Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s) so that a user with this token can use the Org API with Unit scoping permissions taken into account #1059

Closed
18 tasks done
baszoetekouw opened this issue Nov 13, 2023 · 18 comments
Closed
18 tasks done

As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s) so that a user with this token can use the Org API with Unit scoping permissions taken into account #1059

baszoetekouw opened this issue Nov 13, 2023 · 18 comments
Assignees
@oharsta @baszoetekouw @logan-life
Labels
API
Milestone
v39

Comments

@baszoetekouw
Copy link
Member

baszoetekouw commented Nov 13, 2023
edited by oharsta
Loading

Use Cases:

  1. Orgs have Unit Managers that wish to use the Org API to programmatically manage COs. The Orgs wish to grant that power, but scoped to the Units and not for the whole Org.
  2. Orgs want to give particular application owners the ability to manage COs. They want to do this without giving the application owner the ability to manage ALL COs within the org. They instead want to create Units within which the application owner would have the ability to manage COs using the Unit scoped token.
  • POST /api​/collaborations​/v1, Post a new collaboration and add units of API token to CO
  • DELETE ​/api​/collaborations​/v1​/{co_identifier}, Delete collaboration
  • GET /api​/collaborations​/v1​/{co_identifier}, Get collaboration details
  • PUT ​/api​/collaborations​/v1​/{co_identifier}​/members| Update collaboration membership
  • DELETE ​/api​/collaborations​/v1​/{co_identifier}​/members​/{user_uid}| Delete collaboration membership
  • PUT ​/api​/collaborations_services​/v1​/connect_collaboration_service| Connect service to collaboration
  • PUT ​/api​/collaborations_services​/v1​/disconnect_collaboration_service| Disconnect service from collaboration
  • POST ​/api​/groups​/v1| Post a new group
  • DELETE ​/api​/groups​/v1​/{group_identifier}, Delete group
  • POST ​/api​/groups​/v1​/{group_identifier}| Add group membership
  • PUT /api/groups/v1/{group_identifier} | Update properties of a group
  • DELETE ​/api​/groups​/v1​/{group_identifier}​/members​/{user_uid}, Delete group membership
  • PUT ​/api​/invitations​/v1​/collaboration_invites| Put new collaboration invitations
  • GET ​/api​/invitations​/v1​/invitations​/{co_identifier}| Get open invitations for a given collaboration
  • DELETE /api​/invitations​/v1​/{external_identifier}, Delete invitation and check for the invitation {external_identifier}-> CO -> API token has access to Unit
  • GET ​/api​/invitations​/v1​/{external_identifier}, Get invitation details and check for the invitation {external_identifier}-> CO -> API token has access to Unit
  • GET ​/api​/organisations​/v1| Get organisation including all collaborations, but filter out the collaborations where the API token does not have access to (e.g. is scoped to an unit which is not scoped to the collaboration
  • Add endpoints to assign and remove units to CO's. This can only be done with an API token without units.
    The solution for this last endpoint, is to return data associated with the units of the API token units only.

Logic for scoping a collaboration for an API token with unit(s)

def confirm_api_key_unit_access(api_key: ApiKey, collaboration: Collaboration):
    # The ApiKey must be for the same Organisation as the Organisation of the Collaboration
    if api_key.organisation_id != collaboration.organisation_id:
        raise Forbidden(f"ApiKey Organisation({api_key.organisation.name}) does not equals the "
                        f"Organisation({collaboration.organisation.name}) of the Collaboration({collaboration.name})")
    # If an ApiKey is not scoped, then we can't enforce anything
    if not api_key.units:
        return
    api_key_unit_names = [unit.name for unit in api_key.units]
    # For an ApiKey with a unit, it is not allowed to request information about a CO that does not have a unit
    if not collaboration.units:
        raise Forbidden(f"ApiKey with units ({api_key_unit_names}) has no access to collaboration {collaboration.name}")
    if not all(unit in api_key.units for unit in collaboration.units):
        raise Forbidden(f"ApiKey with units ({api_key_unit_names}) has no access to collaboration {collaboration.name}")

Notes

  • Orgs are permanent-ish. Units may come and go. How do we want to tie the lifecycle of the Unit Token to a given Unit? Current implementation: when a Unit is deleted, the unit is also removed from the token.
@baszoetekouw baszoetekouw changed the title As an Org Manager, I want to give out API token to a Unit, so that that Unit Managers can use the Org API to programmatically manage their own COs As an Org Manager, I want to tie API tokens to a Unit, so that that Unit Managers can use the Org API to programmatically manage their own COs Nov 13, 2023
@baszoetekouw baszoetekouw self-assigned this Nov 16, 2023
@baszoetekouw baszoetekouw moved this from New to Todo in SRAM development Nov 17, 2023
@FlorisFokkinga FlorisFokkinga added this to the v32 milestone Feb 16, 2024
@baszoetekouw baszoetekouw removed this from the v32 milestone Mar 11, 2024
@FlorisFokkinga FlorisFokkinga moved this from Todo to Backlog in SRAM development Aug 23, 2024
@FlorisFokkinga FlorisFokkinga changed the title As an Org Manager, I want to tie API tokens to a Unit, so that that Unit Managers can use the Org API to programmatically manage their own COs As an Org Manager, I want to scope API tokens to a Unit, so that that Unit Managers can use the Org API to programmatically manage their own COs Aug 23, 2024
@logan-life
Copy link
Contributor

Bas to refine this to determine which of the above listed org API endpoints are in scope.

@logan-life
Copy link
Contributor

SRC is waiting for this.

@logan-life
Copy link
Contributor

Logan to take a first pass then ping Bas for double check.

