infrahub-server 1.3.5__py3-none-any.whl → 1.4.0b0__py3-none-any.whl

infrahub/core/graph/schema.py

@@ -23,6 +23,14 @@ class GraphRelationship(BaseModel):
     direction: GraphRelDirection
 
 
+class GraphVertex(BaseModel):
+    default_label: str = "NULL"
+
+    @classmethod
+    def get_default_label(cls) -> str:
+        return cls.model_fields["default_label"].default
+
+
 # -----------------------------------------------------
 # Node
 # -----------------------------------------------------
@@ -61,7 +69,7 @@ class GraphNodeRelationships(BaseModel):
     )
 
 
-class GraphNodeNode(BaseModel):
+class GraphNodeNode(GraphVertex):
     default_label: str = "Node"  # Most node also have CoreNode
     properties: GraphNodeProperties
     relationships: GraphNodeRelationships
@@ -95,7 +103,7 @@ class GraphRelationshipRelationships(BaseModel):
     )
 
 
-class GraphRelationshipNode(BaseModel):
+class GraphRelationshipNode(GraphVertex):
     default_label: str = "Relationship"
     properties: GraphRelationshipProperties
     relationships: GraphRelationshipRelationships
@@ -133,7 +141,7 @@ class GraphAttributeRelationships(BaseModel):
     )
 
 
-class GraphAttributeNode(BaseModel):
+class GraphAttributeNode(GraphVertex):
     default_label: str = "Attribute"
     properties: GraphAttributeProperties
     relationships: GraphAttributeRelationships
@@ -168,19 +176,25 @@ class GraphAttributeValueRelationships(BaseModel):
     )
 
 
-class GraphAttributeValueNode(BaseModel):
+class GraphAttributeValueNode(GraphVertex):
     default_label: str = "AttributeValue"
     properties: GraphAttributeValueProperties
     relationships: GraphAttributeValueRelationships
 
 
-class GraphAttributeIPNetworkNode(BaseModel):
+class GraphAttributeValueIndexedNode(GraphVertex):
+    default_label: str = "AttributeValueIndexed"
+    properties: GraphAttributeValueProperties
+    relationships: GraphAttributeValueRelationships
+
+
+class GraphAttributeIPNetworkNode(GraphVertex):
     default_label: str = "AttributeIPNetwork"
     properties: GraphAttributeIPNetworkProperties
     relationships: GraphAttributeValueRelationships
 
 
-class GraphAttributeIPHostNode(BaseModel):
+class GraphAttributeIPHostNode(GraphVertex):
     default_label: str = "AttributeIPHost"
     properties: GraphAttributeIPHostProperties
     relationships: GraphAttributeValueRelationships
@@ -202,7 +216,7 @@ class GraphBooleanRelationships(BaseModel):
     )
 
 
-class GraphBooleanNode(BaseModel):
+class GraphBooleanNode(GraphVertex):
     default_label: str = "Boolean"
     properties: GraphBooleanProperties
     relationships: GraphBooleanRelationships
@@ -229,25 +243,32 @@ class GraphRelationshipDefault(BaseModel):
     hierarchy: Optional[str] = Field(None, description="Name of the hierarchy this relationship is part of")
 
