PyPI - ethyca-fides - Versions diffs - 2.60.0rc1__py2.py3-none-any.whl → 2.60.1b0__py2.py3-none-any.whl - Mend

ethyca-fides 2.60.0rc1py2.py3-none-any.whl → 2.60.1b0py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

fides/api/db/seed.py CHANGED Viewed

@@ -25,6 +25,7 @@ from fides.api.models.fides_user_permissions import FidesUserPermissions
 from fides.api.models.policy import Policy, Rule, RuleTarget
 from fides.api.models.sql_models import (  # type: ignore[attr-defined]
     Dataset,
+    Organization,
     System,
     sql_model_map,
 )
@@ -44,7 +45,7 @@ from fides.api.util.text import to_snake_case
 from fides.config import CONFIG
 from fides.service.dataset.dataset_config_service import DatasetConfigService
-from .crud import create_resource, get_resource, list_resource, upsert_resources
+from .crud import upsert_resources
 from .samples import (
     load_sample_connections_from_project,
     load_sample_resources_from_project,
@@ -282,106 +283,41 @@ def load_default_erasure_policy(
     )
-def load_default_dsr_policies() -> None:
+def load_default_dsr_policies(session: Session) -> None:
     """
     Checks whether DSR execution policies exist in the database, and
     inserts them to target a default set of data categories if not.
     """
-    with sync_session() as db_session:  # type: ignore[attr-defined]
-        client_id = get_client_id(db_session)
+    client_id = get_client_id(session)
-        # By default, include all categories *except* those related to a user's
-        # financial, payment, and credentials data. These are typically not
-        # included in access and erasure requests as they are covered by other
-        # compliance programs (e.g. legal, tax, security) and most
-        # organizations need to be extra careful about how these are used -
-        # especially for erasure! Therefore, a safe default for "out of the
-        # box" behaviour is to exclude these
+    # By default, include all categories *except* those related to a user's
+    # financial, payment, and credentials data. These are typically not
+    # included in access and erasure requests as they are covered by other
+    # compliance programs (e.g. legal, tax, security) and most
+    # organizations need to be extra careful about how these are used -
+    # especially for erasure! Therefore, a safe default for "out of the
+    # box" behaviour is to exclude these
-        default_data_categories = get_user_data_categories()
+    default_data_categories = get_user_data_categories()
-        log.debug(
-            f"Preparing to create default rules for the following Data Categories: {default_data_categories} if they do not already exist"
-        )
-        load_default_access_policy(db_session, client_id, default_data_categories)
-        load_default_erasure_policy(db_session, client_id, default_data_categories)
-        log.info("All default policies & rules created")
-async def load_default_organization(async_session: AsyncSession) -> None:
-    """
-    Seed the database with a default organization unless
-    one with a matching name already exists.
-    """
-    log.info("Loading the default organization...")
-    organizations: List[Dict] = list(
-        map(dict, DEFAULT_TAXONOMY.model_dump(mode="json")["organization"])
+    log.debug(
+        f"Preparing to create default rules for the following Data Categories: {default_data_categories} if they do not already exist"
     )
-    inserted = 0
-    for org in organizations:
-        try:
-            existing = await get_resource(
-                sql_model_map["organization"],
-                org["fides_key"],
-                async_session,
-                raise_not_found=False,
-            )
-            if not existing:
-                await create_resource(sql_model_map["organization"], org, async_session)
-                inserted += 1
-        except AlreadyExistsError:
-            pass
+    load_default_access_policy(session, client_id, default_data_categories)
+    load_default_erasure_policy(session, client_id, default_data_categories)
-    log.debug(f"INSERTED {inserted} organization resource(s)")
-    log.debug(f"SKIPPED {len(organizations)-inserted} organization resource(s)")
-async def load_default_taxonomy(async_session: AsyncSession) -> None:
-    """Seed the database with the default taxonomy resources."""
-    upsert_resource_types = list(DEFAULT_TAXONOMY.model_fields_set)
-    upsert_resource_types.remove("organization")
-    log.info("Loading the default fideslang taxonomy resources...")
-    for resource_type in upsert_resource_types:
-        log.debug(f"Processing {resource_type} resources...")
-        default_resources = DEFAULT_TAXONOMY.model_dump(mode="json")[resource_type]
-        existing_resources = await list_resource(
-            sql_model_map[resource_type], async_session
-        )
-        existing_keys = [item.fides_key for item in existing_resources]
-        resources = [
-            resource
-            for resource in default_resources
-            if resource["fides_key"] not in existing_keys
-        ]
-        if len(resources) == 0:
-            log.debug(f"No new {resource_type} resources to add from default taxonomy.")
-            continue
-        try:
-            await upsert_resources(
-                sql_model_map[resource_type], resources, async_session
-            )
-        except QueryError:  # pragma: no cover
-            pass  # The create_resource function will log the error
-        else:
-            log.debug(f"UPSERTED {len(resources)} {resource_type} resource(s)")
+    log.info("All default policies & rules created")
-async def load_default_resources(async_session: AsyncSession) -> None:
+def load_default_resources(session: Session) -> None:
     """
     Seed the database with default resources that the application
     expects to be available.
     """
-    await load_default_organization(async_session)
-    await load_default_taxonomy(async_session)
-    load_default_dsr_policies()
+    load_default_organization(session)
+    load_default_taxonomy(session)
+    load_default_dsr_policies(session)
 async def load_samples(async_session: AsyncSession) -> None:
@@ -549,3 +485,70 @@ async def load_samples(async_session: AsyncSession) -> None:
     except QueryError:  # pragma: no cover
         pass  # The upsert_resources function will log any error
+def load_default_organization(db: Session) -> None:
+    """
+    Seed the database with a default organization unless
+    one with a matching name already exists.
+    """
+    log.info("Loading the default organization...")
+    organizations: List[Dict] = list(
+        map(dict, DEFAULT_TAXONOMY.model_dump(mode="json")["organization"])
+    )
+    inserted = 0
+    for org in organizations:
+        try:
+            existing = Organization.get_by(
+                db=db, field="fides_key", value=org["fides_key"]
+            )
+            if not existing:
+                Organization.create(db=db, data=org, check_name=False)
+                inserted += 1
+        except AlreadyExistsError:
+            pass
+    log.debug(f"INSERTED {inserted} organization resource(s)")
+    log.debug(f"SKIPPED {len(organizations)-inserted} organization resource(s)")
+def load_default_taxonomy(db: Session) -> None:
+    """Synchronous version: Seed the database with the default taxonomy resources."""
+    upsert_resource_types = list(DEFAULT_TAXONOMY.model_fields_set)
+    upsert_resource_types.remove("organization")
+    log.info("Loading the default fideslang taxonomy resources...")
+    for resource_type in upsert_resource_types:
+        sql_model = sql_model_map[resource_type]
+        log.debug(f"Processing {resource_type} resources...")
+        default_resources = DEFAULT_TAXONOMY.model_dump(mode="json")[resource_type]
+        try:
+            # Fetch existing keys first
+            existing_keys = {item[0] for item in db.query(sql_model.fides_key).all()}
+        except Exception as exc:
+            log.error(f"Error fetching existing keys for {resource_type}: {exc}")
+            continue  # Skip this resource type if we can't get existing keys
+        # Filter for resources that don't exist
+        resources_to_create = [
+            resource
+            for resource in default_resources
+            if resource["fides_key"] not in existing_keys
+        ]
+        if not resources_to_create:
+            log.debug(f"No new {resource_type} resources to add from default taxonomy.")
+            continue
+        created_count = 0
+        for resource_data in resources_to_create:
+            try:
+                sql_model.create_or_update(db=db, data=resource_data)
+                created_count += 1
+            except Exception:
+                pass
+        if created_count > 0:
+            log.debug(f"UPSERTED {created_count} {resource_type} resource(s)")

fides/api/schemas/connection_configuration/connection_secrets_google_cloud_sql_mysql.py CHANGED Viewed

@@ -8,6 +8,9 @@ from fides.api.schemas.base_class import NoValidationSchema
 from fides.api.schemas.connection_configuration.connection_secrets import (
     ConnectionConfigSecretsSchema,
 )
+from fides.api.schemas.connection_configuration.enums.google_cloud_sql_ip_type import (
+    GoogleCloudSQLIPType,
+)
 class KeyfileCreds(BaseModel):
@@ -51,6 +54,11 @@ class GoogleCloudSQLMySQLSchema(ConnectionConfigSecretsSchema):
         json_schema_extra={"sensitive": True},
         description="The contents of the key file that contains authentication credentials for a service account in GCP.",
     )
+    ip_type: Optional[GoogleCloudSQLIPType] = Field(
+        default=None,
+        title="IP type",
+        description="Specify the IP Address type required for your database (defaults to public). See the Google Cloud documentation for more information about connection options: https://cloud.google.com/sql/docs/postgres/connect-overview",
+    )
     _required_components: ClassVar[List[str]] = [
         "db_iam_user",
@@ -66,6 +74,15 @@ class GoogleCloudSQLMySQLSchema(ConnectionConfigSecretsSchema):
             v = json.loads(v)
         return KeyfileCreds.model_validate(v)
+    @field_validator("ip_type", mode="before")
+    @classmethod
+    def empty_string_to_none(cls, v: Optional[str]) -> Optional[GoogleCloudSQLIPType]:
+        if v == "":
+            return None
+        if v is not None:
+            return GoogleCloudSQLIPType(v)
+        return v
 class GoogleCloudSQLMySQLDocsSchema(GoogleCloudSQLMySQLSchema, NoValidationSchema):
     """Google Cloud SQL MySQL Secrets Schema for API Docs"""

fides/api/schemas/connection_configuration/connection_secrets_google_cloud_sql_postgres.py CHANGED Viewed

