PyPI - ethyca-fides - Versions diffs - 2.63.1b3__py2.py3-none-any.whl → 2.63.1rc0__py2.py3-none-any.whl - Mend

ethyca-fides 2.63.1b3py2.py3-none-any.whl → 2.63.1rc0py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (152) hide show

fides/api/service/storage/s3.py CHANGED Viewed

@@ -1,7 +1,6 @@
 from __future__ import annotations
-from io import BytesIO
-from typing import IO, Any, Dict, Optional, Tuple, Union
+from typing import IO, Any, Dict, Tuple, Union
 from boto3.s3.transfer import TransferConfig
 from botocore.exceptions import ClientError, ParamValidationError
@@ -35,7 +34,7 @@ def maybe_get_s3_client(
 def create_presigned_url_for_s3(
-    s3_client: Any, bucket_name: str, file_key: str, ttl_seconds: Optional[int] = None
+    s3_client: Any, bucket_name: str, file_key: str
 ) -> AnyHttpUrlString:
     """
     Generates a presigned URL to share an S3 object
@@ -46,16 +45,10 @@ def create_presigned_url_for_s3(
     :return: Presigned URL as string.
     """
     params = {"Bucket": bucket_name, "Key": file_key}
-    if ttl_seconds:
-        if ttl_seconds > 604800:
-            raise ValueError("TTL must be less than 7 days")
-        expires_in = ttl_seconds
-    else:
-        expires_in = CONFIG.security.subject_request_download_link_ttl_seconds
     response = s3_client.generate_presigned_url(
         "get_object",
         Params=params,
-        ExpiresIn=expires_in,
+        ExpiresIn=CONFIG.security.subject_request_download_link_ttl_seconds,
     )
     # The response contains the presigned URL
@@ -75,7 +68,7 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     file_key: str,
     auth_method: str,
     document: IO[bytes],
-    size_threshold: int = LARGE_FILE_THRESHOLD,  # 25 MB threshold
+    size_threshold: int = LARGE_FILE_THRESHOLD,  # 5 MB threshold
 ) -> Tuple[int, AnyHttpUrlString]:
     """
     Uploads file like objects to S3.
@@ -137,8 +130,7 @@ def generic_retrieve_from_s3(
     file_key: str,
     auth_method: str,
     get_content: bool = False,
-    ttl_seconds: Optional[int] = None,
-) -> Tuple[int, Union[str, IO[bytes]]]:
+) -> Tuple[int, Union[str, bytes]]:
     """
     Retrieves a file from S3 and returns its size and either a presigned URL or the actual content.
@@ -156,23 +148,17 @@ def generic_retrieve_from_s3(
     s3_client = get_s3_client(auth_method, storage_secrets)
     try:
-        # Get file size using head_object
-        size_response = s3_client.head_object(Bucket=bucket_name, Key=file_key)
-        # If the file is less than 25MB, we can get the content otherwise return the presigned URL
-        if get_content and size_response["ContentLength"] <= LARGE_FILE_THRESHOLD:
-            # Get the actual content using download_fileobj
-            file_obj = BytesIO()
-            s3_client.download_fileobj(
-                Bucket=bucket_name, Key=file_key, Fileobj=file_obj
-            )
-            file_obj.seek(0)  # Reset file pointer to beginning
-            return int(size_response["ContentLength"]), file_obj
+        if get_content:
+            # Get the actual content
+            response = s3_client.get_object(Bucket=bucket_name, Key=file_key)
+            content = response["Body"].read()
+            return response["ContentLength"], content
         # Get presigned URL
-        presigned_url = create_presigned_url_for_s3(
-            s3_client, bucket_name, file_key, ttl_seconds
-        )
-        return int(size_response["ContentLength"]), str(presigned_url)
+        presigned_url = create_presigned_url_for_s3(s3_client, bucket_name, file_key)
+        # Get file size
+        response = s3_client.head_object(Bucket=bucket_name, Key=file_key)
+        return int(response["ContentLength"]), str(presigned_url)
     except ClientError as e:
         logger.error(f"Error retrieving file from S3: {e}")
         raise e

