Merge branch 'dev' into dependabot/pip/cla-backend/python-jose-3.4.0

Author: lukaszgryglicki

CHECK_PR.md

@@ -0,0 +1,8 @@
+# How to check why EasyCLA is not covered
+
+1) Open GitHub PR and check for user name: `` select * from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_USERS where data:user_github_username = '<user-name>'; ``. Note `user_id`.
+2) If user has `user_company_id` then note it and get company data: `` select * from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_COMPANIES where company_id = '<user-company-id>'; ``.
+3) First let's look for ICLAs: `` select * from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_SIGNATURES where data:signature_reference_id = '<user-id>' and data:signature_reference_type = 'user' and data:signature_type = 'cla' and data:signature_user_ccla_company_id is null; ``.
+4) If ICLAs are found, then check for which project `data:signature_project_id` field: `` select data:project_name from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_PROJECTS where project_id = '<project-id>'; ``.
+5) For ECLA (if user have `company_id` set), lookup for ECLAs: `` select * from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_SIGNATURES where data:signature_project_id = '<project-id>' and data:signature_user_ccla_company_id = '<user-company-id>' and data:signature_reference_id = '<user-id>'; ``.
+6) To find comapny's / project's CCLA: `` select * from FIVETRAN_INGEST.DYNAMODB_PRODUCT_US_EAST_1.CLA_PROD_SIGNATURES where data:signature_project_id = '<project-id>' and data:signature_reference_id = '<company-id>' and data:signature_reference_type = 'company'; ``.

cla-backend-go/auth/authorizer.go

@@ -72,6 +72,7 @@ func (a Authorizer) SecurityAuth(token string, scopes []string) (*user.CLAUser,
 	f["claims"] = fmt.Sprintf("%+v", claims)
 
 	// Get the username from the token claims
+	// LG: for V3 endpoints comment this out and set: username, name and email manually for local testing.
 	usernameClaim, ok := claims[a.authValidator.usernameClaim]
 	if !ok {
 		log.WithFields(f).Warnf("username not found in claims with key: %s", a.authValidator.usernameClaim)

cla-backend-go/cmd/zipbuilder_lambda/main.go

@@ -102,10 +102,10 @@ func main() {
 	log.Info("Lambda server starting...")
 	printBuildInfo()
 	if os.Getenv("LOCAL_MODE") == "true" {
-		if len(os.Args) != 3 {
-			log.Fatal("invalid number of args. first arg should be icla or ccla and 2nd arg should be cla_group_id")
+		if len(os.Args) != 4 {
+			log.Fatal("invalid number of args. first arg should be icla or ccla, 2nd should be pdf or csv and 3rd arg should be cla_group_id")
 		}
-		err := handler(utils.NewContext(), BuildZipEvent{SignatureType: os.Args[1], ClaGroupID: os.Args[2]})
+		err := handler(utils.NewContext(), BuildZipEvent{SignatureType: os.Args[1], FileType: os.Args[2], ClaGroupID: os.Args[3]})
 		if err != nil {
 			log.Fatal(err)
 		}

cla-backend-go/cmd/zipbuilder_scheduler_lambda/main.go

@@ -114,13 +114,13 @@ func handler(ctx context.Context, event events.CloudWatchEvent) {
 
 func invokeLambda(wg *sync.WaitGroup, lambdaClient *lambda.Lambda, stage string, buildZipEvent BuildZipEvent) {
 	defer wg.Done()
-	log.WithField("buildZipEvent", buildZipEvent).Debug("invoking zipbuilder-lambda")
+	log.WithField("buildZipEvent", buildZipEvent).Debug("invoking zip-builder-lambda")
 	payload, err := json.Marshal(buildZipEvent)
 	if err != nil {
 		log.Error("Error marshalling BuildZip request", err)
 		return
 	}
-	functionName := fmt.Sprintf("cla-backend-%s-zipbuilder-lambda", stage)
+	functionName := fmt.Sprintf("cla-backend-%s-zip-builder-lambda", stage)
 
 	_, err = lambdaClient.Invoke(&lambda.InvokeInput{FunctionName: aws.String(functionName), Payload: payload})
 	if err != nil {

cla-backend-go/company/models.go

@@ -24,6 +24,7 @@ type DBModel struct {
 	Created           string   `dynamodbav:"date_created" json:"date_created"`
 	Updated           string   `dynamodbav:"date_modified" json:"date_modified"`
 	Note              string   `dynamodbav:"note" json:"note"`
+	IsSanctioned      bool     `dynamodbav:"is_sanctioned" json:"is_sanctioned"`
 	Version           string   `dynamodbav:"version" json:"version"`
 }
 
