orchestrator-core 4.1.0rc2__py3-none-any.whl → 4.2.0rc2__py3-none-any.whl

orchestrator/__init__.py

@@ -13,7 +13,7 @@
 
 """This is the orchestrator workflow engine."""
 
-__version__ = "4.1.0rc2"
+__version__ = "4.2.0rc2"
 
 from orchestrator.app import OrchestratorCore
 from orchestrator.settings import app_settings

orchestrator/api/api_v1/endpoints/processes.py

@@ -123,6 +123,7 @@ def get_auth_callbacks(steps: StepList, workflow: Workflow) -> tuple[Authorizer
 def can_be_resumed(status: ProcessStatus) -> bool:
     return status in (
         ProcessStatus.SUSPENDED,  # Can be resumed
+        ProcessStatus.WAITING,  # Can be retried
         ProcessStatus.FAILED,  # Can be retried
         ProcessStatus.API_UNAVAILABLE,  # subtype of FAILED
         ProcessStatus.INCONSISTENT_DATA,  # subtype of FAILED
@@ -158,6 +159,9 @@ def delete(process_id: UUID) -> None:
     if not process:
         raise_status(HTTPStatus.NOT_FOUND)
 
+    if not process.is_task:
+        raise_status(HTTPStatus.BAD_REQUEST)
+
     db.session.delete(db.session.get(ProcessTable, process_id))
     db.session.commit()
 
@@ -209,7 +213,7 @@ def resume_process_endpoint(
     if process.last_status == ProcessStatus.SUSPENDED:
         if auth_resume is not None and not auth_resume(user_model):
             raise_status(HTTPStatus.FORBIDDEN, "User is not authorized to resume step")
-    elif process.last_status == ProcessStatus.FAILED:
+    elif process.last_status in (ProcessStatus.FAILED, ProcessStatus.WAITING):
         if auth_retry is not None and not auth_retry(user_model):
             raise_status(HTTPStatus.FORBIDDEN, "User is not authorized to retry step")
 
@@ -270,7 +274,7 @@ def update_progress_on_awaiting_process_endpoint(
 @router.put(
     "/resume-all", response_model=ProcessResumeAllSchema, dependencies=[Depends(check_global_lock, use_cache=False)]
 )
-async def resume_all_processess_endpoint(request: Request, user: str = Depends(user_name)) -> dict[str, int]:
+async def resume_all_processes_endpoint(request: Request, user: str = Depends(user_name)) -> dict[str, int]:
     """Retry all task processes in status Failed, Waiting, API Unavailable or Inconsistent Data.
 
     The retry is started in the background, returning status 200 and number of processes in message.

orchestrator/api/api_v1/endpoints/subscriptions.py

@@ -47,10 +47,12 @@ from orchestrator.services.subscriptions import (
     subscription_workflows,
 )
 from orchestrator.settings import app_settings
+from orchestrator.targets import Target
 from orchestrator.types import SubscriptionLifecycle
 from orchestrator.utils.deprecation_logger import deprecated_endpoint
 from orchestrator.utils.get_subscription_dict import get_subscription_dict
 from orchestrator.websocket import sync_invalidate_subscription_cache
+from orchestrator.workflows import get_workflow
 
 router = APIRouter()
 
@@ -100,6 +102,25 @@ def _filter_statuses(filter_statuses: str | None = None) -> list[str]:
     return statuses
 
