infrahub-server 1.1.0b2__py3-none-any.whl → 1.1.2__py3-none-any.whl

infrahub/api/artifact.py

@@ -5,20 +5,20 @@ from typing import TYPE_CHECKING
 from fastapi import APIRouter, Body, Depends, Request, Response
 from pydantic import BaseModel, Field
 
-from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db
+from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db, get_permission_manager
 from infrahub.core import registry
 from infrahub.core.account import ObjectPermission
 from infrahub.core.constants import GLOBAL_BRANCH_NAME, InfrahubKind, PermissionAction
 from infrahub.core.protocols import CoreArtifactDefinition
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
-from infrahub.exceptions import NodeNotFoundError, PermissionDeniedError
+from infrahub.database import InfrahubDatabase  # noqa: TC001
+from infrahub.exceptions import NodeNotFoundError
 from infrahub.git.models import RequestArtifactDefinitionGenerate
 from infrahub.log import get_logger
 from infrahub.permissions.constants import PermissionDecisionFlag
 from infrahub.workflows.catalogue import REQUEST_ARTIFACT_DEFINITION_GENERATE
 
 if TYPE_CHECKING:
-    from infrahub.auth import AccountSession
+    from infrahub.permissions import PermissionManager
 
 log = get_logger()
 router = APIRouter(prefix="/artifact")
@@ -61,25 +61,18 @@ async def generate_artifact(
     ),
     db: InfrahubDatabase = Depends(get_db),
     branch_params: BranchParams = Depends(get_branch_params),
-    account_session: AccountSession = Depends(get_current_user),
+    permission_manager: PermissionManager = Depends(get_permission_manager),
 ) -> None:
     permission_decision = (
         PermissionDecisionFlag.ALLOW_DEFAULT
         if branch_params.branch.name in (GLOBAL_BRANCH_NAME, registry.default_branch)
         else PermissionDecisionFlag.ALLOW_OTHER
     )
-    for permission in [
+    permissions = [
         ObjectPermission(namespace="Core", name="Artifact", action=action.value, decision=permission_decision)
         for action in (PermissionAction.CREATE, PermissionAction.UPDATE)
-    ]:
-        has_permission = False
-        for permission_backend in registry.permission_backends:
-            if has_permission := await permission_backend.has_permission(
-                db=db, account_session=account_session, permission=permission, branch=branch_params.branch
-            ):
-                break
-        if not has_permission:
-            raise PermissionDeniedError(f"You do not have the following permission: {permission}")
+    ]
+    permission_manager.raise_for_permissions(permissions=permissions)
 
     # Verify that the artifact definition exists for the requested branch
     artifact_definition = await registry.manager.get_one_by_id_or_default_filter(

infrahub/api/dependencies.py

@@ -8,11 +8,12 @@ from pydantic import BaseModel, ConfigDict
 
 from infrahub import config
 from infrahub.auth import AccountSession, authentication_token, validate_jwt_access_token, validate_jwt_refresh_token
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.registry import registry
 from infrahub.core.timestamp import Timestamp
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import AuthorizationError
+from infrahub.permissions import PermissionManager
 
 if TYPE_CHECKING:
     from neo4j import AsyncSession
@@ -120,3 +121,15 @@ async def get_current_user(
         return account_session
 
     raise AuthorizationError("Authentication is required")
+
+
+async def get_permission_manager(
+    db: InfrahubDatabase = Depends(get_db),
+    branch_params: BranchParams = Depends(get_branch_params),
+    account_session: AccountSession = Depends(get_current_user),
+) -> PermissionManager:
+    """Return a `PermissionManager` for an account session based on a branch."""
+    permission_manager = PermissionManager(account_session=account_session)
+    await permission_manager.load_permissions(db=db, branch=branch_params.branch)
+
+    return permission_manager

