infrahub-server 1.7.1__py3-none-any.whl → 1.7.2__py3-none-any.whl

infrahub/actions/gather.py

@@ -1,6 +1,5 @@
 from __future__ import annotations
 
-from graphql import graphql
 from infrahub_sdk.graphql import Query
 from prefect import task
 from prefect.cache_policies import NONE
@@ -8,6 +7,7 @@ from prefect.cache_policies import NONE
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.registry import registry
 from infrahub.database import InfrahubDatabase  # noqa: TC001  needed for prefect flow
+from infrahub.graphql.execution import execute_graphql_query
 from infrahub.graphql.initialization import prepare_graphql_params
 
 from .models import ActionTriggerRuleTriggerDefinition
@@ -95,7 +95,7 @@ async def gather_trigger_action_rules(db: InfrahubDatabase) -> list[ActionTrigge
         db=db,
         branch=registry.default_branch,
     )
-    response = await graphql(
+    response = await execute_graphql_query(
         schema=gql_params.schema,
         source=trigger_query.render(),
         context_value=gql_params.context,

infrahub/api/query.py

@@ -3,7 +3,6 @@ from __future__ import annotations
 from typing import TYPE_CHECKING, Any
 
 from fastapi import APIRouter, Body, Depends, Path, Query, Request
-from graphql import graphql
 from pydantic import BaseModel, Field
 
 from infrahub.api.dependencies import BranchParams, get_branch_params, get_current_user, get_db
@@ -14,6 +13,7 @@ from infrahub.core.protocols import CoreGraphQLQuery
 from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
 from infrahub.graphql.api.dependencies import build_graphql_query_permission_checker
+from infrahub.graphql.execution import cached_parse, execute_graphql_query
 from infrahub.graphql.initialization import prepare_graphql_params
 from infrahub.graphql.metrics import (
     GRAPHQL_DURATION_METRICS,
@@ -75,6 +75,7 @@ async def execute_query(
         schema=gql_params.schema,
         schema_branch=schema_branch,
         branch=branch_params.branch,
+        document=cached_parse(gql_query.query.value),
     )
     await permission_checker.check(
         db=db,
@@ -93,7 +94,7 @@ async def execute_query(
     }
 
     with GRAPHQL_DURATION_METRICS.labels(**labels).time():
-        result = await graphql(
+        result = await execute_graphql_query(
             schema=gql_params.schema,
             source=gql_query.query.value,
             context_value=gql_params.context,

infrahub/api/transformation.py

@@ -3,7 +3,6 @@ from __future__ import annotations
 from typing import TYPE_CHECKING
 
 from fastapi import APIRouter, Depends, Path, Request
-from graphql import graphql
 from starlette.responses import JSONResponse, PlainTextResponse
 
 from infrahub.api.dependencies import (
@@ -22,6 +21,7 @@ from infrahub.core.protocols import (
 )
 from infrahub.database import InfrahubDatabase  # noqa: TC001
 from infrahub.exceptions import TransformError
+from infrahub.graphql.execution import execute_graphql_query
 from infrahub.graphql.initialization import prepare_graphql_params
 from infrahub.graphql.utils import extract_data
 from infrahub.transformations.models import TransformJinjaTemplateData, TransformPythonData
@@ -69,7 +69,7 @@ async def transform_python(
             db=dbs, branch=branch_params.branch, at=branch_params.at, service=request.app.state.service
         )
 
-        result = await graphql(
+        result = await execute_graphql_query(
             schema=gql_params.schema,
             source=query.query.value,
             context_value=gql_params.context,
@@ -134,7 +134,7 @@ async def transform_jinja2(
             db=dbs, branch=branch_params.branch, at=branch_params.at, service=request.app.state.service
         )
 
