synapse 2.164.0__py311-none-any.whl → 2.166.0__py311-none-any.whl

synapse/lib/cell.py

@@ -79,6 +79,8 @@ permnames = {
     PERM_ADMIN: 'admin',
 }
 
+diskspace = "Insufficient free space on disk."
+
 def adminapi(log=False):
     '''
     Decorator for CellApi (and subclasses) for requiring a method to be called only by an admin user.
@@ -121,7 +123,8 @@ async def _doIterBackup(path, chunksize=1024):
     link0, file1 = await s_link.linkfile()
 
     def dowrite(fd):
-        with tarfile.open(output_filename, 'w|gz', fileobj=fd) as tar:
+        # TODO: When we are 3.12+ convert this back to w|gz - see https://github.com/python/cpython/pull/2962
+        with tarfile.open(output_filename, 'w:gz', fileobj=fd, compresslevel=1) as tar:
             tar.add(path, arcname=os.path.basename(path))
         fd.close()
 
@@ -341,7 +344,7 @@ class CellApi(s_base.Base):
     async def promote(self, graceful=False):
         return await self.cell.promote(graceful=graceful)
 
-    @adminapi()
+    @adminapi(log=True)
     async def handoff(self, turl, timeout=30):
         return await self.cell.handoff(turl, timeout=timeout)
 
@@ -1057,6 +1060,7 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
         self.cellparent = parent
         self.sessions = {}
         self.isactive = False
+        self.activebase = None
         self.inaugural = False
         self.activecoros = {}
         self.sockaddr = None  # Default value...
@@ -1155,6 +1159,9 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
         self.usermetadb = self.slab.initdb('user:meta')  # useriden + <valu> -> dict valu
         self.rolemetadb = self.slab.initdb('role:meta')  # roleiden + <valu> -> dict valu
 
+        # for runtime cell configuration values
+        self.slab.initdb('cell:conf')
+
         self._sslctx_cache = s_cache.FixedCache(self._makeCachedSslCtx, size=SSLCTX_CACHE_SIZE)
 
         self.hive = await self._initCellHive()
@@ -1385,32 +1392,22 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
             if (disk.free / disk.total) <= self.minfree:
 
-                reason = "Insufficient free space on disk."
-
-                await self._setReadOnly(True, reason=reason)
-                nexsroot.setReadOnly(True, reason=reason)
+                await nexsroot.addWriteHold(diskspace)
 
                 mesg = f'Free space on {self.dirn} below minimum threshold (currently ' \
                        f'{disk.free / disk.total * 100:.2f}%), setting Cell to read-only.'
-                logger.warning(mesg)
+                logger.error(mesg)
 
             elif nexsroot.readonly:
 
-                await self._setReadOnly(False)
-                nexsroot.setReadOnly(False)
-
-                await self.nexsroot.startup()
+                await nexsroot.delWriteHold(diskspace)
 
                 mesg = f'Free space on {self.dirn} above minimum threshold (currently ' \
                        f'{disk.free / disk.total * 100:.2f}%), re-enabling writes.'
-                logger.warning(mesg)
+                logger.error(mesg)
 
             await self._checkspace.timewait(timeout=self.FREE_SPACE_CHECK_FREQ)
 
-    async def _setReadOnly(self, valu, reason=None):
-        # implement any behavior necessary to change the cell read-only status
-        pass
-
     def _getAhaAdmin(self):
         name = self.conf.get('aha:admin')
         if name is not None:
@@ -1563,32 +1560,22 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
         self.ahasvcname = f'{ahaname}.{ahanetw}'
 
-        async def onlink(proxy):
-            while not proxy.isfini:
-                info = await self.getAhaInfo()
+        async def _runAhaRegLoop():
+
+            while not self.isfini:
                 try:
+                    proxy = await self.ahaclient.proxy()
+                    info = await self.getAhaInfo()
                     await proxy.addAhaSvc(ahaname, info, network=ahanetw)
                     if self.isactive and ahalead is not None:
                         await proxy.addAhaSvc(ahalead, info, network=ahanetw)
+                except Exception as e:
+                    logger.exception(f'Error registering service {self.ahasvcname} with AHA: {e}')
+                    await self.waitfini(1)
+                else:
+                    await proxy.waitfini()
 
