infrahub-server 1.1.6__py3-none-any.whl → 1.1.8__py3-none-any.whl

infrahub/core/relationship/model.py

@@ -884,6 +884,8 @@ class RelationshipManager:
         """If the attribute is branch aware, return the Branch object associated with this attribute
         If the attribute is branch agnostic return the Global Branch
 
+        Note that if this relationship is Aware and source node is Agnostic, it will return -global- branch.
+
         Returns:
             Branch:
         """
@@ -959,7 +961,7 @@ class RelationshipManager:
         self.has_fetched_relationships = True
 
         for peer_id in details.peer_ids_present_local_only:
-            await self.remove(peer_id=peer_id, db=db)
+            await self.remove_locally(peer_id=peer_id, db=db)
 
     async def get(self, db: InfrahubDatabase) -> Relationship | list[Relationship] | None:
         rels = await self.get_relationships(db=db)
@@ -1077,22 +1079,17 @@ class RelationshipManager:
         for rel in self._relationships:
             await rel.resolve(db=db)
 
-    async def remove(
+    async def remove_locally(
         self,
         peer_id: Union[str, UUID],
         db: InfrahubDatabase,
-        update_db: bool = False,
     ) -> bool:
-        """Remove a peer id from the local relationships list,
-        need to investigate if and when we should update the relationship in the database."""
+        """Remove a peer id from the local relationships list"""
 
         for idx, rel in enumerate(await self.get_relationships(db=db)):
             if str(rel.peer_id) != str(peer_id):
                 continue
 
-            if update_db:
-                await rel.delete(db=db)
-
             self._relationships.pop(idx)
             return True
 
@@ -1109,14 +1106,13 @@ class RelationshipManager:
 
         # - Update the existing relationship if we are on the same branch
         rel_ids_per_branch = peer_data.rel_ids_per_branch()
+
+        # In which cases do we end up here and do not want to set `to` time?
         if branch.name in rel_ids_per_branch:
             await update_relationships_to([str(ri) for ri in rel_ids_per_branch[branch.name]], to=remove_at, db=db)
 
         # - Create a new rel of type DELETED if the existing relationship is on a different branch
-        rel_branches: set[str] = set()
-        if peer_data.rels:
-            rel_branches = {r.branch for r in peer_data.rels}
-        if rel_branches == {peer_data.branch}:
+        if peer_data.rels and {r.branch for r in peer_data.rels} == {peer_data.branch}:
             return
 
         query = await RelationshipDataDeleteQuery.init(

infrahub/core/schema/definitions/core.py

@@ -223,6 +223,7 @@ core_models: dict[str, Any] = {
                     "optional": True,
                     "identifier": "group_member",
                     "cardinality": "many",
+                    "branch": BranchSupportType.AWARE,
                 },
                 {
                     "name": "subscribers",

infrahub/core/utils.py

@@ -72,6 +72,7 @@ async def update_relationships_to(ids: list[str], db: InfrahubDatabase, to: Time
     query = """
     MATCH ()-[r]->()
     WHERE %(id_func)s(r) IN $ids
+    AND r.to IS NULL
     SET r.to = $to
     RETURN %(id_func)s(r)
     """ % {"id_func": db.get_id_function_name()}

infrahub/core/validators/uniqueness/query.py

@@ -30,7 +30,7 @@ class NodeUniqueAttributeConstraintQuery(Query):
     def get_context(self) -> dict[str, str]:
         return {"kind": self.query_request.kind}
 
-    async def query_init(self, db: InfrahubDatabase, **kwargs: Any) -> None:
+    async def query_init(self, db: InfrahubDatabase, **kwargs: Any) -> None:  # pylint: disable=too-many-branches
         branch_filter, branch_params = self.branch.get_query_filter_path(at=self.at.to_string(), is_isolated=False)
         self.params.update(branch_params)
         from_times = db.render_list_comprehension(items="relationships(potential_path)", item_name="from")
@@ -56,6 +56,7 @@ class NodeUniqueAttributeConstraintQuery(Query):
         relationship_names = set()
         relationship_attr_paths = []
         relationship_only_attr_paths = []
+        relationship_only_attr_values = []
         relationship_attr_paths_with_value = []
         for rel_path in self.query_request.relationship_attribute_paths:
             relationship_names.add(rel_path.identifier)
@@ -67,6 +68,8 @@ class NodeUniqueAttributeConstraintQuery(Query):
                 relationship_attr_paths.append((rel_path.identifier, rel_path.attribute_name))
             else:
                 relationship_only_attr_paths.append(rel_path.identifier)
+                if rel_path.value:
+                    relationship_only_attr_values.append(rel_path.value)
 
