Merge branch 'master' into pr-osparc-dynamic-scheduler-monitoring-dashboard-mount-point

Author: GitHK

.github/workflows/ci-testing-deploy.yml

@@ -2661,84 +2661,3 @@ jobs:
         env:
           TAG_PREFIX: hotfix-staging-github
         run: ./ci/deploy/dockerhub-deploy.bash -n
-
-  system-api-specs:
-    needs: [changes]
-    if: ${{ needs.changes.outputs.anything-py == 'true' || github.event_name == 'push' }}
-    timeout-minutes: 10
-    name: "[sys] check api-specs are up to date"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Ensure job passes if not PR # ensure pass so upstream jobs which depend on this will run (dockerhub deployment)
-        if: ${{ github.event.pull_request == null }}
-        run: echo "::notice Passing job because not in PR"; exit 0
-      - name: setup python environment
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: install uv
-        uses: astral-sh/setup-uv@v4
-        with:
-          version: "0.4.x"
-          enable-cache: false
-      - name: checkout source branch
-        uses: actions/checkout@v4
-      - name: Regenerate specs and check
-        run: |
-          uv venv .venv && source .venv/bin/activate
-          make openapi-specs
-          ./ci/github/helpers/openapi-specs-diff.bash diff \
-            https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.full_name }}/refs/heads/${{ github.event.pull_request.head.ref }} \
-            .
-
-  system-backwards-compatibility:
-    needs: [changes, system-api-specs]
-    if: ${{ needs.changes.outputs.anything-py == 'true' || github.event_name == 'push' }}
-    timeout-minutes: 10
-    name: "[sys] api-server backwards compatibility"
-    runs-on: ubuntu-latest
-    steps:
-      - name: Ensure job passes if not PR # ensure pass so upstream jobs which depend on this will run (dockerhub deployment)
-        if: ${{ github.event.pull_request == null }}
-        run: echo "::notice Passing job because not in PR"; exit 0
-      - name: setup python environment
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: install uv
-        uses: astral-sh/setup-uv@v4
-        with:
-          version: "0.4.x"
-          enable-cache: false
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: check api-server backwards compatibility
-        run: |
-          ./scripts/openapi-diff.bash breaking --fail-on ERR\
-            https://raw.githubusercontent.com/${{ github.event.pull_request.base.repo.full_name }}/refs/heads/${{ github.event.pull_request.base.ref }}/services/api-server/openapi.json \
-            /specs/services/api-server/openapi.json
-
-  api-spec-backwards-compatibility:
-    needs: [changes, system-api-specs]
-    if: ${{ needs.changes.outputs.anything-py == 'true' && github.event_name == 'push' && github.event.pull_request != null }}
-    continue-on-error: true
-    timeout-minutes: 10
-    name: "api-specs-backwards-compatibility"
-    runs-on: ubuntu-latest
-    steps:
-      - name: setup python environment
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: install uv
-        uses: astral-sh/setup-uv@v4
-        with:
-          version: "0.4.x"
-          enable-cache: false
-      - name: checkout
-        uses: actions/checkout@v4
-      - name: Check openapi-specs backwards compatibility
-        run: |
-          ./ci/github/helpers/openapi-specs-diff.bash breaking \
-            https://raw.githubusercontent.com/${{ github.event.pull_request.base.repo.full_name }}/refs/heads/${{ github.event.pull_request.base.ref }} \
-            .

.github/workflows/ci-testing-pull-request.yml

@@ -0,0 +1,89 @@
+# This workflow holds jobs which are required to pass before merging into master
+
+name: PR CI
+on:
+  pull_request:
+    branches:
+      - "*"
+  # https://github.blog/changelog/2023-02-08-pull-request-merge-queue-public-beta/
+  merge_group:
+    branches:
+      - "master"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  api-specs:
+    timeout-minutes: 10
+    name: "check OAS' are up to date"
+    runs-on: ubuntu-latest
+    steps:
+      - name: setup python environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "0.4.x"
+          enable-cache: false
+      - name: checkout source branch
+        uses: actions/checkout@v4
+      - name: Regenerate specs and check
+        run: |
+          uv venv .venv && source .venv/bin/activate
+          make openapi-specs
+          if ! ./ci/github/helpers/openapi-specs-diff.bash diff \
+            https://raw.githubusercontent.com/${{ github.event.pull_request.head.repo.full_name }}/refs/heads/${{ github.event.pull_request.head.ref }} \
+            .; then \
+            echo "::error:: OAS are not up to date. Run 'make openapi-specs' to update them"; exit 1; \
+          fi
+
+  api-server-oas-breaking:
+    needs: api-specs
+    timeout-minutes: 10
+    name: "api-server backwards compatibility"
+    runs-on: ubuntu-latest
+    steps:
+      - name: setup python environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "0.4.x"
+          enable-cache: false
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: check api-server backwards compatibility
+        run: |
+          ./scripts/openapi-diff.bash breaking --fail-on ERR\
+            https://raw.githubusercontent.com/${{ github.event.pull_request.base.repo.full_name }}/refs/heads/${{ github.event.pull_request.base.ref }}/services/api-server/openapi.json \
+            /specs/services/api-server/openapi.json
+
+  all-oas-breaking:
+    needs: api-specs
+    continue-on-error: true
+    timeout-minutes: 10
+    name: "OAS backwards compatibility"
+    runs-on: ubuntu-latest
+    steps:
+      - name: setup python environment
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          version: "0.4.x"
+          enable-cache: false
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: Check openapi-specs backwards compatibility
+        run: |
+          ./ci/github/helpers/openapi-specs-diff.bash breaking \
+            https://raw.githubusercontent.com/${{ github.event.pull_request.base.repo.full_name }}/refs/heads/${{ github.event.pull_request.base.ref }} \
+            .

