diff --git a/cla-backend-go/cla_manager/handlers.go b/cla-backend-go/cla_manager/handlers.go index 7d6fa48bc..fb30cdb28 100644 --- a/cla-backend-go/cla_manager/handlers.go +++ b/cla-backend-go/cla_manager/handlers.go @@ -493,7 +493,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := buildErrorMessageForDelete(params, sigErr) log.Warn(msg) return cla_manager.NewDeleteCLAManagerRequestBadRequest().WithPayload(&models.ErrorResponse{ - Message: "CLA Manager Delete Request - error reading CCLA Signatures - " + msg, + Message: "EasyCLA - 400 Bad Request - CLA Manager Delete Request - error reading CCLA Signatures - " + msg, Code: "400", }) } @@ -505,7 +505,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. sigModel := sigModels.Signatures[0] claManagers := sigModel.SignatureACL if !currentUserInACL(claUser, claManagers) { - msg := fmt.Sprintf("CLA Manager %s / %s / %s not authorized to delete requests for company ID: %s, project ID: %s", + msg := fmt.Sprintf("EasyCLA - 401 Unauthorized - CLA Manager %s / %s / %s not authorized to delete requests for company ID: %s, project ID: %s", claUser.UserID, claUser.Name, claUser.LFEmail, params.CompanyID, params.ProjectID) log.Debug(msg) return cla_manager.NewDeleteCLAManagerRequestUnauthorized().WithPayload(&models.ErrorResponse{ @@ -553,7 +553,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for user by LFID: %s failed ", params.Body.UserLFID) log.Warn(msg) return cla_manager.NewAddCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Add CLA Manager - error getting user - " + msg, + Message: "EasyCLA - 400 Bad Request - Add CLA Manager - error getting user - " + msg, Code: "400", }) } @@ -562,7 +562,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for company by ID: %s failed ", params.CompanyID) log.Warn(msg) return cla_manager.NewAddCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Add CLA Manager - error getting company - " + msg, + Message: "EasyCLA - 400 Bad Request - Add CLA Manager - error getting company - " + msg, Code: "400", }) } @@ -572,7 +572,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for project by ID: %s failed ", params.ProjectID) log.Warn(msg) return cla_manager.NewAddCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Add CLA Manager - error getting project - " + msg, + Message: "EasyCLA - 400 Bad Request - Add CLA Manager - error getting project - " + msg, Code: "400", }) } @@ -589,7 +589,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := buildErrorMessageAddManager("Add CLA Manager - signature lookup error", params, sigErr) log.Warn(msg) return cla_manager.NewAddCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Add CLA Manager - error reading CCLA Signatures - " + msg, + Message: "EasyCLA - 400 Bad Request - Add CLA Manager - error reading CCLA Signatures - " + msg, Code: "400", }) } @@ -601,7 +601,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. sigModel := sigModels.Signatures[0] claManagers := sigModel.SignatureACL if !currentUserInACL(claUser, claManagers) { - msg := fmt.Sprintf("User %s / %s / %s is not authorized to add a CLA Manager for company ID: %s, project ID: %s", + msg := fmt.Sprintf("EasyCLA - 401 Unauthorized - User %s / %s / %s is not authorized to add a CLA Manager for company ID: %s, project ID: %s", claUser.UserID, claUser.Name, claUser.LFEmail, params.CompanyID, params.ProjectID) log.Debug(msg) return cla_manager.NewAddCLAManagerUnauthorized().WithPayload(&models.ErrorResponse{ @@ -610,8 +610,8 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. }) } + // Audit Event sent from service upon success signature, addErr := service.AddClaManager(params.CompanyID, params.ProjectID, params.Body.UserLFID) - if addErr != nil { msg := buildErrorMessageAddManager("Add CLA Manager - Service Error", params, addErr) log.Warn(msg) @@ -632,7 +632,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for user by LFID: %s failed ", params.UserLFID) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Delete CLA Manager - error getting user - " + msg, + Message: "EasyCLA - 400 Bad Request - Delete CLA Manager - error getting user - " + msg, Code: "400", }) } @@ -641,7 +641,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for company by ID: %s failed ", params.CompanyID) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Delete CLA Manager - error getting company - " + msg, + Message: "EasyCLA - 400 Bad Request - Delete CLA Manager - error getting company - " + msg, Code: "400", }) } @@ -651,7 +651,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := fmt.Sprintf("User