fides/api/service/storage/util.py CHANGED Viewed

@@ -3,10 +3,6 @@ from enum import Enum as EnumType
 from loguru import logger
-# This is the max file size for downloading the content of an attachment.
-# This is an industry standard used by companies like Google and Microsoft.
-LARGE_FILE_THRESHOLD = 25 * 1024 * 1024  # 25 MB
 class AllowedFileType(EnumType):
     """
@@ -28,49 +24,15 @@ class AllowedFileType(EnumType):
 LOCAL_FIDES_UPLOAD_DIRECTORY = "fides_uploads"
+# Default to 10MB if not specified in environment
+LARGE_FILE_THRESHOLD = 10 * 1024 * 1024  # 10 MB threshold
-def get_local_filename(file_key: str) -> str:
-    """Verifies that the local storage directory exists and returns the local filepath.
-    This extra security checks are to prevent directory traversal attacks and "complete business and technical destruction".
-    Thanks Claude.
-    Args:
-        file_key: The key/path for the file
-    Returns:
-        The full local filepath
-    Raises:
-        ValueError: If the file_key is invalid or would result in a path outside the upload directory
-    """
-    # Basic validation
-    if not file_key:
-        raise ValueError("File key cannot be empty")
-    # Security checks before normalization
-    if file_key.startswith("/"):
-        raise ValueError("Invalid file key: cannot start with '/'")
-    # Normalize the path to handle any path separators consistently
-    # First normalize using os.path.normpath to handle any redundant separators
-    normalized_key = os.path.normpath(file_key)
-    # Then convert all separators to forward slashes for consistency
-    normalized_key = normalized_key.replace("\\", "/")
-    # Additional security: ensure the final path is within the upload directory
-    final_path = os.path.join(LOCAL_FIDES_UPLOAD_DIRECTORY, normalized_key)
-    if not os.path.abspath(final_path).startswith(
-        os.path.abspath(LOCAL_FIDES_UPLOAD_DIRECTORY)
-    ):
-        raise ValueError(
-            "Invalid file key: would result in path outside upload directory"
-        )
-    # Create all necessary directories
-    os.makedirs(os.path.dirname(final_path), exist_ok=True)
-    return final_path
+def get_local_filename(file_key: str) -> str:
+    """Verifies that the local storage directory exists and returns the local filepath"""
+    if not os.path.exists(LOCAL_FIDES_UPLOAD_DIRECTORY):
+        os.makedirs(LOCAL_FIDES_UPLOAD_DIRECTORY)
+    return f"{LOCAL_FIDES_UPLOAD_DIRECTORY}/{file_key}"
 def get_allowed_file_type_or_raise(file_key: str) -> str:

fides/api/task/create_request_tasks.py CHANGED Viewed

@@ -29,8 +29,8 @@ from fides.api.models.privacy_request import (
     RequestTask,
     TraversalDetails,
 )
+from fides.api.models.worker_task import ExecutionLogStatus
 from fides.api.schemas.policy import ActionType
-from fides.api.schemas.privacy_request import ExecutionLogStatus
 from fides.api.task.deprecated_graph_task import format_data_use_map_for_caching
 from fides.api.task.execute_request_tasks import log_task_queued, queue_request_task
 from fides.api.util.logger_context_utils import log_context

