orchestrator-core 4.0.4__py3-none-any.whl → 4.1.0rc1__py3-none-any.whl

orchestrator/__init__.py

@@ -13,7 +13,7 @@
 
 """This is the orchestrator workflow engine."""
 
-__version__ = "4.0.4"
+__version__ = "4.1.0rc1"
 
 from orchestrator.app import OrchestratorCore
 from orchestrator.settings import app_settings

orchestrator/api/api_v1/endpoints/settings.py

@@ -22,11 +22,17 @@ from sqlalchemy.exc import SQLAlchemyError
 from oauth2_lib.fastapi import OIDCUserModel
 from orchestrator.api.error_handling import raise_status
 from orchestrator.db import EngineSettingsTable
-from orchestrator.schemas import EngineSettingsBaseSchema, EngineSettingsSchema, WorkerStatus
+from orchestrator.schemas import (
+    EngineSettingsBaseSchema,
+    EngineSettingsSchema,
+    WorkerStatus,
+)
 from orchestrator.security import authenticate
 from orchestrator.services import processes, settings
 from orchestrator.services.settings import generate_engine_global_status
+from orchestrator.services.settings_env_variables import get_all_exposed_settings
 from orchestrator.settings import ExecutorType, app_settings
+from orchestrator.utils.expose_settings import SettingsExposedSchema
 from orchestrator.utils.json import json_dumps
 from orchestrator.utils.redis import delete_keys_matching_pattern
 from orchestrator.utils.redis_client import create_redis_asyncio_client
@@ -169,3 +175,8 @@ def generate_engine_status_response(
     result = EngineSettingsSchema.model_validate(engine_settings)
     result.global_status = generate_engine_global_status(engine_settings)
     return result
+
+
+@router.get("/overview", response_model=list[SettingsExposedSchema])
+def get_exposed_settings() -> list[SettingsExposedSchema]:
+    return get_all_exposed_settings()

orchestrator/services/settings_env_variables.py

@@ -0,0 +1,68 @@
+# Copyright 2019-2025 SURF.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from typing import Any, Dict, Type
+
+from pydantic import SecretStr as PydanticSecretStr
+from pydantic_core import MultiHostUrl
+from pydantic_settings import BaseSettings
+
+from orchestrator.utils.expose_settings import SecretStr as OrchSecretStr
+from orchestrator.utils.expose_settings import SettingsEnvVariablesSchema, SettingsExposedSchema
+
+EXPOSED_ENV_SETTINGS_REGISTRY: Dict[str, Type[BaseSettings]] = {}
+MASK = "**********"
+
+
+def expose_settings(settings_name: str, base_settings: Type[BaseSettings]) -> Type[BaseSettings]:
+    """Decorator to register settings classes."""
+    EXPOSED_ENV_SETTINGS_REGISTRY[settings_name] = base_settings
+    return base_settings
+
+
+def mask_value(key: str, value: Any) -> Any:
+    key_lower = key.lower()
+
+    if "secret" in key_lower or "password" in key_lower:
+        # Mask sensitive information
+        return MASK
+
+    if isinstance(value, PydanticSecretStr):
+        # Need to convert SecretStr to str for serialization
+        return str(value)
+
+    if isinstance(value, OrchSecretStr):
+        return MASK
+
+    # PostgresDsn is just MultiHostUrl with extra metadata (annotations)
+    if isinstance(value, MultiHostUrl):
+        # Convert PostgresDsn to str for serialization
+        return MASK
+
+    return value
+
+
+def get_all_exposed_settings() -> list[SettingsExposedSchema]:
+    """Return all registered settings as dicts."""
+
+    def _get_settings_env_variables(base_settings: Type[BaseSettings]) -> list[SettingsEnvVariablesSchema]:
+        """Get environment variables from settings."""
+        return [
+            SettingsEnvVariablesSchema(env_name=key, env_value=mask_value(key, value))
+            for key, value in base_settings.model_dump().items()  # type: ignore
+        ]
+
+    return [
+        SettingsExposedSchema(name=name, variables=_get_settings_env_variables(base_settings))
+        for name, base_settings in EXPOSED_ENV_SETTINGS_REGISTRY.items()
+    ]

orchestrator/settings.py

@@ -20,6 +20,8 @@ from pydantic import Field, NonNegativeInt, PostgresDsn, RedisDsn
 from pydantic_settings import BaseSettings
 
 from oauth2_lib.settings import oauth2lib_settings
+from orchestrator.services.settings_env_variables import expose_settings
+from orchestrator.utils.expose_settings import SecretStr as OrchSecretStr
 from pydantic_forms.types import strEnum
 