 
+def _authorized_subscription_workflows(
+    subscription: SubscriptionTable, current_user: OIDCUserModel | None
+) -> dict[str, list[dict[str, list[Any] | str]]]:
+    subscription_workflows_dict = subscription_workflows(subscription)
+
+    for workflow_target in Target.values():
+        for workflow_dict in subscription_workflows_dict[workflow_target.lower()]:
+            workflow = get_workflow(workflow_dict["name"])
+            if not workflow:
+                continue
+            if (
+                not workflow.authorize_callback(current_user)  # The current user isn't allowed to run this workflow
+                and "reason" not in workflow_dict  # and there isn't already a reason why this workflow cannot run
+            ):
+                workflow_dict["reason"] = "subscription.insufficient_workflow_permissions"
+
+    return subscription_workflows_dict
+
+
 @router.get(
     "/domain-model/{subscription_id}",
     response_model=SubscriptionDomainModelSchema | None,
@@ -169,7 +190,9 @@ def subscriptions_search(
     description="This endpoint is deprecated and will be removed in a future release. Please use the GraphQL query",
     dependencies=[Depends(deprecated_endpoint)],
 )
-def subscription_workflows_by_id(subscription_id: UUID) -> dict[str, list[dict[str, list[Any] | str]]]:
+def subscription_workflows_by_id(
+    subscription_id: UUID, current_user: OIDCUserModel | None = Depends(authenticate)
+) -> dict[str, list[dict[str, list[Any] | str]]]:
     subscription = db.session.get(
         SubscriptionTable,
         subscription_id,
@@ -181,7 +204,7 @@ def subscription_workflows_by_id(subscription_id: UUID) -> dict[str, list[dict[s
     if not subscription:
         raise_status(HTTPStatus.NOT_FOUND)
 
-    return subscription_workflows(subscription)
+    return _authorized_subscription_workflows(subscription, current_user)
 
 
 @router.put("/{subscription_id}/set_in_sync", response_model=None, status_code=HTTPStatus.OK)

orchestrator/cli/database.py

@@ -256,6 +256,9 @@ def migrate_domain_models(
     test: bool = typer.Option(False, help="Optional boolean if you don't want to generate a migration file"),
     inputs: str = typer.Option("{}", help="Stringified dict to prefill inputs"),
     updates: str = typer.Option("{}", help="Stringified dict to map updates instead of using inputs"),
+    confirm_warnings: bool = typer.Option(
+        False, help="Optional boolean if you want to accept all warning inputs, fully knowing things can go wrong"
+    ),
 ) -> tuple[list[str], list[str]] | None:
     """Create migration file based on SubscriptionModel.diff_product_in_database. BACKUP DATABASE BEFORE USING THE MIGRATION!.
 
@@ -282,6 +285,8 @@ def migrate_domain_models(
                 - `updates = { "resource_types": { "old_resource_type_name": "new_resource_type_name" } }`
             - renaming a resource type to existing resource type: `updates = { "resource_types": { "old_resource_type_name": "new_resource_type_name" } }`
 
+        confirm_warnings: Optional boolean if you want to accept all warning inputs, fully knowing things can go wrong.
+
     Returns None unless `--test` is used, in which case it returns:
         - tuple:
             - list of upgrade SQL statements in string format.
@@ -304,7 +309,9 @@ def migrate_domain_models(
             resource_types=updates_dict.get("resource_types", {}),
             block_resource_types=updates_dict.get("block_resource_types", {}),
         )
-    sql_upgrade_stmts, sql_downgrade_stmts = create_domain_models_migration_sql(inputs_dict, updates_class, bool(test))
+    sql_upgrade_stmts, sql_downgrade_stmts = create_domain_models_migration_sql(
+        inputs_dict, updates_class, test, confirm_warnings
+    )
 
     if test:
         return sql_upgrade_stmts, sql_downgrade_stmts

orchestrator/cli/domain_gen_helpers/helpers.py

@@ -2,10 +2,15 @@ from collections.abc import Iterable
 from itertools import groupby
 
 import structlog
+import typer
+from more_itertools import first
 from sqlalchemy.dialects import postgresql
 from sqlalchemy.sql.dml import UpdateBase
 
-from orchestrator.domain.base import ProductBlockModel
+from orchestrator.cli.domain_gen_helpers.types import BlockRelationDict
+from orchestrator.cli.helpers.input_helpers import _prompt_user_menu
+from orchestrator.cli.helpers.print_helpers import noqa_print
+from orchestrator.domain.base import ProductBlockModel, SubscriptionModel
 
 logger = structlog.get_logger(__name__)
 
@@ -43,10 +48,47 @@ def map_delete_resource_type_relations(model_diffs: dict[str, dict[str, set[str]
     return generic_mapper("missing_resource_types_in_model", model_diffs)
 
 
-def map_create_product_block_relations(model_diffs: dict[str, dict[str, set[str]]]) -> dict[str, set[str]]:
+def map_create_product_to_product_block_relations(model_diffs: dict[str, dict[str, set[str]]]) -> dict[str, set[str]]:
     return generic_mapper("missing_product_blocks_in_db", model_diffs)
 