@@ -8,6 +8,9 @@ from fides.api.schemas.base_class import NoValidationSchema
 from fides.api.schemas.connection_configuration.connection_secrets import (
     ConnectionConfigSecretsSchema,
 )
+from fides.api.schemas.connection_configuration.enums.google_cloud_sql_ip_type import (
+    GoogleCloudSQLIPType,
+)
 class KeyfileCreds(BaseModel):
@@ -57,6 +60,11 @@ class GoogleCloudSQLPostgresSchema(ConnectionConfigSecretsSchema):
         json_schema_extra={"sensitive": True},
         description="The contents of the key file that contains authentication credentials for a service account in GCP.",
     )
+    ip_type: Optional[GoogleCloudSQLIPType] = Field(
+        default=None,
+        title="IP type",
+        description="Specify the IP Address type required for your database (defaults to public). See the Google Cloud documentation for more information about connection options: https://cloud.google.com/sql/docs/postgres/connect-overview",
+    )
     _required_components: ClassVar[List[str]] = [
         "db_iam_user",
@@ -71,6 +79,15 @@ class GoogleCloudSQLPostgresSchema(ConnectionConfigSecretsSchema):
             v = json.loads(v)
         return KeyfileCreds.model_validate(v)
+    @field_validator("ip_type", mode="before")
+    @classmethod
+    def empty_string_to_none(cls, v: Optional[str]) -> Optional[GoogleCloudSQLIPType]:
+        if v == "":
+            return None
+        if v is not None:
+            return GoogleCloudSQLIPType(v)
+        return v
 class GoogleCloudSQLPostgresDocsSchema(
     GoogleCloudSQLPostgresSchema, NoValidationSchema

fides/api/schemas/connection_configuration/enums/google_cloud_sql_ip_type.py ADDED Viewed

@@ -0,0 +1,9 @@
+from enum import Enum
+class GoogleCloudSQLIPType(str, Enum):
+    """Enum for Google Cloud SQL IP types"""
+    public = "public"
+    private = "private"
+    private_service_connect = "psc"

fides/api/service/connectors/google_cloud_mysql_connector.py CHANGED Viewed

@@ -8,6 +8,9 @@ from sqlalchemy.engine import Engine, LegacyCursorResult, create_engine  # type:
 from fides.api.schemas.connection_configuration.connection_secrets_google_cloud_sql_mysql import (
     GoogleCloudSQLMySQLSchema,
 )
+from fides.api.schemas.connection_configuration.enums.google_cloud_sql_ip_type import (
+    GoogleCloudSQLIPType,
+)
 from fides.api.service.connectors.sql_connector import SQLConnector
 from fides.api.util.collection_util import Row
 from fides.config import get_config
@@ -37,6 +40,7 @@ class GoogleCloudSQLMySQLConnector(SQLConnector):
             conn: pymysql.connections.Connection = connector.connect(
                 config.instance_connection_name,
                 "pymysql",
+                ip_type=config.ip_type or GoogleCloudSQLIPType.public,
                 user=config.db_iam_user,
                 db=config.dbname,
                 enable_iam_auth=True,

fides/api/service/connectors/google_cloud_postgres_connector.py CHANGED Viewed

@@ -16,6 +16,9 @@ from fides.api.graph.execution import ExecutionNode
 from fides.api.schemas.connection_configuration.connection_secrets_google_cloud_sql_postgres import (
     GoogleCloudSQLPostgresSchema,
 )
+from fides.api.schemas.connection_configuration.enums.google_cloud_sql_ip_type import (
+    GoogleCloudSQLIPType,
+)
 from fides.api.service.connectors.query_configs.google_cloud_postgres_query_config import (
     GoogleCloudSQLPostgresQueryConfig,
 )
@@ -53,6 +56,7 @@ class GoogleCloudSQLPostgresConnector(SQLConnector):
             conn: pg8000.dbapi.Connection = connector.connect(
                 config.instance_connection_name,
                 "pg8000",
+                ip_type=config.ip_type or GoogleCloudSQLIPType.public,
                 user=config.db_iam_user,
                 db=config.dbname or self.default_db_name,
                 enable_iam_auth=True,

fides/api/service/connectors/sql_connector.py CHANGED Viewed

@@ -119,8 +119,8 @@ class SQLConnector(BaseConnector[Engine]):
             )
         except ClientResponseError as e:
             raise ConnectionException(f"Connection error: {e.message}")
-        except Exception:
-            raise ConnectionException("Connection error.")
+        except Exception as exc:
+            raise ConnectionException(f"Connection error: {exc}")
         return ConnectionTestStatus.succeeded

fides/api/util/data_category.py CHANGED Viewed

@@ -26,6 +26,7 @@ def generate_fides_data_categories() -> Type[EnumType]:
     return FidesDataCategory
+# TODO: Move away from using this, it conflicts with the DataCategory model
 DataCategory = generate_fides_data_categories()

fides/ui-build/static/admin/404.html CHANGED Viewed

	@@ -1 +1 @@
1	- <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link data-next-font="" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/a063d3d67fe688f6.css" as="style"/><link rel="stylesheet" href="/_next/static/css/a063d3d67fe688f6.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-32c43a8d709ca5c6.js" defer=""></script><script src="/_next/static/chunks/framework-c92fc3344e6fd165.js" defer=""></script><script src="/_next/static/chunks/main-090643377c8254e6.js" defer=""></script><script src="/_next/static/chunks/pages/_app-854abc8128542e40.js" defer=""></script><script src="/_next/static/chunks/pages/404-73e79d3760ef2658.js" defer=""></script><script src="/_next/static/~~h6f83-sNVA0ahtQ8eFh82~~/_buildManifest.js" defer=""></script><script src="/_next/static/~~h6f83-sNVA0ahtQ8eFh82~~/_ssgManifest.js" defer=""></script><style>.data-ant-cssinjs-cache-path{content:"";}</style></head><body><div id="__next"><div style="height:100%;display:flex"></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"~~h6f83-sNVA0ahtQ8eFh82~~","nextExport":true,"autoExport":true,"isFallback":false,"scriptLoader":[]}</script></body></html>
1	+ <!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link data-next-font="" rel="preconnect" href="/" crossorigin="anonymous"/><link rel="preload" href="/_next/static/css/a063d3d67fe688f6.css" as="style"/><link rel="stylesheet" href="/_next/static/css/a063d3d67fe688f6.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="/_next/static/chunks/polyfills-42372ed130431b0a.js"></script><script src="/_next/static/chunks/webpack-32c43a8d709ca5c6.js" defer=""></script><script src="/_next/static/chunks/framework-c92fc3344e6fd165.js" defer=""></script><script src="/_next/static/chunks/main-090643377c8254e6.js" defer=""></script><script src="/_next/static/chunks/pages/_app-854abc8128542e40.js" defer=""></script><script src="/_next/static/chunks/pages/404-73e79d3760ef2658.js" defer=""></script><script src="/_next/static/snXG8lXqPoT4hj3yvlEtk/_buildManifest.js" defer=""></script><script src="/_next/static/snXG8lXqPoT4hj3yvlEtk/_ssgManifest.js" defer=""></script><style>.data-ant-cssinjs-cache-path{content:"";}</style></head><body><div id="__next"><div style="height:100%;display:flex"></div></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/404","query":{},"buildId":"snXG8lXqPoT4hj3yvlEtk","nextExport":true,"autoExport":true,"isFallback":false,"scriptLoader":[]}</script></body></html>

fides/ui-build/static/admin/_next/static/chunks/5973-9199898696748d0c.js ADDED Viewed

