orchestrator-core 4.6.4__py3-none-any.whl → 4.7.0__py3-none-any.whl

orchestrator/search/query/builder.py

@@ -25,6 +25,7 @@ from orchestrator.db.models import AiSearchIndex
 from orchestrator.search.aggregations import AggregationType, BaseAggregation, CountAggregation
 from orchestrator.search.core.types import EntityType, FieldType, FilterOp, UIType
 from orchestrator.search.filters import LtreeFilter
+from orchestrator.search.query.mixins import OrderDirection
 from orchestrator.search.query.queries import AggregateQuery, CountQuery, Query
 
 
@@ -181,7 +182,8 @@ def _build_pivot_cte(base_query: Select, pivot_fields: list[str]) -> CTE:
 
 
 def _build_grouping_columns(
-    query: CountQuery | AggregateQuery, pivot_cte: CTE
+    query: CountQuery | AggregateQuery,
+    pivot_cte: CTE,
 ) -> tuple[list[Any], list[Any], list[str]]:
     """Build GROUP BY columns and their SELECT columns.
 
@@ -244,6 +246,76 @@ def _build_aggregation_columns(query: CountQuery | AggregateQuery, pivot_cte: CT
     return [count_agg.to_expression(pivot_cte.c.entity_id)]
 
 
+def _apply_cumulative_aggregations(
+    stmt: Select,
+    query: CountQuery | AggregateQuery,
+    group_column_names: list[str],
+    aggregation_columns: list[Label],
+) -> Select:
+    """Add cumulative aggregation columns."""
+
+    # At this point, cumulative validation has already happened at query build time
+    # in GroupingMixin.validate_grouping_constraints, so we know:
+    # temporal_group_by exists and has exactly 1 element when cumulative=True
+    if not query.cumulative or not aggregation_columns or not query.temporal_group_by:
+        return stmt
+
+    temporal_alias = query.temporal_group_by[0].alias
+
+    base_subquery = stmt.subquery()
+    partition_cols = [base_subquery.c[name] for name in group_column_names if name != temporal_alias]
+    order_col = base_subquery.c[temporal_alias]
+
+    base_columns = [base_subquery.c[col] for col in base_subquery.c.keys()]
+
+    cumulative_columns = []
+    for agg_col in aggregation_columns:
+        cumulative_alias = f"{agg_col.key}_cumulative"
+        over_kwargs: dict[str, Any] = {"order_by": order_col}
+        if partition_cols:
+            over_kwargs["partition_by"] = partition_cols
+        cumulative_expr = func.sum(base_subquery.c[agg_col.key]).over(**over_kwargs).label(cumulative_alias)
+        cumulative_columns.append(cumulative_expr)
+
+    return select(*(base_columns + cumulative_columns)).select_from(base_subquery)
+
+
+def _apply_ordering(
+    stmt: Select,
+    query: CountQuery | AggregateQuery,
+    group_column_names: list[str],
+) -> Select:
+    """Apply ordering instructions to the SELECT statement."""
+    columns_by_key = {col.key: col for col in stmt.selected_columns}
+
+    if query.order_by:
+        order_expressions = []
+        for instruction in query.order_by:
+            # 1) exact match
+            col = columns_by_key.get(instruction.field)
+            if col is None:
+                # 2) temporal alias,
+                for tg in query.temporal_group_by or []:
+                    if instruction.field == tg.field or instruction.field == tg.alias:
+                        col = columns_by_key.get(tg.alias)
+                        if col is not None:
+                            break
+                if col is None:
+                    # 3) normalized field path
+                    col = columns_by_key.get(BaseAggregation.field_to_alias(instruction.field))
+            if col is None:
+                raise ValueError(f"Cannot order by '{instruction.field}'; column not found.")
+            order_expressions.append(col.desc() if instruction.direction == OrderDirection.DESC else col.asc())
+        return stmt.order_by(*order_expressions)
+
+    if query.temporal_group_by:
+        # Default ordering by all grouping columns (ascending)
+        order_expressions = [columns_by_key[col_name].asc() for col_name in group_column_names]
+        return stmt.order_by(*order_expressions)
+
+    return stmt
+
+
 def build_simple_count_query(base_query: Select) -> Select:
     """Build a simple count query without grouping.
 