api/specs/web-server/_auth.py

@@ -9,8 +9,6 @@
 from fastapi import APIRouter, status
 from models_library.api_schemas_webserver.auth import (
     AccountRequestInfo,
-    ApiKeyCreate,
-    ApiKeyGet,
     UnregisterCheck,
 )
 from models_library.generics import Envelope
@@ -264,72 +262,6 @@ async def email_confirmation(code: str):
     """email link sent to user to confirm an action"""
 
 
-@router.get(
-    "/auth/api-keys",
-    operation_id="list_api_keys",
-    responses={
-        status.HTTP_200_OK: {
-            "description": "returns the display names of API keys",
-            "model": list[str],
-        },
-        status.HTTP_400_BAD_REQUEST: {
-            "description": "key name requested is invalid",
-        },
-        status.HTTP_401_UNAUTHORIZED: {
-            "description": "requires login to  list keys",
-        },
-        status.HTTP_403_FORBIDDEN: {
-            "description": "not enough permissions to list keys",
-        },
-    },
-)
-async def list_api_keys():
-    """lists display names of API keys by this user"""
-
-
-@router.post(
-    "/auth/api-keys",
-    operation_id="create_api_key",
-    responses={
-        status.HTTP_200_OK: {
-            "description": "Authorization granted returning API key",
-            "model": ApiKeyGet,
-        },
-        status.HTTP_400_BAD_REQUEST: {
-            "description": "key name requested is invalid",
-        },
-        status.HTTP_401_UNAUTHORIZED: {
-            "description": "requires login to  list keys",
-        },
-        status.HTTP_403_FORBIDDEN: {
-            "description": "not enough permissions to list keys",
-        },
-    },
-)
-async def create_api_key(_body: ApiKeyCreate):
-    """creates API keys to access public API"""
-
-
-@router.delete(
-    "/auth/api-keys",
-    operation_id="delete_api_key",
-    status_code=status.HTTP_204_NO_CONTENT,
-    responses={
-        status.HTTP_204_NO_CONTENT: {
-            "description": "api key successfully deleted",
-        },
-        status.HTTP_401_UNAUTHORIZED: {
-            "description": "requires login to  delete a key",
-        },
-        status.HTTP_403_FORBIDDEN: {
-            "description": "not enough permissions to delete a key",
-        },
-    },
-)
-async def delete_api_key(_body: ApiKeyCreate):
-    """deletes API key by name"""
-
-
 @router.get(
     "/auth/captcha",
     operation_id="request_captcha",

api/specs/web-server/_auth_api_keys.py

@@ -0,0 +1,60 @@
+from typing import Annotated
+
+from fastapi import APIRouter, Depends, status
+from models_library.api_schemas_webserver.auth import (
+    ApiKeyCreateRequest,
+    ApiKeyCreateResponse,
+    ApiKeyGet,
+)
+from models_library.generics import Envelope
+from models_library.rest_error import EnvelopedError
+from simcore_service_webserver._meta import API_VTAG
+from simcore_service_webserver.api_keys._exceptions_handlers import _TO_HTTP_ERROR_MAP
+from simcore_service_webserver.api_keys._rest import ApiKeysPathParams
+
+router = APIRouter(
+    prefix=f"/{API_VTAG}",
+    tags=["auth"],
+    responses={
+        i.status_code: {"model": EnvelopedError} for i in _TO_HTTP_ERROR_MAP.values()
+    },
+)
+
+
+@router.post(
+    "/auth/api-keys",
+    operation_id="create_api_key",
+    status_code=status.HTTP_201_CREATED,
+    response_model=Envelope[ApiKeyCreateResponse],
+)
+async def create_api_key(_body: ApiKeyCreateRequest):
+    """creates API keys to access public API"""
+
+
+@router.get(
+    "/auth/api-keys",
+    operation_id="list_api_keys",
+    response_model=Envelope[list[ApiKeyGet]],
+    status_code=status.HTTP_200_OK,
+)
+async def list_api_keys():
+    """lists API keys by this user"""
+
+
+@router.get(
+    "/auth/api-keys/{api_key_id}",
+    operation_id="get_api_key",
+    response_model=Envelope[ApiKeyGet],
+    status_code=status.HTTP_200_OK,
+)
+async def get_api_key(_path: Annotated[ApiKeysPathParams, Depends()]):
+    """returns the API Key with the given ID"""
+
+
+@router.delete(
+    "/auth/api-keys/{api_key_id}",
+    operation_id="delete_api_key",
+    status_code=status.HTTP_204_NO_CONTENT,
+)
+async def delete_api_key(_path: Annotated[ApiKeysPathParams, Depends()]):
+    """deletes the API key with the given ID"""