infrahub-server 1.1.5__py3-none-any.whl → 1.1.7__py3-none-any.whl

infrahub/core/query/relationship.py

@@ -905,7 +905,8 @@ class RelationshipCountPerNodeQuery(Query):
             path = "<-[r:IS_RELATED]-"
 
         query = """
-        MATCH (rl:Relationship { name: $rel_identifier })
+        MATCH (peer_node:Node)%(path)s(rl:Relationship { name: $rel_identifier })
+        WHERE peer_node.uuid IN $peer_ids AND %(branch_filter)s
         CALL {
             WITH rl
             MATCH path = (peer_node:Node)%(path)s(rl)

infrahub/core/query/resource_manager.py

@@ -123,6 +123,7 @@ class NumberPoolGetAllocated(Query):
         self.params["node_attribute"] = self.pool.node_attribute.value
         self.params["start_range"] = self.pool.start_range.value
         self.params["end_range"] = self.pool.end_range.value
+        self.params["pool_id"] = self.pool.get_id()
 
         branch_filter, branch_params = self.branch.get_query_filter_path(
             at=self.at.to_string(), branch_agnostic=self.branch_agnostic
@@ -133,7 +134,8 @@ class NumberPoolGetAllocated(Query):
         MATCH (n:%(node)s)-[ha:HAS_ATTRIBUTE]-(a:Attribute {name: $node_attribute})-[hv:HAS_VALUE]-(av:AttributeValue)
         MATCH (a)-[hs:HAS_SOURCE]-(pool:%(number_pool_kind)s)
         WHERE
-            av.value >= $start_range and av.value <= $end_range
+            pool.uuid = $pool_id
+            AND av.value >= $start_range and av.value <= $end_range
             AND all(r in [ha, hv, hs] WHERE (%(branch_filter)s))
             AND ha.status = "active"
             AND hv.status = "active"

infrahub/core/relationship/model.py

@@ -1110,7 +1110,7 @@ class RelationshipManager:
         # - Update the existing relationship if we are on the same branch
         rel_ids_per_branch = peer_data.rel_ids_per_branch()
         if branch.name in rel_ids_per_branch:
-            await update_relationships_to([str(ri) for ri in rel_ids_per_branch[self.branch.name]], to=remove_at, db=db)
+            await update_relationships_to([str(ri) for ri in rel_ids_per_branch[branch.name]], to=remove_at, db=db)
 
         # - Create a new rel of type DELETED if the existing relationship is on a different branch
         rel_branches: set[str] = set()

infrahub/core/schema/schema_branch.py

@@ -492,6 +492,8 @@ class SchemaBranch:
         self.process_branch_support()
         self.manage_profile_schemas()
         self.manage_profile_relationships()
+        self.add_hierarchy_generic()
+        self.add_hierarchy_node()
 
     def process_validate(self) -> None:
         self.validate_names()
@@ -512,8 +514,6 @@ class SchemaBranch:
     def process_post_validation(self) -> None:
         self.cleanup_inherited_elements()
         self.add_groups()
-        self.add_hierarchy_generic()
-        self.add_hierarchy_node()
         self.generate_weight()
         self.process_labels()
         self.process_dropdowns()
@@ -633,7 +633,7 @@ class SchemaBranch:
                     and not (
                         schema_attribute_path.relationship_schema.name == "ip_namespace"
                         and isinstance(node_schema, NodeSchema)
-                        and (node_schema.is_ip_address() or node_schema.is_ip_prefix)
+                        and (node_schema.is_ip_address() or node_schema.is_ip_prefix())
                     )
                 ):
                     raise ValueError(
@@ -1509,7 +1509,7 @@ class SchemaBranch:
             if changed:
                 self.set(name=node_name, schema=schema)
 