lookup for project by ID: %s failed ", params.ProjectID) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Delete CLA Manager - error getting project - " + msg, + Message: "EasyCLA - 400 Bad Request - Delete CLA Manager - error getting project - " + msg, Code: "400", }) } @@ -667,7 +667,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. msg := buildErrorMessageDeleteManager("Delete CLA Manager - Signature Lookup Error", params, sigErr) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ - Message: "Delete CLA Manager - error reading CCLA Signatures - " + msg, + Message: "EasyCLA - 400 Bad Request - Delete CLA Manager - error reading CCLA Signatures - " + msg, Code: "400", }) } @@ -688,10 +688,11 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. }) } + // Audit Event sent from service upon success signature, deleteErr := service.RemoveClaManager(params.CompanyID, params.ProjectID, params.UserLFID) if deleteErr != nil { - msg := buildErrorMessageDeleteManager("Delete CLA Manager - Service Error", params, deleteErr) + msg := buildErrorMessageDeleteManager("EasyCLA - 400 Bad Request - Delete CLA Manager - Service Error", params, deleteErr) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ Message: msg, @@ -700,7 +701,7 @@ func Configure(api *operations.ClaAPI, service IService, companyService company. } if signature == nil { - msg := buildErrorMessageDeleteManager("Delete CLA Manager - Response Signature Missing", params, deleteErr) + msg := buildErrorMessageDeleteManager("EasyCLA - 400 Bad Request - Delete CLA Manager - Response Signature Missing", params, deleteErr) log.Warn(msg) return cla_manager.NewDeleteCLAManagerBadRequest().WithPayload(&models.ErrorResponse{ Message: msg, diff --git a/cla-backend-go/cla_manager/service.go b/cla-backend-go/cla_manager/service.go index dd7948fae..ea39f9574 100644 --- a/cla-backend-go/cla_manager/service.go +++ b/cla-backend-go/cla_manager/service.go @@ -252,9 +252,11 @@ func (s service) AddClaManager(companyID string, projectID string, LFID string) UserModel: userModel, ExternalProjectID: projectModel.ProjectExternalID, EventData: &events.CLAManagerCreatedEventData{ - UserName: userModel.Username, - UserEmail: userModel.LfEmail, - UserLFID: userModel.LfUsername, + CompanyName: companyModel.CompanyName, + ProjectName: projectModel.ProjectName, + UserName: userModel.Username, + UserEmail: userModel.LfEmail, + UserLFID: userModel.LfUsername, }, }) diff --git a/cla-backend-go/db/demoData.sql b/cla-backend-go/db/demoData.sql deleted file mode 100644 index ceb085dfb..000000000 --- a/cla-backend-go/db/demoData.sql +++ /dev/null @@ -1,266 +0,0 @@ --- Copyright The Linux Foundation and each contributor to CommunityBridge. --- SPDX-License-Identifier: MIT ---USERS - - INSERT INTO cla."user" (user_id, "name") - VALUES ('11ebaa98-3471-4fcf-99e8-729549e4f326','Test user'); - - INSERT INTO cla."user" (user_id, "name") - VALUES ('d76bf2b0-0593-407b-a9fe-d6532f5ace38','Test user 2'); - - INSERT INTO cla.user_auth_provider(user_id, provider, provider_user_id) - VALUES ('11ebaa98-3471-4fcf-99e8-729549e4f326', 'lfid', 'lfid_username'); - - INSERT INTO cla.user_auth_provider(user_id, provider, provider_user_id) - VALUES ('11ebaa98-3471-4fcf-99e8-729549e4f326', 'github', 'github_username'); - - INSERT INTO cla.user_auth_provider(user_id, provider, provider_user_id) - VALUES ('d76bf2b0-0593-407b-a9fe-d6532f5ace38', 'lfid', 'foobarski'); - - INSERT INTO cla.user_auth_provider(user_id, provider, provider_user_id) - VALUES ('d76bf2b0-0593-407b-a9fe-d6532f5ace38', 'github', 'user two'); - - INSERT INTO cla.project_manager(user_id, project_sfdc_id) - VALUES ('11ebaa98-3471-4fcf-99e8-729549e4f326', 'sfdc_id_one'); - - INSERT INTO cla.project_manager(user_id, project_sfdc_id) - VALUES ('11ebaa98-3471-4fcf-99e8-729549e4f326', 'sfdc_id_two'); - - INSERT INTO cla.project_manager(user_id, project_sfdc_id) - VALUES ('d76bf2b0-0593-407b-a9fe-d6532f5ace38', 'sfdc_id_one'); - - INSERT INTO cla.project_manager(user_id, project_sfdc_id) - VALUES ('d76bf2b0-0593-407b-a9fe-d6532f5ace38', 'sfdc_id_two'); - - INSERT INTO cla."user" (user_id, "name") - VALUES ('fd1abddd-a370-4de8-a95d-0bec5b21e485','Test user 3'); - - -- COMPANY - INSERT INTO cla.company (company_id, "name") - VALUES ('445a532e-e938-431f-92cc-62a67e26cd1e','Test Comany 1'); - - INSERT INTO cla.company (company_id, "name") - VALUES ('5d6120e1-95fb-4975-90c1-54fbf063fc90','Test Comany 2'); - - -- CONTRACT GOUPS - INSERT INTO cla.contract_group - ( - project_sfdc_id, - "name", - corporate_cla_requires_individual_cla, - corporate_cla_enabled) - VALUES ( - '123456', - 'demo CCLA Only', - false, - true); - - INSERT INTO cla.contract_group - (contract_group_id, - project_sfdc_id, - "name", - corporate_cla_requires_individual_cla, - corporate_cla_enabled) - VALUES ('0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50' , - '456789', - 'demo Contract Group 2', - false, - true); - - INSERT INTO cla.contract_group - (contract_group_id, - project_sfdc_id, - "name", - corporate_cla_requires_individual_cla, - corporate_cla_enabled) - VALUES ('0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50' , - '456789', - 'demo Contract Group 2', - false, - true); - - --Project Manager - INSERT INTO cla.project_manager - (user_id, - project_sfdc_id) - VALUES - ('11ebaa98-3471-4fcf-99e8-729549e4f326', - '123sfdc'); - - -- Contract Templates - INSERT INTO cla.contract_template - (contract_template_id, - contract_group_id, - "type", - "document", - major_version, - minor_version, - "name") - VALUES ('b65da042-3d6b-408a-aaed-6155c8fdf577', - '0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50', - 'CCLA', - '{"name": "Paint house", "tags": ["Improvements", "Office"], "finished": true}', - 1, - 0, - 'test template 1'); - - INSERT INTO "cla"."contract_template" - ("contract_template_id", - "contract_group_id", - "type", - "document", - "major_version", - "minor_version", - "name") - VALUES ('35ef4864-5174-4394-b07e-408fa1247cb6', - '0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50', - 'ICLA', '{"name": "Paint house", "tags": ["Improvements", "Office"], "finished": true}', - 1, - 0, - 'test template 2'); - - INSERT INTO "cla"."contract_template" - ("contract_template_id", - "contract_group_id", - "type", - "document", - "major_version", - "minor_version", - "name") - VALUES ('4694efcf-2d5f-46bf-a924-80abcdcd837c', - 'ea3bac44-08c0-4947-8c81-8c02c3435a25', - 'ICLA', '{"name": "Paint house"}', - 1, - 0, - 'test template 3'); - - INSERT INTO "cla"."contract_template" - ("contract_template_id", - "contract_group_id", - "type", - "document", - "major_version", - "minor_version", - "name") - VALUES ('e7ccdbb3-64a7-4943-a1a4-21260af52a3a', - '0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50', - 'CCLA', - '{"name": "Paint house", "tags": ["Improvements", "Office"], "finished": true}', - 2, - 0, - 'test template 4'); - - -- Corporate cla group - - INSERT INTO cla.corporate_cla_group - (corporate_cla_group_id, - email_whitelist, - company_id, - contract_group_id) - VALUES ('e630255b-7974-47f1-969f-2b9fb3d271b4', - '{"email":"test@test.com"}', - '5d6120e1-95fb-4975-90c1-54fbf063fc90', - '0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50'); - - -- CLA Manager - INSERT INTO cla.cla_manager - (user_id, corporate_cla_group_id) - VALUES - ('d76bf2b0-0593-407b-a9fe-d6532f5ace38', - 'e630255b-7974-47f1-969f-2b9fb3d271b4'); - - --Docusign document - INSERT INTO cla.docusign (docusign_id, envelope_id) - VALUES ('97be5d8e-0f3d-49d6-b3bd-f287f4b4929c', - '333'); - - --Docusign document - INSERT INTO cla.docusign (docusign_id, envelope_id) - VALUES ('33473f71-b696-4547-bb13-abb0e6aec910', - '444'); - - - -- Corporate Cla - INSERT INTO cla.corporate_cla - (corporate_cla_id, - corporate_cla_group_id, - contract_template_id, - docusign_id, - signatory_email, - signed_by, - signed) - VALUES - ('5f31f687-2f03-43ff-a8e6-b0081ba22cab', - 'e630255b-7974-47f1-969f-2b9fb3d271b4', - 'e7ccdbb3-64a7-4943-a1a4-21260af52a3a', - '33473f71-b696-4547-bb13-abb0e6aec910', - 'signatory@email.com', - 'daea7b2e-9fad-4628-8aa9-4f6d158350db', - true); - - --USER 1 ICLA signed = true - INSERT INTO cla.individual_cla - (individual_cla_id, - contract_template_id, - user_id, - docusign_id, - signed) - VALUES ('97be5d8e-0f3d-49d6-b3bd-f287f4b4929c', - '35ef4864-5174-4394-b07e-408fa1247cb6', - '11ebaa98-3471-4fcf-99e8-729549e4f326', - '97be5d8e-0f3d-49d6-b3bd-f287f4b4929c', - true); - - -- User 2 ICLA signed = false - INSERT INTO cla.individual_cla - (individual_cla_id, - contract_template_id, - user_id, - docusign_id, - signed) - VALUES ('741fb220-7b79-41ed-aec4-76e49dc48fa3', - '35ef4864-5174-4394-b07e-408fa1247cb6', - 'd76bf2b0-0593-407b-a9fe-d6532f5ace38', - '33473f71-b696-4547-bb13-abb0e6aec910', - false); - - -- github org - INSERT INTO cla.github_organization - (github_organization_id, - contract_group_id, - "name", - installation_id, - authorizing_user_name, - authorizing_github_id, - created_by, - updated_by) - VALUES - ('7f415c29-a2f7-465d-8251-541fe48c1f5e', - 'ea3bac44-08c0-4947-8c81-8c02c3435a25', - 'Demo ICLA Org', - '1111', - 'Autorizing Username', - 'authorizing GH ID', - '11ebaa98-3471-4fcf-99e8-729549e4f326', - '11ebaa98-3471-4fcf-99e8-729549e4f326'); - - -- Gerrit Instace - INSERT INTO cla.gerrit_instance - (gerrit_instance_id, - contract_group_id, - ldap_group_id, - ldap_group_name, - url, - created_by, - updated_by) - VALUES - ('a61924cc-ab10-4b45-b23c-142ef609b85d', - '0e8eaca6-667e-4cc6-a354-b6ea1cfa8a50', - '1234', - 'LDAP group name', - 'ldap url', - 'd76bf2b0-0593-407b-a9fe-d6532f5ace38', - 'd76bf2b0-0593-407b-a9fe-d6532f5ace38'); - - - diff --git a/cla-backend-go/db/migrations/20190213234226_init.sql b/cla-backend-go/db/migrations/20190213234226_init.sql deleted file mode 100644 index 2be7913ce..000000000 --- a/cla-backend-go/db/migrations/20190213234226_init.sql +++ /dev/null @@ -1,192 +0,0 @@ --- Copyright The Linux Foundation and each contributor to CommunityBridge. --- SPDX-License-Identifier: MIT --- migrate:up -CREATE SCHEMA cla; -CREATE EXTENSION IF NOT EXISTS "pgcrypto"; - -CREATE TABLE cla."user"( - user_id UUID NOT NULL DEFAULT gen_random_uuid(), - name TEXT, - - PRIMARY KEY(user_id) -); - -CREATE TABLE cla.user_auth_provider( - user_id UUID NOT NULL REFERENCES cla."user"(user_id), - provider_user_id TEXT NOT NULL, - provider TEXT NOT NULL, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - UNIQUE (provider_user_id, user_id, provider) -); - -CREATE TABLE cla.company ( - company_id UUID NOT NULL DEFAULT gen_random_uuid(), - "name" TEXT, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(company_id) -); - -CREATE TABLE cla.user_email( - user_id UUID REFERENCES cla."user"(user_id), - email TEXT NOT NULL, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()) -); - -CREATE TABLE cla.contract_group ( - contract_group_id UUID NOT NULL DEFAULT gen_random_uuid(), - project_sfdc_id TEXT NOT NULL, - name TEXT NOT NULL, - individual_cla_enabled BOOLEAN DEFAULT FALSE, - corporate_cla_enabled BOOLEAN DEFAULT FALSE, - corporate_cla_requires_individual_cla BOOLEAN DEFAULT FALSE, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(contract_group_id) -); - -CREATE TABLE cla.corporate_cla_group ( - corporate_cla_group_id UUID NOT NULL DEFAULT gen_random_uuid(), - email_whitelist jsonb, - company_id UUID NOT NULL REFERENCES cla.company(company_id), - contract_group_id UUID NOT NULL REFERENCES cla.contract_group(contract_group_id), - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - UNIQUE (company_id, contract_group_id), - - PRIMARY KEY(corporate_cla_group_id) -); - -CREATE TYPE cla.contract_template_type AS ENUM ( - 'CCLA', - 'ICLA' -); - -CREATE TABLE cla.contract_template ( - contract_template_id UUID NOT NULL DEFAULT gen_random_uuid(), - contract_group_id UUID NOT NULL REFERENCES cla.contract_group(contract_group_id), - "type" cla.contract_template_type NOT NULL, - "name" TEXT, - document jsonb, - major_version int NOT NULL, - minor_version int NOT NULL, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - UNIQUE(contract_group_id, "type", major_version, minor_version), - - PRIMARY KEY(contract_template_id) -); - -CREATE TABLE cla.github_organization ( - github_organization_id UUID NOT NULL DEFAULT gen_random_uuid(), - contract_group_id UUID NOT NULL REFERENCES cla.contract_group(contract_group_id), - name TEXT, - installation_id TEXT, - authorizing_user_name TEXT, - authorizing_github_id TEXT, - created_by UUID NOT NULL REFERENCES cla.user(user_id), - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_by UUID NOT NULL REFERENCES cla.user(user_id), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(github_organization_id) -); - -CREATE TABLE cla.gerrit_instance ( - gerrit_instance_id UUID NOT NULL DEFAULT gen_random_uuid(), - contract_group_id UUID NOT NULL REFERENCES cla.contract_group(contract_group_id), - ldap_group_id TEXT, - ldap_group_name TEXT, - url TEXT, - created_by UUID NOT NULL REFERENCES cla.user(user_id), - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_by UUID NOT NULL REFERENCES cla.user(user_id), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(gerrit_instance_id) -); - -CREATE TABLE cla.corporate_cla_group_confirmed_users ( - user_id UUID NOT NULL REFERENCES cla.user(user_id), - corporate_cla_group_id UUID NOT NULL REFERENCES cla.corporate_cla_group(corporate_cla_group_id) -); - -CREATE TABLE cla.docusign ( - docusign_id UUID NOT NULL DEFAULT gen_random_uuid(), - envelope_id INT, - callback_url TEXT, - sign_url