@@ -0,0 +1 @@

+ "use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[5973],{7617:function(e,s,t){t.d(s,{q:function(){return a}});var i=t(24246),n=t(91922);let a=e=>{let{label:s,isDisabled:t,...a}=e;return(0,i.jsx)(n.OK9,{"data-testid":"tab-".concat(s),_selected:{fontWeight:"600",color:"complimentary.500",borderColor:"complimentary.500"},fontSize:a.fontSize,fontWeight:"500",color:"gray.500",isDisabled:t||!1,children:s})};s.Z=e=>{let{data:s,border:t="partial",...r}=e;return(0,i.jsxs)(n.mQc,{colorScheme:"complimentary",...r,children:[(0,i.jsx)(n.tdY,{width:"partial"===t?"max-content":void 0,children:s.map(e=>(0,i.jsx)(a,{label:e.label,isDisabled:e.isDisabled,fontSize:r.fontSize},e.label))}),(0,i.jsx)(n.nPR,{children:s.map(e=>(0,i.jsx)(n.x45,{px:0,"data-testid":"tab-panel-".concat(e.label),children:e.content},e.label))})]})}},18225:function(e,s,t){var i=t(24246),n=t(91922);s.Z=e=>{let{...s}=e;return(0,i.jsx)(n.kCb,{boxSize:"full",align:"center",justify:"center",children:(0,i.jsx)(n.$jN,{color:"primary",...s})})}},77213:function(e,s,t){t.d(s,{Z:function(){return u}});var i=t(24246),n=t(91922),a=t(88038),r=t.n(a),o=t(86677);t(27378);var c=t(25980),d=t(90867),l=t(77830),h=()=>{let e=(0,o.useRouter)();return(0,i.jsx)(n.xuv,{bg:"gray.50",border:"1px solid",borderColor:"blue.400",borderRadius:"md",justifyContent:"space-between",p:5,mb:5,mt:5,children:(0,i.jsxs)(n.xuv,{children:[(0,i.jsxs)(n.Kqy,{direction:{base:"column",sm:"row"},justifyContent:"space-between",children:[(0,i.jsx)(n.xvT,{fontWeight:"semibold",children:"Configure your storage and messaging provider"}),(0,i.jsx)(n.wpx,{onClick:()=>{e.push(l.fz)},children:"Configure"})]}),(0,i.jsxs)(n.xvT,{children:["Before Fides can process your privacy requests we need two simple steps to configure your storage and email client."," "]})]})})},u=e=>{let{children:s,title:t,padded:a=!0,mainProps:l}=e,u=(0,c.hz)(),x=(0,o.useRouter)(),m="/privacy-requests"===x.pathname||"/datastore-connection"===x.pathname,j=!(u.flags.privacyRequestsConfiguration&&m),{data:p}=(0,d.JE)(void 0,{skip:j}),{data:g}=(0,d.PW)(void 0,{skip:j}),y=u.flags.privacyRequestsConfiguration&&(!p||!g)&&m;return(0,i.jsxs)(n.kCb,{"data-testid":t,direction:"column",h:"100vh",children:[(0,i.jsxs)(r(),{children:[(0,i.jsxs)("title",{children:["Fides Admin UI - ",t]}),(0,i.jsx)("meta",{name:"description",content:"Privacy Engineering Platform"}),(0,i.jsx)("link",{rel:"icon",href:"/favicon.ico"})]}),(0,i.jsxs)(n.kCb,{as:"main",direction:"column",py:a?6:0,px:a?10:0,h:a?"calc(100% - 48px)":"full",flex:1,minWidth:0,overflow:"auto",...l,children:[y?(0,i.jsx)(h,{}):null,s]})]})}},58754:function(e,s,t){var i=t(24246),n=t(91922),a=t(70788);s.Z=e=>{let{heading:s,breadcrumbItems:t,isSticky:r=!0,children:o,rightContent:c,style:d,...l}=e;return(0,i.jsxs)("div",{...l,style:r?{position:"sticky",top:"-24px",paddingTop:"24px",paddingBottom:"24px",paddingLeft:"40px",marginLeft:"-40px",paddingRight:"40px",marginRight:"-40px",marginTop:"-24px",left:0,zIndex:20,backgroundColor:"white",...d}:{paddingBottom:"24px",...d},children:[(0,i.jsxs)(n.jqI,{justify:"space-between",children:["string"==typeof s?(0,i.jsx)(n.lQT,{className:t||o?"pb-4":void 0,level:1,"data-testid":"page-heading",children:s}):s,c&&(0,i.jsx)("div",{"data-testid":"page-header-right-content",children:c})]}),!!t&&(0,i.jsx)(a.m,{className:o?"pb-4":void 0,items:t,"data-testid":"page-breadcrumb"}),o]})}},79789:function(e,s,t){t.d(s,{Hn:function(){return o},XU:function(){return r},Z5:function(){return c},aG:function(){return h},cB:function(){return a},hX:function(){return l},vQ:function(){return d}});var i=t(24246),n=t(91922);let a=e=>{let{text:s,...t}=e;return(0,i.jsx)(n.X6q,{fontSize:"sm",mt:4,mb:1,...t,children:s})},r=e=>{let{children:s}=e;return(0,i.jsx)(n.xvT,{fontSize:"14px",mb:4,children:s})},o=e=>{let{children:s,href:t}=e;return(0,i.jsx)(n.rUS,{href:t,textDecoration:"underline",isExternal:!0,children:s})},c=e=>{let{children:s}=e;return(0,i.jsx)(n.QI$,{fontSize:"14px",mb:4,children:s})},d=e=>{let{children:s}=e;return(0,i.jsx)(n.GSI,{fontSize:"14px",mb:4,ml:6,children:s})},l=e=>{let{children:s}=e;return(0,i.jsx)(n.EKh,{display:"block",whiteSpace:"pre",p:4,mb:4,overflowX:"scroll",children:s})},h=e=>{let{data:s}=e;return(0,i.jsxs)(n.iA_,{fontSize:"14px",children:[(0,i.jsx)(n.hrZ,{children:(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Th,{children:"Permission"}),(0,i.jsx)(n.Th,{children:"Description"})]})}),(0,i.jsx)(n.p3B,{children:s.map(e=>(0,i.jsxs)(n.Tr,{children:[(0,i.jsx)(n.Td,{children:(0,i.jsx)(n.Vp9,{children:e.permission})}),(0,i.jsx)(n.Td,{children:e.description})]},e.permission))})]})}},97181:function(e,s,t){t.d(s,{d:function(){return d}});var i=t(24246),n=t(91922),a=t(34090),r=t(27378),o=t(46238),c=t(40324);let d=e=>{let{name:s,label:t,labelProps:d,tooltip:l,isRequired:h,layout:u="inline",helperText:x,...m}=e,[j,p,{setValue:g}]=(0,a.U$)(s),y=!!(p.touched&&p.error),[v,f]=(0,r.useState)("");j.value||"tags"!==m.mode&&"multiple"!==m.mode||(j.value=[]),"tags"===m.mode&&"string"==typeof j.value&&(j.value=[j.value]);let C="tags"===m.mode?(e,s)=>e?e.value!==v||j.value.includes(v)?m.optionRender?m.optionRender(e,s):e.label:'Create "'.concat(v,'"'):void 0:m.optionRender||void 0,S=e=>{f(e),m.onSearch&&m.onSearch(e)},b=(e,s)=>{g(e),m.onChange&&m.onChange(e,s)};return"inline"===u?(0,i.jsx)(n.NIc,{isInvalid:y,isRequired:h,children:(0,i.jsxs)(n.rjZ,{templateColumns:t?"1fr 3fr":"1fr",children:[t?(0,i.jsx)(c.__,{htmlFor:m.id||s,...d,children:t}):null,(0,i.jsxs)(n.jqI,{align:"center",children:[(0,i.jsxs)(n.jqI,{vertical:!0,flex:1,className:"mr-2",children:[(0,i.jsx)(n.WPr,{...j,id:m.id||s,"data-testid":"controlled-select-".concat(j.name),...m,optionRender:C,onSearch:"tags"===m.mode?S:void 0,onChange:b,value:j.value||void 0,status:y?"error":void 0}),x&&(0,i.jsx)(n.Q6r,{children:x}),(0,i.jsx)(c.Bc,{isInvalid:y,message:p.error,fieldName:j.name})]}),(0,i.jsx)(o.b,{label:l})]})]})}):(0,i.jsx)(n.NIc,{isInvalid:y,isRequired:h,children:(0,i.jsxs)(n.gCW,{alignItems:"start",children:[(0,i.jsxs)(n.jqI,{align:"center",children:[t?(0,i.jsx)(c.__,{htmlFor:m.id||s,fontSize:"xs",my:0,mr:1,...d,children:t}):null,(0,i.jsx)(o.b,{label:l})]}),(0,i.jsx)(n.WPr,{...j,id:m.id||s,"data-testid":"controlled-select-".concat(j.name),...m,optionRender:C,onSearch:"tags"===m.mode?S:void 0,onChange:b,value:j.value||void 0,status:y?"error":void 0}),x&&(0,i.jsx)(n.Q6r,{style:{marginTop:0},children:x}),(0,i.jsx)(c.Bc,{isInvalid:y,message:p.error,fieldName:j.name})]})})}},14047:function(e,s,t){t.d(s,{H:function(){return a},V:function(){return i.V}});var i=t(84306),n=t(812);let a=()=>{let{errorAlert:e}=(0,i.V)();return{handleError:s=>{let t="An unexpected error occurred. Please try again.";(0,n.Ot)(s)?t=s.data.detail:(0,n.tB)(s)&&(t=s.data.detail[0].msg),e(t)}}}},84306:function(e,s,t){t.d(s,{V:function(){return a}});var i=t(24246),n=t(91922);let a=()=>{let e=(0,n.pmc)();return{errorAlert:(s,t,a)=>{let r={...a,position:(null==a?void 0:a.position)||"top",render:e=>{let{onClose:a}=e;return(0,i.jsxs)(n.bZj,{alignItems:"normal",status:"error","data-testid":"error-alert",children:[(0,i.jsx)(n.zMQ,{}),(0,i.jsxs)(n.xuv,{children:[t&&(0,i.jsx)(n.CdC,{children:t}),(0,i.jsx)(n.XaZ,{children:s})]}),(0,i.jsx)(n.PZ7,{onClick:a,position:"relative",right:0,size:"sm",top:-1})]})}};(null==a?void 0:a.id)&&e.isActive(a.id)?e.update(a.id,r):e(r)},successAlert:(s,t,a)=>{let r={...a,position:(null==a?void 0:a.position)||"top",render:e=>{let{onClose:a}=e;return(0,i.jsxs)(n.bZj,{alignItems:"normal",status:"success",variant:"subtle","data-testid":"success-alert",children:[(0,i.jsx)(n.zMQ,{}),(0,i.jsxs)(n.xuv,{children:[t&&(0,i.jsx)(n.CdC,{children:t}),(0,i.jsx)(n.XaZ,{children:s})]}),(0,i.jsx)(n.PZ7,{onClick:a,position:"relative",right:0,size:"sm",top:-1})]})}};(null==a?void 0:a.id)&&e.isActive(a.id)?e.update(a.id,r):e(r)}}}},8133:function(e,s,t){var