 
-GRAPH_SCHEMA: dict[str, dict[str, Any]] = {
-    "nodes": {
-        "Node": GraphNodeNode,
-        "Relationship": GraphRelationshipNode,
-        "Attribute": GraphAttributeNode,
-        "AttributeValue": GraphAttributeValueNode,
-        "AttributeIPNetwork": GraphAttributeIPNetworkNode,
-        "AttributeIPHost": GraphAttributeIPHostNode,
-        "Boolean": GraphBooleanNode,
-    },
-    "relationships": {
-        # Ignoring IS_PART_OF for now, because there is a bit of cleanup required
-        # "IS_PART_OF": GraphRelationshipIsPartOf,
-        "HAS_VALUE": GraphRelationshipDefault,
-        "HAS_ATTRIBUTE": GraphRelationshipDefault,
-        "IS_RELATED": GraphRelationshipDefault,
-        "HAS_SOURCE": GraphRelationshipDefault,
-        "HAS_OWNER": GraphRelationshipDefault,
-        "IS_VISIBLE": GraphRelationshipDefault,
-        "IS_PROTECTED": GraphRelationshipDefault,
-    },
-}
+def get_graph_schema() -> dict[str, dict[str, Any]]:
+    """Generate the graph schema dictionary containing nodes and relationships."""
+    graph_node_list: list[type[GraphVertex]] = [
+        GraphNodeNode,
+        GraphRelationshipNode,
+        GraphAttributeNode,
+        GraphAttributeValueNode,
+        GraphAttributeValueIndexedNode,
+        GraphAttributeIPNetworkNode,
+        GraphAttributeIPHostNode,
+        GraphBooleanNode,
+    ]
+    return {
+        "nodes": {graph_node.get_default_label(): graph_node for graph_node in graph_node_list},
+        "relationships": {
+            # Ignoring IS_PART_OF for now, because there is a bit of cleanup required
+            # "IS_PART_OF": GraphRelationshipIsPartOf,
+            "HAS_VALUE": GraphRelationshipDefault,
+            "HAS_ATTRIBUTE": GraphRelationshipDefault,
+            "IS_RELATED": GraphRelationshipDefault,
+            "HAS_SOURCE": GraphRelationshipDefault,
+            "HAS_OWNER": GraphRelationshipDefault,
+            "IS_VISIBLE": GraphRelationshipDefault,
+            "IS_PROTECTED": GraphRelationshipDefault,
+        },
+    }
+
+
+GRAPH_SCHEMA: dict[str, dict[str, Any]] = get_graph_schema()

infrahub/core/initialization.py

@@ -1,4 +1,5 @@
 import importlib
+from collections.abc import Sequence
 from typing import TYPE_CHECKING
 from uuid import uuid4
 
@@ -16,15 +17,16 @@ from infrahub.core.constants import (
     PermissionDecision,
 )
 from infrahub.core.graph import GRAPH_VERSION
-from infrahub.core.graph.index import attr_value_index, node_indexes, rel_indexes
+from infrahub.core.graph.index import node_indexes, rel_indexes
 from infrahub.core.manager import NodeManager
 from infrahub.core.node import Node
 from infrahub.core.node.ipam import BuiltinIPPrefix
 from infrahub.core.node.permissions import CoreGlobalPermission, CoreObjectPermission
+from infrahub.core.node.proposed_change import CoreProposedChange
 from infrahub.core.node.resource_manager.ip_address_pool import CoreIPAddressPool
 from infrahub.core.node.resource_manager.ip_prefix_pool import CoreIPPrefixPool
 from infrahub.core.node.resource_manager.number_pool import CoreNumberPool
-from infrahub.core.protocols import CoreAccount
+from infrahub.core.protocols import CoreAccount, CoreAccountGroup, CoreAccountRole
 from infrahub.core.root import Root
 from infrahub.core.schema import SchemaRoot, core_models, internal_schema
 from infrahub.core.schema.manager import SchemaManager
@@ -117,6 +119,7 @@ async def initialize_registry(db: InfrahubDatabase, initialize: bool = False) ->
     registry.node[InfrahubKind.NUMBERPOOL] = CoreNumberPool
     registry.node[InfrahubKind.GLOBALPERMISSION] = CoreGlobalPermission
     registry.node[InfrahubKind.OBJECTPERMISSION] = CoreObjectPermission
+    registry.node[InfrahubKind.PROPOSEDCHANGE] = CoreProposedChange
 
     # ---------------------------------------------------
     # Instantiate permission backends
@@ -129,8 +132,6 @@ async def add_indexes(db: InfrahubDatabase) -> None:
         index_manager: IndexManagerBase = IndexManagerMemgraph(db=db)
     index_manager = IndexManagerNeo4j(db=db)
 