@@ -282,4 +354,7 @@ def build_aggregation_query(query: CountQuery | AggregateQuery, base_query: Sele
     if group_cols:
         stmt = stmt.group_by(*group_cols)
 
+    stmt = _apply_cumulative_aggregations(stmt, query, group_col_names, agg_cols)
+    stmt = _apply_ordering(stmt, query, group_col_names)
+
     return stmt, group_col_names

orchestrator/search/query/mixins.py

@@ -1,6 +1,8 @@
 import uuid
+from enum import Enum
+from typing import Self
 
-from pydantic import BaseModel, Field
+from pydantic import BaseModel, Field, model_validator
 
 from orchestrator.search.aggregations import Aggregation, TemporalGrouping
 
@@ -8,9 +10,28 @@ __all__ = [
     "SearchMixin",
     "GroupingMixin",
     "AggregationMixin",
+    "OrderBy",
+    "OrderDirection",
 ]
 
 
+class OrderDirection(str, Enum):
+    """Sorting direction for aggregation results."""
+
+    ASC = "asc"
+    DESC = "desc"
+
+
+class OrderBy(BaseModel):
+    """Ordering descriptor for aggregation responses."""
+
+    field: str = Field(description="Grouping or aggregation field/alias to order by.")
+    direction: OrderDirection = Field(
+        default=OrderDirection.ASC,
+        description="Sorting direction (asc or desc).",
+    )
+
+
 class SearchMixin(BaseModel):
     """Mixin providing text search capability.
 
@@ -59,6 +80,37 @@ class GroupingMixin(BaseModel):
         default=None,
         description="Temporal grouping specifications (group by month, year, etc.)",
     )
+    cumulative: bool = Field(
+        default=False,
+        description="Enable cumulative aggregations when temporal grouping is present.",
+    )
+    order_by: list[OrderBy] | None = Field(
+        default=None,
+        description="Ordering instructions for grouped aggregation results.",
+    )
+
+    @model_validator(mode="after")
+    def validate_grouping_constraints(self) -> Self:
+        """Validate cross-field constraints for grouping features."""
+        if self.order_by and not self.group_by and not self.temporal_group_by:
+            raise ValueError(
+                "order_by requires at least one grouping field (group_by or temporal_group_by). "
+                "Ordering only applies to grouped aggregation results."
+            )
+
+        if self.cumulative:
+            if not self.temporal_group_by:
+                raise ValueError(
+                    "cumulative requires at least one temporal grouping (temporal_group_by). "
+                    "Cumulative aggregations compute running totals over time."
+                )
+            if len(self.temporal_group_by) > 1:
+                raise ValueError(
+                    "cumulative currently supports only a single temporal grouping. "
+                    "Multiple temporal dimensions with running totals are not yet supported."
+                )
+
+        return self
 
     def get_pivot_fields(self) -> list[str]:
         """Get all fields needed for EAV pivot from grouping.
@@ -82,7 +134,10 @@ class AggregationMixin(BaseModel):
     Used by AGGREGATE queries to define what statistics to compute.
     """
 
-    aggregations: list[Aggregation] = Field(description="Aggregations to compute (SUM, AVG, MIN, MAX, COUNT)")
+    aggregations: list[Aggregation] = Field(
+        description="Aggregations to compute (SUM, AVG, MIN, MAX, COUNT)",
+        min_length=1,
+    )
 
     def get_aggregation_pivot_fields(self) -> list[str]:
         """Get fields needed for EAV pivot from aggregations.

orchestrator/search/query/queries.py

@@ -13,7 +13,7 @@
 
 from typing import Annotated, Any, ClassVar, Literal, Self, Union
 
-from pydantic import BaseModel, ConfigDict, Discriminator, Field
+from pydantic import BaseModel, ConfigDict, Discriminator, Field, model_validator
 
 from orchestrator.search.core.types import ActionType, EntityType
 from orchestrator.search.filters import FilterTree
@@ -112,6 +112,20 @@ class AggregateQuery(BaseQuery, GroupingMixin, AggregationMixin):
     query_type: Literal["aggregate"] = "aggregate"
     _action: ClassVar[ActionType] = ActionType.AGGREGATE
 