 
+def format_block_relation_to_dict(
+    model_name: str,
+    block_to_find_in_props: str,
+    models: dict[str, type[SubscriptionModel]] | dict[str, type[ProductBlockModel]],
+    confirm_warnings: bool,
+) -> BlockRelationDict:
+    model = models[model_name]
+    block_props = model._get_depends_on_product_block_types()
+    props = {k for k, v in block_props.items() if v.name == block_to_find_in_props}  # type: ignore
+
+    if len(props) > 1 and not confirm_warnings:
+        noqa_print("WARNING: Relating a Product Block multiple times is not supported by this migrator!")
+        noqa_print(
+            "You will need to create your own migration to create a Product Block Instance for each attribute that is related"
+        )
+        noqa_print(f"Product Block '{block_to_find_in_props}' has been related multiple times to '{model_name}'")
+        noqa_print(f"Attributes the block ('{block_to_find_in_props}') has been related with: {', '.join(props)}")
+        noqa_print(f"The relation will only be added to the first attribute ('{first(props)}') want to continue?")
+
+        if _prompt_user_menu([("yes", "yes"), ("no", "no")]) == "no":
+            typer.echo("Aborted.")
+            raise typer.Exit(code=1)
+
+    return BlockRelationDict(name=model_name, attribute_name=first(props))
+
+
+def map_create_product_block_relations(
+    model_diffs: dict[str, dict[str, set[str]]],
+    models: dict[str, type[SubscriptionModel]] | dict[str, type[ProductBlockModel]],
+    confirm_warnings: bool,
+) -> dict[str, list[BlockRelationDict]]:
+    data = generic_mapper("missing_product_blocks_in_db", model_diffs)
+    return {
+        k: [format_block_relation_to_dict(b, k, models, confirm_warnings) for b in blocks] for k, blocks in data.items()
+    }
+
+
 def map_delete_product_block_relations(model_diffs: dict[str, dict[str, set[str]]]) -> dict[str, set[str]]:
     return generic_mapper("missing_product_blocks_in_model", model_diffs)
 

orchestrator/cli/domain_gen_helpers/product_block_helpers.py

@@ -7,8 +7,12 @@ from sqlalchemy import select
 from sqlalchemy.sql.expression import Delete, Insert
 from sqlalchemy.sql.selectable import ScalarSelect
 
-from orchestrator.cli.domain_gen_helpers.helpers import get_product_block_names, sql_compile
-from orchestrator.cli.domain_gen_helpers.types import DomainModelChanges
+from orchestrator.cli.domain_gen_helpers.helpers import (
+    format_block_relation_to_dict,
+    get_product_block_names,
+    sql_compile,
+)
+from orchestrator.cli.domain_gen_helpers.types import BlockRelationDict, DomainModelChanges
 from orchestrator.cli.helpers.input_helpers import get_user_input
 from orchestrator.cli.helpers.print_helpers import COLOR, print_fmt, str_fmt
 from orchestrator.db import db
@@ -68,13 +72,17 @@ def map_delete_product_blocks(product_blocks: dict[str, type[ProductBlockModel]]
     return {name for name in existing_product_blocks if name not in product_blocks}
 
 
-def map_product_block_additional_relations(changes: DomainModelChanges) -> DomainModelChanges:
+def map_product_block_additional_relations(
+    changes: DomainModelChanges, models: dict[str, type[ProductBlockModel]], confirm_warnings: bool
+) -> DomainModelChanges:
     """Map additional relations for created product blocks.
 
     Adds resource type and product block relations.
 
     Args:
         changes: DomainModelChanges class with all changes.
+        models: All product block models.
+        confirm_warnings: confirm warnings to continue, fully knowing that things can go wrong.
 
