cornflow 1.2.3a3__py3-none-any.whl → 1.2.3a4__py3-none-any.whl

cornflow/tests/unit/test_external_role_creation.py

@@ -0,0 +1,539 @@
+import unittest
+import os
+import json
+from unittest.mock import patch, MagicMock
+from cornflow.shared import db
+from cornflow.tests.custom_test_case import CustomTestCase
+from cornflow.models import ViewModel
+from cornflow.commands.access import access_init_command
+from cornflow.shared.const import (
+    VIEWER_ROLE,
+    PLANNER_ROLE,
+    POST_ACTION,
+    PATCH_ACTION,
+    DELETE_ACTION,
+    GET_ACTION,
+)
+
+
+class ExternalRoleCreationTestCase(CustomTestCase):
+    """
+    Test cases for external app custom role creation and removal functionality
+    """
+
+    def _load_expected_permissions(self, test_name):
+        """Helper method to load expected permissions from JSON file"""
+        test_data_path = os.path.join(
+            os.path.dirname(__file__), "..", "data", "expected_permissions.json"
+        )
+        with open(test_data_path, "r") as f:
+            data = json.load(f)
+        return [
+            (role_id, action_id, endpoint_name)
+            for role_id, action_id, endpoint_name in data[test_name]
+        ]
+
+    def _create_mock_external_app_resources(self):
+        """Helper method to create mock external app resources"""
+        # Create mock endpoint classes for external app
+        mock_production_endpoint = MagicMock()
+        mock_production_endpoint.ROLES_WITH_ACCESS = [
+            888,
+            PLANNER_ROLE,
+        ]  # Custom role + standard role
+        mock_production_endpoint.DESCRIPTION = "Production planning endpoint"
+
+        mock_quality_endpoint = MagicMock()
+        mock_quality_endpoint.ROLES_WITH_ACCESS = [
+            777,
+            VIEWER_ROLE,
+        ]  # Custom role + standard role
+        mock_quality_endpoint.DESCRIPTION = "Quality control endpoint"
+
+        mock_scheduling_endpoint = MagicMock()
+        mock_scheduling_endpoint.ROLES_WITH_ACCESS = [
+            888,
+            777,
+            PLANNER_ROLE,
+        ]  # Multiple custom roles
+        mock_scheduling_endpoint.DESCRIPTION = "Scheduling optimizer endpoint"
+
+        # Create mock resources structure for external app endpoints
+        mock_resources = [
+            {
+                "endpoint": "production_planning",  # External app endpoint
+                "urls": "/production-planning/",
+                "resource": mock_production_endpoint,
+            },
+            {
+                "endpoint": "quality_control",  # External app endpoint
+                "urls": "/quality-control/",
+                "resource": mock_quality_endpoint,
+            },
+            {
+                "endpoint": "scheduling_optimizer",  # External app endpoint
+                "urls": "/scheduling/",
+                "resource": mock_scheduling_endpoint,
+            },
+        ]
+
+        return mock_resources
+
+    @patch("cornflow.commands.auxiliar.import_module")
+    @patch("cornflow.commands.views.import_module")
+    @patch.dict(
+        os.environ, {"EXTERNAL_APP": "1", "EXTERNAL_APP_MODULE": "external_test_app"}
+    )
+    def test_custom_role_creation_removal(
+        self, mock_import_views, mock_import_auxiliar
+    ):
+        """
+        Test that custom roles (like role 888) are properly created and removed
+        when external app is configured with EXTRA_PERMISSION_ASSIGNATION
+        """
+        # Mock external app configuration
+        mock_external_app = MagicMock()
+
+        # Mock the shared.const module
+        mock_shared = MagicMock()
+        mock_const = MagicMock()
+        mock_const.EXTRA_PERMISSION_ASSIGNATION = [
