gooddata-pipelines 1.48.1.dev4__py3-none-any.whl → 1.49.1.dev1__py3-none-any.whl

gooddata_pipelines/provisioning/entities/users/models/permissions.py

@@ -1,103 +1,101 @@
 # (C) 2025 GoodData Corporation
-from dataclasses import dataclass
+from abc import abstractmethod
 from enum import Enum
-from typing import Any, Iterator, TypeAlias
+from typing import Any, Iterator, TypeAlias, TypeVar
 
+import attrs
 from gooddata_sdk.catalog.identifier import CatalogAssigneeIdentifier
 from gooddata_sdk.catalog.permission.declarative_model.permission import (
     CatalogDeclarativeSingleWorkspacePermission,
     CatalogDeclarativeWorkspacePermissions,
 )
+from pydantic import BaseModel
 
 from gooddata_pipelines.provisioning.utils.exceptions import BaseUserException
 
-# TODO: refactor the full load and incremental load models to reuse as much as possible
-# TODO: use pydantic models instead of dataclasses?
-# TODO: make the validation logic more readable (as in PermissionIncrementalLoad)
-
 TargetsPermissionDict: TypeAlias = dict[str, dict[str, bool]]
+ConstructorType = TypeVar("ConstructorType", bound="ConstructorMixin")
 
 
-class PermissionType(Enum):
+class PermissionType(str, Enum):
+    # NOTE: Start using StrEnum with Python 3.11
     user = "user"
     user_group = "userGroup"
 
 
-@dataclass(frozen=True)
-class PermissionIncrementalLoad:
-    permission: str
-    workspace_id: str
-    id: str
-    type: PermissionType
-    is_active: bool
+class ConstructorMixin:
+    @staticmethod
+    def _get_id_and_type(
+        permission: dict[str, Any],
+    ) -> tuple[str, PermissionType]:
+        user_id: str | None = permission.get("user_id")
+        user_group_id: str | None = permission.get("ug_id")
+        if user_id and user_group_id:
+            raise ValueError("Only one of user_id or ug_id must be present")
+        elif user_id:
+            return user_id, PermissionType.user
+        elif user_group_id:
+            return user_group_id, PermissionType.user_group
+        else:
+            raise ValueError("Either user_id or ug_id must be present")
 
     @classmethod
     def from_list_of_dicts(
-        cls, data: list[dict[str, Any]]
-    ) -> list["PermissionIncrementalLoad"]:
-        """Creates a list of User objects from list of dicts."""
-        id: str
+        cls: type[ConstructorType], data: list[dict[str, Any]]
+    ) -> list[ConstructorType]:
+        """Creates a list of instances from list of dicts."""
+        # NOTE: We can use typing.Self for the return type in Python 3.11
         permissions = []
         for permission in data:
-            user_id: str | None = permission.get("user_id")
-            user_group_id: str | None = permission.get("ug_id")
-
-            if user_id is not None:
-                target_type = PermissionType.user
-                id = user_id
-            elif user_group_id is not None:
-                target_type = PermissionType.user_group
-                id = user_group_id
-
-            permissions.append(
-                PermissionIncrementalLoad(
-                    permission=permission["ws_permissions"],
-                    workspace_id=permission["ws_id"],
-                    id=id,
-                    type=target_type,
-                    is_active=str(permission["is_active"]).lower() == "true",
-                )
-            )
+            permissions.append(cls.from_dict(permission))
         return permissions
 
+    @classmethod
+    @abstractmethod
+    def from_dict(cls, data: dict[str, Any]) -> Any:
+        """Construction form a dictionary to be implemented by subclasses."""
+        pass
+
 
-@dataclass(frozen=True)
-class PermissionFullLoad:
+class PermissionIncrementalLoad(BaseModel, ConstructorMixin):
     permission: str
     workspace_id: str
-    id: str
-    type: PermissionType
+    id_: str
+    type_: PermissionType
+    is_active: bool
 