infrahub/api/diff/diff.py

@@ -7,7 +7,7 @@ from fastapi import APIRouter, Depends, Request
 
 from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db
 from infrahub.core import registry
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.diff.artifacts.calculator import ArtifactDiffCalculator
 from infrahub.core.diff.branch_differ import BranchDiffer
 from infrahub.core.diff.model.diff import (
@@ -15,7 +15,7 @@ from infrahub.core.diff.model.diff import (
     BranchDiffFile,
     BranchDiffRepository,
 )
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 
 if TYPE_CHECKING:
     from infrahub.services import InfrahubServices

infrahub/api/file.py

@@ -5,15 +5,10 @@ from typing import TYPE_CHECKING, Optional, Union
 from fastapi import APIRouter, Depends, Request
 from starlette.responses import PlainTextResponse
 
-from infrahub.api.dependencies import (
-    BranchParams,
-    get_branch_params,
-    get_current_user,
-    get_db,
-)
+from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.manager import NodeManager
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import CommitNotFoundError, PropagatedFromWorkerError
 from infrahub.message_bus.messages import GitFileGet, GitFileGetResponse
 

infrahub/api/menu.py

@@ -4,17 +4,17 @@ from typing import TYPE_CHECKING
 
 from fastapi import APIRouter, Depends
 
-from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db
+from infrahub.api.dependencies import get_branch_dep, get_db, get_permission_manager
 from infrahub.core import registry
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.protocols import CoreMenuItem
 from infrahub.log import get_logger
 from infrahub.menu.generator import generate_restricted_menu
-from infrahub.menu.models import Menu  # noqa: TCH001
+from infrahub.menu.models import Menu  # noqa: TC001
 
 if TYPE_CHECKING:
-    from infrahub.auth import AccountSession
     from infrahub.database import InfrahubDatabase
+    from infrahub.permissions import PermissionManager
 
 
 log = get_logger()
@@ -25,10 +25,12 @@ router = APIRouter(prefix="/menu")
 async def get_menu(
     db: InfrahubDatabase = Depends(get_db),
     branch: Branch = Depends(get_branch_dep),
-    account_session: AccountSession = Depends(get_current_user),
+    permission_manager: PermissionManager = Depends(get_permission_manager),
 ) -> Menu:
     log.info("menu_request", branch=branch.name)
 
-    menu_items = await registry.manager.query(db=db, schema=CoreMenuItem, branch=branch)
-    menu = await generate_restricted_menu(db=db, branch=branch, account=account_session, menu_items=menu_items)
+    menu_items = await registry.manager.query(db=db, schema=CoreMenuItem, branch=branch, prefetch_relationships=True)
+    menu = await generate_restricted_menu(
+        db=db, branch=branch, menu_items=menu_items, account_permissions=permission_manager
+    )
     return menu.to_rest()

infrahub/api/oauth2.py

@@ -25,8 +25,8 @@ router = APIRouter(prefix="/oauth2")
 
 
 def _get_redirect_url(request: Request, provider_name: str) -> str:
-    """This function is mostly to support local development when the frontend runs on different ports compared to the API."""
-    base_url = config.SETTINGS.dev.frontend_url or str(request.base_url)
+    """Return public redirect URL."""
+    base_url = config.SETTINGS.main.public_url or str(request.base_url)
     return urljoin(base_url, f"auth/oauth2/{provider_name}/callback")
 
 
@@ -40,7 +40,7 @@ async def authorize(request: Request, provider_name: str, final_url: str | None
     )
 
     redirect_uri = _get_redirect_url(request=request, provider_name=provider_name)
-    final_url = final_url or config.SETTINGS.dev.frontend_url or str(request.base_url)
+    final_url = final_url or config.SETTINGS.main.public_url or str(request.base_url)
 
     authorization_uri, state = client.create_authorization_url(
         url=provider.authorization_url, redirect_uri=redirect_uri, scope=provider.scopes, final_url=final_url

infrahub/api/oidc.py

@@ -54,8 +54,8 @@ class OIDCDiscoveryConfig(BaseModel):
 
 
 def _get_redirect_url(request: Request, provider_name: str) -> str:
-    """This function is mostly to support local development when the frontend runs on different ports compared to the API."""
-    base_url = config.SETTINGS.dev.frontend_url or str(request.base_url)
+    """Return public redirect URL."""
+    base_url = config.SETTINGS.main.public_url or str(request.base_url)
     return urljoin(base_url, f"auth/oidc/{provider_name}/callback")
 