-        result = await graphql(
+        result = await execute_graphql_query(
             schema=gql_params.schema,
             source=query.query.value,
             context_value=gql_params.context,

infrahub/computed_attribute/gather.py

@@ -14,6 +14,7 @@ from infrahub.core.registry import registry
 from infrahub.database import InfrahubDatabase  # noqa: TC001  needed for prefect flow
 from infrahub.git.utils import get_repositories_commit_per_branch
 from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
+from infrahub.graphql.execution import cached_parse
 from infrahub.graphql.initialization import prepare_graphql_params
 
 from .models import (
@@ -74,6 +75,7 @@ async def gather_python_transform_attributes(
             branch=branch,
             schema_branch=schema_branch,
             schema=graphql_params.schema,
+            document=cached_parse(query.query.value),
         )
         for attribute in transform_attributes[transform.name.value]:
             python_transform_computed_attribute = PythonTransformComputedAttribute(

infrahub/config.py

@@ -532,8 +532,8 @@ class HTTPSettings(BaseSettings):
 
         return self
 
-    def get_tls_context(self) -> ssl.SSLContext:
-        if self.tls_insecure:
+    def get_tls_context(self, force_verify: bool = False) -> ssl.SSLContext:
+        if self.tls_insecure and not force_verify:
             return ssl._create_unverified_context()
 
         if not self.tls_ca_bundle:

infrahub/core/attribute.py

@@ -366,6 +366,24 @@ class BaseAttribute(FlagPropertyMixin, NodePropertyMixin, MetadataInterface):
 
         return await self._update(db=db, user_id=user_id, at=save_at)
 
+    def get_branch_for_delete(self) -> Branch:
+        """Get the appropriate branch for explicit attribute delete operations.
+
+        For branch-agnostic attributes on branch-aware nodes, use the current branch
+        to create branch-scoped deletion edges rather than global deletion.
+
+        Returns:
+            Branch: The branch to use for the delete operation
+        """
+        if (
+            self.schema.branch == BranchSupportType.AGNOSTIC
+            and self.node is not None
+            and self.node._schema.branch == BranchSupportType.AWARE
+        ):
+            return self.branch
+
+        return self.get_branch_based_on_support_type()
+
     async def delete(
         self, db: InfrahubDatabase, user_id: str = SYSTEM_USER_ID, at: Timestamp | None = None
     ) -> AttributeChangelog | None:
@@ -373,7 +391,7 @@ class BaseAttribute(FlagPropertyMixin, NodePropertyMixin, MetadataInterface):
             return None
 
         delete_at = Timestamp(at)
-        branch = self.get_branch_based_on_support_type()
+        branch = self.get_branch_for_delete()
 
         query = await AttributeDeleteQuery.init(db=db, branch=branch, attr=self, user_id=user_id, at=delete_at)
         await query.execute(db=db)
@@ -642,9 +660,10 @@ class BaseAttribute(FlagPropertyMixin, NodePropertyMixin, MetadataInterface):
         hierarchy_level = branch.hierarchy_level
         if self.schema.branch == BranchSupportType.AGNOSTIC:
             branch = registry.get_global_branch()
+            hierarchy_level = 1
         elif self.schema.branch == BranchSupportType.LOCAL and self.node._schema.branch == BranchSupportType.AGNOSTIC:
             branch = registry.get_global_branch()
-            hierarchy_level = 0
+            hierarchy_level = 1
         data = AttributeCreateData(
             uuid=str(UUIDT()),
             name=self.name,

infrahub/core/diff/model/path.py

@@ -1,5 +1,6 @@
 from __future__ import annotations
 
+from copy import deepcopy
 from dataclasses import asdict, dataclass, field
 from enum import Enum
 from typing import TYPE_CHECKING, Any
@@ -269,6 +270,27 @@ class EnrichedDiffRelationship(BaseSummary):
     def __hash__(self) -> int:
         return hash(self.name)
 
+    def __deepcopy__(self, memo: dict[int, Any]) -> EnrichedDiffRelationship:
+        """Custom deepcopy to handle circular references with EnrichedDiffNode.
+
+        The default deepcopy can fail because it may call __hash__ on a partially
+        constructed instance (before 'name' is set) when handling circular references
+        through the nodes -> relationships cycle.
+
+        This implementation ensures 'name' is set and the instance is registered
+        in memo before deepcopying other attributes that may have circular references.
+        """
+        new_obj = object.__new__(EnrichedDiffRelationship)
+        # Set the hashable attribute first (required for __hash__)
+        new_obj.name = self.name
+        # Register in memo BEFORE copying other attributes to handle circular refs
+        memo[id(self)] = new_obj
+        # Deepcopy all other attributes
+        for key, value in self.__dict__.items():
+            if key != "name":
+                setattr(new_obj, key, deepcopy(value, memo))
+        return new_obj
+
     @property
     def num_properties(self) -> int:
         return sum(r.num_properties for r in self.relationships)
@@ -327,6 +349,27 @@ class EnrichedDiffNode(BaseSummary):
     def __hash__(self) -> int:
         return hash(self.identifier)
 