@logan-life logan-life assigned logan-life and unassigned baszoetekouw Sep 6, 2024
@FlorisFokkinga FlorisFokkinga added this to the v38 milestone Oct 31, 2024
@logan-life logan-life changed the title As an Org Manager, I want to scope API tokens to a Unit, so that that Unit Managers can use the Org API to programmatically manage their own COs As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s)so that that Unit Managers can use the Org API to programmatically manage their own COs Nov 1, 2024
@logan-life logan-life changed the title As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s)so that that Unit Managers can use the Org API to programmatically manage their own COs As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s) so that that Unit Managers can use the Org API to programmatically manage their own COs Nov 1, 2024
@logan-life logan-life changed the title As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s) so that that Unit Managers can use the Org API to programmatically manage their own COs As an Org Admin, I want to generate an Org API token that is scoped to a set of Unit(s) so that a user with this token can use the Org API with Unit scoping permissions taken into account Nov 6, 2024
@logan-life logan-life removed this from the v38 milestone Nov 6, 2024
@logan-life logan-life added the discuss Needs to be discussed; do not implement as is. label Nov 6, 2024
@logan-life logan-life moved this from Needs refinement to New in SRAM development Nov 11, 2024
@ccacciari
Copy link

A comment from the support team, data managers, of VU:

Do you know of an easy way to add all existing Yoda COs to the Unit?
Looking at https://sram.surf.nl/apidocs/ I can create new COs and update memberships of existing COs, but I don't see a way to update CO attributes.

I think that the request can be translated into the following requirement:

  • there should be a procedure to assign, as a bulk operation, existing COs to a unit or remove them. That should be probably in the scope of the Org admin/manager, not in that of the unit manager.

@logan-life logan-life added this to the v39 milestone Dec 2, 2024
@logan-life logan-life moved this from New to Todo in SRAM development Dec 2, 2024
@logan-life logan-life removed the discuss Needs to be discussed; do not implement as is. label Dec 3, 2024
@oharsta oharsta self-assigned this Dec 9, 2024
oharsta added a commit that referenced this issue Jan 9, 2025
@oharsta
Better error handling for #1059
33aae58
@mrvanes mrvanes moved this from To be tested to Being tested in SRAM development Jan 9, 2025
oharsta added a commit that referenced this issue Jan 9, 2025
@oharsta
Bugfix for CO Unit API #1059
68ba322
oharsta added a commit that referenced this issue Jan 9, 2025
@oharsta
Added test documentation for #1059
025474c
@mrvanes mrvanes moved this from Being tested to To be deployed in SRAM development Jan 9, 2025
@logan-life
Copy link
Contributor

@oharsta

collaborations_count value is being filled with the number of collaborations in the entire org. I expect that it should be filled with the number of collaborations within the Unit which is associated with the Unit api key.

oharsta added a commit that referenced this issue Jan 29, 2025
@oharsta
collaborations_count bugfix for #1059
69e3e6a
@logan-life
Copy link
Contributor

@oharsta i am seeing

second_factor_auth "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS"