TEXT, - return_url TEXT, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(docusign_id) -); - -CREATE TABLE cla.individual_cla ( - individual_cla_id UUID NOT NULL DEFAULT gen_random_uuid(), - contract_template_id UUID NOT NULL REFERENCES cla.contract_template(contract_template_id), - user_id UUID NOT NULL REFERENCES cla.user(user_id), - docusign_id UUID NOT NULL REFERENCES cla.docusign(docusign_id), - signed BOOLEAN NOT NULL DEFAULT FALSE, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY(individual_cla_id) -); - -CREATE TABLE cla.corporate_cla ( - corporate_cla_id UUID NOT NULL DEFAULT gen_random_uuid(), - corporate_cla_group_id UUID NOT NULL REFERENCES cla.corporate_cla_group(corporate_cla_group_id), - contract_template_id UUID NOT NULL REFERENCES cla.contract_template(contract_template_id), - docusign_id UUID NOT NULL REFERENCES cla.docusign(docusign_id), - signatory_email TEXT, - signed_by UUID, - signed BOOLEAN NOT NULL DEFAULT FALSE, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY (corporate_cla_id) -); - -CREATE TABLE cla.project_manager ( - user_id UUID NOT NULL REFERENCES cla.user(user_id), - project_sfdc_id TEXT NOT NULL, - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY (user_id, project_sfdc_id) -); - -CREATE TABLE cla.cla_manager ( - user_id UUID NOT NULL REFERENCES cla.user(user_id), - corporate_cla_group_id UUID NOT NULL REFERENCES cla.corporate_cla_group(corporate_cla_group_id), - created_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - updated_at BIGINT NOT NULL DEFAULT extract(epoch from now()), - - PRIMARY KEY (user_id, corporate_cla_group_id) -); - --- migrate:down -DROP TABLE cla.cla_manager; -DROP TABLE cla.project_manager; -DROP TABLE cla.corporate_cla; -DROP TABLE cla.individual_cla; -DROP TABLE cla.docusign; -DROP TABLE cla.corporate_cla_group_confirmed_users; -DROP TABLE cla.gerrit_instance; -DROP TABLE cla.github_organization; -DROP TABLE cla.contract_template; -DROP TYPE cla.contract_template_type; -DROP TABLE cla.corporate_cla_group; -DROP TABLE cla.contract_group; -DROP TABLE cla.user_email; -DROP TABLE cla.company; -DROP TABLE cla.user_auth_provider; -DROP TABLE cla.user; -DROP SCHEMA cla; diff --git a/cla-backend-go/events/event_data.go b/cla-backend-go/events/event_data.go index 2a8490b72..2c5a0a201 100644 --- a/cla-backend-go/events/event_data.go +++ b/cla-backend-go/events/event_data.go @@ -206,9 +206,9 @@ type ClaManagerAccessRequestDeletedEventData struct { RequestID string } -type ProjectCreatedEventData struct{} -type ProjectUpdatedEventData struct{} -type ProjectDeletedEventData struct{} +type CLAGroupCreatedEventData struct{} +type CLAGroupUpdatedEventData struct{} +type CLAGroupDeletedEventData struct{} type ContributorNotifyCompanyAdminData struct { AdminName string @@ -424,20 +424,20 @@ func (ed *ClaManagerAccessRequestDeletedEventData) GetEventString(args *LogEvent return data, true } -func (ed *ProjectCreatedEventData) GetEventString(args *LogEventArgs) (string, bool) { - data := fmt.Sprintf("user [%s] has created project [%s]", - args.userName, args.projectName) +func (ed *CLAGroupCreatedEventData) GetEventString(args *LogEventArgs) (string, bool) { + data := fmt.Sprintf("user [%s] has created a CLA Group [%s - %s]", + args.userName, args.projectName, args.ProjectID) return data, true } -func (ed *ProjectUpdatedEventData) GetEventString(args *LogEventArgs) (string, bool) { - data := fmt.Sprintf("user [%s] has updated project [%s]", - args.userName, args.projectName) +func (ed *CLAGroupUpdatedEventData) GetEventString(args *LogEventArgs) (string, bool) { + data := fmt.Sprintf("user [%s] has updated CLA Group [%s - %s]", + args.userName, args.projectName, args.ProjectID) return data, true } -func (ed *ProjectDeletedEventData) GetEventString(args *LogEventArgs) (string, bool) { - data := fmt.Sprintf("user [%s] has deleted project [%s]", - args.userName, args.projectName) +func (ed *CLAGroupDeletedEventData) GetEventString(args *LogEventArgs) (string, bool) { + data := fmt.Sprintf("user [%s] has deleted CLA Group [%s - %s]", + args.userName, args.projectName, args.ProjectID) return data, true } diff --git a/cla-backend-go/events/event_types.go b/cla-backend-go/events/event_types.go index cd58f0390..8a65f2ffa 100644 --- a/cla-backend-go/events/event_types.go +++ b/cla-backend-go/events/event_types.go @@ -67,9 +67,9 @@ const ( ClaManagerCreated = "cla_manager.added" ClaManagerDeleted = "cla_manager.deleted" - ProjectCreated = "project.created" - ProjectUpdated = "project.updated" - ProjectDeleted = "project.deleted" + CLAGroupCreated = "cla_group.created" + CLAGroupUpdated = "cla_group.updated" + CLAGroupDeleted = "cla_group.deleted" InvalidatedSignature = "signature.invalidated" diff --git a/cla-backend-go/logging/logger.go b/cla-backend-go/logging/logger.go index a3fda69c5..9bbe69805 100644 --- a/cla-backend-go/logging/logger.go +++ b/cla-backend-go/logging/logger.go @@ -175,21 +175,9 @@ func Trace() (line string) { return fmt.Sprintf("%s,:%d %s\n", frame.File, frame.Line, frame.Function) } -// StripSpecialChars strips newlines and tabs from a string -func StripSpecialChars(s string) string { - return strings.Map(func(r rune) rune { - switch r { - case '\t', '\n': - return ' ' - default: - return r - } - }, s) -} - // GenerateUUID is function to generate our own uuid if the google uuid throws error func GenerateUUID() string { - Info("entering func generateUUID") + Debug("entering func generateUUID") b := make([]byte, 16) _, err := rand.Read(b) if err != nil { diff --git a/cla-backend-go/project/handlers.go b/cla-backend-go/project/handlers.go index 50ce57bcc..daaee443a 100644 --- a/cla-backend-go/project/handlers.go +++ b/cla-backend-go/project/handlers.go @@ -65,10 +65,10 @@ func Configure(api *operations.ClaAPI, service Service, eventsService events.Ser } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectCreated, + EventType: events.CLAGroupCreated, ProjectModel: projectModel, UserID: claUser.UserID, - EventData: &events.ProjectCreatedEventData{}, + EventData: &events.CLAGroupCreatedEventData{}, }) log.Infof("Create Project Succeeded, project name: %s, project external ID: %s", @@ -203,10 +203,10 @@ func Configure(api *operations.ClaAPI, service Service, eventsService events.Ser return project.NewDeleteProjectByIDBadRequest().WithPayload(errorResponse(err)) } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectDeleted, + EventType: events.CLAGroupDeleted, ProjectModel: projectModel, UserID: claUser.UserID, - EventData: &events.ProjectDeletedEventData{}, + EventData: &events.CLAGroupDeletedEventData{}, }) return project.NewDeleteProjectByIDNoContent() @@ -243,10 +243,10 @@ func Configure(api *operations.ClaAPI, service Service, eventsService events.Ser return project.NewUpdateProjectBadRequest().WithPayload(errorResponse(err)) } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectUpdated, + EventType: events.CLAGroupUpdated, ProjectModel: projectModel, UserID: claUser.UserID, - EventData: &events.ProjectUpdatedEventData{}, + EventData: &events.CLAGroupUpdatedEventData{}, }) return project.NewUpdateProjectOK().WithPayload(projectModel) diff --git a/cla-backend-go/serverless.yml b/cla-backend-go/serverless.yml index d38f57ece..e524a8f2f 100644 --- a/cla-backend-go/serverless.yml +++ b/cla-backend-go/serverless.yml @@ -211,8 +211,8 @@ provider: PLATFORM_AUTH0_CLIENT_SECRET: ${file(./env.json):cla-auth0-platform-client-secret, ssm:/cla-auth0-platform-client-secret-${opt:stage}} PLATFORM_AUTH0_AUDIENCE: ${file(./env.json):cla-auth0-platform-audience, ssm:/cla-auth0-platform-audience-${opt:stage}} PLATFORM_GATEWAY_URL: ${file(./env.json):platform-gateway-url, ssm:/cla-auth0-platform-api-gw-${opt:stage}} - # Enable API Debugging for Core Platform Services - DEBUG: true + # Set to true for verbose API logging - useful when Debugging API calls for Core Platform Services or other external services + DEBUG: false stackTags: Name: ${self:service} diff --git a/cla-backend-go/v2/cla_groups/handlers.go b/cla-backend-go/v2/cla_groups/handlers.go index b8919220b..0033f34eb 100644 --- a/cla-backend-go/v2/cla_groups/handlers.go +++ b/cla-backend-go/v2/cla_groups/handlers.go @@ -19,6 +19,7 @@ import ( // Configure configures the cla group api func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1Project.Service, eventsService events.Service) { + api.ClaGroupCreateClaGroupHandler = cla_group.CreateClaGroupHandlerFunc(func(params cla_group.CreateClaGroupParams, authUser *auth.User) middleware.Responder { utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) if !utils.IsUserAuthorizedForProject(authUser, params.ClaGroupInput.FoundationSfid) { @@ -44,11 +45,12 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectCreated, + EventType: events.CLAGroupCreated, ProjectID: claGroup.ClaGroupID, LfUsername: authUser.UserName, - EventData: &events.ProjectCreatedEventData{}, + EventData: &events.CLAGroupCreatedEventData{}, }) + return cla_group.NewCreateClaGroupOK().WithPayload(claGroup) }) @@ -64,8 +66,9 