     @classmethod
-    def from_list_of_dicts(
-        cls, data: list[dict[str, Any]]
-    ) -> list["PermissionFullLoad"]:
-        """Creates a list of User objects from list of dicts."""
-        permissions = []
-        for permission in data:
-            id = (
-                permission["user_id"]
-                if permission["user_id"]
-                else permission["ug_id"]
-            )
+    def from_dict(cls, data: dict[str, Any]) -> "PermissionIncrementalLoad":
+        """Returns an instance of PermissionIncrementalLoad from a dictionary."""
+        id_, target_type = cls._get_id_and_type(data)
+        return cls(
+            permission=data["ws_permissions"],
+            workspace_id=data["ws_id"],
+            id_=id_,
+            type_=target_type,
+            is_active=data["is_active"],
+        )
 
-            if permission["user_id"]:
-                target_type = PermissionType.user
-            else:
-                target_type = PermissionType.user_group
-
-            permissions.append(
-                PermissionFullLoad(
-                    permission=permission["ws_permissions"],
-                    workspace_id=permission["ws_id"],
-                    id=id,
-                    type=target_type,
-                )
-            )
-        return permissions
 
+class PermissionFullLoad(BaseModel, ConstructorMixin):
+    permission: str
+    workspace_id: str
+    id_: str
+    type_: PermissionType
+
+    @classmethod
+    def from_dict(cls, data: dict[str, Any]) -> "PermissionFullLoad":
+        """Returns an instance of PermissionFullLoad from a dictionary."""
+        id_, target_type = cls._get_id_and_type(data)
+        return cls(
+            permission=data["ws_permissions"],
+            workspace_id=data["ws_id"],
+            id_=id_,
+            type_=target_type,
+        )
 
-@dataclass
+
+@attrs.define
 class PermissionDeclaration:
     users: TargetsPermissionDict
     user_groups: TargetsPermissionDict
@@ -192,7 +190,9 @@ class PermissionDeclaration:
             permissions=permission_declarations
         )
 
-    def add_permission(self, permission: PermissionIncrementalLoad) -> None:
+    def add_incremental_permission(
+        self, permission: PermissionIncrementalLoad
+    ) -> None:
         """
         Adds WSPermission object into respective field within the instance.
         Handles duplicate permissions and different combinations of input
@@ -200,15 +200,15 @@ class PermissionDeclaration:
         """
         target_dict = (
             self.users
-            if permission.type == PermissionType.user
+            if permission.type_ == PermissionType.user
             else self.user_groups
         )
 
-        if permission.id not in target_dict:
-            target_dict[permission.id] = {}
+        if permission.id_ not in target_dict:
+            target_dict[permission.id_] = {}
 
         is_active = permission.is_active
-        target_permissions = target_dict[permission.id]
+        target_permissions = target_dict[permission.id_]
         permission_value = permission.permission
 
         if permission_value not in target_permissions:
@@ -225,6 +225,27 @@ class PermissionDeclaration:
             )
             target_permissions[permission_value] = is_active
 
+    def add_full_load_permission(self, permission: PermissionFullLoad) -> None:
+        """
+        Adds WSPermission object into respective field within the instance.
+        Handles duplicate permissions and different combinations of input
+        and upstream is_active permission states.
+        """
+        target_dict = (
+            self.users
+            if permission.type_ == PermissionType.user
+            else self.user_groups
+        )
+
+        if permission.id_ not in target_dict:
+            target_dict[permission.id_] = {}
+
+        target_permissions = target_dict[permission.id_]
+        permission_value = permission.permission
+
+        if permission_value not in target_permissions:
+            target_permissions[permission_value] = True
+
     def upsert(self, other: "PermissionDeclaration") -> None:
         """
         Modifies the owner object by merging with the other.

gooddata_pipelines/provisioning/entities/users/permissions.py

@@ -2,6 +2,8 @@
 
 """Module for provisioning user permissions in GoodData workspaces."""
 