-    def _get_hierarchy_child_rel(self, peer: str, hierarchical: str, read_only: bool) -> RelationshipSchema:
+    def _get_hierarchy_child_rel(self, peer: str, hierarchical: str | None, read_only: bool) -> RelationshipSchema:
         return RelationshipSchema(
             name="children",
             identifier="parent__child",
@@ -1522,18 +1522,22 @@ class SchemaBranch:
             read_only=read_only,
         )
 
-    def _get_hierarchy_parent_rel(self, peer: str, hierarchical: str, read_only: bool) -> RelationshipSchema:
+    def _get_hierarchy_parent_rel(
+        self, peer: str, hierarchical: str | None, read_only: bool, optional: bool
+    ) -> RelationshipSchema:
         return RelationshipSchema(
             name="parent",
             identifier="parent__child",
             peer=peer,
             kind=RelationshipKind.HIERARCHY,
             cardinality=RelationshipCardinality.ONE,
+            min_count=0 if optional else 1,
             max_count=1,
             branch=BranchSupportType.AWARE,
             direction=RelationshipDirection.OUTBOUND,
             hierarchical=hierarchical,
             read_only=read_only,
+            optional=optional,
         )
 
     def add_hierarchy_generic(self) -> None:
@@ -1548,7 +1552,9 @@ class SchemaBranch:
 
             if "parent" not in generic.relationship_names:
                 generic.relationships.append(
-                    self._get_hierarchy_parent_rel(peer=generic_name, hierarchical=generic_name, read_only=read_only)
+                    self._get_hierarchy_parent_rel(
+                        peer=generic_name, hierarchical=generic_name, read_only=read_only, optional=True
+                    )
                 )
             if "children" not in generic.relationship_names:
                 generic.relationships.append(
@@ -1571,7 +1577,10 @@ class SchemaBranch:
                 if "parent" not in node.relationship_names:
                     node.relationships.append(
                         self._get_hierarchy_parent_rel(
-                            peer=node.parent, hierarchical=node.hierarchy, read_only=read_only
+                            peer=node.parent,
+                            hierarchical=node.hierarchy,
+                            read_only=read_only,
+                            optional=node.parent in [node_name] + self.generic_names,
                         )
                     )
                 else:

infrahub/core/utils.py

@@ -72,6 +72,7 @@ async def update_relationships_to(ids: list[str], db: InfrahubDatabase, to: Time
     query = """
     MATCH ()-[r]->()
     WHERE %(id_func)s(r) IN $ids
+    AND r.to IS NULL
     SET r.to = $to
     RETURN %(id_func)s(r)
     """ % {"id_func": db.get_id_function_name()}

infrahub/core/validators/uniqueness/query.py

@@ -30,7 +30,7 @@ class NodeUniqueAttributeConstraintQuery(Query):
     def get_context(self) -> dict[str, str]:
         return {"kind": self.query_request.kind}
 
-    async def query_init(self, db: InfrahubDatabase, **kwargs: Any) -> None:
+    async def query_init(self, db: InfrahubDatabase, **kwargs: Any) -> None:  # pylint: disable=too-many-branches
         branch_filter, branch_params = self.branch.get_query_filter_path(at=self.at.to_string(), is_isolated=False)
         self.params.update(branch_params)
         from_times = db.render_list_comprehension(items="relationships(potential_path)", item_name="from")
@@ -56,6 +56,7 @@ class NodeUniqueAttributeConstraintQuery(Query):
         relationship_names = set()
         relationship_attr_paths = []
         relationship_only_attr_paths = []
+        relationship_only_attr_values = []
         relationship_attr_paths_with_value = []
         for rel_path in self.query_request.relationship_attribute_paths:
             relationship_names.add(rel_path.identifier)
@@ -67,6 +68,8 @@ class NodeUniqueAttributeConstraintQuery(Query):
                 relationship_attr_paths.append((rel_path.identifier, rel_path.attribute_name))
             else:
                 relationship_only_attr_paths.append(rel_path.identifier)
+                if rel_path.value:
+                    relationship_only_attr_values.append(rel_path.value)
 