i expect from the API spec that this should be a boolean value

second_factor_auth boolean

endpoint GET colloboration details

collaboration_memberships.user.second_factor_auth

{
  "accepted_user_policy": null,
  "collaboration_memberships": [
    {
      "collaboration_id": 373,
      "created_at": 1737987303,
      "created_by": "[email protected]",
      "expiry_date": null,
      "id": 493,
      "invitation_id": null,
      "role": "admin",
      "status": "active",
      "updated_by": "[email protected]",
      "user": {
        "address": null,
        "affiliation": "[email protected]",
        "application_uid": null,
        "created_at": 1726826597,
        "created_by": "system",
        "edu_members": null,
        "eduperson_principal_name": "[email protected]",
        "email": "[email protected]",
        "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
        "external_id": "12d872c1-3788-4ddf-9c2a-aa3c6230db41",
        "family_name": "ACCCOAdmin",
        "given_name": "Logan",
        "home_organisation_uid": "b47c3164-ad09-4427-9e4d-685cf2f82e45",
        "id": 360,
        "last_accessed_date": 1738061534,
        "last_login_date": 1738061534,
        "mfa_reset_token": null,
        "name": "Logan ACCCOAdmin",
        "nick_name": null,
        "pam_last_login_date": null,
        "rate_limited": false,
        "schac_home_organisation": "eduid.nl",
        "scoped_affiliation": "[email protected]",
        "second_factor_auth": "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS",
        "ssh_keys": [
          {
            "created_at": 1732112037,
            "id": 60,
            "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNg1EpRFi38AoH7YfWmhtIX5a2vN1HLqxXQpM3z5jOtqU5hKPhJxFmrOX7CMtTlcwl5fdFwsHK2zPYxx+MWDQzzrJ6Hh2xDY4rEGGq2/yQ/xIj9QarjYxKHgN+F92klXOpEALjsDAX2E6PHOc5Q2jCjGZ65yH7kWEw8hXlwtQ4wsQxpRVXXl1FiwD/Xt7jVE0IeXh8PzD8WdyjZR/SxItuOmXEMNgmQU38RhrRSdkKObJHXXmcpNgfsjOaVrfmsW0oYX5MEQDAeD3N6ZkjVDLrMXIj1RxBr36MOXT6Zz3xUQ7RxtmrukQuG6oBzZ7XXbZWmUad12gI0UeD6w== [email protected]",
            "user_id": 360
          }
        ],
        "suspended": false,
        "uid": "[email protected]",
        "updated_at": 1738061534,
        "updated_by": "[email protected]",
        "username": "layliffe5"
      },
      "user_id": 360
    },
    {
      "collaboration_id": 373,
      "created_at": 1737988148,
      "created_by": "[email protected]",
      "expiry_date": null,
      "id": 494,
      "invitation_id": null,
      "role": "member",
      "status": "active",
      "updated_by": "[email protected]",
      "user": {
        "address": null,
        "affiliation": "[email protected]",
        "application_uid": null,
        "created_at": 1737986714,
        "created_by": "system",
        "edu_members": null,
        "eduperson_principal_name": "[email protected]",
        "email": "[email protected]",
        "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
        "external_id": "52242fcb-ccf7-45c4-8fdb-092c57d7d4c1",
        "family_name": "Doe",
        "given_name": "Loganayliffev39nieuweuser",
        "home_organisation_uid": null,
        "id": 396,
        "last_accessed_date": 1738142229,
        "last_login_date": 1738142229,
        "mfa_reset_token": null,
        "name": "Loganayliffev39nieuweuser Doe",
        "nick_name": null,
        "pam_last_login_date": null,
        "rate_limited": false,
        "schac_home_organisation": "example.com",
        "scoped_affiliation": null,
        "second_factor_auth": "Q3ZPCZD4223Y62JZWMFMDSVFNKM2YPHR",
        "ssh_keys": [
          {
            "created_at": 1738142999,
            "id": 74,
            "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dummykey1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ user@dummy-host",
            "user_id": 396
          }
        ],
        "suspended": false,
        "uid": "[email protected]",
        "updated_at": 1738142999,
        "updated_by": "[email protected]",
        "username": "ldoe2"
      },
      "user_id": 396
    },
    {
      "collaboration_id": 373,
      "created_at": 1738062410,
      "created_by": "[email protected]",
      "expiry_date": null,
      "id": 495,
      "invitation_id": null,
      "role": "admin",
      "status": "active",
      "updated_by": "[email protected]",
      "user": {
        "address": null,
        "affiliation": "[email protected]",
        "application_uid": null,
        "created_at": 1726572022,
        "created_by": "system",
        "edu_members": null,
        "eduperson_principal_name": "[email protected]",
        "email": "[email protected]",
        "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
        "external_id": "5dca9150-0e7e-4e6a-a115-32695d97947a",
        "family_name": "ACCPlaformAdmin",
        "given_name": "Logan",
        "home_organisation_uid": "5b193c39-304e-4e00-9ce4-d5c45d79b475",
        "id": 356,
        "last_accessed_date": 1738142267,
        "last_login_date": 1738142267,
        "mfa_reset_token": null,
        "name": "Logan ACCPlaformAdmin",
        "nick_name": null,
        "pam_last_login_date": null,
        "rate_limited": false,
        "schac_home_organisation": "eduid.nl",
        "scoped_affiliation": "[email protected]",
        "second_factor_auth": "F2GBRAUUHMJWN7SPAG7CCOMKDMDJO6FU",
        "ssh_keys": [],
        "suspended": false,
        "uid": "[email protected]",
        "updated_at": 1738142267,
        "updated_by": "system",
        "username": "layliffe2"
      },
      "user_id": 356
    }
  ],
  "collaboration_memberships_count": 3,
  "created_at": 1737987236,
  "created_by": "[email protected]",
  "description": "This CO exists for v39 acceptance testing.",
  "disable_join_requests": false,
  "disclose_email_information": true,
  "disclose_member_information": true,
  "expiry_date": null,
  "global_urn": "presaux:release39",
  "groups": [
    {
      "auto_provision_members": true,
      "collaboration_id": 373,
      "collaboration_memberships": [
        {
          "collaboration_id": 373,
          "created_at": 1737987303,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 493,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726826597,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "12d872c1-3788-4ddf-9c2a-aa3c6230db41",
            "family_name": "ACCCOAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "b47c3164-ad09-4427-9e4d-685cf2f82e45",
            "id": 360,
            "last_accessed_date": 1738061534,
            "last_login_date": 1738061534,
            "mfa_reset_token": null,
            "name": "Logan ACCCOAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS",
            "ssh_keys": [
              {
                "created_at": 1732112037,
                "id": 60,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNg1EpRFi38AoH7YfWmhtIX5a2vN1HLqxXQpM3z5jOtqU5hKPhJxFmrOX7CMtTlcwl5fdFwsHK2zPYxx+MWDQzzrJ6Hh2xDY4rEGGq2/yQ/xIj9QarjYxKHgN+F92klXOpEALjsDAX2E6PHOc5Q2jCjGZ65yH7kWEw8hXlwtQ4wsQxpRVXXl1FiwD/Xt7jVE0IeXh8PzD8WdyjZR/SxItuOmXEMNgmQU38RhrRSdkKObJHXXmcpNgfsjOaVrfmsW0oYX5MEQDAeD3N6ZkjVDLrMXIj1RxBr36MOXT6Zz3xUQ7RxtmrukQuG6oBzZ7XXbZWmUad12gI0UeD6w== [email protected]",
                "user_id": 360
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738061534,
