infrahub-server 1.7.1__py3-none-any.whl → 1.7.2__py3-none-any.whl

infrahub/graphql/queries/ipam.py

@@ -7,11 +7,10 @@ from graphene import Field, Int, ObjectType, String
 from netaddr import IPSet
 
 from infrahub.core.constants import InfrahubKind
+from infrahub.core.ipam.resource_allocator import IPAMResourceAllocator
 from infrahub.core.manager import NodeManager
 from infrahub.core.protocols import BuiltinIPPrefix
-from infrahub.core.query.ipam import get_ip_addresses, get_subnets
 from infrahub.exceptions import NodeNotFoundError, ValidationError
-from infrahub.pools.address import get_available
 from infrahub.pools.prefix import get_next_available_prefix
 
 if TYPE_CHECKING:
@@ -48,24 +47,15 @@ class IPAddressGetNextAvailable(ObjectType):
             raise ValidationError(input_value="Invalid prefix length for current selected prefix")
 
         namespace = await prefix.ip_namespace.get_peer(db=graphql_context.db)  # type: ignore[attr-defined]
-        addresses = await get_ip_addresses(
-            db=graphql_context.db,
+        allocator = IPAMResourceAllocator(db=graphql_context.db, namespace=namespace, branch=graphql_context.branch)
+        next_address = await allocator.get_next_address(
             ip_prefix=ip_prefix,
-            namespace=namespace,
-            branch=graphql_context.branch,
-        )
-
-        available = get_available(
-            network=ip_prefix,
-            addresses=[ip.address for ip in addresses],
             is_pool=prefix.is_pool.value,  # type: ignore[attr-defined]
         )
 
-        if not available:
+        if not next_address:
             raise IndexError("No addresses available in prefix")
 
-        next_address = available.iter_cidrs()[0]
-
         return {"address": f"{next_address.ip}/{prefix_length}"}
 
 
@@ -90,22 +80,27 @@ class IPPrefixGetNextAvailable(ObjectType):
                 branch_name=graphql_context.branch.name, node_type=InfrahubKind.IPPREFIX, identifier=prefix_id
             )
 
+        ip_prefix = prefix.prefix.obj
         namespace = await prefix.ip_namespace.get_peer(db=graphql_context.db)
-        subnets = await get_subnets(
-            db=graphql_context.db,
-            ip_prefix=ipaddress.ip_network(prefix.prefix.value),
-            namespace=namespace,
-            branch=graphql_context.branch,
-        )
+        allocator = IPAMResourceAllocator(db=graphql_context.db, namespace=namespace, branch=graphql_context.branch)
 
-        pool = IPSet([prefix.prefix.value])
+        # Build available pool by removing existing subnets from parent prefix
+        subnets = await allocator.get_subnets(ip_prefix=ip_prefix)
+        available_pool = IPSet([str(ip_prefix)])
         for subnet in subnets:
-            pool.remove(addr=str(subnet.prefix))
+            available_pool.remove(str(subnet.prefix))
 
-        prefix_ver = ipaddress.ip_network(prefix.prefix.value).version
-        next_available = get_next_available_prefix(pool=pool, prefix_length=prefix_length, prefix_ver=prefix_ver)
+        if prefix_length is not None and not ip_prefix.prefixlen < prefix_length <= ip_prefix.max_prefixlen:
+            raise ValidationError(input_value="Invalid prefix length for current selected prefix")
+
+        try:
+            next_prefix = get_next_available_prefix(
+                pool=available_pool, prefix_length=prefix_length, prefix_ver=ip_prefix.version
+            )
+        except ValueError as exc:
+            raise IndexError("No prefixes available in prefix") from exc
 
-        return {"prefix": str(next_available)}
+        return {"prefix": str(next_prefix)}
 
 
 InfrahubIPAddressGetNextAvailable = Field(

infrahub/graphql/queries/search.py

@@ -9,12 +9,12 @@ from infrahub_sdk.utils import is_valid_uuid
 
 from infrahub.core.constants import InfrahubKind
 from infrahub.core.manager import NodeManager
+from infrahub.core.query.node import NodeGetListByAttributeValueQuery
 from infrahub.graphql.field_extractor import extract_graphql_fields
 
 if TYPE_CHECKING:
     from graphql import GraphQLResolveInfo
 
-    from infrahub.core.node import Node as InfrahubNode
     from infrahub.graphql.initialization import GraphqlContext
 