 
@@ -75,7 +75,7 @@ async def authorize(request: Request, provider_name: str, final_url: str | None
     )
 
     redirect_uri = _get_redirect_url(request=request, provider_name=provider_name)
-    final_url = final_url or config.SETTINGS.dev.frontend_url or str(request.base_url)
+    final_url = final_url or config.SETTINGS.main.public_url or str(request.base_url)
 
     authorization_uri, state = client.create_authorization_url(
         url=str(oidc_config.authorization_endpoint), redirect_uri=redirect_uri, scope=provider.scopes

infrahub/api/query.py

@@ -10,7 +10,7 @@ from infrahub.api.dependencies import BranchParams, get_branch_params, get_curre
 from infrahub.core import registry
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.protocols import CoreGraphQLQuery
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
 from infrahub.graphql.api.dependencies import build_graphql_query_permission_checker
 from infrahub.graphql.initialization import prepare_graphql_params
@@ -26,7 +26,7 @@ from infrahub.graphql.metrics import (
 from infrahub.graphql.utils import extract_data
 from infrahub.groups.models import RequestGraphQLQueryGroupUpdate
 from infrahub.log import get_logger
-from infrahub.workflows.catalogue import UPDATE_GRAPHQL_QUERY_GROUP
+from infrahub.workflows.catalogue import GRAPHQL_QUERY_GROUP_UPDATE
 
 if TYPE_CHECKING:
     from infrahub.auth import AccountSession
@@ -57,7 +57,7 @@ async def execute_query(
         db=db, id=query_id, kind=CoreGraphQLQuery, branch=branch_params.branch, at=branch_params.at
     )
 
-    gql_params = prepare_graphql_params(
+    gql_params = await prepare_graphql_params(
         db=db, branch=branch_params.branch, at=branch_params.at, account_session=account_session
     )
     analyzed_query = InfrahubGraphQLQueryAnalyzer(
@@ -115,7 +115,7 @@ async def execute_query(
             subscribers=sorted(subscribers),
             params=params,
         )
-        await service.workflow.submit_workflow(workflow=UPDATE_GRAPHQL_QUERY_GROUP, parameters={"model": model})
+        await service.workflow.submit_workflow(workflow=GRAPHQL_QUERY_GROUP_UPDATE, parameters={"model": model})
 
     return response_payload
 

infrahub/api/schema.py

@@ -13,28 +13,28 @@ from pydantic import (
 from starlette.responses import JSONResponse
 
 from infrahub import lock
-from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db
+from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db, get_permission_manager
 from infrahub.api.exceptions import SchemaNotValidError
 from infrahub.core import registry
 from infrahub.core.account import GlobalPermission
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.constants import GLOBAL_BRANCH_NAME, GlobalPermissions, PermissionDecision
 from infrahub.core.migrations.schema.models import SchemaApplyMigrationData
-from infrahub.core.models import (  # noqa: TCH001
+from infrahub.core.models import (  # noqa: TC001
     SchemaBranchHash,
     SchemaDiff,
     SchemaUpdateValidationResult,
 )
 from infrahub.core.schema import GenericSchema, MainSchemaTypes, NodeSchema, ProfileSchema, SchemaRoot
-from infrahub.core.schema.constants import SchemaNamespace  # noqa: TCH001
+from infrahub.core.schema.constants import SchemaNamespace  # noqa: TC001
 from infrahub.core.validators.models.validate_migration import (
     SchemaValidateMigrationData,
     SchemaValidatorPathResponseData,
 )
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.events import EventMeta
 from infrahub.events.schema_action import SchemaUpdatedEvent
-from infrahub.exceptions import MigrationError, PermissionDeniedError
+from infrahub.exceptions import MigrationError
 from infrahub.log import get_log_data, get_logger
 from infrahub.types import ATTRIBUTE_PYTHON_TYPES
 from infrahub.worker import WORKER_IDENTITY
@@ -45,6 +45,7 @@ if TYPE_CHECKING:
 