-    if config.SETTINGS.experimental_features.value_db_index:
-        node_indexes.append(attr_value_index)
     index_manager.init(nodes=node_indexes, rels=rel_indexes)
     log.debug("Loading database indexes ..")
     await index_manager.add()
@@ -321,7 +322,7 @@ async def create_ipam_namespace(
     return obj
 
 
-async def create_super_administrator_role(db: InfrahubDatabase) -> Node:
+async def create_super_administrator_role(db: InfrahubDatabase) -> CoreAccountRole:
     permission = await Node.init(db=db, schema=InfrahubKind.GLOBALPERMISSION)
     await permission.new(
         db=db,
@@ -333,15 +334,15 @@ async def create_super_administrator_role(db: InfrahubDatabase) -> Node:
     log.info(f"Created global permission: {GlobalPermissions.SUPER_ADMIN}")
 
     role_name = "Super Administrator"
-    obj = await Node.init(db=db, schema=InfrahubKind.ACCOUNTROLE)
-    await obj.new(db=db, name=role_name, permissions=[permission])
-    await obj.save(db=db)
+    role = await Node.init(db=db, schema=CoreAccountRole)
+    await role.new(db=db, name=role_name, permissions=[permission])
+    await role.save(db=db)
     log.info(f"Created account role: {role_name}")
 
-    return obj
+    return role
 
 
-async def create_default_roles(db: InfrahubDatabase) -> Node:
+async def create_default_role(db: InfrahubDatabase) -> CoreAccountRole:
     repo_permission = await Node.init(db=db, schema=InfrahubKind.GLOBALPERMISSION)
     await repo_permission.new(
         db=db,
@@ -408,7 +409,7 @@ async def create_default_roles(db: InfrahubDatabase) -> Node:
     await modify_permission.save(db=db)
 
     role_name = "General Access"
-    role = await Node.init(db=db, schema=InfrahubKind.ACCOUNTROLE)
+    role = await Node.init(db=db, schema=CoreAccountRole)
     await role.new(
         db=db,
         name=role_name,
@@ -423,16 +424,29 @@ async def create_default_roles(db: InfrahubDatabase) -> Node:
     await role.save(db=db)
     log.info(f"Created account role: {role_name}")
 
-    group_name = "Infrahub Users"
-    group = await Node.init(db=db, schema=InfrahubKind.ACCOUNTGROUP)
-    await group.new(db=db, name=group_name, roles=[role])
-    await group.save(db=db)
-    log.info(f"Created account group: {group_name}")
+    return role
+
+
+async def create_proposed_change_reviewer_role(db: InfrahubDatabase) -> CoreAccountRole:
+    reviewer_permission = await Node.init(db=db, schema=InfrahubKind.GLOBALPERMISSION)
+    await reviewer_permission.new(
+        db=db,
+        action=GlobalPermissions.REVIEW_PROPOSED_CHANGE.value,
+        decision=PermissionDecision.ALLOW_ALL.value,
+        description="Allow a user to approve or revoke proposed changes",
+    )
+    await reviewer_permission.save(db=db)
+
+    role_name = "Proposed Change Reviewer"
+    role = await Node.init(db=db, schema=CoreAccountRole)
+    await role.new(db=db, name=role_name, permissions=[reviewer_permission])
+    await role.save(db=db)
+    log.info(f"Created account role: {role_name}")
 
     return role
 
 
-async def create_anonymous_role(db: InfrahubDatabase) -> Node:
+async def create_anonymous_role(db: InfrahubDatabase) -> CoreAccountRole:
     deny_permission = await Node.init(db=db, schema=InfrahubKind.OBJECTPERMISSION)
     await deny_permission.new(
         db=db, name="*", namespace="*", action=PermissionAction.ANY.value, decision=PermissionDecision.DENY.value
@@ -445,7 +459,7 @@ async def create_anonymous_role(db: InfrahubDatabase) -> Node:
         hfid=["*", "*", PermissionAction.VIEW.value, str(PermissionDecision.ALLOW_ALL.value)],
     )
 