         if (
             not attr_paths
@@ -89,34 +92,37 @@ class NodeUniqueAttributeConstraintQuery(Query):
                 "relationship_attr_paths": relationship_attr_paths,
                 "relationship_attr_paths_with_value": relationship_attr_paths_with_value,
                 "relationship_only_attr_paths": relationship_only_attr_paths,
+                "relationship_only_attr_values": relationship_only_attr_values,
                 "min_count_required": self.min_count_required,
             }
         )
 
         attr_paths_subquery = """
-        WITH start_node
-        MATCH attr_path = (start_node)-[:HAS_ATTRIBUTE]->(attr:Attribute)-[r:HAS_VALUE]->(attr_value:AttributeValue)
+        MATCH attr_path = (start_node:%(node_kind)s)-[:HAS_ATTRIBUTE]->(attr:Attribute)-[r:HAS_VALUE]->(attr_value:AttributeValue)
         WHERE attr.name in $attribute_names
             AND ([attr.name, type(r)] in $attr_paths
             OR [attr.name, type(r), attr_value.value] in $attr_paths_with_value)
-        RETURN attr_path as potential_path, NULL as rel_identifier, attr.name as potential_attr, attr_value.value as potential_attr_value
-        """
+        RETURN start_node, attr_path as potential_path, NULL as rel_identifier, attr.name as potential_attr, attr_value.value as potential_attr_value
+        """ % {"node_kind": self.query_request.kind}
 
         relationship_attr_paths_with_value_subquery = """
-        WITH start_node
-        MATCH rel_path = (start_node)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)-[:HAS_ATTRIBUTE]->(rel_attr:Attribute)-[:HAS_VALUE]->(rel_attr_value:AttributeValue)
+        MATCH rel_path = (start_node:%(node_kind)s)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)-[:HAS_ATTRIBUTE]->(rel_attr:Attribute)-[:HAS_VALUE]->(rel_attr_value:AttributeValue)
         WHERE relationship_node.name in $relationship_names
             AND ([relationship_node.name, rel_attr.name] in $relationship_attr_paths
             OR [relationship_node.name, rel_attr.name, rel_attr_value.value] in $relationship_attr_paths_with_value)
-        RETURN rel_path as potential_path, relationship_node.name as rel_identifier, rel_attr.name as potential_attr, rel_attr_value.value as potential_attr_value
-        """
+        RETURN start_node, rel_path as potential_path, relationship_node.name as rel_identifier, rel_attr.name as potential_attr, rel_attr_value.value as potential_attr_value
+        """ % {"node_kind": self.query_request.kind}
 
         relationship_only_attr_paths_subquery = """
-        WITH start_node
-        MATCH rel_path = (start_node)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)
-        WHERE relationship_node.name in $relationship_only_attr_paths
-        RETURN rel_path as potential_path, relationship_node.name as rel_identifier, "id" as potential_attr, related_n.uuid as potential_attr_value
-        """
+        MATCH rel_path = (start_node:%(node_kind)s)-[:IS_RELATED]-(relationship_node:Relationship)-[:IS_RELATED]-(related_n:Node)
+        WHERE %(rel_node_filter)s relationship_node.name in $relationship_only_attr_paths
+        RETURN start_node, rel_path as potential_path, relationship_node.name as rel_identifier, "id" as potential_attr, related_n.uuid as potential_attr_value
+        """ % {
+            "node_kind": self.query_request.kind,
+            "rel_node_filter": "related_n.uuid IN $relationship_only_attr_values AND "
+            if relationship_only_attr_values
+            else "",
+        }
 
         select_subqueries = []
         if attr_paths or attr_paths_with_value:
@@ -130,8 +136,6 @@ class NodeUniqueAttributeConstraintQuery(Query):
 