     from infrahub.auth import AccountSession
     from infrahub.core.schema.schema_branch import SchemaBranch
+    from infrahub.permissions import PermissionManager
     from infrahub.services import InfrahubServices
 
 
@@ -248,43 +249,25 @@ async def load_schema(
     db: InfrahubDatabase = Depends(get_db),
     branch: Branch = Depends(get_branch_dep),
     account_session: AccountSession = Depends(get_current_user),
+    permission_manager: PermissionManager = Depends(get_permission_manager),
 ) -> SchemaUpdate:
-    has_permission = False
-    has_branch_permission = branch.name not in (GLOBAL_BRANCH_NAME, registry.default_branch)
-    for permission_backend in registry.permission_backends:
-        if not has_permission:
-            has_permission = await permission_backend.has_permission(
-                db=db,
-                account_session=account_session,
-                permission=GlobalPermission(
-                    action=GlobalPermissions.MANAGE_SCHEMA.value,
-                    decision=(
-                        PermissionDecision.ALLOW_DEFAULT
-                        if branch.name in (GLOBAL_BRANCH_NAME, registry.default_branch)
-                        else PermissionDecision.ALLOW_OTHER
-                    ).value,
-                ),
-                branch=branch,
-            )
-
-        if not has_branch_permission:
-            has_branch_permission = await permission_backend.has_permission(
-                db=db,
-                account_session=account_session,
-                permission=GlobalPermission(
-                    action=GlobalPermissions.EDIT_DEFAULT_BRANCH.value,
-                    decision=PermissionDecision.ALLOW_DEFAULT.value,
-                ),
-                branch=branch,
-            )
-
-        if has_permission and has_branch_permission:
-            break
+    permission_manager.raise_for_permission(
+        permission=GlobalPermission(
+            action=GlobalPermissions.MANAGE_SCHEMA.value,
+            decision=(
+                PermissionDecision.ALLOW_DEFAULT
+                if branch.name in (GLOBAL_BRANCH_NAME, registry.default_branch)
+                else PermissionDecision.ALLOW_OTHER
+            ).value,
+        )
+    )
 
-    if not has_permission:
-        raise PermissionDeniedError("You are not allowed to manage the schema")
-    if not has_branch_permission:
-        raise PermissionDeniedError("You are not allowed to edit the schema in the default branch")
+    if branch.name in (GLOBAL_BRANCH_NAME, registry.default_branch):
+        permission_manager.raise_for_permission(
+            permission=GlobalPermission(
+                action=GlobalPermissions.EDIT_DEFAULT_BRANCH.value, decision=PermissionDecision.ALLOW_DEFAULT.value
+            ),
+        )
 
     service: InfrahubServices = request.app.state.service
     log.info("schema_load_request", branch=branch.name)

infrahub/api/transformation.py

@@ -19,7 +19,7 @@ from infrahub.core.protocols import (
     CoreTransformJinja2,
     CoreTransformPython,
 )
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import TransformError
 from infrahub.graphql.initialization import prepare_graphql_params
 from infrahub.graphql.utils import extract_data
@@ -61,7 +61,7 @@ async def transform_python(
             message="Repository doesn't have a commit",
         )
 
