From eb400e17893c0ae7bf8f986742cc0d4a2dc5533e Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Mon, 19 Jun 2023 13:29:13 -0500
Subject: [PATCH 01/90] [Backend] Remove Automatic SafeStr serialization from
 PrivacyExperienceConfig. (#3600)

- Escape experience configs before saving in the db. Unescape before returning.
- Escape default experience configs before saving from yaml file
- Unescape embedded experience configs and privacy notices in the PrivacyExperience response
- Unescape notices in the response before returning after create and update.
---
 CHANGELOG.md                                  |   1 +
 .../api/api/v1/endpoints/dataset_endpoints.py |   4 +-
 .../privacy_experience_config_endpoints.py    |  67 +++++--
 .../endpoints/privacy_experience_endpoints.py |  27 ++-
 .../v1/endpoints/privacy_notice_endpoints.py  |  44 +++--
 src/fides/api/api/v1/endpoints/utils.py       |   4 +-
 src/fides/api/models/datasetconfig.py         |   5 +-
 src/fides/api/schemas/privacy_experience.py   |  29 ++--
 src/fides/api/util/consent_util.py            |  34 ++--
 src/fides/api/util/data_category.py           |   4 +-
 tests/fixtures/application_fixtures.py        |   6 +-
 .../test_connection_config_endpoints.py       |   2 +-
 ...est_privacy_experience_config_endpoints.py |  96 +++++++++-
 .../test_privacy_experience_endpoints.py      |  30 +++-
 .../test_privacy_notice_endpoints.py          | 164 +++++++++++++++++-
 .../privacy_request/test_email_batch_send.py  |   4 +-
 tests/ops/util/test_consent_util.py           |  12 +-
 17 files changed, 450 insertions(+), 83 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7be3ffb29..c04d524b25 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,7 @@ The types of changes are:
 - Disable connector dropdown in integration tab on save [#3552](https://github.com/ethyca/fides/pull/3552)
 - Handles an edge case for non-existent identities with the Kustomer API [#3513](https://github.com/ethyca/fides/pull/3513)
 - remove the configure privacy request tile from the home screen [#3555](https://github.com/ethyca/fides/pull/3555)
+- Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
 
 ### Developer Experience
 
diff --git a/src/fides/api/api/v1/endpoints/dataset_endpoints.py b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
index 8355c676a7..6421e8cd7c 100644
--- a/src/fides/api/api/v1/endpoints/dataset_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
@@ -52,9 +52,7 @@
     convert_dataset_to_graph,
     to_graph_field,
 )
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
-    Dataset as CtlDataset,
-)
+from fides.api.models.sql_models import Dataset as CtlDataset  # type: ignore[attr-defined]
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.api import BulkUpdateFailed
 from fides.api.schemas.dataset import (
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
index 604b7041eb..9da4fbaadb 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
@@ -1,3 +1,4 @@
+from html import escape, unescape
 from typing import Dict, List, Optional
 
 from fastapi import Depends, HTTPException, Security
@@ -6,6 +7,7 @@
 from fastapi_pagination.bases import AbstractPage
 from loguru import logger
 from sqlalchemy.orm import Query, Session
+from starlette.requests import Request
 from starlette.status import (
     HTTP_200_OK,
     HTTP_201_CREATED,
@@ -16,7 +18,7 @@
 from fides.api.api import deps
 from fides.api.api.v1 import scope_registry
 from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.endpoints.utils import human_friendly_list
+from fides.api.api.v1.endpoints.utils import human_friendly_list, transform_fields
 from fides.api.api.v1.scope_registry import PRIVACY_EXPERIENCE_UPDATE
 from fides.api.models.privacy_experience import (
     ComponentType,
@@ -33,6 +35,10 @@
     ExperienceConfigUpdate,
 )
 from fides.api.util.api_router import APIRouter
+from fides.api.util.consent_util import (
+    PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+    UNESCAPE_SAFESTR_HEADER,
+)
 
 router = APIRouter(tags=["Privacy Experience Config"], prefix=urls.V1_URL_PREFIX)
 
@@ -71,12 +77,13 @@ def experience_config_list(
     show_disabled: Optional[bool] = True,
     component: Optional[ComponentType] = None,
     region: Optional[PrivacyNoticeRegion] = None,
+    request: Request,
 ) -> AbstractPage[PrivacyExperienceConfig]:
     """
     Returns a list of PrivacyExperienceConfig resources.  These resources have common titles, descriptions, and
     labels that can be shared between multiple experiences.
     """
-
+    should_unescape = request.headers.get(UNESCAPE_SAFESTR_HEADER)
     privacy_experience_config_query: Query = db.query(PrivacyExperienceConfig)
 
     if component:
@@ -100,7 +107,18 @@ def experience_config_list(
     )
 
     logger.info("Loading Experience Configs with params {}.", params)
-    return fastapi_paginate(privacy_experience_config_query.all(), params=params)
+    experience_configs = privacy_experience_config_query.all()
+    if should_unescape:
+        experience_configs = [
+            transform_fields(
+                transformation=unescape,
+                model=experience_config,
+                fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+            )
+            for experience_config in experience_configs
+        ]
+
+    return fastapi_paginate(experience_configs, params=params)
 
 
 @router.post(
@@ -125,7 +143,12 @@ def experience_config_create(
     """
     Create Experience Config and then attempt to upsert Experiences and link to ExperienceConfig
     """
-    experience_config_dict: Dict = experience_config_data.dict(exclude_unset=True)
+    privacy_experience_data = transform_fields(
+        transformation=escape,
+        model=experience_config_data,
+        fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+    )
+    experience_config_dict: Dict = privacy_experience_data.dict(exclude_unset=True)
     # Pop the regions off the request
     new_regions: Optional[List[PrivacyNoticeRegion]] = experience_config_dict.pop(
         "regions", None
@@ -145,6 +168,7 @@ def experience_config_create(
         "Creating experience config of component '{}'.",
         experience_config_data.component.value,
     )
+
     experience_config = PrivacyExperienceConfig.create(
         db, data=experience_config_dict, check_name=False
     )
@@ -162,7 +186,11 @@ def experience_config_create(
         )
 
     return ExperienceConfigCreateOrUpdateResponse(
-        experience_config=experience_config,
+        experience_config=transform_fields(
+            transformation=unescape,
+            model=experience_config,
+            fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+        ),
         linked_regions=linked,
         unlinked_regions=unlinked,
     )
@@ -177,15 +205,22 @@ def experience_config_create(
     ],
 )
 def experience_config_detail(
-    *,
-    db: Session = Depends(deps.get_db),
-    experience_config_id: str,
+    *, db: Session = Depends(deps.get_db), experience_config_id: str, request: Request
 ) -> PrivacyExperienceConfig:
     """
     Returns a PrivacyExperienceConfig.
     """
     logger.info("Retrieving experience config with id '{}'.", experience_config_id)
-    return get_experience_config_or_error(db, experience_config_id)
+    should_unescape = request.headers.get(UNESCAPE_SAFESTR_HEADER)
+
+    experience_config = get_experience_config_or_error(db, experience_config_id)
+    if should_unescape:
+        experience_config = transform_fields(
+            transformation=unescape,
+            model=experience_config,
+            fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+        )
+    return experience_config
 
 
 @router.patch(
@@ -233,7 +268,13 @@ def experience_config_update(
             detail=f"Cannot set as the default. Only one default {experience_config.component.value} config can be in the system.",  # type: ignore[attr-defined]
         )
 
-    experience_config_data_dict: Dict = experience_config_data.dict(exclude_unset=True)
+    privacy_experience_data = transform_fields(
+        transformation=escape,
+        model=experience_config_data,
+        fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+    )
+
+    experience_config_data_dict: Dict = privacy_experience_data.dict(exclude_unset=True)
     # Pop the regions off the request
     regions: Optional[List[PrivacyNoticeRegion]] = experience_config_data_dict.pop(
         "regions", None
@@ -284,7 +325,11 @@ def experience_config_update(
             )
 
     return ExperienceConfigCreateOrUpdateResponse(
-        experience_config=experience_config,
+        experience_config=transform_fields(
+            transformation=unescape,
+            model=experience_config,
+            fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+        ),
         linked_regions=linked,
         unlinked_regions=unlinked_regions,
     )
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
index 1147805262..f4d59ce336 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
@@ -1,4 +1,5 @@
 import uuid
+from html import unescape
 from typing import List, Optional
 
 from fastapi import Depends, HTTPException, Request, Response
@@ -15,7 +16,7 @@
 
 from fides.api.api import deps
 from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.endpoints.utils import fides_limiter
+from fides.api.api.v1.endpoints.utils import fides_limiter, transform_fields
 from fides.api.models.privacy_experience import (
     ComponentType,
     PrivacyExperience,
@@ -25,7 +26,12 @@
 from fides.api.models.privacy_request import ProvidedIdentity
 from fides.api.schemas.privacy_experience import PrivacyExperienceResponse
 from fides.api.util.api_router import APIRouter
-from fides.api.util.consent_util import get_fides_user_device_id_provided_identity
+from fides.api.util.consent_util import (
+    PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+    PRIVACY_NOTICE_ESCAPE_FIELDS,
+    UNESCAPE_SAFESTR_HEADER,
+    get_fides_user_device_id_provided_identity,
+)
 from fides.core.config import CONFIG
 
 router = APIRouter(tags=["Privacy Experience"], prefix=urls.V1_URL_PREFIX)
@@ -117,6 +123,7 @@ def privacy_experience_list(
         )
 
     results: List[PrivacyExperience] = []
+    should_unescape = request.headers.get(UNESCAPE_SAFESTR_HEADER)
     for privacy_experience in experience_query.order_by(
         PrivacyExperience.created_at.desc()
     ):
@@ -125,6 +132,22 @@ def privacy_experience_list(
         ] = privacy_experience.get_related_privacy_notices(
             db, show_disabled, fides_user_provided_identity
         )
+        if should_unescape:
+            # Unescape both the experience config and the embedded privacy notices
+            privacy_experience.experience_config = transform_fields(
+                transformation=unescape,
+                model=privacy_experience.experience_config,
+                fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
+            )
+
+            privacy_notices = [
+                transform_fields(
+                    transformation=unescape,
+                    model=notice,
+                    fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
+                )
+                for notice in privacy_notices
+            ]
         # Temporarily save privacy notices on the privacy experience object
         privacy_experience.privacy_notices = privacy_notices
         # Temporarily save "show_banner" on the privacy experience object
diff --git a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
index b770de106a..753e8c9f3e 100644
--- a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
@@ -2,9 +2,8 @@
 from typing import Dict, List, Optional, Set, Tuple
 
 from fastapi import Depends, Request, Security
-from fastapi_pagination import Page, Params
+from fastapi_pagination import Page, Params, paginate
 from fastapi_pagination.bases import AbstractPage
-from fastapi_pagination.ext.sqlalchemy import paginate
 from loguru import logger
 from pydantic import conlist
 from sqlalchemy.orm import Query, Session
@@ -30,6 +29,7 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.consent_util import (
     PRIVACY_NOTICE_ESCAPE_FIELDS,
+    UNESCAPE_SAFESTR_HEADER,
     create_privacy_notices_util,
     ensure_unique_ids,
     prepare_privacy_notice_patches,
@@ -89,17 +89,21 @@ def get_privacy_notice_list(
         systems_applicable=systems_applicable,
         region=region,
     )
-    should_unescape = request.headers.get("unescape-safestr")
+    should_unescape = request.headers.get(UNESCAPE_SAFESTR_HEADER)
     privacy_notices = notice_query.order_by(PrivacyNotice.created_at.desc())
-    paginated = paginate(privacy_notices, params=params)
-    if should_unescape:
-        paginated.items = [  # type: ignore[attr-defined]
+    return paginate(
+        [
             transform_fields(
-                transformation=unescape, model=item, fields=PRIVACY_NOTICE_ESCAPE_FIELDS
+                transformation=unescape,
+                model=notice,
+                fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
             )
-            for item in paginated.items  # type: ignore[attr-defined]
-        ]
-    return paginated
+            if should_unescape
+            else notice
+            for notice in privacy_notices
+        ],
+        params=params,
+    )
 
 
 @router.get(
@@ -184,7 +188,7 @@ def get_privacy_notice(
     """
     Return a single PrivacyNotice
     """
-    should_unescape = request.headers.get("unescape-safestr")
+    should_unescape = request.headers.get(UNESCAPE_SAFESTR_HEADER)
     notice = get_privacy_notice_or_error(db, privacy_notice_id)
     if should_unescape:
         notice = transform_fields(
@@ -219,7 +223,14 @@ def create_privacy_notices(
     except (ValueError, ValidationError) as e:
         raise HTTPException(HTTP_422_UNPROCESSABLE_ENTITY, detail=str(e))
 
-    return created_privacy_notices
+    return [
+        transform_fields(
+            transformation=unescape,
+            model=notice,
+            fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
+        )
+        for notice in created_privacy_notices
+    ]
 
 
 @router.patch(
@@ -267,4 +278,11 @@ def update_privacy_notices(
         db, affected_regions=list(affected_regions)
     )
 
-    return notices
+    return [
+        transform_fields(
+            transformation=unescape,
+            model=notice,
+            fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
+        )
+        for notice in notices
+    ]
diff --git a/src/fides/api/api/v1/endpoints/utils.py b/src/fides/api/api/v1/endpoints/utils.py
index ae5689e087..3b37d3fdd6 100644
--- a/src/fides/api/api/v1/endpoints/utils.py
+++ b/src/fides/api/api/v1/endpoints/utils.py
@@ -137,9 +137,7 @@ def validate_start_and_end_filters(
             )
 
 
-def transform_fields(
-    transformation: Callable, model: object, fields: List[str]
-) -> object:
+def transform_fields(transformation: Callable, model: Base, fields: List[str]) -> Base:
     """
     Takes a callable and returns a transformed object.
     """
diff --git a/src/fides/api/models/datasetconfig.py b/src/fides/api/models/datasetconfig.py
index 286cebd70e..42cfd0aec0 100644
--- a/src/fides/api/models/datasetconfig.py
+++ b/src/fides/api/models/datasetconfig.py
@@ -19,9 +19,8 @@
 )
 from fides.api.graph.data_type import parse_data_type_string
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
-    Dataset as CtlDataset,
-)
+from fides.api.models.sql_models import Dataset as CtlDataset  # type: ignore[attr-defined]
+
 from fides.api.util.saas_util import merge_datasets
 
 
diff --git a/src/fides/api/schemas/privacy_experience.py b/src/fides/api/schemas/privacy_experience.py
index 24010f6008..6b876b7bb0 100644
--- a/src/fides/api/schemas/privacy_experience.py
+++ b/src/fides/api/schemas/privacy_experience.py
@@ -6,7 +6,6 @@
 from pydantic import Extra, Field, root_validator, validator
 
 from fides.api.api.v1.endpoints.utils import human_friendly_list
-from fides.api.custom_types import SafeStr
 from fides.api.models.privacy_experience import BannerEnabled, ComponentType
 from fides.api.models.privacy_notice import PrivacyNoticeRegion
 from fides.api.schemas.base_class import FidesSchema
@@ -22,14 +21,14 @@ class ExperienceConfigSchema(FidesSchema):
     but cannot be updated later.
     """
 
-    accept_button_label: Optional[SafeStr] = Field(
+    accept_button_label: Optional[str] = Field(
         description="Overlay 'Accept button displayed on the Banner and Privacy Preferences' or Privacy Center 'Confirmation button label'"
     )
-    acknowledge_button_label: Optional[SafeStr] = Field(
+    acknowledge_button_label: Optional[str] = Field(
         description="Overlay 'Acknowledge button label for notice only banner'"
     )
     banner_enabled: Optional[BannerEnabled] = Field(description="Overlay 'Banner'")
-    description: Optional[SafeStr] = Field(
+    description: Optional[str] = Field(
         description="Overlay 'Banner Description' or Privacy Center 'Description'"
     )
     disabled: Optional[bool] = Field(
@@ -39,25 +38,25 @@ class ExperienceConfigSchema(FidesSchema):
         default=False,
         description="Whether the given ExperienceConfig is a global default",
     )
-    privacy_policy_link_label: Optional[SafeStr] = Field(
+    privacy_policy_link_label: Optional[str] = Field(
         description="Overlay and Privacy Center 'Privacy policy link label'"
     )
-    privacy_policy_url: Optional[SafeStr] = Field(
+    privacy_policy_url: Optional[str] = Field(
         description="Overlay and Privacy Center 'Privacy policy URl'"
     )
-    privacy_preferences_link_label: Optional[SafeStr] = Field(
+    privacy_preferences_link_label: Optional[str] = Field(
         description="Overlay 'Privacy preferences link label'"
     )
     regions: Optional[List[PrivacyNoticeRegion]] = Field(
         description="Regions using this ExperienceConfig"
     )
-    reject_button_label: Optional[SafeStr] = Field(
+    reject_button_label: Optional[str] = Field(
         description="Overlay 'Reject button displayed on the Banner and 'Privacy Preferences' of Privacy Center 'Reject button label'"
     )
-    save_button_label: Optional[SafeStr] = Field(
+    save_button_label: Optional[str] = Field(
         description="Overlay 'Privacy preferences 'Save' button label"
     )
-    title: Optional[SafeStr] = Field(
+    title: Optional[str] = Field(
         description="Overlay 'Banner title' or Privacy Center 'title'"
     )
 
@@ -79,12 +78,12 @@ class ExperienceConfigCreate(ExperienceConfigSchema):
     It also establishes some fields _required_ for creation
     """
 
-    accept_button_label: SafeStr
+    accept_button_label: str
     component: ComponentType
-    description: SafeStr
-    reject_button_label: SafeStr
-    save_button_label: SafeStr
-    title: SafeStr
+    description: str
+    reject_button_label: str
+    save_button_label: str
+    title: str
 
     @root_validator
     def validate_attributes(cls, values: Dict[str, Any]) -> Dict[str, Any]:
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index e64304d132..53750f0af1 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -42,6 +42,18 @@
 from fides.core.config.helpers import load_file
 
 PRIVACY_NOTICE_ESCAPE_FIELDS = ["name", "description", "internal_description"]
+PRIVACY_EXPERIENCE_ESCAPE_FIELDS = [
+    "accept_button_label",
+    "acknowledge_button_label",
+    "description",
+    "privacy_policy_link_label",
+    "privacy_policy_url",
+    "privacy_preferences_link_label",
+    "reject_button_label",
+    "save_button_label",
+    "title",
+]
+UNESCAPE_SAFESTR_HEADER = "unescape-safestr"
 
 
 def filter_privacy_preferences_for_propagation(
@@ -317,7 +329,7 @@ def create_privacy_notices_util(
             # should_escape flag is for when we're creating a notice
             # from a template. The content was already escaped in the
             # template - we don't want to escape twice.
-            privacy_notice = transform_fields(  # type: ignore
+            privacy_notice = transform_fields(
                 transformation=escape,
                 model=privacy_notice,
                 fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
@@ -394,7 +406,7 @@ def prepare_privacy_notice_patches(
             transformation=escape,
             model=update_data,
             fields=PRIVACY_NOTICE_ESCAPE_FIELDS,
-        )  # type: ignore
+        )
         if update_data.id not in existing_notices:
             if not allow_create:
                 raise HTTPException(
@@ -563,8 +575,10 @@ def upsert_default_experience_config(
         experience_config_data.copy()
     )  # Avoids unexpected behavior on update in testing
 
-    experience_config_schema: ExperienceConfigCreateWithId = (
-        ExperienceConfigCreateWithId(**experience_config_data)
+    experience_config_schema = transform_fields(
+        transformation=escape,
+        model=(ExperienceConfigCreateWithId(**experience_config_data)),
+        fields=PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
     )
     if not experience_config_schema.is_default:
         raise Exception("This method is for created default experience configs.")
@@ -585,13 +599,13 @@ def upsert_default_experience_config(
         # Validating some required fields if this is an overlay
         ExperienceConfigCreate.from_orm(dry_update)
 
-        del experience_config_data["component"]
-        del experience_config_data["id"]
+        update_data = experience_config_schema.dict(exclude_unset=True)
+        del update_data["component"]
+        del update_data["id"]
         # This is important for making sure config is only updated if it actually changed
-        update_data = ExperienceConfigUpdate(**experience_config_data)
-        experience_config_data_dict: Dict = update_data.dict(exclude_unset=True)
-
-        existing_experience_config.update(db=db, data=experience_config_data_dict)
+        existing_experience_config.update(
+            db=db, data=ExperienceConfigUpdate(**update_data).dict(exclude_unset=True)
+        )
         return False, existing_experience_config
 
     logger.info("Creating default experience config {}", experience_config_schema.id)
diff --git a/src/fides/api/util/data_category.py b/src/fides/api/util/data_category.py
index ccb0e60670..ae2e8d5757 100644
--- a/src/fides/api/util/data_category.py
+++ b/src/fides/api/util/data_category.py
@@ -6,9 +6,7 @@
 from sqlalchemy.orm import Session
 
 from fides.api import common_exceptions
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
-    DataCategory as DataCategoryDbModel,
-)
+from fides.api.models.sql_models import DataCategory as DataCategoryDbModel  # type: ignore[attr-defined]
 
 
 def generate_fides_data_categories() -> Type[EnumType]:
diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
index 4a0357b18c..6b08814b99 100644
--- a/tests/fixtures/application_fixtures.py
+++ b/tests/fixtures/application_fixtures.py
@@ -1445,7 +1445,7 @@ def privacy_notice(db: Session) -> Generator:
         data={
             "name": "example privacy notice",
             "notice_key": "example_privacy_notice",
-            "description": "a sample privacy notice configuration",
+            "description": "user&#x27;s description &lt;script /&gt;",
             "regions": [
                 PrivacyNoticeRegion.us_ca,
                 PrivacyNoticeRegion.us_co,
@@ -2201,7 +2201,7 @@ def experience_config_privacy_center(db: Session) -> Generator:
         db=db,
         data={
             "accept_button_label": "Accept all",
-            "description": "We care about your privacy",
+            "description": "user&#x27;s description &lt;script /&gt;",
             "component": "privacy_center",
             "reject_button_label": "Reject all",
             "save_button_label": "Save",
@@ -2244,7 +2244,7 @@ def experience_config_overlay(db: Session) -> Generator:
             "description": "On this page you can opt in and out of these data uses cases",
             "disabled": False,
             "privacy_preferences_link_label": "Manage preferences",
-            "privacy_policy_link_label": "View our privacy policy",
+            "privacy_policy_link_label": "View our company&#x27;s privacy policy",
             "privacy_policy_url": "example.com/privacy",
             "reject_button_label": "Reject all",
             "save_button_label": "Save",
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index ae7a18978a..f7c742b661 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -26,8 +26,8 @@
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.models.privacy_request import PrivacyRequestStatus
-from fides.api.oauth.roles import APPROVER, OWNER, VIEWER
 from fides.api.models.sql_models import Dataset
+from fides.api.oauth.roles import APPROVER, OWNER, VIEWER
 from tests.fixtures.application_fixtures import integration_secrets
 from tests.fixtures.saas.connection_template_fixtures import instantiate_connector
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
index aaab76db50..5ea07046cb 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
@@ -70,11 +70,9 @@ def test_get_experience_config_list(
         experience_config_privacy_center,
         experience_config_overlay,
     ) -> None:
+        unescape_header = {"Unescape-Safestr": "true"}
         auth_header = generate_auth_header(scopes=[scopes.PRIVACY_EXPERIENCE_READ])
-        response = api_client.get(
-            url,
-            headers=auth_header,
-        )
+        response = api_client.get(url, headers={**auth_header, **unescape_header})
         assert response.status_code == 200
         resp = response.json()
         assert resp["total"] == 4  # Two default configs loaded on startup plus two here
@@ -99,6 +97,9 @@ def test_get_experience_config_list(
 
         second_config = data[1]
         assert second_config["id"] == experience_config_privacy_center.id
+        assert (
+            second_config["description"] == "user's description <script />"
+        )  # Unescaped due to header
         assert second_config["component"] == "privacy_center"
         assert second_config["banner_enabled"] is None
         assert second_config["disabled"] is True
@@ -127,6 +128,29 @@ def test_get_experience_config_list(
         assert fourth_config["regions"] == []
         assert fourth_config["component"] == "overlay"
 
+    @pytest.mark.usefixtures(
+        "privacy_experience_privacy_center",
+        "privacy_experience_overlay",
+        "experience_config_overlay",
+    )
+    def test_get_experience_config_list_no_unescape_header(
+        self,
+        api_client: TestClient,
+        url,
+        generate_auth_header,
+        experience_config_privacy_center,
+    ) -> None:
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_EXPERIENCE_READ])
+        response = api_client.get(url, headers=auth_header)
+        assert response.status_code == 200
+        resp = response.json()["items"]
+
+        second_config = resp[1]
+        assert second_config["id"] == experience_config_privacy_center.id
+        assert (
+            second_config["description"] == "user&#x27;s description &lt;script /&gt;"
+        )  # Still escaped
+
     @pytest.mark.usefixtures(
         "privacy_experience_overlay",
         "privacy_experience_privacy_center",
@@ -440,7 +464,7 @@ def test_create_experience_config_with_no_regions(
                 "accept_button_label": "Yes",
                 "banner_enabled": "always_disabled",
                 "component": "privacy_center",
-                "description": "We take your privacy seriously",
+                "description": "We take your company's privacy seriously",
                 "privacy_policy_link_label": "Manage your privacy",
                 "privacy_policy_url": "example.com/privacy",
                 "reject_button_label": "No",
@@ -454,7 +478,9 @@ def test_create_experience_config_with_no_regions(
         assert resp["accept_button_label"] == "Yes"
         assert resp["banner_enabled"] == "always_disabled"
         assert resp["component"] == "privacy_center"
-        assert resp["description"] == "We take your privacy seriously"
+        assert (
+            resp["description"] == "We take your company's privacy seriously"
+        )  # Returned in the response, unescaped, for display
         assert resp["privacy_policy_link_label"] == "Manage your privacy"
         assert resp["privacy_policy_url"] == "example.com/privacy"
         assert resp["regions"] == []
@@ -470,6 +496,10 @@ def test_create_experience_config_with_no_regions(
         assert experience_config.privacy_policy_link_label == "Manage your privacy"
         assert experience_config.experiences.all() == []
         assert experience_config.histories.count() == 1
+        assert (
+            experience_config.description
+            == "We take your company&#x27;s privacy seriously"
+        )  # Saved in the db escaped
         history = experience_config.histories[0]
         assert history.version == 1.0
         assert history.component == ComponentType.privacy_center
@@ -860,6 +890,32 @@ def test_get_experience_config_detail(
             == experience_config_overlay.experience_config_history_id
         )
         assert resp["title"] == "Manage your consent"
+        assert (
+            resp["privacy_policy_link_label"]
+            == "View our company&#x27;s privacy policy"
+        )  # Escaped without request header
+
+    @pytest.mark.usefixtures(
+        "privacy_experience_overlay",
+    )
+    def test_get_experience_config_detail_with_unescape_header(
+        self,
+        api_client: TestClient,
+        url,
+        generate_auth_header,
+        experience_config_overlay,
+    ) -> None:
+        unescape_header = {"Unescape-Safestr": "true"}
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_EXPERIENCE_READ])
+        response = api_client.get(url, headers={**auth_header, **unescape_header})
+        assert response.status_code == 200
+        resp = response.json()
+
+        assert resp["id"] == experience_config_overlay.id
+        assert resp["component"] == "overlay"
+        assert (
+            resp["privacy_policy_link_label"] == "View our company's privacy policy"
+        )  # Unescaped with request header
 
 
 class TestUpdateExperienceConfig:
@@ -1029,6 +1085,34 @@ def test_update_as_default(
             == "Cannot set as the default. Only one default overlay config can be in the system."
         )
 
+    def test_update_experience_config_with_fields_that_should_be_escaped(
+        self,
+        api_client: TestClient,
+        url,
+        generate_auth_header,
+        overlay_experience_config,
+        db,
+    ) -> None:
+        """Failing if duplicate regions in request to avoid unexpected behavior"""
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_EXPERIENCE_UPDATE])
+        response = api_client.patch(
+            url,
+            json={
+                "title": "We care about you and your family's privacy",
+            },
+            headers=auth_header,
+        )
+        assert response.status_code == 200
+        assert (
+            response.json()["experience_config"]["title"]
+            == "We care about you and your family's privacy"
+        )  # Unescaped in response
+        db.refresh(overlay_experience_config)
+        assert (
+            overlay_experience_config.title
+            == "We care about you and your family&#x27;s privacy"
+        )  # But stored escaped
+
     def test_attempt_to_update_component_type(
         self,
         api_client: TestClient,
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
index 36c8954277..27d79126c3 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
@@ -43,9 +43,9 @@ def test_get_privacy_experiences(
         privacy_notice,
         privacy_experience_privacy_center,
     ):
-        resp = api_client.get(
-            url,
-        )
+        unescape_header = {"Unescape-Safestr": "true"}
+
+        resp = api_client.get(url, headers=unescape_header)
         assert resp.status_code == 200
         data = resp.json()
 
@@ -62,6 +62,7 @@ def test_get_privacy_experiences(
         # Assert experience config is nested
         experience_config = resp["experience_config"]
         assert experience_config["title"] == "Control your privacy"
+        assert experience_config["description"] == "user's description <script />"
         assert experience_config["banner_enabled"] is None
         assert experience_config["accept_button_label"] == "Accept all"
         assert experience_config["reject_button_label"] == "Reject all"
@@ -78,6 +79,29 @@ def test_get_privacy_experiences(
         assert resp["privacy_notices"][0]["default_preference"] == "opt_out"
         assert resp["privacy_notices"][0]["current_preference"] is None
         assert resp["privacy_notices"][0]["outdated_preference"] is None
+        assert (
+            resp["privacy_notices"][0]["description"] == "user's description <script />"
+        )
+
+    def test_get_experiences_unescaped(
+        self,
+        api_client,
+        url,
+        privacy_notice,
+        privacy_experience_privacy_center,
+    ):
+        # Assert not escaped without proper request header
+        resp = api_client.get(url)
+        resp = resp.json()["items"][0]
+        experience_config = resp["experience_config"]
+        assert (
+            experience_config["description"]
+            == "user&#x27;s description &lt;script /&gt;"
+        )
+        assert (
+            resp["privacy_notices"][0]["description"]
+            == "user&#x27;s description &lt;script /&gt;"
+        )
 
     def test_get_privacy_experiences_show_disabled_filter(
         self,
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 027ce3a2e8..18261039d3 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -503,7 +503,7 @@ def test_pagination(
     @pytest.mark.usefixtures(
         "system",
     )
-    def test_can_unescape(
+    def test_can_unescape_list_notices(
         self,
         db,
         api_client: TestClient,
@@ -667,7 +667,6 @@ def test_get_privacy_notice_unescaped(
         )
         assert resp.status_code == 200
         data = resp.json()
-        print(f"Unescaped Response: {data}")
         assert data["description"] == "user&#x27;s description &lt;script /&gt;"
 
         # now request with the unescape header
@@ -1784,6 +1783,40 @@ def test_post_privacy_notice_no_notice_key(
 
         overlay_exp.delete(db)
 
+    def test_post_privacy_notice_response_escaped(
+        self, api_client, generate_auth_header, db
+    ):
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_NOTICE_CREATE])
+        maybe_dangerous_description = "user's description <script />"
+        resp = api_client.post(
+            V1_URL_PREFIX + PRIVACY_NOTICE,
+            headers=auth_header,
+            json=[
+                {
+                    "name": "test privacy notice 1",
+                    "notice_key": "test_privacy_notice_1",
+                    "description": maybe_dangerous_description,
+                    "regions": [
+                        PrivacyNoticeRegion.eu_be.value,
+                        PrivacyNoticeRegion.us_ca.value,
+                    ],
+                    "consent_mechanism": ConsentMechanism.opt_in.value,
+                    "data_uses": ["marketing.advertising"],
+                    "enforcement_level": EnforcementLevel.system_wide.value,
+                    "displayed_in_overlay": True,
+                }
+            ],
+        )
+        assert resp.status_code == 200
+        created_notice_data = resp.json()[0]
+        assert (
+            created_notice_data["description"] == "user's description <script />"
+        )  # Returned as normal in create response
+        created_notice = db.query(PrivacyNotice).get(created_notice_data["id"])
+        assert (
+            created_notice.description == "user&#x27;s description &lt;script /&gt;"
+        )  # But saved in escaped format
+
     def test_post_privacy_notice_duplicate_regions(
         self,
         api_client: TestClient,
@@ -2604,6 +2637,133 @@ def test_patch_privacy_notice(
 
         assert privacy_center_exp.component == ComponentType.privacy_center
 
+    def test_patch_privacy_notice_escaping(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        patch_privacy_notice_payload: dict[str, Any],
+        privacy_notice: PrivacyNotice,
+        url,
+        db,
+    ):
+        """
+        Test escape behavior when patching notices
+        """
+        overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
+            db, PrivacyNoticeRegion.us_ca
+        )
+        assert overlay_exp is None
+        assert privacy_center_exp is None
+
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_NOTICE_UPDATE])
+
+        before_update = datetime.now().isoformat()
+        maybe_dangerous_description = "user's description <script />"
+        patch_privacy_notice_payload["description"] = maybe_dangerous_description
+
+        resp = api_client.patch(
+            url, headers=auth_header, json=[patch_privacy_notice_payload]
+        )
+        assert resp.status_code == 200
+        assert len(resp.json()) == 1
+        response_notice = resp.json()[0]
+
+        # assert our response object has the updated values
+        assert response_notice["name"] == patch_privacy_notice_payload["name"]
+        assert response_notice["id"] == patch_privacy_notice_payload["id"]
+        assert response_notice["regions"] == patch_privacy_notice_payload["regions"]
+        assert (
+            response_notice["consent_mechanism"]
+            == patch_privacy_notice_payload["consent_mechanism"]
+        )
+        assert response_notice["data_uses"] == patch_privacy_notice_payload["data_uses"]
+        assert response_notice["version"] == 2.0
+        assert response_notice["created_at"] < before_update
+        assert response_notice["updated_at"] < datetime.now().isoformat()
+        assert response_notice["updated_at"] > before_update
+        assert response_notice["disabled"]
+        assert response_notice["notice_key"] == "updated_privacy_notice_key"
+        assert (
+            response_notice["description"] == maybe_dangerous_description
+        ), "Unescaped in response"
+
+        # assert our old history record has the old privacy notice data
+        history_record: PrivacyNoticeHistory = (
+            PrivacyNoticeHistory.query(db=db)
+            .filter(PrivacyNoticeHistory.privacy_notice_id == privacy_notice.id)
+            .filter(PrivacyNoticeHistory.version == 1.0)
+        ).first()
+        assert (
+            history_record.name
+            == privacy_notice.name
+            != patch_privacy_notice_payload["name"]
+        )
+        assert (
+            history_record.regions
+            == privacy_notice.regions
+            != patch_privacy_notice_payload["regions"]
+        )
+        assert (
+            history_record.consent_mechanism
+            == privacy_notice.consent_mechanism
+            != patch_privacy_notice_payload["consent_mechanism"]
+        )
+        assert (
+            history_record.data_uses
+            == privacy_notice.data_uses
+            != patch_privacy_notice_payload["data_uses"]
+        )
+        assert history_record.version == 1.0
+        assert (
+            history_record.disabled
+            == privacy_notice.disabled
+            != patch_privacy_notice_payload["disabled"]
+        )
+
+        # assert there's a new history record with the new privacy notice data
+        history_record: PrivacyNoticeHistory = (
+            PrivacyNoticeHistory.query(db=db)
+            .filter(PrivacyNoticeHistory.privacy_notice_id == privacy_notice.id)
+            .filter(PrivacyNoticeHistory.version == 2.0)
+        ).first()
+        assert history_record.name == patch_privacy_notice_payload["name"]
+        assert [
+            region.value for region in history_record.regions
+        ] == patch_privacy_notice_payload["regions"]
+        assert (
+            history_record.consent_mechanism.value
+            == patch_privacy_notice_payload["consent_mechanism"]
+        )
+        assert history_record.data_uses == patch_privacy_notice_payload["data_uses"]
+        assert history_record.version == 2.0
+        assert history_record.disabled == patch_privacy_notice_payload["disabled"]
+
+        # assert the db privacy notice record has the updated values
+        db_notice: PrivacyNotice = PrivacyNotice.get(
+            db=db, object_id=response_notice["id"]
+        )
+        db.refresh(db_notice)
+        assert (
+            db_notice.description == "user&#x27;s description &lt;script /&gt;"
+        )  # Escaped in db
+        assert response_notice["name"] == db_notice.name
+        assert response_notice["version"] == db_notice.version
+        assert response_notice["created_at"] == db_notice.created_at.isoformat()
+        assert response_notice["updated_at"] == db_notice.updated_at.isoformat()
+        assert response_notice["disabled"] == db_notice.disabled
+        assert response_notice["regions"] == [
+            region.value for region in db_notice.regions
+        ]
+        assert response_notice["consent_mechanism"] == db_notice.consent_mechanism.value
+        assert response_notice["data_uses"] == db_notice.data_uses
+
+        overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
+            db, PrivacyNoticeRegion.us_ca
+        )
+        assert overlay_exp.component == ComponentType.overlay
+
+        assert privacy_center_exp.component == ComponentType.privacy_center
+
     def test_patch_multiple_privacy_notices(
         self,
         api_client: TestClient,
diff --git a/tests/ops/service/privacy_request/test_email_batch_send.py b/tests/ops/service/privacy_request/test_email_batch_send.py
index 87c2fd8c8e..5078739fc0 100644
--- a/tests/ops/service/privacy_request/test_email_batch_send.py
+++ b/tests/ops/service/privacy_request/test_email_batch_send.py
@@ -540,7 +540,7 @@ def test_send_consent_email_new_workflow(
                         privacy_notice_history=PrivacyNoticeHistorySchema(
                             name="example privacy notice",
                             notice_key="example_privacy_notice",
-                            description="a sample privacy notice configuration",
+                            description="user&#x27;s description &lt;script /&gt;",  # This isn't actually sent in the email
                             regions=["us_ca", "us_co"],
                             consent_mechanism="opt_in",
                             data_uses=["marketing.advertising", "third_party_sharing"],
@@ -670,7 +670,7 @@ def test_send_generic_consent_email_new_workflow(
                         privacy_notice_history=PrivacyNoticeHistorySchema(
                             name="example privacy notice",
                             notice_key="example_privacy_notice",
-                            description="a sample privacy notice configuration",
+                            description="user&#x27;s description &lt;script /&gt;",
                             regions=["us_ca", "us_co"],
                             consent_mechanism="opt_in",
                             data_uses=["marketing.advertising", "third_party_sharing"],
diff --git a/tests/ops/util/test_consent_util.py b/tests/ops/util/test_consent_util.py
index 35609de9d7..bc512c0f3e 100644
--- a/tests/ops/util/test_consent_util.py
+++ b/tests/ops/util/test_consent_util.py
@@ -559,6 +559,10 @@ def test_load_default_notices(self, db, load_default_data_uses):
             unescape(notice.internal_description)
             == "This is a contrived template for testing.  This field's for internal testing!"
         )
+        assert (
+            notice.internal_description
+            == "This is a contrived template for testing.  This field&#x27;s for internal testing!"
+        )  # Stored escaped
         assert notice.regions == [PrivacyNoticeRegion.us_ak]
         assert notice.consent_mechanism == ConsentMechanism.opt_in
         assert notice.enforcement_level == EnforcementLevel.system_wide
@@ -997,7 +1001,7 @@ def default_overlay_config_data(self, db):
             "is_default": True,
             "id": "test_id",
             "privacy_preferences_link_label": "D",
-            "privacy_policy_link_label": "E",
+            "privacy_policy_link_label": "E's label",
             "privacy_policy_url": "F",
             "reject_button_label": "G",
             "save_button_label": "H",
@@ -1020,7 +1024,9 @@ def test_create_default_experience_config(self, db, default_overlay_config_data)
         assert experience_config.is_default is True
         assert experience_config.id == "test_id"
         assert experience_config.privacy_preferences_link_label == "D"
-        assert experience_config.privacy_policy_link_label == "E"
+        assert (
+            experience_config.privacy_policy_link_label == "E&#x27;s label"
+        )  # Escaped
         assert experience_config.privacy_policy_url == "F"
         assert experience_config.regions == []
         assert experience_config.reject_button_label == "G"
@@ -1046,7 +1052,7 @@ def test_create_default_experience_config(self, db, default_overlay_config_data)
         assert history.is_default is True
         assert history.id != "test_id"
         assert history.privacy_preferences_link_label == "D"
-        assert history.privacy_policy_link_label == "E"
+        assert history.privacy_policy_link_label == "E&#x27;s label"
         assert history.privacy_policy_url == "F"
         assert history.reject_button_label == "G"
         assert history.save_button_label == "H"

From 283489514262a4fdd8af2f6b74a0e644a814784f Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Mon, 19 Jun 2023 19:41:19 -0400
Subject: [PATCH 02/90] update to latest `asyncpg` dependency (#3614)

---
 CHANGELOG.md     | 1 +
 requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c04d524b25..204c352c36 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ The types of changes are:
 - Handles an edge case for non-existent identities with the Kustomer API [#3513](https://github.com/ethyca/fides/pull/3513)
 - remove the configure privacy request tile from the home screen [#3555](https://github.com/ethyca/fides/pull/3555)
 - Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
+- Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
 
 ### Developer Experience
 
diff --git a/requirements.txt b/requirements.txt
index 4bf337d1a0..191f9f08a2 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 AccessControl==6.0
 alembic==1.8.1
 APScheduler==3.9.1.post1
-asyncpg==0.25.0
+asyncpg==0.27.0
 boto3==1.26.1
 celery[pytest]==5.2.7
 colorama>=0.4.3

From a8feeb1b76e7cd6da10efc71c4622b7bdfe5dccb Mon Sep 17 00:00:00 2001
From: Kelsey Thomas <101993653+Kelsey-Ethyca@users.noreply.github.com>
Date: Tue, 20 Jun 2023 07:00:48 -0700
Subject: [PATCH 03/90] Enable connector dropdown in integration tab when null
 and undefined  (#3589)

---
 CHANGELOG.md                                                    | 1 +
 .../system_portal_config/ConnectionForm.tsx                     | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 204c352c36..7cb0ffbf19 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -548,6 +548,7 @@ The types of changes are:
   - This PR contains a migration that deletes duplicate users and keeps the oldest original account.
 - Update Logos for shipped connectors [#2464](https://github.com/ethyca/fides/pull/2587)
 - Search field on privacy request page isn't working [#2270](https://github.com/ethyca/fides/pull/2595)
+- Fix connection dropdown in integration table to not be disabled add system creation [#3589](https://github.com/ethyca/fides/pull/3589)
 
 ### Developer Experience
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
index 697a102a02..4f6aab6343 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
@@ -68,7 +68,7 @@ const ConnectionForm = ({ connectionConfig, systemFidesKey }: Props) => {
           label="Connection type"
           selectedValue={selectedConnectionOption}
           onChange={setSelectedConnectionOption}
-          disabled={connectionConfig !== null}
+          disabled={connectionConfig && connectionConfig !== null}
         />
         <Spacer />
         {!connectionConfig && orphanedConnectionConfigs.length > 0 ? (

From a36132919535ea54e753134c1b4b2ca926cdc0cd Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Tue, 20 Jun 2023 10:48:40 -0500
Subject: [PATCH 04/90] Don't update default experience configs on startup -
 only create them. (#3605)

Co-authored-by: Adam Sachs <adam@ethyca.com>
---
 CHANGELOG.md                        |  1 +
 src/fides/api/util/consent_util.py  | 49 +++++-----------
 tests/ops/util/test_consent_util.py | 87 ++++++++++-------------------
 3 files changed, 45 insertions(+), 92 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7cb0ffbf19..d8728e306b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ The types of changes are:
 - Handles an edge case for non-existent identities with the Kustomer API [#3513](https://github.com/ethyca/fides/pull/3513)
 - remove the configure privacy request tile from the home screen [#3555](https://github.com/ethyca/fides/pull/3555)
 - Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
+- Only create default experience configs on startup, not update [#3605](https://github.com/ethyca/fides/pull/3605)
 - Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
 
 ### Developer Experience
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index 53750f0af1..01c75e81fb 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -32,11 +32,7 @@
     ProvidedIdentityType,
 )
 from fides.api.models.sql_models import DataUse, System  # type: ignore[attr-defined]
-from fides.api.schemas.privacy_experience import (
-    ExperienceConfigCreate,
-    ExperienceConfigCreateWithId,
-    ExperienceConfigUpdate,
-)
+from fides.api.schemas.privacy_experience import ExperienceConfigCreateWithId
 from fides.api.schemas.privacy_notice import PrivacyNoticeCreation, PrivacyNoticeWithId
 from fides.api.schemas.redis_cache import Identity
 from fides.core.config.helpers import load_file
@@ -558,16 +554,14 @@ def load_default_experience_configs_on_startup(
         experience_configs = yaml.safe_load(file).get("privacy_experience_configs", [])
 
         for experience_config_data in experience_configs:
-            upsert_default_experience_config(db, experience_config_data)
+            create_default_experience_config(db, experience_config_data)
 
 
-def upsert_default_experience_config(
+def create_default_experience_config(
     db: Session, experience_config_data: dict
-) -> Tuple[bool, PrivacyExperienceConfig]:
-    """Upserts an experience config - intended to be used for upserting default
-    configs on startup.  The id is specified upfront.
+) -> Optional[PrivacyExperienceConfig]:
+    """Create a default experience config on startup.  The id is specified upfront.
 
-    Returns whether the resource is new, and the experience config object.
     Split from load_default_experience_configs_on_startup for easier testing
     of a function that runs on application startup.
     """
@@ -587,31 +581,18 @@ def upsert_default_experience_config(
         db=db, object_id=experience_config_schema.id
     )
 
-    if existing_experience_config:
+    if not existing_experience_config:
         logger.info(
-            "Checking default experience config {} for updates",
-            existing_experience_config.id,
-        )
-
-        dry_update: PrivacyExperienceConfig = existing_experience_config.dry_update(
-            data=experience_config_schema.dict(exclude_unset=True)
+            "Creating default experience config {}", experience_config_schema.id
         )
-        # Validating some required fields if this is an overlay
-        ExperienceConfigCreate.from_orm(dry_update)
-
-        update_data = experience_config_schema.dict(exclude_unset=True)
-        del update_data["component"]
-        del update_data["id"]
-        # This is important for making sure config is only updated if it actually changed
-        existing_experience_config.update(
-            db=db, data=ExperienceConfigUpdate(**update_data).dict(exclude_unset=True)
+        return PrivacyExperienceConfig.create(
+            db,
+            data=experience_config_schema.dict(exclude_unset=True),
+            check_name=False,
         )
-        return False, existing_experience_config
 
-    logger.info("Creating default experience config {}", experience_config_schema.id)
-    new_experience_config = PrivacyExperienceConfig.create(
-        db,
-        data=experience_config_schema.dict(exclude_unset=True),
-        check_name=False,
+    logger.info(
+        "Found existing experience config {}, not creating a new default experience config",
+        experience_config_schema.id,
     )
-    return True, new_experience_config
+    return None
diff --git a/tests/ops/util/test_consent_util.py b/tests/ops/util/test_consent_util.py
index bc512c0f3e..463bbc66cd 100644
--- a/tests/ops/util/test_consent_util.py
+++ b/tests/ops/util/test_consent_util.py
@@ -27,11 +27,11 @@
     add_complete_system_status_for_consent_reporting,
     add_errored_system_status_for_consent_reporting,
     cache_initial_status_and_identities_for_consent_reporting,
+    create_default_experience_config,
     create_privacy_notices_util,
     get_fides_user_device_id_provided_identity,
     load_default_notices_on_startup,
     should_opt_in_to_service,
-    upsert_default_experience_config,
     upsert_privacy_notice_templates_util,
     validate_notice_data_uses,
 )
@@ -1009,10 +1009,9 @@ def default_overlay_config_data(self, db):
         }
 
     def test_create_default_experience_config(self, db, default_overlay_config_data):
-        created, experience_config = upsert_default_experience_config(
+        experience_config = create_default_experience_config(
             db, default_overlay_config_data
         )
-        assert created
 
         assert experience_config.accept_button_label == "A"
         assert experience_config.acknowledge_button_label == "B"
@@ -1063,18 +1062,19 @@ def test_create_default_experience_config(self, db, default_overlay_config_data)
         db.delete(history)
         db.delete(experience_config)
 
-    def test_update_default_experience_config_no_change(
+    def test_create_default_experience_config_config_already_exists_no_change(
         self, db, default_overlay_config_data
     ):
-        created, experience_config = upsert_default_experience_config(
+        """Experience config is not changed in any way"""
+        experience_config = create_default_experience_config(
             db, default_overlay_config_data
         )
-        assert created
+        assert experience_config is not None
 
-        created, experience_config = upsert_default_experience_config(
-            db, default_overlay_config_data
-        )
-        assert not created
+        resp = create_default_experience_config(db, default_overlay_config_data)
+        assert resp is None
+
+        db.refresh(experience_config)
 
         # Nothing changed so we don't want to update the version
         assert experience_config.version == 1.0
@@ -1083,36 +1083,34 @@ def test_update_default_experience_config_no_change(
         db.delete(experience_config.histories[0])
         db.delete(experience_config)
 
-    def test_update_default_experience_config(self, db, default_overlay_config_data):
-        created, experience_config = upsert_default_experience_config(
+    def test_default_experience_config_data_has_changed(
+        self, db, default_overlay_config_data
+    ):
+        """Even though data has changed, we don't update existing experience config"""
+        experience_config = create_default_experience_config(
             db, default_overlay_config_data
         )
-        assert created
+        assert experience_config is not None
 
         default_overlay_config_data["privacy_policy_url"] = "example.com/privacy_policy"
 
-        created, experience_config = upsert_default_experience_config(
-            db, default_overlay_config_data
-        )
-        assert not created
+        resp = create_default_experience_config(db, default_overlay_config_data)
+        assert resp is None
 
-        # Data has changed so we want to update the version
-        assert experience_config.version == 2.0
-        assert experience_config.privacy_policy_url == "example.com/privacy_policy"
-        assert experience_config.histories.count() == 2
+        db.refresh(experience_config)
+
+        # Data has changed but we didn't update existing config
+        assert experience_config.version == 1.0
+        assert experience_config.privacy_policy_url != "example.com/privacy_policy"
+        assert experience_config.histories.count() == 1
 
         assert experience_config.experience_config_history_id is not None
         assert experience_config.experience_config_history_id != "test_id"
-        history = experience_config.histories[1]
-
-        assert history.version == 2.0
-        assert experience_config.privacy_policy_url == "example.com/privacy_policy"
+        history = experience_config.histories[0]
 
-        old_history = experience_config.histories[0]
-        assert old_history.version == 1.0
-        assert old_history.privacy_policy_url == "F"
+        assert history.version == 1.0
+        assert experience_config.privacy_policy_url != "example.com/privacy_policy"
 
-        old_history.delete(db)
         history.delete(db)
         experience_config.delete(db)
 
@@ -1122,7 +1120,7 @@ def test_trying_to_use_this_function_to_create_non_default_configs(
         default_overlay_config_data["is_default"] = False
 
         with pytest.raises(Exception):
-            upsert_default_experience_config(db, default_overlay_config_data)
+            create_default_experience_config(db, default_overlay_config_data)
 
     def test_create_default_experience_config_validation_error(
         self, db, default_overlay_config_data
@@ -1132,34 +1130,7 @@ def test_create_default_experience_config_validation_error(
         ] = None  # Marking required field as None
 
         with pytest.raises(ValueError) as exc:
-            upsert_default_experience_config(db, default_overlay_config_data)
-
-        assert (
-            str(exc.value.args[0][0].exc)
-            == "The following additional fields are required when defining an overlay: acknowledge_button_label, banner_enabled, and privacy_preferences_link_label."
-        )
-
-    def test_update_default_experience_config_validation_error(
-        self, db, default_overlay_config_data
-    ):
-        created, experience_config = upsert_default_experience_config(
-            db, default_overlay_config_data
-        )
-        assert created
-
-        default_overlay_config_data["privacy_policy_url"] = "example.com/privacy_policy"
-
-        created, experience_config = upsert_default_experience_config(
-            db, default_overlay_config_data
-        )
-        assert not created
-
-        default_overlay_config_data[
-            "privacy_preferences_link_label"
-        ] = None  # Marking required field as None
-
-        with pytest.raises(ValueError) as exc:
-            upsert_default_experience_config(db, default_overlay_config_data)
+            create_default_experience_config(db, default_overlay_config_data)
 
         assert (
             str(exc.value.args[0][0].exc)

From 23699b5e69904f108218e3a238161d23e1621f24 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@MacBook-Pro-4.fios-router.home>
Date: Tue, 20 Jun 2023 15:05:28 -0400
Subject: [PATCH 05/90] testing 'last tested' message

---
 .../forms/ConnectorParameters.tsx             | 44 ++++++++++++++++++-
 1 file changed, 43 insertions(+), 1 deletion(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 0ce3cf6d3c..a0b32e512e 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -1,4 +1,4 @@
-import { Box, SlideFade } from "@fidesui/react";
+import { Box, Button, Flex, SlideFade, Spacer, Text } from "@fidesui/react";
 import { useAPIHelper } from "common/hooks";
 import { useAlert } from "common/hooks/useAlert";
 import { ConnectionTypeSecretSchemaReponse } from "connection-type/types";
@@ -7,6 +7,7 @@ import {
   useCreateSassConnectionConfigMutation,
   useDeleteDatastoreConnectionMutation,
   useGetConnectionConfigDatasetConfigsQuery,
+  useLazyGetDatastoreConnectionStatusQuery,
   useUpdateDatastoreConnectionSecretsMutation,
 } from "datastore-connections/datastore-connection.slice";
 import { useDatasetConfigField } from "datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
@@ -19,6 +20,8 @@ import {
 import { useState } from "react";
 
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
+import ConnectedCircle from "~/features/common/ConnectedCircle";
+import { formatDate } from "~/features/common/utils";
 import { useGetConnectionTypeSecretSchemaQuery } from "~/features/connection-type";
 import { formatKey } from "~/features/datastore-connections/system_portal_config/helpers";
 import TestConnection from "~/features/datastore-connections/system_portal_config/TestConnection";
@@ -40,6 +43,33 @@ import {
 import { ConnectionConfigFormValues } from "../types";
 import ConnectorParametersForm from "./ConnectorParametersForm";
 
+type TestDataProps = {
+  succeeded?: boolean;
+  timestamp: string;
+};
+
+const TestData: React.FC<TestDataProps> = ({ succeeded, timestamp }) => {
+  const date = timestamp ? formatDate(timestamp) : "";
+  const testText = timestamp
+    ? `Last tested on ${date}`
+    : "This connection has not been tested yet";
+
+  return (
+    <>
+      <ConnectedCircle connected={succeeded} />
+      <Text
+        color="gray.500"
+        fontSize="xs"
+        fontWeight="semibold"
+        lineHeight="16px"
+        ml="10px"
+      >
+        {testText}
+      </Text>
+    </>
+  );
+};
+
 /**
  * Only handles creating saas connectors. The BE handler automatically
  * configures the connector using the saas config and creates the
@@ -297,8 +327,10 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
   setSelectedConnectionOption,
 }) => {
   const [response, setResponse] = useState<any>();
+  const [trigger, result] = useLazyGetDatastoreConnectionStatusQuery();
 
   const handleTestConnectionClick = (value: any) => {
+    if (connectionConfig) trigger(connectionConfig?.key);
     setResponse(value);
   };
   const skip = connectionOption.type === SystemType.MANUAL;
@@ -358,6 +390,16 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
         deleteResult={deleteDatastoreConnectionResult}
       />
 
+      {connectionConfig && (
+      <Flex mt="0px" justifyContent="center" alignItems="center">
+        <Spacer />
+        <TestData
+          succeeded={connectionConfig?.last_test_succeeded}
+          timestamp={connectionConfig?.last_test_timestamp || ""}
+        />
+        <Spacer />
+      </Flex>)}
+
       {response && (
         <SlideFade in>
           <Box mt="16px" maxW="528px" w="fit-content">

From 05fbca1c5930c05fe3f047dd7e4116b6f7e690cf Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Tue, 20 Jun 2023 15:24:05 -0400
Subject: [PATCH 06/90] replace 'connection' with 'integration' on edit
 integrations page

---
 .../system_portal_config/ConnectionForm.tsx    |  4 ++--
 .../forms/ConnectorParametersForm.tsx          | 18 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
index 697a102a02..ce1632b0d3 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
@@ -65,7 +65,7 @@ const ConnectionForm = ({ connectionConfig, systemFidesKey }: Props) => {
       <Flex py={5}>
         <ConnectionListDropdown
           list={dropDownOptions}
-          label="Connection type"
+          label="Integration type"
           selectedValue={selectedConnectionOption}
           onChange={setSelectedConnectionOption}
           disabled={connectionConfig !== null}
@@ -87,7 +87,7 @@ const ConnectionForm = ({ connectionConfig, systemFidesKey }: Props) => {
             onClick={uploadTemplateModal.onOpen}
             marginLeft={2}
           >
-            Upload connector
+            Upload integration
           </Button>
         </Restrict>
         <ConnectorTemplateUploadModal
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index db35b8d5be..c80456f831 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -72,7 +72,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   isSubmitting = false,
   onSaveClick,
   onTestConnectionClick,
-  testButtonLabel = "Test connection",
+  testButtonLabel = "Test integration",
   connectionOption,
   connectionConfig,
   datasetDropdownOptions,
@@ -88,10 +88,10 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   const validateConnectionIdentifier = (value: string) => {
     let error;
     if (typeof value === "undefined" || value === "") {
-      error = "Connection Identifier is required";
+      error = "Integration Identifier is required";
     }
     if (value && isNumeric(value)) {
-      error = "Connection Identifier must be an alphanumeric value";
+      error = "Integration Identifier must be an alphanumeric value";
     }
     return error;
   };
@@ -287,7 +287,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                       color="gray.700"
                       placeholder={`Enter a friendly name for your new ${
                         connectionOption!.human_readable
-                      } connection`}
+                      } integration`}
                       size="sm"
                       data-testid="input-name"
                     />
@@ -309,7 +309,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                     color="gray.700"
                     placeholder={`Enter a description for your new ${
                       connectionOption!.human_readable
-                    } connection`}
+                    } integration`}
                     resize="none"
                     size="sm"
                     value={field.value || ""}
@@ -335,7 +335,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                       props.errors.instance_key && props.touched.instance_key
                     }
                   >
-                    {getFormLabel("instance_key", "Connection Identifier")}
+                    {getFormLabel("instance_key", "Integration Identifier")}
                     <VStack align="flex-start" w="inherit">
                       <Input
                         {...field}
@@ -344,7 +344,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                         isDisabled={!!connectionConfig?.key}
                         placeholder={`A unique identifier for your new ${
                           connectionOption!.human_readable
-                        } connection`}
+                        } integration`}
                         size="sm"
                       />
                       <FormErrorMessage>
@@ -352,9 +352,9 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                       </FormErrorMessage>
                     </VStack>
                     <Tooltip
-                      aria-label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this connection."
+                      aria-label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
                       hasArrow
-                      label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this connection."
+                      label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
                       placement="right-start"
                       openDelay={500}
                     >