         # ruff: noqa: E501
         query = """
-        // group by node
-        MATCH (start_node:%(node_kind)s)
         // get attributes for node and its relationships
         CALL {
             %(select_subqueries_str)s
@@ -201,7 +205,6 @@ class NodeUniqueAttributeConstraintQuery(Query):
             attr_value,
             relationship_identifier
         """ % {
-            "node_kind": self.query_request.kind,
             "select_subqueries_str": select_subqueries_str,
             "branch_filter": branch_filter,
             "from_times": from_times,

infrahub/database/__init__.py

@@ -173,6 +173,19 @@ class InfrahubDatabase:
         elif self.db_type == DatabaseType.MEMGRAPH:
             self.manager = DatabaseManagerMemgraph(db=self)
 
+    def __del__(self) -> None:
+        if not self._session or not self._is_session_local or self._session.closed():
+            return
+
+        try:
+            loop = asyncio.get_running_loop()
+        except RuntimeError:
+            loop = None
+        if loop and loop.is_running():
+            loop.create_task(self._session.close())
+        else:
+            asyncio.run(self._session.close())
+
     @property
     def is_session(self) -> bool:
         if self._mode == InfrahubDatabaseMode.SESSION:
@@ -501,6 +514,7 @@ def retry_db_transaction(
                         if exc.code != "Neo.ClientError.Statement.EntityNotFound":
                             raise exc
                     retry_time: float = random.randrange(100, 500) / 1000
+                    log.exception("Retry handler caught database error")
                     log.info(
                         f"Retrying database transaction, attempt {attempt}/{config.SETTINGS.database.retry_limit}",
                         retry_time=retry_time,

infrahub/dependencies/builder/constraint/grouped/node_runner.py

@@ -2,7 +2,6 @@ from infrahub.core.constraint.node.runner import NodeConstraintRunner
 from infrahub.dependencies.interface import DependencyBuilder, DependencyBuilderContext
 
 from ..node.grouped_uniqueness import NodeGroupedUniquenessConstraintDependency
-from ..node.uniqueness import NodeAttributeUniquenessConstraintDependency
 from ..relationship_manager.count import RelationshipCountConstraintDependency
 from ..relationship_manager.peer_kind import RelationshipPeerKindConstraintDependency
 from ..relationship_manager.profiles_kind import RelationshipProfilesKindConstraintDependency
@@ -15,7 +14,6 @@ class NodeConstraintRunnerDependency(DependencyBuilder[NodeConstraintRunner]):
             db=context.db,
             branch=context.branch,
             node_constraints=[
-                NodeAttributeUniquenessConstraintDependency.build(context=context),
                 NodeGroupedUniquenessConstraintDependency.build(context=context),
             ],
             relationship_manager_constraints=[

infrahub/dependencies/builder/diff/coordinator.py

@@ -8,7 +8,6 @@ from .conflicts_enricher import DiffConflictsEnricherDependency
 from .data_check_synchronizer import DiffDataCheckSynchronizerDependency
 from .enricher.aggregated import DiffAggregatedEnricherDependency
 from .enricher.labels import DiffLabelsEnricherDependency
-from .enricher.summary_counts import DiffSummaryCountsEnricherDependency
 from .repository import DiffRepositoryDependency
 
 
@@ -22,7 +21,6 @@ class DiffCoordinatorDependency(DependencyBuilder[DiffCoordinator]):
             diff_enricher=DiffAggregatedEnricherDependency.build(context=context),
             conflicts_enricher=DiffConflictsEnricherDependency.build(context=context),
             labels_enricher=DiffLabelsEnricherDependency.build(context=context),
-            summary_counts_enricher=DiffSummaryCountsEnricherDependency.build(context=context),
             data_check_synchronizer=DiffDataCheckSynchronizerDependency.build(context=context),
             conflict_transferer=DiffConflictTransfererDependency.build(context=context),
         )

infrahub/dependencies/builder/diff/deserializer.py

@@ -1,8 +1,10 @@
 from infrahub.core.diff.repository.deserializer import EnrichedDiffDeserializer
 from infrahub.dependencies.interface import DependencyBuilder, DependencyBuilderContext
 
+from .parent_node_adder import DiffParentNodeAdderDependency
+
 
 class DiffDeserializerDependency(DependencyBuilder[EnrichedDiffDeserializer]):
     @classmethod
     def build(cls, context: DependencyBuilderContext) -> EnrichedDiffDeserializer:
-        return EnrichedDiffDeserializer()
+        return EnrichedDiffDeserializer(parent_adder=DiffParentNodeAdderDependency.build(context=context))

infrahub/dependencies/builder/diff/enricher/hierarchy.py

@@ -1,8 +1,10 @@
 from infrahub.core.diff.enricher.hierarchy import DiffHierarchyEnricher
 from infrahub.dependencies.interface import DependencyBuilder, DependencyBuilderContext
 