-    gql_params = prepare_graphql_params(db=request.app.state.db, branch=branch_params.branch, at=branch_params.at)
+    gql_params = await prepare_graphql_params(db=request.app.state.db, branch=branch_params.branch, at=branch_params.at)
 
     result = await graphql(
         schema=gql_params.schema,
@@ -120,7 +120,7 @@ async def transform_jinja2(
             message="Repository doesn't have a commit",
         )
 
-    gql_params = prepare_graphql_params(db=request.app.state.db, branch=branch_params.branch, at=branch_params.at)
+    gql_params = await prepare_graphql_params(db=request.app.state.db, branch=branch_params.branch, at=branch_params.at)
 
     result = await graphql(
         schema=gql_params.schema,

infrahub/auth.py

@@ -22,8 +22,6 @@ if TYPE_CHECKING:
     from infrahub.core.protocols import CoreGenericAccount
     from infrahub.database import InfrahubDatabase
 
-# from ..datatypes import AuthResult
-
 
 class AuthType(str, Enum):
     NONE = "none"

infrahub/cli/db.py

@@ -35,17 +35,18 @@ from infrahub.core.initialization import (
 from infrahub.core.manager import NodeManager
 from infrahub.core.migrations.graph import get_graph_migrations
 from infrahub.core.migrations.schema.models import SchemaApplyMigrationData
+from infrahub.core.migrations.schema.tasks import schema_apply_migrations
 from infrahub.core.schema import SchemaRoot, core_models, internal_schema
 from infrahub.core.schema.definitions.deprecated import deprecated_models
 from infrahub.core.schema.manager import SchemaManager
 from infrahub.core.utils import delete_all_nodes
 from infrahub.core.validators.models.validate_migration import SchemaValidateMigrationData
+from infrahub.core.validators.tasks import schema_validate_migrations
 from infrahub.database import DatabaseType
 from infrahub.log import get_logger
 from infrahub.services import InfrahubServices, services
 from infrahub.services.adapters.message_bus.local import BusSimulator
 from infrahub.services.adapters.workflow.local import WorkflowLocalExecution
-from infrahub.workflows.catalogue import SCHEMA_APPLY_MIGRATION, SCHEMA_VALIDATE_MIGRATION
 
 if TYPE_CHECKING:
     from infrahub.cli.context import CliContext
@@ -142,6 +143,10 @@ async def migrate(
     config_file: str = typer.Argument("infrahub.toml", envvar="INFRAHUB_CONFIG"),
 ) -> None:
     """Check the current format of the internal graph and apply the necessary migrations"""
+    logging.getLogger("infrahub").setLevel(logging.WARNING)
+    logging.getLogger("neo4j").setLevel(logging.ERROR)
+    logging.getLogger("prefect").setLevel(logging.ERROR)
+
     log = get_logger()
 
     config.load_and_exit(config_file_name=config_file)
@@ -264,11 +269,8 @@ async def update_core_schema(  # pylint: disable=too-many-statements
                 schema_branch=candidate_schema,
                 constraints=result.constraints,
             )
-            error_messages = await service.workflow.execute_workflow(
-                workflow=SCHEMA_VALIDATE_MIGRATION,
-                expected_return=list[str],
-                parameters={"message": validate_migration_data},
-            )
+            responses = await schema_validate_migrations(message=validate_migration_data)
+            error_messages = [violation.message for response in responses for violation in response.violations]
             if error_messages:
                 rprint(f"{error_badge} | Unable to update the schema, due to failed validations")
                 for message in error_messages:
@@ -309,11 +311,7 @@ async def update_core_schema(  # pylint: disable=too-many-statements
                 previous_schema=origin_schema,
                 migrations=result.migrations,
             )
-            migration_error_msgs = await service.workflow.execute_workflow(
-                workflow=SCHEMA_APPLY_MIGRATION,
-                expected_return=list[str],
-                parameters={"message": apply_migration_data},
-            )
+            migration_error_msgs = await schema_apply_migrations(message=apply_migration_data)
 
