cornflow 1.2.0a1__py3-none-any.whl → 1.2.0a2__py3-none-any.whl

airflow_config/airflow_local_settings.py

@@ -19,5 +19,5 @@ STATE_COLORS = {
 from airflow.www.utils import UIAlert
 
 DASHBOARD_UIALERTS = [
-    UIAlert("Welcome! This is the backend of your Cornflow environment. Airflow™ is a platform created by the community to programmatically author, schedule and monitor workflows."),
+    UIAlert("Welcome! This is the backend of your cornflow environment. Airflow™ is a platform created by the community to programmatically author, schedule and monitor workflows."),
 ]

cornflow/cli/migrations.py

@@ -3,7 +3,7 @@ import os.path
 
 import click
 from cornflow.shared import db
-from flask_migrate import Migrate, migrate, upgrade, init
+from flask_migrate import Migrate, migrate, upgrade, downgrade, init
 
 from .utils import get_app
 
@@ -28,7 +28,27 @@ def migrate_migrations():
 
 
 @migrations.command(name="upgrade", help="Apply migrations")
-def upgrade_migrations():
+@click.option(
+    "-r", "--revision", type=str, help="The revision to upgrade to", default="head"
+)
+def upgrade_migrations(revision="head"):
+    app = get_app()
+    external = int(os.getenv("EXTERNAL_APP", 0))
+    if external == 0:
+        path = "./cornflow/migrations"
+    else:
+        path = f"./{os.getenv('EXTERNAL_APP_MODULE', 'external_app')}/migrations"
+
+    with app.app_context():
+        migration_client = Migrate(app=app, db=db, directory=path)
+        upgrade(revision=revision)
+
+
+@migrations.command(name="downgrade", help="Downgrade migrations")
+@click.option(
+    "-r", "--revision", type=str, help="The revision to downgrade to", default="-1"
+)
+def downgrade_migrations(revision="-1"):
     app = get_app()
     external = int(os.getenv("EXTERNAL_APP", 0))
     if external == 0:
@@ -38,7 +58,7 @@ def upgrade_migrations():
 
     with app.app_context():
         migration_client = Migrate(app=app, db=db, directory=path)
-        upgrade()
+        downgrade(revision=revision)
 
 
 @migrations.command(

cornflow/cli/service.py

@@ -6,6 +6,7 @@ from logging import error
 
 
 import click
+from .utils import get_db_conn
 import cornflow
 from cornflow.app import create_app
 from cornflow.commands import (
@@ -56,15 +57,8 @@ def init_cornflow_service():
     os.environ["SECRET_KEY"] = os.getenv("FERNET_KEY", Fernet.generate_key().decode())
 
     # Cornflow db defaults
-    cornflow_db_host = os.getenv("CORNFLOW_DB_HOST", "cornflow_db")
-    cornflow_db_port = os.getenv("CORNFLOW_DB_PORT", "5432")
-    cornflow_db_user = os.getenv("CORNFLOW_DB_USER", "cornflow")
-    cornflow_db_password = os.getenv("CORNFLOW_DB_PASSWORD", "cornflow")
-    cornflow_db = os.getenv("CORNFLOW_DB", "cornflow")
-    cornflow_db_conn = os.getenv(
-        "cornflow_db_conn",
-        f"postgresql://{cornflow_db_user}:{cornflow_db_password}@{cornflow_db_host}:{cornflow_db_port}/{cornflow_db}",
-    )
+    os.environ["DEFAULT_POSTGRES"] = "1"
+    cornflow_db_conn = get_db_conn()
     os.environ["DATABASE_URL"] = cornflow_db_conn
 