+from ..parent_node_adder import DiffParentNodeAdderDependency
+
 
 class DiffHierarchyEnricherDependency(DependencyBuilder[DiffHierarchyEnricher]):
     @classmethod
     def build(cls, context: DependencyBuilderContext) -> DiffHierarchyEnricher:
-        return DiffHierarchyEnricher(db=context.db)
+        return DiffHierarchyEnricher(db=context.db, parent_adder=DiffParentNodeAdderDependency.build(context=context))

infrahub/dependencies/builder/diff/parent_node_adder.py

@@ -0,0 +1,8 @@
+from infrahub.core.diff.parent_node_adder import DiffParentNodeAdder
+from infrahub.dependencies.interface import DependencyBuilder, DependencyBuilderContext
+
+
+class DiffParentNodeAdderDependency(DependencyBuilder[DiffParentNodeAdder]):
+    @classmethod
+    def build(cls, context: DependencyBuilderContext) -> DiffParentNodeAdder:
+        return DiffParentNodeAdder()

infrahub/graphql/mutations/computed_attribute.py

@@ -87,7 +87,9 @@ class UpdateComputedAttribute(Mutation):
             log_data = get_log_data()
             request_id = log_data.get("request_id", "")
 
-            graphql_payload = await target_node.to_graphql(db=context.db, filter_sensitive=True)
+            graphql_payload = await target_node.to_graphql(
+                db=context.db, filter_sensitive=True, include_properties=False
+            )
 
             event = NodeMutatedEvent(
                 branch=context.branch.name,

infrahub/graphql/mutations/diff.py

@@ -1,15 +1,20 @@
 from typing import TYPE_CHECKING
 
-from graphene import Boolean, DateTime, InputObjectType, Mutation, String
+from graphene import Boolean, DateTime, Field, InputObjectType, Mutation, String
 from graphql import GraphQLResolveInfo
 
 from infrahub.core import registry
 from infrahub.core.diff.coordinator import DiffCoordinator
+from infrahub.core.diff.model.path import NameTrackingId
 from infrahub.core.diff.models import RequestDiffUpdate
-from infrahub.database import retry_db_transaction
+from infrahub.core.diff.repository.repository import DiffRepository
+from infrahub.core.timestamp import Timestamp
 from infrahub.dependencies.registry import get_component_registry
+from infrahub.exceptions import ValidationError
 from infrahub.workflows.catalogue import DIFF_UPDATE
 
+from ..types.task import TaskInfo
+
 if TYPE_CHECKING:
     from ..initialization import GraphqlContext
 
@@ -19,32 +24,57 @@ class DiffUpdateInput(InputObjectType):
     name = String(required=False)
     from_time = DateTime(required=False)
     to_time = DateTime(required=False)
-    wait_for_completion = Boolean(required=False)
+    wait_for_completion = Boolean(required=False, deprecation_reason="Please use `wait_until_completion` instead")
 
 
 class DiffUpdateMutation(Mutation):
     class Arguments:
         data = DiffUpdateInput(required=True)
+        wait_until_completion = Boolean(required=False)
 
     ok = Boolean()
+    task = Field(TaskInfo, required=False)
 
     @classmethod
-    @retry_db_transaction(name="diff_update")
     async def mutate(
         cls,
         root: dict,  # pylint: disable=unused-argument
         info: GraphQLResolveInfo,
         data: DiffUpdateInput,
-    ) -> dict[str, bool]:
+        wait_until_completion: bool = False,
+    ) -> dict[str, bool | dict[str, str]]:
         context: GraphqlContext = info.context
 
