PyPI - ethyca-fides - Versions diffs - 2.66.2rc0__py2.py3-none-any.whl → 2.67.0rc0__py2.py3-none-any.whl - Mend

ethyca-fides 2.66.2rc0py2.py3-none-any.whl → 2.67.0rc0py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ethyca-fides might be problematic. Click here for more details.

Files changed (326) hide show

fides/api/graph/traversal.py CHANGED Viewed

@@ -1,6 +1,8 @@
+# pylint: disable=too-many-instance-attributes, too-many-branches, too-many-statements
 from __future__ import annotations
 import json
+from collections import defaultdict
 from itertools import chain
 from typing import Any, Callable, Dict, List, Optional, Set, Tuple, cast
@@ -99,37 +101,70 @@ class BaseTraversal:
         self.traversal_node_dict = {k: TraversalNode(v) for k, v in graph.nodes.items()}
         self.edges: Set[Edge] = graph.edges.copy()
         self.root_node = artificial_traversal_node(ROOT_COLLECTION_ADDRESS)
+        # Pre-index edges by node address for O(1) lookup
+        self.edges_by_node: Dict[CollectionAddress, List[Edge]] = defaultdict(list)
+        for edge in self.edges:
+            self.edges_by_node[edge.f1.collection_address()].append(edge)
+            self.edges_by_node[edge.f2.collection_address()].append(edge)
+        # Pre-compute string versions of node dependencies
+        # This avoids expensive hash operations during traversal
+        self.node_after_str: Dict[str, Set[str]] = {}
+        self.dataset_after_str: Dict[str, Set[str]] = {}
+        for addr, traversal_node in self.traversal_node_dict.items():
+            # Collection-level after dependencies
+            self.node_after_str[addr.value] = {
+                dep.value for dep in traversal_node.node.collection.after
+            }
+            # Dataset-level after dependencies (need to find all collections in those datasets)
+            dataset_deps = set()
+            for dataset_name in traversal_node.node.dataset.after:
+                for other_addr in self.traversal_node_dict.keys():
+                    if other_addr.dataset == dataset_name:
+                        dataset_deps.add(other_addr.value)
+            self.dataset_after_str[addr.value] = dataset_deps
+        # Add root node to the pre-computed dependencies (it has no dependencies)
+        self.node_after_str[ROOT_COLLECTION_ADDRESS.value] = set()
+        self.dataset_after_str[ROOT_COLLECTION_ADDRESS.value] = set()
         for (
             start_field_address,
             seed_key,
         ) in self.extract_seed_field_addresses().items():
-            self.edges.add(
-                Edge(
-                    FieldAddress(
-                        ROOT_COLLECTION_ADDRESS.dataset,
-                        ROOT_COLLECTION_ADDRESS.collection,
-                        seed_key,
-                    ),
-                    start_field_address,
-                )
+            edge = Edge(
+                FieldAddress(
+                    ROOT_COLLECTION_ADDRESS.dataset,
+                    ROOT_COLLECTION_ADDRESS.collection,
+                    seed_key,
+                ),
+                start_field_address,
             )
+            self.edges.add(edge)
+            # Add to edge index
+            self.edges_by_node[ROOT_COLLECTION_ADDRESS].append(edge)
+            self.edges_by_node[start_field_address.collection_address()].append(edge)
         # Ensure manual_task collections execute right after ROOT
-        from fides.api.task.manual.manual_task_utils import ManualTaskAddress
+        from fides.api.task.manual.manual_task_address import ManualTaskAddress
         for addr in self.traversal_node_dict.keys():
             if ManualTaskAddress.is_manual_task_address(addr):
                 # Add a simple synthetic edge ROOT.id -> manual_data.id
-                self.edges.add(
-                    Edge(
-                        FieldAddress(
-                            ROOT_COLLECTION_ADDRESS.dataset,
-                            ROOT_COLLECTION_ADDRESS.collection,
-                            "id",