     # Platform auth config and service users

cornflow/cli/utils.py

@@ -6,7 +6,7 @@ import warnings
 
 def get_app():
     env = os.getenv("FLASK_ENV", "development")
-    data_conn = os.getenv("DATABASE_URL", "sqlite:///cornflow.db")
+    data_conn = get_db_conn()
     if env == "production":
         warnings.filterwarnings("ignore")
     external = int(os.getenv("EXTERNAL_APP", 0))
@@ -24,3 +24,18 @@ def get_app():
         app = create_app(env, data_conn)
 
     return app
+
+
+def get_db_conn():
+    if int(os.getenv("DEFAULT_POSTGRES", 0)) == 0:
+        return os.getenv("DATABASE_URL", "sqlite:///cornflow.db")
+    else:
+        cornflow_db_host = os.getenv("CORNFLOW_DB_HOST", "cornflow_db")
+        cornflow_db_port = os.getenv("CORNFLOW_DB_PORT", "5432")
+        cornflow_db_user = os.getenv("CORNFLOW_DB_USER", "cornflow")
+        cornflow_db_password = os.getenv("CORNFLOW_DB_PASSWORD", "cornflow")
+        cornflow_db = os.getenv("CORNFLOW_DB", "cornflow")
+        return os.getenv(
+            "cornflow_db_conn",
+            f"postgresql://{cornflow_db_user}:{cornflow_db_password}@{cornflow_db_host}:{cornflow_db_port}/{cornflow_db}",
+        )

cornflow/config.py

@@ -65,7 +65,7 @@ class DefaultConfig(object):
 
     # APISPEC:
     APISPEC_SPEC = APISpec(
-        title="Cornflow API docs",
+        title="cornflow API docs",
         version="v1",
         plugins=[MarshmallowPlugin()],
         openapi_version="2.0.0",

cornflow/endpoints/__init__.py

@@ -3,8 +3,9 @@ Initialization file for the endpoints module
 All references to endpoints should be imported from here
 The login resource gets created on app startup as it depends on configuration
 """
+
 from .action import ActionListEndpoint
-from .alarms import AlarmsEndpoint
+from .alarms import AlarmsEndpoint, AlarmDetailEndpoint
 from .apiview import ApiViewListEndpoint
 from .case import (
     CaseEndpoint,
@@ -225,6 +226,11 @@ alarms_resources = [
         urls="/alarms/",
         endpoint="alarms",
     ),
+    dict(
+        resource=AlarmDetailEndpoint,
+        urls="/alarms/<int:idx>/",
+        endpoint="alarms-detail",
+    ),
     dict(
         resource=MainAlarmsEndpoint,
         urls="/main-alarms/",

cornflow/endpoints/alarms.py

@@ -1,15 +1,19 @@
 # Imports from libraries
+from flask import current_app
 from flask_apispec import doc, marshal_with, use_kwargs
 
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
 from cornflow.models import AlarmsModel
 from cornflow.schemas.alarms import (
+    AlarmEditRequest,
     AlarmsResponse,
     AlarmsPostRequest,
-    QueryFiltersAlarms
+    QueryFiltersAlarms,
 )
 from cornflow.shared.authentication import Auth, authenticate
+from cornflow.shared.exceptions import AirflowError, ObjectDoesNotExist, InvalidData
+from cornflow.shared.const import SERVICE_ROLE
 