+        if data.wait_for_completion is True:
+            wait_until_completion = True
+
         from_timestamp_str = DateTime.serialize(data.from_time) if data.from_time else None
         to_timestamp_str = DateTime.serialize(data.to_time) if data.to_time else None
-        if data.wait_for_completion is True:
-            component_registry = get_component_registry()
-            base_branch = await registry.get_branch(db=context.db, branch=registry.default_branch)
-            diff_branch = await registry.get_branch(db=context.db, branch=data.branch)
+        if (data.from_time or data.to_time) and not data.name:
+            raise ValidationError("diff with specified time range requires a name")
+
+        component_registry = get_component_registry()
+        base_branch = await registry.get_branch(db=context.db, branch=registry.default_branch)
+        diff_branch = await registry.get_branch(db=context.db, branch=data.branch)
+        diff_repository = await component_registry.get_component(DiffRepository, db=context.db, branch=diff_branch)
+
+        tracking_id = NameTrackingId(name=data.name)
+        existing_diffs_metadatas = await diff_repository.get_roots_metadata(
+            diff_branch_names=[diff_branch.name], base_branch_names=[base_branch.name], tracking_id=tracking_id
+        )
+        if existing_diffs_metadatas:
+            metadata = existing_diffs_metadatas[0]
+            from_time = Timestamp(from_timestamp_str) if from_timestamp_str else None
+            to_time = Timestamp(to_timestamp_str) if to_timestamp_str else None
+            branched_from_timestamp = Timestamp(diff_branch.get_branched_from())
+            if from_time and from_time > metadata.from_time:
+                raise ValidationError(f"from_time must be null or less than or equal to {metadata.from_time}")
+            if from_time and from_time < branched_from_timestamp:
+                raise ValidationError(f"from_time must be null or greater than or equal to {branched_from_timestamp}")
+            if to_time and to_time < metadata.to_time:
+                raise ValidationError(f"to_time must be null or greater than or equal to {metadata.to_time}")
 
+        if wait_until_completion is True:
             diff_coordinator = await component_registry.get_component(
                 DiffCoordinator, db=context.db, branch=diff_branch
             )
@@ -65,6 +95,7 @@ class DiffUpdateMutation(Mutation):
             to_time=to_timestamp_str,
         )
         if context.service:
-            await context.service.workflow.submit_workflow(workflow=DIFF_UPDATE, parameters={"model": model})
+            workflow = await context.service.workflow.submit_workflow(workflow=DIFF_UPDATE, parameters={"model": model})
+            return {"ok": True, "task": {"id": str(workflow.id)}}
 
         return {"ok": True}

infrahub/graphql/mutations/main.py

@@ -97,7 +97,7 @@ class InfrahubMutationMixin:
             log_data = get_log_data()
             request_id = log_data.get("request_id", "")
 
-            graphql_payload = await obj.to_graphql(db=context.db, filter_sensitive=True)
+            graphql_payload = await obj.to_graphql(db=context.db, filter_sensitive=True, include_properties=False)
             event = NodeMutatedEvent(
                 branch=context.branch.name,
                 kind=obj._schema.kind,
@@ -175,20 +175,25 @@ class InfrahubMutationMixin:
         branch: Branch,
     ) -> Node:
         component_registry = get_component_registry()
-        node_constraint_runner = await component_registry.get_component(NodeConstraintRunner, db=db, branch=branch)
+        node_constraint_runner = await component_registry.get_component(
+            NodeConstraintRunner, db=db.start_session(), branch=branch
+        )
         node_class = Node
         if cls._meta.schema.kind in registry.node:
             node_class = registry.node[cls._meta.schema.kind]
 
+        fields_to_validate = list(data)
         try:
-            obj = await node_class.init(db=db, schema=cls._meta.schema, branch=branch)
-            await obj.new(db=db, **data)
-            fields_to_validate = list(data)
-            await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
             if db.is_transaction:
+                obj = await node_class.init(db=db, schema=cls._meta.schema, branch=branch)
+                await obj.new(db=db, **data)
+                await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
                 await obj.save(db=db)
             else:
                 async with db.start_transaction() as dbt:
+                    obj = await node_class.init(db=dbt, schema=cls._meta.schema, branch=branch)
+                    await obj.new(db=dbt, **data)
+                    await node_constraint_runner.check(node=obj, field_filters=fields_to_validate)
                     await obj.save(db=dbt)
 
         except ValidationError as exc:

infrahub/graphql/mutations/relationship.py

@@ -5,7 +5,8 @@ from typing import TYPE_CHECKING
 from graphene import Boolean, InputField, InputObjectType, List, Mutation, String
 from infrahub_sdk.utils import compare_lists
 