+    def __deepcopy__(self, memo: dict[int, Any]) -> EnrichedDiffNode:
+        """Custom deepcopy to handle circular references with EnrichedDiffRelationship.
+
+        The default deepcopy can fail because it may call __hash__ on a partially
+        constructed instance (before 'identifier' is set) when handling circular references
+        through the relationships -> nodes cycle.
+
+        This implementation ensures 'identifier' is set and the instance is registered
+        in memo before deepcopying other attributes that may have circular references.
+        """
+        new_obj = object.__new__(EnrichedDiffNode)
+        # Set the hashable attribute first (required for __hash__)
+        new_obj.identifier = deepcopy(self.identifier, memo)
+        # Register in memo BEFORE copying other attributes to handle circular refs
+        memo[id(self)] = new_obj
+        # Deepcopy all other attributes
+        for key, value in self.__dict__.items():
+            if key != "identifier":
+                setattr(new_obj, key, deepcopy(value, memo))
+        return new_obj
+
     @property
     def uuid(self) -> str:
         return self.identifier.uuid

infrahub/core/graph/__init__.py

@@ -1 +1 @@
-GRAPH_VERSION = 51
+GRAPH_VERSION = 55

infrahub/core/graph/index.py

@@ -13,6 +13,8 @@ node_indexes: list[IndexItem] = [
     IndexItem(name="rel_uuid", label="Relationship", properties=["uuid"], type=IndexType.RANGE),
     IndexItem(name="rel_identifier", label="Relationship", properties=["name"], type=IndexType.RANGE),
     IndexItem(name="attr_value_indexed", label="AttributeValueIndexed", properties=["value"], type=IndexType.RANGE),
+    # TEXT index for efficient CONTAINS/STARTS WITH/ENDS WITH searches on attribute values
+    IndexItem(name="attr_value_indexed_text", label="AttributeValueIndexed", properties=["value"], type=IndexType.TEXT),
     # diff indices
     IndexItem(name="diff_uuid", label="DiffRoot", properties=["uuid"], type=IndexType.TEXT),
     IndexItem(name="diff_node_uuid", label="DiffNode", properties=["uuid"], type=IndexType.TEXT),