         if (
             not attr_paths
@@ -89,34 +92,37 @@ class NodeUniqueAttributeConstraintQuery(Query):
                 "relationship_attr_paths": relationship_attr_paths,
                 "relationship_attr_paths_with_value": relationship_attr_paths_with_value,
                 "relationship_only_attr_paths": relationship_only_attr_paths,
+                "relationship_only_attr_values": relationship_only_attr_values,
                 "min_count_required": self.min_count_required,
             }
         )
 
         attr_paths_subquery = """
-        WITH start_node
-        MATCH attr_path = (start_node)-[:HAS_ATTRIBUTE]->(attr:Attribute)-[r:HAS_VALUE]->(attr_value:AttributeValue)
+        MATCH attr_path = (start_node:%(node_kind)s)-[:HAS_ATTRIBUTE]->(attr:Attribute)-[r:HAS_VALUE]->(attr_value:AttributeValue)
         WHERE attr.name in $attribute_names
             AND ([attr.name, type(r)] in $attr_paths
             OR [attr.name, type(r), attr_value.value] in $attr_paths_with_value)
-        RETURN attr_path as potential_path, NULL as rel_identifier, attr.name as potential_attr, attr_value.value as potential_attr_value
-        """
+        RETURN start_node, attr_path as potential_path, NULL as rel_identifier, attr.name as potential_attr, attr_value.value as potential_attr_value
+        """ % {"node_kind": self.query_request.kind}
 
         relationship_attr_paths_with_value_subquery = """
-        WITH start_node
-        MATCH rel_path = (start_node)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)-[:HAS_ATTRIBUTE]->(rel_attr:Attribute)-[:HAS_VALUE]->(rel_attr_value:AttributeValue)
+        MATCH rel_path = (start_node:%(node_kind)s)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)-[:HAS_ATTRIBUTE]->(rel_attr:Attribute)-[:HAS_VALUE]->(rel_attr_value:AttributeValue)
         WHERE relationship_node.name in $relationship_names
             AND ([relationship_node.name, rel_attr.name] in $relationship_attr_paths
             OR [relationship_node.name, rel_attr.name, rel_attr_value.value] in $relationship_attr_paths_with_value)
-        RETURN rel_path as potential_path, relationship_node.name as rel_identifier, rel_attr.name as potential_attr, rel_attr_value.value as potential_attr_value
-        """
+        RETURN start_node, rel_path as potential_path, relationship_node.name as rel_identifier, rel_attr.name as potential_attr, rel_attr_value.value as potential_attr_value
+        """ % {"node_kind": self.query_request.kind}
 
         relationship_only_attr_paths_subquery = """
-        WITH start_node
-        MATCH rel_path = (start_node)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)
-        WHERE relationship_node.name in $relationship_only_attr_paths
-        RETURN rel_path as potential_path, relationship_node.name as rel_identifier, "id" as potential_attr, related_n.uuid as potential_attr_value
-        """
+        MATCH rel_path = (start_node:%(node_kind)s)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)
+        WHERE %(rel_node_filter)s relationship_node.name in $relationship_only_attr_paths
+        RETURN start_node, rel_path as potential_path, relationship_node.name as rel_identifier, "id" as potential_attr, related_n.uuid as potential_attr_value
+        """ % {
+            "node_kind": self.query_request.kind,
+            "rel_node_filter": "related_n.uuid IN $relationship_only_attr_values AND "
+            if relationship_only_attr_values
+            else "",
+        }
 
         select_subqueries = []
         if attr_paths or attr_paths_with_value:
@@ -130,8 +136,6 @@ class NodeUniqueAttributeConstraintQuery(Query):
 
         # ruff: noqa: E501
         query = """
-        // group by node
-        MATCH (start_node:%(node_kind)s)
         // get attributes for node and its relationships
         CALL {
             %(select_subqueries_str)s
@@ -201,7 +205,6 @@ class NodeUniqueAttributeConstraintQuery(Query):
             attr_value,
             relationship_identifier
         """ % {
-            "node_kind": self.query_request.kind,
             "select_subqueries_str": select_subqueries_str,
             "branch_filter": branch_filter,
             "from_times": from_times,

infrahub/database/__init__.py

@@ -173,6 +173,19 @@ class InfrahubDatabase:
         elif self.db_type == DatabaseType.MEMGRAPH:
             self.manager = DatabaseManagerMemgraph(db=self)
 