     Returns: Updated DomainModelChanges.
     """
@@ -86,7 +94,12 @@ def map_product_block_additional_relations(changes: DomainModelChanges) -> Domai
         product_blocks_in_model = block_class._get_depends_on_product_block_types()
         product_blocks_types_in_model = get_depends_on_product_block_type_list(product_blocks_in_model)
         for product_block_name in get_product_block_names(product_blocks_types_in_model):
-            changes.create_product_block_relations.setdefault(product_block_name, set()).add(block_name)
+            relation_list = changes.create_product_block_relations.get(product_block_name, [])
+            new_relation = format_block_relation_to_dict(block_name, product_block_name, models, confirm_warnings)
+
+            if new_relation not in relation_list:
+                changes.create_product_block_relations[product_block_name] = relation_list + [new_relation]
+
     return changes
 
 
@@ -147,31 +160,35 @@ def generate_delete_product_blocks_sql(delete_product_blocks: set[str]) -> list[
     ]
 
 
-def generate_create_product_block_relations_sql(create_block_relations: dict[str, set[str]]) -> list[str]:
+def generate_create_product_block_relations_sql(
+    create_block_relations: dict[str, list[BlockRelationDict]],
+) -> list[str]:
     """Generate SQL to create product block to product block relations.
 
     Args:
         create_block_relations: Dict with product blocks by product block
             - key: product block name.
-            - value: Set of product block names to relate with.
+            - list: List of product blocks to relate with by prop names.
 
     Returns: List of SQL to create relation between product blocks.
     """
 
-    def create_block_relation(depends_block_name: str, block_names: set[str]) -> str:
+    def create_block_relation(depends_block_name: str, block_relations: list[BlockRelationDict]) -> str:
         depends_block_id_sql = get_product_block_id(depends_block_name)
 
-        def create_block_relation_dict(block_name: str) -> dict[str, ScalarSelect]:
-            block_id_sql = get_product_block_id(block_name)
+        def create_block_relation_dict(block_relation: BlockRelationDict) -> dict[str, ScalarSelect]:
+            block_id_sql = get_product_block_id(block_relation["name"])
             return {"in_use_by_id": block_id_sql, "depends_on_id": depends_block_id_sql}
 
-        product_product_block_relation_dicts = [create_block_relation_dict(block_name) for block_name in block_names]
+        product_product_block_relation_dicts = [create_block_relation_dict(block) for block in block_relations]
         return sql_compile(Insert(ProductBlockRelationTable).values(product_product_block_relation_dicts))
 
     return [create_block_relation(*item) for item in create_block_relations.items()]
 
 
-def generate_create_product_block_instance_relations_sql(product_block_relations: dict[str, set[str]]) -> list[str]:
+def generate_create_product_block_instance_relations_sql(
+    product_block_relations: dict[str, list[BlockRelationDict]],
+) -> list[str]:
     """Generate SQL to create resource type instance values for existing instances.
 
     Args:
@@ -183,12 +200,14 @@ def generate_create_product_block_instance_relations_sql(product_block_relations
     """
 
     def create_subscription_instance_relations(
-        depends_block_name: str, block_names: set[str]
+        depends_block_name: str, block_relations: list[BlockRelationDict]
     ) -> Generator[str, None, None]:
         depends_block_id_sql = get_product_block_id(depends_block_name)
 
-        def map_subscription_instances(block_name: str) -> dict[str, list[dict[str, str | ScalarSelect]]]:
-            in_use_by_id_sql = get_product_block_id(block_name)
+        def map_subscription_instances(
+            block_relation: BlockRelationDict,
+        ) -> dict[str, list[dict[str, str | ScalarSelect]]]:
+            in_use_by_id_sql = get_product_block_id(block_relation["name"])
             stmt = select(
                 SubscriptionInstanceTable.subscription_instance_id, SubscriptionInstanceTable.subscription_id
             ).where(SubscriptionInstanceTable.product_block_id.in_(in_use_by_id_sql))
@@ -206,13 +225,14 @@ def generate_create_product_block_instance_relations_sql(product_block_relations
                     "in_use_by_id": instance.subscription_instance_id,
                     "depends_on_id": get_subscription_instance(instance.subscription_id, depends_block_id_sql),
                     "order_id": 0,
+                    "domain_model_attr": block_relation["attribute_name"],
                 }
                 for instance in subscription_instances
             ]
 
             return {"instance_list": instance_list, "instance_relation_list": instance_relation_list}
 