-                        ),
-                        addr.field_address(FieldPath("id")),
-                    )
+                edge = Edge(
+                    FieldAddress(
+                        ROOT_COLLECTION_ADDRESS.dataset,
+                        ROOT_COLLECTION_ADDRESS.collection,
+                        "id",
+                    ),
+                    addr.field_address(FieldPath("id")),
                 )
+                self.edges.add(edge)
+                # Add to edge index
+                self.edges_by_node[ROOT_COLLECTION_ADDRESS].append(edge)
+                self.edges_by_node[addr].append(edge)
         self._verify_traversal()
@@ -204,28 +239,52 @@ class BaseTraversal:
             logger.info(
                 "Starting traversal",
             )
-        remaining_node_keys: Set[CollectionAddress] = set(
-            self.traversal_node_dict.keys()
-        )
+        # Use string sets instead of CollectionAddress sets
+        # This avoids expensive hash operations
+        remaining_node_keys_str: Set[str] = {
+            addr.value for addr in self.traversal_node_dict.keys()
+        }
         finished_nodes: dict[CollectionAddress, TraversalNode] = {}
         running_node_queue: MatchingQueue[TraversalNode] = MatchingQueue(self.root_node)
-        remaining_edges: Set[Edge] = self.edges.copy()
+        # Instead of copying entire edge set, use a more efficient approach
+        # We'll simulate Edge.delete_edges behavior without the expensive set operations
+        deleted_edges_tracker: Dict[Edge, bool] = {}
         while not running_node_queue.is_empty():
             # this is to support the "run traversal_node A AFTER traversal_node B functionality:"
             n = running_node_queue.pop_first_match(
-                lambda x: x.can_run_given(remaining_node_keys)
+                lambda x: x.can_run_given_str(
+                    remaining_node_keys_str, self.node_after_str, self.dataset_after_str
+                )
             )
             if n:
                 node_run_fn(n, environment)
                 # delete all edges between the traversal_node that's just run and any completed nodes
                 for finished_node_address, finished_node in finished_nodes.items():
-                    completed_edges: Set[Edge] = Edge.delete_edges(
-                        remaining_edges,
-                        finished_node_address,
-                        cast(TraversalNode, n).address,  # type: ignore[redundant-cast]
+                    # Find edges to delete manually instead of using Edge.delete_edges
+                    completed_edges: Set[Edge] = set()
+                    # Only check edges connected to the relevant nodes
+                    relevant_edges = set()
+                    relevant_edges.update(
+                        self.edges_by_node.get(finished_node_address, [])
                     )
+                    relevant_edges.update(self.edges_by_node.get(n.address, []))
+                    for edge in relevant_edges:
+                        # Skip if already deleted
+                        if deleted_edges_tracker.get(edge, False):
+                            continue
+                        # Check if this edge spans between the two nodes (bidirectional check)
+                        if edge.spans(
+                            finished_node_address, cast(TraversalNode, n).address  # type: ignore[redundant-cast]
+                        ):
+                            completed_edges.add(edge)
+                            deleted_edges_tracker[edge] = True
                     def edge_ends_with_collection(_edge: Edge) -> bool:
                         # append edges that end in this traversal_node
@@ -236,14 +295,16 @@ class BaseTraversal:
                     for edge in filter(edge_ends_with_collection, completed_edges):
                         # note, this will not work for self-reference
                         finished_node.add_child(n, edge)