-from infrahub.core.constants import InfrahubKind, RelationshipCardinality
+from infrahub.core.account import GlobalPermission, ObjectPermission
+from infrahub.core.constants import InfrahubKind, PermissionAction, PermissionDecision, RelationshipCardinality
 from infrahub.core.manager import NodeManager
 from infrahub.core.query.relationship import (
     RelationshipGetPeerQuery,
@@ -14,6 +15,7 @@ from infrahub.core.query.relationship import (
 from infrahub.core.relationship import Relationship
 from infrahub.database import retry_db_transaction
 from infrahub.exceptions import NodeNotFoundError, ValidationError
+from infrahub.permissions import get_global_permission_for_kind
 
 from ..types import RelatedNodeInput
 
@@ -76,6 +78,32 @@ class RelationshipMixin:
             db=context.db, ids=node_ids, fields={"display_label": None}, branch=context.branch
         )
 
+        if context.account_session:
+            impacted_schemas = {node.get_schema() for node in [source] + list(nodes.values())}
+            required_permissions: list[GlobalPermission | ObjectPermission] = []
+            decision = (
+                PermissionDecision.ALLOW_DEFAULT.value
+                if context.branch.is_default
+                else PermissionDecision.ALLOW_OTHER.value
+            )
+
+            for impacted_schema in impacted_schemas:
+                global_action = get_global_permission_for_kind(schema=impacted_schema)
+
+                if global_action:
+                    required_permissions.append(GlobalPermission(action=global_action, decision=decision))
+                else:
+                    required_permissions.append(
+                        ObjectPermission(
+                            namespace=impacted_schema.namespace,
+                            name=impacted_schema.name,
+                            action=PermissionAction.UPDATE.value,
+                            decision=decision,
+                        )
+                    )
+
+            context.active_permissions.raise_for_permissions(permissions=required_permissions)
+
         _, _, in_list2 = compare_lists(list1=list(nodes.keys()), list2=node_ids)
         if in_list2:
             for node_id in in_list2:

infrahub/graphql/mutations/resource_manager.py

@@ -2,7 +2,7 @@ from __future__ import annotations
 
 from typing import TYPE_CHECKING, Any
 
-from graphene import Boolean, Field, InputField, InputObjectType, Int, Mutation, String
+from graphene import Boolean, Field, InputField, InputObjectType, Int, List, Mutation, String
 from graphene.types.generic import GenericScalar
 from typing_extensions import Self
 
@@ -30,7 +30,7 @@ if TYPE_CHECKING:
 
 class IPPrefixPoolGetResourceInput(InputObjectType):
     id = InputField(String(required=False), description="ID of the pool to allocate from")
-    hfid = InputField(String(required=False), description="HFID of the pool to allocate from")
+    hfid = InputField(List(of_type=String, required=False), description="HFID of the pool to allocate from")
     identifier = InputField(String(required=False), description="Identifier for the allocated resource")
     prefix_length = InputField(Int(required=False), description="Size of the prefix to allocate")
     member_type = InputField(String(required=False), description="Type of members for the newly created prefix")
@@ -40,7 +40,7 @@ class IPPrefixPoolGetResourceInput(InputObjectType):
 
 class IPAddressPoolGetResourceInput(InputObjectType):
     id = InputField(String(required=False), description="ID of the pool to allocate from")
-    hfid = InputField(String(required=False), description="HFID of the pool to allocate from")
+    hfid = InputField(List(of_type=String, required=False), description="HFID of the pool to allocate from")
     identifier = InputField(String(required=False), description="Identifier for the allocated resource")
     prefix_length = InputField(
         Int(required=False), description="Size of the prefix mask to allocate on the new IP address"

infrahub/graphql/mutations/tasks.py

@@ -31,14 +31,17 @@ async def merge_branch_mutation(branch: str) -> None:
         diff_coordinator = await component_registry.get_component(DiffCoordinator, db=db, branch=obj)
         diff_repository = await component_registry.get_component(DiffRepository, db=db, branch=obj)
         diff_merger = await component_registry.get_component(DiffMerger, db=db, branch=obj)
-        enriched_diff = await diff_coordinator.update_branch_diff_and_return(base_branch=base_branch, diff_branch=obj)
-        if enriched_diff.get_all_conflicts():
+        enriched_diff_metadata = await diff_coordinator.update_branch_diff(base_branch=base_branch, diff_branch=obj)
+        async for _ in diff_repository.get_all_conflicts_for_diff(
+            diff_branch_name=enriched_diff_metadata.diff_branch_name, diff_id=enriched_diff_metadata.uuid
+        ):
+            # if there are any conflicts, raise the error
             raise ValidationError(
                 f"Branch {obj.name} contains conflicts with the default branch."
                 " Please create a Proposed Change to resolve the conflicts or manually update them before merging."
             )
         node_diff_field_summaries = await diff_repository.get_node_field_summaries(
-            diff_branch_name=enriched_diff.diff_branch_name, diff_id=enriched_diff.uuid
+            diff_branch_name=enriched_diff_metadata.diff_branch_name, diff_id=enriched_diff_metadata.uuid
         )
 
         merger = BranchMerger(

infrahub/graphql/queries/resource_manager.py

@@ -21,8 +21,10 @@ from infrahub.pools.number import NumberUtilizationGetter
 if TYPE_CHECKING:
     from graphql import GraphQLResolveInfo
 