+from typing import TypeVar
+
 from gooddata_pipelines.api.exceptions import GoodDataApiException
 from gooddata_pipelines.provisioning.entities.users.models.permissions import (
     PermissionDeclaration,
@@ -14,6 +16,11 @@ from gooddata_pipelines.provisioning.entities.users.models.permissions import (
 from gooddata_pipelines.provisioning.provisioning import Provisioning
 from gooddata_pipelines.provisioning.utils.exceptions import BaseUserException
 
+# Type variable for permission models (PermissionIncrementalLoad or PermissionFullLoad)
+PermissionModel = TypeVar(
+    "PermissionModel", PermissionIncrementalLoad, PermissionFullLoad
+)
+
 
 class PermissionProvisioner(
     Provisioning[PermissionFullLoad, PermissionIncrementalLoad]
@@ -72,7 +79,7 @@ class PermissionProvisioner(
 
     @staticmethod
     def _construct_declarations(
-        permissions: list[PermissionIncrementalLoad],
+        permissions: list[PermissionIncrementalLoad] | list[PermissionFullLoad],
     ) -> WSPermissionsDeclarations:
         """Constructs workspace permission declarations from the input permissions."""
         ws_dict: WSPermissionsDeclarations = {}
@@ -82,7 +89,12 @@ class PermissionProvisioner(
             if ws_id not in ws_dict:
                 ws_dict[ws_id] = PermissionDeclaration({}, {})
 
-            ws_dict[ws_id].add_permission(permission)
+            if isinstance(permission, PermissionIncrementalLoad):
+                ws_dict[ws_id].add_incremental_permission(permission)
+            elif isinstance(permission, PermissionFullLoad):
+                ws_dict[ws_id].add_full_load_permission(permission)
+            else:
+                raise ValueError(f"Invalid permission type: {type(permission)}")
         return ws_dict
 
     def _check_user_group_exists(self, ug_id: str) -> None:
@@ -90,14 +102,14 @@ class PermissionProvisioner(
         self._api._sdk.catalog_user.get_user_group(ug_id)
 
     def _validate_permission(
-        self, permission: PermissionIncrementalLoad
+        self, permission: PermissionFullLoad | PermissionIncrementalLoad
     ) -> None:
         """Validates if the permission is correctly defined."""
-        if permission.type == PermissionType.user:
-            self._api.get_user(permission.id, error_message="User not found")
+        if permission.type_ == PermissionType.user:
+            self._api.get_user(permission.id_, error_message="User not found")
         else:
             self._api.get_user_group(
-                permission.id, error_message="User group not found"
+                permission.id_, error_message="User group not found"
             )
 
         self._api.get_workspace(
@@ -105,10 +117,12 @@ class PermissionProvisioner(
         )
 
     def _filter_invalid_permissions(
-        self, permissions: list[PermissionIncrementalLoad]
-    ) -> list[PermissionIncrementalLoad]:
+        self,
+        permissions: list[PermissionModel],
+    ) -> list[PermissionModel]:
         """Filters out invalid permissions from the input list."""
-        valid_permissions: list[PermissionIncrementalLoad] = []
+        valid_permissions: list[PermissionModel] = []
+
         for permission in permissions:
             try:
                 self._validate_permission(permission)
@@ -121,13 +135,15 @@ class PermissionProvisioner(
             valid_permissions.append(permission)
         return valid_permissions
 
-    def _manage_permissions(
-        self, permissions: list[PermissionIncrementalLoad]
-    ) -> None:
-        """Manages permissions for a list of workspaces.
-        Modify upstream workspace declarations for each input workspace and skip non-existent ws_ids
+    def _provision_incremental_load(self) -> None:
+        """Provisiones permissions for a list of workspaces.
+
+        Modifies existing upstream workspace permission declarations for each
+        input workspace and skips rest of the workspaces.
         """
-        valid_permissions = self._filter_invalid_permissions(permissions)
+        valid_permissions = self._filter_invalid_permissions(
+            self.source_group_incremental
+        )
 
         input_declarations = self._construct_declarations(valid_permissions)
 