+    @model_validator(mode="after")
+    def validate_cumulative_aggregation_types(self) -> Self:
+        """Validate that cumulative is only used with COUNT and SUM aggregations."""
+        if self.cumulative:
+            from orchestrator.search.aggregations import AggregationType
+
+            for agg in self.aggregations:
+                if agg.type in (AggregationType.AVG, AggregationType.MIN, AggregationType.MAX):
+                    raise ValueError(
+                        f"Cumulative aggregations are not supported for {agg.type.value.upper()} aggregations. "
+                        f"Cumulative only works with COUNT and SUM."
+                    )
+        return self
+
     def get_pivot_fields(self) -> list[str]:
         """Get all fields needed for EAV pivot including aggregation fields."""
         # Get grouping fields from GroupingMixin

orchestrator/search/query/validation.py

@@ -31,6 +31,7 @@ from orchestrator.search.query.exceptions import (
     InvalidLtreePatternError,
     PathNotFoundError,
 )
+from orchestrator.search.query.mixins import OrderBy
 
 
 def is_filter_compatible_with_field_type(filter_condition: FilterCondition, field_type: FieldType) -> bool:
@@ -207,3 +208,45 @@ def validate_temporal_grouping_field(field_path: str) -> None:
     # Validate field type is datetime
     if field_type_str != FieldType.DATETIME.value:
         raise IncompatibleTemporalGroupingTypeError(field_path, field_type_str)
+
+
+def validate_grouping_fields(group_by_paths: list[str]) -> None:
+    """Validate that all grouping field paths exist in the database.
+
+    Args:
+        group_by_paths: List of field paths to group by
+
+    Raises:
+        PathNotFoundError: If any path doesn't exist in the database
+    """
+    for path in group_by_paths:
+        field_type = validate_filter_path(path)
+        if field_type is None:
+            raise PathNotFoundError(path)
+
+
+def validate_order_by_fields(order_by: list[OrderBy] | None) -> None:
+    """Validate that order_by field paths exist in the database.
+
+    Args:
+        order_by: List of ordering instructions, or None
+
+    Raises:
+        PathNotFoundError: If a field path doesn't exist in the database
+
+    Note:
+        Only validates fields that appear to be paths (contain dots).
+        Aggregation aliases (no dots, like 'count') are skipped as they
+        cannot be validated until query execution time.
+    """
+    if order_by is None:
+        return
+
+    for order_instr in order_by:
+        # Skip aggregation aliases (no dots, e.g., 'count', 'revenue')
+        if "." not in order_instr.field:
+            continue
+
+        field_type = validate_filter_path(order_instr.field)
+        if field_type is None:
+            raise PathNotFoundError(order_instr.field)

orchestrator/services/processes.py

@@ -421,10 +421,6 @@ def _run_process_async(process_id: UUID, f: Callable) -> UUID:
     return process_id
 
 
-def error_message_unauthorized(workflow_key: str) -> str:
-    return f"User is not authorized to execute '{workflow_key}' workflow"
-
-
 def create_process(
     workflow_key: str,
     user_inputs: list[State] | None = None,
@@ -442,9 +438,6 @@ def create_process(
     if not workflow:
         raise_status(HTTPStatus.NOT_FOUND, "Workflow does not exist")
 
-    if not workflow.authorize_callback(user_model):
-        raise_status(HTTPStatus.FORBIDDEN, error_message_unauthorized(workflow_key))
-
     initial_state = {
         "process_id": process_id,
         "reporter": user,

orchestrator/services/workflows.py

@@ -64,6 +64,10 @@ def get_workflow_by_name(workflow_name: str) -> WorkflowTable | None:
     return db.session.scalar(select(WorkflowTable).where(WorkflowTable.name == workflow_name))
 
 
+def get_workflow_by_workflow_id(workflow_id: str) -> WorkflowTable | None:
+    return db.session.scalar(select(WorkflowTable).where(WorkflowTable.workflow_id == workflow_id))
+
+
 def get_validation_product_workflows_for_subscription(
     subscription: SubscriptionTable,
 ) -> list:

orchestrator/settings.py

@@ -17,10 +17,13 @@ from pathlib import Path
 from typing import Literal
 
 from pydantic import Field, NonNegativeInt, PostgresDsn, RedisDsn
+from pydantic.main import BaseModel
 from pydantic_settings import BaseSettings
 
+from oauth2_lib.fastapi import OIDCUserModel
 from oauth2_lib.settings import oauth2lib_settings
 from orchestrator.services.settings_env_variables import expose_settings
+from orchestrator.utils.auth import Authorizer
 from orchestrator.utils.expose_settings import SecretStr as OrchSecretStr
 from pydantic_forms.types import strEnum
 