i=t(24246),n=t(91922);s.Z=e=>{let{title:s,children:t,isOpen:a,onClose:r,...o}=e;return(0,i.jsxs)(n.u_l,{isOpen:a,onClose:r,isCentered:!0,scrollBehavior:"inside",size:"xl",id:"add-modal",...o,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{textAlign:"left",p:0,"data-testid":"add-modal-content",children:[(0,i.jsx)(n.xBx,{p:0,children:(0,i.jsx)(n.xuv,{backgroundColor:"gray.50",px:6,py:4,border:"1px",borderColor:"gray.200",borderTopRadius:6,display:"flex",justifyContent:"space-between",alignItems:"center",children:(0,i.jsx)(n.X6q,{as:"h3",size:"sm",children:s})})}),(0,i.jsx)(n.fef,{pb:4,overflow:"auto",children:t})]})]})}},70788:function(e,s,t){t.d(s,{m:function(){return d}});var i=t(24246),n=t(91922),a=t(79894),r=t.n(a),o=t(27378);let{Text:c}=n.AntTypography,d=e=>{let{items:s,...t}=e,a=(0,o.useMemo)(()=>null==s?void 0:s.map((e,t)=>{let a=t===s.length-1,o={...e},d=o.onClick&&!o.href;return("string"==typeof o.title&&(o.title=(0,i.jsx)(c,{style:{color:"inherit",maxWidth:a?void 0:400},ellipsis:!a,children:o.title})),d)?o.title=(0,i.jsx)(n.wpx,{type:"text",size:"small",icon:o.icon,onClick:o.onClick,className:"ant-breadcrumb-link -mt-px px-1 text-inherit",children:o.title}):(o.icon&&(o.title=(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)("span",{className:"anticon align-text-bottom",children:o.icon}),o.title]})),o.href&&o.title&&(o.title=(0,i.jsx)(r(),{href:o.href,className:"ant-breadcrumb-link",children:o.title}),delete o.href)),o}),[s]);return(0,i.jsx)(n.zrq,{items:a,...t})}},41337:function(e,s,t){var i=t(24246),n=t(91922);t(27378);var a=t(16643),r=t(16394),o=t(14746);let c=o.Ny+o.iW.get(a.Rj.WEBSITE),d=e=>void 0!==e.connection_type,l=e=>void 0!==e.encoded_icon,h=e=>(null==e?void 0:e.connection_type)===a.Rj.WEBSITE;s.Z=e=>{let{data:s,...t}=e;return(0,i.jsx)(n.Eep,{boxSize:"32px",objectFit:"cover",src:(()=>{let e;if(l(s)&&s.encoded_icon)return"data:image/svg+xml;base64,".concat(s.encoded_icon);if(h(s)){var t;let e=null===(t=s.secrets)||void 0===t?void 0:t.url;if(!e)return c;let i=(0,r.ge)(e);return(0,r.tl)(i,100)}if(d(s))e=[...o.iW].find(e=>{var t,i;let[n]=e;return s.connection_type.toString()!==a.Rj.SAAS&&s.connection_type.toString()===n||s.connection_type.toString()===a.Rj.SAAS&&(null===(i=s.saas_config)||void 0===i?void 0:null===(t=i.type)||void 0===t?void 0:t.toString())===n.toString()});else if(l(s)){let{identifier:t}=s;e=[...o.iW].find(e=>{let[s]=e;return s.toLowerCase()===t.toLowerCase()})}return e?o.Ny+e[1]:o.VD})(),fallbackSrc:h(s)?c:o.VD,alt:(()=>{if(d(s)){var e;return null!==(e=s.name)&&void 0!==e?e:s.key}return l(s)?s.human_readable:s})(),...t})}},15872:function(e,s,t){var i=t(24246),n=t(91922),a=t(86677);t(27378);var r=t(77830),o=t(14207);s.Z=e=>{let{connection_key:s,showMenu:t}=e,{isOpen:c,onOpen:d,onClose:l}=(0,n.qY0)(),[h,u]=(0,o.R5)(),x=(0,a.useRouter)(),m=()=>{u.isLoading||l()};return(0,i.jsxs)(i.Fragment,{children:[t&&(0,i.jsx)(n.sNh,{_focus:{color:"complimentary.500",bg:"gray.100"},onClick:d,children:(0,i.jsx)(n.xvT,{fontSize:"sm",children:"Delete"})}),!t&&(0,i.jsx)(n.wpx,{onClick:d,children:"Delete integration"}),(0,i.jsxs)(n.u_l,{isCentered:!0,isOpen:c,onClose:m,children:[(0,i.jsx)(n.ZAr,{}),(0,i.jsxs)(n.hzk,{children:[(0,i.jsx)(n.xBx,{children:"Delete integration"}),(0,i.jsx)(n.olH,{}),(0,i.jsx)(n.fef,{pb:6,children:(0,i.jsx)(n.Kqy,{direction:"column",spacing:"15px",children:(0,i.jsx)(n.xvT,{color:"gray.600",fontSize:"sm",fontWeight:"sm",lineHeight:"20px",children:"Deleting an integration may impact any privacy request that is currently in progress. Do you wish to proceed?"})})}),(0,i.jsxs)(n.mzw,{className:"flex gap-4",children:[(0,i.jsx)(n.wpx,{onClick:m,className:"w-1/2",children:"Cancel"}),(0,i.jsx)(n.wpx,{onClick:()=>{s&&(h(s),t||x.push(r.KH))},loading:u.isLoading,type:"primary",className:"w-1/2",children:"Delete integration"})]})]})]})]})}},19812:function(e,s,t){t.d(s,{t:function(){return o}});var i=t(14047),n=t(14207),a=t(27378),r=t(41966);let o=e=>{var s,t,o;let{connectionConfig:c}=e,[d]=(0,n.S6)(),{data:l}=(0,n.Eg)(null!==(t=null==c?void 0:c.key)&&void 0!==t?t:""),h=null!==(o=null==l?void 0:null===(s=l.items)||void 0===s?void 0:s.map(e=>e.fides_key))&&void 0!==o?o:[],u=h.map(e=>({label:e,value:e})),{data:x}=(0,r.LH)({onlyUnlinkedDatasets:!0}),m=(0,a.useMemo)(()=>{var e;return null!==(e=null==x?void 0:x.map(e=>({value:e.fides_key,label:"".concat(e.name," (").concat(e.fides_key,")")||0})))&&void 0!==e?e:[]},[x]),{errorAlert:j,successAlert:p}=(0,i.V)();return{dropdownOptions:[...u,...m],initialDatasets:h,patchConnectionDatasetConfig:async function(e,s){var t,i,n;let{showSuccessAlert:a=!0}=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},r=null!==(n=null===(t=e.dataset)||void 0===t?void 0:t.map(e=>({fides_key:e,ctl_dataset_fides_key:e})))&&void 0!==n?n:[],o=await d({connection_key:s,dataset_pairs:r}).unwrap();(null===(i=o.failed)||void 0===i?void 0:i.length)>0?j(o.failed[0].message):a&&p("Dataset successfully updated!")}}}},33335:function(e,s,t){t.d(s,{E:function(){return i}});let i=e=>e.toLowerCase().replace(/[ .]/g,"_").replace(/[^a-zA-Z0-9_<>-]/g,"")},45216:function(e,s,t){var i=t(91922),n=t(812),a=t(16394),r=t(14207);s.Z=e=>{let[s,{data:t,fulfilledTimeStamp:o,isLoading:c,isFetching:d}]=(0,r.h2)(),l=(0,i.pmc)();return{testConnection:async()=>{var t,i,a,r;if(!e)return;let o=await s(e.key);if(o.isError)l({status:"error",description:(0,n.e$)(o.error,"Unable to test connection. Please try again.")});else if((null===(t=o.data)||void 0===t?void 0:t.test_status)==="succeeded")l({status:"success",description:"Connected successfully"});else if((null===(i=o.data)||void 0===i?void 0:i.test_status)==="failed"){let e="Connection test failed.";(null===(a=o.data)||void 0===a?void 0:a.failure_reason)&&(e+=" ".concat(null===(r=o.data)||void 0===r?void 0:r.failure_reason)),l({status:"warning",description:e})}},isLoading:c||d,testData:{timestamp:o?(0,a.p6)(o):null==e?void 0:e.last_test_timestamp,succeeded:t?"succeeded"===t.test_status:!!(null==e?void 0:e.last_test_succeeded)}}}},41553:function(e,s,t){var i=t(24246),n=t(91922),a=t(16394);s.Z=e=>{let{testData:s}=e;if(!s.timestamp)return(0,i.jsx)(n.xvT,{"data-testid":"connection-status",children:"Connection not tested"});let t=(0,a.p6)(s.timestamp);return s.succeeded?(0,i.jsxs)(n.kCb,{color:"success-text.900",align:"center","data-testid":"connection-status",children:[(0,i.jsx)(n.rE2,{mr:2,boxSize:4}),(0,i.jsxs)(n.xvT,{children:["Last connected ",t]})]}):(0,i.jsxs)(n.kCb,{color:"error-text.900",align:"center","data-testid":"connection-status",children:[(0,i.jsx)(n.iid,{mr:2,boxSize:4}),(0,i.jsxs)(n.xvT,{children:["Last connection failed ",t]})]})}},75595:function(e,s,t){var i=t(24246),n=t(91922),a=t(41337),r=t(15872),o=t(45216),c=t(15704),d=t(41553);s.Z=e=>{let{integration:s,showTestNotice:t,otherButtons:l,showDeleteButton:h,configureButtonLabel:u="Configure",onConfigureClick:x}=e,{testConnection:m,isLoading:j,testData:p}=(0,o.Z)(s),g=(0,c.ZP)(null==s?void 0:s.connection_type);return(0,i.jsxs)(n.xuv,{maxW:"760px",borderWidth:1,borderRadius:"lg",overflow:"hidden",padding:"12px",marginBottom:"24px","data-testid":"integration-info-".concat(null==s?void 0:s.key),children:[(0,i.jsxs)(n.kCb,{children:[(0,i.jsx)(a.Z,{data:null!=s?s:"",boxSize:"50px"}),(0,i.jsxs)(n.kCb,{direction:"column",flexGrow:1,marginLeft:"16px",children:[(0,i.jsx)(n.xvT,{color:"gray.700",fontWeight:"semibold",children:(null==s?void 0:s.name)||"(No name)"}),t?(0,i.jsx)(d.Z,{testData:p}):(0,i.jsx)(n.xvT,{color:"gray.700",fontSize:"sm",fontWeight:"semibold",mt:1,children:g.category})]}),(0,i.jsxs)("div",{className:"flex gap-4",children:[h&&s&&(0,i.jsx)(r.Z,{showMenu:!1,connection_key:s.key}),t&&(0,i.jsx)(n.wpx,{onClick:m,loading:j,"data-testid":"test-connection-btn",children:"Test connection"}),l,x&&(0,i.jsx)(n.wpx,{onClick:x,"data-testid":"configure-btn",children:u})]})]}),(0,i.jsx)(n.Eq9,{marginTop:"16px",children:g.tags.map(e=>(0,i.jsx)(n.j8w,{children:e},e))})]})}},15987:function(e,s,t){var i=t(24246),n=t(91922),a=t(34090),r=t(90104),o=t.n(r),c=t(92465),d=t.n(c),l=t(25389),h=t.n(l),u=t(15539),x=t.n(u),m=t(55484),j=t(18225),p=t(97181),g=t(40324),y=t(812),v=t(20682),f=t(41966),C=t(94725),S=t(19812),b=t(33335),A=t(1315),D=t(16643),w=t(31883);s.Z=e=>{var s,t;let{connection:r,connectionOption:c,onCancel:l,description:u}=e,[R,{isLoading:E}]=(0,C.Pp)(),[_,{isLoading:T}]=(0,C.pH)(),[H,{isLoading:B}]=(0,A.qd)(),{data:k,isLoading:F}=(0,v.n3)(c.identifier),{data:L}=(0,A.K3)(),I=null==L?void 0:L.map(e=>{var s;return{label:null!