+            # Try adding an existing permission and it works
+            (888, GET_ACTION, "production_planning"),
+            # Try adding additional permission
+            (888, POST_ACTION, "production_planning"),
+            (777, PATCH_ACTION, "quality_control"),
+            (VIEWER_ROLE, POST_ACTION, "scheduling_optimizer"),
+            (PLANNER_ROLE, DELETE_ACTION, "quality_control"),
+        ]
+        mock_shared.const = mock_const
+        mock_external_app.shared = mock_shared
+
+        # Mock the endpoints.resources with fake external app endpoints
+        mock_endpoints = MagicMock()
+        mock_endpoints.resources = self._create_mock_external_app_resources()
+        mock_external_app.endpoints = mock_endpoints
+
+        mock_import_views.return_value = mock_external_app
+        mock_import_auxiliar.return_value = mock_external_app
+
+        # Run the permissions registration
+        from cornflow.commands.access import access_init_command
+
+        # Mock the database session for testing
+        with patch.object(db.session, "commit"):
+            with patch.object(db.session, "rollback"):
+                # Run the complete access initialization
+                access_init_command(verbose=True)
+
+                # Verify that custom permissions were created for the external roles
+                from cornflow.models import PermissionViewRoleModel
+
+                # Get all permissions for external app endpoints
+                all_permissions = PermissionViewRoleModel.query.all()
+                external_permissions = [
+                    perm
+                    for perm in all_permissions
+                    if perm.api_view.name
+                    in [
+                        "production_planning",
+                        "quality_control",
+                        "scheduling_optimizer",
+                    ]
+                ]
+
+                # Load expected permissions from JSON file
+                expected_permissions = self._load_expected_permissions(
+                    "test_custom_role_creation_removal"
+                )
+
+                # Verify each expected permission exists
+                for role_id, action_id, endpoint_name in expected_permissions:
+                    permission_exists = any(
+                        p.role_id == role_id
+                        and p.action_id == action_id
+                        and p.api_view.name == endpoint_name
+                        for p in external_permissions
+                    )
+                    self.assertTrue(
+                        permission_exists,
+                        f"Expected permission not found: role_id={role_id}, action_id={action_id}, endpoint={endpoint_name}",
+                    )
+
+                # Verify we don't have unexpected permissions
+                actual_permission_tuples = {
+                    (p.role_id, p.action_id, p.api_view.name)
+                    for p in external_permissions
+                }
+                expected_permission_tuples = set(expected_permissions)
+
+                unexpected_permissions = (
+                    actual_permission_tuples - expected_permission_tuples
+                )
+                self.assertEqual(
+                    len(unexpected_permissions),
+                    0,
+                    f"Found unexpected permissions: {unexpected_permissions}",
+                )
+
+                missing_permissions = (
+                    expected_permission_tuples - actual_permission_tuples
+                )
+                self.assertEqual(
+                    len(missing_permissions),
+                    0,
+                    f"Missing expected permissions: {missing_permissions}",