-                    return
-
-                except asyncio.CancelledError:  # pragma: no cover
-                    raise
-
-                except Exception:
-                    logger.exception('Error in _initAhaService() onlink')
-
-                await proxy.waitfini(1)
-
-        async def fini():
-            await self.ahaclient.offlink(onlink)
-
-        async def init():
-            await self.ahaclient.onlink(onlink)
-            self.onfini(fini)
-
-        self.schedCoro(init())
+        self.schedCoro(_runAhaRegLoop())
 
     async def initServiceRuntime(self):
         pass
@@ -1675,9 +1662,11 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
             mesg = 'promote() called on non-mirror'
             raise s_exc.BadConfValu(mesg=mesg)
 
+        ahaname = self.conf.get('aha:name')
+        logger.warning(f'PROMOTION: Performing leadership promotion graceful={graceful} ahaname={ahaname}')
+
         if graceful:
 
-            ahaname = self.conf.get('aha:name')
             if ahaname is None: # pragma: no cover
                 mesg = 'Cannot gracefully promote without aha:name configured.'
                 raise s_exc.BadArg(mesg=mesg)
@@ -1688,21 +1677,34 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
                 raise s_exc.BadArg(mesg=mesg)
 
             myurl = f'aha://{ahaname}.{ahanetw}'
+            logger.debug(f'PROMOTION: Connecting to {mirurl} to request leadership handoff to ahaname={ahaname}')
             async with await s_telepath.openurl(mirurl) as lead:
+                logger.debug(f'PROMOTION: Requesting leadership handoff to ahaname={ahaname}')
                 await lead.handoff(myurl)
+                logger.warning(f'PROMOTION: Completed leadership handoff to ahaname={ahaname}')
                 return
 
+        logger.debug(f'PROMOTION: Clearing mirror configuration for ahaname={ahaname}')
         self.modCellConf({'mirror': None})
 
+        logger.debug(f'PROMOTION: Promoting the nexus root for ahaname={ahaname}')
         await self.nexsroot.promote()
+
+        logger.debug(f'PROMOTION: Setting the cell as active ahaname={ahaname}')
         await self.setCellActive(True)
 
+        logger.warning(f'PROMOTION: Finished leadership promotion ahaname={ahaname}')
+
     async def handoff(self, turl, timeout=30):
         '''
         Hand off leadership to a mirror in a transactional fashion.
         '''
+        ahaname = self.conf.get("aha:name")
+        logger.warning(f'HANDOFF: Performing leadership handoff to {s_urlhelp.sanitizeUrl(turl)} from ahaname={ahaname}')
         async with await s_telepath.openurl(turl) as cell:
 
+            logger.debug(f'HANDOFF: Connected to {s_urlhelp.sanitizeUrl(turl)} from ahaname={ahaname}')
+
             if self.iden != await cell.getCellIden(): # pragma: no cover
                 mesg = 'Mirror handoff remote cell iden does not match!'
                 raise s_exc.BadArg(mesg=mesg)
@@ -1711,20 +1713,34 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
                 mesg = 'Cannot handoff mirror leadership to myself!'
                 raise s_exc.BadArg(mesg=mesg)
 
+            logger.debug(f'HANDOFF: Obtaining nexus applylock ahaname={ahaname}')
+
             async with self.nexsroot.applylock:
 
+                logger.debug(f'HANDOFF: Obtained nexus applylock ahaname={ahaname}')
                 indx = await self.getNexsIndx()
+
+                logger.debug(f'HANDOFF: Waiting {timeout} seconds for mirror to reach {indx=}, ahaname={ahaname}')
                 if not await cell.waitNexsOffs(indx - 1, timeout=timeout): # pragma: no cover
                     mndx = await cell.getNexsIndx()
                     mesg = f'Remote mirror did not catch up in time: {mndx}/{indx}.'
                     raise s_exc.NotReady(mesg=mesg)
 
+                logger.debug(f'HANDOFF: Mirror has caught up to the current leader, performing promotion ahaname={ahaname}')
                 await cell.promote()
+
+                logger.debug(f'HANDOFF: Setting the service as inactive ahaname={ahaname}')
                 await self.setCellActive(False)
 
