Mpt 6178 mtp 6179 replace error format add env prefix (#28)

* [WIP] Add initial logic for managing DataSources.
Move the service's APIs and files to the API folder.
Add Custom Exceptions to handle DataSources errors

* Reformat the Auth error message format to be the same as the others.
Remove the endpoint `/modifier/v1/invitations/users` and move the users invitation logic into the `/modifier/v1/users`
Replace POST `/modifier/v1/invites/{invite_id}/decline` with
PATCH `/modifier/v1/invites/{invite_id}`
Add the Prefix `FFC_MODIFIER_` to ENV variables
Updated tests

* Add env.example

* Move logic for creating new users and invited ones to a service layer to improve readability of the whole flow.
Reverse the behaviour of the JTWBearer class to soon raise an exception in case or authentication's errors.
Improve and Adjust tests

Author: antoniodimariano

app/api/cloud_account/api.py

@@ -11,8 +11,8 @@
 from app.api.cloud_account.model import AddCloudAccount, AddCloudAccountResponse
 from app.api.invitations.api import get_bearer_token
 from app.core.exceptions import (
+    APIResponseError,
     CloudAccountConfigError,
-    OptScaleAPIResponseError,
     format_error_response,
 )
 
@@ -52,6 +52,6 @@ async def add_cloud_account(
             status_code=response.get("status_code", http_status.HTTP_201_CREATED),
             content=response.get("data", {}),
         )
-    except (OptScaleAPIResponseError, CloudAccountConfigError, ValueError) as error:
+    except (APIResponseError, CloudAccountConfigError, ValueError) as error:
         logger.error(f"An error occurred adding the cloud account {data.type} {error}")
         return format_error_response(error)

app/api/cloud_account/cloud_accounts_conf/cloud_config_strategy.py

@@ -33,7 +33,7 @@ async def link_cloud_account_to_org(
         :param org_id: The user's ORG to link the Cloud Account with
         :param user_access_token: The user's access token
         :return: The response as it comes from OptScale
-        :raise: Rethrow OptScaleAPIResponseError if an error occurred consuming the
+        :raise: Rethrow APIResponseError if an error occurred consuming the
         OptScale APIs.
         """
         response = await self.optscale_cloud_account_api.link_cloud_account_with_org(

app/api/cloud_account/cloud_accounts_manager.py

@@ -14,8 +14,8 @@
 )
 from app.api.cloud_account.cloud_accounts_conf.gcp import GCPCNRConfigStrategy
 from app.core.exceptions import (
+    APIResponseError,
     CloudAccountConfigError,
-    OptScaleAPIResponseError,
 )
 from app.optscale_api.cloud_accounts import OptScaleCloudAccountAPI
 
@@ -53,7 +53,7 @@ def select_strategy(self):
         :rtype:
         """
         if self.type not in self.ALLOWED_PROVIDERS:
-            raise OptScaleAPIResponseError(
+            raise APIResponseError(
                 title="Wrong Cloud Account",
                 error_code="OE0436",
                 reason=f"{self.type} is not supported",
@@ -144,7 +144,7 @@ async def add_cloud_account(
             "parent_id": null
           }
           raises: ValueError if the previously built CloudStrategyConfiguration is tampered.
-          Rethrow OptScaleAPIResponseError if an error occurred during the communication with the
+          Rethrow APIResponseError if an error occurred during the communication with the
           OptScale API.
         """
         if not isinstance(config, CloudStrategyConfiguration):

app/api/invitations/api.py

@@ -6,18 +6,12 @@
 from starlette.responses import JSONResponse
 
 from app import settings
-from app.api.invitations.model import (
-    DeclineInvitation,
-    RegisteredInvitedUserResponse,
-    RegisterInvitedUser,
-)
+from app.api.invitations.model import DeclineInvitation
 from app.api.invitations.services.invitations import (
-    register_invited_user_on_optscale,
     remove_user,
 )
 from app.core.exceptions import (
-    InvitationDoesNotExist,
-    OptScaleAPIResponseError,
+    APIResponseError,
     format_error_response,
 )
 from app.optscale_api.invitation_api import OptScaleInvitationAPI
@@ -36,37 +30,8 @@ def get_bearer_token(
     return auth.credentials  # Return the raw token
 
 
-def get_optscale_user_api() -> OptScaleUserAPI:
-    return OptScaleUserAPI()
-
-
-@router.post(
-    path="/users",
-    status_code=http_status.HTTP_201_CREATED,
-    response_model=RegisteredInvitedUserResponse,
-)
-async def register_invited(
-    data: RegisterInvitedUser,
-    user_api: OptScaleUserAPI = Depends(get_optscale_user_api),
-):  # noqa: E501
-    try:
-        response = await register_invited_user_on_optscale(
-            email=str(data.email),
-            display_name=data.display_name,
-            password=data.password,
-            user_api=user_api,
-        )
-        return JSONResponse(
-            status_code=response.get("status_code", http_status.HTTP_201_CREATED),
-            content=response.get("data", {}),
-        )
-
-    except (OptScaleAPIResponseError, InvitationDoesNotExist) as error:
-        return format_error_response(error)
-
-
-@router.post(
-    path="/users/invites/{invite_id}/decline",
+@router.patch(
+    path="/users/invites/{invite_id}",
     status_code=http_status.HTTP_200_OK,
 )
 async def decline_invitation(
@@ -97,5 +62,5 @@ async def decline_invitation(
             status_code=response.get("status_code", http_status.HTTP_200_OK),
             content={"response": "Invitation declined"},
         )
-    except OptScaleAPIResponseError as error:
+    except APIResponseError as error:
         return format_error_response(error)

