PyPI - ethyca-fides - Versions diffs - 2.63.1b4__py2.py3-none-any.whl → 2.63.1rc0__py2.py3-none-any.whl - Mend

ethyca-fides 2.63.1b4py2.py3-none-any.whl → 2.63.1rc0py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

fides/api/service/storage/s3.py CHANGED Viewed

@@ -1,7 +1,6 @@
 from __future__ import annotations
-from io import BytesIO
-from typing import IO, Any, Dict, Optional, Tuple, Union
+from typing import IO, Any, Dict, Tuple, Union
 from boto3.s3.transfer import TransferConfig
 from botocore.exceptions import ClientError, ParamValidationError
@@ -35,7 +34,7 @@ def maybe_get_s3_client(
 def create_presigned_url_for_s3(
-    s3_client: Any, bucket_name: str, file_key: str, ttl_seconds: Optional[int] = None
+    s3_client: Any, bucket_name: str, file_key: str
 ) -> AnyHttpUrlString:
     """
     Generates a presigned URL to share an S3 object
@@ -46,16 +45,10 @@ def create_presigned_url_for_s3(
     :return: Presigned URL as string.
     """
     params = {"Bucket": bucket_name, "Key": file_key}
-    if ttl_seconds:
-        if ttl_seconds > 604800:
-            raise ValueError("TTL must be less than 7 days")
-        expires_in = ttl_seconds
-    else:
-        expires_in = CONFIG.security.subject_request_download_link_ttl_seconds
     response = s3_client.generate_presigned_url(
         "get_object",
         Params=params,
-        ExpiresIn=expires_in,
+        ExpiresIn=CONFIG.security.subject_request_download_link_ttl_seconds,
     )
     # The response contains the presigned URL
@@ -75,7 +68,7 @@ def generic_upload_to_s3(  # pylint: disable=R0913
     file_key: str,
     auth_method: str,
     document: IO[bytes],
-    size_threshold: int = LARGE_FILE_THRESHOLD,  # 25 MB threshold
+    size_threshold: int = LARGE_FILE_THRESHOLD,  # 5 MB threshold
 ) -> Tuple[int, AnyHttpUrlString]:
     """
     Uploads file like objects to S3.
@@ -137,8 +130,7 @@ def generic_retrieve_from_s3(
     file_key: str,
     auth_method: str,
     get_content: bool = False,
-    ttl_seconds: Optional[int] = None,
-) -> Tuple[int, Union[str, IO[bytes]]]:
+) -> Tuple[int, Union[str, bytes]]:
     """
     Retrieves a file from S3 and returns its size and either a presigned URL or the actual content.
@@ -156,23 +148,17 @@ def generic_retrieve_from_s3(
     s3_client = get_s3_client(auth_method, storage_secrets)
     try:
-        # Get file size using head_object
-        size_response = s3_client.head_object(Bucket=bucket_name, Key=file_key)
-        # If the file is less than 25MB, we can get the content otherwise return the presigned URL
-        if get_content and size_response["ContentLength"] <= LARGE_FILE_THRESHOLD:
-            # Get the actual content using download_fileobj
-            file_obj = BytesIO()
-            s3_client.download_fileobj(
-                Bucket=bucket_name, Key=file_key, Fileobj=file_obj
-            )
-            file_obj.seek(0)  # Reset file pointer to beginning
-            return int(size_response["ContentLength"]), file_obj
+        if get_content:
+            # Get the actual content
+            response = s3_client.get_object(Bucket=bucket_name, Key=file_key)
+            content = response["Body"].read()
+            return response["ContentLength"], content
         # Get presigned URL
-        presigned_url = create_presigned_url_for_s3(
-            s3_client, bucket_name, file_key, ttl_seconds
-        )
-        return int(size_response["ContentLength"]), str(presigned_url)
+        presigned_url = create_presigned_url_for_s3(s3_client, bucket_name, file_key)
+        # Get file size
+        response = s3_client.head_object(Bucket=bucket_name, Key=file_key)
+        return int(response["ContentLength"]), str(presigned_url)
     except ClientError as e:
         logger.error(f"Error retrieving file from S3: {e}")
         raise e

