PyPI - ethyca-fides - Versions diffs - 2.70.2__py2.py3-none-any.whl → 2.70.3__py2.py3-none-any.whl - Mend

ethyca-fides 2.70.2py2.py3-none-any.whl → 2.70.3py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ethyca-fides might be problematic. Click here for more details.

Files changed (207) hide show

fides/_version.py CHANGED Viewed

@@ -8,11 +8,11 @@ import json
 version_json = '''
 {
- "date": "2025-09-19T17:26:35-0700",
+ "date": "2025-09-19T20:10:22-0700",
  "dirty": false,
  "error": null,
- "full-revisionid": "fe651d7445cf98722c20b976cf2ebf8b4807527e",
- "version": "2.70.2"
+ "full-revisionid": "0da25ea6ae44ca2dc4211c18b4d0bc24b6aee66b",
+ "version": "2.70.3"
 }
 '''  # END VERSION_JSON

fides/api/db/crud.py CHANGED Viewed

@@ -1,6 +1,6 @@
 """
-DEPRECATED: This module uses manual transaction handling which can
-lead to unexpected behavior. Use fides.api.db.safe_crud instead.
+Contains all of the generic CRUD endpoints that can be
+generated programmatically for each resource.
 """
 from collections import defaultdict
@@ -18,7 +18,6 @@ from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.future import select
 from sqlalchemy.sql import Select
 from starlette.status import HTTP_422_UNPROCESSABLE_ENTITY
-from typing_extensions import deprecated
 from fides.api.models.sql_models import (  # type: ignore[attr-defined]
     CustomField,
@@ -33,9 +32,6 @@ T = TypeVar("T", bound="FidesBase")
 # CRUD Functions
-@deprecated(
-    "This function uses a manual session.begin() which can lead to unexpected transaction handling. Use create_resource from safe_crud instead."
-)
 async def create_resource(
     sql_model: Type[T], resource_dict: Dict, async_session: AsyncSession
 ) -> T:
@@ -70,9 +66,6 @@ async def create_resource(
         return await get_resource(sql_model, resource_dict["fides_key"], async_session)
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use get_custom_fields_filtered from safe_crud instead."
-)
 async def get_custom_fields_filtered(
     async_session: AsyncSession,
     resource_types_to_ids: Dict[ResourceTypes, List[str]] = defaultdict(list),
@@ -118,9 +111,6 @@ async def get_custom_fields_filtered(
                 raise sa_error
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use get_resource from safe_crud instead."
-)
 async def get_resource(
     sql_model: Type[T],
     fides_key: str,
@@ -152,9 +142,6 @@ async def get_resource(
             return sql_resource
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use get_resource_with_custom_fields from safe_crud instead."
-)
 async def get_resource_with_custom_fields(
     sql_model: Type[T], fides_key: str, async_session: AsyncSession
 ) -> Dict[str, Any]:
@@ -206,9 +193,6 @@ async def get_resource_with_custom_fields(
     return resource_dict
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use list_resource from safe_crud instead."
-)
 async def list_resource(sql_model: Type[T], async_session: AsyncSession) -> List[T]:
     """
     Get a list of all of the resources of this type from the database.
@@ -219,9 +203,6 @@ async def list_resource(sql_model: Type[T], async_session: AsyncSession) -> List
     return await list_resource_query(async_session, query, sql_model)
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use list_resource_query from safe_crud instead."
-)
 async def list_resource_query(
     async_session: AsyncSession, query: Select, sql_model: Type[T]
 ) -> List[T]:
@@ -244,9 +225,6 @@ async def list_resource_query(
             return sql_resources
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use update_resource from safe_crud instead."
-)
 async def update_resource(
     sql_model: Type[T], resource_dict: Dict, async_session: AsyncSession
 ) -> Dict:
@@ -273,9 +251,6 @@ async def update_resource(
         return await get_resource(sql_model, resource_dict["fides_key"], async_session)
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use upsert_resources from safe_crud instead."
-)
 async def upsert_resources(
     sql_model: Type[T], resource_dicts: List[Dict], async_session: AsyncSession
 ) -> Tuple[int, int]:
@@ -325,9 +300,6 @@ async def upsert_resources(
                 raise sa_error
-@deprecated(
-    "This function uses manual session.begin() which can lead to unexpected transaction handling. Use delete_resource from safe_crud instead."
-)
 async def delete_resource(
     sql_model: Type[T], fides_key: str, async_session: AsyncSession
 ) -> T:

fides/api/db/database.py CHANGED Viewed

@@ -159,5 +159,5 @@ def check_missing_migrations(database_url: str) -> None:
     result = command.autogen.compare_metadata(migration_context, Base.metadata)  # type: ignore[attr-defined]
     if result:
-        raise SystemExit("Migration needs to be generated!")
+        raise SystemExit("Migrations needs to be generated!")
     print("No migrations need to be generated.")