            "updated_by": "[email protected]",
            "username": "layliffe5"
          },
          "user_id": 360
        },
        {
          "collaboration_id": 373,
          "created_at": 1737988148,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 494,
          "invitation_id": null,
          "role": "member",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1737986714,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "52242fcb-ccf7-45c4-8fdb-092c57d7d4c1",
            "family_name": "Doe",
            "given_name": "Loganayliffev39nieuweuser",
            "home_organisation_uid": null,
            "id": 396,
            "last_accessed_date": 1738142229,
            "last_login_date": 1738142229,
            "mfa_reset_token": null,
            "name": "Loganayliffev39nieuweuser Doe",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "example.com",
            "scoped_affiliation": null,
            "second_factor_auth": "Q3ZPCZD4223Y62JZWMFMDSVFNKM2YPHR",
            "ssh_keys": [
              {
                "created_at": 1738142999,
                "id": 74,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dummykey1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ user@dummy-host",
                "user_id": 396
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142999,
            "updated_by": "[email protected]",
            "username": "ldoe2"
          },
          "user_id": 396
        },
        {
          "collaboration_id": 373,
          "created_at": 1738062410,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 495,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726572022,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "5dca9150-0e7e-4e6a-a115-32695d97947a",
            "family_name": "ACCPlaformAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "5b193c39-304e-4e00-9ce4-d5c45d79b475",
            "id": 356,
            "last_accessed_date": 1738142267,
            "last_login_date": 1738142267,
            "mfa_reset_token": null,
            "name": "Logan ACCPlaformAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "F2GBRAUUHMJWN7SPAG7CCOMKDMDJO6FU",
            "ssh_keys": [],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142267,
            "updated_by": "system",
            "username": "layliffe2"
          },
          "user_id": 356
        }
      ],
      "created_at": 1738061332,
      "created_by": "[email protected]",
      "description": "This is the testing group with automatic provisioning enabled.",
      "global_urn": "presaux:release39:presauxappgroups-groupautoprov",
      "id": 661,
      "identifier": "7c2bc2bf-1569-49e1-ae1e-746bb058b094",
      "name": "groupautoprov",
      "service_group_id": 62,
      "short_name": "presauxappgroups-groupautoprov",
      "updated_at": 1738141989,
      "updated_by": "[email protected]"
    },
    {
      "auto_provision_members": false,
      "collaboration_id": 373,
      "collaboration_memberships": [
        {
          "collaboration_id": 373,
          "created_at": 1737987303,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 493,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726826597,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "12d872c1-3788-4ddf-9c2a-aa3c6230db41",
            "family_name": "ACCCOAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "b47c3164-ad09-4427-9e4d-685cf2f82e45",
            "id": 360,
            "last_accessed_date": 1738061534,
            "last_login_date": 1738061534,
            "mfa_reset_token": null,
            "name": "Logan ACCCOAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS",
            "ssh_keys": [
              {
                "created_at": 1732112037,
                "id": 60,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNg1EpRFi38AoH7YfWmhtIX5a2vN1HLqxXQpM3z5jOtqU5hKPhJxFmrOX7CMtTlcwl5fdFwsHK2zPYxx+MWDQzzrJ6Hh2xDY4rEGGq2/yQ/xIj9QarjYxKHgN+F92klXOpEALjsDAX2E6PHOc5Q2jCjGZ65yH7kWEw8hXlwtQ4wsQxpRVXXl1FiwD/Xt7jVE0IeXh8PzD8WdyjZR/SxItuOmXEMNgmQU38RhrRSdkKObJHXXmcpNgfsjOaVrfmsW0oYX5MEQDAeD3N6ZkjVDLrMXIj1RxBr36MOXT6Zz3xUQ7RxtmrukQuG6oBzZ7XXbZWmUad12gI0UeD6w== [email protected]",
                "user_id": 360
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738061534,
            "updated_by": "[email protected]",
            "username": "layliffe5"
          },
          "user_id": 360
        }
      ],
      "created_at": 1738061332,
      "created_by": "[email protected]",
      "description": "This is the testing group with automatic provisioning disabled - users must be manually added to the group.",
      "global_urn": "presaux:release39:presauxappgroups-groupmanualprov",
      "id": 662,
      "identifier": "f7181e88-0dd6-4dc8-945d-a67dc32ce154",
      "name": "GroupManualProvision",
      "service_group_id": 63,
      "short_name": "presauxappgroups-groupmanualprov",
      "updated_at": 1738061332,
      "updated_by": "[email protected]"
    },
    {
      "auto_provision_members": true,
      "collaboration_id": 373,
      "collaboration_memberships": [
        {
          "collaboration_id": 373,
          "created_at": 1737988148,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 494,
          "invitation_id": null,
          "role": "member",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1737986714,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "52242fcb-ccf7-45c4-8fdb-092c57d7d4c1",
            "family_name": "Doe",
            "given_name": "Loganayliffev39nieuweuser",
            "home_organisation_uid": null,
            "id": 396,
            "last_accessed_date": 1738142229,
            "last_login_date": 1738142229,
            "mfa_reset_token": null,
            "name": "Loganayliffev39nieuweuser Doe",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "example.com",
            "scoped_affiliation": null,
            "second_factor_auth": "Q3ZPCZD4223Y62JZWMFMDSVFNKM2YPHR",
            "ssh_keys": [
              {
                "created_at": 1738142999,
                "id": 74,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dummykey1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ user@dummy-host",
                "user_id": 396
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142999,
            "updated_by": "[email protected]",
            "username": "ldoe2"
          },
          "user_id": 396
        },
        {
          "collaboration_id": 373,
          "created_at": 1737987303,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 493,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726826597,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "12d872c1-3788-4ddf-9c2a-aa3c6230db41",
            "family_name": "ACCCOAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "b47c3164-ad09-4427-9e4d-685cf2f82e45",
            "id": 360,
            "last_accessed_date": 1738061534,
            "last_login_date": 1738061534,
            "mfa_reset_token": null,
            "name": "Logan ACCCOAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS",
            "ssh_keys": [
              {
                "created_at": 1732112037,