@@ -111,3 +114,48 @@ if app_settings.EXPOSE_SETTINGS:
     expose_settings("app_settings", app_settings)  # type: ignore
 if app_settings.EXPOSE_OAUTH_SETTINGS:
     expose_settings("oauth2lib_settings", oauth2lib_settings)  # type: ignore
+
+
+class Authorizers(BaseModel):
+    # Callbacks specifically for orchestrator-core callbacks.
+    # Separate from defaults for user-defined workflows and steps.
+    internal_authorize_callback: Authorizer | None = None
+    internal_retry_auth_callback: Authorizer | None = None
+
+    async def authorize_callback(self, user: OIDCUserModel | None) -> bool:
+        """This is the authorize_callback to be registered for workflows defined within orchestrator-core.
+
+        If Authorizers.internal_authorize_callback is None, this function will return True.
+        i.e. any user will be authorized to start internal workflows.
+        """
+        if self.internal_authorize_callback is None:
+            return True
+        return await self.internal_authorize_callback(user)
+
+    async def retry_auth_callback(self, user: OIDCUserModel | None) -> bool:
+        """This is the retry_auth_callback to be registered for workflows defined within orchestrator-core.
+
+        If Authorizers.internal_retry_auth_callback is None, this function will return True.
+        i.e. any user will be authorized to retry internal workflows on failure.
+        """
+        if self.internal_retry_auth_callback is None:
+            return True
+        return await self.internal_retry_auth_callback(user)
+
+
+_authorizers = Authorizers()
+
+
+def get_authorizers() -> Authorizers:
+    """Acquire singleton of app authorizers to assign these callbacks at app setup.
+
+    Ensures downstream users can acquire singleton without being tempted to do
+    from orchestrator.settings import authorizers
+    authorizers = my_authorizers
+    or
+    from orchestrator import settings
+    settings.authorizers = my_authorizers
+
+    ...each of which goes wrong in its own way.
+    """
+    return _authorizers

orchestrator/utils/auth.py

@@ -1,4 +1,4 @@
-from collections.abc import Callable
+from collections.abc import Awaitable, Callable
 from typing import TypeAlias, TypeVar
 
 from oauth2_lib.fastapi import OIDCUserModel
@@ -7,4 +7,4 @@ from oauth2_lib.fastapi import OIDCUserModel
 
 # Can instead use "type Authorizer = ..." in later Python versions.
 T = TypeVar("T", bound=OIDCUserModel)
-Authorizer: TypeAlias = Callable[[T | None], bool]
+Authorizer: TypeAlias = Callable[[T | None], Awaitable[bool]]

orchestrator/websocket/__init__.py

@@ -105,6 +105,19 @@ async def invalidate_subscription_cache(subscription_id: UUID | UUIDstr, invalid
     await broadcast_invalidate_cache({"type": "subscriptions", "id": str(subscription_id)})
 
 
+async def broadcast_invalidate_status_counts_async() -> None:
+    """Broadcast message to invalidate the status counts of the connected websocket clients.
+
+    This breaks the pattern of `sync_` prefixes to maintain backwards compatibility of
+    broadcast_invalidate_status_counts, a sync function.
+    """
+    if not websocket_manager.enabled:
+        logger.debug("WebSocketManager is not enabled. Skip broadcasting through websocket.")
+        return
+
+    await broadcast_invalidate_cache({"type": "processStatusCounts"})
+
+
 def broadcast_invalidate_status_counts() -> None:
     """Broadcast message to invalidate the status counts of the connected websocket clients."""
     if not websocket_manager.enabled:
@@ -148,4 +161,5 @@ __all__ = [
     "broadcast_process_update_to_websocket_async",
     "WS_CHANNELS",
     "broadcast_invalidate_status_counts",
+    "broadcast_invalidate_status_counts_async",
 ]

orchestrator/workflow.py

@@ -193,7 +193,7 @@ def _handle_simple_input_form_generator(f: StateInputStepFunc) -> StateInputForm
     return form_generator
 
 
-def allow(_: OIDCUserModel | None) -> bool:
+async def allow(_: OIDCUserModel | None) -> bool:
     """Default function to return True in absence of user-defined authorize function."""
     return True
 

orchestrator/workflows/__init__.py

@@ -111,5 +111,6 @@ LazyWorkflowInstance(".tasks.cleanup_tasks_log", "task_clean_up_tasks")
 LazyWorkflowInstance(".tasks.resume_workflows", "task_resume_workflows")
 LazyWorkflowInstance(".tasks.validate_products", "task_validate_products")
 LazyWorkflowInstance(".tasks.validate_product_type", "task_validate_product_type")
+LazyWorkflowInstance(".tasks.validate_subscriptions", "task_validate_subscriptions")
 