fides/api/migrations/post_upgrade_index_creation.py CHANGED Viewed

@@ -153,16 +153,6 @@ TABLE_OBJECT_MAP: Dict[str, List[Dict[str, str]]] = {
             "statement": "CREATE INDEX CONCURRENTLY ix_stagedresource_system_vendor_consent ON stagedresource (system_id, vendor_id, (meta->>'consent_aggregated'))",
             "type": "index",
         },
-        {
-            "name": "idx_stagedresource_user_categories_gin",
-            "statement": "CREATE INDEX CONCURRENTLY idx_stagedresource_user_categories_gin ON stagedresource USING GIN (user_assigned_data_categories)",
-            "type": "index",
-        },
-        {
-            "name": "idx_stagedresource_classifications_gin",
-            "statement": "CREATE INDEX CONCURRENTLY idx_stagedresource_classifications_gin ON stagedresource USING GIN (classifications)",
-            "type": "index",
-        },
     ],
 }

fides/api/models/detection_discovery/__init__.py CHANGED Viewed

@@ -1,4 +1,3 @@
-from .classification_benchmark import ClassificationBenchmark
 from .core import (
     DiffStatus,
     MonitorConfig,
@@ -19,7 +18,6 @@ from .monitor_task import (
 )
 __all__ = [
-    "ClassificationBenchmark",
     "DiffStatus",
     "MonitorConfig",
     "MonitorExecution",

fides/api/models/detection_discovery/core.py CHANGED Viewed

@@ -599,17 +599,6 @@ class StagedResource(Base):
             "vendor_id",
             text("(meta->>'consent_aggregated')"),
         ),
-        # GIN indices for array operations (&&, @>, <@)
-        Index(
-            "idx_stagedresource_classifications_gin",
-            "classifications",
-            postgresql_using="gin",
-        ),
-        Index(
-            "idx_stagedresource_user_categories_gin",
-            "user_assigned_data_categories",
-            postgresql_using="gin",
-        ),
     )
     @classmethod