fides/api/service/storage/util.py CHANGED Viewed

@@ -3,10 +3,6 @@ from enum import Enum as EnumType
 from loguru import logger
-# This is the max file size for downloading the content of an attachment.
-# This is an industry standard used by companies like Google and Microsoft.
-LARGE_FILE_THRESHOLD = 25 * 1024 * 1024  # 25 MB
 class AllowedFileType(EnumType):
     """
@@ -28,49 +24,15 @@ class AllowedFileType(EnumType):
 LOCAL_FIDES_UPLOAD_DIRECTORY = "fides_uploads"
+# Default to 10MB if not specified in environment
+LARGE_FILE_THRESHOLD = 10 * 1024 * 1024  # 10 MB threshold
-def get_local_filename(file_key: str) -> str:
-    """Verifies that the local storage directory exists and returns the local filepath.
-    This extra security checks are to prevent directory traversal attacks and "complete business and technical destruction".
-    Thanks Claude.
-    Args:
-        file_key: The key/path for the file
-    Returns:
-        The full local filepath
-    Raises:
-        ValueError: If the file_key is invalid or would result in a path outside the upload directory
-    """
-    # Basic validation
-    if not file_key:
-        raise ValueError("File key cannot be empty")
-    # Security checks before normalization
-    if file_key.startswith("/"):
-        raise ValueError("Invalid file key: cannot start with '/'")
-    # Normalize the path to handle any path separators consistently
-    # First normalize using os.path.normpath to handle any redundant separators
-    normalized_key = os.path.normpath(file_key)
-    # Then convert all separators to forward slashes for consistency
-    normalized_key = normalized_key.replace("\\", "/")
-    # Additional security: ensure the final path is within the upload directory
-    final_path = os.path.join(LOCAL_FIDES_UPLOAD_DIRECTORY, normalized_key)
-    if not os.path.abspath(final_path).startswith(
-        os.path.abspath(LOCAL_FIDES_UPLOAD_DIRECTORY)
-    ):
-        raise ValueError(
-            "Invalid file key: would result in path outside upload directory"
-        )
-    # Create all necessary directories
-    os.makedirs(os.path.dirname(final_path), exist_ok=True)
-    return final_path
+def get_local_filename(file_key: str) -> str:
+    """Verifies that the local storage directory exists and returns the local filepath"""
+    if not os.path.exists(LOCAL_FIDES_UPLOAD_DIRECTORY):
+        os.makedirs(LOCAL_FIDES_UPLOAD_DIRECTORY)
+    return f"{LOCAL_FIDES_UPLOAD_DIRECTORY}/{file_key}"
 def get_allowed_file_type_or_raise(file_key: str) -> str:

