PyPI - infrahub-server - Versions diffs - 1.1.1__py3-none-any.whl → 1.1.3__py3-none-any.whl - Mend

infrahub-server 1.1.1py3-none-any.whl → 1.1.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

infrahub/api/__init__.py +13 -5
infrahub/api/artifact.py +9 -15
infrahub/api/auth.py +7 -1
infrahub/api/dependencies.py +15 -2
infrahub/api/diff/diff.py +13 -7
infrahub/api/file.py +5 -10
infrahub/api/internal.py +19 -6
infrahub/api/menu.py +8 -6
infrahub/api/oauth2.py +25 -10
infrahub/api/oidc.py +26 -10
infrahub/api/query.py +2 -2
infrahub/api/schema.py +48 -59
infrahub/api/storage.py +8 -8
infrahub/api/transformation.py +6 -5
infrahub/auth.py +1 -26
infrahub/cli/__init__.py +1 -1
infrahub/cli/context.py +5 -8
infrahub/cli/db.py +6 -6
infrahub/cli/git_agent.py +1 -1
infrahub/computed_attribute/models.py +1 -1
infrahub/computed_attribute/tasks.py +1 -1
infrahub/config.py +5 -5
infrahub/core/account.py +2 -10
infrahub/core/attribute.py +22 -0
infrahub/core/branch/models.py +1 -1
infrahub/core/branch/tasks.py +4 -3
infrahub/core/diff/calculator.py +14 -0
infrahub/core/diff/combiner.py +6 -2
infrahub/core/diff/conflicts_enricher.py +2 -2
infrahub/core/diff/coordinator.py +296 -87
infrahub/core/diff/data_check_synchronizer.py +33 -4
infrahub/core/diff/enricher/cardinality_one.py +3 -3
infrahub/core/diff/enricher/hierarchy.py +4 -1
infrahub/core/diff/merger/merger.py +11 -1
infrahub/core/diff/merger/serializer.py +5 -29
infrahub/core/diff/model/path.py +88 -4
infrahub/core/diff/query/field_specifiers.py +35 -0
infrahub/core/diff/query/roots_metadata.py +48 -0
infrahub/core/diff/query/save.py +1 -0
infrahub/core/diff/query_parser.py +27 -11
infrahub/core/diff/repository/deserializer.py +7 -3
infrahub/core/diff/repository/repository.py +100 -9
infrahub/core/diff/tasks.py +1 -1
infrahub/core/graph/__init__.py +1 -1
infrahub/core/integrity/object_conflict/conflict_recorder.py +6 -1
infrahub/core/ipam/utilization.py +6 -1
infrahub/core/manager.py +8 -0
infrahub/core/merge.py +6 -1
infrahub/core/migrations/graph/__init__.py +2 -0
infrahub/core/migrations/graph/m014_remove_index_attr_value.py +1 -1
infrahub/core/migrations/graph/m015_diff_format_update.py +1 -1
infrahub/core/migrations/graph/m016_diff_delete_bug_fix.py +1 -1
infrahub/core/migrations/graph/m018_uniqueness_nulls.py +101 -0
infrahub/core/migrations/query/attribute_add.py +5 -5
infrahub/core/migrations/schema/tasks.py +2 -2
infrahub/core/migrations/shared.py +3 -3
infrahub/core/node/__init__.py +8 -2
infrahub/core/node/constraints/grouped_uniqueness.py +9 -2
infrahub/core/query/__init__.py +5 -2
infrahub/core/query/diff.py +32 -19
infrahub/core/query/ipam.py +30 -22
infrahub/core/query/node.py +91 -40
infrahub/core/schema/generated/attribute_schema.py +2 -2
infrahub/core/schema/generated/base_node_schema.py +2 -2
infrahub/core/schema/generated/relationship_schema.py +1 -1
infrahub/core/schema/schema_branch_computed.py +1 -1
infrahub/core/task/task_log.py +1 -1
infrahub/core/validators/attribute/kind.py +1 -1
infrahub/core/validators/interface.py +1 -2
infrahub/core/validators/models/violation.py +1 -14
infrahub/core/validators/shared.py +2 -2