                 # next edges = take all edges including n that are _not_ in edges_from_completed_nodes
                 # in the form (field_address_this, field_address_foreign)
+                # Use pre-indexed edges instead of iterating through all edges
                 edges_to_children = pydash.collections.filter_(
                     [
                         e.split_by_address(cast(TraversalNode, n).address)  # type: ignore[redundant-cast]
-                        for e in remaining_edges
-                        if e.contains(n.address)
+                        for e in self.edges_by_node[n.address]
+                        if not deleted_edges_tracker.get(e, False)
                     ]
                 )
                 if not edges_to_children:
@@ -259,7 +320,7 @@ class BaseTraversal:
                         self.traversal_node_dict[nxt_address]
                     )
                 finished_nodes[n.address] = n
-                remaining_node_keys.difference_update({n.address})
+                remaining_node_keys_str.discard(n.address.value)  # Use string value
             else:
                 # traversal traversal_node dict diff finished nodes
                 logger.error(
@@ -271,12 +332,17 @@ class BaseTraversal:
                     [{', '.join([str(tn.address) for tn in running_node_queue.data])}]""",
                 )
+        # Convert back to CollectionAddress set for filtering
         remaining_node_keys = {
             key
-            for key in remaining_node_keys
-            if not self.should_exclude_node(self.traversal_node_dict[key])
+            for key in self.traversal_node_dict.keys()
+            if key.value in remaining_node_keys_str
+            and not self.should_exclude_node(self.traversal_node_dict[key])
         }
+        # Update string set after filtering
+        remaining_node_keys_str = {key.value for key in remaining_node_keys}
         # error if there are nodes that have not been visited
         if remaining_node_keys:
             logger.error(
@@ -289,12 +355,16 @@ class BaseTraversal:
             )
         # filter out remaining_edges if the nodes they link are allowed to remain unreachable
-        remaining_edges = {
-            edge
-            for edge in remaining_edges
-            if edge.f1.collection_address() in remaining_node_keys
-            and edge.f2.collection_address() in remaining_node_keys
-        }
+        remaining_edges = set()
+        for node_key in remaining_node_keys:
+            for edge in self.edges_by_node.get(node_key, []):
+                if not deleted_edges_tracker.get(edge, False):
+                    # Check if both ends of the edge are in remaining nodes
+                    if (
+                        edge.f1.collection_address() in remaining_node_keys
+                        and edge.f2.collection_address() in remaining_node_keys
+                    ):
+                        remaining_edges.add(edge)
         # error if there are edges that have not been visited
         if remaining_edges:
@@ -478,6 +548,23 @@ class TraversalNode(Contextualizable):
             return False
         return True
+    def can_run_given_str(
+        self,
+        remaining_node_keys_str: Set[str],
+        node_after_str: Dict[str, Set[str]],
+        dataset_after_str: Dict[str, Set[str]],
+    ) -> bool:
+        """Optimized version using pre-computed string sets to avoid expensive hash operations."""
+        # Check collection-level dependencies
+        node_deps = node_after_str.get(self.address.value, set())
+        if node_deps & remaining_node_keys_str:
+            return False
+        # Check dataset-level dependencies
+        dataset_deps = dataset_after_str.get(self.address.value, set())
+        if dataset_deps & remaining_node_keys_str:
+            return False
+        return True
     def is_root_node(self) -> bool:
         """This traversal_node is the defined traversal start"""
         return self.address == ROOT_COLLECTION_ADDRESS

