contractors-role.dev.secret)" +data="$(aws sts assume-role --role-arn ${dev_arn} --profile lfproduct --role-session-name lfproduct-dev-session)" export AWS_ACCESS_KEY_ID="$(echo "${data}" | jq -r '.Credentials.AccessKeyId')" export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAccessKey')" export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" diff --git a/utils/health_python_v2.sh b/utils/health_python_v2.sh index 22788414d..03c73f08f 100755 --- a/utils/health_python_v2.sh +++ b/utils/health_python_v2.sh @@ -1,5 +1,5 @@ #!/bin/bash -# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# API_URL=https://[xyz].ngrok-free.app (defaults to localhost:5000) if [ -z "$API_URL" ] then export API_URL="http://localhost:5000" diff --git a/utils/request_corporate_signature_post.sh b/utils/request_corporate_signature_post.sh index 58d00533f..e01904277 100755 --- a/utils/request_corporate_signature_post.sh +++ b/utils/request_corporate_signature_post.sh @@ -1,12 +1,12 @@ #!/bin/bash -# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# API_URL=https://[xyz].ngrok-free.app (defaults to localhost:5000) # company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' # project_id='88ee12de-122b-4c46-9046-19422054ed8d' # return_url_type='github' # return_url='http://localhost' # TOKEN='...' - Auth0 JWT bearer token # DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" ./utils/request_corporate_signature_post.sh 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' -# TODO: this is WIP atm +# TODO: this is WIP atm (due to AUTH0 token and X-ACL missing) if [ -z "$TOKEN" ] then diff --git a/utils/signature_post.sh b/utils/signature_post.sh index d0c81c75e..d803c9983 100755 --- a/utils/signature_post.sh +++ b/utils/signature_post.sh @@ -1,5 +1,5 @@ #!/bin/bash -# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# API_URL=https://[token].ngrok-free.app (defaults to localhost:5000) # TOKEN='...' - Auth0 JWT bearer token # BODY='{...}' - signature body From 2e02f2148df906a2ba7d94c689eecfa7efc4337b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 4 Dec 2024 05:18:55 +0000 Subject: [PATCH 08/11] Update scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- utils/example_pytest.sh | 2 ++ utils/signatures_to_json.sh | 2 ++ 2 files changed, 4 insertions(+) create mode 100755 utils/example_pytest.sh create mode 100755 utils/signatures_to_json.sh diff --git a/utils/example_pytest.sh b/utils/example_pytest.sh new file mode 100755 index 000000000..f50d37b0c --- /dev/null +++ b/utils/example_pytest.sh @@ -0,0 +1,2 @@ +#!/bin/bash +pytest -vvv -s cla/tests/unit/test_docusign_models.py -p no:warnings -k test_request_individual_signature diff --git a/utils/signatures_to_json.sh b/utils/signatures_to_json.sh new file mode 100755 index 000000000..32615a660 --- /dev/null +++ b/utils/signatures_to_json.sh @@ -0,0 +1,2 @@ +#!/bin/bash +aws --profile lfproduct-dev dynamodb scan --table-name cla-dev-signatures --select ALL_ATTRIBUTES --page-size 500 --max-items 100000 --output json > cla-dev-signatures.json.secret From f2184be21009e80588bc9207232432b36b85778f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 4 Dec 2024 06:39:30 +0000 Subject: [PATCH 09/11] Sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- ...=> request_corporate_signature_go_post.sh} | 2 +- ... => request_employee_signature_go_post.sh} | 2 +- utils/request_employee_signature_py_post.sh | 54 ++++++++++++++ utils/request_individual_signature_go_post.sh | 71 +++++++++++++++++++ ...