infrahub/core/validators/tasks.py +7 -4
infrahub/core/validators/uniqueness/index.py +2 -4
infrahub/database/index.py +1 -1
infrahub/dependencies/builder/constraint/schema/aggregated.py +2 -0
infrahub/dependencies/builder/constraint/schema/attribute_kind.py +8 -0
infrahub/dependencies/builder/diff/data_check_synchronizer.py +2 -0
infrahub/git/base.py +3 -3
infrahub/git/integrator.py +1 -1
infrahub/graphql/api/endpoints.py +12 -3
infrahub/graphql/app.py +2 -2
infrahub/graphql/auth/query_permission_checker/default_branch_checker.py +2 -17
infrahub/graphql/auth/query_permission_checker/merge_operation_checker.py +1 -12
infrahub/graphql/auth/query_permission_checker/object_permission_checker.py +6 -40
infrahub/graphql/auth/query_permission_checker/super_admin_checker.py +5 -8
infrahub/graphql/enums.py +2 -2
infrahub/graphql/initialization.py +27 -8
infrahub/graphql/manager.py +9 -3
infrahub/graphql/models.py +6 -0
infrahub/graphql/mutations/account.py +14 -10
infrahub/graphql/mutations/computed_attribute.py +11 -22
infrahub/graphql/mutations/diff.py +2 -0
infrahub/graphql/mutations/main.py +5 -16
infrahub/graphql/mutations/proposed_change.py +11 -20
infrahub/graphql/mutations/resource_manager.py +6 -3
infrahub/graphql/mutations/schema.py +8 -7
infrahub/graphql/mutations/tasks.py +1 -1
infrahub/graphql/permissions.py +3 -4
infrahub/graphql/queries/account.py +2 -11
infrahub/graphql/queries/resource_manager.py +21 -10
infrahub/graphql/query.py +3 -1
infrahub/graphql/resolvers/resolver.py +5 -1
infrahub/graphql/types/task.py +14 -2
infrahub/menu/generator.py +6 -18
infrahub/message_bus/messages/event_node_mutated.py +2 -2
infrahub/message_bus/operations/check/repository.py +2 -4
infrahub/message_bus/operations/event/branch.py +2 -4
infrahub/message_bus/operations/requests/proposed_change.py +1 -1
infrahub/message_bus/operations/requests/repository.py +3 -5
infrahub/message_bus/types.py +1 -1
infrahub/permissions/__init__.py +12 -3
infrahub/permissions/backend.py +2 -17
infrahub/permissions/constants.py +12 -8
infrahub/permissions/local_backend.py +5 -102
infrahub/permissions/manager.py +135 -0
infrahub/permissions/report.py +14 -25
infrahub/permissions/types.py +6 -0
infrahub/proposed_change/tasks.py +1 -1
infrahub/task_manager/models.py +34 -5
infrahub/task_manager/task.py +14 -6
infrahub/visuals.py +1 -3
infrahub_sdk/client.py +204 -43
infrahub_sdk/ctl/cli_commands.py +106 -6
infrahub_sdk/data.py +3 -2
infrahub_sdk/graphql.py +5 -0
infrahub_sdk/node.py +21 -2
infrahub_sdk/queries.py +69 -0
infrahub_sdk/schema/main.py +1 -0
infrahub_sdk/testing/schemas/animal.py +1 -0
infrahub_sdk/types.py +6 -0
infrahub_sdk/utils.py +17 -0
{infrahub_server-1.1.1.dist-info → infrahub_server-1.1.3.dist-info}/METADATA +1 -1
{infrahub_server-1.1.1.dist-info → infrahub_server-1.1.3.dist-info}/RECORD +136 -131
infrahub/core/diff/query/empty_roots.py +0 -33
{infrahub_server-1.1.1.dist-info → infrahub_server-1.1.3.dist-info}/LICENSE.txt +0 -0
{infrahub_server-1.1.1.dist-info → infrahub_server-1.1.3.dist-info}/WHEEL +0 -0
{infrahub_server-1.1.1.dist-info → infrahub_server-1.1.3.dist-info}/entry_points.txt +0 -0