fides/api/task/execute_request_tasks.py CHANGED Viewed

@@ -22,8 +22,9 @@ from fides.api.common_exceptions import (
 from fides.api.graph.config import TERMINATOR_ADDRESS, CollectionAddress
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.privacy_request import ExecutionLog, PrivacyRequest, RequestTask
+from fides.api.models.worker_task import ExecutionLogStatus
 from fides.api.schemas.policy import ActionType, CurrentStep
-from fides.api.schemas.privacy_request import ExecutionLogStatus, PrivacyRequestStatus
+from fides.api.schemas.privacy_request import PrivacyRequestStatus
 from fides.api.task.graph_task import (
     GraphTask,
     mark_current_and_downstream_nodes_as_failed,
@@ -145,7 +146,7 @@ def can_run_task_body(
     if request_task.is_terminator_task:
         logger.info(
             "Terminator {} task reached.",
-            request_task.action_type.value,
+            request_task.action_type,
         )
         return False
     if request_task.is_root_task:
@@ -154,7 +155,7 @@ def can_run_task_body(
     if request_task.status != ExecutionLogStatus.pending:
         logger_method(request_task)(
             "Skipping {} task {} with status {}.",
-            request_task.action_type.value,
+            request_task.action_type,
             request_task.collection_address,
             request_task.status.value,
         )
@@ -449,7 +450,7 @@ def log_task_complete(request_task: RequestTask) -> None:
     """Convenience method for logging task completion"""
     logger.info(
         "{} task {} is {}.",
-        request_task.action_type.value.capitalize(),
+        request_task.action_type.capitalize(),
         request_task.collection_address,
         request_task.status.value,
     )
@@ -478,9 +479,9 @@ def _order_tasks_by_input_key(
 mapping = {
-    ActionType.access: run_access_node,
-    ActionType.erasure: run_erasure_node,
-    ActionType.consent: run_consent_node,
+    ActionType.access.value: run_access_node,
+    ActionType.erasure.value: run_erasure_node,
+    ActionType.consent.value: run_consent_node,
 }
@@ -504,7 +505,7 @@ def log_task_queued(request_task: RequestTask, location: str) -> None:
     """Helper for logging that tasks are queued"""
     logger_method(request_task)(
         "Queuing {} task {} from {}.",
-        request_task.action_type.value,
+        request_task.action_type,
         request_task.collection_address,
         location,
     )

fides/api/task/graph_task.py CHANGED Viewed

@@ -39,8 +39,8 @@ from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.policy import Policy, Rule
 from fides.api.models.privacy_preference import PrivacyPreferenceHistory
 from fides.api.models.privacy_request import ExecutionLog, PrivacyRequest, RequestTask
+from fides.api.models.worker_task import ExecutionLogStatus
 from fides.api.schemas.policy import ActionType, CurrentStep
-from fides.api.schemas.privacy_request import ExecutionLogStatus
 from fides.api.service.connectors.base_connector import BaseConnector
 from fides.api.task.consolidate_query_matches import consolidate_query_matches
 from fides.api.task.filter_element_match import filter_element_match
@@ -503,12 +503,20 @@ class GraphTask(ABC):  # pylint: disable=too-many-instance-attributes
             self.post_process_input_data(formatted_input_data)
         )
-        # For erasures: cache results with non-matching array elements *replaced* with placeholder text
-        placeholder_output: List[Row] = copy.deepcopy(output)
-        for row in placeholder_output:
+        # For erasures: build placeholder version incrementally to avoid holding two full
+        # copies of the data in memory simultaneously.
+        placeholder_output: List[Row] = []
+        for original_row in output:
+            # Create a deep copy of the *single* row, transform it, then append to
+            # the placeholder list.  Peak memory at any point is one extra row rather
+            # than an entire dataset.
+            row_copy = copy.deepcopy(original_row)
             filter_element_match(
-                row, query_paths=post_processed_node_input_data, delete_elements=False
+                row_copy,
+                query_paths=post_processed_node_input_data,
+                delete_elements=False,
             )
+            placeholder_output.append(row_copy)
         # For DSR 3.0, save data to build masking requests directly
         # on the Request Task.
@@ -519,11 +527,14 @@ class GraphTask(ABC):  # pylint: disable=too-many-instance-attributes
         # TODO Remove when we stop support for DSR 2.0
         # Save data to build masking requests for DSR 2.0 in Redis.
         # Results saved with matching array elements preserved
-        self.resources.cache_results_with_placeholders(
-            f"access_request__{self.key}", placeholder_output
-        )
+        if not CONFIG.execution.use_dsr_3_0:
+            self.resources.cache_results_with_placeholders(
+                f"access_request__{self.key}", placeholder_output
+            )
-        # For access request results, cache results with non-matching array elements *removed*
+        # For access request results, mutate rows in-place to remove non-matching
+        # array elements.  We already iterated over `output` above, so reuse the same
+        # loop structure to keep cache locality.
         for row in output:
             logger.info(
                 "Filtering row in {} for matching array elements.",
@@ -537,7 +548,8 @@ class GraphTask(ABC):  # pylint: disable=too-many-instance-attributes
         # TODO Remove when we stop support for DSR 2.0
         # Saves intermediate access results for DSR 2.0 in Redis
-        self.resources.cache_object(f"access_request__{self.key}", output)
+        if not CONFIG.execution.use_dsr_3_0:
+            self.resources.cache_object(f"access_request__{self.key}", output)
         # Return filtered rows with non-matched array data removed.
         return output

