From 74912ee36f453a127bc29d1ec1d3a6ce589eda8a Mon Sep 17 00:00:00 2001 From: Harold Wanyama Date: Thu, 11 Jul 2024 14:18:34 +0300 Subject: [PATCH] Revert "Revert "Revert "[#4358,#4359] Feature/LDAP Decommissioning""" This reverts commit 558ac26a04db52b4d225cc8174fca4e1ae62849c. --- .../cmd/dynamo_events_lambda/main.go | 7 +- .../handler/handler.go | 7 +- .../cmd/migrate_approval_list/main.go | 2 +- cla-backend-go/cmd/server.go | 8 +- .../gerrits/mocks/mock_repository.go | 143 ------- cla-backend-go/gerrits/models.go | 21 +- cla-backend-go/gerrits/repository.go | 21 +- cla-backend-go/gerrits/service.go | 280 ++++++++++++- cla-backend-go/gerrits/service_test.go | 47 --- cla-backend-go/signatures/repository.go | 127 +++--- cla-backend-go/swagger/cla.v2.yaml | 390 +++++++++--------- .../swagger/common/add-gerrit-input.yaml | 14 + cla-backend-go/swagger/common/gerrit.yaml | 19 + cla-backend-go/v2/gerrits/handlers.go | 386 ++++++++--------- cla-backend-go/v2/sign/service.go | 70 ++-- 15 files changed, 835 insertions(+), 707 deletions(-) delete mode 100644 cla-backend-go/gerrits/mocks/mock_repository.go delete mode 100644 cla-backend-go/gerrits/service_test.go diff --git a/cla-backend-go/cmd/dynamo_events_lambda/main.go b/cla-backend-go/cmd/dynamo_events_lambda/main.go index 652f7e4e3..ee910d335 100644 --- a/cla-backend-go/cmd/dynamo_events_lambda/main.go +++ b/cla-backend-go/cmd/dynamo_events_lambda/main.go @@ -115,7 +115,12 @@ func init() { githubOrganizationsService := github_organizations.NewService(githubOrganizationsRepo, repositoriesRepo, projectClaGroupRepo) repositoriesService := repositories.NewService(repositoriesRepo, githubOrganizationsRepo, projectClaGroupRepo) - gerritService := gerrits.NewService(gerritRepo) + gerritService := gerrits.NewService(gerritRepo, &gerrits.LFGroup{ + LfBaseURL: configFile.LFGroup.ClientURL, + ClientID: configFile.LFGroup.ClientID, + ClientSecret: configFile.LFGroup.ClientSecret, + RefreshToken: configFile.LFGroup.RefreshToken, + }) // Services projectService := service.NewService(projectRepo, repositoriesRepo, gerritRepo, projectClaGroupRepo, usersRepo) diff --git a/cla-backend-go/cmd/gitlab_repository_check/handler/handler.go b/cla-backend-go/cmd/gitlab_repository_check/handler/handler.go index 1097ffa52..f4b261403 100644 --- a/cla-backend-go/cmd/gitlab_repository_check/handler/handler.go +++ b/cla-backend-go/cmd/gitlab_repository_check/handler/handler.go @@ -137,7 +137,12 @@ func Handler(ctx context.Context) error { v1ProjectClaGroupRepo, }) - gerritService := gerrits.NewService(gerritRepo) + gerritService := gerrits.NewService(gerritRepo, &gerrits.LFGroup{ + LfBaseURL: configFile.LFGroup.ClientURL, + ClientID: configFile.LFGroup.ClientID, + ClientSecret: configFile.LFGroup.ClientSecret, + RefreshToken: configFile.LFGroup.RefreshToken, + }) approvalsTableName := "cla-" + stage + "-approvals" diff --git a/cla-backend-go/cmd/migrate_approval_list/main.go b/cla-backend-go/cmd/migrate_approval_list/main.go index 63f6c387f..574b58356 100644 --- a/cla-backend-go/cmd/migrate_approval_list/main.go +++ b/cla-backend-go/cmd/migrate_approval_list/main.go @@ -81,7 +81,7 @@ func init() { v1ProjectClaGroupRepo, }) ghOrgRepo = github_organizations.NewRepository(awsSession, stage) - gerritService = gerrits.NewService(gerritsRepo) + gerritService = gerrits.NewService(gerritsRepo, nil) signatureRepo = signatures.NewRepository(awsSession, stage, companyRepo, usersRepo, eventsService, &ghRepo, ghOrgRepo, gerritService, approvalRepo) log.Info("initialized repositories\n") diff --git a/cla-backend-go/cmd/server.go b/cla-backend-go/cmd/server.go index e2291e37d..1e67f9680 100644 --- a/cla-backend-go/cmd/server.go +++ b/cla-backend-go/cmd/server.go @@ -273,7 +273,13 @@ func server(localMode bool) http.Handler { v1ProjectClaGroupRepo, }) - gerritService := gerrits.NewService(gerritRepo) + gerritService := gerrits.NewService(gerritRepo, &gerrits.LFGroup{ + LfBaseURL: configFile.LFGroup.ClientURL, + ClientID: configFile.LFGroup.ClientID, + ClientSecret: configFile.LFGroup.ClientSecret, + RefreshToken: configFile.LFGroup.RefreshToken, + EventsService: eventsService, + }) // Signature repository handler signaturesRepo := signatures.NewRepository(awsSession, stage, v1CompanyRepo, usersRepo, eventsService, gitV1Repository, githubOrganizationsRepo, gerritService, approvalsRepo) diff --git a/cla-backend-go/gerrits/mocks/mock_repository.go b/cla-backend-go/gerrits/mocks/mock_repository.go deleted file mode 100644 index 6d45afc36..000000000 --- a/cla-backend-go/gerrits/mocks/mock_repository.go +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright The Linux Foundation and each contributor to CommunityBridge. -// SPDX-License-Identifier: MIT - -// Code generated by MockGen. DO NOT EDIT. -// Source: gerrits/repository.go - -// Package mock_gerrits is a generated GoMock package. -package mock_gerrits - -import ( - context "context" - reflect "reflect" - - models "github.com/communitybridge/easycla/cla-backend-go/gen/v1/models" - gomock "github.com/golang/mock/gomock" -) - -// MockRepository is a mock of Repository interface. -type MockRepository struct { - ctrl *gomock.Controller - recorder *MockRepositoryMockRecorder -} - -// MockRepositoryMockRecorder is the mock recorder for MockRepository. -type MockRepositoryMockRecorder struct { - mock *MockRepository -} - -// NewMockRepository creates a new mock instance. -func NewMockRepository(ctrl *gomock.Controller) *MockRepository { - mock := &MockRepository{ctrl: ctrl} - mock.recorder = &MockRepositoryMockRecorder{mock} - return mock -} - -// EXPECT returns an object that allows the caller to indicate expected use. -func (m *MockRepository) EXPECT() *MockRepositoryMockRecorder { - return m.recorder -} - -// AddGerrit mocks base method. -func (m *MockRepository) AddGerrit(ctx context.Context, input *models.Gerrit) (*models.Gerrit, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "AddGerrit", ctx, input) - ret0, _ := ret[0].(*models.Gerrit) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// AddGerrit indicates an expected call of AddGerrit. -func (mr *MockRepositoryMockRecorder) AddGerrit(ctx, input interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddGerrit", reflect.TypeOf((*MockRepository)(nil).AddGerrit), ctx, input) -} - -// DeleteGerrit mocks base method. -func (m *MockRepository) DeleteGerrit(ctx context.Context, gerritID string) error { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "DeleteGerrit", ctx, gerritID) - ret0, _ := ret[0].(error) - return ret0 -} - -// DeleteGerrit indicates an expected call of DeleteGerrit. -func (mr *MockRepositoryMockRecorder) DeleteGerrit(ctx, gerritID interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteGerrit", reflect.TypeOf((*MockRepository)(nil).DeleteGerrit), ctx, gerritID) -} - -// ExistsByName mocks base method. -func (m *MockRepository) ExistsByName(ctx context.Context, gerritName string) ([]*models.Gerrit, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "ExistsByName", ctx, gerritName) - ret0, _ := ret[0].