+    def __del__(self) -> None:
+        if not self._session or not self._is_session_local or self._session.closed():
+            return
+
+        try:
+            loop = asyncio.get_running_loop()
+        except RuntimeError:
+            loop = None
+        if loop and loop.is_running():
+            loop.create_task(self._session.close())
+        else:
+            asyncio.run(self._session.close())
+
     @property
     def is_session(self) -> bool:
         if self._mode == InfrahubDatabaseMode.SESSION:

infrahub/dependencies/builder/constraint/grouped/node_runner.py

@@ -2,7 +2,6 @@ from infrahub.core.constraint.node.runner import NodeConstraintRunner
 from infrahub.dependencies.interface import DependencyBuilder, DependencyBuilderContext
 
 from ..node.grouped_uniqueness import NodeGroupedUniquenessConstraintDependency
-from ..node.uniqueness import NodeAttributeUniquenessConstraintDependency
 from ..relationship_manager.count import RelationshipCountConstraintDependency
 from ..relationship_manager.peer_kind import RelationshipPeerKindConstraintDependency
 from ..relationship_manager.profiles_kind import RelationshipProfilesKindConstraintDependency
@@ -15,7 +14,6 @@ class NodeConstraintRunnerDependency(DependencyBuilder[NodeConstraintRunner]):
             db=context.db,
             branch=context.branch,
             node_constraints=[
-                NodeAttributeUniquenessConstraintDependency.build(context=context),
                 NodeGroupedUniquenessConstraintDependency.build(context=context),
             ],
             relationship_manager_constraints=[

infrahub/dependencies/builder/diff/coordinator.py

@@ -8,7 +8,6 @@ from .conflicts_enricher import DiffConflictsEnricherDependency
 from .data_check_synchronizer import DiffDataCheckSynchronizerDependency
 from .enricher.aggregated import DiffAggregatedEnricherDependency
 from .enricher.labels import DiffLabelsEnricherDependency
-from .enricher.summary_counts import DiffSummaryCountsEnricherDependency
 from .repository import DiffRepositoryDependency
 
 
@@ -22,7 +21,6 @@ class DiffCoordinatorDependency(DependencyBuilder[DiffCoordinator]):
             diff_enricher=DiffAggregatedEnricherDependency.build(context=context),
             conflicts_enricher=DiffConflictsEnricherDependency.build(context=context),
             labels_enricher=DiffLabelsEnricherDependency.build(context=context),
-            summary_counts_enricher=DiffSummaryCountsEnricherDependency.build(context=context),
             data_check_synchronizer=DiffDataCheckSynchronizerDependency.build(context=context),
             conflict_transferer=DiffConflictTransfererDependency.build(context=context),
         )

infrahub/git/integrator.py

@@ -1238,10 +1238,12 @@ class InfrahubRepositoryIntegrator(InfrahubRepositoryBase):  # pylint: disable=t
                 client=self.sdk,
             )
 
-        if definition.content_type.value == ContentType.APPLICATION_JSON.value:
+        if definition.content_type.value == ContentType.APPLICATION_JSON.value and isinstance(artifact_content, dict):
             artifact_content_str = ujson.dumps(artifact_content, indent=2)
-        elif definition.content_type.value == ContentType.TEXT_PLAIN.value:
-            artifact_content_str = artifact_content
+        elif definition.content_type.value == ContentType.APPLICATION_YAML.value and isinstance(artifact_content, dict):
+            artifact_content_str = yaml.dump(artifact_content, indent=2)
+        else:
+            artifact_content_str = str(artifact_content)
 
         checksum = hashlib.md5(bytes(artifact_content_str, encoding="utf-8"), usedforsecurity=False).hexdigest()
 