From 0da30773ceaa6684023f7dd602d05314ecc02dac Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Tue, 20 Jun 2023 16:29:38 -0400
Subject: [PATCH 07/90] fix issue with repeating query

---
 .../forms/ConnectorParameters.tsx             | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index a0b32e512e..87a9ee54f8 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -327,10 +327,8 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
   setSelectedConnectionOption,
 }) => {
   const [response, setResponse] = useState<any>();
-  const [trigger, result] = useLazyGetDatastoreConnectionStatusQuery();
 
   const handleTestConnectionClick = (value: any) => {
-    if (connectionConfig) trigger(connectionConfig?.key);
     setResponse(value);
   };
   const skip = connectionOption.type === SystemType.MANUAL;
@@ -392,13 +390,19 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
 
       {connectionConfig && (
       <Flex mt="0px" justifyContent="center" alignItems="center">
-        <Spacer />
-        <TestData
-          succeeded={connectionConfig?.last_test_succeeded}
-          timestamp={connectionConfig?.last_test_timestamp || ""}
-        />
-        <Spacer />
-      </Flex>)}
+      <Spacer />
+        {response
+          ? <TestData
+              succeeded={response.data.test_status === "succeeded"}
+              timestamp={response.fulfilledTimeStamp}
+            />
+          : <TestData 
+              succeeded={connectionConfig?.last_test_succeeded}
+              timestamp={connectionConfig?.last_test_timestamp || ""}
+          /> 
+          }
+      <Spacer />
+    </Flex>)}
 
       {response && (
         <SlideFade in>

From aa9696c03e3953eafc4c0323901543305f19f79d Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Tue, 20 Jun 2023 16:49:14 -0400
Subject: [PATCH 08/90] remove unused variables

---
 .../forms/ConnectorParameters.tsx             | 31 +++++++++----------
 1 file changed, 15 insertions(+), 16 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 87a9ee54f8..5d24b2816d 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -1,4 +1,4 @@
-import { Box, Button, Flex, SlideFade, Spacer, Text } from "@fidesui/react";
+import { Box, Flex, SlideFade, Spacer, Text } from "@fidesui/react";
 import { useAPIHelper } from "common/hooks";
 import { useAlert } from "common/hooks/useAlert";
 import { ConnectionTypeSecretSchemaReponse } from "connection-type/types";
@@ -7,7 +7,6 @@ import {
   useCreateSassConnectionConfigMutation,
   useDeleteDatastoreConnectionMutation,
   useGetConnectionConfigDatasetConfigsQuery,
-  useLazyGetDatastoreConnectionStatusQuery,
   useUpdateDatastoreConnectionSecretsMutation,
 } from "datastore-connections/datastore-connection.slice";
 import { useDatasetConfigField } from "datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
@@ -389,20 +388,20 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
       />
 
       {connectionConfig && (
-      <Flex mt="0px" justifyContent="center" alignItems="center">
-      <Spacer />
-        {response
-          ? <TestData
-              succeeded={response.data.test_status === "succeeded"}
-              timestamp={response.fulfilledTimeStamp}
-            />
-          : <TestData 
-              succeeded={connectionConfig?.last_test_succeeded}
-              timestamp={connectionConfig?.last_test_timestamp || ""}
-          /> 
-          }
-      <Spacer />
-    </Flex>)}
+      <Flex mt="2" justifyContent="center" alignItems="center">
+        <Spacer />
+          {response
+            ? <TestData
+                succeeded={response.data.test_status === "succeeded"}
+                timestamp={response.fulfilledTimeStamp}
+              />
+            : <TestData 
+                succeeded={connectionConfig?.last_test_succeeded}
+                timestamp={connectionConfig?.last_test_timestamp || ""}
+            /> 
+            }
+        <Spacer />
+      </Flex>)}
 
       {response && (
         <SlideFade in>

From 0595869f6985cf0fab35dc22a4263556bd067579 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Tue, 20 Jun 2023 16:57:44 -0400
Subject: [PATCH 09/90] run prettier

---
 .../forms/ConnectorParameters.tsx             | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 5d24b2816d..2a29abdd15 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -388,20 +388,22 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
       />
 
       {connectionConfig && (
-      <Flex mt="2" justifyContent="center" alignItems="center">
-        <Spacer />
-          {response
-            ? <TestData
-                succeeded={response.data.test_status === "succeeded"}
-                timestamp={response.fulfilledTimeStamp}
-              />
-            : <TestData 
-                succeeded={connectionConfig?.last_test_succeeded}
-                timestamp={connectionConfig?.last_test_timestamp || ""}
-            /> 
-            }
-        <Spacer />
-      </Flex>)}
+        <Flex mt="2" justifyContent="center" alignItems="center">
+          <Spacer />
+          {response ? (
+            <TestData
+              succeeded={response.data.test_status === "succeeded"}
+              timestamp={response.fulfilledTimeStamp}
+            />
+          ) : (
+            <TestData
+              succeeded={connectionConfig?.last_test_succeeded}
+              timestamp={connectionConfig?.last_test_timestamp || ""}
+            />
+          )}
+          <Spacer />
+        </Flex>
+      )}
 
       {response && (
         <SlideFade in>

From bc5b93679fa9179e6680dc94e72ae373ad02edbf Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Tue, 20 Jun 2023 17:18:08 -0400
Subject: [PATCH 10/90] Fix bug with saving an edited declaration (#3627)

---
 CHANGELOG.md                                  |  1 +
 clients/admin-ui/cypress/e2e/systems.cy.ts    | 66 +++++++++++++++++++
 .../PrivacyDeclarationManager.tsx             | 17 +++--
 3 files changed, 77 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d8728e306b..801bf6011d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -37,6 +37,7 @@ The types of changes are:
 - Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
 - Only create default experience configs on startup, not update [#3605](https://github.com/ethyca/fides/pull/3605)
 - Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
+- Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
 
 ### Developer Experience
 
diff --git a/clients/admin-ui/cypress/e2e/systems.cy.ts b/clients/admin-ui/cypress/e2e/systems.cy.ts
index ec7538c3dc..7974b0ceab 100644
--- a/clients/admin-ui/cypress/e2e/systems.cy.ts
+++ b/clients/admin-ui/cypress/e2e/systems.cy.ts
@@ -518,6 +518,72 @@ describe("System management page", () => {
       cy.getByTestId("toast-success-msg");
     });
 
+    it("can edit an accordion data use while persisting a newly added data use", () => {
+      cy.visit(`${SYSTEM_ROUTE}/configure/fidesctl_system`);
+      cy.getByTestId("tab-Data uses").click();
+      cy.getByTestId("add-btn").click();
+      cy.wait(["@getDataCategories", "@getDataSubjects", "@getDataUses"]);
+
+      const newDeclaration = {
+        id: "pri_bf701ddb-1d05-48f9-913f-b5ff05b8f987",
+        name: "Second data use",
+        data_categories: ["user.biometric"],
+        data_use: "collect",
+        data_qualifier:
+          "aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified",
+        data_subjects: ["anonymous"],
+        dataset_references: [],
+      };
+      // We need to update both the PUT and GET fixtures to make sure they return
+      // the data use we are adding. This is how we can get the form into a state
+      // where there are both "accordion" declarations and the one declaration
+      // in the new form
+      cy.fixture("systems/system.json").then((system) => {
+        const { privacy_declarations: declarations } = system;
+        const updatedSystem = {
+          ...system,
+          fides_key: "fidesctl_system",
+          privacy_declarations: [...declarations, newDeclaration],
+        };
+        cy.intercept("PUT", "/api/v1/system*", {
+          body: updatedSystem,
+        }).as("putSystemWithAddedDataUse");
+        cy.intercept("GET", "/api/v1/system/*", {
+          body: updatedSystem,
+        }).as("getSystemWithAddedDataUse");
+      });
+
+      // Add one data use (one already exists)
+      cy.getByTestId("new-declaration-form").within(() => {
+        cy.getByTestId("input-data_use").type(
+          `${newDeclaration.data_use}{enter}`
+        );
+        cy.getByTestId("input-name").type(newDeclaration.name);
+        cy.getByTestId("input-data_categories").type(
+          `${newDeclaration.data_categories[0]}{enter}`
+        );
+        cy.getByTestId("input-data_subjects").type(
+          `${newDeclaration.data_subjects[0]}{enter}`
+        );
+        cy.getByTestId("save-btn").click();
+        cy.wait("@putSystemWithAddedDataUse")
+          .its("request.body.privacy_declarations")
+          .should("have.length", 2);
+        cy.wait("@getSystemWithAddedDataUse");
+      });
+
+      // Edit the existing data use
+      cy.getByTestId("privacy-declaration-accordion").within(() => {
+        cy.getByTestId("accordion-header-improve.system").click();
+        // Add a data subject
+        cy.getByTestId("input-data_subjects").type(`citizen{enter}`);
+        cy.getByTestId("save-btn").click();
+        cy.wait("@putSystemWithAddedDataUse")
+          .its("request.body.privacy_declarations")
+          .should("have.length", 2);
+      });
+    });
+
     describe("delete privacy declaration", () => {
       beforeEach(() => {
         cy.fixture("systems/systems_with_data_uses.json").then((systems) => {
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
index 753bf8eb74..bf18ade8c6 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
@@ -58,16 +58,19 @@ const PrivacyDeclarationManager = ({
     PrivacyDeclarationWithId | undefined
   >(undefined);
 
+  const allDeclarations = useMemo(
+    () => transformPrivacyDeclarationsToHaveId(system.privacy_declarations),
+    [system.privacy_declarations]
+  );
+
+  // Accordion declarations include all declarations but the newly created one (if it exists)
   const accordionDeclarations = useMemo(() => {
-    const declarations = transformPrivacyDeclarationsToHaveId(
-      system.privacy_declarations
-    );
     if (!newDeclaration) {
-      return declarations;
+      return allDeclarations;
     }
 
-    return declarations.filter((pd) => pd.id !== newDeclaration.id);
-  }, [newDeclaration, system]);
+    return allDeclarations.filter((pd) => pd.id !== newDeclaration.id);
+  }, [newDeclaration, allDeclarations]);
 
   const checkAlreadyExists = (values: PrivacyDeclaration) => {
     if (
@@ -140,7 +143,7 @@ const PrivacyDeclarationManager = ({
     }
     // Because the data use can change, we also need a reference to the old declaration in order to
     // make sure we are replacing the proper one
-    const updatedDeclarations = accordionDeclarations.map((dec) =>
+    const updatedDeclarations = allDeclarations.map((dec) =>
       dec.id === oldDeclaration.id ? updatedDeclaration : dec
     );
     return handleSave(updatedDeclarations);

From 22689ca1ee57f511131ada40643eafcd0d317f8b Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Tue, 20 Jun 2023 14:23:45 -0700
Subject: [PATCH 11/90] SurveyMonkey - Access and Erasure (#3590)

Co-authored-by: vivek <vivek@myambergroup.com>
---
 CHANGELOG.md                                  |   1 +
 data/saas/config/surveymonkey_config.yml      | 132 ++++++++++++
 data/saas/dataset/surveymonkey_dataset.yml    | 193 ++++++++++++++++++
 data/saas/icon/surveymonkey.svg               |   3 +
 tests/fixtures/saas/surveymonkey_fixtures.py  | 145 +++++++++++++
 .../saas/connector_runner.py                  |   8 +-
 .../saas/test_surveymonkey_task.py            |  55 +++++
 7 files changed, 535 insertions(+), 2 deletions(-)
 create mode 100644 data/saas/config/surveymonkey_config.yml
 create mode 100644 data/saas/dataset/surveymonkey_dataset.yml
 create mode 100644 data/saas/icon/surveymonkey.svg
 create mode 100644 tests/fixtures/saas/surveymonkey_fixtures.py
 create mode 100644 tests/ops/integration_tests/saas/test_surveymonkey_task.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 801bf6011d..195ff1a1a3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ The types of changes are:
 - Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
 - Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
 - HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
+- Access and erasure support for SurveyMonkey [#3590](https://github.com/ethyca/fides/pull/3590)
 
 ### Changed
 
diff --git a/data/saas/config/surveymonkey_config.yml b/data/saas/config/surveymonkey_config.yml
new file mode 100644
index 0000000000..08070d2c16
--- /dev/null
+++ b/data/saas/config/surveymonkey_config.yml
@@ -0,0 +1,132 @@
+saas_config:
+  fides_key: <instance_fides_key>
+  name: SurveyMonkey
+  type: surveymonkey
+  description: A sample schema representing the SurveyMonkey connector for Fides
+  version: 0.1.0
+
+  connector_params:
+    - name: domain
+      default_value: api.surveymonkey.com
+    - name: api_token
+      label: API Token
+
+  client_config:
+    protocol: https
+    host: <domain>
+    authentication:
+      strategy: bearer
+      configuration:
+        token: <api_token>
+
+  rate_limit_config:
+    limits:
+      - rate: 120
+        period: minute
+      - rate: 500
+        period: day
+
+  test_request:
+    method: GET
+    path: /v3/contacts
+
+  endpoints:
+    - name: contacts
+      requests:
+        read:
+          method: GET
+          path: /v3/contacts
+          query_params:
+            - name: search_by
+              value: email
+            - name: search
+              value: <email>
+          data_path: data
+          param_values:
+            - name: email
+              identity: email
+        delete:
+          method: DELETE
+          path: /v3/contacts/<contacts_id>
+          param_values:
+            - name: contacts_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: contacts.id
+                  direction: from
+    - name: surveys
+      requests:
+        read:
+          method: GET
+          path: /v3/surveys
+          query_params:
+            - name: page
+              value: 1
+          data_path: data
+          param_values:
+            - name: placeholder
+              identity: email
+          pagination:
+            strategy: offset
+            configuration:
+              incremental_param: page
+              increment_by: 1
+    - name: collectors
+      requests:
+        read:
+          method: GET
+          path: /v3/surveys/<survey_id>/collectors
+          query_params:
+            - name: page
+              value: 1
+          data_path: data
+          param_values:
+            - name: survey_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: surveys.id
+                  direction: from
+          pagination:
+            strategy: offset
+            configuration:
+              incremental_param: page
+              increment_by: 1
+    - name: survey_responses
+      requests:
+        read:
+          method: GET
+          path: /v3/collectors/<collectors_id>/responses/bulk
+          query_params:
+            - name: email
+              value: <email>
+            - name: page
+              value: 1
+          data_path: data
+          param_values:
+            - name: collectors_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: collectors.id
+                  direction: from
+            - name: email
+              identity: email
+          pagination:
+            strategy: offset
+            configuration:
+              incremental_param: page
+              increment_by: 1
+        delete:
+          method: DELETE
+          path: /v3/collectors/<survey_response_collector_id>/responses/<survey_response_id>
+          grouped_inputs: [survey_response_collector_id, survey_response_id]
+          param_values:
+            - name: survey_response_collector_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: survey_responses.collector_id
+                  direction: from
+            - name: survey_response_id
+              references:
+                - dataset: <instance_fides_key>
+                  field: survey_responses.id
+                  direction: from
diff --git a/data/saas/dataset/surveymonkey_dataset.yml b/data/saas/dataset/surveymonkey_dataset.yml
new file mode 100644
index 0000000000..4b2909aec3
--- /dev/null
+++ b/data/saas/dataset/surveymonkey_dataset.yml
@@ -0,0 +1,193 @@
+dataset:
+  - fides_key: <instance_fides_key>
+    name: SurveyMonkey Dataset
+    description: A sample dataset representing the SurveyMonkey connector for Fides
+    collections:
+      - name: contacts
+        fields:
+          - name: id
+            data_categories: [user.unique_id]
+            fidesops_meta:
+              primary_key: True
+              data_type: string
+          - name: first_name
+            data_categories: [user.name]
+            fidesops_meta:
+              data_type: string
+          - name: last_name
+            data_categories: [user.name]
+            fidesops_meta:
+              data_type: string
+          - name: email
+            data_categories: [user.contact.email]
+            fidesops_meta:
+              data_type: string
+          - name: phone_number
+            data_categories: [user.contact.phone_number]
+          - name: href
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+      - name: surveys
+        fields:
+          - name: id
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: title
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: nickname
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: href
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+      - name: collectors
+        fields:
+          - name: name
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: id
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: href
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: type
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: email
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: is_sender_email_verified
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: boolean
+      - name: survey_responses
+        fields:
+          - name: id
+            data_categories: [system.operations]
+            fidesops_meta:
+              primary_key: True
+              data_type: string
+          - name: recipient_id
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: collection_mode
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: response_status
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: custom_value
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: first_name
+            data_categories: [user.name]
+            fidesops_meta:
+              data_type: string
+          - name: last_name
+            data_categories: [user.name]
+            fidesops_meta:
+              data_type: string
+          - name: email_address
+            data_categories: [user.contact.email]
+            fidesops_meta:
+              data_type: string
+          - name: ip_address
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: language
+          - name: logic_path
+          - name: metadata
+            fidesops_meta:
+              data_type: object
+            fields:
+              - name: contact
+                fidesops_meta:
+                  data_type: object
+                fields:
+                  - name: email
+                    fidesops_meta:
+                      data_type: object
+                    fields:
+                      - name: type
+                        data_categories: [system.operations]
+                        fidesops_meta:
+                          data_type: string
+                      - name: value
+                        data_categories: [user.contact.email]
+                        fidesops_meta:
+                          data_type: string
+          - name: page_path
+          - name: collector_id
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: survey_id
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: custom_variables
+          - name: edit_url
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: analyze_url
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: total_time
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: integer
+          - name: date_modified
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: date_created
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: href
+            data_categories: [system.operations]
+            fidesops_meta:
+              data_type: string
+          - name: pages
+            fidesops_meta:
+              data_type: "object[]"
+            fields:
+              - name: id
+                data_categories: [system.operations]
+                fidesops_meta:
+                  data_type: string
+              - name: questions
+                fidesops_meta:
+                  data_type: "object[]"
+                fields:
+                  - name: id
+                    data_categories: [system.operations]
+                    fidesops_meta:
+                      data_type: string
+                  - name: answers
+                    fidesops_meta:
+                      data_type: "object[]"
+                    fields:
+                      - name: choice_id
+                        data_categories: [system.operations]
+                        fidesops_meta:
+                          data_type: string
diff --git a/data/saas/icon/surveymonkey.svg b/data/saas/icon/surveymonkey.svg
new file mode 100644
index 0000000000..199a90309a
--- /dev/null
+++ b/data/saas/icon/surveymonkey.svg
@@ -0,0 +1,3 @@
+<svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M26.6989 17.1441C26.4325 17.1454 26.1672 17.1787 25.9087 17.2432C25.4268 15.3472 24.4096 13.6299 22.9785 12.2961C21.5473 10.9624 19.7627 10.0686 17.8374 9.72129C17.6619 9.69014 17.5033 9.66748 17.3249 9.64483C17.3532 8.68194 17.3985 7.56895 18.8173 6.56641L18.5936 6C18.5936 6 15.8324 6.84961 15.5123 9.22002C15.3736 8.57715 14.0963 7.77285 13.4506 7.61992L13.1334 8.13252C13.4155 8.3028 13.6561 8.53372 13.8378 8.80851C14.0195 9.08331 14.1378 9.39511 14.1841 9.72129C12.2588 10.0679 10.4737 10.961 9.04209 12.2943C7.61044 13.6275 6.59259 15.3445 6.11 17.2403C5.6044 17.114 5.0761 17.1088 4.56814 17.2254C4.06018 17.3419 3.58695 17.5768 3.18701 17.9109C2.78707 18.2451 2.47174 18.669 2.26672 19.1481C2.0617 19.6273 1.97279 20.148 2.00723 20.6681C2.04168 21.1881 2.19852 21.6926 2.46495 22.1405C2.73138 22.5884 3.09988 22.967 3.5404 23.2455C3.98092 23.5239 4.48101 23.6944 4.9999 23.7429C5.51879 23.7914 6.0418 23.7166 6.52631 23.5246C6.80814 24.2292 7.16817 24.8998 7.59965 25.524L10.3439 23.6747L10.3212 23.6436C9.55542 22.5645 9.12314 21.2844 9.07797 19.9619C8.99584 18.4553 9.36117 16.9571 10.3269 16.0764C12.3093 14.3772 14.473 15.156 15.8267 16.7759H16.192C17.5457 15.156 19.7066 14.3857 21.6918 16.0764C22.6547 16.9571 23.0229 18.4553 22.9408 19.9619C22.8956 21.2844 22.4633 22.5645 21.6975 23.6436L21.6749 23.6747L24.4191 25.524C24.8506 24.8998 25.2106 24.2292 25.4924 23.5246C25.9447 23.7013 26.4304 23.7762 26.9149 23.7439C27.3994 23.7115 27.8708 23.5729 28.2957 23.3377C28.7205 23.1025 29.0883 22.7766 29.3729 22.3832C29.6575 21.9898 29.8519 21.5384 29.9422 21.0614C30.0326 20.5843 30.0168 20.0931 29.8958 19.6228C29.7748 19.1526 29.5517 18.7147 29.2423 18.3405C28.933 17.9662 28.5449 17.6647 28.1058 17.4575C27.6667 17.2502 27.1873 17.1422 26.7017 17.1412L26.6989 17.1441ZM5.25472 21.4261C5.00506 21.4126 4.77005 21.304 4.59808 21.1225C4.42611 20.941 4.33026 20.7005 4.33026 20.4505C4.33026 20.2004 4.42611 19.9599 4.59808 19.7784C4.77005 19.5969 5.00506 19.4883 5.25472 19.4748C5.44974 19.476 5.64001 19.5351 5.80131 19.6447C5.80974 20.1569 5.84471 20.6683 5.90609 21.1769C5.72702 21.3372 5.49511 21.426 5.25472 21.4261ZM26.764 21.4261C26.5236 21.426 26.2917 21.3372 26.1127 21.1769C26.174 20.6683 26.209 20.1569 26.2174 19.6447C26.3642 19.5453 26.5353 19.4877 26.7123 19.4783C26.8893 19.4689 27.0655 19.508 27.222 19.5913C27.3784 19.6746 27.5092 19.7991 27.6002 19.9512C27.6911 20.1034 27.7389 20.2774 27.7382 20.4547C27.7379 20.5826 27.7123 20.7092 27.663 20.8273C27.6137 20.9454 27.5416 21.0525 27.4509 21.1427C27.3602 21.2329 27.2526 21.3044 27.1342 21.353C27.0159 21.4016 26.8891 21.4265 26.7612 21.4261H26.764Z" fill="#00BF6F"/>
+</svg>
diff --git a/tests/fixtures/saas/surveymonkey_fixtures.py b/tests/fixtures/saas/surveymonkey_fixtures.py
new file mode 100644
index 0000000000..72570a1339
--- /dev/null
+++ b/tests/fixtures/saas/surveymonkey_fixtures.py
@@ -0,0 +1,145 @@
+from typing import Any, Dict, Generator
+
+import pydash
+import pytest
+import requests
+
+from tests.ops.integration_tests.saas.connector_runner import (
+    ConnectorRunner,
+    generate_random_email,
+)
+from tests.ops.test_helpers.vault_client import get_secrets
+
+secrets = get_secrets("surveymonkey")
+
+
+@pytest.fixture(scope="session")
+def surveymonkey_secrets(saas_config) -> Dict[str, Any]:
+    return {
+        "domain": pydash.get(saas_config, "surveymonkey.domain") or secrets["domain"],
+        "api_token": pydash.get(saas_config, "surveymonkey.api_token")
+        or secrets["api_token"],
+        "survey_id": pydash.get(saas_config, "surveymonkey.survey_id")
+        or secrets["survey_id"],
+        "collector_id": pydash.get(saas_config, "surveymonkey.collector_id")
+        or secrets["collector_id"],
+        "admin_email": pydash.get(saas_config, "surveymonkey.admin_email")
+        or secrets["admin_email"],
+        "page_id": pydash.get(saas_config, "surveymonkey.page_id")
+        or secrets["page_id"],
+        "question_id": pydash.get(saas_config, "surveymonkey.question_id")
+        or secrets["question_id"],
+        "choice_id": pydash.get(saas_config, "surveymonkey.choice_id")
+        or secrets["choice_id"],
+        # add the rest of your secrets here
+    }
+
+
+@pytest.fixture(scope="session")
+def surveymonkey_identity_email(saas_config) -> str:
+    return (
+        pydash.get(saas_config, "surveymonkey.identity_email")
+        or secrets["identity_email"]
+    )
+
+
+@pytest.fixture
+def surveymonkey_erasure_identity_email() -> str:
+    return generate_random_email()
+
+
+class SurveyMonkeyClient:
+    def __init__(self, secrets: Dict[str, Any]):
+        self.secrets = secrets
+        self.survey_id = secrets["survey_id"]
+        self.collector_id = secrets["collector_id"]
+        self.base_url = f"https://{secrets['domain']}"
+        self.headers = {
+            "Authorization": f"Bearer {secrets['api_token']}",
+        }
+
+    def create_contact(self, email):
+        return requests.post(
+            url=f"{self.base_url}/v3/contacts",
+            headers=self.headers,
+            json={"email": email},
+        )
+
+    def create_collector_message(self):
+        return requests.post(
+            url=f"{self.base_url}/v3/surveys/{self.survey_id}/collectors/{self.collector_id}/messages",
+            headers=self.headers,
+            json={"type": "invite"},
+        )
+
+    def create_recipient(self, message_id: str, email: str):
+        return requests.post(
+            url=f"{self.base_url}/v3/surveys/{self.survey_id}/collectors/{self.collector_id}/messages/{message_id}/recipients",
+            headers=self.headers,
+            json={"email": email},
+        )
+
+    def create_survey_response(self, recipient_id: str):
+        return requests.post(
+            url=f"{self.base_url}/v3/collectors/{self.collector_id}/responses",
+            headers=self.headers,
+            json={
+                "recipient_id": recipient_id,
+                "pages": [
+                    {
+                        "id": self.secrets["page_id"],
+                        "questions": [
+                            {
+                                "id": self.secrets["question_id"],
+                                "answers": [{"choice_id": self.secrets["choice_id"]}],
+                            }
+                        ],
+                    }
+                ],
+            },
+        )
+
+
+@pytest.fixture
+def surveymonkey_client(surveymonkey_secrets) -> Generator:
+    yield SurveyMonkeyClient(surveymonkey_secrets)
+
+
+@pytest.fixture
+def surveymonkey_erasure_data(
+    surveymonkey_client: SurveyMonkeyClient,
+    surveymonkey_erasure_identity_email: str,
+) -> Generator:
+    # contact
+    contacts_response = surveymonkey_client.create_contact(
+        surveymonkey_erasure_identity_email
+    )
+    assert contacts_response.ok
+
+    # collector message
+    message_response = surveymonkey_client.create_collector_message()
+    assert message_response.ok
+    message_id = message_response.json()["id"]
+
+    # recipient
+    recipient_response = surveymonkey_client.create_recipient(
+        message_id, surveymonkey_erasure_identity_email
+    )
+    assert recipient_response.ok
+    recipient_id = recipient_response.json()["id"]
+
+    # survey response
+    survey_response = surveymonkey_client.create_survey_response(recipient_id)
+    assert survey_response.ok
+
+    yield
+
+
+@pytest.fixture
+def surveymonkey_runner(db, cache, surveymonkey_secrets) -> ConnectorRunner:
+    return ConnectorRunner(
+        db,
+        cache,
+        "surveymonkey",
+        surveymonkey_secrets,
+    )
diff --git a/tests/ops/integration_tests/saas/connector_runner.py b/tests/ops/integration_tests/saas/connector_runner.py
index 70a7c0ba49..99df47f572 100644
--- a/tests/ops/integration_tests/saas/connector_runner.py
+++ b/tests/ops/integration_tests/saas/connector_runner.py
@@ -107,7 +107,9 @@ async def access_request(
         )
         # verify we returned at least one row for each collection in the dataset
         for collection in self.dataset["collections"]:
-            assert len(access_results[f"{fides_key}:{collection['name']}"])
+            assert len(
+                access_results[f"{fides_key}:{collection['name']}"]
+            ), f"No rows returned for collection '{collection['name']}'"
         return access_results
 
     async def strict_erasure_request(
@@ -193,7 +195,9 @@ async def _base_erasure_request(
 
         # verify we returned at least one row for each collection in the dataset
         for collection in self.dataset["collections"]:
-            assert len(access_results[f"{fides_key}:{collection['name']}"])
+            assert len(
+                access_results[f"{fides_key}:{collection['name']}"]
+            ), f"No rows returned for collection '{collection['name']}'"
 
         erasure_results = await graph_task.run_erasure(
             privacy_request,
diff --git a/tests/ops/integration_tests/saas/test_surveymonkey_task.py b/tests/ops/integration_tests/saas/test_surveymonkey_task.py
new file mode 100644
index 0000000000..1e3b1b9fa8
--- /dev/null
+++ b/tests/ops/integration_tests/saas/test_surveymonkey_task.py
@@ -0,0 +1,55 @@
+import pytest
+
+from fides.api.models.policy import Policy
+from tests.ops.integration_tests.saas.connector_runner import ConnectorRunner
+
+
+@pytest.mark.integration_saas
+class TestSurveyMonkeyConnector:
+    def test_connection(self, surveymonkey_runner: ConnectorRunner):
+        surveymonkey_runner.test_connection()
+
+    async def test_access_request(
+        self,
+        surveymonkey_runner: ConnectorRunner,
+        policy,
+        surveymonkey_identity_email: str,
+    ):
+        access_results = await surveymonkey_runner.access_request(
+            access_policy=policy, identities={"email": surveymonkey_identity_email}
+        )
+
+        # verify we only returned data for our identity email
+        for contacts in access_results["surveymonkey_instance:contacts"]:
+            assert contacts["email"] == surveymonkey_identity_email
+
+        for survey_response in access_results["surveymonkey_instance:survey_responses"]:
+            assert (
+                survey_response["metadata"]["contact"]["email"]["value"]
+                == surveymonkey_identity_email
+            )
+
+    async def test_non_strict_erasure_request(
+        self,
+        surveymonkey_runner: ConnectorRunner,
+        policy: Policy,
+        erasure_policy_string_rewrite: Policy,
+        surveymonkey_erasure_identity_email: str,
+        surveymonkey_erasure_data,
+        surveymonkey_client,
+    ):
+        (
+            access_results,
+            erasure_results,
+        ) = await surveymonkey_runner.non_strict_erasure_request(
+            access_policy=policy,
+            erasure_policy=erasure_policy_string_rewrite,
+            identities={"email": surveymonkey_erasure_identity_email},
+        )
+
+        assert erasure_results == {
+            "surveymonkey_instance:contacts": 1,
+            "surveymonkey_instance:surveys": 0,
+            "surveymonkey_instance:collectors": 0,
+            "surveymonkey_instance:survey_responses": 1,
+        }

From 820c2105c17cac760e229cf570f243c1570016f0 Mon Sep 17 00:00:00 2001
From: Thomas <thomas.lapiana+github@pm.me>
Date: Wed, 21 Jun 2023 21:04:37 +0800
Subject: [PATCH 12/90] Rearrange Code to fix Circular Imports (#3621)

Co-authored-by: Adam Sachs <adam@ethyca.com>
---
 MANIFEST.in                                   |  2 +-
 .../docs/development/development_tips.md      |  2 +-
 pyproject.toml                                |  2 +-
 scripts/create_test_data.py                   |  2 +-
 scripts/generate_docs.py                      |  4 +--
 scripts/quickstart.py                         |  4 +--
 .../api/{migrations => alembic}/__init__.py   |  0
 src/fides/api/{ => alembic}/alembic.ini       |  0
 .../migrations}/__init__.py                   |  0
 src/fides/api/{ => alembic}/migrations/env.py |  2 +-
 .../{ => alembic}/migrations/script.py.mako   |  0
 .../versions/0210948a8147_initial.py          |  0
 .../021d288d0ce3_add_consent_request.py       |  0
 .../versions/07014ff34eb2_add_mariadb.py      |  0
 .../144d9b85c712_update_consent_mechanism.py  |  0
 ...dd_fidesctl_meta_to_organization_object.py |  0
 .../155fd8e51d9d_add_fideslib_models.py       |  0
 ..._make_customfielddefinition_uniqueness_.py |  0
 ...7_add_security_policy_link_and_erasure_.py |  0
 .../179f2bb623ae_update_table_for_twilio.py   |  0
 ...e7_add_saas_config_to_connection_config.py |  0
 .../1f61c765cd1c_merge_alembic_heads.py       |  0
 .../1ff88b7bd579_add_authorization_request.py |  0
 ...944f1_add_datasetconfig_ctl_datasets_fk.py |  0
 ...dddf820a3_another_fidesops_remote_merge.py |  0
 ...31daffb_track_experience_on_preferences.py |  0
 .../26934c96ec80_initial_migration.py         |  0
 .../27fe9da9d0f9_privacy_request_stopped.py   |  0
 ...7a99c_add_notifications_for_failed_dsr_.py |  0
 ..._adds_first_name_and_last_name_to_user_.py |  0
 ...797a_update_messaging_service_type_enum.py |  0
 ...e268b_update_ctl_datasets_fidesctl_meta.py |  0
 ...f72b275_migrate_to_usage_of_evaluation_.py |  0
 ...educe_experience_and_config_duplication.py |  0
 .../327cd266f7b3_update_dataset_depth.py      |  0
 .../3842d1acac5f_adds_fides_device_id_enum.py |  0
 ...a_client_id_as_a_provided_identity_type.py |  0
 ...39a23bc016ea_record_consent_preferences.py |  0
 ...61471_adds_mailchimp_transactional_enum.py |  0
 .../3a7c5fb119c9_add_manual_connector_type.py |  0
 ...3465d_adds_provided_identity_table_for_.py |  0
 ...442_add_connection_key_to_execution_log.py |  0
 .../3d9c476d7cea_classification_management.py |  0
 ...5_save_privacy_preferences_on_device_id.py |  0
 ...8_remove_qualifier_lists_from_data_set_.py |  0
 ...cebd4_create_privacy_declarations_table.py |  0
 ...0_add_optional_contact_information_for_.py |  0
 .../migrations/versions/4fc34906c389_.py      |  0
 .../50180bbbb959_automigrate_viewer_role.py   |  0
 .../5078badb90b9_adds_drp_action_to_policy.py |  0
 ...d2_extend_data_use_with_recipients_and_.py |  0
 ...9c0dac_remove_deprecated_data_uses_for_.py |  0
 .../migrations/versions/530fb8533ca4_test.py  |  0
 .../54102bba36de_add_attentive_connector.py   |  0
 .../55d61eb8ed12_add_default_policies.py      |  0
 ...7c53fe3e99_add_audit_log_resource_table.py |  0
 ...8933b5cc6e8_merge_failed_dsr_and_twilio.py |  0
 ...cd643d7_fidesops_user_and_client_detail.py |  0
 ..._update_custom_field_resource_type_enum.py |  0
 ...3_add_system_foreign_key_to_connection_.py |  0
 ...62bab40b71_add_application_config_table.py |  0
 .../63b482f5b49b_upgrade_to_fideslang_1_4.py  |  0
 ...5453_case_insensitive_usernames_delete_.py |  0
 .../versions/68a518a3c050_system_managers.py  |  0
 .../6b287ff8cde4_penultimate_ops_merge.py     |  0
 ...b9885e68cbb_add_plus_system_scans_table.py |  0
 ...0603d_add_egress_and_ingress_to_systems.py |  0
 .../6d6b0b7cbb36_add_privacynotice_tables.py  |  0
 .../6f98e1bd7e4f_another_upstream_merge.py    |  0
 .../732105cd54e3_update_dataset_field_name.py |  0
 ...move_system_dependencies_to_egress_and_.py |  0
 ...5f5b76ae_merge_unified_with_ctl_and_ops.py |  0
 .../versions/7a4f4042091e_manual_webhooks.py  |  0
 ...dd_column_for_special_category_to_data_.py |  0
 ...8b7082_update_fideslang_data_categories.py |  2 +-
 ...81d34352e8_merge_ops_and_ctl_migrations.py |  0
 ...51d8a102a_add_created_at_and_updated_at.py |  0
 ...880eaf_remove_user_reset_password_scope.py |  0
 ...add_is_default_column_to_storage_config.py |  0
 ...88ddbf8cae_add_privacy_preference_table.py |  0
 ...cc_index_preference_created_and_updated.py |  0
 ...51e78b_create_custom_connector_template.py |  0
 .../8a71872089e4_add_notice_key_to_notices.py |  0
 ...e198eb13802_add_sovrn_consent_connector.py |  0
 ...f1a19465239_adds_userregistration_table.py |  0
 ...8f84fad4e00b_add_error_message_tracking.py |  0
 ...70db16d05_add_fidesops_user_permissions.py |  0
 .../906d7198df28_privacy_request_approve.py   |  0
 .../912d801f06c0_audit_log_email_send.py      |  0
 .../97801300fedd_identity_verification.py     |  0
 ...datasetconfig_ctl_datasets_non_nullable.py |  0
 .../9f38dad37628_redo_roles_scopes_mapping.py |  0
 .../alembic/migrations/versions/__init__.py   |  0
 ...a08024ba7e2b_add_custom_metadata_tables.py |  0
 .../versions/a0e6feb5bdc8_add_consent.py      |  0
 .../a0f219697fa0_remove_user_scopes.py        |  0
 ...baf_data_protection_impact_assessments_.py |  0
 .../aaa81d97a6f6_prepend_tables_with_ctl.py   |  0
 .../adad3be6af08_privacy_notice_attributes.py |  0
 ...7c4a0_add_connection_config_description.py |  0
 ...ce845e6c_split_privacy_experience_table.py |  0
 .../b72541d79f10_add_fides_connector.py       |  0
 ...8248ce6b8a1_add_privacy_notice_template.py |  0
 .../bab75915670a_add_finished_audit_log.py    |  0
 .../bde646a6f51e_add_execution_timeframe.py   |  0
 ...3596_add_fidesctl_meta_field_to_dataset.py |  0
 ...0b3cc_add_html_format_for_storageconfig.py |  0
 .../c2f7a29c4780_email_connection_config.py   |  0
 .../c3472d75c80e_connectionconfig_disabled.py |  0
 .../c4df5d585029_data_use_unique_together.py  |  0
 .../c5336b841d70_add_policy_webhooks.py       |  0
 .../versions/c61fd9d4f73e_emailconfig.py      |  0
 ...d4b_rename_user_name_tables_and_indexes.py |  0
 ...add_user_login_and_password_reset_dates.py |  0
 .../versions/c98da12d76f8_add_audit_log.py    |  0
 ...a_add_config_set_column_to_application_.py |  2 +-
 .../cdbd0fa118dd_unified_fides_2_merger.py    |  0
 .../versions/cf88efa1ad89_add_timescale_db.py |  0
 ...bc647083_adds_gpc_info_to_consent_table.py |  0
 ...d65e7e921814_add_privacy_request_status.py |  0
 ...c6c6555c86_remove_datasetconfig_dataset.py |  0
 .../versions/d8df7ff7aab4_add_due_date.py     |  0
 ...54f_add_tags_as_part_of_fideslang_1_1_0.py |  0
 ...add_privacyrequest_consent_preferences_.py |  0
 .../deb97d9393f3_remove_delivery_mechanism.py |  0
 .../versions/e55a51b354e3_add_bigquery.py     |  0
 ...6a80a49_add_parent_key_to_dataqualifier.py |  0
 ...add_enabled_actions_to_connectionconfig.py |  0
 .../e92da354691e_privacy_experiences.py       |  0
 ...eb1e6ec39b83_add_role_based_permissions.py |  0
 .../ed1b00ff963d_cancel_privacy_request.py    |  0
 ...679fb_add_generic_email_connector_types.py |  0
 ...dcd28ede1f7_add_fidesctl_meta_to_system.py |  0
 ...63a10_add_is_default_to_taxonomy_fields.py |  0
 ...574d_add_redshift_and_snowflake_support.py |  0
 .../versions/f3841942d90c_add_mssql.py        |  0
 .../versions/f53e04e5b7f5_merge_heads.py      |  0
 .../fb6b0150d6e4_final_unified_ctl_merge.py   |  0
 ...e3e637c0_add_dynamodb_to_connector_list.py |  0
 ...bbcde_populate_saas_type_to_saas_config.py |  0
 ..._add_responsibility_role_attribute_for_.py |  0
 ...able_field_to_custom_connector_template.py |  0
 src/fides/api/analytics.py                    |  2 +-
 src/fides/api/api/deps.py                     |  6 ++--
 src/fides/api/api/v1/endpoints/admin.py       |  4 +--
 .../api/api/v1/endpoints/config_endpoints.py  |  6 ++--
 .../api/v1/endpoints/connection_endpoints.py  | 10 +++----
 .../v1/endpoints/connection_type_endpoints.py |  2 +-
 .../v1/endpoints/consent_request_endpoints.py |  6 ++--
 .../api/api/v1/endpoints/dataset_endpoints.py | 14 ++++++----
 .../api/api/v1/endpoints/drp_endpoints.py     |  6 ++--
 .../api/v1/endpoints/encryption_endpoints.py  |  4 +--
 src/fides/api/api/v1/endpoints/generate.py    |  2 +-
 src/fides/api/api/v1/endpoints/health.py      |  2 +-
 .../identity_verification_endpoints.py        |  2 +-
 .../v1/endpoints/manual_webhook_endpoints.py  | 10 +++----
 .../api/api/v1/endpoints/masking_endpoints.py |  2 +-
 .../api/v1/endpoints/messaging_endpoints.py   | 12 ++++----
 .../api/api/v1/endpoints/oauth_endpoints.py   | 20 ++++++-------
 .../api/api/v1/endpoints/policy_endpoints.py  |  2 +-
 .../v1/endpoints/policy_webhook_endpoints.py  |  2 +-
 .../privacy_experience_config_endpoints.py    |  4 +--
 .../endpoints/privacy_experience_endpoints.py |  2 +-
 .../v1/endpoints/privacy_notice_endpoints.py  |  2 +-
 .../endpoints/privacy_preference_endpoints.py | 12 ++++----
 .../v1/endpoints/privacy_request_endpoints.py | 26 ++++++++---------
 .../api/api/v1/endpoints/router_factory.py    |  2 +-
 .../api/v1/endpoints/saas_config_endpoints.py | 16 +++++------
 .../api/api/v1/endpoints/storage_endpoints.py | 10 +++----
 src/fides/api/api/v1/endpoints/system.py      | 18 ++++++------
 .../api/api/v1/endpoints/user_endpoints.py    | 24 ++++++++--------
 .../v1/endpoints/user_permission_endpoints.py | 14 +++++-----
 src/fides/api/api/v1/endpoints/utils.py       | 16 +++++------
 src/fides/api/api/v1/endpoints/validate.py    |  2 +-
 src/fides/api/api/v1/endpoints/view.py        |  2 +-
 src/fides/api/app_setup.py                    |  2 +-
 src/fides/api/common_exceptions.py            |  2 +-
 src/fides/api/db/ctl_session.py               |  2 +-
 src/fides/api/db/database.py                  |  4 +--
 src/fides/api/db/seed.py                      |  2 +-
 src/fides/api/db/session.py                   |  2 +-
 src/fides/api/graph/analytics_events.py       |  2 +-
 src/fides/api/main.py                         |  2 +-
 src/fides/api/models/application_config.py    |  2 +-
 src/fides/api/models/client.py                |  2 +-
 src/fides/api/models/connectionconfig.py      |  2 +-
 src/fides/api/models/datasetconfig.py         |  5 ++--
 src/fides/api/models/messaging.py             |  4 +--
 src/fides/api/models/policy.py                |  2 +-
 src/fides/api/models/privacy_preference.py    |  2 +-
 src/fides/api/models/privacy_request.py       |  4 +--
 src/fides/api/models/registration.py          |  2 +-
 src/fides/api/models/sql_models.py            |  2 +-
 src/fides/api/models/storage.py               |  4 +--
 src/fides/api/oauth/roles.py                  |  2 +-
 src/fides/api/oauth/system_manager.py         |  2 +-
 src/fides/api/oauth/utils.py                  |  2 +-
 src/fides/api/schemas/encryption_request.py   |  2 +-
 src/fides/api/schemas/privacy_request.py      |  2 +-
 src/fides/api/schemas/user_permission.py      |  2 +-
 src/fides/api/service/_verification.py        |  4 +--
 ...tion_strategy_oauth2_authorization_code.py |  2 +-
 .../api/service/connectors/base_connector.py  |  2 +-
 .../connectors/base_email_connector.py        |  4 +--
 .../connectors/consent_email_connector.py     |  2 +-
 .../connectors/erasure_email_connector.py     |  2 +-
 .../connectors/saas/authenticated_client.py   |  2 +-
 .../saas/connector_registry_service.py        |  2 +-
 .../service/connectors/saas_query_config.py   |  2 +-
 .../api/service/connectors/sql_connector.py   |  2 +-
 .../masking/strategy/masking_strategy_hash.py |  2 +-
 .../messaging/message_dispatch_service.py     |  4 +--
 .../privacy_request/email_batch_service.py    |  2 +-
 .../privacy_request/request_runner_service.py |  4 +--
 src/fides/api/task/graph_task.py              |  2 +-
 src/fides/api/tasks/__init__.py               |  2 +-
 src/fides/api/tasks/storage.py                |  2 +-
 src/fides/api/util/cache.py                   |  2 +-
 src/fides/api/util/consent_util.py            |  2 +-
 src/fides/api/util/data_category.py           |  4 ++-
 .../encryption/aes_gcm_encryption_scheme.py   |  2 +-
 .../util/encryption/hmac_encryption_scheme.py |  2 +-
 src/fides/api/util/identity_verification.py   |  2 +-
 src/fides/api/util/logger.py                  |  2 +-
 src/fides/api/util/saas_util.py               |  2 +-
 src/fides/cli/__init__.py                     |  2 +-
 src/fides/cli/commands/db.py                  |  3 +-
 src/fides/cli/commands/deploy.py              |  5 ++--
 src/fides/cli/commands/ungrouped.py           | 12 ++++++--
 src/fides/cli/commands/view.py                |  4 +--
 src/fides/cli/utils.py                        | 18 ++++++------
 src/fides/common/api/__init__.py              |  0
 .../api/v1 => common/api}/scope_registry.py   |  0
 src/fides/{core => }/config/__init__.py       |  2 +-
 .../{core => }/config/admin_ui_settings.py    |  0
 src/fides/{core => }/config/cli_settings.py   |  0
 src/fides/{core => }/config/config_proxy.py   |  0
 src/fides/{core => }/config/create.py         |  4 +--
 .../{core => }/config/credentials_settings.py |  0
 .../{core => }/config/database_settings.py    |  2 +-
 .../{core => }/config/execution_settings.py   |  0
 src/fides/{core => }/config/fides_settings.py |  0
 src/fides/{core => }/config/helpers.py        |  0
 .../{core => }/config/logging_settings.py     |  0
 .../config/notification_settings.py           |  0
 src/fides/{core => }/config/redis_settings.py |  0
 .../{core => }/config/security_settings.py    |  2 +-
 src/fides/{core => }/config/user_settings.py  |  0
 src/fides/{core => }/config/utils.py          |  0
 src/fides/core/annotate_dataset.py            |  5 ++--
 src/fides/core/audit.py                       |  3 +-
 src/fides/core/deploy.py                      |  2 +-
 src/fides/core/evaluate.py                    |  4 +--
 src/fides/core/parse.py                       |  3 +-
 src/fides/core/pull.py                        |  4 +--
 src/fides/core/push.py                        |  3 +-
 src/fides/core/system.py                      |  3 +-
 src/fides/core/user.py                        |  6 ++--
 src/fides/core/utils.py                       |  6 +---
 tests/conftest.py                             |  6 ++--
 tests/ctl/api/test_admin.py                   |  2 +-
 tests/ctl/api/test_generate.py                |  2 +-
 tests/ctl/api/test_seed.py                    |  2 +-
 tests/ctl/api/test_validate.py                |  2 +-
 tests/ctl/cli/test_cli.py                     |  4 +--
 tests/ctl/cli/test_utils.py                   |  2 +-
 tests/ctl/connectors/test_aws.py              |  2 +-
 tests/ctl/connectors/test_okta.py             |  2 +-
 tests/ctl/core/config/test_config.py          |  8 +++---
 tests/ctl/core/config/test_config_helpers.py  |  2 +-
 tests/ctl/core/config/test_create.py          |  4 +--
 .../core/config/test_credentials_settings.py  |  2 +-
 .../ctl/core/config/test_security_settings.py |  2 +-
 tests/ctl/core/config/test_utils.py           |  6 ++--
 tests/ctl/core/test_api.py                    | 14 +++++-----
 tests/ctl/core/test_api_helpers.py            |  2 +-
 tests/ctl/core/test_dataset.py                |  2 +-
 tests/ctl/core/test_evaluate.py               |  2 +-
 tests/ctl/core/test_pull.py                   |  2 +-
 tests/ctl/core/test_system.py                 |  2 +-
 tests/ctl/core/test_utils.py                  |  2 +-
 tests/ctl/database/test_crud.py               |  2 +-
 tests/fixtures/application_fixtures.py        |  4 +--
 tests/fixtures/mariadb_fixtures.py            |  2 +-
 tests/fixtures/mssql_fixtures.py              |  2 +-
 tests/fixtures/mysql_fixtures.py              |  2 +-
 tests/fixtures/postgres_fixtures.py           |  2 +-
 tests/fixtures/timescale_fixtures.py          |  2 +-
 tests/lib/test_client_model.py                |  2 +-
 tests/lib/test_oauth_util.py                  | 20 ++++++-------
 tests/lib/test_session.py                     |  2 +-
 tests/lib/test_system_oauth_util.py           |  4 +--
 tests/ops/api/test_deps.py                    |  2 +-
 tests/ops/api/test_ratelimit.py               |  2 +-
 .../api/v1/endpoints/test_config_endpoints.py |  2 +-
 .../test_connection_config_endpoints.py       | 12 ++++----
 .../test_connection_template_endpoints.py     | 10 +++----
 .../test_consent_request_endpoints.py         |  4 +--
 .../v1/endpoints/test_dataset_endpoints.py    | 16 +++++------
 .../api/v1/endpoints/test_drp_endpoints.py    | 14 +++++-----
 .../v1/endpoints/test_encryption_endpoints.py |  4 +--
 .../test_identity_verification_endpoints.py   |  2 +-
 .../api/v1/endpoints/test_manual_webhooks.py  | 14 +++++-----
 .../v1/endpoints/test_masking_endpoints.py    |  2 +-
 .../v1/endpoints/test_messaging_endpoints.py  | 12 ++++----
 .../api/v1/endpoints/test_oauth_endpoints.py  | 20 ++++++-------
 .../api/v1/endpoints/test_policy_endpoints.py |  2 +-
 .../test_policy_webhook_endpoints.py          | 12 ++++----
 ...est_privacy_experience_config_endpoints.py |  2 +-
 .../test_privacy_notice_endpoints.py          |  2 +-
 .../test_privacy_preference_endpoints.py      | 12 ++++----
 .../test_privacy_request_endpoints.py         | 28 +++++++++----------
 .../endpoints/test_saas_config_endpoints.py   | 18 ++++++------
 .../v1/endpoints/test_storage_endpoints.py    | 14 +++++-----
 tests/ops/api/v1/endpoints/test_system.py     | 12 ++++----
 .../api/v1/endpoints/test_user_endpoints.py   | 28 +++++++++----------
 .../test_user_permission_endpoints.py         | 20 ++++++-------
 tests/ops/api/v1/test_exception_handlers.py   |  4 +--
 tests/ops/api/v1/test_middleware.py           |  8 +++---
 tests/ops/graph/test_graph.py                 |  2 +-
 .../saas/connector_runner.py                  |  2 +-
 .../test_firebase_auth_task.py                |  2 +-
 .../saas/test_adobe_campaign_task.py          |  2 +-
 .../saas/test_aircall_task.py                 |  2 +-
 .../saas/test_amplitude_task.py               |  2 +-
 .../integration_tests/saas/test_auth0_task.py |  2 +-
 .../saas/test_braintree_task.py               |  2 +-
 .../integration_tests/saas/test_braze_task.py |  2 +-
 .../saas/test_delighted_task.py               |  2 +-
 .../integration_tests/saas/test_domo_task.py  |  2 +-
 .../saas/test_friendbuy_nextgen_task.py       |  2 +-
 .../saas/test_friendbuy_task.py               |  2 +-
 .../saas/test_fullstory_task.py               |  2 +-
 .../saas/test_gorgias_task.py                 |  2 +-
 .../saas/test_hubspot_task.py                 |  2 +-
 .../integration_tests/saas/test_jira_task.py  |  2 +-
 .../saas/test_klaviyo_task.py                 |  2 +-
 .../saas/test_kustomer_task.py                |  2 +-
 .../saas/test_outreach_task.py                |  2 +-
 .../saas/test_recharge_tasks.py               |  2 +-
 .../saas/test_rollbar_task.py                 |  2 +-
 .../saas/test_salesforce_task.py              |  2 +-
 .../saas/test_segment_task.py                 |  2 +-
 .../saas/test_sendgrid_task.py                |  2 +-
 .../saas/test_shippo_task.py                  |  2 +-
 .../saas/test_shopify_task.py                 |  2 +-
 .../saas/test_slack_enterprise_task.py        |  2 +-
 .../saas/test_square_task.py                  |  2 +-
 .../saas/test_stripe_task.py                  |  2 +-
 .../saas/test_twilio_conversations_task.py    |  2 +-
 .../saas/test_unbounce_task.py                |  2 +-
 .../integration_tests/saas/test_vend_task.py  |  2 +-
 .../saas/test_yotpo_loyalty_task.py           |  2 +-
 .../setup_scripts/mariadb_setup.py            |  2 +-
 .../setup_scripts/postgres_setup.py           |  2 +-
 .../setup_scripts/timescale_setup.py          |  2 +-
 ...st_connection_configuration_integration.py | 10 +++----
 tests/ops/integration_tests/test_execution.py |  2 +-
 .../test_integration_erasure_order.py         |  2 +-
 .../ops/integration_tests/test_manual_task.py |  2 +-
 tests/ops/integration_tests/test_sql_task.py  |  2 +-
 tests/ops/models/test_application_config.py   |  4 +--
 tests/ops/models/test_client.py               |  4 +--
 tests/ops/models/test_privacy_request.py      |  2 +-
 tests/ops/schemas/test_user_permission.py     |  2 +-
 .../test_connector_registry_service.py        |  2 +-
 .../test_connector_template_loaders.py        |  2 +-
 .../connectors/test_saas_queryconfig.py       |  2 +-
 .../message_dispatch_service_test.py          |  2 +-
 .../privacy_request/test_email_batch_send.py  |  2 +-
 .../test_request_runner_service.py            |  2 +-
 .../privacy_request/test_request_service.py   |  2 +-
 .../service/test_storage_uploader_service.py  |  2 +-
 tests/ops/tasks/test_celery.py                |  2 +-
 tests/ops/tasks/test_scheduled.py             |  2 +-
 tests/ops/util/test_api_router.py             |  2 +-
 tests/ops/util/test_cache.py                  |  2 +-
 tests/ops/util/test_jwt_util.py               |  2 +-
 tests/ops/util/test_logger.py                 |  2 +-
 379 files changed, 514 insertions(+), 514 deletions(-)
 rename src/fides/api/{migrations => alembic}/__init__.py (100%)
 rename src/fides/api/{ => alembic}/alembic.ini (100%)
 rename src/fides/api/{migrations/versions => alembic/migrations}/__init__.py (100%)
 rename src/fides/api/{ => alembic}/migrations/env.py (98%)
 rename src/fides/api/{ => alembic}/migrations/script.py.mako (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/0210948a8147_initial.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/021d288d0ce3_add_consent_request.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/07014ff34eb2_add_mariadb.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/144d9b85c712_update_consent_mechanism.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/150f234ef1de_add_fidesctl_meta_to_organization_object.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/155fd8e51d9d_add_fideslib_models.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/15a3e7483249_make_customfielddefinition_uniqueness_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/1739aa4a4ab7_add_security_policy_link_and_erasure_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/179f2bb623ae_update_table_for_twilio.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/1dfc5a2d30e7_add_saas_config_to_connection_config.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/1f61c765cd1c_merge_alembic_heads.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/1ff88b7bd579_add_authorization_request.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/216cdc7944f1_add_datasetconfig_ctl_datasets_fk.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/25adddf820a3_another_fidesops_remote_merge.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/2661f31daffb_track_experience_on_preferences.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/26934c96ec80_initial_migration.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/27fe9da9d0f9_privacy_request_stopped.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/28108b17a99c_add_notifications_for_failed_dsr_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/29a7d707163a_adds_first_name_and_last_name_to_user_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/2f6aa5fe797a_update_messaging_service_type_enum.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/2fb48b0e268b_update_ctl_datasets_fidesctl_meta.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/312aff72b275_migrate_to_usage_of_evaluation_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/317e6197c76a_reduce_experience_and_config_duplication.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/327cd266f7b3_update_dataset_depth.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/3842d1acac5f_adds_fides_device_id_enum.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/392992c7733a_add_ga_client_id_as_a_provided_identity_type.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/39a23bc016ea_record_consent_preferences.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/39b209861471_adds_mailchimp_transactional_enum.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/3a7c5fb119c9_add_manual_connector_type.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/3c5e1253465d_adds_provided_identity_table_for_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/3caf11127442_add_connection_key_to_execution_log.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/3d9c476d7cea_classification_management.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/451684a726a5_save_privacy_preferences_on_device_id.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/45c7a349db68_remove_qualifier_lists_from_data_set_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/48d9caacebd4_create_privacy_declarations_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/4c3693c289d0_add_optional_contact_information_for_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/4fc34906c389_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/50180bbbb959_automigrate_viewer_role.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5078badb90b9_adds_drp_action_to_policy.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/50b3736634d2_extend_data_use_with_recipients_and_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5307999c0dac_remove_deprecated_data_uses_for_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/530fb8533ca4_test.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/54102bba36de_add_attentive_connector.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/55d61eb8ed12_add_default_policies.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/587c53fe3e99_add_audit_log_resource_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/58933b5cc6e8_merge_failed_dsr_and_twilio.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5a966cd643d7_fidesops_user_and_client_detail.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5b03859e51b5_update_custom_field_resource_type_enum.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5b4b9c2d1c93_add_system_foreign_key_to_connection_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/5d62bab40b71_add_application_config_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/63b482f5b49b_upgrade_to_fideslang_1_4.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/643249f65453_case_insensitive_usernames_delete_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/68a518a3c050_system_managers.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/6b287ff8cde4_penultimate_ops_merge.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/6b9885e68cbb_add_plus_system_scans_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/6bd93cb0603d_add_egress_and_ingress_to_systems.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/6d6b0b7cbb36_add_privacynotice_tables.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/6f98e1bd7e4f_another_upstream_merge.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/732105cd54e3_update_dataset_field_name.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/76c02f99eec1_move_system_dependencies_to_egress_and_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/794e5f5b76ae_merge_unified_with_ctl_and_ops.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7a4f4042091e_manual_webhooks.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7a94527643a1_add_column_for_special_category_to_data_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7abe778b7082_update_fideslang_data_categories.py (99%)
 rename src/fides/api/{ => alembic}/migrations/versions/7b81d34352e8_merge_ops_and_ctl_migrations.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7c851d8a102a_add_created_at_and_updated_at.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7e218e880eaf_remove_user_reset_password_scope.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/7fd4601ef88b_add_is_default_column_to_storage_config.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8188ddbf8cae_add_privacy_preference_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8342453518cc_index_preference_created_and_updated.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8615ac51e78b_create_custom_connector_template.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8a71872089e4_add_notice_key_to_notices.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8e198eb13802_add_sovrn_consent_connector.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8f1a19465239_adds_userregistration_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/8f84fad4e00b_add_error_message_tracking.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/90070db16d05_add_fidesops_user_permissions.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/906d7198df28_privacy_request_approve.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/912d801f06c0_audit_log_email_send.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/97801300fedd_identity_verification.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/9c6f62e4c9da_make_datasetconfig_ctl_datasets_non_nullable.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/9f38dad37628_redo_roles_scopes_mapping.py (100%)
 create mode 100644 src/fides/api/alembic/migrations/versions/__init__.py
 rename src/fides/api/{ => alembic}/migrations/versions/a08024ba7e2b_add_custom_metadata_tables.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/a0e6feb5bdc8_add_consent.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/a0f219697fa0_remove_user_scopes.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/a2b9b156ebaf_data_protection_impact_assessments_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/aaa81d97a6f6_prepend_tables_with_ctl.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/adad3be6af08_privacy_notice_attributes.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/b3b68c87c4a0_add_connection_config_description.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/b546ce845e6c_split_privacy_experience_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/b72541d79f10_add_fides_connector.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/b8248ce6b8a1_add_privacy_notice_template.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/bab75915670a_add_finished_audit_log.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/bde646a6f51e_add_execution_timeframe.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/be432bd23596_add_fidesctl_meta_field_to_dataset.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c1885270b3cc_add_html_format_for_storageconfig.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c2f7a29c4780_email_connection_config.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c3472d75c80e_connectionconfig_disabled.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c4df5d585029_data_use_unique_together.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c5336b841d70_add_policy_webhooks.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c61fd9d4f73e_emailconfig.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c7cc36820d4b_rename_user_name_tables_and_indexes.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c9759675b5d3_add_user_login_and_password_reset_dates.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c98da12d76f8_add_audit_log.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py (97%)
 rename src/fides/api/{ => alembic}/migrations/versions/cdbd0fa118dd_unified_fides_2_merger.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/cf88efa1ad89_add_timescale_db.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/d65bbc647083_adds_gpc_info_to_consent_table.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/d65e7e921814_add_privacy_request_status.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/d6c6c6555c86_remove_datasetconfig_dataset.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/d8df7ff7aab4_add_due_date.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/d8f8bd52754f_add_tags_as_part_of_fideslang_1_1_0.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/de456534dbda_add_privacyrequest_consent_preferences_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/deb97d9393f3_remove_delivery_mechanism.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/e55a51b354e3_add_bigquery.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/e576b6a80a49_add_parent_key_to_dataqualifier.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/e798f37f0c26_add_enabled_actions_to_connectionconfig.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/e92da354691e_privacy_experiences.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/eb1e6ec39b83_add_role_based_permissions.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/ed1b00ff963d_cancel_privacy_request.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/ed46521679fb_add_generic_email_connector_types.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/edcd28ede1f7_add_fidesctl_meta_to_system.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/f131a1263a10_add_is_default_to_taxonomy_fields.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/f206d4e7574d_add_redshift_and_snowflake_support.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/f3841942d90c_add_mssql.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/f53e04e5b7f5_merge_heads.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/fb6b0150d6e4_final_unified_ctl_merge.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/fc04e3e637c0_add_dynamodb_to_connector_list.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/fc90277bbcde_populate_saas_type_to_saas_config.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/fdd28c39a679_add_responsibility_role_attribute_for_.py (100%)
 rename src/fides/api/{ => alembic}/migrations/versions/ff782b0dc07e_add_replaceable_field_to_custom_connector_template.py (100%)
 create mode 100644 src/fides/common/api/__init__.py
 rename src/fides/{api/api/v1 => common/api}/scope_registry.py (100%)
 rename src/fides/{core => }/config/__init__.py (99%)
 rename src/fides/{core => }/config/admin_ui_settings.py (100%)
 rename src/fides/{core => }/config/cli_settings.py (100%)
 rename src/fides/{core => }/config/config_proxy.py (100%)
 rename src/fides/{core => }/config/create.py (98%)
 rename src/fides/{core => }/config/credentials_settings.py (100%)
 rename src/fides/{core => }/config/database_settings.py (99%)
 rename src/fides/{core => }/config/execution_settings.py (100%)
 rename src/fides/{core => }/config/fides_settings.py (100%)
 rename src/fides/{core => }/config/helpers.py (100%)
 rename src/fides/{core => }/config/logging_settings.py (100%)
 rename src/fides/{core => }/config/notification_settings.py (100%)
 rename src/fides/{core => }/config/redis_settings.py (100%)
 rename src/fides/{core => }/config/security_settings.py (99%)
 rename src/fides/{core => }/config/user_settings.py (100%)
 rename src/fides/{core => }/config/utils.py (100%)

diff --git a/MANIFEST.in b/MANIFEST.in
index ee1575c366..c419da707b 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -4,7 +4,7 @@ include requirements.txt
 include dev-requirements.txt
 include dangerous-requirements.txt
 include versioneer.py
-include src/fides/api/alembic.ini
+include src/fides/api/alembic/alembic.ini
 include src/fides/_version.py
 include src/fides/py.typed
 
diff --git a/docs/fides/docs/development/development_tips.md b/docs/fides/docs/development/development_tips.md
index 7860d601db..6d5b557539 100644
--- a/docs/fides/docs/development/development_tips.md
+++ b/docs/fides/docs/development/development_tips.md
@@ -97,7 +97,7 @@ Some common Alembic commands are listed below. For a comprehensive guide see: <h
 
 The commands will need to be run inside a shell on your Docker containers, which can be opened with `nox -s dev -- shell`.
 