> request_individual_signature_py_post.sh} | 2 +- utils/run_tests.sh | 19 +++++ 6 files changed, 147 insertions(+), 3 deletions(-) rename utils/{request_corporate_signature_post.sh => request_corporate_signature_go_post.sh} (93%) rename utils/{request_employee_signature_post.sh => request_employee_signature_go_post.sh} (89%) create mode 100755 utils/request_employee_signature_py_post.sh create mode 100755 utils/request_individual_signature_go_post.sh rename utils/{request_individual_signature_post.sh => request_individual_signature_py_post.sh} (90%) create mode 100755 utils/run_tests.sh diff --git a/utils/request_corporate_signature_post.sh b/utils/request_corporate_signature_go_post.sh similarity index 93% rename from utils/request_corporate_signature_post.sh rename to utils/request_corporate_signature_go_post.sh index e01904277..eccb101a4 100755 --- a/utils/request_corporate_signature_post.sh +++ b/utils/request_corporate_signature_go_post.sh @@ -5,7 +5,7 @@ # return_url_type='github' # return_url='http://localhost' # TOKEN='...' - Auth0 JWT bearer token -# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" ./utils/request_corporate_signature_post.sh 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' +# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" ./utils/request_corporate_signature_go_post.sh 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' # TODO: this is WIP atm (due to AUTH0 token and X-ACL missing) if [ -z "$TOKEN" ] diff --git a/utils/request_employee_signature_post.sh b/utils/request_employee_signature_go_post.sh similarity index 89% rename from utils/request_employee_signature_post.sh rename to utils/request_employee_signature_go_post.sh index d872e7c51..b610d1a90 100755 --- a/utils/request_employee_signature_post.sh +++ b/utils/request_employee_signature_go_post.sh @@ -5,7 +5,7 @@ # project_id='88ee12de-122b-4c46-9046-19422054ed8d' # return_url_type='github' # return_url='http://localhost' -# DEBUG=1 ./utils/request_employee_signature_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' +# DEBUG=1 ./utils/request_employee_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' if [ -z "$1" ] then diff --git a/utils/request_employee_signature_py_post.sh b/utils/request_employee_signature_py_post.sh new file mode 100755 index 000000000..b610d1a90 --- /dev/null +++ b/utils/request_employee_signature_py_post.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# company_id='862ff296-6508-4f10-9147-2bc2dd7bfe80' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# DEBUG=1 ./utils/request_employee_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 862ff296-6508-4f10-9147-2bc2dd7bfe80 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 1 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify company_id as a 2nd parameter" + exit 2 +fi +export company_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify project_id as a 3rd parameter" + exit 3 +fi +export project_id="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url_type as a 4th parameter: github|gitlab|gerrit" + exit 4 +fi +export return_url_type="$4" + +if [ -z "$5" ] +then + echo "$0: you need to specify return_url as a 5th parameter" + exit 5 +fi +export return_url="$5" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v2/request-employee-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v2/request-employee-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"company_id\":\"${company_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_individual_signature_go_post.sh b/utils/request_individual_signature_go_post.sh new file mode 100755 index 000000000..cf3ec5712 --- /dev/null +++ b/utils/request_individual_signature_go_post.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# API_URL=https://3f13-147-75-85-27.ngrok-free.app (defaults to localhost:5000) +# user_id='9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5' +# project_id='88ee12de-122b-4c46-9046-19422054ed8d' +# return_url_type='github' +# return_url='http://localhost' +# TOKEN='...' - Auth0 JWT bearer token +# XACL='...' - X-ACL header +# DEBUG=1 TOKEN="$(cat ./auth0.token.secret)" XACL="$(cat ./x-acl.secret)" ./utils/request_individual_signature_go_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' + +if [ -z "$TOKEN" ] +then + # source ./auth0_token.secret + TOKEN="$(cat ./auth0.token.secret)" +fi + +if [ -z "$TOKEN" ] +then + echo "$0: TOKEN not specified and unable to obtain one" + exit 1 +fi + +if [ -z "$XACL" ] +then + XACL="$(cat ./x-acl.secret)" +fi + +if [ -z "$XACL" ] +then + echo "$0: XACL not specified and unable to obtain one" + exit 2 +fi + +if [ -z "$1" ] +then + echo "$0: you need to specify user_id as a 1st parameter" + exit 3 +fi +export user_id="$1" + +if [ -z "$2" ] +then + echo "$0: you need to specify project_id as a 2nd parameter" + exit 4 +fi +export project_id="$2" + +if [ -z "$3" ] +then + echo "$0: you need to specify return_url_type as a 3rd parameter: github|gitlab|gerrit" + exit 5 +fi +export return_url_type="$3" + +if [ -z "$4" ] +then + echo "$0: you need to specify return_url as a 4th parameter" + exit 6 +fi +export return_url="$4" + +if [ -z "$API_URL" ] +then + export API_URL="http://localhost:5000" +fi + +if [ ! -z "$DEBUG" ] +then + echo "curl -s -XPOST -H 'X-ACL: ${XACL}' -H 'Authorization: Bearer ${TOKEN}' -H 'Content-Type: application/json' '${API_URL}/v4/request-individual-signature' -d '{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}' | jq -r '.'" +fi +curl -s -XPOST -H "X-ACL: ${XACL}" -H "Authorization: Bearer ${TOKEN}" -H "Content-Type: application/json" "${API_URL}/v4/request-individual-signature" -d "{\"project_id\":\"${project_id}\",\"user_id\":\"${user_id}\",\"return_url_type\":\"${return_url_type}\",\"return_url\":\"${return_url}\"}" | jq -r '.' diff --git a/utils/request_individual_signature_post.sh b/utils/request_individual_signature_py_post.sh similarity index 90% rename from utils/request_individual_signature_post.sh rename to utils/request_individual_signature_py_post.sh index 28aa6b5c5..ce3973415 100755 --- a/utils/request_individual_signature_post.sh +++ b/utils/request_individual_signature_py_post.sh @@ -4,7 +4,7 @@ # project_id='88ee12de-122b-4c46-9046-19422054ed8d' # return_url_type='github' # return_url='http://localhost' -# DEBUG=1 ./utils/request_individual_signature_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' +# DEBUG=1 ./utils/request_individual_signature_py_post.sh 9dcf5bbc-2492-11ed-97c7-3e2a23ea20b5 88ee12de-122b-4c46-9046-19422054ed8d github 'http://localhost' if [ -z "$1" ] then diff --git a/utils/run_tests.sh b/utils/run_tests.sh new file mode 100755 index 000000000..cedf22f97 --- /dev/null +++ b/utils/run_tests.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# PY=1 +# GO=1 +if [ ! -z "$PY" ] +then + cd cla-backend && pytest "cla/tests" -p no:warnings + cd .. +else + echo "$0: skipping python backend tests, specify PY=1 to run them" +fi + +if [ ! -z "$GO" ] +then + cd cla-backend-go && make test + cd .. +else + echo "$0: skipping golang backend tests, specify GO=1 to run them" +fi + From 2d3bf285cbef0208d7e13f7b2f3845987e240d86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 4 Dec 2024 07:00:41 +0000 Subject: [PATCH 10/11] Add docusign envs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- setenv.sh | 5 +++++ unsetenv.sh | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/setenv.sh b/setenv.sh index d8601eb6f..00bf366e8 100644 --- a/setenv.sh +++ b/setenv.sh @@ -10,6 +10,11 @@ export AWS_SECRET_ACCESS_KEY="$(echo "${data}" | jq -r '.Credentials.SecretAcces export AWS_SESSION_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" export AWS_SECURITY_TOKEN="$(echo "${data}" | jq -r '.Credentials.SessionToken')" export GITHUB_OAUTH_TOKEN="$(cat /etc/github/oauth)" +export DOCUSIGN_INTEGRATOR_KEY="$(cat ./DOCUSIGN_INTEGRATOR_KEY.secret)" +export DOCUSIGN_USER_ID="$(cat ./DOCUSIGN_USER_ID.secret)" +export DOCUSIGN_AUTH_SERVER="$(cat ./DOCUSIGN_AUTH_SERVER.secret)" +export DOCUSIGN_ROOT_URL="$(cat ./DOCUSIGN_ROOT_URL.secret)" +export DOCUSIGN_ACCOUNT_ID="$(cat ./DOCUSIGN_ACCOUNT_ID.secret)" export AWS_SDK_LOAD_CONFIG=true export AWS_PROFILE='lfproduct-dev' diff --git a/unsetenv.sh b/unsetenv.sh index 6a6eb3b73..6786d186c 100644 --- a/unsetenv.sh +++ b/unsetenv.sh @@ -20,3 +20,8 @@ unset AWS_ROLE_ARN unset AWS_TOKEN_SERIAL unset AWS_SDK_LOAD_CONFIG unset GITHUB_OAUTH_TOKEN +unset DOCUSIGN_INTEGRATOR_KEY +unset DOCUSIGN_USER_ID +unset DOCUSIGN_AUTH_SERVER +unset DOCUSIGN_ROOT_URL +unset DOCUSIGN_ACCOUNT_ID From cde4b8717667c9e93f4e353cd704fa336cb22138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Gryglicki?