+                logger.debug(f'HANDOFF: Configuring service to use the new leader as its mirror ahaname={ahaname}')
                 self.modCellConf({'mirror': turl})
+
+                logger.debug(f'HANDOFF: Restarting the nexus ahaname={ahaname}')
                 await self.nexsroot.startup()
 
+            logger.debug(f'HANDOFF: Released nexus applylock ahaname={ahaname}')
+        logger.warning(f'HANDOFF: Done performing the leadership handoff with {s_urlhelp.sanitizeUrl(turl)} ahaname={self.conf.get("aha:name")}')
+
     async def reqAhaProxy(self, timeout=None):
         if self.ahaclient is None:
             mesg = 'AHA is not configured on this service.'
@@ -1855,18 +1871,32 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
         return self.isactive
 
     async def setCellActive(self, active):
+
+        if active == self.isactive:
+            return
+
         self.isactive = active
 
         if self.isactive:
+            self.activebase = await s_base.Base.anit()
+            self.onfini(self.activebase)
             self._fireActiveCoros()
             await self._execCellUpdates()
             await self.initServiceActive()
         else:
             await self._killActiveCoros()
+            await self.activebase.fini()
+            self.activebase = None
             await self.initServicePassive()
 
         await self._setAhaActive()
 
+    def runActiveTask(self, coro):
+        # an API for active coroutines to use when running an
+        # ephemeral task which should be automatically torn down
+        # if the cell becomes inactive
+        return self.activebase.schedCoro(coro)
+
     async def initServiceActive(self):  # pragma: no cover
         pass
 
@@ -3654,7 +3684,8 @@ class Cell(s_nexus.Pusher, s_telepath.Aware):
 
         await self.ahaclient.waitready()
 
-        mirrors = await self.ahaclient.getAhaSvcMirrors(self.ahasvcname)
+        proxy = await self.ahaclient.proxy(timeout=5)
+        mirrors = await proxy.getAhaSvcMirrors(self.ahasvcname)
         if mirrors is None:
             mesg = 'Service must be configured with AHA to enumerate mirror URLs'
             raise s_exc.NoSuchName(mesg=mesg, name=self.ahasvcname)

synapse/lib/certdir.py

@@ -1501,6 +1501,11 @@ class CertDir:
         return c_rsa.generate_private_key(65537, self.crypto_numbits)
 
     def _genCertBuilder(self, name: str, pubkey: c_types.PublicKeyTypes) -> c_x509.CertificateBuilder:
+
+        if not 1 <= len(name) <= 64:
+            mesg = f'Certificate name values must be between 1-64 characters. got name={name}, len={len(name)}'
+            raise s_exc.CryptoErr(mesg=mesg)
+
         builder = c_x509.CertificateBuilder()
         builder = builder.subject_name(c_x509.Name([
             c_x509.NameAttribute(c_x509.NameOID.COMMON_NAME, name),
@@ -1515,6 +1520,10 @@ class CertDir:
 
     def _genPkeyCsr(self, name: str, mode: str, outp: OutPutOrNone = None) -> bytes:
 
+        if not 1 <= len(name) <= 64:
+            mesg = f'CSR name values must be between 1-64 characters. got name={name}, len={len(name)}'
+            raise s_exc.CryptoErr(mesg=mesg)
+
         pkey = self._genPrivKey()
 
         builder = c_x509.CertificateSigningRequestBuilder()

synapse/lib/hiveauth.py

@@ -1,4 +1,7 @@
 import logging
+import dataclasses
+
+from typing import Union
 
 import synapse.exc as s_exc
 import synapse.common as s_common
@@ -38,6 +41,45 @@ def textFromRule(rule):
         text = '!' + text
     return text
 