fides/api/tasks/storage.py CHANGED Viewed

@@ -1,20 +1,23 @@
 from __future__ import annotations
 import json
+import secrets
 import zipfile
 from io import BytesIO
-from typing import TYPE_CHECKING, Any, Optional
+from typing import TYPE_CHECKING, Any, Dict, Optional, Union
+import pandas as pd
 from botocore.exceptions import ClientError, ParamValidationError
 from fideslang.validation import AnyHttpUrlString
 from loguru import logger
 from fides.api.common_exceptions import StorageUploadError
+from fides.api.cryptography.cryptographic_util import bytes_to_b64_str
 from fides.api.schemas.storage.storage import ResponseFormat, StorageSecrets
 from fides.api.service.privacy_request.dsr_package.dsr_report_builder import (
     DsrReportBuilder,
 )
-from fides.api.service.storage.gcs import get_gcs_blob
+from fides.api.service.storage.gcs import get_gcs_client
 from fides.api.service.storage.s3 import (
     create_presigned_url_for_s3,
     generic_upload_to_s3,
@@ -23,9 +26,11 @@ from fides.api.service.storage.util import (
     LOCAL_FIDES_UPLOAD_DIRECTORY,
     get_local_filename,
 )
-from fides.api.tasks.csv_utils import write_csv_to_zip
-from fides.api.tasks.encryption_utils import encrypt_access_request_results
 from fides.api.util.aws_util import get_s3_client
+from fides.api.util.cache import get_cache, get_encryption_cache_key
+from fides.api.util.encryption.aes_gcm_encryption_scheme import (
+    encrypt_to_bytes_verify_secrets_length,
+)
 from fides.api.util.storage_util import StorageJSONEncoder
 from fides.config import CONFIG
@@ -33,8 +38,33 @@ if TYPE_CHECKING:
     from fides.api.models.privacy_request import PrivacyRequest
+def encrypt_access_request_results(data: Union[str, bytes], request_id: str) -> str:
+    """Encrypt data with encryption key if provided, otherwise return unencrypted data"""
+    cache = get_cache()
+    encryption_cache_key = get_encryption_cache_key(
+        privacy_request_id=request_id,
+        encryption_attr="key",
+    )
+    if isinstance(data, bytes):
+        data = data.decode(CONFIG.security.encoding)
+    encryption_key: str | None = cache.get(encryption_cache_key)
+    if not encryption_key:
+        return data
+    bytes_encryption_key: bytes = encryption_key.encode(
+        encoding=CONFIG.security.encoding
+    )
+    nonce: bytes = secrets.token_bytes(CONFIG.security.aes_gcm_nonce_length)
+    # b64encode the entire nonce and the encrypted message together
+    return bytes_to_b64_str(
+        nonce
+        + encrypt_to_bytes_verify_secrets_length(data, bytes_encryption_key, nonce)
+    )
 def write_to_in_memory_buffer(
-    resp_format: str, data: dict[str, Any], privacy_request: PrivacyRequest
+    resp_format: str, data: Dict[str, Any], privacy_request: PrivacyRequest
 ) -> BytesIO:
     """Write JSON/CSV data to in-memory file-like object to be passed to S3 or GCS. Encrypt data if encryption key/nonce
     has been cached for the given privacy request id
@@ -43,62 +73,46 @@ def write_to_in_memory_buffer(
     :param data: Dict
     :param request_id: str, The privacy request id
     """
     logger.debug("Writing data to in-memory buffer")
-    try:
-        if resp_format == ResponseFormat.html.value:
-            return DsrReportBuilder(