@@ -1288,10 +1290,12 @@ class InfrahubRepositoryIntegrator(InfrahubRepositoryBase):  # pylint: disable=t
                 client=self.sdk,
             )
 
-        if message.content_type == ContentType.APPLICATION_JSON.value:
+        if message.content_type == ContentType.APPLICATION_JSON.value and isinstance(artifact_content, dict):
             artifact_content_str = ujson.dumps(artifact_content, indent=2)
-        elif message.content_type == ContentType.TEXT_PLAIN.value:
-            artifact_content_str = artifact_content
+        elif message.content_type == ContentType.APPLICATION_YAML.value and isinstance(artifact_content, dict):
+            artifact_content_str = yaml.dump(artifact_content, indent=2)
+        else:
+            artifact_content_str = str(artifact_content)
 
         checksum = hashlib.md5(bytes(artifact_content_str, encoding="utf-8"), usedforsecurity=False).hexdigest()
 

infrahub/graphql/mutations/computed_attribute.py

@@ -87,7 +87,9 @@ class UpdateComputedAttribute(Mutation):
             log_data = get_log_data()
             request_id = log_data.get("request_id", "")
 
-            graphql_payload = await target_node.to_graphql(db=context.db, filter_sensitive=True)
+            graphql_payload = await target_node.to_graphql(
+                db=context.db, filter_sensitive=True, include_properties=False
+            )
 
             event = NodeMutatedEvent(
                 branch=context.branch.name,

infrahub/graphql/mutations/diff.py

@@ -5,9 +5,13 @@ from graphql import GraphQLResolveInfo
 
 from infrahub.core import registry
 from infrahub.core.diff.coordinator import DiffCoordinator
+from infrahub.core.diff.model.path import NameTrackingId
 from infrahub.core.diff.models import RequestDiffUpdate
+from infrahub.core.diff.repository.repository import DiffRepository
+from infrahub.core.timestamp import Timestamp
 from infrahub.database import retry_db_transaction
 from infrahub.dependencies.registry import get_component_registry
+from infrahub.exceptions import ValidationError
 from infrahub.workflows.catalogue import DIFF_UPDATE
 
 if TYPE_CHECKING:
@@ -40,11 +44,31 @@ class DiffUpdateMutation(Mutation):
 
         from_timestamp_str = DateTime.serialize(data.from_time) if data.from_time else None
         to_timestamp_str = DateTime.serialize(data.to_time) if data.to_time else None
-        if data.wait_for_completion is True:
-            component_registry = get_component_registry()
-            base_branch = await registry.get_branch(db=context.db, branch=registry.default_branch)
-            diff_branch = await registry.get_branch(db=context.db, branch=data.branch)
+        if (data.from_time or data.to_time) and not data.name:
+            raise ValidationError("diff with specified time range requires a name")
+
+        component_registry = get_component_registry()
+        base_branch = await registry.get_branch(db=context.db, branch=registry.default_branch)
+        diff_branch = await registry.get_branch(db=context.db, branch=data.branch)
+        diff_repository = await component_registry.get_component(DiffRepository, db=context.db, branch=diff_branch)
 
+        tracking_id = NameTrackingId(name=data.name)
+        existing_diffs_metatdatas = await diff_repository.get_roots_metadata(
+            diff_branch_names=[diff_branch.name], base_branch_names=[base_branch.name], tracking_id=tracking_id
+        )
+        if existing_diffs_metatdatas:
+            metadata = existing_diffs_metatdatas[0]
+            from_time = Timestamp(from_timestamp_str) if from_timestamp_str else None
+            to_time = Timestamp(to_timestamp_str) if to_timestamp_str else None
+            branched_from_timestamp = Timestamp(diff_branch.get_branched_from())
+            if from_time and from_time > metadata.from_time:
+                raise ValidationError(f"from_time must be null or less than or equal to {metadata.from_time}")
+            if from_time and from_time < branched_from_timestamp:
+                raise ValidationError(f"from_time must be null or greater than or equal to {branched_from_timestamp}")
+            if to_time and to_time < metadata.to_time:
+                raise ValidationError(f"to_time must be null or greater than or equal to {metadata.to_time}")
+
+        if data.wait_for_completion is True:
             diff_coordinator = await component_registry.get_component(
                 DiffCoordinator, db=context.db, branch=diff_branch
             )

