Course Accounts in Waldur
Overview
Course accounts provide temporary access management for educational and training purposes within Waldur. This feature is optional and enables integration with external learning management systems to provide time-limited access to resources for course participants.
Architecture
Core Components
Course Account Model
Located in src/waldur_mastermind/marketplace/models.py
, the CourseAccount model provides the foundation for course-based access management:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
|
Key Features
- Project Scoped: Course accounts are always associated with projects of kind
COURSE
- User Linkage: Each course account creates and links to a Waldur user
- State Management: Accounts have state tracking (OK, CLOSED, ERRED)
- Email Tracking: Stores email for participant communication
- Error Handling: Built-in error message and traceback storage
State Management
Course accounts use a finite state machine with three states:
- OK (0): Account is active and operational
- CLOSED (1): Account has been closed/deactivated
- ERRED (2): Account is in error state
State transitions:
set_state_ok()
: ERRED → OKset_state_closed()
: OK/ERRED → CLOSEDset_state_erred()
: * → ERRED
Backend Integration
Configuration Settings
Course account functionality requires the following settings in WALDUR_CORE
:
1 2 3 4 5 6 7 8 |
|
Mock Mode
For development and testing, a mock backend can be enabled:
1 |
|
This simulates course account operations without requiring external backend connections.
Backend API Requirements
When COURSE_ACCOUNT_USE_API
is enabled, the backend must implement the following endpoints:
1. Authentication Endpoint
POST {COURSE_ACCOUNT_TOKEN_URL}
Request:
1 2 3 4 5 |
|
Response:
1 2 3 |
|
2. Create Course Account
POST {COURSE_ACCOUNT_URL}
Headers:
1 2 |
|
Request Body:
1 2 3 4 5 6 7 8 9 10 11 12 |
|
Response:
1 2 3 4 5 6 7 8 9 |
|
3. Get Course Account
GET {COURSE_ACCOUNT_URL}/{username}
Headers:
1 |
|
Response:
1 2 3 4 5 6 7 8 9 |
|
4. Close Course Account
PUT {COURSE_ACCOUNT_URL}/{username}/close
Headers:
1 |
|
Response:
1 2 3 4 5 6 |
|
5. Bulk Create Course Accounts
The backend should support batch creation of course accounts through the same POST endpoint, accepting an array of account objects.
API Endpoints (Frontend)
Course Account Management
- List:
GET /api/marketplace-course-accounts/
- Create:
POST /api/marketplace-course-accounts/
- Retrieve:
GET /api/marketplace-course-accounts/{uuid}/
- Delete:
DELETE /api/marketplace-course-accounts/{uuid}/
- Bulk Create:
POST /api/marketplace-course-accounts/create_bulk/
Note: Update operations are disabled for course accounts to maintain consistency with external systems.
API Response Fields
Each course account includes the following fields:
Basic Fields
uuid
: Unique identifier for the course accountcreated
: Account creation timestampmodified
: Last modification timestampemail
: Participant email addressdescription
: Optional description of the accountstate
: Current account state (OK, Closed, Erred)
User Information
user_uuid
: UUID of the linked Waldur userusername
: Username of the linked user
Project Information
project
: UUID of the parent course projectproject_uuid
: Same as project (for consistency)project_name
: Name of the course projectproject_slug
: URL-friendly project identifierproject_start_date
: Course project start date (if set)project_end_date
: Course project end date (required for course projects)
Customer Information
customer_uuid
: UUID of the customer that owns the projectcustomer_name
: Name of the customer organization
Error Tracking
error_message
: Human-readable error description (if account is in error state)error_traceback
: Technical error details for debugging
Filtering and Ordering
The course accounts list endpoint supports comprehensive filtering and ordering options:
Basic Filters
username
: Filter by username (exact match)email
: Filter by email (case-insensitive contains)state
: Filter by account state (OK, Closed, Erred)project_uuid
: Filter by project UUID
Date Range Filters
project_start_date_after
: Show accounts where project starts after this dateproject_start_date_before
: Show accounts where project starts before this dateproject_end_date_after
: Show accounts where project ends after this dateproject_end_date_before
: Show accounts where project ends before this date
Ordering Options
Use the o
parameter to order results by:
created
: Creation datemodified
: Modification datestate
: Account stateemail
: Email addressusername
: Usernameproject_name
: Project nameproject_start_date
: Project start dateproject_end_date
: Project end date
Add -
prefix for descending order (e.g., o=-created
).
Example API Requests
Basic Listing
1 |
|
Filter by Active Accounts
1 |
|
Filter by Email Contains
1 |
|
Filter by Project Date Range
1 |
|
Combine Filters with Ordering
1 |
|
Order by Project Start Date
1 |
|
Permissions
Course account operations require the MANAGE_COURSE_ACCOUNT
permission at the appropriate scope:
- Create: Permission required at project or customer level
- Delete: Permission required at project or customer level
- List/View: Staff, support, or users with MANAGE_COURSE_ACCOUNT permission
Project Requirements
Course accounts can only be created in projects with kind=COURSE
. This ensures clear separation between regular projects and educational/training projects.
Lifecycle Management
Automatic Cleanup
Course accounts are automatically closed when their parent project is deleted:
- Signal handler:
close_course_accounts_after_project_removal
- Processes all course accounts in the project
- Attempts to close each account via external API
- Continues even if individual account closures fail
User Creation
When a course account is created:
- External API returns account details including username
- A Waldur user is automatically created with:
- Username from external system
- Email from the course account
- Description: "Course Account"
- The user is linked to the course account
Error Handling
Course accounts track errors through:
- state: Transitions to ERRED state on failures
- error_message: Human-readable error description
- error_traceback: Full error traceback for debugging
Failed operations automatically transition accounts to ERRED state, which can be recovered using set_state_ok()
after resolving issues.
Event Notifications
Course account operations trigger events that can be subscribed to:
- Account creation
- Account updates
- Account deletion
- State changes
These events can be used for:
- Email notifications to participants
- Integration with learning management systems
- Audit logging
Integration with Site Agents
Course accounts can be integrated with site agents for automated provisioning:
- Site agents can monitor course account creation
- Automatically provision resources for course participants
- Send welcome emails and access instructions
- Clean up resources when accounts are closed
Implementation Checklist
When implementing a course account backend, ensure:
- OAuth2 token endpoint is available and returns bearer tokens
- Account creation endpoint generates unique usernames
- Accounts have expiration dates for time-limited access
- Get operation returns current account status
- Close operation marks accounts as disabled
- Bulk creation is supported for efficiency
- Error responses use standard HTTP status codes
- All endpoints validate bearer token authentication
- Account status transitions are logged appropriately
Security Considerations
- Temporary Access: Course accounts should have time-limited access
- Username Generation: External system must ensure unique usernames
- Permission Checks: All operations validate user permissions at appropriate scope
- Audit Logging: All course account operations are logged for audit trails
- Cleanup: Accounts are automatically closed when parent resources are deleted
- Project Isolation: Course accounts are restricted to COURSE-type projects
Differences from Service Accounts
Feature | Course Accounts | Service Accounts |
---|---|---|
Purpose | Temporary educational access | Long-term automation access |
Scope | Project-level only | Project and Customer levels |
API Keys | Not supported | Supported with rotation |
User Creation | Automatic | Not created |
Update Operations | Disabled | Enabled |
Expiration | Expected | Optional |
Bulk Operations | Supported | Not supported |
Testing
Mock mode can be enabled for testing without external dependencies:
1 2 |
|
This simulates all backend operations locally, useful for:
- Unit tests
- Development environments
- Demo installations
- Training environments