-                privacy_request=privacy_request,
-                dsr_data=data,
-            ).generate()
-        if resp_format == ResponseFormat.json.value:
-            return convert_dict_to_encrypted_json(data, privacy_request.id)
-        if resp_format == ResponseFormat.csv.value:
-            zipped_csvs = BytesIO()
-            with zipfile.ZipFile(zipped_csvs, "w") as f:
-                write_csv_to_zip(f, data, privacy_request.id)
-            zipped_csvs.seek(0)
-            return zipped_csvs
-    except Exception as e:
-        logger.error(f"Error writing data to in-memory buffer: {str(e)}")
-        raise e
-    raise NotImplementedError(f"No handling for response format {resp_format}.")
-def convert_dict_to_encrypted_json(
-    data: dict[str, Any], privacy_request_id: str
-) -> BytesIO:
-    """Convert data to JSON and encrypt it.
-    Args:
-        data: The data to convert and encrypt
-        privacy_request_id: The ID of the privacy request for encryption
-    Returns:
-        BytesIO: A file-like object containing the encrypted JSON data
-    Raises:
-        Exception: If JSON conversion fails
-    """
-    try:
+    if resp_format == ResponseFormat.json.value:
         json_str = json.dumps(data, indent=2, default=StorageJSONEncoder().default)
         return BytesIO(
-            encrypt_access_request_results(json_str, privacy_request_id).encode(
+            encrypt_access_request_results(json_str, privacy_request.id).encode(
                 CONFIG.security.encoding
             )
         )
-    except Exception as e:
-        logger.error(f"Error converting data to JSON: {str(e)}")
-        logger.error(f"Data that failed to convert: {data}")
-        raise
+    if resp_format == ResponseFormat.csv.value:
+        zipped_csvs = BytesIO()
+        with zipfile.ZipFile(zipped_csvs, "w") as f:
+            for key in data:
+                df = pd.json_normalize(data[key])
+                buffer = BytesIO()
+                df.to_csv(buffer, index=False, encoding=CONFIG.security.encoding)
+                buffer.seek(0)
+                f.writestr(
+                    f"{key}.csv",
+                    encrypt_access_request_results(
+                        buffer.getvalue(), privacy_request.id
+                    ),
+                )
+        zipped_csvs.seek(0)
+        return zipped_csvs
+    if resp_format == ResponseFormat.html.value:
+        return DsrReportBuilder(
+            privacy_request=privacy_request,
+            dsr_data=data,
+        ).generate()
+    raise NotImplementedError(f"No handling for response format {resp_format}.")
 def upload_to_s3(  # pylint: disable=R0913
-    storage_secrets: dict[StorageSecrets, Any],
-    data: dict,
+    storage_secrets: Dict[StorageSecrets, Any],
+    data: Dict,
     bucket_name: str,
     file_key: str,
     resp_format: str,
@@ -126,22 +140,18 @@ def upload_to_s3(  # pylint: disable=R0913
                 "storage", {}
             ).get("aws_s3_assume_role_arn"),
         )
-    except (ClientError, ParamValidationError) as e:
-        logger.error(f"Error getting s3 client: {str(e)}")
-        raise StorageUploadError(f"Error getting s3 client: {str(e)}")
-    # handles file chunking
-    try:
-        s3_client.upload_fileobj(
