orchestrator-core 4.1.0rc1__py3-none-any.whl → 4.2.0__py3-none-any.whl

orchestrator/graphql/schemas/product.py

@@ -52,21 +52,20 @@ class ProductType:
         return await resolve_subscriptions(info, filter_by_with_related_subscriptions, sort_by, first, after)
 
     @strawberry.field(description="Returns list of all nested productblock names")  # type: ignore
-    async def all_pb_names(self) -> list[str]:
-
+    async def all_product_block_names(self) -> list[str]:
         model = get_original_model(self, ProductTable)
 
-        def get_all_pb_names(product_blocks: list[ProductBlockTable]) -> Iterable[str]:
+        def get_names(product_blocks: list[ProductBlockTable], visited: set) -> Iterable[str]:
             for product_block in product_blocks:
+                if product_block.product_block_id in visited:
+                    continue
+                visited.add(product_block.product_block_id)
                 yield product_block.name
-
                 if product_block.depends_on:
-                    yield from get_all_pb_names(product_block.depends_on)
-
-        names: list[str] = list(get_all_pb_names(model.product_blocks))
-        names.sort()
+                    yield from get_names(product_block.depends_on, visited)
 
-        return names
+        names = set(get_names(model.product_blocks, set()))
+        return sorted(names)
 
     @strawberry.field(description="Return product blocks")  # type: ignore
     async def product_blocks(self) -> list[Annotated["ProductBlock", strawberry.lazy(".product_block")]]:

orchestrator/graphql/schemas/workflow.py

@@ -5,6 +5,7 @@ import strawberry
 from orchestrator.config.assignee import Assignee
 from orchestrator.db import WorkflowTable
 from orchestrator.graphql.schemas.helpers import get_original_model
+from orchestrator.graphql.types import OrchestratorInfo
 from orchestrator.schemas import StepSchema, WorkflowSchema
 from orchestrator.workflows import get_workflow
 
@@ -30,3 +31,11 @@ class Workflow:
     @strawberry.field(description="Return all steps for this workflow")  # type: ignore
     def steps(self) -> list[Step]:
         return [Step(name=step.name, assignee=step.assignee) for step in get_workflow(self.name).steps]  # type: ignore
+
+    @strawberry.field(description="Return whether the currently logged-in used is allowed to start this workflow")  # type: ignore
+    def is_allowed(self, info: OrchestratorInfo) -> bool:
+        oidc_user = info.context.get_current_user
+        workflow_table = get_original_model(self, WorkflowTable)
+        workflow = get_workflow(workflow_table.name)
+
+        return workflow.authorize_callback(oidc_user)  # type: ignore

orchestrator/graphql/types.py

@@ -1,4 +1,4 @@
-# Copyright 2022-2023 SURF, GÉANT.
+# Copyright 2022-2025 SURF, GÉANT.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -132,6 +132,12 @@ SCALAR_OVERRIDES: ScalarOverrideType = {
 }
 
 
+@strawberry.type(description="User permissions on a specific process")
+class FormUserPermissionsType:
+    retryAllowed: bool
+    resumeAllowed: bool
+
+
 @strawberry.type(description="Generic class to capture errors")
 class MutationError:
     message: str = strawberry.field(description="Error message")

orchestrator/migrations/versions/schema/2025-07-01_93fc5834c7e5_changed_timestamping_fields_in_process_steps.py

@@ -0,0 +1,65 @@
+"""Changed timestamping fields in process_steps.
+
+Revision ID: 93fc5834c7e5
+Revises: 4b58e336d1bf
+Create Date: 2025-07-01 14:20:44.755694
+
+"""
+
+import sqlalchemy as sa
+from alembic import op
+
+from orchestrator import db
+
+# revision identifiers, used by Alembic.
+revision = "93fc5834c7e5"
+down_revision = "4b58e336d1bf"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column(
+        "process_steps",
+        sa.Column(
+            "started_at",
+            db.UtcTimestamp(timezone=True),
+            server_default=sa.text("statement_timestamp()"),
+            nullable=False,
+        ),
+    )
+    op.alter_column("process_steps", "executed_at", new_column_name="completed_at")
+    # conn = op.get_bind()
+    # sa.select
+    # ### end Alembic commands ###
+    # Backfill started_at field correctly using proper aliasing
+    op.execute(
+        """
+        WITH backfill_started_at AS (
+            SELECT
+                ps1.stepid,
+                COALESCE(prev.completed_at, p.started_at) AS new_started_at
+            FROM process_steps ps1
+            JOIN processes p ON ps1.pid = p.pid
+            LEFT JOIN LATERAL (
+                SELECT ps2.completed_at
+                FROM process_steps ps2
+                WHERE ps2.pid = ps1.pid AND ps2.completed_at < ps1.completed_at
+                ORDER BY ps2.completed_at DESC
+                LIMIT 1
+            ) prev ON true
+        )
+        UPDATE process_steps
+        SET started_at = b.new_started_at
+        FROM backfill_started_at b
+        WHERE process_steps.stepid = b.stepid;
+    """
+    )
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column("process_steps", "started_at")
+    op.alter_column("process_steps", "completed_at", new_column_name="executed_at")
+    # ### end Alembic commands ###