fides/api/tasks/storage.py CHANGED Viewed

@@ -1,20 +1,23 @@
 from __future__ import annotations
 import json
+import secrets
 import zipfile
 from io import BytesIO
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any, Dict, Optional, Union
+import pandas as pd
 from botocore.exceptions import ClientError, ParamValidationError
 from fideslang.validation import AnyHttpUrlString
 from loguru import logger
 from fides.api.common_exceptions import StorageUploadError
+from fides.api.cryptography.cryptographic_util import bytes_to_b64_str
 from fides.api.schemas.storage.storage import ResponseFormat, StorageSecrets
 from fides.api.service.privacy_request.dsr_package.dsr_report_builder import (
     DsrReportBuilder,
 )
-from fides.api.service.storage.gcs import get_gcs_blob
+from fides.api.service.storage.gcs import get_gcs_client
 from fides.api.service.storage.s3 import (
     create_presigned_url_for_s3,
     generic_upload_to_s3,
@@ -23,9 +26,11 @@ from fides.api.service.storage.util import (
     LOCAL_FIDES_UPLOAD_DIRECTORY,
     get_local_filename,
 )
-from fides.api.tasks.csv_utils import write_csv_to_zip
-from fides.api.tasks.encryption_utils import encrypt_access_request_results
 from fides.api.util.aws_util import get_s3_client
+from fides.api.util.cache import get_cache, get_encryption_cache_key
+from fides.api.util.encryption.aes_gcm_encryption_scheme import (
+    encrypt_to_bytes_verify_secrets_length,
+)
 from fides.api.util.storage_util import StorageJSONEncoder
 from fides.config import CONFIG
@@ -33,8 +38,33 @@ if TYPE_CHECKING:
     from fides.api.models.privacy_request import PrivacyRequest
+def encrypt_access_request_results(data: Union[str, bytes], request_id: str) -> str:
+    """Encrypt data with encryption key if provided, otherwise return unencrypted data"""
+    cache = get_cache()
+    encryption_cache_key = get_encryption_cache_key(
+        privacy_request_id=request_id,
+        encryption_attr="key",
+    )
+    if isinstance(data, bytes):
+        data = data.decode(CONFIG.security.encoding)
+    encryption_key: str | None = cache.get(encryption_cache_key)
+    if not encryption_key:
+        return data
+    bytes_encryption_key: bytes = encryption_key.encode(
+        encoding=CONFIG.security.encoding
+    )
+    nonce: bytes = secrets.token_bytes(CONFIG.security.aes_gcm_nonce_length)
+    # b64encode the entire nonce and the encrypted message together
+    return bytes_to_b64_str(
+        nonce
+        + encrypt_to_bytes_verify_secrets_length(data, bytes_encryption_key, nonce)
+    )
 def write_to_in_memory_buffer(
-    resp_format: str, data: dict[str, Any], privacy_request: PrivacyRequest
+    resp_format: str, data: Dict[str, Any], privacy_request: PrivacyRequest
 ) -> BytesIO:
     """Write JSON/CSV data to in-memory file-like object to be passed to S3 or GCS. Encrypt data if encryption key/nonce
     has been cached for the given privacy request id
@@ -43,62 +73,46 @@ def write_to_in_memory_buffer(
     :param data: Dict
     :param request_id: str, The privacy request id
     """
     logger.debug("Writing data to in-memory buffer")
-    try:
-        if resp_format == ResponseFormat.html.value:
-            return DsrReportBuilder(
-                privacy_request=privacy_request,