+                )
+
+    @patch("cornflow.commands.auxiliar.import_module")
+    @patch("cornflow.commands.views.import_module")
+    @patch.dict(
+        os.environ, {"EXTERNAL_APP": "1", "EXTERNAL_APP_MODULE": "external_test_app"}
+    )
+    def test_role_removal_when_not_in_config(
+        self, mock_import_views, mock_import_auxiliar
+    ):
+        """
+        Test that roles are properly removed when they're no longer in EXTRA_PERMISSION_ASSIGNATION
+        """
+        # First, create roles with permissions
+        mock_external_app = MagicMock()
+
+        # Mock the shared.const module
+        mock_shared = MagicMock()
+        mock_const = MagicMock()
+        mock_const.EXTRA_PERMISSION_ASSIGNATION = [
+            (10000, POST_ACTION, "production_planning"),
+            (999, PATCH_ACTION, "quality_control"),
+        ]
+        mock_shared.const = mock_const
+        mock_external_app.shared = mock_shared
+
+        # Mock the endpoints.resources
+        mock_endpoints = MagicMock()
+        mock_endpoints.resources = self._create_mock_external_app_resources()
+        mock_external_app.endpoints = mock_endpoints
+
+        mock_import_views.return_value = mock_external_app
+        mock_import_auxiliar.return_value = mock_external_app
+
+        # Create initial roles
+        access_init_command(verbose=True)
+
+        # Now update config to remove role 777
+        mock_const.EXTRA_PERMISSION_ASSIGNATION = [
+            (10000, POST_ACTION, "production_planning"),
+        ]
+
+        # Re-run permissions registration
+        access_init_command(verbose=True)
+
+        # Verify role 888 still has permissions but 777 does not
+        from cornflow.models import PermissionViewRoleModel
+
+        permissions_10000 = PermissionViewRoleModel.query.filter_by(role_id=10000).all()
+        permissions_999 = PermissionViewRoleModel.query.filter_by(role_id=999).all()
+
+        self.assertTrue(len(permissions_10000) > 0)
+        self.assertEqual(len(permissions_999), 0)
+
+    def test_fallback_when_no_external_config(self):
+        """
+        Test that the system falls back gracefully when EXTRA_PERMISSION_ASSIGNATION is not available
+        """
+        # Should not raise any exceptions
+        try:
+            access_init_command(verbose=True)
+        except Exception as e:
+            self.fail(f"access_init_command raised an exception: {e}")
+
+    @patch("cornflow.commands.auxiliar.import_module")
+    @patch("cornflow.commands.views.import_module")
+    @patch.dict(
+        os.environ, {"EXTERNAL_APP": "1", "EXTERNAL_APP_MODULE": "external_test_app"}
+    )
+    def test_external_app_missing_extra_permissions(
+        self, mock_import_views, mock_import_auxiliar
+    ):
+        """
+        Test graceful handling when external app doesn't have EXTRA_PERMISSION_ASSIGNATION
+        """
+        # Mock external app without EXTRA_PERMISSION_ASSIGNATION
+        mock_external_app = MagicMock()
+
+        # Mock the shared module but without const.EXTRA_PERMISSION_ASSIGNATION
+        mock_shared = MagicMock()
+        mock_const = MagicMock()
+        # Don't set EXTRA_PERMISSION_ASSIGNATION to trigger AttributeError
+        del mock_const.EXTRA_PERMISSION_ASSIGNATION
+        mock_shared.const = mock_const
+        mock_external_app.shared = mock_shared
+
+        # Mock the endpoints.resources
+        mock_endpoints = MagicMock()
+        mock_endpoints.resources = self._create_mock_external_app_resources()
+        mock_external_app.endpoints = mock_endpoints
+
+        mock_import_views.return_value = mock_external_app
+        mock_import_auxiliar.return_value = mock_external_app
+
+        # Should not raise any exceptions, should fall back gracefully