 __doc__ = make_workflow_index_doc(ALL_WORKFLOWS)

orchestrator/workflows/modify_note.py

@@ -13,6 +13,7 @@
 from orchestrator.db import db
 from orchestrator.forms import SubmitFormPage
 from orchestrator.services import subscriptions
+from orchestrator.settings import get_authorizers
 from orchestrator.targets import Target
 from orchestrator.utils.json import to_serializable
 from orchestrator.workflow import StepList, done, init, step, workflow
@@ -21,6 +22,8 @@ from orchestrator.workflows.utils import wrap_modify_initial_input_form
 from pydantic_forms.types import FormGenerator, State, UUIDstr
 from pydantic_forms.validators import LongText
 
+authorizers = get_authorizers()
+
 
 def initial_input_form(subscription_id: UUIDstr) -> FormGenerator:
     subscription = subscriptions.get_subscription(subscription_id)
@@ -51,6 +54,12 @@ def store_subscription_note(subscription_id: UUIDstr, note: str) -> State:
     }
 
 
-@workflow("Modify Note", initial_input_form=wrap_modify_initial_input_form(initial_input_form), target=Target.MODIFY)
+@workflow(
+    "Modify Note",
+    initial_input_form=wrap_modify_initial_input_form(initial_input_form),
+    target=Target.MODIFY,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
+)
 def modify_note() -> StepList:
     return init >> store_process_subscription() >> store_subscription_note >> done

orchestrator/workflows/removed_workflow.py

@@ -12,11 +12,18 @@
 # limitations under the License.
 
 
+from orchestrator.settings import get_authorizers
 from orchestrator.workflow import StepList, workflow
 
+authorizers = get_authorizers()
+
 
 # This workflow has been made to create the initial import process for a SN7 subscription
 # it does not do anything but is needed for the correct showing in the GUI.
-@workflow("Dummy workflow to replace removed workflows")
+@workflow(
+    "Dummy workflow to replace removed workflows",
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
+)
 def removed_workflow() -> StepList:
     return StepList()

orchestrator/workflows/tasks/cleanup_tasks_log.py

@@ -17,12 +17,14 @@ from datetime import timedelta
 from sqlalchemy import select
 
 from orchestrator.db import ProcessTable, db
-from orchestrator.settings import app_settings
+from orchestrator.settings import app_settings, get_authorizers
 from orchestrator.targets import Target
 from orchestrator.utils.datetime import nowtz
 from orchestrator.workflow import ProcessStatus, StepList, done, init, step, workflow
 from pydantic_forms.types import State
 
+authorizers = get_authorizers()
+
 
 @step("Clean up completed tasks older than TASK_LOG_RETENTION_DAYS")
 def remove_tasks() -> State:
@@ -41,6 +43,11 @@ def remove_tasks() -> State:
     return {"tasks_removed": count}
 
 
-@workflow("Clean up old tasks", target=Target.SYSTEM)
+@workflow(
+    "Clean up old tasks",
+    target=Target.SYSTEM,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
+)
 def task_clean_up_tasks() -> StepList:
     return init >> remove_tasks >> done

orchestrator/workflows/tasks/resume_workflows.py

@@ -17,10 +17,12 @@ from sqlalchemy import select
 
 from orchestrator.db import ProcessTable, db
 from orchestrator.services import processes
+from orchestrator.settings import get_authorizers
 from orchestrator.targets import Target
 from orchestrator.workflow import ProcessStatus, StepList, done, init, step, workflow
 from pydantic_forms.types import State, UUIDstr
 
+authorizers = get_authorizers()
 logger = structlog.get_logger(__name__)
 
 
@@ -110,6 +112,8 @@ def restart_created_workflows(created_state_process_ids: list[UUIDstr]) -> State
 @workflow(
     "Resume all workflows that are stuck on tasks with the status 'waiting', 'created' or 'resumed'",
     target=Target.SYSTEM,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
 )
 def task_resume_workflows() -> StepList:
     return init >> find_waiting_workflows >> resume_found_workflows >> restart_created_workflows >> done

orchestrator/workflows/tasks/validate_product_type.py

@@ -25,10 +25,12 @@ from orchestrator.services.workflows import (
     get_validation_product_workflows_for_subscription,
     start_validation_workflow_for_workflows,
 )
+from orchestrator.settings import get_authorizers
 from orchestrator.targets import Target
 from orchestrator.workflow import StepList, done, init, step, workflow
 from pydantic_forms.types import FormGenerator, State
 