@@ -145,9 +161,21 @@ class PermissionProvisioner(
             self._api.put_declarative_permissions(ws_id, ws_permissions)
             self.logger.info(f"Updated permissions for workspace {ws_id}")
 
-    def _provision_incremental_load(self) -> None:
-        """Provision permissions based on the source group."""
-        self._manage_permissions(self.source_group_incremental)
-
     def _provision_full_load(self) -> None:
-        raise NotImplementedError("Not implemented yet.")
+        """Provisions permissions for selected of workspaces.
+
+        Modifies upstream workspace declarations for each input workspace and
+        skips non-existent workspace ids. Overwrites any existing configuration
+        of the workspace permissions.
+        """
+        valid_permissions = self._filter_invalid_permissions(
+            self.source_group_full
+        )
+
+        input_declarations = self._construct_declarations(valid_permissions)
+
+        for ws_id, declaration in input_declarations.items():
+            ws_permissions = declaration.to_sdk_api()
+
+            self._api.put_declarative_permissions(ws_id, ws_permissions)
+            self.logger.info(f"Updated permissions for workspace {ws_id}")

gooddata_pipelines/provisioning/provisioning.py

@@ -36,6 +36,7 @@ class Provisioning(Generic[TFullLoadSourceData, TIncrementalSourceData]):
         cls: Type[TProvisioning], host: str, token: str
     ) -> TProvisioning:
         """Creates a provisioner instance using provided host and token."""
+        cls._validate_credentials(host, token)
         return cls(host=host, token=token)
 
     @classmethod
@@ -48,6 +49,16 @@ class Provisioning(Generic[TFullLoadSourceData, TIncrementalSourceData]):
         content = profile_content(profile, profiles_path)
         return cls(**content)
 
+    @staticmethod
+    def _validate_credentials(host: str, token: str) -> None:
+        """Validates the credentials."""
+        if (not host) and (not token):
+            raise ValueError("Host and token are required.")
+        if not host:
+            raise ValueError("Host is required.")
+        if not token:
+            raise ValueError("Token is required.")
+
     @staticmethod
     def _create_groups(
         source_id: set[str], panther_id: set[str]
@@ -95,13 +106,9 @@ class Provisioning(Generic[TFullLoadSourceData, TIncrementalSourceData]):
 
         try:
             self._provision_full_load()
-            self.logger.info("Provisioning completed successfully.")
+            self.logger.info("Provisioning completed.")
         except Exception as e:
-            self.fatal_exception = str(e)
-            self.logger.error(
-                f"Provisioning failed. Error: {self.fatal_exception} "
-                + f"Context: {e.__dict__}"
-            )
+            self._handle_fatal_exception(e)
 
     def incremental_load(
         self, source_data: list[TIncrementalSourceData]
@@ -111,22 +118,34 @@ class Provisioning(Generic[TFullLoadSourceData, TIncrementalSourceData]):
         Incremental provisioning is used to modify a subset of the upstream workspaces
         based on the source data provided.
         """
+        # TODO: validate the data type of source group at runtime
         self.source_group_incremental = source_data
 
         try:
             self._provision_incremental_load()
-            self.logger.info("Provisioning completed successfully.")
+            self.logger.info("Provisioning completed.")
         except Exception as e:
-            self.fatal_exception = str(e)
-            self.logger.error(
-                f"Provisioning failed. Error: {self.fatal_exception} "
-                + f"Context: {e.__dict__}"
-            )
-
-    # TODO: implement a sceond provisioning method and name the two differently:
-    #  1) provision_incremental - will use the is_active logic, such as user provisioning now
-    #  2) provision_full - full load of the source data, like workspaces now
-    #  Each will have its own implementation and source data model.
-    #  Both use cases are required and need to be supported.
-    #  This will also improve the clarity of the code as now provisioning of each
-    #   entity works differently, leading to confusion.
+            self._handle_fatal_exception(e)
+
+    def _handle_fatal_exception(self, e: Exception) -> None:
+        """Handles fatal exceptions during provisioning.
+
+        Logs the exception content. Re-raises the exception if there is no
+        subscriber to the logger.
+        """
+        self.fatal_exception = str(e)
+
+        if hasattr(e, "__dict__"):
+            exception_context = f"Context: {e.__dict__}"
+        else:
+            exception_context = ""
+
+        exception_message = (
+            f"Provisioning failed. Error: {self.fatal_exception}. "
+            + exception_context
+        )
+
+        self.logger.error(exception_message)
+
+        if not self.logger.subscribers:
+            raise Exception(exception_message)