-                dsr_data=data,
-            ).generate()
-        if resp_format == ResponseFormat.json.value:
-            return convert_dict_to_encrypted_json(data, privacy_request.id)
-        if resp_format == ResponseFormat.csv.value:
-            zipped_csvs = BytesIO()
-            with zipfile.ZipFile(zipped_csvs, "w") as f:
-                write_csv_to_zip(f, data, privacy_request.id)
-            zipped_csvs.seek(0)
-            return zipped_csvs
-    except Exception as e:
-        logger.error(f"Error writing data to in-memory buffer: {str(e)}")
-        raise e
-    raise NotImplementedError(f"No handling for response format {resp_format}.")
-def convert_dict_to_encrypted_json(
-    data: dict[str, Any], privacy_request_id: str
-) -> BytesIO:
-    """Convert data to JSON and encrypt it.
-    Args:
-        data: The data to convert and encrypt
-        privacy_request_id: The ID of the privacy request for encryption
-    Returns:
-        BytesIO: A file-like object containing the encrypted JSON data
-    Raises:
-        Exception: If JSON conversion fails
-    """
-    try:
+    if resp_format == ResponseFormat.json.value:
         json_str = json.dumps(data, indent=2, default=StorageJSONEncoder().default)
         return BytesIO(
-            encrypt_access_request_results(json_str, privacy_request_id).encode(
+            encrypt_access_request_results(json_str, privacy_request.id).encode(
                 CONFIG.security.encoding
             )
         )
-    except Exception as e:
-        logger.error(f"Error converting data to JSON: {str(e)}")
-        logger.error(f"Data that failed to convert: {data}")
-        raise
+    if resp_format == ResponseFormat.csv.value:
+        zipped_csvs = BytesIO()
+        with zipfile.ZipFile(zipped_csvs, "w") as f:
+            for key in data:
+                df = pd.json_normalize(data[key])
+                buffer = BytesIO()
+                df.to_csv(buffer, index=False, encoding=CONFIG.security.encoding)
+                buffer.seek(0)
+                f.writestr(
+                    f"{key}.csv",
+                    encrypt_access_request_results(
+                        buffer.getvalue(), privacy_request.id
+                    ),
+                )
+        zipped_csvs.seek(0)
+        return zipped_csvs
+    if resp_format == ResponseFormat.html.value:
+        return DsrReportBuilder(
+            privacy_request=privacy_request,
+            dsr_data=data,
+        ).generate()
+    raise NotImplementedError(f"No handling for response format {resp_format}.")
 def upload_to_s3(  # pylint: disable=R0913
-    storage_secrets: dict[StorageSecrets, Any],
-    data: dict,
+    storage_secrets: Dict[StorageSecrets, Any],
+    data: Dict,
     bucket_name: str,
     file_key: str,
     resp_format: str,
@@ -126,22 +140,18 @@ def upload_to_s3(  # pylint: disable=R0913
                 "storage", {}
             ).get("aws_s3_assume_role_arn"),
         )
-    except (ClientError, ParamValidationError) as e:
-        logger.error(f"Error getting s3 client: {str(e)}")
-        raise StorageUploadError(f"Error getting s3 client: {str(e)}")
-    # handles file chunking
-    try:
-        s3_client.upload_fileobj(