-In the `/src/fides/api/` directory:
+In the `/src/fides/api/alembic` directory:
 
 - Migrate your database to the latest state: `alembic upgrade head`
 - Merge heads (for when you have conflicting heads from a merge/rebase): `alembic merge heads`
diff --git a/pyproject.toml b/pyproject.toml
index e17cc5eed4..e9514397b7 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -215,4 +215,4 @@ markers = [
 asyncio_mode = "auto"
 
 [tool.coverage.run]
-omit = ["src/fides/api/migrations/*"]
+omit = ["src/fides/api/alembic/migrations/*"]
diff --git a/scripts/create_test_data.py b/scripts/create_test_data.py
index fe2a4bfb05..e9c5e1432b 100644
--- a/scripts/create_test_data.py
+++ b/scripts/create_test_data.py
@@ -33,7 +33,7 @@
     StorageType,
 )
 from fides.api.util.data_category import DataCategory
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/scripts/generate_docs.py b/scripts/generate_docs.py
index aa67d30cce..1d4b3560f8 100644
--- a/scripts/generate_docs.py
+++ b/scripts/generate_docs.py
@@ -5,8 +5,8 @@
 import sys
 
 from fides.api.main import app
-from fides.core.config import CONFIG
-from fides.core.config.create import generate_config_docs
+from fides.config import CONFIG
+from fides.config.create import generate_config_docs
 
 
 def generate_openapi(outfile_dir: str) -> str:
diff --git a/scripts/quickstart.py b/scripts/quickstart.py
index ce3166c696..0a0fa8d905 100644
--- a/scripts/quickstart.py
+++ b/scripts/quickstart.py
@@ -14,10 +14,10 @@
 from loguru import logger
 
 from fides.api.api.v1 import urn_registry as ops_urls
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY
 from fides.api.models.connectionconfig import ConnectionType
 from fides.api.models.policy import ActionType
-from fides.core.config import get_config
+from fides.common.api.scope_registry import SCOPE_REGISTRY
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/src/fides/api/migrations/__init__.py b/src/fides/api/alembic/__init__.py
similarity index 100%
rename from src/fides/api/migrations/__init__.py
rename to src/fides/api/alembic/__init__.py
diff --git a/src/fides/api/alembic.ini b/src/fides/api/alembic/alembic.ini
similarity index 100%
rename from src/fides/api/alembic.ini
rename to src/fides/api/alembic/alembic.ini
diff --git a/src/fides/api/migrations/versions/__init__.py b/src/fides/api/alembic/migrations/__init__.py
similarity index 100%
rename from src/fides/api/migrations/versions/__init__.py
rename to src/fides/api/alembic/migrations/__init__.py
diff --git a/src/fides/api/migrations/env.py b/src/fides/api/alembic/migrations/env.py
similarity index 98%
rename from src/fides/api/migrations/env.py
rename to src/fides/api/alembic/migrations/env.py
index 9daf5d7855..6a096af394 100644
--- a/src/fides/api/migrations/env.py
+++ b/src/fides/api/alembic/migrations/env.py
@@ -4,7 +4,7 @@
 from sqlalchemy import engine_from_config, pool
 
 from fides.api.util.logger import setup as setup_fidesapi_logger
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
diff --git a/src/fides/api/migrations/script.py.mako b/src/fides/api/alembic/migrations/script.py.mako
similarity index 100%
rename from src/fides/api/migrations/script.py.mako
rename to src/fides/api/alembic/migrations/script.py.mako
diff --git a/src/fides/api/migrations/versions/0210948a8147_initial.py b/src/fides/api/alembic/migrations/versions/0210948a8147_initial.py
similarity index 100%
rename from src/fides/api/migrations/versions/0210948a8147_initial.py
rename to src/fides/api/alembic/migrations/versions/0210948a8147_initial.py
diff --git a/src/fides/api/migrations/versions/021d288d0ce3_add_consent_request.py b/src/fides/api/alembic/migrations/versions/021d288d0ce3_add_consent_request.py
similarity index 100%
rename from src/fides/api/migrations/versions/021d288d0ce3_add_consent_request.py
rename to src/fides/api/alembic/migrations/versions/021d288d0ce3_add_consent_request.py
diff --git a/src/fides/api/migrations/versions/07014ff34eb2_add_mariadb.py b/src/fides/api/alembic/migrations/versions/07014ff34eb2_add_mariadb.py
similarity index 100%
rename from src/fides/api/migrations/versions/07014ff34eb2_add_mariadb.py
rename to src/fides/api/alembic/migrations/versions/07014ff34eb2_add_mariadb.py
diff --git a/src/fides/api/migrations/versions/144d9b85c712_update_consent_mechanism.py b/src/fides/api/alembic/migrations/versions/144d9b85c712_update_consent_mechanism.py
similarity index 100%
rename from src/fides/api/migrations/versions/144d9b85c712_update_consent_mechanism.py
rename to src/fides/api/alembic/migrations/versions/144d9b85c712_update_consent_mechanism.py
diff --git a/src/fides/api/migrations/versions/150f234ef1de_add_fidesctl_meta_to_organization_object.py b/src/fides/api/alembic/migrations/versions/150f234ef1de_add_fidesctl_meta_to_organization_object.py
similarity index 100%
rename from src/fides/api/migrations/versions/150f234ef1de_add_fidesctl_meta_to_organization_object.py
rename to src/fides/api/alembic/migrations/versions/150f234ef1de_add_fidesctl_meta_to_organization_object.py
diff --git a/src/fides/api/migrations/versions/155fd8e51d9d_add_fideslib_models.py b/src/fides/api/alembic/migrations/versions/155fd8e51d9d_add_fideslib_models.py
similarity index 100%
rename from src/fides/api/migrations/versions/155fd8e51d9d_add_fideslib_models.py
rename to src/fides/api/alembic/migrations/versions/155fd8e51d9d_add_fideslib_models.py
diff --git a/src/fides/api/migrations/versions/15a3e7483249_make_customfielddefinition_uniqueness_.py b/src/fides/api/alembic/migrations/versions/15a3e7483249_make_customfielddefinition_uniqueness_.py
similarity index 100%
rename from src/fides/api/migrations/versions/15a3e7483249_make_customfielddefinition_uniqueness_.py
rename to src/fides/api/alembic/migrations/versions/15a3e7483249_make_customfielddefinition_uniqueness_.py
diff --git a/src/fides/api/migrations/versions/1739aa4a4ab7_add_security_policy_link_and_erasure_.py b/src/fides/api/alembic/migrations/versions/1739aa4a4ab7_add_security_policy_link_and_erasure_.py
similarity index 100%
rename from src/fides/api/migrations/versions/1739aa4a4ab7_add_security_policy_link_and_erasure_.py
rename to src/fides/api/alembic/migrations/versions/1739aa4a4ab7_add_security_policy_link_and_erasure_.py
diff --git a/src/fides/api/migrations/versions/179f2bb623ae_update_table_for_twilio.py b/src/fides/api/alembic/migrations/versions/179f2bb623ae_update_table_for_twilio.py
similarity index 100%
rename from src/fides/api/migrations/versions/179f2bb623ae_update_table_for_twilio.py
rename to src/fides/api/alembic/migrations/versions/179f2bb623ae_update_table_for_twilio.py
diff --git a/src/fides/api/migrations/versions/1dfc5a2d30e7_add_saas_config_to_connection_config.py b/src/fides/api/alembic/migrations/versions/1dfc5a2d30e7_add_saas_config_to_connection_config.py
similarity index 100%
rename from src/fides/api/migrations/versions/1dfc5a2d30e7_add_saas_config_to_connection_config.py
rename to src/fides/api/alembic/migrations/versions/1dfc5a2d30e7_add_saas_config_to_connection_config.py
diff --git a/src/fides/api/migrations/versions/1f61c765cd1c_merge_alembic_heads.py b/src/fides/api/alembic/migrations/versions/1f61c765cd1c_merge_alembic_heads.py
similarity index 100%
rename from src/fides/api/migrations/versions/1f61c765cd1c_merge_alembic_heads.py
rename to src/fides/api/alembic/migrations/versions/1f61c765cd1c_merge_alembic_heads.py
diff --git a/src/fides/api/migrations/versions/1ff88b7bd579_add_authorization_request.py b/src/fides/api/alembic/migrations/versions/1ff88b7bd579_add_authorization_request.py
similarity index 100%
rename from src/fides/api/migrations/versions/1ff88b7bd579_add_authorization_request.py
rename to src/fides/api/alembic/migrations/versions/1ff88b7bd579_add_authorization_request.py
diff --git a/src/fides/api/migrations/versions/216cdc7944f1_add_datasetconfig_ctl_datasets_fk.py b/src/fides/api/alembic/migrations/versions/216cdc7944f1_add_datasetconfig_ctl_datasets_fk.py
similarity index 100%
rename from src/fides/api/migrations/versions/216cdc7944f1_add_datasetconfig_ctl_datasets_fk.py
rename to src/fides/api/alembic/migrations/versions/216cdc7944f1_add_datasetconfig_ctl_datasets_fk.py
diff --git a/src/fides/api/migrations/versions/25adddf820a3_another_fidesops_remote_merge.py b/src/fides/api/alembic/migrations/versions/25adddf820a3_another_fidesops_remote_merge.py
similarity index 100%
rename from src/fides/api/migrations/versions/25adddf820a3_another_fidesops_remote_merge.py
rename to src/fides/api/alembic/migrations/versions/25adddf820a3_another_fidesops_remote_merge.py
diff --git a/src/fides/api/migrations/versions/2661f31daffb_track_experience_on_preferences.py b/src/fides/api/alembic/migrations/versions/2661f31daffb_track_experience_on_preferences.py
similarity index 100%
rename from src/fides/api/migrations/versions/2661f31daffb_track_experience_on_preferences.py
rename to src/fides/api/alembic/migrations/versions/2661f31daffb_track_experience_on_preferences.py
diff --git a/src/fides/api/migrations/versions/26934c96ec80_initial_migration.py b/src/fides/api/alembic/migrations/versions/26934c96ec80_initial_migration.py
similarity index 100%
rename from src/fides/api/migrations/versions/26934c96ec80_initial_migration.py
rename to src/fides/api/alembic/migrations/versions/26934c96ec80_initial_migration.py
diff --git a/src/fides/api/migrations/versions/27fe9da9d0f9_privacy_request_stopped.py b/src/fides/api/alembic/migrations/versions/27fe9da9d0f9_privacy_request_stopped.py
similarity index 100%
rename from src/fides/api/migrations/versions/27fe9da9d0f9_privacy_request_stopped.py
rename to src/fides/api/alembic/migrations/versions/27fe9da9d0f9_privacy_request_stopped.py
diff --git a/src/fides/api/migrations/versions/28108b17a99c_add_notifications_for_failed_dsr_.py b/src/fides/api/alembic/migrations/versions/28108b17a99c_add_notifications_for_failed_dsr_.py
similarity index 100%
rename from src/fides/api/migrations/versions/28108b17a99c_add_notifications_for_failed_dsr_.py
rename to src/fides/api/alembic/migrations/versions/28108b17a99c_add_notifications_for_failed_dsr_.py
diff --git a/src/fides/api/migrations/versions/29a7d707163a_adds_first_name_and_last_name_to_user_.py b/src/fides/api/alembic/migrations/versions/29a7d707163a_adds_first_name_and_last_name_to_user_.py
similarity index 100%
rename from src/fides/api/migrations/versions/29a7d707163a_adds_first_name_and_last_name_to_user_.py
rename to src/fides/api/alembic/migrations/versions/29a7d707163a_adds_first_name_and_last_name_to_user_.py
diff --git a/src/fides/api/migrations/versions/2f6aa5fe797a_update_messaging_service_type_enum.py b/src/fides/api/alembic/migrations/versions/2f6aa5fe797a_update_messaging_service_type_enum.py
similarity index 100%
rename from src/fides/api/migrations/versions/2f6aa5fe797a_update_messaging_service_type_enum.py
rename to src/fides/api/alembic/migrations/versions/2f6aa5fe797a_update_messaging_service_type_enum.py
diff --git a/src/fides/api/migrations/versions/2fb48b0e268b_update_ctl_datasets_fidesctl_meta.py b/src/fides/api/alembic/migrations/versions/2fb48b0e268b_update_ctl_datasets_fidesctl_meta.py
similarity index 100%
rename from src/fides/api/migrations/versions/2fb48b0e268b_update_ctl_datasets_fidesctl_meta.py
rename to src/fides/api/alembic/migrations/versions/2fb48b0e268b_update_ctl_datasets_fidesctl_meta.py
diff --git a/src/fides/api/migrations/versions/312aff72b275_migrate_to_usage_of_evaluation_.py b/src/fides/api/alembic/migrations/versions/312aff72b275_migrate_to_usage_of_evaluation_.py
similarity index 100%
rename from src/fides/api/migrations/versions/312aff72b275_migrate_to_usage_of_evaluation_.py
rename to src/fides/api/alembic/migrations/versions/312aff72b275_migrate_to_usage_of_evaluation_.py
diff --git a/src/fides/api/migrations/versions/317e6197c76a_reduce_experience_and_config_duplication.py b/src/fides/api/alembic/migrations/versions/317e6197c76a_reduce_experience_and_config_duplication.py
similarity index 100%
rename from src/fides/api/migrations/versions/317e6197c76a_reduce_experience_and_config_duplication.py
rename to src/fides/api/alembic/migrations/versions/317e6197c76a_reduce_experience_and_config_duplication.py
diff --git a/src/fides/api/migrations/versions/327cd266f7b3_update_dataset_depth.py b/src/fides/api/alembic/migrations/versions/327cd266f7b3_update_dataset_depth.py
similarity index 100%
rename from src/fides/api/migrations/versions/327cd266f7b3_update_dataset_depth.py
rename to src/fides/api/alembic/migrations/versions/327cd266f7b3_update_dataset_depth.py
diff --git a/src/fides/api/migrations/versions/3842d1acac5f_adds_fides_device_id_enum.py b/src/fides/api/alembic/migrations/versions/3842d1acac5f_adds_fides_device_id_enum.py
similarity index 100%
rename from src/fides/api/migrations/versions/3842d1acac5f_adds_fides_device_id_enum.py
rename to src/fides/api/alembic/migrations/versions/3842d1acac5f_adds_fides_device_id_enum.py
diff --git a/src/fides/api/migrations/versions/392992c7733a_add_ga_client_id_as_a_provided_identity_type.py b/src/fides/api/alembic/migrations/versions/392992c7733a_add_ga_client_id_as_a_provided_identity_type.py
similarity index 100%
rename from src/fides/api/migrations/versions/392992c7733a_add_ga_client_id_as_a_provided_identity_type.py
rename to src/fides/api/alembic/migrations/versions/392992c7733a_add_ga_client_id_as_a_provided_identity_type.py
diff --git a/src/fides/api/migrations/versions/39a23bc016ea_record_consent_preferences.py b/src/fides/api/alembic/migrations/versions/39a23bc016ea_record_consent_preferences.py
similarity index 100%
rename from src/fides/api/migrations/versions/39a23bc016ea_record_consent_preferences.py
rename to src/fides/api/alembic/migrations/versions/39a23bc016ea_record_consent_preferences.py
diff --git a/src/fides/api/migrations/versions/39b209861471_adds_mailchimp_transactional_enum.py b/src/fides/api/alembic/migrations/versions/39b209861471_adds_mailchimp_transactional_enum.py
similarity index 100%
rename from src/fides/api/migrations/versions/39b209861471_adds_mailchimp_transactional_enum.py
rename to src/fides/api/alembic/migrations/versions/39b209861471_adds_mailchimp_transactional_enum.py
diff --git a/src/fides/api/migrations/versions/3a7c5fb119c9_add_manual_connector_type.py b/src/fides/api/alembic/migrations/versions/3a7c5fb119c9_add_manual_connector_type.py
similarity index 100%
rename from src/fides/api/migrations/versions/3a7c5fb119c9_add_manual_connector_type.py
rename to src/fides/api/alembic/migrations/versions/3a7c5fb119c9_add_manual_connector_type.py
diff --git a/src/fides/api/migrations/versions/3c5e1253465d_adds_provided_identity_table_for_.py b/src/fides/api/alembic/migrations/versions/3c5e1253465d_adds_provided_identity_table_for_.py
similarity index 100%
rename from src/fides/api/migrations/versions/3c5e1253465d_adds_provided_identity_table_for_.py
rename to src/fides/api/alembic/migrations/versions/3c5e1253465d_adds_provided_identity_table_for_.py
diff --git a/src/fides/api/migrations/versions/3caf11127442_add_connection_key_to_execution_log.py b/src/fides/api/alembic/migrations/versions/3caf11127442_add_connection_key_to_execution_log.py
similarity index 100%
rename from src/fides/api/migrations/versions/3caf11127442_add_connection_key_to_execution_log.py
rename to src/fides/api/alembic/migrations/versions/3caf11127442_add_connection_key_to_execution_log.py
diff --git a/src/fides/api/migrations/versions/3d9c476d7cea_classification_management.py b/src/fides/api/alembic/migrations/versions/3d9c476d7cea_classification_management.py
similarity index 100%
rename from src/fides/api/migrations/versions/3d9c476d7cea_classification_management.py
rename to src/fides/api/alembic/migrations/versions/3d9c476d7cea_classification_management.py
diff --git a/src/fides/api/migrations/versions/451684a726a5_save_privacy_preferences_on_device_id.py b/src/fides/api/alembic/migrations/versions/451684a726a5_save_privacy_preferences_on_device_id.py
similarity index 100%
rename from src/fides/api/migrations/versions/451684a726a5_save_privacy_preferences_on_device_id.py
rename to src/fides/api/alembic/migrations/versions/451684a726a5_save_privacy_preferences_on_device_id.py
diff --git a/src/fides/api/migrations/versions/45c7a349db68_remove_qualifier_lists_from_data_set_.py b/src/fides/api/alembic/migrations/versions/45c7a349db68_remove_qualifier_lists_from_data_set_.py
similarity index 100%
rename from src/fides/api/migrations/versions/45c7a349db68_remove_qualifier_lists_from_data_set_.py
rename to src/fides/api/alembic/migrations/versions/45c7a349db68_remove_qualifier_lists_from_data_set_.py
diff --git a/src/fides/api/migrations/versions/48d9caacebd4_create_privacy_declarations_table.py b/src/fides/api/alembic/migrations/versions/48d9caacebd4_create_privacy_declarations_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/48d9caacebd4_create_privacy_declarations_table.py
rename to src/fides/api/alembic/migrations/versions/48d9caacebd4_create_privacy_declarations_table.py
diff --git a/src/fides/api/migrations/versions/4c3693c289d0_add_optional_contact_information_for_.py b/src/fides/api/alembic/migrations/versions/4c3693c289d0_add_optional_contact_information_for_.py
similarity index 100%
rename from src/fides/api/migrations/versions/4c3693c289d0_add_optional_contact_information_for_.py
rename to src/fides/api/alembic/migrations/versions/4c3693c289d0_add_optional_contact_information_for_.py
diff --git a/src/fides/api/migrations/versions/4fc34906c389_.py b/src/fides/api/alembic/migrations/versions/4fc34906c389_.py
similarity index 100%
rename from src/fides/api/migrations/versions/4fc34906c389_.py
rename to src/fides/api/alembic/migrations/versions/4fc34906c389_.py
diff --git a/src/fides/api/migrations/versions/50180bbbb959_automigrate_viewer_role.py b/src/fides/api/alembic/migrations/versions/50180bbbb959_automigrate_viewer_role.py
similarity index 100%
rename from src/fides/api/migrations/versions/50180bbbb959_automigrate_viewer_role.py
rename to src/fides/api/alembic/migrations/versions/50180bbbb959_automigrate_viewer_role.py
diff --git a/src/fides/api/migrations/versions/5078badb90b9_adds_drp_action_to_policy.py b/src/fides/api/alembic/migrations/versions/5078badb90b9_adds_drp_action_to_policy.py
similarity index 100%
rename from src/fides/api/migrations/versions/5078badb90b9_adds_drp_action_to_policy.py
rename to src/fides/api/alembic/migrations/versions/5078badb90b9_adds_drp_action_to_policy.py
diff --git a/src/fides/api/migrations/versions/50b3736634d2_extend_data_use_with_recipients_and_.py b/src/fides/api/alembic/migrations/versions/50b3736634d2_extend_data_use_with_recipients_and_.py
similarity index 100%
rename from src/fides/api/migrations/versions/50b3736634d2_extend_data_use_with_recipients_and_.py
rename to src/fides/api/alembic/migrations/versions/50b3736634d2_extend_data_use_with_recipients_and_.py
diff --git a/src/fides/api/migrations/versions/5307999c0dac_remove_deprecated_data_uses_for_.py b/src/fides/api/alembic/migrations/versions/5307999c0dac_remove_deprecated_data_uses_for_.py
similarity index 100%
rename from src/fides/api/migrations/versions/5307999c0dac_remove_deprecated_data_uses_for_.py
rename to src/fides/api/alembic/migrations/versions/5307999c0dac_remove_deprecated_data_uses_for_.py
diff --git a/src/fides/api/migrations/versions/530fb8533ca4_test.py b/src/fides/api/alembic/migrations/versions/530fb8533ca4_test.py
similarity index 100%
rename from src/fides/api/migrations/versions/530fb8533ca4_test.py
rename to src/fides/api/alembic/migrations/versions/530fb8533ca4_test.py
diff --git a/src/fides/api/migrations/versions/54102bba36de_add_attentive_connector.py b/src/fides/api/alembic/migrations/versions/54102bba36de_add_attentive_connector.py
similarity index 100%
rename from src/fides/api/migrations/versions/54102bba36de_add_attentive_connector.py
rename to src/fides/api/alembic/migrations/versions/54102bba36de_add_attentive_connector.py
diff --git a/src/fides/api/migrations/versions/55d61eb8ed12_add_default_policies.py b/src/fides/api/alembic/migrations/versions/55d61eb8ed12_add_default_policies.py
similarity index 100%
rename from src/fides/api/migrations/versions/55d61eb8ed12_add_default_policies.py
rename to src/fides/api/alembic/migrations/versions/55d61eb8ed12_add_default_policies.py
diff --git a/src/fides/api/migrations/versions/587c53fe3e99_add_audit_log_resource_table.py b/src/fides/api/alembic/migrations/versions/587c53fe3e99_add_audit_log_resource_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/587c53fe3e99_add_audit_log_resource_table.py
rename to src/fides/api/alembic/migrations/versions/587c53fe3e99_add_audit_log_resource_table.py
diff --git a/src/fides/api/migrations/versions/58933b5cc6e8_merge_failed_dsr_and_twilio.py b/src/fides/api/alembic/migrations/versions/58933b5cc6e8_merge_failed_dsr_and_twilio.py
similarity index 100%
rename from src/fides/api/migrations/versions/58933b5cc6e8_merge_failed_dsr_and_twilio.py
rename to src/fides/api/alembic/migrations/versions/58933b5cc6e8_merge_failed_dsr_and_twilio.py
diff --git a/src/fides/api/migrations/versions/5a966cd643d7_fidesops_user_and_client_detail.py b/src/fides/api/alembic/migrations/versions/5a966cd643d7_fidesops_user_and_client_detail.py
similarity index 100%
rename from src/fides/api/migrations/versions/5a966cd643d7_fidesops_user_and_client_detail.py
rename to src/fides/api/alembic/migrations/versions/5a966cd643d7_fidesops_user_and_client_detail.py
diff --git a/src/fides/api/migrations/versions/5b03859e51b5_update_custom_field_resource_type_enum.py b/src/fides/api/alembic/migrations/versions/5b03859e51b5_update_custom_field_resource_type_enum.py
similarity index 100%
rename from src/fides/api/migrations/versions/5b03859e51b5_update_custom_field_resource_type_enum.py
rename to src/fides/api/alembic/migrations/versions/5b03859e51b5_update_custom_field_resource_type_enum.py
diff --git a/src/fides/api/migrations/versions/5b4b9c2d1c93_add_system_foreign_key_to_connection_.py b/src/fides/api/alembic/migrations/versions/5b4b9c2d1c93_add_system_foreign_key_to_connection_.py
similarity index 100%
rename from src/fides/api/migrations/versions/5b4b9c2d1c93_add_system_foreign_key_to_connection_.py
rename to src/fides/api/alembic/migrations/versions/5b4b9c2d1c93_add_system_foreign_key_to_connection_.py
diff --git a/src/fides/api/migrations/versions/5d62bab40b71_add_application_config_table.py b/src/fides/api/alembic/migrations/versions/5d62bab40b71_add_application_config_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/5d62bab40b71_add_application_config_table.py
rename to src/fides/api/alembic/migrations/versions/5d62bab40b71_add_application_config_table.py
diff --git a/src/fides/api/migrations/versions/63b482f5b49b_upgrade_to_fideslang_1_4.py b/src/fides/api/alembic/migrations/versions/63b482f5b49b_upgrade_to_fideslang_1_4.py
similarity index 100%
rename from src/fides/api/migrations/versions/63b482f5b49b_upgrade_to_fideslang_1_4.py
rename to src/fides/api/alembic/migrations/versions/63b482f5b49b_upgrade_to_fideslang_1_4.py
diff --git a/src/fides/api/migrations/versions/643249f65453_case_insensitive_usernames_delete_.py b/src/fides/api/alembic/migrations/versions/643249f65453_case_insensitive_usernames_delete_.py
similarity index 100%
rename from src/fides/api/migrations/versions/643249f65453_case_insensitive_usernames_delete_.py
rename to src/fides/api/alembic/migrations/versions/643249f65453_case_insensitive_usernames_delete_.py
diff --git a/src/fides/api/migrations/versions/68a518a3c050_system_managers.py b/src/fides/api/alembic/migrations/versions/68a518a3c050_system_managers.py
similarity index 100%
rename from src/fides/api/migrations/versions/68a518a3c050_system_managers.py
rename to src/fides/api/alembic/migrations/versions/68a518a3c050_system_managers.py
diff --git a/src/fides/api/migrations/versions/6b287ff8cde4_penultimate_ops_merge.py b/src/fides/api/alembic/migrations/versions/6b287ff8cde4_penultimate_ops_merge.py
similarity index 100%
rename from src/fides/api/migrations/versions/6b287ff8cde4_penultimate_ops_merge.py
rename to src/fides/api/alembic/migrations/versions/6b287ff8cde4_penultimate_ops_merge.py
diff --git a/src/fides/api/migrations/versions/6b9885e68cbb_add_plus_system_scans_table.py b/src/fides/api/alembic/migrations/versions/6b9885e68cbb_add_plus_system_scans_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/6b9885e68cbb_add_plus_system_scans_table.py
rename to src/fides/api/alembic/migrations/versions/6b9885e68cbb_add_plus_system_scans_table.py
diff --git a/src/fides/api/migrations/versions/6bd93cb0603d_add_egress_and_ingress_to_systems.py b/src/fides/api/alembic/migrations/versions/6bd93cb0603d_add_egress_and_ingress_to_systems.py
similarity index 100%
rename from src/fides/api/migrations/versions/6bd93cb0603d_add_egress_and_ingress_to_systems.py
rename to src/fides/api/alembic/migrations/versions/6bd93cb0603d_add_egress_and_ingress_to_systems.py
diff --git a/src/fides/api/migrations/versions/6d6b0b7cbb36_add_privacynotice_tables.py b/src/fides/api/alembic/migrations/versions/6d6b0b7cbb36_add_privacynotice_tables.py
similarity index 100%
rename from src/fides/api/migrations/versions/6d6b0b7cbb36_add_privacynotice_tables.py
rename to src/fides/api/alembic/migrations/versions/6d6b0b7cbb36_add_privacynotice_tables.py
diff --git a/src/fides/api/migrations/versions/6f98e1bd7e4f_another_upstream_merge.py b/src/fides/api/alembic/migrations/versions/6f98e1bd7e4f_another_upstream_merge.py
similarity index 100%
rename from src/fides/api/migrations/versions/6f98e1bd7e4f_another_upstream_merge.py
rename to src/fides/api/alembic/migrations/versions/6f98e1bd7e4f_another_upstream_merge.py
diff --git a/src/fides/api/migrations/versions/732105cd54e3_update_dataset_field_name.py b/src/fides/api/alembic/migrations/versions/732105cd54e3_update_dataset_field_name.py
similarity index 100%
rename from src/fides/api/migrations/versions/732105cd54e3_update_dataset_field_name.py
rename to src/fides/api/alembic/migrations/versions/732105cd54e3_update_dataset_field_name.py
diff --git a/src/fides/api/migrations/versions/76c02f99eec1_move_system_dependencies_to_egress_and_.py b/src/fides/api/alembic/migrations/versions/76c02f99eec1_move_system_dependencies_to_egress_and_.py
similarity index 100%
rename from src/fides/api/migrations/versions/76c02f99eec1_move_system_dependencies_to_egress_and_.py
rename to src/fides/api/alembic/migrations/versions/76c02f99eec1_move_system_dependencies_to_egress_and_.py
diff --git a/src/fides/api/migrations/versions/794e5f5b76ae_merge_unified_with_ctl_and_ops.py b/src/fides/api/alembic/migrations/versions/794e5f5b76ae_merge_unified_with_ctl_and_ops.py
similarity index 100%
rename from src/fides/api/migrations/versions/794e5f5b76ae_merge_unified_with_ctl_and_ops.py
rename to src/fides/api/alembic/migrations/versions/794e5f5b76ae_merge_unified_with_ctl_and_ops.py
diff --git a/src/fides/api/migrations/versions/7a4f4042091e_manual_webhooks.py b/src/fides/api/alembic/migrations/versions/7a4f4042091e_manual_webhooks.py
similarity index 100%
rename from src/fides/api/migrations/versions/7a4f4042091e_manual_webhooks.py
rename to src/fides/api/alembic/migrations/versions/7a4f4042091e_manual_webhooks.py
diff --git a/src/fides/api/migrations/versions/7a94527643a1_add_column_for_special_category_to_data_.py b/src/fides/api/alembic/migrations/versions/7a94527643a1_add_column_for_special_category_to_data_.py
similarity index 100%
rename from src/fides/api/migrations/versions/7a94527643a1_add_column_for_special_category_to_data_.py
rename to src/fides/api/alembic/migrations/versions/7a94527643a1_add_column_for_special_category_to_data_.py
diff --git a/src/fides/api/migrations/versions/7abe778b7082_update_fideslang_data_categories.py b/src/fides/api/alembic/migrations/versions/7abe778b7082_update_fideslang_data_categories.py
similarity index 99%
rename from src/fides/api/migrations/versions/7abe778b7082_update_fideslang_data_categories.py
rename to src/fides/api/alembic/migrations/versions/7abe778b7082_update_fideslang_data_categories.py
index 1ad336aadc..16035b27c8 100644
--- a/src/fides/api/migrations/versions/7abe778b7082_update_fideslang_data_categories.py
+++ b/src/fides/api/alembic/migrations/versions/7abe778b7082_update_fideslang_data_categories.py
@@ -13,7 +13,7 @@
 
 from fides.api.db.base import DatasetConfig
 from fides.api.db.session import get_db_session
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 logger = logging.getLogger(__name__)
 
diff --git a/src/fides/api/migrations/versions/7b81d34352e8_merge_ops_and_ctl_migrations.py b/src/fides/api/alembic/migrations/versions/7b81d34352e8_merge_ops_and_ctl_migrations.py
similarity index 100%
rename from src/fides/api/migrations/versions/7b81d34352e8_merge_ops_and_ctl_migrations.py
rename to src/fides/api/alembic/migrations/versions/7b81d34352e8_merge_ops_and_ctl_migrations.py
diff --git a/src/fides/api/migrations/versions/7c851d8a102a_add_created_at_and_updated_at.py b/src/fides/api/alembic/migrations/versions/7c851d8a102a_add_created_at_and_updated_at.py
similarity index 100%
rename from src/fides/api/migrations/versions/7c851d8a102a_add_created_at_and_updated_at.py
rename to src/fides/api/alembic/migrations/versions/7c851d8a102a_add_created_at_and_updated_at.py
diff --git a/src/fides/api/migrations/versions/7e218e880eaf_remove_user_reset_password_scope.py b/src/fides/api/alembic/migrations/versions/7e218e880eaf_remove_user_reset_password_scope.py
similarity index 100%
rename from src/fides/api/migrations/versions/7e218e880eaf_remove_user_reset_password_scope.py
rename to src/fides/api/alembic/migrations/versions/7e218e880eaf_remove_user_reset_password_scope.py
diff --git a/src/fides/api/migrations/versions/7fd4601ef88b_add_is_default_column_to_storage_config.py b/src/fides/api/alembic/migrations/versions/7fd4601ef88b_add_is_default_column_to_storage_config.py
similarity index 100%
rename from src/fides/api/migrations/versions/7fd4601ef88b_add_is_default_column_to_storage_config.py
rename to src/fides/api/alembic/migrations/versions/7fd4601ef88b_add_is_default_column_to_storage_config.py
diff --git a/src/fides/api/migrations/versions/8188ddbf8cae_add_privacy_preference_table.py b/src/fides/api/alembic/migrations/versions/8188ddbf8cae_add_privacy_preference_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/8188ddbf8cae_add_privacy_preference_table.py
rename to src/fides/api/alembic/migrations/versions/8188ddbf8cae_add_privacy_preference_table.py
diff --git a/src/fides/api/migrations/versions/8342453518cc_index_preference_created_and_updated.py b/src/fides/api/alembic/migrations/versions/8342453518cc_index_preference_created_and_updated.py
similarity index 100%
rename from src/fides/api/migrations/versions/8342453518cc_index_preference_created_and_updated.py
rename to src/fides/api/alembic/migrations/versions/8342453518cc_index_preference_created_and_updated.py
diff --git a/src/fides/api/migrations/versions/8615ac51e78b_create_custom_connector_template.py b/src/fides/api/alembic/migrations/versions/8615ac51e78b_create_custom_connector_template.py
similarity index 100%
rename from src/fides/api/migrations/versions/8615ac51e78b_create_custom_connector_template.py
rename to src/fides/api/alembic/migrations/versions/8615ac51e78b_create_custom_connector_template.py
diff --git a/src/fides/api/migrations/versions/8a71872089e4_add_notice_key_to_notices.py b/src/fides/api/alembic/migrations/versions/8a71872089e4_add_notice_key_to_notices.py
similarity index 100%
rename from src/fides/api/migrations/versions/8a71872089e4_add_notice_key_to_notices.py
rename to src/fides/api/alembic/migrations/versions/8a71872089e4_add_notice_key_to_notices.py
diff --git a/src/fides/api/migrations/versions/8e198eb13802_add_sovrn_consent_connector.py b/src/fides/api/alembic/migrations/versions/8e198eb13802_add_sovrn_consent_connector.py
similarity index 100%
rename from src/fides/api/migrations/versions/8e198eb13802_add_sovrn_consent_connector.py
rename to src/fides/api/alembic/migrations/versions/8e198eb13802_add_sovrn_consent_connector.py
diff --git a/src/fides/api/migrations/versions/8f1a19465239_adds_userregistration_table.py b/src/fides/api/alembic/migrations/versions/8f1a19465239_adds_userregistration_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/8f1a19465239_adds_userregistration_table.py
rename to src/fides/api/alembic/migrations/versions/8f1a19465239_adds_userregistration_table.py
diff --git a/src/fides/api/migrations/versions/8f84fad4e00b_add_error_message_tracking.py b/src/fides/api/alembic/migrations/versions/8f84fad4e00b_add_error_message_tracking.py
similarity index 100%
rename from src/fides/api/migrations/versions/8f84fad4e00b_add_error_message_tracking.py
rename to src/fides/api/alembic/migrations/versions/8f84fad4e00b_add_error_message_tracking.py
diff --git a/src/fides/api/migrations/versions/90070db16d05_add_fidesops_user_permissions.py b/src/fides/api/alembic/migrations/versions/90070db16d05_add_fidesops_user_permissions.py
similarity index 100%
rename from src/fides/api/migrations/versions/90070db16d05_add_fidesops_user_permissions.py
rename to src/fides/api/alembic/migrations/versions/90070db16d05_add_fidesops_user_permissions.py
diff --git a/src/fides/api/migrations/versions/906d7198df28_privacy_request_approve.py b/src/fides/api/alembic/migrations/versions/906d7198df28_privacy_request_approve.py
similarity index 100%
rename from src/fides/api/migrations/versions/906d7198df28_privacy_request_approve.py
rename to src/fides/api/alembic/migrations/versions/906d7198df28_privacy_request_approve.py
diff --git a/src/fides/api/migrations/versions/912d801f06c0_audit_log_email_send.py b/src/fides/api/alembic/migrations/versions/912d801f06c0_audit_log_email_send.py
similarity index 100%
rename from src/fides/api/migrations/versions/912d801f06c0_audit_log_email_send.py
rename to src/fides/api/alembic/migrations/versions/912d801f06c0_audit_log_email_send.py
diff --git a/src/fides/api/migrations/versions/97801300fedd_identity_verification.py b/src/fides/api/alembic/migrations/versions/97801300fedd_identity_verification.py
similarity index 100%
rename from src/fides/api/migrations/versions/97801300fedd_identity_verification.py
rename to src/fides/api/alembic/migrations/versions/97801300fedd_identity_verification.py
diff --git a/src/fides/api/migrations/versions/9c6f62e4c9da_make_datasetconfig_ctl_datasets_non_nullable.py b/src/fides/api/alembic/migrations/versions/9c6f62e4c9da_make_datasetconfig_ctl_datasets_non_nullable.py
similarity index 100%
rename from src/fides/api/migrations/versions/9c6f62e4c9da_make_datasetconfig_ctl_datasets_non_nullable.py
rename to src/fides/api/alembic/migrations/versions/9c6f62e4c9da_make_datasetconfig_ctl_datasets_non_nullable.py
diff --git a/src/fides/api/migrations/versions/9f38dad37628_redo_roles_scopes_mapping.py b/src/fides/api/alembic/migrations/versions/9f38dad37628_redo_roles_scopes_mapping.py
similarity index 100%
rename from src/fides/api/migrations/versions/9f38dad37628_redo_roles_scopes_mapping.py
rename to src/fides/api/alembic/migrations/versions/9f38dad37628_redo_roles_scopes_mapping.py
diff --git a/src/fides/api/alembic/migrations/versions/__init__.py b/src/fides/api/alembic/migrations/versions/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/fides/api/migrations/versions/a08024ba7e2b_add_custom_metadata_tables.py b/src/fides/api/alembic/migrations/versions/a08024ba7e2b_add_custom_metadata_tables.py
similarity index 100%
rename from src/fides/api/migrations/versions/a08024ba7e2b_add_custom_metadata_tables.py
rename to src/fides/api/alembic/migrations/versions/a08024ba7e2b_add_custom_metadata_tables.py
diff --git a/src/fides/api/migrations/versions/a0e6feb5bdc8_add_consent.py b/src/fides/api/alembic/migrations/versions/a0e6feb5bdc8_add_consent.py
similarity index 100%
rename from src/fides/api/migrations/versions/a0e6feb5bdc8_add_consent.py
rename to src/fides/api/alembic/migrations/versions/a0e6feb5bdc8_add_consent.py
diff --git a/src/fides/api/migrations/versions/a0f219697fa0_remove_user_scopes.py b/src/fides/api/alembic/migrations/versions/a0f219697fa0_remove_user_scopes.py
similarity index 100%
rename from src/fides/api/migrations/versions/a0f219697fa0_remove_user_scopes.py
rename to src/fides/api/alembic/migrations/versions/a0f219697fa0_remove_user_scopes.py
diff --git a/src/fides/api/migrations/versions/a2b9b156ebaf_data_protection_impact_assessments_.py b/src/fides/api/alembic/migrations/versions/a2b9b156ebaf_data_protection_impact_assessments_.py
similarity index 100%
rename from src/fides/api/migrations/versions/a2b9b156ebaf_data_protection_impact_assessments_.py
rename to src/fides/api/alembic/migrations/versions/a2b9b156ebaf_data_protection_impact_assessments_.py
diff --git a/src/fides/api/migrations/versions/aaa81d97a6f6_prepend_tables_with_ctl.py b/src/fides/api/alembic/migrations/versions/aaa81d97a6f6_prepend_tables_with_ctl.py
similarity index 100%
rename from src/fides/api/migrations/versions/aaa81d97a6f6_prepend_tables_with_ctl.py
rename to src/fides/api/alembic/migrations/versions/aaa81d97a6f6_prepend_tables_with_ctl.py
diff --git a/src/fides/api/migrations/versions/adad3be6af08_privacy_notice_attributes.py b/src/fides/api/alembic/migrations/versions/adad3be6af08_privacy_notice_attributes.py
similarity index 100%
rename from src/fides/api/migrations/versions/adad3be6af08_privacy_notice_attributes.py
rename to src/fides/api/alembic/migrations/versions/adad3be6af08_privacy_notice_attributes.py
diff --git a/src/fides/api/migrations/versions/b3b68c87c4a0_add_connection_config_description.py b/src/fides/api/alembic/migrations/versions/b3b68c87c4a0_add_connection_config_description.py
similarity index 100%
rename from src/fides/api/migrations/versions/b3b68c87c4a0_add_connection_config_description.py
rename to src/fides/api/alembic/migrations/versions/b3b68c87c4a0_add_connection_config_description.py
diff --git a/src/fides/api/migrations/versions/b546ce845e6c_split_privacy_experience_table.py b/src/fides/api/alembic/migrations/versions/b546ce845e6c_split_privacy_experience_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/b546ce845e6c_split_privacy_experience_table.py
rename to src/fides/api/alembic/migrations/versions/b546ce845e6c_split_privacy_experience_table.py
diff --git a/src/fides/api/migrations/versions/b72541d79f10_add_fides_connector.py b/src/fides/api/alembic/migrations/versions/b72541d79f10_add_fides_connector.py
similarity index 100%
rename from src/fides/api/migrations/versions/b72541d79f10_add_fides_connector.py
rename to src/fides/api/alembic/migrations/versions/b72541d79f10_add_fides_connector.py
diff --git a/src/fides/api/migrations/versions/b8248ce6b8a1_add_privacy_notice_template.py b/src/fides/api/alembic/migrations/versions/b8248ce6b8a1_add_privacy_notice_template.py
similarity index 100%
rename from src/fides/api/migrations/versions/b8248ce6b8a1_add_privacy_notice_template.py
rename to src/fides/api/alembic/migrations/versions/b8248ce6b8a1_add_privacy_notice_template.py
diff --git a/src/fides/api/migrations/versions/bab75915670a_add_finished_audit_log.py b/src/fides/api/alembic/migrations/versions/bab75915670a_add_finished_audit_log.py
similarity index 100%
rename from src/fides/api/migrations/versions/bab75915670a_add_finished_audit_log.py
rename to src/fides/api/alembic/migrations/versions/bab75915670a_add_finished_audit_log.py
diff --git a/src/fides/api/migrations/versions/bde646a6f51e_add_execution_timeframe.py b/src/fides/api/alembic/migrations/versions/bde646a6f51e_add_execution_timeframe.py
similarity index 100%
rename from src/fides/api/migrations/versions/bde646a6f51e_add_execution_timeframe.py
rename to src/fides/api/alembic/migrations/versions/bde646a6f51e_add_execution_timeframe.py
diff --git a/src/fides/api/migrations/versions/be432bd23596_add_fidesctl_meta_field_to_dataset.py b/src/fides/api/alembic/migrations/versions/be432bd23596_add_fidesctl_meta_field_to_dataset.py
similarity index 100%
rename from src/fides/api/migrations/versions/be432bd23596_add_fidesctl_meta_field_to_dataset.py
rename to src/fides/api/alembic/migrations/versions/be432bd23596_add_fidesctl_meta_field_to_dataset.py
diff --git a/src/fides/api/migrations/versions/c1885270b3cc_add_html_format_for_storageconfig.py b/src/fides/api/alembic/migrations/versions/c1885270b3cc_add_html_format_for_storageconfig.py
similarity index 100%
rename from src/fides/api/migrations/versions/c1885270b3cc_add_html_format_for_storageconfig.py
rename to src/fides/api/alembic/migrations/versions/c1885270b3cc_add_html_format_for_storageconfig.py
diff --git a/src/fides/api/migrations/versions/c2f7a29c4780_email_connection_config.py b/src/fides/api/alembic/migrations/versions/c2f7a29c4780_email_connection_config.py
similarity index 100%
rename from src/fides/api/migrations/versions/c2f7a29c4780_email_connection_config.py
rename to src/fides/api/alembic/migrations/versions/c2f7a29c4780_email_connection_config.py
diff --git a/src/fides/api/migrations/versions/c3472d75c80e_connectionconfig_disabled.py b/src/fides/api/alembic/migrations/versions/c3472d75c80e_connectionconfig_disabled.py
similarity index 100%
rename from src/fides/api/migrations/versions/c3472d75c80e_connectionconfig_disabled.py
rename to src/fides/api/alembic/migrations/versions/c3472d75c80e_connectionconfig_disabled.py
diff --git a/src/fides/api/migrations/versions/c4df5d585029_data_use_unique_together.py b/src/fides/api/alembic/migrations/versions/c4df5d585029_data_use_unique_together.py
similarity index 100%
rename from src/fides/api/migrations/versions/c4df5d585029_data_use_unique_together.py
rename to src/fides/api/alembic/migrations/versions/c4df5d585029_data_use_unique_together.py
diff --git a/src/fides/api/migrations/versions/c5336b841d70_add_policy_webhooks.py b/src/fides/api/alembic/migrations/versions/c5336b841d70_add_policy_webhooks.py
similarity index 100%
rename from src/fides/api/migrations/versions/c5336b841d70_add_policy_webhooks.py
rename to src/fides/api/alembic/migrations/versions/c5336b841d70_add_policy_webhooks.py
diff --git a/src/fides/api/migrations/versions/c61fd9d4f73e_emailconfig.py b/src/fides/api/alembic/migrations/versions/c61fd9d4f73e_emailconfig.py
similarity index 100%
rename from src/fides/api/migrations/versions/c61fd9d4f73e_emailconfig.py
rename to src/fides/api/alembic/migrations/versions/c61fd9d4f73e_emailconfig.py
diff --git a/src/fides/api/migrations/versions/c7cc36820d4b_rename_user_name_tables_and_indexes.py b/src/fides/api/alembic/migrations/versions/c7cc36820d4b_rename_user_name_tables_and_indexes.py
similarity index 100%
rename from src/fides/api/migrations/versions/c7cc36820d4b_rename_user_name_tables_and_indexes.py
rename to src/fides/api/alembic/migrations/versions/c7cc36820d4b_rename_user_name_tables_and_indexes.py
diff --git a/src/fides/api/migrations/versions/c9759675b5d3_add_user_login_and_password_reset_dates.py b/src/fides/api/alembic/migrations/versions/c9759675b5d3_add_user_login_and_password_reset_dates.py
similarity index 100%
rename from src/fides/api/migrations/versions/c9759675b5d3_add_user_login_and_password_reset_dates.py
rename to src/fides/api/alembic/migrations/versions/c9759675b5d3_add_user_login_and_password_reset_dates.py
diff --git a/src/fides/api/migrations/versions/c98da12d76f8_add_audit_log.py b/src/fides/api/alembic/migrations/versions/c98da12d76f8_add_audit_log.py
similarity index 100%
rename from src/fides/api/migrations/versions/c98da12d76f8_add_audit_log.py
rename to src/fides/api/alembic/migrations/versions/c98da12d76f8_add_audit_log.py
diff --git a/src/fides/api/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py b/src/fides/api/alembic/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py
similarity index 97%
rename from src/fides/api/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py
rename to src/fides/api/alembic/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py
index 4d22b011dc..e25fec1b73 100644
--- a/src/fides/api/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py
+++ b/src/fides/api/alembic/migrations/versions/c9ee230fa6da_add_config_set_column_to_application_.py
@@ -17,7 +17,7 @@
 )
 
 from fides.api.db.base_class import JSONTypeOverride
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 # revision identifiers, used by Alembic.
 revision = "c9ee230fa6da"
diff --git a/src/fides/api/migrations/versions/cdbd0fa118dd_unified_fides_2_merger.py b/src/fides/api/alembic/migrations/versions/cdbd0fa118dd_unified_fides_2_merger.py
similarity index 100%
rename from src/fides/api/migrations/versions/cdbd0fa118dd_unified_fides_2_merger.py
rename to src/fides/api/alembic/migrations/versions/cdbd0fa118dd_unified_fides_2_merger.py
diff --git a/src/fides/api/migrations/versions/cf88efa1ad89_add_timescale_db.py b/src/fides/api/alembic/migrations/versions/cf88efa1ad89_add_timescale_db.py
similarity index 100%
rename from src/fides/api/migrations/versions/cf88efa1ad89_add_timescale_db.py
rename to src/fides/api/alembic/migrations/versions/cf88efa1ad89_add_timescale_db.py
diff --git a/src/fides/api/migrations/versions/d65bbc647083_adds_gpc_info_to_consent_table.py b/src/fides/api/alembic/migrations/versions/d65bbc647083_adds_gpc_info_to_consent_table.py
similarity index 100%
rename from src/fides/api/migrations/versions/d65bbc647083_adds_gpc_info_to_consent_table.py
rename to src/fides/api/alembic/migrations/versions/d65bbc647083_adds_gpc_info_to_consent_table.py
diff --git a/src/fides/api/migrations/versions/d65e7e921814_add_privacy_request_status.py b/src/fides/api/alembic/migrations/versions/d65e7e921814_add_privacy_request_status.py
similarity index 100%
rename from src/fides/api/migrations/versions/d65e7e921814_add_privacy_request_status.py
rename to src/fides/api/alembic/migrations/versions/d65e7e921814_add_privacy_request_status.py
diff --git a/src/fides/api/migrations/versions/d6c6c6555c86_remove_datasetconfig_dataset.py b/src/fides/api/alembic/migrations/versions/d6c6c6555c86_remove_datasetconfig_dataset.py
similarity index 100%
rename from src/fides/api/migrations/versions/d6c6c6555c86_remove_datasetconfig_dataset.py
rename to src/fides/api/alembic/migrations/versions/d6c6c6555c86_remove_datasetconfig_dataset.py
diff --git a/src/fides/api/migrations/versions/d8df7ff7aab4_add_due_date.py b/src/fides/api/alembic/migrations/versions/d8df7ff7aab4_add_due_date.py
similarity index 100%
rename from src/fides/api/migrations/versions/d8df7ff7aab4_add_due_date.py
rename to src/fides/api/alembic/migrations/versions/d8df7ff7aab4_add_due_date.py
diff --git a/src/fides/api/migrations/versions/d8f8bd52754f_add_tags_as_part_of_fideslang_1_1_0.py b/src/fides/api/alembic/migrations/versions/d8f8bd52754f_add_tags_as_part_of_fideslang_1_1_0.py
similarity index 100%
rename from src/fides/api/migrations/versions/d8f8bd52754f_add_tags_as_part_of_fideslang_1_1_0.py
rename to src/fides/api/alembic/migrations/versions/d8f8bd52754f_add_tags_as_part_of_fideslang_1_1_0.py
diff --git a/src/fides/api/migrations/versions/de456534dbda_add_privacyrequest_consent_preferences_.py b/src/fides/api/alembic/migrations/versions/de456534dbda_add_privacyrequest_consent_preferences_.py
similarity index 100%
rename from src/fides/api/migrations/versions/de456534dbda_add_privacyrequest_consent_preferences_.py
rename to src/fides/api/alembic/migrations/versions/de456534dbda_add_privacyrequest_consent_preferences_.py
diff --git a/src/fides/api/migrations/versions/deb97d9393f3_remove_delivery_mechanism.py b/src/fides/api/alembic/migrations/versions/deb97d9393f3_remove_delivery_mechanism.py
similarity index 100%
rename from src/fides/api/migrations/versions/deb97d9393f3_remove_delivery_mechanism.py
rename to src/fides/api/alembic/migrations/versions/deb97d9393f3_remove_delivery_mechanism.py
diff --git a/src/fides/api/migrations/versions/e55a51b354e3_add_bigquery.py b/src/fides/api/alembic/migrations/versions/e55a51b354e3_add_bigquery.py
similarity index 100%
rename from src/fides/api/migrations/versions/e55a51b354e3_add_bigquery.py
rename to src/fides/api/alembic/migrations/versions/e55a51b354e3_add_bigquery.py
diff --git a/src/fides/api/migrations/versions/e576b6a80a49_add_parent_key_to_dataqualifier.py b/src/fides/api/alembic/migrations/versions/e576b6a80a49_add_parent_key_to_dataqualifier.py
similarity index 100%
rename from src/fides/api/migrations/versions/e576b6a80a49_add_parent_key_to_dataqualifier.py
rename to src/fides/api/alembic/migrations/versions/e576b6a80a49_add_parent_key_to_dataqualifier.py
diff --git a/src/fides/api/migrations/versions/e798f37f0c26_add_enabled_actions_to_connectionconfig.py b/src/fides/api/alembic/migrations/versions/e798f37f0c26_add_enabled_actions_to_connectionconfig.py
similarity index 100%
rename from src/fides/api/migrations/versions/e798f37f0c26_add_enabled_actions_to_connectionconfig.py
rename to src/fides/api/alembic/migrations/versions/e798f37f0c26_add_enabled_actions_to_connectionconfig.py
diff --git a/src/fides/api/migrations/versions/e92da354691e_privacy_experiences.py b/src/fides/api/alembic/migrations/versions/e92da354691e_privacy_experiences.py
similarity index 100%
rename from src/fides/api/migrations/versions/e92da354691e_privacy_experiences.py
rename to src/fides/api/alembic/migrations/versions/e92da354691e_privacy_experiences.py
diff --git a/src/fides/api/migrations/versions/eb1e6ec39b83_add_role_based_permissions.py b/src/fides/api/alembic/migrations/versions/eb1e6ec39b83_add_role_based_permissions.py
similarity index 100%
rename from src/fides/api/migrations/versions/eb1e6ec39b83_add_role_based_permissions.py
rename to src/fides/api/alembic/migrations/versions/eb1e6ec39b83_add_role_based_permissions.py
diff --git a/src/fides/api/migrations/versions/ed1b00ff963d_cancel_privacy_request.py b/src/fides/api/alembic/migrations/versions/ed1b00ff963d_cancel_privacy_request.py
similarity index 100%
rename from src/fides/api/migrations/versions/ed1b00ff963d_cancel_privacy_request.py
rename to src/fides/api/alembic/migrations/versions/ed1b00ff963d_cancel_privacy_request.py
diff --git a/src/fides/api/migrations/versions/ed46521679fb_add_generic_email_connector_types.py b/src/fides/api/alembic/migrations/versions/ed46521679fb_add_generic_email_connector_types.py
similarity index 100%
rename from src/fides/api/migrations/versions/ed46521679fb_add_generic_email_connector_types.py
rename to src/fides/api/alembic/migrations/versions/ed46521679fb_add_generic_email_connector_types.py
diff --git a/src/fides/api/migrations/versions/edcd28ede1f7_add_fidesctl_meta_to_system.py b/src/fides/api/alembic/migrations/versions/edcd28ede1f7_add_fidesctl_meta_to_system.py
similarity index 100%
rename from src/fides/api/migrations/versions/edcd28ede1f7_add_fidesctl_meta_to_system.py
rename to src/fides/api/alembic/migrations/versions/edcd28ede1f7_add_fidesctl_meta_to_system.py
diff --git a/src/fides/api/migrations/versions/f131a1263a10_add_is_default_to_taxonomy_fields.py b/src/fides/api/alembic/migrations/versions/f131a1263a10_add_is_default_to_taxonomy_fields.py
similarity index 100%
rename from src/fides/api/migrations/versions/f131a1263a10_add_is_default_to_taxonomy_fields.py
rename to src/fides/api/alembic/migrations/versions/f131a1263a10_add_is_default_to_taxonomy_fields.py
diff --git a/src/fides/api/migrations/versions/f206d4e7574d_add_redshift_and_snowflake_support.py b/src/fides/api/alembic/migrations/versions/f206d4e7574d_add_redshift_and_snowflake_support.py
similarity index 100%
rename from src/fides/api/migrations/versions/f206d4e7574d_add_redshift_and_snowflake_support.py
rename to src/fides/api/alembic/migrations/versions/f206d4e7574d_add_redshift_and_snowflake_support.py
diff --git a/src/fides/api/migrations/versions/f3841942d90c_add_mssql.py b/src/fides/api/alembic/migrations/versions/f3841942d90c_add_mssql.py
similarity index 100%
rename from src/fides/api/migrations/versions/f3841942d90c_add_mssql.py
rename to src/fides/api/alembic/migrations/versions/f3841942d90c_add_mssql.py
diff --git a/src/fides/api/migrations/versions/f53e04e5b7f5_merge_heads.py b/src/fides/api/alembic/migrations/versions/f53e04e5b7f5_merge_heads.py
similarity index 100%
rename from src/fides/api/migrations/versions/f53e04e5b7f5_merge_heads.py
rename to src/fides/api/alembic/migrations/versions/f53e04e5b7f5_merge_heads.py
diff --git a/src/fides/api/migrations/versions/fb6b0150d6e4_final_unified_ctl_merge.py b/src/fides/api/alembic/migrations/versions/fb6b0150d6e4_final_unified_ctl_merge.py
similarity index 100%
rename from src/fides/api/migrations/versions/fb6b0150d6e4_final_unified_ctl_merge.py
rename to src/fides/api/alembic/migrations/versions/fb6b0150d6e4_final_unified_ctl_merge.py
diff --git a/src/fides/api/migrations/versions/fc04e3e637c0_add_dynamodb_to_connector_list.py b/src/fides/api/alembic/migrations/versions/fc04e3e637c0_add_dynamodb_to_connector_list.py
similarity index 100%
rename from src/fides/api/migrations/versions/fc04e3e637c0_add_dynamodb_to_connector_list.py
rename to src/fides/api/alembic/migrations/versions/fc04e3e637c0_add_dynamodb_to_connector_list.py
diff --git a/src/fides/api/migrations/versions/fc90277bbcde_populate_saas_type_to_saas_config.py b/src/fides/api/alembic/migrations/versions/fc90277bbcde_populate_saas_type_to_saas_config.py
similarity index 100%
rename from src/fides/api/migrations/versions/fc90277bbcde_populate_saas_type_to_saas_config.py
rename to src/fides/api/alembic/migrations/versions/fc90277bbcde_populate_saas_type_to_saas_config.py
diff --git a/src/fides/api/migrations/versions/fdd28c39a679_add_responsibility_role_attribute_for_.py b/src/fides/api/alembic/migrations/versions/fdd28c39a679_add_responsibility_role_attribute_for_.py
similarity index 100%
rename from src/fides/api/migrations/versions/fdd28c39a679_add_responsibility_role_attribute_for_.py
rename to src/fides/api/alembic/migrations/versions/fdd28c39a679_add_responsibility_role_attribute_for_.py
diff --git a/src/fides/api/migrations/versions/ff782b0dc07e_add_replaceable_field_to_custom_connector_template.py b/src/fides/api/alembic/migrations/versions/ff782b0dc07e_add_replaceable_field_to_custom_connector_template.py
similarity index 100%
rename from src/fides/api/migrations/versions/ff782b0dc07e_add_replaceable_field_to_custom_connector_template.py
rename to src/fides/api/alembic/migrations/versions/ff782b0dc07e_add_replaceable_field_to_custom_connector_template.py
diff --git a/src/fides/api/analytics.py b/src/fides/api/analytics.py
index eaa51cc585..3b45146ccc 100644
--- a/src/fides/api/analytics.py
+++ b/src/fides/api/analytics.py
@@ -9,7 +9,7 @@
 
 from fides import __version__ as fides_version
 from fides.api.models.registration import UserRegistration
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 def in_docker_container() -> bool:
diff --git a/src/fides/api/api/deps.py b/src/fides/api/api/deps.py
index b2ff9deb8f..1cdbc04070 100644
--- a/src/fides/api/api/deps.py
+++ b/src/fides/api/api/deps.py
@@ -6,9 +6,9 @@
 from fides.api.common_exceptions import FunctionalityNotConfigured
 from fides.api.db.session import get_db_engine, get_db_session
 from fides.api.util.cache import get_cache as get_redis_connection
-from fides.core.config import CONFIG, FidesConfig
-from fides.core.config import get_config as get_app_config
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG, FidesConfig
+from fides.config import get_config as get_app_config
+from fides.config.config_proxy import ConfigProxy
 
