From fbd0ade8020328cdb3524f04966ac094af46a7fa Mon Sep 17 00:00:00 2001 From: Michal Lehotsky Date: Sat, 2 Aug 2025 08:42:56 -0700 Subject: [PATCH 1/7] Fixing build status in README.md Signed-off-by: Michal Lehotsky --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index dfcafd989..8bc561e74 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Introduction to EasyCLA -[![CircleCI](https://circleci.com/gh/communitybridge/easycla.svg?style=svg)](https://circleci.com/gh/communitybridge/easycla) +[![Build Status](https://github.com/linuxfoundation/easycla/actions/workflows/deploy-prod.yml/badge.svg)](https://github.com/linuxfoundation/easycla/actions/workflows/deploy-prod.yml) The Contributor License Agreement \(CLA\) service of the Linux Foundation lets project contributors read, sign, and submit contributor license agreements easily. From 4d2369dd062e857f7a63b09769bf26874a430bd7 Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Tue, 5 Aug 2025 08:00:36 +0200 Subject: [PATCH 2/7] #4738 WIP Signed-off-by: Lukasz Gryglicki --- .github/ISSUE_TEMPLATE/docs_update.md | 4 +- .github/workflows/codeql-analysis.yml | 4 +- .gitignore | 1 + README.md | 2 +- .../cmd/repositories/repositories.go | 6 +-- cla-backend-go/events/repository.go | 2 +- cla-backend-go/github/github-schema.graphql | 4 +- cla-backend-go/projects_cla_groups/service.go | 2 +- cla-backend-go/signatures/handlers.go | 4 +- cla-backend-go/swagger/cla.v1.yaml | 16 +++--- cla-backend-go/swagger/cla.v2.yaml | 8 +-- ...g-whitelist.yaml => gh-org-allowlist.yaml} | 4 +- cla-backend-go/swagger/common/github-org.yaml | 2 +- cla-backend-go/swagger/common/health.yaml | 2 +- cla-backend-go/swagger/common/version.yaml | 2 +- cla-backend-go/users/repository.go | 2 +- cla-backend-go/users/service.go | 2 +- cla-backend/.pylintrc | 4 +- cla-backend/cla/controllers/company.py | 12 ++--- cla-backend/cla/controllers/signature.py | 10 ++-- cla-backend/cla/controllers/signing.py | 4 +- cla-backend/cla/controllers/user.py | 2 +- cla-backend/cla/models/docusign_models.py | 2 +- cla-backend/cla/models/dynamo_models.py | 28 +++++------ cla-backend/cla/models/event_types.py | 2 +- cla-backend/cla/models/github_models.py | 10 ++-- cla-backend/cla/models/model_interfaces.py | 50 +++++++++---------- cla-backend/cla/routes.py | 4 +- cla-backend/cla/tests/unit/test_github.py | 12 ++--- .../cla/tests/unit/test_github_controller.py | 10 ++-- .../tests/unit/test_signature_controller.py | 6 +-- cla-backend/cla/tests/unit/test_utils.py | 14 +++--- cla-backend/cla/utils.py | 22 ++++---- ..._whitelist.py => add_company_allowlist.py} | 8 +-- cla-next.md | 4 +- dev.md | 2 +- 36 files changed, 137 insertions(+), 136 deletions(-) rename cla-backend-go/swagger/common/{gh-org-whitelist.yaml => gh-org-allowlist.yaml} (73%) rename cla-backend/helpers/{add_company_whitelist.py => add_company_allowlist.py} (70%) diff --git a/.github/ISSUE_TEMPLATE/docs_update.md b/.github/ISSUE_TEMPLATE/docs_update.md index e8d2f6059..1cc4d6328 100644 --- a/.github/ISSUE_TEMPLATE/docs_update.md +++ b/.github/ISSUE_TEMPLATE/docs_update.md @@ -10,7 +10,7 @@ assignees: '' Describe what has changed and which documents need updating -* [/docs/doc-to-update.md](https://github.com/linuxfoundation/easycla/blob/master/docs/) +* [/docs/doc-to-update.md](https://github.com/linuxfoundation/easycla/blob/main/docs/) ## Tasks @@ -29,7 +29,7 @@ The "done" criteria when this feature or problem is resolved. Such as: 1. Documentation changes submitted as a Pull Request 1. Pull Request Reviewed and Approved by Product Owner -1. Documentation changes merged to 'master' branch +1. Documentation changes merged to 'main' branch ## Images diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 23442df53..8f512f781 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -5,10 +5,10 @@ name: "CodeQL" on: push: - branches: [master, ] + branches: [main, ] pull_request: # The branches below must be a subset of the branches above - branches: [master] + branches: [main] schedule: - cron: '0 5 * * 4' diff --git a/.gitignore b/.gitignore index 8d4eb5fcc..a2291b9ac 100755 --- a/.gitignore +++ b/.gitignore @@ -246,6 +246,7 @@ cla-backend/run-python-test-example-*.py out *.secret *log*.json +cover.out # Cypress test outputs **/cypress/screenshots/ diff --git a/README.md b/README.md index dfcafd989..89dde0cbc 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This platform supports both GitHub and Gerrit source code repositories. Addition ## Announcements -- 06/10/2020 - We have replaced code references from whitelist to Approved List. This includes package names, code comments, swagger specifications, API endpoints, variable names, and UI components. +- 8/2025 - We have replaced code references from whitelist to Approved List. This includes package names, code comments, swagger specifications, API endpoints, variable names, and UI components. ## Third-party Services diff --git a/cla-backend-go/cmd/repositories/repositories.go b/cla-backend-go/cmd/repositories/repositories.go index f73d9cb30..2642c6560 100644 --- a/cla-backend-go/cmd/repositories/repositories.go +++ b/cla-backend-go/cmd/repositories/repositories.go @@ -146,8 +146,8 @@ func (t *TestBehaviour) RunGetProtectedBranch(assertBranchProtection *models.Git return } - if response.BranchName == nil || *response.BranchName != "master" { - F.AddError("Get Protected Branch - Default Branch Name expected : master") + if response.BranchName == nil || *response.BranchName != "main" { + F.AddError("Get Protected Branch - Default Branch Name expected : main") } if len(response.StatusChecks) == 0 { @@ -196,7 +196,7 @@ func (t *TestBehaviour) RunUpdateProtectionBranch(msg string, param *models.Gith }) t.RunGetProtectedBranch(&models.GithubRepositoryBranchProtection{ - BranchName: swag.String("master"), + BranchName: swag.String("main"), EnforceAdmin: *param.EnforceAdmin, ProtectionEnabled: true, StatusChecks: param.StatusChecks, diff --git a/cla-backend-go/events/repository.go b/cla-backend-go/events/repository.go index ce00b83a1..071500124 100644 --- a/cla-backend-go/events/repository.go +++ b/cla-backend-go/events/repository.go @@ -111,7 +111,7 @@ func (repo *repository) CreateEvent(event *models.Event) error { } eventID, err := uuid.NewV4() if err != nil { - log.WithFields(f).WithError(err).Warnf("Unable to generate a UUID for a whitelist request, error: %v", err) + log.WithFields(f).WithError(err).Warnf("Unable to generate a UUID for a allowlist request, error: %v", err) return err } diff --git a/cla-backend-go/github/github-schema.graphql b/cla-backend-go/github/github-schema.graphql index 3ae15a1a7..9e8973a9c 100644 --- a/cla-backend-go/github/github-schema.graphql +++ b/cla-backend-go/github/github-schema.graphql @@ -11115,7 +11115,7 @@ A Git object ID. scalar GitObjectID """ -A fully qualified reference name (e.g. `refs/heads/master`). +A fully qualified reference name (e.g. `refs/heads/main`). """ scalar GitRefname @preview(toggledBy: "update-refs-preview") @@ -29928,7 +29928,7 @@ type Repository implements Node & PackageOwner & ProjectOwner & RepositoryInfo & ref( """ The ref to retrieve. Fully qualified matches are checked in order - (`refs/heads/master`) before falling back onto checks for short name matches (`master`). + (`refs/heads/main`) before falling back onto checks for short name matches (`main`). """ qualifiedName: String! ): Ref diff --git a/cla-backend-go/projects_cla_groups/service.go b/cla-backend-go/projects_cla_groups/service.go index d98f53b7f..0c825f330 100644 --- a/cla-backend-go/projects_cla_groups/service.go +++ b/cla-backend-go/projects_cla_groups/service.go @@ -27,7 +27,7 @@ type Service struct { repo Repository } -// NewService creates a new whitelist service +// NewService creates a new service func NewService(repo Repository) Service { return Service{ repo, diff --git a/cla-backend-go/signatures/handlers.go b/cla-backend-go/signatures/handlers.go index 85b39e7df..9af1e6674 100644 --- a/cla-backend-go/signatures/handlers.go +++ b/cla-backend-go/signatures/handlers.go @@ -205,7 +205,7 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d ghApprovalList, err := service.AddGithubOrganizationToApprovalList(ctx, params.SignatureID, params.Body, githubAccessToken) if err != nil { - log.Warnf("error adding github organization %s using signature_id: %s to the whitelist, error: %+v", + log.Warnf("error adding github organization %s using signature_id: %s to the allowlist, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } @@ -255,7 +255,7 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d ghApprovalList, err := service.DeleteGithubOrganizationFromApprovalList(ctx, params.SignatureID, params.Body, githubAccessToken) if err != nil { - log.Warnf("error deleting github organization %s using signature_id: %s from the whitelist, error: %+v", + log.Warnf("error deleting github organization %s using signature_id: %s from the allowlist, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } diff --git a/cla-backend-go/swagger/cla.v1.yaml b/cla-backend-go/swagger/cla.v1.yaml index 7cef11d43..b6c4951be 100644 --- a/cla-backend-go/swagger/cla.v1.yaml +++ b/cla-backend-go/swagger/cla.v1.yaml @@ -671,7 +671,7 @@ paths: - name: body in: body schema: - $ref: '#/definitions/gh-org-whitelist' + $ref: '#/definitions/gh-org-allowlist' responses: '204': description: 'Success' @@ -707,7 +707,7 @@ paths: - name: body in: body schema: - $ref: '#/definitions/gh-org-whitelist' + $ref: '#/definitions/gh-org-allowlist' responses: '200': description: 'Success' @@ -2776,8 +2776,8 @@ definitions: $ref: '#/definitions/user' - gh-org-whitelist: - $ref: './common/gh-org-whitelist.yaml' + gh-org-allowlist: + $ref: './common/gh-org-allowlist.yaml' github-org: $ref: './common/github-org.yaml' @@ -3008,8 +3008,8 @@ definitions: ccla-whitelist-request-input: type: object x-nullable: false - title: Ccla whitelist request input - description: Ccla whitelist request input + title: Ccla allowlist request input + description: Ccla allowlist request input properties: contributorId: type: string @@ -3036,8 +3036,8 @@ definitions: ccla-whitelist-request: type: object x-nullable: false - title: Ccla whitelist request - description: Ccla whitelist request + title: Ccla allowlist request + description: Ccla allowlist request properties: requestId: type: string diff --git a/cla-backend-go/swagger/cla.v2.yaml b/cla-backend-go/swagger/cla.v2.yaml index 68ac7e726..59492b5cf 100644 --- a/cla-backend-go/swagger/cla.v2.yaml +++ b/cla-backend-go/swagger/cla.v2.yaml @@ -3123,7 +3123,7 @@ paths: - name: body in: body schema: - $ref: '#/definitions/gh-org-whitelist' + $ref: '#/definitions/gh-org-allowlist' responses: '204': description: 'Resource Deleted' @@ -3161,7 +3161,7 @@ paths: - name: body in: body schema: - $ref: '#/definitions/gh-org-whitelist' + $ref: '#/definitions/gh-org-allowlist' responses: '200': description: 'Success' @@ -5084,8 +5084,8 @@ definitions: github-org: $ref: './common/github-org.yaml' - gh-org-whitelist: - $ref: './common/gh-org-whitelist.yaml' + gh-org-allowlist: + $ref: './common/gh-org-allowlist.yaml' add-gerrit-input: $ref: './common/add-gerrit-input.yaml' diff --git a/cla-backend-go/swagger/common/gh-org-whitelist.yaml b/cla-backend-go/swagger/common/gh-org-allowlist.yaml similarity index 73% rename from cla-backend-go/swagger/common/gh-org-whitelist.yaml rename to cla-backend-go/swagger/common/gh-org-allowlist.yaml index 072506248..4d852291f 100644 --- a/cla-backend-go/swagger/common/gh-org-whitelist.yaml +++ b/cla-backend-go/swagger/common/gh-org-allowlist.yaml @@ -3,8 +3,8 @@ type: object x-nullable: false -title: Github Organization Whitelist -description: Github Organiation Whitelist +title: Github Organization Allowlist +description: Github Organiation Allowlist properties: organization_id: type: string diff --git a/cla-backend-go/swagger/common/github-org.yaml b/cla-backend-go/swagger/common/github-org.yaml index ee92d7d5c..cba6cedf7 100644 --- a/cla-backend-go/swagger/common/github-org.yaml +++ b/cla-backend-go/swagger/common/github-org.yaml @@ -4,7 +4,7 @@ type: object x-nullable: false title: Github Organization -description: Github Organiation object used for CCLA whitelist +description: Github Organiation object used for CCLA allowlist properties: id: type: string diff --git a/cla-backend-go/swagger/common/health.yaml b/cla-backend-go/swagger/common/health.yaml index 017db7b77..0473d70e9 100644 --- a/cla-backend-go/swagger/common/health.yaml +++ b/cla-backend-go/swagger/common/health.yaml @@ -23,7 +23,7 @@ properties: Branch: type: string description: the branch name of the software for this version of the product - example: 'master' + example: 'main' BuildTimeStamp: type: string description: the build date/time of the software for this version of the product diff --git a/cla-backend-go/swagger/common/version.yaml b/cla-backend-go/swagger/common/version.yaml index a26160819..5aeef0911 100644 --- a/cla-backend-go/swagger/common/version.yaml +++ b/cla-backend-go/swagger/common/version.yaml @@ -17,7 +17,7 @@ properties: branch: type: string description: the branch name of the software for this version of the product - example: 'master' + example: 'main' buildDate: type: string description: the build date/time of the software for this version of the product diff --git a/cla-backend-go/users/repository.go b/cla-backend-go/users/repository.go index 8d6dc083e..b27ee6939 100644 --- a/cla-backend-go/users/repository.go +++ b/cla-backend-go/users/repository.go @@ -59,7 +59,7 @@ type repository struct { companyTableName string } -// NewRepository creates a new instance of the whitelist service +// NewRepository creates a new instance of the service func NewRepository(awsSession *session.Session, stage string) UserRepository { return repository{ stage: stage, diff --git a/cla-backend-go/users/service.go b/cla-backend-go/users/service.go index 6dd55f01d..8eceb2281 100644 --- a/cla-backend-go/users/service.go +++ b/cla-backend-go/users/service.go @@ -36,7 +36,7 @@ type service struct { events events.Service } -// NewService creates a new whitelist service +// NewService creates a new service func NewService(repo UserRepository, events events.Service) Service { return service{ repo, diff --git a/cla-backend/.pylintrc b/cla-backend/.pylintrc index 29f0626dc..0b48f5b0f 100644 --- a/cla-backend/.pylintrc +++ b/cla-backend/.pylintrc @@ -5,11 +5,11 @@ # run arbitrary code. extension-pkg-whitelist= -# Add files or directories to the blacklist. They should be base names, not +# Add files or directories to the denylist. They should be base names, not # paths. ignore=CVS -# Add files or directories matching the regex patterns to the blacklist. The +# Add files or directories matching the regex patterns to the denylist. The # regex matches against base names, not paths. ignore-patterns= diff --git a/cla-backend/cla/controllers/company.py b/cla-backend/cla/controllers/company.py index 4dd1a6b65..aa3cfd8b5 100644 --- a/cla-backend/cla/controllers/company.py +++ b/cla-backend/cla/controllers/company.py @@ -203,13 +203,13 @@ def update_company(company_id: str, # pylint: disable=too-many-arguments ''' -def update_company_whitelist_csv(content, company_id, username=None): +def update_company_allowlist_csv(content, company_id, username=None): """ - Adds the CSV of email addresses to this company's whitelist. + Adds the CSV of email addresses to this company's allowlist. :param content: The content posted to this endpoint (CSV data). :type content: string - :param company_id: The ID of the company to add to the whitelist. + :param company_id: The ID of the company to add to the allowlist. :type company_id: UUID """ company = Company() @@ -223,9 +223,9 @@ def update_company_whitelist_csv(content, company_id, username=None): # Ready email addresses. emails = content.split('\n') emails = [email for email in emails if '@' in email] - current_whitelist = company.get_company_'whitelist'() - new_whitelist = list(set(current_whitelist + emails)) - company.set_company_whitelist(new_whitelist) + current_allowlist = company.get_company_'allowlist'() + new_allowlist = list(set(current_allowlist + emails)) + company.set_company_allowlist(new_allowlist) company.save() return company.to_dict() ''' diff --git a/cla-backend/cla/controllers/signature.py b/cla-backend/cla/controllers/signature.py index c19b5ff89..94d3671cb 100644 --- a/cla-backend/cla/controllers/signature.py +++ b/cla-backend/cla/controllers/signature.py @@ -188,10 +188,10 @@ def update_signature(signature_id, # pylint: disable=too-many-arguments,too-man :type signature_return_url: string | None :param signature_sign_url: The URL the user must visit to sign the signature. :type signature_sign_url: string | None - :param domain_whitelist: the domain whitelist - :param email_whitelist: the email whitelist - :param github_whitelist: the github username whitelist - :param github_org_whitelist: the github org whitelist + :param domain_whitelist: the domain allowlist + :param email_whitelist: the email allowlist + :param github_whitelist: the github username allowlist + :param github_org_whitelist: the github org allowlist :return: dict representation of the signature object. :rtype: dict """ @@ -465,7 +465,7 @@ def get_contributor_whitelist_update_email_content(project, action, company_name def approval_list_change_email_content(project, company_name, project_name, cla_managers, changes): - """Helper function to get whitelist change email subject, body, recipients""" + """Helper function to get allowlist change email subject, body, recipients""" subject = f'EasyCLA: Approval List Update for {project_name}' # Append suffix / prefix to strings in list changes = ["
  • " + txt + "