-        create_instance_list = [map_subscription_instances(block_name) for block_name in block_names]
+        create_instance_list = [map_subscription_instances(block_relation) for block_relation in block_relations]
 
         subscription_instance_dicts = list(flatten(item["instance_list"] for item in create_instance_list))
         subscription_relation_dicts = list(flatten(item["instance_relation_list"] for item in create_instance_list))

orchestrator/cli/domain_gen_helpers/resource_type_helpers.py

@@ -9,7 +9,7 @@ from sqlalchemy.sql.selectable import ScalarSelect
 
 from orchestrator.cli.domain_gen_helpers.helpers import sql_compile
 from orchestrator.cli.domain_gen_helpers.product_block_helpers import get_product_block_id, get_product_block_ids
-from orchestrator.cli.domain_gen_helpers.types import DomainModelChanges
+from orchestrator.cli.domain_gen_helpers.types import BlockRelationDict, DomainModelChanges
 from orchestrator.cli.helpers.input_helpers import _enumerate_menu_keys, _prompt_user_menu, get_user_input
 from orchestrator.cli.helpers.print_helpers import COLOR, noqa_print, print_fmt, str_fmt
 from orchestrator.db import db
@@ -262,8 +262,8 @@ def _has_product_existing_instances(product_name: str) -> bool:
     return bool(product and get_product_instance_count(product.product_id))
 
 
-def _find_new_relations(block_name: str, relations: dict[str, set[str]]) -> set[str]:
-    return set(flatten((list(v) for k, v in relations.items() if block_name in k)))
+def _find_new_block_relations(block_name: str, relations: dict[str, list[BlockRelationDict]]) -> set[str]:
+    return {r["name"] for r in relations.get(block_name, [])}
 
 
 def map_create_resource_type_instances(changes: DomainModelChanges) -> dict[str, set[str]]:
@@ -285,11 +285,11 @@ def map_create_resource_type_instances(changes: DomainModelChanges) -> dict[str,
         if block and get_block_instance_count(block.product_block_id):
             return True
 
-        related_block_names = _find_new_relations(block_name, changes.create_product_block_relations)
+        related_block_names = _find_new_block_relations(block_name, changes.create_product_block_relations)
         if related_block_names:
             return any(_has_existing_instances(name) for name in related_block_names)
 
-        related_product_names = _find_new_relations(block_name, changes.create_product_to_block_relations)
+        related_product_names = changes.create_product_to_block_relations.get(block_name, set())
         return any(_has_product_existing_instances(name) for name in related_product_names)
 
     return {

orchestrator/cli/domain_gen_helpers/types.py

@@ -1,8 +1,14 @@
 from pydantic import BaseModel
+from typing_extensions import TypedDict
 
 from orchestrator.domain.base import ProductBlockModel, SubscriptionModel
 
 
+class BlockRelationDict(TypedDict):
+    name: str
+    attribute_name: str
+
+
 class DomainModelChanges(BaseModel):
     create_products: dict[str, type[SubscriptionModel]] = {}
     delete_products: set[str] = set()
@@ -10,7 +16,7 @@ class DomainModelChanges(BaseModel):
     delete_product_to_block_relations: dict[str, set[str]] = {}
     create_product_blocks: dict[str, type[ProductBlockModel]] = {}
     delete_product_blocks: set[str] = set()
-    create_product_block_relations: dict[str, set[str]] = {}
+    create_product_block_relations: dict[str, list[BlockRelationDict]] = {}
     delete_product_block_relations: dict[str, set[str]] = {}
     create_product_fixed_inputs: dict[str, set[str]] = {}
     update_product_fixed_inputs: dict[str, dict[str, str]] = {}

orchestrator/cli/generator/templates/create_product.j2

@@ -11,7 +11,6 @@ from pydantic_forms.types import FormGenerator, State, UUIDstr
 
 from orchestrator.forms import FormPage
 from orchestrator.forms.validators import Divider, Label, CustomerId, MigrationSummary
-from orchestrator.targets import Target
 from orchestrator.types import SubscriptionLifecycle
 from orchestrator.workflow import StepList, begin, step
 from orchestrator.workflows.steps import store_process_subscription
@@ -119,6 +118,6 @@ def create_{{ product.variable }}() -> StepList:
     return (
         begin
         >> construct_{{ product.variable }}_model
-        >> store_process_subscription(Target.CREATE)
+        >> store_process_subscription()
         # TODO add provision step(s)
     )

