cornflow 1.2.0a3__py3-none-any.whl → 1.2.2__py3-none-any.whl

cornflow/endpoints/execution.py

@@ -24,11 +24,14 @@ from cornflow.schemas.execution import (
     ExecutionEditRequest,
     QueryFiltersExecution,
     ReLaunchExecutionRequest,
-    ExecutionDetailsWithIndicatorsAndLogResponse
+    ExecutionDetailsWithIndicatorsAndLogResponse,
 )
 from cornflow.shared.authentication import Auth, authenticate
 from cornflow.shared.compress import compressed
 from cornflow.shared.const import (
+    AIRFLOW_ERROR_MSG,
+    AIRFLOW_NOT_REACHABLE_MSG,
+    DAG_PAUSED_MSG,
     EXEC_STATE_RUNNING,
     EXEC_STATE_ERROR,
     EXEC_STATE_ERROR_START,
@@ -100,8 +103,8 @@ class ExecutionEndpoint(BaseMetaResource):
             af_client = Airflow.from_config(current_app.config)
             if not af_client.is_alive():
                 current_app.logger.warning(
-                    "Error while the app tried to update the status of all running executions."
-                    "Airflow is not accessible."
+                    f"Error while the app tried to update the status of all running executions."
+                    f"{AIRFLOW_NOT_REACHABLE_MSG}"
                 )
                 continue
 
@@ -112,7 +115,7 @@ class ExecutionEndpoint(BaseMetaResource):
             except AirflowError as err:
                 current_app.logger.warning(
                     "Error while the app tried to update the status of all running executions."
-                    f"Airflow responded with an error: {err}"
+                    f"{AIRFLOW_ERROR_MSG} {err}"
                 )
                 continue
 
@@ -137,18 +140,21 @@ class ExecutionEndpoint(BaseMetaResource):
           the reference_id for the newly created execution if successful) and a integer wit the HTTP status code
         :rtype: Tuple(dict, integer)
         """
-        # TODO: should validation should be done even if the execution is not going to be run?
-        # TODO: should the schema field be cross validated with the instance schema field?
+
         config = current_app.config
 
         if "schema" not in kwargs:
             kwargs["schema"] = "solve_model_dag"
 
-        execution, status_code = self.post_list(data=kwargs)
+        execution, _ = self.post_list(data=kwargs)
         instance = InstanceModel.get_one_object(
             user=self.get_user(), idx=execution.instance_id
         )
 
+        if execution.schema != instance.schema:
+            execution.delete()
+            raise InvalidData(error="Instance and execution schema mismatch")
+
         current_app.logger.debug(f"The request is: {request.args.get('run')}")
         # this allows testing without airflow interaction:
         if request.args.get("run", "1") == "0":
@@ -161,17 +167,17 @@ class ExecutionEndpoint(BaseMetaResource):
         # We now try to launch the task in airflow
         af_client = Airflow.from_config(config)
         if not af_client.is_alive():
-            err = "Airflow is not accessible"
-            current_app.logger.error(err)
+
+            current_app.logger.error(AIRFLOW_NOT_REACHABLE_MSG)
             execution.update_state(EXEC_STATE_ERROR_START)
             raise AirflowError(
-                error=err,
+                error=AIRFLOW_NOT_REACHABLE_MSG,
                 payload=dict(
                     message=EXECUTION_STATE_MESSAGE_DICT[EXEC_STATE_ERROR_START],
                     state=EXEC_STATE_ERROR_START,
                 ),
                 log_txt=f"Error while user {self.get_user()} tries to create an execution "
-                + err,
+                + AIRFLOW_NOT_REACHABLE_MSG,
             )
         # ask airflow if dag_name exists
         schema = execution.schema
@@ -231,23 +237,23 @@ class ExecutionEndpoint(BaseMetaResource):
 
         info = schema_info.json()
         if info["is_paused"]:
-            err = "The dag exists but it is paused in airflow"
-            current_app.logger.error(err)
+
+            current_app.logger.error(DAG_PAUSED_MSG)
             execution.update_state(EXEC_STATE_ERROR_START)
             raise AirflowError(
-                error=err,
+                error=DAG_PAUSED_MSG,
                 payload=dict(
                     message=EXECUTION_STATE_MESSAGE_DICT[EXEC_STATE_ERROR_START],
                     state=EXEC_STATE_ERROR_START,
                 ),
                 log_txt=f"Error while user {self.get_user()} tries to create an execution. "
-                + err,
+                + DAG_PAUSED_MSG,
             )
 