-            Fileobj=write_to_in_memory_buffer(resp_format, data, privacy_request),
-            Bucket=bucket_name,
-            Key=file_key,
-        )
-    except ClientError as e:
-        logger.error("Encountered error while uploading s3 object: {}", e)
-        raise StorageUploadError(f"Error uploading to S3: {e}")
+        # handles file chunking
+        try:
+            s3_client.upload_fileobj(
+                Fileobj=write_to_in_memory_buffer(resp_format, data, privacy_request),
+                Bucket=bucket_name,
+                Key=file_key,
+            )
+        except Exception as e:
+            logger.error("Encountered error while uploading s3 object: {}", e)
+            raise e
-    try:
         presigned_url: AnyHttpUrlString = create_presigned_url_for_s3(
             s3_client, bucket_name, file_key
         )
@@ -152,11 +162,13 @@ def upload_to_s3(  # pylint: disable=R0913
             "Encountered error while uploading and generating link for s3 object: {}", e
         )
         raise StorageUploadError(f"Error uploading to S3: {e}")
+    except ParamValidationError as e:
+        raise StorageUploadError(f"The parameters you provided are incorrect: {e}")
 def upload_to_gcs(
-    storage_secrets: dict,
-    data: dict,
+    storage_secrets: Dict,
+    data: Dict,
     bucket_name: str,
     file_key: str,
     resp_format: str,
@@ -165,30 +177,24 @@ def upload_to_gcs(
 ) -> str:
     """Uploads access request data to a Google Cloud Storage bucket"""
     logger.info("Starting Google Cloud Storage upload of {}", file_key)
-    content_type = {
-        ResponseFormat.json.value: "application/json",
-        ResponseFormat.csv.value: "application/zip",
-        ResponseFormat.html.value: "application/zip",
-    }
-    blob = get_gcs_blob(auth_method, storage_secrets, bucket_name, file_key)
-    in_memory_file = write_to_in_memory_buffer(resp_format, data, privacy_request)
     try:
+        storage_client = get_gcs_client(auth_method, storage_secrets)
+        bucket = storage_client.bucket(bucket_name)
+        blob = bucket.blob(file_key)
+        in_memory_file = write_to_in_memory_buffer(resp_format, data, privacy_request)
+        content_type = {
+            ResponseFormat.json.value: "application/json",
+            ResponseFormat.csv.value: "application/zip",
+            ResponseFormat.html.value: "application/zip",
+        }
         blob.upload_from_string(
             in_memory_file.getvalue(), content_type=content_type[resp_format]
         )
-    except Exception as e:
-        logger.error("Error uploading to GCS: {}", str(e))
-        logger.error(
-            "Encountered error while uploading and generating link for Google Cloud Storage object: {}",
-            e,
-        )
-        raise
-    logger.info("File {} uploaded to {}", file_key, blob.public_url)
+        logger.info("File {} uploaded to {}", file_key, blob.public_url)
-    try:
         presigned_url = blob.generate_signed_url(
             version="v4",
             expiration=CONFIG.security.subject_request_download_link_ttl_seconds,
@@ -204,7 +210,7 @@ def upload_to_gcs(
 def upload_to_local(
-    data: dict,
+    data: Dict,
     file_key: str,
     privacy_request: PrivacyRequest,
     resp_format: str = ResponseFormat.json.value,