-            Fileobj=write_to_in_memory_buffer(resp_format, data, privacy_request),
-            Bucket=bucket_name,
-            Key=file_key,
-        )
-    except ClientError as e:
-        logger.error("Encountered error while uploading s3 object: {}", e)
-        raise StorageUploadError(f"Error uploading to S3: {e}")
+        # handles file chunking
+        try:
+            s3_client.upload_fileobj(
+                Fileobj=write_to_in_memory_buffer(resp_format, data, privacy_request),
+                Bucket=bucket_name,
+                Key=file_key,
+            )
+        except Exception as e:
+            logger.error("Encountered error while uploading s3 object: {}", e)
+            raise e
-    try:
         presigned_url: AnyHttpUrlString = create_presigned_url_for_s3(
             s3_client, bucket_name, file_key
         )
@@ -152,11 +162,13 @@ def upload_to_s3(  # pylint: disable=R0913
             "Encountered error while uploading and generating link for s3 object: {}", e
         )
         raise StorageUploadError(f"Error uploading to S3: {e}")
+    except ParamValidationError as e:
+        raise StorageUploadError(f"The parameters you provided are incorrect: {e}")
 def upload_to_gcs(
-    storage_secrets: dict,
-    data: dict,
+    storage_secrets: Dict,
+    data: Dict,
     bucket_name: str,
     file_key: str,
     resp_format: str,
@@ -165,30 +177,24 @@ def upload_to_gcs(
 ) -> str:
     """Uploads access request data to a Google Cloud Storage bucket"""
     logger.info("Starting Google Cloud Storage upload of {}", file_key)
-    content_type = {
-        ResponseFormat.json.value: "application/json",
-        ResponseFormat.csv.value: "application/zip",
-        ResponseFormat.html.value: "application/zip",
-    }
-    blob = get_gcs_blob(auth_method, storage_secrets, bucket_name, file_key)
-    in_memory_file = write_to_in_memory_buffer(resp_format, data, privacy_request)
     try:
+        storage_client = get_gcs_client(auth_method, storage_secrets)
+        bucket = storage_client.bucket(bucket_name)
+        blob = bucket.blob(file_key)
+        in_memory_file = write_to_in_memory_buffer(resp_format, data, privacy_request)
+        content_type = {
+            ResponseFormat.json.value: "application/json",
+            ResponseFormat.csv.value: "application/zip",
+            ResponseFormat.html.value: "application/zip",
+        }
         blob.upload_from_string(
             in_memory_file.getvalue(), content_type=content_type[resp_format]
         )
-    except Exception as e:
-        logger.error("Error uploading to GCS: {}", str(e))
-        logger.error(
-            "Encountered error while uploading and generating link for Google Cloud Storage object: {}",
-            e,
-        )
-        raise
-    logger.info("File {} uploaded to {}", file_key, blob.public_url)
+        logger.info("File {} uploaded to {}", file_key, blob.public_url)
-    try:
         presigned_url = blob.generate_signed_url(
             version="v4",
             expiration=CONFIG.security.subject_request_download_link_ttl_seconds,
@@ -204,7 +210,7 @@ def upload_to_gcs(
 def upload_to_local(
-    data: dict,
+    data: Dict,
     file_key: str,
     privacy_request: PrivacyRequest,
     resp_format: str = ResponseFormat.json.value,