orchestrator/migrations/versions/schema/2025-07-04_4b58e336d1bf_deprecating_workflow_target_in_.py

@@ -0,0 +1,30 @@
+"""Deprecating workflow target in ProcessSubscriptionTable.
+
+Revision ID: 4b58e336d1bf
+Revises: 161918133bec
+Create Date: 2025-07-04 15:27:23.814954
+
+"""
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "4b58e336d1bf"
+down_revision = "161918133bec"
+branch_labels = None
+depends_on = None
+
+
+def upgrade() -> None:
+    op.alter_column("processes_subscriptions", "workflow_target", existing_type=sa.VARCHAR(length=255), nullable=True)
+
+
+def downgrade() -> None:
+    op.alter_column(
+        "processes_subscriptions",
+        "workflow_target",
+        existing_type=sa.VARCHAR(length=255),
+        nullable=False,
+        existing_server_default=sa.text("'CREATE'::character varying"),
+    )

orchestrator/schemas/process.py

@@ -49,7 +49,11 @@ class ProcessStepSchema(OrchestratorBaseModel):
     name: str
     status: str
     created_by: str | None = None
-    executed: datetime | None = None
+    executed: datetime | None = Field(
+        None, deprecated="Deprecated, use 'started' and 'completed' for step start and completion times"
+    )
+    started: datetime | None = None
+    completed: datetime | None = None
     commit_hash: str | None = None
     state: dict[str, Any] | None = None
     state_delta: dict[str, Any] | None = None

orchestrator/services/celery.py

@@ -19,6 +19,7 @@ import structlog
 from celery.result import AsyncResult
 from kombu.exceptions import ConnectionError, OperationalError
 
+from oauth2_lib.fastapi import OIDCUserModel
 from orchestrator import app_settings
 from orchestrator.api.error_handling import raise_status
 from orchestrator.db import ProcessTable, db
@@ -42,7 +43,11 @@ def _block_when_testing(task_result: AsyncResult) -> None:
 
 
 def _celery_start_process(
-    workflow_key: str, user_inputs: list[State] | None, user: str = SYSTEM_USER, **kwargs: Any
+    workflow_key: str,
+    user_inputs: list[State] | None,
+    user: str = SYSTEM_USER,
+    user_model: OIDCUserModel | None = None,
+    **kwargs: Any,
 ) -> UUID:
     """Client side call of Celery."""
     from orchestrator.services.tasks import NEW_TASK, NEW_WORKFLOW, get_celery_task
@@ -57,7 +62,7 @@ def _celery_start_process(
 
     task_name = NEW_TASK if wf_table.is_task else NEW_WORKFLOW
     trigger_task = get_celery_task(task_name)
-    pstat = create_process(workflow_key, user_inputs, user)
+    pstat = create_process(workflow_key, user_inputs=user_inputs, user=user, user_model=user_model)
     try:
         result = trigger_task.delay(pstat.process_id, workflow_key, user)
         _block_when_testing(result)

orchestrator/services/processes.py

@@ -12,6 +12,7 @@
 # limitations under the License.
 from collections.abc import Callable, Sequence
 from concurrent.futures.thread import ThreadPoolExecutor
+from datetime import datetime
 from functools import partial
 from http import HTTPStatus
 from typing import Any
@@ -19,6 +20,7 @@ from uuid import UUID, uuid4
 
 import structlog
 from deepmerge.merger import Merger
+from pytz import utc
 from sqlalchemy import delete, select
 from sqlalchemy.exc import SQLAlchemyError
 from sqlalchemy.orm import joinedload
@@ -206,6 +208,10 @@ def _get_current_step_to_update(
     finally:
         step_state.pop("__remove_keys", None)
 