    • " for txt in changes] diff --git a/cla-backend/cla/controllers/signing.py b/cla-backend/cla/controllers/signing.py index dfe0e2951..4a94578e6 100644 --- a/cla-backend/cla/controllers/signing.py +++ b/cla-backend/cla/controllers/signing.py @@ -76,7 +76,7 @@ def request_corporate_signature(auth_user, :type signing_entity_name: string :param send_as_email: the send as email flag :type send_as_email: bool - :param authority_name: the company manager/authority who is responsible for whitelisting/managing the company, but + :param authority_name: the company manager/authority who is responsible for allowlisting/managing the company, but may not be a CLA signatory :type authority_name: str :param authority_email: the company manager/authority email @@ -139,7 +139,7 @@ def check_and_prepare_employee_signature(project_id, company_id, user_id): Checks that 1. The given project, company, and user exists 2. The company signatory has signed the CCLA for their company. - 3. The user is included as part of the whitelist of the CCLA that the company signed. + 3. The user is included as part of the allowlist of the CCLA that the company signed. :param project_id: The ID of the CLA Group (project) the user is signing a CCLA for. :type project_id: string diff --git a/cla-backend/cla/controllers/user.py b/cla-backend/cla/controllers/user.py index 1edf39aa5..ac95c2a52 100644 --- a/cla-backend/cla/controllers/user.py +++ b/cla-backend/cla/controllers/user.py @@ -284,7 +284,7 @@ def invite_cla_manager(contributor_id, contributor_name, contributor_email, cla_ cla_manager_name, cla_manager_email, company_name, False) - # update ccla_whitelist_request + # update ccla_allowlist_request ccla_whitelist_request = CCLAWhitelistRequest() ccla_whitelist_request.set_request_id(str(uuid.uuid4())) ccla_whitelist_request.set_company_name(company_name) diff --git a/cla-backend/cla/models/docusign_models.py b/cla-backend/cla/models/docusign_models.py index 2bc032be0..98e82af29 100644 --- a/cla-backend/cla/models/docusign_models.py +++ b/cla-backend/cla/models/docusign_models.py @@ -389,7 +389,7 @@ def check_and_prepare_employee_signature(project_id, company_id, user_id) -> dic # Before an employee begins the signing process, ensure that # 1. The given project, company, and user exists # 2. The company signatory has signed the CCLA for their company. - # 3. The user is included as part of the whitelist of the CCLA that the company signed. + # 3. The user is included as part of the allowlist of the CCLA that the company signed. # Returns an error if any of the above is false. fn = 'docusign_models.check_and_prepare_employee_signature' diff --git a/cla-backend/cla/models/dynamo_models.py b/cla-backend/cla/models/dynamo_models.py index 5424b2604..fa6a7240e 100644 --- a/cla-backend/cla/models/dynamo_models.py +++ b/cla-backend/cla/models/dynamo_models.py @@ -2037,11 +2037,11 @@ def preprocess_pattern(self, emails, patterns) -> bool: def is_approved(self, ccla_signature: Signature) -> bool: """ Helper function to determine whether at least one of the user's email - addresses are whitelisted for a particular ccla signature. + addresses are allowlisted for a particular ccla signature. :param ccla_signature: The ccla signature to check against. :type ccla_signature: cla.models.Signature - :return: True if at least one email is whitelisted, False otherwise. + :return: True if at least one email is allowlisted, False otherwise. :rtype: bool """ fn = 'dynamo_models.is_approved' @@ -2051,7 +2051,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: # remove leading and trailing whitespace before checking emails emails = [email.strip() for email in emails] - # First, we check email whitelist + # First, we check email allowlist whitelist = ccla_signature.get_email_whitelist() cla.log.debug(f'{fn} - testing user emails: {emails} with ' f'CCLA approval emails: {whitelist}') @@ -2063,9 +2063,9 @@ def is_approved(self, ccla_signature: Signature) -> bool: cla.log.debug(f'{fn} - found user email in email approval list') return True else: - cla.log.debug(f'{fn} - no email whitelist match for user: {self}') + cla.log.debug(f'{fn} - no email allowlist match for user: {self}') - # Secondly, let's check domain whitelist + # Secondly, let's check domain allowlist # If a naked domain (e.g. google.com) is provided, we prefix it with '^.*@', # so that sub-domains are not allowed. # If a '*', '*.' or '.' prefix is provided, we replace the prefix with '.*\.', @@ -2083,7 +2083,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: cla.log.debug(f'{fn} - no domain approval patterns defined - ' 'skipping domain approval checks') - # Third and Forth, check github whitelists + # Third and Forth, check github allowlists github_username = self.get_user_github_username() github_id = self.get_user_github_id() @@ -2091,7 +2091,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: # Since usernames can be changed, if we have the github_id already - let's # lookup the username by id to see if they have changed their username # if the username is different, then we should reset the field to the - # new value - this will potentially change the github username whitelist + # new value - this will potentially change the github username allowlist # since the old username is already in the list # Attempt to fetch the github username based on the github id @@ -2117,7 +2117,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: github_username = github_username.strip() github_whitelist = ccla_signature.get_github_whitelist() cla.log.debug(f'{fn} - testing user github username: {github_username} with ' - f'CCLA github approval list: {github_whitelist}') + f'CCLA github approval list: {github_allowlist}') if github_whitelist is not None: # case insensitive search @@ -2184,7 +2184,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: gitlab_username = gitlab_username.strip() gitlab_whitelist = ccla_signature.get_gitlab_username_approval_list() cla.log.debug(f'{fn} - testing user github username: {gitlab_username} with ' - f'CCLA github approval list: {gitlab_whitelist}') + f'CCLA github approval list: {gitlab_allowlist}') if gitlab_whitelist is not None: # case insensitive search @@ -2213,7 +2213,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: except DoesNotExist as err: cla.log.debug(f'gitlab group with full path: {gl_name} does not exist: {err}') - cla.log.debug(f'{fn} - unable to find user in any whitelist') + cla.log.debug(f'{fn} - unable to find user in any allowlist') return False def get_users_by_company(self, company_id): @@ -2551,7 +2551,7 @@ class Meta: project_signature_external_id_index = SignatureProjectExternalIndex() signature_project_reference_index = SignatureProjectReferenceIndex() - # approval lists (previously called whitelists) are only used by CCLAs + # approval lists (previously called allowlists) are only used by CCLAs domain_whitelist = ListAttribute(null=True) email_whitelist = ListAttribute(null=True) github_whitelist = ListAttribute(null=True) @@ -2675,8 +2675,8 @@ def __str__(self): "reference type: {}, " "user cla company id: {}, signed: {}, signed_on: {}, signatory_name: {}, signing entity name: {}," "sigtype_signed_approved_id: {}, " - "approved: {}, embargo_acked: {}, domain whitelist: {}, " - "email whitelist: {}, github user whitelist: {}, github domain whitelist: {}, " + "approved: {}, embargo_acked: {}, domain allowlist: {}, " + "email allowlist: {}, github user allowlist: {}, github domain allowlist: {}, " "note: {},signature project external id: {}, signature company signatory id: {}, " "signature company signatory name: {}, signature company signatory email: {}," "signature company initial manager id: {}, signature company initial manager name: {}," @@ -2986,7 +2986,7 @@ def set_signature_company_initial_manager_email(self, signature_company_initial_ def set_signature_company_secondary_manager_list(self, signature_company_secondary_manager_list) -> None: self.model.signature_company_secondary_manager_list = signature_company_secondary_manager_list - # Remove leading and trailing whitespace for all items before setting whitelist + # Remove leading and trailing whitespace for all items before setting allowlist def set_domain_whitelist(self, domain_whitelist) -> None: self.model.domain_whitelist = [domain.strip() for domain in domain_whitelist] diff --git a/cla-backend/cla/models/event_types.py b/cla-backend/cla/models/event_types.py index b70574e7e..4c640e3a8 100644 --- a/cla-backend/cla/models/event_types.py +++ b/cla-backend/cla/models/event_types.py @@ -7,7 +7,7 @@ class EventType(Enum): """ Enumerator representing type of CLA events - across projects, users, signatures, whitelists + across projects, users, signatures, allowlists """ CreateUser = "Create User" UpdateUser = "Update User" diff --git a/cla-backend/cla/models/github_models.py b/cla-backend/cla/models/github_models.py index dac3c37af..f5b286813 100644 --- a/cla-backend/cla/models/github_models.py +++ b/cla-backend/cla/models/github_models.py @@ -1514,7 +1514,7 @@ def handle_commit_from_user( # projects like CNCF which significantly delays updating the GH PR status. # Revisit once we add more indexes to the table - # # Check to see if not found user is whitelisted to assist in triaging github comment + # # Check to see if not found user is allowlisted to assist in triaging github comment # # Search for the CCLA signatures for this project - wish we had a company ID to restrict the query... # signatures = cla.utils.get_signature_instance().get_signatures_by_project( # project.get_project_id(), @@ -1524,16 +1524,16 @@ def handle_commit_from_user( # # list_author_info = list(author_info) # for signature in signatures: - # if cla.utils.is_whitelisted( + # if cla.utils.is_allowlisted( # signature, # email=author_email, # github_id=author_id, # github_username=author_username # ): - # # Append whitelisted flag to the author info list + # # Append allowlisted flag to the author info list # cla.log.debug(f'Github user(id:{author_id}, ' # f'user: {author_username}, ' - # f'email {author_email}) is whitelisted but not a CLA user') + # f'email {author_email}) is allowlisted but not a CLA user') # list_author_info.append(True) # break # missing.append((commit_sha, list_author_info)) @@ -1877,7 +1877,7 @@ def update_pull_request( "github", str(installation_id), github_repository_id, pull_request.number, project_version ) - # check if unsigned user is whitelisted + # check if unsigned user is allowlisted if user_commit_summary.commit_sha != last_commit.sha: continue diff --git a/cla-backend/cla/models/model_interfaces.py b/cla-backend/cla/models/model_interfaces.py index 974429196..2f24b1774 100644 --- a/cla-backend/cla/models/model_interfaces.py +++ b/cla-backend/cla/models/model_interfaces.py @@ -1338,66 +1338,66 @@ def set_is_sanctioned(self, is_sanctioned): """ raise NotImplementedError() - def set_company_whitelist(self, whitelist): + def set_company_whitelist(self, allowlist): """ - Setter for an company's whitelisted domain names. + Setter for an company's allowlisted domain names. - :param whitelist: The list of domain names to mark as safe. + :param allowlist: The list of domain names to mark as safe. Example: ['ibm.com', 'ibm.ca'] - :type whitelist: list of strings + :type allowlist: list of strings """ raise NotImplementedError() - def add_company_whitelist(self, whitelist_item): + def add_company_whitelist(self, allowlist_item): """ - Adds another entry in the list of whitelisted domain names. + Adds another entry in the list of allowlisted domain names. Does not query the DB - save() will take care of that. - :param whitelist_item: A domain name to add to the whitelist of this company. - :type whitelist_item: string + :param allowlist_item: A domain name to add to the allowlist of this company. + :type allowlist_item: string """ raise NotImplementedError() - def remove_company_whitelist(self, whitelist_item): + def remove_company_whitelist(self, allowlist_item): """ - Removes an entry from the list of whitelisted domain names. + Removes an entry from the list of allowlisted domain names. Does not query the DB - save() will take care of that. - :param whitelist_item: A domain name to remove from the whitelist of this company. - :type whitelist_item: string + :param allowlist_item: A domain name to remove from the allowlist of this company. + :type allowlist_item: string """ raise NotImplementedError() - def set_company_whitelist_patterns(self, whitelist_patterns): + def set_company_whitelist_patterns(self, allowlist_patterns): """ - Setter for an company's whitelist regex patterns. + Setter for an company's allowlist regex patterns. - :param whitelist_patterns: The list of email patterns to exlude from signing. + :param allowlist_patterns: The list of email patterns to exlude from signing. Example: ['.*@ibm.co.uk$', '^info.*'] - :type whitelist_patterns: list of strings + :type allowlist_patterns: list of strings :todo: Need to actually test out those examples. """ raise NotImplementedError() - def add_company_whitelist_pattern(self, whitelist_pattern): + def add_company_whitelist_pattern(self, allowlist_pattern): """ - Adds another entry in the list of whitelistd patterns. + Adds another entry in the list of allowlistd patterns. Does not query the DB - save() will take care of that. - :param whitelist_pattern: A regex string to add to the excluded patterns of this company. - :type whitelist_pattern: string + :param allowlist_pattern: A regex string to add to the excluded patterns of this company. + :type allowlist_pattern: string """ raise NotImplementedError() - def remove_company_whitelist_pattern(self, whitelist_pattern): + def remove_company_whitelist_pattern(self, allowlist_pattern): """ - Removes an entry from the list of whitelisted domain names. + Removes an entry from the list of allowlisted domain names. Does not query the DB - save() will take care of that. - :param whitelist_pattern: A regex string to remove from the exluded patterns + :param allowlist_pattern: A regex string to remove from the exluded patterns of this company. - :type whitelist_pattern: string + :type allowlist_pattern: string """ raise NotImplementedError() @@ -2348,7 +2348,7 @@ def load(self, request_id): Simple abstraction around the supported ORMs to load a model Populates the current object. - :param request_id: The id of the ccla whitelist request + :param request_id: The id of the ccla allowlist request :type request_id: string """ raise NotImplementedError() diff --git a/cla-backend/cla/routes.py b/cla-backend/cla/routes.py index bbc56fa91..c4584bff0 100755 --- a/cla-backend/cla/routes.py +++ b/cla-backend/cla/routes.py @@ -170,7 +170,7 @@ def request_company_whitelist( DATA: {'user_email': , 'message': 'custom message to manager'} Performs the necessary actions (ie: send email to manager) when the specified user requests to - be added the the specified company's whitelist. + be added the the specified company's allowlist. """ return cla.controllers.user.request_company_whitelist( user_id, str(company_id), str(user_name), str(user_email), str(project_id), message, @@ -739,7 +739,7 @@ def put_company_whitelist_csv(body, auth_user: check_auth, company_id: hug.types """ PUT: /company/{company_id}/import/whitelist/csv - Imports a CSV file of whitelisted user emails. + Imports a CSV file of allowlisted user emails. Expects the first column to have a header in the first row and contain email addresses. """ # staff_verify(user) or company_manager_verify(user, company_id) diff --git a/cla-backend/cla/tests/unit/test_github.py b/cla-backend/cla/tests/unit/test_github.py index 1d4229cd4..7bac977a5 100644 --- a/cla-backend/cla/tests/unit/test_github.py +++ b/cla-backend/cla/tests/unit/test_github.py @@ -77,14 +77,14 @@ # assert response == expected -# def test_get_comment_body_whitelisted_missing_user(): +# def test_get_comment_body_allowlisted_missing_user(): # """ -# Test CLA comment body for case of a whitelisted user that has not confirmed affiliation +# Test CLA comment body for case of a allowlisted user that has not confirmed affiliation # """ -# is_whitelisted = True +# is_allowlisted = True # author = "foo" # signed = [] -# missing = [(GITHUB_FAKE_SHA, ["12", author, "foo@gmail.com", is_whitelisted])] +# missing = [(GITHUB_FAKE_SHA, ["12", author, "foo@gmail.com", is_allowlisted])] # response = get_comment_body("github", SIGN_URL, signed, missing) # expected = ( # f"