app/api/invitations/services/invitations.py

@@ -1,75 +1,18 @@
 from __future__ import annotations
 
 import asyncio
-import functools
 import logging
 
 from fastapi import Depends
 
-from app import settings
-from app.core.exceptions import InvitationDoesNotExist, OptScaleAPIResponseError
+from app.core.exceptions import APIResponseError
 from app.optscale_api.invitation_api import OptScaleInvitationAPI
 from app.optscale_api.orgs_api import OptScaleOrgAPI
 from app.optscale_api.users_api import OptScaleUserAPI
 
 logger = logging.getLogger(__name__)
 
 
-def validate_invitation():  # noqa: E501
-    def decorator(func):
-        @functools.wraps(func)
-        async def wrapper(*args, **kwargs):
-            email = kwargs.get("email")
-            invitation_api = OptScaleInvitationAPI()
-            response = await invitation_api.get_list_of_invitations(email=email)
-            no_invitations = {"invites": []}
-            if response.get("data", {}) == no_invitations:
-                # there is no invitation
-                raise InvitationDoesNotExist("Invitation not found")
-            return await func(*args, **kwargs)
-
-        return wrapper
-
-    return decorator
-
-
-@validate_invitation()
-async def register_invited_user_on_optscale(
-    email: str,
-    display_name: str,
-    password: str,
-    user_api: OptScaleUserAPI,
-) -> dict[str, str] | Exception:
-    """
-    Registers invited users to OptScale, without
-    verification.
-
-    :param user_api: an instance of OptScaleUserAPI
-    :param email: The email of the given user to register
-    :param display_name: The display name of the user
-    :param password: The password of the user
-    :return: dict[str, str] : User information.
-    :raises: OptScaleAPIResponseError if any error occurs
-        contacting the OptScale APIs
-    """
-    try:
-        response = await user_api.create_user(
-            email=email,
-            display_name=display_name,
-            password=password,
-            admin_api_key=settings.admin_token,
-            verified=False,
-        )
-        logger.info(f"Invited User successfully registered: {response}")
-        return response
-    except OptScaleAPIResponseError as error:
-        logger.error(f"An error {error} occurred registering the invited user {email}")
-        raise error
-    except InvitationDoesNotExist as error:
-        logger.error(f"There is no invitation for this email  {email}")
-        raise error
-
-
 async def validate_user_delete(
     user_token: str,
     invitation_api: OptScaleInvitationAPI = Depends(),
@@ -117,7 +60,7 @@ async def remove_user(
     :param org_api: an instance of the OptScaleOrgAPI
     :param user_api: An instance of OptScaleUserAPI
     :return: True if the user was successfully deleted, False otherwise.
-    :raises OptScaleAPIResponseError if any error occurs
+    :raises APIResponseError if any error occurs
         contacting the OptScale APIs
     """
     validate_delete = await validate_user_delete(
@@ -131,7 +74,7 @@ async def remove_user(
             )
             logger.info(f"The user {user_id} was successfully deleted")
             return True
-        except OptScaleAPIResponseError:
+        except APIResponseError:
             logger.error(f"Error deleting user:{user_id}")
             return False
     logger.info(f"The user {user_id} cannot be deleted.")

app/api/organizations/api.py

@@ -1,3 +1,5 @@
+from __future__ import annotations
+
 from fastapi import APIRouter, Depends
 from fastapi import status as http_status
 from starlette.responses import JSONResponse
@@ -23,12 +25,13 @@
     path="",
     status_code=http_status.HTTP_200_OK,
     response_model=OptScaleOrganizationResponse,
-    dependencies=[Depends(JWTBearer())],
+    dependencies=[],
 )
 async def get_orgs(
     user_id: str,
     optscale_api: OptScaleOrgAPI = Depends(),
     auth_client: OptScaleAuth = Depends(get_auth_client),
+    jwt_payload: dict = Depends(JWTBearer()),
 ):
     """
     Retrieve the organization data associated with a given user.
@@ -37,6 +40,7 @@ async def get_orgs(
     with the OptScale API.
     It returns the organization data as a JSON response.
 