+    # We don't have __last_step_started in __remove_keys because the way __remove_keys is populated appears like it would overwrite
+    # what's put there in the step decorator in certain cases (step groups and callback steps)
+    step_start_time = step_state.pop("__last_step_started_at", None)
+
     if process_state.isfailed() or process_state.iswaiting():
         if (
             last_db_step is not None
@@ -216,7 +222,7 @@ def _get_current_step_to_update(
         ):
             state_ex_info = {
                 "retries": last_db_step.state.get("retries", 0) + 1,
-                "executed_at": last_db_step.state.get("executed_at", []) + [str(last_db_step.executed_at)],
+                "completed_at": last_db_step.state.get("completed_at", []) + [str(last_db_step.completed_at)],
             }
 
             # write new state info and execution date
@@ -236,10 +242,13 @@ def _get_current_step_to_update(
             state=step_state,
             created_by=stat.current_user,
         )
+    # Since the Start step does not have a __last_step_started_at in it's state, we effectively assume it is instantaneous.
+    now = nowtz()
+    current_step.started_at = datetime.fromtimestamp(step_start_time or now.timestamp(), tz=utc)
 
     # Always explicitly set this instead of leaving it to the database to prevent failing tests
     # Test will fail if multiple steps have the same timestamp
-    current_step.executed_at = nowtz()
+    current_step.completed_at = now
     return current_step
 
 
@@ -467,9 +476,7 @@ def thread_start_process(
     user_model: OIDCUserModel | None = None,
     broadcast_func: BroadcastFunc | None = None,
 ) -> UUID:
-    pstat = create_process(workflow_key, user_inputs=user_inputs, user=user)
-    if not pstat.workflow.authorize_callback(user_model):
-        raise_status(HTTPStatus.FORBIDDEN, error_message_unauthorized(workflow_key))
+    pstat = create_process(workflow_key, user_inputs=user_inputs, user=user, user_model=user_model)
 
     _safe_logstep_with_func = partial(safe_logstep, broadcast_func=broadcast_func)
     return _run_process_async(pstat.process_id, lambda: runwf(pstat, _safe_logstep_with_func))
@@ -506,7 +513,6 @@ def thread_resume_process(
     *,
     user_inputs: list[State] | None = None,
     user: str | None = None,
-    user_model: OIDCUserModel | None = None,
     broadcast_func: BroadcastFunc | None = None,
 ) -> UUID:
     # ATTENTION!! When modifying this function make sure you make similar changes to `resume_workflow` in the test code
@@ -515,8 +521,6 @@ def thread_resume_process(
         user_inputs = [{}]
 
     pstat = load_process(process)
-    if not pstat.workflow.authorize_callback(user_model):
-        raise_status(HTTPStatus.FORBIDDEN, error_message_unauthorized(str(process.workflow_name)))
 
     if pstat.workflow == removed_workflow:
         raise ValueError("This workflow cannot be resumed")
@@ -556,7 +560,6 @@ def resume_process(
     *,
     user_inputs: list[State] | None = None,
     user: str | None = None,
-    user_model: OIDCUserModel | None = None,
     broadcast_func: BroadcastFunc | None = None,
 ) -> UUID:
     """Resume a failed or suspended process.
@@ -565,7 +568,6 @@ def resume_process(
         process: Process from database
         user_inputs: Optional user input from forms
         user: user who resumed this process
-        user_model: OIDCUserModel of user who resumed this process
         broadcast_func: Optional function to broadcast process data
 
     Returns:
@@ -573,8 +575,6 @@ def resume_process(
 
     """
     pstat = load_process(process)
-    if not pstat.workflow.authorize_callback(user_model):
-        raise_status(HTTPStatus.FORBIDDEN, error_message_unauthorized(str(process.workflow_name)))
 
     try:
         post_form(pstat.log[0].form, pstat.state.unwrap(), user_inputs=user_inputs or [])

orchestrator/services/settings_env_variables.py

@@ -14,7 +14,7 @@
 from typing import Any, Dict, Type
 
 from pydantic import SecretStr as PydanticSecretStr
-from pydantic_core import MultiHostUrl
+from pydantic_core import MultiHostUrl, Url
 from pydantic_settings import BaseSettings
 
 from orchestrator.utils.expose_settings import SecretStr as OrchSecretStr
@@ -32,21 +32,9 @@ def expose_settings(settings_name: str, base_settings: Type[BaseSettings]) -> Ty
 
 def mask_value(key: str, value: Any) -> Any:
     key_lower = key.lower()
+    is_sensitive_key = "secret" in key_lower or "password" in key_lower
 