([]*models.Gerrit) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// ExistsByName indicates an expected call of ExistsByName. -func (mr *MockRepositoryMockRecorder) ExistsByName(ctx, gerritName interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ExistsByName", reflect.TypeOf((*MockRepository)(nil).ExistsByName), ctx, gerritName) -} - -// GetClaGroupGerrits mocks base method. -func (m *MockRepository) GetClaGroupGerrits(ctx context.Context, claGroupID string) (*models.GerritList, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetClaGroupGerrits", ctx, claGroupID) - ret0, _ := ret[0].(*models.GerritList) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetClaGroupGerrits indicates an expected call of GetClaGroupGerrits. -func (mr *MockRepositoryMockRecorder) GetClaGroupGerrits(ctx, claGroupID interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetClaGroupGerrits", reflect.TypeOf((*MockRepository)(nil).GetClaGroupGerrits), ctx, claGroupID) -} - -// GetGerrit mocks base method. -func (m *MockRepository) GetGerrit(ctx context.Context, gerritID string) (*models.Gerrit, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetGerrit", ctx, gerritID) - ret0, _ := ret[0].(*models.Gerrit) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetGerrit indicates an expected call of GetGerrit. -func (mr *MockRepositoryMockRecorder) GetGerrit(ctx, gerritID interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetGerrit", reflect.TypeOf((*MockRepository)(nil).GetGerrit), ctx, gerritID) -} - -// GetGerritsByID mocks base method. -func (m *MockRepository) GetGerritsByID(ctx context.Context, ID, IDType string) (*models.GerritList, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetGerritsByID", ctx, ID, IDType) - ret0, _ := ret[0].(*models.GerritList) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetGerritsByID indicates an expected call of GetGerritsByID. -func (mr *MockRepositoryMockRecorder) GetGerritsByID(ctx, ID, IDType interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetGerritsByID", reflect.TypeOf((*MockRepository)(nil).GetGerritsByID), ctx, ID, IDType) -} - -// GetGerritsByProjectSFID mocks base method. -func (m *MockRepository) GetGerritsByProjectSFID(ctx context.Context, projectSFID string) (*models.GerritList, error) { - m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GetGerritsByProjectSFID", ctx, projectSFID) - ret0, _ := ret[0].(*models.GerritList) - ret1, _ := ret[1].(error) - return ret0, ret1 -} - -// GetGerritsByProjectSFID indicates an expected call of GetGerritsByProjectSFID. -func (mr *MockRepositoryMockRecorder) GetGerritsByProjectSFID(ctx, projectSFID interface{}) *gomock.Call { - mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetGerritsByProjectSFID", reflect.TypeOf((*MockRepository)(nil).GetGerritsByProjectSFID), ctx, projectSFID) -} diff --git a/cla-backend-go/gerrits/models.go b/cla-backend-go/gerrits/models.go index f15a074d0..b31689693 100644 --- a/cla-backend-go/gerrits/models.go +++ b/cla-backend-go/gerrits/models.go @@ -27,15 +27,18 @@ type Gerrit struct { // toModel converts the gerrit structure into a response model func (g *Gerrit) toModel() *models.Gerrit { return &models.Gerrit{ - DateCreated: g.DateCreated, - DateModified: g.DateModified, - GerritID: strfmt.UUID4(g.GerritID), - GerritName: g.GerritName, - GerritURL: strfmt.URI(g.GerritURL), - GroupIDCcla: g.GroupIDCcla, - ProjectID: g.ProjectID, - Version: g.Version, - ProjectSFID: g.ProjectSFID, + DateCreated: g.DateCreated, + DateModified: g.DateModified, + GerritID: strfmt.UUID4(g.GerritID), + GerritName: g.GerritName, + GerritURL: strfmt.URI(g.GerritURL), + GroupIDCcla: g.GroupIDCcla, + GroupIDIcla: g.GroupIDIcla, + GroupNameCcla: g.GroupNameCcla, + GroupNameIcla: g.GroupNameIcla, + ProjectID: g.ProjectID, + Version: g.Version, + ProjectSFID: g.ProjectSFID, } } diff --git a/cla-backend-go/gerrits/repository.go b/cla-backend-go/gerrits/repository.go index 80207f3e3..d9f4ae410 100644 --- a/cla-backend-go/gerrits/repository.go +++ b/cla-backend-go/gerrits/repository.go @@ -71,15 +71,18 @@ func (repo *repo) AddGerrit(ctx context.Context, input *models.Gerrit) (*models. } _, currentTime := utils.CurrentTime() gerrit := &Gerrit{ - DateCreated: currentTime, - DateModified: currentTime, - GerritID: gerritID.String(), - GerritName: input.GerritName, - GerritURL: input.GerritURL.String(), - GroupIDCcla: input.GroupIDCcla, - ProjectID: input.ProjectID, - ProjectSFID: input.ProjectSFID, - Version: input.Version, + DateCreated: currentTime, + DateModified: currentTime, + GerritID: gerritID.String(), + GerritName: input.GerritName, + GerritURL: input.GerritURL.String(), + GroupIDCcla: input.GroupIDCcla, + GroupIDIcla: input.GroupIDIcla, + GroupNameCcla: input.GroupNameCcla, + GroupNameIcla: input.GroupNameIcla, + ProjectID: input.ProjectID, + ProjectSFID: input.ProjectSFID, + Version: input.Version, } av, err := dynamodbattribute.MarshalMap(gerrit) if err != nil { diff --git a/cla-backend-go/gerrits/service.go b/cla-backend-go/gerrits/service.go index b10e9ce92..ecc72b236 100644 --- a/cla-backend-go/gerrits/service.go +++ b/cla-backend-go/gerrits/service.go @@ -11,7 +11,7 @@ import ( "net/url" "strings" - // "github.com/LF-Engineering/lfx-kit/auth" + "github.com/LF-Engineering/lfx-kit/auth" "github.com/go-openapi/strfmt" @@ -21,7 +21,7 @@ import ( "github.com/communitybridge/easycla/cla-backend-go/utils" "github.com/communitybridge/easycla/cla-backend-go/gen/v1/models" - // v2Models "github.com/communitybridge/easycla/cla-backend-go/gen/v2/models" + v2Models "github.com/communitybridge/easycla/cla-backend-go/gen/v2/models" log "github.com/communitybridge/easycla/cla-backend-go/logging" ) @@ -35,16 +35,23 @@ type Service interface { GetGerritRepos(ctx context.Context, gerritName string) (*models.GerritRepoList, error) DeleteClaGroupGerrits(ctx context.Context, claGroupID string) (int, error) DeleteGerrit(ctx context.Context, gerritID string) error + GetUsersOfGroup(ctx context.Context, authUser *auth.User, claGroupID, claType string) (*v2Models.GerritGroupResponse, error) + AddUserToGroup(ctx context.Context, authUser *auth.User, claGroupID, userName, claType string) error + AddUsersToGroup(ctx context.Context, authUser *auth.User, claGroupID string, userNameList []string, claType string) error + RemoveUserFromGroup(ctx context.Context, authUser *auth.User, claGroupID, userName, claType string) error + RemoveUsersFromGroup(ctx context.Context, authUser *auth.User, claGroupID string, userNameList []string, claType string) error } type service struct { - repo Repository + repo Repository + lfGroup *LFGroup } // NewService creates a new gerrit service -func NewService(repo Repository) Service { +func NewService(repo Repository, lfg *LFGroup) Service { return service{ - repo: repo, + repo: repo, + lfGroup: lfg, } } @@ -55,10 +62,34 @@ func (s service) AddGerrit(ctx context.Context, claGroupID string, projectSFID s "claGroupID": claGroupID, "projectSFID": projectSFID, } + if params.GroupIDIcla == "" && params.GroupIDCcla == "" { + return nil, errors.New("should specify at least a LDAP group for ICLA or CCLA") + } log.WithFields(f).Debugf("cla groupID %s", claGroupID) log.WithFields(f).Debugf("project Model %+v", claGroupModel) + if claGroupModel.ProjectCCLAEnabled && claGroupModel.ProjectICLAEnabled { + if params.GroupIDCcla == "" { + return nil, errors.New("please provide GroupIDCcla") + } + if