    • {author} ({' ,'.join([GITHUB_FAKE_SHA])}) " @@ -111,9 +111,9 @@ def test_get_comment_badge_with_no_user_id(): assert missing_id_badge in response -def test_comment_badge_with_missing_whitelisted_user(): +def test_comment_badge_with_missing_allowlisted_user(): """ - Test CLA badge for CLA fail check and whitelisted user + Test CLA badge for CLA fail check and allowlisted user """ confirmation_needed_badge = "cla-confirmation-needed.svg" response = get_comment_badge("github", False, SIGN_URL, "v1", missing_user_id=False, is_approved_by_manager=True) diff --git a/cla-backend/cla/tests/unit/test_github_controller.py b/cla-backend/cla/tests/unit/test_github_controller.py index 26fb2d71d..47bfbdf2b 100644 --- a/cla-backend/cla/tests/unit/test_github_controller.py +++ b/cla-backend/cla/tests/unit/test_github_controller.py @@ -302,12 +302,12 @@ class TestGitHubController(unittest.TestCase): "forks": 0, "open_issues": 0, "watchers": 0, - "default_branch": "master" + "default_branch": "main" } }, "base": { - "label": "grpc:master", - "ref": "master", + "label": "grpc:main", + "ref": "main", "sha": "9999999999999999999999999999999999999999", "user": { "login": "grpc", @@ -427,7 +427,7 @@ class TestGitHubController(unittest.TestCase): "forks": 5530, "open_issues": 886, "watchers": 23364, - "default_branch": "master" + "default_branch": "main" } }, "_links": { @@ -556,7 +556,7 @@ class TestGitHubController(unittest.TestCase): "forks": 5530, "open_issues": 886, "watchers": 23364, - "default_branch": "master" + "default_branch": "main" }, "organization": { "login": "grpc", diff --git a/cla-backend/cla/tests/unit/test_signature_controller.py b/cla-backend/cla/tests/unit/test_signature_controller.py index 86a9944e3..53eb70e15 100644 --- a/cla-backend/cla/tests/unit/test_signature_controller.py +++ b/cla-backend/cla/tests/unit/test_signature_controller.py @@ -51,7 +51,7 @@ def test_notify_whitelist_change(self): old_sig.set_github_whitelist([]) new_sig.set_github_whitelist(['githubuser']) - old_sig.set_email_whitelist(['whitelist.email@gmail.com']) + old_sig.set_email_whitelist(['allowlist.email@gmail.com']) new_sig.set_email_whitelist([]) old_sig.set_github_org_whitelist(['githuborg']) @@ -78,13 +78,13 @@ def test_notify_whitelist_change(self): self.assertNotIn('b.com', body) self.assertIn('d.com', body) self.assertIn('githubuser', body) - self.assertIn('whitelist.email@gmail.com', body) + self.assertIn('allowlist.email@gmail.com', body) self.assertNotIn('githuborg', body) # check email sent to contributor - removed email msg = snsClient.emails_sent[1] msg = json.loads(msg) self.assertEqual(msg['data']['subject'], 'EasyCLA: Approval List Update for Project') - self.assertEqual(msg['data']['recipients'], ['whitelist.email@gmail.com']) + self.assertEqual(msg['data']['recipients'], ['allowlist.email@gmail.com']) body = msg['data']['body'] self.assertIn('deleted', body) self.assertIn('Company', body) diff --git a/cla-backend/cla/tests/unit/test_utils.py b/cla-backend/cla/tests/unit/test_utils.py index d54ddfc91..8c342dec5 100644 --- a/cla-backend/cla/tests/unit/test_utils.py +++ b/cla-backend/cla/tests/unit/test_utils.py @@ -121,34 +121,34 @@ def test_lookup_github_organizations(self) -> None: organizations = cla.utils.lookup_github_organizations('dealakooooooooo') self.assertTrue('error' in organizations, 'Find 0 github organizations') - def test_is_whitelisted_for_email(self) -> None: + def test_is_allowlisted_for_email(self) -> None: """ - Test a given email to check if whitelisted against ccla_signature + Test a given email to check if allowlisted against ccla_signature """ signature = Signature() signature.get_email_whitelist = Mock(return_value={"foo@gmail.com"}) self.assertTrue(utils.is_approved(signature, email="foo@gmail.com")) self.assertFalse(utils.is_approved(signature, email="bar@gmail.com")) - def test_is_whitelisted_for_domain(self) -> None: + def test_is_allowlisted_for_domain(self) -> None: """ - Test a given email passes domain whitelist check against ccla_signature + Test a given email passes domain allowlist check against ccla_signature """ signature = Signature() signature.get_domain_whitelist = Mock(return_value=[".gmail.com"]) self.assertTrue(utils.is_approved(signature, email="random@gmail.com")) self.assertFalse(utils.is_approved(signature, email="foo@invalid.com")) - def test_is_whitelisted_for_github(self) -> None: + def test_is_allowlisted_for_github(self) -> None: """ - Test given github user passes github whitelist check against ccla_signature + Test given github user passes github allowlist check against ccla_signature """ signature = Signature() signature.get_github_whitelist = Mock(return_value=['foo']) self.assertTrue(utils.is_approved(signature, github_username='foo')) self.assertFalse(utils.is_approved(signature, github_username='bar')) - def test_is_whitelisted_for_github_org(self) -> None: + def test_is_allowlisted_for_github_org(self) -> None: """ Test given github user passes github org check against ccla_signature """ diff --git a/cla-backend/cla/utils.py b/cla-backend/cla/utils.py index cb0409b2c..93cc566dd 100644 --- a/cla-backend/cla/utils.py +++ b/cla-backend/cla/utils.py @@ -715,7 +715,7 @@ def user_signed_project_signature(user: User, project: Project) -> bool: ) return False - # Get CCLA signature of company to access whitelist + # Get CCLA signature of company to access allowlist cla.log.debug( f"{fn} - CCLA signature check - loading signed CCLA for project|company, " f"user: {user}, project_id: {project}, company_id: {company_id}" @@ -742,7 +742,7 @@ def user_signed_project_signature(user: User, project: Project) -> bool: if user.is_approved(signature): ccla_pass = True else: - # Set user signatures approved = false due to user failing whitelist checks + # Set user signatures approved = false due to user failing allowlist checks cla.log.debug( f"{fn} - user not in one of the approval lists - " "marking signature approved = false for " @@ -1734,18 +1734,18 @@ def update_github_username(github_user: dict, user: User): def is_approved(ccla_signature: Signature, email=None, github_username=None, github_id=None): """ Given either email, github username or github id a check is made against ccla signature to - check whether a given parameter is whitelisted . This check is vital for a first time user - who could have been whitelisted and has not confirmed affiliation + check whether a given parameter is allowlisted . This check is vital for a first time user + who could have been allowlisted and has not confirmed affiliation - :param ccla_signature: given signature used to check for ccla whitelists - :param email: email that is checked against ccla signature email whitelist - :param github_username: A given github username checked against ccla signature github/github-org whitelists - :param github_id: A given github id checked against ccla signature github/github-org whitelists + :param ccla_signature: given signature used to check for ccla allowlists + :param email: email that is checked against ccla signature email allowlist + :param github_username: A given github username checked against ccla signature github/github-org allowlists + :param github_id: A given github id checked against ccla signature github/github-org allowlists """ fn = "utils.is_approved" if email: - # Checking email whitelist + # Checking email allowlist whitelist = ccla_signature.get_email_whitelist() cla.log.debug(f"{fn} - testing email: {email} with CCLA approval list emails: {whitelist}") if whitelist is not None: @@ -1753,7 +1753,7 @@ def is_approved(ccla_signature: Signature, email=None, github_username=None, git cla.log.debug(f"{fn} found user email in email approval list") return True - # Checking domain whitelist + # Checking domain allowlist patterns = ccla_signature.get_domain_whitelist() cla.log.debug( f"{fn} - testing user email domain: {email} with " f"domain approval list values in database: {patterns}" @@ -1769,7 +1769,7 @@ def is_approved(ccla_signature: Signature, email=None, github_username=None, git if github_id: github_username = lookup_user_github_username(github_id) - # Github username whitelist + # Github username allowlist if github_username is not None: # remove leading and trailing whitespace from github username github_username = github_username.strip() diff --git a/cla-backend/helpers/add_company_whitelist.py b/cla-backend/helpers/add_company_allowlist.py similarity index 70% rename from cla-backend/helpers/add_company_whitelist.py rename to cla-backend/helpers/add_company_allowlist.py index e1c18a9ee..0054a49be 100644 --- a/cla-backend/helpers/add_company_whitelist.py +++ b/cla-backend/helpers/add_company_allowlist.py @@ -11,16 +11,16 @@ sys.path.append('../') if len(sys.argv) != 2: - print('Usage: python3 add_company_whitelist.py ') + print('Usage: python3 add_company_allowlist.py ') exit() -whitelist = sys.argv[1] +allowlist = sys.argv[1] import cla from cla.utils import get_company_instance -cla.log.info('Adding whitelist item to all companies: %s', whitelist) +cla.log.info('Adding allowlist item to all companies: %s', allowlist) # User companies = get_company_instance().all() for company in companies: - company.add_company_whitelist(whitelist) + company.add_company_whitelist(allowlist) company.save() diff --git a/cla-next.md b/cla-next.md index 2a4c2c074..573d0198e 100644 --- a/cla-next.md +++ b/cla-next.md @@ -2,7 +2,7 @@ This project was bootstrapped with [Create Next App](https://github.com/segmentio/create-next-app). -Find the most recent version of this guide at [here](https://github.com/segmentio/create-next-app/blob/master/lib/templates/default/README.md). And check out [Next.js repo](https://github.com/zeit/next.js) for the most up-to-date info. +Find the most recent version of this guide at [here](https://github.com/segmentio/create-next-app/blob/main/lib/templates/default/README.md). And check out [Next.js repo](https://github.com/zeit/next.js) for the most up-to-date info. ## Table of Contents @@ -229,5 +229,5 @@ You can find more details about [`now` here](https://zeit.co/now). ## Something Missing? -If you have ideas for how we could improve this readme or the project in general, [let us know](https://github.com/segmentio/create-next-app/issues) or [contribute some!](https://github.com/segmentio/create-next-app/edit/master/lib/templates/default/README.md) +If you have ideas for how we could improve this readme or the project in general, [let us know](https://github.com/segmentio/create-next-app/issues) or [contribute some!](https://github.com/segmentio/create-next-app/edit/main/lib/templates/default/README.md) diff --git a/dev.md b/dev.md index 992e647cd..c57003319 100644 --- a/dev.md +++ b/dev.md @@ -25,7 +25,7 @@ For all other folders which use node, use version 12.x+. In order to quickly switch between node versions, we recommend you use [Node Version Manager - nvm](https://github.com/nvm-sh/nvm). The CircleCI -[build configuration](https://github.com/linuxfoundation/easycla/blob/master/.circleci/config.yml) +[build configuration](https://github.com/linuxfoundation/easycla/blob/main/.github/workflows/build-pr.yml). uses this approach to switch between node versions within the build andx deployment. From 56f8478571706d3daa0b315bc8cfaea7efedc091 Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Tue, 5 Aug 2025 08:16:20 +0200 Subject: [PATCH 3/7] Fix failing build Signed-off-by: Lukasz Gryglicki --- cla-backend-go/signatures/mocks/mock_service.go | 4 ++-- cla-backend-go/signatures/service.go | 8 ++++---- cla-backend-go/v2/signatures/handlers.go | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/cla-backend-go/signatures/mocks/mock_service.go b/cla-backend-go/signatures/mocks/mock_service.go index 01284a77b..938bc0a4a 100644 --- a/cla-backend-go/signatures/mocks/mock_service.go +++ b/cla-backend-go/signatures/mocks/mock_service.go @@ -57,7 +57,7 @@ func (mr *MockSignatureServiceMockRecorder) AddCLAManager(ctx, signatureID, claM } // AddGithubOrganizationToApprovalList mocks base method. -func (m *MockSignatureService) AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) { +func (m *MockSignatureService) AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "AddGithubOrganizationToApprovalList", ctx, signatureID, approvalListParams, githubAccessToken) ret0, _ := ret[0].([]models.GithubOrg) @@ -116,7 +116,7 @@ func (mr *MockSignatureServiceMockRecorder) CreateSignature(ctx, signature inter } // DeleteGithubOrganizationFromApprovalList mocks base method. -func (m *MockSignatureService) DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) { +func (m *MockSignatureService) DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) { m.ctrl.T.Helper() ret := m.ctrl.Call(m, "DeleteGithubOrganizationFromApprovalList", ctx, signatureID, approvalListParams, githubAccessToken) ret0, _ := ret[0].([]models.GithubOrg) diff --git a/cla-backend-go/signatures/service.go b/cla-backend-go/signatures/service.go index 8365fd01c..50eed6594 100644 --- a/cla-backend-go/signatures/service.go +++ b/cla-backend-go/signatures/service.go @@ -61,8 +61,8 @@ type SignatureService interface { HasUserSigned(ctx context.Context, user *models.User, projectID string) (*bool, *bool, error) GetGithubOrganizationsFromApprovalList(ctx context.Context, signatureID string, githubAccessToken string) ([]models.GithubOrg, error) - AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) - DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) + AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) + DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) UpdateApprovalList(ctx context.Context, authUser *auth.User, claGroupModel *models.ClaGroup, companyModel *models.Company, claGroupID string, params *models.ApprovalList, projectSFID string) (*models.Signature, error) AddCLAManager(ctx context.Context, signatureID, claManagerID string) (*models.Signature, error) @@ -319,7 +319,7 @@ func (s service) GetGithubOrganizationsFromApprovalList(ctx context.Context, sig } // AddGithubOrganizationToApprovalList adds the GH organization to the approval list -func (s service) AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) { +func (s service) AddGithubOrganizationToApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) { organizationID := approvalListParams.OrganizationID if signatureID == "" { @@ -389,7 +389,7 @@ func (s service) AddGithubOrganizationToApprovalList(ctx context.Context, signat } // DeleteGithubOrganizationFromApprovalList deletes the specified GH organization from the approval list -func (s service) DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgWhitelist, githubAccessToken string) ([]models.GithubOrg, error) { +func (s service) DeleteGithubOrganizationFromApprovalList(ctx context.Context, signatureID string, approvalListParams models.GhOrgAllowlist, githubAccessToken string) ([]models.GithubOrg, error) { // Extract the payload values organizationID := approvalListParams.OrganizationID diff --git a/cla-backend-go/v2/signatures/handlers.go b/cla-backend-go/v2/signatures/handlers.go index 127ace233..a3c1e01f2 100644 --- a/cla-backend-go/v2/signatures/handlers.go +++ b/cla-backend-go/v2/signatures/handlers.go @@ -246,7 +246,7 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj githubAccessToken = "" } - input := v1Models.GhOrgWhitelist{} + input := v1Models.GhOrgAllowlist{} err = copier.Copy(&input, ¶ms.Body) if err != nil { return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) @@ -314,7 +314,7 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj githubAccessToken = "" } - input := v1Models.GhOrgWhitelist{} + input := v1Models.GhOrgAllowlist{} err = copier.Copy(&input, ¶ms.Body) if err != nil { return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) From 19b8aa47fc575abdea64488f840ec6b8e496c7c0 Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Tue, 5 Aug 2025 14:55:42 +0200 Subject: [PATCH 4/7] Golang ported Signed-off-by: Lukasz Gryglicki --- cla-backend-go/approval_list/handlers.go | 52 +++++++++---------- cla-backend-go/approval_list/helpers.go | 10 ++-- cla-backend-go/approval_list/models.go | 4 +- cla-backend-go/approval_list/repository.go | 12 ++--- cla-backend-go/approval_list/service.go | 12 ++--- cla-backend-go/signatures/constants.go | 8 +-- cla-backend-go/signatures/handlers.go | 24 ++++----- cla-backend-go/signatures/repository.go | 4 +- cla-backend-go/swagger/cla.v1.yaml | 34 ++++++------ cla-backend-go/swagger/cla.v2.yaml | 6 +-- cla-backend-go/v2/dynamo_events/signatures.go | 8 +-- cla-backend-go/v2/signatures/handlers.go | 40 +++++++------- 12 files changed, 107 insertions(+), 107 deletions(-) diff --git a/cla-backend-go/approval_list/handlers.go b/cla-backend-go/approval_list/handlers.go index 069399e08..ff926f607 100644 --- a/cla-backend-go/approval_list/handlers.go +++ b/cla-backend-go/approval_list/handlers.go @@ -23,13 +23,13 @@ import ( // Configure setups handlers on api with service func Configure(api *operations.ClaAPI, service IService, sessionStore *dynastore.Store, signatureService signatures.SignatureService, eventsService events.Service) { - api.CompanyAddCclaWhitelistRequestHandler = company.AddCclaWhitelistRequestHandlerFunc( - func(params company.AddCclaWhitelistRequestParams) middleware.Responder { + api.CompanyAddCclaAllowlistRequestHandler = company.AddCclaAllowlistRequestHandlerFunc( + func(params company.AddCclaAllowlistRequestParams) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint requestID, err := service.AddCclaApprovalListRequest(ctx, params.CompanyID, params.ProjectID, params.Body) if err != nil { - return company.NewAddCclaWhitelistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return company.NewAddCclaAllowlistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } eventsService.LogEventWithContext(ctx, &events.LogEventArgs{ @@ -40,16 +40,16 @@ func Configure(api *operations.ClaAPI, service IService, sessionStore *dynastore EventData: &events.CCLAApprovalListRequestCreatedEventData{RequestID: requestID}, }) - return company.NewAddCclaWhitelistRequestOK().WithXRequestID(reqID) + return company.NewAddCclaAllowlistRequestOK().WithXRequestID(reqID) }) - api.CompanyApproveCclaWhitelistRequestHandler = company.ApproveCclaWhitelistRequestHandlerFunc( - func(params company.ApproveCclaWhitelistRequestParams, claUser *user.CLAUser) middleware.Responder { + api.CompanyApproveCclaAllowlistRequestHandler = company.ApproveCclaAllowlistRequestHandlerFunc( + func(params company.ApproveCclaAllowlistRequestParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint err := service.ApproveCclaApprovalListRequest(ctx, claUser, params.CompanyID, params.ProjectID, params.RequestID) if err != nil { - return company.NewApproveCclaWhitelistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return company.NewApproveCclaAllowlistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } eventsService.LogEventWithContext(ctx, &events.LogEventArgs{ @@ -60,16 +60,16 @@ func Configure(api *operations.ClaAPI, service IService, sessionStore *dynastore EventData: &events.CCLAApprovalListRequestApprovedEventData{RequestID: params.RequestID}, }) - return company.NewApproveCclaWhitelistRequestOK().WithXRequestID(reqID) + return