From adc4dc4453392cbae7665a6e0e0b36fe90eb3b5a Mon Sep 17 00:00:00 2001
From: Kelly McDonald <kelly@fammcdonald.net>
Date: Fri, 11 Dec 2020 12:03:41 -0500
Subject: [PATCH] redid the api a bit so that nothing was using open security -
 added a new endpoint for getting a workflow spec that uses the alternate
 API_TOKEN security and leave the original endpoint as it was.

---
 crc/api.yml                   | 24 +++++++++++++++++++++++-
 crc/api/workflow_sync.py      |  4 ++++
 crc/services/workflow_sync.py |  7 +------
 3 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/crc/api.yml b/crc/api.yml
index 0939daa5..a4b799ea 100644
--- a/crc/api.yml
+++ b/crc/api.yml
@@ -156,6 +156,29 @@ paths:
                 items:
                   $ref: "#/components/schemas/WorkflowSpecDiffList"
 
+  /workflow_sync/{workflow_spec_id}/spec:
+    parameters:
+      - name: workflow_spec_id
+        in: path
+        required: false
+        description: The unique id of an existing workflow specification to modify.
+        schema:
+          type: string
+    get:
+      operationId: crc.api.workflow_sync.get_sync_workflow_specification
+      summary: Returns a single workflow specification
+      security:
+        - ApiKeyAuth: []
+      tags:
+        - Workflow Sync API
+      responses:
+        '200':
+          description: Workflow specification.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/WorkflowSpec"
+
 
   /workflow_sync/{workflow_spec_id}/files:
     get:
@@ -401,7 +424,6 @@ paths:
     get:
       operationId: crc.api.workflow.get_workflow_specification
       summary: Returns a single workflow specification
-      security: []
       tags:
         - Workflow Specifications
       responses:
diff --git a/crc/api/workflow_sync.py b/crc/api/workflow_sync.py
index 6a64fe7d..4915af0f 100644
--- a/crc/api/workflow_sync.py
+++ b/crc/api/workflow_sync.py
@@ -8,8 +8,12 @@ from crc.models.file import FileModel, FileDataModel
 from crc.models.workflow import WorkflowSpecModel, WorkflowSpecCategoryModel
 from crc.services.file_service import FileService
 from crc.services.workflow_sync import WorkflowSyncService
+from crc.api.workflow import get_workflow_specification
 
 
+def get_sync_workflow_specification(workflow_spec_id):
+    return get_workflow_specification(workflow_spec_id)
+
 def join_uuids(uuids):
     """Joins a pandas Series of uuids and combines them in one hash"""
     combined_uuids = ''.join([str(uuid) for uuid in uuids.sort_values()]) # ensure that values are always
diff --git a/crc/services/workflow_sync.py b/crc/services/workflow_sync.py
index e2026746..26796413 100644
--- a/crc/services/workflow_sync.py
+++ b/crc/services/workflow_sync.py
@@ -25,13 +25,8 @@ class WorkflowSyncService(object):
         """
         this just gets the details of a workflow spec from the
         remote side.
-
-        FIXME: for testing I had changed the security on the API endpoint
-        below so that I could run it - I need to restore the security on this
-        and make a new workflow_sync endpoint that just calls this same function
-        so that I can use the API_TOKEN rather than the other token setup
         """
-        url = remote+'/v1.0/workflow-specification/'+workflow_spec_id
+        url = remote+'/v1.0/workflow-sync/'+workflow_spec_id+'/spec'
         return WorkflowSyncService.__make_request(url)
 
     @staticmethod