+        try:
+            access_init_command(verbose=True)
+        except Exception as e:
+            self.fail(f"access_init_command raised an exception: {e}")
+
+    @patch("cornflow.commands.auxiliar.import_module")
+    @patch("cornflow.commands.views.import_module")
+    @patch.dict(
+        os.environ, {"EXTERNAL_APP": "1", "EXTERNAL_APP_MODULE": "external_test_app"}
+    )
+    def test_standard_role_extended_permissions(
+        self, mock_import_views, mock_import_auxiliar
+    ):
+        """
+        Test that standard roles (like VIEWER_ROLE) can get extended permissions from external app
+        """
+        # Mock external app configuration with extended permissions for existing roles
+        mock_external_app = MagicMock()
+
+        # Mock the shared.const module
+        mock_shared = MagicMock()
+        mock_const = MagicMock()
+        mock_const.EXTRA_PERMISSION_ASSIGNATION = [
+            (VIEWER_ROLE, POST_ACTION, "production_planning"),  # Extend standard role
+            (PLANNER_ROLE, DELETE_ACTION, "quality_control"),  # Extend standard role
+        ]
+        mock_shared.const = mock_const
+        mock_external_app.shared = mock_shared
+
+        # Mock the endpoints.resources
+        mock_endpoints = MagicMock()
+        mock_endpoints.resources = self._create_mock_external_app_resources()
+        mock_external_app.endpoints = mock_endpoints
+
+        mock_import_views.return_value = mock_external_app
+        mock_import_auxiliar.return_value = mock_external_app
+
+        # Mock the database session for testing
+        with patch.object(db.session, "commit"):
+            with patch.object(db.session, "rollback"):
+                # Run the complete access initialization
+                access_init_command(verbose=True)
+
+                # Verify that existing roles got the additional permissions
+                from cornflow.models import PermissionViewRoleModel
+
+                # Check that VIEWER_ROLE has additional permissions
+                viewer_permissions = PermissionViewRoleModel.query.filter_by(
+                    role_id=VIEWER_ROLE
+                ).all()
+                self.assertTrue(len(viewer_permissions) > 0)
+
+                # Check that PLANNER_ROLE has additional permissions
+                planner_permissions = PermissionViewRoleModel.query.filter_by(
+                    role_id=PLANNER_ROLE
+                ).all()
+                self.assertTrue(len(planner_permissions) > 0)
+
+    @patch("cornflow.commands.auxiliar.import_module")
+    @patch("cornflow.commands.views.import_module")
+    @patch.dict(
+        os.environ, {"EXTERNAL_APP": "1", "EXTERNAL_APP_MODULE": "external_test_app"}
+    )
+    def test_view_update_and_deletion(self, mock_import_views, mock_import_auxiliar):
+        """
+        Test that views are updated when URLs change and deleted when resources are removed
+        """
+        # === INITIAL SETUP ===
+        # Create initial mock external app with 3 endpoints
+        mock_external_app_initial = MagicMock()
+
+        # Initial mock endpoints
+        mock_production_endpoint = MagicMock()
+        mock_production_endpoint.ROLES_WITH_ACCESS = [888]
+        mock_production_endpoint.DESCRIPTION = "Production planning endpoint"
+
+        mock_quality_endpoint = MagicMock()
+        mock_quality_endpoint.ROLES_WITH_ACCESS = [777]
+        mock_quality_endpoint.DESCRIPTION = "Quality control endpoint"
+
+        mock_scheduling_endpoint = MagicMock()
+        mock_scheduling_endpoint.ROLES_WITH_ACCESS = [888, 777]
+        mock_scheduling_endpoint.DESCRIPTION = "Scheduling optimizer endpoint"
+
+        # Initial resources structure