==(s=e.name)&&void 0!==s?s:e.fides_key,value:e.fides_key}}),{data:O}=(0,f.LH)({minimal:!0,connection_type:D.Rj.BIGQUERY}),U=null==O?void 0:O.map(e=>{var s;return{label:null!==(s=e.name)&&void 0!==s?s:e.fides_key,value:e.fides_key}}),{patchConnectionDatasetConfig:M,initialDatasets:q}=(0,S.t)({connectionConfig:r}),P=E||T||B,N={name:null!==(s=null==r?void 0:r.name)&&void 0!==s?s:"",description:null!==(t=null==r?void 0:r.description)&&void 0!==t?t:"",secrets:h()(null==k?void 0:k.properties,(e,s)=>{var t,i;return null!==(i=null==r?void 0:null===(t=r.secrets)||void 0===t?void 0:t[s])&&void 0!==i?i:""}),dataset:q},Q=(0,n.pmc)(),G=!!r,Z=e=>x()(h()(e,(e,s)=>{var t,i;return(null!==(i=null==r?void 0:null===(t=r.secrets)||void 0===t?void 0:t[s])&&void 0!==i?i:"")===e?void 0:e}),d()),z=async e=>{var s;let t;let i=Z(e.secrets),n=G?{...r,disabled:null!==(s=r.disabled)&&void 0!==s&&s,name:e.name,description:e.description,secrets:void 0}:{name:e.name,key:(0,b.E)(e.name),connection_type:c.identifier,access:D.uv.READ,disabled:!1,description:e.description,secrets:e.secrets,dataset:e.dataset};if(t=e.system_fides_key?await H({systemFidesKey:e.system_fides_key,connectionConfigs:[n]}):await _(n),(0,w.D4)(t)){Q({status:"error",description:(0,y.e$)(t.error,"A problem occurred while ".concat(G?"updating":"creating"," this integration. Please try again."))});return}if(!e.secrets){Q({status:"success",description:"Integration ".concat(G?"updated":"created"," successfully")});return}if(!o()(i)){let e=await R({connection_key:n.key,secrets:i});if((0,w.D4)(e)){Q({status:"error",description:(0,y.e$)(e.error,"An error occurred while ".concat(G?"updating":"creating"," this integration's secret. Please try again."))});return}}Q({status:"success",description:"Integration secret ".concat(G?"updated":"created"," successfully")}),l(),n&&e.dataset&&c.identifier===D.Rj.DATAHUB&&await M(e,n.key,{showSuccessAlert:!1})};if(F)return(0,i.jsx)(j.Z,{});let W=e=>Object.entries(e.properties).map(s=>{let[t,n]=s,a="secrets.".concat(t);return(0,i.jsx)(g.j0,{name:a,id:a,type:n.sensitive?"password":void 0,label:n.title,isRequired:e.required.includes(t),tooltip:n.description,variant:"stacked"},a)});return(0,i.jsxs)(i.Fragment,{children:[u&&(0,i.jsx)(n.xuv,{padding:"20px 24px",backgroundColor:"gray.50",borderRadius:"md",border:"1px solid",borderColor:"gray.200",fontSize:"sm",marginTop:"16px",children:u}),(0,i.jsx)(a.J9,{initialValues:N,enableReinitialize:!0,onSubmit:z,validationSchema:(e=>{let s=Object.entries(e.properties).map(s=>{let[t,i]=s;return[t,e.required.includes(t)?m.Z_().required().label(i.title):m.Z_().nullable().label(i.title)]});return m.Ry().shape({name:m.Z_().required().label("Name"),description:m.Z_().nullable().label("Description"),secrets:m.Ry().shape(Object.fromEntries(s))})})(k),children:e=>{let{dirty:s,isValid:t,resetForm:r}=e;return(0,i.jsx)(a.l0,{children:(0,i.jsxs)(n.gCW,{alignItems:"start",spacing:6,mt:4,children:[(0,i.jsx)(g.j0,{id:"name",name:"name",label:"Name",variant:"stacked",isRequired:!0}),(0,i.jsx)(g.j0,{id:"description",name:"description",label:"Description",variant:"stacked"}),W(k),!G&&(0,i.jsx)(p.d,{id:"system_fides_key",name:"system_fides_key",options:null!=I?I:[],label:"System",tooltip:"The system to associate with the integration",layout:"stacked"}),c.identifier===D.Rj.DATAHUB&&(0,i.jsx)(p.d,{id:"dataset",name:"dataset",options:null!=U?U:[],label:"Datasets",tooltip:"Only BigQuery datasets are supported. Selected datasets will sync with matching DataHub datasets. If none are selected, all datasets will be included by default.",layout:"stacked",mode:"multiple"}),(0,i.jsxs)("div",{className:"flex w-full justify-between",children:[(0,i.jsx)(n.wpx,{onClick:()=>{l(),r()},children:"Cancel"}),(0,i.jsx)(n.wpx,{htmlType:"submit",type:"primary",disabled:!s||!t,loading:P,"data-testid":"save-btn",children:"Save"})]})]})})}})]})}},15704:function(e,s,t){t.d(s,{FO:function(){return B},jq:function(){return k},ZP:function(){return L}}),(i=n||(n={})).DATA_CATALOG="Data Catalog",i.DATA_WAREHOUSE="Data Warehouse",i.DATABASE="Database",i.WEBSITE="Website";var i,n,a=t(24246),r=t(91922),o=t(79789),c=e=>{let{children:s}=e,{isOpen:t,onToggle:i}=(0,r.qY0)();return(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(r.UO1,{in:t,children:s}),(0,a.jsx)(r.xvT,{fontSize:"sm",cursor:"pointer",textDecoration:"underline",onClick:i,children:t?"Show less":"Show more"})]})},d=t(16643);let l={name:"Google BigQuery",key:"bq_placeholder",connection_type:d.Rj.BIGQUERY,access:d.uv.READ,created_at:""},h=[{permission:"bigquery.jobs.create",description:"Run jobs (e.g. queries) within the project. This is only needed for the Fides Project where the Fides service account is located."},{permission:"bigquery.jobs.list",description:"Manage the queries that the service account performs. This is only needed for the Fides Project where the Fides service account is located."},{permission:"bigquery.routines.get",description:"Allow the service account to retrieve custom routines (e.g. queries) on associated datasets and tables."},{permission:"bigquery.routines.list",description:"Allow the service account to manage the custom routines (e.g. queries) that run on associated datasets and tables."}],u=[{permission:"bigquery.datasets.get",description:"Retrieve metadata and list tables for the specified project."},{permission:"bigquery.tables.get",description:"Retrieve metadata for the specified table."},{permission:"bigquery.tables.getData",description:"Read data in the specified table."},{permission:"bigquery.tables.list",description:"List all tables in the specified dataset."},{permission:"resourcemanager.projects.get",description:"Retrieve metadata for the specified project."}],x={placeholder:l,category:n.DATA_WAREHOUSE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Continuously monitor BigQuery to detect and track schema-level changes, automatically discover and label data categories as well as automatically process DSR (privacy requests) and consent enforcement to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Data Warehouse"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Cloud provider"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"}),(0,a.jsx)(r.HCh,{children:"DSR automation"}),(0,a.jsx)(r.HCh,{children:"Consent orchestration"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detection and discovery, Fides requires a read-only BigQuery service account with limited permissions. If you intend to automate governance for DSR or Consent, Fides requires a read-and-write BigQuery service account to any project you would like Fides to govern."}),(0,a.jsx)(o.XU,{children:"A BigQuery administrator can create the necessary role for Fides using BigQuery's roles guide and assign this to a service account using BigQuery's service account guide."}),(0,a.jsx)(o.XU,{children:"The permissions allow Fides to read the schema of, and data stored in projects, datasets and tables as well write restricted updates based on your policy configurations to tables you specify as part of DSR and Consent orchestration."}),(0,a.jsx)(o.cB,{text:"Permissions list"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"bigquery.jobs.create"}),(0,a.jsx)(r.HCh,{children:"bigquery.jobs.list"}),(0,a.jsx)(r.HCh,{children:"bigquery.routines.get"}),(0,a.jsx)(r.HCh,{children:"bigquery.routines.list"}),(0,a.jsx)(r.HCh,{children:"bigquery.datasets.get"}),(0,a.jsx)(r.HCh,{children:"bigquery.tables.get"}),(0,a.jsx)(r.HCh,{children:"bigquery.tables.getData"}),(0,a.jsx)(r.HCh,{children:"bigquery.tables.list"}),(0,a.jsx)(r.HCh,{children:"bigquery.tables.updateData"}),(0,a.jsx)(r.HCh,{children:"resourcemanager.projects.get"})]})]})]}),{}),instructions:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Configuring a Fides -> BigQuery Integration"}),(0,a.jsx)(o.cB,{text:"Step 1: Create a Fides project"}),(0,a.jsxs)(o.XU,{children:["Create a Fides Project using"," ",(0,a.jsx)(o.Hn,{href:"https://cloud.google.com/resource-manager/docs/creating-managing-projects#creating_a_project",children:"BigQuery's project creation guide"}),"."]