infrahub/api/__init__.py CHANGED Viewed

@@ -1,11 +1,13 @@
-from typing import NoReturn
+from __future__ import annotations
-from fastapi import APIRouter
+from typing import TYPE_CHECKING, NoReturn
+from fastapi import APIRouter, Depends
 from fastapi.openapi.docs import (
     get_redoc_html,
     get_swagger_ui_html,
 )
-from starlette.responses import HTMLResponse
+from starlette.responses import HTMLResponse  # noqa: TC002
 from infrahub.api import (
     artifact,
@@ -21,8 +23,12 @@ from infrahub.api import (
     storage,
     transformation,
 )
+from infrahub.api.dependencies import get_current_user
 from infrahub.exceptions import ResourceNotFoundError
+if TYPE_CHECKING:
+    from infrahub.auth import AccountSession
 router = APIRouter(prefix="/api")
 router.include_router(artifact.router)
@@ -40,7 +46,9 @@ router.include_router(transformation.router)
 @router.get("/docs", include_in_schema=False)
-async def custom_swagger_ui_html() -> HTMLResponse:
+async def custom_swagger_ui_html(
+    _: AccountSession = Depends(get_current_user),
+) -> HTMLResponse:
     return get_swagger_ui_html(
         openapi_url="/api/openapi.json",
         title="Infrahub - Swagger UI",
@@ -50,7 +58,7 @@ async def custom_swagger_ui_html() -> HTMLResponse:
 @router.get("/redoc", include_in_schema=False)
-async def redoc_html() -> HTMLResponse:
+async def redoc_html(_: AccountSession = Depends(get_current_user)) -> HTMLResponse:
     return get_redoc_html(
         openapi_url="/api/openapi.json",
         title="Infrahub - ReDoc",

infrahub/api/artifact.py CHANGED Viewed

@@ -5,13 +5,13 @@ from typing import TYPE_CHECKING
 from fastapi import APIRouter, Body, Depends, Request, Response
 from pydantic import BaseModel, Field
-from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db
+from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db, get_permission_manager
 from infrahub.core import registry
 from infrahub.core.account import ObjectPermission
 from infrahub.core.constants import GLOBAL_BRANCH_NAME, InfrahubKind, PermissionAction
 from infrahub.core.protocols import CoreArtifactDefinition
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
-from infrahub.exceptions import NodeNotFoundError, PermissionDeniedError
+from infrahub.database import InfrahubDatabase  # noqa: TC001
+from infrahub.exceptions import NodeNotFoundError
 from infrahub.git.models import RequestArtifactDefinitionGenerate
 from infrahub.log import get_logger
 from infrahub.permissions.constants import PermissionDecisionFlag
@@ -19,6 +19,7 @@ from infrahub.workflows.catalogue import REQUEST_ARTIFACT_DEFINITION_GENERATE
 if TYPE_CHECKING:
     from infrahub.auth import AccountSession
+    from infrahub.permissions import PermissionManager
 log = get_logger()
 router = APIRouter(prefix="/artifact")
@@ -37,7 +38,7 @@ async def get_artifact(
     artifact_id: str,
     db: InfrahubDatabase = Depends(get_db),
     branch_params: BranchParams = Depends(get_branch_params),
-    _: str = Depends(get_current_user),
+    _: AccountSession = Depends(get_current_user),
 ) -> Response:
     artifact = await registry.manager.get_one(db=db, id=artifact_id, branch=branch_params.branch, at=branch_params.at)
     if not artifact:
@@ -61,25 +62,18 @@ async def generate_artifact(
     ),
     db: InfrahubDatabase = Depends(get_db),
     branch_params: BranchParams = Depends(get_branch_params),
-    account_session: AccountSession = Depends(get_current_user),
+    permission_manager: PermissionManager = Depends(get_permission_manager),
 ) -> None:
     permission_decision = (
         PermissionDecisionFlag.ALLOW_DEFAULT
         if branch_params.branch.name in (GLOBAL_BRANCH_NAME, registry.default_branch)
         else PermissionDecisionFlag.ALLOW_OTHER
     )
-    for permission in [
+    permissions = [
         ObjectPermission(namespace="Core", name="Artifact", action=action.value, decision=permission_decision)
         for action in (PermissionAction.CREATE, PermissionAction.UPDATE)
-    ]:
-        has_permission = False
-        for permission_backend in registry.permission_backends:
-            if has_permission := await permission_backend.has_permission(
-                db=db, account_session=account_session, permission=permission, branch=branch_params.branch
-            ):
-                break
-        if not has_permission:
-            raise PermissionDeniedError(f"You do not have the following permission: {permission}")
+    ]
+    permission_manager.raise_for_permissions(permissions=permissions)
     # Verify that the artifact definition exists for the requested branch
     artifact_definition = await registry.manager.get_one_by_id_or_default_filter(