 _engine = None
 
diff --git a/src/fides/api/api/v1/endpoints/admin.py b/src/fides/api/api/v1/endpoints/admin.py
index 22510ebf93..3fc5b69def 100644
--- a/src/fides/api/api/v1/endpoints/admin.py
+++ b/src/fides/api/api/v1/endpoints/admin.py
@@ -3,13 +3,13 @@
 
 from fastapi import Security
 
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1.endpoints import API_PREFIX
 from fides.api.db.database import configure_db, reset_db
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.util import errors
 from fides.api.util.api_router import APIRouter
-from fides.core.config import CONFIG
+from fides.common.api import scope_registry
+from fides.config import CONFIG
 
 ADMIN_ROUTER = APIRouter(prefix=API_PREFIX, tags=["Admin"])
 
diff --git a/src/fides/api/api/v1/endpoints/config_endpoints.py b/src/fides/api/api/v1/endpoints/config_endpoints.py
index a4234b7386..00204470a5 100644
--- a/src/fides/api/api/v1/endpoints/config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/config_endpoints.py
@@ -7,7 +7,6 @@
 from starlette.status import HTTP_200_OK
 
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.oauth.utils import verify_oauth_client
@@ -15,8 +14,9 @@
     ApplicationConfig as ApplicationConfigSchema,
 )
 from fides.api.util.api_router import APIRouter
-from fides.core.config import censor_config
-from fides.core.config import get_config as get_app_config
+from fides.common.api import scope_registry as scopes
+from fides.config import censor_config
+from fides.config import get_config as get_app_config
 
 router = APIRouter(tags=["Config"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/connection_endpoints.py b/src/fides/api/api/v1/endpoints/connection_endpoints.py
index 07b482cbf9..c0e472b960 100644
--- a/src/fides/api/api/v1/endpoints/connection_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_endpoints.py
@@ -16,11 +16,6 @@
 from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_CREATE_OR_UPDATE,
-    CONNECTION_DELETE,
-    CONNECTION_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CONNECTION_BY_KEY,
     CONNECTION_SECRETS,
@@ -58,6 +53,11 @@
     validate_secrets,
 )
 from fides.api.util.logger import Pii
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_DELETE,
+    CONNECTION_READ,
+)
 
 router = APIRouter(tags=["Connections"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
index b14d993608..2960643971 100644
--- a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
@@ -6,7 +6,6 @@
 from fastapi_pagination.bases import AbstractPage
 from starlette.status import HTTP_404_NOT_FOUND
 
-from fides.api.api.v1.scope_registry import CONNECTION_TYPE_READ
 from fides.api.api.v1.urn_registry import (
     CONNECTION_TYPE_SECRETS,
     CONNECTION_TYPES,
@@ -24,6 +23,7 @@
     connection_type_secret_schema,
     get_connection_types,
 )
+from fides.common.api.scope_registry import CONNECTION_TYPE_READ
 
 router = APIRouter(tags=["Connection Types"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/consent_request_endpoints.py b/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
index 9d45e0012b..4f3a0899b1 100644
--- a/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
@@ -27,7 +27,6 @@
     create_privacy_request_func,
 )
 from fides.api.api.v1.endpoints.utils import validate_start_and_end_filters
-from fides.api.api.v1.scope_registry import CONSENT_READ
 from fides.api.api.v1.urn_registry import (
     CONSENT_REQUEST,
     CONSENT_REQUEST_PREFERENCES,
@@ -68,8 +67,9 @@
     get_or_create_fides_user_device_id_provided_identity,
 )
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import CONSENT_READ
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Consent"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/dataset_endpoints.py b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
index 6421e8cd7c..70f2aa9076 100644
--- a/src/fides/api/api/v1/endpoints/dataset_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
@@ -24,11 +24,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.scope_registry import (
-    DATASET_CREATE_OR_UPDATE,
-    DATASET_DELETE,
-    DATASET_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CONNECTION_DATASETS,
     DATASET_BY_KEY,
@@ -52,7 +47,9 @@
     convert_dataset_to_graph,
     to_graph_field,
 )
-from fides.api.models.sql_models import Dataset as CtlDataset  # type: ignore[attr-defined]
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    Dataset as CtlDataset,
+)
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.api import BulkUpdateFailed
 from fides.api.schemas.dataset import (
@@ -66,6 +63,11 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.data_category import get_data_categories_from_db
 from fides.api.util.saas_util import merge_datasets
+from fides.common.api.scope_registry import (
+    DATASET_CREATE_OR_UPDATE,
+    DATASET_DELETE,
+    DATASET_READ,
+)
 
 X_YAML = "application/x-yaml"
 
diff --git a/src/fides/api/api/v1/endpoints/drp_endpoints.py b/src/fides/api/api/v1/endpoints/drp_endpoints.py
index 9392eba550..697d1306c2 100644
--- a/src/fides/api/api/v1/endpoints/drp_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/drp_endpoints.py
@@ -15,7 +15,6 @@
 
 from fides.api import common_exceptions
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.privacy_request_endpoints import (
     get_privacy_request_or_error,
@@ -47,8 +46,9 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.cache import FidesopsRedis
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api import scope_registry as scopes
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["DRP"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/encryption_endpoints.py b/src/fides/api/api/v1/endpoints/encryption_endpoints.py
index ca3b7d33af..a89369ebc2 100644
--- a/src/fides/api/api/v1/endpoints/encryption_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/encryption_endpoints.py
@@ -3,7 +3,6 @@
 from fastapi import Security
 from loguru import logger
 
-from fides.api.api.v1.scope_registry import ENCRYPTION_EXEC
 from fides.api.api.v1.urn_registry import (
     DECRYPT_AES,
     ENCRYPT_AES,
@@ -26,7 +25,8 @@
 from fides.api.util.encryption.aes_gcm_encryption_scheme import (
     encrypt_verify_secret_length as aes_gcm_encrypt,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import ENCRYPTION_EXEC
+from fides.config import CONFIG
 
 router = APIRouter(tags=["Encryption"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/generate.py b/src/fides/api/api/v1/endpoints/generate.py
index 139dbd4023..14faead34b 100644
--- a/src/fides/api/api/v1/endpoints/generate.py
+++ b/src/fides/api/api/v1/endpoints/generate.py
@@ -10,13 +10,13 @@
 from pydantic import BaseModel, root_validator
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1.endpoints import API_PREFIX
 from fides.api.db.crud import get_resource
 from fides.api.db.ctl_session import get_async_db
 from fides.api.models.sql_models import sql_model_map  # type: ignore[attr-defined]
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.util.api_router import APIRouter
+from fides.common.api import scope_registry
 from fides.connectors.models import (
     AWSConfig,
     BigQueryConfig,
diff --git a/src/fides/api/api/v1/endpoints/health.py b/src/fides/api/api/v1/endpoints/health.py
index 2f40f578ab..8bd70c15b4 100644
--- a/src/fides/api/api/v1/endpoints/health.py
+++ b/src/fides/api/api/v1/endpoints/health.py
@@ -14,7 +14,7 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.cache import get_cache
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 CacheHealth = Literal["healthy", "unhealthy", "no cache configured"]
 HEALTH_ROUTER = APIRouter(tags=["Health"])
diff --git a/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py b/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
index 57be4c0bf2..5f141cfa5d 100644
--- a/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
@@ -8,7 +8,7 @@
 from fides.api.models.messaging import MessagingConfig
 from fides.api.schemas.identity_verification import IdentityVerificationConfigResponse
 from fides.api.util.api_router import APIRouter
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Identity Verification"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py b/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
index 87254e463d..48ec0036cb 100644
--- a/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
@@ -16,11 +16,6 @@
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.dataset_endpoints import _get_connection_config
-from fides.api.api.v1.scope_registry import (
-    WEBHOOK_CREATE_OR_UPDATE,
-    WEBHOOK_DELETE,
-    WEBHOOK_READ,
-)
 from fides.api.api.v1.urn_registry import (
     ACCESS_MANUAL_WEBHOOK,
     ACCESS_MANUAL_WEBHOOKS,
@@ -35,6 +30,11 @@
 )
 from fides.api.util.api_router import APIRouter
 from fides.api.util.logger import Pii
+from fides.common.api.scope_registry import (
+    WEBHOOK_CREATE_OR_UPDATE,
+    WEBHOOK_DELETE,
+    WEBHOOK_READ,
+)
 
 router = APIRouter(tags=["Manual Webhooks"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/masking_endpoints.py b/src/fides/api/api/v1/endpoints/masking_endpoints.py
index 46f3a236f4..d57f155c2c 100644
--- a/src/fides/api/api/v1/endpoints/masking_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/masking_endpoints.py
@@ -4,7 +4,6 @@
 from loguru import logger
 from starlette.status import HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
-from fides.api.api.v1.scope_registry import MASKING_EXEC, MASKING_READ
 from fides.api.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 from fides.api.common_exceptions import NoSuchStrategyException, ValidationError
 from fides.api.oauth.utils import verify_oauth_client_prod
@@ -15,6 +14,7 @@
 from fides.api.schemas.policy import PolicyMaskingSpec
 from fides.api.service.masking.strategy.masking_strategy import MaskingStrategy
 from fides.api.util.api_router import APIRouter
+from fides.common.api.scope_registry import MASKING_EXEC, MASKING_READ
 
 router = APIRouter(tags=["Masking"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/messaging_endpoints.py b/src/fides/api/api/v1/endpoints/messaging_endpoints.py
index b8215c5837..60459c454c 100644
--- a/src/fides/api/api/v1/endpoints/messaging_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/messaging_endpoints.py
@@ -18,11 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.scope_registry import (
-    MESSAGING_CREATE_OR_UPDATE,
-    MESSAGING_DELETE,
-    MESSAGING_READ,
-)
 from fides.api.api.v1.urn_registry import (
     MESSAGING_ACTIVE_DEFAULT,
     MESSAGING_BY_KEY,
@@ -69,7 +64,12 @@
 )
 from fides.api.util.api_router import APIRouter
 from fides.api.util.logger import Pii
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import (
+    MESSAGING_CREATE_OR_UPDATE,
+    MESSAGING_DELETE,
+    MESSAGING_READ,
+)
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Messaging"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/oauth_endpoints.py b/src/fides/api/api/v1/endpoints/oauth_endpoints.py
index c7810e241d..5eeeac3b9c 100644
--- a/src/fides/api/api/v1/endpoints/oauth_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/oauth_endpoints.py
@@ -14,15 +14,6 @@
 from fides.api.api.v1.endpoints.saas_config_endpoints import (
     verify_oauth_connection_config,
 )
-from fides.api.api.v1.scope_registry import (
-    CLIENT_CREATE,
-    CLIENT_DELETE,
-    CLIENT_READ,
-    CLIENT_UPDATE,
-    SCOPE_READ,
-    SCOPE_REGISTRY,
-    ScopeRegistryEnum,
-)
 from fides.api.api.v1.urn_registry import (
     CLIENT,
     CLIENT_BY_ID,
@@ -52,7 +43,16 @@
     OAuth2AuthorizationCodeAuthenticationStrategy,
 )
 from fides.api.util.api_router import APIRouter
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    CLIENT_CREATE,
+    CLIENT_DELETE,
+    CLIENT_READ,
+    CLIENT_UPDATE,
+    SCOPE_READ,
+    SCOPE_REGISTRY,
+    ScopeRegistryEnum,
+)
+from fides.config import CONFIG
 
 router = APIRouter(tags=["OAuth"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/policy_endpoints.py b/src/fides/api/api/v1/endpoints/policy_endpoints.py
index ffa187c35e..d97a6ef5af 100644
--- a/src/fides/api/api/v1/endpoints/policy_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/policy_endpoints.py
@@ -18,7 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.common_exceptions import (
     DataCategoryNotSupported,
@@ -38,6 +37,7 @@
 from fides.api.schemas.policy import ActionType
 from fides.api.util.api_router import APIRouter
 from fides.api.util.logger import Pii
+from fides.common.api import scope_registry
 
 router = APIRouter(tags=["DSR Policy"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
index 84919f3f80..9829837e71 100644
--- a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
@@ -12,7 +12,6 @@
 from starlette.status import HTTP_200_OK, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.connection_endpoints import (
     get_connection_config_or_error,
@@ -30,6 +29,7 @@
 from fides.api.schemas import policy_webhooks as schemas
 from fides.api.schemas.policy_webhooks import PolicyWebhookDeleteResponse
 from fides.api.util.api_router import APIRouter
+from fides.common.api import scope_registry as scopes
 
 router = APIRouter(tags=["DSR Policy Webhooks"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
index 9da4fbaadb..4ba42b8aa4 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
@@ -16,10 +16,8 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.utils import human_friendly_list, transform_fields
-from fides.api.api.v1.scope_registry import PRIVACY_EXPERIENCE_UPDATE
 from fides.api.models.privacy_experience import (
     ComponentType,
     PrivacyExperience,
@@ -39,6 +37,8 @@
     PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
     UNESCAPE_SAFESTR_HEADER,
 )
+from fides.common.api import scope_registry
+from fides.common.api.scope_registry import PRIVACY_EXPERIENCE_UPDATE
 
 router = APIRouter(tags=["Privacy Experience Config"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
index f4d59ce336..1afacfedfb 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
@@ -32,7 +32,7 @@
     UNESCAPE_SAFESTR_HEADER,
     get_fides_user_device_id_provided_identity,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 router = APIRouter(tags=["Privacy Experience"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
index 753e8c9f3e..596181f586 100644
--- a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
@@ -15,7 +15,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.utils import transform_fields
 from fides.api.common_exceptions import ValidationError
@@ -35,6 +34,7 @@
     prepare_privacy_notice_patches,
     validate_notice_data_uses,
 )
+from fides.common.api import scope_registry
 
 router = APIRouter(tags=["Privacy Notice"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
index 50f0373bbf..cdf8344a21 100644
--- a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
@@ -23,10 +23,6 @@
     fides_limiter,
     validate_start_and_end_filters,
 )
-from fides.api.api.v1.scope_registry import (
-    CURRENT_PRIVACY_PREFERENCE_READ,
-    PRIVACY_PREFERENCE_HISTORY_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
@@ -67,8 +63,12 @@
 from fides.api.util.consent_util import (
     get_or_create_fides_user_device_id_provided_identity,
 )
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import (
+    CURRENT_PRIVACY_PREFERENCE_READ,
+    PRIVACY_PREFERENCE_HISTORY_READ,
+)
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Privacy Preference"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
index f7f770aefa..f707702c33 100644
--- a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
@@ -35,17 +35,6 @@
     get_access_manual_webhook_or_404,
 )
 from fides.api.api.v1.endpoints.utils import validate_start_and_end_filters
-from fides.api.api.v1.scope_registry import (
-    PRIVACY_REQUEST_CALLBACK_RESUME,
-    PRIVACY_REQUEST_CREATE,
-    PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE,
-    PRIVACY_REQUEST_NOTIFICATIONS_READ,
-    PRIVACY_REQUEST_READ,
-    PRIVACY_REQUEST_REVIEW,
-    PRIVACY_REQUEST_TRANSFER,
-    PRIVACY_REQUEST_UPLOAD_DATA,
-    PRIVACY_REQUEST_VIEW_DATA,
-)
 from fides.api.api.v1.urn_registry import (
     PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
     PRIVACY_REQUEST_APPROVE,
@@ -142,8 +131,19 @@
 from fides.api.util.collection_util import Row
 from fides.api.util.enums import ColumnSort
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import (
+    PRIVACY_REQUEST_CALLBACK_RESUME,
+    PRIVACY_REQUEST_CREATE,
+    PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE,
+    PRIVACY_REQUEST_NOTIFICATIONS_READ,
+    PRIVACY_REQUEST_READ,
+    PRIVACY_REQUEST_REVIEW,
+    PRIVACY_REQUEST_TRANSFER,
+    PRIVACY_REQUEST_UPLOAD_DATA,
+    PRIVACY_REQUEST_VIEW_DATA,
+)
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Privacy Requests"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/router_factory.py b/src/fides/api/api/v1/endpoints/router_factory.py
index 619b5de454..ced90ef5ec 100644
--- a/src/fides/api/api/v1/endpoints/router_factory.py
+++ b/src/fides/api/api/v1/endpoints/router_factory.py
@@ -21,7 +21,6 @@
     forbid_if_editing_any_is_default,
     forbid_if_editing_is_default,
 )
-from fides.api.api.v1.scope_registry import CREATE, DELETE, READ, UPDATE
 from fides.api.db.crud import (
     create_resource,
     delete_resource,
@@ -40,6 +39,7 @@
 from fides.api.schemas.dataset import validate_data_categories_against_db
 from fides.api.util import errors
 from fides.api.util.api_router import APIRouter
+from fides.common.api.scope_registry import CREATE, DELETE, READ, UPDATE
 
 
 async def get_data_categories_from_db(async_session: AsyncSession) -> List[FidesKey]:
diff --git a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
index 1f623befc2..385bf0dd8a 100644
--- a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
@@ -18,14 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_AUTHORIZE,
-    CONNECTOR_TEMPLATE_REGISTER,
-    SAAS_CONFIG_CREATE_OR_UPDATE,
-    SAAS_CONFIG_DELETE,
-    SAAS_CONFIG_READ,
-    SAAS_CONNECTION_INSTANTIATE,
-)
 from fides.api.api.v1.urn_registry import (
     AUTHORIZE,
     CONNECTION_TYPES,
@@ -64,6 +56,14 @@
 )
 from fides.api.util.api_router import APIRouter
 from fides.api.util.connection_util import validate_secrets
+from fides.common.api.scope_registry import (
+    CONNECTION_AUTHORIZE,
+    CONNECTOR_TEMPLATE_REGISTER,
+    SAAS_CONFIG_CREATE_OR_UPDATE,
+    SAAS_CONFIG_DELETE,
+    SAAS_CONFIG_READ,
+    SAAS_CONNECTION_INSTANTIATE,
+)
 
 router = APIRouter(tags=["SaaS Configs"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/storage_endpoints.py b/src/fides/api/api/v1/endpoints/storage_endpoints.py
index 5a6c728812..2b2f76d47d 100644
--- a/src/fides/api/api/v1/endpoints/storage_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/storage_endpoints.py
@@ -21,11 +21,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.scope_registry import (
-    STORAGE_CREATE_OR_UPDATE,
-    STORAGE_DELETE,
-    STORAGE_READ,
-)
 from fides.api.api.v1.urn_registry import (
     STORAGE_ACTIVE_DEFAULT,
     STORAGE_BY_KEY,
@@ -71,6 +66,11 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.logger import Pii
 from fides.api.util.storage_util import get_schema_for_secrets
+from fides.common.api.scope_registry import (
+    STORAGE_CREATE_OR_UPDATE,
+    STORAGE_DELETE,
+    STORAGE_READ,
+)
 
 router = APIRouter(tags=["Storage"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/system.py b/src/fides/api/api/v1/endpoints/system.py
index a1e3c8d0e2..cd8fbe7823 100644
--- a/src/fides/api/api/v1/endpoints/system.py
+++ b/src/fides/api/api/v1/endpoints/system.py
@@ -13,15 +13,6 @@
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.saas_config_endpoints import instantiate_connection
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_CREATE_OR_UPDATE,
-    CONNECTION_READ,
-    SAAS_CONNECTION_INSTANTIATE,
-    SYSTEM_CREATE,
-    SYSTEM_DELETE,
-    SYSTEM_READ,
-    SYSTEM_UPDATE,
-)
 from fides.api.api.v1.urn_registry import (
     INSTANTIATE_SYSTEM_CONNECTION,
     SYSTEM_CONNECTIONS,
@@ -57,6 +48,15 @@
     verify_oauth_client_for_system_from_fides_key_cli,
     verify_oauth_client_for_system_from_request_body_cli,
 )
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_READ,
+    SAAS_CONNECTION_INSTANTIATE,
+    SYSTEM_CREATE,
+    SYSTEM_DELETE,
+    SYSTEM_READ,
+    SYSTEM_UPDATE,
+)
 
 SYSTEM_ROUTER = APIRouter(tags=["System"], prefix=f"{V1_URL_PREFIX}/system")
 SYSTEM_CONNECTIONS_ROUTER = APIRouter(
diff --git a/src/fides/api/api/v1/endpoints/user_endpoints.py b/src/fides/api/api/v1/endpoints/user_endpoints.py
index a0b014c86b..ce341f0bc1 100644
--- a/src/fides/api/api/v1/endpoints/user_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/user_endpoints.py
@@ -26,17 +26,6 @@
 from fides.api.api.deps import get_db
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.user_permission_endpoints import validate_user_id
-from fides.api.api.v1.scope_registry import (
-    SCOPE_REGISTRY,
-    SYSTEM_MANAGER_DELETE,
-    SYSTEM_MANAGER_READ,
-    SYSTEM_MANAGER_UPDATE,
-    USER_CREATE,
-    USER_DELETE,
-    USER_PASSWORD_RESET,
-    USER_READ,
-    USER_UPDATE,
-)
 from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.common_exceptions import AuthenticationError, AuthorizationError
 from fides.api.cryptography.cryptographic_util import b64_str_to_str
@@ -64,7 +53,18 @@
     UserUpdate,
 )
 from fides.api.util.api_router import APIRouter
-from fides.core.config import CONFIG, FidesConfig, get_config
+from fides.common.api.scope_registry import (
+    SCOPE_REGISTRY,
+    SYSTEM_MANAGER_DELETE,
+    SYSTEM_MANAGER_READ,
+    SYSTEM_MANAGER_UPDATE,
+    USER_CREATE,
+    USER_DELETE,
+    USER_PASSWORD_RESET,
+    USER_READ,
+    USER_UPDATE,
+)
+from fides.config import CONFIG, FidesConfig, get_config
 
 router = APIRouter(tags=["Users"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/user_permission_endpoints.py b/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
index d6da1e1530..6e21c39590 100644
--- a/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
@@ -8,12 +8,6 @@
 
 from fides.api.api import deps
 from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.scope_registry import (
-    USER_PERMISSION_ASSIGN_OWNERS,
-    USER_PERMISSION_CREATE,
-    USER_PERMISSION_READ,
-    USER_PERMISSION_UPDATE,
-)
 from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.fides_user_permissions import FidesUserPermissions
@@ -25,7 +19,13 @@
     UserPermissionsResponse,
 )
 from fides.api.util.api_router import APIRouter
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    USER_PERMISSION_ASSIGN_OWNERS,
+    USER_PERMISSION_CREATE,
+    USER_PERMISSION_READ,
+    USER_PERMISSION_UPDATE,
+)
+from fides.config import CONFIG
 
 router = APIRouter(tags=["User Permissions"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/utils.py b/src/fides/api/api/v1/endpoints/utils.py
index 3b37d3fdd6..ed5bc6da6a 100644
--- a/src/fides/api/api/v1/endpoints/utils.py
+++ b/src/fides/api/api/v1/endpoints/utils.py
@@ -10,7 +10,13 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from starlette.status import HTTP_400_BAD_REQUEST
 
-from fides.api.api.v1.scope_registry import (
+from fides.api.db.base import Base  # type: ignore[attr-defined]
+from fides.api.db.crud import get_resource, list_resource
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    models_with_default_field,
+)
+from fides.api.util import errors
+from fides.common.api.scope_registry import (
     CTL_DATASET,
     CTL_POLICY,
     DATA_CATEGORY,
@@ -22,13 +28,7 @@
     REGISTRY,
     SYSTEM,
 )
-from fides.api.db.base import Base  # type: ignore[attr-defined]
-from fides.api.db.crud import get_resource, list_resource
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
-    models_with_default_field,
-)
-from fides.api.util import errors
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 API_PREFIX = "/api/v1"
 # Map the ctl model type to the scope prefix.
diff --git a/src/fides/api/api/v1/endpoints/validate.py b/src/fides/api/api/v1/endpoints/validate.py
index 390b396783..297b1d64d6 100644
--- a/src/fides/api/api/v1/endpoints/validate.py
+++ b/src/fides/api/api/v1/endpoints/validate.py
@@ -7,10 +7,10 @@
 from fastapi import Response, Security, status
 from pydantic import BaseModel
 
-from fides.api.api.v1 import scope_registry
 from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.util.api_router import APIRouter
+from fides.common.api import scope_registry
 from fides.connectors.models import (
     AWSConfig,
     BigQueryConfig,
diff --git a/src/fides/api/api/v1/endpoints/view.py b/src/fides/api/api/v1/endpoints/view.py
index ae2d7e13c3..a9b873a47b 100644
--- a/src/fides/api/api/v1/endpoints/view.py
+++ b/src/fides/api/api/v1/endpoints/view.py
@@ -5,12 +5,12 @@
 from fastapi.responses import HTMLResponse
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from fides.api.api.v1 import scope_registry
 from fides.api.db.crud import list_resource
 from fides.api.db.ctl_session import get_async_db
 from fides.api.models.sql_models import Evaluation  # type: ignore[attr-defined]
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.util.api_router import APIRouter
+from fides.common.api import scope_registry
 
 router = APIRouter(
     tags=["View"],
diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index 655b88423b..3d1e222247 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -43,7 +43,7 @@
     verify_oauth_client_for_system_from_fides_key_cli,
     verify_oauth_client_for_system_from_request_body_cli,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 VERSION = fides.__version__
 
diff --git a/src/fides/api/common_exceptions.py b/src/fides/api/common_exceptions.py
index 3f1e1bfff7..c12d52946f 100644
--- a/src/fides/api/common_exceptions.py
+++ b/src/fides/api/common_exceptions.py
@@ -9,7 +9,7 @@
     HTTP_404_NOT_FOUND,
 )
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY as SCOPES
+from fides.common.api.scope_registry import SCOPE_REGISTRY as SCOPES
 
 
 class FidesopsException(Exception):
diff --git a/src/fides/api/db/ctl_session.py b/src/fides/api/db/ctl_session.py
index babe2df06d..017f09d118 100644
--- a/src/fides/api/db/ctl_session.py
+++ b/src/fides/api/db/ctl_session.py
@@ -6,7 +6,7 @@
 from sqlalchemy.orm import sessionmaker
 
 from fides.api.db.session import ExtendedSession
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 # Associated with a workaround in fides.core.config.database_settings
 # ref: https://github.com/sqlalchemy/sqlalchemy/discussions/5975
diff --git a/src/fides/api/db/database.py b/src/fides/api/db/database.py
index d61bccc750..483baef616 100644
--- a/src/fides/api/db/database.py
+++ b/src/fides/api/db/database.py
@@ -27,8 +27,8 @@ def get_alembic_config(database_url: str) -> Config:
     """
 
     migrations_dir = path.dirname(path.abspath(__file__))
-    directory = path.join(migrations_dir, "../migrations")
-    config = Config(path.join(migrations_dir, "../alembic.ini"))
+    directory = path.join(migrations_dir, "../alembic/migrations")
+    config = Config(path.join(migrations_dir, "../alembic/alembic.ini"))
     config.set_main_option("script_location", directory.replace("%", "%%"))
     config.set_main_option("sqlalchemy.url", database_url)
     return config
diff --git a/src/fides/api/db/seed.py b/src/fides/api/db/seed.py
index f8a08492cf..53f5e63f28 100644
--- a/src/fides/api/db/seed.py
+++ b/src/fides/api/db/seed.py
@@ -36,7 +36,7 @@
 from fides.api.util.connection_util import patch_connection_configs
 from fides.api.util.errors import AlreadyExistsError, QueryError
 from fides.api.util.text import to_snake_case
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from .crud import create_resource, get_resource, list_resource, upsert_resources
 from .samples import (
diff --git a/src/fides/api/db/session.py b/src/fides/api/db/session.py
index 5f8ec57491..16f32aac1f 100644
--- a/src/fides/api/db/session.py
+++ b/src/fides/api/db/session.py
@@ -7,7 +7,7 @@
 from sqlalchemy.orm import Session, sessionmaker
 
 from fides.api.common_exceptions import MissingConfig
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 
 
 def get_db_engine(
diff --git a/src/fides/api/graph/analytics_events.py b/src/fides/api/graph/analytics_events.py
index 5b3a42a8b2..6b50ff4adb 100644
--- a/src/fides/api/graph/analytics_events.py
+++ b/src/fides/api/graph/analytics_events.py
@@ -15,7 +15,7 @@
 from fides.api.schemas.policy import ActionType
 from fides.api.task.task_resources import TaskResources
 from fides.api.util.collection_util import Row
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 if TYPE_CHECKING:
     from fides.api.task.graph_task import GraphTask
diff --git a/src/fides/api/main.py b/src/fides/api/main.py
index 156ec857f8..000e6049fc 100644
--- a/src/fides/api/main.py
+++ b/src/fides/api/main.py
@@ -38,7 +38,7 @@
 )
 from fides.api.util.logger import _log_exception
 from fides.cli.utils import FIDES_ASCII_ART
-from fides.core.config import CONFIG, check_required_webserver_config_values
+from fides.config import CONFIG, check_required_webserver_config_values
 
 IGNORED_AUDIT_LOG_RESOURCE_PATHS = {"/api/v1/login"}
 
diff --git a/src/fides/api/models/application_config.py b/src/fides/api/models/application_config.py
index f4022726a9..a186d26840 100644
--- a/src/fides/api/models/application_config.py
+++ b/src/fides/api/models/application_config.py
@@ -15,7 +15,7 @@
 )
 
 from fides.api.db.base_class import Base, JSONTypeOverride
-from fides.core.config import CONFIG, FidesConfig
+from fides.config import CONFIG, FidesConfig
 
 
 class ApplicationConfig(Base):
diff --git a/src/fides/api/models/client.py b/src/fides/api/models/client.py
index 1926cd8f6d..e4caa2a70c 100644
--- a/src/fides/api/models/client.py
+++ b/src/fides/api/models/client.py
@@ -23,7 +23,7 @@
 from fides.api.db.base_class import Base
 from fides.api.models.fides_user import FidesUser
 from fides.api.oauth.jwt import generate_jwe
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 
 DEFAULT_SCOPES: list[str] = []
 DEFAULT_ROLES: list[str] = []
diff --git a/src/fides/api/models/connectionconfig.py b/src/fides/api/models/connectionconfig.py
index 54d656de9d..efdc575829 100644
--- a/src/fides/api/models/connectionconfig.py
+++ b/src/fides/api/models/connectionconfig.py
@@ -18,7 +18,7 @@
 from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 from fides.api.schemas.policy import ActionType
 from fides.api.schemas.saas.saas_config import SaaSConfig
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class ConnectionTestStatus(enum.Enum):
diff --git a/src/fides/api/models/datasetconfig.py b/src/fides/api/models/datasetconfig.py
index 42cfd0aec0..286cebd70e 100644
--- a/src/fides/api/models/datasetconfig.py
+++ b/src/fides/api/models/datasetconfig.py
@@ -19,8 +19,9 @@
 )
 from fides.api.graph.data_type import parse_data_type_string
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
-from fides.api.models.sql_models import Dataset as CtlDataset  # type: ignore[attr-defined]
-
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    Dataset as CtlDataset,
+)
 from fides.api.util.saas_util import merge_datasets
 
 
diff --git a/src/fides/api/models/messaging.py b/src/fides/api/models/messaging.py
index 7e4a12945a..7ba8653789 100644
--- a/src/fides/api/models/messaging.py
+++ b/src/fides/api/models/messaging.py
@@ -30,8 +30,8 @@
     possible_messaging_secrets,
 )
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 
 def get_messaging_method(
diff --git a/src/fides/api/models/policy.py b/src/fides/api/models/policy.py
index 8a8b3cf3c3..25326d7b3d 100644
--- a/src/fides/api/models/policy.py
+++ b/src/fides/api/models/policy.py
@@ -27,7 +27,7 @@
 from fides.api.models.storage import StorageConfig, get_active_default_storage_config
 from fides.api.schemas.policy import ActionType, DrpAction
 from fides.api.util.data_category import _validate_data_category
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class CurrentStep(EnumType):
diff --git a/src/fides/api/models/privacy_preference.py b/src/fides/api/models/privacy_preference.py
index e8be8dfb3e..3942c2b757 100644
--- a/src/fides/api/models/privacy_preference.py
+++ b/src/fides/api/models/privacy_preference.py
@@ -30,7 +30,7 @@
     PrivacyRequest,
     ProvidedIdentity,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class RequestOrigin(Enum):
diff --git a/src/fides/api/models/privacy_request.py b/src/fides/api/models/privacy_request.py
index 9797b5ef6f..b513ef9eb3 100644
--- a/src/fides/api/models/privacy_request.py
+++ b/src/fides/api/models/privacy_request.py
@@ -27,7 +27,6 @@
     StringEncryptedType,
 )
 
-from fides.api.api.v1.scope_registry import PRIVACY_REQUEST_CALLBACK_RESUME
 from fides.api.common_exceptions import (
     IdentityVerificationException,
     ManualWebhookFieldsUnset,
@@ -72,7 +71,8 @@
 from fides.api.util.collection_util import Row
 from fides.api.util.constants import API_DATE_FORMAT
 from fides.api.util.identity_verification import IdentityVerificationMixin
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import PRIVACY_REQUEST_CALLBACK_RESUME
+from fides.config import CONFIG
 
 # Locations from which privacy request execution can be resumed, in order.
 EXECUTION_CHECKPOINTS = [
diff --git a/src/fides/api/models/registration.py b/src/fides/api/models/registration.py
index 0c39dddb8e..4a2a46ab75 100644
--- a/src/fides/api/models/registration.py
+++ b/src/fides/api/models/registration.py
@@ -7,7 +7,7 @@
 from sqlalchemy_utils.types.encrypted.encrypted_type import AesEngine
 
 from fides.api.db.base_class import Base, FidesBase
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class UserRegistration(Base):
diff --git a/src/fides/api/models/sql_models.py b/src/fides/api/models/sql_models.py
index ecd32fc74e..9ed6a8d8e1 100644
--- a/src/fides/api/models/sql_models.py
+++ b/src/fides/api/models/sql_models.py
@@ -37,7 +37,7 @@
 from fides.api.models.client import ClientDetail
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.fides_user_permissions import FidesUserPermissions
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class FidesBase(FideslibBase):
diff --git a/src/fides/api/models/storage.py b/src/fides/api/models/storage.py
index 43467ed61f..9b23a92151 100644
--- a/src/fides/api/models/storage.py
+++ b/src/fides/api/models/storage.py
@@ -18,8 +18,8 @@
 from fides.api.schemas.storage.storage_secrets_docs_only import possible_storage_secrets
 from fides.api.util.logger import Pii
 from fides.api.util.storage_util import get_schema_for_secrets
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 
 class StorageConfig(Base):
diff --git a/src/fides/api/oauth/roles.py b/src/fides/api/oauth/roles.py
index d403ba6c13..dfd563e837 100644
--- a/src/fides/api/oauth/roles.py
+++ b/src/fides/api/oauth/roles.py
@@ -1,7 +1,7 @@
 from enum import Enum
 from typing import Dict, List, Optional
 
-from fides.api.api.v1.scope_registry import (
+from fides.common.api.scope_registry import (
     CLI_OBJECTS_READ,
     CLIENT_READ,
     CONFIG_READ,
diff --git a/src/fides/api/oauth/system_manager.py b/src/fides/api/oauth/system_manager.py
index 834ae76d10..c72eb78092 100644
--- a/src/fides/api/oauth/system_manager.py
+++ b/src/fides/api/oauth/system_manager.py
@@ -1,4 +1,4 @@
-from fides.api.api.v1.scope_registry import SYSTEM_DELETE, SYSTEM_UPDATE
+from fides.common.api.scope_registry import SYSTEM_DELETE, SYSTEM_UPDATE
 
 # System managers are separate from roles, because you are just granted these
 # permissions to specific system(s) not to all resources of a given type
diff --git a/src/fides/api/oauth/utils.py b/src/fides/api/oauth/utils.py
index ca09fde0f0..a10266e703 100644
--- a/src/fides/api/oauth/utils.py
+++ b/src/fides/api/oauth/utils.py
@@ -30,7 +30,7 @@
 from fides.api.oauth.roles import get_scopes_from_roles
 from fides.api.schemas.external_https import WebhookJWE
 from fides.api.schemas.oauth import OAuth2ClientCredentialsBearer
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 JWT_ENCRYPTION_ALGORITHM = ALGORITHMS.A256GCM
 
diff --git a/src/fides/api/schemas/encryption_request.py b/src/fides/api/schemas/encryption_request.py
index b13ed5a287..00eed863a1 100644
--- a/src/fides/api/schemas/encryption_request.py
+++ b/src/fides/api/schemas/encryption_request.py
@@ -1,7 +1,7 @@
 from pydantic import BaseModel, validator
 
 from fides.api.util.encryption.aes_gcm_encryption_scheme import verify_encryption_key
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class AesEncryptionRequest(BaseModel):
diff --git a/src/fides/api/schemas/privacy_request.py b/src/fides/api/schemas/privacy_request.py
index d9fe732b95..c4f1228edb 100644
--- a/src/fides/api/schemas/privacy_request.py
+++ b/src/fides/api/schemas/privacy_request.py
@@ -19,7 +19,7 @@
 from fides.api.schemas.redis_cache import Identity
 from fides.api.schemas.user import PrivacyRequestReviewer
 from fides.api.util.encryption.aes_gcm_encryption_scheme import verify_encryption_key
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class PrivacyRequestDRPStatus(EnumType):
diff --git a/src/fides/api/schemas/user_permission.py b/src/fides/api/schemas/user_permission.py
index 3ff3e79c5f..d0e003267a 100644
--- a/src/fides/api/schemas/user_permission.py
+++ b/src/fides/api/schemas/user_permission.py
@@ -2,9 +2,9 @@
 
 from pydantic import validator
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY, ScopeRegistryEnum
 from fides.api.oauth.roles import RoleRegistryEnum
 from fides.api.schemas.base_class import FidesSchema
+from fides.common.api.scope_registry import SCOPE_REGISTRY, ScopeRegistryEnum
 
 
 class UserPermissionsCreate(FidesSchema):
diff --git a/src/fides/api/service/_verification.py b/src/fides/api/service/_verification.py
index 18f707328d..c81f87871d 100644
--- a/src/fides/api/service/_verification.py
+++ b/src/fides/api/service/_verification.py
@@ -12,8 +12,8 @@
 from fides.api.service.privacy_request.request_runner_service import (
     generate_id_verification_code,
 )
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 
 def send_verification_code_to_user(
diff --git a/src/fides/api/service/authentication/authentication_strategy_oauth2_authorization_code.py b/src/fides/api/service/authentication/authentication_strategy_oauth2_authorization_code.py
index b1eeeb9438..b2ab662c6e 100644
--- a/src/fides/api/service/authentication/authentication_strategy_oauth2_authorization_code.py
+++ b/src/fides/api/service/authentication/authentication_strategy_oauth2_authorization_code.py
@@ -15,7 +15,7 @@
     OAuth2AuthenticationStrategyBase,
 )
 from fides.api.util.saas_util import assign_placeholders, map_param_values
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class OAuth2AuthorizationCodeAuthenticationStrategy(OAuth2AuthenticationStrategyBase):
diff --git a/src/fides/api/service/connectors/base_connector.py b/src/fides/api/service/connectors/base_connector.py
index ba3579f28e..82477698e4 100644
--- a/src/fides/api/service/connectors/base_connector.py
+++ b/src/fides/api/service/connectors/base_connector.py
@@ -10,7 +10,7 @@
 from fides.api.models.privacy_request import PrivacyRequest
 from fides.api.service.connectors.query_config import QueryConfig
 from fides.api.util.collection_util import Row
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 DB_CONNECTOR_TYPE = TypeVar("DB_CONNECTOR_TYPE")
 
diff --git a/src/fides/api/service/connectors/base_email_connector.py b/src/fides/api/service/connectors/base_email_connector.py
index e7c4de7c22..9ca6dc2f5b 100644
--- a/src/fides/api/service/connectors/base_email_connector.py
+++ b/src/fides/api/service/connectors/base_email_connector.py
@@ -13,8 +13,8 @@
     MessagingServiceType,
 )
 from fides.api.service.connectors.base_connector import DB_CONNECTOR_TYPE
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 
 class BaseEmailConnector(Generic[DB_CONNECTOR_TYPE], ABC):
diff --git a/src/fides/api/service/connectors/consent_email_connector.py b/src/fides/api/service/connectors/consent_email_connector.py
index ddb9433c8a..0ec904ecd2 100644
--- a/src/fides/api/service/connectors/consent_email_connector.py
+++ b/src/fides/api/service/connectors/consent_email_connector.py
@@ -47,7 +47,7 @@
     cache_initial_status_and_identities_for_consent_reporting,
     filter_privacy_preferences_for_propagation,
 )
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/src/fides/api/service/connectors/erasure_email_connector.py b/src/fides/api/service/connectors/erasure_email_connector.py
index 932739f526..39f4696a34 100644
--- a/src/fides/api/service/connectors/erasure_email_connector.py
+++ b/src/fides/api/service/connectors/erasure_email_connector.py
@@ -32,7 +32,7 @@
     get_org_name,
 )
 from fides.api.service.messaging.message_dispatch_service import dispatch_message
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/src/fides/api/service/connectors/saas/authenticated_client.py b/src/fides/api/service/connectors/saas/authenticated_client.py
index 0dbf87442a..4c07062423 100644
--- a/src/fides/api/service/connectors/saas/authenticated_client.py
+++ b/src/fides/api/service/connectors/saas/authenticated_client.py
@@ -20,7 +20,7 @@
     RateLimiterPeriod,
     RateLimiterRequest,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 if TYPE_CHECKING:
     from fides.api.models.connectionconfig import ConnectionConfig
diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index 1795b0e861..93c16863fc 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -40,7 +40,7 @@
     replace_dataset_placeholders,
     replace_version,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class ConnectorTemplateLoader(ABC):
diff --git a/src/fides/api/service/connectors/saas_query_config.py b/src/fides/api/service/connectors/saas_query_config.py
index 6d4849143a..5d0fe45b19 100644
--- a/src/fides/api/service/connectors/saas_query_config.py
+++ b/src/fides/api/service/connectors/saas_query_config.py
@@ -26,7 +26,7 @@
     get_identity,
     unflatten_dict,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 T = TypeVar("T")
 
diff --git a/src/fides/api/service/connectors/sql_connector.py b/src/fides/api/service/connectors/sql_connector.py
index 7208ef3326..2a0bb6552f 100644
--- a/src/fides/api/service/connectors/sql_connector.py
+++ b/src/fides/api/service/connectors/sql_connector.py
@@ -52,7 +52,7 @@
     SQLQueryConfig,
 )
 from fides.api.util.collection_util import Row
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/src/fides/api/service/masking/strategy/masking_strategy_hash.py b/src/fides/api/service/masking/strategy/masking_strategy_hash.py
index 0f6fb45e82..48899c26b0 100644
--- a/src/fides/api/service/masking/strategy/masking_strategy_hash.py
+++ b/src/fides/api/service/masking/strategy/masking_strategy_hash.py
@@ -16,7 +16,7 @@
 from fides.api.service.masking.strategy.format_preservation import FormatPreservation
 from fides.api.service.masking.strategy.masking_strategy import MaskingStrategy
 from fides.api.util.encryption.secrets_util import SecretsUtil
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class HashMaskingStrategy(MaskingStrategy):
diff --git a/src/fides/api/service/messaging/message_dispatch_service.py b/src/fides/api/service/messaging/message_dispatch_service.py
index 1c7861bd17..feb770ad96 100644
--- a/src/fides/api/service/messaging/message_dispatch_service.py
+++ b/src/fides/api/service/messaging/message_dispatch_service.py
@@ -41,8 +41,8 @@
 from fides.api.schemas.redis_cache import Identity
 from fides.api.tasks import MESSAGING_QUEUE_NAME, DatabaseTask, celery_app
 from fides.api.util.logger import Pii
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 EMAIL_JOIN_STRING = ", "
 EMAIL_TEMPLATE_NAME = "fides"
diff --git a/src/fides/api/service/privacy_request/email_batch_service.py b/src/fides/api/service/privacy_request/email_batch_service.py
index 9caf5ed510..2a309c4b06 100644
--- a/src/fides/api/service/privacy_request/email_batch_service.py
+++ b/src/fides/api/service/privacy_request/email_batch_service.py
@@ -15,7 +15,7 @@
 )
 from fides.api.tasks import DatabaseTask, celery_app
 from fides.api.tasks.scheduled.scheduler import scheduler
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 BATCH_EMAIL_SEND = "batch_email_send"
diff --git a/src/fides/api/service/privacy_request/request_runner_service.py b/src/fides/api/service/privacy_request/request_runner_service.py
index 95012c2701..dcfd964b09 100644
--- a/src/fides/api/service/privacy_request/request_runner_service.py
+++ b/src/fides/api/service/privacy_request/request_runner_service.py
@@ -83,8 +83,8 @@
 from fides.api.util.collection_util import Row
 from fides.api.util.logger import Pii, _log_exception, _log_warning
 from fides.api.util.wrappers import sync
-from fides.core.config import CONFIG
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import CONFIG
+from fides.config.config_proxy import ConfigProxy
 
 
 class ManualWebhookResults(FidesSchema):
diff --git a/src/fides/api/task/graph_task.py b/src/fides/api/task/graph_task.py
index 179534617c..a91a7b4754 100644
--- a/src/fides/api/task/graph_task.py
+++ b/src/fides/api/task/graph_task.py
@@ -49,7 +49,7 @@
 from fides.api.util.consent_util import add_errored_system_status_for_consent_reporting
 from fides.api.util.logger import Pii
 from fides.api.util.saas_util import FIDESOPS_GROUPED_INPUTS
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 dask.config.set(scheduler="threads")
 
diff --git a/src/fides/api/tasks/__init__.py b/src/fides/api/tasks/__init__.py
index fe71bca444..f31eacdaf8 100644
--- a/src/fides/api/tasks/__init__.py
+++ b/src/fides/api/tasks/__init__.py
@@ -5,7 +5,7 @@
 from sqlalchemy.orm import Session
 
 from fides.api.db.session import get_db_engine, get_db_session
-from fides.core.config import CONFIG, FidesConfig
+from fides.config import CONFIG, FidesConfig
 
 MESSAGING_QUEUE_NAME = "fidesops.messaging"
 
diff --git a/src/fides/api/tasks/storage.py b/src/fides/api/tasks/storage.py
index 8a1ae74467..269029dc44 100644
--- a/src/fides/api/tasks/storage.py
+++ b/src/fides/api/tasks/storage.py
@@ -28,7 +28,7 @@
 )
 from fides.api.util.storage_authenticator import get_s3_session
 from fides.api.util.storage_util import storage_json_encoder
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 LOCAL_FIDES_UPLOAD_DIRECTORY = "fides_uploads"
 
diff --git a/src/fides/api/util/cache.py b/src/fides/api/util/cache.py
index a2423e1582..0f8ca016ef 100644
--- a/src/fides/api/util/cache.py
+++ b/src/fides/api/util/cache.py
@@ -12,7 +12,7 @@
 
 from fides.api import common_exceptions
 from fides.api.schemas.masking.masking_secrets import SecretType
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 # This constant represents every type a redis key may contain, and can be
 # extended if needed
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index 01c75e81fb..cf94f4b621 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -35,7 +35,7 @@
 from fides.api.schemas.privacy_experience import ExperienceConfigCreateWithId
 from fides.api.schemas.privacy_notice import PrivacyNoticeCreation, PrivacyNoticeWithId
 from fides.api.schemas.redis_cache import Identity
-from fides.core.config.helpers import load_file
+from fides.config.helpers import load_file
 
 PRIVACY_NOTICE_ESCAPE_FIELDS = ["name", "description", "internal_description"]
 PRIVACY_EXPERIENCE_ESCAPE_FIELDS = [
diff --git a/src/fides/api/util/data_category.py b/src/fides/api/util/data_category.py
index ae2e8d5757..ccb0e60670 100644
--- a/src/fides/api/util/data_category.py
+++ b/src/fides/api/util/data_category.py
@@ -6,7 +6,9 @@
 from sqlalchemy.orm import Session
 
 from fides.api import common_exceptions
-from fides.api.models.sql_models import DataCategory as DataCategoryDbModel  # type: ignore[attr-defined]
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    DataCategory as DataCategoryDbModel,
+)
 
 
 def generate_fides_data_categories() -> Type[EnumType]:
diff --git a/src/fides/api/util/encryption/aes_gcm_encryption_scheme.py b/src/fides/api/util/encryption/aes_gcm_encryption_scheme.py
index 22c5ab51f8..90f5d409f1 100644
--- a/src/fides/api/util/encryption/aes_gcm_encryption_scheme.py
+++ b/src/fides/api/util/encryption/aes_gcm_encryption_scheme.py
@@ -4,7 +4,7 @@
 from cryptography.hazmat.primitives.ciphers.aead import AESGCM
 
 from fides.api.cryptography.cryptographic_util import bytes_to_b64_str
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 def encrypt_to_bytes_verify_secrets_length(
diff --git a/src/fides/api/util/encryption/hmac_encryption_scheme.py b/src/fides/api/util/encryption/hmac_encryption_scheme.py
index 7f94b0b41c..45db59a015 100644
--- a/src/fides/api/util/encryption/hmac_encryption_scheme.py
+++ b/src/fides/api/util/encryption/hmac_encryption_scheme.py
@@ -3,7 +3,7 @@
 from typing import Callable
 
 from fides.api.schemas.masking.masking_configuration import HmacMaskingConfiguration
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 def hmac_encrypt_return_bytes(
diff --git a/src/fides/api/util/identity_verification.py b/src/fides/api/util/identity_verification.py
index 21f4323c9f..7bfbb69510 100644
--- a/src/fides/api/util/identity_verification.py
+++ b/src/fides/api/util/identity_verification.py
@@ -4,7 +4,7 @@
 
 from fides.api.common_exceptions import IdentityVerificationException
 from fides.api.util.cache import FidesopsRedis, get_cache
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 class IdentityVerificationMixin:
diff --git a/src/fides/api/util/logger.py b/src/fides/api/util/logger.py
index a80041cf8f..feb743c5d7 100644
--- a/src/fides/api/util/logger.py
+++ b/src/fides/api/util/logger.py
@@ -12,7 +12,7 @@
 
 from loguru import logger
 
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 MASKED = "MASKED"
 
diff --git a/src/fides/api/util/saas_util.py b/src/fides/api/util/saas_util.py
index 36035775b7..df05a43c8b 100644
--- a/src/fides/api/util/saas_util.py
+++ b/src/fides/api/util/saas_util.py
@@ -15,7 +15,7 @@
 from fides.api.models.privacy_request import PrivacyRequest
 from fides.api.schemas.saas.saas_config import SaaSRequest
 from fides.api.schemas.saas.shared_schemas import SaaSRequestParams
-from fides.core.config.helpers import load_file
+from fides.config.helpers import load_file
 
 FIDESOPS_GROUPED_INPUTS = "fidesops_grouped_inputs"
 PRIVACY_REQUEST_ID = "privacy_request_id"
diff --git a/src/fides/cli/__init__.py b/src/fides/cli/__init__.py
index 1f27118ced..1366d4ccb5 100644
--- a/src/fides/cli/__init__.py
+++ b/src/fides/cli/__init__.py
@@ -15,7 +15,7 @@
 
 import fides
 from fides.cli.utils import check_server
-from fides.core.config import get_config
+from fides.config import get_config
 
 from . import cli_formatting
 from .commands.annotate import annotate
diff --git a/src/fides/cli/commands/db.py b/src/fides/cli/commands/db.py
index 92c47e07bb..3f80c75a2d 100644
--- a/src/fides/cli/commands/db.py
+++ b/src/fides/cli/commands/db.py
@@ -3,9 +3,8 @@
 
 from fides.cli.options import yes_flag
 from fides.cli.utils import with_analytics
-from fides.common.utils import handle_cli_response
+from fides.common.utils import echo_red, handle_cli_response
 from fides.core import api as _api
-from fides.core.utils import echo_red
 