+        initial_resources = [
+            {
+                "endpoint": "production_planning",
+                "urls": "/production-planning/",
+                "resource": mock_production_endpoint,
+            },
+            {
+                "endpoint": "quality_control",
+                "urls": "/quality-control/",
+                "resource": mock_quality_endpoint,
+            },
+            {
+                "endpoint": "scheduling_optimizer",
+                "urls": "/scheduling/",
+                "resource": mock_scheduling_endpoint,
+            },
+        ]
+
+        # Mock the shared.const module (no extra permissions)
+        mock_shared_initial = MagicMock()
+        mock_const_initial = MagicMock()
+        mock_const_initial.EXTRA_PERMISSION_ASSIGNATION = []
+        mock_shared_initial.const = mock_const_initial
+        mock_external_app_initial.shared = mock_shared_initial
+
+        # Mock the endpoints.resources
+        mock_endpoints_initial = MagicMock()
+        mock_endpoints_initial.resources = initial_resources
+        mock_external_app_initial.endpoints = mock_endpoints_initial
+
+        mock_import_views.return_value = mock_external_app_initial
+        mock_import_auxiliar.return_value = mock_external_app_initial
+
+        # === INITIAL ACCESS INIT ===
+
+        # Mock the database session for testing - INITIAL SETUP ONLY
+        with patch.object(db.session, "commit"):
+            with patch.object(db.session, "rollback"):
+                # Run initial access initialization
+                access_init_command(verbose=True)
+
+                # Verify initial views were created
+                initial_views = ViewModel.query.filter(
+                    ViewModel.name.in_(
+                        [
+                            "production_planning",
+                            "quality_control",
+                            "scheduling_optimizer",
+                        ]
+                    )
+                ).all()
+
+                self.assertEqual(
+                    len(initial_views), 3, "Expected 3 initial views to be created"
+                )
+
+                # Get initial URLs
+                initial_views_dict = {
+                    view.name: view.url_rule for view in initial_views
+                }
+                self.assertEqual(
+                    initial_views_dict["production_planning"], "/production-planning/"
+                )
+                self.assertEqual(
+                    initial_views_dict["quality_control"], "/quality-control/"
+                )
+                self.assertEqual(
+                    initial_views_dict["scheduling_optimizer"], "/scheduling/"
+                )
+
+        # === MODIFY CONFIGURATION ===
+        # Create updated mock external app with:
+        # 1. Changed URL for production_planning
+        # 2. Changed URL for quality_control
+        # 3. Remove scheduling_optimizer entirely
+        mock_external_app_updated = MagicMock()
+
+        # Updated resources structure (scheduling_optimizer removed, URLs changed)
+        updated_resources = [
+            {
+                "endpoint": "production_planning",
+                "urls": "/new-production-planning/",  # CHANGED URL
+                "resource": mock_production_endpoint,
+            },
+            {
+                "endpoint": "quality_control",
+                "urls": "/quality-control/",
+                "resource": mock_quality_endpoint,
+            },
+            # scheduling_optimizer REMOVED entirely
+        ]
+
+        # Mock shared const (still no extra permissions)
+        mock_shared_updated = MagicMock()
+        mock_const_updated = MagicMock()