 
@@ -104,10 +104,11 @@ async def search_resolver(
     q: str,
     limit: int = 10,
     partial_match: bool = True,
+    case_sensitive: bool = False,
 ) -> dict[str, Any]:
     graphql_context: GraphqlContext = info.context
     response: dict[str, Any] = {}
-    results: list[InfrahubNode] = []
+    results: list[dict[str, str]] = []
 
     fields = extract_graphql_fields(info=info)
 
@@ -116,25 +117,43 @@ async def search_resolver(
             db=graphql_context.db, branch=graphql_context.branch, at=graphql_context.at, id=q
         )
         if matching:
-            results.append(matching)
+            results.append({"id": matching.id, "kind": matching.get_kind()})
     else:
         with contextlib.suppress(ValueError, ipaddress.AddressValueError):
             # Convert any IPv6 address, network or partial address to collapsed format as it might be stored in db.
             q = _collapse_ipv6(q)
 
-        for kind in [InfrahubKind.NODE, InfrahubKind.GENERICGROUP]:
-            objs = await NodeManager.query(
+        if case_sensitive:
+            # Case-sensitive search using the dedicated query
+            query = await NodeGetListByAttributeValueQuery.init(
                 db=graphql_context.db,
                 branch=graphql_context.branch,
-                schema=kind,
-                filters={"any__value": q},
+                at=graphql_context.at,
+                search_value=q,
+                kinds=[InfrahubKind.NODE, InfrahubKind.GENERICGROUP],
                 limit=limit,
                 partial_match=partial_match,
             )
-            results.extend(objs)
+            await query.execute(db=graphql_context.db)
+
+            for result in query.get_data():
+                results.append({"id": result.uuid, "kind": result.kind})
+        else:
+            # Default: case-insensitive search using NodeManager.query
+            for kind in [InfrahubKind.NODE, InfrahubKind.GENERICGROUP]:
+                objs = await NodeManager.query(
+                    db=graphql_context.db,
+                    branch=graphql_context.branch,
+                    schema=kind,
+                    filters={"any__value": q},
+                    limit=limit,
+                    partial_match=partial_match,
+                )
+                for obj in objs:
+                    results.append({"id": obj.id, "kind": obj.get_kind()})
 
     if "edges" in fields:
-        response["edges"] = [{"node": {"id": obj.id, "kind": obj.get_kind()}} for obj in results]
+        response["edges"] = [{"node": result} for result in results]
 
     if "count" in fields:
         response["count"] = len(results)
@@ -147,6 +166,7 @@ InfrahubSearchAnywhere = Field(
     q=String(required=True),
     limit=Int(required=False),
     partial_match=Boolean(required=False),
+    case_sensitive=Boolean(required=False),
     resolver=search_resolver,
     required=True,
 )

infrahub/proposed_change/tasks.py

@@ -61,6 +61,7 @@ from infrahub.git.models import TriggerRepositoryInternalChecks, TriggerReposito
 from infrahub.git.repository import InfrahubRepository, get_initialized_repo
 from infrahub.git.utils import fetch_artifact_definition_targets, fetch_proposed_change_generator_definition_targets
 from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
+from infrahub.graphql.execution import cached_parse
 from infrahub.graphql.initialization import prepare_graphql_params
 from infrahub.log import get_logger
 from infrahub.message_bus.types import (
@@ -685,6 +686,7 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
         branch=source_branch,
         schema_branch=source_schema_branch,
         schema=graphql_params.schema,
+        document=cached_parse(model.artifact_definition.query_payload),
     )
 
     only_has_unique_targets = query_analyzer.query_report.only_has_unique_targets

infrahub/services/adapters/http/httpx.py

@@ -36,11 +36,38 @@ class HttpxAdapter(InfrahubHTTP):
 
     @cached_property
     def tls_context(self) -> ssl.SSLContext:
+        """TLS context based on global HTTPSettings.
+
+        May be an unverified context if tls_insecure=True in settings.
+        """
         return self.settings.get_tls_context()
 
