Merge pull request #9 from linuxfoundation/misc-fixes

Update to reflect requirement changes

Author: emsearcy

charts/lfx-v1-sync-helper/Chart.yaml

@@ -5,4 +5,4 @@ apiVersion: v2
 name: lfx-v1-sync-helper
 description: LFX Platform v1 Sync Helper chart
 type: application
-version: 0.2.0
+version: 0.2.1

charts/lfx-v1-sync-helper/README.md

@@ -62,7 +62,7 @@ EOF
 
 # Install from the OCI registry
 helm install -n lfx lfx-v1-sync-helper \
-    oci://ghcr.io/linuxfoundation/lfx-v1-sync-helper/chart \
+    oci://ghcr.io/linuxfoundation/lfx-v1-sync-helper/chart/lfx-v1-sync-helper \
     -f values.yaml
 ```
 

charts/lfx-v1-sync-helper/values.yaml

@@ -19,9 +19,6 @@ app:
     # NATS_URL is required
     NATS_URL:
       value: nats://lfx-platform-nats.lfx.svc.cluster.local:4222
-    # LOG_LEVEL is optional
-    LOG_LEVEL:
-      value: info
     # DEBUG is optional
     DEBUG:
       value: "false"
@@ -155,6 +152,6 @@ auth0:
     # name of the secret containing Auth0 client ID and private key
     name: v1-sync-helper-auth0-credentials
     # key in the secret which contains the Auth0 client ID
-    clientIdKey: client-id
+    clientIdKey: client_id
     # key in the secret which contains the Auth0 private key
-    privateKeyKey: private-key
+    privateKeyKey: client_private_key

v1-sync-helper/config.go

@@ -10,58 +10,65 @@ import (
 	"os"
 )
 
-// ProjectAllowlist contains the list of project slugs that are allowed to be synced.
-// All entries should be lowercase for case-insensitive matching.
-var ProjectAllowlist = []string{
+// projectAllowlist contains the list of project slugs that are allowed to be
+// synced, but whose child projects are NOT, unless explicitly listed. *All
+// entries must be lowercase* (lookups downcase for case-insensitive matching).
+var projectAllowlist = []string{
 	"tlf",
-	"lf-charities",
-	"lfprojects",
-	"jdf",
-	"jdf-llc",
-	"jdf-international",
-	"lfenergy",
-	"tazama",
-	"chiplet",
-	"cnab",
-	"spif",
-	"uptane",
-	"isac-simo",
-	"oeew",
-	"mlf",
-	"co-packaged-optics-collaboration",
-	"clusterduck",
-	"liquid-prep",
-	"authentication",
-	"quantum-ir",
-	"claims-and-credentials",
-	"secure-data-storage",
-	"aomedia",
-	"iovisor",
-	"lfc",
-	"spdx-working-group",
-	"droneaid",
-	"open-chain-working-group",
-	"murmur-project",
-	"rend-o-matic",
-	"easycla",
-	"identifiers-and-discovery",
-	"korg",
-	"lottie-animation-community",
-	"cii",
-	"did-communication",
-	"3mf-working-group",
-	"call-for-code",
-	"pyrrha",
-	"decentralized-identity-foundation-dif",
-	"spif-working-group",
-	"opentempus",
-	"open-yvy",
-	"openharvest",
-	"jdf3mf",
-	"racial-justice",
-	"celf",
-	"sdog",
-	"project-origin",
+	// "lfprojects",
+	// "lf-charities",
+	// "jdf",
+	// "jdf-llc",
+	// "jdf-international",
+	// "lfenergy",
+}
+
+// ProjectFamilyAllowlist contains the list of projects slugs that are allowed
+// to be synced along with their child projects. *All entries must be
+// lowercase* (lookups downcase for case-insensitive matching).
+var projectFamilyAllowlist = []string{
+	// "tazama",
+	// "chiplet",
+	// "cnab",
+	// "spif",
+	// "uptane",
+	// "isac-simo",
+	// "oeew",
+	// "mlf",
+	// "co-packaged-optics-collaboration",
+	// "clusterduck",
+	// "liquid-prep",
+	// "authentication",
+	// "quantum-ir",
+	// "claims-and-credentials",
+	// "secure-data-storage",
+	// "aomedia",
+	// "iovisor",
+	// "lfc",
+	// "spdx-working-group",
+	// "droneaid",
+	// "open-chain-working-group",
+	// "murmur-project",
+	// "rend-o-matic",
+	// "easycla",
+	// "identifiers-and-discovery",
+	// "korg",
+	// "lottie-animation-community",
+	// "cii",
+	// "did-communication",
+	// "3mf-working-group",
+	// "call-for-code",
+	// "pyrrha",
+	// "decentralized-identity-foundation-dif",
+	// "spif-working-group",
+	// "opentempus",
+	// "open-yvy",
+	// "openharvest",
+	// "jdf3mf",
+	// "racial-justice",
+	// "celf",
+	// "sdog",
+	// "project-origin",
 }
 
 // Config holds all configuration values for the v1-sync-helper service

v1-sync-helper/handlers_committees.go

@@ -7,6 +7,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	committeeservice "github.com/linuxfoundation/lfx-v2-committee-service/gen/committee_service"
 	"github.com/nats-io/nats.go/jetstream"