 
@@ -30,7 +32,7 @@ class ExecutorType(strEnum):
 
 class AppSettings(BaseSettings):
     TESTING: bool = True
-    SESSION_SECRET: str = "".join(secrets.choice(string.ascii_letters) for i in range(16))  # noqa: S311
+    SESSION_SECRET: OrchSecretStr = "".join(secrets.choice(string.ascii_letters) for i in range(16))  # type: ignore
     CORS_ORIGINS: str = "*"
     CORS_ALLOW_METHODS: list[str] = ["GET", "PUT", "PATCH", "POST", "DELETE", "OPTIONS", "HEAD"]
     CORS_ALLOW_HEADERS: list[str] = ["If-None-Match", "Authorization", "If-Match", "Content-Type"]
@@ -55,7 +57,7 @@ class AppSettings(BaseSettings):
     MAIL_PORT: int = 25
     MAIL_STARTTLS: bool = False
     CACHE_URI: RedisDsn = "redis://localhost:6379/0"  # type: ignore
-    CACHE_HMAC_SECRET: str | None = None  # HMAC signing key, used when pickling results in the cache
+    CACHE_HMAC_SECRET: OrchSecretStr | None = None  # HMAC signing key, used when pickling results in the cache
     REDIS_RETRY_COUNT: NonNegativeInt = Field(
         2, description="Number of retries for redis connection errors/timeouts, 0 to disable"
     )  # More info: https://redis-py.readthedocs.io/en/stable/retry.html
@@ -87,6 +89,8 @@ class AppSettings(BaseSettings):
     ENABLE_PROMETHEUS_METRICS_ENDPOINT: bool = False
     VALIDATE_OUT_OF_SYNC_SUBSCRIPTIONS: bool = False
     FILTER_BY_MODE: Literal["partial", "exact"] = "exact"
+    EXPOSE_SETTINGS: bool = False
+    EXPOSE_OAUTH_SETTINGS: bool = False
 
 
 app_settings = AppSettings()
@@ -94,3 +98,8 @@ app_settings = AppSettings()
 # Set oauth2lib_settings variables to the same (default) value of settings
 oauth2lib_settings.SERVICE_NAME = app_settings.SERVICE_NAME
 oauth2lib_settings.ENVIRONMENT = app_settings.ENVIRONMENT
+
+if app_settings.EXPOSE_SETTINGS:
+    expose_settings("app_settings", app_settings)  # type: ignore
+if app_settings.EXPOSE_OAUTH_SETTINGS:
+    expose_settings("oauth2lib_settings", oauth2lib_settings)  # type: ignore

orchestrator/utils/expose_settings.py

@@ -0,0 +1,45 @@
+# Copyright 2019-2025 SURF.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Utility module for exposing settings in a structured format.
+
+Unfortunately, this module needs to be imported from the utils and cannot be added to the schemas folder.
+This is due to circular import issues with the combination of schemas/settings.
+"""
+
+from typing import Any
+
+from pydantic import BaseModel
+from pydantic_core import core_schema
+
+
+class SecretStr(str):
+    """A string that is treated as a secret, for example, passwords or API keys.
+
+    This class is used to indicate that the string should not be logged or displayed in plaintext.
+    """
+
+    @classmethod
+    def __get_pydantic_core_schema__(cls, source_type, handler):  # type: ignore
+        # This method is used to define how the SecretStr type should be handled by Pydantic.
+        # With this implementation, it will fail validation.
+        return core_schema.no_info_plain_validator_function(cls)
+
+
+class SettingsEnvVariablesSchema(BaseModel):
+    env_name: str
+    env_value: Any
+
+
+class SettingsExposedSchema(BaseModel):
+    name: str
+    variables: list[SettingsEnvVariablesSchema]