fides/api/models/manual_task/conditional_dependency.py CHANGED Viewed

@@ -1,14 +1,13 @@
-from typing import TYPE_CHECKING, Any, Optional, Union
+from enum import Enum
+from typing import TYPE_CHECKING, Optional, Union
-from sqlalchemy import Column, ForeignKey, Index, String
+from sqlalchemy import Column, ForeignKey, Index, Integer, String
+from sqlalchemy.dialects.postgresql import JSONB
 from sqlalchemy.ext.declarative import declared_attr
 from sqlalchemy.orm import Session, relationship
-from fides.api.db.base_class import FidesBase
-from fides.api.models.conditional_dependency.conditional_dependency_base import (
-    ConditionalDependencyBase,
-    ConditionalDependencyType,
-)
+from fides.api.db.base_class import Base, FidesBase
+from fides.api.db.util import EnumColumn
 from fides.api.task.conditional_dependencies.schemas import (
     ConditionGroup,
     ConditionLeaf,
@@ -18,16 +17,42 @@ if TYPE_CHECKING:
     from fides.api.models.manual_task.manual_task import ManualTask
-class ManualTaskConditionalDependency(ConditionalDependencyBase):
-    """Manual task conditional dependencies - single type hierarchy."""
+class ManualTaskConditionalDependencyType(str, Enum):
+    """Enum for manual task conditional dependency types.
+    This enum defines the two types of nodes in a conditional dependency tree:
+    - leaf: A terminal node that represents a single condition (e.g., "user.age >= 18")
+    - group: A non-terminal node that groups multiple conditions with logical operators (AND/OR)
+    Examples:
+        leaf: Used for simple field comparisons like:
+            - "user.name exists"
+            - "user.age >= 18"
+            - "billing.subscription.status == 'active'"
+        group: Used to combine multiple conditions with logical operators:
+            - AND group: "user.age >= 18 AND user.active == true"
+            - OR group: "user.role == 'admin' OR user.verified == true"
+            - Nested groups: "(user.age >= 18 AND (user.role == 'admin' OR user.verified == true))"
+    """
+    leaf = "leaf"
+    group = "group"
+class ManualTaskConditionalDependency(Base):
+    """Model for storing conditional dependencies."""
     @declared_attr
     def __tablename__(cls) -> str:
+        """Overriding base class method to set the table name."""
         return "manual_task_conditional_dependency"
     # We need to redefine it here so that self-referential relationships
     # can properly reference the `id` column instead of the built-in Python function.
     id = Column(String(255), primary_key=True, default=FidesBase.generate_uuid)
     # Foreign key relationships
     manual_task_id = Column(
         String, ForeignKey("manual_task.id", ondelete="CASCADE"), nullable=False
@@ -38,6 +63,18 @@ class ManualTaskConditionalDependency(ConditionalDependencyBase):
         nullable=True,
     )
+    # Condition metadata
+    condition_type = Column(
+        EnumColumn(ManualTaskConditionalDependencyType), nullable=False
+    )  # leaf or group
+    field_address = Column(String, nullable=True)  # For leaf conditions
+    operator = Column(String, nullable=True)  # For leaf conditions
+    value = Column(JSONB, nullable=True)  # For leaf conditions
+    logical_operator = Column(String, nullable=True)  # 'and' or 'or' for groups
+    # Ordering
+    sort_order = Column(Integer, nullable=False, default=0)
     __table_args__ = (
         Index("ix_manual_task_conditional_dependency_manual_task_id", "manual_task_id"),
         Index("ix_manual_task_conditional_dependency_parent_id", "parent_id"),
@@ -60,20 +97,38 @@ class ManualTaskConditionalDependency(ConditionalDependencyBase):
         foreign_keys=[parent_id],
     )
+    def to_condition_leaf(self) -> ConditionLeaf:
+        """Convert to ConditionLeaf if this is a leaf condition"""
+        if self.condition_type != "leaf":
+            raise ValueError("Cannot convert group condition to leaf")
+        return ConditionLeaf(
+            field_address=self.field_address, operator=self.operator, value=self.value
+        )
+    def to_condition_group(self) -> ConditionGroup:
+        """Convert to ConditionGroup if this is a group condition"""
+        if self.condition_type != "group":
+            raise ValueError("Cannot convert leaf condition to group")
+        # Recursively build children
+        child_conditions = []
+        children_list = [child for child in self.children]  # type: ignore[attr-defined]
+        for child in sorted(children_list, key=lambda x: x.sort_order):
+            if child.condition_type == "leaf":
+                child_conditions.append(child.to_condition_leaf())
+            else:
+                child_conditions.append(child.to_condition_group())
+        return ConditionGroup(
+            logical_operator=self.logical_operator, conditions=child_conditions
+        )
     @classmethod
     def get_root_condition(
-        cls, db: Session, *args: Any, **kwargs: Any
+        cls, db: Session, manual_task_id: str
     ) -> Optional[Union[ConditionLeaf, ConditionGroup]]:
-        """Get the root condition for a manual task
-        Args:
-            db: Database session
-            manual_task_id: ID of the manual task (first positional arg)
-        """
-        if not args:
-            raise ValueError("manual_task_id is required as first positional argument")
-        manual_task_id = args[0]
+        """Get the root condition for a config"""
         root = (
             db.query(cls)
             .filter(cls.manual_task_id == manual_task_id, cls.parent_id.is_(None))
@@ -83,6 +138,7 @@ class ManualTaskConditionalDependency(ConditionalDependencyBase):
         if not root:
             return None
-        if root.condition_type == ConditionalDependencyType.leaf:
+        if root.condition_type == "leaf":
             return root.to_condition_leaf()
         return root.to_condition_group()

fides/api/models/policy.py CHANGED Viewed

@@ -177,30 +177,6 @@ class Policy(Base):
             for category in node.get_data_categories()
         )
-    def to_safe_dict(self) -> Dict[str, Any]:
-        """
-        Returns a dictionary representation of the Policy, excluding sensitive information.
-        """
-        return {
-            "id": self.id,
-            "name": self.name,
-            "key": self.key,
-            "drp_action": self.drp_action.value if self.drp_action else None,  # type: ignore[attr-defined]
-            "execution_timeframe": self.execution_timeframe,
-            "client_id": self.client_id,
-            "rules": [
-                {
-                    "id": rule.id,
-                    "name": rule.name,
-                    "key": rule.key,
-                    "action_type": rule.action_type.value,
-                    "masking_strategy": rule.masking_strategy,
-                    "storage_destination_id": rule.storage_destination_id,
-                }
-                for rule in self.rules  # type: ignore[attr-defined]
-            ],
-        }
 def _get_ref_from_taxonomy(
     fides_key: FidesKey,