orchestrator/cli/migrate_domain_models.py

@@ -21,6 +21,7 @@ from orchestrator.cli.domain_gen_helpers.fixed_input_helpers import (
 from orchestrator.cli.domain_gen_helpers.helpers import (
     map_create_fixed_inputs,
     map_create_product_block_relations,
+    map_create_product_to_product_block_relations,
     map_create_resource_type_relations,
     map_delete_fixed_inputs,
     map_delete_product_block_relations,
@@ -191,6 +192,7 @@ def map_changes(
     db_product_names: list[str],
     inputs: dict[str, dict[str, str]],
     updates: ModelUpdates | None,
+    confirm_warnings: bool,
 ) -> DomainModelChanges:
     """Map changes that need to be made to fix differences between models and database.
 
@@ -203,6 +205,7 @@ def map_changes(
         db_product_names: Product names out of the database.
         inputs: Optional Dict with prefilled values.
         updates: Optional Dict.
+        confirm_warnings: confirm warnings to continue, fully knowing that things can go wrong.
 
     Returns: Mapped changes.
     """
@@ -231,7 +234,7 @@ def map_changes(
         create_product_fixed_inputs=map_create_fixed_inputs(model_diffs["products"]),
         update_product_fixed_inputs=updates.fixed_inputs,
         delete_product_fixed_inputs=map_delete_fixed_inputs(model_diffs["products"]),
-        create_product_to_block_relations=map_create_product_block_relations(model_diffs["products"]),
+        create_product_to_block_relations=map_create_product_to_product_block_relations(model_diffs["products"]),
         delete_product_to_block_relations=map_delete_product_block_relations(model_diffs["products"]),
         rename_resource_types=updates.resource_types,
         update_block_resource_types=updates.block_resource_types,
@@ -242,12 +245,14 @@ def map_changes(
         delete_resource_type_relations=delete_resource_type_relations,
         create_product_blocks=map_create_product_blocks(product_blocks),
         delete_product_blocks=map_delete_product_blocks(product_blocks),
-        create_product_block_relations=map_create_product_block_relations(model_diffs["blocks"]),
+        create_product_block_relations=map_create_product_block_relations(
+            model_diffs["blocks"], product_blocks, confirm_warnings
+        ),
         delete_product_block_relations=map_delete_product_block_relations(model_diffs["blocks"]),
     )
 
     changes = map_product_additional_relations(changes)
-    changes = map_product_block_additional_relations(changes)
+    changes = map_product_block_additional_relations(changes, product_blocks, confirm_warnings)
     temp = {key for v in changes.update_block_resource_types.values() for key in v.values()}
     related_resource_type_names = set(changes.create_resource_type_relations.keys()) | temp
     existing_renamed_rts = set(changes.rename_resource_types.values())
@@ -334,8 +339,12 @@ def generate_downgrade_sql(changes: DomainModelChanges) -> list[str]:
     sql_revert_create_product_product_block_relations = generate_delete_product_relations_sql(
         changes.create_product_to_block_relations,
     )
+
+    downgrade_block_relations = {
+        k: {b["name"] for b in blocks} for k, blocks in changes.create_product_block_relations.items()
+    }
     sql_revert_create_product_block_depends_blocks = generate_delete_product_block_relations_sql(
-        changes.create_product_block_relations
+        downgrade_block_relations
     )
 
     sql_revert_create_product_blocks = generate_delete_product_blocks_sql(set(changes.create_product_blocks.keys()))
@@ -361,6 +370,7 @@ def create_domain_models_migration_sql(
     inputs: dict[str, dict[str, str]],
     updates: ModelUpdates | None,
     is_test: bool = False,
+    confirm_warnings: bool = False,
 ) -> tuple[list[str], list[str]]:
     """Create tuple with list for upgrade and downgrade SQL statements based on SubscriptionModel.diff_product_in_database.
 
@@ -370,6 +380,7 @@ def create_domain_models_migration_sql(
         inputs: dict with pre-defined input values
         updates: The model
         is_test: the bool for if it is test
+        confirm_warnings: confirm warnings to continue, fully knowing that things can go wrong.
 