-    role = await Node.init(db=db, schema=InfrahubKind.ACCOUNTROLE)
+    role = await Node.init(db=db, schema=CoreAccountRole)
     await role.new(
         db=db, name=config.SETTINGS.main.anonymous_access_role, permissions=[deny_permission, view_permission]
     )
@@ -455,23 +469,40 @@ async def create_anonymous_role(db: InfrahubDatabase) -> Node:
     return role
 
 
-async def create_super_administrators_group(
-    db: InfrahubDatabase, role: Node, admin_accounts: list[CoreAccount]
-) -> Node:
-    group_name = "Super Administrators"
-    group = await Node.init(db=db, schema=InfrahubKind.ACCOUNTGROUP)
-    await group.new(db=db, name=group_name, roles=[role])
+async def create_accounts_group(
+    db: InfrahubDatabase, name: str, roles: Sequence[CoreAccountRole], accounts: Sequence[CoreAccount]
+) -> CoreAccountGroup:
+    group = await Node.init(db=db, schema=CoreAccountGroup)
+    await group.new(db=db, name=name, roles=list(roles))
     await group.save(db=db)
-    log.info(f"Created account group: {group_name}")
+    log.info(f"Created account group: {name}")
 
-    for admin_account in admin_accounts:
-        await group.members.add(db=db, data=admin_account)  # type: ignore[attr-defined]
-        await group.members.save(db=db)  # type: ignore[attr-defined]
-        log.info(f"Assigned account group: {group_name} to {admin_account.name.value}")
+    for account in accounts:
+        await group.members.add(db=db, data=account)  # type: ignore[arg-type]
+        await group.members.save(db=db)
+        log.info(f"Assigned account group: {name} to {account.name.value}")
 
     return group
 
 
+async def create_default_account_groups(
+    db: InfrahubDatabase,
+    admin_accounts: Sequence[CoreAccount] | None = None,
+    accounts: Sequence[CoreAccount] | None = None,
+) -> None:
+    administrator_role = await create_super_administrator_role(db=db)
+    await create_accounts_group(
+        db=db, name="Super Administrators", roles=[administrator_role], accounts=admin_accounts or []
+    )
+
+    default_role = await create_default_role(db=db)
+    proposed_change_reviewer_role = await create_proposed_change_reviewer_role(db=db)
+
+    await create_accounts_group(
+        db=db, name="Infrahub Users", roles=[default_role, proposed_change_reviewer_role], accounts=accounts or []
+    )
+
+
 async def first_time_initialization(db: InfrahubDatabase) -> None:
     # --------------------------------------------------
     # Create the default Branch
@@ -522,12 +553,10 @@ async def first_time_initialization(db: InfrahubDatabase) -> None:
         )
 
     # --------------------------------------------------
-    # Create Global Permissions and assign them
+    # Create default account roles, groups and permissions
     # --------------------------------------------------
-    administrator_role = await create_super_administrator_role(db=db)
-    await create_super_administrators_group(db=db, role=administrator_role, admin_accounts=admin_accounts)
+    await create_default_account_groups(db=db, admin_accounts=admin_accounts)
 
-    await create_default_roles(db=db)
     if config.SETTINGS.main.allow_anonymous_access:
         await create_anonymous_role(db=db)
 

infrahub/core/ipam/tasks.py

@@ -5,7 +5,7 @@ from prefect import flow
 
 from infrahub.core import registry
 from infrahub.core.ipam.reconciler import IpamReconciler
-from infrahub.services import InfrahubServices
+from infrahub.workers.dependencies import get_database
 from infrahub.workflows.utils import add_branch_tag
 
 from .model import IpamNodeDetails
@@ -20,8 +20,9 @@ if TYPE_CHECKING:
     description="Ensure the IPAM Tree is up to date",
     persist_result=False,
 )
-async def ipam_reconciliation(branch: str, ipam_node_details: list[IpamNodeDetails], service: InfrahubServices) -> None:
-    async with service.database.start_session() as db:
+async def ipam_reconciliation(branch: str, ipam_node_details: list[IpamNodeDetails]) -> None:
+    database = await get_database()
+    async with database.start_session() as db:
         branch_obj = await registry.get_branch(db=db, branch=branch)
 