@@ -85,6 +86,7 @@ func (dbCompanyModel *DBModel) toModel() (*models.Company, error) {
 		Created:           strfmt.DateTime(createdDateTime),
 		Updated:           strfmt.DateTime(updateDateTime),
 		Note:              dbCompanyModel.Note,
+		IsSanctioned:      dbCompanyModel.IsSanctioned,
 		Version:           dbCompanyModel.Version,
 	}, nil
 }
@@ -145,6 +147,7 @@ func toSwaggerModel(dbCompanyModel *DBModel) (*models.Company, error) {
 		CompanyID:         dbCompanyModel.CompanyID,
 		CompanyName:       dbCompanyModel.CompanyName,
 		SigningEntityName: dbCompanyModel.SigningEntityName,
+		IsSanctioned:      dbCompanyModel.IsSanctioned,
 		CompanyExternalID: dbCompanyModel.CompanyExternalID,
 		CompanyManagerID:  dbCompanyModel.CompanyManagerID,
 		Created:           strfmt.DateTime(createdDateTime),

cla-backend-go/company/projections.go

@@ -18,6 +18,7 @@ func buildCompanyProjection() expression.ProjectionBuilder {
 		expression.Name("date_created"),
 		expression.Name("date_modified"),
 		expression.Name("note"),
+		expression.Name("is_sanctioned"),
 		expression.Name("version"),
 	)
 }

cla-backend-go/company/repository.go

@@ -733,7 +733,7 @@ func (repo repository) buildCompaniesByUserManagerWithInvites(ctx context.Contex
 	for _, invite := range invites {
 		company, err := repo.GetCompany(ctx, invite.RequestedCompanyID)
 		if err != nil {
-			log.WithFields(f).Warnf("error retrieving company with company ID %s, error: %v - skipping invite", company, err)
+			log.WithFields(f).Warnf("error retrieving company with company ID %s, error: %v - skipping invite", invite.RequestedCompanyID, err)
 			continue
 		}
 
@@ -772,6 +772,8 @@ func buildCompanyModels(ctx context.Context, results *dynamodb.ScanOutput) ([]mo
 		CompanyACL        []string `json:"company_acl"`
 		CompanyExternalID string   `json:"company_external_id"`
 		Created           string   `json:"date_created"`
+		Note              string   `json:"note"`
+		IsSanctioned      bool     `json:"is_sanctioned"`
 		Modified          string   `json:"date_modified"`
 	}
 
@@ -812,6 +814,8 @@ func buildCompanyModels(ctx context.Context, results *dynamodb.ScanOutput) ([]mo
 			SigningEntityName: dbCompany.SigningEntityName,
 			CompanyExternalID: dbCompany.CompanyExternalID,
 			Created:           strfmt.DateTime(createdDateTime),
+			Note:              dbCompany.Note,
+			IsSanctioned:      dbCompany.IsSanctioned,
 			Updated:           strfmt.DateTime(modifiedDateTime),
 		})
 	}
@@ -1269,6 +1273,7 @@ func (repo repository) CreateCompany(ctx context.Context, in *models.Company) (*
 		utils.XREQUESTID:    ctx.Value(utils.XREQUESTID),
 		"companyName":       in.CompanyName,
 		"signingEntityName": in.SigningEntityName,
+		"isSanctioned":      in.IsSanctioned,
 		"companySFID":       in.CompanyExternalID,
 	}
 
@@ -1296,6 +1301,7 @@ func (repo repository) CreateCompany(ctx context.Context, in *models.Company) (*
 		CompanyName:       in.CompanyName,
 		CompanyExternalID: in.CompanyExternalID,
 		SigningEntityName: in.SigningEntityName,
+		IsSanctioned:      in.IsSanctioned,
 		Created:           now,
 		Updated:           now,
 		Version:           "v1",

cla-backend-go/company/service.go

@@ -878,6 +878,7 @@ func (s service) CreateOrgFromExternalID(ctx context.Context, signingEntityName,
 		CompanyExternalID: org.ID,
 		CompanyName:       org.Name,
 		SigningEntityName: signingEntityName,
+		IsSanctioned:      false,
 		Note:              fmt.Sprintf("%s - Created based on SF Organization Service record - %s", now, additionalNote),
 	}
 	if companyAdmin != nil {

cla-backend-go/swagger/common/company.yaml

@@ -38,6 +38,11 @@ properties:
     type: string
     description: An optional note associated with this company record
     example: "Added by David to support CNCF migration"
+  isSanctioned:
+    type: boolean
+    description: "Is this company OFAC sanctioned?"
+    # default: false
+    example: true
   version:
     type: string
     description: 'the version of the company record'

cla-backend-go/swagger/common/user.yaml

@@ -57,3 +57,8 @@ properties:
   userCompanyID:
     type: string
     description: the user's optional company ID
+  isSanctioned:
+    type: boolean
+    description: "Is this user OFAC sanctioned? This field comes from users's company"
+    # default: false
+    example: true