@@ -26,13 +27,14 @@ var allowedCommitteeCategories = map[string]bool{
 	"Marketing Committee/Sub Committee": true,
 	"Marketing Mailing List":            true,
 	"Marketing Oversight Committee/Marketing Advisory Committee": true,
-	"Other":                  true,
-	"Product Security":       true,
-	"Special Interest Group": true,
-	"Technical Mailing List": true,
-	"Technical Oversight Committee/Technical Advisory Committee": true,
-	"Technical Steering Committee":                               true,
-	"Working Group":                                              true,
+	"Other":                         true,
+	"Product Security":              true,
+	"Special Interest Group":        true,
+	"Technical Advisory Committee":  true,
+	"Technical Mailing List":        true,
+	"Technical Oversight Committee": true,
+	"Technical Steering Committee":  true,
+	"Working Group":                 true,
 }
 
 // allowedAppointedByValues defines the valid values for appointed_by__c mapping to appointed_by.
@@ -101,11 +103,25 @@ func mapAppointedByToValidValue(ctx context.Context, appointedBy string) string
 }
 
 // mapTypeToCategory filters and maps type__c to category.
-func mapTypeToCategory(ctx context.Context, typeVal string) *string {
+func mapTypeToCategory(ctx context.Context, typeVal, committeeName string) *string {
 	if typeVal == "" {
 		return nil
 	}
 
+	if typeVal == "Technical Oversight Committee/Technical Advisory Committee" {
+		// Special case mapping.
+		if strings.Contains(strings.ToLower(committeeName), "advisory") {
+			mapped := "Technical Advisory Committee"
+			return &mapped
+		}
+		if strings.Contains(strings.ToLower(committeeName), "tac") {
+			mapped := "Technical Advisory Committee"
+			return &mapped
+		}
+		mapped := "Technical Oversight Committee"
+		return &mapped
+	}
+
 	if allowedCommitteeCategories[typeVal] {
 		return &typeVal
 	}
@@ -233,7 +249,7 @@ func mapV1DataToCommitteeCreatePayload(ctx context.Context, v1Data map[string]an
 	}
 
 	if typeVal, ok := v1Data["type__c"].(string); ok && typeVal != "" {
-		if category := mapTypeToCategory(ctx, typeVal); category != nil {
+		if category := mapTypeToCategory(ctx, typeVal, name); category != nil {
 			payload.Category = *category // Map Type to Category with validation.
 		}
 	}
@@ -308,7 +324,7 @@ func mapV1DataToCommitteeUpdateBasePayload(ctx context.Context, committeeUID str
 	}
 
 	if typeVal, ok := v1Data["type__c"].(string); ok && typeVal != "" {
-		if category := mapTypeToCategory(ctx, typeVal); category != nil {
+		if category := mapTypeToCategory(ctx, typeVal, name); category != nil {
 			payload.Category = *category // Map Type to Category with validation.
 		}
 	}

v1-sync-helper/handlers_projects.go

@@ -61,8 +61,8 @@ func isProjectAllowed(ctx context.Context, v1Data map[string]any, mappingsKV jet
 	slug, _ := v1Data["slug__c"].(string)
 	slug = strings.ToLower(slug)
 
-	// Check if the project's slug is in the allowlist.
-	if slices.Contains(ProjectAllowlist, slug) {
+	// Check if the project's slug is in either allowlist.
+	if slices.Contains(projectAllowlist, slug) || slices.Contains(projectFamilyAllowlist, slug) {
 		return true, "project slug is in allowlist"
 	}
 
@@ -97,15 +97,15 @@ func isProjectAllowed(ctx context.Context, v1Data map[string]any, mappingsKV jet
 	}
 	parentSlug = strings.ToLower(parentSlug)
 
-	// Check if parent is one of the "overarching" grouping projects.
-	overarchingProjects := []string{"tlf", "lf-charities", "lfprojects", "jdf", "jdf-llc", "jdf-international", "lfenergy"}
-	if slices.Contains(overarchingProjects, parentSlug) {
+	// Check if parent is one of the "overarching" grouping projects which does
+	// not allow all children.
+	if slices.Contains(projectAllowlist, parentSlug) {
 		// For children of overarching projects, only allow if child slug is in allowlist.
 		return false, fmt.Sprintf("child of overarching project %s but child slug not in allowlist", parentSlug)
 	}
 
-	// Parent is not an overarching project, so this is a child of an allowlisted project.
-	// These are always allowed.
+	// Parent is not an overarching project, so this is a "descendant" of an
+	// allowlisted project "family".
 	return true, fmt.Sprintf("child of allowlisted project %s", parentSlug)
 }