-    if "secret" in key_lower or "password" in key_lower:
-        # Mask sensitive information
-        return MASK
-
-    if isinstance(value, PydanticSecretStr):
-        # Need to convert SecretStr to str for serialization
-        return str(value)
-
-    if isinstance(value, OrchSecretStr):
-        return MASK
-
-    # PostgresDsn is just MultiHostUrl with extra metadata (annotations)
-    if isinstance(value, MultiHostUrl):
-        # Convert PostgresDsn to str for serialization
+    if is_sensitive_key or isinstance(value, (OrchSecretStr, PydanticSecretStr, MultiHostUrl, Url)):
         return MASK
 
     return value

orchestrator/settings.py

@@ -72,7 +72,7 @@ class AppSettings(BaseSettings):
     TRACING_ENABLED: bool = False
     TRACE_HOST: str = "http://localhost:4317"
     TRANSLATIONS_DIR: Path | None = None
-    WEBSOCKET_BROADCASTER_URL: str = "memory://"
+    WEBSOCKET_BROADCASTER_URL: OrchSecretStr = "memory://"  # type: ignore
     ENABLE_WEBSOCKETS: bool = True
     DISABLE_INSYNC_CHECK: bool = False
     DEFAULT_PRODUCT_WORKFLOWS: list[str] = ["modify_note"]

orchestrator/utils/auth.py

@@ -0,0 +1,9 @@
+from collections.abc import Callable
+from typing import TypeAlias
+
+from oauth2_lib.fastapi import OIDCUserModel
+
+# This file is broken out separately to avoid circular imports.
+
+# Can instead use "type Authorizer = ..." in later Python versions.
+Authorizer: TypeAlias = Callable[[OIDCUserModel | None], bool]

orchestrator/utils/enrich_process.py

@@ -57,7 +57,9 @@ def enrich_step_details(step: ProcessStepTable, previous_step: ProcessStepTable
 
     return {
         "name": step.name,
-        "executed": step.executed_at.timestamp(),
+        "executed": step.completed_at.timestamp(),
+        "started": step.started_at.timestamp(),
+        "completed": step.completed_at.timestamp(),
         "status": step.status,
         "state": step.state,
         "created_by": step.created_by,
@@ -103,7 +105,7 @@ def enrich_process(process: ProcessTable, p_stat: ProcessStat | None = None) ->
         "is_task": process.is_task,
         "workflow_id": process.workflow_id,
         "workflow_name": process.workflow.name,
-        "workflow_target": process.process_subscriptions[0].workflow_target if process.process_subscriptions else None,
+        "workflow_target": process.workflow.target,
         "failed_reason": process.failed_reason,
         "created_by": process.created_by,
         "started_at": process.started_at,

orchestrator/utils/errors.py

@@ -128,12 +128,13 @@ def _(err: Exception) -> ErrorDict:
     # We can't dispatch on ApiException, see is_api_exception docstring
     if is_api_exception(err):
         err = cast(ApiException, err)
+        headers = err.headers or {}
         return {
             "class": type(err).__name__,
             "error": err.reason,
             "status_code": err.status,
             "body": err.body,
-            "headers": "\n".join(f"{k}: {v}" for k, v in err.headers.items()),
+            "headers": "\n".join(f"{k}: {v}" for k, v in headers.items()),
             "traceback": show_ex(err),
         }
 

orchestrator/workflow.py

@@ -45,6 +45,8 @@ from orchestrator.db import db, transactional
 from orchestrator.services.settings import get_engine_settings
 from orchestrator.targets import Target
 from orchestrator.types import ErrorDict, StepFunc
+from orchestrator.utils.auth import Authorizer
+from orchestrator.utils.datetime import nowtz
 from orchestrator.utils.docs import make_workflow_doc
 from orchestrator.utils.errors import error_state_to_dict
 from orchestrator.utils.state import form_inject_args, inject_args
@@ -80,6 +82,8 @@ class Step(Protocol):
     name: str
     form: InputFormGenerator | None
     assignee: Assignee | None
+    resume_auth_callback: Authorizer | None = None
+    retry_auth_callback: Authorizer | None = None
 
     def __call__(self, state: State) -> Process: ...
 
