Initial Service Implementation (#1)

* Define `User` config model
Define `AccessRoles` enum
Define exceptions for user existence errors
Define database ABC with documented methods

* Implement SQLite backend with unit tests

* Start model unit test coverage

* Update default user values to use factory methods
Add models module test coverage

* Add Python packaging

* Add GHA Automation

* Update Python versions in unit tests
Remove invalid Docker test automation
Fix typo in unit test package installation

* Reformat unit test file
Fix check for existing username/user_id
Move user conflict check to internal method in base class

* Specify configured DoB to use a date object with unit test coverage

* Define AccessRoles usage in docstring with unit test coverage

* Refactor `UserNotFoundError` exception name to math File errors

* Add `read_user` convenience method to `UserDatabase` base class
Implement minimal `service.py` with default configuration and ovos-config configuration handling
Document configuration structure

* Add exception if UsersService does not have a valid database configuration
Add `create_user` method with added check for input passwords being hashed with unit tests

* Add default config to package data
Implement `authenticate_user` method with unit test coverage and an AuthenticationError

* Troubleshooting missing package_data

* Remove `max-parallel` limit from unit test automation

* Add locking around database operations
Add separate method for reading user entries without authentication data
Add helpers for update/delete operations that perform some degree of input validation
Add unit test coverage for changes

* Add unit test coverage for `delete_user`

* Handle hashing of changed passwords in `update_user`
Update exception in `delete_user` to be more specific

* Add MQ request model for input validation

* Update tests to reflect behavior changes

* Fix and annotate delete_user tests

* Define `mq_connector` module and document MQ API in README.md

* Implement Docker container for MQ service

* Add dockerfile

* Update SQLite to allow threaded access for MQ compat.
Update `TokenConfig` to match/extend existing config used in neon-hana
Update MQ error handling to return HTTP codes for HANA integration

* Update PermissionsConfig to dump to int for JSON serialization
Accept `access_token` in `MQRequest` model as an alternate auth method

* Refactor to import models from neon_data_models package

* Update imports in tests to new module

* Fix missed import change

* Refactor to move common logic to the base class

* Add MongoDb database class with unit tests
Implement unit test automation with config from GHA secrets

* Update dependencies for mongodb

* Update MongoDb tests to support parallel runs
Remove created test collections after unit test run

* Add service support for MongoDB
Update Dockerfile to include MongoDB dependency

* Update Docker default config to include sqlite database
Prevent update requests from modifying users without validating a token or password
Prevent update requests from allowing an escalation of privileges

* Add and implement a specific PermissionsError exception
Refactor MQ handling to parse specific request models for UserDB CRUD

* Update token auth handling to use HanaToken model instead of encoded string

* Refactor permissions checks to match changes made to neon-data-models

* Refactor to remove `RW_USERS` role since the `USER` and `ADMIN` roles already define read and write access, respectively

* Refactor imports to troubleshoot circular import exception noted in https://github.com/NeonGeckoCom/neon-users-service/actions/runs/11923606971/job/33232317854?pr=1

* Remove Python 3.8 from unit test coverage

* Update `neon-data-models` dependency spec
Resolve syntax warnings in Dockerfile

* Apply GNU Affero license

* Add license note to README.md

* Add link to GNU Affero description in README text

.github/workflows/license_tests.yml

@@ -0,0 +1,12 @@
+name: Run License Tests
+on:
+  push:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+jobs:
+  license_tests:
+    uses: neongeckocom/.github/.github/workflows/license_tests.yml@master
+    with:
+      packages-exclude: '^(neon-users-service).*'

.github/workflows/propose_release.yml

@@ -0,0 +1,27 @@
+name: Propose Stable Release
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        type: choice
+        description: Release Type
+        options:
+          - patch
+          - minor
+          - major
+jobs:
+  update_version:
+    uses: neongeckocom/.github/.github/workflows/propose_semver_release.yml@master
+    with:
+      branch: dev
+      release_type: ${{ inputs.release_type }}
+      update_changelog: True
+  pull_changes:
+    uses: neongeckocom/.github/.github/workflows/pull_master.yml@master
+    needs: update_version
+    with:
+      pr_reviewer: neonreviewers
+      pr_assignee: ${{ github.actor }}
+      pr_draft: false
+      pr_title: ${{ needs.update_version.outputs.version }}
+      pr_body: ${{ needs.update_version.outputs.changelog }}

.github/workflows/publish_release.yml

@@ -0,0 +1,16 @@
+# This workflow will generate a release distribution and upload it to PyPI
+
+name: Publish Build and GitHub Release
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  build_and_publish_pypi_and_release:
+    uses: neongeckocom/.github/.github/workflows/publish_stable_release.yml@master
+    secrets: inherit
+  build_and_publish_docker:
+    needs: build_and_publish_pypi_and_release
+    uses: neongeckocom/.github/.github/workflows/publish_docker.yml@master
+    secrets: inherit

.github/workflows/publish_test_build.yml

@@ -0,0 +1,21 @@
+# This workflow will generate a distribution and upload it to PyPI
+
+name: Publish Alpha Build
+on:
+  push:
+    branches:
+      - dev
+    paths-ignore:
+      - 'version.py'
+
+jobs:
+  publish_alpha_release:
+    uses: neongeckocom/.github/.github/workflows/publish_alpha_release.yml@master
+    secrets: inherit
+    with:
+      version_file: "version.py"
+      publish_prerelease: true
+  build_and_publish_docker:
+    needs: publish_alpha_release
+    uses: neongeckocom/.github/.github/workflows/publish_docker.yml@master
+    secrets: inherit

.github/workflows/unit_tests.yml

@@ -0,0 +1,42 @@
+# This workflow will run unit tests
+
+name: Run Unit Tests
+on:
+  push:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  py_build_tests:
+    uses: neongeckocom/.github/.github/workflows/python_build_tests.yml@master
+    with:
+      python_version: "3.8"
+  docker_build_tests:
+    uses: neongeckocom/.github/.github/workflows/docker_build_tests.yml@master
+  unit_tests:
+    strategy:
+      matrix:
+        python-version: [3.9, '3.10', '3.11', '3.12']
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install .[test,mongodb]
+      - name: Unit Tests
+        run: |
+          pytest tests  --doctest-modules --junitxml=tests/unit-test-results.xml
+        env:
+          MONGO_TEST_CONFIG: ${{secrets.MONGO_TEST_CONFIG}}
+      - name: Upload test results
+        uses: actions/upload-artifact@v4
+        with:
+          name: unit-test-results-${{matrix.python-version}}
+          path: tests/unit-test-results.xml

Dockerfile

@@ -0,0 +1,23 @@
+FROM python:3.10-slim
+
+LABEL vendor=neon.ai \
+    ai.neon.name="neon-users-service"
+
+ENV OVOS_CONFIG_BASE_FOLDER=neon
+ENV OVOS_CONFIG_FILENAME=diana.yaml
+ENV XDG_CONFIG_HOME=/config
+ENV XDG_DATA_HOME=/data
+COPY docker_overlay/ /
+
+RUN apt-get update && \
+    apt-get install -y \
+    gcc \
+    python3 \
+    python3-dev \
+    && pip install wheel
+
+ADD . /neon_users_service
+WORKDIR /neon_users_service
+RUN pip install .[mq,mongodb]
+
+CMD ["neon_users_service"]