fides/api/util/cache.py CHANGED Viewed

@@ -1,5 +1,4 @@
 import json
-import os
 from typing import Any, Dict, List, Optional, Union
 from urllib.parse import unquote_to_bytes
@@ -28,7 +27,6 @@ from fides.config import CONFIG
 RedisValue = Union[bytes, float, int, str]
 _connection = None
-_read_only_connection = None
 class FidesopsRedis(Redis):
@@ -159,36 +157,6 @@ class FidesopsRedis(Redis):
         return list_length
-# FIXME: Ideally we don't want our code to be aware of the way tests are run,
-# e.g that we run them in parallel with pytest-xdist. We need to find a way
-# to change the pytest_configure_node hook to set the correct environment variable
-# like we do for the readonly database. It wasn't working so we're using this workaround for now.
-def _determine_redis_db_index(
-    read_only: Optional[bool] = False,
-) -> int:  # pragma: no cover
-    """Return the Redis DB index that should be used for the current process.
-    Behavior:
-    1. Test mode:
-       - If running under xdist, map `gwN` → DB `N + 1` (reserve DB 0).
-       - If *not* running under xdist, always use DB 1.
-    2. Non-test mode: return the value already present in `CONFIG.redis.db_index`
-    """
-    # 1. Test mode logic
-    if CONFIG.test_mode:
-        worker_id = os.getenv("PYTEST_XDIST_WORKER")
-        if worker_id and worker_id.startswith("gw"):
-            suffix = worker_id[2:]
-            if suffix.isdigit():
-                return int(suffix) + 1  # gw0 -> 1, gw1 -> 2, etc.
-        return CONFIG.redis.test_db_index
-    # 2. Non-test mode
-    return CONFIG.redis.read_only_db_index if read_only else CONFIG.redis.db_index
 def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
     """Return a singleton connection to our Redis cache"""
@@ -205,7 +173,7 @@ def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
             decode_responses=CONFIG.redis.decode_responses,
             host=CONFIG.redis.host,
             port=CONFIG.redis.port,
-            db=_determine_redis_db_index(),
+            db=CONFIG.redis.db_index,
             username=CONFIG.redis.user,
             password=CONFIG.redis.password,
             ssl=CONFIG.redis.ssl,
@@ -234,50 +202,6 @@ def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
     return _connection
-def get_read_only_cache() -> FidesopsRedis:
-    """
-    Return a singleton connection to the read-only Redis cache.
-    If read-only is not enabled, return the regular cache.
-    """
-    # If read-only is not enabled, return the regular cache
-    if not CONFIG.redis.read_only_enabled:
-        logger.debug(
-            "Read-only Redis is not enabled. Returning writeable cache connection instead."
-        )
-        return get_cache()
-    global _read_only_connection  # pylint: disable=W0603
-    if _read_only_connection is None:
-        logger.debug("Creating new read-only Redis connection...")
-        _read_only_connection = FidesopsRedis(  # type: ignore[call-overload]
-            charset=CONFIG.redis.charset,
-            decode_responses=CONFIG.redis.decode_responses,
-            host=CONFIG.redis.read_only_host,
-            port=CONFIG.redis.read_only_port,
-            db=_determine_redis_db_index(read_only=True),
-            username=CONFIG.redis.read_only_user,
-            password=CONFIG.redis.read_only_password,
-            ssl=CONFIG.redis.read_only_ssl,
-            ssl_ca_certs=CONFIG.redis.read_only_ssl_ca_certs,
-            ssl_cert_reqs=CONFIG.redis.read_only_ssl_cert_reqs,
-        )
-        logger.debug("New read-only Redis connection created.")
-    try:
-        connected = _read_only_connection.ping()
-        logger.debug("Read-only Redis connection succeeded.")
-    except ConnectionErrorFromRedis:
-        connected = False
-    if not connected:
-        logger.error(
-            "Unable to establish read-only Redis connection. Returning writeable cache connection instead."
-        )
-        return get_cache()
-    return _read_only_connection
 def get_identity_cache_key(privacy_request_id: str, identity_attribute: str) -> str:
     """Return the key at which to save this PrivacyRequest's identity for the passed in attribute"""
     # TODO: Remove this prefix