infrahub/core/ipam/resource_allocator.py

@@ -0,0 +1,229 @@
+from __future__ import annotations
+
+import ipaddress
+from typing import TYPE_CHECKING, Iterable
+
+from infrahub.core.query.ipam import (
+    IPAddressData,
+    IPPrefixData,
+    IPPrefixIPAddressFetch,
+    IPPrefixIPAddressFetchFree,
+    IPPrefixSubnetFetch,
+    IPPrefixSubnetFetchFree,
+    IPv6PrefixIPAddressFetchFree,
+    IPv6PrefixSubnetFetchFree,
+)
+
+if TYPE_CHECKING:
+    from infrahub.core.branch import Branch
+    from infrahub.core.ipam.constants import IPAddressType, IPNetworkType
+    from infrahub.core.node import Node
+    from infrahub.core.timestamp import Timestamp
+    from infrahub.database import InfrahubDatabase
+
+
+class IPAMResourceAllocator:
+    """Allocator for IPAM resources (prefixes and addresses) within pools.
+
+    This class provides optimized methods for finding the next available
+    IP prefix or address within a parent prefix. It uses database-side
+    Cypher computation for performance, which is especially important
+    for IPv6 allocations where the address space is very large.
+    """
+
+    def __init__(
+        self,
+        db: InfrahubDatabase,
+        namespace: Node | str | None = None,
+        branch: Branch | None = None,
+        branch_agnostic: bool = False,
+    ) -> None:
+        """Initialize the IPAM resource allocator.
+
+        Args:
+            db: Database connection to use for queries.
+            namespace: IP namespace node or its ID. If None, uses the default namespace.
+            branch: Branch to query. If None, uses the default branch.
+            branch_agnostic: If True, queries across all branches.
+        """
+        self.db = db
+        self.namespace = namespace
+        self.branch = branch
+        self.branch_agnostic = branch_agnostic
+
+    async def _get_next_ipv4_prefix(
+        self, ip_prefix: IPNetworkType, target_prefix_length: int, at: Timestamp | str | None = None
+    ) -> IPNetworkType | None:
+        """Get the next available free IPv4 prefix.
+
+        Uses integer arithmetic in Cypher for efficient gap detection in the
+        IPv4 address space.
+
+        Args:
+            ip_prefix: Parent prefix to allocate from.
+            target_prefix_length: Desired prefix length for the new prefix (0-32).
+            at: Optional timestamp for point-in-time queries.
+
+        Returns:
+            The next available IPv4 prefix, or None if no space is available
+            or if the target_prefix_length is invalid.
+        """
+        if target_prefix_length < 0 or target_prefix_length > 32:
+            return None
+        if target_prefix_length < ip_prefix.prefixlen:
+            return None
+
+        query = await IPPrefixSubnetFetchFree.init(
+            db=self.db,
+            branch=self.branch,
+            obj=ip_prefix,
+            target_prefixlen=target_prefix_length,
+            namespace=self.namespace,
+            at=at,
+            branch_agnostic=self.branch_agnostic,
+        )
+        await query.execute(db=self.db)
+
+        result_data = query.get_prefix_data()
+        if not result_data:
+            return None
+
+        network_address = ipaddress.IPv4Address(result_data.free_start)
+        return ipaddress.ip_network(f"{network_address}/{target_prefix_length}")
+
+    async def _get_next_ipv6_prefix(
+        self, ip_prefix: IPNetworkType, target_prefix_length: int, at: Timestamp | str | None = None
+    ) -> IPNetworkType | None:
+        """Get the next available free IPv6 prefix.
+
+        Uses binary string operations in Cypher to handle IPv6's 128-bit address
+        space, as integer values would overflow Neo4j's 64-bit integer type.
+
+        Args:
+            ip_prefix: Parent prefix to allocate from.
+            target_prefix_length: Desired prefix length for the new prefix (0-128).
+            at: Optional timestamp for point-in-time queries.
+
+        Returns:
+            The next available IPv6 prefix, or None if no space is available
+            or if the target_prefix_length is invalid.
+        """
+        if target_prefix_length < 0 or target_prefix_length > 128:
+            return None
+        if target_prefix_length < ip_prefix.prefixlen:
+            return None
+
+        query = await IPv6PrefixSubnetFetchFree.init(
+            db=self.db,
+            branch=self.branch,