company.NewApproveCclaAllowlistRequestOK().WithXRequestID(reqID) }) - api.CompanyRejectCclaWhitelistRequestHandler = company.RejectCclaWhitelistRequestHandlerFunc( - func(params company.RejectCclaWhitelistRequestParams, claUser *user.CLAUser) middleware.Responder { + api.CompanyRejectCclaAllowlistRequestHandler = company.RejectCclaAllowlistRequestHandlerFunc( + func(params company.RejectCclaAllowlistRequestParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint err := service.RejectCclaApprovalListRequest(ctx, params.CompanyID, params.ProjectID, params.RequestID) if err != nil { - return company.NewRejectCclaWhitelistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return company.NewRejectCclaAllowlistRequestBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } eventsService.LogEventWithContext(ctx, &events.LogEventArgs{ @@ -80,33 +80,33 @@ func Configure(api *operations.ClaAPI, service IService, sessionStore *dynastore EventData: &events.CCLAApprovalListRequestRejectedEventData{RequestID: params.RequestID}, }) - return company.NewRejectCclaWhitelistRequestOK().WithXRequestID(reqID) + return company.NewRejectCclaAllowlistRequestOK().WithXRequestID(reqID) }) - api.CompanyListCclaWhitelistRequestsHandler = company.ListCclaWhitelistRequestsHandlerFunc( - func(params company.ListCclaWhitelistRequestsParams, claUser *user.CLAUser) middleware.Responder { + api.CompanyListCclaAllowlistRequestsHandler = company.ListCclaAllowlistRequestsHandlerFunc( + func(params company.ListCclaAllowlistRequestsParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint f := logrus.Fields{ - "functionName": "CompanyListCclaWhitelistRequestsHandler", + "functionName": "CompanyListCclaAllowlistRequestsHandler", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), } log.WithFields(f).Debugf("Invoking ListCclaApprovalListRequests with Company ID: %+v, Project ID: %+v, Status: %+v", params.CompanyID, params.ProjectID, params.Status) result, err := service.ListCclaApprovalListRequest(params.CompanyID, params.ProjectID, params.Status) if err != nil { - return company.NewListCclaWhitelistRequestsBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return company.NewListCclaAllowlistRequestsBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } - return company.NewListCclaWhitelistRequestsOK().WithXRequestID(reqID).WithPayload(result) + return company.NewListCclaAllowlistRequestsOK().WithXRequestID(reqID).WithPayload(result) }) - api.CompanyListCclaWhitelistRequestsByCompanyAndProjectHandler = company.ListCclaWhitelistRequestsByCompanyAndProjectHandlerFunc( - func(params company.ListCclaWhitelistRequestsByCompanyAndProjectParams, claUser *user.CLAUser) middleware.Responder { + api.CompanyListCclaAllowlistRequestsByCompanyAndProjectHandler = company.ListCclaAllowlistRequestsByCompanyAndProjectHandlerFunc( + func(params company.ListCclaAllowlistRequestsByCompanyAndProjectParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint f := logrus.Fields{ - "functionName": "v1.approval_list.handlers.CompanyListCclaWhitelistRequestsByCompanyAndProjectHandler", + "functionName": "v1.approval_list.handlers.CompanyListCclaAllowlistRequestsByCompanyAndProjectHandler", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), "companyID": params.CompanyID, "projectID": params.ProjectID, @@ -120,22 +120,22 @@ func Configure(api *operations.ClaAPI, service IService, sessionStore *dynastore params.CompanyID, params.ProjectID, params.Status) result, err := service.ListCclaApprovalListRequestByCompanyProjectUser(params.CompanyID, ¶ms.ProjectID, params.Status, nil) if err != nil { - return company.NewListCclaWhitelistRequestsByCompanyAndProjectBadRequest().WithPayload(errorResponse(err)) + return company.NewListCclaAllowlistRequestsByCompanyAndProjectBadRequest().WithPayload(errorResponse(err)) } - return company.NewListCclaWhitelistRequestsByCompanyAndProjectOK().WithPayload(result) + return company.NewListCclaAllowlistRequestsByCompanyAndProjectOK().WithPayload(result) }) - api.CompanyListCclaWhitelistRequestsByCompanyAndProjectAndUserHandler = company.ListCclaWhitelistRequestsByCompanyAndProjectAndUserHandlerFunc( - func(params company.ListCclaWhitelistRequestsByCompanyAndProjectAndUserParams, claUser *user.CLAUser) middleware.Responder { + api.CompanyListCclaAllowlistRequestsByCompanyAndProjectAndUserHandler = company.ListCclaAllowlistRequestsByCompanyAndProjectAndUserHandlerFunc( + func(params company.ListCclaAllowlistRequestsByCompanyAndProjectAndUserParams, claUser *user.CLAUser) middleware.Responder { log.Debugf("Invoking ListCclaApprovalListRequestByCompanyProjectUser with Company ID: %+v, Project ID: %+v, Status: %+v, User: %+v", params.CompanyID, params.ProjectID, params.Status, claUser.LFUsername) result, err := service.ListCclaApprovalListRequestByCompanyProjectUser(params.CompanyID, ¶ms.ProjectID, params.Status, &claUser.LFUsername) if err != nil { - return company.NewListCclaWhitelistRequestsByCompanyAndProjectAndUserBadRequest().WithPayload(errorResponse(err)) + return company.NewListCclaAllowlistRequestsByCompanyAndProjectAndUserBadRequest().WithPayload(errorResponse(err)) } - return company.NewListCclaWhitelistRequestsByCompanyAndProjectAndUserOK().WithPayload(result) + return company.NewListCclaAllowlistRequestsByCompanyAndProjectAndUserOK().WithPayload(result) }) } diff --git a/cla-backend-go/approval_list/helpers.go b/cla-backend-go/approval_list/helpers.go index 2f159b852..3be86e3a5 100644 --- a/cla-backend-go/approval_list/helpers.go +++ b/cla-backend-go/approval_list/helpers.go @@ -12,11 +12,11 @@ import ( log "github.com/linuxfoundation/easycla/cla-backend-go/logging" ) -// buildCclaWhitelistRequestsModels builds the request models -func buildCclaWhitelistRequestsModels(results *dynamodb.QueryOutput) ([]models.CclaWhitelistRequest, error) { - requests := make([]models.CclaWhitelistRequest, 0) +// buildCclaAllowlistRequestsModels builds the request models +func buildCclaAllowlistRequestsModels(results *dynamodb.QueryOutput) ([]models.CclaAllowlistRequest, error) { + requests := make([]models.CclaAllowlistRequest, 0) - var itemRequests []CclaWhitelistRequest + var itemRequests []CclaAllowlistRequest err := dynamodbattribute.UnmarshalListOfMaps(results.Items, &itemRequests) if err != nil { @@ -25,7 +25,7 @@ func buildCclaWhitelistRequestsModels(results *dynamodb.QueryOutput) ([]models.C return nil, err } for _, r := range itemRequests { - requests = append(requests, models.CclaWhitelistRequest{ + requests = append(requests, models.CclaAllowlistRequest{ CompanyID: r.CompanyID, CompanyName: r.CompanyName, DateCreated: r.DateCreated, diff --git a/cla-backend-go/approval_list/models.go b/cla-backend-go/approval_list/models.go index d1ba671ce..716bf4dd3 100644 --- a/cla-backend-go/approval_list/models.go +++ b/cla-backend-go/approval_list/models.go @@ -23,8 +23,8 @@ type CLARequestModel struct { Version string `dynamodbav:"version"` } -// CclaWhitelistRequest data model -type CclaWhitelistRequest struct { +// CclaAllowlistRequest data model +type CclaAllowlistRequest struct { RequestID string `dynamodbav:"request_id"` RequestStatus string `dynamodbav:"request_status"` CompanyID string `dynamodbav:"company_id"` diff --git a/cla-backend-go/approval_list/repository.go b/cla-backend-go/approval_list/repository.go index bcd579356..49eee1920 100644 --- a/cla-backend-go/approval_list/repository.go +++ b/cla-backend-go/approval_list/repository.go @@ -24,9 +24,9 @@ import ( ) const ( - // Version is version of CclaWhitelistRequest + // Version is version of CclaAllowlistRequest Version = "v1" - // StatusPending is status of CclaWhitelistRequest + // StatusPending is status of CclaAllowlistRequest StatusPending = "pending" // ProjectIDIndex is the index for for the project_id secondary index @@ -39,7 +39,7 @@ type IRepository interface { GetCclaApprovalListRequest(requestID string) (*CLARequestModel, error) ApproveCclaApprovalListRequest(requestID string) error RejectCclaApprovalListRequest(requestID string) error - ListCclaApprovalListRequests(companyID string, projectID, status, userID *string) (*models.CclaWhitelistRequestList, error) + ListCclaApprovalListRequests(companyID string, projectID, status, userID *string) (*models.CclaAllowlistRequestList, error) GetRequestsByCLAGroup(claGroupID string) ([]CLARequestModel, error) UpdateRequestsByCLAGroup(model *models2.DBProjectModel) error } @@ -214,7 +214,7 @@ func (repo repository) RejectCclaApprovalListRequest(requestID string) error { } // ListCclaApprovalListRequests list the requests for the specified query parameters -func (repo repository) ListCclaApprovalListRequests(companyID string, projectID, status, userID *string) (*models.CclaWhitelistRequestList, error) { +func (repo repository) ListCclaApprovalListRequests(companyID string, projectID, status, userID *string) (*models.CclaAllowlistRequestList, error) { f := logrus.Fields{ "functionName": "v1.approval_list.repository.ListCclaApprovalListRequests", "companyID": companyID, @@ -282,13 +282,13 @@ func (repo repository) ListCclaApprovalListRequests(companyID string, projectID, return nil, queryErr } - list, err := buildCclaWhitelistRequestsModels(queryOutput) + list, err := buildCclaAllowlistRequestsModels(queryOutput) if err != nil { log.WithFields(f).WithError(err).Warnf("unmarshall requests error while decoding the response, error: %+v", err) return nil, err } - return &models.CclaWhitelistRequestList{List: list}, nil + return &models.CclaAllowlistRequestList{List: list}, nil } // GetRequestsByCLAGroup retrieves a list of requests for the specified CLA Group diff --git a/cla-backend-go/approval_list/service.go b/cla-backend-go/approval_list/service.go index ba8e2b3a6..6d1bed4c4 100644 --- a/cla-backend-go/approval_list/service.go +++ b/cla-backend-go/approval_list/service.go @@ -42,11 +42,11 @@ const ( // IService interface defines the service methods/functions type IService interface { - AddCclaApprovalListRequest(ctx context.Context, companyID string, claGroupID string, args models.CclaWhitelistRequestInput) (string, error) + AddCclaApprovalListRequest(ctx context.Context, companyID string, claGroupID string, args models.CclaAllowlistRequestInput) (string, error) ApproveCclaApprovalListRequest(ctx context.Context, claUser *user.CLAUser, ClacompanyID, claGroupID, requestID string) error RejectCclaApprovalListRequest(ctx context.Context, companyID, claGroupID, requestID string) error - ListCclaApprovalListRequest(companyID string, claGroupID, status *string) (*models.CclaWhitelistRequestList, error) - ListCclaApprovalListRequestByCompanyProjectUser(companyID string, claGroupID, status, userID *string) (*models.CclaWhitelistRequestList, error) + ListCclaApprovalListRequest(companyID string, claGroupID, status *string) (*models.CclaAllowlistRequestList, error) + ListCclaApprovalListRequestByCompanyProjectUser(companyID string, claGroupID, status, userID *string) (*models.CclaAllowlistRequestList, error) } type service struct { @@ -78,7 +78,7 @@ func NewService(repo IRepository, projectsCLAGroupRepository projects_cla_groups } } -func (s service) AddCclaApprovalListRequest(ctx context.Context, companyID string, claGroupID string, args models.CclaWhitelistRequestInput) (string, error) { +func (s service) AddCclaApprovalListRequest(ctx context.Context, companyID string, claGroupID string, args models.CclaAllowlistRequestInput) (string, error) { f := logrus.Fields{ "functionName": "v1.approval_list.service.AddCclaApprovalListRequest", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), @@ -302,12 +302,12 @@ func (s service) RejectCclaApprovalListRequest(ctx context.Context, companyID, c } // ListCclaApprovalListRequest is the handler for the list CLA request -func (s service) ListCclaApprovalListRequest(companyID string, claGroupID, status *string) (*models.CclaWhitelistRequestList, error) { +func (s service) ListCclaApprovalListRequest(companyID string, claGroupID, status *string) (*models.CclaAllowlistRequestList, error) { return s.repo.ListCclaApprovalListRequests(companyID, claGroupID, status, nil) } // ListCclaApprovalListRequestByCompanyProjectUser is the handler for the list CLA request -func (s service) ListCclaApprovalListRequestByCompanyProjectUser(companyID string, claGroupID, status, userID *string) (*models.CclaWhitelistRequestList, error) { +func (s service) ListCclaApprovalListRequestByCompanyProjectUser(companyID string, claGroupID, status, userID *string) (*models.CclaAllowlistRequestList, error) { return s.repo.ListCclaApprovalListRequests(companyID, claGroupID, status, userID) } diff --git a/cla-backend-go/signatures/constants.go b/cla-backend-go/signatures/constants.go index 1e2de9f07..20a4aaf0b 100644 --- a/cla-backend-go/signatures/constants.go +++ b/cla-backend-go/signatures/constants.go @@ -4,16 +4,16 @@ package signatures // SignatureEmailApprovalListColumn is the name of the signature column for the email approval list -const SignatureEmailApprovalListColumn = "email_whitelist" // TODO: rename column to email_approval_list +const SignatureEmailApprovalListColumn = "email_whitelist" // TODO: rename column to email_allowlist // SignatureDomainApprovalListColumn is the name of the signature column for the domain approval list -const SignatureDomainApprovalListColumn = "domain_whitelist" // TODO: rename column to domain_approval_list +const SignatureDomainApprovalListColumn = "domain_whitelist" // TODO: rename column to domain_allowlist // SignatureGitHubUsernameApprovalListColumn is the name of the signature column for the GitHub username approval list -const SignatureGitHubUsernameApprovalListColumn = "github_whitelist" // TODO: rename column to github_username_approval_list +const SignatureGitHubUsernameApprovalListColumn = "github_whitelist" // TODO: rename column to github_username_allowlist // SignatureGitHubOrgApprovalListColumn is the name of the signature column for the GitHub organization approval list -const SignatureGitHubOrgApprovalListColumn = "github_org_whitelist" // TODO: rename column to github_org_approval_list +const SignatureGitHubOrgApprovalListColumn = "github_org_whitelist" // TODO: rename column to github_org_allowlist // SignatureGitlabUsernameApprovalListColumn is the name of the signature column for gitlab username approval lists const SignatureGitlabUsernameApprovalListColumn = "gitlab_username_approval_list" diff --git a/cla-backend-go/signatures/handlers.go b/cla-backend-go/signatures/handlers.go index 9af1e6674..c307e2079 100644 --- a/cla-backend-go/signatures/handlers.go +++ b/cla-backend-go/signatures/handlers.go @@ -162,13 +162,13 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d }) // Retrieve GitHub Approval List Entries - api.SignaturesGetGitHubOrgWhitelistHandler = signatures.GetGitHubOrgWhitelistHandlerFunc(func(params signatures.GetGitHubOrgWhitelistParams, claUser *user.CLAUser) middleware.Responder { + api.SignaturesGetGitHubOrgAllowlistHandler = signatures.GetGitHubOrgAllowlistHandlerFunc(func(params signatures.GetGitHubOrgAllowlistParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewGetGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewGetGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -181,20 +181,20 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d if err != nil { log.Warnf("error fetching github organization approval list entries v using signature_id: %s, error: %+v", params.SignatureID, err) - return signatures.NewGetGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewGetGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } - return signatures.NewGetGitHubOrgWhitelistOK().WithXRequestID(reqID).WithPayload(ghApprovalList) + return signatures.NewGetGitHubOrgAllowlistOK().WithXRequestID(reqID).WithPayload(ghApprovalList) }) // Add GitHub Approval List Entries - api.SignaturesAddGitHubOrgWhitelistHandler = signatures.AddGitHubOrgWhitelistHandlerFunc(func(params signatures.AddGitHubOrgWhitelistParams, claUser *user.CLAUser) middleware.Responder { + api.SignaturesAddGitHubOrgAllowlistHandler = signatures.AddGitHubOrgAllowlistHandlerFunc(func(params signatures.AddGitHubOrgAllowlistParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -207,7 +207,7 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d if err != nil { log.Warnf("error adding github organization %s using signature_id: %s to the allowlist, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } // Create an event @@ -233,18 +233,18 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d }, }) - return signatures.NewAddGitHubOrgWhitelistOK().WithXRequestID(reqID).WithPayload(ghApprovalList) + return signatures.NewAddGitHubOrgAllowlistOK().WithXRequestID(reqID).WithPayload(ghApprovalList) }) // Delete GitHub Approval List Entries - api.SignaturesDeleteGitHubOrgWhitelistHandler = signatures.DeleteGitHubOrgWhitelistHandlerFunc(func(params signatures.DeleteGitHubOrgWhitelistParams, claUser *user.CLAUser) middleware.Responder { + api.SignaturesDeleteGitHubOrgAllowlistHandler = signatures.DeleteGitHubOrgAllowlistHandlerFunc(func(params signatures.DeleteGitHubOrgAllowlistParams, claUser *user.CLAUser) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -257,7 +257,7 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d if err != nil { log.Warnf("error deleting github organization %s using signature_id: %s from the allowlist, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(err)) } // Create an event @@ -284,7 +284,7 @@ func Configure(api *operations.ClaAPI, service SignatureService, sessionStore *d }, }) - return signatures.NewDeleteGitHubOrgWhitelistNoContent().WithXRequestID(reqID).WithPayload(ghApprovalList) + return signatures.NewDeleteGitHubOrgAllowlistNoContent().WithXRequestID(reqID).WithPayload(ghApprovalList) }) // Get Project Signatures diff --git a/cla-backend-go/signatures/repository.go