 
 class AlarmsEndpoint(BaseMetaResource):
@@ -56,4 +60,64 @@ class AlarmsEndpoint(BaseMetaResource):
         and an integer with the HTTP status code.
         :rtype: Tuple(dict, integer)
         """
-        return self.post_list(data=kwargs)
+        return self.post_list(data=kwargs)
+
+
+class AlarmDetailEndpointBase(BaseMetaResource):
+    """
+    Endpoint used to get the information of a certain alarm. But not the data!
+    """
+
+    def __init__(self):
+        super().__init__()
+        self.data_model = AlarmsModel
+        self.unique = ["id"]
+
+
+class AlarmDetailEndpoint(AlarmDetailEndpointBase):
+    @doc(description="Get details of an alarm", tags=["None"], inherit=False)
+    @authenticate(auth_class=Auth())
+    @marshal_with(AlarmsResponse)
+    @BaseMetaResource.get_data_or_404
+    def get(self, idx):
+        """
+        API method to get an execution created by the user and its related info.
+        It requires authentication to be passed in the form of a token that has to be linked to
+        an existing session (login) made by a user.
+
+        :param str idx: ID of the execution.
+        :return: A dictionary with a message (error if authentication failed, or the execution does not exist or
+          the data of the execution) and an integer with the HTTP status code.
+        :rtype: Tuple(dict, integer)
+        """
+        current_app.logger.info(
+            f"User {self.get_user()} gets details of execution {idx}"
+        )
+        return self.get_detail(idx=idx)
+
+    @doc(description="Edit an execution", tags=["Executions"], inherit=False)
+    @authenticate(auth_class=Auth())
+    @use_kwargs(AlarmEditRequest, location="json")
+    def put(self, idx, **data):
+        """
+        Edit an existing alarm
+
+        :param string idx: ID of the alarm.
+        :return: A dictionary with a message (error if authentication failed, or the alarm does not exist or
+          a message) and an integer with the HTTP status code.
+        :rtype: Tuple(dict, integer)
+        """
+        current_app.logger.info(f"User {self.get_user()} edits alarm {idx}")
+        return self.put_detail(data, track_user=False, idx=idx)
+
+    @doc(description="Disable an alarm", tags=["None"])
+    @authenticate(auth_class=Auth())
+    def delete(self, idx):
+        """
+        :param int alarm_id: Alarm id.
+        :return:
+        :rtype: Tuple(dict, integer)
+        """
+
+        current_app.logger.info(f"Alarm {idx} was disabled by user {self.get_user()}")
+        return self.disable_detail(idx=idx)

cornflow/endpoints/login.py

@@ -2,15 +2,16 @@
 External endpoint for the user to log in to the cornflow webserver
 """
 
+from datetime import datetime, timezone, timedelta
+
 # Partial imports
 from flask import current_app, request
 from flask_apispec import use_kwargs, doc
 from sqlalchemy.exc import IntegrityError, DBAPIError
-from datetime import datetime, timedelta
 
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
-from cornflow.models import UserModel, UserRoleModel
+from cornflow.models import UserModel, UserRoleModel, PermissionsDAG
 from cornflow.schemas.user import LoginEndpointRequest, LoginOpenAuthRequest
 from cornflow.shared import db
 from cornflow.shared.authentication import Auth, LDAPBase
@@ -51,22 +52,35 @@ class LoginBaseEndpoint(BaseMetaResource):
         if auth_type == AUTH_DB:
             user = self.auth_db_authenticate(**kwargs)
             response.update({"change_password": check_last_password_change(user)})
-            current_app.logger.info(f"User {user.id} logged in successfully using database authentication")
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using database authentication"
+            )
         elif auth_type == AUTH_LDAP:
             user = self.auth_ldap_authenticate(**kwargs)
-            current_app.logger.info(f"User {user.id} logged in successfully using LDAP authentication")
+            current_app.logger.info(
+                f"User {user.id} logged in successfully using LDAP authentication"
+            )
         elif auth_type == AUTH_OID:
-            if (kwargs.get('username') and kwargs.get('password')):
+            if kwargs.get("username") and kwargs.get("password"):
                 if not current_app.config.get("SERVICE_USER_ALLOW_PASSWORD_LOGIN", 0):
-                    raise InvalidUsage("Must provide a token in Authorization header. Cannot log in with username and password", 400)
-                user = self.auth_oid_authenticate(username=kwargs['username'], password=kwargs['password'])
-                current_app.logger.info(f"Service user {user.id} logged in successfully using password")
+                    raise InvalidUsage(
+                        "Must provide a token in Authorization header. Cannot log in with username and password",
+                        400,
+                    )
+                user = self.auth_oid_authenticate(
+                    username=kwargs["username"], password=kwargs["password"]
+                )
+                current_app.logger.info(
+                    f"Service user {user.id} logged in successfully using password"
+                )
                 token = self.auth_class.generate_token(user.id)
             else:
                 token = self.auth_class().get_token_from_header(request.headers)
                 user = self.auth_oid_authenticate(token=token)
-                current_app.logger.info(f"User {user.id} logged in successfully using OpenID authentication")
-            
+                current_app.logger.info(
+                    f"User {user.id} logged in successfully using OpenID authentication"
+                )
+
             response.update({"token": token, "id": user.id})
             return response, 200
         else:
@@ -147,7 +161,9 @@ class LoginBaseEndpoint(BaseMetaResource):
 