+        mock_const_updated.EXTRA_PERMISSION_ASSIGNATION = []  # Empty list
+        mock_shared_updated.const = mock_const_updated
+        mock_external_app_updated.shared = mock_shared_updated
+
+        # Mock updated endpoints.resources
+        mock_endpoints_updated = MagicMock()
+        mock_endpoints_updated.resources = updated_resources
+        mock_external_app_updated.endpoints = mock_endpoints_updated
+
+        # Update mocks to return updated configuration
+        mock_import_views.return_value = mock_external_app_updated
+        mock_import_auxiliar.return_value = mock_external_app_updated
+
+        # === SECOND ACCESS INIT (with updated config) ===
+        # Allow real commits for the update to be persisted
+        access_init_command(verbose=True)
+
+        # === VERIFY UPDATES ===
+        # Check that URLs were updated
+        updated_views = ViewModel.query.filter(
+            ViewModel.name.in_(["production_planning", "quality_control"])
+        ).all()
+
+        self.assertEqual(
+            len(updated_views), 2, "Expected 2 views to remain after update"
+        )
+
+        updated_views_dict = {view.name: view.url_rule for view in updated_views}
+        self.assertEqual(
+            updated_views_dict["production_planning"],
+            "/new-production-planning/",
+            "production_planning URL should be updated",
+        )
+        self.assertEqual(
+            updated_views_dict["quality_control"],
+            "/quality-control/",
+            "quality_control URL should be updated",
+        )
+
+        # === VERIFY DELETION ===
+        # Check that scheduling_optimizer view was deleted
+        deleted_view = ViewModel.query.filter_by(name="scheduling_optimizer").first()
+        self.assertIsNone(deleted_view, "scheduling_optimizer view should be deleted")
+
+        # === VERIFY PERMISSIONS ARE CLEANED UP ===
+        from cornflow.models import PermissionViewRoleModel
+
+        # Check that permissions for deleted view are cleaned up
+        remaining_permissions = PermissionViewRoleModel.query.all()
+        scheduling_permissions = [
+            perm
+            for perm in remaining_permissions
+            if perm.api_view and perm.api_view.name == "scheduling_optimizer"
+        ]
+        self.assertEqual(
+            len(scheduling_permissions),
+            0,
+            "All permissions for deleted scheduling_optimizer view should be removed",
+        )
+
+        # Check that permissions for remaining views still exist
+        remaining_external_permissions = [
+            perm
+            for perm in remaining_permissions
+            if perm.api_view
+            and perm.api_view.name in ["production_planning", "quality_control"]
+        ]
+
+        all_view_names = [
+            perm.api_view.name for perm in remaining_permissions if perm.api_view
+        ]
+        self.assertTrue(
+            len(remaining_external_permissions) > 0,
+            f"Permissions for remaining views should still exist. Found views: {set(all_view_names)}",
+        )
+
+
+if __name__ == "__main__":
+    unittest.main()

{cornflow-1.2.3a3.dist-info → cornflow-1.2.3a4.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.3a3
+Version: 1.2.3a4
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones
@@ -14,7 +14,7 @@ Requires-Dist: alembic==1.9.2
 Requires-Dist: apispec<=6.3.0
 Requires-Dist: cachetools==5.3.3
 Requires-Dist: click<=8.1.7
-Requires-Dist: cornflow-client>=1.2.0
+Requires-Dist: cornflow-client>=1.2.3.a4
 Requires-Dist: cryptography<=44.0.1
 Requires-Dist: disposable-email-domains>=0.0.86
 Requires-Dist: Flask==2.3.2

{cornflow-1.2.3a3.dist-info → cornflow-1.2.3a4.dist-info}/RECORD