b/cla-backend-go/signatures/repository.go index 533827698..36c8166e7 100644 --- a/cla-backend-go/signatures/repository.go +++ b/cla-backend-go/signatures/repository.go @@ -459,7 +459,7 @@ func (repo repository) AddGithubOrganizationToApprovalList(ctx context.Context, itemFromMap, ok := result.Item["github_org_whitelist"] if !ok { - log.WithFields(f).Debugf("signatureID: %s is missing the 'github_org_whitelist' column - will add", signatureID) + log.WithFields(f).Debugf("signatureID: %s is missing the 'github_org_allowlist' column - will add", signatureID) itemFromMap = &dynamodb.AttributeValue{} } @@ -552,7 +552,7 @@ func (repo repository) DeleteGithubOrganizationFromApprovalList(ctx context.Cont if !ok { log.WithFields(f).Warnf("unable to remove github organization approval list entry: %s for signature: %s - list is empty", GitHubOrganizationID, signatureID) - return nil, errors.New("no github_org_whitelist column") + return nil, errors.New("no github_org_allowlist column") } // generate new List L without element to be deleted diff --git a/cla-backend-go/swagger/cla.v1.yaml b/cla-backend-go/swagger/cla.v1.yaml index b6c4951be..5b9e8d7e6 100644 --- a/cla-backend-go/swagger/cla.v1.yaml +++ b/cla-backend-go/swagger/cla.v1.yaml @@ -629,7 +629,7 @@ paths: summary: Get GitHub Organization Approval List Entries security: - OauthSecurity: [ ] - operationId: getGitHubOrgWhitelist + operationId: getGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - name: signatureID @@ -661,7 +661,7 @@ paths: summary: Delete GitHub Organization Approval List Entry security: - OauthSecurity: [ ] - operationId: deleteGitHubOrgWhitelist + operationId: deleteGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - name: signatureID @@ -697,7 +697,7 @@ paths: summary: Update GitHub Organization Approval List Entries security: - OauthSecurity: [ ] - operationId: addGitHubOrgWhitelist + operationId: addGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - name: signatureID @@ -1467,7 +1467,7 @@ paths: security: - OauthSecurity: - user - operationId: listCclaWhitelistRequestsByCompanyAndProject + operationId: listCclaAllowlistRequestsByCompanyAndProject parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1484,7 +1484,7 @@ paths: type: string description: The unique request ID value - assigned/set by the API Gateway based on the session schema: - $ref: '#/definitions/ccla-whitelist-request-list' + $ref: '#/definitions/ccla-allowlist-request-list' '400': $ref: '#/responses/invalid-request' '401': @@ -1498,7 +1498,7 @@ paths: post: summary: Create Project Company Approval List Entries security: [ ] - operationId: addCclaWhitelistRequest + operationId: addCclaAllowlistRequest parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1506,7 +1506,7 @@ paths: - in: body name: body schema: - $ref: '#/definitions/ccla-whitelist-request-input' + $ref: '#/definitions/ccla-allowlist-request-input' required: true responses: '200': @@ -1532,7 +1532,7 @@ paths: security: - OauthSecurity: - user - operationId: listCclaWhitelistRequestsByCompanyAndProjectAndUser + operationId: listCclaAllowlistRequestsByCompanyAndProjectAndUser parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1550,7 +1550,7 @@ paths: type: string description: The unique request ID value - assigned/set by the API Gateway based on the session schema: - $ref: '#/definitions/ccla-whitelist-request-list' + $ref: '#/definitions/ccla-allowlist-request-list' '400': $ref: '#/responses/invalid-request' '401': @@ -1568,7 +1568,7 @@ paths: security: - OauthSecurity: - company - operationId: approveCclaWhitelistRequest + operationId: approveCclaAllowlistRequest parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1601,7 +1601,7 @@ paths: security: - OauthSecurity: - company - operationId: rejectCclaWhitelistRequest + operationId: rejectCclaAllowlistRequest parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1634,7 +1634,7 @@ paths: security: - OauthSecurity: - user - operationId: listCclaWhitelistRequests + operationId: listCclaAllowlistRequests parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/path-companyID" @@ -1651,7 +1651,7 @@ paths: type: string description: The unique request ID value - assigned/set by the API Gateway based on the session schema: - $ref: '#/definitions/ccla-whitelist-request-list' + $ref: '#/definitions/ccla-allowlist-request-list' '400': $ref: '#/responses/invalid-request' '401': @@ -3005,7 +3005,7 @@ definitions: approval-list: $ref: './common/signature-approval-list.yaml' - ccla-whitelist-request-input: + ccla-allowlist-request-input: type: object x-nullable: false title: Ccla allowlist request input @@ -3024,16 +3024,16 @@ definitions: message: type: string - ccla-whitelist-request-list: + ccla-allowlist-request-list: type: object properties: list: type: array items: - $ref: '#/definitions/ccla-whitelist-request' + $ref: '#/definitions/ccla-allowlist-request' - ccla-whitelist-request: + ccla-allowlist-request: type: object x-nullable: false title: Ccla allowlist request diff --git a/cla-backend-go/swagger/cla.v2.yaml b/cla-backend-go/swagger/cla.v2.yaml index 59492b5cf..14caed919 100644 --- a/cla-backend-go/swagger/cla.v2.yaml +++ b/cla-backend-go/swagger/cla.v2.yaml @@ -3076,7 +3076,7 @@ paths: get: summary: Signature Update description: Updates the specified signature GitHub Organization approval list - operationId: getGitHubOrgWhitelist + operationId: getGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/x-acl" @@ -3110,7 +3110,7 @@ paths: delete: summary: Signature Delete description: Deletes the specified signature GitHub organization approval list - operationId: deleteGitHubOrgWhitelist + operationId: deleteGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/x-acl" @@ -3148,7 +3148,7 @@ paths: post: summary: Signature Update description: Updates the specified signature GitHub organization approval list - operationId: addGitHubOrgWhitelist + operationId: addGitHubOrgAllowlist parameters: - $ref: "#/parameters/x-request-id" - $ref: "#/parameters/x-acl" diff --git a/cla-backend-go/v2/dynamo_events/signatures.go b/cla-backend-go/v2/dynamo_events/signatures.go index 7fa05c40e..17c81f5aa 100644 --- a/cla-backend-go/v2/dynamo_events/signatures.go +++ b/cla-backend-go/v2/dynamo_events/signatures.go @@ -51,10 +51,10 @@ type Signature struct { SignatureReferenceType string `json:"signature_reference_type"` SignatureType string `json:"signature_type"` SignatureUserCompanyID string `json:"signature_user_ccla_company_id"` - EmailWhitelist []string `json:"email_whitelist"` - DomainWhitelist []string `json:"domain_whitelist"` - GitHubWhitelist []string `json:"github_whitelist"` - GitHubOrgWhitelist []string `json:"github_org_whitelist"` + EmailAllowlist []string `json:"email_whitelist"` + DomainAllowlist []string `json:"domain_whitelist"` + GitHubAllowlist []string `json:"github_whitelist"` + GitHubOrgAllowlist []string `json:"github_org_whitelist"` SignatureACL []string `json:"signature_acl"` SigtypeSignedApprovedID string `json:"sigtype_signed_approved_id"` UserGithubUsername string `json:"user_github_username"` diff --git a/cla-backend-go/v2/signatures/handlers.go b/cla-backend-go/v2/signatures/handlers.go index a3c1e01f2..476b59ab8 100644 --- a/cla-backend-go/v2/signatures/handlers.go +++ b/cla-backend-go/v2/signatures/handlers.go @@ -185,19 +185,19 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj }) // Retrieve GitHub Approval Entries - api.SignaturesGetGitHubOrgWhitelistHandler = signatures.GetGitHubOrgWhitelistHandlerFunc(func(params signatures.GetGitHubOrgWhitelistParams, authUser *auth.User) middleware.Responder { + api.SignaturesGetGitHubOrgAllowlistHandler = signatures.GetGitHubOrgAllowlistHandlerFunc(func(params signatures.GetGitHubOrgAllowlistParams, authUser *auth.User) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) f := logrus.Fields{ - "functionName": "v2.signatures.handlers.SignaturesGetGitHubOrgWhitelistHandler", + "functionName": "v2.signatures.handlers.SignaturesGetGitHubOrgAllowlistHandler", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), "signatureID": params.SignatureID, } session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.WithFields(f).Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewGetGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewGetGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -210,25 +210,25 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj if err != nil { log.WithFields(f).Warnf("error fetching github organization approval list entries using signature_id: %s, error: %+v", params.SignatureID, err) - return signatures.NewGetGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewGetGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } var response []models.GithubOrg err = copier.Copy(&response, ghOrgApprovalList) if err != nil { - return signatures.NewGetGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewGetGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } - return signatures.NewGetGitHubOrgWhitelistOK().WithXRequestID(reqID).WithPayload(response) + return signatures.NewGetGitHubOrgAllowlistOK().WithXRequestID(reqID).WithPayload(response) }) // Add GitHub Approval Entries - api.SignaturesAddGitHubOrgWhitelistHandler = signatures.AddGitHubOrgWhitelistHandlerFunc(func(params signatures.AddGitHubOrgWhitelistParams, authUser *auth.User) middleware.Responder { + api.SignaturesAddGitHubOrgAllowlistHandler = signatures.AddGitHubOrgAllowlistHandlerFunc(func(params signatures.AddGitHubOrgAllowlistParams, authUser *auth.User) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) f := logrus.Fields{ - "functionName": "v2.signatures.handlers.SignaturesAddGitHubOrgWhitelistHandler", + "functionName": "v2.signatures.handlers.SignaturesAddGitHubOrgAllowlistHandler", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), "signatureID": params.SignatureID, } @@ -237,7 +237,7 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.WithFields(f).Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -249,14 +249,14 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj input := v1Models.GhOrgAllowlist{} err = copier.Copy(&input, ¶ms.Body) if err != nil { - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } ghApprovalList, err := v1SignatureService.AddGithubOrganizationToApprovalList(ctx, params.SignatureID, input, githubAccessToken) if err != nil { log.WithFields(f).Warnf("error adding github organization %s using signature_id: %s to the approval list, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } // Create an event @@ -285,19 +285,19 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj var response []models.GithubOrg err = copier.Copy(&response, ghApprovalList) if err != nil { - return signatures.NewAddGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewAddGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } - return signatures.NewAddGitHubOrgWhitelistOK().WithXRequestID(reqID).WithPayload(response) + return signatures.NewAddGitHubOrgAllowlistOK().WithXRequestID(reqID).WithPayload(response) }) // Delete GitHub Approval List Entries - api.SignaturesDeleteGitHubOrgWhitelistHandler = signatures.DeleteGitHubOrgWhitelistHandlerFunc(func(params signatures.DeleteGitHubOrgWhitelistParams, authUser *auth.User) middleware.Responder { + api.SignaturesDeleteGitHubOrgAllowlistHandler = signatures.DeleteGitHubOrgAllowlistHandlerFunc(func(params signatures.DeleteGitHubOrgAllowlistParams, authUser *auth.User) middleware.Responder { reqID := utils.GetRequestID(params.XREQUESTID) ctx := context.WithValue(context.Background(), utils.XREQUESTID, reqID) // nolint utils.SetAuthUserProperties(authUser, params.XUSERNAME, params.XEMAIL) f := logrus.Fields{ - "functionName": "v2.signatures.handlers.SignaturesDeleteGitHubOrgWhitelistHandler", + "functionName": "v2.signatures.handlers.SignaturesDeleteGitHubOrgAllowlistHandler", utils.XREQUESTID: ctx.Value(utils.XREQUESTID), "signatureID": params.SignatureID, } @@ -305,7 +305,7 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj session, err := sessionStore.Get(params.HTTPRequest, github.SessionStoreKey) if err != nil { log.WithFields(f).Warnf("error retrieving session from the session store, error: %+v", err) - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } githubAccessToken, ok := session.Values["github_access_token"].(string) @@ -317,14 +317,14 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj input := v1Models.GhOrgAllowlist{} err = copier.Copy(&input, ¶ms.Body) if err != nil { - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } ghApprovalList, err := v1SignatureService.DeleteGithubOrganizationFromApprovalList(ctx, params.SignatureID, input, githubAccessToken) if err != nil { log.WithFields(f).Warnf("error deleting github organization %s using signature_id: %s from the approval list, error: %+v", *params.Body.OrganizationID, params.SignatureID, err) - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } // Create an event @@ -351,10 +351,10 @@ func Configure(api *operations.EasyclaAPI, claGroupService service.Service, proj var response []models.GithubOrg err = copier.Copy(&response, ghApprovalList) if err != nil { - return signatures.NewDeleteGitHubOrgWhitelistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) + return signatures.NewDeleteGitHubOrgAllowlistBadRequest().WithXRequestID(reqID).WithPayload(errorResponse(reqID, err)) } - return signatures.NewDeleteGitHubOrgWhitelistNoContent().WithXRequestID(reqID).WithPayload(response) + return signatures.NewDeleteGitHubOrgAllowlistNoContent().WithXRequestID(reqID).WithPayload(response) }) // Get Project Signatures From 7baaf15305beb2ef63d6fd4942f8b1c9681c22ab Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Tue, 5 Aug 2025 15:33:14 +0200 Subject: [PATCH 5/7] Python ported Signed-off-by: Lukasz Gryglicki --- cla-backend/cla/controllers/signature.py | 94 +++++++-------- cla-backend/cla/controllers/user.py | 40 +++---- cla-backend/cla/models/docusign_models.py | 2 +- cla-backend/cla/models/dynamo_models.py | 112 ++++++++++-------- cla-backend/cla/models/event_types.py | 2 +- cla-backend/cla/models/model_interfaces.py | 26 ++-- cla-backend/cla/routes.py | 22 ++-- .../tests/unit/test_email_approval_list.py | 6 +- .../tests/unit/test_signature_controller.py | 22 ++-- cla-backend/cla/tests/unit/test_user_event.py | 12 +- cla-backend/cla/tests/unit/test_utils.py | 8 +- cla-backend/cla/utils.py | 28 ++--- cla-backend/helpers/add_company_allowlist.py | 2 +- cla-backend/helpers/create_company.py | 4 +- cla-backend/helpers/create_data.py | 8 +- schema.md | 2 + tests/functional/cypress/e2e/signatures.cy.ts | 4 +- utils/check_unique.sh | 1 + utils/lookup_sf.sh | 1 + utils/scan.sh | 1 + 20 files changed, 209 insertions(+), 188 deletions(-) diff --git a/cla-backend/cla/controllers/signature.py b/cla-backend/cla/controllers/signature.py index 94d3671cb..f41116337 100644 --- a/cla-backend/cla/controllers/signature.py +++ b/cla-backend/cla/controllers/signature.py @@ -158,10 +158,10 @@ def update_signature(signature_id, # pylint: disable=too-many-arguments,too-man signature_embargo_acked=True, signature_return_url=None, signature_sign_url=None, - domain_whitelist=None, - email_whitelist=None, - github_whitelist=None, - github_org_whitelist=None): + domain_allowlist=None, + email_allowlist=None, + github_allowlist=None, + github_org_allowlist=None): """ Updates an signature and returns the newly updated signature in dict format. A value of None means the field should not be updated. @@ -188,10 +188,10 @@ def update_signature(signature_id, # pylint: disable=too-many-arguments,too-man :type signature_return_url: string | None :param signature_sign_url: The URL the user must visit to sign the signature. :type signature_sign_url: string | None - :param domain_whitelist: the domain allowlist - :param email_whitelist: the email allowlist - :param github_whitelist: the github username allowlist - :param github_org_whitelist: the github org allowlist + :param domain_allowlist: the domain allowlist + :param email_allowlist: the email allowlist + :param github_allowlist: the github username allowlist + :param github_org_allowlist: the github org allowlist :return: dict representation of the signature object. :rtype: dict """ @@ -267,49 +267,49 @@ def update_signature(signature_id, # pylint: disable=too-many-arguments,too-man except KeyError: return {'errors': {'signature_sign_url': 'Invalid value passed in for URL field'}} - if domain_whitelist is not None: + if domain_allowlist is not None: try: - domain_whitelist = hug.types.multiple(domain_whitelist) - signature.set_domain_whitelist(domain_whitelist) - update_str += f'domain_whitelist updated to {domain_whitelist} \n' + domain_allowlist = hug.types.multiple(domain_allowlist) + signature.set_domain_allowlist(domain_allowlist) + update_str += f'domain_allowlist updated to {domain_allowlist} \n' except KeyError: return {'errors': { - 'domain_whitelist': 'Invalid value passed in for the domain whitelist' + 'domain_allowlist': 'Invalid value passed in for the domain allowlist' }} - if email_whitelist is not None: + if email_allowlist is not None: try: - email_whitelist = hug.types.multiple(email_whitelist) - signature.set_email_whitelist(email_whitelist) - update_str += f'email_whitelist updated to {email_whitelist} \n' + email_allowlist = hug.types.multiple(email_allowlist) + signature.set_email_allowlist(email_allowlist) + update_str += f'email_allowlist updated to {email_allowlist} \n' except KeyError: return {'errors': { - 'email_whitelist': 'Invalid value passed in for the email whitelist' + 'email_allowlist': 'Invalid value passed in for the email allowlist' }} - if github_whitelist is not None: + if github_allowlist is not None: try: - github_whitelist = hug.types.multiple(github_whitelist) - signature.set_github_whitelist(github_whitelist) + github_allowlist = hug.types.multiple(github_allowlist) + signature.set_github_allowlist(github_allowlist) - # A little bit of special logic to for GitHub whitelists that have bots - bot_list = [github_user for github_user in github_whitelist if is_github_bot(github_user)] + # A little bit of special logic to for GitHub allowlists that have bots + bot_list = [github_user for github_user in github_allowlist if is_github_bot(github_user)] if bot_list is not None: handle_bots(bot_list, signature) - update_str += f'github_whitelist updated to {github_whitelist} \n' + update_str += f'github_allowlist updated to {github_allowlist} \n' except KeyError: return {'errors': { - 'github_whitelist': 'Invalid value passed in for the github whitelist' + 'github_allowlist': 'Invalid value passed in for the github allowlist' }} - if github_org_whitelist is not None: + if github_org_allowlist is not None: try: - github_org_whitelist = hug.types.multiple(github_org_whitelist) - signature.set_github_org_whitelist(github_org_whitelist) - update_str += f'github_org_whitelist updated to {github_org_whitelist} \n' + github_org_allowlist = hug.types.multiple(github_org_allowlist) + signature.set_github_org_allowlist(github_org_allowlist) + update_str += f'github_org_allowlist updated to {github_org_allowlist} \n' except KeyError: return {'errors': { - 'github_org_whitelist': 'Invalid value passed in for the github org whitelist' + 'github_org_allowlist': 'Invalid value passed in for the github org allowlist' }} event_data = update_str @@ -322,7 +322,7 @@ def update_signature(signature_id, # pylint: disable=too-many-arguments,too-man ) signature.save() - notify_whitelist_change(auth_user=auth_user, old_signature=old_signature, new_signature=signature) + notify_allowlist_change(auth_user=auth_user, old_signature=old_signature, new_signature=signature) return signature.to_dict() @@ -341,7 +341,7 @@ def change_in_list(old_list, new_list, msg_added, msg_deleted): return change, added, deleted -def notify_whitelist_change(auth_user, old_signature: Signature, new_signature: Signature): +def notify_allowlist_change(auth_user, old_signature: Signature, new_signature: Signature): company_name = new_signature.get_signature_reference_name() project = cla.utils.get_project_instance() project.load(new_signature.get_signature_project_id()) @@ -350,32 +350,32 @@ def notify_whitelist_change(auth_user, old_signature: Signature, new_signature: changes = [] domain_msg_added = 'The domain {} was added to the domain approval list.' domain_msg_deleted = 'The domain {} was removed from the domain approval list.' - domain_changes, _, _ = change_in_list(old_list=old_signature.get_domain_whitelist(), - new_list=new_signature.get_domain_whitelist(), + domain_changes, _, _ = change_in_list(old_list=old_signature.get_domain_allowlist(), + new_list=new_signature.get_domain_allowlist(), msg_added=domain_msg_added, msg_deleted=domain_msg_deleted) changes = changes + domain_changes email_msg_added = 'The email address {} was added to the email approval list.' email_msg_deleted = 'The email address {} was removed from the email approval list.' - email_changes, email_added, email_deleted = change_in_list(old_list=old_signature.get_email_whitelist(), - new_list=new_signature.get_email_whitelist(), + email_changes, email_added, email_deleted = change_in_list(old_list=old_signature.get_email_allowlist(), + new_list=new_signature.get_email_allowlist(), msg_added=email_msg_added, msg_deleted=email_msg_deleted) changes = changes + email_changes github_msg_added = 'The GitHub user {} was added to the GitHub approval list.' github_msg_deleted = 'The GitHub user {} was removed from the github approval list.' - github_changes, github_added, github_deleted = change_in_list(old_list=old_signature.get_github_whitelist(), - new_list=new_signature.get_github_whitelist(), + github_changes, github_added, github_deleted = change_in_list(old_list=old_signature.get_github_allowlist(), + new_list=new_signature.get_github_allowlist(), msg_added=github_msg_added, msg_deleted=github_msg_deleted) changes = changes + github_changes github_org_msg_added = 'The GitHub organization {} was added to the GitHub organization approval list.' github_org_msg_deleted = 'The GitHub organization {} was removed from the GitHub organization approval list.' - github_org_changes, _, _ = change_in_list(old_list=old_signature.get_github_org_whitelist(), - new_list=new_signature.get_github_org_whitelist(), + github_org_changes, _, _ = change_in_list(old_list=old_signature.get_github_org_allowlist(), + new_list=new_signature.get_github_org_allowlist(), msg_added=github_org_msg_added, msg_deleted=github_org_msg_deleted) changes = changes + github_org_changes @@ -390,7 +390,7 @@ def notify_whitelist_change(auth_user, old_signature: Signature, new_signature: cla_manager_name = auth_user.name # send email to contributors - notify_whitelist_change_to_contributors(project=project, + notify_allowlist_change_to_contributors(project=project, email_added=email_added, email_removed=email_deleted, github_users_added=github_added, @@ -410,16 +410,16 @@ def notify_whitelist_change(auth_user, old_signature: Signature, new_signature: ) -def notify_whitelist_change_to_contributors(project, email_added, email_removed, +def notify_allowlist_change_to_contributors(project, email_added, email_removed, github_users_added, github_users_removed, company_name, project_name, cla_manager_name): for email in email_added: - subject, body, recipients = get_contributor_whitelist_update_email_content( + subject, body, recipients = get_contributor_allowlist_update_email_content( project, 'added', company_name, project_name, cla_manager_name, email) get_email_service().send(subject, body, recipients) for email in email_removed: - subject, body, recipients = get_contributor_whitelist_update_email_content( + subject, body, recipients = get_contributor_allowlist_update_email_content( project, 'deleted', company_name, project_name, cla_manager_name, email) get_email_service().send(subject, body, recipients) @@ -429,7 +429,7 @@ def notify_whitelist_change_to_contributors(project, email_added, email_removed, if users is not None: user = users[0] email = user.get_user_email() - subject, body, recipients = get_contributor_whitelist_update_email_content( + subject, body, recipients = get_contributor_allowlist_update_email_content( project, 'added', company_name, project_name, cla_manager_name, email) get_email_service().send(subject, body, recipients) @@ -439,12 +439,12 @@ def notify_whitelist_change_to_contributors(project, email_added, email_removed, if users is not None: user = users[0] email = user.get_user_email() - subject, body, recipients = get_contributor_whitelist_update_email_content( + subject, body, recipients = get_contributor_allowlist_update_email_content( project, 'deleted', company_name, project_name, cla_manager_name, email) get_email_service().send(subject, body, recipients) -def get_contributor_whitelist_update_email_content(project, action, company_name, project_name, cla_manager, email): +def get_contributor_allowlist_update_email_content(project, action, company_name, project_name, cla_manager, email): subject = f'EasyCLA: Approval List Update for {project_name}' preposition = 'to' if action == 'deleted': diff --git a/cla-backend/cla/controllers/user.py b/cla-backend/cla/controllers/user.py index ac95c2a52..79ed04812 100644 --- a/cla-backend/cla/controllers/user.py +++ b/cla-backend/cla/controllers/user.py @@ -9,7 +9,7 @@ import cla from cla.models import DoesNotExist -from cla.models.dynamo_models import User, Company, Project, Event, CCLAWhitelistRequest, CompanyInvite +from cla.models.dynamo_models import User, Company, Project, Event, CCLAAllowlistRequest, CompanyInvite from cla.models.event_types import EventType from cla.utils import get_user_instance, get_company_instance, get_email_service, get_email_sign_off_content, get_email_help_content, \ append_email_help_sign_off_content @@ -103,7 +103,7 @@ def get_users_company(user_company_id): return [user.to_dict() for user in users] -def request_company_whitelist(user_id: str, company_id: str, user_name: str, user_email: str, project_id: str, +def request_company_allowlist(user_id: str, company_id: str, user_name: str, user_email: str, project_id: str, message: str = None, recipient_name: str = None, recipient_email: str = None): """ Sends email to the specified company manager notifying them that a user has requested to be @@ -285,15 +285,15 @@ def invite_cla_manager(contributor_id, contributor_name, contributor_email, cla_ company_name, False) # update ccla_allowlist_request - ccla_whitelist_request = CCLAWhitelistRequest() - ccla_whitelist_request.set_request_id(str(uuid.uuid4())) - ccla_whitelist_request.set_company_name(company_name) - ccla_whitelist_request.set_project_name(project_name) - ccla_whitelist_request.set_user_github_id(contributor_id) - ccla_whitelist_request.set_user_github_username(contributor_name) - ccla_whitelist_request.set_user_emails(set([contributor_email])) - ccla_whitelist_request.set_request_status("pending") - ccla_whitelist_request.save() + ccla_allowlist_request = CCLAAllowlistRequest() + ccla_allowlist_request.set_request_id(str(uuid.uuid4())) + ccla_allowlist_request.set_company_name(company_name) + ccla_allowlist_request.set_project_name(project_name) + ccla_allowlist_request.set_user_github_id(contributor_id) + ccla_allowlist_request.set_user_github_username(contributor_name) + ccla_allowlist_request.set_user_emails(set([contributor_email])) + ccla_allowlist_request.set_request_status("pending") + ccla_allowlist_request.save() Event.create_event( event_user_id=contributor_id, @@ -356,15 +356,15 @@ def request_company_ccla(user_id, user_email, company_id, project_id): f'for company {company_name}') cla.log.debug(f'creating CCLA approval request table entry for {msg}') # Add an entry into the CCLA request table - ccla_whitelist_request = CCLAWhitelistRequest() - ccla_whitelist_request.set_request_id(str(uuid.uuid4())) - ccla_whitelist_request.set_company_name(company_name) - ccla_whitelist_request.set_project_name(project_name) - ccla_whitelist_request.set_user_github_id(user.get_user_github_id()) - ccla_whitelist_request.set_user_github_username(user.get_user_github_username()) - ccla_whitelist_request.set_user_emails({user_email}) - ccla_whitelist_request.set_request_status("pending") - ccla_whitelist_request.save() + ccla_allowlist_request = CCLAAllowlistRequest() + ccla_allowlist_request.set_request_id(str(uuid.uuid4())) + ccla_allowlist_request.set_company_name(company_name) + ccla_allowlist_request.set_project_name(project_name) + ccla_allowlist_request.set_user_github_id(user.get_user_github_id()) + ccla_allowlist_request.set_user_github_username(user.get_user_github_username()) + ccla_allowlist_request.set_user_emails({user_email}) + ccla_allowlist_request.set_request_status("pending") + ccla_allowlist_request.save() cla.log.debug(f'created CCLA approval request table entry for {msg}') diff --git a/cla-backend/cla/models/docusign_models.py b/cla-backend/cla/models/docusign_models.py index 98e82af29..edfe838f4 100644 --- a/cla-backend/cla/models/docusign_models.py +++ b/cla-backend/cla/models/docusign_models.py @@ -66,7 +66,7 @@ class CCLANotFound(Exception): pass -class UserNotWhitelisted(Exception): +class UserNotAllowlisted(Exception): pass diff --git a/cla-backend/cla/models/dynamo_models.py b/cla-backend/cla/models/dynamo_models.py index fa6a7240e..4bfc7bb0f 100644 --- a/cla-backend/cla/models/dynamo_models.py +++ b/cla-backend/cla/models/dynamo_models.py @@ -57,7 +57,7 @@ def create_database(): GitHubOrgModel, GerritModel, EventModel, - CCLAWhitelistRequestModel, + CCLAAllowlistRequestModel, ] # Create all required tables. @@ -82,7 +82,7 @@ def delete_database(): StoreModel, GitHubOrgModel, GerritModel, - CCLAWhitelistRequestModel, + CCLAAllowlistRequestModel, ] # Delete all existing tables. for table in tables: @@ -700,7 +700,7 @@ class CompanyIDProjectIDIndex(GlobalSecondaryIndex): """ class Meta: - """ Meta class for ccla-whitelist-requests company-id-project-id-index """ + """ Meta class for ccla-allowlist-requests company-id-project-id-index """ index_name = "company-id-project-id-index" write_capacity_units = int(cla.conf["DYNAMO_WRITE_UNITS"]) read_capacity_units = int(cla.conf["DYNAMO_READ_UNITS"]) @@ -2052,14 +2052,14 @@ def is_approved(self, ccla_signature: Signature) -> bool: emails = [email.strip() for email in emails] # First, we check email allowlist - whitelist = ccla_signature.get_email_whitelist() + allowlist = ccla_signature.get_email_allowlist() cla.log.debug(f'{fn} - testing user emails: {emails} with ' - f'CCLA approval emails: {whitelist}') + f'CCLA approval emails: {allowlist}') - if whitelist is not None: + if allowlist is not None: for email in emails: # Case insensitive match - if email.lower() in (s.lower() for s in whitelist): + if email.lower() in (s.lower() for s in allowlist): cla.log.debug(f'{fn} - found user email in email approval list') return True else: @@ -2070,7 +2070,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: # so that sub-domains are not allowed. # If a '*', '*.' or '.' prefix is provided, we replace the prefix with '.*\.', # which will allow subdomains. - patterns = ccla_signature.get_domain_whitelist() + patterns = ccla_signature.get_domain_allowlist() cla.log.debug(f'{fn} - testing user email domains: {emails} with ' f'domain approval values: {patterns}') @@ -2115,13 +2115,13 @@ def is_approved(self, ccla_signature: Signature) -> bool: if github_username is not None: # remove leading and trailing whitespace from github username github_username = github_username.strip() - github_whitelist = ccla_signature.get_github_whitelist() + github_allowlist = ccla_signature.get_github_allowlist() cla.log.debug(f'{fn} - testing user github username: {github_username} with ' f'CCLA github approval list: {github_allowlist}') - if github_whitelist is not None: + if github_allowlist is not None: # case insensitive search - if github_username.lower() in (s.lower() for s in github_whitelist): + if github_username.lower() in (s.lower() for s in github_allowlist): cla.log.debug(f'{fn} - found github username in github approval list') return True else: @@ -2131,7 +2131,7 @@ def is_approved(self, ccla_signature: Signature) -> bool: # Check github org approval list if github_username is not None: # Load the github org approval list for this CCLA signature record - github_org_approval_list = ccla_signature.get_github_org_whitelist() + github_org_approval_list = ccla_signature.get_github_org_allowlist() if github_org_approval_list is not None: # Fetch the list of orgs associated with this user cla.log.debug(f'{fn} - determining if github user {github_username} is associated ' @@ -2182,13 +2182,13 @@ def is_approved(self, ccla_signature: Signature) -> bool: if gitlab_username is not None: # remove leading and trailing whitespace from gitlab username gitlab_username = gitlab_username.strip() - gitlab_whitelist = ccla_signature.get_gitlab_username_approval_list() + gitlab_allowlist = ccla_signature.get_gitlab_username_approval_list() cla.log.debug(f'{fn} - testing user github username: {gitlab_username} with ' f'CCLA github approval list: {gitlab_allowlist}') - if gitlab_whitelist is not None: + if gitlab_allowlist is not None: # case insensitive search - if gitlab_username.lower() in (s.lower() for s in gitlab_whitelist): + if gitlab_username.lower() in (s.lower() for s in gitlab_allowlist): cla.log.debug(f'{fn} - found gitlab username in gitlab approval list') return True else: @@ -2552,6 +2552,7 @@ class Meta: signature_project_reference_index = SignatureProjectReferenceIndex() # approval lists (previously called allowlists) are only used by CCLAs + # we can't update their names to be inclusive yet as they are DynamoDB item properties domain_whitelist = ListAttribute(null=True) email_whitelist = ListAttribute(null=True) github_whitelist = ListAttribute(null=True) @@ -2601,10 +2602,10 @@ def __init__( signature_acl=set(), signature_return_url_type=None, signature_envelope_id=None, - domain_whitelist=None, - email_whitelist=None, - github_whitelist=None, - github_org_whitelist=None, + domain_allowlist=None, + email_allowlist=None, + github_allowlist=None, + github_org_allowlist=None, note=None, signature_project_external_id=None, signature_company_signatory_id=None, @@ -2649,10 +2650,11 @@ def __init__( self.model.signature_acl = signature_acl self.model.signature_return_url_type = signature_return_url_type self.model.signature_envelope_id = signature_envelope_id - self.model.domain_whitelist = domain_whitelist - self.model.email_whitelist = email_whitelist - self.model.github_whitelist = github_whitelist - self.model.github_org_whitelist = github_org_whitelist + # we can't update their names to be inclusive yet as they are DynamoDB item properties + self.model.domain_whitelist = domain_allowlist + self.model.email_whitelist = email_allowlist + self.model.github_whitelist = github_allowlist + self.model.github_org_whitelist = github_org_allowlist self.model.note = note self.model.signature_project_external_id = signature_project_external_id self.model.signature_company_signatory_id = signature_company_signatory_id @@ -2700,6 +2702,7 @@ def __str__(self): self.model.sigtype_signed_approved_id, self.model.signature_approved, self.model.signature_embargo_acked, + # we can't update their names to be inclusive yet as they are DynamoDB item properties self.model.domain_whitelist, self.model.email_whitelist, self.model.github_whitelist, @@ -2826,16 +2829,20 @@ def get_signature_return_url_type(self): def get_signature_envelope_id(self): return self.model.signature_envelope_id - def