+    :param jwt_payload: A dictionary that will contain the access token or an error
     :param user_id:  The ID of the user whose organization data is to be retrieved.
     :param optscale_api: An instance of OptScaleOrgAPI for interacting with the organization API.
                         Dependency injection via `Depends()`.
@@ -49,7 +53,7 @@ async def get_orgs(
     :raises:
         the optscale_api.get_user_org() may raise these exceptions
 
-        - OptScaleAPIResponseError: If an error occurs when communicating with the OptScale API.
+        - APIResponseError: If an error occurs when communicating with the OptScale API.
         - UserAccessTokenError: If there is an issue obtaining the user's access token.
         - Exception: For any other unexpected errors.
 
@@ -89,16 +93,18 @@ async def get_orgs(
     path="",
     status_code=http_status.HTTP_201_CREATED,
     response_model=OptScaleOrganization,
-    dependencies=[Depends(JWTBearer())],
+    dependencies=[],
 )
 async def create_orgs(
     data: CreateOrgData,
     org_api: OptScaleOrgAPI = Depends(),
     auth_client: OptScaleAuth = Depends(get_auth_client),
+    jwt_payload: dict = Depends(JWTBearer()),
 ):
     """
     Create a new FinOPs organization.
 
+    :param jwt_payload: A dictionary that will contain the access token or an error
     :param data: The input data required to create an organization,including the user_id
     :param org_api: An instance of OptScaleOrgAPI for managing organization operations.
                     Dependency injection via `Depends()`.
@@ -139,6 +145,7 @@ async def create_orgs(
     """
 
     try:
+        # handle_jwt_dependency(jwt_payload)
         response = await org_api.create_user_org(
             org_name=data.org_name,
             user_id=data.user_id,

app/api/users/api.py

@@ -1,30 +1,55 @@
+from __future__ import annotations
+
+import logging
+
 from fastapi import APIRouter, Depends
 from fastapi import status as http_status
 from starlette.responses import JSONResponse
 
 from app import settings
 from app.api.users.model import CreateUserData, CreateUserResponse
+from app.api.users.services.optscale_users_registration import (
+    add_new_user,
+    validate_email_and_add_invited_user,
+)
 from app.core.auth_jwt_bearer import JWTBearer
-from app.core.exceptions import OptScaleAPIResponseError, format_error_response
+from app.core.exceptions import (
+    APIResponseError,
+    InvitationDoesNotExist,
+    UserAccessTokenError,
+    format_error_response,
+)
 from app.optscale_api.users_api import OptScaleUserAPI
 
+logger = logging.getLogger(__name__)
 router = APIRouter()
 
 
 @router.post(
     path="",
     status_code=http_status.HTTP_201_CREATED,
     response_model=CreateUserResponse,
-    dependencies=[Depends(JWTBearer())],
+    dependencies=[],
 )
-async def create_user(data: CreateUserData, user_api: OptScaleUserAPI = Depends()):
+async def create_user(
+    data: CreateUserData,
+    optscale_user_api: OptScaleUserAPI = Depends(),
+    jwt_token: dict = Depends(JWTBearer(allow_unauthenticated=True)),
+):
     """
-    Create a FinOps user
-    This endpoint allows the creation of a new user by interacting with the OptScale API.
+    This endpoint registers users in OptScale.
+    It can be consumed in two ways:
+    1. If a JWT Token is provided, the user will be created and verified.
+    2. IF no Authentication is provided, the given user will be created ONLY
+        if an invitation exists with the provided email address. If an invitation exists,
+        the user will be created but not auto-verified. The user has to perform
+        the verification action.
+
     It returns the created user's details.
 
+    :param jwt_token: a JWT token or None
     :param data: The input data required to create a user.
-    :param user_api: An instance of OptScaleOrgAPI for managing organization operations.
+    :param optscale_user_api: An instance of OptScaleOrgAPI for managing organization operations.
                     Dependency injection via `Depends()`.
 
     :return: A response model containing the details of the newly created user.
@@ -62,17 +87,32 @@ async def create_user(data: CreateUserData, user_api: OptScaleUserAPI = Depends(
         JWTBearer: Ensures that the request is authenticated using a valid JWT.
     """
     try:
-        response = await user_api.create_user(
-            email=str(data.email),
-            display_name=data.display_name,
-            password=data.password,
-            admin_api_key=settings.admin_token,
-            verified=True,
-        )
+        if jwt_token is None:
+            response = await validate_email_and_add_invited_user(
+                email=str(data.email),
+                display_name=data.display_name,
+                password=data.password,
+                admin_token=settings.admin_token,
+                optscale_user_api=optscale_user_api,
+            )
+            logger.info(f"Invited User successfully registered: {response}")
+        else:
+            response = await add_new_user(
+                email=str(data.email),
+                display_name=data.display_name,
+                password=data.password,
+                admin_token=settings.admin_token,
+                optscale_user_api=optscale_user_api,
+            )
+            logger.info(f"User successfully created: {response}")
         return JSONResponse(
             status_code=response.get("status_code", http_status.HTTP_201_CREATED),
             content=response.get("data", {}),
         )
 
-    except OptScaleAPIResponseError as error:
+    except (
+        APIResponseError,
+        UserAccessTokenError,
+        InvitationDoesNotExist,
+    ) as error:
         return format_error_response(error)