params.GroupIDIcla == "" { + return nil, errors.New("please provide GroupIDIcla") + } + } else if claGroupModel.ProjectCCLAEnabled { + if params.GroupIDCcla == "" { + return nil, errors.New("please provide GroupIDCcla") + } + } else if claGroupModel.ProjectICLAEnabled { + if params.GroupIDIcla == "" { + return nil, errors.New("please provide GroupIDIcla") + } + } + + if params.GroupIDIcla == params.GroupIDCcla { + return nil, errors.New("LDAP group for ICLA and CCLA are same") + } + if params.GerritName == nil { return nil, errors.New("gerrit_name required") } @@ -73,16 +104,59 @@ func (s service) AddGerrit(ctx context.Context, claGroupID string, projectSFID s return nil, errors.New("gerrit_name already present in the system") } + gerritCcla, err := s.repo.GetGerritsByID(ctx, params.GroupIDCcla, "CCLA") + if err != nil { + message := fmt.Sprintf("unable to get gerrit by ccla id : %s", params.GroupIDCcla) + log.WithFields(f).WithError(err).Warnf(message) + } + + if len(gerritCcla.List) > 0 { + return nil, errors.New("gerrit_ccla id already present in the system") + } + + gerritIcla, err := s.repo.GetGerritsByID(ctx, params.GroupIDIcla, "ICLA") + if err != nil { + message := fmt.Sprintf("unable to get gerrit by icla : %s", params.GroupIDIcla) + log.WithFields(f).WithError(err).Warnf(message) + } + + if len(gerritIcla.List) > 0 { + return nil, errors.New("gerrit_icla id already present in the system") + } + if params.GerritURL == nil { return nil, errors.New("gerrit_url required") } + var groupNameCcla, groupNameIcla string + if params.GroupIDIcla != "" { + group, err := s.lfGroup.GetGroup(ctx, params.GroupIDIcla) + if err != nil { + message := fmt.Sprintf("unable to get LDAP ICLA Group: %s", params.GroupIDIcla) + log.WithFields(f).WithError(err).Warnf(message) + return nil, errors.New(message) + } + groupNameIcla = group.Title + } + if params.GroupIDCcla != "" { + group, err := s.lfGroup.GetGroup(ctx, params.GroupIDCcla) + if err != nil { + message := fmt.Sprintf("unable to get LDAP CCLA Group: %s", params.GroupIDCcla) + log.WithFields(f).WithError(err).Warnf(message) + return nil, errors.New(message) + } + groupNameCcla = group.Title + } input := &models.Gerrit{ - GerritName: utils.StringValue(params.GerritName), - GerritURL: strfmt.URI(*params.GerritURL), - ProjectID: claGroupID, - ProjectSFID: projectSFID, - Version: params.Version, + GerritName: utils.StringValue(params.GerritName), + GerritURL: strfmt.URI(*params.GerritURL), + GroupIDCcla: params.GroupIDCcla, + GroupIDIcla: params.GroupIDIcla, + GroupNameCcla: groupNameCcla, + GroupNameIcla: groupNameIcla, + ProjectID: claGroupID, + ProjectSFID: projectSFID, + Version: params.Version, } return s.repo.AddGerrit(ctx, input) } @@ -204,6 +278,192 @@ func (s service) DeleteGerrit(ctx context.Context, gerritID string) error { return s.repo.DeleteGerrit(ctx, gerritID) } +// GetUsersOfGroup +func (s service) GetUsersOfGroup(ctx context.Context, authUser *auth.User, claGroupID, claType string) (*v2Models.GerritGroupResponse, error) { + f := logrus.Fields{ + "functionName": "v1.gerrits.service.GetUsersOfGroup", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "claGroupID": claGroupID, + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + } + + log.WithFields(f).Debug("querying for CLA Group gerrits...") + g, gerritErr := s.GetClaGroupGerrits(ctx, claGroupID) + if gerritErr != nil { + log.WithFields(f).WithError(gerritErr).Warnf("unable to locate gerrits associated with CLA Group ID: %s", claGroupID) + return nil, gerritErr + } + + // Just load the first one... + if len(g.List) > 0 { + gerritModel := g.List[0] + var ldapGroupName string + switch claType { + case utils.ClaTypeICLA: + ldapGroupName = gerritModel.GroupNameIcla + case utils.ClaTypeECLA: + ldapGroupName = gerritModel.GroupNameCcla + default: + return nil, &utils.InvalidCLAType{ + CLAType: claType, + } + } + + log.WithFields(f).Debugf("querying for members of gerrit group: %s...", ldapGroupName) + g, gerritErr := s.lfGroup.GetUsersOfGroup(ctx, authUser, claGroupID, ldapGroupName) + if gerritErr != nil { + log.WithFields(f).WithError(gerritErr).Warnf("unable to locate gerrits associated with CLA Group ID: %s", claGroupID) + return nil, gerritErr + } + return g, nil + } + + return nil, nil +} + +// AddUserToGroup adds the specified user to the group +func (s service) AddUserToGroup(ctx context.Context, authUser *auth.User, claGroupID, userName, claType string) error { + f := logrus.Fields{ + "functionName": "v1.gerrits.service.AddUserToGroup", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "claGroupID": claGroupID, + "userName": userName, + } + + log.WithFields(f).Debug("querying for CLA Group gerrits...") + g, gerritErr := s.GetClaGroupGerrits(ctx, claGroupID) + if gerritErr != nil { + log.WithFields(f).WithError(gerritErr).Warnf("unable to locate gerrits associated with CLA Group ID: %s", claGroupID) + return gerritErr + } + + for _, gerritModel := range g.List { + var ldapGroupName string + switch claType { + case utils.ClaTypeICLA: + ldapGroupName = gerritModel.GroupNameIcla + case utils.ClaTypeECLA: + ldapGroupName = gerritModel.GroupNameCcla + default: + return &utils.InvalidCLAType{ + CLAType: claType, + } + } + log.WithFields(f).Debugf("LDAP group name: %s", ldapGroupName) + addErr := s.lfGroup.AddUserToGroup(ctx, authUser, claGroupID, ldapGroupName, userName) + if addErr != nil { + log.WithFields(f).WithError(addErr).Warnf("unable to add user %s to group: %s for CLA Group: %s", userName, ldapGroupName, claGroupID) + return gerritErr + } + log.WithFields(f).Debugf("added user %s to group: %s for CLA Group: %s", userName, ldapGroupName, claGroupID) + + // Log Event + } + + return nil +} + +// AddUsersToGroup adds the specified users to the group +func (s service) AddUsersToGroup(ctx context.Context, authUser *auth.User, claGroupID string, userNameList []string, claType string) error { + f := logrus.Fields{ + "functionName": "v1.gerrits.service.AddUsersToGroup", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "claGroupID": claGroupID, + "userNameList": strings.Join(userNameList, ","), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + } + + var errorList []error + for _, userName := range userNameList { + err := s.AddUserToGroup(ctx, authUser, claGroupID, userName, claType) + if err != nil { + log.WithFields(f).WithError(err).Warnf("encountered an error when adding username: %s to the CLA Group: %s", userName, claGroupID) + errorList = append(errorList, err) + } + } + + if len(errorList) > 0 { + log.WithFields(f).Warnf("encountered %d errors when adding %d users to the CLA Group: %s", len(errorList), len(userNameList), claGroupID) + return errorList[0] + } + + return nil +} + +// RemoveUserFromGroup removes the specified user from the group +func (s service) RemoveUserFromGroup(ctx context.Context, authUser *auth.User, claGroupID, userName, claType string) error { + f := logrus.Fields{ + "functionName": "v1.gerrits.service.RemoveUserFromGroup", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "claGroupID": claGroupID, + "userName": userName, + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + } + + log.WithFields(f).Debug("querying for CLA Group gerrits...") + g, gerritErr := s.GetClaGroupGerrits(ctx, claGroupID) + if gerritErr != nil { + log.WithFields(f).WithError(gerritErr).Warnf("unable to locate gerrits associated with CLA Group ID: %s", claGroupID) + return gerritErr + } + + for _, gerritModel := range g.List { + var ldapGroupName string + switch claType { + case utils.ClaTypeICLA: + ldapGroupName = gerritModel.GroupNameIcla + case utils.ClaTypeECLA: + ldapGroupName = gerritModel.GroupNameCcla + default: + return &utils.InvalidCLAType{ + CLAType: claType, + } + } + log.WithFields(f).Debugf("LDAP group name: %s", ldapGroupName) + addErr := s.lfGroup.RemoveUserFromGroup(ctx, authUser, claGroupID, ldapGroupName, userName) + if addErr != nil { + log.WithFields(f).WithError(addErr).Warnf("unable to remove user %s from group: %s for CLA Group: %s", userName, ldapGroupName, claGroupID) + return gerritErr + } + log.WithFields(f).Debugf("removed user %s from group: %s for CLA Group: %s", userName, ldapGroupName, claGroupID) + + // Log Event + } + + return nil +} + +// RemoveUsersFromGroup removes the specified users from the group +func (s service) RemoveUsersFromGroup(ctx context.Context, authUser *auth.User, claGroupID string, userNameList []string, claType string) error { + f := logrus.Fields{ + "functionName": "v1.gerrits.service.RemoveUsersFromGroup", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "claGroupID": claGroupID, + "userNameList": strings.Join(userNameList, ","), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + } + + var errorList []error + for _, userName := range userNameList { + err := s.RemoveUserFromGroup(ctx, authUser, claGroupID, userName, claType) + if err != nil { + log.WithFields(f).WithError(err).Warnf("encountered an error when removing username: %s from the CLA Group: %s", userName, claGroupID) + errorList = append(errorList, err) + } + } + + if len(errorList) > 0 { + log.WithFields(f).Warnf("encountered %d errors when removing %d users from the CLA Group: %s", len(errorList), len(userNameList), claGroupID) + return errorList[0] + } + + return nil +} + // convertModel is a helper function to create a GerritRepoList response model func convertModel(responseModel map[string]GerritRepoInfo, serverInfo *ServerInfo) *models.GerritRepoList { var gerritRepos []*models.GerritRepo diff --git a/cla-backend-go/gerrits/service_test.go b/cla-backend-go/gerrits/service_test.go deleted file mode 100644 index 457361f6a..000000000 --- a/cla-backend-go/gerrits/service_test.go +++ /dev/null @@ -1,47 +0,0 @@ -// Copyright The Linux Foundation and each contributor to CommunityBridge. -// SPDX-License-Identifier: MIT - -package gerrits - -import ( - "context" - "testing" - - "github.com/communitybridge/easycla/cla-backend-go/gen/v1/models" - gerritsMock "github.com/communitybridge/easycla/cla-backend-go/gerrits/mocks" - "github.com/golang/mock/gomock" - "github.com/stretchr/testify/assert" -) - -func TestService_AddGerrit(t *testing.T) { - // AddGerrit test case - - gerritName := "ONAP" - gerritURL := "https://gerrit.onap.org" - - ctrl := gomock.NewController(t) - defer ctrl.Finish() - - mockRepo := gerritsMock.NewMockRepository(ctrl) - mockRepo.EXPECT().AddGerrit(gomock.Any(), gomock.Any()).Return(&models.Gerrit{ - GerritID: "e82c469a-55ea-492d-9722-fd30b31da2aa", - GerritName: "ONAP", - GerritURL: "https://gerrit.onap.org", - ProjectID: "projectID", - }, nil) - - //Gerrit repo by name does not exist - mockRepo.EXPECT().ExistsByName(context.TODO(), "ONAP").Return(nil, nil) - - service := NewService(mockRepo) - gerrit, err := service.AddGerrit(context.TODO(), "projectID", "projectSFID", &models.AddGerritInput{ - GerritName: &gerritName, - GerritURL: &gerritURL, - }, &models.ClaGroup{ - ProjectID: "projectID", - }) - - assert.NotNil(t, gerrit) - assert.NoError(t, err) - -} diff --git a/cla-backend-go/signatures/repository.go b/cla-backend-go/signatures/repository.go index cf103f4e7..b98540b44 100644 --- a/cla-backend-go/signatures/repository.go +++ b/cla-backend-go/signatures/repository.go @@ -19,6 +19,7 @@ import ( "github.com/communitybridge/easycla/cla-backend-go/config" + "github.com/LF-Engineering/lfx-kit/auth" "github.com/sirupsen/logrus" "github.com/communitybridge/easycla/cla-backend-go/users" @@ -3197,10 +3198,10 @@ func (repo repository) UpdateApprovalList(ctx context.Context, claManager *model PageSize: utils.Int64(10), } - // authUser := auth.User{ - // Email: claManager.LfEmail.String(), - // UserName: claManager.LfUsername, - // } + authUser := auth.User{ + Email: claManager.LfEmail.String(), + UserName: claManager.LfUsername, + } // Keep track of gerrit users under a give CLA Group var gerritICLAECLAs []string @@ -3211,8 +3212,8 @@ func (repo repository) UpdateApprovalList(ctx context.Context, claManager *model goRoutines := 2 gerritResultChannel := make(chan *GerritUserResponse, goRoutines) gerritQueryStartTime, _ := utils.CurrentTime() - // go repo.getGerritUsers(ctx, &authUser, projectID, utils.ClaTypeICLA, gerritResultChannel) - // go repo.getGerritUsers(ctx, &authUser, projectID, utils.ClaTypeECLA, gerritResultChannel) + go repo.getGerritUsers(ctx, &authUser, projectID, utils.ClaTypeICLA, gerritResultChannel) + go repo.getGerritUsers(ctx, &authUser, projectID, utils.ClaTypeECLA, gerritResultChannel) log.WithFields(f).Debug("waiting on gerrit user query results from 2 go routines...") for i := 0; i < goRoutines; i++ { @@ -3310,19 +3311,19 @@ func (repo repository) UpdateApprovalList(ctx context.Context, claManager *model } } else { - // // Update gerrit user - // if utils.StringInSlice(user.LfUsername, gerritICLAECLAs) { - // // gerritIclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeICLA) - // if gerritIclaErr != nil { - // msg := fmt.Sprintf("unable to remove gerrit user: %s from group: %s", user.LfUsername, approvalList.ClaGroupID) - // log.WithFields(f).WithError(gerritIclaErr).Warn(msg) - // } - // eclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeECLA) - // if eclaErr != nil { - // msg := fmt.Sprintf("unable to remove gerrit user: %s from group: %s", user.LfUsername, approvalList.ClaGroupID) - // log.WithFields(f).WithError(eclaErr).Warn(msg) - // } - // } + // Update gerrit user + if utils.StringInSlice(user.LfUsername, gerritICLAECLAs) { + gerritIclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeICLA) + if gerritIclaErr != nil { + msg := fmt.Sprintf("unable to remove gerrit user: %s from group: %s", user.LfUsername, approvalList.ClaGroupID) + log.WithFields(f).WithError(gerritIclaErr).Warn(msg) + } + eclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeECLA) + if eclaErr != nil { + msg := fmt.Sprintf("unable to remove gerrit user: %s from group: %s", user.LfUsername, approvalList.ClaGroupID) + log.WithFields(f).WithError(eclaErr).Warn(msg) + } + } results <- &ICLAUserResponse{ ICLASignature: &models.IclaSignature{ GithubUsername: icla.UserGHUsername, @@ -4050,10 +4051,10 @@ func (repo repository) verifyUserApprovals(ctx context.Context, userID, signatur } email := getBestEmail(user) - // authUser := auth.User{ - // Email: claManager.LfEmail.String(), - // UserName: claManager.LfUsername, - // } + authUser := auth.User{ + Email: claManager.LfEmail.String(), + UserName: claManager.LfUsername, + } if approvalList.Criteria == utils.EmailDomainCriteria { // Handle Domains @@ -4069,20 +4070,20 @@ func (repo repository) verifyUserApprovals(ctx context.Context, userID, signatur return user, err } - // // Update Gerrit group users - // if utils.StringInSlice(user.LfUsername, approvalList.GerritICLAECLAs) { - // log.WithFields(f).Debugf("removing gerrit user:%s from claGroup: %s ...", user.LfUsername, approvalList.ClaGroupID) - // iclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeICLA) - // if iclaErr != nil { - // msg := fmt.Sprintf("unable to remove gerrit user:%s from group:%s", user.LfUsername, approvalList.ClaGroupID) - // log.WithFields(f).Warn(msg) - // } - // eclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeECLA) - // if eclaErr != nil { - // msg := fmt.Sprintf("unable to remove gerrit user:%s from group:%s", user.LfUsername, approvalList.ClaGroupID) - // log.WithFields(f).Warn(msg) - // } - // } + // Update Gerrit group users + if utils.StringInSlice(user.LfUsername, approvalList.GerritICLAECLAs) { + log.WithFields(f).Debugf("removing gerrit user:%s from claGroup: %s ...", user.LfUsername, approvalList.ClaGroupID) + iclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeICLA) + if iclaErr != nil { + msg := fmt.Sprintf("unable to remove gerrit user:%s from group:%s", user.LfUsername, approvalList.ClaGroupID) + log.WithFields(f).Warn(msg) + } + eclaErr := repo.gerritService.RemoveUserFromGroup(ctx, &authUser, approvalList.ClaGroupID, user.LfUsername, utils.ClaTypeECLA) + if eclaErr != nil { + msg := fmt.Sprintf("unable to remove gerrit user:%s from group:%s", user.LfUsername, approvalList.ClaGroupID) + log.WithFields(f).Warn(msg) + } + } } } } else if approvalList.Criteria == utils.GitHubOrgCriteria { @@ -4944,32 +4945,32 @@ func (repo repository) ActivateSignature(ctx context.Context, signatureID string } // getGerritUsers is a helper function to fetch the list of gerrit users for the specified type - results are returned through the specified results channel -// func (repo repository) getGerritUsers(ctx context.Context, authUser *auth.User, projectSFID string, claType string, gerritResultChannel chan *GerritUserResponse) { -// // f := logrus.Fields{ -// // "functionName": "v1.signatures.repository.getGerritUsers", -// // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), -// // "projectSFID": projectSFID, -// // } -// // log.WithFields(f).Debugf("querying gerrit for %s gerrit users...", claType) -// // gerritIclaUsers, getGerritQueryErr := repo.gerritService.GetUsersOfGroup(ctx, authUser, projectSFID, claType) -// // if getGerritQueryErr != nil || gerritIclaUsers == nil { -// // msg := fmt.Sprintf("unable to fetch gerrit users for claGroup: %s , claType: %s ", projectSFID, claType) -// // log.WithFields(f).WithError(getGerritQueryErr).Warn(msg) -// // gerritResultChannel <- &GerritUserResponse{ -// // gerritGroupResponse: nil, -// // queryType: claType, -// // Error: errors.New(msg), -// // } -// // return -// // } - -// // log.WithFields(f).Debugf("retrieved %d gerrit users for CLA type: %s...", len(gerritIclaUsers.Members), claType) -// gerritResultChannel <- &GerritUserResponse{ -// gerritGroupResponse: nil, -// queryType: claType, -// Error: nil, -// } -// } +func (repo repository) getGerritUsers(ctx context.Context, authUser *auth.User, projectSFID string, claType string, gerritResultChannel chan *GerritUserResponse) { + f := logrus.Fields{ + "functionName": "v1.signatures.repository.getGerritUsers", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "projectSFID": projectSFID, + } + log.WithFields(f).Debugf("querying gerrit for %s gerrit users...", claType) + gerritIclaUsers, getGerritQueryErr := repo.gerritService.GetUsersOfGroup(ctx, authUser, projectSFID, claType) + if getGerritQueryErr != nil || gerritIclaUsers == nil { + msg := fmt.Sprintf("unable to fetch gerrit users for claGroup: %s , claType: %s ", projectSFID, claType) + log.WithFields(f).WithError(getGerritQueryErr).Warn(msg) + gerritResultChannel <- &GerritUserResponse{ + gerritGroupResponse: nil, + queryType: claType, + Error: errors.New(msg), + } + return + } + + log.WithFields(f).Debugf("retrieved %d gerrit users for CLA type: %s...", len(gerritIclaUsers.Members), claType) + gerritResultChannel <- &GerritUserResponse{ + gerritGroupResponse: gerritIclaUsers, + queryType: claType, + Error: nil, + } +} func buildNextKey(indexName string, signature *models.Signature) (string, error) { nextKey := make(map[string]*dynamodb.AttributeValue) diff --git a/cla-backend-go/swagger/cla.v2.yaml b/cla-backend-go/swagger/cla.v2.yaml index f84d6ee3a..098fceb2f 100644 --- a/cla-backend-go/swagger/cla.v2.yaml +++ b/cla-backend-go/swagger/cla.v2.yaml @@ -3222,201 +3222,201 @@ paths: tags: - gerrits - # /cla-group/{claGroupID}/project/{projectSFID}/gerrits/icla/user: - # get: - # summary: Get Gerrit ICLA Users - # description: Gets the authorized individual CLA users from a gerrit instance for the CLA Group/Projecct - # operationId: getGerritICLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # schema: - # $ref: '#/definitions/gerrit-group-response' - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits - # put: - # summary: Add Gerrit ICLA Users - # description: Adds one or more individual CLA users to the gerrit CLA Group/project - # operationId: addGerritICLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # - in: body - # name: add-gerrit-user-input - # schema: - # $ref: '#/definitions/add-gerrit-user-input' - # required: true - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits - # delete: - # summary: Remove Gerrit ICLA Users - # description: Removes one or more individual CLA users from a gerrit instance for the CLA Group/Project - # operationId: removeGerritICLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # - in: body - # name: remove-gerrit-user-input - # schema: - # $ref: '#/definitions/remove-gerrit-user-input' - # required: true - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits - - # /cla-group/{claGroupID}/project/{projectSFID}/gerrits/ecla/user: - # get: - # summary: Get Gerrit ECLA Users - # description: Gets the authorized employee CLA users from a gerrit instance for the CLA Group/Projecct - # operationId: getGerritECLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # schema: - # $ref: '#/definitions/gerrit-group-response' - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits - # put: - # summary: Add Gerrit ECLA Users - # description: Adds one or more employee CLA users to a gerrit instance for the CLA Group/Project - # operationId: addGerritECLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # - in: body - # name: add-gerrit-user-input - # schema: - # $ref: '#/definitions/add-gerrit-user-input' - # required: true - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits - # delete: - # summary: Remove Gerrit ECLA Users - # description: Removes one or more employee CLA users from a gerrit instance for the project - # operationId: removeGerritECLAUser - # parameters: - # - $ref: "#/parameters/x-request-id" - # - $ref: "#/parameters/x-acl" - # - $ref: "#/parameters/x-username" - # - $ref: "#/parameters/x-email" - # - $ref: "#/parameters/path-claGroupID" - # - $ref: "#/parameters/path-projectSFID" - # - in: body - # name: remove-gerrit-user-input - # schema: - # $ref: '#/definitions/remove-gerrit-user-input' - # required: true - # responses: - # '200': - # description: 'Success' - # headers: - # x-request-id: - # type: string - # description: The unique request ID value - assigned/set by the API Gateway based on the session - # '400': - # $ref: '#/responses/invalid-request' - # '403': - # $ref: '#/responses/forbidden' - # '409': - # $ref: '#/responses/conflict' - # '500': - # $ref: '#/responses/internal-server-error' - # tags: - # - gerrits + /cla-group/{claGroupID}/project/{projectSFID}/gerrits/icla/user: + get: + summary: Get Gerrit ICLA Users + description: Gets the authorized individual CLA users from a gerrit instance for the CLA Group/Projecct + operationId: getGerritICLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + schema: + $ref: '#/definitions/gerrit-group-response' + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits + put: + summary: Add Gerrit ICLA Users + description: Adds one or more individual CLA users to the gerrit CLA Group/project + operationId: addGerritICLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + - in: body + name: add-gerrit-user-input + schema: + $ref: '#/definitions/add-gerrit-user-input' + required: true + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits + delete: + summary: Remove Gerrit ICLA Users + description: Removes one or more individual CLA users from a gerrit instance for the CLA Group/Project + operationId: removeGerritICLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + - in: body + name: remove-gerrit-user-input + schema: + $ref: '#/definitions/remove-gerrit-user-input' + required: true + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits + + /cla-group/{claGroupID}/project/{projectSFID}/gerrits/ecla/user: + get: + summary: Get Gerrit ECLA Users + description: Gets the authorized employee CLA users from a gerrit instance for the CLA Group/Projecct + operationId: getGerritECLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + schema: + $ref: '#/definitions/gerrit-group-response' + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits + put: + summary: Add Gerrit ECLA Users + description: Adds one or more employee CLA users to a gerrit instance for the CLA Group/Project + operationId: addGerritECLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + - in: body + name: add-gerrit-user-input + schema: + $ref: '#/definitions/add-gerrit-user-input' + required: true + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits + delete: + summary: Remove Gerrit ECLA Users + description: Removes one or more employee CLA users from a gerrit instance for the project + operationId: removeGerritECLAUser + parameters: + - $ref: "#/parameters/x-request-id" + - $ref: "#/parameters/x-acl" + - $ref: "#/parameters/x-username" + - $ref: "#/parameters/x-email" + - $ref: "#/parameters/path-claGroupID" + - $ref: "#/parameters/path-projectSFID" + - in: body + name: remove-gerrit-user-input + schema: + $ref: '#/definitions/remove-gerrit-user-input' + required: true + responses: + '200': + description: 'Success' + headers: + x-request-id: + type: string + description: The unique request ID value - assigned/set by the API Gateway based on the session + '400': + $ref: '#/responses/invalid-request' + '403': + $ref: '#/responses/forbidden' + '409': + $ref: '#/responses/conflict' + '500': + $ref: '#/responses/internal-server-error' + tags: + - gerrits /cla-group/{claGroupID}/user/{userID}/icla: put: summary: Invalidate ICLA record diff --git a/cla-backend-go/swagger/common/add-gerrit-input.yaml b/cla-backend-go/swagger/common/add-gerrit-input.yaml index 858bafa89..9ad977a16 100644 --- a/cla-backend-go/swagger/common/add-gerrit-input.yaml +++ b/cla-backend-go/swagger/common/add-gerrit-input.yaml @@ -26,6 +26,20 @@ properties: minLength: 10 maxLength: 255 pattern: ^(?:http(s)?:\/\/).+$ + groupIdCcla: + type: string + description: the LDAP group ID for CCLA encoded as a string value + example: '1902' + minLength: 1 + maxLength: 12 + pattern: ^[1-9]\d{0,11}$ + groupIdIcla: + type: string + description: the LDAP group ID for ICLA encoded as a string value + example: '1903' + minLength: 1 + maxLength: 12 + pattern: ^[1-9]\d{0,11}$ version: type: string description: the version associated with the gerrit record diff --git a/cla-backend-go/swagger/common/gerrit.yaml b/cla-backend-go/swagger/common/gerrit.yaml index e3d738c44..589cc40c2 100644 --- a/cla-backend-go/swagger/common/gerrit.yaml +++ b/cla-backend-go/swagger/common/gerrit.yaml @@ -40,6 +40,25 @@ properties: minLength: 1 maxLength: 12 pattern: ^[1-9]\d{0,11}$ + groupIdIcla: + type: string + description: the LDAP group ID for ICLA encoded as a string value + example: '1903' + minLength: 1 + maxLength: 12 + pattern: ^[1-9]\d{0,11}$ + groupNameCcla: + type: string + description: the LDAP group name for CCLA + example: 'onap-cla-ccla' + minLength: 3 + maxLength: 20 + groupNameIcla: + type: string + description: the LDAP group name for ICLA + example: 'onap-cla-icla' + minLength: 3 + maxLength: 20 projectSFID: type: string description: the Project SalesForce ID (external ID) associated with this gerrit record diff --git a/cla-backend-go/v2/gerrits/handlers.go b/cla-backend-go/v2/gerrits/handlers.go index 1fb02686a..c0da4a705 100644 --- a/cla-backend-go/v2/gerrits/handlers.go +++ b/cla-backend-go/v2/gerrits/handlers.go @@ -129,9 +129,11 @@ func Configure(api *operations.EasyclaAPI, v1Service v1Gerrits.Service, projectS // add the gerrit addGerritInput := &v1Models.AddGerritInput{ - GerritName: params.AddGerritInput.GerritName, - GerritURL: params.AddGerritInput.GerritURL, - Version: "v2", + GerritName: params.AddGerritInput.GerritName, + GerritURL: params.AddGerritInput.GerritURL, + GroupIDCcla: params.AddGerritInput.GroupIDCcla, + GroupIDIcla: params.AddGerritInput.GroupIDIcla, + Version: "v2", } result, err := v1Service.AddGerrit(ctx, params.ClaGroupID, params.ProjectSFID, addGerritInput, projectModel) if err != nil { @@ -259,195 +261,195 @@ func Configure(api *operations.EasyclaAPI, v1Service v1Gerrits.Service, projectS return gerrits.NewGetGerritReposOK().WithXRequestID(reqID).WithPayload(&response) }) - // api.GerritsGetGerritICLAUserHandler = gerrits.GetGerritICLAUserHandlerFunc(func(params gerrits.GetGerritICLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsGetGerritICLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to get gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewGetGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("getting user list to gerrit...") - // responseModel, err := v1Service.GetUsersOfGroup(ctx, authUser, params.ClaGroupID, utils.ClaTypeICLA) - // if err != nil { - // msg := fmt.Sprintf("problem getting user list of CLA Group %s", params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewGetGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewGetGerritICLAUserOK().WithXRequestID(reqID).WithPayload(responseModel) - // }) - - // api.GerritsGetGerritECLAUserHandler = gerrits.GetGerritECLAUserHandlerFunc(func(params gerrits.GetGerritECLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsGetGerritECLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to get gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewGetGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("getting user list to gerrit...") - // responseModel, err := v1Service.GetUsersOfGroup(ctx, authUser, params.ClaGroupID, utils.ClaTypeECLA) - // if err != nil { - // msg := fmt.Sprintf("problem getting user list of CLA Group %s", params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewGetGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewGetGerritECLAUserOK().WithXRequestID(reqID).WithPayload(responseModel) - // }) - - // api.GerritsAddGerritICLAUserHandler = gerrits.AddGerritICLAUserHandlerFunc(func(params gerrits.AddGerritICLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsAddGerritICLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // "gerritUsers": strings.Join(params.AddGerritUserInput, ","), - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to add gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewAddGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("adding user list to gerrit...") - // err := v1Service.AddUsersToGroup(ctx, authUser, params.ClaGroupID, params.AddGerritUserInput, utils.ClaTypeICLA) - // if err != nil { - // msg := fmt.Sprintf("problem adding user list %s to CLA Group %s", strings.Join(params.AddGerritUserInput, ","), params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewAddGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewAddGerritICLAUserOK().WithXRequestID(reqID) - // }) - - // api.GerritsRemoveGerritICLAUserHandler = gerrits.RemoveGerritICLAUserHandlerFunc(func(params gerrits.RemoveGerritICLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsRemoveGerritICLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // "gerritUsers": strings.Join(params.RemoveGerritUserInput, ","), - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to remove gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewRemoveGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("removing user list from gerrit...") - // err := v1Service.RemoveUsersFromGroup(ctx, authUser, params.ClaGroupID, params.RemoveGerritUserInput, utils.ClaTypeICLA) - // if err != nil { - // msg := fmt.Sprintf("problem removing user list %s to CLA Group %s", strings.Join(params.RemoveGerritUserInput, ","), params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewRemoveGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewRemoveGerritICLAUserOK().WithXRequestID(reqID) - // }) - - // api.GerritsAddGerritECLAUserHandler = gerrits.AddGerritECLAUserHandlerFunc(func(params gerrits.AddGerritECLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsAddGerritECLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // "gerritUsers": strings.Join(params.AddGerritUserInput, ","), - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to add gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewAddGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("adding user list to gerrit...") - // err := v1Service.AddUsersToGroup(ctx, authUser, params.ClaGroupID, params.AddGerritUserInput, utils.ClaTypeECLA) - // if err != nil { - // msg := fmt.Sprintf("problem adding user list %s to CLA Group %s", strings.Join(params.AddGerritUserInput, ","), params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewAddGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewAddGerritECLAUserOK().WithXRequestID(reqID) - // }) - - // api.GerritsRemoveGerritECLAUserHandler = gerrits.RemoveGerritECLAUserHandlerFunc(func(params gerrits.RemoveGerritECLAUserParams, authUser *auth.User) middleware.Responder { - // reqID := utils.GetRequestID(params.XREQUESTID) - // ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint - // utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) - // f := logrus.Fields{ - // "functionName": "v2.gerrits.handlers.GerritsRemoveGerritECLAUserHandler", - // utils.XREQUESTID: ctx.Value(utils.XREQUESTID), - // "authUserName": authUser.UserName, - // "authUserEmail": authUser.Email, - // "claGroupID": params.ClaGroupID, - // "projectSFID": params.ProjectSFID, - // "gerritUsers": strings.Join(params.RemoveGerritUserInput, ","), - // } - - // // verify user have access to the project - // if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { - // msg := fmt.Sprintf("user %s does not have access to remove gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) - // log.WithFields(f).Warn(msg) - // return gerrits.NewRemoveGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) - // } - - // log.WithFields(f).Debugf("removing user list from gerrit...") - // err := v1Service.RemoveUsersFromGroup(ctx, authUser, params.ClaGroupID, params.RemoveGerritUserInput, utils.ClaTypeECLA) - // if err != nil { - // msg := fmt.Sprintf("problem removing user list %s to CLA Group %s", strings.Join(params.RemoveGerritUserInput, ","), params.ClaGroupID) - // log.WithFields(f).WithError(err).Warn(msg) - // return gerrits.NewRemoveGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) - // } - - // return gerrits.NewRemoveGerritECLAUserOK().WithXRequestID(reqID) - // }) + api.GerritsGetGerritICLAUserHandler = gerrits.GetGerritICLAUserHandlerFunc(func(params gerrits.GetGerritICLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsGetGerritICLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to get gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewGetGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("getting user list to gerrit...") + responseModel, err := v1Service.GetUsersOfGroup(ctx, authUser, params.ClaGroupID, utils.ClaTypeICLA) + if err != nil { + msg := fmt.Sprintf("problem getting user list of CLA Group %s", params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewGetGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewGetGerritICLAUserOK().WithXRequestID(reqID).WithPayload(responseModel) + }) + + api.GerritsGetGerritECLAUserHandler = gerrits.GetGerritECLAUserHandlerFunc(func(params gerrits.GetGerritECLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsGetGerritECLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to get gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewGetGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("getting user list to gerrit...") + responseModel, err := v1Service.GetUsersOfGroup(ctx, authUser, params.ClaGroupID, utils.ClaTypeECLA) + if err != nil { + msg := fmt.Sprintf("problem getting user list of CLA Group %s", params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewGetGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewGetGerritECLAUserOK().WithXRequestID(reqID).WithPayload(responseModel) + }) + + api.GerritsAddGerritICLAUserHandler = gerrits.AddGerritICLAUserHandlerFunc(func(params gerrits.AddGerritICLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsAddGerritICLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + "gerritUsers": strings.Join(params.AddGerritUserInput, ","), + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to add gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewAddGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("adding user list to gerrit...") + err := v1Service.AddUsersToGroup(ctx, authUser, params.ClaGroupID, params.AddGerritUserInput, utils.ClaTypeICLA) + if err != nil { + msg := fmt.Sprintf("problem adding user list %s to CLA Group %s", strings.Join(params.AddGerritUserInput, ","), params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewAddGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewAddGerritICLAUserOK().WithXRequestID(reqID) + }) + + api.GerritsRemoveGerritICLAUserHandler = gerrits.RemoveGerritICLAUserHandlerFunc(func(params gerrits.RemoveGerritICLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsRemoveGerritICLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + "gerritUsers": strings.Join(params.RemoveGerritUserInput, ","), + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to remove gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewRemoveGerritICLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("removing user list from gerrit...") + err := v1Service.RemoveUsersFromGroup(ctx, authUser, params.ClaGroupID, params.RemoveGerritUserInput, utils.ClaTypeICLA) + if err != nil { + msg := fmt.Sprintf("problem removing user list %s to CLA Group %s", strings.Join(params.RemoveGerritUserInput, ","), params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewRemoveGerritICLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewRemoveGerritICLAUserOK().WithXRequestID(reqID) + }) + + api.GerritsAddGerritECLAUserHandler = gerrits.AddGerritECLAUserHandlerFunc(func(params gerrits.AddGerritECLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsAddGerritECLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + "gerritUsers": strings.Join(params.AddGerritUserInput, ","), + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to add gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewAddGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("adding user list to gerrit...") + err := v1Service.AddUsersToGroup(ctx, authUser, params.ClaGroupID, params.AddGerritUserInput, utils.ClaTypeECLA) + if err != nil { + msg := fmt.Sprintf("problem adding user list %s to CLA Group %s", strings.Join(params.AddGerritUserInput, ","), params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewAddGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewAddGerritECLAUserOK().WithXRequestID(reqID) + }) + + api.GerritsRemoveGerritECLAUserHandler = gerrits.RemoveGerritECLAUserHandlerFunc(func(params gerrits.RemoveGerritECLAUserParams, authUser *auth.User) middleware.Responder { + reqID := utils.GetRequestID(params.XREQUESTID) + ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint + utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) + f := logrus.Fields{ + "functionName": "v2.gerrits.handlers.GerritsRemoveGerritECLAUserHandler", + utils.XREQUESTID: ctx.Value(utils.XREQUESTID), + "authUserName": authUser.UserName, + "authUserEmail": authUser.Email, + "claGroupID": params.ClaGroupID, + "projectSFID": params.ProjectSFID, + "gerritUsers": strings.Join(params.RemoveGerritUserInput, ","), + } + + // verify user have access to the project + if !utils.IsUserAuthorizedForProjectTree(ctx, authUser, params.ProjectSFID, utils.ALLOW_ADMIN_SCOPE) { + msg := fmt.Sprintf("user %s does not have access to remove gerrit users with Project scope of %s", authUser.UserName, params.ProjectSFID) + log.WithFields(f).Warn(msg) + return gerrits.NewRemoveGerritECLAUserForbidden().WithXRequestID(reqID).WithPayload(utils.ErrorResponseForbidden(reqID, msg)) + } + + log.WithFields(f).Debugf("removing user list from gerrit...") + err := v1Service.RemoveUsersFromGroup(ctx, authUser, params.ClaGroupID, params.RemoveGerritUserInput, utils.ClaTypeECLA) + if err != nil { + msg := fmt.Sprintf("problem removing user list %s to CLA Group %s", strings.Join(params.RemoveGerritUserInput, ","), params.ClaGroupID) + log.WithFields(f).WithError(err).Warn(msg) + return gerrits.NewRemoveGerritECLAUserInternalServerError().WithXRequestID(reqID).WithPayload(utils.ErrorResponseInternalServerErrorWithError(reqID, msg, err)) + } + + return gerrits.NewRemoveGerritECLAUserOK().WithXRequestID(reqID) + }) } diff --git a/cla-backend-go/v2/sign/service.go b/cla-backend-go/v2/sign/service.go index f13d370dc..2438ea8f9 100644 --- a/cla-backend-go/v2/sign/service.go +++ b/cla-backend-go/v2/sign/service.go @@ -1007,17 +1007,17 @@ func (s *service) SignedIndividualCallbackGerrit(ctx context.Context, payload [] CLAGroupID: signature.ProjectID, }) - // // Add User to Gerrit Group - // if claUser.LfUsername != "" { - // log.WithFields(f).Debugf("adding user to gerrit group: %s", claUser.LfUsername) - // err = s.gerritService.AddUserToGroup(ctx, nil, signature.ProjectID, claUser.LfUsername, utils.ClaTypeICLA) - // if err != nil { - // log.WithFields(f).WithError(err).Warnf("unable to add user to gerrit group") - // return err - // } - // } else { - // log.WithFields(f).Warnf("user LF username is empty") - // } + // Add User to Gerrit Group + if claUser.LfUsername != "" { + log.WithFields(f).Debugf("adding user to gerrit group: %s", claUser.LfUsername) + err = s.gerritService.AddUserToGroup(ctx, nil, signature.ProjectID, claUser.LfUsername, utils.ClaTypeICLA) + if err != nil { + log.WithFields(f).WithError(err).Warnf("unable to add user to gerrit group") + return err + } + } else { + log.WithFields(f).Warnf("user LF username is empty") + } } else { log.WithFields(f).Debugf("envelope not signed - status: %s", status) @@ -1194,30 +1194,30 @@ func (s *service) SignedCorporateCallback(ctx context.Context, payload []byte, c CompanySFID: companyModel.CompanyExternalID, }) - // // Check if project is a gerrit instance - // var gerrits []*v1Models.Gerrit - // gerritList, err := s.gerritService.GetClaGroupGerrits(ctx, projectID) - // if err != nil { - // log.WithFields(f).WithError(err).Warnf("unable to get gerrit instances for project: %s", projectID) - // gerrits = []*v1Models.Gerrit{} - // } else { - // log.WithFields(f).Debugf("gerrit instances found for project: %s", projectID) - // gerrits = gerritList.List - // } - - // // Add User to Gerrit Group - // if len(gerrits) > 0 { - // if user.LfUsername != "" { - // log.WithFields(f).Debugf("adding user to gerrit group: %s", user.LfUsername) - // err = s.gerritService.AddUserToGroup(ctx, nil, projectID, user.LfUsername, utils.ClaTypeCCLA) - // if err != nil { - // log.WithFields(f).WithError(err).Warnf("unable to add user to gerrit group") - // return err - // } - // } else { - // log.WithFields(f).Warnf("user LF username is empty") - // } - // } + // Check if project is a gerrit instance + var gerrits []*v1Models.Gerrit + gerritList, err := s.gerritService.GetClaGroupGerrits(ctx, projectID) + if err != nil { + log.WithFields(f).WithError(err).Warnf("unable to get gerrit instances for project: %s", projectID) + gerrits = []*v1Models.Gerrit{} + } else { + log.WithFields(f).Debugf("gerrit instances found for project: %s", projectID) + gerrits = gerritList.List + } + + // Add User to Gerrit Group + if len(gerrits) > 0 { + if user.LfUsername != "" { + log.WithFields(f).Debugf("adding user to gerrit group: %s", user.LfUsername) + err = s.gerritService.AddUserToGroup(ctx, nil, projectID, user.LfUsername, utils.ClaTypeCCLA) + if err != nil { + log.WithFields(f).WithError(err).Warnf("unable to add user to gerrit group") + return err + } + } else { + log.WithFields(f).Warnf("user LF username is empty") + } + } return nil