{orchestrator_core-4.0.4.dist-info → orchestrator_core-4.1.0rc1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: orchestrator-core
-Version: 4.0.4
+Version: 4.1.0rc1
 Summary: This is the orchestrator workflow engine.
 Requires-Python: >=3.11,<3.14
 Classifier: Intended Audience :: Information Technology

{orchestrator_core-4.0.4.dist-info → orchestrator_core-4.1.0rc1.dist-info}/RECORD

@@ -1,10 +1,10 @@
-orchestrator/__init__.py,sha256=YVe09WczpF4MK2XPRNEAfLMjIE3YCIBlDRgfibiP9U8,1063
+orchestrator/__init__.py,sha256=tOY8a4U2sGqlMaBFFS05G5fpTsG5MQWrMraMt7i-SW0,1066
 orchestrator/app.py,sha256=7UrXKjBKNSEaSSXAd5ww_RdMFhFqE4yvfj8faS2MzAA,12089
 orchestrator/exception_handlers.py,sha256=UsW3dw8q0QQlNLcV359bIotah8DYjMsj2Ts1LfX4ClY,1268
 orchestrator/log_config.py,sha256=1tPRX5q65e57a6a_zEii_PFK8SzWT0mnA5w2sKg4hh8,1853
 orchestrator/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 orchestrator/security.py,sha256=iXFxGxab54aav7oHEKLAVkTgrQMJGHy6IYLojEnD7gI,2422
-orchestrator/settings.py,sha256=ep4RXOIZfYb5ws4qT_E_iiANMQR91pvOhQQCv1t8osw,3879
+orchestrator/settings.py,sha256=TFIv09JIKY-lXqd04lH_XEcijEEyheaz3zTcgeG8DEI,4339
 orchestrator/targets.py,sha256=WizBgnp8hWX9YLFUIju7ewSubiwQqinCvyiYNcXHbHI,802
 orchestrator/types.py,sha256=qzs7xx5AYRmKbpYRyJJP3wuDb0W0bcAzefCN0RWLAco,15459
 orchestrator/version.py,sha256=b58e08lxs47wUNXv0jXFO_ykpksmytuzEXD4La4W-NQ,1366
@@ -21,7 +21,7 @@ orchestrator/api/api_v1/endpoints/processes.py,sha256=i5GRoszvdmpZqOxSqON83DNuc0
 orchestrator/api/api_v1/endpoints/product_blocks.py,sha256=kZ6ywIOsS_S2qGq7RvZ4KzjvaS1LmwbGWR37AKRvWOw,2146
 orchestrator/api/api_v1/endpoints/products.py,sha256=BfFtwu9dZXEQbtKxYj9icc73GKGvAGMR5ytyf41nQlQ,3081
 orchestrator/api/api_v1/endpoints/resource_types.py,sha256=gGyuaDyOD0TAVoeFGaGmjDGnQ8eQQArOxKrrk4MaDzA,2145
-orchestrator/api/api_v1/endpoints/settings.py,sha256=orcwFqGiQ3Ala3mLm_27ChXPkUFoGUeGNaDZnEIk2Ak,5848
+orchestrator/api/api_v1/endpoints/settings.py,sha256=5s-k169podZjgGHUbVDmSQwpY_3Cs_Bbf2PPtZIkBcw,6184
 orchestrator/api/api_v1/endpoints/subscription_customer_descriptions.py,sha256=1_6LtgQleoq3M6z_W-Qz__Bj3OFUweoPrUqHMwSH6AM,3288
 orchestrator/api/api_v1/endpoints/subscriptions.py,sha256=V-ebvjtFEKlALx8SKX42SiNPM-GAgSMWbuaimyktUQQ,8758
 orchestrator/api/api_v1/endpoints/translations.py,sha256=dIWh_fCnZZUxJoGiNeJ49DK_xpf75IpR_0EIMSvzIvY,963
@@ -268,6 +268,7 @@ orchestrator/services/processes.py,sha256=rTH6zLNsun3qDCPguz2LYS87MQR_LJREIPrgkG
