Merge pull request #1392 from CVEProject/dr_registry_user_policy

User registry initial Implementation.

Author: jdaigneau5

.github/workflows/test-http.yml

@@ -26,7 +26,7 @@ jobs:
     - name: Sleep
       run: bash -c "while ! docker compose --file docker/docker-compose.yml logs --tail=10 cveawg | grep -q 'Serving on port'; do sleep 1; done"
     - name: Load Data into MongoDb
-      run: docker compose -f docker/docker-compose.yml exec -T cveawg npm run populate:dev y
+      run: docker compose -f docker/docker-compose.yml exec -T cveawg npm run populate:dev y; docker compose -f docker/docker-compose.yml exec -T cveawg npm run migrate:test-black-box
     - name: Run Black Box Tests
       run: |
         docker compose --file test-http/docker/docker-compose.yml exec -T demon pytest src/ | tee test-http/src/testOutput.txt

README.md

@@ -1,3 +1,5 @@
+*NOTE: the Test environment of CVE Services now includes the release candidate “User Registry” which adds many additional features.  See the details at the end of this ReadMe doc.*
+
 # CVE-API
 
 ![CodeQL](https://github.com/CVEProject/cve-services/workflows/CodeQL/badge.svg)
@@ -140,3 +142,19 @@ In order to run the unit tests:
 ```sh
 npm run start:test
 ```
+
+
+### User Registry
+
+The CVE Automation Working Group (on behalf of the CVE Program)  is currently working on a new automation capability: the User Registry.  The objective of the User Registry is to modernize how CVE Program Organizations (e.g., CNAs, Roots, Top level Roots, the Secretariat) manage/update their organizational properties and user pools.   The new capability will ultimately allow CNAs, Roots, Top Level Roots to better manage their own data/user pools with more robust information.  It is targeted to be implemented in a series of incremental deployments to CVE Services in the Fall/2025 through Summer/2026.   
+
+Current Status:  The release candidate for the first User Registry increment (termed the User Registry MVP) is now available for testing/review in the CVE Program Testing Environment. (Note that this release IS NOT a PRODUCTION Release and will not be visible in the CVE Program PRODUCTION environment).
+This release candidate establishes a new, more robust User/Organizations databases (and associated APIs) while maintaining full backwards compatibility with the current User/Organizational management functions (meaning that current CVE Services clients will not be required to be modified with the deployment of this candidate).  It was discussed at the 6/11/2025 CVE Program AWG meeting.  
+
+HowTo:  Credentialed users of CVE Services will be able to use the new capabilities via the API endpoints.  Note that support for new endpoints may not be immediately available in the “client” tools provided by the community.  
+
+Next Steps:  The AWG is taking comments/questions on this release candidate.   You can provide feedback in three ways:
+Send  comments/questions to AWG+owner@CVE-CWE-Programs.groups.io,
+
+Post Issues/Questions to the CVE Services Issue Board (please attach a “user registry” label to your post).   
+Attend (virtually) an AWG meeting which meets every week on Tuesday at 4:00 PM Eastern US Time.  Send a request for the link to AWG+owner@CVE-CWE-Programs.groups.io.