         try:
             response = af_client.run_dag(execution.id, dag_name=schema)
         except AirflowError as err:
-            error = "Airflow responded with an error: {}".format(err)
+            error = f"{AIRFLOW_ERROR_MSG} {err}"
             current_app.logger.error(error)
             execution.update_state(EXEC_STATE_ERROR)
             raise AirflowError(
@@ -339,17 +345,17 @@ class ExecutionRelaunchEndpoint(BaseMetaResource):
         # We now try to launch the task in airflow
         af_client = Airflow.from_config(config)
         if not af_client.is_alive():
-            err = "Airflow is not accessible"
-            current_app.logger.error(err)
+
+            current_app.logger.error(AIRFLOW_NOT_REACHABLE_MSG)
             execution.update_state(EXEC_STATE_ERROR_START)
             raise AirflowError(
-                error=err,
+                error=AIRFLOW_NOT_REACHABLE_MSG,
                 payload=dict(
                     message=EXECUTION_STATE_MESSAGE_DICT[EXEC_STATE_ERROR_START],
                     state=EXEC_STATE_ERROR_START,
                 ),
                 log_txt=f"Error while user {self.get_user()} tries to relaunch execution {idx}. "
-                + err,
+                + AIRFLOW_NOT_REACHABLE_MSG,
             )
         # ask airflow if dag_name exists
         schema = execution.schema
@@ -357,23 +363,23 @@ class ExecutionRelaunchEndpoint(BaseMetaResource):
 
         info = schema_info.json()
         if info["is_paused"]:
-            err = "The dag exists but it is paused in airflow"
-            current_app.logger.error(err)
+
+            current_app.logger.error(DAG_PAUSED_MSG)
             execution.update_state(EXEC_STATE_ERROR_START)
             raise AirflowError(
-                error=err,
+                error=DAG_PAUSED_MSG,
                 payload=dict(
                     message=EXECUTION_STATE_MESSAGE_DICT[EXEC_STATE_ERROR_START],
                     state=EXEC_STATE_ERROR_START,
                 ),
                 log_txt=f"Error while user {self.get_user()} tries to relaunch execution {idx}. "
-                + err,
+                + DAG_PAUSED_MSG,
             )
 
         try:
             response = af_client.run_dag(execution.id, dag_name=schema)
         except AirflowError as err:
-            error = "Airflow responded with an error: {}".format(err)
+            error = f"{AIRFLOW_ERROR_MSG} {err}"
             current_app.logger.error(error)
             execution.update_state(EXEC_STATE_ERROR)
             raise AirflowError(
@@ -490,13 +496,13 @@ class ExecutionDetailsEndpoint(ExecutionDetailsEndpointBase):
             )
         af_client = Airflow.from_config(current_app.config)
         if not af_client.is_alive():
-            err = "Airflow is not accessible"
+
             raise AirflowError(
-                error=err,
+                error=AIRFLOW_NOT_REACHABLE_MSG,
                 log_txt=f"Error while user {self.get_user()} tries to stop execution {idx}. "
-                + err,
+                + AIRFLOW_NOT_REACHABLE_MSG,
             )
-        response = af_client.set_dag_run_to_fail(
+        af_client.set_dag_run_to_fail(
             dag_name=execution.schema, dag_run_id=execution.dag_run_id
         )
         execution.update_state(EXEC_STATE_STOPPED)
@@ -563,21 +569,21 @@ class ExecutionStatusEndpoint(BaseMetaResource):
 
         af_client = Airflow.from_config(current_app.config)
         if not af_client.is_alive():
-            err = "Airflow is not accessible"
+
             _raise_af_error(
                 execution,
-                err,
+                AIRFLOW_NOT_REACHABLE_MSG,
                 log_txt=f"Error while user {self.get_user()} tries to get the status of execution {idx}. "
-                + err,
+                + AIRFLOW_NOT_REACHABLE_MSG,
             )
 
         try:
-            # TODO: get the dag_name from somewhere!
+
             response = af_client.get_dag_run_status(
                 dag_name=execution.schema, dag_run_id=dag_run_id
             )
         except AirflowError as err:
-            error = f"Airflow responded with an error: {err}"
+            error = f"{AIRFLOW_ERROR_MSG} {err}"
             _raise_af_error(
                 execution,
                 error,

cornflow/endpoints/health.py

@@ -4,16 +4,15 @@ It performs a health check to airflow and a health check to cornflow database
 """
 import os
 