infrahub/graphql/mutations/main.py

@@ -97,7 +97,7 @@ class InfrahubMutationMixin:
             log_data = get_log_data()
             request_id = log_data.get("request_id", "")
 
-            graphql_payload = await obj.to_graphql(db=context.db, filter_sensitive=True)
+            graphql_payload = await obj.to_graphql(db=context.db, filter_sensitive=True, include_properties=False)
             event = NodeMutatedEvent(
                 branch=context.branch.name,
                 kind=obj._schema.kind,
@@ -175,20 +175,25 @@ class InfrahubMutationMixin:
         branch: Branch,
     ) -> Node:
         component_registry = get_component_registry()
-        node_constraint_runner = await component_registry.get_component(NodeConstraintRunner, db=db, branch=branch)
+        node_constraint_runner = await component_registry.get_component(
+            NodeConstraintRunner, db=db.start_session(), branch=branch
+        )
         node_class = Node
         if cls._meta.schema.kind in registry.node:
             node_class = registry.node[cls._meta.schema.kind]
 
+        fields_to_validate = list(data)
         try:
-            obj = await node_class.init(db=db, schema=cls._meta.schema, branch=branch)
-            await obj.new(db=db, **data)
-            fields_to_validate = list(data)
-            await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
             if db.is_transaction:
+                obj = await node_class.init(db=db, schema=cls._meta.schema, branch=branch)
+                await obj.new(db=db, **data)
+                await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
                 await obj.save(db=db)
             else:
                 async with db.start_transaction() as dbt:
+                    obj = await node_class.init(db=dbt, schema=cls._meta.schema, branch=branch)
+                    await obj.new(db=dbt, **data)
+                    await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
                     await obj.save(db=dbt)
 
         except ValidationError as exc:

infrahub/graphql/mutations/relationship.py

@@ -5,7 +5,8 @@ from typing import TYPE_CHECKING
 from graphene import Boolean, InputField, InputObjectType, List, Mutation, String
 from infrahub_sdk.utils import compare_lists
 
-from infrahub.core.constants import InfrahubKind, RelationshipCardinality
+from infrahub.core.account import GlobalPermission, ObjectPermission
+from infrahub.core.constants import InfrahubKind, PermissionAction, PermissionDecision, RelationshipCardinality
 from infrahub.core.manager import NodeManager
 from infrahub.core.query.relationship import (
     RelationshipGetPeerQuery,
@@ -14,6 +15,7 @@ from infrahub.core.query.relationship import (
 from infrahub.core.relationship import Relationship
 from infrahub.database import retry_db_transaction
 from infrahub.exceptions import NodeNotFoundError, ValidationError
+from infrahub.permissions import get_global_permission_for_kind
 
 from ..types import RelatedNodeInput
 
@@ -76,6 +78,32 @@ class RelationshipMixin:
             db=context.db, ids=node_ids, fields={"display_label": None}, branch=context.branch
         )
 