+    @cached_property
+    def tls_context_verified(self) -> ssl.SSLContext:
+        """TLS context that always performs certificate validation.
+
+        Uses tls_ca_bundle from settings if configured, but ignores tls_insecure.
+        This allows callers to explicitly request certificate validation even when
+        the global setting disables it.
+        """
+        return self.settings.get_tls_context(force_verify=True)
+
     def verify_tls(self, verify: bool | None = None) -> bool | ssl.SSLContext:
+        """Determine the TLS verification behavior for a request.
+
+        Args:
+            verify: Override for TLS verification behavior.
+                - None: Use global settings (may skip verification if tls_insecure=True)
+                - False: Explicitly disable certificate validation
+                - True: Force certificate validation, ignoring global tls_insecure setting
+
+        Returns:
+            False to disable verification, or an SSLContext for verification.
+        """
         if verify is False:
             return False
+        if verify is True:
+            return self.tls_context_verified
 
         return self.tls_context
 

infrahub/trigger/catalogue.py

@@ -9,6 +9,7 @@ from infrahub.hfid.triggers import TRIGGER_HFID_ALL_SCHEMA
 from infrahub.profiles.triggers import TRIGGER_PROFILE_REFRESH_SETUP
 from infrahub.schema.triggers import TRIGGER_SCHEMA_UPDATED
 from infrahub.trigger.models import TriggerDefinition
+from infrahub.trigger.system import TRIGGER_CRASH_ZOMBIE_FLOWS
 from infrahub.webhook.triggers import TRIGGER_WEBHOOK_DELETE, TRIGGER_WEBHOOK_SETUP_UPDATE
 
 builtin_triggers: list[TriggerDefinition] = [
@@ -16,6 +17,7 @@ builtin_triggers: list[TriggerDefinition] = [
     TRIGGER_BRANCH_MERGED,
     TRIGGER_COMPUTED_ATTRIBUTE_ALL_SCHEMA,
     TRIGGER_COMPUTED_ATTRIBUTE_PYTHON_SETUP_COMMIT,
+    TRIGGER_CRASH_ZOMBIE_FLOWS,
     TRIGGER_DISPLAY_LABELS_ALL_SCHEMA,
     TRIGGER_HFID_ALL_SCHEMA,
     TRIGGER_PROFILE_REFRESH_SETUP,

infrahub/trigger/models.py

@@ -4,7 +4,8 @@ from datetime import timedelta
 from enum import StrEnum
 from typing import TYPE_CHECKING, Any, TypeVar
 
-from prefect.events.actions import RunDeployment
+from prefect.client.schemas.objects import StateType  # noqa: TC002
+from prefect.events.actions import ChangeFlowRunState, RunDeployment
 from prefect.events.schemas.automations import Automation, Posture
 from prefect.events.schemas.automations import EventTrigger as PrefectEventTrigger
 from prefect.events.schemas.events import ResourceSpecification
@@ -146,6 +147,55 @@ class EventTrigger(BaseModel):
         return [ResourceSpecification(related_match) for related_match in self.match_related]
 
 
+class ProactiveEventTrigger(EventTrigger):
+    """A proactive event trigger that fires when expected events do NOT occur within a time window.
+
+    Unlike EventTrigger which uses Reactive posture (fires when events occur),
+    ProactiveEventTrigger uses Proactive posture to detect missing events.
+    """
+
+    after: set[str] = Field(default_factory=set)
+    for_each: set[str] = Field(default_factory=set)
+    threshold: int = 1
+    within: timedelta = Field(default_factory=lambda: timedelta(seconds=90))
+
+    def get_prefect(self) -> PrefectEventTrigger:
+        return PrefectEventTrigger(
+            posture=Posture.Proactive,
+            after=self.after,
+            expect=self.events,
+            match=ResourceSpecification(self.match),
+            for_each=self.for_each,
+            threshold=self.threshold,
+            within=self.within,
+        )
+
+
+class ChangeFlowRunStateAction(BaseModel):
+    """Action to change the state of a flow run.
+
+    Used for system automations that need to modify flow run states,
+    such as crashing zombie flows that have stopped sending heartbeats.
+    """
+
+    state: StateType
+    message: str = ""
+
+    def get_prefect(self, _mapping: dict[str, UUID] | None = None) -> ChangeFlowRunState:
+        """Get the Prefect ChangeFlowRunState action.
+
+        Args:
+            _mapping: Not used for this action type, but included for interface compatibility.
+
+        Returns:
+            A Prefect ChangeFlowRunState action.
+        """
+        return ChangeFlowRunState(  # type: ignore[call-arg]
+            state=self.state,
+            message=self.message,
+        )
+
+
 class ExecuteWorkflow(BaseModel):
     workflow: WorkflowDefinition
     parameters: dict[str, Any] = Field(default_factory=dict)
@@ -186,17 +236,21 @@ class ExecuteWorkflow(BaseModel):
             raise ValueError(f"Workflow {self.workflow.name} doesn't support parameters: {wrong_params}")
 