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P }) } return cla_group.NewDeleteClaGroupInternalServerError().WithPayload(&models.ErrorResponse{ - Code: "400", - Message: fmt.Sprintf("EasyCLA - 500 Internal server error - error = %s", err.Error()), + Code: "500", + Message: fmt.Sprintf("EasyCLA - 500 Internal server error - unable to lookup CLA Group by ID, error = %+v", + err), }) } if !utils.IsUserAuthorizedForProject(authUser, cg.FoundationSFID) { @@ -83,12 +86,14 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P Message: fmt.Sprintf("EasyCLA - 500 Internal server error - error = %s", err.Error()), }) } + eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectDeleted, + EventType: events.CLAGroupDeleted, ProjectModel: cg, LfUsername: authUser.UserName, - EventData: &events.ProjectDeletedEventData{}, + EventData: &events.CLAGroupDeletedEventData{}, }) + return cla_group.NewDeleteClaGroupNoContent() }) @@ -129,14 +134,17 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P Message: fmt.Sprintf("EasyCLA - 500 Internal server error - error = %s", err.Error()), }) } + eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectUpdated, + EventType: events.CLAGroupUpdated, ProjectModel: cg, LfUsername: authUser.UserName, - EventData: &events.ProjectUpdatedEventData{}, + EventData: &events.CLAGroupUpdatedEventData{}, }) + return cla_group.NewEnrollProjectsOK() }) + api.ClaGroupListClaGroupsUnderFoundationHandler = cla_group.ListClaGroupsUnderFoundationHandlerFunc(func(params cla_group.ListClaGroupsUnderFoundationParams, authUser *auth.User) middleware.Responder { utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) if !utils.IsUserAuthorizedForProject(authUser, params.ProjectSFID) { @@ -156,6 +164,7 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P } return cla_group.NewListClaGroupsUnderFoundationOK().WithPayload(result) }) + api.ClaGroupValidateClaGroupHandler = cla_group.ValidateClaGroupHandlerFunc(func(params cla_group.ValidateClaGroupParams, authUser *auth.User) middleware.Responder { utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) @@ -167,6 +176,7 @@ func Configure(api *operations.EasyclaAPI, service Service, v1ProjectService v1P ValidationErrors: validationErrors, }) }) + api.FoundationListFoundationClaGroupsHandler = foundation.ListFoundationClaGroupsHandlerFunc(func(params foundation.ListFoundationClaGroupsParams, authUser *auth.User) middleware.Responder { utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) result, err := service.ListAllFoundationClaGroups(params.FoundationSFID) diff --git a/cla-backend-go/v2/project/handlers.go b/cla-backend-go/v2/project/handlers.go index 3b36de675..c085c1e54 100644 --- a/cla-backend-go/v2/project/handlers.go +++ b/cla-backend-go/v2/project/handlers.go @@ -185,10 +185,10 @@ func Configure(api *operations.EasyclaAPI, service v1Project.Service, v2Service return project.NewDeleteProjectByIDBadRequest().WithPayload(errorResponse(err)) } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectDeleted, + EventType: events.CLAGroupDeleted, ProjectModel: projectModel, LfUsername: user.UserName, - EventData: &events.ProjectDeletedEventData{}, + EventData: &events.CLAGroupDeletedEventData{}, }) return project.NewDeleteProjectByIDNoContent() @@ -226,10 +226,10 @@ func Configure(api *operations.EasyclaAPI, service v1Project.Service, v2Service } eventsService.LogEvent(&events.LogEventArgs{ - EventType: events.ProjectUpdated, + EventType: events.CLAGroupUpdated, ProjectModel: projectModel, LfUsername: user.UserName, - EventData: &events.ProjectUpdatedEventData{}, + EventData: &events.CLAGroupUpdatedEventData{}, }) result, err := v2ProjectModel(projectModel) diff --git a/cla-backend/cla/models/docusign_models.py b/cla-backend/cla/models/docusign_models.py index cc5579c09..a9eb0e9ff 100644 --- a/cla-backend/cla/models/docusign_models.py +++ b/cla-backend/cla/models/docusign_models.py @@ -415,7 +415,7 @@ def check_and_prepare_employee_signature(project_id, company_id, user_id) -> dic cla.log.warning('No user email authorized for this CCLA: {}'.format(request_info)) return {'errors': {'ccla_approval_list': 'user not authorized for this ccla'}} - cla.log.info(f'User is whitelisted for this CCLA: {request_info}') + cla.log.info(f'User is approved for this CCLA: {request_info}') # Assume this company is the user's employer. # TODO: DAD - we should check to see if they already have a company id assigned @@ -424,10 +424,16 @@ def check_and_prepare_employee_signature(project_id, company_id, user_id) -> dic