         return user
 
-    def auth_oid_authenticate(self, token: str = None, username: str = None, password: str = None):
+    def auth_oid_authenticate(
+        self, token: str = None, username: str = None, password: str = None
+    ):
         """
         Method in charge of performing the authentication using OpenID Connect tokens.
         Supports any OIDC provider configured via provider_url.
@@ -158,33 +174,22 @@ class LoginBaseEndpoint(BaseMetaResource):
         :return: the user object, or it raises an error if it has not been possible to log in
         :rtype: :class:`UserModel`
         """
-        print("[auth_oid_authenticate] Starting OpenID authentication")
         if token:
-            print("[auth_oid_authenticate] Authenticating with token")
+
             decoded_token = self.auth_class().decode_token(token)
-            print(f"[auth_oid_authenticate] Token decoded successfully: {decoded_token}")
-
-            username = decoded_token.get('username')
-            if not username:
-                print("[auth_oid_authenticate] Missing username in token claims")
-                raise InvalidCredentials(
-                    "Invalid token: missing username claim",
-                    log_txt="Token validation failed: missing username claim",
-                    status_code=400
-                )
 
-            print(f"[auth_oid_authenticate] Looking up user: {username}")
+            username = decoded_token.get("sub")
+
             user = self.data_model.get_one_object(username=username)
 
             if not user:
-                print(f"[auth_oid_authenticate] Creating new user: {username}")
                 current_app.logger.info(
                     f"OpenID user {username} does not exist and is created"
                 )
 
-                email = decoded_token.get('email', f"{username}@cornflow.org")
-                first_name = decoded_token.get('given_name', '')
-                last_name = decoded_token.get('family_name', '')
+                email = decoded_token.get("email", f"{username}@cornflow.org")
+                first_name = decoded_token.get("given_name", "")
+                last_name = decoded_token.get("family_name", "")
 
                 data = {
                     "username": username,
@@ -203,13 +208,12 @@ class LoginBaseEndpoint(BaseMetaResource):
                     }
                 )
                 user_role.save()
+                if int(current_app.config["OPEN_DEPLOYMENT"]) == 1:
+                    PermissionsDAG.add_all_permissions_to_user(user.id)
 
             return user
 
-        elif (
-            username
-            and password
-        ):
+        elif username and password:
             user = self.auth_db_authenticate(username, password)
             if user.is_service_user():
                 return user
@@ -221,17 +225,34 @@ class LoginBaseEndpoint(BaseMetaResource):
 def check_last_password_change(user):
     """
     Check if the user needs to change their password based on the password rotation time.
-    
+
     :param user: The user object to check
     :return: True if password needs to be changed, False otherwise
     :rtype: bool
     """
     if user.pwd_last_change:
-        if (
-            user.pwd_last_change
-            + timedelta(days=int(current_app.config["PWD_ROTATION_TIME"]))
-            < datetime.utcnow()
-        ):
+        # Handle the case where pwd_last_change is already a datetime object
+        if isinstance(user.pwd_last_change, datetime):
+            # If it's a naive datetime (no timezone info), make it timezone-aware
+            if user.pwd_last_change.tzinfo is None:
+                last_change = user.pwd_last_change.replace(tzinfo=timezone.utc)
+            else:
+                # Already timezone-aware
+                last_change = user.pwd_last_change
+        else:
+            # It's a timestamp (integer), convert to datetime
+            last_change = datetime.fromtimestamp(user.pwd_last_change, timezone.utc)
+
+        # Get current time with UTC timezone for proper comparison
+        current_time = datetime.now(timezone.utc)
+
+        # Calculate the expiration time based on the password rotation setting
+        expiration_time = last_change + timedelta(
+            days=int(current_app.config["PWD_ROTATION_TIME"])
+        )
+
+        # Compare the timezone-aware datetimes
+        if expiration_time < current_time:
             return True
     return False
 

cornflow/endpoints/meta_resource.py

@@ -13,6 +13,7 @@ from cornflow.shared.const import ALL_DEFAULT_ROLES
 from cornflow.shared.exceptions import InvalidUsage, ObjectDoesNotExist, NoPermission
 