@@ -5,7 +5,7 @@ airflow_config/plugins/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 airflow_config/plugins/XCom/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 airflow_config/plugins/XCom/gce_xcom_backend.py,sha256=vCGvF2jbfZt5bOv-pk5Q_kUR6LomFUojIymimSJmj3o,1795
 cornflow/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-cornflow/app.py,sha256=SHHShEmTqvzZtNShn5AInJxSvwnUmgILwUNpzxNtlNs,7690
+cornflow/app.py,sha256=5ebZuYTfUFKVQ-lxcTeS0hATPGn3zacYdQ7jkApwmrE,7698
 cornflow/config.py,sha256=c3CNu6wzm5mDJLF6GjrnBKQSNKsRr69S2vQ9jCSAhYw,5628
 cornflow/gunicorn.py,sha256=uO-Yk7w7nvQSWh12iDxsVvlG-_2BiKIIjm2UiTk4P9E,480
 cornflow/cli/__init__.py,sha256=2QfFLxLcX5zYt3Ok3QKNWQvUvAeEnLsH7xiGN3GjwFU,853
@@ -14,9 +14,9 @@ cornflow/cli/arguments.py,sha256=9EEyyny5cJJ1t3WAs6zMgTDvTre0JdQ2N_oZfFQmixs,657
 cornflow/cli/config.py,sha256=AWWoLj3AIbKISIJ58Q89OdC_Ocjs_TPLCMF2jTEb5Sw,1258
 cornflow/cli/migrations.py,sha256=nJbmulqwFxuaSPmo9hJiTl1pUSojeXfAdd9aGM_g9ic,2426
 cornflow/cli/permissions.py,sha256=fyIp5M0ZpJWVf_tGZG0DN0Gnk1geruadkdKK11cmRk8,1116
-cornflow/cli/roles.py,sha256=o7P3yt1g2us2B-vv5R7sXNDgUagPsvPGc7ABL0lCBOQ,521
+cornflow/cli/roles.py,sha256=1dvAq1Bp1iEAUUfXFeL8kYjI0ZchYlDwIBQpTtwV6vs,529
 cornflow/cli/schemas.py,sha256=s9IUJWa2G0kpqJaN6PcwbwZtGChTaqq451QqWEyWPBI,6197
-cornflow/cli/service.py,sha256=YGp30zEdrCZg2IIonA0aF2nh2d_0-Q_Cv17HjUQGkXY,12412
+cornflow/cli/service.py,sha256=iAV-RvKpCoUg2Nr4BqatTD6he_2THWuhQdJrUoFlqaI,13303
 cornflow/cli/users.py,sha256=VBUqOrS80qdp9E4XLn4ihocHVNWVhWSt19tp0o8mZII,2324
 cornflow/cli/utils.py,sha256=p54xJEnYWda6rqSQDoZU2qZrFu9kTs4FoF0y3pJLQvI,1377
 cornflow/cli/views.py,sha256=BjJRIQ5T3C8zl3-pVVkToVjQ6xdAGwnuT9LVEnn_jqM,746
@@ -28,15 +28,16 @@ cornflow/cli/tools/schema_generator.py,sha256=BQxfB4RvA010BjrXZ4D33AvWU9e7jfZ_m2
 cornflow/cli/tools/schemas_tools.py,sha256=cTAM4_-0uu7dNlv95Oo2edM5qWEnfNKzIt_EhP6qx4c,2232
 cornflow/cli/tools/tools.py,sha256=Qm0X-wHN12vXYJNRHONGjqDZewwXyXy4R_j4UT_XMLs,929
 cornflow/commands/__init__.py,sha256=_7mi2Sd8bnaSujU-L78z8Zrswz68NJ2xoocYpsEYmPM,544
-cornflow/commands/access.py,sha256=NTZJFF9la8TDuMcD_ISQtJTj-wtM2p1dddokQJHtkj0,748
+cornflow/commands/access.py,sha256=4as74PKwcq5VoPnT9Hh2uUEDQLOQo6jAelwmeBIPW3c,1013
 cornflow/commands/actions.py,sha256=4AwgAmyI6VeaugkISvTlNGrIzMMU_-ZB3MhwDD_CIEA,1544
+cornflow/commands/auxiliar.py,sha256=s1p5K-v5lBG3wivB8snl_32aiRQbgXIUmbSjKMs8Cm4,3436
 cornflow/commands/cleanup.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cornflow/commands/dag.py,sha256=AtagFGnB_ucfO0qUawDgd4iRoBCVc-RiOs08DqXSwXM,3786
-cornflow/commands/permissions.py,sha256=f6UMB1dj4KBXhrCXalcOdiQlDUldbbmslI6yTrK-_VM,7439
-cornflow/commands/roles.py,sha256=Oux-UkswkQ74zqaMEJYIEsZpQZGBcGaSahVzx9feAHU,1516
+cornflow/commands/permissions.py,sha256=8olHdnEGAP4gSm4ati675NNkZZWEUg5P5HcJ8Ft-B2w,9799
+cornflow/commands/roles.py,sha256=c-sPPz_3Zb3c7AekXhr7gE264I_BK6LpR2wSa80Eg7M,1602
 cornflow/commands/schemas.py,sha256=40dZSJ2nEqBa7Crb6DbFmnclT5e8ljAIjscOgHr9lhk,1970
 cornflow/commands/users.py,sha256=2YTbNYY5kZL6ujxGP4fyYgqtv5uuVGdkLR31n7OFFaE,2477
-cornflow/commands/views.py,sha256=K2Ld1-l1ZKn9m6e2W1LCxmN44QokwR-8u8rIrviiEf8,2276
+cornflow/commands/views.py,sha256=yg3vuKoJwusBWm0v9PCGYr1xAbL-dWAi4aDV0aGpMnA,6978
 cornflow/endpoints/__init__.py,sha256=ZlwhY8MiynQ0BdATkrsikGM2Kqo4DPxkVTc3faNfzRY,7492
 cornflow/endpoints/action.py,sha256=ksHK3F919cjkONLcFV2tUIbG-eZw5XbYkqVjYx9iq5I,1359
 cornflow/endpoints/alarms.py,sha256=M-fpRAm5ZgYyZXvcgS0NHkeMGnvcbfQh2O5qQJUaeoM,4372
@@ -119,7 +120,7 @@ cornflow/schemas/user_role.py,sha256=e5y6RgdZZtLqD-h2B3sa5WokI5-pT78tWw85IG34I74
 cornflow/schemas/view.py,sha256=ctq9Y1TmjrWdyOqgDYeEx7qbbuNLKfSiNOlFTlXmpaw,429
 cornflow/shared/__init__.py,sha256=1ahcBwWOsSjGI4FEm77JBQjitBdBszOncKcEMjzwGYE,29