 
+# Type alias for all trigger action types
+TriggerActionType = ExecuteWorkflow | ChangeFlowRunStateAction
+
+
 class TriggerDefinition(BaseModel):
     name: str
     type: TriggerType
     previous_names: set = Field(default_factory=set)
     description: str = ""
     trigger: EventTrigger
-    actions: list[ExecuteWorkflow]
+    actions: list[TriggerActionType]
 
     def get_deployment_names(self) -> list[str]:
         """Return the name of all deployments used by this trigger"""
-        return [action.name for action in self.actions]
+        return [action.name for action in self.actions if isinstance(action, ExecuteWorkflow)]
 
     def get_description(self) -> str:
         return f"Automation for Trigger {self.name} of type {self.type.value} (v{__version__})"
@@ -206,7 +260,8 @@ class TriggerDefinition(BaseModel):
 
     def validate_actions(self) -> None:
         for action in self.actions:
-            action.validate_parameters()
+            if isinstance(action, ExecuteWorkflow):
+                action.validate_parameters()
 
 
 class TriggerBranchDefinition(TriggerDefinition):
@@ -218,3 +273,17 @@ class TriggerBranchDefinition(TriggerDefinition):
 
 class BuiltinTriggerDefinition(TriggerDefinition):
     type: TriggerType = TriggerType.BUILTIN
+
+
+class SystemTriggerDefinition(BuiltinTriggerDefinition):
+    """A trigger definition for system-level Prefect automations.
+
+    Unlike other TriggerDefinitions which execute Infrahub workflows, SystemTriggerDefinition
+    is designed for Prefect system automations that don't require workflow deployments,
+    such as crashing zombie flows.
+
+    Uses ChangeFlowRunStateAction for actions (not ExecuteWorkflow).
+    """
+
+    def get_description(self) -> str:
+        return f"System Automation for {self.name} (v{__version__})"

infrahub/trigger/setup.py

@@ -119,7 +119,7 @@ async def setup_triggers(
             description=trigger.get_description(),
             enabled=True,
             trigger=trigger.trigger.get_prefect(),
-            actions=[action.get_prefect(mapping=deployments_mapping) for action in trigger.actions],
+            actions=[action.get_prefect(deployments_mapping) for action in trigger.actions],
         )
 
         existing_automation = existing_automations.get(trigger.generate_name())

infrahub/trigger/system.py

@@ -0,0 +1,36 @@
+"""System-level Prefect automations.
+
+This module contains system automations that manage Prefect infrastructure,
+such as detecting and crashing zombie flow runs.
+"""
+
+from datetime import timedelta
+
+from prefect.client.schemas.objects import StateType
+
+from infrahub.trigger.models import ChangeFlowRunStateAction, ProactiveEventTrigger, SystemTriggerDefinition
+
+TRIGGER_CRASH_ZOMBIE_FLOWS = SystemTriggerDefinition(
+    name="crash-zombie-flows",
+    description="Crashes flow runs that have stopped sending heartbeats",
+    trigger=ProactiveEventTrigger(
+        after={"prefect.flow-run.heartbeat"},
+        events={
+            "prefect.flow-run.heartbeat",
+            "prefect.flow-run.Completed",
+            "prefect.flow-run.Failed",
+            "prefect.flow-run.Cancelled",
+            "prefect.flow-run.Crashed",
+        },
+        match={"prefect.resource.id": ["prefect.flow-run.*"]},
+        for_each={"prefect.resource.id"},
+        threshold=1,
+        within=timedelta(seconds=90),
+    ),
+    actions=[
+        ChangeFlowRunStateAction(
+            state=StateType.CRASHED,
+            message="Flow run marked as crashed due to missing heartbeats.",
+        )
+    ],
+)