= Date: Wed, 4 Dec 2024 07:42:29 +0000 Subject: [PATCH 11/11] Add sign-flow.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Łukasz Gryglicki --- sign-flow.md | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 sign-flow.md diff --git a/sign-flow.md b/sign-flow.md new file mode 100644 index 000000000..c2533e844 --- /dev/null +++ b/sign-flow.md @@ -0,0 +1,62 @@ +EasyCLA Sign Flow: Sequence Overview + +1. *User Creates a Pull Request (PR)* + ◦ A contributor initiates a PR in the repository hosted on GitHub, Gerrit, or GitLab. +2. *Repository Triggers Activity Endpoint* +• The repository platform sends a request to EasyCLA’s Python endpoint: + ◦ v2/repository-provider/{provider}/activity +3. *EasyCLA Checks User Authorization* + ◦ EasyCLA internally verifies if the users involved in the PR are authorized to contribute to the repository. +4. *Update Repository with User Status* + ◦ EasyCLA communicates back to the repository provider, updating the status of each user as either *signed* or *not signed*. +5. *User Initiates Sign Process* + ◦ If a user is marked as *not signed*, they are prompted to begin the signing process and are redirected to the EasyCLA Contributor Console. +6. *Contributor Chooses Sign Type* +• Upon reaching the Contributor Console, the user selects one of two options: + ▪︎ *Individual Contributor* + ◦ *Corporate Contributor* +7. *Individual Contributor Flow* +• *a. Initiate Individual Signature Request* +• The system invokes the Go-based endpoint: + ▪︎ v4/request-individual-signature + ◦ This action creates a new signature record with `signed = false` and initiates the signing process. +• *a1. Redirect to DocuSign* + ◦ The API handles the integration with DocuSign, preparing a callback and redirect URL, and redirects the user to DocuSign for signing. +• *a2. Completion of Signing* +• Once the user completes the signing on DocuSign, a callback is triggered to: + ▪︎ v4/signed/individual/{installation_id}/{github_repository_id}/{change_request_id} + ◦ This endpoint updates the signature record’s `signed` flag to `true`, completing the process. +8. *Corporate Contributor Flow* +• *b. Initiate Corporate Signature Process* +9. *Redirect to Company Search* + ▪︎ The user is redirected to a company search interface within the Contributor Console. +10. *Search for Company* +• Upon selecting a company, the system calls the Go-based search endpoint: + • v3/organization/search?companyName=Info&include-signing-entity-name=false + ▪︎ This retrieves the relevant company information. +11. *Check and Prepare Employee Signature* +• The system invokes the Python endpoint: + • v2/check-prepare-employee-signature + • This checks whether the company follows a Corporate CLA (CCLA) or an Entity CLA (ECLA) flow. +• *i. If Company Has a CCLA:* + ◦ The system verifies if the user is authorized. + ◦ If *not authorized*, it prompts the user to contact the existing CLA manager for authorization. +• The Go-based endpoint sends a notification to CLA managers: + ◦ v4/notify-cla-managers + • An email is sent to the CLA managers, and the process ends. +• *ii. If Company Does Not Have a CCLA:* + ◦ The system checks if the user is a CLA manager. +• *A. User is a CLA Manager:* +• Assigns CLA manager designee permissions via: + ◦ v4/company/{companySFID}/user/{userLFID}/claGroupID/{claGroupID}/is-cla-manager-designee +• Verifies the assigned role: + ◦ v4/company/{companySFID}/user/{userLFID}/claGroupID/{claGroupID}/is-cla-manager-designee +• If the role is confirmed, it calls the endpoint to request a corporate signature: + ◦ v4/request-corporate-signature + ◦ This creates the signature record, completing the process. +• *B. User is Not a CLA Manager:* +• Fetches company administrators using: + ◦ v4/company/{companySFID}/admin +• Sends an invitation to become a company admin via: + ◦ /user/{userID}/invite-company-admin + ◦ An email is sent to the user to invite them as a company admin, concluding the process.