                "id": 60,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNg1EpRFi38AoH7YfWmhtIX5a2vN1HLqxXQpM3z5jOtqU5hKPhJxFmrOX7CMtTlcwl5fdFwsHK2zPYxx+MWDQzzrJ6Hh2xDY4rEGGq2/yQ/xIj9QarjYxKHgN+F92klXOpEALjsDAX2E6PHOc5Q2jCjGZ65yH7kWEw8hXlwtQ4wsQxpRVXXl1FiwD/Xt7jVE0IeXh8PzD8WdyjZR/SxItuOmXEMNgmQU38RhrRSdkKObJHXXmcpNgfsjOaVrfmsW0oYX5MEQDAeD3N6ZkjVDLrMXIj1RxBr36MOXT6Zz3xUQ7RxtmrukQuG6oBzZ7XXbZWmUad12gI0UeD6w== [email protected]",
                "user_id": 360
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738061534,
            "updated_by": "[email protected]",
            "username": "layliffe5"
          },
          "user_id": 360
        },
        {
          "collaboration_id": 373,
          "created_at": 1738062410,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 495,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726572022,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "5dca9150-0e7e-4e6a-a115-32695d97947a",
            "family_name": "ACCPlaformAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "5b193c39-304e-4e00-9ce4-d5c45d79b475",
            "id": 356,
            "last_accessed_date": 1738142267,
            "last_login_date": 1738142267,
            "mfa_reset_token": null,
            "name": "Logan ACCPlaformAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "F2GBRAUUHMJWN7SPAG7CCOMKDMDJO6FU",
            "ssh_keys": [],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142267,
            "updated_by": "system",
            "username": "layliffe2"
          },
          "user_id": 356
        }
      ],
      "created_at": 1738142400,
      "created_by": "[email protected]",
      "description": "",
      "global_urn": "presaux:release39:presauxautobyorg-preconnnewgrp",
      "id": 663,
      "identifier": "5d59d188-1b95-41e8-b0a7-2ad70650b136",
      "name": "alreadyconnectednewgroupadded2",
      "service_group_id": 67,
      "short_name": "presauxautobyorg-preconnnewgrp",
      "updated_at": 1738142400,
      "updated_by": "[email protected]"
    },
    {
      "auto_provision_members": true,
      "collaboration_id": 373,
      "collaboration_memberships": [
        {
          "collaboration_id": 373,
          "created_at": 1738062410,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 495,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726572022,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "5dca9150-0e7e-4e6a-a115-32695d97947a",
            "family_name": "ACCPlaformAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "5b193c39-304e-4e00-9ce4-d5c45d79b475",
            "id": 356,
            "last_accessed_date": 1738142267,
            "last_login_date": 1738142267,
            "mfa_reset_token": null,
            "name": "Logan ACCPlaformAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "F2GBRAUUHMJWN7SPAG7CCOMKDMDJO6FU",
            "ssh_keys": [],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142267,
            "updated_by": "system",
            "username": "layliffe2"
          },
          "user_id": 356
        },
        {
          "collaboration_id": 373,
          "created_at": 1737987303,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 493,
          "invitation_id": null,
          "role": "admin",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1726826597,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "12d872c1-3788-4ddf-9c2a-aa3c6230db41",
            "family_name": "ACCCOAdmin",
            "given_name": "Logan",
            "home_organisation_uid": "b47c3164-ad09-4427-9e4d-685cf2f82e45",
            "id": 360,
            "last_accessed_date": 1738061534,
            "last_login_date": 1738061534,
            "mfa_reset_token": null,
            "name": "Logan ACCCOAdmin",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "eduid.nl",
            "scoped_affiliation": "[email protected]",
            "second_factor_auth": "YR4I62PUSPSFK2SJ7E6BDI5YE7XDZADS",
            "ssh_keys": [
              {
                "created_at": 1732112037,
                "id": 60,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArNg1EpRFi38AoH7YfWmhtIX5a2vN1HLqxXQpM3z5jOtqU5hKPhJxFmrOX7CMtTlcwl5fdFwsHK2zPYxx+MWDQzzrJ6Hh2xDY4rEGGq2/yQ/xIj9QarjYxKHgN+F92klXOpEALjsDAX2E6PHOc5Q2jCjGZ65yH7kWEw8hXlwtQ4wsQxpRVXXl1FiwD/Xt7jVE0IeXh8PzD8WdyjZR/SxItuOmXEMNgmQU38RhrRSdkKObJHXXmcpNgfsjOaVrfmsW0oYX5MEQDAeD3N6ZkjVDLrMXIj1RxBr36MOXT6Zz3xUQ7RxtmrukQuG6oBzZ7XXbZWmUad12gI0UeD6w== [email protected]",
                "user_id": 360
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738061534,
            "updated_by": "[email protected]",
            "username": "layliffe5"
          },
          "user_id": 360
        },
        {
          "collaboration_id": 373,
          "created_at": 1737988148,
          "created_by": "[email protected]",
          "expiry_date": null,
          "id": 494,
          "invitation_id": null,
          "role": "member",
          "status": "active",
          "updated_by": "[email protected]",
          "user": {
            "address": null,
            "affiliation": "[email protected]",
            "application_uid": null,
            "created_at": 1737986714,
            "created_by": "system",
            "edu_members": null,
            "eduperson_principal_name": "[email protected]",
            "email": "[email protected]",
            "entitlement": "urn:geant:eduteams.org:acc.sram.eduteams.org:group:surf-ram#acc.sram.eduteams.org",
            "external_id": "52242fcb-ccf7-45c4-8fdb-092c57d7d4c1",
            "family_name": "Doe",
            "given_name": "Loganayliffev39nieuweuser",
            "home_organisation_uid": null,
            "id": 396,
            "last_accessed_date": 1738142229,
            "last_login_date": 1738142229,
            "mfa_reset_token": null,
            "name": "Loganayliffev39nieuweuser Doe",
            "nick_name": null,
            "pam_last_login_date": null,
            "rate_limited": false,
            "schac_home_organisation": "example.com",
            "scoped_affiliation": null,
            "second_factor_auth": "Q3ZPCZD4223Y62JZWMFMDSVFNKM2YPHR",
            "ssh_keys": [
              {
                "created_at": 1738142999,
                "id": 74,
                "ssh_value": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7dummykey1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ user@dummy-host",
                "user_id": 396
              }
            ],
            "suspended": false,
            "uid": "[email protected]",
            "updated_at": 1738142999,
            "updated_by": "[email protected]",
            "username": "ldoe2"
          },
          "user_id": 396
        }
      ],
      "created_at": 1738143111,
      "created_by": "[email protected]",
      "description": "v39 testing",
      "global_urn": "presaux:release39:presauxautobyorg-newgroupv39",
      "id": 666,
      "identifier": "0ee799cf-3c1a-4b80-bdfd-b837bb478659",
      "name": "newgroupv39",
      "service_group_id": 68,
      "short_name": "presauxautobyorg-newgroupv39",
      "updated_at": 1738143111,
      "updated_by": "[email protected]"
    }
  ],
  "id": 373,
  "identifier": "ded6ffd2-ad33-4887-9e7c-22d211e85c14",
  "invitations_count": 0,
  "last_activity_date": 1738142614,
  "logo": "https://acc.sram.surf.nl/api/images/collaborations/40b73756-0ea4-4422-ae99-543ea6abd269",
  "name": "Release39",