infrahub/api/auth.py CHANGED Viewed

@@ -1,3 +1,7 @@
+from __future__ import annotations
+from typing import TYPE_CHECKING
 from fastapi import APIRouter, Depends, Response
 from infrahub import config, models
@@ -8,7 +12,9 @@ from infrahub.auth import (
     create_fresh_access_token,
     invalidate_refresh_token,
 )
-from infrahub.database import InfrahubDatabase
+if TYPE_CHECKING:
+    from infrahub.database import InfrahubDatabase
 router = APIRouter(prefix="/auth")

infrahub/api/dependencies.py CHANGED Viewed

@@ -8,11 +8,12 @@ from pydantic import BaseModel, ConfigDict
 from infrahub import config
 from infrahub.auth import AccountSession, authentication_token, validate_jwt_access_token, validate_jwt_refresh_token
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.registry import registry
 from infrahub.core.timestamp import Timestamp
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import AuthorizationError
+from infrahub.permissions import PermissionManager
 if TYPE_CHECKING:
     from neo4j import AsyncSession
@@ -120,3 +121,15 @@ async def get_current_user(
         return account_session
     raise AuthorizationError("Authentication is required")
+async def get_permission_manager(
+    db: InfrahubDatabase = Depends(get_db),
+    branch_params: BranchParams = Depends(get_branch_params),
+    account_session: AccountSession = Depends(get_current_user),
+) -> PermissionManager:
+    """Return a `PermissionManager` for an account session based on a branch."""
+    permission_manager = PermissionManager(account_session=account_session)
+    await permission_manager.load_permissions(db=db, branch=branch_params.branch)
+    return permission_manager

infrahub/api/diff/diff.py CHANGED Viewed

@@ -1,13 +1,12 @@
 from __future__ import annotations
 from collections import defaultdict
-from typing import TYPE_CHECKING, Optional
+from typing import TYPE_CHECKING
 from fastapi import APIRouter, Depends, Request
 from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db
 from infrahub.core import registry
-from infrahub.core.branch import Branch  # noqa: TCH001
 from infrahub.core.diff.artifacts.calculator import ArtifactDiffCalculator
 from infrahub.core.diff.branch_differ import BranchDiffer
 from infrahub.core.diff.model.diff import (
@@ -15,9 +14,11 @@ from infrahub.core.diff.model.diff import (
     BranchDiffFile,
     BranchDiffRepository,
 )
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
 if TYPE_CHECKING:
+    from infrahub.auth import AccountSession
+    from infrahub.core.branch import Branch
+    from infrahub.database import InfrahubDatabase
     from infrahub.services import InfrahubServices
@@ -29,17 +30,22 @@ async def get_diff_files(
     request: Request,
     db: InfrahubDatabase = Depends(get_db),
     branch: Branch = Depends(get_branch_dep),
-    time_from: Optional[str] = None,
-    time_to: Optional[str] = None,
+    time_from: str | None = None,
+    time_to: str | None = None,
     branch_only: bool = True,
-    _: str = Depends(get_current_user),
+    _: AccountSession = Depends(get_current_user),
 ) -> dict[str, dict[str, BranchDiffRepository]]:
     response: dict[str, dict[str, BranchDiffRepository]] = defaultdict(dict)
     service: InfrahubServices = request.app.state.service
     # Query the Diff for all files and repository from the database
     diff = await BranchDiffer.init(
-        db=db, branch=branch, diff_from=time_from, diff_to=time_to, branch_only=branch_only, service=service
+        db=db,
+        branch=branch,
+        diff_from=time_from,
+        diff_to=time_to,
+        branch_only=branch_only,
+        service=service,
     )
     diff_files = await diff.get_files()