+            obj=ip_prefix,
+            target_prefixlen=target_prefix_length,
+            namespace=self.namespace,
+            at=at,
+            branch_agnostic=self.branch_agnostic,
+        )
+        await query.execute(db=self.db)
+
+        result_data = query.get_prefix_data()
+        if not result_data:
+            return None
+
+        # Convert binary string to IPv6 address
+        addr_int = int(result_data.free_start_bin, 2)
+        network_address = ipaddress.IPv6Address(addr_int)
+        return ipaddress.ip_network(f"{network_address}/{target_prefix_length}")
+
+    async def get_next_prefix(
+        self, ip_prefix: IPNetworkType, target_prefix_length: int, at: Timestamp | str | None = None
+    ) -> IPNetworkType | None:
+        """Get the next available free prefix of specified length within a parent prefix.
+
+        Automatically selects the appropriate method based on IP version (IPv4 vs IPv6).
+
+        Args:
+            ip_prefix: Parent prefix to allocate from.
+            target_prefix_length: Desired prefix length for the new prefix.
+            at: Optional timestamp for point-in-time queries.
+
+        Returns:
+            The next available prefix, or None if no space is available.
+        """
+        if ip_prefix.version == 4:
+            return await self._get_next_ipv4_prefix(
+                ip_prefix=ip_prefix, target_prefix_length=target_prefix_length, at=at
+            )
+        return await self._get_next_ipv6_prefix(ip_prefix=ip_prefix, target_prefix_length=target_prefix_length, at=at)
+
+    async def get_next_address(
+        self, ip_prefix: IPNetworkType, at: Timestamp | str | None = None, is_pool: bool = False
+    ) -> IPAddressType | None:
+        """Get the next available free IP address within a prefix.
+
+        Automatically selects the appropriate query based on IP version (IPv4 vs IPv6).
+
+        Args:
+            ip_prefix: Prefix to allocate an address from.
+            at: Optional timestamp for point-in-time queries.
+            is_pool: If True, includes network and broadcast addresses as allocatable.
+                If False (default), reserves the first and last addresses.
+
+        Returns:
+            The next available IP address, or None if no addresses are available.
+        """
+        # Use IPv6-specific query for IPv6 to avoid 64-bit integer overflow
+        query_class = IPv6PrefixIPAddressFetchFree if ip_prefix.version == 6 else IPPrefixIPAddressFetchFree
+        query = await query_class.init(
+            db=self.db,
+            branch=self.branch,
+            obj=ip_prefix,
+            namespace=self.namespace,
+            at=at,
+            branch_agnostic=self.branch_agnostic,
+            is_pool=is_pool,
+        )
+        await query.execute(db=self.db)
+        return query.get_address()
+
+    async def get_subnets(self, ip_prefix: IPNetworkType, at: Timestamp | str | None = None) -> Iterable[IPPrefixData]:
+        """Get all subnets within a parent prefix.
+
+        Args:
+            ip_prefix: Parent prefix to query.
+            at: Optional timestamp for point-in-time queries.
+
+        Returns:
+            Iterable of IPPrefixData objects representing child subnets.
+        """
+        query = await IPPrefixSubnetFetch.init(
+            db=self.db,
+            branch=self.branch,
+            obj=ip_prefix,
+            namespace=self.namespace,
+            at=at,
+            branch_agnostic=self.branch_agnostic,
+        )
+        await query.execute(db=self.db)
+        return query.get_subnets()
+
+    async def get_ip_addresses(
+        self, ip_prefix: IPNetworkType, at: Timestamp | str | None = None
+    ) -> Iterable[IPAddressData]:
+        """Get all IP addresses within a prefix.
+
+        Args:
+            ip_prefix: Prefix to query.
+            at: Optional timestamp for point-in-time queries.
+
+        Returns:
+            Iterable of IPAddressData objects representing addresses in the prefix.
+        """
+        query = await IPPrefixIPAddressFetch.init(
+            db=self.db,
+            branch=self.branch,
+            obj=ip_prefix,
+            namespace=self.namespace,
+            at=at,
+            branch_agnostic=self.branch_agnostic,
+        )
+        await query.execute(db=self.db)
+        return query.get_addresses()