 
+
 class BaseMetaResource(Resource, MethodResource):
     """
     The base resource from all methods inherit from.
@@ -175,11 +176,18 @@ class BaseMetaResource(Resource, MethodResource):
     METHODS USED FOR ACTIVATING / DISABLING RECORDS IN CASE WE DO NOT WANT TO DELETE THEM STRAIGHT AWAY
     """
 
-    def disable_detail(self):
+    def disable_detail(self, idx):
         """
-        Method not implemented yet
+        Method to DISABLE an object from the database
+
+        :param idx: the idx which identifies the object
+        :return: the object and a status code.
         """
-        raise NotImplemented
+        row = self.data_model.query.get(idx)
+        if row is None:
+            raise ObjectDoesNotExist(f"Object with id {idx} not found.")
+        row.disable()
+        return {"message": "Object marked as disabled"}, 200
 
     def activate_detail(self, **kwargs):
         """

cornflow/models/base_data_model.py

@@ -1,14 +1,13 @@
 """
 
 """
-# Import from libraries
+
 from flask import current_app
 from sqlalchemy import desc
 from sqlalchemy.dialects.postgresql import JSON
 from sqlalchemy.dialects.postgresql import TEXT
 from sqlalchemy.ext.declarative import declared_attr
 
-# Import from internal modules
 from cornflow.models.meta_models import TraceAttributesModel
 from cornflow.shared import db
 from cornflow.shared.utils import hash_json_256
@@ -39,7 +38,7 @@ class BaseDataModel(TraceAttributesModel):
 
     def __init__(self, data):
         self.user_id = data.get("user_id")
-        self.data = data.get("data") or data.get("execution_results")
+        self.data = data.get("data")
         self.data_hash = hash_json_256(self.data)
         self.name = data.get("name")
         self.description = data.get("description")
@@ -50,23 +49,16 @@ class BaseDataModel(TraceAttributesModel):
     @classmethod
     def get_all_objects(
         cls,
-        user,
         schema=None,
         creation_date_gte=None,
         creation_date_lte=None,
         deletion_date_gte=None,
         deletion_date_lte=None,
-        id=None,
         update_date_gte=None,
         update_date_lte=None,
-        user_name=None,
-        last_name=None,
-        email=None,
-        role_id=None,
-        url_rule=None,
-        description=None,
         offset=0,
         limit=10,
+        user=None,
     ):
         """
         Query to get all objects from a user
@@ -77,13 +69,6 @@ class BaseDataModel(TraceAttributesModel):
         :param string creation_date_lte: created_at needs to be smaller or equal to this
         :param string deletion_date_gte: deletion_at needs to be larger or equal to this
         :param string deletion_date_lte: deletion_at needs to be smaller or equal to this
-        :param string id: user id
-        :param string user_name: user first name
-        :param string last_name: user last name
-        :param string email: user email
-        :param int role_id: user role id
-        :param string url_rule: url_rule
-        :param string description: description
         :param string update_date_gte: update_at needs to be larger or equal to this
         :param string update_date_lte: update_at needs to be smaller or equal to this
         :param int offset: query offset for pagination
@@ -114,20 +99,7 @@ class BaseDataModel(TraceAttributesModel):
         if update_date_gte:
             query = query.filter(cls.update_at >= update_date_gte)
         if update_date_lte:
-            query = query.filter(cls.updat_at <= update_date_lte)
-        if user_name:
-            query = query.filter(cls.user_name == user_name)
-        if last_name:
-            query = query.filter(cls.last_name == last_name)
-        if email:
-            query = query.filter(cls.email == email)
-        if role_id:
-            query = query.filter(cls.role_id == role_id)
-        if url_rule:
-            query = query.filter(cls.url_rule == url_rule)
-        if description:
-            query = query.filter(cls.description == description)
-        # if airflow they also return total_entries = query.count(), for some reason
+            query = query.filter(cls.update_at <= update_date_lte)
 