  "organisation_id": 38,
  "services": [
    {
      "abbreviation": "sram_demosp_acc",
      "accepted_user_policy": "https://wiki.surfnet.nl/display/sram/privacy+policy",
      "access_allowed_for_all": true,
      "access_allowed_for_crm_organisation": true,
      "allow_restricted_orgs": false,
      "automatic_connection_allowed": true,
      "connection_setting": null,
      "contact_email": "[email protected]",
      "created_at": 1650961761,
      "created_by": "[email protected]",
      "crm_organisation_id": 38,
      "description": "Generic Test- and demo-SP for SRAM ACC\ntest",
      "entity_id": "https://demo-sp.sram.surf.nl/saml/module.php/saml/sp/metadata.php/acc",
      "export_external_identifier": null,
      "export_external_version": null,
      "export_successful": false,
      "exported_at": null,
      "grants": null,
      "id": 20,
      "is_public_client": false,
      "ldap_enabled": true,
      "ldap_identifier": "https://demo-sp.sram.surf.nl/saml/module.php/saml/sp/metadata.php/acc",
      "ldap_password": null,
      "logo": "https://acc.sram.surf.nl/api/images/services/b2a2832f-8a78-4b33-9637-70b2c24d59a9",
      "name": "SRAM Demo SP (acc)",
      "non_member_users_access_allowed": true,
      "oidc_client_secret": null,
      "oidc_enabled": false,
      "organisation_name": "PreservationAux",
      "override_access_allowed_all_connections": false,
      "pam_web_sso_enabled": false,
      "privacy_policy": "https://wiki.surfnet.nl/display/sram/privacy+policy",
      "providing_organisation": null,
      "redirect_urls": null,
      "saml_enabled": false,
      "saml_metadata": null,
      "saml_metadata_url": null,
      "scim_bearer_token": null,
      "scim_client_enabled": true,
      "scim_enabled": false,
      "scim_url": null,
      "security_email": "[email protected]",
      "support_email": "[email protected]",
      "support_email_unauthorized_users": false,
      "sweep_remove_orphans": false,
      "sweep_scim_daily_rate": null,
      "sweep_scim_enabled": false,
      "sweep_scim_last_run": null,
      "token_enabled": false,
      "token_validity_days": 0,
      "updated_by": "[email protected]",
      "uri": "https://demo-sp.sram.surf.nl/auth/acc",
      "uri_info": null,
      "uuid4": "b2a2832f-8a78-4b33-9637-70b2c24d59a9"
    },
    {
      "abbreviation": "presauxappgroups",
      "accepted_user_policy": "",
      "access_allowed_for_all": false,
      "access_allowed_for_crm_organisation": true,
      "allow_restricted_orgs": false,
      "automatic_connection_allowed": false,
      "connection_setting": "IT_DEPENDS",
      "contact_email": "[email protected]",
      "created_at": 1727783024,
      "created_by": "[email protected]",
      "crm_organisation_id": null,
      "description": "Application for ACC testing\n\nGroup provisioning\n\nOtherwise, same as Generic Test and demo-SP for SRAM ACC application https://acc.sram.surf.nl/services/20/details\n",
      "entity_id": "presauxappgroups",
      "export_external_identifier": null,
      "export_external_version": null,
      "export_successful": false,
      "exported_at": null,
      "grants": "authorization_code",
      "id": 64,
      "is_public_client": false,
      "ldap_enabled": false,
      "ldap_identifier": "51253712-b42e-4aa0-80f1-74d16be06730",
      "ldap_password": null,
      "logo": "https://acc.sram.surf.nl/api/images/services/feea873a-7a91-4a8c-a3ab-1d8815da5f22",
      "name": "PreservationAux - Application Group Provisioning",
      "non_member_users_access_allowed": false,
      "oidc_client_secret": null,
      "oidc_enabled": false,
      "organisation_name": null,
      "override_access_allowed_all_connections": false,
      "pam_web_sso_enabled": false,
      "privacy_policy": "",
      "providing_organisation": "Test",
      "redirect_urls": null,
      "saml_enabled": false,
      "saml_metadata": "",
      "saml_metadata_url": "",
      "scim_bearer_token": null,
      "scim_client_enabled": false,
      "scim_enabled": false,
      "scim_url": null,
      "security_email": "[email protected]",
      "support_email": "",
      "support_email_unauthorized_users": false,
      "sweep_remove_orphans": false,
      "sweep_scim_daily_rate": null,
      "sweep_scim_enabled": false,
      "sweep_scim_last_run": null,
      "token_enabled": false,
      "token_validity_days": 0,
      "updated_by": "[email protected]",
      "uri": "https://demo-sp.sram.surf.nl/auth/acc",
      "uri_info": "https://example.com",
      "uuid4": "feea873a-7a91-4a8c-a3ab-1d8815da5f22"
    },
    {
      "abbreviation": "presauxautobyorg",
      "accepted_user_policy": "https://example.com",
      "access_allowed_for_all": false,
      "access_allowed_for_crm_organisation": false,
      "allow_restricted_orgs": false,
      "automatic_connection_allowed": false,
      "connection_setting": "IT_DEPENDS",
      "contact_email": "https://example.com",
      "created_at": 1728992761,
      "created_by": "[email protected]",
      "crm_organisation_id": null,
      "description": "Access Rules:\nSome organizations\nCOs automatic for selected orgs (preservation aux org)\n\nOtherwise, same as Generic Test and demo-SP for SRAM ACC application https://acc.sram.surf.nl/services/20/details",
      "entity_id": "presauxautobyorg",
      "export_external_identifier": null,
      "export_external_version": null,
      "export_successful": false,
      "exported_at": null,
      "grants": "authorization_code",
      "id": 68,
      "is_public_client": false,
      "ldap_enabled": true,
      "ldap_identifier": "a656cc02-8cf9-49b6-9e63-45b26993f1b9",
      "ldap_password": null,
      "logo": "https://acc.sram.surf.nl/api/images/services/6b77e6c4-7f44-41e6-97a9-9970b28688fe",
      "name": "Preservation Aux - Automatic for selected org",
      "non_member_users_access_allowed": false,
      "oidc_client_secret": null,
      "oidc_enabled": false,
      "organisation_name": null,
      "override_access_allowed_all_connections": false,
      "pam_web_sso_enabled": false,
      "privacy_policy": "https://example.com",
      "providing_organisation": "",
      "redirect_urls": null,
      "saml_enabled": false,
      "saml_metadata": "",
      "saml_metadata_url": "",
      "scim_bearer_token": null,
      "scim_client_enabled": false,
      "scim_enabled": false,
      "scim_url": null,
      "security_email": "https://example.com",
      "support_email": "https://example.com",
      "support_email_unauthorized_users": false,
      "sweep_remove_orphans": false,
      "sweep_scim_daily_rate": null,
      "sweep_scim_enabled": false,
      "sweep_scim_last_run": null,
      "token_enabled": false,
      "token_validity_days": 0,
      "updated_by": "[email protected]",
      "uri": "https://demo-sp.sram.surf.nl/auth/acc",
      "uri_info": "https://example.com",
      "uuid4": "6b77e6c4-7f44-41e6-97a9-9970b28688fe"
    }
  ],
  "short_name": "release39",
  "status": "active",
  "support_email": "https://example.com",
  "tags": [
    "v39-acc-testing",
    "v39-acc-testing-second-label"
  ],
  "units": [
    "GrayCris"
  ],
  "updated_at": 1738142613,
  "updated_by": "[email protected]",
  "uuid4": "40b73756-0ea4-4422-ae99-543ea6abd269",
  "website_url": "https://example.com"
}