-# Import from libraries
-from cornflow_client.airflow.api import Airflow
-from flask import current_app
-from flask_apispec import marshal_with, doc
-
 # Import from internal modules
 from cornflow.endpoints.meta_resource import BaseMetaResource
 from cornflow.models import UserModel
 from cornflow.schemas.health import HealthResponse
-from cornflow.shared.const import STATUS_HEALTHY, STATUS_UNHEALTHY
+from cornflow.shared.const import STATUS_HEALTHY, STATUS_UNHEALTHY, CORNFLOW_VERSION
+# Import from libraries
+from cornflow_client.airflow.api import Airflow
+from flask import current_app
+from flask_apispec import marshal_with, doc
 
 
 class HealthEndpoint(BaseMetaResource):
@@ -30,6 +29,7 @@ class HealthEndpoint(BaseMetaResource):
         af_client = Airflow.from_config(current_app.config)
         airflow_status = STATUS_UNHEALTHY
         cornflow_status = STATUS_UNHEALTHY
+        cornflow_version = CORNFLOW_VERSION
         if af_client.is_alive():
             airflow_status = STATUS_HEALTHY
 
@@ -42,4 +42,4 @@ class HealthEndpoint(BaseMetaResource):
         current_app.logger.info(
             f"Health check: cornflow {cornflow_status}, airflow {airflow_status}"
         )
-        return {"cornflow_status": cornflow_status, "airflow_status": airflow_status}
+        return {"cornflow_status": cornflow_status, "airflow_status": airflow_status, "cornflow_version":cornflow_version}

cornflow/endpoints/instance.py

@@ -34,7 +34,6 @@ from cornflow.shared.exceptions import InvalidUsage, InvalidData
 from cornflow.shared.validators import json_schema_validate_as_string
 
 
-
 # Initialize the schema that all endpoints are going to use
 ALLOWED_EXTENSIONS = {"mps", "lp"}
 
@@ -92,14 +91,18 @@ class InstanceEndpoint(BaseMetaResource):
         # We validate the instance data
         config = current_app.config
 
-        instance_schema = DeployedDAG.get_one_schema(config, data_schema, INSTANCE_SCHEMA)
-        instance_errors = json_schema_validate_as_string(instance_schema, kwargs["data"])
+        instance_schema = DeployedDAG.get_one_schema(
+            config, data_schema, INSTANCE_SCHEMA
+        )
+        instance_errors = json_schema_validate_as_string(
+            instance_schema, kwargs["data"]
+        )
 
         if instance_errors:
             raise InvalidData(
                 payload=dict(jsonschema_errors=instance_errors),
                 log_txt=f"Error while user {self.get_user()} tries to create an instance. "
-                        f"Instance data do not match the jsonschema.",
+                f"Instance data do not match the jsonschema.",
             )
 
         # if we're here, we validated and the data seems to fit the schema
@@ -163,14 +166,18 @@ class InstanceDetailsEndpoint(InstanceDetailsEndpointBase):
 
             config = current_app.config
 
-            instance_schema = DeployedDAG.get_one_schema(config, schema, INSTANCE_SCHEMA)
-            instance_errors = json_schema_validate_as_string(instance_schema, kwargs["data"])
+            instance_schema = DeployedDAG.get_one_schema(
+                config, schema, INSTANCE_SCHEMA
+            )
+            instance_errors = json_schema_validate_as_string(
+                instance_schema, kwargs["data"]
+            )
 