         return query.order_by(desc(cls.created_at)).offset(offset).limit(limit).all()
 

cornflow/models/meta_models.py

@@ -1,13 +1,13 @@
 """
 This file contains the base abstract models from which the rest of the models inherit
 """
-# Imports from libraries
-from datetime import datetime
+
+from datetime import datetime, timezone
+from typing import Dict, List
+
 from flask import current_app
 from sqlalchemy.exc import DBAPIError, IntegrityError
-from typing import Dict, List
 
-# Imports from internal modules
 from cornflow.shared import db
 from cornflow.shared.exceptions import InvalidData
 
@@ -33,7 +33,9 @@ class EmptyBaseModel(db.Model):
 
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {self}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {self}"
+            )
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -99,7 +101,10 @@ class EmptyBaseModel(db.Model):
         action = "bulk create"
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {cls}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {cls}"
+            )
+
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -120,7 +125,10 @@ class EmptyBaseModel(db.Model):
         action = "bulk create update"
         try:
             db.session.commit()
-            current_app.logger.debug(f"Transaction type: {action}, performed correctly on {cls}")
+            current_app.logger.debug(
+                f"Transaction type: {action}, performed correctly on {cls}"
+            )
+
         except IntegrityError as err:
             db.session.rollback()
             current_app.logger.error(f"Integrity error on {action} data: {err}")
@@ -136,12 +144,7 @@ class EmptyBaseModel(db.Model):
         return instances
 
     @classmethod
-    def get_all_objects(
-        cls,
-        offset=0,
-        limit=None,
-        **kwargs
-    ):
+    def get_all_objects(cls, offset=0, limit=None, **kwargs):
         """
         Method to get all the objects from the database applying the filters passed as keyword arguments
 
@@ -154,7 +157,9 @@ class EmptyBaseModel(db.Model):
         """
         if "user" in kwargs:
             kwargs.pop("user")
-        query = cls.query.filter_by(**kwargs).offset(offset)
+        query = cls.query.filter_by(**kwargs)
+        if offset:
+            query = query.offset(offset)
         if limit:
             query = query.limit(limit)
         return query
@@ -208,8 +213,8 @@ class TraceAttributesModel(EmptyBaseModel):
     deleted_at = db.Column(db.DateTime, nullable=True)
 
     def __init__(self):
-        self.created_at = datetime.utcnow()
-        self.updated_at = datetime.utcnow()
+        self.created_at = datetime.now(timezone.utc)
+        self.updated_at = datetime.now(timezone.utc)
         self.deleted_at = None
 
     def update(self, data):
@@ -220,11 +225,11 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         super().update(data)
 
     def pre_update(self, data):
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         super().pre_update(data)
 
     def disable(self):
@@ -234,7 +239,7 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.deleted_at = datetime.utcnow()
+        self.deleted_at = datetime.now(timezone.utc)
         db.session.add(self)
         self.commit_changes("disabling")
 
@@ -245,7 +250,7 @@ class TraceAttributesModel(EmptyBaseModel):
         :return: None
         :rtype: None
         """
-        self.updated_at = datetime.utcnow()
+        self.updated_at = datetime.now(timezone.utc)
         self.deleted_at = None
         db.session.add(self)
         self.commit_changes("activating")
@@ -261,7 +266,7 @@ class TraceAttributesModel(EmptyBaseModel):
         update_date_lte=None,
         offset=0,
         limit=None,
-        **kwargs
+        **kwargs,
     ):
         """
         Method to get all the objects from the database applying the filters passed as keyword arguments
@@ -300,7 +305,8 @@ class TraceAttributesModel(EmptyBaseModel):
         if creation_date_lte:
             query = query.filter(cls.created_at <= creation_date_lte)
 
-        query = query.offset(offset)
+        if offset:
+            query = query.offset(offset)
         if limit:
             query = query.limit(limit)
         return query