+@dataclasses.dataclass(slots=True)
+class _allowedReason:
+    value: Union[bool | None]
+    default: bool = False
+    isadmin: bool = False
+    islocked: bool = False
+    gateiden: Union[str | None] = None
+    roleiden: Union[str | None] = None
+    rolename: Union[str | None] = None
+    rule: tuple = ()
+
+    @property
+    def mesg(self):
+        if self.islocked:
+            return 'The user is locked.'
+        if self.default:
+            return 'No matching rule found.'
+
+        if self.isadmin:
+            if self.gateiden:
+                return f'The user is an admin of auth gate {self.gateiden}.'
+            return 'The user is a global admin.'
+
+        if self.rule:
+            rt = textFromRule((self.value, self.rule))
+            if self.gateiden:
+                if self.roleiden:
+                    m = f'Matched role rule ({rt}) for role {self.rolename} on gate {self.gateiden}.'
+                else:
+                    m = f'Matched user rule ({rt}) on gate {self.gateiden}.'
+            else:
+                if self.roleiden:
+                    m = f'Matched role rule ({rt}) for role {self.rolename}.'
+                else:
+                    m = f'Matched user rule ({rt}).'
+            return m
+
+        return 'No matching rule found.'
+
 class Auth(s_nexus.Pusher):
     '''
     Auth is a user authentication and authorization stored in a Hive.  Users
@@ -827,7 +869,7 @@ class HiveRole(HiveRuler):
                         return allow
             return default
 
-        # 2. check user rules
+        # 2. check role rules
         for allow, path in self.info.get('rules', ()):
             if perm[:len(path)] == path:
                 return allow
@@ -858,6 +900,7 @@ class HiveUser(HiveRuler):
         self.vars = await varz.dict(nexs=True)
 
         self.permcache = s_cache.FixedCache(self._allowed)
+        self.allowedcache = s_cache.FixedCache(self._getAllowedReason)
 
     def pack(self, packroles=False):
 
@@ -903,6 +946,9 @@ class HiveUser(HiveRuler):
         return self.permcache.get((perm, default, gateiden))
 
     def _allowed(self, pkey):
+        '''
+        NOTE: This must remain in sync with any changes to _getAllowedReason()!
+        '''
 
         perm, default, gateiden = pkey
 
@@ -951,18 +997,23 @@ class HiveUser(HiveRuler):
 
         return default
 
-    def getAllowedReason(self, perm, gateiden=None, default=False):
+    def getAllowedReason(self, perm, default=None, gateiden=None):
+        '''
+        A routine which will return a tuple of (allowed, info).
         '''
-        A non-optimized diagnostic routine which will return a tuple
-        of (allowed, reason). This is implemented separately for perf.
+        perm = tuple(perm)
+        return self.allowedcache.get((perm, default, gateiden))
 
+    def _getAllowedReason(self, pkey):
+        '''
         NOTE: This must remain in sync with any changes to _allowed()!
         '''
+        perm, default, gateiden = pkey
         if self.info.get('locked'):
-            return (False, 'The user is locked.')
+            return _allowedReason(False, islocked=True)
 
         if self.info.get('admin'):
-            return (True, 'The user is a global admin.')
+            return _allowedReason(True, isadmin=True)
 
         # 1. check authgate user rules
         if gateiden is not None:
@@ -971,16 +1022,16 @@ class HiveUser(HiveRuler):
             if info is not None:
 
                 if info.get('admin'):
-                    return (True, f'The user is an admin of auth gate {gateiden}.')
+                    return _allowedReason(True, isadmin=True, gateiden=gateiden)
 
                 for allow, path in info.get('rules', ()):
                     if perm[:len(path)] == path:
-                        return (allow, f'Matched user rule ({textFromRule((allow, path))}) on gate {gateiden}.')
+                        return _allowedReason(allow, gateiden=gateiden, rule=path)
 
         # 2. check user rules
         for allow, path in self.info.get('rules', ()):
             if perm[:len(path)] == path:
-                return (allow, f'Matched user rule ({textFromRule((allow, path))}).')
+                return _allowedReason(allow, rule=path)
 
         # 3. check authgate role rules
         if gateiden is not None:
@@ -993,18 +1044,20 @@ class HiveUser(HiveRuler):
 
                 for allow, path in info.get('rules', ()):
                     if perm[:len(path)] == path:
-                        return (allow, f'Matched role rule ({textFromRule((allow, path))}) for role {role.name} on gate {gateiden}.')
+                        return _allowedReason(allow, gateiden=gateiden, roleiden=role.iden, rolename=role.name,
+                                              rule=path)
 
         # 4. check role rules
         for role in self.getRoles():
             for allow, path in role.info.get('rules', ()):
                 if perm[:len(path)] == path:
-                    return (allow, f'Matched role rule ({textFromRule((allow, path))}) for role {role.name}.')
+                    return _allowedReason(allow, roleiden=role.iden, rolename=role.name, rule=path)
 