     Returns tuple:
         list of upgrade SQL statements in string format.
@@ -384,7 +395,7 @@ def create_domain_models_migration_sql(
     product_blocks = map_product_blocks(list(SUBSCRIPTION_MODEL_REGISTRY.values()))
     model_diffs = map_differences_unique(products, existing_products)
 
-    changes = map_changes(model_diffs, products, product_blocks, db_product_names, inputs, updates)
+    changes = map_changes(model_diffs, products, product_blocks, db_product_names, inputs, updates, confirm_warnings)
 
     logger.info("create_products", create_products=changes.create_products)
     logger.info("delete_products", delete_products=changes.delete_products)

orchestrator/db/models.py

@@ -117,7 +117,7 @@ class ProcessTable(BaseModel):
     is_task = mapped_column(Boolean, nullable=False, server_default=text("false"), index=True)
 
     steps = relationship(
-        "ProcessStepTable", cascade="delete", passive_deletes=True, order_by="asc(ProcessStepTable.executed_at)"
+        "ProcessStepTable", cascade="delete", passive_deletes=True, order_by="asc(ProcessStepTable.completed_at)"
     )
     input_states = relationship("InputStateTable", cascade="delete", order_by="desc(InputStateTable.input_time)")
     process_subscriptions = relationship("ProcessSubscriptionTable", back_populates="process", passive_deletes=True)
@@ -141,7 +141,8 @@ class ProcessStepTable(BaseModel):
     status = mapped_column(String(50), nullable=False)
     state = mapped_column(pg.JSONB(), nullable=False)
     created_by = mapped_column(String(255), nullable=True)
-    executed_at = mapped_column(UtcTimestamp, server_default=text("statement_timestamp()"), nullable=False)
+    completed_at = mapped_column(UtcTimestamp, server_default=text("statement_timestamp()"), nullable=False)
+    started_at = mapped_column(UtcTimestamp, server_default=text("statement_timestamp()"), nullable=False)
     commit_hash = mapped_column(String(40), nullable=True, default=GIT_COMMIT_HASH)
 
 
@@ -154,7 +155,9 @@ class ProcessSubscriptionTable(BaseModel):
     )
     subscription_id = mapped_column(UUIDType, ForeignKey("subscriptions.subscription_id"), nullable=False, index=True)
     created_at = mapped_column(UtcTimestamp, server_default=text("current_timestamp()"), nullable=False)
-    workflow_target = mapped_column(String(255), nullable=False, server_default=Target.CREATE)
+
+    # FIXME: workflow_target is already stored in the workflow table, this column should get removed in a later release.
+    workflow_target = mapped_column(String(255), nullable=True)
 
     process = relationship("ProcessTable", back_populates="process_subscriptions")
     subscription = relationship("SubscriptionTable", back_populates="processes")

orchestrator/graphql/schemas/process.py

@@ -6,14 +6,17 @@ from strawberry.federation.schema_directives import Key
 from strawberry.scalars import JSON
 
 from oauth2_lib.strawberry import authenticated_field
+from orchestrator.api.api_v1.endpoints.processes import get_auth_callbacks, get_current_steps
 from orchestrator.db import ProcessTable, ProductTable, db
 from orchestrator.graphql.pagination import EMPTY_PAGE, Connection
 from orchestrator.graphql.schemas.customer import CustomerType
 from orchestrator.graphql.schemas.helpers import get_original_model
 from orchestrator.graphql.schemas.product import ProductType
-from orchestrator.graphql.types import GraphqlFilter, GraphqlSort, OrchestratorInfo
+from orchestrator.graphql.types import FormUserPermissionsType, GraphqlFilter, GraphqlSort, OrchestratorInfo
 from orchestrator.schemas.process import ProcessSchema, ProcessStepSchema
+from orchestrator.services.processes import load_process
 from orchestrator.settings import app_settings
+from orchestrator.workflows import get_workflow
 
 if TYPE_CHECKING:
     from orchestrator.graphql.schemas.subscription import SubscriptionInterface
@@ -29,7 +32,11 @@ class ProcessStepType:
     name: strawberry.auto
     status: strawberry.auto
     created_by: strawberry.auto
-    executed: strawberry.auto
+    executed: strawberry.auto = strawberry.field(
+        deprecation_reason="Deprecated, use 'started' and 'completed' for step start and completion times"
+    )
+    started: strawberry.auto
+    completed: strawberry.auto
     commit_hash: strawberry.auto
     state: JSON | None
     state_delta: JSON | None
@@ -74,6 +81,18 @@ class ProcessType:
             shortcode=app_settings.DEFAULT_CUSTOMER_SHORTCODE,
         )
 