 
 @click.group(name="db")
diff --git a/src/fides/cli/commands/deploy.py b/src/fides/cli/commands/deploy.py
index df71559cde..1f1ce6d891 100644
--- a/src/fides/cli/commands/deploy.py
+++ b/src/fides/cli/commands/deploy.py
@@ -5,8 +5,8 @@
 
 import rich_click as click
 
-from fides.common.utils import print_divider
-from fides.core.config.create import create_and_update_config_file
+from fides.common.utils import echo_green, print_divider
+from fides.config.create import create_and_update_config_file
 from fides.core.deploy import (
     check_docker_version,
     check_fides_uploads_dir,
@@ -16,7 +16,6 @@
     start_application,
     teardown_application,
 )
-from fides.core.utils import echo_green
 
 
 # NOTE: This behaves similarly to 'init' in that it is excluded from analytics
diff --git a/src/fides/cli/commands/ungrouped.py b/src/fides/cli/commands/ungrouped.py
index 86ee61576b..9b7fe5e768 100644
--- a/src/fides/cli/commands/ungrouped.py
+++ b/src/fides/cli/commands/ungrouped.py
@@ -19,7 +19,14 @@
     send_init_analytics,
     with_analytics,
 )
-from fides.common.utils import handle_cli_response, pretty_echo, print_divider
+from fides.common.utils import (
+    echo_green,
+    echo_red,
+    handle_cli_response,
+    pretty_echo,
+    print_divider,
+)
+from fides.config.create import create_and_update_config_file
 from fides.core import api as _api
 from fides.core import audit as _audit
 from fides.core import evaluate as _evaluate
@@ -27,8 +34,7 @@
 from fides.core import pull as _pull
 from fides.core import push as _push
 from fides.core.api_helpers import get_server_resource, list_server_resources
-from fides.core.config.create import create_and_update_config_file
-from fides.core.utils import echo_green, echo_red, git_is_dirty
+from fides.core.utils import git_is_dirty
 
 
 @click.command()
diff --git a/src/fides/cli/commands/view.py b/src/fides/cli/commands/view.py
index a114404c9b..62d974b1ac 100644
--- a/src/fides/cli/commands/view.py
+++ b/src/fides/cli/commands/view.py
@@ -4,8 +4,8 @@
 from toml import dumps
 
 from fides.cli.utils import with_analytics
-from fides.common.utils import print_divider
-from fides.core.utils import echo_red, get_credentials_path, read_credentials_file
+from fides.common.utils import echo_red, print_divider
+from fides.core.utils import get_credentials_path, read_credentials_file
 
 
 @click.group(name="view")
diff --git a/src/fides/cli/utils.py b/src/fides/cli/utils.py
index b548500b98..e246ce5a1e 100644
--- a/src/fides/cli/utils.py
+++ b/src/fides/cli/utils.py
@@ -26,6 +26,15 @@
 import fides
 from fides.api.api.v1.urn_registry import REGISTRATION, V1_URL_PREFIX
 from fides.common.utils import check_response, echo_green, echo_red
+from fides.config import FidesConfig
+from fides.config.credentials_settings import (
+    get_config_aws_credentials,
+    get_config_bigquery_credentials,
+    get_config_database_credentials,
+    get_config_okta_credentials,
+)
+from fides.config.helpers import get_config_from_file
+from fides.config.utils import get_dev_mode
 from fides.connectors.models import (
     AWSConfig,
     BigQueryConfig,
@@ -33,15 +42,6 @@
     OktaConfig,
 )
 from fides.core import api as _api
-from fides.core.config import FidesConfig
-from fides.core.config.credentials_settings import (
-    get_config_aws_credentials,
-    get_config_bigquery_credentials,
-    get_config_database_credentials,
-    get_config_okta_credentials,
-)
-from fides.core.config.helpers import get_config_from_file
-from fides.core.config.utils import get_dev_mode
 
 APP = fides.__name__
 PACKAGE = "ethyca-fides"
diff --git a/src/fides/common/api/__init__.py b/src/fides/common/api/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/fides/api/api/v1/scope_registry.py b/src/fides/common/api/scope_registry.py
similarity index 100%
rename from src/fides/api/api/v1/scope_registry.py
rename to src/fides/common/api/scope_registry.py
diff --git a/src/fides/core/config/__init__.py b/src/fides/config/__init__.py
similarity index 99%
rename from src/fides/core/config/__init__.py
rename to src/fides/config/__init__.py
index 689ae0a287..5251d72200 100644
--- a/src/fides/core/config/__init__.py
+++ b/src/fides/config/__init__.py
@@ -13,7 +13,7 @@
 from pydantic.class_validators import _FUNCS
 from pydantic.env_settings import SettingsSourceCallable
 
-from fides.core.utils import echo_red
+from fides.common.utils import echo_red
 
 from .admin_ui_settings import AdminUISettings
 from .cli_settings import CLISettings
diff --git a/src/fides/core/config/admin_ui_settings.py b/src/fides/config/admin_ui_settings.py
similarity index 100%
rename from src/fides/core/config/admin_ui_settings.py
rename to src/fides/config/admin_ui_settings.py
diff --git a/src/fides/core/config/cli_settings.py b/src/fides/config/cli_settings.py
similarity index 100%
rename from src/fides/core/config/cli_settings.py
rename to src/fides/config/cli_settings.py
diff --git a/src/fides/core/config/config_proxy.py b/src/fides/config/config_proxy.py
similarity index 100%
rename from src/fides/core/config/config_proxy.py
rename to src/fides/config/config_proxy.py
diff --git a/src/fides/core/config/create.py b/src/fides/config/create.py
similarity index 98%
rename from src/fides/core/config/create.py
rename to src/fides/config/create.py
index a826526752..7c918065db 100644
--- a/src/fides/core/config/create.py
+++ b/src/fides/config/create.py
@@ -10,8 +10,8 @@
 from pydantic import BaseSettings
 
 from fides.cli.utils import request_analytics_consent
-from fides.core.config import FidesConfig, build_config
-from fides.core.config.utils import replace_config_value
+from fides.config import FidesConfig, build_config
+from fides.config.utils import replace_config_value
 
 CONFIG_DOCS_URL = "https://ethyca.github.io/fides/stable/config/"
 HELP_LINK = f"# For more info, please visit: {CONFIG_DOCS_URL}"
diff --git a/src/fides/core/config/credentials_settings.py b/src/fides/config/credentials_settings.py
similarity index 100%
rename from src/fides/core/config/credentials_settings.py
rename to src/fides/config/credentials_settings.py
diff --git a/src/fides/core/config/database_settings.py b/src/fides/config/database_settings.py
similarity index 99%
rename from src/fides/core/config/database_settings.py
rename to src/fides/config/database_settings.py
index 95722a4502..bf44f1b19f 100644
--- a/src/fides/core/config/database_settings.py
+++ b/src/fides/config/database_settings.py
@@ -8,7 +8,7 @@
 
 from pydantic import Field, PostgresDsn, validator
 
-from fides.core.config.utils import get_test_mode
+from fides.config.utils import get_test_mode
 
 from .fides_settings import FidesSettings
 
diff --git a/src/fides/core/config/execution_settings.py b/src/fides/config/execution_settings.py
similarity index 100%
rename from src/fides/core/config/execution_settings.py
rename to src/fides/config/execution_settings.py
diff --git a/src/fides/core/config/fides_settings.py b/src/fides/config/fides_settings.py
similarity index 100%
rename from src/fides/core/config/fides_settings.py
rename to src/fides/config/fides_settings.py
diff --git a/src/fides/core/config/helpers.py b/src/fides/config/helpers.py
similarity index 100%
rename from src/fides/core/config/helpers.py
rename to src/fides/config/helpers.py
diff --git a/src/fides/core/config/logging_settings.py b/src/fides/config/logging_settings.py
similarity index 100%
rename from src/fides/core/config/logging_settings.py
rename to src/fides/config/logging_settings.py
diff --git a/src/fides/core/config/notification_settings.py b/src/fides/config/notification_settings.py
similarity index 100%
rename from src/fides/core/config/notification_settings.py
rename to src/fides/config/notification_settings.py
diff --git a/src/fides/core/config/redis_settings.py b/src/fides/config/redis_settings.py
similarity index 100%
rename from src/fides/core/config/redis_settings.py
rename to src/fides/config/redis_settings.py
diff --git a/src/fides/core/config/security_settings.py b/src/fides/config/security_settings.py
similarity index 99%
rename from src/fides/core/config/security_settings.py
rename to src/fides/config/security_settings.py
index dbfceea702..c27410dd91 100644
--- a/src/fides/core/config/security_settings.py
+++ b/src/fides/config/security_settings.py
@@ -7,9 +7,9 @@
 from pydantic import Field, validator
 from slowapi.wrappers import parse_many  # type: ignore
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY
 from fides.api.cryptography.cryptographic_util import generate_salt, hash_with_salt
 from fides.api.oauth.roles import OWNER
+from fides.common.api.scope_registry import SCOPE_REGISTRY
 
 from .fides_settings import FidesSettings
 
diff --git a/src/fides/core/config/user_settings.py b/src/fides/config/user_settings.py
similarity index 100%
rename from src/fides/core/config/user_settings.py
rename to src/fides/config/user_settings.py
diff --git a/src/fides/core/config/utils.py b/src/fides/config/utils.py
similarity index 100%
rename from src/fides/core/config/utils.py
rename to src/fides/config/utils.py
diff --git a/src/fides/core/annotate_dataset.py b/src/fides/core/annotate_dataset.py
index 1a69e34a0e..305e3a5c3a 100644
--- a/src/fides/core/annotate_dataset.py
+++ b/src/fides/core/annotate_dataset.py
@@ -9,9 +9,10 @@
 from fideslang.models import Dataset, DatasetCollection, DatasetField, FidesKey
 from fideslang.validation import FidesValidationError
 
+from fides.common.utils import echo_green
+from fides.config import FidesConfig
 from fides.core import api_helpers
-from fides.core.config import FidesConfig
-from fides.core.utils import echo_green, get_all_level_fields
+from fides.core.utils import get_all_level_fields
 
 
 class AnnotationAbortError(Exception):
diff --git a/src/fides/core/audit.py b/src/fides/core/audit.py
index 2373957ef1..4bd048fc3c 100644
--- a/src/fides/core/audit.py
+++ b/src/fides/core/audit.py
@@ -2,13 +2,12 @@
 
 from fideslang.models import DataSubject, DataUse, FidesModel, Organization, System
 
-from fides.common.utils import pretty_echo
+from fides.common.utils import echo_green, echo_red, pretty_echo
 from fides.core.api_helpers import (
     get_server_resource,
     get_server_resources,
     list_server_resources,
 )
-from fides.core.utils import echo_green, echo_red
 
 
 def audit_systems(
diff --git a/src/fides/core/deploy.py b/src/fides/core/deploy.py
index 82f7bc8e6a..19cf897490 100644
--- a/src/fides/core/deploy.py
+++ b/src/fides/core/deploy.py
@@ -11,8 +11,8 @@
 
 import fides
 from fides.cli.utils import FIDES_ASCII_ART
+from fides.common.utils import echo_green, echo_red
 from fides.core.exceptions import DockerCheckException
-from fides.core.utils import echo_green, echo_red
 
 FIDES_DEPLOY_UPLOADS_DIR = getcwd() + "/fides_uploads/"
 REQUIRED_DOCKER_VERSION = "20.10.17"
diff --git a/src/fides/core/evaluate.py b/src/fides/core/evaluate.py
index bf0ba4fcdf..4b4213a33c 100644
--- a/src/fides/core/evaluate.py
+++ b/src/fides/core/evaluate.py
@@ -21,11 +21,11 @@
 from fideslang.validation import FidesKey
 from pydantic import AnyHttpUrl
 
-from fides.common.utils import handle_cli_response, pretty_echo
+from fides.common.utils import echo_green, echo_red, handle_cli_response, pretty_echo
 from fides.core import api
 from fides.core.api_helpers import get_server_resource, get_server_resources
 from fides.core.parse import parse
-from fides.core.utils import echo_green, echo_red, get_all_level_fields
+from fides.core.utils import get_all_level_fields
 
 
 def get_evaluation_policies(
diff --git a/src/fides/core/parse.py b/src/fides/core/parse.py
index dde094e567..bb5c76f33e 100644
--- a/src/fides/core/parse.py
+++ b/src/fides/core/parse.py
@@ -3,7 +3,8 @@
 from fideslang.manifests import ingest_manifests
 from fideslang.parse import load_manifests_into_taxonomy
 
-from fides.core.utils import echo_green, get_manifest_list
+from fides.common.utils import echo_green
+from fides.core.utils import get_manifest_list
 
 
 def parse(manifests_dir: str) -> Taxonomy:
diff --git a/src/fides/core/pull.py b/src/fides/core/pull.py
index fd56d1b2e3..506bfaa5d3 100644
--- a/src/fides/core/pull.py
+++ b/src/fides/core/pull.py
@@ -5,9 +5,9 @@
 from fideslang import model_list
 from fideslang.manifests import load_yaml_into_dict
 
-from fides.common.utils import print_divider
+from fides.common.utils import echo_green, print_divider
 from fides.core.api_helpers import get_server_resource, list_server_resources
-from fides.core.utils import echo_green, get_manifest_list
+from fides.core.utils import get_manifest_list
 
 MODEL_LIST = model_list
 
diff --git a/src/fides/core/push.py b/src/fides/core/push.py
index 1f29c95650..1101fc3b2c 100644
--- a/src/fides/core/push.py
+++ b/src/fides/core/push.py
@@ -6,10 +6,9 @@
 from deepdiff import DeepDiff
 from fideslang import FidesModel, Taxonomy
 
-from fides.common.utils import handle_cli_response
+from fides.common.utils import echo_green, echo_red, handle_cli_response
 from fides.core import api
 from fides.core.api_helpers import get_server_resources
-from fides.core.utils import echo_green, echo_red
 
 
 def sort_create_update(
diff --git a/src/fides/core/system.py b/src/fides/core/system.py
index 3a9c8ec761..6fe024bcfb 100644
--- a/src/fides/core/system.py
+++ b/src/fides/core/system.py
@@ -7,13 +7,12 @@
 from fideslang.models import Organization, System
 from pydantic import AnyHttpUrl
 
-from fides.common.utils import handle_cli_response
+from fides.common.utils import echo_green, echo_red, handle_cli_response
 from fides.connectors.models import AWSConfig, OktaConfig
 from fides.core import api
 from fides.core.api_helpers import get_server_resource, get_server_resources
 from fides.core.filters import filter_aws_systems
 from fides.core.parse import parse
-from fides.core.utils import echo_green, echo_red
 
 
 def generate_redshift_systems(
diff --git a/src/fides/core/user.py b/src/fides/core/user.py
index 8fddb6887f..585e6d048c 100644
--- a/src/fides/core/user.py
+++ b/src/fides/core/user.py
@@ -6,12 +6,10 @@
 from fideslang.validation import FidesKey
 
 from fides.api.cryptography.cryptographic_util import str_to_b64_str
-from fides.common.utils import handle_cli_response
-from fides.core.config import CONFIG
+from fides.common.utils import echo_green, echo_red, handle_cli_response
+from fides.config import CONFIG
 from fides.core.utils import (
     Credentials,
-    echo_green,
-    echo_red,
     get_auth_header,
     get_credentials_path,
     read_credentials_file,
diff --git a/src/fides/core/utils.py b/src/fides/core/utils.py
index 7899691bea..71fe1321e2 100644
--- a/src/fides/core/utils.py
+++ b/src/fides/core/utils.py
@@ -1,13 +1,11 @@
 import glob
 import re
-from functools import partial
 from hashlib import sha1
 from os import getenv
 from os.path import isfile
 from pathlib import Path
 from typing import Dict, Iterator, List
 
-import click
 import sqlalchemy
 import toml
 from fideslang.models import DatasetField, FidesModel
@@ -16,13 +14,11 @@
 from sqlalchemy.engine import Engine
 from sqlalchemy.exc import SQLAlchemyError
 
+from fides.common.utils import echo_red
 from fides.connectors.models import ConnectorAuthFailureException
 
 logger.bind(name="server_api")
 
-echo_red = partial(click.secho, fg="red", bold=True)
-echo_green = partial(click.secho, fg="green", bold=True)
-
 
 class Credentials(BaseModel):
     """
diff --git a/tests/conftest.py b/tests/conftest.py
index a40c304967..b99d202bff 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -18,7 +18,6 @@
 from sqlalchemy.orm import sessionmaker
 from toml import load as load_toml
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY
 from fides.api.app_setup import PRIVACY_EXPERIENCE_CONFIGS_PATH
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -42,8 +41,9 @@
 from fides.api.schemas.messaging.messaging import MessagingServiceType
 from fides.api.util.cache import get_cache
 from fides.api.util.consent_util import load_default_experience_configs_on_startup
-from fides.core.config import get_config
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import SCOPE_REGISTRY
+from fides.config import get_config
+from fides.config.config_proxy import ConfigProxy
 from tests.fixtures.application_fixtures import *
 from tests.fixtures.bigquery_fixtures import *
 from tests.fixtures.dynamodb_fixtures import *
diff --git a/tests/ctl/api/test_admin.py b/tests/ctl/api/test_admin.py
index 665644230f..0d2ca2b533 100644
--- a/tests/ctl/api/test_admin.py
+++ b/tests/ctl/api/test_admin.py
@@ -4,7 +4,7 @@
 
 from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.util import errors
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 
 
 def test_db_reset_dev_mode_enabled(
diff --git a/tests/ctl/api/test_generate.py b/tests/ctl/api/test_generate.py
index f4b3616ffd..c6cd3c6fe2 100644
--- a/tests/ctl/api/test_generate.py
+++ b/tests/ctl/api/test_generate.py
@@ -8,7 +8,7 @@
 
 from fides.api.api.v1.endpoints.generate import GenerateResponse
 from fides.api.api.v1.endpoints.utils import API_PREFIX
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 
 EXTERNAL_CONFIG_BODY = {
     "aws": {
diff --git a/tests/ctl/api/test_seed.py b/tests/ctl/api/test_seed.py
index 614db5a9f1..db69ed73e9 100644
--- a/tests/ctl/api/test_seed.py
+++ b/tests/ctl/api/test_seed.py
@@ -15,8 +15,8 @@
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.policy import ActionType, DrpAction, Policy, Rule, RuleTarget
 from fides.api.models.sql_models import Dataset, PolicyCtl, System
+from fides.config import CONFIG, FidesConfig
 from fides.core import api as _api
-from fides.core.config import CONFIG, FidesConfig
 
 
 @pytest.fixture(scope="function", name="data_category")
diff --git a/tests/ctl/api/test_validate.py b/tests/ctl/api/test_validate.py
index 12c723b7a9..7c4257bedf 100644
--- a/tests/ctl/api/test_validate.py
+++ b/tests/ctl/api/test_validate.py
@@ -8,7 +8,7 @@
 
 from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.api.v1.endpoints.validate import ValidateResponse
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 
 EXTERNAL_CONFIG_BODY = {
     "aws": {
diff --git a/tests/ctl/cli/test_cli.py b/tests/ctl/cli/test_cli.py
index bfd4b3a48c..9c6f898398 100644
--- a/tests/ctl/cli/test_cli.py
+++ b/tests/ctl/cli/test_cli.py
@@ -9,10 +9,10 @@
 from git.repo import Repo
 from py._path.local import LocalPath
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY
 from fides.api.oauth.roles import OWNER, VIEWER
 from fides.cli import cli
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import SCOPE_REGISTRY
+from fides.config import CONFIG
 from fides.core.user import get_systems_managed_by_user, get_user_permissions
 from fides.core.utils import get_auth_header, read_credentials_file
 
diff --git a/tests/ctl/cli/test_utils.py b/tests/ctl/cli/test_utils.py
index 0f9081c8d2..3a93fc01e6 100644
--- a/tests/ctl/cli/test_utils.py
+++ b/tests/ctl/cli/test_utils.py
@@ -6,7 +6,7 @@
 import pytest
 
 import fides.cli.utils as utils
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 from tests.ctl.conftest import orig_requests_get
 
 
diff --git a/tests/ctl/connectors/test_aws.py b/tests/ctl/connectors/test_aws.py
index 5bd205f132..0eda249f41 100644
--- a/tests/ctl/connectors/test_aws.py
+++ b/tests/ctl/connectors/test_aws.py
@@ -7,8 +7,8 @@
 from py._path.local import LocalPath
 
 import fides.connectors.aws as aws_connector
+from fides.config import FidesConfig
 from fides.connectors.models import AWSConfig
-from fides.core.config import FidesConfig
 
 
 @pytest.fixture()
diff --git a/tests/ctl/connectors/test_okta.py b/tests/ctl/connectors/test_okta.py
index 9a3b7da50d..8a1571b894 100644
--- a/tests/ctl/connectors/test_okta.py
+++ b/tests/ctl/connectors/test_okta.py
@@ -8,8 +8,8 @@
 from py._path.local import LocalPath
 
 import fides.connectors.okta as okta_connector
+from fides.config import FidesConfig
 from fides.connectors.models import OktaConfig
-from fides.core.config import FidesConfig
 
 
 @pytest.fixture()
diff --git a/tests/ctl/core/config/test_config.py b/tests/ctl/core/config/test_config.py
index a3f625f2e3..929777e1b3 100644
--- a/tests/ctl/core/config/test_config.py
+++ b/tests/ctl/core/config/test_config.py
@@ -5,10 +5,10 @@
 import pytest
 from pydantic import ValidationError
 
-from fides.core.config import check_required_webserver_config_values, get_config
-from fides.core.config.database_settings import DatabaseSettings
-from fides.core.config.redis_settings import RedisSettings
-from fides.core.config.security_settings import SecuritySettings
+from fides.config import check_required_webserver_config_values, get_config
+from fides.config.database_settings import DatabaseSettings
+from fides.config.redis_settings import RedisSettings
+from fides.config.security_settings import SecuritySettings
 
 REQUIRED_ENV_VARS = {
     "FIDES__SECURITY__APP_ENCRYPTION_KEY": "OLMkv91j8DHiDAULnK5Lxx3kSCov30b3",
diff --git a/tests/ctl/core/config/test_config_helpers.py b/tests/ctl/core/config/test_config_helpers.py
index 01ef4bad7d..4313becaa9 100644
--- a/tests/ctl/core/config/test_config_helpers.py
+++ b/tests/ctl/core/config/test_config_helpers.py
@@ -3,7 +3,7 @@
 import pytest
 import toml
 
-from fides.core.config import helpers
+from fides.config import helpers
 
 
 @pytest.mark.unit
diff --git a/tests/ctl/core/config/test_create.py b/tests/ctl/core/config/test_create.py
index d44ac91e8f..6e21a249c7 100644
--- a/tests/ctl/core/config/test_create.py
+++ b/tests/ctl/core/config/test_create.py
@@ -4,8 +4,8 @@
 import toml
 from py._path.local import LocalPath
 
-from fides.core.config import FidesConfig
-from fides.core.config.create import (
+from fides.config import FidesConfig
+from fides.config.create import (
     build_field_documentation,
     create_and_update_config_file,
     create_config_file,
diff --git a/tests/ctl/core/config/test_credentials_settings.py b/tests/ctl/core/config/test_credentials_settings.py
index 0a9464c36f..dc45a14b14 100644
--- a/tests/ctl/core/config/test_credentials_settings.py
+++ b/tests/ctl/core/config/test_credentials_settings.py
@@ -5,7 +5,7 @@
 
 import pytest
 
-from fides.core.config.credentials_settings import merge_credentials_environment
+from fides.config.credentials_settings import merge_credentials_environment
 
 
 @pytest.mark.unit
diff --git a/tests/ctl/core/config/test_security_settings.py b/tests/ctl/core/config/test_security_settings.py
index f40dc2d683..777edf18b7 100644
--- a/tests/ctl/core/config/test_security_settings.py
+++ b/tests/ctl/core/config/test_security_settings.py
@@ -1,6 +1,6 @@
 import pytest
 
-from fides.core.config.security_settings import SecuritySettings
+from fides.config.security_settings import SecuritySettings
 
 
 @pytest.mark.unit
diff --git a/tests/ctl/core/config/test_utils.py b/tests/ctl/core/config/test_utils.py
index c9b5f58566..6469b9e733 100644
--- a/tests/ctl/core/config/test_utils.py
+++ b/tests/ctl/core/config/test_utils.py
@@ -6,9 +6,9 @@
 from py._path.local import LocalPath
 from toml import dump, load
 
-from fides.core.config import FidesConfig
-from fides.core.config.helpers import update_config_file
-from fides.core.config.utils import replace_config_value
+from fides.config import FidesConfig
+from fides.config.helpers import update_config_file
+from fides.config.utils import replace_config_value
 
 
 @pytest.fixture
diff --git a/tests/ctl/core/test_api.py b/tests/ctl/core/test_api.py
index 483d74154e..18e4686c6e 100644
--- a/tests/ctl/core/test_api.py
+++ b/tests/ctl/core/test_api.py
@@ -22,7 +22,12 @@
 
 from fides.api.api.v1.endpoints import health
 from fides.api.api.v1.endpoints.utils import API_PREFIX, CLI_SCOPE_PREFIX_MAPPING
-from fides.api.api.v1.scope_registry import (
+from fides.api.api.v1.urn_registry import V1_URL_PREFIX
+from fides.api.db.crud import get_resource
+from fides.api.models.sql_models import Dataset, PrivacyDeclaration, System
+from fides.api.oauth.roles import OWNER, VIEWER
+from fides.api.schemas.system import PrivacyDeclarationResponse
+from fides.common.api.scope_registry import (
     CREATE,
     DELETE,
     POLICY_CREATE_OR_UPDATE,
@@ -36,13 +41,8 @@
     SYSTEM_UPDATE,
     UPDATE,
 )
-from fides.api.api.v1.urn_registry import V1_URL_PREFIX
-from fides.api.db.crud import get_resource
-from fides.api.models.sql_models import Dataset, PrivacyDeclaration, System
-from fides.api.oauth.roles import OWNER, VIEWER
-from fides.api.schemas.system import PrivacyDeclarationResponse
+from fides.config import FidesConfig, get_config
 from fides.core import api as _api
-from fides.core.config import FidesConfig, get_config
 
 CONFIG = get_config()
 
diff --git a/tests/ctl/core/test_api_helpers.py b/tests/ctl/core/test_api_helpers.py
index c03505c8ef..555e9ab0bf 100644
--- a/tests/ctl/core/test_api_helpers.py
+++ b/tests/ctl/core/test_api_helpers.py
@@ -5,9 +5,9 @@
 import pytest
 from fideslang import FidesModel, model_list
 
+from fides.config import FidesConfig
 from fides.core import api as _api
 from fides.core import api_helpers as _api_helpers
-from fides.core.config import FidesConfig
 from tests.ctl.types import FixtureRequest
 
 RESOURCE_CREATION_COUNT = 5
diff --git a/tests/ctl/core/test_dataset.py b/tests/ctl/core/test_dataset.py
index 01006f79dd..79a453952d 100644
--- a/tests/ctl/core/test_dataset.py
+++ b/tests/ctl/core/test_dataset.py
@@ -20,9 +20,9 @@
 )
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.sql_models import Dataset as CtlDataset
+from fides.config import FidesConfig
 from fides.core import api
 from fides.core import dataset as _dataset
-from fides.core.config import FidesConfig
 
 
 def create_server_datasets(test_config: FidesConfig, datasets: List[Dataset]) -> None:
diff --git a/tests/ctl/core/test_evaluate.py b/tests/ctl/core/test_evaluate.py
index bd7ee6ecad..acbbeac88d 100644
--- a/tests/ctl/core/test_evaluate.py
+++ b/tests/ctl/core/test_evaluate.py
@@ -18,8 +18,8 @@
     Taxonomy,
 )
 
+from fides.config import FidesConfig
 from fides.core import evaluate
-from fides.core.config import FidesConfig
 
 
 # Helpers
diff --git a/tests/ctl/core/test_pull.py b/tests/ctl/core/test_pull.py
index fb69d9017a..b9a75a8054 100644
--- a/tests/ctl/core/test_pull.py
+++ b/tests/ctl/core/test_pull.py
@@ -1,7 +1,7 @@
 import pytest
 from git.repo import Repo
 
-from fides.core.config import FidesConfig
+from fides.config import FidesConfig
 from fides.core.pull import pull_existing_resources
 
 
diff --git a/tests/ctl/core/test_system.py b/tests/ctl/core/test_system.py
index a7957eae62..d801987a4f 100644
--- a/tests/ctl/core/test_system.py
+++ b/tests/ctl/core/test_system.py
@@ -7,10 +7,10 @@
 from py._path.local import LocalPath
 
 from fides.api.models.sql_models import System as sql_System
+from fides.config import FidesConfig
 from fides.connectors.models import OktaConfig
 from fides.core import api
 from fides.core import system as _system
-from fides.core.config import FidesConfig
 
 
 def create_server_systems(test_config: FidesConfig, systems: List[System]) -> None:
diff --git a/tests/ctl/core/test_utils.py b/tests/ctl/core/test_utils.py
index 653726c7da..eca98f3e44 100644
--- a/tests/ctl/core/test_utils.py
+++ b/tests/ctl/core/test_utils.py
@@ -8,8 +8,8 @@
 from fideslang.models import DatasetCollection, DatasetField
 
 from fides.common import utils as common_utils
+from fides.config import get_config
 from fides.core import utils as core_utils
-from fides.core.config import get_config
 
 
 @pytest.fixture()
diff --git a/tests/ctl/database/test_crud.py b/tests/ctl/database/test_crud.py
index c00fb34581..a16f1e03b5 100644
--- a/tests/ctl/database/test_crud.py
+++ b/tests/ctl/database/test_crud.py
@@ -15,8 +15,8 @@
 )
 from fides.api.models import sql_models
 from fides.api.util.errors import QueryError
+from fides.config import FidesConfig
 from fides.core import api as _api
-from fides.core.config import FidesConfig
 from tests.ctl.types import FixtureRequest
 
 
diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
index 6b08814b99..720d8f99bf 100644
--- a/tests/fixtures/application_fixtures.py
+++ b/tests/fixtures/application_fixtures.py
@@ -88,8 +88,8 @@
     StringRewriteMaskingStrategy,
 )
 from fides.api.util.data_category import DataCategory
-from fides.core.config import CONFIG
-from fides.core.config.helpers import load_file
+from fides.config import CONFIG
+from fides.config.helpers import load_file
 
 logging.getLogger("faker").setLevel(logging.ERROR)
 # disable verbose faker logging
diff --git a/tests/fixtures/mariadb_fixtures.py b/tests/fixtures/mariadb_fixtures.py
index 4e27608acb..f13369abf7 100644
--- a/tests/fixtures/mariadb_fixtures.py
+++ b/tests/fixtures/mariadb_fixtures.py
@@ -14,7 +14,7 @@
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.sql_models import Dataset as CtlDataset
 from fides.api.service.connectors import MariaDBConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from .application_fixtures import integration_secrets
 
diff --git a/tests/fixtures/mssql_fixtures.py b/tests/fixtures/mssql_fixtures.py
index d591aee67d..49d5b9ebe2 100644
--- a/tests/fixtures/mssql_fixtures.py
+++ b/tests/fixtures/mssql_fixtures.py
@@ -13,7 +13,7 @@
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.sql_models import Dataset as CtlDataset
 from fides.api.service.connectors import MicrosoftSQLServerConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from .application_fixtures import integration_secrets
 
diff --git a/tests/fixtures/mysql_fixtures.py b/tests/fixtures/mysql_fixtures.py
index 57154819a4..f55cb0aa49 100644
--- a/tests/fixtures/mysql_fixtures.py
+++ b/tests/fixtures/mysql_fixtures.py
@@ -13,7 +13,7 @@
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.sql_models import Dataset as CtlDataset
 from fides.api.service.connectors import MySQLConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from .application_fixtures import integration_secrets
 
diff --git a/tests/fixtures/postgres_fixtures.py b/tests/fixtures/postgres_fixtures.py
index aa78037427..e483b63afa 100644
--- a/tests/fixtures/postgres_fixtures.py
+++ b/tests/fixtures/postgres_fixtures.py
@@ -20,7 +20,7 @@
 )
 from fides.api.models.sql_models import Dataset as CtlDataset
 from fides.api.service.connectors import PostgreSQLConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.test_helpers.db_utils import seed_postgres_data
 
 from .application_fixtures import integration_secrets
diff --git a/tests/fixtures/timescale_fixtures.py b/tests/fixtures/timescale_fixtures.py
index a23d8ea3c4..a5fc9c724e 100644
--- a/tests/fixtures/timescale_fixtures.py
+++ b/tests/fixtures/timescale_fixtures.py
@@ -12,7 +12,7 @@
     ConnectionType,
 )
 from fides.api.service.connectors import TimescaleConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.test_helpers.db_utils import seed_postgres_data
 
 from .application_fixtures import integration_secrets
diff --git a/tests/lib/test_client_model.py b/tests/lib/test_client_model.py
index f2fbd932ba..201c792ce5 100644
--- a/tests/lib/test_client_model.py
+++ b/tests/lib/test_client_model.py
@@ -4,7 +4,6 @@
 
 import pytest
 
-from fides.api.api.v1.scope_registry import DATASET_CREATE_OR_UPDATE, SCOPE_REGISTRY
 from fides.api.cryptography.cryptographic_util import (
     generate_salt,
     generate_secure_random_string,
@@ -20,6 +19,7 @@
 from fides.api.models.client import ClientDetail, _get_root_client_detail
 from fides.api.oauth.roles import OWNER, VIEWER
 from fides.api.oauth.utils import extract_payload
+from fides.common.api.scope_registry import DATASET_CREATE_OR_UPDATE, SCOPE_REGISTRY
 
 
 def test_create_client_and_secret(db, config):
diff --git a/tests/lib/test_oauth_util.py b/tests/lib/test_oauth_util.py
index 03fb62f996..212be17919 100644
--- a/tests/lib/test_oauth_util.py
+++ b/tests/lib/test_oauth_util.py
@@ -6,15 +6,6 @@
 import pytest
 from fastapi.security import SecurityScopes
 
-from fides.api.api.v1.scope_registry import (
-    DATASET_CREATE_OR_UPDATE,
-    PRIVACY_REQUEST_READ,
-    PRIVACY_REQUEST_REVIEW,
-    SCOPE_REGISTRY,
-    USER_DELETE,
-    USER_PERMISSION_READ,
-    USER_READ,
-)
 from fides.api.common_exceptions import AuthorizationError
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -43,7 +34,16 @@
     is_token_expired,
     verify_oauth_client,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    DATASET_CREATE_OR_UPDATE,
+    PRIVACY_REQUEST_READ,
+    PRIVACY_REQUEST_REVIEW,
+    SCOPE_REGISTRY,
+    USER_DELETE,
+    USER_PERMISSION_READ,
+    USER_READ,
+)
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/lib/test_session.py b/tests/lib/test_session.py
index 1fb802adf1..8d74f94cb5 100644
--- a/tests/lib/test_session.py
+++ b/tests/lib/test_session.py
@@ -1,7 +1,7 @@
 import pytest
 
 from fides.api.db import session
-from fides.core.config import get_config
+from fides.config import get_config
 
 
 class TestGetDbEngine:
diff --git a/tests/lib/test_system_oauth_util.py b/tests/lib/test_system_oauth_util.py
index c221714583..c55672e02b 100644
--- a/tests/lib/test_system_oauth_util.py
+++ b/tests/lib/test_system_oauth_util.py
@@ -5,7 +5,6 @@
 from fastapi.security import SecurityScopes
 from fideslang.models import System as SystemSchema
 
-from fides.api.api.v1.scope_registry import POLICY_CREATE_OR_UPDATE, SYSTEM_UPDATE
 from fides.api.common_exceptions import AuthorizationError
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -24,7 +23,8 @@
     get_system_schema,
     verify_oauth_client_for_system_from_request_body,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import POLICY_CREATE_OR_UPDATE, SYSTEM_UPDATE
+from fides.config import CONFIG
 
 
 class TestHasSystemPermissions:
diff --git a/tests/ops/api/test_deps.py b/tests/ops/api/test_deps.py
index 67d0c5d093..b65cbb421c 100644
--- a/tests/ops/api/test_deps.py
+++ b/tests/ops/api/test_deps.py
@@ -8,7 +8,7 @@
 import fides.api.api.deps
 from fides.api.api.deps import get_api_session, get_cache
 from fides.api.common_exceptions import FunctionalityNotConfigured
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/ops/api/test_ratelimit.py b/tests/ops/api/test_ratelimit.py
index 04a86627f9..b4988cd2b2 100644
--- a/tests/ops/api/test_ratelimit.py
+++ b/tests/ops/api/test_ratelimit.py
@@ -7,7 +7,7 @@
 
 from fides.api.api.v1.urn_registry import HEALTH
 from fides.api.main import app
-from fides.core.config import CONFIG, SecuritySettings
+from fides.config import CONFIG, SecuritySettings
 
 LIMIT = 2
 
diff --git a/tests/ops/api/v1/endpoints/test_config_endpoints.py b/tests/ops/api/v1/endpoints/test_config_endpoints.py
index be3f1451fd..546f2c5b06 100644
--- a/tests/ops/api/v1/endpoints/test_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_config_endpoints.py
@@ -6,11 +6,11 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.oauth.roles import CONTRIBUTOR, OWNER, VIEWER
 from fides.api.schemas.storage.storage import StorageType
+from fides.common.api import scope_registry as scopes
 
 
 class TestPatchApplicationConfig:
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index f7c742b661..f9cbd3cd81 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -10,12 +10,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_CREATE_OR_UPDATE,
-    CONNECTION_DELETE,
-    CONNECTION_READ,
-    STORAGE_DELETE,
-)
 from fides.api.api.v1.urn_registry import CONNECTIONS, SAAS_CONFIG, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
 from fides.api.models.connectionconfig import (
@@ -28,6 +22,12 @@
 from fides.api.models.privacy_request import PrivacyRequestStatus
 from fides.api.models.sql_models import Dataset
 from fides.api.oauth.roles import APPROVER, OWNER, VIEWER
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_DELETE,
+    CONNECTION_READ,
+    STORAGE_DELETE,
+)
 from tests.fixtures.application_fixtures import integration_secrets
 from tests.fixtures.saas.connection_template_fixtures import instantiate_connector
 
diff --git a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
index 86e8e569ef..225d305064 100644
--- a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
@@ -4,11 +4,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_READ,
-    CONNECTION_TYPE_READ,
-    SAAS_CONNECTION_INSTANTIATE,
-)
 from fides.api.api.v1.urn_registry import (
     CONNECTION_TYPE_SECRETS,
     CONNECTION_TYPES,
@@ -27,6 +22,11 @@
 from fides.api.service.connectors.saas.connector_registry_service import (
     ConnectorRegistry,
 )
+from fides.common.api.scope_registry import (
+    CONNECTION_READ,
+    CONNECTION_TYPE_READ,
+    SAAS_CONNECTION_INSTANTIATE,
+)
 
 
 class TestGetConnections:
diff --git a/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py b/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
index e32866d12b..e47cb9d5f8 100644
--- a/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
@@ -8,7 +8,6 @@
 import pytest
 from requests import Session
 
-from fides.api.api.v1.scope_registry import CONNECTION_READ, CONSENT_READ
 from fides.api.api.v1.urn_registry import (
     CONSENT_REQUEST,
     CONSENT_REQUEST_PREFERENCES,
@@ -25,7 +24,8 @@
 )
 from fides.api.schemas.messaging.messaging import MessagingServiceType
 from fides.api.util.consent_util import get_fides_user_device_id_provided_identity
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import CONNECTION_READ, CONSENT_READ
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/ops/api/v1/endpoints/test_dataset_endpoints.py b/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
index 2348a1d374..3d20bb331f 100644
--- a/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
@@ -14,26 +14,24 @@
 from sqlalchemy.orm.attributes import flag_modified
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CTL_DATASET_READ,
-    DATASET_CREATE_OR_UPDATE,
-    DATASET_DELETE,
-    DATASET_READ,
-    CTL_DATASET_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CONNECTION_DATASETS,
     DATASET_BY_KEY,
     DATASET_CONFIGS,
     DATASET_VALIDATE,
     DATASETCONFIG_BY_KEY,
-    CONNECTION_DATASETS,
+    DATASETS,
     V1_URL_PREFIX,
     YAML_DATASETS,
-    DATASETS,
 )
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.datasetconfig import DatasetConfig
+from fides.common.api.scope_registry import (
+    CTL_DATASET_READ,
+    DATASET_CREATE_OR_UPDATE,
+    DATASET_DELETE,
+    DATASET_READ,
+)
 
 
 def _reject_key(dict: Dict, key: str) -> Dict:
diff --git a/tests/ops/api/v1/endpoints/test_drp_endpoints.py b/tests/ops/api/v1/endpoints/test_drp_endpoints.py
index 30dec65388..c25afe982e 100644
--- a/tests/ops/api/v1/endpoints/test_drp_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_drp_endpoints.py
@@ -8,12 +8,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    POLICY_READ,
-    PRIVACY_REQUEST_READ,
-    PRIVACY_REQUEST_REVIEW,
-    STORAGE_CREATE_OR_UPDATE,
-)
 from fides.api.api.v1.urn_registry import (
     DRP_DATA_RIGHTS,
     DRP_EXERCISE,
@@ -30,7 +24,13 @@
 )
 from fides.api.schemas.privacy_request import PrivacyRequestDRPStatus
 from fides.api.util.cache import get_drp_request_body_cache_key, get_identity_cache_key
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    POLICY_READ,
+    PRIVACY_REQUEST_READ,
+    PRIVACY_REQUEST_REVIEW,
+    STORAGE_CREATE_OR_UPDATE,
+)
+from fides.config import CONFIG
 
 
 class TestCreateDrpPrivacyRequest:
diff --git a/tests/ops/api/v1/endpoints/test_encryption_endpoints.py b/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
index 84f4a6ac1f..6593cf007a 100644
--- a/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
@@ -5,7 +5,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import ENCRYPTION_EXEC, STORAGE_CREATE_OR_UPDATE
 from fides.api.api.v1.urn_registry import (
     DECRYPT_AES,
     ENCRYPT_AES,
@@ -17,7 +16,8 @@
     decrypt,
     encrypt_verify_secret_length,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import ENCRYPTION_EXEC, STORAGE_CREATE_OR_UPDATE
+from fides.config import CONFIG
 
 
 class TestGetEncryptionKey:
diff --git a/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py b/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
index fd15ef4743..75f853486c 100644
--- a/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
@@ -3,7 +3,7 @@
 
 from fides.api.api.v1.urn_registry import ID_VERIFICATION_CONFIG, V1_URL_PREFIX
 from fides.api.models.application_config import ApplicationConfig
-from fides.core.config import get_config
+from fides.config import get_config
 
 
 class TestGetIdentityVerificationConfig:
diff --git a/tests/ops/api/v1/endpoints/test_manual_webhooks.py b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
index 7db2126e80..2b219cb128 100644
--- a/tests/ops/api/v1/endpoints/test_manual_webhooks.py
+++ b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
@@ -2,13 +2,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_READ,
-    STORAGE_READ,
-    WEBHOOK_CREATE_OR_UPDATE,
-    WEBHOOK_DELETE,
-    WEBHOOK_READ,
-)
 from fides.api.api.v1.urn_registry import (
     ACCESS_MANUAL_WEBHOOK,
     ACCESS_MANUAL_WEBHOOKS,
@@ -16,6 +9,13 @@
     V1_URL_PREFIX,
 )
 from fides.api.models.manual_webhook import AccessManualWebhook
+from fides.common.api.scope_registry import (
+    CONNECTION_READ,
+    STORAGE_READ,
+    WEBHOOK_CREATE_OR_UPDATE,
+    WEBHOOK_DELETE,
+    WEBHOOK_READ,
+)
 
 
 class TestGetAccessManualWebhook:
diff --git a/tests/ops/api/v1/endpoints/test_masking_endpoints.py b/tests/ops/api/v1/endpoints/test_masking_endpoints.py
index f0719c6370..aff4a6f987 100644
--- a/tests/ops/api/v1/endpoints/test_masking_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_masking_endpoints.py
@@ -2,7 +2,6 @@
 
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import MASKING_EXEC, MASKING_READ
 from fides.api.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 from fides.api.schemas.masking.masking_api import MaskingAPIResponse
 from fides.api.schemas.masking.masking_configuration import (
@@ -23,6 +22,7 @@
 from fides.api.service.masking.strategy.masking_strategy_string_rewrite import (
     StringRewriteMaskingStrategy,
 )
+from fides.common.api.scope_registry import MASKING_EXEC, MASKING_READ
 
 
 class TestGetMaskingStrategies:
diff --git a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
index 7fa2869383..15bd4f6fb2 100644
--- a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
@@ -7,11 +7,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    MESSAGING_CREATE_OR_UPDATE,
-    MESSAGING_DELETE,
-    MESSAGING_READ,
-)
 from fides.api.api.v1.urn_registry import (
     MESSAGING_ACTIVE_DEFAULT,
     MESSAGING_BY_KEY,
@@ -34,7 +29,12 @@
     MessagingServiceSecrets,
     MessagingServiceType,
 )
-from fides.core.config import get_config
+from fides.common.api.scope_registry import (
+    MESSAGING_CREATE_OR_UPDATE,
+    MESSAGING_DELETE,
+    MESSAGING_READ,
+)
+from fides.config import get_config
 
 PAGE_SIZE = Params().size
 CONFIG = get_config()
diff --git a/tests/ops/api/v1/endpoints/test_oauth_endpoints.py b/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
index 17f9079359..5b0583010e 100644
--- a/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
@@ -6,15 +6,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CLIENT_CREATE,
-    CLIENT_DELETE,
-    CLIENT_READ,
-    CLIENT_UPDATE,
-    SCOPE_READ,
-    SCOPE_REGISTRY,
-    STORAGE_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CLIENT,
     CLIENT_BY_ID,
@@ -37,7 +28,16 @@
 from fides.api.oauth.jwt import generate_jwe
 from fides.api.oauth.roles import OWNER
 from fides.api.oauth.utils import extract_payload
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    CLIENT_CREATE,
+    CLIENT_DELETE,
+    CLIENT_READ,
+    CLIENT_UPDATE,
+    SCOPE_READ,
+    SCOPE_REGISTRY,
+    STORAGE_READ,
+)
+from fides.config import CONFIG
 
 
 class TestCreateClient:
diff --git a/tests/ops/api/v1/endpoints/test_policy_endpoints.py b/tests/ops/api/v1/endpoints/test_policy_endpoints.py
index b14e81be65..a9c3830a8c 100644
--- a/tests/ops/api/v1/endpoints/test_policy_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_policy_endpoints.py
@@ -5,7 +5,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1.urn_registry import POLICY_DETAIL as POLICY_DETAIL_URI
 from fides.api.api.v1.urn_registry import POLICY_LIST as POLICY_CREATE_URI
 from fides.api.api.v1.urn_registry import RULE_DETAIL as RULE_DETAIL_URI
@@ -21,6 +20,7 @@
     NullMaskingStrategy,
 )
 from fides.api.util.data_category import DataCategory, generate_fides_data_categories
+from fides.common.api import scope_registry as scopes
 
 
 class TestGetPolicies:
diff --git a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
index f53857297e..c7faf2ebe8 100644
--- a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
@@ -3,12 +3,6 @@
 
 import pytest
 
-from fides.api.api.v1.scope_registry import (
-    POLICY_READ,
-    WEBHOOK_CREATE_OR_UPDATE,
-    WEBHOOK_DELETE,
-    WEBHOOK_READ,
-)
 from fides.api.api.v1.urn_registry import (
     POLICY_POST_WEBHOOK_DETAIL,
     POLICY_PRE_WEBHOOK_DETAIL,
@@ -18,6 +12,12 @@
 )
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.policy import PolicyPostWebhook, PolicyPreWebhook
+from fides.common.api.scope_registry import (
+    POLICY_READ,
+    WEBHOOK_CREATE_OR_UPDATE,
+    WEBHOOK_DELETE,
+    WEBHOOK_READ,
+)
 from tests.ops.api.v1.endpoints.test_privacy_request_endpoints import stringify_date
 
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
index 5ea07046cb..4feb6ebc94 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
@@ -4,7 +4,6 @@
 from starlette.status import HTTP_200_OK, HTTP_201_CREATED, HTTP_403_FORBIDDEN
 from starlette.testclient import TestClient
 
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1.endpoints.privacy_experience_config_endpoints import (
     get_experience_config_or_error,
 )
@@ -16,6 +15,7 @@
     PrivacyExperienceConfig,
 )
 from fides.api.models.privacy_notice import PrivacyNoticeRegion
+from fides.common.api import scope_registry as scopes
 
 
 class TestGetExperienceConfigList:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 18261039d3..4815798aa9 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -8,7 +8,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1 import scope_registry as scopes
 from fides.api.api.v1.urn_registry import (
     PRIVACY_NOTICE,
     PRIVACY_NOTICE_BY_DATA_USE,
@@ -24,6 +23,7 @@
     PrivacyNoticeRegion,
 )
 from fides.api.schemas.privacy_notice import PrivacyNoticeResponse
+from fides.common.api import scope_registry as scopes
 
 
 class TestGetPrivacyNotices:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
index d670e9df62..3faf6fba11 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
@@ -7,11 +7,6 @@
 from starlette.status import HTTP_200_OK, HTTP_403_FORBIDDEN
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONSENT_READ,
-    CURRENT_PRIVACY_PREFERENCE_READ,
-    PRIVACY_PREFERENCE_HISTORY_READ,
-)
 from fides.api.api.v1.urn_registry import (
     CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
@@ -34,7 +29,12 @@
     ProvidedIdentity,
 )
 from fides.api.schemas.privacy_notice import PrivacyNoticeHistorySchema
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    CONSENT_READ,
+    CURRENT_PRIVACY_PREFERENCE_READ,
+    PRIVACY_PREFERENCE_HISTORY_READ,
+)
+from fides.config import CONFIG
 
 
 class TestSavePrivacyPreferencesPrivacyCenter:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
index 823c36a079..fbe218c008 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
@@ -18,19 +18,6 @@
     EMBEDDED_EXECUTION_LOG_LIMIT,
     validate_manual_input,
 )
-from fides.api.api.v1.scope_registry import (
-    DATASET_CREATE_OR_UPDATE,
-    PRIVACY_REQUEST_CALLBACK_RESUME,
-    PRIVACY_REQUEST_CREATE,
-    PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE,
-    PRIVACY_REQUEST_NOTIFICATIONS_READ,
-    PRIVACY_REQUEST_READ,
-    PRIVACY_REQUEST_REVIEW,
-    PRIVACY_REQUEST_TRANSFER,
-    PRIVACY_REQUEST_UPLOAD_DATA,
-    PRIVACY_REQUEST_VIEW_DATA,
-    STORAGE_CREATE_OR_UPDATE,
-)
 from fides.api.api.v1.urn_registry import (
     CONNECTION_DATASETS,
     PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
@@ -93,7 +80,20 @@
     get_identity_cache_key,
     get_masking_secret_cache_key,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    DATASET_CREATE_OR_UPDATE,
+    PRIVACY_REQUEST_CALLBACK_RESUME,
+    PRIVACY_REQUEST_CREATE,
+    PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE,
+    PRIVACY_REQUEST_NOTIFICATIONS_READ,
+    PRIVACY_REQUEST_READ,
+    PRIVACY_REQUEST_REVIEW,
+    PRIVACY_REQUEST_TRANSFER,
+    PRIVACY_REQUEST_UPLOAD_DATA,
+    PRIVACY_REQUEST_VIEW_DATA,
+    STORAGE_CREATE_OR_UPDATE,
+)
+from fides.config import CONFIG
 
 page_size = Params().size
 
diff --git a/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py b/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
index 34abe3d6f0..a511c6ba5e 100644
--- a/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
@@ -7,14 +7,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CLIENT_READ,
-    CONNECTION_AUTHORIZE,
-    CONNECTOR_TEMPLATE_REGISTER,
-    SAAS_CONFIG_CREATE_OR_UPDATE,
-    SAAS_CONFIG_DELETE,
-    SAAS_CONFIG_READ,
-)
 from fides.api.api.v1.urn_registry import (
     AUTHORIZE,
     REGISTER_CONNECTOR_TEMPLATE,
@@ -27,7 +19,15 @@
     ConnectionConfig,
     ConnectionType,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    CLIENT_READ,
+    CONNECTION_AUTHORIZE,
+    CONNECTOR_TEMPLATE_REGISTER,
+    SAAS_CONFIG_CREATE_OR_UPDATE,
+    SAAS_CONFIG_DELETE,
+    SAAS_CONFIG_READ,
+)
+from fides.config import CONFIG
 from tests.ops.api.v1.endpoints.test_dataset_endpoints import _reject_key
 from tests.ops.test_helpers.saas_test_utils import create_zip_file
 
diff --git a/tests/ops/api/v1/endpoints/test_storage_endpoints.py b/tests/ops/api/v1/endpoints/test_storage_endpoints.py
index 1d20179846..e587393919 100644
--- a/tests/ops/api/v1/endpoints/test_storage_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_storage_endpoints.py
@@ -8,11 +8,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    STORAGE_CREATE_OR_UPDATE,
-    STORAGE_DELETE,
-    STORAGE_READ,
-)
 from fides.api.api.v1.urn_registry import (
     STORAGE_ACTIVE_DEFAULT,
     STORAGE_BY_KEY,
@@ -40,8 +35,13 @@
     StorageSecrets,
     StorageType,
 )
-from fides.core.config import get_config
-from fides.core.config.config_proxy import ConfigProxy
+from fides.common.api.scope_registry import (
+    STORAGE_CREATE_OR_UPDATE,
+    STORAGE_DELETE,
+    STORAGE_READ,
+)
+from fides.config import get_config
+from fides.config.config_proxy import ConfigProxy
 
 PAGE_SIZE = Params().size
 CONFIG = get_config()
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index 27d05a7ffd..d9d81d0dfd 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -11,12 +11,6 @@
 )
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_CREATE_OR_UPDATE,
-    CONNECTION_READ,
-    SAAS_CONNECTION_INSTANTIATE,
-    STORAGE_DELETE,
-)
 from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.models.connectionconfig import (
     AccessLevel,
@@ -24,6 +18,12 @@
     ConnectionType,
 )
 from fides.api.models.datasetconfig import DatasetConfig
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_READ,
+    SAAS_CONNECTION_INSTANTIATE,
+    STORAGE_DELETE,
+)
 
 page_size = Params().size
 
diff --git a/tests/ops/api/v1/endpoints/test_user_endpoints.py b/tests/ops/api/v1/endpoints/test_user_endpoints.py
index 9532356114..d74db97fe9 100644
--- a/tests/ops/api/v1/endpoints/test_user_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_user_endpoints.py
@@ -16,19 +16,6 @@
 )
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    PRIVACY_REQUEST_READ,
-    SCOPE_REGISTRY,
-    STORAGE_READ,
-    SYSTEM_MANAGER_DELETE,
-    SYSTEM_MANAGER_READ,
-    SYSTEM_MANAGER_UPDATE,
-    USER_CREATE,
-    USER_DELETE,
-    USER_PASSWORD_RESET,
-    USER_READ,
-    USER_UPDATE,
-)
 from fides.api.api.v1.urn_registry import (
     LOGIN,
     LOGOUT,
@@ -50,7 +37,20 @@
 from fides.api.oauth.jwt import generate_jwe
 from fides.api.oauth.roles import APPROVER, CONTRIBUTOR, OWNER, VIEWER
 from fides.api.oauth.utils import extract_payload
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    PRIVACY_REQUEST_READ,
+    SCOPE_REGISTRY,
+    STORAGE_READ,
+    SYSTEM_MANAGER_DELETE,
+    SYSTEM_MANAGER_READ,
+    SYSTEM_MANAGER_UPDATE,
+    USER_CREATE,
+    USER_DELETE,
+    USER_PASSWORD_RESET,
+    USER_READ,
+    USER_UPDATE,
+)
+from fides.config import CONFIG
 from tests.conftest import generate_auth_header_for_user
 
 page_size = Params().size
diff --git a/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py b/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
index 45582fb5c7..ab8f41c1ae 100644
--- a/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
@@ -8,15 +8,6 @@
     HTTP_422_UNPROCESSABLE_ENTITY,
 )
 
-from fides.api.api.v1.scope_registry import (
-    PRIVACY_REQUEST_READ,
-    SAAS_CONFIG_READ,
-    SCOPE_REGISTRY,
-    USER_PERMISSION_ASSIGN_OWNERS,
-    USER_PERMISSION_CREATE,
-    USER_PERMISSION_READ,
-    USER_PERMISSION_UPDATE,
-)
 from fides.api.api.v1.urn_registry import USER_PERMISSIONS, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
 from fides.api.models.fides_user import FidesUser
@@ -29,7 +20,16 @@
     VIEWER,
     VIEWER_AND_APPROVER,
 )
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import (
+    PRIVACY_REQUEST_READ,
+    SAAS_CONFIG_READ,
+    SCOPE_REGISTRY,
+    USER_PERMISSION_ASSIGN_OWNERS,
+    USER_PERMISSION_CREATE,
+    USER_PERMISSION_READ,
+    USER_PERMISSION_UPDATE,
+)
+from fides.config import CONFIG
 from tests.conftest import generate_auth_header_for_user, generate_role_header_for_user
 
 
diff --git a/tests/ops/api/v1/test_exception_handlers.py b/tests/ops/api/v1/test_exception_handlers.py
index 42cf70823b..95235fdb70 100644
--- a/tests/ops/api/v1/test_exception_handlers.py
+++ b/tests/ops/api/v1/test_exception_handlers.py
@@ -3,9 +3,9 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import CLIENT_CREATE
 from fides.api.api.v1.urn_registry import HEALTH, PRIVACY_REQUESTS, V1_URL_PREFIX
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import CLIENT_CREATE
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/ops/api/v1/test_middleware.py b/tests/ops/api/v1/test_middleware.py
index fa9390c553..22f6ee010f 100644
--- a/tests/ops/api/v1/test_middleware.py
+++ b/tests/ops/api/v1/test_middleware.py
@@ -6,7 +6,6 @@
 import pytest
 from fastapi_pagination import Params
 
-from fides.api.api.v1.scope_registry import USER_CREATE
 from fides.api.cryptography.cryptographic_util import str_to_b64_str
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -16,7 +15,8 @@
 from fides.api.models.client import ClientDetail
 from fides.api.models.fides_user import FidesUser
 from fides.api.oauth.jwt import generate_jwe
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import USER_CREATE
+from fides.config import CONFIG
 
 # from tests.conftest import generate_auth_header_for_user
 
@@ -28,7 +28,6 @@
 import pytest
 
 from fides.api import middleware as _middleware
-from fides.api.api.v1.scope_registry import USER_CREATE
 from fides.api.cryptography.cryptographic_util import str_to_b64_str
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -36,7 +35,8 @@
     JWE_PAYLOAD_SCOPES,
 )
 from fides.api.oauth.jwt import generate_jwe
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import USER_CREATE
+from fides.config import CONFIG
 