fides/api/models/manual_task/__init__.py ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ from .conditional_dependency import *
2	+ from .manual_task import *

fides/api/models/manual_task/conditional_dependency.py ADDED Viewed

@@ -0,0 +1,144 @@
+from enum import Enum
+from typing import TYPE_CHECKING, Optional, Union
+from sqlalchemy import Column, ForeignKey, Index, Integer, String
+from sqlalchemy.dialects.postgresql import JSONB
+from sqlalchemy.ext.declarative import declared_attr
+from sqlalchemy.orm import Session, relationship
+from fides.api.db.base_class import Base, FidesBase
+from fides.api.db.util import EnumColumn
+from fides.api.task.conditional_dependencies.schemas import (
+    ConditionGroup,
+    ConditionLeaf,
+)
+if TYPE_CHECKING:
+    from fides.api.models.manual_task.manual_task import ManualTask
+class ManualTaskConditionalDependencyType(str, Enum):
+    """Enum for manual task conditional dependency types.
+    This enum defines the two types of nodes in a conditional dependency tree:
+    - leaf: A terminal node that represents a single condition (e.g., "user.age >= 18")
+    - group: A non-terminal node that groups multiple conditions with logical operators (AND/OR)
+    Examples:
+        leaf: Used for simple field comparisons like:
+            - "user.name exists"
+            - "user.age >= 18"
+            - "billing.subscription.status == 'active'"
+        group: Used to combine multiple conditions with logical operators:
+            - AND group: "user.age >= 18 AND user.active == true"
+            - OR group: "user.role == 'admin' OR user.verified == true"
+            - Nested groups: "(user.age >= 18 AND (user.role == 'admin' OR user.verified == true))"
+    """
+    leaf = "leaf"
+    group = "group"
+class ManualTaskConditionalDependency(Base):
+    """Model for storing conditional dependencies."""
+    @declared_attr
+    def __tablename__(cls) -> str:
+        """Overriding base class method to set the table name."""
+        return "manual_task_conditional_dependency"
+    # We need to redefine it here so that self-referential relationships
+    # can properly reference the `id` column instead of the built-in Python function.
+    id = Column(String(255), primary_key=True, default=FidesBase.generate_uuid)
+    # Foreign key relationships
+    manual_task_id = Column(
+        String, ForeignKey("manual_task.id", ondelete="CASCADE"), nullable=False
+    )
+    parent_id = Column(
+        String,
+        ForeignKey("manual_task_conditional_dependency.id", ondelete="CASCADE"),
+        nullable=True,
+    )
+    # Condition metadata
+    condition_type = Column(
+        EnumColumn(ManualTaskConditionalDependencyType), nullable=False
+    )  # leaf or group
+    field_address = Column(String, nullable=True)  # For leaf conditions
+    operator = Column(String, nullable=True)  # For leaf conditions
+    value = Column(JSONB, nullable=True)  # For leaf conditions
+    logical_operator = Column(String, nullable=True)  # 'and' or 'or' for groups
+    # Ordering
+    sort_order = Column(Integer, nullable=False, default=0)
+    __table_args__ = (
+        Index("ix_manual_task_conditional_dependency_manual_task_id", "manual_task_id"),
+        Index("ix_manual_task_conditional_dependency_parent_id", "parent_id"),
+        Index("ix_manual_task_conditional_dependency_condition_type", "condition_type"),
+        Index("ix_manual_task_conditional_dependency_sort_order", "sort_order"),
+    )
+    # Relationships
+    task = relationship("ManualTask", back_populates="conditional_dependencies")
+    parent = relationship(
+        "ManualTaskConditionalDependency",
+        remote_side=[id],
+        back_populates="children",
+        foreign_keys=[parent_id],
+    )
+    children = relationship(
+        "ManualTaskConditionalDependency",
+        back_populates="parent",
+        cascade="all, delete-orphan",
+        foreign_keys=[parent_id],
+    )
+    def to_condition_leaf(self) -> ConditionLeaf:
+        """Convert to ConditionLeaf if this is a leaf condition"""
+        if self.condition_type != "leaf":
+            raise ValueError("Cannot convert group condition to leaf")
+        return ConditionLeaf(
+            field_address=self.field_address, operator=self.operator, value=self.value
+        )
+    def to_condition_group(self) -> ConditionGroup:
+        """Convert to ConditionGroup if this is a group condition"""
+        if self.condition_type != "group":
+            raise ValueError("Cannot convert leaf condition to group")
+        # Recursively build children
+        child_conditions = []
+        children_list = [child for child in self.children]  # type: ignore[attr-defined]
+        for child in sorted(children_list, key=lambda x: x.sort_order):
+            if child.condition_type == "leaf":
+                child_conditions.append(child.to_condition_leaf())
+            else:
+                child_conditions.append(child.to_condition_group())
+        return ConditionGroup(
+            logical_operator=self.logical_operator, conditions=child_conditions
+        )
+    @classmethod
+    def get_root_condition(
+        cls, db: Session, manual_task_id: str
+    ) -> Optional[Union[ConditionLeaf, ConditionGroup]]:
+        """Get the root condition for a config"""
+        root = (
+            db.query(cls)
+            .filter(cls.manual_task_id == manual_task_id, cls.parent_id.is_(None))
+            .first()
+        )
+        if not root:
+            return None
+        if root.condition_type == "leaf":
+            return root.to_condition_leaf()
+        return root.to_condition_group()