             if instance_errors:
                 raise InvalidData(
                     payload=dict(jsonschema_errors=instance_errors),
                     log_txt=f"Error while user {self.get_user()} tries to create an instance. "
-                            f"Instance data do not match the jsonschema.",
+                    f"Instance data do not match the jsonschema.",
                 )
 
         response = self.put_detail(data=kwargs, user=self.get_user(), idx=idx)
@@ -268,15 +275,35 @@ class InstanceFileEndpoint(BaseMetaResource):
         sense = 1 if minimize else -1
         try:
             _vars, problem = pulp.LpProblem.fromMPS(filename, sense=sense)
-        except:
+        except FileNotFoundError as e:
+            # Handle file not found specifically
             raise InvalidUsage(
-                error="There was an error reading the file",
-                log_txt=f"Error while user {self.get_user()} tries to create instance from mps file. "
-                f"There was an error reading the file.",
+                error=f"MPS file not found: {filename}",
+                log_txt=f"Error for user {self.get_user()}: MPS file '{filename}' not found. Details: {e}",
+                status_code=404,
+            ) from e
+        except PermissionError as e:
+            # Handle permission issues
+            raise InvalidUsage(
+                error=f"Permission denied reading MPS file: {filename}",
+                log_txt=f"Error for user {self.get_user()}: Permission denied for MPS file '{filename}'. Details: {e}",
+                status_code=403,
+            ) from e
+        except (ValueError, pulp.PulpError, OSError, IndexError) as e:
+            # Catch parsing errors, PuLP errors, and other IO errors
+            # Handle parsing, PuLP, or other OS errors
+            current_app.logger.error(
+                f"Error parsing MPS file {filename} for user {self.get_user()}: {e}",
+                exc_info=True,
             )
+            raise InvalidUsage(
+                error="Error reading or parsing the MPS file.",
+                log_txt=f"Error while user {self.get_user()} tries to create instance from MPS file {filename}. Details: {e}",
+            ) from e
+
         try:
             os.remove(filename)
-        except:
+        except FileNotFoundError:
             pass
 
         pb_data = dict(

cornflow/endpoints/meta_resource.py

@@ -1,6 +1,7 @@
 """
 This file has all the logic shared for all the resources
 """
+
 # Import from external libraries
 from flask_restful import Resource
 from flask import g, request
@@ -13,7 +14,6 @@ from cornflow.shared.const import ALL_DEFAULT_ROLES
 from cornflow.shared.exceptions import InvalidUsage, ObjectDoesNotExist, NoPermission
 
 
-
 class BaseMetaResource(Resource, MethodResource):
     """
     The base resource from all methods inherit from.
@@ -30,7 +30,6 @@ class BaseMetaResource(Resource, MethodResource):
         self.auth_class = None
         self.dependents = None
         self.unique = None
-        pass
 
     """
     METHODS USED FOR THE BASIC CRUD OPERATIONS: GET, POST, PUT, PATCH, DELETE 
@@ -121,7 +120,7 @@ class BaseMetaResource(Resource, MethodResource):
         """
         item = self.data_model.get_one_object(**kwargs)
         if item is None:
-            raise ObjectDoesNotExist("The data entity does not exist on the database")
+            raise ObjectDoesNotExist()
 
         data = dict(data)
 
@@ -144,7 +143,7 @@ class BaseMetaResource(Resource, MethodResource):
         item = self.data_model.get_one_object(**kwargs)
 
         if item is None:
-            raise ObjectDoesNotExist("The data entity does not exist on the database")
+            raise ObjectDoesNotExist()
 
         data = dict(data)
 
@@ -164,7 +163,7 @@ class BaseMetaResource(Resource, MethodResource):
         """
         item = self.data_model.get_one_object(**kwargs)
         if item is None:
-            raise ObjectDoesNotExist("The data entity does not exist on the database")
+            raise ObjectDoesNotExist()
         if self.dependents is not None:
             for element in getattr(item, self.dependents):
                 element.delete()

cornflow/schemas/execution.py

@@ -95,7 +95,7 @@ class ExecutionDagPostRequest(ExecutionRequest, ExecutionDagRequest):
 