 # from sqlalchemy.exc import SQLAlchemyError
 
diff --git a/tests/ops/graph/test_graph.py b/tests/ops/graph/test_graph.py
index 2894e2a3ec..a83d53627c 100644
--- a/tests/ops/graph/test_graph.py
+++ b/tests/ops/graph/test_graph.py
@@ -5,7 +5,7 @@
 from fides.api.models.policy import ActionType
 from fides.api.task.graph_task import retry
 from fides.api.task.task_resources import TaskResources
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.task.traversal_data import integration_db_graph
 
 t1 = Collection(
diff --git a/tests/ops/integration_tests/saas/connector_runner.py b/tests/ops/integration_tests/saas/connector_runner.py
index 99df47f572..a0cd60a0f8 100644
--- a/tests/ops/integration_tests/saas/connector_runner.py
+++ b/tests/ops/integration_tests/saas/connector_runner.py
@@ -25,7 +25,7 @@
     load_config_with_replacement,
     load_dataset_with_replacement,
 )
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/tests/ops/integration_tests/saas/request_override/test_firebase_auth_task.py b/tests/ops/integration_tests/saas/request_override/test_firebase_auth_task.py
index 6c698cb145..7075ce1779 100644
--- a/tests/ops/integration_tests/saas/request_override/test_firebase_auth_task.py
+++ b/tests/ops/integration_tests/saas/request_override/test_firebase_auth_task.py
@@ -13,7 +13,7 @@
 )
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_adobe_campaign_task.py b/tests/ops/integration_tests/saas/test_adobe_campaign_task.py
index 187bfc881e..341171b28c 100644
--- a/tests/ops/integration_tests/saas/test_adobe_campaign_task.py
+++ b/tests/ops/integration_tests/saas/test_adobe_campaign_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_aircall_task.py b/tests/ops/integration_tests/saas/test_aircall_task.py
index dffd0a678a..1af9862157 100644
--- a/tests/ops/integration_tests/saas/test_aircall_task.py
+++ b/tests/ops/integration_tests/saas/test_aircall_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
 
diff --git a/tests/ops/integration_tests/saas/test_amplitude_task.py b/tests/ops/integration_tests/saas/test_amplitude_task.py
index a42339dd32..4aeb57b91f 100644
--- a/tests/ops/integration_tests/saas/test_amplitude_task.py
+++ b/tests/ops/integration_tests/saas/test_amplitude_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_auth0_task.py b/tests/ops/integration_tests/saas/test_auth0_task.py
index 9abf755178..9371ec31f1 100644
--- a/tests/ops/integration_tests/saas/test_auth0_task.py
+++ b/tests/ops/integration_tests/saas/test_auth0_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.saas.auth0_fixtures import _user_exists
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
diff --git a/tests/ops/integration_tests/saas/test_braintree_task.py b/tests/ops/integration_tests/saas/test_braintree_task.py
index 7fe9748a0d..ed0581d6ff 100644
--- a/tests/ops/integration_tests/saas/test_braintree_task.py
+++ b/tests/ops/integration_tests/saas/test_braintree_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 logger = logging.getLogger(__name__)
diff --git a/tests/ops/integration_tests/saas/test_braze_task.py b/tests/ops/integration_tests/saas/test_braze_task.py
index 3977b94d9d..fd5b621fb3 100644
--- a/tests/ops/integration_tests/saas/test_braze_task.py
+++ b/tests/ops/integration_tests/saas/test_braze_task.py
@@ -10,7 +10,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_delighted_task.py b/tests/ops/integration_tests/saas/test_delighted_task.py
index 76fa130d4c..c4001a6d27 100644
--- a/tests/ops/integration_tests/saas/test_delighted_task.py
+++ b/tests/ops/integration_tests/saas/test_delighted_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
 
diff --git a/tests/ops/integration_tests/saas/test_domo_task.py b/tests/ops/integration_tests/saas/test_domo_task.py
index 1b0a4aead2..8f8cba96f1 100644
--- a/tests/ops/integration_tests/saas/test_domo_task.py
+++ b/tests/ops/integration_tests/saas/test_domo_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_friendbuy_nextgen_task.py b/tests/ops/integration_tests/saas/test_friendbuy_nextgen_task.py
index 8fd4d25106..00d0bcb2bf 100644
--- a/tests/ops/integration_tests/saas/test_friendbuy_nextgen_task.py
+++ b/tests/ops/integration_tests/saas/test_friendbuy_nextgen_task.py
@@ -10,7 +10,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 logger = logging.getLogger(__name__)
diff --git a/tests/ops/integration_tests/saas/test_friendbuy_task.py b/tests/ops/integration_tests/saas/test_friendbuy_task.py
index 12b40b5da5..4c407612ea 100644
--- a/tests/ops/integration_tests/saas/test_friendbuy_task.py
+++ b/tests/ops/integration_tests/saas/test_friendbuy_task.py
@@ -11,7 +11,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 logger = logging.getLogger(__name__)
diff --git a/tests/ops/integration_tests/saas/test_fullstory_task.py b/tests/ops/integration_tests/saas/test_fullstory_task.py
index fc27ecfd89..afcefa0d80 100644
--- a/tests/ops/integration_tests/saas/test_fullstory_task.py
+++ b/tests/ops/integration_tests/saas/test_fullstory_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.saas.fullstory_fixtures import FullstoryTestClient, user_updated
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
diff --git a/tests/ops/integration_tests/saas/test_gorgias_task.py b/tests/ops/integration_tests/saas/test_gorgias_task.py
index fefa8ed61e..0c2f0ba153 100644
--- a/tests/ops/integration_tests/saas/test_gorgias_task.py
+++ b/tests/ops/integration_tests/saas/test_gorgias_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_hubspot_task.py b/tests/ops/integration_tests/saas/test_hubspot_task.py
index 1031f41762..13cb451c20 100644
--- a/tests/ops/integration_tests/saas/test_hubspot_task.py
+++ b/tests/ops/integration_tests/saas/test_hubspot_task.py
@@ -9,7 +9,7 @@
 from fides.api.task import graph_task
 from fides.api.task.filter_results import filter_data_categories
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.saas.hubspot_fixtures import HubspotTestClient, user_exists
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
diff --git a/tests/ops/integration_tests/saas/test_jira_task.py b/tests/ops/integration_tests/saas/test_jira_task.py
index e25c3d2fdc..3f045af9c6 100644
--- a/tests/ops/integration_tests/saas/test_jira_task.py
+++ b/tests/ops/integration_tests/saas/test_jira_task.py
@@ -10,7 +10,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_klaviyo_task.py b/tests/ops/integration_tests/saas/test_klaviyo_task.py
index 615d0638d5..9db999c685 100644
--- a/tests/ops/integration_tests/saas/test_klaviyo_task.py
+++ b/tests/ops/integration_tests/saas/test_klaviyo_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_kustomer_task.py b/tests/ops/integration_tests/saas/test_kustomer_task.py
index 2435953d2f..9a667725b0 100644
--- a/tests/ops/integration_tests/saas/test_kustomer_task.py
+++ b/tests/ops/integration_tests/saas/test_kustomer_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_outreach_task.py b/tests/ops/integration_tests/saas/test_outreach_task.py
index 430751acbb..da4e1e3e48 100644
--- a/tests/ops/integration_tests/saas/test_outreach_task.py
+++ b/tests/ops/integration_tests/saas/test_outreach_task.py
@@ -9,7 +9,7 @@
 from fides.api.task import graph_task
 from fides.api.task.filter_results import filter_data_categories
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_recharge_tasks.py b/tests/ops/integration_tests/saas/test_recharge_tasks.py
index 91a9b1767b..5a5c5f26dd 100644
--- a/tests/ops/integration_tests/saas/test_recharge_tasks.py
+++ b/tests/ops/integration_tests/saas/test_recharge_tasks.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_rollbar_task.py b/tests/ops/integration_tests/saas/test_rollbar_task.py
index 85fa604fd6..aeaec5f3b7 100644
--- a/tests/ops/integration_tests/saas/test_rollbar_task.py
+++ b/tests/ops/integration_tests/saas/test_rollbar_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_salesforce_task.py b/tests/ops/integration_tests/saas/test_salesforce_task.py
index fca96ccd84..57c73a7eb7 100644
--- a/tests/ops/integration_tests/saas/test_salesforce_task.py
+++ b/tests/ops/integration_tests/saas/test_salesforce_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_segment_task.py b/tests/ops/integration_tests/saas/test_segment_task.py
index d63ec6e120..8e7370ee6b 100644
--- a/tests/ops/integration_tests/saas/test_segment_task.py
+++ b/tests/ops/integration_tests/saas/test_segment_task.py
@@ -9,7 +9,7 @@
 from fides.api.task import graph_task
 from fides.api.task.filter_results import filter_data_categories
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_sendgrid_task.py b/tests/ops/integration_tests/saas/test_sendgrid_task.py
index 446f174f76..b39d167506 100644
--- a/tests/ops/integration_tests/saas/test_sendgrid_task.py
+++ b/tests/ops/integration_tests/saas/test_sendgrid_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.saas.sendgrid_fixtures import contact_exists
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
diff --git a/tests/ops/integration_tests/saas/test_shippo_task.py b/tests/ops/integration_tests/saas/test_shippo_task.py
index d7db51623a..0be41c675c 100644
--- a/tests/ops/integration_tests/saas/test_shippo_task.py
+++ b/tests/ops/integration_tests/saas/test_shippo_task.py
@@ -7,7 +7,7 @@
 from fides.api.schemas.redis_cache import Identity
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_shopify_task.py b/tests/ops/integration_tests/saas/test_shopify_task.py
index ff3549de3d..9738a8046e 100644
--- a/tests/ops/integration_tests/saas/test_shopify_task.py
+++ b/tests/ops/integration_tests/saas/test_shopify_task.py
@@ -10,7 +10,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_slack_enterprise_task.py b/tests/ops/integration_tests/saas/test_slack_enterprise_task.py
index 29e99a853e..e367d498f4 100644
--- a/tests/ops/integration_tests/saas/test_slack_enterprise_task.py
+++ b/tests/ops/integration_tests/saas/test_slack_enterprise_task.py
@@ -7,7 +7,7 @@
 from fides.api.schemas.redis_cache import Identity
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.dataset_utils import update_dataset
 
diff --git a/tests/ops/integration_tests/saas/test_square_task.py b/tests/ops/integration_tests/saas/test_square_task.py
index 871a952af2..3c2ec67ceb 100644
--- a/tests/ops/integration_tests/saas/test_square_task.py
+++ b/tests/ops/integration_tests/saas/test_square_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_stripe_task.py b/tests/ops/integration_tests/saas/test_stripe_task.py
index f23bb43105..1897a3c658 100644
--- a/tests/ops/integration_tests/saas/test_stripe_task.py
+++ b/tests/ops/integration_tests/saas/test_stripe_task.py
@@ -11,7 +11,7 @@
 from fides.api.task import graph_task
 from fides.api.task.filter_results import filter_data_categories
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_twilio_conversations_task.py b/tests/ops/integration_tests/saas/test_twilio_conversations_task.py
index 7ec584553d..7250e1631a 100644
--- a/tests/ops/integration_tests/saas/test_twilio_conversations_task.py
+++ b/tests/ops/integration_tests/saas/test_twilio_conversations_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 
diff --git a/tests/ops/integration_tests/saas/test_unbounce_task.py b/tests/ops/integration_tests/saas/test_unbounce_task.py
index 97b7026ce9..fa54535f79 100644
--- a/tests/ops/integration_tests/saas/test_unbounce_task.py
+++ b/tests/ops/integration_tests/saas/test_unbounce_task.py
@@ -8,7 +8,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_vend_task.py b/tests/ops/integration_tests/saas/test_vend_task.py
index 806081e4d8..8e60831c22 100644
--- a/tests/ops/integration_tests/saas/test_vend_task.py
+++ b/tests/ops/integration_tests/saas/test_vend_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/saas/test_yotpo_loyalty_task.py b/tests/ops/integration_tests/saas/test_yotpo_loyalty_task.py
index 4a6490fc71..32a4c984b9 100644
--- a/tests/ops/integration_tests/saas/test_yotpo_loyalty_task.py
+++ b/tests/ops/integration_tests/saas/test_yotpo_loyalty_task.py
@@ -9,7 +9,7 @@
 from fides.api.service.connectors import get_connector
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 from tests.ops.test_helpers.saas_test_utils import poll_for_existence
 
diff --git a/tests/ops/integration_tests/setup_scripts/mariadb_setup.py b/tests/ops/integration_tests/setup_scripts/mariadb_setup.py
index c882b30123..873c31f65a 100644
--- a/tests/ops/integration_tests/setup_scripts/mariadb_setup.py
+++ b/tests/ops/integration_tests/setup_scripts/mariadb_setup.py
@@ -11,7 +11,7 @@
     ConnectionType,
 )
 from fides.api.service.connectors.sql_connector import MariaDBConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 integration_config = load_toml("tests/ops/integration_test_config.toml")
 
diff --git a/tests/ops/integration_tests/setup_scripts/postgres_setup.py b/tests/ops/integration_tests/setup_scripts/postgres_setup.py
index 07526a41f2..73132a6aad 100644
--- a/tests/ops/integration_tests/setup_scripts/postgres_setup.py
+++ b/tests/ops/integration_tests/setup_scripts/postgres_setup.py
@@ -13,7 +13,7 @@
     ConnectionType,
 )
 from fides.api.service.connectors.sql_connector import PostgreSQLConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 integration_config = load_toml("tests/ops/integration_test_config.toml")
 
diff --git a/tests/ops/integration_tests/setup_scripts/timescale_setup.py b/tests/ops/integration_tests/setup_scripts/timescale_setup.py
index c5d4072d8c..24dfbe444a 100644
--- a/tests/ops/integration_tests/setup_scripts/timescale_setup.py
+++ b/tests/ops/integration_tests/setup_scripts/timescale_setup.py
@@ -13,7 +13,7 @@
     ConnectionType,
 )
 from fides.api.service.connectors import TimescaleConnector
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 integration_config = load_toml("tests/ops/integration_test_config.toml")
 
diff --git a/tests/ops/integration_tests/test_connection_configuration_integration.py b/tests/ops/integration_tests/test_connection_configuration_integration.py
index 8fce28b5be..e7da2f0c56 100644
--- a/tests/ops/integration_tests/test_connection_configuration_integration.py
+++ b/tests/ops/integration_tests/test_connection_configuration_integration.py
@@ -6,11 +6,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import (
-    CONNECTION_CREATE_OR_UPDATE,
-    CONNECTION_READ,
-    STORAGE_READ,
-)
 from fides.api.api.v1.urn_registry import CONNECTIONS, V1_URL_PREFIX
 from fides.api.common_exceptions import ConnectionException
 from fides.api.models.client import ClientDetail
@@ -27,6 +22,11 @@
     MicrosoftSQLServerConnector,
     MySQLConnector,
 )
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_READ,
+    STORAGE_READ,
+)
 
 
 @pytest.mark.integration_postgres
diff --git a/tests/ops/integration_tests/test_execution.py b/tests/ops/integration_tests/test_execution.py
index 82a6421619..73530d2443 100644
--- a/tests/ops/integration_tests/test_execution.py
+++ b/tests/ops/integration_tests/test_execution.py
@@ -23,7 +23,7 @@
 )
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.application_fixtures import integration_secrets
 
 from ..service.privacy_request.test_request_runner_service import (
diff --git a/tests/ops/integration_tests/test_integration_erasure_order.py b/tests/ops/integration_tests/test_integration_erasure_order.py
index 16f1e4f664..1a80a303eb 100644
--- a/tests/ops/integration_tests/test_integration_erasure_order.py
+++ b/tests/ops/integration_tests/test_integration_erasure_order.py
@@ -19,7 +19,7 @@
 from fides.api.task import graph_task
 from fides.api.task.graph_task import get_cached_data_for_erasures
 from fides.api.util.collection_util import Row
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.ops.graph.graph_test_util import assert_rows_match
 
 CONFIG = get_config()
diff --git a/tests/ops/integration_tests/test_manual_task.py b/tests/ops/integration_tests/test_manual_task.py
index a3fb94d911..c7f2c3e811 100644
--- a/tests/ops/integration_tests/test_manual_task.py
+++ b/tests/ops/integration_tests/test_manual_task.py
@@ -11,7 +11,7 @@
     PrivacyRequest,
 )
 from fides.api.task import graph_task
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from ..graph.graph_test_util import assert_rows_match
 from ..task.traversal_data import postgres_and_manual_nodes
diff --git a/tests/ops/integration_tests/test_sql_task.py b/tests/ops/integration_tests/test_sql_task.py
index 457ead084d..d0935690c0 100644
--- a/tests/ops/integration_tests/test_sql_task.py
+++ b/tests/ops/integration_tests/test_sql_task.py
@@ -26,7 +26,7 @@
 from fides.api.task import graph_task
 from fides.api.task.filter_results import filter_data_categories
 from fides.api.task.graph_task import get_cached_data_for_erasures
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 from ..graph.graph_test_util import (
     assert_rows_match,
diff --git a/tests/ops/models/test_application_config.py b/tests/ops/models/test_application_config.py
index d66f165204..b75de22185 100644
--- a/tests/ops/models/test_application_config.py
+++ b/tests/ops/models/test_application_config.py
@@ -5,8 +5,8 @@
 from sqlalchemy.orm import Session
 
 from fides.api.models.application_config import ApplicationConfig
-from fides.core.config import get_config
-from fides.core.config.config_proxy import ConfigProxy
+from fides.config import get_config
+from fides.config.config_proxy import ConfigProxy
 
 CONFIG = get_config()
 
diff --git a/tests/ops/models/test_client.py b/tests/ops/models/test_client.py
index a5caae8605..f7bfd3cd02 100644
--- a/tests/ops/models/test_client.py
+++ b/tests/ops/models/test_client.py
@@ -1,9 +1,9 @@
 from sqlalchemy.orm import Session
 
-from fides.api.api.v1.scope_registry import SCOPE_REGISTRY
 from fides.api.cryptography.cryptographic_util import hash_with_salt
 from fides.api.models.client import ClientDetail
-from fides.core.config import CONFIG
+from fides.common.api.scope_registry import SCOPE_REGISTRY
+from fides.config import CONFIG
 
 
 class TestClientModel:
diff --git a/tests/ops/models/test_privacy_request.py b/tests/ops/models/test_privacy_request.py
index ffbae3abc4..9cc2680e7b 100644
--- a/tests/ops/models/test_privacy_request.py
+++ b/tests/ops/models/test_privacy_request.py
@@ -29,7 +29,7 @@
 from fides.api.service.connectors.manual_connector import ManualAction
 from fides.api.util.cache import FidesopsRedis, get_identity_cache_key
 from fides.api.util.constants import API_DATE_FORMAT
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 paused_location = CollectionAddress("test_dataset", "test_collection")
 
diff --git a/tests/ops/schemas/test_user_permission.py b/tests/ops/schemas/test_user_permission.py
index a76d760b75..de8862d0c7 100644
--- a/tests/ops/schemas/test_user_permission.py
+++ b/tests/ops/schemas/test_user_permission.py
@@ -3,9 +3,9 @@
 from pydantic import ValidationError
 from starlette.status import HTTP_422_UNPROCESSABLE_ENTITY
 
-from fides.api.api.v1.scope_registry import USER_DELETE, USER_PERMISSION_CREATE
 from fides.api.oauth.roles import OWNER
 from fides.api.schemas.user_permission import UserPermissionsCreate
+from fides.common.api.scope_registry import USER_DELETE, USER_PERMISSION_CREATE
 
 
 class TestUserPermissionsCreate:
diff --git a/tests/ops/service/connectors/test_connector_registry_service.py b/tests/ops/service/connectors/test_connector_registry_service.py
index ea967328fc..5818163f0b 100644
--- a/tests/ops/service/connectors/test_connector_registry_service.py
+++ b/tests/ops/service/connectors/test_connector_registry_service.py
@@ -19,7 +19,7 @@
     replace_config_placeholders,
     replace_dataset_placeholders,
 )
-from fides.core.config.helpers import load_file
+from fides.config.helpers import load_file
 
 NEW_CONFIG_DESCRIPTION = "new test config description"
 NEW_DATASET_DESCRIPTION = "new test dataset description"
diff --git a/tests/ops/service/connectors/test_connector_template_loaders.py b/tests/ops/service/connectors/test_connector_template_loaders.py
index e51a526854..7caf2486ab 100644
--- a/tests/ops/service/connectors/test_connector_template_loaders.py
+++ b/tests/ops/service/connectors/test_connector_template_loaders.py
@@ -28,7 +28,7 @@
     load_yaml_as_string,
     replace_version,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.test_helpers.saas_test_utils import create_zip_file
 
 
diff --git a/tests/ops/service/connectors/test_saas_queryconfig.py b/tests/ops/service/connectors/test_saas_queryconfig.py
index 68421417b1..c51d3f6992 100644
--- a/tests/ops/service/connectors/test_saas_queryconfig.py
+++ b/tests/ops/service/connectors/test_saas_queryconfig.py
@@ -14,7 +14,7 @@
 from fides.api.schemas.saas.saas_config import ParamValue, SaaSConfig, SaaSRequest
 from fides.api.schemas.saas.shared_schemas import HTTPMethod, SaaSRequestParams
 from fides.api.service.connectors.saas_query_config import SaaSQueryConfig
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.ops.graph.graph_test_util import generate_node
 
 privacy_request = PrivacyRequest(id="234544")
diff --git a/tests/ops/service/messaging/message_dispatch_service_test.py b/tests/ops/service/messaging/message_dispatch_service_test.py
index 9124923c33..fe37f6d8bf 100644
--- a/tests/ops/service/messaging/message_dispatch_service_test.py
+++ b/tests/ops/service/messaging/message_dispatch_service_test.py
@@ -37,7 +37,7 @@
     _twilio_sms_dispatcher,
     dispatch_message,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/ops/service/privacy_request/test_email_batch_send.py b/tests/ops/service/privacy_request/test_email_batch_send.py
index 5078739fc0..ee1999234e 100644
--- a/tests/ops/service/privacy_request/test_email_batch_send.py
+++ b/tests/ops/service/privacy_request/test_email_batch_send.py
@@ -23,7 +23,7 @@
     send_email_batch,
 )
 from fides.api.util.cache import get_all_cache_keys_for_privacy_request, get_cache
-from fides.core.config import get_config
+from fides.config import get_config
 from tests.fixtures.application_fixtures import (
     _create_privacy_request_for_policy,
     privacy_preference_history_us_ca_provide,
diff --git a/tests/ops/service/privacy_request/test_request_runner_service.py b/tests/ops/service/privacy_request/test_request_runner_service.py
index ea7f29736f..ce6ff99211 100644
--- a/tests/ops/service/privacy_request/test_request_runner_service.py
+++ b/tests/ops/service/privacy_request/test_request_runner_service.py
@@ -60,7 +60,7 @@
     run_webhooks_and_report_status,
 )
 from fides.api.util.data_category import DataCategory
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 PRIVACY_REQUEST_TASK_TIMEOUT = 5
 # External services take much longer to return
diff --git a/tests/ops/service/privacy_request/test_request_service.py b/tests/ops/service/privacy_request/test_request_service.py
index 40297ac278..c6000b60c4 100644
--- a/tests/ops/service/privacy_request/test_request_service.py
+++ b/tests/ops/service/privacy_request/test_request_service.py
@@ -11,7 +11,7 @@
     build_required_privacy_request_kwargs,
     poll_server_for_completion,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 @pytest.fixture
diff --git a/tests/ops/service/test_storage_uploader_service.py b/tests/ops/service/test_storage_uploader_service.py
index 2344761833..82298a4bf6 100644
--- a/tests/ops/service/test_storage_uploader_service.py
+++ b/tests/ops/service/test_storage_uploader_service.py
@@ -32,7 +32,7 @@
 from fides.api.util.encryption.aes_gcm_encryption_scheme import (
     decrypt_combined_nonce_and_message,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 @mock.patch("fides.api.service.storage.storage_uploader_service.upload_to_s3")
diff --git a/tests/ops/tasks/test_celery.py b/tests/ops/tasks/test_celery.py
index 53aef44348..3e3ec81006 100644
--- a/tests/ops/tasks/test_celery.py
+++ b/tests/ops/tasks/test_celery.py
@@ -5,7 +5,7 @@
 from sqlalchemy.pool import QueuePool
 
 from fides.api.tasks import DatabaseTask, _create_celery
-from fides.core.config import CONFIG, get_config
+from fides.config import CONFIG, get_config
 
 
 @pytest.fixture
diff --git a/tests/ops/tasks/test_scheduled.py b/tests/ops/tasks/test_scheduled.py
index 6b41e867d2..9f85ab8f2c 100644
--- a/tests/ops/tasks/test_scheduled.py
+++ b/tests/ops/tasks/test_scheduled.py
@@ -11,7 +11,7 @@
     initiate_paused_privacy_request_followup,
 )
 from fides.api.tasks.scheduled.scheduler import scheduler
-from fides.core.config import get_config
+from fides.config import get_config
 
 CONFIG = get_config()
 
diff --git a/tests/ops/util/test_api_router.py b/tests/ops/util/test_api_router.py
index eec681462c..ab8d16ec64 100644
--- a/tests/ops/util/test_api_router.py
+++ b/tests/ops/util/test_api_router.py
@@ -2,9 +2,9 @@
 from starlette.status import HTTP_200_OK, HTTP_404_NOT_FOUND
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.scope_registry import PRIVACY_REQUEST_READ
 from fides.api.api.v1.urn_registry import PRIVACY_REQUESTS, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
+from fides.common.api.scope_registry import PRIVACY_REQUEST_READ
 
 
 class TestApiRouter:
diff --git a/tests/ops/util/test_cache.py b/tests/ops/util/test_cache.py
index 51ef6e4d12..9f7384ef96 100644
--- a/tests/ops/util/test_cache.py
+++ b/tests/ops/util/test_cache.py
@@ -14,7 +14,7 @@
     ENCODED_MONGO_OBJECT_ID_PREFIX,
     FidesopsRedis,
 )
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 from tests.fixtures.application_fixtures import faker
 
 
diff --git a/tests/ops/util/test_jwt_util.py b/tests/ops/util/test_jwt_util.py
index ada5542356..9bdcdfec8d 100644
--- a/tests/ops/util/test_jwt_util.py
+++ b/tests/ops/util/test_jwt_util.py
@@ -8,7 +8,7 @@
 )
 from fides.api.oauth.jwt import generate_jwe
 from fides.api.oauth.utils import extract_payload, is_token_expired
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 def test_jwe_create_and_extract() -> None:
diff --git a/tests/ops/util/test_logger.py b/tests/ops/util/test_logger.py
index 5dcb9f045a..3c83a0b04d 100644
--- a/tests/ops/util/test_logger.py
+++ b/tests/ops/util/test_logger.py
@@ -3,7 +3,7 @@
 import pytest
 
 from fides.api.util.logger import MASKED, Pii, _log_exception, _log_warning
-from fides.core.config import CONFIG
+from fides.config import CONFIG
 
 
 @pytest.mark.unit

From 67e8d3c0259909eb6c803bd8f1f8dd71b86555d6 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Wed, 21 Jun 2023 09:51:13 -0400
Subject: [PATCH 13/90] refactor to pull TestData out as shared component

---
 CHANGELOG.md                                  |  1 +
 .../ConnectionGridItem.tsx                    | 29 +---------------
 .../datastore-connections/TestData.tsx        | 33 +++++++++++++++++++
 .../forms/ConnectorParameters.tsx             | 32 ++----------------
 4 files changed, 37 insertions(+), 58 deletions(-)
 create mode 100644 clients/admin-ui/src/features/datastore-connections/TestData.tsx

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 204c352c36..b28ba71a9e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,7 @@ The types of changes are:
 - Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
 - Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
 - HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
+- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view
 
 ### Changed
 
diff --git a/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx b/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
index 7cbc85ee81..56f943947b 100644
--- a/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
@@ -3,7 +3,6 @@ import { formatDate } from "common/utils";
 import React, { useMemo } from "react";
 
 import { useAppSelector } from "~/app/hooks";
-import ConnectedCircle from "~/features/common/ConnectedCircle";
 import { selectConnectionTypeState } from "~/features/connection-type";
 import { ConnectionConfigurationResponse } from "~/types/api";
 
@@ -11,33 +10,7 @@ import ConnectionMenu from "./ConnectionMenu";
 import ConnectionStatusBadge from "./ConnectionStatusBadge";
 import ConnectionTypeLogo from "./ConnectionTypeLogo";
 import { useLazyGetDatastoreConnectionStatusQuery } from "./datastore-connection.slice";
-
-type TestDataProps = {
-  succeeded?: boolean;
-  timestamp: string;
-};
-
-const TestData: React.FC<TestDataProps> = ({ succeeded, timestamp }) => {
-  const date = timestamp ? formatDate(timestamp) : "";
-  const testText = timestamp
-    ? `Last tested on ${date}`
-    : "This connection has not been tested yet";
-
-  return (
-    <>
-      <ConnectedCircle connected={succeeded} />
-      <Text
-        color="gray.500"
-        fontSize="xs"
-        fontWeight="semibold"
-        lineHeight="16px"
-        ml="10px"
-      >
-        {testText}
-      </Text>
-    </>
-  );
-};
+import TestData from "./TestData";
 
 type ConnectionGridItemProps = {
   connectionData: ConnectionConfigurationResponse;
diff --git a/clients/admin-ui/src/features/datastore-connections/TestData.tsx b/clients/admin-ui/src/features/datastore-connections/TestData.tsx
new file mode 100644
index 0000000000..1901e7bcc3
--- /dev/null
+++ b/clients/admin-ui/src/features/datastore-connections/TestData.tsx
@@ -0,0 +1,33 @@
+import { Text } from "@fidesui/react";
+
+import ConnectedCircle from "../common/ConnectedCircle";
+import { formatDate } from "../common/utils";
+
+type TestDataProps = {
+  succeeded?: boolean;
+  timestamp: string;
+};
+
+const TestData: React.FC<TestDataProps> = ({ succeeded, timestamp }) => {
+  const date = timestamp ? formatDate(timestamp) : "";
+  const testText = timestamp
+    ? `Last tested on ${date}`
+    : "This connection has not been tested yet";
+
+  return (
+    <>
+      <ConnectedCircle connected={succeeded} />
+      <Text
+        color="gray.500"
+        fontSize="xs"
+        fontWeight="semibold"
+        lineHeight="16px"
+        ml="10px"
+      >
+        {testText}
+      </Text>
+    </>
+  );
+};
+
+export default TestData;
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 2a29abdd15..50ac8ef9eb 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -1,4 +1,4 @@
-import { Box, Flex, SlideFade, Spacer, Text } from "@fidesui/react";
+import { Box, Flex, SlideFade, Spacer } from "@fidesui/react";
 import { useAPIHelper } from "common/hooks";
 import { useAlert } from "common/hooks/useAlert";
 import { ConnectionTypeSecretSchemaReponse } from "connection-type/types";
@@ -19,8 +19,6 @@ import {
 import { useState } from "react";
 
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
-import ConnectedCircle from "~/features/common/ConnectedCircle";
-import { formatDate } from "~/features/common/utils";
 import { useGetConnectionTypeSecretSchemaQuery } from "~/features/connection-type";
 import { formatKey } from "~/features/datastore-connections/system_portal_config/helpers";
 import TestConnection from "~/features/datastore-connections/system_portal_config/TestConnection";
@@ -39,36 +37,10 @@ import {
   SystemType,
 } from "~/types/api";
 
+import TestData from "../../TestData";
 import { ConnectionConfigFormValues } from "../types";
 import ConnectorParametersForm from "./ConnectorParametersForm";
 
-type TestDataProps = {
-  succeeded?: boolean;
-  timestamp: string;
-};
-
-const TestData: React.FC<TestDataProps> = ({ succeeded, timestamp }) => {
-  const date = timestamp ? formatDate(timestamp) : "";
-  const testText = timestamp
-    ? `Last tested on ${date}`
-    : "This connection has not been tested yet";
-
-  return (
-    <>
-      <ConnectedCircle connected={succeeded} />
-      <Text
-        color="gray.500"
-        fontSize="xs"
-        fontWeight="semibold"
-        lineHeight="16px"
-        ml="10px"
-      >
-        {testText}
-      </Text>
-    </>
-  );
-};
-
 /**
  * Only handles creating saas connectors. The BE handler automatically
  * configures the connector using the saas config and creates the

From f20e2994a6b60c75f41c27d7cbdaf3fb0bfa0382 Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Wed, 21 Jun 2023 08:54:26 -0500
Subject: [PATCH 14/90] Create Consent Privacy Requests when Enforcement is
 System Wide Only (#3626)

For new-style consent, only create PrivacyRequests when there is at least one notice where enforcement == "System wide".
---
 CHANGELOG.md                                  |   2 +-
 .../endpoints/privacy_preference_endpoints.py |  59 +++---
 tests/fixtures/application_fixtures.py        |  17 ++
 .../test_privacy_preference_endpoints.py      | 175 +++++++++++++++++-
 4 files changed, 227 insertions(+), 26 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 195ff1a1a3..df6d0ade2f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,7 +27,7 @@ The types of changes are:
 ### Changed
 
 - Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
-
+- Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
 ### Fixed
 
 - Fix race condition with consent modal link rendering [#3521](https://github.com/ethyca/fides/pull/3521)
diff --git a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
index cdf8344a21..fd2180c13c 100644
--- a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
@@ -34,7 +34,11 @@
 from fides.api.db.seed import DEFAULT_CONSENT_POLICY
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.privacy_experience import PrivacyExperience
-from fides.api.models.privacy_notice import PrivacyNotice, PrivacyNoticeHistory
+from fides.api.models.privacy_notice import (
+    EnforcementLevel,
+    PrivacyNotice,
+    PrivacyNoticeHistory,
+)
 from fides.api.models.privacy_preference import (
     CurrentPrivacyPreference,
     PrivacyPreferenceHistory,
@@ -341,6 +345,7 @@ def _save_privacy_preferences_for_identities(
         fides_user_provided_identity, ProvidedIdentityType.fides_user_device_id
     )
 
+    needs_server_side_propagation: bool = False
     for privacy_preference in request_data.preferences:
         historical_preference: PrivacyPreferenceHistory = PrivacyPreferenceHistory.create(
             db=db,
@@ -377,10 +382,16 @@ def _save_privacy_preferences_for_identities(
         upserted_current_preference: CurrentPrivacyPreference = (
             historical_preference.current_privacy_preference
         )
-
         created_historical_preferences.append(historical_preference)
         upserted_current_preferences.append(upserted_current_preference)
 
+        if (
+            historical_preference.privacy_notice_history.enforcement_level
+            == EnforcementLevel.system_wide
+        ):
+            # At least one privacy notice has expected system wide enforcement
+            needs_server_side_propagation = True
+
     identity = (
         request_data.browser_identity if request_data.browser_identity else Identity()
     )
@@ -392,30 +403,32 @@ def _save_privacy_preferences_for_identities(
             verified_provided_identity.encrypted_value["value"],  # type:ignore[index]
         )
 
-    # Privacy Request needs to be created with respect to the *historical* privacy preferences
-    privacy_request_results: BulkPostPrivacyRequests = create_privacy_request_func(
-        db=db,
-        config_proxy=ConfigProxy(db),
-        data=[
-            PrivacyRequestCreate(
-                identity=identity,
-                policy_key=request_data.policy_key or DEFAULT_CONSENT_POLICY,
+    if needs_server_side_propagation:
+        # Privacy Request needs to be created with respect to the *historical* privacy preferences
+        privacy_request_results: BulkPostPrivacyRequests = create_privacy_request_func(
+            db=db,
+            config_proxy=ConfigProxy(db),
+            data=[
+                PrivacyRequestCreate(
+                    identity=identity,
+                    policy_key=request_data.policy_key or DEFAULT_CONSENT_POLICY,
+                )
+            ],
+            authenticated=True,
+            privacy_preferences=created_historical_preferences,
+        )
+
+        if privacy_request_results.failed or not privacy_request_results.succeeded:
+            raise HTTPException(
+                status_code=HTTP_400_BAD_REQUEST,
+                detail=privacy_request_results.failed[0].message,
             )
-        ],
-        authenticated=True,
-        privacy_preferences=created_historical_preferences,
-    )
 
-    if privacy_request_results.failed or not privacy_request_results.succeeded:
-        raise HTTPException(
-            status_code=HTTP_400_BAD_REQUEST,
-            detail=privacy_request_results.failed[0].message,
-        )
+        if consent_request:
+            # If we have a verified user identity, go ahead and update the associated ConsentRequest for record keeping
+            consent_request.privacy_request_id = privacy_request_results.succeeded[0].id
+            consent_request.save(db=db)
 
-    if consent_request:
-        # If we have a verified user identity, go ahead and update the associated ConsentRequest for record keeping
-        consent_request.privacy_request_id = privacy_request_results.succeeded[0].id
-        consent_request.save(db=db)
     return upserted_current_preferences
 
 
diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
index 720d8f99bf..cfbd9e8004 100644
--- a/tests/fixtures/application_fixtures.py
+++ b/tests/fixtures/application_fixtures.py
@@ -1569,6 +1569,23 @@ def privacy_notice_us_co_provide_service_operations(db: Session) -> Generator:
     yield privacy_notice
 
 
+@pytest.fixture(scope="function")
+def privacy_experience_france_overlay(
+    db: Session, experience_config_overlay
+) -> Generator:
+    privacy_experience = PrivacyExperience.create(
+        db=db,
+        data={
+            "component": ComponentType.overlay,
+            "region": PrivacyNoticeRegion.eu_fr,
+            "experience_config_id": experience_config_overlay.id,
+        },
+    )
+
+    yield privacy_experience
+    privacy_experience.delete(db)
+
+
 @pytest.fixture(scope="function")
 def privacy_notice_eu_fr_provide_service_frontend_only(db: Session) -> Generator:
     privacy_notice = PrivacyNotice.create(
diff --git a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
index 3faf6fba11..3629407023 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
@@ -138,7 +138,9 @@ def test_verify_then_set_privacy_preferences(
         request_body,
         privacy_notice,
     ):
-        """Verify code and then return privacy preferences"""
+        """Verify code, save, and then return privacy preferences
+        Privacy request also queued because a notice has system wide enforcement
+        """
         masked_ip = "12.214.31.0"  # Mocking because hostname for FastAPI TestClient is "testclient"
         mock_anonymize.return_value = masked_ip
 
@@ -194,9 +196,101 @@ def test_verify_then_set_privacy_preferences(
             == PrivacyNoticeHistorySchema.from_orm(privacy_notice.histories[0]).dict()
         )
 
-        privacy_preference_history.delete(db=db)
+        assert privacy_preference_history.privacy_request_id is not None
         assert run_privacy_request_mock.called
 
+        privacy_preference_history.delete(db=db)
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required", "automatically_approved", "system"
+    )
+    @mock.patch(
+        "fides.api.service.privacy_request.request_runner_service.run_privacy_request.delay"
+    )
+    @mock.patch(
+        "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
+    )
+    def test_verify_then_set_privacy_preferences_but_no_privacy_request_created(
+        self,
+        mock_anonymize,
+        run_privacy_request_mock,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        db: Session,
+        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_experience_france_overlay,
+        consent_policy,
+    ):
+        """Verify code, save, and then return privacy preferences
+        Privacy request not queued because no notice has system wide enforcement
+        """
+        masked_ip = "12.214.31.0"  # Mocking because hostname for FastAPI TestClient is "testclient"
+        mock_anonymize.return_value = masked_ip
+
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        response = api_client.post(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY.format(consent_request_id=consent_request.id)}",
+            json={"code": verification_code},
+        )
+        assert response.status_code == 200
+        # Assert no existing privacy preferences exist for this identity
+        assert response.json() == {"items": [], "total": 0, "page": 1, "size": 50}
+
+        request_body = {
+            "browser_identity": {"ga_client_id": "test"},
+            "code": verification_code,
+            "preferences": [
+                {
+                    "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.histories[
+                        0
+                    ].id,
+                    "preference": "opt_out",
+                }
+            ],
+            "policy_key": consent_policy.key,
+            "user_geography": "eu_fr",
+            "privacy_experience_id": privacy_experience_france_overlay.id,
+            "method": "button",
+        }
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 200
+        assert len(response.json()) == 1
+
+        response_json = response.json()[0]
+        created_privacy_preference_history_id = response_json[
+            "privacy_preference_history_id"
+        ]
+        privacy_preference_history = (
+            db.query(PrivacyPreferenceHistory)
+            .filter(
+                PrivacyPreferenceHistory.id == created_privacy_preference_history_id
+            )
+            .first()
+        )
+        assert response_json["preference"] == "opt_out"
+
+        assert (
+            response_json["privacy_notice_history"]
+            == PrivacyNoticeHistorySchema.from_orm(
+                privacy_notice_eu_fr_provide_service_frontend_only.histories[0]
+            ).dict()
+        )
+        db.refresh(consent_request)
+        # No privacy request created here
+        assert not consent_request.privacy_request_id
+
+        # Privacy request not created or queued
+        assert privacy_preference_history.privacy_request_id is None
+        assert not run_privacy_request_mock.called
+
+        privacy_preference_history.delete(db=db)
+
     @pytest.mark.usefixtures(
         "subject_identity_verification_not_required", "automatically_approved"
     )
@@ -1037,8 +1131,12 @@ def test_save_privacy_preferences_bad_experience_id(
     @mock.patch(
         "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
     )
+    @mock.patch(
+        "fides.api.service.privacy_request.request_runner_service.run_privacy_request.delay"
+    )
     def test_save_privacy_preferences_with_respect_to_fides_user_device_id(
         self,
+        run_privacy_request_mock,
         mock_anonymize,
         db,
         api_client,
@@ -1118,6 +1216,79 @@ def test_save_privacy_preferences_with_respect_to_fides_user_device_id(
         assert privacy_preference_history.url_recorded is None
         assert privacy_preference_history.method == ConsentMethod.button
 
+        # Privacy request created and queued because a privacy notice has system wide enforcement
+        assert privacy_preference_history.privacy_request_id is not None
+        assert run_privacy_request_mock.called
+
+        current_preference.delete(db)
+        privacy_preference_history.delete(db)
+
+    @mock.patch(
+        "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
+    )
+    @mock.patch(
+        "fides.api.service.privacy_request.request_runner_service.run_privacy_request.delay"
+    )
+    def test_save_privacy_preferences_for_fides_user_device_id_no_notice_has_system_wide_enforcement(
+        self,
+        run_privacy_request_mock,
+        mock_anonymize,
+        db,
+        api_client,
+        url,
+        consent_policy,
+        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_experience_france_overlay,
+    ):
+        """PrivacyPreferences and CurrentPrivacyPreferences saved for the given fides user device id
+        but no privacy request created to propagate preferences, because all privacy notices
+        have frontend only enforcement
+        """
+        masked_ip = "12.214.31.0"
+        mock_anonymize.return_value = masked_ip
+
+        request_body = {
+            "browser_identity": {
+                "ga_client_id": "test",
+                "fides_user_device_id": "e4e573ba-d806-4e54-bdd8-3d2ff11d4f11",
+            },
+            "preferences": [
+                {
+                    "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.histories[
+                        0
+                    ].id,
+                    "preference": "opt_out",
+                }
+            ],
+            "policy_key": consent_policy.key,
+            "user_geography": "us_ca",
+            "privacy_experience_id": privacy_experience_france_overlay.id,
+            "method": "button",
+        }
+
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 200
+        response_json = response.json()[0]
+        assert response_json["preference"] == "opt_out"
+        assert (
+            response_json["privacy_notice_history"]["id"]
+            == privacy_notice_eu_fr_provide_service_frontend_only.histories[0].id
+        )
+
+        # Fetch current privacy preference that was updated
+        current_preference = CurrentPrivacyPreference.get(
+            db, object_id=response_json["id"]
+        )
+        # Get corresponding historical preference that was just created
+        privacy_preference_history = current_preference.privacy_preference_history
+
+        assert (
+            privacy_preference_history.privacy_request_id is None
+        )  # Privacy request not created
+        assert not run_privacy_request_mock.called  # Privacy Request is not queued
+
         current_preference.delete(db)
         privacy_preference_history.delete(db)
 

From 6e5ba39864ff7847e694b0ebbe05b822412ef5e7 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Wed, 21 Jun 2023 10:02:26 -0400
Subject: [PATCH 15/90] change && syntax to use ternary operator instead

---
 .../system_portal_config/forms/ConnectorParameters.tsx        | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 50ac8ef9eb..8bbf5f5109 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -359,7 +359,7 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
         deleteResult={deleteDatastoreConnectionResult}
       />
 
-      {connectionConfig && (
+      {connectionConfig ? (
         <Flex mt="2" justifyContent="center" alignItems="center">
           <Spacer />
           {response ? (
@@ -375,7 +375,7 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
           )}
           <Spacer />
         </Flex>
-      )}
+      ) : null}
 
       {response && (
         <SlideFade in>

From 139c09e247f369398ef7d65c4aa547d7a0c82945 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Wed, 21 Jun 2023 10:15:50 -0400
Subject: [PATCH 16/90] left-align message and add spacing above

---
 CHANGELOG.md                                                   | 2 +-
 .../system_portal_config/forms/ConnectorParameters.tsx         | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b28ba71a9e..302c9fc2d2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,7 +22,7 @@ The types of changes are:
 - Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
 - Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
 - HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
-- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view
+- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3607](https://github.com/ethyca/fides/issues/3607)
 
 ### Changed
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 8bbf5f5109..8f88decd32 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -360,8 +360,7 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
       />
 
       {connectionConfig ? (
-        <Flex mt="2" justifyContent="center" alignItems="center">
-          <Spacer />
+        <Flex mt="4" justifyContent="between" alignItems="center">
           {response ? (
             <TestData
               succeeded={response.data.test_status === "succeeded"}

From 4c5b9a2e192d68c585e24d44a76958b5f10481ed Mon Sep 17 00:00:00 2001
From: Neville Samuell <neville@ethyca.com>
Date: Wed, 21 Jun 2023 11:28:47 -0400
Subject: [PATCH 17/90] Restrict Privacy Center debug logging to
 development-only (#3638)

---
 CHANGELOG.md                                     | 2 ++
 clients/privacy-center/app/server-environment.ts | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index df6d0ade2f..47b62a8df5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ The types of changes are:
 
 - Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
 - Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
+
 ### Fixed
 
 - Fix race condition with consent modal link rendering [#3521](https://github.com/ethyca/fides/pull/3521)
@@ -39,6 +40,7 @@ The types of changes are:
 - Only create default experience configs on startup, not update [#3605](https://github.com/ethyca/fides/pull/3605)
 - Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
 - Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
+- Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
 
 ### Developer Experience
 
diff --git a/clients/privacy-center/app/server-environment.ts b/clients/privacy-center/app/server-environment.ts
index 1cf1f3b9dc..149425db65 100644
--- a/clients/privacy-center/app/server-environment.ts
+++ b/clients/privacy-center/app/server-environment.ts
@@ -112,7 +112,9 @@ const loadConfigFile = async (
         path = urlString.replace("file:", "");
       }
       const file = await fsPromises.readFile(path || url, "utf-8");
-      console.log(`Loaded configuration file: ${urlString}`);
+      if (process.env.NODE_ENV === "development") {
+        console.log(`Loaded configuration file: ${urlString}`);
+      }
       return file;
     } catch (err: any) {
       // Catch "file not found" errors (ENOENT)
@@ -237,7 +239,9 @@ export const loadPrivacyCenterEnvironment =
       );
     }
     // DEFER: Log a version number here (see https://github.com/ethyca/fides/issues/3171)
-    console.log("Load Privacy Center environment for session...");
+    if (process.env.NODE_ENV === "development") {
+      console.log("Load Privacy Center environment for session...");
+    }
 
     // Load environment variables
     const settings: PrivacyCenterSettings = {

From 1974a9ac1a797c8333ea29ca394790409df43c13 Mon Sep 17 00:00:00 2001
From: Steve Murphy <steven.d.murphy@gmail.com>
Date: Wed, 21 Jun 2023 19:33:42 +0100
Subject: [PATCH 18/90] Update Developer Docs for Silicon Mac Users (#3615)

Co-authored-by: Thomas <ThomasLaPiana@users.noreply.github.com>
---
 CHANGELOG.md                            |  4 +++
 README.md                               | 17 ++++++++++++-
 docs/fides/Dockerfile                   | 15 +++++++++++
 docs/fides/docs/development/overview.md | 34 ++++++++++++++++++++-----
 4 files changed, 63 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47b62a8df5..5b8d847224 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,10 @@ The types of changes are:
 - Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
 - Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
 
+### Docs
+
+- Updated developer docs for ARM platform users related to `pymssql` [#3615](https://github.com/ethyca/fides/pull/3615)
+
 ### Fixed
 
 - Fix race condition with consent modal link rendering [#3521](https://github.com/ethyca/fides/pull/3521)
diff --git a/README.md b/README.md
index 2057257c23..2eeeab1516 100644
--- a/README.md
+++ b/README.md
@@ -22,11 +22,26 @@ Fides (pronounced */fee-dhez/*, from Latin: Fidēs) is an open-source privacy en
 
 In order to get started quickly with Fides, a sample project is bundled within the Fides CLI that will set up a server, privacy center, and a sample application for you to experiment with.
 
-#### Minimum requirements
+#### Minimum requirements (for all platforms)
 
 * [Docker](https://www.docker.com/products/docker-desktop) (version 20.10.11 or later)
 * [Python](https://www.python.org/downloads/) (version 3.8 through 3.10)
 
+#### Additional requirements (for ARM Mac Users)
+
+Due to platform differences, the following dependencies and steps are also required:
+
+```bash
+brew install freetds openssl
+```
+
+**Add the following to your run commands (i.e. `.zshrc`), updating any path/versions to match yours**
+
+```bash
+export LDFLAGS="-L/opt/homebrew/Cellar/freetds/1.3.18/lib -L/opt/homebrew/Cellar/openssl@1.1/1.1.1u/lib"`
+export CFLAGS="-I/opt/homebrew/Cellar/freetds/1.3.18/include"
+```
+
 #### Download and install Fides
 
 You can easily download and install Fides using `pip`. Run the following command to get started:
diff --git a/docs/fides/Dockerfile b/docs/fides/Dockerfile
index ba759e0691..81e8d70665 100644
--- a/docs/fides/Dockerfile
+++ b/docs/fides/Dockerfile
@@ -9,6 +9,21 @@ RUN apt-get update && \
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
+# Install FreeTDS (used for PyMSSQL)
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+    libssl-dev \
+    libffi-dev \
+    libxslt-dev \
+    libkrb5-dev \
+    unixodbc \
+    unixodbc-dev \
+    freetds-dev \
+    freetds-bin \
+    python-dev \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
 RUN python3 -m venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 
diff --git a/docs/fides/docs/development/overview.md b/docs/fides/docs/development/overview.md
index e61b0d4710..9562720a56 100644
--- a/docs/fides/docs/development/overview.md
+++ b/docs/fides/docs/development/overview.md
@@ -14,6 +14,8 @@ git clone https://github.com/ethyca/fides
 
 Once that's complete, there are a few different tools to install for get everything up and running.
 
+---
+
 ## Requirements
 
 The primary requirements for contributing to Fides are `Docker` and `Python`. The download links as well as minimum required versions are provided below
@@ -24,19 +26,39 @@ The primary requirements for contributing to Fides are `Docker` and `Python`. Th
 * __Python (version 3.8 through 3.10)__ - To simplify the installation experience and create a more stable Python installation that can be managed indepently, we recommend installing Python via Anaconda. The installer for Anaconda can be found [here](https://www.anaconda.com/download).
 
 !!! warning
-    _Mac Users_: Although it should function "out of the box", there are some additional configuration steps that should be taken on Apple's ARM silicon (M-series chips, i.e. M1, M2, M2 Max, etc.) to make developing with Docker a smoother experience as well as a few potential bugs:
+    _Mac Users_: Apple's ARM silicon (M-series chips, i.e. M1, M2, M2 Max, etc.) have a few extra requirements to get Fides running
 
-    1. Explicitly set resource allocations in Docker Desktop:
-        * CPUs: 4
-        * Memory:8GB
-        * Disk Limit: 200GB
+### Additional Requirements for Mac Users (ARM-based)
 
-Now that those are installed, the final step is to install the Python dev requirements for the Fides project. We recommend doing this in a virtual environment or using [pipx](https://pypa.github.io/pipx/), but specific details are outside the scope of this guide.
+Install FreeTDS and OpenSSL
+
+```bash
+brew install freetds openssl
+```
+
+Add the following to your run commands (i.e. `.zshrc`), updating any path/versions to match yours
+
+```bash
+export LDFLAGS="-L/opt/homebrew/Cellar/freetds/1.3.18/lib -L/opt/homebrew/Cellar/openssl@1.1/1.1.1u/lib"`
+export CFLAGS="-I/opt/homebrew/Cellar/freetds/1.3.18/include"
+```
+
+### Optional Requirements for Mac Users (ARM-based)
+
+Explicitly set resource allocations in Docker Desktop
+
+* CPUs: 4
+* Memory:8GB
+* Disk Limit: 200GB
+
+Now that those are installed, the final step is to install the Python dev requirements for the Fides project. We recommend doing this in a virtual environment.
 
 ```bash
 pip install -r dev-requirements.txt
 ```
 
+---
+
 ### Write your code
 
 We have no doubt you can write amazing code! However, we want to help you ensure your code follows the style and patterns of Fides and has the highest chance possible to be accepted. Many projects describe code style and documentation as a suggestion; in Fides it's a CI-checked requirement.

From f2712834c73823e001b31dcba0a5936512511106 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Wed, 21 Jun 2023 15:16:49 -0400
Subject: [PATCH 19/90] fix changelog and change reference to absolute

---
 CHANGELOG.md                                                    | 2 +-
 .../system_portal_config/forms/ConnectorParameters.tsx          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 09585f33e5..2de33d8791 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,7 +22,7 @@ The types of changes are:
 - Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
 - Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
 - HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
-- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3607](https://github.com/ethyca/fides/issues/3607)
+- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3628](https://github.com/ethyca/fides/pull/3628)
 - Access and erasure support for SurveyMonkey [#3590](https://github.com/ethyca/fides/pull/3590)
 
 ### Changed
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 8f88decd32..2bc5cc5368 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -22,6 +22,7 @@ import { useAppDispatch, useAppSelector } from "~/app/hooks";
 import { useGetConnectionTypeSecretSchemaQuery } from "~/features/connection-type";
 import { formatKey } from "~/features/datastore-connections/system_portal_config/helpers";
 import TestConnection from "~/features/datastore-connections/system_portal_config/TestConnection";
+import TestData from "~/features/datastore-connections/TestData";
 import {
   selectActiveSystem,
   setActiveSystem,
@@ -37,7 +38,6 @@ import {
   SystemType,
 } from "~/types/api";
 
-import TestData from "../../TestData";
 import { ConnectionConfigFormValues } from "../types";
 import ConnectorParametersForm from "./ConnectorParametersForm";
 

From ca6a9357b8b7f609c0f69800caf8e5947e4bd0ef Mon Sep 17 00:00:00 2001
From: Sean Preston <sean@ethyca.com>
Date: Wed, 21 Jun 2023 16:07:47 -0400
Subject: [PATCH 20/90] Remove most Redis connection test logs (#3639)

---
 src/fides/api/app_setup.py  |  4 +---
 src/fides/api/util/cache.py | 11 +++++++----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index 3d1e222247..bc864ba691 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -189,11 +189,9 @@ async def run_database_startup() -> None:
 
 def check_redis() -> None:
     """Check that Redis is healthy."""
-
     logger.info("Running Cache connection test...")
-
     try:
-        get_cache()
+        get_cache(should_log=True)
     except (RedisConnectionError, RedisError, ResponseError) as e:
         logger.error("Connection to cache failed: {}", str(e))
         return
diff --git a/src/fides/api/util/cache.py b/src/fides/api/util/cache.py
index 0f8ca016ef..1a6e4cd5ff 100644
--- a/src/fides/api/util/cache.py
+++ b/src/fides/api/util/cache.py
@@ -157,7 +157,7 @@ def decode_obj(bs: Optional[str]) -> Optional[Dict[str, Any]]:
         return None
 
 
-def get_cache() -> FidesopsRedis:
+def get_cache(should_log: Optional[bool] = False) -> FidesopsRedis:
     """Return a singleton connection to our Redis cache"""
     global _connection  # pylint: disable=W0603
     if _connection is None:
@@ -174,15 +174,18 @@ def get_cache() -> FidesopsRedis:
             ssl_ca_certs=CONFIG.redis.ssl_ca_certs,
             ssl_cert_reqs=CONFIG.redis.ssl_cert_reqs,
         )
-        logger.debug("New Redis connection created.")
+        if should_log:
+            logger.debug("New Redis connection created.")
 
-    logger.debug("Testing Redis connection...")
+    if should_log:
+        logger.debug("Testing Redis connection...")
     try:
         connected = _connection.ping()
     except ConnectionErrorFromRedis:
         connected = False
     else:
-        logger.debug("Redis connection succeeded.")
+        if should_log:
+            logger.debug("Redis connection succeeded.")
 
     if not connected:
         logger.debug("Redis connection failed.")