@@ -90,7 +94,8 @@ class Workflow(Protocol):
     __qualname__: str
     name: str
     description: str
-    authorize_callback: Callable[[OIDCUserModel | None], bool]
+    authorize_callback: Authorizer
+    retry_auth_callback: Authorizer
     initial_input_form: InputFormGenerator | None = None
     target: Target
     steps: StepList
@@ -99,13 +104,20 @@ class Workflow(Protocol):
 
 
 def make_step_function(
-    f: Callable, name: str, form: InputFormGenerator | None = None, assignee: Assignee | None = Assignee.SYSTEM
+    f: Callable,
+    name: str,
+    form: InputFormGenerator | None = None,
+    assignee: Assignee | None = Assignee.SYSTEM,
+    resume_auth_callback: Authorizer | None = None,
+    retry_auth_callback: Authorizer | None = None,
 ) -> Step:
     step_func = cast(Step, f)
 
     step_func.name = name
     step_func.form = form
     step_func.assignee = assignee
+    step_func.resume_auth_callback = resume_auth_callback
+    step_func.retry_auth_callback = retry_auth_callback
     return step_func
 
 
@@ -167,6 +179,7 @@ class StepList(list[Step]):
 
 
 def _handle_simple_input_form_generator(f: StateInputStepFunc) -> StateInputFormGenerator:
+    """Processes f into a form generator and injects a pre-hook for user authorization."""
     if inspect.isgeneratorfunction(f):
         return cast(StateInputFormGenerator, f)
     if inspect.isgenerator(f):
@@ -191,7 +204,8 @@ def make_workflow(
     initial_input_form: InputStepFunc | None,
     target: Target,
     steps: StepList,
-    authorize_callback: Callable[[OIDCUserModel | None], bool] | None = None,
+    authorize_callback: Authorizer | None = None,
+    retry_auth_callback: Authorizer | None = None,
 ) -> Workflow:
     @functools.wraps(f)
     def wrapping_function() -> NoReturn:
@@ -202,6 +216,10 @@ def make_workflow(
     wrapping_function.name = f.__name__  # default, will be changed by LazyWorkflowInstance
     wrapping_function.description = description
     wrapping_function.authorize_callback = allow if authorize_callback is None else authorize_callback
+    # If no retry auth policy is given, defer to policy for process creation.
+    wrapping_function.retry_auth_callback = (
+        wrapping_function.authorize_callback if retry_auth_callback is None else retry_auth_callback
+    )
 
     if initial_input_form is None:
         # We always need a form to prevent starting a workflow when no input is needed.
@@ -270,9 +288,16 @@ def retrystep(name: str) -> Callable[[StepFunc], Step]:
     return decorator
 
 
-def inputstep(name: str, assignee: Assignee) -> Callable[[InputStepFunc], Step]:
+def inputstep(
+    name: str,
+    assignee: Assignee,
+    resume_auth_callback: Authorizer | None = None,
+    retry_auth_callback: Authorizer | None = None,
+) -> Callable[[InputStepFunc], Step]:
     """Add user input step to workflow.
 
+    Any authorization callbacks will be attached to the resulting Step.
+
     IMPORTANT: In contrast to other workflow steps, the `@inputstep` wrapped function will not run in the
     workflow engine! This means that it must be free of side effects!
 
@@ -299,7 +324,14 @@ def inputstep(name: str, assignee: Assignee) -> Callable[[InputStepFunc], Step]:
         def suspend(state: State) -> Process:
             return Suspend(state)
 
-        return make_step_function(suspend, name, wrapper, assignee)
+        return make_step_function(
+            suspend,
+            name,
+            wrapper,
+            assignee,
+            resume_auth_callback=resume_auth_callback,
+            retry_auth_callback=retry_auth_callback,
+        )
 
     return decorator
 
@@ -350,11 +382,13 @@ def step_group(name: str, steps: StepList, extract_form: bool = True) -> Step:
                 p = p.map(lambda s: s | {"__replace_last_state": True})
             return step_log_fn(step_, p)
 
+        step_group_start_time = nowtz().timestamp()
         process: Process = Success(initial_state)
         process = _exec_steps(step_list, process, dblogstep)
-
         # Add instruction to replace state of last sub step before returning process _exec_steps higher in the call tree
-        return process.map(lambda s: s | {"__replace_last_state": True})
+        return process.map(
+            lambda s: s | {"__replace_last_state": True, "__last_step_started_at": step_group_start_time}
+        )
 
     # Make sure we return a form is a sub step has a form
     form = next((sub_step.form for sub_step in steps if sub_step.form), None) if extract_form else None
@@ -479,7 +513,8 @@ def workflow(
     description: str,
     initial_input_form: InputStepFunc | None = None,
     target: Target = Target.SYSTEM,
-    authorize_callback: Callable[[OIDCUserModel | None], bool] | None = None,
+    authorize_callback: Authorizer | None = None,
+    retry_auth_callback: Authorizer | None = None,
 ) -> Callable[[Callable[[], StepList]], Workflow]:
     """Transform an initial_input_form and a step list into a workflow.
 