fides/api/util/cache.py CHANGED Viewed

@@ -1,5 +1,4 @@
 import json
-import os
 from typing import Any, Dict, List, Optional, Union
 from urllib.parse import unquote_to_bytes
@@ -28,7 +27,6 @@ from fides.config import CONFIG
 RedisValue = Union[bytes, float, int, str]
 _connection = None
-_read_only_connection = None
 class FidesopsRedis(Redis):
@@ -159,36 +157,6 @@ class FidesopsRedis(Redis):
         return list_length
-# FIXME: Ideally we don't want our code to be aware of the way tests are run,
-# e.g that we run them in parallel with pytest-xdist. We need to find a way
-# to change the pytest_configure_node hook to set the correct environment variable
-# like we do for the readonly database. It wasn't working so we're using this workaround for now.
-def _determine_redis_db_index(
-    read_only: Optional[bool] = False,
-) -> int:  # pragma: no cover
-    """Return the Redis DB index that should be used for the current process.
-    Behavior:
-    1. Test mode:
-       - If running under xdist, map `gwN` → DB `N + 1` (reserve DB 0).
-       - If *not* running under xdist, always use DB 1.
-    2. Non-test mode: return the value already present in `CONFIG.redis.db_index`
-    """
-    # 1. Test mode logic
-    if CONFIG.test_mode:
-        worker_id = os.getenv("PYTEST_XDIST_WORKER")
-        if worker_id and worker_id.startswith("gw"):
-            suffix = worker_id[2:]
-            if suffix.isdigit():
-                return int(suffix) + 1  # gw0 -> 1, gw1 -> 2, etc.
-        return CONFIG.redis.test_db_index
-    # 2. Non-test mode
-    return CONFIG.redis.read_only_db_index if read_only else CONFIG.redis.db_index
 def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
     """Return a singleton connection to our Redis cache"""
@@ -205,7 +173,7 @@ def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
             decode_responses=CONFIG.redis.decode_responses,
             host=CONFIG.redis.host,
             port=CONFIG.redis.port,
-            db=_determine_redis_db_index(),
+            db=CONFIG.redis.db_index,
             username=CONFIG.redis.user,
             password=CONFIG.redis.password,
             ssl=CONFIG.redis.ssl,
@@ -234,50 +202,6 @@ def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
     return _connection
-def get_read_only_cache() -> FidesopsRedis:
-    """
-    Return a singleton connection to the read-only Redis cache.
-    If read-only is not enabled, return the regular cache.
-    """
-    # If read-only is not enabled, return the regular cache
-    if not CONFIG.redis.read_only_enabled:
-        logger.debug(
-            "Read-only Redis is not enabled. Returning writeable cache connection instead."
-        )
-        return get_cache()
-    global _read_only_connection  # pylint: disable=W0603
-    if _read_only_connection is None:
-        logger.debug("Creating new read-only Redis connection...")
-        _read_only_connection = FidesopsRedis(  # type: ignore[call-overload]
-            charset=CONFIG.redis.charset,
-            decode_responses=CONFIG.redis.decode_responses,
-            host=CONFIG.redis.read_only_host,
-            port=CONFIG.redis.read_only_port,
-            db=_determine_redis_db_index(read_only=True),
-            username=CONFIG.redis.read_only_user,
-            password=CONFIG.redis.read_only_password,
-            ssl=CONFIG.redis.read_only_ssl,
-            ssl_ca_certs=CONFIG.redis.read_only_ssl_ca_certs,
-            ssl_cert_reqs=CONFIG.redis.read_only_ssl_cert_reqs,
-        )
-        logger.debug("New read-only Redis connection created.")
-    try:
-        connected = _read_only_connection.ping()
-        logger.debug("Read-only Redis connection succeeded.")
-    except ConnectionErrorFromRedis:
-        connected = False
-    if not connected:
-        logger.error(
-            "Unable to establish read-only Redis connection. Returning writeable cache connection instead."
-        )
-        return get_cache()
-    return _read_only_connection
 def get_identity_cache_key(privacy_request_id: str, identity_attribute: str) -> str:
     """Return the key at which to save this PrivacyRequest's identity for the passed in attribute"""
     # TODO: Remove this prefix

fides/api/util/consent_util.py CHANGED Viewed

@@ -18,7 +18,7 @@ from fides.api.models.privacy_request import (
 )
 from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 from fides.api.models.tcf_purpose_overrides import TCFPurposeOverride
-from fides.api.schemas.privacy_request import ExecutionLogStatus
+from fides.api.models.worker_task import ExecutionLogStatus
 from fides.api.schemas.redis_cache import Identity

ethyca-fides 2.63.1b3__py2.py3-none-any.whl → 2.63.1rc0__py2.py3-none-any.whl

ethyca-fides 2.63.1b3py2.py3-none-any.whl → 2.63.1rc0py2.py3-none-any.whl