infrahub/api/file.py CHANGED Viewed

@@ -1,19 +1,14 @@
 from __future__ import annotations
-from typing import TYPE_CHECKING, Optional, Union
+from typing import TYPE_CHECKING
 from fastapi import APIRouter, Depends, Request
 from starlette.responses import PlainTextResponse
-from infrahub.api.dependencies import (
-    BranchParams,
-    get_branch_params,
-    get_current_user,
-    get_db,
-)
+from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.manager import NodeManager
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import CommitNotFoundError, PropagatedFromWorkerError
 from infrahub.message_bus.messages import GitFileGet, GitFileGetResponse
@@ -32,13 +27,13 @@ async def get_file(
     file_path: str,
     branch_params: BranchParams = Depends(get_branch_params),
     db: InfrahubDatabase = Depends(get_db),
-    commit: Optional[str] = None,
+    commit: str | None = None,
     _: str = Depends(get_current_user),
 ) -> PlainTextResponse:
     """Retrieve a file from a git repository."""
     service: InfrahubServices = request.app.state.service
-    repo: Union[CoreRepository, CoreReadOnlyRepository] = await NodeManager.get_one_by_id_or_default_filter(
+    repo: CoreRepository | CoreReadOnlyRepository = await NodeManager.get_one_by_id_or_default_filter(
         db=db,
         id=repository_id,
         kind=InfrahubKind.GENERICREPOSITORY,

infrahub/api/internal.py CHANGED Viewed

@@ -1,16 +1,27 @@
+from __future__ import annotations
 import re
-from typing import Optional
+from typing import TYPE_CHECKING
 import ujson
-from fastapi import APIRouter, Request
+from fastapi import APIRouter, Depends, Request
 from lunr.index import Index
 from pydantic import BaseModel
 from infrahub import config
-from infrahub.config import AnalyticsSettings, ExperimentalFeaturesSettings, LoggingSettings, MainSettings
+from infrahub.api.dependencies import get_current_user
+from infrahub.config import (  # noqa: TC001
+    AnalyticsSettings,
+    ExperimentalFeaturesSettings,
+    LoggingSettings,
+    MainSettings,
+)
 from infrahub.core import registry
 from infrahub.exceptions import NodeNotFoundError
+if TYPE_CHECKING:
+    from infrahub.auth import AccountSession
 router = APIRouter()
@@ -39,7 +50,7 @@ async def get_config() -> ConfigAPI:
 @router.get("/info")
-async def get_info(request: Request) -> InfoAPI:
+async def get_info(request: Request, _: AccountSession = Depends(get_current_user)) -> InfoAPI:
     return InfoAPI(deployment_id=str(registry.id), version=request.app.version)
@@ -47,7 +58,7 @@ class SearchDocs:
     def __init__(self) -> None:
         self._title_documents: list[dict] = []
         self._heading_documents: list[dict] = []
-        self._heading_index: Optional[Index] = None
+        self._heading_index: Index | None = None
     def _load_json(self) -> None:
         """
@@ -142,7 +153,9 @@ class SearchResultAPI(BaseModel):
 @router.get("/search/docs", include_in_schema=False)
-async def search_docs(query: str, limit: Optional[int] = None) -> list[SearchResultAPI]:
+async def search_docs(
+    query: str, limit: int | None = None, _: AccountSession = Depends(get_current_user)
+) -> list[SearchResultAPI]:
     smart_query = smart_queries(query)
     search_results = search_docs_loader.heading_index.search(smart_query)
     heading_results = [

infrahub/api/menu.py CHANGED Viewed

@@ -4,17 +4,17 @@ from typing import TYPE_CHECKING
 from fastapi import APIRouter, Depends
-from infrahub.api.dependencies import get_branch_dep, get_current_user, get_db
+from infrahub.api.dependencies import get_branch_dep, get_db, get_permission_manager
 from infrahub.core import registry
-from infrahub.core.branch import Branch  # noqa: TCH001
+from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.protocols import CoreMenuItem
 from infrahub.log import get_logger
 from infrahub.menu.generator import generate_restricted_menu
-from infrahub.menu.models import Menu  # noqa: TCH001
+from infrahub.menu.models import Menu  # noqa: TC001
 if TYPE_CHECKING:
-    from infrahub.auth import AccountSession
     from infrahub.database import InfrahubDatabase
+    from infrahub.permissions import PermissionManager
 log = get_logger()
@@ -25,10 +25,12 @@ router = APIRouter(prefix="/menu")
 async def get_menu(
     db: InfrahubDatabase = Depends(get_db),
     branch: Branch = Depends(get_branch_dep),
-    account_session: AccountSession = Depends(get_current_user),
+    permission_manager: PermissionManager = Depends(get_permission_manager),
 ) -> Menu:
     log.info("menu_request", branch=branch.name)
     menu_items = await registry.manager.query(db=db, schema=CoreMenuItem, branch=branch, prefetch_relationships=True)
-    menu = await generate_restricted_menu(db=db, branch=branch, account=account_session, menu_items=menu_items)
+    menu = await generate_restricted_menu(
+        db=db, branch=branch, menu_items=menu_items, account_permissions=permission_manager
+    )
     return menu.to_rest()