@@ -500,7 +535,13 @@ def workflow(
 
     def _workflow(f: Callable[[], StepList]) -> Workflow:
         return make_workflow(
-            f, description, initial_input_form_in_form_inject_args, target, f(), authorize_callback=authorize_callback
+            f,
+            description,
+            initial_input_form_in_form_inject_args,
+            target,
+            f(),
+            authorize_callback=authorize_callback,
+            retry_auth_callback=retry_auth_callback,
         )
 
     return _workflow
@@ -1416,6 +1457,8 @@ def _exec_steps(steps: StepList, starting_process: Process, dblogstep: StepLogFu
                     "Not executing Step as the workflow engine is Paused. Process will remain in state 'running'"
                 )
                 return process
+
+            process = process.map(lambda s: s | {"__last_step_started_at": nowtz().timestamp()})
             step_result_process = process.execute_step(step)
         except Exception as e:
             consolelogger.error("An exception occurred while executing the workflow step.")

orchestrator/workflows/modify_note.py

@@ -53,4 +53,4 @@ def store_subscription_note(subscription_id: UUIDstr, note: str) -> State:
 
 @workflow("Modify Note", initial_input_form=wrap_modify_initial_input_form(initial_input_form), target=Target.MODIFY)
 def modify_note() -> StepList:
-    return init >> store_process_subscription(Target.MODIFY) >> store_subscription_note >> done
+    return init >> store_process_subscription() >> store_subscription_note >> done

orchestrator/workflows/steps.py

@@ -23,6 +23,7 @@ from orchestrator.services.subscriptions import get_subscription
 from orchestrator.targets import Target
 from orchestrator.types import SubscriptionLifecycle
 from orchestrator.utils.json import to_serializable
+from orchestrator.websocket import sync_invalidate_subscription_cache
 from orchestrator.workflow import Step, step
 from pydantic_forms.types import State, UUIDstr
 
@@ -33,6 +34,7 @@ logger = structlog.get_logger(__name__)
 def resync(subscription: SubscriptionModel) -> State:
     """Transition a subscription to in sync."""
     subscription.insync = True
+    sync_invalidate_subscription_cache(subscription.subscription_id)
     return {"subscription": subscription}
 
 
@@ -93,6 +95,7 @@ def unsync(subscription_id: UUIDstr, __old_subscriptions__: dict | None = None)
     if not subscription.insync:
         raise ValueError("Subscription is already out of sync, cannot continue!")
     subscription.insync = False
+    sync_invalidate_subscription_cache(subscription.subscription_id)
 
     return {"subscription": subscription, "__old_subscriptions__": subscription_backup}
 
@@ -105,20 +108,23 @@ def unsync_unchecked(subscription_id: UUIDstr) -> State:
     return {"subscription": subscription}
 
 
-def store_process_subscription_relationship(
-    process_id: UUIDstr, subscription_id: UUIDstr, workflow_target: str
-) -> ProcessSubscriptionTable:
-    process_subscription = ProcessSubscriptionTable(
-        process_id=process_id, subscription_id=subscription_id, workflow_target=workflow_target
-    )
+def store_process_subscription_relationship(process_id: UUIDstr, subscription_id: UUIDstr) -> ProcessSubscriptionTable:
+    process_subscription = ProcessSubscriptionTable(process_id=process_id, subscription_id=subscription_id)
     db.session.add(process_subscription)
     return process_subscription
 
 
-def store_process_subscription(workflow_target: Target) -> Step:
+def store_process_subscription(workflow_target: Target | None = None) -> Step:
+    if workflow_target:
+        deprecation_warning = (
+            "Providing a workflow target to function store_process_subscription() is deprecated. "
+            "This information is already stored in the workflow table."
+        )
+        logger.warning(deprecation_warning)
+
     @step("Create Process Subscription relation")
     def _store_process_subscription(process_id: UUIDstr, subscription_id: UUIDstr) -> None:
-        store_process_subscription_relationship(process_id, subscription_id, workflow_target)
+        store_process_subscription_relationship(process_id, subscription_id)
 
     return _store_process_subscription