}),(0,a.jsx)(o.cB,{text:"Step 2: Create a Fides role in GCP"}),(0,a.jsxs)(o.vQ,{children:[(0,a.jsxs)(r.HCh,{children:["Create a custom role for Fides using BigQuery's"," ",(0,a.jsx)(o.Hn,{href:"https://cloud.google.com/iam/docs/creating-custom-roles#creating_a_custom_role",children:"roles guide"}),"."]}),(0,a.jsx)(r.HCh,{children:"Follow the sections below to grant permissions to this role for the Fides project and any project you would like Fides to manage."})]}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Step 3: Assign permissions to the Fides project"}),(0,a.jsx)(o.XU,{children:"Assign the following permissions to the Fides Project that will be used by your Fides service account to run queries:"}),(0,a.jsx)(o.aG,{data:h}),(0,a.jsx)(o.cB,{text:"Step 4: Assign permissions to any project you’d like Fides to monitor"}),(0,a.jsx)(o.XU,{children:"Grant the following permissions to the Fides service account in every project where you would like Fides detection and discovery monitoring."}),(0,a.jsx)(o.aG,{data:u}),(0,a.jsx)(o.cB,{text:"Step 5: Create a Fides service account in the Fides Project"}),(0,a.jsxs)(o.vQ,{children:[(0,a.jsxs)(r.HCh,{children:["Create a service account for Fides using BigQuery's"," ",(0,a.jsx)(o.Hn,{href:"https://cloud.google.com/iam/docs/service-accounts-create",children:"service account guide"}),"."]}),(0,a.jsx)(r.HCh,{children:"Assign the previously created role to this service account."}),(0,a.jsxs)(r.HCh,{children:["Download the service account JSON keyfile."," ",(0,a.jsx)("strong",{children:"Note: this is sensitive information that should not be shared."})," ","An example of this is below:"]})]}),(0,a.jsx)(o.hX,{children:'{\n "type": "service_account",\n "project_id": "project-id-123456",\n "private_key_id": "0123456789abcdef0123456789abcdef01234567",\n "private_key": "-----BEGIN PRIVATE KEY-----\\nMIIyourkey-----\\nEND PRIVATE KEY-----\\n",\n "client_email": "test@project-id-123456.iam.gserviceaccount.com",\n "client_id": "012345678901234567890",\n "auth_uri": "https://accounts.google.com/o/oauth2/auth",\n "token_uri": "https://oauth2.googleapis.com/token",\n "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",\n "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/test%40project-id-123456.iam.gserviceaccount.com"\n}'}),(0,a.jsx)(o.cB,{text:"Step 6: Use the JSON key to authenticate your integration"}),(0,a.jsx)(o.XU,{children:"Provide the JSON key to your Fides instance to securely connect Fides."})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},m={name:"Datahub",key:"datahub_placeholder",connection_type:d.Rj.DATAHUB,access:d.uv.READ,created_at:""},j=(0,a.jsx)(a.Fragment,{children:"Set up a connection to your DataHub instance by providing a name, server URL, and access token. You can also select the BigQuery datasets you'd like to sync—these will be matched with corresponding datasets in DataHub. If no datasets are selected, all available BigQuery datasets will be included by default."}),p={placeholder:m,category:n.DATA_CATALOG,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"DataHub is a metadata platform designed to help organizations manage and govern their data. It acts as a centralized repository for tracking and discovering data assets across an organization, helping data teams understand where their data resides, how it's used, and how it flows through various systems."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsx)(o.Z5,{children:(0,a.jsx)(r.HCh,{children:"Data Catalog"})}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.Z5,{children:(0,a.jsx)(r.HCh,{children:"The related user to the access token must have at least the Editor role on DataHub."})})]})]}),{}),tags:["Sync"],description:j},g={name:"DynamoDB",key:"dynamo_placeholder",connection_type:d.Rj.DYNAMODB,access:d.uv.READ,created_at:""},y=[{permission:"AmazonDynamoDBReadOnlyAccess",description:"Provides read-only access to Amazon DynamoDB via the AWS Management Console."},{permission:"AmazonDynamoDBFullAccess",description:"Provides full access to Amazon DynamoDB via the AWS Management Console. Only needed if automating governance for DSR or Consent."}],v={placeholder:g,category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Continuously monitor DynamoDB to detect and track schema-level changes, automatically discover and label data categories as well as automatically process DSR (privacy requests) and consent enforcement to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"NoSQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Cloud provider"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions and Policies"}),(0,a.jsxs)(o.XU,{children:["For detection and discovery, Fides requires an IAM user with read-only DynamoDB permissions in order to detect, discover, and classify sensitive data. The AWS-managed"," ",(0,a.jsx)(r.EKh,{children:"AmazonDynamoDBReadOnlyAccess"})," policy can be used to assign these permissions. If you intend to automate governance for DSR or Consent, Fides requires an IAM user with read-and-write DynamoDB permissions. The AWS-managed",(0,a.jsx)(r.EKh,{children:"AmazonDynamoDBFullAccess"})," policy can be used to assign these permissions. An IAM administrator can create the necessary principal for Fides using the AWS IAM guides, and assign the appropriate permissions policy to the IAM user."]}),(0,a.jsx)(o.XU,{children:"The permissions allow Fides to read the schema of, and data stored in, DynamoDB tables. This data is inspected only for the purpose of detecting sensitive data risks and no data is stored by Fides. As part of DSR or Consent orchestration, Fides will only write restricted updates to the tables specified by your Fides policy configuration."}),(0,a.jsx)(o.cB,{text:"Policy List"}),(0,a.jsx)(o.XU,{children:"The following AWS-managed policies provide the necessary permissions for Fides:"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"AmazonDynamoDBReadOnlyAccess"}),(0,a.jsx)(r.HCh,{children:"AmazonDynamoDBFullAccess (only needed if automating governance for DSR or Consent)"})]})]})]}),{}),instructions:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Configuring a Fides -> DynamoDB Integration"}),(0,a.jsx)(o.cB,{text:"Step 1: Create an IAM user in AWS"}),(0,a.jsxs)(o.XU,{children:["Create an IAM user for Fides' DynamoDB access following the"," ",(0,a.jsx)(o.Hn,{href:"https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html#getting-started-iam-user",children:"AWS IAM user guide"}),"."]}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Step 2: Assign policies to the IAM user"}),(0,a.jsx)(o.XU,{children:"Grant the necessary permissions to the IAM user by attaching directly the appropriate AWS-managed policy for your use case:"}),(0,a.jsx)(o.aG,{data:y}),(0,a.jsx)(o.cB,{text:"Step 3: Create an access key for the IAM user"}),(0,a.jsxs)(o.vQ,{children:[(0,a.jsxs)(r.HCh,{children:["Create an access key for the IAM user under"," ",(0,a.jsx)("strong",{children:"Security credentials"})]}),(0,a.jsx)(r.HCh,{children:"Select the Other use case"}),(0,a.jsx)(r.HCh,{children:"Copy the Access Key ID and Secret Access Key"})]}),(0,a.jsx)(o.cB,{text:"Use the Credentials to Authenticate Your Integration"}),(0,a.jsx)(o.XU,{children:"Provide the credentials to your Fides instance to securely connect Fides."