 orchestrator/services/products.py,sha256=BP4KyE8zO-8z7Trrs5T6zKBOw53S9BfBJnHWI3p6u5Y,1943
 orchestrator/services/resource_types.py,sha256=_QBy_JOW_X3aSTqH0CuLrq4zBJL0p7Q-UDJUcuK2_qc,884
 orchestrator/services/settings.py,sha256=HEWfFulgoEDwgfxGEO__QTr5fDiwNBEj1UhAeTAdbLQ,3159
+orchestrator/services/settings_env_variables.py,sha256=U2xz0h3bOAE8wWQF2iCp5jf-2v0NUOOCTecNTouB1jY,2496
 orchestrator/services/subscription_relations.py,sha256=9C126TUfFvyBe7y4x007kH_dvxJ9pZ1zSnaWeH6HC5k,12261
 orchestrator/services/subscriptions.py,sha256=nr2HI89nC0lYjzTh2j-lEQ5cPQK43LNZv3gvP6jbepw,27189
 orchestrator/services/tasks.py,sha256=NjPkuauQoh9UJDcjA7OcKFgPk0i6NoKdDO7HlpGbBJ8,6575
@@ -280,6 +281,7 @@ orchestrator/utils/deprecation_logger.py,sha256=oqju7ecJcB_r7cMnldaOAA79QUZYS_h6
 orchestrator/utils/docs.py,sha256=GbyD61oKn1yVYaphUKHCBvrWEWJDTQfRc_VEbVb-zgU,6172
 orchestrator/utils/enrich_process.py,sha256=o_QSy5Q4wn1SMHhzVOw6bp7uhDXr7GhAIWRDDMWUVO4,4699
 orchestrator/utils/errors.py,sha256=6FxvXrITmRjP5bYnJJ3CxjAwA5meNjRAVYouz4TWKkU,4653
+orchestrator/utils/expose_settings.py,sha256=0NOjLBifQy4k2zUYJ31QjGQCaXEQ1zB4UtCle7XglAM,1640
 orchestrator/utils/fixed_inputs.py,sha256=pnL6I_19VMp_Bny8SYjSzVFNvTFDyeCxFFOWGhTnDiQ,2665
 orchestrator/utils/functional.py,sha256=X1MDNwHmkU3-8mFb21m31HGlcfc5TygliXR0sXN3-rU,8304
 orchestrator/utils/get_subscription_dict.py,sha256=hctkFvD3U6LpygNwz2uesRMdnXSY-PaohBqPATsi9r4,694
@@ -307,7 +309,7 @@ orchestrator/workflows/tasks/resume_workflows.py,sha256=MzJqlSXUvKStkT7NGzxZyRlf
 orchestrator/workflows/tasks/validate_product_type.py,sha256=paG-NAY1bdde3Adt8zItkcBKf5Pxw6f5ngGW6an6dYU,3192
 orchestrator/workflows/tasks/validate_products.py,sha256=GZJBoFF-WMphS7ghMs2-gqvV2iL1F0POhk0uSNt93n0,8510
 orchestrator/workflows/translations/en-GB.json,sha256=ST53HxkphFLTMjFHonykDBOZ7-P_KxksktZU3GbxLt0,846
-orchestrator_core-4.0.4.dist-info/licenses/LICENSE,sha256=b-aA5OZQuuBATmLKo_mln8CQrDPPhg3ghLzjPjLn4Tg,11409
-orchestrator_core-4.0.4.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
-orchestrator_core-4.0.4.dist-info/METADATA,sha256=EDGeOW4AxLgPbD6ZQDojlTPd8H3j4GOpD1vfWg-MgKA,5070
-orchestrator_core-4.0.4.dist-info/RECORD,,
+orchestrator_core-4.1.0rc1.dist-info/licenses/LICENSE,sha256=b-aA5OZQuuBATmLKo_mln8CQrDPPhg3ghLzjPjLn4Tg,11409
+orchestrator_core-4.1.0rc1.dist-info/WHEEL,sha256=G2gURzTEtmeR8nrdXUJfNiB3VYVxigPQ-bEQujpNiNs,82
+orchestrator_core-4.1.0rc1.dist-info/METADATA,sha256=hyIGgttPRSo2gjx2V1kbbpd5MvEbnCttnUJ2LzZEyP4,5073
+orchestrator_core-4.1.0rc1.dist-info/RECORD,,