-        return (default, 'No matching rule found.')
+        return _allowedReason(default, default=True)
 
     def clearAuthCache(self):
         self.permcache.clear()
+        self.allowedcache.clear()
 
     async def genGateInfo(self, gateiden):
         info = self.authgates.get(gateiden)

synapse/lib/httpapi.py

@@ -1344,6 +1344,7 @@ class ExtApiHandler(StormHandler):
         varz['_http_request_info'] = info
 
         opts = {
+            'mirror': adef.get('pool', False),
             'readonly': adef.get('readonly'),
             'show': (
                 'http:resp:body',

synapse/lib/modelrev.py

@@ -8,7 +8,7 @@ import synapse.lib.layer as s_layer
 
 logger = logging.getLogger(__name__)
 
-maxvers = (0, 2, 23)
+maxvers = (0, 2, 24)
 
 class ModelRev:
 
@@ -37,6 +37,7 @@ class ModelRev:
             ((0, 2, 21), self.revModel_0_2_21),
             ((0, 2, 22), self.revModel_0_2_22),
             ((0, 2, 23), self.revModel_0_2_23),
+            ((0, 2, 24), self.revModel_0_2_24),
         )
 
     async def _uniqSortArray(self, todoprops, layers):
@@ -733,6 +734,29 @@ class ModelRev:
     async def revModel_0_2_23(self, layers):
         await self._normFormSubs(layers, 'inet:ipv6')
 
+    async def revModel_0_2_24(self, layers):
+        await self._normPropValu(layers, 'risk:mitigation:name')
+        await self._normPropValu(layers, 'it:mitre:attack:technique:name')
+        await self._normPropValu(layers, 'it:mitre:attack:mitigation:name')
+
+        formprops = {}
+        for prop in self.core.model.getPropsByType('velocity'):
+            formname = prop.form.name
+            if formname not in formprops:
+                formprops[formname] = []
+
+            formprops[formname].append(prop)
+
+        for prop in self.core.model.getArrayPropsByType('velocity'):
+            formname = prop.form.name
+            if formname not in formprops:
+                formprops[formname] = []
+
+            formprops[formname].append(prop)
+
+        for form, props in formprops.items():
+            await self._normVelocityProps(layers, form, props)
+
     async def runStorm(self, text, opts=None):
         '''
         Run storm code in a schedcoro and log the output messages.
@@ -759,52 +783,50 @@ class ModelRev:
 
     async def revCoreLayers(self):
 
-        async with self.core.enterMigrationMode():
-
-            version = self.revs[-1][0] if self.revs else maxvers
+        version = self.revs[-1][0] if self.revs else maxvers
 
-            # do a first pass to detect layers at the wrong version
-            # that we are not able to rev ourselves and bail...
+        # do a first pass to detect layers at the wrong version
+        # that we are not able to rev ourselves and bail...
 
-            layers = []
-            for layr in self.core.layers.values():
+        layers = []
+        for layr in self.core.layers.values():
 
-                if layr.fresh:
-                    await layr.setModelVers(version)
-                    continue
+            if layr.fresh:
+                await layr.setModelVers(version)
+                continue
 
-                vers = await layr.getModelVers()
-                if vers == version:
-                    continue
+            vers = await layr.getModelVers()
+            if vers == version:
+                continue
 
-                if not layr.canrev and vers != version:
-                    mesg = f'layer {layr.__class__.__name__} {layr.iden} ({layr.dirn}) can not be updated.'
-                    raise s_exc.CantRevLayer(layer=layr.iden, mesg=mesg, curv=version, layv=vers)
+            if not layr.canrev and vers != version:
+                mesg = f'layer {layr.__class__.__name__} {layr.iden} ({layr.dirn}) can not be updated.'
+                raise s_exc.CantRevLayer(layer=layr.iden, mesg=mesg, curv=version, layv=vers)
 