get_domain_whitelist(self): + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def get_domain_allowlist(self): return self.model.domain_whitelist - def get_email_whitelist(self): + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def get_email_allowlist(self): return self.model.email_whitelist - def get_github_whitelist(self): + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def get_github_allowlist(self): return self.model.github_whitelist - def get_github_org_whitelist(self): + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def get_github_org_allowlist(self): return self.model.github_org_whitelist def get_gitlab_org_approval_list(self): @@ -2988,17 +2995,21 @@ def set_signature_company_secondary_manager_list(self, signature_company_seconda # Remove leading and trailing whitespace for all items before setting allowlist - def set_domain_whitelist(self, domain_whitelist) -> None: - self.model.domain_whitelist = [domain.strip() for domain in domain_whitelist] + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def set_domain_allowlist(self, domain_allowlist) -> None: + self.model.domain_whitelist = [domain.strip() for domain in domain_allowlist] - def set_email_whitelist(self, email_whitelist) -> None: - self.model.email_whitelist = [email.strip() for email in email_whitelist] + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def set_email_allowlist(self, email_allowlist) -> None: + self.model.email_whitelist = [email.strip() for email in email_allowlist] - def set_github_whitelist(self, github_whitelist) -> None: - self.model.github_whitelist = [github_user.strip() for github_user in github_whitelist] + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def set_github_allowlist(self, github_allowlist) -> None: + self.model.github_whitelist = [github_user.strip() for github_user in github_allowlist] - def set_github_org_whitelist(self, github_org_whitelist) -> None: - self.model.github_org_whitelist = [github_org.strip() for github_org in github_org_whitelist] + # we can't update their names to be inclusive yet as they are DynamoDB item properties + def set_github_org_allowlist(self, github_org_allowlist) -> None: + self.model.github_org_whitelist = [github_org.strip() for github_org in github_org_allowlist] def set_gitlab_username_approval_list(self, gitlab_username_approval_list) -> None: self.model.gitlab_username_approval_list = [gitlab_user.strip() for gitlab_user in @@ -5305,14 +5316,15 @@ def create_event( return {"errors": {"event_id": str(err)}} -class CCLAWhitelistRequestModel(BaseModel): +class CCLAAllowlistRequestModel(BaseModel): """ - Represents a CCLAWhitelistRequest in the database + Represents a CCLAAllowlistRequest in the database """ class Meta: - """ Meta class for cclawhitelistrequest """ + """ Meta class for cclaallowlistrequest """ + # we can't update this to be inclusive yet as it is a DynamoDB table name table_name = "cla-{}-ccla-whitelist-requests".format(stage) if stage == "local": host = "http://localhost:8000" @@ -5332,9 +5344,9 @@ class Meta: company_id_project_id_index = CompanyIDProjectIDIndex() -class CCLAWhitelistRequest(model_interfaces.CCLAWhitelistRequest): +class CCLAAllowlistRequest(model_interfaces.CCLAAllowlistRequest): """ - ORM-agnostic wrapper for the DynamoDB CCLAWhitelistRequestModel + ORM-agnostic wrapper for the DynamoDB CCLAAllowlistRequestModel """ def __init__( @@ -5352,8 +5364,8 @@ def __init__( user_name=None, project_external_id=None, ): - super(CCLAWhitelistRequest).__init__() - self.model = CCLAWhitelistRequestModel() + super(CCLAAllowlistRequest).__init__() + self.model = CCLAAllowlistRequestModel() self.model.request_id = request_id self.model.company_id = company_id self.model.company_name = company_name @@ -5391,9 +5403,9 @@ def save(self): def load(self, request_id): try: - ccla_whitelist_request = self.model.get(str(request_id)) - except CCLAWhitelistRequest.DoesNotExist: - raise cla.models.DoesNotExist("CCLAWhitelistRequest not found") + ccla_allowlist_request = self.model.get(str(request_id)) + except CCLAAllowlistRequest.DoesNotExist: + raise cla.models.DoesNotExist("CCLAAllowlistRequest not found") def delete(self): self.model.delete() @@ -5480,10 +5492,10 @@ def set_project_external_id(self, project_external_id): self.model.project_external_id = project_external_id def all(self): - ccla_whitelist_requests = self.model.scan() + ccla_allowlist_requests = self.model.scan() ret = [] - for request in ccla_whitelist_requests: - ccla_whitelist_request = CCLAWhitelistRequest() - ccla_whitelist_request.model = request - ret.append(ccla_whitelist_request) + for request in ccla_allowlist_requests: + ccla_allowlist_request = CCLAAllowlistRequest() + ccla_allowlist_request.model = request + ret.append(ccla_allowlist_request) return ret diff --git a/cla-backend/cla/models/event_types.py b/cla-backend/cla/models/event_types.py index 4c640e3a8..86ec0636a 100644 --- a/cla-backend/cla/models/event_types.py +++ b/cla-backend/cla/models/event_types.py @@ -26,7 +26,7 @@ class EventType(Enum): RemovePermission = "Remove Permission" AddProjectManager = "Add Project Manager" RemoveProjectManager = "Remove Project Manager" - RequestCompanyWL = "Request Company Whitelist" + RequestCompanyWL = "Request Company Allowlist" InviteAdmin = "Invite Admin" RequestCCLA = "Request Company CCLA" RequestCompanyAdmin = "Request Company Admin access" diff --git a/cla-backend/cla/models/model_interfaces.py b/cla-backend/cla/models/model_interfaces.py index 2f24b1774..7bb27c8ac 100644 --- a/cla-backend/cla/models/model_interfaces.py +++ b/cla-backend/cla/models/model_interfaces.py @@ -934,16 +934,16 @@ def get_signature_user_ccla_company_id(self): """ raise NotImplementedError() - def get_domain_whitelist(self): + def get_domain_allowlist(self): raise NotImplementedError() - def get_email_whitelist(self): + def get_email_allowlist(self): raise NotImplementedError() - def get_github_whitelist(self): + def get_github_allowlist(self): raise NotImplementedError() - def get_github_org_whitelist(self): + def get_github_org_allowlist(self): raise NotImplementedError() def get_gitlab_org_approval_list(self): @@ -1338,7 +1338,7 @@ def set_is_sanctioned(self, is_sanctioned): """ raise NotImplementedError() - def set_company_whitelist(self, allowlist): + def set_company_allowlist(self, allowlist): """ Setter for an company's allowlisted domain names. @@ -1348,7 +1348,7 @@ def set_company_whitelist(self, allowlist): """ raise NotImplementedError() - def add_company_whitelist(self, allowlist_item): + def add_company_allowlist(self, allowlist_item): """ Adds another entry in the list of allowlisted domain names. Does not query the DB - save() will take care of that. @@ -1358,7 +1358,7 @@ def add_company_whitelist(self, allowlist_item): """ raise NotImplementedError() - def remove_company_whitelist(self, allowlist_item): + def remove_company_allowlist(self, allowlist_item): """ Removes an entry from the list of allowlisted domain names. Does not query the DB - save() will take care of that. @@ -1368,7 +1368,7 @@ def remove_company_whitelist(self, allowlist_item): """ raise NotImplementedError() - def set_company_whitelist_patterns(self, allowlist_patterns): + def set_company_allowlist_patterns(self, allowlist_patterns): """ Setter for an company's allowlist regex patterns. @@ -1380,7 +1380,7 @@ def set_company_whitelist_patterns(self, allowlist_patterns): """ raise NotImplementedError() - def add_company_whitelist_pattern(self, allowlist_pattern): + def add_company_allowlist_pattern(self, allowlist_pattern): """ Adds another entry in the list of allowlistd patterns. Does not query the DB - save() will take care of that. @@ -1390,7 +1390,7 @@ def add_company_whitelist_pattern(self, allowlist_pattern): """ raise NotImplementedError() - def remove_company_whitelist_pattern(self, allowlist_pattern): + def remove_company_allowlist_pattern(self, allowlist_pattern): """ Removes an entry from the list of allowlisted domain names. Does not query the DB - save() will take care of that. @@ -2317,9 +2317,9 @@ def all(self, project_sfids): raise NotImplementedError() -class CCLAWhitelistRequest(object): +class CCLAAllowlistRequest(object): """ - Interface to the CCLAWhitelistRequest Model + Interface to the CCLAAllowlistRequest Model """ def to_dict(self): @@ -2355,7 +2355,7 @@ def load(self, request_id): def all(self): """ - Fetches all CCLAWhitelistRequests in the CLA system. + Fetches all CCLAAllowlistRequests in the CLA system. :return: A list of projectCLAGroup objects. :rtype: [cla.models.model_interfaces.ProjectCLAGroup] diff --git a/cla-backend/cla/routes.py b/cla-backend/cla/routes.py index c4584bff0..0e0c9bf5e 100755 --- a/cla-backend/cla/routes.py +++ b/cla-backend/cla/routes.py @@ -152,9 +152,9 @@ def get_users_company(auth_user: check_auth, user_company_id: hug.types.uuid): """ return cla.controllers.user.get_users_company(user_company_id) - +# We can't change API URL to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates @hug.post("/user/{user_id}/request-company-whitelist/{company_id}", versions=2) -def request_company_whitelist( +def request_company_allowlist( user_id: hug.types.uuid, company_id: hug.types.uuid, user_name: hug.types.text, @@ -172,7 +172,7 @@ def request_company_whitelist( Performs the necessary actions (ie: send email to manager) when the specified user requests to be added the the specified company's allowlist. """ - return cla.controllers.user.request_company_whitelist( + return cla.controllers.user.request_company_allowlist( user_id, str(company_id), str(user_name), str(user_email), str(project_id), message, str(recipient_name), str(recipient_email), ) @@ -341,6 +341,7 @@ def post_signature( ) +# We can't change API parameters to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates @hug.put( "/signature", versions=1, @@ -359,7 +360,7 @@ def put_signature( signature_embargo_acked=None, signature_return_url=None, signature_sign_url=None, - domain_whitelist=None, + domain_whitelist=None, # bacause they come from API parameter we can't change to inclusive names yet email_whitelist=None, github_whitelist=None, github_org_whitelist=None, @@ -386,10 +387,10 @@ def put_signature( signature_embargo_acked=signature_embargo_acked, signature_return_url=signature_return_url, signature_sign_url=signature_sign_url, - domain_whitelist=domain_whitelist, - email_whitelist=email_whitelist, - github_whitelist=github_whitelist, - github_org_whitelist=github_org_whitelist, + domain_allowlist=domain_whitelist, # bacause they come from API parameter we can't change to inclusive names yet + email_allowlist=email_whitelist, + github_allowlist=github_whitelist, + github_org_allowlist=github_org_whitelist, ) @@ -734,8 +735,9 @@ def delete_company(auth_user: check_auth, company_id: hug.types.text): return cla.controllers.company.delete_company(company_id, username=auth_user.username) +# We can't change API URL to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates @hug.put("/company/{company_id}/import/whitelist/csv", versions=1) -def put_company_whitelist_csv(body, auth_user: check_auth, company_id: hug.types.uuid): +def put_company_allowlist_csv(body, auth_user: check_auth, company_id: hug.types.uuid): """ PUT: /company/{company_id}/import/whitelist/csv @@ -744,7 +746,7 @@ def put_company_whitelist_csv(body, auth_user: check_auth, company_id: hug.types """ # staff_verify(user) or company_manager_verify(user, company_id) content = body.read().decode() - return cla.controllers.company.update_company_whitelist_csv(content, company_id, username=auth_user.username) + return cla.controllers.company.update_company_allowlist_csv(content, company_id, username=auth_user.username) @hug.get("/companies/{manager_id}", version=1) diff --git a/cla-backend/cla/tests/unit/test_email_approval_list.py b/cla-backend/cla/tests/unit/test_email_approval_list.py index a2975689c..776fc0481 100644 --- a/cla-backend/cla/tests/unit/test_email_approval_list.py +++ b/cla-backend/cla/tests/unit/test_email_approval_list.py @@ -67,8 +67,8 @@ def test_pattern_with_dot_prefix(create_user): def test_email_approval_list_fail(create_user): """Test email that fails domain and email approval list checks """ signature = Signature() - signature.get_email_whitelist = MagicMock(return_value={"foo@gmail.com"}) - signature.get_domain_whitelist = MagicMock(return_value=["foo.com"]) + signature.get_email_allowlist = MagicMock(return_value={"foo@gmail.com"}) + signature.get_domain_allowlist = MagicMock(return_value=["foo.com"]) create_user.get_all_user_emails = MagicMock(return_value=["bar@gmail.com"]) assert create_user.is_approved(signature) == False @@ -76,6 +76,6 @@ def test_email_approval_list_fail(create_user): def test_gerrit_project_approval_listing(create_user): """Test for email in signature approval list""" signature = Signature() - signature.get_email_whitelist = MagicMock(return_value={"phillip.leigh@amdocs.com"}) + signature.get_email_allowlist = MagicMock(return_value={"phillip.leigh@amdocs.com"}) create_user.get_all_user_emails = MagicMock(return_value=["phillip.leigh@amdocs.com"]) assert create_user.is_approved(signature) == True diff --git a/cla-backend/cla/tests/unit/test_signature_controller.py b/cla-backend/cla/tests/unit/test_signature_controller.py index 53eb70e15..06ade71a9 100644 --- a/cla-backend/cla/tests/unit/test_signature_controller.py +++ b/cla-backend/cla/tests/unit/test_signature_controller.py @@ -6,7 +6,7 @@ from unittest.mock import Mock import cla -from cla.controllers.signature import notify_whitelist_change +from cla.controllers.signature import notify_allowlist_change from cla.controllers.signing import canceled_signature_html from cla.models.dynamo_models import Project, Signature, User from cla.models.sns_email_models import MockSNS @@ -39,23 +39,23 @@ def test_canceled_signature_html(): class TestSignatureController(unittest.TestCase): - def test_notify_whitelist_change(self): + def test_notify_allowlist_change(self): old_sig = Signature() new_sig = Signature() new_sig.set_signature_reference_name('Company') new_sig.set_signature_project_id('projectID') cla_manager = CLAUser({'name': 'CLA Manager'}) - old_sig.set_domain_whitelist(['a.com', 'b.com']) - new_sig.set_domain_whitelist(['b.com', 'd.com']) + old_sig.set_domain_allowlist(['a.com', 'b.com']) + new_sig.set_domain_allowlist(['b.com', 'd.com']) - old_sig.set_github_whitelist([]) - new_sig.set_github_whitelist(['githubuser']) + old_sig.set_github_allowlist([]) + new_sig.set_github_allowlist(['githubuser']) - old_sig.set_email_whitelist(['allowlist.email@gmail.com']) - new_sig.set_email_whitelist([]) + old_sig.set_email_allowlist(['allowlist.email@gmail.com']) + new_sig.set_email_allowlist([]) - old_sig.set_github_org_whitelist(['githuborg']) - new_sig.set_github_org_whitelist(['githuborg']) + old_sig.set_github_org_allowlist(['githuborg']) + new_sig.set_github_org_allowlist(['githuborg']) snsClient = MockSNS() cla.controllers.signature.get_email_service = Mock() @@ -66,7 +66,7 @@ def test_notify_whitelist_change(self): cla.models.dynamo_models.Project.get_project_name = Mock() cla.models.dynamo_models.Project.get_project_name.return_value = 'Project' cla.models.dynamo_models.User.get_user_by_github_username = Mock(side_effect=mock_get_user_by_github_username) - notify_whitelist_change(cla_manager, old_sig, new_sig) + notify_allowlist_change(cla_manager, old_sig, new_sig) self.assertEqual(len(snsClient.emails_sent), 3) # check email to cla manager msg = snsClient.emails_sent[0] diff --git a/cla-backend/cla/tests/unit/test_user_event.py b/cla-backend/cla/tests/unit/test_user_event.py index 01aee68a7..4b800169a 100644 --- a/cla-backend/cla/tests/unit/test_user_event.py +++ b/cla-backend/cla/tests/unit/test_user_event.py @@ -5,7 +5,7 @@ import pytest from cla.controllers import user as user_controller -from cla.models.dynamo_models import (CCLAWhitelistRequest, Company, +from cla.models.dynamo_models import (CCLAAllowlistRequest, Company, CompanyInvite, Project, User) from cla.models.event_types import EventType @@ -56,7 +56,7 @@ def test_request_company_approval_list(self, create_event_user, project, company Project.get_project_id = Mock(return_value=project.get_project_id()) user_controller.get_email_service = Mock() user_controller.send = Mock() - user_controller.request_company_whitelist( + user_controller.request_company_allowlist( user.get_user_id(), company.get_company_id(), user.get_user_name(), @@ -88,12 +88,12 @@ class TestInviteClaManager: def setup(self): self.user_load = User.load self.load_project_by_name = Project.load_project_by_name - self.save = CCLAWhitelistRequest.save + self.save = CCLAAllowlistRequest.save def teardown(self): User.load = self.user_load Project.load_project_by_name = self.load_project_by_name - CCLAWhitelistRequest.save = self.save + CCLAAllowlistRequest.save = self.save @patch('cla.controllers.user.Event.create_event') def test_invite_cla_manager(self, mock_event, create_event_user, user): @@ -104,7 +104,7 @@ def test_invite_cla_manager(self, mock_event, create_event_user, user): Company.get_company_id = Mock(return_value='foo_id') User.get_user_id = Mock(return_value='foo_id') CompanyInvite.save = Mock() - CCLAWhitelistRequest.save = Mock() + CCLAAllowlistRequest.save = Mock() user_controller.send_email_to_cla_manager = Mock() contributor_id = user.get_user_id() contributor_name = user.get_user_name() @@ -163,7 +163,7 @@ def test_request_company_ccla(self, mock_event, create_event_user, user, project manager = User(lf_username="harold", user_email="foo@gmail.com") Company.get_managers = Mock(return_value=[manager, ]) event_data = f"Sent email to sign ccla for {project.get_project_name()}" - CCLAWhitelistRequest.save = Mock(return_value=None) + CCLAAllowlistRequest.save = Mock(return_value=None) user_controller.request_company_ccla( user.get_user_id(), email, company.get_company_id(), project.get_project_id() ) diff --git a/cla-backend/cla/tests/unit/test_utils.py b/cla-backend/cla/tests/unit/test_utils.py index 8c342dec5..a85a0b7f8 100644 --- a/cla-backend/cla/tests/unit/test_utils.py +++ b/cla-backend/cla/tests/unit/test_utils.py @@ -126,7 +126,7 @@ def test_is_allowlisted_for_email(self) -> None: Test a given email to check if allowlisted against ccla_signature """ signature = Signature() - signature.get_email_whitelist = Mock(return_value={"foo@gmail.com"}) + signature.get_email_allowlist = Mock(return_value={"foo@gmail.com"}) self.assertTrue(utils.is_approved(signature, email="foo@gmail.com")) self.assertFalse(utils.is_approved(signature, email="bar@gmail.com")) @@ -135,7 +135,7 @@ def test_is_allowlisted_for_domain(self) -> None: Test a given email passes domain allowlist check against ccla_signature """ signature = Signature() - signature.get_domain_whitelist = Mock(return_value=[".gmail.com"]) + signature.get_domain_allowlist = Mock(return_value=[".gmail.com"]) self.assertTrue(utils.is_approved(signature, email="random@gmail.com")) self.assertFalse(utils.is_approved(signature, email="foo@invalid.com")) @@ -144,7 +144,7 @@ def test_is_allowlisted_for_github(self) -> None: Test given github user passes github allowlist check against ccla_signature """ signature = Signature() - signature.get_github_whitelist = Mock(return_value=['foo']) + signature.get_github_allowlist = Mock(return_value=['foo']) self.assertTrue(utils.is_approved(signature, github_username='foo')) self.assertFalse(utils.is_approved(signature, github_username='bar')) @@ -159,7 +159,7 @@ def test_is_allowlisted_for_github_org(self) -> None: self.mock_get.return_value = Mock() self.mock_get.return_value.json.return_value = github_orgs signature = Signature() - signature.get_github_org_whitelist = Mock(return_value=['foo-org']) + signature.get_github_org_allowlist = Mock(return_value=['foo-org']) self.assertTrue(utils.is_approved(signature, github_username='foo')) diff --git a/cla-backend/cla/utils.py b/cla-backend/cla/utils.py index 93cc566dd..0ee5349bc 100644 --- a/cla-backend/cla/utils.py +++ b/cla-backend/cla/utils.py @@ -22,7 +22,7 @@ import requests from cla.middleware import CLALogMiddleware from cla.models import DoesNotExist -from cla.models.dynamo_models import (CCLAWhitelistRequest, CLAManagerRequest, +from cla.models.dynamo_models import (CCLAAllowlistRequest, CLAManagerRequest, Company, CompanyInvite, Document, Event, Gerrit, GitHubOrg, GitlabOrg, Project, ProjectCLAGroup, Repository, Signature, @@ -132,7 +132,7 @@ def get_database_models(conf=None): "Event": Event, "CompanyInvites": CompanyInvite, "ProjectCLAGroup": ProjectCLAGroup, - "CCLAWhitelistRequest": CCLAWhitelistRequest, + "CCLAAllowlistRequest": CCLAAllowlistRequest, "CLAManagerRequest": CLAManagerRequest, } else: @@ -296,17 +296,17 @@ def get_project_cla_group_instance(conf=None) -> ProjectCLAGroup: return get_database_models(conf)["ProjectCLAGroup"]() -def get_ccla_whitelist_request_instance(conf=None) -> CCLAWhitelistRequest: +def get_ccla_allowlist_request_instance(conf=None) -> CCLAAllowlistRequest: """ - Helper function to get a database CCLAWhitelistRequest model + Helper function to get a database CCLAAllowlistRequest model :param conf: the configuration model :type conf: dict - :return: A CCLAWhitelistRequest model instance based on configuration - :rtype: cla.models.model_interfaces.CCLAWhitelistRequest + :return: A CCLAAllowlistRequest model instance based on configuration + :rtype: cla.models.model_interfaces.CCLAAllowlistRequest """ - return get_database_models(conf)["CCLAWhitelistRequest"]() + return get_database_models(conf)["CCLAAllowlistRequest"]() def get_email_service(conf=None, initialize=True): @@ -1746,15 +1746,15 @@ def is_approved(ccla_signature: Signature, email=None, github_username=None, git if email: # Checking email allowlist - whitelist = ccla_signature.get_email_whitelist() - cla.log.debug(f"{fn} - testing email: {email} with CCLA approval list emails: {whitelist}") - if whitelist is not None: - if email.lower() in (s.lower() for s in whitelist): + allowlist = ccla_signature.get_email_allowlist() + cla.log.debug(f"{fn} - testing email: {email} with CCLA approval list emails: {allowlist}") + if allowlist is not None: + if email.lower() in (s.lower() for s in allowlist): cla.log.debug(f"{fn} found user email in email approval list") return True # Checking domain allowlist - patterns = ccla_signature.get_domain_whitelist() + patterns = ccla_signature.get_domain_allowlist() cla.log.debug( f"{fn} - testing user email domain: {email} with " f"domain approval list values in database: {patterns}" ) @@ -1773,7 +1773,7 @@ def is_approved(ccla_signature: Signature, email=None, github_username=None, git if github_username is not None: # remove leading and trailing whitespace from github username github_username = github_username.strip() - github_approval_list = ccla_signature.get_github_whitelist() + github_approval_list = ccla_signature.get_github_allowlist() cla.log.debug( f"{fn} - testing user github username: {github_username} with " f"CCLA github approval list: {github_approval_list}" @@ -1792,7 +1792,7 @@ def is_approved(ccla_signature: Signature, email=None, github_username=None, git github_orgs = cla.utils.lookup_github_organizations(github_username) if "error" not in github_orgs: # Fetch the list of orgs this user is part of - github_org_approval_list = ccla_signature.get_github_org_whitelist() + github_org_approval_list = ccla_signature.get_github_org_allowlist() cla.log.debug( f"{fn} - testing user github orgs: {github_orgs} with " f"CCLA github org approval list values: {github_org_approval_list}" diff --git a/cla-backend/helpers/add_company_allowlist.py b/cla-backend/helpers/add_company_allowlist.py index 0054a49be..c0a1acf89 100644 --- a/cla-backend/helpers/add_company_allowlist.py +++ b/cla-backend/helpers/add_company_allowlist.py @@ -22,5 +22,5 @@ # User companies = get_company_instance().all() for company in companies: - company.add_company_whitelist(allowlist) + company.add_company_allowlist(allowlist) company.save() diff --git a/cla-backend/helpers/create_company.py b/cla-backend/helpers/create_company.py index 360322103..40e082e03 100644 --- a/cla-backend/helpers/create_company.py +++ b/cla-backend/helpers/create_company.py @@ -25,6 +25,6 @@ company.set_company_manager_id(manager.get_user_id()) company.set_company_name('Test Company') company.set_is_sanctioned(False) -company.set_company_whitelist([]) -company.set_company_whitelist_patterns(['*@listed.org']) +company.set_company_allowlist([]) +company.set_company_allowlist_patterns(['*@listed.org']) company.save() diff --git a/cla-backend/helpers/create_data.py b/cla-backend/helpers/create_data.py index 37f7d1367..fb35e2290 100644 --- a/cla-backend/helpers/create_data.py +++ b/cla-backend/helpers/create_data.py @@ -72,8 +72,8 @@ company.set_company_manager_id(manager.get_user_id()) company.set_company_name('Test Company') company.set_is_sanctioned(False) -company.set_company_whitelist([]) -company.set_company_whitelist_patterns(['*@listed.org']) +company.set_company_allowlist([]) +company.set_company_allowlist_patterns(['*@listed.org']) company.save() ## Add another company with same manager ID @@ -84,8 +84,8 @@ company.set_company_manager_id(manager.get_user_id()) company.set_company_name('Test Company 2') company.set_is_sanctioned(False) -company.set_company_whitelist([]) -company.set_company_whitelist_patterns(['*@listed.org']) +company.set_company_allowlist([]) +company.set_company_allowlist_patterns(['*@listed.org']) company.save() ## Signature: Corporate diff --git a/schema.md b/schema.md index 4ccc3a620..79bc59f8c 100644 --- a/schema.md +++ b/schema.md @@ -133,6 +133,8 @@ SPDX-License-Identifier: CC-BY-4.0 | github\_whitelist | The Github username approved list for the CCLA signature | | github\_org\_whitelist | The Github organization approved list for the CCLA signature | +Note: 4 above columns names will be updated to change from `whitelist` to `allowlist`. + ## User-Permissions | Column Name | Description | diff --git a/tests/functional/cypress/e2e/signatures.cy.ts b/tests/functional/cypress/e2e/signatures.cy.ts index 9d0f9e457..1e230abc1 100644 --- a/tests/functional/cypress/e2e/signatures.cy.ts +++ b/tests/functional/cypress/e2e/signatures.cy.ts @@ -312,6 +312,7 @@ it("Returns a list of user signatures when provided the user ID", function () { it("GET: Updates the specified signature GitHub Organization approval list", function () { cy.request({ method: 'GET', + // we can't use inclusive name yet as it is inside API URL. url: `${claEndpoint}/signatures/${signatureID}/gh-org-whitelist`, auth: { 'bearer': bearerToken, @@ -324,6 +325,7 @@ it("GET: Updates the specified signature GitHub Organization approval list", fun it.skip("POST: Updates the specified signature GitHub organization approval list", function () { cy.request({ method: 'POST', + // we can't use inclusive name yet as it is inside API URL. url: `${claEndpoint}/signatures/${signatureID}/gh-org-whitelist`, auth: { 'bearer': bearerToken, @@ -704,4 +706,4 @@ it("Invalidates a given ICLA record for a user", function () { }); }) -}) \ No newline at end of file +}) diff --git a/utils/check_unique.sh b/utils/check_unique.sh index c52e6a766..5b1650b27 100755 --- a/utils/check_unique.sh +++ b/utils/check_unique.sh @@ -19,6 +19,7 @@ fi if [ -z "$1" ] then echo "you need to specify table to query as a 1st parameter, for example 'signatures'" + # we can't make this name inclusive yet. echo "possible tables include: approvals, ccla_whitelist_requests, cla_manager_requests, companies, company_invites, events, gerrit_instances, github_orgs, gitlab_orgs, metrics, projects, projects_cla_groups, repositories, session_store, signatures, store, user_permissions, users" exit 1 fi diff --git a/utils/lookup_sf.sh b/utils/lookup_sf.sh index 4a3f3c35e..07037d58c 100755 --- a/utils/lookup_sf.sh +++ b/utils/lookup_sf.sh @@ -20,6 +20,7 @@ fi if [ -z "$1" ] then echo "you need to specify table to query as a 1st parameter, for example 'signatures'" + # we can't make this name inclusive yet. echo "possible tables include: approvals, ccla_whitelist_requests, cla_manager_requests, companies, company_invites, events, gerrit_instances, github_orgs, gitlab_orgs, metrics, projects, projects_cla_groups, repositories, session_store, signatures, store, user_permissions, users" exit 1 fi diff --git a/utils/scan.sh b/utils/scan.sh index 93eed8239..f2e5c957e 100755 --- a/utils/scan.sh +++ b/utils/scan.sh @@ -19,6 +19,7 @@ fi if [ -z "$1" ] then echo "you need to specify table to query as a 1st parameter, for example 'signatures'" + # we can't make this name inclusive yet. echo "possible tables include: approvals, ccla_whitelist_requests, cla_manager_requests, companies, company_invites, events, gerrit_instances, github_orgs, gitlab_orgs, metrics, projects, projects_cla_groups, repositories, session_store, signatures, store, user_permissions, users" exit 1 fi From ce62a87bda96ed4d24164f6fa33d557cfb5e8c50 Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Wed, 6 Aug 2025 07:26:53 +0200 Subject: [PATCH 6/7] Small updates to internal search script Signed-off-by: Lukasz Gryglicki --- utils/get_oauth_token.sh | 3 +++ utils/get_oauth_token_prod.sh | 3 +++ utils/search_aws_log_group.sh | 19 +++++++++++++++---- 3 files changed, 21 insertions(+), 4 deletions(-) create mode 100755 utils/get_oauth_token.sh create mode 100755 utils/get_oauth_token_prod.sh diff --git a/utils/get_oauth_token.sh b/utils/get_oauth_token.sh new file mode 100755 index 000000000..e27ee01b3 --- /dev/null +++ b/utils/get_oauth_token.sh @@ -0,0 +1,3 @@ +#!/bin/bash +source .venv/bin/activate +~/get_oauth_token.py --stage dev diff --git a/utils/get_oauth_token_prod.sh b/utils/get_oauth_token_prod.sh new file mode 100755 index 000000000..d75953097 --- /dev/null +++ b/utils/get_oauth_token_prod.sh @@ -0,0 +1,3 @@ +#!/bin/bash +source .venv/bin/activate +~/get_oauth_token.py --stage prod diff --git a/utils/search_aws_log_group.sh b/utils/search_aws_log_group.sh index c302e910c..492ce8c24 100755 --- a/utils/search_aws_log_group.sh +++ b/utils/search_aws_log_group.sh @@ -6,14 +6,25 @@ then export STAGE=dev fi +if [ -z "${REGION}" ] +then + export REGION="us-east-1" +fi + if [ -z "${1}" ] then - echo "$0: you must specify log group name, for example: 'cla-backend-dev-githubactivity', 'cla-backend-dev-apiv2', 'cla-backend-dev-api-v3-lambda', 'cla-backend-go-api-v4-lambda'" + echo "$0: you must specify log group name, for example: 'cla-backend-dev-githubactivity', 'cla-backend-prod-apiv2', 'cla-backend-dev-api-v3-lambda', 'cla-backend-go-api-v4-lambda'" + echo "or short group name: 'githubactivity', 'apiv2', 'api-v3-lambda'" exit 1 fi log_group=$(echo "$1" | sed -E "s/\b(dev|prod)\b/${STAGE}/g") +if [[ ! "$log_group" =~ ^cla-backend- ]] +then + log_group="cla-backend-${STAGE}-$log_group" +fi + if [ -z "${2}" ] then echo "$0: you must specify the search term, for example 'error'" @@ -36,9 +47,9 @@ fi if [ ! -z "${DEBUG}" ] then - echo "aws --profile \"lfproduct-${STAGE}\" logs filter-log-events --log-group-name \"/aws/lambda/${log_group}\" --start-time \"${DTFROM}\" --end-time \"${DTTO}\" --filter-pattern \"${2}\"" - aws --profile "lfproduct-${STAGE}" logs filter-log-events --log-group-name "/aws/lambda/${log_group}" --start-time "${DTFROM}" --end-time "${DTTO}" --filter-pattern "\"${2}\"" + echo "aws --region \"${REGION}\" --profile \"lfproduct-${STAGE}\" logs filter-log-events --log-group-name \"/aws/lambda/${log_group}\" --start-time \"${DTFROM}\" --end-time \"${DTTO}\" --filter-pattern \"${2}\"" + aws --region "${REGION}" --profile "lfproduct-${STAGE}" logs filter-log-events --log-group-name "/aws/lambda/${log_group}" --start-time "${DTFROM}" --end-time "${DTTO}" --filter-pattern "\"${2}\"" else - aws --profile "lfproduct-${STAGE}" logs filter-log-events --log-group-name "/aws/lambda/${log_group}" --start-time "${DTFROM}" --end-time "${DTTO}" --filter-pattern "\"${2}\"" | jq -r '.events' + aws --region "${REGION}" --profile "lfproduct-${STAGE}" logs filter-log-events --log-group-name "/aws/lambda/${log_group}" --start-time "${DTFROM}" --end-time "${DTTO}" --filter-pattern "\"${2}\"" | jq -r '.events' fi From 47c605a3866a6d7d16c0aeaed5002ffeaba3c2bf Mon Sep 17 00:00:00 2001 From: Lukasz Gryglicki Date: Wed, 6 Aug 2025 07:46:30 +0200 Subject: [PATCH 7/7] Fix typos Signed-off-by: Lukasz Gryglicki --- cla-backend/cla/controllers/company.py | 2 +- cla-backend/cla/routes.py | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cla-backend/cla/controllers/company.py b/cla-backend/cla/controllers/company.py index aa3cfd8b5..ca7166fa3 100644 --- a/cla-backend/cla/controllers/company.py +++ b/cla-backend/cla/controllers/company.py @@ -223,7 +223,7 @@ def update_company_allowlist_csv(content, company_id, username=None): # Ready email addresses. emails = content.split('\n') emails = [email for email in emails if '@' in email] - current_allowlist = company.get_company_'allowlist'() + current_allowlist = company.get_company_allowlist() new_allowlist = list(set(current_allowlist + emails)) company.set_company_allowlist(new_allowlist) company.save() diff --git a/cla-backend/cla/routes.py b/cla-backend/cla/routes.py index 0e0c9bf5e..39f471cfb 100755 --- a/cla-backend/cla/routes.py +++ b/cla-backend/cla/routes.py @@ -152,7 +152,7 @@ def get_users_company(auth_user: check_auth, user_company_id: hug.types.uuid): """ return cla.controllers.user.get_users_company(user_company_id) -# We can't change API URL to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates +# We can't change API URL to be inclusive yet as this would break all consumers and require acs-cli and lfx-gateway updates @hug.post("/user/{user_id}/request-company-whitelist/{company_id}", versions=2) def request_company_allowlist( user_id: hug.types.uuid, @@ -341,7 +341,7 @@ def post_signature( ) -# We can't change API parameters to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates +# We can't change API parameters to be inclusive yet as this would break all consumers and require acs-cli and lfx-gateway updates @hug.put( "/signature", versions=1, @@ -360,7 +360,7 @@ def put_signature( signature_embargo_acked=None, signature_return_url=None, signature_sign_url=None, - domain_whitelist=None, # bacause they come from API parameter we can't change to inclusive names yet + domain_whitelist=None, # because they come from API parameter we can't change to inclusive names yet email_whitelist=None, github_whitelist=None, github_org_whitelist=None, @@ -387,7 +387,7 @@ def put_signature( signature_embargo_acked=signature_embargo_acked, signature_return_url=signature_return_url, signature_sign_url=signature_sign_url, - domain_allowlist=domain_whitelist, # bacause they come from API parameter we can't change to inclusive names yet + domain_allowlist=domain_whitelist, # because they come from API parameter we can't change to inclusive names yet email_allowlist=email_whitelist, github_allowlist=github_whitelist, github_org_allowlist=github_org_whitelist, @@ -735,7 +735,7 @@ def delete_company(auth_user: check_auth, company_id: hug.types.text): return cla.controllers.company.delete_company(company_id, username=auth_user.username) -# We can't change API URL to be inclusive yet as this woudl break all consumers and require acs-cli and lfx-gateway updates +# We can't change API URL to be inclusive yet as this would break all consumers and require acs-cli and lfx-gateway updates @hug.put("/company/{company_id}/import/whitelist/csv", versions=1) def put_company_allowlist_csv(body, auth_user: check_auth, company_id: hug.types.uuid): """