+    from infrahub.core.branch import Branch
     from infrahub.core.node import Node
     from infrahub.core.protocols import CoreNode
+    from infrahub.core.timestamp import Timestamp
     from infrahub.database import InfrahubDatabase
     from infrahub.graphql.initialization import GraphqlContext
 
@@ -184,7 +186,7 @@ class PoolUtilization(ObjectType):
         pool: CoreNode | None = await NodeManager.get_one(id=pool_id, db=db, branch=context.branch)
         pool = _validate_pool_type(pool_id=pool_id, pool=pool)
         if pool.get_kind() == "CoreNumberPool":
-            return await resolve_number_pool_utilization(db=db, context=context, pool=pool)
+            return await resolve_number_pool_utilization(db=db, at=context.at, pool=pool, branch=context.branch)
 
         resources_map: dict[str, Node] = {}
 
@@ -290,8 +292,10 @@ async def resolve_number_pool_allocation(
     return response
 
 
-async def resolve_number_pool_utilization(db: InfrahubDatabase, context: GraphqlContext, pool: CoreNode) -> dict:
-    number_pool = NumberUtilizationGetter(db=db, pool=pool, at=context.at, branch=context.branch)
+async def resolve_number_pool_utilization(
+    db: InfrahubDatabase, pool: CoreNode, at: Timestamp | str | None, branch: Branch
+) -> dict:
+    number_pool = NumberUtilizationGetter(db=db, pool=pool, at=at, branch=branch)
     await number_pool.load_data()
 
     return {

infrahub/permissions/__init__.py

@@ -2,12 +2,13 @@ from infrahub.permissions.backend import PermissionBackend
 from infrahub.permissions.local_backend import LocalPermissionBackend
 from infrahub.permissions.manager import PermissionManager
 from infrahub.permissions.report import report_schema_permissions
-from infrahub.permissions.types import AssignedPermissions
+from infrahub.permissions.types import AssignedPermissions, get_global_permission_for_kind
 
 __all__ = [
     "AssignedPermissions",
     "LocalPermissionBackend",
     "PermissionBackend",
     "PermissionManager",
+    "get_global_permission_for_kind",
     "report_schema_permissions",
 ]

infrahub/permissions/types.py

@@ -2,8 +2,12 @@ from __future__ import annotations
 
 from typing import TYPE_CHECKING, TypedDict
 
+from infrahub.core.constants import GlobalPermissions, InfrahubKind
+from infrahub.core.schema import NodeSchema
+
 if TYPE_CHECKING:
     from infrahub.core.account import GlobalPermission, ObjectPermission
+    from infrahub.core.schema import MainSchemaTypes
     from infrahub.permissions.constants import BranchRelativePermissionDecision
 
 
@@ -18,3 +22,25 @@ class KindPermissions(TypedDict):
     delete: BranchRelativePermissionDecision
     update: BranchRelativePermissionDecision
     view: BranchRelativePermissionDecision
+
+
+def get_global_permission_for_kind(schema: MainSchemaTypes) -> GlobalPermissions | None:
+    kind_permission_map = {
+        InfrahubKind.GENERICACCOUNT: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.ACCOUNTGROUP: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.ACCOUNTROLE: GlobalPermissions.MANAGE_ACCOUNTS,
+        InfrahubKind.BASEPERMISSION: GlobalPermissions.MANAGE_PERMISSIONS,
+        InfrahubKind.GENERICREPOSITORY: GlobalPermissions.MANAGE_REPOSITORIES,
+    }
+
+    if schema.kind in kind_permission_map:
+        return kind_permission_map[schema.kind]
+
+    if isinstance(schema, NodeSchema):
+        for base in schema.inherit_from:
+            try:
+                return kind_permission_map[base]
+            except KeyError:
+                continue
+
+    return None