+        if context.account_session:
+            impacted_schemas = {node.get_schema() for node in [source] + list(nodes.values())}
+            required_permissions: list[GlobalPermission | ObjectPermission] = []
+            decision = (
+                PermissionDecision.ALLOW_DEFAULT.value
+                if context.branch.is_default
+                else PermissionDecision.ALLOW_OTHER.value
+            )
+
+            for impacted_schema in impacted_schemas:
+                global_action = get_global_permission_for_kind(schema=impacted_schema)
+
+                if global_action:
+                    required_permissions.append(GlobalPermission(action=global_action, decision=decision))
+                else:
+                    required_permissions.append(
+                        ObjectPermission(
+                            namespace=impacted_schema.namespace,
+                            name=impacted_schema.name,
+                            action=PermissionAction.UPDATE.value,
+                            decision=decision,
+                        )
+                    )
+
+            context.active_permissions.raise_for_permissions(permissions=required_permissions)
+
         _, _, in_list2 = compare_lists(list1=list(nodes.keys()), list2=node_ids)
         if in_list2:
             for node_id in in_list2:

infrahub/graphql/mutations/tasks.py

@@ -31,14 +31,17 @@ async def merge_branch_mutation(branch: str) -> None:
         diff_coordinator = await component_registry.get_component(DiffCoordinator, db=db, branch=obj)
         diff_repository = await component_registry.get_component(DiffRepository, db=db, branch=obj)
         diff_merger = await component_registry.get_component(DiffMerger, db=db, branch=obj)
-        enriched_diff = await diff_coordinator.update_branch_diff_and_return(base_branch=base_branch, diff_branch=obj)
-        if enriched_diff.get_all_conflicts():
+        enriched_diff_metadata = await diff_coordinator.update_branch_diff(base_branch=base_branch, diff_branch=obj)
+        async for _ in diff_repository.get_all_conflicts_for_diff(
+            diff_branch_name=enriched_diff_metadata.diff_branch_name, diff_id=enriched_diff_metadata.uuid
+        ):
+            # if there are any conflicts, raise the error
             raise ValidationError(
                 f"Branch {obj.name} contains conflicts with the default branch."
                 " Please create a Proposed Change to resolve the conflicts or manually update them before merging."
             )
         node_diff_field_summaries = await diff_repository.get_node_field_summaries(
-            diff_branch_name=enriched_diff.diff_branch_name, diff_id=enriched_diff.uuid
+            diff_branch_name=enriched_diff_metadata.diff_branch_name, diff_id=enriched_diff_metadata.uuid
         )
 
         merger = BranchMerger(

infrahub/graphql/queries/resource_manager.py

@@ -21,8 +21,10 @@ from infrahub.pools.number import NumberUtilizationGetter
 if TYPE_CHECKING:
     from graphql import GraphQLResolveInfo
 
+    from infrahub.core.branch import Branch
     from infrahub.core.node import Node
     from infrahub.core.protocols import CoreNode
+    from infrahub.core.timestamp import Timestamp
     from infrahub.database import InfrahubDatabase
     from infrahub.graphql.initialization import GraphqlContext
 
@@ -184,7 +186,7 @@ class PoolUtilization(ObjectType):
         pool: CoreNode | None = await NodeManager.get_one(id=pool_id, db=db, branch=context.branch)
         pool = _validate_pool_type(pool_id=pool_id, pool=pool)
         if pool.get_kind() == "CoreNumberPool":
-            return await resolve_number_pool_utilization(db=db, context=context, pool=pool)
+            return await resolve_number_pool_utilization(db=db, at=context.at, pool=pool, branch=context.branch)
 
         resources_map: dict[str, Node] = {}
 
@@ -290,8 +292,10 @@ async def resolve_number_pool_allocation(
     return response
 
 
-async def resolve_number_pool_utilization(db: InfrahubDatabase, context: GraphqlContext, pool: CoreNode) -> dict:
-    number_pool = NumberUtilizationGetter(db=db, pool=pool, at=context.at, branch=context.branch)
+async def resolve_number_pool_utilization(
+    db: InfrahubDatabase, pool: CoreNode, at: Timestamp | str | None, branch: Branch
+) -> dict:
+    number_pool = NumberUtilizationGetter(db=db, pool=pool, at=at, branch=branch)
     await number_pool.load_data()
 
     return {

infrahub/permissions/__init__.py

@@ -2,12 +2,13 @@ from infrahub.permissions.backend import PermissionBackend
 from infrahub.permissions.local_backend import LocalPermissionBackend
 from infrahub.permissions.manager import PermissionManager
 from infrahub.permissions.report import report_schema_permissions
-from infrahub.permissions.types import AssignedPermissions
+from infrahub.permissions.types import AssignedPermissions, get_global_permission_for_kind
 