 
 class ExecutionDetailsEndpointResponse(BaseDataEndpointResponse):
-    config = fields.Nested(ConfigSchemaResponse)
+    config = fields.Raw()
     instance_id = fields.Str()
     state = fields.Int()
     message = fields.Str(attribute="state_message")
@@ -112,6 +112,14 @@ class ExecutionDetailsEndpointWithIndicatorsResponse(ExecutionDetailsEndpointRes
         return indicators_string[1:-1]
 
     indicators = fields.Method("get_indicators")
+    updated_at = fields.DateTime(dump_only=True)
+
+    def get_username(self, obj):
+        if hasattr(obj, "user") and obj.user is not None:
+            return obj.user.username
+        return None
+
+    username = fields.Method("get_username")
 
 
 class ExecutionDetailsWithIndicatorsAndLogResponse(

cornflow/schemas/health.py

@@ -5,3 +5,4 @@ class HealthResponse(Schema):
 
     cornflow_status = fields.Str()
     airflow_status = fields.Str()
+    cornflow_version = fields.Str()

cornflow/shared/authentication/auth.py

@@ -2,15 +2,16 @@
 This file contains the auth class that can be used for authentication on the request to the REST API
 """
 
-# Imports from external libraries
-import jwt
-import requests
-from jwt.algorithms import RSAAlgorithm
 from datetime import datetime, timedelta, timezone
-from flask import request, g, current_app, Request
 from functools import wraps
 from typing import Tuple
+
+# Imports from external libraries
+import jwt
+import requests
 from cachetools import TTLCache
+from flask import request, g, current_app, Request
+from jwt.algorithms import RSAAlgorithm
 from werkzeug.datastructures import Headers
 
 # Imports from internal modules
@@ -31,7 +32,6 @@ from cornflow.shared.exceptions import (
     InvalidData,
     InvalidUsage,
     NoPermission,
-    ObjectDoesNotExist,
 )
 
 # Cache for storing public keys with 1 hour TTL
@@ -122,15 +122,13 @@ class Auth:
     def decode_token(token: str = None) -> dict:
         """
         Decodes a given JSON Web token and extracts the username from the sub claim.
-        Works with both internal tokens and OpenID tokens.
+        Works with both internal tokens and OpenID tokens by attempting verification methods sequentially.
 
         :param str token: the given JSON Web Token
         :return: dictionary containing the username from the token's sub claim
         :rtype: dict
         """
-
         if token is None:
-
             raise InvalidCredentials(
                 "Must provide a token in Authorization header",
                 log_txt="Error while trying to decode token. Token is missing.",
@@ -138,48 +136,81 @@ class Auth:
             )
 
         try:
-            # First try to decode header to validate basic token structure
-
-            unverified_payload = jwt.decode(token, options={"verify_signature": False})
-            issuer = unverified_payload.get("iss")
-
-            # For internal tokens
-            if issuer == INTERNAL_TOKEN_ISSUER:
-
-                return jwt.decode(
-                    token, current_app.config["SECRET_TOKEN_KEY"], algorithms="HS256"
-                )
-
-            # For OpenID tokens
-            if current_app.config["AUTH_TYPE"] == AUTH_OID:
-
-                return Auth().verify_token(
-                    token,
-                    current_app.config["OID_PROVIDER"],
-                    current_app.config["OID_EXPECTED_AUDIENCE"],
-                )
-
-            # If we get here, the issuer is not valid
-
-            raise InvalidCredentials(
-                "Invalid token issuer. Token must be issued by a valid provider",
-                log_txt="Error while trying to decode token. Invalid issuer.",
-                status_code=400,
+            # Attempt 1: Verify as an internal token (HS256)
+            payload = jwt.decode(
+                token, current_app.config["SECRET_TOKEN_KEY"], algorithms=["HS256"]
             )
+            if payload.get("iss") != INTERNAL_TOKEN_ISSUER:
+                raise jwt.InvalidIssuerError(
+                    "Internal token issuer mismatch after verification"
+                )
+            return payload
 