         await add_branch_tag(branch_name=branch_obj.name)

infrahub/core/merge.py

@@ -26,7 +26,7 @@ if TYPE_CHECKING:
     from infrahub.core.schema.manager import SchemaDiff
     from infrahub.core.schema.schema_branch import SchemaBranch
     from infrahub.database import InfrahubDatabase
-    from infrahub.services import InfrahubServices
+    from infrahub.services.adapters.workflow import InfrahubWorkflow
 
 
 log = get_logger()
@@ -42,7 +42,7 @@ class BranchMerger:
         diff_repository: DiffRepository,
         diff_locker: DiffLocker,
         destination_branch: Branch | None = None,
-        service: InfrahubServices | None = None,
+        workflow: InfrahubWorkflow | None = None,
     ):
         self.source_branch = source_branch
         self.destination_branch: Branch = destination_branch or registry.get_branch_from_registry()
@@ -58,7 +58,7 @@ class BranchMerger:
         self._destination_schema: SchemaBranch | None = None
         self._initial_source_schema: SchemaBranch | None = None
 
-        self._service = service
+        self._workflow = workflow
 
     @property
     def source_schema(self) -> SchemaBranch:
@@ -81,10 +81,10 @@ class BranchMerger:
         raise ValueError("_initial_source_schema hasn't been initialized")
 
     @property
-    def service(self) -> InfrahubServices:
-        if not self._service:
-            raise ValueError("BranchMerger hasn't been initialized with a service object")
-        return self._service
+    def workflow(self) -> InfrahubWorkflow:
+        if not self._workflow:
+            raise ValueError("BranchMerger hasn't been initialized with a workflow object")
+        return self._workflow
 
     async def get_initial_source_branch(self) -> SchemaBranch:
         """Retrieve the schema of the source branch when the branch was created.
@@ -246,6 +246,4 @@ class BranchMerger:
                     destination_branch_id=str(self.destination_branch.get_uuid()),
                     default_branch=repo.default_branch.value,
                 )
-                await self.service.workflow.submit_workflow(
-                    workflow=GIT_REPOSITORIES_MERGE, parameters={"model": model}
-                )
+                await self.workflow.submit_workflow(workflow=GIT_REPOSITORIES_MERGE, parameters={"model": model})

infrahub/core/migrations/graph/__init__.py

@@ -36,6 +36,7 @@ from .m031_check_number_attributes import Migration031
 from .m032_cleanup_orphaned_branch_relationships import Migration032
 from .m033_deduplicate_relationship_vertices import Migration033
 from .m034_find_orphaned_schema_fields import Migration034
+from .m035_drop_attr_value_index import Migration035
 
 if TYPE_CHECKING:
     from infrahub.core.root import Root
@@ -77,6 +78,7 @@ MIGRATIONS: list[type[GraphMigration | InternalSchemaMigration | ArbitraryMigrat
     Migration032,
     Migration033,
     Migration034,
+    Migration035,
 ]
 
 

infrahub/core/migrations/graph/m035_drop_attr_value_index.py

@@ -0,0 +1,45 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Sequence
+
+from infrahub.constants.database import IndexType
+from infrahub.core.migrations.shared import MigrationResult
+from infrahub.core.query import Query  # noqa: TC001
+from infrahub.database import DatabaseType
+from infrahub.database.index import IndexItem
+from infrahub.database.neo4j import IndexManagerNeo4j
+
+from ..shared import GraphMigration
+
+if TYPE_CHECKING:
+    from infrahub.database import InfrahubDatabase
+
+
+INDEX_TO_DELETE = IndexItem(name="attr_value", label="AttributeValue", properties=["value"], type=IndexType.RANGE)
+
+
+class Migration035(GraphMigration):
+    name: str = "035_drop_attr_value_index"
+    queries: Sequence[type[Query]] = []
+    minimum_version: int = 34
+
+    async def execute(self, db: InfrahubDatabase) -> MigrationResult:
+        result = MigrationResult()
+
+        # Only execute this migration for Neo4j
+        if db.db_type != DatabaseType.NEO4J:
+            return result
+
+        try:
+            index_manager = IndexManagerNeo4j(db=db)
+            index_manager.init(nodes=[INDEX_TO_DELETE], rels=[])
+            await index_manager.drop()
+        except Exception as exc:
+            result.errors.append(str(exc))
+            return result
+
+        return result
+
+    async def validate_migration(self, db: InfrahubDatabase) -> MigrationResult:  # noqa: ARG002
+        result = MigrationResult()
+        return result