From 7e3eeb2cbe00a54c93a0d176e5863049c52a45ed Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 21 Jun 2023 13:11:50 -0700
Subject: [PATCH 21/90] Increasing SafeStr character limit from 500 to 32000
 (#3647)

---
 CHANGELOG.md                  | 1 +
 src/fides/api/custom_types.py | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5b8d847224..d426a4a3be 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ The types of changes are:
 
 - Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
 - Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
+- Increased the character limit for the `SafeStr` type from 500 to 32000 [#3647](https://github.com/ethyca/fides/pull/3647)
 
 ### Docs
 
diff --git a/src/fides/api/custom_types.py b/src/fides/api/custom_types.py
index 604dfbb8d5..1c12ea2df3 100644
--- a/src/fides/api/custom_types.py
+++ b/src/fides/api/custom_types.py
@@ -22,8 +22,8 @@ def validate(cls, value: str) -> str:
         # HTML Escapes
         value = escape(value)
 
-        if len(value) > 500:
-            raise ValueError("Value must be 500 characters or less.")
+        if len(value) > 32000:
+            raise ValueError("Value must be 32000 characters or less.")
 
         return value
 

From 39e5fb889da3e37050f4090eaa0b3710c4d28e0a Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Wed, 21 Jun 2023 16:23:10 -0400
Subject: [PATCH 22/90] also change text in breadcrumb

---
 clients/admin-ui/src/pages/systems/configure/[id].tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/clients/admin-ui/src/pages/systems/configure/[id].tsx b/clients/admin-ui/src/pages/systems/configure/[id].tsx
index a8f78a37e9..c0533179cb 100644
--- a/clients/admin-ui/src/pages/systems/configure/[id].tsx
+++ b/clients/admin-ui/src/pages/systems/configure/[id].tsx
@@ -54,10 +54,10 @@ const ConfigureSystem: NextPage = () => {
       <Box mb={8}>
         <Breadcrumb fontWeight="medium" fontSize="sm" color="gray.600">
           <BreadcrumbItem>
-            <NextLink href={SYSTEM_ROUTE}>System Connections</NextLink>
+            <NextLink href={SYSTEM_ROUTE}>System Integrations</NextLink>
           </BreadcrumbItem>
           <BreadcrumbItem>
-            <NextLink href="#">Configure your connection</NextLink>
+            <NextLink href="#">Configure your integration</NextLink>
           </BreadcrumbItem>
         </Breadcrumb>
       </Box>

From 358b3244f27edc16deef2cfd6b6093f273eabb43 Mon Sep 17 00:00:00 2001
From: Kelsey Thomas <101993653+Kelsey-Ethyca@users.noreply.github.com>
Date: Wed, 21 Jun 2023 14:26:32 -0700
Subject: [PATCH 23/90] Updated CHANGELOG.md for release 2.15.0 (#3648)

---
 CHANGELOG.md | 57 ++++++++++++++++++++--------------------------------
 1 file changed, 22 insertions(+), 35 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8210784425..c5d51be76e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,41 +17,6 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.15.0...main)
 
-### Added
-
-- Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
-- Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
-- HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
-- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3628](https://github.com/ethyca/fides/pull/3628)
-- Access and erasure support for SurveyMonkey [#3590](https://github.com/ethyca/fides/pull/3590)
-
-### Changed
-
-- Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
-- Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
-- Increased the character limit for the `SafeStr` type from 500 to 32000 [#3647](https://github.com/ethyca/fides/pull/3647)
-
-### Docs
-
-- Updated developer docs for ARM platform users related to `pymssql` [#3615](https://github.com/ethyca/fides/pull/3615)
-
-### Fixed
-
-- Fix race condition with consent modal link rendering [#3521](https://github.com/ethyca/fides/pull/3521)
-- Hide custom fields section when there are no custom fields created [#3554](https://github.com/ethyca/fides/pull/3554)
-- Disable connector dropdown in integration tab on save [#3552](https://github.com/ethyca/fides/pull/3552)
-- Handles an edge case for non-existent identities with the Kustomer API [#3513](https://github.com/ethyca/fides/pull/3513)
-- remove the configure privacy request tile from the home screen [#3555](https://github.com/ethyca/fides/pull/3555)
-- Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
-- Only create default experience configs on startup, not update [#3605](https://github.com/ethyca/fides/pull/3605)
-- Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
-- Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
-- Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
-
-### Developer Experience
-
-- Optimize GitHub workflows used for docker image publishing [#3526](https://github.com/ethyca/fides/pull/3526)
-
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
 
 ### Added
@@ -74,6 +39,11 @@ The types of changes are:
 - Add new dataset route that has additional filters [#3558](https://github.com/ethyca/fides/pull/3558)
 - Update dataset dropdown to use new api filter [#3565](https://github.com/ethyca/fides/pull/3565)
 - Filter out saas datasets from the rest of the UI [#3568](https://github.com/ethyca/fides/pull/3568)
+- Included optional env vars to have postgres or Redshift connected via bastion host [#3374](https://github.com/ethyca/fides/pull/3374/)
+- Support for acknowledge button for notice-only Privacy Notices and to disable toggling them off [#3546](https://github.com/ethyca/fides/pull/3546)
+- HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
+- Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3628](https://github.com/ethyca/fides/pull/3628)
+- Access and erasure support for SurveyMonkey [#3590](https://github.com/ethyca/fides/pull/3590)
 
 ### Fixed
 
@@ -86,6 +56,16 @@ The types of changes are:
 - Fix bug where `fides-js` toggles were not reflecting changes from rejecting or accepting all notices [#3522](https://github.com/ethyca/fides/pull/3522)
 - Remove the `fides-js` banner from tab order when it is hidden and move the overlay components to the top of the tab order. [#3510](https://github.com/ethyca/fides/pull/3510)
 - Fix bug where `fides-js` toggle states did not always initialize properly [#3597](https://github.com/ethyca/fides/pull/3597)
+- Fix race condition with consent modal link rendering [#3521](https://github.com/ethyca/fides/pull/3521)
+- Hide custom fields section when there are no custom fields created [#3554](https://github.com/ethyca/fides/pull/3554)
+- Disable connector dropdown in integration tab on save [#3552](https://github.com/ethyca/fides/pull/3552)
+- Handles an edge case for non-existent identities with the Kustomer API [#3513](https://github.com/ethyca/fides/pull/3513)
+- remove the configure privacy request tile from the home screen [#3555](https://github.com/ethyca/fides/pull/3555)
+- Updated Privacy Experience Safe Strings Serialization [#3600](https://github.com/ethyca/fides/pull/3600/)
+- Only create default experience configs on startup, not update [#3605](https://github.com/ethyca/fides/pull/3605)
+- Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
+- Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
+- Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
 
 ### Changed
 
@@ -102,17 +82,24 @@ The types of changes are:
 - Update `fideslang` to `1.4.1` to allow arbitrary nested metadata on `System`s and `Dataset`s `meta` property [#3463](https://github.com/ethyca/fides/pull/3463)
 - Remove form validation to allow both email & phone inputs for consent requests [#3529](https://github.com/ethyca/fides/pull/3529)
 - Removed dataset dropdown from saas connector configuration [#3563](https://github.com/ethyca/fides/pull/3563)
+- Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
+- Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
+- Increased the character limit for the `SafeStr` type from 500 to 32000 [#3647](https://github.com/ethyca/fides/pull/3647)
 
 ### Developer Experience
 
 - Add ability to pass ENV vars to both privacy center and sample app during `fides deploy` via `.env` [#2949](https://github.com/ethyca/fides/pull/2949)
 - Handle an edge case when generating tags that finds them out of sequence [#3405](https://github.com/ethyca/fides/pull/3405)
 - Add support for pushing `prerelease` and `rc` tagged images to Dockerhub [#3474](https://github.com/ethyca/fides/pull/3474)
+- Optimize GitHub workflows used for docker image publishing [#3526](https://github.com/ethyca/fides/pull/3526)
 
 ### Removed
 
 - Removed the deprecated `system_dependencies` from `System` resources, migrating to `egress` [#3285](https://github.com/ethyca/fides/pull/3285)
 
+### Docs
+
+- Updated developer docs for ARM platform users related to `pymssql` [#3615](https://github.com/ethyca/fides/pull/3615)
 
 ## [2.14.1](https://github.com/ethyca/fides/compare/2.14.0...2.14.1)
 

From f9c8200bb761c38a81fbeeff698407675988cc08 Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Wed, 21 Jun 2023 18:12:46 -0500
Subject: [PATCH 24/90] Add Cookies and Surface with Privacy Notices (#3572)

 - Backend: Add a Cookies table with FK's to PrivacyDeclaration and System.  Surface cookies on privacy notices, calculated at runtime
- Frontend: Add cookie input field on system data use tab
- Frontend: Have `fides-js` and privacy center delete cookies associated with notices that were opted out of


Co-authored-by: Thomas <thomas.lapiana+github@pm.me>
Co-authored-by: Thomas <ThomasLaPiana@users.noreply.github.com>
Co-authored-by: Allison King <allison@ethyca.com>
---
 .fides/db_dataset.yml                         |  37 +++
 CHANGELOG.md                                  |   5 +-
 clients/admin-ui/cypress/e2e/systems.cy.ts    |   2 +
 .../cypress/fixtures/systems/system.json      |   4 +-
 .../cypress/fixtures/systems/systems.json     |  12 +-
 .../systems/systems_with_data_uses.json       |   8 +-
 .../src/features/common/form/inputs.tsx       |  19 +-
 .../src/features/system/SystemFormTabs.tsx    |   2 +-
 .../PrivacyDeclarationAccordion.tsx           |  21 +-
 .../PrivacyDeclarationForm.tsx                |  74 +++---
 .../PrivacyDeclarationManager.tsx             |  77 +++----
 .../PrivacyDeclarationStep.tsx                |   5 +-
 .../system/privacy-declarations/types.ts      |  11 -
 .../src/features/system/system.slice.ts       |   7 +-
 clients/admin-ui/src/types/api/index.ts       |   5 +-
 .../src/types/api/models/ConnectionType.ts    |  34 +--
 .../src/types/api/models/ConnectorParam.ts    |   1 +
 .../src/types/api/models/ConsentReport.ts     |   4 +-
 .../admin-ui/src/types/api/models/Cookies.ts  |  12 +
 ...reateConnectionConfigurationWithSecrets.ts |   4 +-
 .../admin-ui/src/types/api/models/Dataset.ts  |   4 +-
 .../types/api/models/DynamoDBDocsSchema.ts    |   2 +-
 .../src/types/api/models/EdgeDirection.ts     |  11 +
 .../src/types/api/models/EmailDocsSchema.ts   |   2 +-
 .../types/api/models/FidesDatasetReference.ts |  11 +-
 .../src/types/api/models/IdentityBase.ts      |  11 -
 .../types/api/models/PostgreSQLDocsSchema.ts  |   1 +
 .../types/api/models/PrivacyDeclaration.ts    |   6 +
 .../api/models/PrivacyDeclarationResponse.ts  |   3 +
 .../types/api/models/PrivacyNoticeResponse.ts |   2 +
 ...rivacyNoticeResponseWithUserPreferences.ts |   2 +
 .../types/api/models/RedshiftDocsSchema.ts    |   1 +
 .../src/types/api/models/ResponseFormat.ts    |   1 +
 .../src/types/api/models/SaaSRequest.ts       |   2 +-
 .../src/types/api/models/SovrnDocsSchema.ts   |   2 +-
 .../admin-ui/src/types/api/models/System.ts   |   4 +-
 .../src/types/api/models/SystemResponse.ts    |   6 +-
 .../types/api/models/TimescaleDocsSchema.ts   |   1 +
 clients/fides-js/__tests__/lib/cookie.test.ts |  49 +++-
 clients/fides-js/src/components/Overlay.tsx   |   6 +-
 clients/fides-js/src/fides.ts                 |   3 +-
 clients/fides-js/src/lib/consent-types.ts     |  20 +-
 clients/fides-js/src/lib/cookie.ts            |  20 +-
 clients/fides-js/src/lib/preferences.ts       |  43 ++--
 clients/fides-js/src/services/fides/api.ts    |   1 -
 .../consent/NoticeDrivenConsent.tsx           |  63 ++++--
 .../cypress/e2e/consent-banner.cy.ts          |  56 +++++
 .../cypress/e2e/consent-notices.cy.ts         | 105 +++++++++
 .../cypress/fixtures/consent/experience.json  |  12 +-
 .../fixtures/consent/overlay_experience.json  |   3 +-
 .../fixtures/consent/test_banner_options.json |   6 +-
 .../public/fides-js-components-demo.html      |   2 +
 .../types/api/models/Cookies.ts               |  12 +
 .../types/api/models/PrivacyNoticeResponse.ts |   2 +
 ...rivacyNoticeResponseWithUserPreferences.ts |   2 +
 .../postman/Fides.postman_collection.json     | 139 ++++++++++++
 requirements.txt                              |   4 +-
 .../versions/2be84e68df32_add_cookie_table.py |  70 ++++++
 src/fides/api/db/crud.py                      |   2 +-
 src/fides/api/db/system.py                    |  82 ++++++-
 src/fides/api/models/privacy_notice.py        |  28 ++-
 src/fides/api/models/sql_models.py            |  49 ++++
 src/fides/api/schemas/dataset.py              |   4 +-
 src/fides/api/schemas/privacy_notice.py       |   2 +
 src/fides/api/schemas/privacy_request.py      |   4 +-
 src/fides/api/schemas/system.py               |   5 +-
 tests/conftest.py                             |  17 +-
 tests/ctl/core/test_api.py                    |  85 +++++++
 tests/ctl/core/test_system.py                 | 210 ++++++++++++++++++
 ...est_privacy_experience_config_endpoints.py |  21 +-
 .../test_privacy_notice_endpoints.py          |  29 +++
 tests/ops/models/test_privacy_experience.py   |   9 +-
 tests/ops/models/test_privacy_notice.py       |  65 ++++++
 73 files changed, 1391 insertions(+), 255 deletions(-)
 delete mode 100644 clients/admin-ui/src/features/system/privacy-declarations/types.ts
 create mode 100644 clients/admin-ui/src/types/api/models/Cookies.ts
 create mode 100644 clients/admin-ui/src/types/api/models/EdgeDirection.ts
 delete mode 100644 clients/admin-ui/src/types/api/models/IdentityBase.ts
 create mode 100644 clients/privacy-center/types/api/models/Cookies.ts
 create mode 100644 src/fides/api/alembic/migrations/versions/2be84e68df32_add_cookie_table.py

diff --git a/.fides/db_dataset.yml b/.fides/db_dataset.yml
index 001fabf84a..a73b4c3261 100644
--- a/.fides/db_dataset.yml
+++ b/.fides/db_dataset.yml
@@ -2240,4 +2240,41 @@ dataset:
       description: 'The name of the organization this Fides deployment belongs to'
       data_categories:
       - user.workplace
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+  - name: cookies
+    description: 'Fides Generated Description for Table: cookies'
+    data_categories: []
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    fields:
+    - name: created_at
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: domain
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: name
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: path
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_declaration_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: system_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: updated_at
+      data_categories:
+      - system.operations
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5d51be76e..921da9ec50 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,9 @@ The types of changes are:
 - HTML format for privacy request storage destinations [#3427](https://github.com/ethyca/fides/pull/3427)
 - Persistent message showing result and timestamp of last integration test to "Integrations" tab in system view [#3628](https://github.com/ethyca/fides/pull/3628)
 - Access and erasure support for SurveyMonkey [#3590](https://github.com/ethyca/fides/pull/3590)
+- New Cookies Table for storing cookies associated with systems and privacy declarations [#3572](https://github.com/ethyca/fides/pull/3572)
+- `fides-js` and privacy center now delete cookies associated with notices that were opted out of [#3569](https://github.com/ethyca/fides/pull/3569)
+- Cookie input field on system data use tab [#3571](https://github.com/ethyca/fides/pull/3571)
 
 ### Fixed
 
@@ -198,7 +201,7 @@ The types of changes are:
 
 ### Developer Experience
 
-- Use prettier to format *all* source files in client packages [#3240](https://github.com/ethyca/fides/pull/3240)
+- Use prettier to format _all_ source files in client packages [#3240](https://github.com/ethyca/fides/pull/3240)
 
 ### Deprecated
 
diff --git a/clients/admin-ui/cypress/e2e/systems.cy.ts b/clients/admin-ui/cypress/e2e/systems.cy.ts
index 7974b0ceab..2361b15a39 100644
--- a/clients/admin-ui/cypress/e2e/systems.cy.ts
+++ b/clients/admin-ui/cypress/e2e/systems.cy.ts
@@ -172,6 +172,8 @@ describe("System management page", () => {
               data_categories: declaration.data_categories,
               data_subjects: declaration.data_subjects,
               dataset_references: ["demo_users_dataset_2"],
+              cookies: [],
+              id: "",
             });
           });
         });
diff --git a/clients/admin-ui/cypress/fixtures/systems/system.json b/clients/admin-ui/cypress/fixtures/systems/system.json
index 5929eb18dd..09e930e287 100644
--- a/clients/admin-ui/cypress/fixtures/systems/system.json
+++ b/clients/admin-ui/cypress/fixtures/systems/system.json
@@ -16,7 +16,9 @@
       "data_use": "improve.system",
       "data_qualifier": "aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified",
       "data_subjects": ["customer"],
-      "dataset_references": ["demo_users_dataset"]
+      "dataset_references": ["demo_users_dataset"],
+      "cookies": [],
+      "id": "pri_ac9d4dfb-d033-4b06-bc7f-968df8d125ff"
     }
   ],
   "joint_controller": { "name": "Sally Controller" },
diff --git a/clients/admin-ui/cypress/fixtures/systems/systems.json b/clients/admin-ui/cypress/fixtures/systems/systems.json
index a73c0d419f..6e9e6aa264 100644
--- a/clients/admin-ui/cypress/fixtures/systems/systems.json
+++ b/clients/admin-ui/cypress/fixtures/systems/systems.json
@@ -17,7 +17,9 @@
         "data_use": "improve.system",
         "data_qualifier": "aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified",
         "data_subjects": ["anonymous_user"],
-        "dataset_references": ["public"]
+        "dataset_references": ["public"],
+        "cookies": [],
+        "id": "pri_ac9d4dfb-d033-4b06-bc7f-968df8d125ff"
       }
     ],
     "joint_controller": null,
@@ -59,7 +61,9 @@
         "data_subjects": ["customer"],
         "dataset_references": ["demo_users_dataset"],
         "egress": null,
-        "ingress": null
+        "ingress": null,
+        "cookies": [],
+        "id": "pri_ac9d4dfb-d033-4b06-bc7f-968df8d125ff"
       }
     ],
     "joint_controller": null,
@@ -99,7 +103,9 @@
         "data_subjects": ["customer"],
         "dataset_references": null,
         "egress": null,
-        "ingress": null
+        "ingress": null,
+        "cookies": [],
+        "id": "pri_06430a1c-1365-422e-90a7-d444ddb32181"
       }
     ],
     "joint_controller": null,
diff --git a/clients/admin-ui/cypress/fixtures/systems/systems_with_data_uses.json b/clients/admin-ui/cypress/fixtures/systems/systems_with_data_uses.json
index 533a20f7d9..37c89489c3 100644
--- a/clients/admin-ui/cypress/fixtures/systems/systems_with_data_uses.json
+++ b/clients/admin-ui/cypress/fixtures/systems/systems_with_data_uses.json
@@ -17,7 +17,9 @@
         "data_use": "improve.system",
         "data_qualifier": "aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified",
         "data_subjects": ["anonymous_user"],
-        "dataset_references": ["public"]
+        "dataset_references": ["public"],
+        "cookies": [],
+        "id": "pri_ac9d4dfb-d033-4b06-bc7f-968df8d125ff"
       },
       {
         "name": "Collect data for marketing",
@@ -27,7 +29,9 @@
         "data_subjects": ["customer"],
         "dataset_references": null,
         "egress": null,
-        "ingress": null
+        "ingress": null,
+        "cookies": [],
+        "id": "pri_bc6e6efe-f122-3e33-ac9a-732ae8b437bb"
       }
     ],
     "joint_controller": null,
diff --git a/clients/admin-ui/src/features/common/form/inputs.tsx b/clients/admin-ui/src/features/common/form/inputs.tsx
index d242550648..7f6de443f1 100644
--- a/clients/admin-ui/src/features/common/form/inputs.tsx
+++ b/clients/admin-ui/src/features/common/form/inputs.tsx
@@ -316,21 +316,26 @@ const CreatableSelectInput = ({
       size={size}
       classNamePrefix="custom-creatable-select"
       chakraStyles={{
-        container: (provided) => ({ ...provided, flexGrow: 1 }),
+        container: (provided) => ({
+          ...provided,
+          flexGrow: 1,
+          backgroundColor: "white",
+        }),
         dropdownIndicator: (provided) => ({
           ...provided,
-          background: "white",
+          bg: "transparent",
+          px: 2,
+          cursor: "inherit",
+        }),
+        indicatorSeparator: (provided) => ({
+          ...provided,
+          display: "none",
         }),
         multiValue: (provided) => ({
           ...provided,
           background: "primary.400",
           color: "white",
         }),
-        multiValueRemove: (provided) => ({
-          ...provided,
-          display: "none",
-          visibility: "hidden",
-        }),
       }}
       components={components}
       isSearchable={isSearchable}
diff --git a/clients/admin-ui/src/features/system/SystemFormTabs.tsx b/clients/admin-ui/src/features/system/SystemFormTabs.tsx
index 35450b30fa..64171f0a84 100644
--- a/clients/admin-ui/src/features/system/SystemFormTabs.tsx
+++ b/clients/admin-ui/src/features/system/SystemFormTabs.tsx
@@ -185,7 +185,7 @@ const SystemFormTabs = ({
       label: "Data uses",
       content: activeSystem ? (
         <Box px={6} width={{ base: "100%", lg: "70%" }}>
-          <PrivacyDeclarationStep system={activeSystem as System} />
+          <PrivacyDeclarationStep system={activeSystem} />
         </Box>
       ) : null,
       isDisabled: !activeSystem,
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationAccordion.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationAccordion.tsx
index a08df39a7d..0df4261190 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationAccordion.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationAccordion.tsx
@@ -9,6 +9,7 @@ import {
 import { Form, Formik } from "formik";
 
 import { FormGuard } from "~/features/common/hooks/useIsAnyFormDirty";
+import { PrivacyDeclarationResponse } from "~/types/api";
 
 import {
   DataProps,
@@ -16,18 +17,18 @@ import {
   usePrivacyDeclarationForm,
   ValidationSchema,
 } from "./PrivacyDeclarationForm";
-import { PrivacyDeclarationWithId } from "./types";
 
 interface AccordionProps extends DataProps {
-  privacyDeclarations: PrivacyDeclarationWithId[];
+  privacyDeclarations: PrivacyDeclarationResponse[];
   onEdit: (
-    oldDeclaration: PrivacyDeclarationWithId,
-    newDeclaration: PrivacyDeclarationWithId
-  ) => Promise<PrivacyDeclarationWithId[] | undefined>;
+    oldDeclaration: PrivacyDeclarationResponse,
+    newDeclaration: PrivacyDeclarationResponse
+  ) => Promise<PrivacyDeclarationResponse[] | undefined>;
   onDelete: (
-    declaration: PrivacyDeclarationWithId
-  ) => Promise<PrivacyDeclarationWithId[] | undefined>;
+    declaration: PrivacyDeclarationResponse
+  ) => Promise<PrivacyDeclarationResponse[] | undefined>;
   includeCustomFields?: boolean;
+  includeCookies?: boolean;
 }
 
 const PrivacyDeclarationAccordionItem = ({
@@ -35,12 +36,13 @@ const PrivacyDeclarationAccordionItem = ({
   onEdit,
   onDelete,
   includeCustomFields,
+  includeCookies,
   ...dataProps
-}: { privacyDeclaration: PrivacyDeclarationWithId } & Omit<
+}: { privacyDeclaration: PrivacyDeclarationResponse } & Omit<
   AccordionProps,
   "privacyDeclarations"
 >) => {
-  const handleEdit = (values: PrivacyDeclarationWithId) =>
+  const handleEdit = (values: PrivacyDeclarationResponse) =>
     onEdit(privacyDeclaration, values);
 
   const { initialValues, renderHeader, handleSubmit } =
@@ -85,6 +87,7 @@ const PrivacyDeclarationAccordionItem = ({
                     privacyDeclarationId={privacyDeclaration.id}
                     onDelete={onDelete}
                     includeCustomFields={includeCustomFields}
+                    includeCookies={includeCookies}
                     {...dataProps}
                   />
                 </Stack>
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationForm.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationForm.tsx
index e19c757382..124b004685 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationForm.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationForm.tsx
@@ -23,19 +23,21 @@ import { useMemo, useState } from "react";
 import * as Yup from "yup";
 
 import ConfirmationModal from "~/features/common/ConfirmationModal";
-import { CustomSelect, CustomTextInput } from "~/features/common/form/inputs";
+import {
+  CustomCreatableSelect,
+  CustomSelect,
+  CustomTextInput,
+} from "~/features/common/form/inputs";
 import { FormGuard } from "~/features/common/hooks/useIsAnyFormDirty";
 import {
   DataCategory,
   Dataset,
   DataSubject,
   DataUse,
-  PrivacyDeclaration,
+  PrivacyDeclarationResponse,
   ResourceTypes,
 } from "~/types/api";
 
-import { PrivacyDeclarationWithId } from "./types";
-
 export const ValidationSchema = Yup.object().shape({
   data_categories: Yup.array(Yup.string())
     .min(1, "Must assign at least one data category")
@@ -46,8 +48,9 @@ export const ValidationSchema = Yup.object().shape({
     .label("Data subjects"),
 });
 
-export type FormValues = PrivacyDeclarationWithId & {
+export type FormValues = Omit<PrivacyDeclarationResponse, "cookies"> & {
   customFieldValues: CustomFieldValues;
+  cookies: string[];
 };
 
 const defaultInitialValues: FormValues = {
@@ -57,30 +60,21 @@ const defaultInitialValues: FormValues = {
   dataset_references: [],
   customFieldValues: {},
   id: "",
+  cookies: [],
 };
 
-const transformPrivacyDeclarationToHaveId = (
-  privacyDeclaration: PrivacyDeclaration
-) => {
-  // TODO: there's a typing problem here: the backend types still show PrivacyDeclaration
-  // instead of PrivacyDeclarationResponse (which has an id)
-  // @ts-ignore
-  const { id, name, data_use: dataUse } = privacyDeclaration;
-  let declarationId: string | undefined = id;
-  if (!declarationId) {
-    declarationId = name ? `${dataUse} - ${name}` : dataUse;
-  }
+const transformFormValueToDeclaration = (values: FormValues) => {
+  const { customFieldValues, ...declaration } = values;
+
   return {
-    ...privacyDeclaration,
-    id: declarationId,
+    ...declaration,
+    // Fill in an empty string for name because of https://github.com/ethyca/fideslang/issues/98
+    name: values.name ?? "",
+    // Transform cookies from string back to an object with default values
+    cookies: declaration.cookies.map((name) => ({ name, path: "/" })),
   };
 };
 
-export const transformPrivacyDeclarationsToHaveId = (
-  privacyDeclarations: PrivacyDeclaration[]
-): PrivacyDeclarationWithId[] =>
-  privacyDeclarations.map(transformPrivacyDeclarationToHaveId);
-
 export interface DataProps {
   allDataCategories: DataCategory[];
   allDataUses: DataUse[];
@@ -95,10 +89,12 @@ export const PrivacyDeclarationFormComponents = ({
   allDatasets,
   onDelete,
   privacyDeclarationId,
+  includeCookies,
   includeCustomFields,
 }: DataProps &
   Pick<Props, "onDelete"> & {
     privacyDeclarationId?: string;
+    includeCookies?: boolean;
     includeCustomFields?: boolean;
   }) => {
   const { dirty, isSubmitting, isValid, initialValues } =
@@ -113,7 +109,7 @@ export const PrivacyDeclarationFormComponents = ({
     : [];
 
   const handleDelete = async () => {
-    await onDelete(transformPrivacyDeclarationToHaveId(initialValues));
+    await onDelete(transformFormValueToDeclaration(initialValues));
     deleteModal.onClose();
   };
 
@@ -164,6 +160,16 @@ export const PrivacyDeclarationFormComponents = ({
         isMulti
         variant="stacked"
       />
+      {includeCookies ? (
+        <CustomCreatableSelect
+          name="cookies"
+          label="Cookies"
+          options={[]}
+          isMulti
+          variant="stacked"
+          isClearable={false}
+        />
+      ) : null}
       {allDatasets ? (
         <CustomSelect
           name="dataset_references"
@@ -212,13 +218,14 @@ export const PrivacyDeclarationFormComponents = ({
 };
 
 export const transformPrivacyDeclarationToFormValues = (
-  privacyDeclaration?: PrivacyDeclarationWithId,
+  privacyDeclaration?: PrivacyDeclarationResponse,
   customFieldValues?: CustomFieldValues
 ): FormValues =>
   privacyDeclaration
     ? {
         ...privacyDeclaration,
         customFieldValues: customFieldValues || {},
+        cookies: privacyDeclaration.cookies?.map((cookie) => cookie.name) ?? [],
       }
     : defaultInitialValues;
 
@@ -264,8 +271,10 @@ export const usePrivacyDeclarationForm = ({
     values: FormValues,
     formikHelpers: FormikHelpers<FormValues>
   ) => {
-    const { customFieldValues: formCustomFieldValues, ...declaration } = values;
-    const success = await onSubmit(declaration, formikHelpers);
+    const { customFieldValues: formCustomFieldValues } = values;
+    const declarationToSubmit = transformFormValueToDeclaration(values);
+
+    const success = await onSubmit(declarationToSubmit, formikHelpers);
     if (success) {
       // find the matching resource based on data use and name
       const customFieldResource = success.filter(
@@ -321,15 +330,16 @@ export const usePrivacyDeclarationForm = ({
 
 interface Props {
   onSubmit: (
-    values: PrivacyDeclarationWithId,
+    values: PrivacyDeclarationResponse,
     formikHelpers: FormikHelpers<FormValues>
-  ) => Promise<PrivacyDeclarationWithId[] | undefined>;
+  ) => Promise<PrivacyDeclarationResponse[] | undefined>;
   onDelete: (
-    declaration: PrivacyDeclarationWithId
-  ) => Promise<PrivacyDeclarationWithId[] | undefined>;
-  initialValues?: PrivacyDeclarationWithId;
+    declaration: PrivacyDeclarationResponse
+  ) => Promise<PrivacyDeclarationResponse[] | undefined>;
+  initialValues?: PrivacyDeclarationResponse;
   privacyDeclarationId?: string;
   includeCustomFields?: boolean;
+  includeCookies?: boolean;
 }
 
 export const PrivacyDeclarationForm = ({
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
index bf18ade8c6..3a8a1318db 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
@@ -13,33 +13,21 @@ import { useEffect, useMemo, useState } from "react";
 import { getErrorMessage } from "~/features/common/helpers";
 import { errorToastParams, successToastParams } from "~/features/common/toast";
 import { useUpdateSystemMutation } from "~/features/system/system.slice";
-import { PrivacyDeclaration, System } from "~/types/api";
+import {
+  PrivacyDeclarationResponse,
+  System,
+  SystemResponse,
+} from "~/types/api";
 import { isErrorResult } from "~/types/errors";
 
 import PrivacyDeclarationAccordion from "./PrivacyDeclarationAccordion";
-import {
-  DataProps,
-  PrivacyDeclarationForm,
-  transformPrivacyDeclarationsToHaveId,
-} from "./PrivacyDeclarationForm";
-import { PrivacyDeclarationWithId } from "./types";
-
-const transformDeclarationForSubmission = (
-  formValues: PrivacyDeclarationWithId
-): PrivacyDeclaration => {
-  // Remove the id which is only a frontend artifact
-  const { id, ...values } = formValues;
-  return {
-    ...values,
-    // Fill in an empty string for name because of https://github.com/ethyca/fideslang/issues/98
-    name: values.name ?? "",
-  };
-};
+import { DataProps, PrivacyDeclarationForm } from "./PrivacyDeclarationForm";
 
 interface Props {
-  system: System;
+  system: SystemResponse;
   addButtonProps?: ButtonProps;
   includeCustomFields?: boolean;
+  includeCookies?: boolean;
   onSave?: (system: System) => void;
 }
 
@@ -47,6 +35,7 @@ const PrivacyDeclarationManager = ({
   system,
   addButtonProps,
   includeCustomFields,
+  includeCookies,
   onSave,
   ...dataProps
 }: Props & DataProps) => {
@@ -55,24 +44,21 @@ const PrivacyDeclarationManager = ({
   const [updateSystemMutationTrigger] = useUpdateSystemMutation();
   const [showNewForm, setShowNewForm] = useState(false);
   const [newDeclaration, setNewDeclaration] = useState<
-    PrivacyDeclarationWithId | undefined
+    PrivacyDeclarationResponse | undefined
   >(undefined);
 
-  const allDeclarations = useMemo(
-    () => transformPrivacyDeclarationsToHaveId(system.privacy_declarations),
-    [system.privacy_declarations]
-  );
-
   // Accordion declarations include all declarations but the newly created one (if it exists)
   const accordionDeclarations = useMemo(() => {
     if (!newDeclaration) {
-      return allDeclarations;
+      return system.privacy_declarations;
     }
 
-    return allDeclarations.filter((pd) => pd.id !== newDeclaration.id);
-  }, [newDeclaration, allDeclarations]);
+    return system.privacy_declarations.filter(
+      (pd) => pd.id !== newDeclaration.id
+    );
+  }, [newDeclaration, system]);
 
-  const checkAlreadyExists = (values: PrivacyDeclaration) => {
+  const checkAlreadyExists = (values: PrivacyDeclarationResponse) => {
     if (
       accordionDeclarations.filter(
         (d) => d.data_use === values.data_use && d.name === values.name
@@ -89,19 +75,16 @@ const PrivacyDeclarationManager = ({
   };
 
   const handleSave = async (
-    updatedDeclarations: PrivacyDeclarationWithId[],
+    updatedDeclarations: PrivacyDeclarationResponse[],
     isDelete?: boolean
   ) => {
-    const transformedDeclarations = updatedDeclarations.map((d) =>
-      transformDeclarationForSubmission(d)
-    );
     const systemBodyWithDeclaration = {
       ...system,
-      privacy_declarations: transformedDeclarations,
+      privacy_declarations: updatedDeclarations,
     };
     const handleResult = (
       result:
-        | { data: System }
+        | { data: SystemResponse }
         | { error: FetchBaseQueryError | SerializedError }
     ) => {
       if (isErrorResult(result)) {
@@ -120,7 +103,7 @@ const PrivacyDeclarationManager = ({
       if (onSave) {
         onSave(result.data);
       }
-      return result.data.privacy_declarations as PrivacyDeclarationWithId[];
+      return result.data.privacy_declarations;
     };
 
     const updateSystemResult = await updateSystemMutationTrigger(
@@ -131,8 +114,8 @@ const PrivacyDeclarationManager = ({
   };
 
   const handleEditDeclaration = async (
-    oldDeclaration: PrivacyDeclarationWithId,
-    updatedDeclaration: PrivacyDeclarationWithId
+    oldDeclaration: PrivacyDeclarationResponse,
+    updatedDeclaration: PrivacyDeclarationResponse
   ) => {
     // Do not allow editing a privacy declaration to have the same data use as one that already exists
     if (
@@ -143,13 +126,13 @@ const PrivacyDeclarationManager = ({
     }
     // Because the data use can change, we also need a reference to the old declaration in order to
     // make sure we are replacing the proper one
-    const updatedDeclarations = allDeclarations.map((dec) =>
+    const updatedDeclarations = system.privacy_declarations.map((dec) =>
       dec.id === oldDeclaration.id ? updatedDeclaration : dec
     );
     return handleSave(updatedDeclarations);
   };
 
-  const saveNewDeclaration = async (values: PrivacyDeclarationWithId) => {
+  const saveNewDeclaration = async (values: PrivacyDeclarationResponse) => {
     if (checkAlreadyExists(values)) {
       return undefined;
     }
@@ -174,16 +157,16 @@ const PrivacyDeclarationManager = ({
   };
 
   const handleDelete = async (
-    declarationToDelete: PrivacyDeclarationWithId
+    declarationToDelete: PrivacyDeclarationResponse
   ) => {
-    const updatedDeclarations = transformPrivacyDeclarationsToHaveId(
-      system.privacy_declarations
-    ).filter((dec) => dec.id !== declarationToDelete.id);
+    const updatedDeclarations = system.privacy_declarations.filter(
+      (dec) => dec.id !== declarationToDelete.id
+    );
     return handleSave(updatedDeclarations, true);
   };
 
   const handleDeleteNew = async (
-    declarationToDelete: PrivacyDeclarationWithId
+    declarationToDelete: PrivacyDeclarationResponse
   ) => {
     const success = await handleDelete(declarationToDelete);
     if (success) {
@@ -209,6 +192,7 @@ const PrivacyDeclarationManager = ({
         onEdit={handleEditDeclaration}
         onDelete={handleDelete}
         includeCustomFields={includeCustomFields}
+        includeCookies={includeCookies}
         {...dataProps}
       />
       {showNewForm ? (
@@ -218,6 +202,7 @@ const PrivacyDeclarationManager = ({
             onSubmit={saveNewDeclaration}
             onDelete={handleDeleteNew}
             includeCustomFields={includeCustomFields}
+            includeCookies={includeCookies}
             {...dataProps}
           />
         </Box>
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
index dd7d947f01..7634e8aaf1 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
@@ -3,13 +3,13 @@ import NextLink from "next/link";
 
 import { useAppDispatch } from "~/app/hooks";
 import { setActiveSystem } from "~/features/system";
-import { System } from "~/types/api";
+import { System, SystemResponse } from "~/types/api";
 
 import { usePrivacyDeclarationData } from "./hooks";
 import PrivacyDeclarationManager from "./PrivacyDeclarationManager";
 
 interface Props {
-  system: System;
+  system: SystemResponse;
 }
 
 const PrivacyDeclarationStep = ({ system }: Props) => {
@@ -48,6 +48,7 @@ const PrivacyDeclarationStep = ({ system }: Props) => {
           system={system}
           onSave={onSave}
           includeCustomFields
+          includeCookies
           {...dataProps}
         />
       )}
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/types.ts b/clients/admin-ui/src/features/system/privacy-declarations/types.ts
deleted file mode 100644
index b16500a316..0000000000
--- a/clients/admin-ui/src/features/system/privacy-declarations/types.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { PrivacyDeclaration } from "~/types/api";
-
-/**
- * This is because privacy declarations do not have an ID on the backend.
- * It is very useful for React rendering to have a stable ID. We currently
- * make this the composite of data_use - name, but even better may be to
- * give it a UUID (or to have the backend actually enforce this!)
- */
-export interface PrivacyDeclarationWithId extends PrivacyDeclaration {
-  id: string;
-}
diff --git a/clients/admin-ui/src/features/system/system.slice.ts b/clients/admin-ui/src/features/system/system.slice.ts
index 1de03f616b..6a53b2a3fc 100644
--- a/clients/admin-ui/src/features/system/system.slice.ts
+++ b/clients/admin-ui/src/features/system/system.slice.ts
@@ -6,6 +6,7 @@ import {
   BulkPutConnectionConfiguration,
   ConnectionConfigurationResponse,
   System,
+  SystemResponse,
 } from "~/types/api";
 
 interface SystemDeleteResponse {
@@ -21,11 +22,11 @@ interface UpsertResponse {
 
 const systemApi = baseApi.injectEndpoints({
   endpoints: (build) => ({
-    getAllSystems: build.query<System[], void>({
+    getAllSystems: build.query<SystemResponse[], void>({
       query: () => ({ url: `system/` }),
       providesTags: () => ["System"],
     }),
-    getSystemByFidesKey: build.query<System, string>({
+    getSystemByFidesKey: build.query<SystemResponse, string>({
       query: (fides_key) => ({ url: `system/${fides_key}/` }),
       providesTags: ["System"],
     }),
@@ -56,7 +57,7 @@ const systemApi = baseApi.injectEndpoints({
       invalidatesTags: ["Datamap", "System", "Datastore Connection"],
     }),
     updateSystem: build.mutation<
-      System,
+      SystemResponse,
       Partial<System> & Pick<System, "fides_key">
     >({
       query: ({ ...patch }) => ({
diff --git a/clients/admin-ui/src/types/api/index.ts b/clients/admin-ui/src/types/api/index.ts
index 404068de1a..d0fc22bab5 100644
--- a/clients/admin-ui/src/types/api/index.ts
+++ b/clients/admin-ui/src/types/api/index.ts
@@ -72,6 +72,7 @@ export type { ConsentRequestMap } from "./models/ConsentRequestMap";
 export type { ConsentRequestResponse } from "./models/ConsentRequestResponse";
 export type { ConsentWithExecutableStatus } from "./models/ConsentWithExecutableStatus";
 export type { ContactDetails } from "./models/ContactDetails";
+export type { Cookies } from "./models/Cookies";
 export { CoreHealthCheck } from "./models/CoreHealthCheck";
 export type { CreateConnectionConfigurationWithSecrets } from "./models/CreateConnectionConfigurationWithSecrets";
 export type { CurrentPrivacyPreferenceReportingSchema } from "./models/CurrentPrivacyPreferenceReportingSchema";
@@ -111,6 +112,7 @@ export { DrpRegime } from "./models/DrpRegime";
 export type { DrpRevokeRequest } from "./models/DrpRevokeRequest";
 export type { DryRunDatasetResponse } from "./models/DryRunDatasetResponse";
 export type { DynamoDBDocsSchema } from "./models/DynamoDBDocsSchema";
+export { EdgeDirection } from "./models/EdgeDirection";
 export type { EmailDocsSchema } from "./models/EmailDocsSchema";
 export type { Endpoint } from "./models/Endpoint";
 export { EnforcementLevel } from "./models/EnforcementLevel";
@@ -128,7 +130,7 @@ export type { ExternalDatasetReference } from "./models/ExternalDatasetReference
 export type { fides__api__schemas__connection_configuration__connection_secrets_bigquery__KeyfileCreds } from "./models/fides__api__schemas__connection_configuration__connection_secrets_bigquery__KeyfileCreds";
 export type { fides__api__schemas__policy__Policy } from "./models/fides__api__schemas__policy__Policy";
 export type { fides__connectors__models__KeyfileCreds } from "./models/fides__connectors__models__KeyfileCreds";
-export { FidesDatasetReference } from "./models/FidesDatasetReference";
+export type { FidesDatasetReference } from "./models/FidesDatasetReference";
 export type { FidesDocsSchema } from "./models/FidesDocsSchema";
 export type { fideslang__models__Policy } from "./models/fideslang__models__Policy";
 export type { FidesMeta } from "./models/FidesMeta";
@@ -143,7 +145,6 @@ export type { HealthCheck } from "./models/HealthCheck";
 export { HTTPMethod } from "./models/HTTPMethod";
 export type { HTTPValidationError } from "./models/HTTPValidationError";
 export type { Identity } from "./models/Identity";
-export type { IdentityBase } from "./models/IdentityBase";
 export type { IdentityTypes } from "./models/IdentityTypes";
 export type { IdentityVerificationConfigResponse } from "./models/IdentityVerificationConfigResponse";
 export { IncludeExcludeEnum } from "./models/IncludeExcludeEnum";
diff --git a/clients/admin-ui/src/types/api/models/ConnectionType.ts b/clients/admin-ui/src/types/api/models/ConnectionType.ts
index 493ef4ef43..f85c008449 100644
--- a/clients/admin-ui/src/types/api/models/ConnectionType.ts
+++ b/clients/admin-ui/src/types/api/models/ConnectionType.ts
@@ -3,26 +3,26 @@
 /* eslint-disable */
 
 /**
- * Supported types to which we can connect fidesops.
+ * Supported types to which we can connect Fides.
  */
 export enum ConnectionType {
-  POSTGRES = "postgres", //DB
-  MONGODB = "mongodb", //DB
-  MYSQL = "mysql", // DB
+  POSTGRES = "postgres",
+  MONGODB = "mongodb",
+  MYSQL = "mysql",
   HTTPS = "https",
   SAAS = "saas",
-  REDSHIFT = "redshift", //DB
-  SNOWFLAKE = "snowflake", //DB
-  MSSQL = "mssql", //DB
-  MARIADB = "mariadb", //DB
-  BIGQUERY = "bigquery", //DB
-  MANUAL = "manual", // manual
-  SOVRN = "sovrn", // email
-  ATTENTIVE = "attentive", // email
-  DYNAMODB = "dynamodb", //DB
-  MANUAL_WEBHOOK = "manual_webhook", //manual
-  TIMESCALE = "timescale", //DB
+  REDSHIFT = "redshift",
+  SNOWFLAKE = "snowflake",
+  MSSQL = "mssql",
+  MARIADB = "mariadb",
+  BIGQUERY = "bigquery",
+  MANUAL = "manual",
+  SOVRN = "sovrn",
+  ATTENTIVE = "attentive",
+  DYNAMODB = "dynamodb",
+  MANUAL_WEBHOOK = "manual_webhook",
+  TIMESCALE = "timescale",
   FIDES = "fides",
-  GENERIC_ERASURE_EMAIL = "erasure_email",
-  GENERIC_CONSENT_EMAIL = "consent_email",
+  GENERIC_ERASURE_EMAIL = "generic_erasure_email",
+  GENERIC_CONSENT_EMAIL = "generic_consent_email",
 }
diff --git a/clients/admin-ui/src/types/api/models/ConnectorParam.ts b/clients/admin-ui/src/types/api/models/ConnectorParam.ts
index 1828a5c043..00e0eb43a4 100644
--- a/clients/admin-ui/src/types/api/models/ConnectorParam.ts
+++ b/clients/admin-ui/src/types/api/models/ConnectorParam.ts
@@ -12,4 +12,5 @@ export type ConnectorParam = {
   default_value?: string | Array<string>;
   multiselect?: boolean;
   description?: string;
+  sensitive?: boolean;
 };
diff --git a/clients/admin-ui/src/types/api/models/ConsentReport.ts b/clients/admin-ui/src/types/api/models/ConsentReport.ts
index a120d82ba1..f03914ff64 100644
--- a/clients/admin-ui/src/types/api/models/ConsentReport.ts
+++ b/clients/admin-ui/src/types/api/models/ConsentReport.ts
@@ -2,7 +2,7 @@
 /* tslint:disable */
 /* eslint-disable */
 
-import type { IdentityBase } from "./IdentityBase";
+import type { Identity } from "./Identity";
 
 /**
  * Schema for reporting Consent requests.
@@ -14,7 +14,7 @@ export type ConsentReport = {
   has_gpc_flag?: boolean;
   conflicts_with_gpc?: boolean;
   id: string;
-  identity: IdentityBase;
+  identity: Identity;
   created_at: string;
   updated_at: string;
 };
diff --git a/clients/admin-ui/src/types/api/models/Cookies.ts b/clients/admin-ui/src/types/api/models/Cookies.ts
new file mode 100644
index 0000000000..923ab591c3
--- /dev/null
+++ b/clients/admin-ui/src/types/api/models/Cookies.ts
@@ -0,0 +1,12 @@
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * The Cookies resource model
+ */
+export type Cookies = {
+  name: string;
+  path?: string;
+  domain?: string;
+};
diff --git a/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts b/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
index 69301c0f42..8096369510 100644
--- a/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
+++ b/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
@@ -2,8 +2,8 @@
 /* tslint:disable */
 /* eslint-disable */
 
-import type { ActionType } from "~/features/privacy-requests/types";
 import type { AccessLevel } from "./AccessLevel";
+import type { ActionType } from "./ActionType";
 import type { BigQueryDocsSchema } from "./BigQueryDocsSchema";
 import type { ConnectionType } from "./ConnectionType";
 import type { DynamoDBDocsSchema } from "./DynamoDBDocsSchema";
@@ -31,6 +31,7 @@ export type CreateConnectionConfigurationWithSecrets = {
   access: AccessLevel;
   disabled?: boolean;
   description?: string;
+  enabled_actions?: Array<ActionType>;
   secrets?:
     | MongoDBDocsSchema
     | PostgreSQLDocsSchema
@@ -48,5 +49,4 @@ export type CreateConnectionConfigurationWithSecrets = {
     | SovrnDocsSchema
     | DynamoDBDocsSchema;
   saas_connector_type?: string;
-  enabled_actions?: ActionType[];
 };
diff --git a/clients/admin-ui/src/types/api/models/Dataset.ts b/clients/admin-ui/src/types/api/models/Dataset.ts
index 0e37fe052b..9d009b8d61 100644
--- a/clients/admin-ui/src/types/api/models/Dataset.ts
+++ b/clients/admin-ui/src/types/api/models/Dataset.ts
@@ -28,9 +28,9 @@ export type Dataset = {
    */
   description?: string;
   /**
-   * An optional object that provides additional information about the Dataset. You can structure the object however you like. It can be a simple set of `key: value` properties or a deeply nested hierarchy of objects. How you use the object is up to you: Fides ignores it.
+   * An optional property to store any extra information for a resource. Data can be structured in any way: simple set of `key: value` pairs or deeply nested objects.
    */
-  meta?: Record<string, string>;
+  meta?: any;
   /**
    * Array of Data Category resources identified by `fides_key`, that apply to all collections in the Dataset.
    */
diff --git a/clients/admin-ui/src/types/api/models/DynamoDBDocsSchema.ts b/clients/admin-ui/src/types/api/models/DynamoDBDocsSchema.ts
index 3c5b33b8fa..f3bb707c35 100644
--- a/clients/admin-ui/src/types/api/models/DynamoDBDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/DynamoDBDocsSchema.ts
@@ -8,6 +8,6 @@
 export type DynamoDBDocsSchema = {
   url?: string;
   region_name: string;
-  aws_secret_access_key: string;
   aws_access_key_id: string;
+  aws_secret_access_key: string;
 };
diff --git a/clients/admin-ui/src/types/api/models/EdgeDirection.ts b/clients/admin-ui/src/types/api/models/EdgeDirection.ts
new file mode 100644
index 0000000000..dcce420fd7
--- /dev/null
+++ b/clients/admin-ui/src/types/api/models/EdgeDirection.ts
@@ -0,0 +1,11 @@
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * Direction of a FidesDataSetReference
+ */
+export enum EdgeDirection {
+  FROM = "from",
+  TO = "to",
+}
diff --git a/clients/admin-ui/src/types/api/models/EmailDocsSchema.ts b/clients/admin-ui/src/types/api/models/EmailDocsSchema.ts
index 51831625d4..dbd507a4ec 100644
--- a/clients/admin-ui/src/types/api/models/EmailDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/EmailDocsSchema.ts
@@ -11,5 +11,5 @@ export type EmailDocsSchema = {
   third_party_vendor_name: string;
   recipient_email_address: string;
   test_email_address?: string;
-  advanced_settings: AdvancedSettings;
+  advanced_settings?: AdvancedSettings;
 };
diff --git a/clients/admin-ui/src/types/api/models/FidesDatasetReference.ts b/clients/admin-ui/src/types/api/models/FidesDatasetReference.ts
index 8c6f702e24..39e2fd943e 100644
--- a/clients/admin-ui/src/types/api/models/FidesDatasetReference.ts
+++ b/clients/admin-ui/src/types/api/models/FidesDatasetReference.ts
@@ -2,18 +2,13 @@
 /* tslint:disable */
 /* eslint-disable */
 
+import type { EdgeDirection } from "./EdgeDirection";
+
 /**
  * Reference to a field from another Collection
  */
 export type FidesDatasetReference = {
   dataset: string;
   field: string;
-  direction?: FidesDatasetReference.direction;
+  direction?: EdgeDirection;
 };
-
-export namespace FidesDatasetReference {
-  export enum direction {
-    FROM = "from",
-    TO = "to",
-  }
-}
diff --git a/clients/admin-ui/src/types/api/models/IdentityBase.ts b/clients/admin-ui/src/types/api/models/IdentityBase.ts
deleted file mode 100644
index 93927af410..0000000000
--- a/clients/admin-ui/src/types/api/models/IdentityBase.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-/* istanbul ignore file */
-/* tslint:disable */
-/* eslint-disable */
-
-/**
- * The minimum fields required to represent an identity.
- */
-export type IdentityBase = {
-  phone_number?: string;
-  email?: string;
-};
diff --git a/clients/admin-ui/src/types/api/models/PostgreSQLDocsSchema.ts b/clients/admin-ui/src/types/api/models/PostgreSQLDocsSchema.ts
index f7ea1c5b24..1562d96221 100644
--- a/clients/admin-ui/src/types/api/models/PostgreSQLDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/PostgreSQLDocsSchema.ts
@@ -13,4 +13,5 @@ export type PostgreSQLDocsSchema = {
   db_schema?: string;
   host?: string;
   port?: number;
+  ssh_required?: boolean;
 };
diff --git a/clients/admin-ui/src/types/api/models/PrivacyDeclaration.ts b/clients/admin-ui/src/types/api/models/PrivacyDeclaration.ts
index 1edd7683e7..a826af7206 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyDeclaration.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyDeclaration.ts
@@ -2,6 +2,8 @@
 /* tslint:disable */
 /* eslint-disable */
 
+import type { Cookies } from "./Cookies";
+
 /**
  * The PrivacyDeclaration resource model.
  *
@@ -41,4 +43,8 @@ export type PrivacyDeclaration = {
    * The resources from which data is received. Any `fides_key`s included in this list reference `DataFlow` entries in the `ingress` array of any `System` resources to which this `PrivacyDeclaration` is applied.
    */
   ingress?: Array<string>;
+  /**
+   * Cookies associated with this data use to deliver services and functionality
+   */
+  cookies?: Array<Cookies>;
 };
diff --git a/clients/admin-ui/src/types/api/models/PrivacyDeclarationResponse.ts b/clients/admin-ui/src/types/api/models/PrivacyDeclarationResponse.ts
index dbf5327824..53de457c72 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyDeclarationResponse.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyDeclarationResponse.ts
@@ -2,6 +2,8 @@
 /* tslint:disable */
 /* eslint-disable */
 
+import type { Cookies } from "./Cookies";
+
 /**
  * Extension of base pydantic model to include DB `id` field in the response
  */
@@ -38,6 +40,7 @@ export type PrivacyDeclarationResponse = {
    * The resources from which data is received. Any `fides_key`s included in this list reference `DataFlow` entries in the `ingress` array of any `System` resources to which this `PrivacyDeclaration` is applied.
    */
   ingress?: Array<string>;
+  cookies?: Array<Cookies>;
   /**
    * The database-assigned ID of the privacy declaration on the system. This is meant to be a read-only field, returned only in API responses
    */
diff --git a/clients/admin-ui/src/types/api/models/PrivacyNoticeResponse.ts b/clients/admin-ui/src/types/api/models/PrivacyNoticeResponse.ts
index ab81aacaa6..623b92d76c 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyNoticeResponse.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyNoticeResponse.ts
@@ -3,6 +3,7 @@
 /* eslint-disable */
 
 import type { ConsentMechanism } from "./ConsentMechanism";
+import type { Cookies } from "./Cookies";
 import type { EnforcementLevel } from "./EnforcementLevel";
 import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 
@@ -29,4 +30,5 @@ export type PrivacyNoticeResponse = {
   updated_at: string;
   version: number;
   privacy_notice_history_id: string;
+  cookies: Array<Cookies>;
 };
diff --git a/clients/admin-ui/src/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts b/clients/admin-ui/src/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
index 82f78dc9d0..6919ee30d5 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
@@ -3,6 +3,7 @@
 /* eslint-disable */
 
 import type { ConsentMechanism } from "./ConsentMechanism";
+import type { Cookies } from "./Cookies";
 import type { EnforcementLevel } from "./EnforcementLevel";
 import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 import type { UserConsentPreference } from "./UserConsentPreference";
@@ -31,6 +32,7 @@ export type PrivacyNoticeResponseWithUserPreferences = {
   updated_at: string;
   version: number;
   privacy_notice_history_id: string;
+  cookies: Array<Cookies>;
   default_preference: UserConsentPreference;
   current_preference?: UserConsentPreference;
   outdated_preference?: UserConsentPreference;
diff --git a/clients/admin-ui/src/types/api/models/RedshiftDocsSchema.ts b/clients/admin-ui/src/types/api/models/RedshiftDocsSchema.ts
index 6e0eadf300..0b3ce296f6 100644
--- a/clients/admin-ui/src/types/api/models/RedshiftDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/RedshiftDocsSchema.ts
@@ -13,4 +13,5 @@ export type RedshiftDocsSchema = {
   user?: string;
   password?: string;
   db_schema?: string;
+  ssh_required?: boolean;
 };
diff --git a/clients/admin-ui/src/types/api/models/ResponseFormat.ts b/clients/admin-ui/src/types/api/models/ResponseFormat.ts
index c874d392e6..bf2c4df56a 100644
--- a/clients/admin-ui/src/types/api/models/ResponseFormat.ts
+++ b/clients/admin-ui/src/types/api/models/ResponseFormat.ts
@@ -8,4 +8,5 @@
 export enum ResponseFormat {
   JSON = "json",
   CSV = "csv",
+  HTML = "html",
 }
diff --git a/clients/admin-ui/src/types/api/models/SaaSRequest.ts b/clients/admin-ui/src/types/api/models/SaaSRequest.ts
index 5628c8ae22..c522917335 100644
--- a/clients/admin-ui/src/types/api/models/SaaSRequest.ts
+++ b/clients/admin-ui/src/types/api/models/SaaSRequest.ts
@@ -29,7 +29,7 @@ export type SaaSRequest = {
   postprocessors?: Array<Strategy>;
   pagination?: Strategy;
   grouped_inputs?: Array<string>;
-  ignore_errors?: boolean;
+  ignore_errors?: boolean | Array<number>;
   rate_limit_config?: RateLimitConfig;
   skip_missing_param_values?: boolean;
 };
diff --git a/clients/admin-ui/src/types/api/models/SovrnDocsSchema.ts b/clients/admin-ui/src/types/api/models/SovrnDocsSchema.ts
index 5825772c40..3e7dfb60c7 100644
--- a/clients/admin-ui/src/types/api/models/SovrnDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/SovrnDocsSchema.ts
@@ -11,5 +11,5 @@ export type SovrnDocsSchema = {
   third_party_vendor_name?: string;
   recipient_email_address?: string;
   test_email_address?: string;
-  advanced_settings: AdvancedSettingsWithExtendedIdentityTypes;
+  advanced_settings?: AdvancedSettingsWithExtendedIdentityTypes;
 };
diff --git a/clients/admin-ui/src/types/api/models/System.ts b/clients/admin-ui/src/types/api/models/System.ts
index ebc3a86179..e2ac6a4cb4 100644
--- a/clients/admin-ui/src/types/api/models/System.ts
+++ b/clients/admin-ui/src/types/api/models/System.ts
@@ -37,9 +37,9 @@ export type System = {
    */
   registry_id?: number;
   /**
-   * An optional property to store any extra information for a system. Not used by fidesctl.
+   * An optional property to store any extra information for a resource. Data can be structured in any way: simple set of `key: value` pairs or deeply nested objects.
    */
-  meta?: Record<string, string>;
+  meta?: any;
   /**
    *
    * The SystemMetadata resource model.
diff --git a/clients/admin-ui/src/types/api/models/SystemResponse.ts b/clients/admin-ui/src/types/api/models/SystemResponse.ts
index 35f9d0ad6d..8b1847f8df 100644
--- a/clients/admin-ui/src/types/api/models/SystemResponse.ts
+++ b/clients/admin-ui/src/types/api/models/SystemResponse.ts
@@ -4,6 +4,7 @@
 
 import type { ConnectionConfigurationResponse } from "./ConnectionConfigurationResponse";
 import type { ContactDetails } from "./ContactDetails";
+import type { Cookies } from "./Cookies";
 import type { DataFlow } from "./DataFlow";
 import type { DataProtectionImpactAssessment } from "./DataProtectionImpactAssessment";
 import type { DataResponsibilityTitle } from "./DataResponsibilityTitle";
@@ -36,9 +37,9 @@ export type SystemResponse = {
    */
   registry_id?: number;
   /**
-   * An optional property to store any extra information for a system. Not used by fidesctl.
+   * An optional property to store any extra information for a resource. Data can be structured in any way: simple set of `key: value` pairs or deeply nested objects.
    */
-  meta?: Record<string, string>;
+  meta?: any;
   /**
    *
    * The SystemMetadata resource model.
@@ -114,4 +115,5 @@ export type SystemResponse = {
    *
    */
   connection_configs?: ConnectionConfigurationResponse;
+  cookies?: Array<Cookies>;
 };
diff --git a/clients/admin-ui/src/types/api/models/TimescaleDocsSchema.ts b/clients/admin-ui/src/types/api/models/TimescaleDocsSchema.ts
index b087fffee4..b9f413993e 100644
--- a/clients/admin-ui/src/types/api/models/TimescaleDocsSchema.ts
+++ b/clients/admin-ui/src/types/api/models/TimescaleDocsSchema.ts
@@ -13,4 +13,5 @@ export type TimescaleDocsSchema = {
   db_schema?: string;
   host?: string;
   port?: number;
+  ssh_required?: boolean;
 };
diff --git a/clients/fides-js/__tests__/lib/cookie.test.ts b/clients/fides-js/__tests__/lib/cookie.test.ts
index 9835335638..407aec55e3 100644
--- a/clients/fides-js/__tests__/lib/cookie.test.ts
+++ b/clients/fides-js/__tests__/lib/cookie.test.ts
@@ -1,4 +1,6 @@
 import * as uuid from "uuid";
+
+import { CookieAttributes } from "typescript-cookie/dist/types";
 import {
   CookieKeyConsent,
   FidesCookie,
@@ -6,10 +8,11 @@ import {
   isNewFidesCookie,
   makeConsentDefaultsLegacy,
   makeFidesCookie,
+  removeCookiesFromBrowser,
   saveFidesCookie,
 } from "../../src/lib/cookie";
 import type { ConsentContext } from "../../src/lib/consent-context";
-import { LegacyConsentConfig } from "~/lib/consent-types";
+import { Cookies, LegacyConsentConfig } from "../../src/lib/consent-types";
 