@logan-life
Copy link
Contributor

logan-life commented Jan 29, 2025
edited
Loading

EDIT: nevermind, I see this is more widespread than just the one endpoint, we can worry about it later.

e.g. GET /api/organisations/v1 has a dummy value in the bearer field which makes the curl generation work, others don't, not a huge deal

@oharsta the new PUT endpoint for updating collaboration units doesn't work well in swagger definition. When generating the curl command, it doesn't include the authorization token header.

Example of what is currently generated:

curl -X PUT "https://acc.sram.surf.nl/api/collaborations/v1/301ee8e6-b5d1-40b5-a27e-47611f803371/units" -H "accept: application/json" -H "Content-Type: application/json" -d "[ \"Research\"]"

Example of what is needed:

curl -X PUT "https://acc.sram.surf.nl/api/collaborations/v1/189ce6d5-71a6-4329-8b0a-3ae9d0244c51/units" -H "Content-Type:application/json" -H "accept: application/json" -H "Authorization: Bearer 1234567890123456789" -d "[\"Research\",\"Education\"]"

oharsta added a commit that referenced this issue Jan 29, 2025
@oharsta
second_factor_auth is boolean type, fix for #1059
43690a3
@logan-life
Copy link
Contributor

the syntax for the unit names is a little finnicky -- let's maybe help the user by at least having the example value include be multi-valued, this is how I needed to do that:

-d "[\"Research\",\"Education\"]"

@oharsta
Copy link
Collaborator

oharsta commented Jan 29, 2025

If I use the swagger authorization lock for the service, then press "Try it out", subsequently add an unit in the "Edit value" input area and press "Execute", then the following cURL is generated by flasgger:

curl -X PUT "http://localhost:8080/api/collaborations/v1/a71a2b01-4642-4e1a-b3ac-0a06b2bf66f2/units" -H "accept: application/json" -H "Authorization: Bearer AAspxh-nIooD3TAB4es2InmsQEBHjxegbg7arS3S6tis" -H "Content-Type: application/json" -d "[ \"Research\",\"Nada\"]"

@logan-life
Copy link
Contributor

If I use the swagger authorization lock for the service, then press "Try it out", subsequently add an unit in the "Edit value" input area and press "Execute", then the following cURL is generated by flasgger:

curl -X PUT "http://localhost:8080/api/collaborations/v1/a71a2b01-4642-4e1a-b3ac-0a06b2bf66f2/units" -H "accept: application/json" -H "Authorization: Bearer AAspxh-nIooD3TAB4es2InmsQEBHjxegbg7arS3S6tis" -H "Content-Type: application/json" -d "[ \"Research\",\"Nada\"]"

yep all good, updated my comment

@logan-life logan-life moved this from To be deployed to Being tested in SRAM development Jan 29, 2025
@logan-life
Copy link
Contributor

seeing a fair amount of bugs. moving back to being tested.

@logan-life logan-life reopened this Jan 29, 2025
@github-project-automation github-project-automation bot moved this from Being tested to New in SRAM development Jan 29, 2025
@logan-life logan-life moved this from New to Being tested in SRAM development Jan 29, 2025
@oharsta
Copy link
Collaborator

oharsta commented Jan 29, 2025

Pushed a generic fix for User jsonify in a056ae6

@logan-life
Copy link
Contributor

logan-life commented Jan 29, 2025
edited by oharsta
Loading

DELETE /api/collaborations/v1/:co-identifier

gives correct 403 response when trying to delete a CO outside of my Unit ✅

{
    "error": true,
    "message": "Forbidden: https://acc.sram.surf.nl/api/collaborations/v1/adc7b058-f95f-411e-897f-60f48b4c36d3. IP: 145.90.230.198, 10.16.1.20. ApiKey with units (['Eagle']) has no access to collaboration v39 NO UNIT TO BE DELETED"
}

gives incorrect 500 response when trying to delete a CO that I should be able to delete ❌
occurs for both unit and non-unit scoped COs. From the logs