fides/api/models/{manual_task.py → manual_task/manual_task.py} RENAMED Viewed

@@ -26,6 +26,9 @@ from fides.api.schemas.base_class import FidesSchema
 if TYPE_CHECKING:
     from fides.api.models.attachment import Attachment
     from fides.api.models.fides_user import FidesUser
+    from fides.api.models.manual_task.conditional_dependency import (
+        ManualTaskConditionalDependency,
+    )
 # ------------------------------------------------------------
 # Enums
@@ -242,6 +245,13 @@ class ManualTask(Base):
         viewonly=True,  # No cascade delete - submissions are historical data
     )
+    conditional_dependencies = relationship(
+        "ManualTaskConditionalDependency",
+        back_populates="task",
+        uselist=True,
+        cascade="all, delete-orphan",
+    )
     # Properties
     @property
     def assigned_users(self) -> list[str]:

fides/api/models/masking_secret.py ADDED Viewed

@@ -0,0 +1,72 @@
+from __future__ import annotations
+from typing import TYPE_CHECKING, Any, Union
+from urllib.parse import unquote_to_bytes
+from sqlalchemy import Column, ForeignKey, String
+from sqlalchemy.ext.declarative import declared_attr
+from sqlalchemy.orm import Session, relationship
+from sqlalchemy_utils.types.encrypted.encrypted_type import (
+    AesGcmEngine,
+    StringEncryptedType,
+)
+from fides.api.db.base_class import Base, JSONTypeOverride
+from fides.api.util.custom_json_encoder import ENCODED_BYTES_PREFIX
+from fides.config import CONFIG
+if TYPE_CHECKING:
+    from fides.api.models.privacy_request import PrivacyRequest
+class MaskingSecret(Base):
+    """SQLAlchemy model for storing secret caching information"""
+    @declared_attr
+    def __tablename__(self) -> str:
+        return "masking_secret"
+    privacy_request_id = Column(
+        String, ForeignKey("privacyrequest.id", ondelete="CASCADE"), nullable=False
+    )
+    secret = Column(
+        StringEncryptedType(
+            JSONTypeOverride,
+            CONFIG.security.app_encryption_key,
+            AesGcmEngine,
+            "pkcs5",
+        ),
+        nullable=False,
+    )
+    masking_strategy = Column(String, nullable=False)
+    secret_type = Column(String, nullable=False)
+    privacy_request = relationship("PrivacyRequest", back_populates="masking_secrets")
+    def set_secret(self, secret: Union[str, bytes]) -> None:
+        """Set the secret value, handling both string and bytes types"""
+        if isinstance(secret, str):
+            self.secret = secret.encode("utf-8")
+        elif isinstance(secret, bytes):
+            self.secret = secret
+        else:
+            raise ValueError("Secret must be either string or bytes")
+    def get_secret(self) -> Union[str, bytes]:
+        """Retrieve the secret in its original type"""
+        secret = self.secret
+        if isinstance(secret, str) and secret.startswith(ENCODED_BYTES_PREFIX):
+            return unquote_to_bytes(secret)[len(ENCODED_BYTES_PREFIX) :]
+        return secret
+    @classmethod
+    def create(
+        cls,
+        db: Session,
+        *,
+        data: dict[str, Any],
+        check_name: bool = True,
+    ) -> "MaskingSecret":
+        """
+        Create a new masking secret. Handles both string and bytes secrets automatically, encrypting them for storage.
+        """
+        return super().create(db=db, data=data, check_name=check_name)