{gooddata_pipelines-1.48.1.dev4.dist-info → gooddata_pipelines-1.49.1.dev1.dist-info}/METADATA

@@ -1,23 +1,18 @@
 Metadata-Version: 2.4
 Name: gooddata-pipelines
-Version: 1.48.1.dev4
+Version: 1.49.1.dev1
+Summary: GoodData Cloud lifecycle automation pipelines
 Author-email: GoodData <support@gooddata.com>
 License: MIT
 License-File: LICENSE.txt
 Requires-Python: >=3.10
 Requires-Dist: boto3-stubs<2.0.0,>=1.39.3
 Requires-Dist: boto3<2.0.0,>=1.39.3
-Requires-Dist: gooddata-sdk~=1.48.1.dev4
+Requires-Dist: gooddata-sdk~=1.49.1.dev1
 Requires-Dist: pydantic<3.0.0,>=2.11.3
 Requires-Dist: requests<3.0.0,>=2.32.3
 Requires-Dist: types-pyyaml<7.0.0,>=6.0.12.20250326
 Requires-Dist: types-requests<3.0.0,>=2.32.0
-Provides-Extra: dev
-Requires-Dist: moto<6.0.0,>=5.1.6; extra == 'dev'
-Requires-Dist: mypy<2.0.0,>=1.16.0; extra == 'dev'
-Requires-Dist: pytest-mock<4.0.0,>=3.14.0; extra == 'dev'
-Requires-Dist: pytest<9.0.0,>=8.3.5; extra == 'dev'
-Requires-Dist: ruff<0.12.0,>=0.11.2; extra == 'dev'
 Description-Content-Type: text/markdown
 
 # GoodData Pipelines

{gooddata_pipelines-1.48.1.dev4.dist-info → gooddata_pipelines-1.49.1.dev1.dist-info}/RECORD