         except jwt.ExpiredSignatureError:
-
+            # Handle expiration specifically, could apply to either token type if caught here first
             raise InvalidCredentials(
                 "The token has expired, please login again",
                 log_txt="Error while trying to decode token. The token has expired.",
                 status_code=400,
             )
-        except jwt.InvalidTokenError as e:
-
+        except (
+            jwt.InvalidSignatureError,
+            jwt.DecodeError,
+            jwt.InvalidTokenError,
+        ) as e_internal:
+            # Internal verification failed (signature, format, etc.). Try OIDC if configured.
+            if current_app.config["AUTH_TYPE"] == AUTH_OID:
+                try:
+                    # Attempt 2: Verify as an OIDC token (RS256) using the dedicated method
+                    return Auth().verify_token(
+                        token,
+                        current_app.config["OID_PROVIDER"],
+                        current_app.config["OID_EXPECTED_AUDIENCE"],
+                    )
+                except jwt.ExpiredSignatureError:
+                    # OIDC token expired
+                    raise InvalidCredentials(
+                        "The token has expired, please login again",
+                        log_txt="Error while trying to decode OIDC token. The token has expired.",
+                        status_code=400,
+                    )
+                except (
+                    jwt.InvalidTokenError,
+                    InvalidCredentials,
+                    CommunicationError,
+                ) as e_oidc:
+                    # OIDC verification failed (JWT format, signature, kid, audience, issuer, comms error)
+                    # Log details for debugging but return a generic error to the client.
+                    log_message = (
+                        f"Error decoding token. Internal verification failed ({type(e_internal).__name__}). "
+                        f"OIDC verification failed ({type(e_oidc).__name__}: {str(e_oidc)})."
+                    )
+                    current_app.logger.warning(log_message)
+                    raise InvalidCredentials(
+                        "Invalid token format, signature, or configuration",
+                        log_txt=log_message,
+                        status_code=400,
+                    )
+            else:
+                # Internal verification failed, and OIDC is not configured
+                log_message = (
+                    f"Error decoding token. Internal verification failed ({type(e_internal).__name__}). "
+                    f"OIDC is not configured."
+                )
+                current_app.logger.warning(log_message)
+                raise InvalidCredentials(
+                    "Invalid token format or signature",
+                    log_txt=log_message,
+                    status_code=400,
+                )
+        except Exception as e:
+            # Catch any other unexpected errors during the process
+            log_message = f"Unexpected error during token decoding: {str(e)}"
+            current_app.logger.error(log_message)
             raise InvalidCredentials(
-                "Invalid token format or signature",
-                log_txt=f"Error while trying to decode token. The token format is invalid: {str(e)}",
-                status_code=400,
+                "Could not decode or verify token due to an unexpected server error",
+                log_txt=log_message,
+                status_code=500,
             )
 
     def get_token_from_header(self, headers: Headers = None) -> str:

cornflow/shared/const.py

@@ -1,7 +1,7 @@
 """
 In this file we import the values for different constants on cornflow server
 """
-
+CORNFLOW_VERSION = "1.2.2"
 INTERNAL_TOKEN_ISSUER = "cornflow"
 
 # endpoints responses for health check
@@ -112,3 +112,12 @@ BASE_PERMISSION_ASSIGNATION = [
 EXTRA_PERMISSION_ASSIGNATION = [
     (VIEWER_ROLE, PUT_ACTION, "user-detail"),
 ]
+
+# migrations constants
+MIGRATIONS_DEFAULT_PATH = "./cornflow/migrations"
+
+# Costants for messages that are given back on exceptions
+AIRFLOW_NOT_REACHABLE_MSG = "Airflow is not reachable"
+DAG_PAUSED_MSG = "The dag exists but it is paused in airflow"
+AIRFLOW_ERROR_MSG = "Airflow responded with an error:"
+DATA_DOES_NOT_EXIST_MSG = "The data entity does not exist on the database"

cornflow/shared/exceptions.py

@@ -9,6 +9,8 @@ from cornflow_client.constants import AirflowError
 from werkzeug.exceptions import HTTPException
 import traceback
 
+from cornflow.shared.const import DATA_DOES_NOT_EXIST_MSG
+
 
 class InvalidUsage(Exception):
     """
@@ -48,7 +50,7 @@ class ObjectDoesNotExist(InvalidUsage):
     """
 
     status_code = 404
-    error = "The object does not exist"
+    error = DATA_DOES_NOT_EXIST_MSG
 
 
 class ObjectAlreadyExists(InvalidUsage):