infrahub/core/migrations/query/attribute_add.py

@@ -3,7 +3,9 @@ from __future__ import annotations
 from typing import TYPE_CHECKING, Any
 
 from infrahub.core.constants import NULL_VALUE, RelationshipStatus
+from infrahub.core.graph.schema import GraphAttributeValueIndexedNode, GraphAttributeValueNode
 from infrahub.core.query import Query, QueryType
+from infrahub.types import is_large_attribute_type
 
 if TYPE_CHECKING:
     from infrahub.database import InfrahubDatabase
@@ -36,7 +38,6 @@ class AttributeAddQuery(Query):
 
         self.params["node_kind"] = self.node_kind
         self.params["attr_name"] = self.attribute_name
-        self.params["attr_type"] = self.attribute_kind
         self.params["branch_support"] = self.branch_support
         self.params["current_time"] = self.at.to_string()
 
@@ -55,8 +56,31 @@ class AttributeAddQuery(Query):
         self.params["is_protected_default"] = False
         self.params["is_visible_default"] = True
 
+        attr_value_label = GraphAttributeValueNode.get_default_label()
+        if not is_large_attribute_type(self.attribute_kind):
+            # should be indexed
+            attr_value_label += f":{GraphAttributeValueIndexedNode.get_default_label()}"
+            match_query = """
+            MERGE (av:%(attr_value_label)s { value: $attr_value, is_default: true })
+            LIMIT 1
+            """ % {"attr_value_label": attr_value_label}
+        else:
+            # cannot be indexed
+            match_query = """
+            OPTIONAL MATCH (existing_av:%(attr_value_label)s { value: $attr_value, is_default: true })
+            WHERE NOT existing_av:AttributeValueIndexed
+            CALL (existing_av) {
+                WITH existing_av
+                WHERE existing_av IS NULL
+                CREATE (:%(attr_value_label)s { value: $attr_value, is_default: true })
+            }
+            MATCH (av:%(attr_value_label)s { value: $attr_value, is_default: true })
+            WHERE NOT av:AttributeValueIndexed
+            LIMIT 1
+            """ % {"attr_value_label": attr_value_label}
+
         query = """
-        MERGE (av:AttributeValue { value: $attr_value, is_default: true })
+        %(match_query)s
         MERGE (is_protected_value:Boolean { value: $is_protected_default })
         MERGE (is_visible_value:Boolean { value: $is_visible_default })
         WITH av, is_protected_value, is_visible_value
@@ -84,6 +108,7 @@ class AttributeAddQuery(Query):
             SET has_attr_e.to = $current_time
         )
         """ % {
+            "match_query": match_query,
             "branch_filter": branch_filter,
             "node_kind": self.node_kind,
             "uuid_generation": db.render_uuid_generation(node_label="a", node_attr="uuid"),

infrahub/core/migrations/schema/tasks.py

@@ -10,17 +10,18 @@ from prefect.logging import get_run_logger
 from infrahub.core.branch import Branch  # noqa: TC001
 from infrahub.core.migrations import MIGRATION_MAP
 from infrahub.core.path import SchemaPath  # noqa: TC001
-from infrahub.services import InfrahubServices  # noqa: TC001  needed for prefect flow
+from infrahub.workers.dependencies import get_database
 from infrahub.workflows.utils import add_branch_tag
 
 from .models import SchemaApplyMigrationData, SchemaMigrationPathResponseData
 
 if TYPE_CHECKING:
     from infrahub.core.schema import MainSchemaTypes
+    from infrahub.database import InfrahubDatabase
 