-                if vers > version:
-                    mesg = f'layer {layr.__class__.__name__} {layr.iden} ({layr.dirn}) is from the future!'
-                    raise s_exc.CantRevLayer(layer=layr.iden, mesg=mesg, curv=version, layv=vers)
+            if vers > version:
+                mesg = f'layer {layr.__class__.__name__} {layr.iden} ({layr.dirn}) is from the future!'
+                raise s_exc.CantRevLayer(layer=layr.iden, mesg=mesg, curv=version, layv=vers)
 
-                # realistically all layers are probably at the same version... but...
-                layers.append(layr)
+            # realistically all layers are probably at the same version... but...
+            layers.append(layr)
 
-            # got anything to do?
-            if not layers:
-                return
+        # got anything to do?
+        if not layers:
+            return
 
-            for revvers, revmeth in self.revs:
+        for revvers, revmeth in self.revs:
 
-                todo = [lyr for lyr in layers if not lyr.ismirror and await lyr.getModelVers() < revvers]
-                if not todo:
-                    continue
+            todo = [lyr for lyr in layers if not lyr.ismirror and await lyr.getModelVers() < revvers]
+            if not todo:
+                continue
 
-                logger.warning(f'beginning model migration -> {revvers}')
+            logger.warning(f'beginning model migration -> {revvers}')
 
-                await revmeth(todo)
+            await revmeth(todo)
 
-                [await lyr.setModelVers(revvers) for lyr in todo]
+            [await lyr.setModelVers(revvers) for lyr in todo]
 
-            logger.warning('...model migrations complete!')
+        logger.warning('...model migrations complete!')
 
     async def _normPropValu(self, layers, propfull):
 
@@ -850,6 +872,72 @@ class ModelRev:
             if nodeedits:
                 await save()
 
+    async def _normVelocityProps(self, layers, form, props):
+
+        meta = {'time': s_common.now(), 'user': self.core.auth.rootuser.iden}
+
+        nodeedits = []
+        for layr in layers:
+
+            async def save():
+                await layr.storNodeEdits(nodeedits, meta)
+                nodeedits.clear()
+
+            async for buid, formvalu in layr.iterFormRows(form):
+                sode = layr._getStorNode(buid)
+                if (nodeprops := sode.get('props')) is None:
+                    continue
+
+                for prop in props:
+                    if (curv := nodeprops.get(prop.name)) is None:
+                        continue
+
+                    propvalu = curv[0]
+                    if prop.type.isarray:
+                        hasfloat = False
+                        strvalu = []
+                        for valu in propvalu:
+                            if isinstance(valu, float):
+                                strvalu.append(str(valu))
+                                hasfloat = True
+
+                        if not hasfloat:
+                            continue
+                    else:
+                        if not isinstance(propvalu, float):
+                            continue
+                        strvalu = str(propvalu)
+
+                    nodeprops.pop(prop.name)
+
+                    try:
+                        norm, info = prop.type.norm(strvalu)
+                    except s_exc.BadTypeValu as e:
+                        nodeedits.append(
+                            (buid, form, (
+                                (s_layer.EDIT_NODEDATA_SET, (f'_migrated:{prop.full}', propvalu, None), ()),
+                                (s_layer.EDIT_PROP_DEL, (prop.name, propvalu, prop.type.stortype), ()),
+                            )),
+                        )
+
+                        oldm = e.errinfo.get('mesg')
+                        iden = s_common.ehex(buid)
+                        logger.warning(f'error re-norming {prop.full}={propvalu} (layer: {layr.iden}, node: {iden}): {oldm}',
+                                       extra={'synapse': {'node': iden, 'layer': layr.iden}})
+                        continue
+
+                    nodeedits.append(
+                        (buid, form, (
+                            (s_layer.EDIT_PROP_SET, (prop.name, norm, propvalu, prop.type.stortype), ()),
+                        )),
+                    )
+
+                    if len(nodeedits) >= 1000:  # pragma: no cover
+                        await save()
+
+            if nodeedits:
+                await save()
+
     async def _updatePropStortype(self, layers, propfull):
 
         meta = {'time': s_common.now(), 'user': self.core.auth.rootuser.iden}

synapse/lib/modules.py

@@ -27,4 +27,5 @@ coremods = (
     'synapse.models.proj.ProjectModule',
     'synapse.models.biz.BizModule',
     'synapse.models.belief.BeliefModule',
+    'synapse.models.science.ScienceModule',
 )