+    @strawberry.field(description="Returns user permissions for operations on this process")  # type: ignore
+    def user_permissions(self, info: OrchestratorInfo) -> FormUserPermissionsType:
+        oidc_user = info.context.get_current_user
+        workflow = get_workflow(self.workflow_name)
+        process = load_process(db.session.get(ProcessTable, self.process_id))  # type: ignore[arg-type]
+        auth_resume, auth_retry = get_auth_callbacks(get_current_steps(process), workflow)  # type: ignore[arg-type]
+
+        return FormUserPermissionsType(
+            retryAllowed=auth_retry and auth_retry(oidc_user),  # type: ignore[arg-type]
+            resumeAllowed=auth_resume and auth_resume(oidc_user),  # type: ignore[arg-type]
+        )
+
     @authenticated_field(description="Returns list of subscriptions of the process")  # type: ignore
     async def subscriptions(
         self,

orchestrator/graphql/schemas/product.py

@@ -52,21 +52,20 @@ class ProductType:
         return await resolve_subscriptions(info, filter_by_with_related_subscriptions, sort_by, first, after)
 
     @strawberry.field(description="Returns list of all nested productblock names")  # type: ignore
-    async def all_pb_names(self) -> list[str]:
-
+    async def all_product_block_names(self) -> list[str]:
         model = get_original_model(self, ProductTable)
 
-        def get_all_pb_names(product_blocks: list[ProductBlockTable]) -> Iterable[str]:
+        def get_names(product_blocks: list[ProductBlockTable], visited: set) -> Iterable[str]:
             for product_block in product_blocks:
+                if product_block.product_block_id in visited:
+                    continue
+                visited.add(product_block.product_block_id)
                 yield product_block.name
-
                 if product_block.depends_on:
-                    yield from get_all_pb_names(product_block.depends_on)
-
-        names: list[str] = list(get_all_pb_names(model.product_blocks))
-        names.sort()
+                    yield from get_names(product_block.depends_on, visited)
 
-        return names
+        names = set(get_names(model.product_blocks, set()))
+        return sorted(names)
 
     @strawberry.field(description="Return product blocks")  # type: ignore
     async def product_blocks(self) -> list[Annotated["ProductBlock", strawberry.lazy(".product_block")]]:

orchestrator/graphql/schemas/workflow.py

@@ -5,6 +5,7 @@ import strawberry
 from orchestrator.config.assignee import Assignee
 from orchestrator.db import WorkflowTable
 from orchestrator.graphql.schemas.helpers import get_original_model
+from orchestrator.graphql.types import OrchestratorInfo
 from orchestrator.schemas import StepSchema, WorkflowSchema
 from orchestrator.workflows import get_workflow
 
@@ -30,3 +31,11 @@ class Workflow:
     @strawberry.field(description="Return all steps for this workflow")  # type: ignore
     def steps(self) -> list[Step]:
         return [Step(name=step.name, assignee=step.assignee) for step in get_workflow(self.name).steps]  # type: ignore
+
+    @strawberry.field(description="Return whether the currently logged-in used is allowed to start this workflow")  # type: ignore
+    def is_allowed(self, info: OrchestratorInfo) -> bool:
+        oidc_user = info.context.get_current_user
+        workflow_table = get_original_model(self, WorkflowTable)
+        workflow = get_workflow(workflow_table.name)
+
+        return workflow.authorize_callback(oidc_user)  # type: ignore

orchestrator/graphql/types.py

@@ -1,4 +1,4 @@
-# Copyright 2022-2023 SURF, GÉANT.
+# Copyright 2022-2025 SURF, GÉANT.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -132,6 +132,12 @@ SCALAR_OVERRIDES: ScalarOverrideType = {
 }
 
 
+@strawberry.type(description="User permissions on a specific process")
+class FormUserPermissionsType:
+    retryAllowed: bool
+    resumeAllowed: bool
+
+
 @strawberry.type(description="Generic class to capture errors")
 class MutationError:
     message: str = strawberry.field(description="Error message")