})]})]}),{}),tags:["Database","DSR Automation","Discovery","Detection"]},f={placeholder:{name:"Google Cloud SQL for MySQL",key:"google_cloud_sql_for_mysql_placeholder",connection_type:d.Rj.GOOGLE_CLOUD_SQL_MYSQL,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Google Cloud SQL for MySQL is a fully-managed relational database service that simplifies the setup, maintenance, management, and administration of MySQL databases. Connect Fides to your Google Cloud SQL for MySQL to detect and track changes in schemas and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"}),(0,a.jsx)(r.HCh,{children:"DSR automation"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detection and discovery, Fides requires a user with the SELECT permission on the database. If you intend to automate governance for DSR or Consent, Fides requires a user with the SELECT, UPDATE, and DELETE The permissions allow Fides to read the schema of, and data stored in tables, and fields as well as write restricted updates based on your policy configurations to tables you specify as part of DSR and Consent orchestration. For a complete list of permissions view the Google Cloud SQL for MySQL DB documentation."}),(0,a.jsx)(o.cB,{text:"Permissions list"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"GRANT SELECT"}),(0,a.jsx)(r.HCh,{children:"GRANT UPDATE"}),(0,a.jsx)(r.HCh,{children:"GRANT DELETE"})]})]})]}),{}),tags:["Discovery","Detection"]},C={placeholder:{name:"Google Cloud SQL for Postgres",key:"google_cloud_sql_for_postgres_placeholder",connection_type:d.Rj.GOOGLE_CLOUD_SQL_POSTGRES,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Google Cloud SQL for Postgres is a fully-managed relational database service that simplifies the setup, maintenance, management, and administration of Postgres databases. Connect Fides to your Google Cloud SQL for Postgres to detect and track changes in schemas and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"}),(0,a.jsx)(r.HCh,{children:"DSR automation"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detection and discovery, Fides requires a user with the SELECT permission on the database. If you intend to automate governance for DSR or Consent, Fides requires a user with the SELECT, UPDATE, and DELETE permission. The permissions allow Fides to read the schema of, and data stored in tables, and fields as well as write restricted updates based on your policy configurations to tables you specify as part of DSR and orchestration. For a complete list of permissions view the Google Cloud SQL for Postgres DB documentation."}),(0,a.jsx)(o.XU,{children:"The following GCP service account permissions are needed when setting up Google Cloud SQL for Postgres."}),(0,a.jsx)(o.cB,{text:"Permissions list"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"cloudsql.instances.connect"}),(0,a.jsx)(r.HCh,{children:"cloudsql.instances.get"}),(0,a.jsx)(r.HCh,{children:"cloudsql.instances.login"})]})]})]}),{}),tags:["Discovery","Detection"]},S={placeholder:{name:"Microsoft SQL Server",key:"microsoft_sql_server_placeholder",connection_type:d.Rj.MSSQL,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Microsoft SQL Server, is a relational database management system (RDBMS) developed by Microsoft. It is designed to store, manage, and retrieve data as requested by other software applications, which may run either on the same computer or across a network."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detecting databases, Fides requires a user with the following permissions/role:"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE LOGIN username WITH PASSWORD = 'password';"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT, INSERT, UPDATE TO username;"})]})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},b={placeholder:{name:"MySQL",key:"mysql_placeholder",connection_type:d.Rj.MYSQL,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Continuously monitor MySQL databases to detect and track schema-level changes, automatically discover and label data categories as well as automatically process DSR (privacy requests) and consent enforcement to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detecting databases, Fides requires a user with the following permissions/role:"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE USER 'username' IDENTIFIED WITH authentication_plugin BY 'password';"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT, INSERT ON database.* TO 'username'@'%';"})]})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},A={placeholder:{name:"Postgres",key:"postgres_placeholder",connection_type:d.Rj.POSTGRES,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Postgres is a relational database. Connect Fides to your Postgres Datbase to detect and track changes in schemas and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.XU,{children:"For each database, Fides requires the following permissions, where 'username' is the user set up for Fides, and 'database' is the name of the database you want to connect to."}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE USER username WITH LOGIN;"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT ON ALL TABLES IN SCHEMA public TO username;"}),(0,a.jsx)(r.HCh,{children:"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO username;"})]})]})]}),{}),tags:["Detection","Discovery"]},D={placeholder:{name:"Amazon RDS MySQL",key:"rds_mysql_placeholder",connection_type:d.Rj.RDS_MYSQL,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Amazon RDS MySQL is a fully-managed relational database service that simplifies the setup, maintenance, management, and administration of MySQL databases. Connect Fides to your Amazon RDS MySQL to detect and track changes in schemas and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detecting database RDS instances and clusters, Fides requires an IAM user with the following permissions/role:"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"rds:DescribeDBClusters"}),(0,a.jsx)(r.HCh,{children:"rds:DescribeDBInstances"}),(0,a.jsx)(r.HCh,{children:"rds-db:connect"})]}),(0,a.jsx)(o.XU,{children:"And per database instance and database it requires the following permissions, where 'username' is the user set up for Fides, and 'database' is the database name, you want to connect to."}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE USER 'username' IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT, INSERT ON database.* TO 'username'@'%';"})]})]})]}),{}),tags:["Discovery","Detection"]},w={placeholder:{name:"Amazon RDS Postgres",key:"rds_postgres_placeholder",connection_type:d.Rj.RDS_POSTGRES,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Amazon RDS Postgres is a fully-managed relational database service that simplifies the setup, maintenance, management, and administration of Postgres databases. Connect Fides to your Amazon RDS Postgres to detect and track changes in schemas and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detecting database RDS instances and clusters, Fides requires an IAM user with the following permissions/role:"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"rds:DescribeDBClusters"}),(0,a.jsx)(r.HCh,{children:"rds:DescribeDBInstances"}),(0,a.jsx)(r.HCh,{children:"rds-db:connect"})]}),(0,a.jsx)(o.XU,{children:"For each database instance and database, Fides requires the following permissions, where 'username' is the user set up for Fides, and 'database' is the name of the database you want to connect to."}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE USER username WITH LOGIN;"}),(0,a.jsx)(r.HCh,{children:"GRANT rds_iam TO username;"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT ON ALL TABLES IN SCHEMA public TO username;"}),(0,a.jsx)(r.HCh,{children:"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO username;"})]})]})]}),{}),tags:["Discovery","Detection"]},R={placeholder:{name:"Amazon S3",key:"s3_placeholder",connection_type:d.Rj.S3,access:d.uv.READ,created_at:""},category:n.DATA_WAREHOUSE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Continuously monitor S3 to detect and track schema-level changes, automatically discover and label data categories as well as automatically process DSR (privacy requests) and consent enforcement to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Object storage"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Cloud provider"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"Fides requires an IAM principal with read-only S3 permissions in order to detect, discover, and classify sensitive data. The AWS-managed AmazonS3ReadOnlyAccess policy can be used to assign these permissions. An IAM administrator can create the necessary principal for Fides using the AWS IAM guides, and assign the appropriate permissions policy to the IAM principal."