@@ -23,7 +23,7 @@ gooddata_pipelines/backup_and_restore/storage/s3_storage.py,sha256=iRtMtDq_C1b_J
 gooddata_pipelines/logger/__init__.py,sha256=W-fJvMStnsDUY52AYFhx_LnS2cSCFNf3bB47Iew2j04,129
 gooddata_pipelines/logger/logger.py,sha256=yIMdvqsmOSGQLI4U_tQwxX5E2q_FXUu0Ko7Hv39slFM,3549
 gooddata_pipelines/provisioning/__init__.py,sha256=RZDEiv8nla4Jwa2TZXUdp1NSxg2_-lLqz4h7k2c4v5Y,854
-gooddata_pipelines/provisioning/provisioning.py,sha256=ZVD-Jz_MyLDy7f1D62oJ58sHfW03_LNO7Bguuv4C4xA,5042
+gooddata_pipelines/provisioning/provisioning.py,sha256=RSxp3bZgdJx3WfbkwQrV1W7dRlyngqfppCtCfVG7BbA,5357
 gooddata_pipelines/provisioning/assets/wdf_setting.json,sha256=nxOLGZkEQiMdARcUDER5ygqr3Zu-MQlLlUyXVhPUq64,280
 gooddata_pipelines/provisioning/entities/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
 gooddata_pipelines/provisioning/entities/user_data_filters/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
@@ -31,11 +31,11 @@ gooddata_pipelines/provisioning/entities/user_data_filters/user_data_filters.py,
 gooddata_pipelines/provisioning/entities/user_data_filters/models/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
 gooddata_pipelines/provisioning/entities/user_data_filters/models/udf_models.py,sha256=y0q5E91AhxIkf_EHW0swCjNUkiiAOFXarAhvjUKVVKw,740
 gooddata_pipelines/provisioning/entities/users/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
-gooddata_pipelines/provisioning/entities/users/permissions.py,sha256=05RptbWJ5L9eZ12R7orG3-wF-w69IwlRzHitMzGokiY,5781
+gooddata_pipelines/provisioning/entities/users/permissions.py,sha256=dZUxzTscIpWPRvANUVocjAfpUSvJ7ImBiABBTIeguyE,6850
 gooddata_pipelines/provisioning/entities/users/user_groups.py,sha256=Up36pwwlOFS_IdYetViZ7gUHfV2hIgXL4th_k9D31Eo,8266
 gooddata_pipelines/provisioning/entities/users/users.py,sha256=1B1bMk8ysughCoCJs1aX0bI9iUIeAc1hIUyJ0hWyC5M,6503
 gooddata_pipelines/provisioning/entities/users/models/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
-gooddata_pipelines/provisioning/entities/users/models/permissions.py,sha256=Hx-8ac8n5xOyysJJCXu2XpOXL1IqH_w9LKck2qseWBs,8377
+gooddata_pipelines/provisioning/entities/users/models/permissions.py,sha256=JCyItTqDdyDqB72O5f32IOh1sAiVK-DwFyXyllNU-v4,9279
 gooddata_pipelines/provisioning/entities/users/models/user_groups.py,sha256=TjlP6oABK6UP7nMKNMlLk3M62eNf9e-3LdKI9-VFwi8,2007
 gooddata_pipelines/provisioning/entities/users/models/users.py,sha256=rKtiRxtelLphw-_BbD-AM_-hPrpp0xqEr1jmuU_oJVg,3767
 gooddata_pipelines/provisioning/entities/workspaces/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pjdIvtf25ut0r8ZwZVbi4s,32
@@ -48,7 +48,7 @@ gooddata_pipelines/provisioning/utils/__init__.py,sha256=-BG28PGDbalLyZGQjpFG0pj
 gooddata_pipelines/provisioning/utils/context_objects.py,sha256=sM22hMsxE0XLI1TU0Vs-2kK0vf4YrB1musoAg__4bjc,936
 gooddata_pipelines/provisioning/utils/exceptions.py,sha256=1WnAOlPhqOf0xRcvn70lxAlLb8Oo6m6WCYS4hj9uzDU,3630
 gooddata_pipelines/provisioning/utils/utils.py,sha256=_Tk-mFgbIGpCixDCF9e-3ZYd-g5Jb3SJiLSH465k4jY,2846
-gooddata_pipelines-1.48.1.dev4.dist-info/METADATA,sha256=Tjzry0iKQrR-LkYMX0PRWeBzXBT2XD9_8FRTMOWOMp4,3750
-gooddata_pipelines-1.48.1.dev4.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-gooddata_pipelines-1.48.1.dev4.dist-info/licenses/LICENSE.txt,sha256=PNC7WXGIo6OKkNoPLRxlVrw6jaLcjSTUsSxy9Xcu9Jo,560365
-gooddata_pipelines-1.48.1.dev4.dist-info/RECORD,,
+gooddata_pipelines-1.49.1.dev1.dist-info/METADATA,sha256=_FSW5vT-giekFNSkPNpNZ5X5YEaPHOJql7kejY-50ew,3522
+gooddata_pipelines-1.49.1.dev1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+gooddata_pipelines-1.49.1.dev1.dist-info/licenses/LICENSE.txt,sha256=PNC7WXGIo6OKkNoPLRxlVrw6jaLcjSTUsSxy9Xcu9Jo,560365
+gooddata_pipelines-1.49.1.dev1.dist-info/RECORD,,