Jan 29 13:49:18 app1-tf1 gunicorn[3002874]: ERROR:base:user: [email protected], <Response 201 bytes [500 INTERNAL SERVER ERROR]>
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]: Traceback (most recent call last):
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs/server/api/base.py", line 191, in wrapper
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     body, status = f(*args, **kwargs)
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs/server/api/collaboration.py", line 213, in delete_collaboration_api
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     emit_socket(f"organisation_{collaboration.organisation_id}")
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs/server/db/logo_mixin.py", line 66, in __getattribute__
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     return object.__getattribute__(self, name)
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 566, in __get__
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     return self.impl.get(state, dict_)  # type: ignore[no-any-return]
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 1086, in get
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     value = self._fire_loader_callables(state, key, passive)
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs-env/lib/python3.9/site-packages/sqlalchemy/orm/attributes.py", line 1116, in _fire_loader_callables
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     return state._load_expired(state, passive)
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs-env/lib/python3.9/site-packages/sqlalchemy/orm/state.py", line 803, in _load_expired
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     self.manager.expired_attribute_loader(self, toload, passive)
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:   File "/opt/sbs/sbs-env/lib/python3.9/site-packages/sqlalchemy/orm/loading.py", line 1603, in load_scalar_attributes
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]:     raise orm_exc.DetachedInstanceError(
Jan 29 13:49:18 app1-tf1 gunicorn[3002874]: sqlalchemy.orm.exc.DetachedInstanceError: Instance <Collaboration at 0x7f72bddaedf0> is not bound to a Session; attribute refresh operation cannot proceed (Background on this error at: https://sqlalche.me/e/2```

oharsta added a commit that referenced this issue Jan 29, 2025
@oharsta
Fix for DELETE CO API #1059
425a0ed
@oharsta
Copy link
Collaborator

oharsta commented Jan 29, 2025

The 500 response in DELETE /api/collaborations/v1/:co-identifier is caused by this commit b5e0da4. Fixed in 425a0ed

@logan-life
Copy link
Contributor

Sending an CO invitation with PUT /api/invitations/v1/collaboration_invites with short_name and invites provided results in a 201 Created but no invitation is actually created or sent.

PUT /api/invitations/v1/collaboration_invites HTTP/1.1
Content-Type: application/json
Accept: application/json
Authorization: Bearer **REDACTED**
User-Agent: PostmanRuntime/7.43.0
Cache-Control: no-cache
Postman-Token: 6e844115-c6a8-4a37-90fc-ae911038a65d
Host: acc.sram.surf.nl
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Length: 82
 
{
"short_name": "v39nounitnewcoll",
"invites":"[email protected]"
}
 
HTTP/1.1 201 CREATED
server: nginx/1.18.0
date: Wed, 29 Jan 2025 15:29:11 GMT
content-type: application/json
content-length: 3
x-session-alive: true
vary: Cookie
content-security-policy: default-src 'none'; base-uri 'self'; connect-src 'self'; script-src 'self'; style-src 'self' 'sha256-0+ANsgYUJdh56RK8gGvTF2vnriYqvFHfWqtA8xXa+bA=' 'sha256-3SnfHQolDHbZMbDAPmhrZf1keHiXfj/KJyh2phhFAAY=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-Ng6y+QCkPChG4Q49SIfXB5ToIDcDhITtQNFkDBPpCTw=' 'sha256-orBPipbqpMvkNi+Z+m6qEn0XS6ymmAQE6+FwCNs1FbQ=' 'sha256-vFt3L2qLqpJmRpcXGbYr2UVSmgSp9VCUzz2lnqWIATw=' 'sha256-SU3XCwbQ/8qgzoGOWCYdkwIr3xRrl5rsvdFcpw8NSiE=' 'sha256-WTC9gHKjIpzl5ub1eg/YrRy/k+jlzeyRojah9dxAApc='; img-src 'self' data:; font-src 'self'; frame-src 'none'; form-action 'self' https://*.acc.sram.surf.nl; frame-ancestors 'none'; block-all-mixed-content;
cache-control: nocache, private
x-frame-options: sameorigin
referrer-policy: same-origin
x-content-type-options: nosniff
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=()
strict-transport-security: max-age=31536000; includeSubDomains; preload;

@oharsta
Copy link
Collaborator

oharsta commented Jan 30, 2025

The invites attribute must be an array of emails

{
  "short_name": "ai_computing",
  "invites": ["[email protected]"]
}

If the invites is not an array, then the response body is empty.

[]

If the invites is an array with valid email(s), then the response body is:

[
  {
    "email": "[email protected]",
    "invitation_expiry_date": 1739510829,
    "invitation_id": "08411c89-feb2-44ef-918b-d62ee93814f8",
    "status": "open"
  }
]

In the schema in InvitationBulk.yaml this is correctly described:

  invites:
    type: array
    description: "All the email addresses of the invitees"
    items:
      type: string
      example: "[email protected]"

I do agree that a 201 response is very misleading if no invitation is created. I'll add a validation to ensure that the invites is an array and also a validation that there is at least one valid email. Otherwise a 400 is returned.

oharsta added a commit that referenced this issue Jan 30, 2025
@oharsta
Return 400 if invites is not valid in API PUT /v1/collaboration_invites
ed71495 
#1059
@logan-life
Copy link
Contributor

re-checked ORG api endpoints

collaboration
collaborations_services
groups
invitations
organisations

with 5 scenarios

  • Do ORG ACTION as ORG (should pass)
  • Do UNIT ACTION as ORG (should pass)
  • Do ORG ACTION as UNIT (should fail)
  • Do UNIT ACTION as UNIT (should pass)
  • Do UNIT ONE ACTION as UNIT TWO (should fail)

all looks to be working well, moving this to To be deployed

@sram-project-automation sram-project-automation bot moved this from Being tested to To be tested in SRAM development Feb 4, 2025
@logan-life logan-life moved this from To be tested to Being tested in SRAM development Feb 4, 2025
@logan-life logan-life moved this from Being tested to To be deployed in SRAM development Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@oharsta oharsta

@baszoetekouw baszoetekouw

@logan-life logan-life

Labels
API
Projects
SRAM development
Status: To be deployed
Milestone
v39
Development

No branches or pull requests
5 participants
@oharsta @baszoetekouw @ccacciari @logan-life @FlorisFokkinga