infrahub/core/migrations/graph/__init__.py

@@ -53,6 +53,10 @@ from .m048_undelete_rel_props import Migration048
 from .m049_remove_is_visible_relationship import Migration049
 from .m050_backfill_vertex_metadata import Migration050
 from .m051_subtract_branched_from_microsecond import Migration051
+from .m052_fix_global_branch_level import Migration052
+from .m053_fix_branch_level_zero import Migration053
+from .m054_cleanup_orphaned_nodes import Migration054
+from .m055_remove_webhook_validate_certificates_default import Migration055
 
 if TYPE_CHECKING:
     from ..shared import MigrationTypes
@@ -110,6 +114,10 @@ MIGRATIONS: list[type[MigrationTypes]] = [
     Migration049,
     Migration050,
     Migration051,
+    Migration052,
+    Migration053,
+    Migration054,
+    Migration055,
 ]
 
 

infrahub/core/migrations/graph/m052_fix_global_branch_level.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any, Sequence
+
+from infrahub.core.constants import GLOBAL_BRANCH_NAME
+from infrahub.core.migrations.shared import GraphMigration, MigrationInput, MigrationResult
+from infrahub.core.query import Query, QueryType
+
+if TYPE_CHECKING:
+    from infrahub.database import InfrahubDatabase
+
+
+class FixGlobalBranchLevelQuery(Query):
+    """Update edges on the global branch to have branch_level = 1."""
+
+    name = "fix_global_branch_level"
+    type: QueryType = QueryType.WRITE
+    insert_return = False
+    raise_error_if_empty = False
+
+    async def query_init(self, db: InfrahubDatabase, **kwargs: dict[str, Any]) -> None:  # noqa: ARG002
+        self.params["global_branch_name"] = GLOBAL_BRANCH_NAME
+
+        query = """
+        MATCH ()-[e {branch: $global_branch_name}]->()
+        WHERE e.branch_level <> 1
+        CALL (e) {
+            SET e.branch_level = 1
+        } IN TRANSACTIONS
+        """
+        self.add_to_query(query)
+
+
+class Migration052(GraphMigration):
+    """
+    Fix edges on the global branch that have incorrect branch_level.
+
+    Edges on the global branch ("-global-") should always have branch_level = 1.
+    This migration corrects any edges that were incorrectly created with a different
+    branch_level value (e.g., branch_level = 2 when created from a user branch).
+    """
+
+    name: str = "052_fix_global_branch_level"
+    minimum_version: int = 51
+    queries: Sequence[type[Query]] = [FixGlobalBranchLevelQuery]
+
+    async def validate_migration(self, db: InfrahubDatabase) -> MigrationResult:  # noqa: ARG002
+        return MigrationResult()
+
+    async def execute(self, migration_input: MigrationInput) -> MigrationResult:
+        return await self.do_execute(migration_input=migration_input)

infrahub/core/migrations/graph/m053_fix_branch_level_zero.py

@@ -0,0 +1,61 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, Any, Sequence
+
+from infrahub.core.constants import GLOBAL_BRANCH_NAME
+from infrahub.core.migrations.shared import GraphMigration, MigrationInput, MigrationResult
+from infrahub.core.query import Query, QueryType
+
+if TYPE_CHECKING:
+    from infrahub.database import InfrahubDatabase
+
+
+class FixBranchLevelZeroQuery(Query):
+    """Update edges with branch_level=0 to the correct branch_level.
+
+    Edges on the global branch or default branch should have branch_level=1.
+    Edges on other branches should have branch_level=2.
+    """
+
+    name = "fix_branch_level_zero"
+    type: QueryType = QueryType.WRITE
+    insert_return = False
+    raise_error_if_empty = False
+
+    async def query_init(self, db: InfrahubDatabase, **kwargs: dict[str, Any]) -> None:  # noqa: ARG002
+        self.params["global_branch_name"] = GLOBAL_BRANCH_NAME
+
+        query = """
+        MATCH (branch_node:Branch {is_default: true})
+        WITH branch_node.name AS default_branch_name
+        MATCH ()-[e]->()
+        WHERE e.branch_level = 0
+        CALL (e, default_branch_name) {
+            SET e.branch_level = CASE
+                WHEN e.branch = $global_branch_name OR e.branch = default_branch_name THEN 1
+                ELSE 2
+            END
+        } IN TRANSACTIONS
+        """
+        self.add_to_query(query)
+
+
+class Migration053(GraphMigration):
+    """
+    Fix edges with branch_level=0 to have the correct branch_level.
+
+    Edges with branch_level=0 indicate a bug where the branch level was not
+    properly set during creation. This migration fixes them:
+    - Edges on the global branch ("-global-") or default branch: branch_level=1
+    - Edges on other branches: branch_level=2
+    """
+
+    name: str = "053_fix_branch_level_zero"
+    minimum_version: int = 52
+    queries: Sequence[type[Query]] = [FixBranchLevelZeroQuery]
+
+    async def validate_migration(self, db: InfrahubDatabase) -> MigrationResult:  # noqa: ARG002
+        return MigrationResult()
+
+    async def execute(self, migration_input: MigrationInput) -> MigrationResult:
+        return await self.do_execute(migration_input=migration_input)