infrahub/api/oauth2.py CHANGED Viewed

@@ -3,9 +3,11 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
 from urllib.parse import urljoin
+import ujson
 from authlib.integrations.httpx_client import AsyncOAuth2Client
 from fastapi import APIRouter, Depends, Request, Response
 from fastapi.responses import JSONResponse, RedirectResponse
+from opentelemetry import trace
 from infrahub import config, models
 from infrahub.api.dependencies import get_db
@@ -20,27 +22,34 @@ if TYPE_CHECKING:
     from infrahub.database import InfrahubDatabase
     from infrahub.services import InfrahubServices
+# pylint: disable=R0801
 log = get_logger()
 router = APIRouter(prefix="/oauth2")
 def _get_redirect_url(request: Request, provider_name: str) -> str:
-    """This function is mostly to support local development when the frontend runs on different ports compared to the API."""
-    base_url = config.SETTINGS.dev.frontend_url or str(request.base_url)
+    """Return public redirect URL."""
+    base_url = config.SETTINGS.main.public_url or str(request.base_url)
     return urljoin(base_url, f"auth/oauth2/{provider_name}/callback")
 @router.get("/{provider_name:str}/authorize")
 async def authorize(request: Request, provider_name: str, final_url: str | None = None) -> Response:
     provider = config.SETTINGS.security.get_oauth2_provider(provider=provider_name)
-    client = AsyncOAuth2Client(
-        client_id=provider.client_id,
-        client_secret=provider.client_secret,
-        scope=provider.scopes,
-    )
+    with trace.get_tracer(__name__).start_as_current_span("sso_oauth2_client_configuration") as span:
+        span.set_attribute("provider_name", provider_name)
+        span.set_attribute("scopes", provider.scopes)
+        client = AsyncOAuth2Client(
+            client_id=provider.client_id,
+            client_secret=provider.client_secret,
+            scope=provider.scopes,
+        )
     redirect_uri = _get_redirect_url(request=request, provider_name=provider_name)
-    final_url = final_url or config.SETTINGS.dev.frontend_url or str(request.base_url)
+    final_url = final_url or config.SETTINGS.main.public_url or str(request.base_url)
     authorization_uri, state = client.create_authorization_url(
         url=provider.authorization_url, redirect_uri=redirect_uri, scope=provider.scopes, final_url=final_url
@@ -88,7 +97,10 @@ async def token(
     token_response = await service.http.post(provider.token_url, data=token_data)
     _validate_response(response=token_response)
-    payload = token_response.json()
+    with trace.get_tracer(__name__).start_as_current_span("sso_token_request") as span:
+        span.set_attribute("token_request_data", ujson.dumps(token_response.json()))
+        payload = token_response.json()
     headers = {"Authorization": f"{payload.get('token_type')} {payload.get('access_token')}"}
     if provider.userinfo_method == config.UserInfoMethod.GET:
@@ -102,7 +114,10 @@ async def token(
     if not sso_groups and config.SETTINGS.security.sso_user_default_group:
         sso_groups = [config.SETTINGS.security.sso_user_default_group]
-    user_token = await signin_sso_account(db=db, account_name=user_info["name"], sso_groups=sso_groups)
+    with trace.get_tracer(__name__).start_as_current_span("signin_sso_account") as span:
+        span.set_attribute("account_name", ujson.dumps(userinfo_response.json()))
+        span.set_attribute("sso_groups", sso_groups)
+        user_token = await signin_sso_account(db=db, account_name=user_info["name"], sso_groups=sso_groups)
     response.set_cookie(
         "access_token", user_token.access_token, httponly=True, max_age=config.SETTINGS.security.access_token_lifetime