 cornflow/shared/compress.py,sha256=pohQaGs1xbH8CN6URIH6BAHA--pFq7Hmjz8oI3c3B5c,1347
-cornflow/shared/const.py,sha256=06VjXJ1MxSc7MrmWMZD95N0VCLjiNqXIE3o1a-xd9n0,3555
+cornflow/shared/const.py,sha256=Oq2WnV-tHlU2EFfxSEMIhd6Ihsf_OuVbdU1E4DTps3Q,3556
 cornflow/shared/email.py,sha256=QNDDMv86LZObkevSCyUbLQeR2UD3zWScPIr82NDzYHQ,3437
 cornflow/shared/exceptions.py,sha256=E82488IiwTXCv8iwrnGvkTonhJcwbeE5ARO4Zsmhl2c,6966
 cornflow/shared/licenses.py,sha256=Lc71Jw2NxVTFWtoXdQ9wJX_o3BDfYg1xVoehDXvnCkQ,1328
@@ -129,7 +130,7 @@ cornflow/shared/utils.py,sha256=g2ZsD3SwsqIHXZ7GWVAVB0F9gX7mT9dQkPgR2Ahsh6M,860
 cornflow/shared/utils_tables.py,sha256=JnyaQ-5d1alj230nir-6elC2i0QX-u-_32SAs2eDtC0,3298
 cornflow/shared/validators.py,sha256=Iy2jaGzS9ojqlTE_-vKH4oQKD89GN5C0EPEZMg6UZgc,4761
 cornflow/shared/authentication/__init__.py,sha256=cJIChk5X6hbA_16usEvfHr8g4JDFI6WKo0GPVOOiYHA,137
-cornflow/shared/authentication/auth.py,sha256=Am4981BchXnwGCUaBg6DlG50TDaT-900KAQ8V-F6umE,18220
+cornflow/shared/authentication/auth.py,sha256=SiXMCHwyAXHL7Krd5Ubht16NPNXqSvf-85xyiEB2DK4,18247
 cornflow/shared/authentication/decorators.py,sha256=_QpwOU1kYzpaK85Dl0Btdj5hG8Ps47PFgySp_gqhlgk,1276
 cornflow/shared/authentication/ldap.py,sha256=QfdC2X_ZMcIJabKC5pYWDGMhS5pIOJJvdZXuuiruq-M,4853
 cornflow/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -148,11 +149,12 @@ cornflow/tests/unit/test_apiview.py,sha256=03M1GsQRVK7zqmslhOJXr4lLDLY2gMAgg86nk
 cornflow/tests/unit/test_application.py,sha256=ZVmTQDUOkPRxHqt6mWU9G_lQ3jJNMJR0cx7IkLMFGrU,1715
 cornflow/tests/unit/test_cases.py,sha256=Ez9dxlZL-SUf9DW9b_A_qPowHqUZ-TA73DMOzeBeLIU,37718
 cornflow/tests/unit/test_cli.py,sha256=E2w-Lzgx_k__0mYwlbg2z80_z9nwPZKI0CbgyGmpQRY,18775
-cornflow/tests/unit/test_commands.py,sha256=JaV_RX9VNaYj_3_QKHZmxct5irfA9GnQLKmpO002P1Y,23002
+cornflow/tests/unit/test_commands.py,sha256=kvO8Vn60rj3WBG2oXw7NpDSEYoGLNe806txbJPhtNJo,14722
 cornflow/tests/unit/test_dags.py,sha256=XsOi5bBJQdQz3DmYAVJf1myoAsRyBBdmku-xBr0Bku0,13386
 cornflow/tests/unit/test_data_checks.py,sha256=6s50d1iuRTUcAYn14oEcRS39ZZ6E9ussU4YpkpYhtC4,8612
 cornflow/tests/unit/test_example_data.py,sha256=D-Tgnqw7NZlnBXaDcUU0reNhAca5JlJP2Sdn3KdS4Sw,4127
 cornflow/tests/unit/test_executions.py,sha256=fC9kMRqU3qMGQ9eH6WXlOkU8CKJe6l-DlAKln4ImCSU,18192
+cornflow/tests/unit/test_external_role_creation.py,sha256=pVkEUTYxc_qt9weo_EKE-_AOnT2v8Z1mkSUOFsVDliI,21172
 cornflow/tests/unit/test_generate_from_schema.py,sha256=L1EdnASbDJ8SjrX1V4WnUKKwV0sRTwVnNYnxSpyeSeQ,15376
 cornflow/tests/unit/test_health.py,sha256=xT0OcnpxbxE0QJlyg4r1qCYDn-hwuk0Ynw5JA4cJtsY,1205
 cornflow/tests/unit/test_instances.py,sha256=Mf9jijQOcDE3ylPfMTnVRocRegcugEdCnoMCqSmKKqQ,11083
@@ -169,8 +171,8 @@ cornflow/tests/unit/test_tables.py,sha256=SW_K8LRLwR1nB0uH8CPQCjeN8Gei-TasAgkOin
 cornflow/tests/unit/test_token.py,sha256=PZ11b46UCQpCESsRiAPhpgWkGAsAwKCVNxVQai_kxXM,4199
 cornflow/tests/unit/test_users.py,sha256=N5tcF5nSncD0F_ZlBxGuS87p6kNS4hUzRLr3_AcnK-o,22802
 cornflow/tests/unit/tools.py,sha256=ag3sWv2WLi498R1GL5AOUnXqSsszD3UugzLZLC5NqAw,585
-cornflow-1.2.3a3.dist-info/METADATA,sha256=lwa0AelaIIcefbhB5bES98yk1h4R_r5p17FzhqvIpdE,9529
-cornflow-1.2.3a3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cornflow-1.2.3a3.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
-cornflow-1.2.3a3.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
-cornflow-1.2.3a3.dist-info/RECORD,,
+cornflow-1.2.3a4.dist-info/METADATA,sha256=m7K67ojro9FvxpT3XWKYd2NQSTkkGIqhNB-UhU_Oq_k,9532
+cornflow-1.2.3a4.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cornflow-1.2.3a4.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
+cornflow-1.2.3a4.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
+cornflow-1.2.3a4.dist-info/RECORD,,