fides/api/models/privacy_notice.py CHANGED Viewed

@@ -41,7 +41,7 @@ class UserConsentPreference(Enum):
     tcf = "tcf"  # Overall preference set for TCF where there are numerous preferences under the single notice
-class ConsentMechanism(str, Enum):
+class ConsentMechanism(Enum):
     """
     Enum is not formalized in the DB because it may be subject to frequent change
     """

fides/api/models/privacy_request/privacy_request.py CHANGED Viewed

@@ -261,12 +261,6 @@ class PrivacyRequest(
         foreign_keys=[reviewed_by],
     )
-    submitter = relationship(
-        FidesUser,
-        backref=backref("submitted_privacy_requests", passive_deletes=True),
-        foreign_keys=[submitted_by],
-    )
     pre_approval_webhook_replies = relationship(
         PreApprovalWebhookReply,
         back_populates="privacy_request",
@@ -361,64 +355,6 @@ class PrivacyRequest(
         return super().create(db=db, data=data, check_name=check_name)
-    def to_safe_dict(self) -> Dict[str, Any]:
-        """
-        Return a dict representation of the PrivacyRequest, excluding any fields
-        that may contain sensitive information.
-        """
-        return {
-            "id": self.id,
-            "external_id": self.external_id,
-            "status": self.status.value,
-            "requested_at": (
-                self.requested_at.isoformat() if self.requested_at else None
-            ),
-            "started_processing_at": (
-                self.started_processing_at.isoformat()
-                if self.started_processing_at
-                else None
-            ),
-            "finished_processing_at": (
-                self.finished_processing_at.isoformat()
-                if self.finished_processing_at
-                else None
-            ),
-            "reviewed_at": self.reviewed_at.isoformat() if self.reviewed_at else None,
-            "reviewed_by": self.reviewed_by,
-            "finalized_at": (
-                self.finalized_at.isoformat() if self.finalized_at else None
-            ),
-            "finalized_by": self.finalized_by,
-            "submitted_by": self.submitted_by,
-            "custom_privacy_request_fields_approved_by": (
-                self.custom_privacy_request_fields_approved_by
-            ),
-            "identity_verified_at": (
-                self.identity_verified_at.isoformat()
-                if self.identity_verified_at
-                else None
-            ),
-            "custom_privacy_request_fields_approved_at": (
-                self.custom_privacy_request_fields_approved_at.isoformat()
-                if self.custom_privacy_request_fields_approved_at
-                else None
-            ),
-            "client_id": self.client_id,
-            "origin": self.origin,
-            "policy_id": self.policy_id,
-            "policy": self.policy.to_safe_dict() if self.policy else None,
-            "property_id": self.property_id,
-            "cancel_reason": self.cancel_reason,
-            "canceled_at": self.canceled_at.isoformat() if self.canceled_at else None,
-            "consent_preferences": self.consent_preferences,
-            "source": self.source.value if self.source else None,
-            "paused_at": self.paused_at.isoformat() if self.paused_at else None,
-            "due_date": self.due_date.isoformat() if self.due_date else None,
-            "days_left": self.days_left,
-            "custom_fields": self.get_persisted_custom_privacy_request_fields() if self.custom_fields else None,  # type: ignore[attr-defined]
-            "location": self.location,
-        }
     def clear_cached_values(self) -> None:
         """
         Clears all cached values associated with this privacy request from Redis.
@@ -967,8 +903,6 @@ class PrivacyRequest(
             callback_type=CallbackType.pre_approval,
             identity=self.get_cached_identity_data(),
             policy_action=policy_action,
-            privacy_request=self.to_safe_dict(),
-            timestamp=datetime.utcnow(),
         )
         headers = {
             "reply-to-approve": f"/privacy-request/{self.id}/pre-approve/eligible",
@@ -1009,8 +943,6 @@ class PrivacyRequest(
             callback_type=webhook.prefix,
             identity=self.get_cached_identity_data(),
             policy_action=policy_action,
-            privacy_request=self.to_safe_dict(),
-            timestamp=datetime.utcnow(),
         )
         headers = {}