infrahub/api/oidc.py CHANGED Viewed

@@ -3,9 +3,11 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
 from urllib.parse import urljoin
+import ujson
 from authlib.integrations.httpx_client import AsyncOAuth2Client
 from fastapi import APIRouter, Depends, Request, Response
 from fastapi.responses import JSONResponse, RedirectResponse
+from opentelemetry import trace
 from pydantic import BaseModel, HttpUrl
 from infrahub import config, models
@@ -21,6 +23,8 @@ if TYPE_CHECKING:
     from infrahub.database import InfrahubDatabase
     from infrahub.services import InfrahubServices
+# pylint: disable=R0801
 log = get_logger()
 router = APIRouter(prefix="/oidc")
@@ -54,8 +58,8 @@ class OIDCDiscoveryConfig(BaseModel):
 def _get_redirect_url(request: Request, provider_name: str) -> str:
-    """This function is mostly to support local development when the frontend runs on different ports compared to the API."""
-    base_url = config.SETTINGS.dev.frontend_url or str(request.base_url)
+    """Return public redirect URL."""
+    base_url = config.SETTINGS.main.public_url or str(request.base_url)
     return urljoin(base_url, f"auth/oidc/{provider_name}/callback")
@@ -68,14 +72,19 @@ async def authorize(request: Request, provider_name: str, final_url: str | None
     _validate_response(response=response)
     oidc_config = OIDCDiscoveryConfig(**response.json())
-    client = AsyncOAuth2Client(
-        client_id=provider.client_id,
-        client_secret=provider.client_secret,
-        scope=provider.scopes,
-    )
+    with trace.get_tracer(__name__).start_as_current_span("sso_oauth2_client_configuration") as span:
+        span.set_attribute("provider_name", provider_name)
+        span.set_attribute("scopes", provider.scopes)
+        span.set_attribute("discovery_url", provider.discovery_url)
+        client = AsyncOAuth2Client(
+            client_id=provider.client_id,
+            client_secret=provider.client_secret,
+            scope=provider.scopes,
+        )
     redirect_uri = _get_redirect_url(request=request, provider_name=provider_name)
-    final_url = final_url or config.SETTINGS.dev.frontend_url or str(request.base_url)
+    final_url = final_url or config.SETTINGS.main.public_url or str(request.base_url)
     authorization_uri, state = client.create_authorization_url(
         url=str(oidc_config.authorization_endpoint), redirect_uri=redirect_uri, scope=provider.scopes
@@ -126,7 +135,10 @@ async def token(
     token_response = await service.http.post(str(oidc_config.token_endpoint), data=token_data)
     _validate_response(response=token_response)
-    payload = token_response.json()
+    with trace.get_tracer(__name__).start_as_current_span("sso_token_request") as span:
+        span.set_attribute("token_request_data", ujson.dumps(token_response.json()))
+        payload = token_response.json()
     headers = {"Authorization": f"{payload.get('token_type')} {payload.get('access_token')}"}
@@ -138,10 +150,14 @@ async def token(
     _validate_response(response=userinfo_response)
     user_info = userinfo_response.json()
     sso_groups = user_info.get("groups", [])
     if not sso_groups and config.SETTINGS.security.sso_user_default_group:
         sso_groups = [config.SETTINGS.security.sso_user_default_group]
-    user_token = await signin_sso_account(db=db, account_name=user_info["name"], sso_groups=sso_groups)
+    with trace.get_tracer(__name__).start_as_current_span("signin_sso_account") as span:
+        span.set_attribute("account_name", ujson.dumps(userinfo_response.json()))
+        span.set_attribute("sso_groups", sso_groups)
+        user_token = await signin_sso_account(db=db, account_name=user_info["name"], sso_groups=sso_groups)
     response.set_cookie(
         "access_token", user_token.access_token, httponly=True, max_age=config.SETTINGS.security.access_token_lifetime

infrahub/api/query.py CHANGED Viewed

@@ -10,7 +10,7 @@ from infrahub.api.dependencies import BranchParams, get_branch_params, get_curre
 from infrahub.core import registry
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.protocols import CoreGraphQLQuery
-from infrahub.database import InfrahubDatabase  # noqa: TCH001
+from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
 from infrahub.graphql.api.dependencies import build_graphql_query_permission_checker
 from infrahub.graphql.initialization import prepare_graphql_params
@@ -57,7 +57,7 @@ async def execute_query(
         db=db, id=query_id, kind=CoreGraphQLQuery, branch=branch_params.branch, at=branch_params.at
     )
-    gql_params = prepare_graphql_params(
+    gql_params = await prepare_graphql_params(
         db=db, branch=branch_params.branch, at=branch_params.at, account_session=account_session
     )
     analyzed_query = InfrahubGraphQLQueryAnalyzer(

infrahub-server 1.1.1__py3-none-any.whl → 1.1.3__py3-none-any.whl

infrahub-server 1.1.1py3-none-any.whl → 1.1.3py3-none-any.whl