             if migration_error_msgs:
                 rprint(f"{error_badge} | Some error(s) happened while running the schema migrations")

infrahub/cli/tasks.py

@@ -44,7 +44,9 @@ async def execute(
 
     async with get_client(sync_client=False) as client:
         worker = WorkflowWorkerExecution()
-        await DUMMY_FLOW.save(client=client, work_pool=WorkerPoolDefinition(name="testing", worker_type="process"))
+        await DUMMY_FLOW.save(
+            client=client, work_pool=WorkerPoolDefinition(name="infrahub-worker", worker_type="infrahubasync")
+        )
 
         result = await worker.execute_workflow(
             workflow=DUMMY_FLOW, parameters={"data": DummyInput(firstname="John", lastname="Doe")}

infrahub/computed_attribute/constants.py

@@ -4,7 +4,7 @@ PROCESS_PYTHON_AUTOMATION_NAME_PREFIX = "Computed-attribute-process-python"
 PROCESS_AUTOMATION_NAME_PREFIX = "Computed-attribute-process"
 QUERY_AUTOMATION_NAME_PREFIX = "Computed-attribute-query"
 
-PROCESS_AUTOMATION_NAME = "{prefix}::{identifier}::{scope}"
-QUERY_AUTOMATION_NAME = QUERY_AUTOMATION_NAME_PREFIX + "::{identifier}::{scope}"
+PROCESS_AUTOMATION_NAME = "{prefix}::{scope}::{identifier}"
+QUERY_AUTOMATION_NAME = QUERY_AUTOMATION_NAME_PREFIX + "::{scope}::{identifier}"
 
 VALID_KINDS = ["Text", "URL"]

infrahub/computed_attribute/models.py

@@ -1,16 +1,18 @@
 from __future__ import annotations
 
 from collections import defaultdict
-from dataclasses import dataclass
+from dataclasses import dataclass, field
 from typing import TYPE_CHECKING
 
-from prefect.events.schemas.automations import Automation  # noqa: TCH002
+from prefect.events.schemas.automations import Automation  # noqa: TC002
 from pydantic import BaseModel, Field
 from typing_extensions import Self
 
 if TYPE_CHECKING:
     from uuid import UUID
 
+    from infrahub_sdk.data import RepositoryData
+
     from infrahub.core.schema.schema_branch_computed import PythonDefinition
 
 
@@ -28,8 +30,8 @@ class ComputedAttributeAutomations(BaseModel):
             if len(name_split) != 3:
                 continue
 
-            identifier = name_split[1]
-            scope = name_split[2]
+            scope = name_split[1]
+            identifier = name_split[2]
 
             obj.data[identifier][scope] = automation
 
@@ -46,12 +48,15 @@ class ComputedAttributeAutomations(BaseModel):
         return False
 
     def return_obsolete(self, keep: list[UUID]) -> list[UUID]:
-        remove = []
+        return [automation_id for automation_id in self.all_automation_ids if automation_id not in keep]
+
+    @property
+    def all_automation_ids(self) -> list[UUID]:
+        automation_ids: list[UUID] = []
         for identifier in self.data.values():
             for automation in identifier.values():
-                if automation.id not in keep:
-                    remove.append(automation.id)
-        return remove
+                automation_ids.append(automation.id)
+        return automation_ids
 
 
 @dataclass
@@ -63,6 +68,13 @@ class PythonTransformComputedAttribute:
     query_name: str
     query_models: list[str]
     computed_attribute: PythonDefinition
+    default_schema: bool
+    branch_commit: dict[str, str] = field(default_factory=dict)
+
+    def populate_branch_commit(self, repository_data: RepositoryData | None = None) -> None:
+        if repository_data:
+            for branch, commit in repository_data.branches.items():
+                self.branch_commit[branch] = commit
 
 
 @dataclass