}),(0,a.jsx)(o.XU,{children:"The permissions allow Fides to list buckets and read object data data stored in those buckets. This data is inspected only for the purpose of detecting sensitive data risks and no data is stored by Fides."}),(0,a.jsx)(o.XU,{children:"Ethyca recommends creating an IAM role with the appropriate permissions, which will be assumed by Fides at runtime, with ephemeral credentials. There must also be an IAM user with fixed credentials that Fides uses strictly for assuming the IAM role with the appropriate permissions. If desired, Fides also supports authenticating directly as an IAM user with the appropriate permissions, but this is considered a less secure option."}),(0,a.jsx)(o.cB,{text:"Permissions list"}),(0,a.jsx)(o.Z5,{children:(0,a.jsx)(r.HCh,{children:"AmazonS3ReadOnlyAccess"})})]})]}),{}),instructions:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Configuring a Fides -> Amazon S3 Integration"}),(0,a.jsx)(o.cB,{text:"Step 1: Create an IAM role in AWS"}),(0,a.jsx)(o.XU,{children:"Create an IAM role for Fides' S3 access following the AWS IAM roles guide. This role will be referred to below as the Fides S3 Access Role."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Step 2: Assign policies to the IAM role"}),(0,a.jsx)(o.XU,{children:"Grant the necessary permissions to the IAM role by attaching the following AWS-managed policy:"}),(0,a.jsx)(o.aG,{data:[{permission:"AmazonS3ReadOnlyAccess",description:"Provides read-only access to all buckets via the AWS Management Console."}]}),(0,a.jsx)(o.cB,{text:"Step 3: Create an IAM user for assuming a role"}),(0,a.jsxs)(o.XU,{children:["Follow the ",(0,a.jsx)(o.Hn,{href:"https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started.html#getting-started-iam-user",children:"AWS guide"})," for creating an IAM user to create an IAM user that Fides will authenticate as in order to assume the Fides S3 Access Role created above, and retrieve ephemeral credentials."]}),(0,a.jsx)(o.cB,{text:"Step 4: Grant the IAM user permission to assume the Fides S3 Access Role"}),(0,a.jsx)(o.XU,{children:"Navigate to the IAM user’s Permissions page and add a permission by creating an inline policy. This permission should grant the IAM user permission to assume the Fides S3 Access Role created above (you’ll need to retrieve the role ARN). The inline policy should look similar to this:"}),(0,a.jsx)(o.hX,{children:'{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Sid": "VisualEditor0",\n "Effect": "Allow",\n "Action": "sts:AssumeRole",\n "Resource": "arn:aws:iam::[AWS ACCOUNT NUMBER]:role/[Fides S3 Access Role ARN]"\n }\n ]\n}'}),(0,a.jsx)(o.cB,{text:"Step 5: Create an access key for the IAM user"}),(0,a.jsxs)(o.vQ,{children:[(0,a.jsxs)(r.HCh,{children:["Create an access key for the IAM user under"," ",(0,a.jsx)("strong",{children:"Security credentials"}),"."]}),(0,a.jsx)(r.HCh,{children:"Select the Other use case"}),(0,a.jsx)(r.HCh,{children:"Copy the Access Key ID and Secret Access Key"})]}),(0,a.jsx)(o.cB,{text:"Step 6: Use the credentials to authenticate your integration"}),(0,a.jsxs)(o.XU,{children:["Provide the credentials to your Fides instance to securely connect Fides. For the Assume Role ARN, provide the ARN for the Fides S3 Access Role created in step 1."," "]})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},E={placeholder:{name:"Scylla",key:"scylla_placeholder",connection_type:d.Rj.SCYLLA,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"ScyllaDB is an open-sources distributed NoSQL data store designed to be compatible with Apache Cassandra. Connect Fides to your ScyllaDB to detect and track changes in keyspaces and tables and automatically discover and label data categories to proactively manage data governance risks."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"NoSQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"}),(0,a.jsx)(r.HCh,{children:"DSR automation"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsx)(o.XU,{children:"For detection and discovery, Fides requires a user with the SELECT permission on all keyspaces. If you intend to automate governance for DSR or Consent, Fides requires the role to to be granted SELECT and MODIFY on all keyspaces. The permissions allow Fides to read the schema of, and data stored in keyspaces, tables, and fields as well as write restricted updates based on your policy configurations to tables you specify as part of DSR and Consent orchestration. For a complete list of permissions view the Scylla DB documentation."}),(0,a.jsx)(o.cB,{text:"Permissions list"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"SELECT ALL KEYSPACES"}),(0,a.jsx)(r.HCh,{children:"MODIFY ALL KEYSPACES"})]})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},_={placeholder:{name:"Snowflake",key:"snowflake_placeholder",connection_type:d.Rj.SNOWFLAKE,access:d.uv.READ,created_at:""},category:n.DATABASE,overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Snowflake is a cloud-based data warehousing platform designed for handling large-scale data storage and analytics. It enables organizations to store, manage, and analyze massive amounts of data efficiently, offering features like scalability, performance, and flexibility."}),(0,a.jsxs)(c,{children:[(0,a.jsx)(o.cB,{text:"Categories"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"Database"}),(0,a.jsx)(r.HCh,{children:"SQL database"}),(0,a.jsx)(r.HCh,{children:"Storage system"}),(0,a.jsx)(r.HCh,{children:"Data detection"}),(0,a.jsx)(r.HCh,{children:"Data discovery"})]}),(0,a.jsx)(o.cB,{text:"Permissions"}),(0,a.jsxs)(o.Z5,{children:[(0,a.jsx)(r.HCh,{children:"CREATE ROLE my_monitor_role;"}),(0,a.jsx)(r.HCh,{children:"GRANT USAGE ON DATABASE DATABASE_1 TO ROLE my_monitor_role;"}),(0,a.jsx)(r.HCh,{children:"GRANT USAGE ON SCHEMA DATABASE_1.TEST_SCHEMA TO ROLE my_monitor_role;"}),(0,a.jsx)(r.HCh,{children:"GRANT SELECT ON ALL TABLES IN SCHEMA DATABASE_1.TEST_SCHEMA TO ROLE my_monitor_role;"}),(0,a.jsx)(r.HCh,{children:"CREATE USER test_user PASSWORD='***';"}),(0,a.jsx)(r.HCh,{children:"GRANT ROLE my_monitor_role TO USER test_user;"})]})]})]}),{}),tags:["DSR Automation","Discovery","Detection"]},T={placeholder:{name:"Website",key:"website_placeholder",connection_type:d.Rj.WEBSITE,access:d.uv.READ,created_at:""},category:n.WEBSITE,tags:["Consent","Discovery","Detection"],overview:(0,a.jsx)(()=>(0,a.jsxs)(a.Fragment,{children:[(0,a.jsx)(o.cB,{text:"Overview"}),(0,a.jsx)(o.XU,{children:"Websites, or “properties”, often process user data. Adding a website as an integration lets you configure a Consent Management Platform (CMP), a site-specific privacy center, and Cross-Origin requests via Fides. You can also set up monitors to detect vendors, track technologies like cookies or pixels, and ensure compliance."})]}),{})},H={[d.Rj.BIGQUERY]:x,[d.Rj.DATAHUB]:p,[d.Rj.DYNAMODB]:v,[d.Rj.GOOGLE_CLOUD_SQL_MYSQL]:f,[d.Rj.GOOGLE_CLOUD_SQL_POSTGRES]:C,[d.Rj.MSSQL]:S,[d.Rj.RDS_MYSQL]:D,[d.Rj.RDS_POSTGRES]:w,[d.Rj.S3]:R,[d.Rj.SCYLLA]:E,[d.Rj.SNOWFLAKE]:_,[d.Rj.MYSQL]:b,[d.Rj.WEBSITE]:T,[d.Rj.POSTGRES]:A},B=Object.values(H),k=Object.keys(H),F={placeholder:{name:"",key:"placeholder",connection_type:d.Rj.MANUAL,access:d.uv.READ,created_at:""},category:n.DATA_WAREHOUSE,tags:[]};var L=e=>{var s;return e&&null!==(s=H[e])&&void 0!==s?s:F}},64176:function(e,s,t){var i=t(27378),n=t(20682);s.Z=e=>{let{data:s}=(0,n.$I)({});return(0,i.useMemo)(()=>null==s?void 0:s.items.find(s=>s.identifier===e),[s,e])}},31883:function(e,s,t){t.d(s,{Bw:function(){return i.Bw},D4:function(){return i.D4}});var i=t(19043)}}]);

ethyca-fides 2.60.0rc1__py2.py3-none-any.whl → 2.60.1b0__py2.py3-none-any.whl

ethyca-fides 2.60.0rc1py2.py3-none-any.whl → 2.60.1b0py2.py3-none-any.whl