 __all__ = [
     "AssignedPermissions",
     "LocalPermissionBackend",
     "PermissionBackend",
     "PermissionManager",
+    "get_global_permission_for_kind",
     "report_schema_permissions",
 ]

infrahub/permissions/types.py

@@ -2,8 +2,12 @@ from __future__ import annotations
 
 from typing import TYPE_CHECKING, TypedDict
 
+from infrahub.core.constants import GlobalPermissions, InfrahubKind
+from infrahub.core.schema import NodeSchema
+
 if TYPE_CHECKING:
     from infrahub.core.account import GlobalPermission, ObjectPermission
+    from infrahub.core.schema import MainSchemaTypes
     from infrahub.permissions.constants import BranchRelativePermissionDecision
 
 
@@ -18,3 +22,25 @@ class KindPermissions(TypedDict):
     delete: BranchRelativePermissionDecision
     update: BranchRelativePermissionDecision
     view: BranchRelativePermissionDecision
+
+
+def get_global_permission_for_kind(schema: MainSchemaTypes) -> GlobalPermissions | None:
+    kind_permission_map = {
+        InfrahubKind.GENERICACCOUNT: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.ACCOUNTGROUP: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.ACCOUNTROLE: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.BASEPERMISSION: GlobalPermissions.MANAGE_PERMISSIONS,
+        InfrahubKind.GENERICREPOSITORY: GlobalPermissions.MANAGE_REPOSITORIES,
+    }
+
+    if schema.kind in kind_permission_map:
+        return kind_permission_map[schema.kind]
+
+    if isinstance(schema, NodeSchema):
+        for base in schema.inherit_from:
+            try:
+                return kind_permission_map[base]
+            except KeyError:
+                continue
+
+    return None

infrahub/proposed_change/tasks.py

@@ -31,6 +31,7 @@ from infrahub.core.validators.determiner import ConstraintValidatorDeterminer
 from infrahub.core.validators.models.validate_migration import SchemaValidateMigrationData
 from infrahub.core.validators.tasks import schema_validate_migrations
 from infrahub.dependencies.registry import get_component_registry
+from infrahub.exceptions import MergeFailedError
 from infrahub.generators.models import ProposedChangeGeneratorDefinition
 from infrahub.git.repository import get_initialized_repo
 from infrahub.log import get_logger
@@ -131,7 +132,11 @@ async def merge_proposed_change(proposed_change_id: str, proposed_change_name: s
                         )
 
         log.info("Proposed change is eligible to be merged")
-        await merge_branch(branch=source_branch.name)
+        try:
+            await merge_branch(branch=source_branch.name)
+        except MergeFailedError as exc:
+            await _proposed_change_transition_state(proposed_change=proposed_change, state=ProposedChangeState.OPEN)
+            return Failed(message=f"Merge failure when trying to merge {exc.message}")
 
         log.info(f"Branch {source_branch.name} has been merged successfully")
 

infrahub/storage.py

@@ -1,3 +1,4 @@
+import io
 import tempfile
 from typing import Any, BinaryIO
 
@@ -17,11 +18,11 @@ class InfrahubS3ObjectStorage(fastapi_storages.S3Storage):
         super().__init__()
 
     def open(self, name: str) -> BinaryIO:
-        with tempfile.NamedTemporaryFile() as f:
-            self._bucket.download_fileobj(name, f)
-            f.flush()
-            f.seek(0)
-            return f  # type: ignore
+        f = io.BytesIO()
+        self._bucket.download_fileobj(name, f)
+        f.flush()
+        f.seek(0)
+        return f  # type: ignore
 
 
 fastapi_storages.InfrahubS3ObjectStorage = InfrahubS3ObjectStorage