fides/api/models/privacy_request/webhook.py CHANGED Viewed

@@ -5,7 +5,7 @@ from __future__ import annotations
 import json
 from datetime import datetime
 from enum import Enum as EnumType
-from typing import Any, Dict, Optional
+from typing import Optional
 from pydantic import BaseModel, ConfigDict
@@ -51,8 +51,6 @@ class SecondPartyRequestFormat(BaseModel):
     identity: Identity
     policy_action: Optional[ActionType] = None
     model_config = ConfigDict(use_enum_values=True)
-    privacy_request: Dict[str, Any]
-    timestamp: datetime
 def generate_request_callback_resume_jwe(webhook: PolicyPreWebhook) -> str:

fides/api/oauth/roles.py CHANGED Viewed

@@ -26,7 +26,6 @@ from fides.common.api.scope_registry import (
     PRIVACY_EXPERIENCE_READ,
     PRIVACY_NOTICE_READ,
     PRIVACY_REQUEST_CALLBACK_RESUME,
-    PRIVACY_REQUEST_CREATE,
     PRIVACY_REQUEST_DELETE,
     PRIVACY_REQUEST_EMAIL_INTEGRATIONS_SEND,
     PRIVACY_REQUEST_MANUAL_STEPS_RESPOND,
@@ -89,7 +88,6 @@ approver_scopes = [
     PRIVACY_REQUEST_UPLOAD_DATA,
     PRIVACY_REQUEST_VIEW_DATA,
     PRIVACY_REQUEST_DELETE,
-    PRIVACY_REQUEST_CREATE,  # allows approvers to create new privacy requests
     USER_READ,  # allows approver to view user management table and update their own password
     PRIVACY_REQUEST_MANUAL_STEPS_REVIEW,  # allows approvers to see all manual steps
 ]

fides/api/schemas/privacy_request.py CHANGED Viewed

@@ -14,7 +14,7 @@ from fides.api.schemas.base_class import FidesSchema
 from fides.api.schemas.policy import ActionType, CurrentStep
 from fides.api.schemas.policy import PolicyResponse as PolicySchema
 from fides.api.schemas.redis_cache import CustomPrivacyRequestField, Identity
-from fides.api.schemas.user import PrivacyRequestUser
+from fides.api.schemas.user import PrivacyRequestReviewer
 from fides.api.util.collection_util import Row
 from fides.api.util.encryption.aes_gcm_encryption_scheme import verify_encryption_key
 from fides.api.util.enums import ColumnSort
@@ -316,9 +316,7 @@ class PrivacyRequestResponse(FidesSchema):
     started_processing_at: Optional[datetime] = None
     reviewed_at: Optional[datetime] = None
     reviewed_by: Optional[str] = None
-    submitted_by: Optional[str] = None
-    reviewer: Optional[PrivacyRequestUser] = None
-    submitter: Optional[PrivacyRequestUser] = None
+    reviewer: Optional[PrivacyRequestReviewer] = None
     finished_processing_at: Optional[datetime] = None
     identity_verified_at: Optional[datetime] = None
     paused_at: Optional[datetime] = None

fides/api/schemas/user.py CHANGED Viewed

@@ -10,8 +10,8 @@ from fides.api.schemas.base_class import FidesSchema
 from fides.api.schemas.oauth import AccessToken
-class PrivacyRequestUser(FidesSchema):
-    """Data we can expose via PrivacyRequest user relations (reviewer, submitter, etc.)"""
+class PrivacyRequestReviewer(FidesSchema):
+    """Data we can expose via the PrivacyRequest.reviewer relation"""
     id: str
     username: str

fides/api/service/privacy_request/dsr_package/dsr_report_builder.py CHANGED Viewed

@@ -26,7 +26,7 @@ from fides.api.service.storage.util import (
     is_attachment_field,
     process_attachment_naming,
     process_attachments_contextually,
-    resolve_path_from_context,
+    resolve_directory_from_context,
 )
 from fides.api.util.storage_util import StorageJSONEncoder, format_size
 from fides.config import CONFIG
@@ -226,7 +226,7 @@ class DSRReportBuilder:
             file_size = format_attachment_size(attachment.get("file_size"))
             # Determine the actual directory for this attachment based on its context
-            actual_directory = resolve_path_from_context(attachment, directory)
+            actual_directory = resolve_directory_from_context(attachment, directory)
             # Generate attachment URL using shared utility with actual storage path
             download_url = attachment.get("download_url")

ethyca-fides 2.70.2__py2.py3-none-any.whl → 2.70.3__py2.py3-none-any.whl

Potentially problematic release.

ethyca-fides 2.70.2py2.py3-none-any.whl → 2.70.3py2.py3-none-any.whl