Event.create_event( event_type=EventType.UserAssociatedWithCompany, event_company_id=company_id, + event_company_name=company.get_company_name(), event_project_id=project_id, + event_project_name=project.get_project_name(), event_user_id=user.get_user_id(), - event_data='user {} associated himself with company {}'.format(user.get_user_name(), - company.get_company_name()), + event_data=(f'user {user.get_user_name()}/' + f'{user.get_github_username()}/' + f'{user.get_user_github_id()}/' + f'{user.get_user_id()} ' + f'associated with company {company.get_company_name()} for ' + f'project {project.get_project_name()}'), contains_pii=True, ) @@ -1114,6 +1120,7 @@ def signed_individual_callback(self, content, installation_id, github_repository signature.set_signature_signed(True) # Save signature signature.save() + # Send user their signed document. user = User() user.load(signature.get_signature_reference_id()) @@ -1135,11 +1142,32 @@ def signed_individual_callback(self, content, installation_id, github_repository project_id = signature.get_signature_project_id() self.send_to_s3(document_data, project_id, signature_id, 'icla', user_id) + try: + # Load the Project by ID and send audit event + project = Project() + project.load(signature.get_signature_project_id()) + Event.create_event( + event_type=EventType.IndividualSignatureSigned, + event_project_id=signature.get_signature_project_id(), + event_company_id=None, + event_user_id=signature.get_signature_reference_id(), + event_data=(f'individual signature of user {user.get_user_name()} ' + f'signed for project {project.get_project_name()}'), + contains_pii=False, + ) + except DoesNotExist as err: + msg = (f'signed_individual_callback - ' + f'unable to load project by CLA Group ID: {signature.get_signature_project_id()}, ' + f'unable to send audit event, error: {err}') + cla.log.warning(msg) + return + # Update the repository provider with this change. update_repository_provider(installation_id, github_repository_id, change_request_id) def signed_individual_callback_gerrit(self, content, user_id): - cla.log.debug(f'signed_individual_callback_gerrit - Docusign Gerrit ICLA signed callback POST data: {content}') + cla.log.debug('signed_individual_callback_gerrit - ' + f'Docusign Gerrit ICLA signed callback POST data: {content}') tree = ET.fromstring(content) # Get envelope ID. envelope_id = tree.find('.//' + self.TAGS['envelope_id']).text @@ -1169,6 +1197,26 @@ def signed_individual_callback_gerrit(self, content, user_id): signature.set_signature_signed(True) signature.save() + # Load the Project by ID and send audit event + project = Project() + try: + project.load(signature.get_signature_project_id()) + Event.create_event( + event_type=EventType.IndividualSignatureSigned, + event_project_id=signature.get_signature_project_id(), + event_company_id=None, + event_user_id=user.get_user_id(), + event_data=(f'individual signature of user {user.get_user_name()} ' + f'signed for project {project.get_project_name()}'), + contains_pii=False, + ) + except DoesNotExist as err: + msg = (f'signed_individual_callback_gerrit - ' + f'unable to load project by CLA Group ID: {signature.get_signature_project_id()}, ' + f'unable to send audit event, error: {err}') + cla.log.warning(msg) + return + gerrits = Gerrit().get_gerrit_by_project_id(signature.get_signature_project_id()) for gerrit in gerrits: # Get Gerrit Group ID @@ -1278,7 +1326,6 @@ def signed_corporate_callback(self, content, project_id, company_id): cla.log.warning(msg) return {'errors': {'error': msg}} - # Iterate through recipients and update the signature signature status if changed. elem = tree.find('.//' + self.TAGS['recipient_statuses'] + '/' + self.TAGS['recipient_status']) diff --git a/cla-backend/serverless.yml b/cla-backend/serverless.yml index 8d4843ec0..68bc90746 100644 --- a/cla-backend/serverless.yml +++ b/cla-backend/serverless.yml @@ -222,8 +222,8 @@ provider: PLATFORM_AUTH0_CLIENT_SECRET: ${file(./env.json):cla-auth0-platform-client-secret, ssm:/cla-auth0-platform-client-secret-${opt:stage}} PLATFORM_AUTH0_AUDIENCE: ${file(./env.json):cla-auth0-platform-audience, ssm:/cla-auth0-platform-audience-${opt:stage}} PLATFORM_GATEWAY_URL: ${file(./env.json):platform-gateway-url, ssm:/cla-auth0-platform-api-gw-${opt:stage}} - # Enable API Debugging for Core Platform Services - DEBUG: true + # Set to true for verbose API logging - useful when Debugging API calls for Core Platform Services or other external services + DEBUG: false stackTags: Name: ${self:service}