+authorizers = get_authorizers()
 logger = structlog.get_logger(__name__)
 
 
@@ -86,7 +88,11 @@ def validate_product_type(product_type: str) -> State:
 
 
 @workflow(
-    "Validate all subscriptions of Product Type", target=Target.SYSTEM, initial_input_form=initial_input_form_generator
+    "Validate all subscriptions of Product Type",
+    target=Target.SYSTEM,
+    initial_input_form=initial_input_form_generator,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
 )
 def task_validate_product_type() -> StepList:
     return init >> validate_product_type >> done

orchestrator/workflows/tasks/validate_products.py

@@ -26,12 +26,15 @@ from orchestrator.services import products
 from orchestrator.services.products import get_products
 from orchestrator.services.translations import generate_translations
 from orchestrator.services.workflows import get_workflow_by_name, get_workflows
+from orchestrator.settings import get_authorizers
 from orchestrator.targets import Target
 from orchestrator.utils.errors import ProcessFailureError
 from orchestrator.utils.fixed_inputs import fixed_input_configuration as fi_configuration
 from orchestrator.workflow import StepList, done, init, step, workflow
 from pydantic_forms.types import State
 
+authorizers = get_authorizers()
+
 # Since these errors are probably programming failures we should not throw AssertionErrors
 
 
@@ -187,7 +190,12 @@ def check_subscription_models() -> State:
     return {"check_subscription_models": True}
 
 
-@workflow("Validate products", target=Target.SYSTEM)
+@workflow(
+    "Validate products",
+    target=Target.SYSTEM,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
+)
 def task_validate_products() -> StepList:
     return (
         init

orchestrator/{schedules → workflows/tasks}/validate_subscriptions.py

@@ -16,7 +16,6 @@ from threading import BoundedSemaphore
 
 import structlog
 
-from orchestrator.schedules.scheduler import scheduler
 from orchestrator.services.subscriptions import (
     get_subscriptions_on_product_table,
     get_subscriptions_on_product_table_in_sync,
@@ -25,15 +24,19 @@ from orchestrator.services.workflows import (
     get_validation_product_workflows_for_subscription,
     start_validation_workflow_for_workflows,
 )
-from orchestrator.settings import app_settings
+from orchestrator.settings import app_settings, get_authorizers
+from orchestrator.targets import Target
+from orchestrator.workflow import StepList, init, step, workflow
 
 logger = structlog.get_logger(__name__)
 
 
 task_semaphore = BoundedSemaphore(value=2)
 
+authorizers = get_authorizers()
 
-@scheduler.scheduled_job(id="subscriptions-validator", name="Subscriptions Validator", trigger="cron", hour=0, minute=10)  # type: ignore[misc]
+
+@step("Validate subscriptions")
 def validate_subscriptions() -> None:
     if app_settings.VALIDATE_OUT_OF_SYNC_SUBSCRIPTIONS:
         # Automatically re-validate out-of-sync subscriptions. This is not recommended for production.
@@ -53,3 +56,13 @@ def validate_subscriptions() -> None:
             break
 
         start_validation_workflow_for_workflows(subscription=subscription, workflows=validation_product_workflows)
+
+
+@workflow(
+    "Validate subscriptions",
+    target=Target.SYSTEM,
+    authorize_callback=authorizers.authorize_callback,
+    retry_auth_callback=authorizers.retry_auth_callback,
+)
+def task_validate_subscriptions() -> StepList:
+    return init >> validate_subscriptions

orchestrator/workflows/translations/en-GB.json

@@ -16,6 +16,7 @@
         "task_resume_workflows": "Resume all workflows that are stuck on tasks with the status 'waiting'",
         "task_validate_products": "Validate Products and Subscriptions",
         "task_validate_product_type": "Validate all subscriptions of Product Type",
-        "reset_subscription_description": "Reset description of a subscription to default"
+        "reset_subscription_description": "Reset description of a subscription to default",
+        "task_validate_subscriptions": "Validate subscriptions"
     }
 }