fides/config/redis_settings.py CHANGED Viewed

@@ -20,10 +20,6 @@ class RedisSettings(FidesSettings):
         default=0,
         description="The application will use this index in the Redis cache to cache data.",
     )
-    test_db_index: int = Field(
-        default=1,
-        description="The application will use this index in the Redis cache to cache data for testing.",
-    )
     decode_responses: bool = Field(
         default=True,
         description="Whether or not to automatically decode the values fetched from Redis. Decodes using the `charset` configuration value.",
@@ -68,57 +64,14 @@ class RedisSettings(FidesSettings):
         default="", description="The user with which to login to the Redis cache."
     )
-    # Read-only Redis settings
-    read_only_enabled: bool = Field(
-        default=False,
-        description="Whether a read-only Redis cache is enabled.",
-    )
-    read_only_host: str = Field(
-        default="",
-        description="The network address for the read-only Redis cache.",
-    )
-    read_only_port: int = Field(
-        default=6379,
-        description="The port at which the read-only Redis cache will be accessible.",
-    )
-    read_only_user: str = Field(
-        default="",
-        description="The user with which to login to the read-only Redis cache.",
-    )
-    read_only_password: str = Field(
-        default="",
-        description="The password with which to login to the read-only Redis cache.",
-    )
-    read_only_db_index: int = Field(
-        default=0,
-        description="The application will use this index in the read-only Redis cache to cache data.",
-    )
-    read_only_ssl: bool = Field(
-        default=False,
-        description="Whether the application's connections to the read-only cache should be encrypted using TLS.",
-    )
-    read_only_ssl_cert_reqs: Optional[str] = Field(
-        default="required",
-        description="If using TLS encryption, set this to 'required' if you wish to enforce the read-only Redis cache to provide a certificate. Note that not all cache providers support this without setting ssl_ca_certs (e.g. AWS Elasticache).",
-    )
-    read_only_ssl_ca_certs: str = Field(
-        default="",
-        description="If using TLS encryption rooted with a custom Certificate Authority, set this to the path of the CA certificate.",
-    )
     # This relies on other values to get built so must be last
     connection_url: Optional[str] = Field(
         default=None,
         description="A full connection URL to the Redis cache. If not specified, this URL is automatically assembled from the host, port, password and db_index specified above.",
         exclude=True,
     )
-    read_only_connection_url: Optional[str] = Field(
-        default=None,
-        description="A full connection URL to the read-only Redis cache. If not specified, this URL is automatically assembled from the read_only_host, read_only_port, read_only_password and read_only_db_index specified above.",
-        exclude=True,
-    )
-    @field_validator("connection_url", "read_only_connection_url", mode="before")
+    @field_validator("connection_url", mode="before")
     @classmethod
     def assemble_connection_url(
         cls,
@@ -130,50 +83,22 @@ class RedisSettings(FidesSettings):
             # If the whole URL is provided via the config, preference that
             return v
-        is_read_only = info.field_name == "read_only_connection_url"
         connection_protocol = "redis"
         params_str = ""
-        use_tls = (
-            info.data.get("read_only_ssl")
-            if is_read_only
-            else info.data.get("ssl", False)
-        )
+        use_tls = info.data.get("ssl", False)
         # These vars are intentionally fetched with `or ""` as the default to account
         # for the edge case where `None` is explicitly set in `values` by Pydantic because
         # it is not overridden by the config file or an env var
-        user = (
-            info.data.get("read_only_user", "")
-            if is_read_only
-            else info.data.get("user", "")
-        )
-        password = (
-            info.data.get("read_only_password", "")
-            if is_read_only
-            else info.data.get("password", "")
-        )
-        db_index = (
-            info.data.get("read_only_db_index", "")
-            if is_read_only
-            else info.data.get("db_index", "")
-        )
+        user = info.data.get("user") or ""
+        password = info.data.get("password") or ""
+        db_index = info.data.get("db_index") or ""
         if use_tls:
             # If using TLS update the connection URL format
             connection_protocol = "rediss"
-            cert_reqs = (
-                info.data.get("read_only_ssl_cert_reqs", "none")
-                if is_read_only
-                else info.data.get("ssl_cert_reqs", "none")
-            )
+            cert_reqs = info.data.get("ssl_cert_reqs", "none")
             params = {"ssl_cert_reqs": quote_plus(cert_reqs)}
-            ssl_ca_certs = (
-                info.data.get("read_only_ssl_ca_certs", "")
-                if is_read_only
-                else info.data.get("ssl_ca_certs", "")
-            )
-            if ssl_ca_certs:
+            if ssl_ca_certs := info.data.get("ssl_ca_certs", ""):
                 params["ssl_ca_certs"] = quote(ssl_ca_certs, safe="/")
             params_str = "?" + urlencode(params, quote_via=quote, safe="/")
@@ -183,23 +108,7 @@ class RedisSettings(FidesSettings):
         if password or user:
             auth_prefix = f"{quote_plus(user)}:{quote_plus(password)}@"
-        host = (
-            info.data.get("read_only_host", "")
-            if is_read_only
-            else info.data.get("host", "")
-        )
-        port = (
-            info.data.get("read_only_port", "")
-            if is_read_only
-            else info.data.get("port", "")
-        )
-        # Only include database index in URL if it's not the default (0)
-        db_path = f"{db_index}" if db_index != 0 else ""
-        connection_url = (
-            f"{connection_protocol}://{auth_prefix}{host}:{port}/{db_path}{params_str}"
-        )
+        connection_url = f"{connection_protocol}://{auth_prefix}{info.data.get('host', '')}:{info.data.get('port', '')}/{db_index}{params_str}"
         return connection_url
     model_config = SettingsConfigDict(env_prefix=ENV_PREFIX)

ethyca-fides 2.63.1b4__py2.py3-none-any.whl → 2.63.1rc0__py2.py3-none-any.whl

ethyca-fides 2.63.1b4py2.py3-none-any.whl → 2.63.1rc0py2.py3-none-any.whl