 
 @flow(name="schema_apply_migrations", flow_run_name="Apply schema migrations", persist_result=True)
-async def schema_apply_migrations(message: SchemaApplyMigrationData, service: InfrahubServices) -> list[str]:
+async def schema_apply_migrations(message: SchemaApplyMigrationData) -> list[str]:
     await add_branch_tag(branch_name=message.branch.name)
     log = get_run_logger()
 
@@ -55,7 +56,7 @@ async def schema_apply_migrations(message: SchemaApplyMigrationData, service: In
             new_node_schema=new_node_schema,
             previous_node_schema=previous_node_schema,
             schema_path=migration.path,
-            service=service,
+            database=await get_database(),
         )
 
     async for _, result in batch.execute():
@@ -75,13 +76,13 @@ async def schema_path_migrate(
     branch: Branch,
     migration_name: str,
     schema_path: SchemaPath,
-    service: InfrahubServices,
+    database: InfrahubDatabase,
     new_node_schema: MainSchemaTypes | None = None,
     previous_node_schema: MainSchemaTypes | None = None,
 ) -> SchemaMigrationPathResponseData:
     log = get_run_logger()
 
-    async with service.database.start_session() as db:
+    async with database.start_session() as db:
         node_kind = None
         if new_node_schema:
             node_kind = new_node_schema.kind

infrahub/core/node/proposed_change.py

@@ -0,0 +1,43 @@
+from typing import cast
+
+from infrahub.core.constants.infrahubkind import THREADCOMMENT
+from infrahub.core.manager import NodeManager
+from infrahub.core.node import Node
+from infrahub.core.protocols import CoreProposedChange as CoreProposedChangeProtocol
+from infrahub.database import InfrahubDatabase
+
+
+class CoreProposedChange(Node):
+    async def to_graphql(
+        self,
+        db: InfrahubDatabase,
+        fields: dict | None = None,
+        related_node_ids: set | None = None,
+        filter_sensitive: bool = False,
+        permissions: dict | None = None,
+        include_properties: bool = True,
+    ) -> dict:
+        response = await super().to_graphql(
+            db,
+            fields=fields,
+            related_node_ids=related_node_ids,
+            filter_sensitive=filter_sensitive,
+            permissions=permissions,
+            include_properties=include_properties,
+        )
+
+        if fields:
+            if "total_comments" in fields:
+                total_comments = 0
+                proposed_change = cast(CoreProposedChangeProtocol, self)
+                change_comments = await proposed_change.comments.get_relationships(db=db)
+                total_comments += len(change_comments)
+
+                threads = await proposed_change.threads.get_peers(db=db)
+                thread_comments = await NodeManager.query(
+                    db=db, schema=THREADCOMMENT, filters={"thread__ids": list(threads.keys())}
+                )
+                total_comments += len(thread_comments)
+                response["total_comments"] = {"value": total_comments}
+
+        return response

infrahub/core/protocols.py

@@ -319,6 +319,7 @@ class CoreCheckDefinition(CoreTaskTarget):
 
 
 class CoreCustomWebhook(CoreWebhook, CoreTaskTarget):
+    shared_key: StringOptional
     transformation: RelationshipManager
 
 
@@ -480,7 +481,10 @@ class CoreProposedChange(CoreTaskTarget):
     source_branch: String
     destination_branch: String
     state: Enum
+    is_draft: Boolean
+    total_comments: IntegerOptional
     approved_by: RelationshipManager
+    rejected_by: RelationshipManager
     reviewers: RelationshipManager
     created_by: RelationshipManager
     comments: RelationshipManager
@@ -554,6 +558,14 @@ class InternalAccountToken(CoreNode):
     account: RelationshipManager
 
 
+class InternalIPPrefixAvailable(BuiltinIPPrefix):
+    pass
+
+
+class InternalIPRangeAvailable(BuiltinIPAddress):
+    last_address: IPHost
+
+
 class InternalRefreshToken(CoreNode):
     expiration: DateTime
     account: RelationshipManager