Api request for org related data

[armenzg]

I'm building an SPA and I managed to authenticate, however, there's no API that could provide me the org chart related data I need. I was hoping an authenticated SPA LDAP user would be able to fetch who are the people reporting to him/her.

My SPA uses a data structure [1] which is a stripped down data structure from the Phonebook data. The data structure does not have to be exactly like that, however, I need to be able to build a graph of who's reporting to the authenticated user.

The current SPA with fake org data is here: https://bugzilla-management-dashboard.netlify.com/

The "Reportees" list of people is based on the fakeOrg.json file.

The "Components" tab is built by also correlating the reportees to the list of Bugzilla components.

If someone was to help you implementing such API (it is unlikely it will be but it could happen), what are the steps to set up a development instance? What code changes would it be required?

[1] https://github.com/mozilla/bugzilla-dashboard/blob/master/src/static/fakeOrg.json

[
  {
    "cn": "Incredi BleCoder",
    "mail": "ic@mozilla.com",
    "manager": {
      "dn": "mail=someone@mozilla.com,o=com,dc=mozilla"
    }
  },
  {
    "cn": "Mickey Husk",
    "bugzillaEmail": "someone@mydomain.com",
    "mail": "someone@mozilla.com",
    "manager": {
      "dn": "mail=manager@mozilla.com,o=com,dc=mozilla"
    }
  },
  {
    "cn": "Jessica DeLaure",
    "mail": "manager@mozilla.com",
    "manager": null
  }
]

[2] https://github.com/mozilla/bugzilla-dashboard/blob/master/src/static/triageOwners.json

{
    "ic@mozilla.com": [],
    "someone@mydomain.com": [
        {
            "product": "Core",
            "component": "DOM"
        },
        {
            "product": "Core",
            "component": "DOM: Core & HTML"
        },
<--trim-->
   ]
}

[armenzg]

Also, if this was built outside of IT's CIS project, what endpoints would need to be hit to build the org data? What scopes/permissions would be neeeded for the associated client?

[gdestuynder]

currently we do not expose a precomputer org chart, though we do compute it for DinoPark. This will most likely be exposed in the future as I suspect more people want this. To build the org data you need classification:WORKGROUP_CONFIDENTIAL

See also https://github.com/mozilla-iam/dino-tree

[armenzg]

Do you have a link to the code that computes it?

[gdestuynder]

https://github.com/mozilla-iam/dino-park-tree

[armenzg]

Does it need backend? Or can an SPA work?

[gdestuynder]

it needs a backend at this time. while this can work with spa we would not let you do it unless you only consume public data. this is because the clients would get more access than they should get

it will be that way until a consent method is implemented (no eta on that)

[gdestuynder]

Interestingly, Auth0 released their own consent method for something similar since my last comment (basically 2 days ago), so we might be able to leverage that in the near future. I cannot guarantee this does exactly what you need, but we'll definitely test it.

Note: It takes some time for these announcements to make it to our development instance (~1 month)

[trink]

+1 we also need this for the CI cost analysis by organization

[gdestuynder]

at moment we're a little short on resources to prioritize this, though it's definitely a feature we want to have

cc @andrewkrug @HerminaC @fiji-flo for visibility

[armenzg]

@trink you might be able to use the org generated file that @calixteman generates for the Bugzilla management dashboard. He stores it on Taskcluster secrets and is accesible to every MoCo Staff after signing in with auth0.

[calixteman]

@trink ask to @JohanLorenzo how to have the correct scopes to read the secret. For information: https://bugzilla.mozilla.org/show_bug.cgi?id=1579068

[JohanLorenzo]

Hey there!

+1 we also need this for the CI cost analysis by organization

I'm not certain if it's a different dashboard from the one @calixteman works on. Although, I agree with @armenzg, any employee connected with auth0 should be able to read the secret managed in bug 1579068. Therefore, there shouldn't be any scope management to do, as far as I understand.

Please let me know if I can help 🙂