fides/api/models/policy.py CHANGED Viewed

@@ -25,7 +25,9 @@ from fides.api.models.client import ClientDetail
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.sql_models import DataCategory  # type: ignore
 from fides.api.models.storage import StorageConfig, get_active_default_storage_config
+from fides.api.schemas.masking.masking_secrets import MaskingSecretCache
 from fides.api.schemas.policy import ActionType, DrpAction
+from fides.api.service.masking.strategy.masking_strategy import MaskingStrategy
 from fides.api.util.data_category import _validate_data_category
 from fides.config import CONFIG
@@ -140,6 +142,27 @@ class Policy(Base):
         except IndexError:
             return None
+    def generate_masking_secrets(self) -> Optional[List[MaskingSecretCache]]:
+        """
+        Returns a list of masking secrets for the masking strategies in the policy.
+        """
+        masking_secrets: List[MaskingSecretCache] = []
+        erasure_rules = self.get_rules_for_action(action_type=ActionType.erasure)
+        unique_masking_strategies_by_name: Set[str] = set()
+        for rule in erasure_rules:
+            strategy_name: str = rule.masking_strategy["strategy"]  # type: ignore
+            configuration = rule.masking_strategy["configuration"]  # type: ignore
+            if strategy_name in unique_masking_strategies_by_name:
+                continue
+            unique_masking_strategies_by_name.add(strategy_name)
+            masking_strategy = MaskingStrategy.get_strategy(
+                strategy_name, configuration
+            )
+            if masking_strategy.secrets_required():
+                masking_secrets.extend(masking_strategy.generate_secrets_for_cache())
+        return masking_secrets
     def applies_to(self, node: "TraversalNode") -> bool:
         """
         Returns True if any data category in the traversal node starts with any of the policy's target categories.

fides/api/models/privacy_request/execution_log.py CHANGED Viewed

@@ -24,6 +24,7 @@ EXECUTION_CHECKPOINTS = [
     CurrentStep.finalize_consent,
     CurrentStep.email_post_send,
     CurrentStep.post_webhooks,
+    CurrentStep.finalization,
 ]
 COMPLETED_EXECUTION_LOG_STATUSES = [