infrahub/webhook/models.py

@@ -118,7 +118,7 @@ class Webhook(BaseModel):
     name: str = Field(...)
     url: str = Field(...)
     event_type: str = Field(...)
-    validate_certificates: bool = Field(...)
+    validate_certificates: bool | None = Field(...)
     _payload: Any = None
     _headers: dict[str, Any] | None = None
     shared_key: str | None = Field(default=None, description="Shared key for signing the webhook requests")
@@ -162,7 +162,9 @@ class Webhook(BaseModel):
         self, data: dict[str, Any], context: EventContext, http_service: InfrahubHTTP, client: InfrahubClient
     ) -> Response:
         await self.prepare(data=data, context=context, client=client)
-        return await http_service.post(url=self.url, json=self.get_payload(), headers=self._headers)
+        return await http_service.post(
+            url=self.url, json=self.get_payload(), headers=self._headers, verify=self.validate_certificates
+        )
 
     def get_payload(self) -> dict[str, Any]:
         return self._payload

infrahub/webhook/tasks.py

@@ -12,7 +12,7 @@ from prefect.client.orchestration import get_client as get_prefect_client
 from prefect.logging import get_run_logger
 
 from infrahub.message_bus.types import KVTTL
-from infrahub.trigger.models import TriggerType
+from infrahub.trigger.models import ExecuteWorkflow, TriggerType
 from infrahub.trigger.setup import gather_all_automations, setup_triggers_specific
 from infrahub.workers.dependencies import get_cache, get_client, get_database, get_http
 from infrahub.workflows.utils import add_tags
@@ -159,7 +159,7 @@ async def configure_webhook_one(
             description=trigger.get_description(),
             enabled=True,
             trigger=trigger.trigger.get_prefect(),
-            actions=[action.get(deployment.id) for action in trigger.actions],
+            actions=[action.get(deployment.id) for action in trigger.actions if isinstance(action, ExecuteWorkflow)],
         )
 
         if existing_automation:

infrahub/workflows/initialization.py

@@ -50,7 +50,7 @@ async def setup_blocks() -> None:
     log = get_run_logger()
 
     try:
-        await RedisStorageContainer.register_type_and_schema()
+        await RedisStorageContainer.aregister_type_and_schema()
     except ObjectAlreadyExists:
         log.warning(f"Redis Storage {TASK_RESULT_STORAGE_NAME} already registered ")
 
@@ -62,7 +62,7 @@ async def setup_blocks() -> None:
         password=config.SETTINGS.cache.password or None,
     )
     try:
-        await redis_block.save(name=TASK_RESULT_STORAGE_NAME, overwrite=True)
+        await redis_block.asave(name=TASK_RESULT_STORAGE_NAME, overwrite=True)
     except ObjectAlreadyExists:
         log.warning(f"Redis Storage {TASK_RESULT_STORAGE_NAME} already present ")
 

{infrahub_server-1.7.1.dist-info → infrahub_server-1.7.2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: infrahub-server
-Version: 1.7.1
+Version: 1.7.2
 Summary: Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run.
 Project-URL: Homepage, https://opsmill.com
 Project-URL: Repository, https://github.com/opsmill/infrahub
@@ -44,13 +44,13 @@ Requires-Dist: opentelemetry-exporter-otlp-proto-http==1.39.0
 Requires-Dist: opentelemetry-instrumentation-aio-pika==0.60b0
 Requires-Dist: opentelemetry-instrumentation-fastapi==0.60b0
 Requires-Dist: prefect-redis==0.2.8
-Requires-Dist: prefect==3.6.7
+Requires-Dist: prefect==3.6.13
 Requires-Dist: pyarrow>=14
 Requires-Dist: pydantic-settings<2.9,>=2.8
 Requires-Dist: pydantic<2.13,>=2.12
 Requires-Dist: pyjwt<2.9,>=2.8
 Requires-Dist: pytest<9.1,>=9.0
-Requires-Dist: python-multipart==0.0.18
+Requires-Dist: python-multipart==0.0.22
 Requires-Dist: pyyaml<7,>=6
 Requires-Dist: redis[hiredis]==6.0.0
 Requires-Dist: rich<14,>=13