fides/api/models/privacy_request/privacy_request.py CHANGED Viewed

@@ -50,6 +50,7 @@ from fides.api.models.comment import Comment, CommentReference, CommentReference
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.field_types import EncryptedLargeDataDescriptor
 from fides.api.models.manual_webhook import AccessManualWebhook
+from fides.api.models.masking_secret import MaskingSecret
 from fides.api.models.policy import (
     Policy,
     PolicyPreWebhook,
@@ -98,7 +99,6 @@ from fides.api.util.cache import (
     get_drp_request_body_cache_key,
     get_encryption_cache_key,
     get_identity_cache_key,
-    get_masking_secret_cache_key,
 )
 from fides.api.util.collection_util import Row, extract_key_for_address
 from fides.api.util.constants import API_DATE_FORMAT
@@ -145,6 +145,12 @@ class PrivacyRequest(
         ForeignKey(FidesUser.id_field_path, ondelete="SET NULL"),
         nullable=True,
     )
+    finalized_at = Column(DateTime(timezone=True), nullable=True)
+    finalized_by = Column(
+        String,
+        ForeignKey(FidesUser.id_field_path, ondelete="SET NULL"),
+        nullable=True,
+    )
     submitted_by = Column(
         String,
         ForeignKey(FidesUser.id_field_path, ondelete="SET NULL"),
@@ -289,6 +295,13 @@ class PrivacyRequest(
         order_by="RequestTask.created_at",
     )
+    masking_secrets: "RelationshipProperty[List[MaskingSecret]]" = relationship(
+        "MaskingSecret",
+        back_populates="privacy_request",
+        uselist=True,
+        passive_deletes="all",
+    )
     @property
     def days_left(self: PrivacyRequest) -> Union[int, None]:
         if self.due_date is None:
@@ -566,19 +579,24 @@ class PrivacyRequest(
             encryption_key,
         )
-    def cache_masking_secret(self, masking_secret: MaskingSecretCache) -> None:
-        """Sets masking encryption secrets in the Fides app cache if provided"""
-        if not masking_secret:
+    def persist_masking_secrets(
+        self, masking_secrets: List[MaskingSecretCache]
+    ) -> None:
+        """Persists masking encryption secrets to database."""
+        if not masking_secrets:
             return
-        cache: FidesopsRedis = get_cache()
-        cache.set_with_autoexpire(
-            get_masking_secret_cache_key(
-                self.id,
-                masking_strategy=masking_secret.masking_strategy,
-                secret_type=masking_secret.secret_type,
-            ),
-            FidesopsRedis.encode_obj(masking_secret.secret),
-        )
+        session = Session.object_session(self)
+        for masking_secret in masking_secrets:
+            MaskingSecret.create(
+                db=session,
+                data={
+                    "privacy_request_id": self.id,
+                    "secret": masking_secret.secret,
+                    "masking_strategy": masking_secret.masking_strategy,
+                    "secret_type": masking_secret.secret_type,
+                },
+            )
     def get_cached_identity_data(self) -> Dict[str, Any]:
         """Retrieves any identity data pertaining to this request from the cache"""

fides/api/oauth/roles.py CHANGED Viewed

@@ -47,6 +47,7 @@ from fides.common.api.scope_registry import (
     SYSTEM_READ,
     USER_PERMISSION_ASSIGN_OWNERS,
     USER_READ,
+    USER_READ_OWN,
     WEBHOOK_READ,
 )
@@ -126,6 +127,7 @@ viewer_scopes = [  # Intentionally omitted USER_PERMISSION_READ and PRIVACY_REQU
 respondent_scopes = [
     PRIVACY_REQUEST_MANUAL_STEPS_RESPOND,  # allows respondents to respond to assigned manual steps
+    USER_READ_OWN,
 ]
 external_respondent_scopes = [

fides/api/schemas/application_config.py CHANGED Viewed

@@ -11,6 +11,14 @@ from fides.api.schemas.messaging.messaging import MessagingServiceType
 from fides.config.admin_ui_settings import ErrorNotificationMode
+class SqlDryRunMode(str, Enum):
+    """SQL dry run mode for controlling execution of SQL statements in privacy requests"""
+    none = "none"
+    access = "access"
+    erasure = "erasure"
 class StorageTypeApiAccepted(Enum):
     """Enum for storage destination types accepted in API updates"""
@@ -62,7 +70,9 @@ class ExecutionApplicationConfig(FidesSchema):
     subject_identity_verification_required: Optional[bool] = None
     disable_consent_identity_verification: Optional[bool] = None
     require_manual_request_approval: Optional[bool] = None
-    model_config = ConfigDict(extra="forbid")
+    sql_dry_run: Optional[SqlDryRunMode] = None
+    model_config = ConfigDict(use_enum_values=True, extra="forbid")
 class AdminUIConfig(FidesSchema):

fides/api/schemas/masking/masking_secrets.py CHANGED Viewed

@@ -5,7 +5,7 @@ from typing import Callable, Generic, TypeVar
 T = TypeVar("T")
-class SecretType(Enum):
+class SecretType(str, Enum):
     """Enum that holds all possible types of secrets across all masking strategies"""
     key = "key"

ethyca-fides 2.66.2rc0__py2.py3-none-any.whl → 2.67.0rc0__py2.py3-none-any.whl

Potentially problematic release.

ethyca-fides 2.66.2rc0py2.py3-none-any.whl → 2.67.0rc0py2.py3-none-any.whl