 // Setup mock date
 const MOCK_DATE = "2023-01-01T12:00:00.000Z";
@@ -31,6 +34,10 @@ const mockSetCookie = jest.fn(
   (name: string, value: string, attributes: object, encoding: object) =>
     `mock setCookie return (value=${value})`
 );
+const mockRemoveCookie = jest.fn(
+  /* eslint-disable-next-line @typescript-eslint/no-unused-vars */
+  (name: string, attributes?: CookieAttributes) => undefined
+);
 jest.mock("typescript-cookie", () => ({
   getCookie: () => mockGetCookie(),
   setCookie: (
@@ -39,6 +46,8 @@ jest.mock("typescript-cookie", () => ({
     attributes: object,
     encoding: object
   ) => mockSetCookie(name, value, attributes, encoding),
+  removeCookie: (name: string, attributes?: CookieAttributes) =>
+    mockRemoveCookie(name, attributes),
 }));
 
 describe("makeFidesCookie", () => {
@@ -276,3 +285,41 @@ describe("isNewFidesCookie", () => {
     });
   });
 });
+
+describe("removeCookiesFromBrowser", () => {
+  afterEach(() => mockRemoveCookie.mockClear());
+
+  it.each([
+    { cookies: [], expectedAttributes: [] },
+    { cookies: [{ name: "_ga123" }], expectedAttributes: [{ path: "/" }] },
+    {
+      cookies: [{ name: "_ga123", path: "" }],
+      expectedAttributes: [{ path: "" }],
+    },
+    {
+      cookies: [{ name: "_ga123", path: "/subpage" }],
+      expectedAttributes: [{ path: "/subpage" }],
+    },
+    {
+      cookies: [{ name: "_ga123" }, { name: "shopify" }],
+      expectedAttributes: [{ path: "/" }, { path: "/" }],
+    },
+  ])(
+    "should remove a list of cookies",
+    ({
+      cookies,
+      expectedAttributes,
+    }: {
+      cookies: Cookies[];
+      expectedAttributes: CookieAttributes[];
+    }) => {
+      removeCookiesFromBrowser(cookies);
+      expect(mockRemoveCookie.mock.calls).toHaveLength(cookies.length);
+      cookies.forEach((cookie, idx) => {
+        const [name, attributes] = mockRemoveCookie.mock.calls[idx];
+        expect(name).toEqual(cookie.name);
+        expect(attributes).toEqual(expectedAttributes[idx]);
+      });
+    }
+  );
+});
diff --git a/clients/fides-js/src/components/Overlay.tsx b/clients/fides-js/src/components/Overlay.tsx
index fc79e6a768..94c9dfbb95 100644
--- a/clients/fides-js/src/components/Overlay.tsx
+++ b/clients/fides-js/src/components/Overlay.tsx
@@ -117,11 +117,7 @@ const Overlay: FunctionComponent<OverlayProps> = ({
           enabledPrivacyNoticeKeys.includes(notice.notice_key),
           notice.consent_mechanism
         );
-        return new SaveConsentPreference(
-          notice.notice_key,
-          notice.privacy_notice_history_id,
-          userPreference
-        );
+        return new SaveConsentPreference(notice, userPreference);
       });
       updateConsentPreferences({
         consentPreferencesToSave,
diff --git a/clients/fides-js/src/fides.ts b/clients/fides-js/src/fides.ts
index eb3153b391..c4fc1fa93e 100644
--- a/clients/fides-js/src/fides.ts
+++ b/clients/fides-js/src/fides.ts
@@ -144,8 +144,7 @@ const automaticallyApplyGPCPreferences = (
     if (notice.has_gpc_flag && !notice.current_preference) {
       consentPreferencesToSave.push(
         new SaveConsentPreference(
-          notice.notice_key,
-          notice.privacy_notice_history_id,
+          notice,
           transformConsentToFidesUserPreference(false, notice.consent_mechanism)
         )
       );
diff --git a/clients/fides-js/src/lib/consent-types.ts b/clients/fides-js/src/lib/consent-types.ts
index b56b089f65..be126828f7 100644
--- a/clients/fides-js/src/lib/consent-types.ts
+++ b/clients/fides-js/src/lib/consent-types.ts
@@ -40,17 +40,10 @@ export type FidesOptions = {
 export class SaveConsentPreference {
   consentPreference: UserConsentPreference;
 
-  noticeHistoryId: string;
+  notice: PrivacyNotice;
 
-  noticeKey: string;
-
-  constructor(
-    noticeKey: string,
-    noticeHistoryId: string,
-    consentPreference: UserConsentPreference
-  ) {
-    this.noticeKey = noticeKey;
-    this.noticeHistoryId = noticeHistoryId;
+  constructor(notice: PrivacyNotice, consentPreference: UserConsentPreference) {
+    this.notice = notice;
     this.consentPreference = consentPreference;
   }
 }
@@ -88,6 +81,12 @@ export type ExperienceConfig = {
   regions: Array<string>;
 };
 
+export type Cookies = {
+  name: string;
+  path?: string;
+  domain?: string;
+};
+
 export type PrivacyNotice = {
   name?: string;
   notice_key: string;
@@ -108,6 +107,7 @@ export type PrivacyNotice = {
   updated_at: string;
   version: number;
   privacy_notice_history_id: string;
+  cookies: Array<Cookies>;
   default_preference: UserConsentPreference;
   current_preference?: UserConsentPreference;
   outdated_preference?: UserConsentPreference;
diff --git a/clients/fides-js/src/lib/cookie.ts b/clients/fides-js/src/lib/cookie.ts
index dee6a4b6cf..4cf8830469 100644
--- a/clients/fides-js/src/lib/cookie.ts
+++ b/clients/fides-js/src/lib/cookie.ts
@@ -1,12 +1,16 @@
 import { v4 as uuidv4 } from "uuid";
-import { getCookie, setCookie, Types } from "typescript-cookie";
+import { getCookie, removeCookie, setCookie, Types } from "typescript-cookie";
 
 import { ConsentContext } from "./consent-context";
 import {
   resolveConsentValue,
   resolveLegacyConsentValue,
 } from "./consent-value";
-import { LegacyConsentConfig, PrivacyExperience } from "./consent-types";
+import {
+  Cookies,
+  LegacyConsentConfig,
+  PrivacyExperience,
+} from "./consent-types";
 import { debugLog } from "./consent-utils";
 
 /**
@@ -273,3 +277,15 @@ export const makeConsentDefaultsLegacy = (
   debugLog(debug, `Returning defaults for legacy config.`, defaults);
   return defaults;
 };
+
+/**
+ * Given a list of cookies, deletes them from the browser
+ */
+export const removeCookiesFromBrowser = (cookies: Cookies[]) => {
+  cookies.forEach((cookie) => {
+    removeCookie(cookie.name, {
+      path: cookie.path ?? "/",
+      domain: cookie.domain,
+    });
+  });
+};
diff --git a/clients/fides-js/src/lib/preferences.ts b/clients/fides-js/src/lib/preferences.ts
index ce6bbb9932..71646dd17b 100644
--- a/clients/fides-js/src/lib/preferences.ts
+++ b/clients/fides-js/src/lib/preferences.ts
@@ -3,9 +3,15 @@ import {
   ConsentOptionCreate,
   PrivacyPreferencesRequest,
   SaveConsentPreference,
+  UserConsentPreference,
 } from "./consent-types";
 import { debugLog, transformUserPreferenceToBoolean } from "./consent-utils";
-import { CookieKeyConsent, FidesCookie, saveFidesCookie } from "./cookie";
+import {
+  CookieKeyConsent,
+  FidesCookie,
+  removeCookiesFromBrowser,
+  saveFidesCookie,
+} from "./cookie";
 import { dispatchFidesEvent } from "./events";
 import { patchUserPreferenceToFidesServer } from "../services/fides/api";
 
@@ -14,6 +20,8 @@ import { patchUserPreferenceToFidesServer } from "../services/fides/api";
  * 1. Save preferences to Fides API
  * 2. Update the window.Fides.consent object
  * 3. Save preferences to the `fides_consent` cookie in the browser
+ * 4. Remove any cookies from notices that were opted-out from the browser
+ * 5. Dispatch a "FidesUpdated" event
  */
 export const updateConsentPreferences = ({
   consentPreferencesToSave,
@@ -34,21 +42,19 @@ export const updateConsentPreferences = ({
 }) => {
   // Derive the CookieKeyConsent object from privacy notices
   const noticeMap = new Map<string, boolean>(
-    consentPreferencesToSave.map(({ noticeKey, consentPreference }) => [
-      noticeKey,
+    consentPreferencesToSave.map(({ notice, consentPreference }) => [
+      notice.notice_key,
       transformUserPreferenceToBoolean(consentPreference),
     ])
   );
   const consentCookieKey: CookieKeyConsent = Object.fromEntries(noticeMap);
 
   // Derive the Fides user preferences array from privacy notices
-  const fidesUserPreferences: Array<ConsentOptionCreate> = [];
-  consentPreferencesToSave.forEach(({ noticeHistoryId, consentPreference }) => {
-    fidesUserPreferences.push({
-      privacy_notice_history_id: noticeHistoryId,
+  const fidesUserPreferences: Array<ConsentOptionCreate> =
+    consentPreferencesToSave.map(({ notice, consentPreference }) => ({
+      privacy_notice_history_id: notice.privacy_notice_history_id,
       preference: consentPreference,
-    });
-  });
+    }));
 
   // Update the cookie object
   // eslint-disable-next-line no-param-reassign
@@ -63,12 +69,7 @@ export const updateConsentPreferences = ({
     user_geography: userLocationString,
     method: consentMethod,
   };
-  patchUserPreferenceToFidesServer(
-    privacyPreferenceCreate,
-    fidesApiUrl,
-    cookie.identity.fides_user_device_id,
-    debug
-  );
+  patchUserPreferenceToFidesServer(privacyPreferenceCreate, fidesApiUrl, debug);
 
   // 2. Update the window.Fides.consent object
   debugLog(debug, "Updating window.Fides");
@@ -78,6 +79,16 @@ export const updateConsentPreferences = ({
   debugLog(debug, "Saving preferences to cookie");
   saveFidesCookie(cookie);
 
-  // 4. Dispatch a "FidesUpdated" event
+  // 4. Remove cookies associated with notices that were opted-out from the browser
+  consentPreferencesToSave
+    .filter(
+      (preference) =>
+        preference.consentPreference === UserConsentPreference.OPT_OUT
+    )
+    .forEach((preference) => {
+      removeCookiesFromBrowser(preference.notice.cookies);
+    });
+
+  // 5. Dispatch a "FidesUpdated" event
   dispatchFidesEvent("FidesUpdated", cookie);
 };
diff --git a/clients/fides-js/src/services/fides/api.ts b/clients/fides-js/src/services/fides/api.ts
index b219a01db9..1e53c6840b 100644
--- a/clients/fides-js/src/services/fides/api.ts
+++ b/clients/fides-js/src/services/fides/api.ts
@@ -81,7 +81,6 @@ export const fetchExperience = async (
 export const patchUserPreferenceToFidesServer = async (
   preferences: PrivacyPreferencesRequest,
   fidesApiUrl: string,
-  fidesUserDeviceId: string,
   debug: boolean
 ): Promise<void> => {
   debugLog(debug, "Saving user consent preference...", preferences);
diff --git a/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx b/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
index bf16a75a27..73d137d9eb 100644
--- a/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
+++ b/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
@@ -5,6 +5,7 @@ import {
   CookieKeyConsent,
   getConsentContext,
   getOrMakeFidesCookie,
+  removeCookiesFromBrowser,
   saveFidesCookie,
   transformUserPreferenceToBoolean,
 } from "fides-js";
@@ -121,30 +122,44 @@ const NoticeDrivenConsent = () => {
     router.push("/");
   };
 
+  /**
+   * When saving, we need to:
+   * 1. Send PATCH to Fides backend
+   * 2. Save to cookie and window object
+   * 3. Delete any cookies that have been opted out of
+   */
   const handleSave = async () => {
     const browserIdentities = inspectForBrowserIdentities();
     const deviceIdentity = { fides_user_device_id: fidesUserDeviceId };
     const identities = browserIdentities
       ? { ...deviceIdentity, ...browserIdentities }
       : deviceIdentity;
+    const notices = experience?.privacy_notices ?? [];
 
-    const preferences: ConsentOptionCreate[] = Object.entries(
-      draftPreferences
-    ).map(([key, value]) => {
-      const notice = experience?.privacy_notices?.find(
-        (n) => n.privacy_notice_history_id === key
-      );
-      if (notice?.consent_mechanism === ConsentMechanism.NOTICE_ONLY) {
+    // Reconnect preferences to notices
+    const noticePreferences = Object.entries(draftPreferences).map(
+      ([historyKey, preference]) => {
+        const notice = notices.find(
+          (n) => n.privacy_notice_history_id === historyKey
+        );
+        return { historyKey, preference, notice };
+      }
+    );
+
+    const preferences: ConsentOptionCreate[] = noticePreferences.map(
+      ({ historyKey, preference, notice }) => {
+        if (notice?.consent_mechanism === ConsentMechanism.NOTICE_ONLY) {
+          return {
+            privacy_notice_history_id: historyKey,
+            preference: UserConsentPreference.ACKNOWLEDGE,
+          };
+        }
         return {
-          privacy_notice_history_id: key,
-          preference: UserConsentPreference.ACKNOWLEDGE,
+          privacy_notice_history_id: historyKey,
+          preference: preference ?? UserConsentPreference.OPT_OUT,
         };
       }
-      return {
-        privacy_notice_history_id: key,
-        preference: value ?? UserConsentPreference.OPT_OUT,
-      };
-    });
+    );
 
     const payload: PrivacyPreferencesRequest = {
       browser_identity: identities,
@@ -155,6 +170,7 @@ const NoticeDrivenConsent = () => {
       code: verificationCode,
     };
 
+    // 1. Send PATCH to Fides backend
     const result = await updatePrivacyPreferencesMutationTrigger({
       id: consentRequestId,
       body: payload,
@@ -167,6 +183,8 @@ const NoticeDrivenConsent = () => {
       });
       return;
     }
+
+    // 2. Save the cookie and window obj on success
     const noticeKeyMap = new Map<string, boolean>(
       result.data.map((preference) => [
         preference.privacy_notice_history.notice_key || "",
@@ -174,14 +192,23 @@ const NoticeDrivenConsent = () => {
       ])
     );
     const consentCookieKey: CookieKeyConsent = Object.fromEntries(noticeKeyMap);
+    window.Fides.consent = consentCookieKey;
+    const updatedCookie = { ...cookie, consent: consentCookieKey };
+    saveFidesCookie(updatedCookie);
     toast({
       title: "Your consent preferences have been saved",
       ...SuccessToastOptions,
     });
-    // Save the cookie and window obj on success
-    window.Fides.consent = consentCookieKey;
-    const updatedCookie = { ...cookie, consent: consentCookieKey };
-    saveFidesCookie(updatedCookie);
+
+    // 3. Delete any cookies that have been opted out of
+    noticePreferences.forEach((noticePreference) => {
+      if (
+        noticePreference.preference === UserConsentPreference.OPT_OUT &&
+        noticePreference.notice
+      ) {
+        removeCookiesFromBrowser(noticePreference.notice.cookies);
+      }
+    });
     router.push("/");
   };
 
diff --git a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
index d54664fe90..63f0453fbf 100644
--- a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
@@ -126,6 +126,7 @@ const mockPrivacyNotice = (params: Partial<PrivacyNotice>) => {
     version: 1.0,
     privacy_notice_history_id: "pri_b09058a7-9f54-4360-8da5-4521e8975d4f",
     notice_key: "advertising",
+    cookies: [],
   };
   return { ...notice, ...params };
 };
@@ -478,6 +479,61 @@ describe("Consent banner", () => {
         // TODO: add tests for CSS
         expect(false).is.eql(true);
       });
+
+      describe("cookie enforcement", () => {
+        beforeEach(() => {
+          const cookies = [
+            { name: "cookie1", path: "/" },
+            { name: "cookie2", path: "/" },
+          ];
+          cookies.forEach((cookie) => {
+            cy.setCookie(cookie.name, "value", { path: cookie.path });
+          });
+          stubConfig({
+            experience: {
+              privacy_notices: [
+                mockPrivacyNotice({
+                  name: "one",
+                  privacy_notice_history_id: "one",
+                  notice_key: "one",
+                  consent_mechanism: ConsentMechanism.OPT_OUT,
+                  cookies: [cookies[0]],
+                }),
+                mockPrivacyNotice({
+                  name: "two",
+                  privacy_notice_history_id: "two",
+                  notice_key: "second",
+                  consent_mechanism: ConsentMechanism.OPT_OUT,
+                  cookies: [cookies[1]],
+                }),
+              ],
+            },
+            options: {
+              isOverlayEnabled: true,
+            },
+          });
+        });
+
+        it("can remove all cookies when rejecting all", () => {
+          cy.contains("button", "Reject Test").click();
+          cy.getAllCookies().then((allCookies) => {
+            expect(allCookies.map((c) => c.name)).to.eql([CONSENT_COOKIE_NAME]);
+          });
+        });
+
+        it("can remove just the cookies associated with notices that were opted out", () => {
+          cy.contains("button", "Manage preferences").click();
+          // opt out of the first notice
+          cy.getByTestId("toggle-one").click();
+          cy.getByTestId("Save test-btn").click();
+          cy.getAllCookies().then((allCookies) => {
+            expect(allCookies.map((c) => c.name)).to.eql([
+              CONSENT_COOKIE_NAME,
+              "cookie2",
+            ]);
+          });
+        });
+      });
     });
 
     describe("when there are only notice-only notices", () => {
diff --git a/clients/privacy-center/cypress/e2e/consent-notices.cy.ts b/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
index d6c62ef382..cc5fac8f6e 100644
--- a/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
@@ -87,6 +87,7 @@ describe("Privacy notice driven consent", () => {
       cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_2}`).within(() => {
         cy.getRadio().should("be.checked");
       });
+      // Notice only, so should be checked and disabled
       cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_3}`).within(() => {
         cy.getRadio().should("be.checked").should("be.disabled");
       });
@@ -107,6 +108,7 @@ describe("Privacy notice driven consent", () => {
         expect(
           preferences.map((p: ConsentOptionCreate) => p.preference)
         ).to.eql(["opt_in", "opt_in", "acknowledge"]);
+        // Should update the cookie
         cy.waitUntilCookieExists(CONSENT_COOKIE_NAME).then(() => {
           cy.getCookie(CONSENT_COOKIE_NAME).then((cookieJson) => {
             const cookie = JSON.parse(
@@ -118,6 +120,7 @@ describe("Privacy notice driven consent", () => {
             const expectedConsent = { data_sales: true, advertising: true };
             const { consent } = cookie;
             expect(consent).to.eql(expectedConsent);
+            // Should update the window object
             cy.window().then((win) => {
               expect(win.Fides.consent).to.eql(expectedConsent);
             });
@@ -154,6 +157,108 @@ describe("Privacy notice driven consent", () => {
         });
       });
     });
+
+    describe("cookie enforcement", () => {
+      beforeEach(() => {
+        // First seed the browser with the cookies that are listed in the notices
+        cy.fixture("consent/experience.json").then((data) => {
+          const notices: PrivacyNoticeResponseWithUserPreferences[] =
+            data.items[0].privacy_notices;
+
+          const allCookies = notices.map((notice) => notice.cookies).flat();
+          allCookies.forEach((cookie) => {
+            cy.setCookie(cookie.name, "value", {
+              path: cookie.path ?? "/",
+              domain: cookie.domain ?? undefined,
+            });
+          });
+          cy.getAllCookies().then((cookies) => {
+            expect(
+              cookies.filter((c) => c.name !== CONSENT_COOKIE_NAME).length
+            ).to.eql(allCookies.length);
+          });
+          cy.wrap(notices).as("notices");
+        });
+      });
+
+      it("can delete all cookies for when opting out of all notices", () => {
+        // Opt out of the opt-out notice
+        cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_2}`).within(() => {
+          cy.getRadio().should("be.checked");
+          cy.get("span").contains("No").click();
+        });
+        cy.getByTestId("save-btn").click();
+
+        cy.wait("@patchPrivacyPreference").then(() => {
+          // Use waitUntil to help with CI
+          cy.waitUntil(() =>
+            cy.getAllCookies().then((cookies) => cookies.length === 1)
+          ).then(() => {
+            // There should be no cookies related to the privacy notices around
+            cy.getAllCookies().then((cookies) => {
+              const filteredCookies = cookies.filter(
+                (c) => c.name !== CONSENT_COOKIE_NAME
+              );
+              expect(filteredCookies.length).to.eql(0);
+            });
+          });
+        });
+      });
+
+      it("can delete only the cookies associated with opt-out notices", () => {
+        // Opt into first notice
+        cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_1}`).within(() => {
+          cy.get("span").contains("Yes").click();
+        });
+        // Opt out of second notice
+        cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_2}`).within(() => {
+          cy.getRadio().should("be.checked");
+          cy.get("span").contains("No").click();
+        });
+        cy.getByTestId("save-btn").click();
+
+        cy.wait("@patchPrivacyPreference").then(() => {
+          // Use waitUntil to help with CI
+          cy.waitUntil(() =>
+            cy.getAllCookies().then((cookies) => cookies.length === 2)
+          ).then(() => {
+            // The first notice's cookies should still be around
+            // But there should be none of the second cookie's
+            cy.getAllCookies().then((cookies) => {
+              const filteredCookies = cookies.filter(
+                (c) => c.name !== CONSENT_COOKIE_NAME
+              );
+              expect(filteredCookies.length).to.eql(1);
+              cy.get("@notices").then((notices: any) => {
+                expect(filteredCookies[0]).to.have.property(
+                  "name",
+                  notices[0].cookies[0].name
+                );
+              });
+            });
+          });
+        });
+      });
+
+      it("can successfully delete even if cookie does not exist", () => {
+        cy.clearAllCookies();
+        // Opt out of second notice
+        cy.getByTestId(`consent-item-${PRIVACY_NOTICE_ID_2}`).within(() => {
+          cy.getRadio().should("be.checked");
+          cy.get("span").contains("No").click();
+        });
+        cy.getByTestId("save-btn").click();
+
+        cy.wait("@patchPrivacyPreference").then(() => {
+          cy.getAllCookies().then((cookies) => {
+            const filteredCookies = cookies.filter(
+              (c) => c.name !== CONSENT_COOKIE_NAME
+            );
+            expect(filteredCookies.length).to.eql(0);
+          });
+        });
+      });
+    });
   });
 
   describe("when user has consented before", () => {
diff --git a/clients/privacy-center/cypress/fixtures/consent/experience.json b/clients/privacy-center/cypress/fixtures/consent/experience.json
index c52570afb2..3282ec2d51 100644
--- a/clients/privacy-center/cypress/fixtures/consent/experience.json
+++ b/clients/privacy-center/cypress/fixtures/consent/experience.json
@@ -51,7 +51,8 @@
           "privacy_notice_history_id": "pri_df14051b-1eaf-4f07-ae63-232bffd2dc3e",
           "default_preference": "opt_out",
           "current_preference": null,
-          "outdated_preference": null
+          "outdated_preference": null,
+          "cookies": [{ "name": "sales", "path": null, "domain": null }]
         },
         {
           "name": "Advertising",
@@ -75,7 +76,11 @@
           "privacy_notice_history_id": "pri_b2a0a2fa-ef59-4f7d-8e3d-d2e9bd076707",
           "default_preference": "opt_in",
           "current_preference": null,
-          "outdated_preference": null
+          "outdated_preference": null,
+          "cookies": [
+            { "name": "_ga", "path": null, "domain": null },
+            { "name": "advertisingCookie", "path": null, "domain": null }
+          ]
         },
         {
           "name": "Essential",
@@ -99,7 +104,8 @@
           "privacy_notice_history_id": "pri_b09058a7-9f54-4360-8da5-4521e8975d4e",
           "default_preference": "opt_in",
           "current_preference": null,
-          "outdated_preference": null
+          "outdated_preference": null,
+          "cookies": []
         }
       ]
     }
diff --git a/clients/privacy-center/cypress/fixtures/consent/overlay_experience.json b/clients/privacy-center/cypress/fixtures/consent/overlay_experience.json
index 1e68cd4194..79a78495bd 100644
--- a/clients/privacy-center/cypress/fixtures/consent/overlay_experience.json
+++ b/clients/privacy-center/cypress/fixtures/consent/overlay_experience.json
@@ -51,7 +51,8 @@
           "privacy_notice_history_id": "pri_b2a0a2fa-ef59-4f7d-8e3d-d2e9bd076707",
           "default_preference": "opt_out",
           "current_preference": null,
-          "outdated_preference": null
+          "outdated_preference": null,
+          "cookies": []
         }
       ]
     }
diff --git a/clients/privacy-center/cypress/fixtures/consent/test_banner_options.json b/clients/privacy-center/cypress/fixtures/consent/test_banner_options.json
index dc830e1fef..6c30154e0e 100644
--- a/clients/privacy-center/cypress/fixtures/consent/test_banner_options.json
+++ b/clients/privacy-center/cypress/fixtures/consent/test_banner_options.json
@@ -64,7 +64,8 @@
         "updated_at": "2023-04-24T21:29:08.870351+00:00",
         "version": 1.0,
         "privacy_notice_history_id": "pri_b09058a7-9f54-4360-8da5-4521e8975d4f",
-        "notice_key": "advertising"
+        "notice_key": "advertising",
+        "cookies": []
       },
       {
         "name": "Essential",
@@ -85,7 +86,8 @@
         "updated_at": "2023-04-24T21:29:08.870351+00:00",
         "version": 1.0,
         "privacy_notice_history_id": "pri_b09058a7-9f54-4360-8da5-4521e8975d4e",
-        "notice_key": "essential"
+        "notice_key": "essential",
+        "cookies": []
       }
     ]
   },
diff --git a/clients/privacy-center/public/fides-js-components-demo.html b/clients/privacy-center/public/fides-js-components-demo.html
index 4f07dc08f8..3614d6c117 100644
--- a/clients/privacy-center/public/fides-js-components-demo.html
+++ b/clients/privacy-center/public/fides-js-components-demo.html
@@ -77,6 +77,7 @@
               privacy_notice_history_id:
                 "pri_b09058a7-9f54-4360-8da5-4521e8975d4f",
               notice_key: "advertising",
+              cookies: [{ name: "testCookie", path: "/", domain: null }],
             },
             {
               name: "Essential",
@@ -100,6 +101,7 @@
               privacy_notice_history_id:
                 "pri_b09058a7-9f54-4360-8da5-4521e8975d4e",
               notice_key: "essential",
+              cookies: [],
             },
           ],
         },
diff --git a/clients/privacy-center/types/api/models/Cookies.ts b/clients/privacy-center/types/api/models/Cookies.ts
new file mode 100644
index 0000000000..923ab591c3
--- /dev/null
+++ b/clients/privacy-center/types/api/models/Cookies.ts
@@ -0,0 +1,12 @@
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+
+/**
+ * The Cookies resource model
+ */
+export type Cookies = {
+  name: string;
+  path?: string;
+  domain?: string;
+};
diff --git a/clients/privacy-center/types/api/models/PrivacyNoticeResponse.ts b/clients/privacy-center/types/api/models/PrivacyNoticeResponse.ts
index 8f33d8b38b..de11c2abfe 100644
--- a/clients/privacy-center/types/api/models/PrivacyNoticeResponse.ts
+++ b/clients/privacy-center/types/api/models/PrivacyNoticeResponse.ts
@@ -3,6 +3,7 @@
 /* eslint-disable */
 
 import type { ConsentMechanism } from "./ConsentMechanism";
+import type { Cookies } from "./Cookies";
 import type { EnforcementLevel } from "./EnforcementLevel";
 import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 
@@ -28,4 +29,5 @@ export type PrivacyNoticeResponse = {
   updated_at: string;
   version: number;
   privacy_notice_history_id: string;
+  cookies: Array<Cookies>;
 };
diff --git a/clients/privacy-center/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts b/clients/privacy-center/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
index 82f78dc9d0..6919ee30d5 100644
--- a/clients/privacy-center/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
+++ b/clients/privacy-center/types/api/models/PrivacyNoticeResponseWithUserPreferences.ts
@@ -3,6 +3,7 @@
 /* eslint-disable */
 
 import type { ConsentMechanism } from "./ConsentMechanism";
+import type { Cookies } from "./Cookies";
 import type { EnforcementLevel } from "./EnforcementLevel";
 import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 import type { UserConsentPreference } from "./UserConsentPreference";
@@ -31,6 +32,7 @@ export type PrivacyNoticeResponseWithUserPreferences = {
   updated_at: string;
   version: number;
   privacy_notice_history_id: string;
+  cookies: Array<Cookies>;
   default_preference: UserConsentPreference;
   current_preference?: UserConsentPreference;
   outdated_preference?: UserConsentPreference;
diff --git a/docs/fides/docs/development/postman/Fides.postman_collection.json b/docs/fides/docs/development/postman/Fides.postman_collection.json
index 27173fd320..f4a7c94c1e 100644
--- a/docs/fides/docs/development/postman/Fides.postman_collection.json
+++ b/docs/fides/docs/development/postman/Fides.postman_collection.json
@@ -4922,6 +4922,145 @@
 				}
 			]
 		},
+		{
+			"name": "Systems",
+			"item": [
+				{
+					"name": "Get System",
+					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{client_token}}",
+									"type": "string"
+								}
+							]
+						},
+						"method": "GET",
+						"header": [],
+						"url": {
+							"raw": "{{host}}/system/",
+							"host": [
+								"{{host}}"
+							],
+							"path": [
+								"system",
+								""
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Create System",
+					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{client_token}}",
+									"type": "string"
+								}
+							]
+						},
+						"method": "POST",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n   \"data_responsibility_title\":\"Processor\",\n   \"description\":\"Collect data about our users for marketing.\",\n   \"egress\":[\n      {\n         \"fides_key\":\"demo_analytics_system\",\n         \"type\":\"system\",\n         \"data_categories\":null\n      }\n   ],\n   \"fides_key\":\"test_system\",\n   \"ingress\":null,\n   \"name\":\"Test system\",\n   \"organization_fides_key\":\"default_organization\",\n   \"privacy_declarations\":[\n      {\n         \"name\":\"Collect data for marketing\",\n         \"data_categories\":[\n            \"user.device.cookie_id\"\n         ],\n         \"data_use\":\"personalize\",\n         \"data_qualifier\":\"aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified\",\n         \"data_subjects\":[\n            \"customer\"\n         ],\n         \"dataset_references\":null,\n         \"egress\":null,\n         \"ingress\":null,\n         \"cookies\":[\n            {\n               \"name\":\"test_cookie\",\n               \"path\":\"/\"\n            }\n         ]\n      }\n   ],\n   \"system_dependencies\":[\n      \"demo_analytics_system\"\n   ],\n   \"system_type\":\"Service\",\n   \"tags\":null,\n   \"third_country_transfers\":null,\n   \"administrating_department\":\"Marketing\"\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{host}}/system",
+							"host": [
+								"{{host}}"
+							],
+							"path": [
+								"system"
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Update System",
+					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{client_token}}",
+									"type": "string"
+								}
+							]
+						},
+						"method": "PUT",
+						"header": [],
+						"body": {
+							"mode": "raw",
+							"raw": "{\n   \"data_responsibility_title\":\"Processor\",\n   \"description\":\"Collect data about our users for marketing.\",\n   \"egress\":[\n      {\n         \"fides_key\":\"demo_analytics_system\",\n         \"type\":\"system\",\n         \"data_categories\":null\n      }\n   ],\n   \"fides_key\":\"test_system\",\n   \"ingress\":null,\n   \"name\":\"Test system\",\n   \"organization_fides_key\":\"default_organization\",\n   \"privacy_declarations\":[\n      {\n         \"name\":\"Collect data for marketing\",\n         \"data_categories\":[\n            \"user.device.cookie_id\"\n         ],\n         \"data_use\":\"marketing.advertising\",\n         \"data_qualifier\":\"aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified\",\n         \"data_subjects\":[\n            \"customer\"\n         ],\n         \"dataset_references\":null,\n         \"egress\":null,\n         \"ingress\":null,\n         \"cookies\":[\n            {\n               \"name\":\"another_cookie\",\n               \"path\":\"/\"\n            }\n         ]\n      }\n   ],\n   \"system_dependencies\":[\n      \"demo_analytics_system\"\n   ],\n   \"system_type\":\"Service\",\n   \"tags\":null,\n   \"third_country_transfers\":null,\n   \"administrating_department\":\"Marketing\"\n}",
+							"options": {
+								"raw": {
+									"language": "json"
+								}
+							}
+						},
+						"url": {
+							"raw": "{{host}}/system?",
+							"host": [
+								"{{host}}"
+							],
+							"path": [
+								"system"
+							],
+							"query": [
+								{
+									"key": "",
+									"value": null
+								}
+							]
+						}
+					},
+					"response": []
+				},
+				{
+					"name": "Delete System",
+					"request": {
+						"auth": {
+							"type": "bearer",
+							"bearer": [
+								{
+									"key": "token",
+									"value": "{{client_token}}",
+									"type": "string"
+								}
+							]
+						},
+						"method": "DELETE",
+						"header": [],
+						"url": {
+							"raw": "{{host}}/system/test_system",
+							"host": [
+								"{{host}}"
+							],
+							"path": [
+								"system",
+								"test_system"
+							]
+						}
+					},
+					"response": []
+				}
+			]
+		},
 		{
 			"name": "Roles",
 			"item": [
diff --git a/requirements.txt b/requirements.txt
index 191f9f08a2..90ee39b71b 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12,7 +12,7 @@ expandvars==0.9.0
 fastapi[all]==0.89.1
 fastapi-caching[redis]==0.3.0
 fastapi-pagination[sqlalchemy]~= 0.10.0
-fideslang==1.4.1
+fideslang==1.4.2
 fideslog==1.2.10
 firebase-admin==5.3.0
 GitPython==3.1.31
@@ -31,7 +31,7 @@ passlib[bcrypt]==1.7.4
 plotly==5.13.1
 pyarrow==6.0.0
 psycopg2-binary==2.9.6
-pydantic<1.10.2
+pydantic==1.10.9
 pydash==6.0.2
 PyJWT==2.4.0
 pymongo==3.13.0
diff --git a/src/fides/api/alembic/migrations/versions/2be84e68df32_add_cookie_table.py b/src/fides/api/alembic/migrations/versions/2be84e68df32_add_cookie_table.py
new file mode 100644
index 0000000000..889e466304
--- /dev/null
+++ b/src/fides/api/alembic/migrations/versions/2be84e68df32_add_cookie_table.py
@@ -0,0 +1,70 @@
+"""add cookie table
+
+Revision ID: 2be84e68df32
+Revises: c1885270b3cc
+Create Date: 2023-06-13 23:08:35.011377
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "2be84e68df32"
+down_revision = "c1885270b3cc"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table(
+        "cookies",
+        sa.Column("id", sa.String(length=255), nullable=False),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column("name", sa.String(), nullable=False),
+        sa.Column("domain", sa.String(), nullable=True),
+        sa.Column("path", sa.String(), nullable=True),
+        sa.Column("system_id", sa.String(), nullable=True),
+        sa.Column("privacy_declaration_id", sa.String(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["privacy_declaration_id"], ["privacydeclaration.id"], ondelete="SET NULL"
+        ),
+        sa.ForeignKeyConstraint(["system_id"], ["ctl_systems.id"], ondelete="CASCADE"),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint(
+            "name", "privacy_declaration_id", name="_cookie_name_privacy_declaration_uc"
+        ),
+    )
+    op.create_index(op.f("ix_cookies_id"), "cookies", ["id"], unique=False)
+    op.create_index(op.f("ix_cookies_name"), "cookies", ["name"], unique=False)
+    op.create_index(
+        op.f("ix_cookies_privacy_declaration_id"),
+        "cookies",
+        ["privacy_declaration_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_cookies_system_id"), "cookies", ["system_id"], unique=False
+    )
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f("ix_cookies_system_id"), table_name="cookies")
+    op.drop_index(op.f("ix_cookies_privacy_declaration_id"), table_name="cookies")
+    op.drop_index(op.f("ix_cookies_name"), table_name="cookies")
+    op.drop_index(op.f("ix_cookies_id"), table_name="cookies")
+    op.drop_table("cookies")
+    # ### end Alembic commands ###
diff --git a/src/fides/api/db/crud.py b/src/fides/api/db/crud.py
index 10412dd257..eb13fa38de 100644
--- a/src/fides/api/db/crud.py
+++ b/src/fides/api/db/crud.py
@@ -113,7 +113,7 @@ async def get_resource(
     raise_not_found: bool = True,
 ) -> Base:
     """
-    Get a resource from the databse by its FidesKey.
+    Get a resource from the database by its FidesKey.
 
     Returns a SQLAlchemy model of that resource.
     """
diff --git a/src/fides/api/db/system.py b/src/fides/api/db/system.py
index 4d8d7f179e..924f8fb6d6 100644
--- a/src/fides/api/db/system.py
+++ b/src/fides/api/db/system.py
@@ -1,17 +1,20 @@
 """
 Functions for interacting with System objects in the database.
 """
-from typing import Dict, List, Tuple
+from typing import Dict, List, Optional, Tuple
 
 from fastapi import HTTPException
+from fideslang.models import Cookies as CookieSchema
 from fideslang.models import System as SystemSchema
 from loguru import logger as log
+from sqlalchemy import and_, delete, insert, select, update
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import Session
 from starlette.status import HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
 from fides.api.db.crud import create_resource, get_resource, update_resource
 from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    Cookies,
     DataUse,
     PrivacyDeclaration,
     System,
@@ -112,23 +115,88 @@ async def upsert_privacy_declarations(
         for privacy_declaration in resource.privacy_declarations:
             # prepare our 'payload' for either create or update
             data = privacy_declaration.dict()
+            cookies: List[Dict] = data.pop("cookies", None)
             data["system_id"] = system.id  # include FK back to system
 
             # if we find matching declaration, remove it from our map
-            if existing_declaration := existing_declarations.pop(
+            if declaration := existing_declarations.pop(
                 privacy_declaration_logical_id(privacy_declaration), None
             ):
                 # and update existing declaration *in place*
-                existing_declaration.update(db, data=data)
+                declaration.update(db, data=data)
             else:
                 # otherwise, create a new declaration record
-                PrivacyDeclaration.create(db, data=data)
+                declaration = PrivacyDeclaration.create(db, data=data)
+
+            # Upsert cookies for the given privacy declaration
+            await upsert_cookies(db, cookies, declaration, system)
 
         # delete any existing privacy declarations that have not been "matched" in the request
         for existing_declarations in existing_declarations.values():
             await db.delete(existing_declarations)
 
 
+async def upsert_cookies(
+    async_session: AsyncSession,
+    cookies: Optional[List[Dict]],  # CookieSchema
+    privacy_declaration: PrivacyDeclaration,
+    system: System,
+) -> None:
+    """Upsert cookies for the given privacy declaration: retrieve cookies by name/system/privacy declaration
+    Remove any existing cookies that aren't specified here.
+    """
+    cookie_list: List[CookieSchema] = cookies or []
+    for cookie_data in cookie_list:
+        # Check if cookie exists for this name/system/privacy declaration
+        result = await async_session.execute(
+            select(Cookies).where(
+                and_(
+                    Cookies.name == cookie_data["name"],
+                    Cookies.system_id == system.id,
+                    Cookies.privacy_declaration_id == privacy_declaration.id,
+                )
+            )
+        )
+        row: Optional[Cookies] = result.scalars().first()
+        if row:
+            await async_session.execute(
+                update(Cookies).where(Cookies.id == row.id).values(cookie_data)
+            )
+
+        else:
+            await async_session.execute(
+                insert(Cookies).values(
+                    {
+                        "name": cookie_data.get("name"),
+                        "path": cookie_data.get("path"),
+                        "domain": cookie_data.get("domain"),
+                        "privacy_declaration_id": privacy_declaration.id,
+                        "system_id": system.id,
+                    }
+                )
+            )
+
+    # Select cookies which are currently on the privacy declaration but not included in this request
+    delete_result = await async_session.execute(
+        select(Cookies).where(
+            and_(
+                Cookies.name.notin_([cookie["name"] for cookie in cookie_list]),
+                Cookies.system_id == system.id,
+                Cookies.privacy_declaration_id == privacy_declaration.id,
+            )
+        )
+    )
+
+    # Remove those cookies altogether
+    await async_session.execute(
+        delete(Cookies).where(
+            Cookies.id.in_(
+                [cookie.id for cookie in delete_result.scalars().unique().all()]
+            )
+        )
+    )
+
+
 async def update_system(resource: SystemSchema, db: AsyncSession) -> Dict:
     """Helper function to share core system update logic for wrapping endpoint functions"""
     system: System = await get_resource(
@@ -184,9 +252,13 @@ async def create_system(
             for privacy_declaration in privacy_declarations:
                 data = privacy_declaration.dict()
                 data["system_id"] = created_system.id  # add FK back to system
-                PrivacyDeclaration.create(
+                cookies: List[Dict] = data.pop("cookies", [])
+                privacy_declaration = PrivacyDeclaration.create(
                     db, data=data
                 )  # create the associated PrivacyDeclaration
+                await upsert_cookies(
+                    db, cookies, privacy_declaration, created_system
+                )  # Create the associated cookies
     except Exception as e:
         log.error(
             f"Error adding privacy declarations, reverting system creation: {str(privacy_declaration_exception)}"
diff --git a/src/fides/api/models/privacy_notice.py b/src/fides/api/models/privacy_notice.py
index 903a1222ad..babdee213f 100644
--- a/src/fides/api/models/privacy_notice.py
+++ b/src/fides/api/models/privacy_notice.py
@@ -8,14 +8,18 @@
 from fideslang.validation import FidesKey
 from sqlalchemy import Boolean, Column
 from sqlalchemy import Enum as EnumColumn
-from sqlalchemy import Float, ForeignKey, String
+from sqlalchemy import Float, ForeignKey, String, or_
 from sqlalchemy.dialects.postgresql import ARRAY
 from sqlalchemy.orm import Session, relationship
 from sqlalchemy.util import hybridproperty
 
 from fides.api.common_exceptions import ValidationError
 from fides.api.db.base_class import Base, FidesBase
-from fides.api.models.sql_models import System  # type: ignore[attr-defined]
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+    Cookies,
+    PrivacyDeclaration,
+    System,
+)
 
 
 class UserConsentPreference(Enum):
@@ -255,6 +259,26 @@ def default_preference(self) -> UserConsentPreference:
 
         raise Exception("Invalid notice consent mechanism.")
 
+    @property
+    def cookies(self) -> List[Cookies]:
+        """Return relevant cookie names (via the data use)"""
+        db = Session.object_session(self)
+        return (
+            db.query(Cookies)
+            .join(
+                PrivacyDeclaration,
+                PrivacyDeclaration.id == Cookies.privacy_declaration_id,
+            )
+            .filter(
+                or_(
+                    *[
+                        PrivacyDeclaration.data_use.like(f"{notice_use}%")
+                        for notice_use in self.data_uses
+                    ]
+                )
+            )
+        ).all()
+
     @classmethod
     def create(
         cls: Type[PrivacyNotice],
diff --git a/src/fides/api/models/sql_models.py b/src/fides/api/models/sql_models.py
index 9ed6a8d8e1..0e8b03b310 100644
--- a/src/fides/api/models/sql_models.py
+++ b/src/fides/api/models/sql_models.py
@@ -346,6 +346,10 @@ class System(Base, FidesBase):
         lazy="selectin",
     )
 
+    cookies = relationship(
+        "Cookies", back_populates="system", lazy="selectin", uselist=True, viewonly=True
+    )
+
     @classmethod
     def get_data_uses(
         cls: Type[System], systems: List[System], include_parents: bool = True
@@ -392,6 +396,9 @@ class PrivacyDeclaration(Base):
         index=True,
     )
     system = relationship(System, back_populates="privacy_declarations")
+    cookies = relationship(
+        "Cookies", back_populates="privacy_declaration", lazy="joined", uselist=True
+    )
 
     @classmethod
     def create(
@@ -596,3 +603,45 @@ class AuditLogResource(Base):
     request_type = Column(String, nullable=True)
     fides_keys = Column(ARRAY(String), nullable=True)
     extra_data = Column(JSON, nullable=True)
+
+
+class Cookies(Base):
+    """
+    Stores cookies.  Cookies have a FK to system and privacy declaration. If a privacy declaration is deleted,
+    the cookie can still remain linked to the system but unassociated with a data use.
+    """
+
+    name = Column(String, index=True, nullable=False)
+    path = Column(String)
+    domain = Column(String)
+
+    system_id = Column(
+        String, ForeignKey(System.id_field_path, ondelete="CASCADE"), index=True
+    )  # If system is deleted, remove the associated cookies.
+
+    privacy_declaration_id = Column(
+        String,
+        ForeignKey(PrivacyDeclaration.id_field_path, ondelete="SET NULL"),
+        index=True,
+    )  # If privacy declaration is deleted, just set to null and still keep this connected to the system.
+
+    system = relationship(
+        "System",
+        back_populates="cookies",
+        cascade="all,delete",
+        uselist=False,
+        lazy="selectin",
+    )
+
+    privacy_declaration = relationship(
+        "PrivacyDeclaration",
+        back_populates="cookies",
+        uselist=False,
+        lazy="joined",  # Joined is intentional, instead of selectin
+    )
+
+    __table_args__ = (
+        UniqueConstraint(
+            "name", "privacy_declaration_id", name="_cookie_name_privacy_declaration_uc"
+        ),
+    )
diff --git a/src/fides/api/schemas/dataset.py b/src/fides/api/schemas/dataset.py
index bc00dd5d56..7b4683dea7 100644
--- a/src/fides/api/schemas/dataset.py
+++ b/src/fides/api/schemas/dataset.py
@@ -1,4 +1,4 @@
-from typing import Any, List, Optional
+from typing import Any, List, Optional, Type
 
 from fideslang.models import Dataset, DatasetCollection, DatasetField
 from fideslang.validation import FidesKey
@@ -30,7 +30,7 @@ def validate_data_categories_against_db(
     class DataCategoryValidationMixin(BaseModel):
         @validator("data_categories", check_fields=False, allow_reuse=True)
         def valid_data_categories(
-            cls, v: Optional[List[FidesKey]]
+            cls: Type["DataCategoryValidationMixin"], v: Optional[List[FidesKey]]
         ) -> Optional[List[FidesKey]]:
             """Validate that all annotated data categories exist in the taxonomy"""
             return _valid_data_categories(v, defined_data_categories)
diff --git a/src/fides/api/schemas/privacy_notice.py b/src/fides/api/schemas/privacy_notice.py
index f8e97aef88..ae8a229356 100644
--- a/src/fides/api/schemas/privacy_notice.py
+++ b/src/fides/api/schemas/privacy_notice.py
@@ -3,6 +3,7 @@
 from datetime import datetime
 from typing import Any, Dict, List, Optional
 
+from fideslang.models import Cookies as CookieSchema
 from fideslang.validation import FidesKey
 from pydantic import Extra, conlist, root_validator, validator
 
@@ -140,6 +141,7 @@ class PrivacyNoticeResponse(PrivacyNoticeWithId):
     updated_at: datetime
     version: float
     privacy_notice_history_id: str
+    cookies: List[CookieSchema]
 
 
 class PrivacyNoticeResponseWithUserPreferences(PrivacyNoticeResponse):
diff --git a/src/fides/api/schemas/privacy_request.py b/src/fides/api/schemas/privacy_request.py
index c4f1228edb..5034c33012 100644
--- a/src/fides/api/schemas/privacy_request.py
+++ b/src/fides/api/schemas/privacy_request.py
@@ -1,6 +1,6 @@
 from datetime import datetime
 from enum import Enum as EnumType
-from typing import Any, Dict, List, Optional, Union
+from typing import Any, Dict, List, Optional, Type, Union
 
 from fideslang.validation import FidesKey
 from pydantic import Field, validator
@@ -84,7 +84,7 @@ class PrivacyRequestCreate(FidesSchema):
 
     @validator("encryption_key")
     def validate_encryption_key(
-        cls: "PrivacyRequestCreate", value: Optional[str] = None
+        cls: Type["PrivacyRequestCreate"], value: Optional[str] = None
     ) -> Optional[str]:
         """Validate encryption key where applicable"""
         if value:
diff --git a/src/fides/api/schemas/system.py b/src/fides/api/schemas/system.py
index 82016e051a..9111005698 100644
--- a/src/fides/api/schemas/system.py
+++ b/src/fides/api/schemas/system.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from fideslang.models import PrivacyDeclaration, System
+from fideslang.models import Cookies, PrivacyDeclaration, System
 from pydantic import Field
 
 from fides.api.schemas.connection_configuration.connection_config import (
@@ -14,6 +14,7 @@ class PrivacyDeclarationResponse(PrivacyDeclaration):
     id: str = Field(
         description="The database-assigned ID of the privacy declaration on the system. This is meant to be a read-only field, returned only in API responses"
     )
+    cookies: Optional[List[Cookies]] = []
 
 
 class SystemResponse(System):
@@ -26,3 +27,5 @@ class SystemResponse(System):
     connection_configs: Optional[ConnectionConfigurationResponse] = Field(
         description=ConnectionConfigurationResponse.__doc__,
     )
+
+    cookies: Optional[List[Cookies]] = []
diff --git a/tests/conftest.py b/tests/conftest.py
index b99d202bff..ebb44ffb27 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -29,7 +29,7 @@
 from fides.api.db.ctl_session import sync_engine
 from fides.api.main import app
 from fides.api.models.privacy_request import generate_request_callback_jwe
-from fides.api.models.sql_models import DataUse, PrivacyDeclaration
+from fides.api.models.sql_models import Cookies, DataUse, PrivacyDeclaration
 from fides.api.oauth.jwt import generate_jwe
 from fides.api.oauth.roles import (
     APPROVER,
@@ -411,6 +411,7 @@ def resources_dict():
             system_type="SYSTEM",
             name="Test System",
             description="Test Policy",
+            cookies=[],
             privacy_declarations=[
                 models.PrivacyDeclaration(
                     name="declaration-name",
@@ -419,6 +420,7 @@ def resources_dict():
                     data_subjects=[],
                     data_qualifier="aggregated_data",
                     dataset_references=[],
+                    cookies=[],
                 )
             ],
         ),
@@ -1018,7 +1020,7 @@ def system(db: Session) -> System:
         },
     )
 
-    PrivacyDeclaration.create(
+    privacy_declaration = PrivacyDeclaration.create(
         db=db,
         data={
             "name": "Collect data for marketing",
@@ -1033,6 +1035,17 @@ def system(db: Session) -> System:
         },
     )
 
+    Cookies.create(
+        db=db,
+        data={
+            "name": "test_cookie",
+            "path": "/",
+            "privacy_declaration_id": privacy_declaration.id,
+            "system_id": system.id,
+        },
+        check_name=False,
+    )
+
     db.refresh(system)
     return system
 
diff --git a/tests/ctl/core/test_api.py b/tests/ctl/core/test_api.py
index 18e4686c6e..727119e3bd 100644
--- a/tests/ctl/core/test_api.py
+++ b/tests/ctl/core/test_api.py
@@ -449,6 +449,13 @@ def system_create_request_body(self) -> SystemSchema:
                     data_subjects=[],
                     data_qualifier="aggregated_data",
                     dataset_references=[],
+                    cookies=[
+                        {
+                            "name": "essential_cookie",
+                            "path": "/",
+                            "domain": "example.com",
+                        }
+                    ],
                 ),
                 models.PrivacyDeclaration(
                     name="declaration-name-2",
@@ -551,12 +558,24 @@ async def test_system_create(
 
         assert result.status_code == HTTP_201_CREATED
         assert result.json()["name"] == "Test System"
+        assert result.json()["cookies"] == [
+            {"name": "essential_cookie", "path": "/", "domain": "example.com"}
+        ]
+        assert result.json()["privacy_declarations"][0]["cookies"] == [
+            {"name": "essential_cookie", "path": "/", "domain": "example.com"}
+        ]
+        assert result.json()["privacy_declarations"][1]["cookies"] == []
         assert len(result.json()["privacy_declarations"]) == 2
 
         systems = System.all(db)
         assert len(systems) == 1
         assert systems[0].name == "Test System"
         assert len(systems[0].privacy_declarations) == 2
+        assert [cookie.name for cookie in systems[0].cookies] == ["essential_cookie"]
+        assert [
+            cookie.name for cookie in systems[0].privacy_declarations[0].cookies
+        ] == ["essential_cookie"]
+        assert systems[0].privacy_declarations[1].cookies == []
 
     async def test_system_create_custom_metadata_saas_config(
         self,
@@ -734,6 +753,31 @@ def system_update_request_body(self, system) -> SystemSchema:
             ],
         )
 
+    @pytest.fixture(scope="function")
+    def system_update_request_body_with_cookies(self, system) -> SystemSchema:
+        return SystemSchema(
+            organization_fides_key=1,
+            registryId=1,
+            fides_key=system.fides_key,
+            system_type="SYSTEM",
+            name=self.updated_system_name,
+            description="Test Policy",
+            privacy_declarations=[
+                models.PrivacyDeclaration(
+                    name="declaration-name",
+                    data_categories=[],
+                    data_use="essential",
+                    data_subjects=[],
+                    data_qualifier="aggregated_data",
+                    dataset_references=[],
+                    cookies=[
+                        {"name": "my_cookie", "domain": "example.com"},
+                        {"name": "my_other_cookie"},
+                    ],
+                )
+            ],
+        )
+
     def test_system_update_not_authenticated(
         self, test_config, system_update_request_body
     ):
@@ -1093,6 +1137,40 @@ def test_system_update_privacy_declaration_invalid_duplicate(
             and system.privacy_declarations[1].name == "new declaration 1"
         )
 
+    def test_system_update_privacy_declaration_cookies(
+        self,
+        test_config,
+        system_update_request_body_with_cookies,
+        system,
+        db,
+        generate_system_manager_header,
+    ):
+        assert system.name != self.updated_system_name
+
+        auth_header = generate_system_manager_header([system.id])
+        result = _api.update(
+            url=test_config.cli.server_url,
+            headers=auth_header,
+            resource_type="system",
+            json_resource=system_update_request_body_with_cookies.json(
+                exclude_none=True
+            ),
+        )
+        assert result.status_code == HTTP_200_OK
+        assert result.json()["name"] == self.updated_system_name
+        assert result.json()["cookies"] == [
+            {"name": "my_cookie", "path": None, "domain": "example.com"},
+            {"name": "my_other_cookie", "path": None, "domain": None},
+            {"name": "test_cookie", "path": "/", "domain": None},
+        ]
+
+        db.refresh(system)
+        assert system.name == self.updated_system_name
+        assert (
+            len(system.cookies) == 3
+        )  # Two from the current privacy declaration, one from the previous privacy declaration that was deleted, but still linked to the system
+        assert len(system.privacy_declarations[0].cookies) == 2
+
     @pytest.mark.parametrize(
         "update_declarations",
         [
@@ -1105,6 +1183,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     )
                 ]
             ),
@@ -1118,6 +1197,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                     models.PrivacyDeclaration(
                         name="declaration-name-2",
@@ -1126,6 +1206,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                 ]
             ),
@@ -1139,6 +1220,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                     models.PrivacyDeclaration(
                         name="Collect data for marketing",
@@ -1147,6 +1229,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                 ]
             ),
@@ -1160,6 +1243,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                     models.PrivacyDeclaration(
                         name="declaration-name-2",
@@ -1168,6 +1252,7 @@ def test_system_update_privacy_declaration_invalid_duplicate(
                         data_subjects=[],
                         data_qualifier="aggregated_data",
                         dataset_references=[],
+                        cookies=[],
                     ),
                 ]
             ),
diff --git a/tests/ctl/core/test_system.py b/tests/ctl/core/test_system.py
index d801987a4f..a6eaaf5fc0 100644
--- a/tests/ctl/core/test_system.py
+++ b/tests/ctl/core/test_system.py
@@ -1,11 +1,16 @@
 # pylint: disable=missing-docstring, redefined-outer-name
 import os
 from typing import Generator, List
+from uuid import uuid4
 
 import pytest
+from fideslang.models import PrivacyDeclaration as PrivacyDeclarationSchema
 from fideslang.models import System, SystemMetadata
 from py._path.local import LocalPath
+from sqlalchemy import delete
 
+from fides.api.db.system import create_system, upsert_cookies
+from fides.api.models.sql_models import Cookies, PrivacyDeclaration
 from fides.api.models.sql_models import System as sql_System
 from fides.config import FidesConfig
 from fides.connectors.models import OktaConfig
@@ -332,3 +337,208 @@ def test_scan_system_okta_fail(tmpdir: LocalPath, test_config: FidesConfig) -> N
             url=test_config.cli.server_url,
             headers=test_config.user.auth_header,
         )
+
+
+class TestUpsertCookies:
+    @pytest.fixture()
+    async def test_cookie_system(
+        self,
+        async_session_temp,
+        generate_auth_header,
+        test_config,
+        generate_role_header,
+        db,
+    ):
+        resource = System(
+            fides_key=str(uuid4()),
+            organization_fides_key="default_organization",
+            name="test_system_1",
+            system_type="test",
+            privacy_declarations=[
+                PrivacyDeclarationSchema(
+                    name="declaration-name",
+                    data_categories=[],
+                    data_use="essential",
+                    data_subjects=[],
+                    data_qualifier="aggregated_data",
+                    dataset_references=[],
+                ),
+                PrivacyDeclarationSchema(
+                    name="declaration-name-2",
+                    data_categories=[],
+                    data_use="improve",
+                    data_subjects=[],
+                    data_qualifier="aggregated_data",
+                    dataset_references=[],
+                ),
+            ],
+        )
+
+        system = await create_system(resource, async_session_temp)
+
+        Cookies.create(
+            db=db,
+            data={
+                "name": "strawberry",
+                "path": "/",
+                "privacy_declaration_id": sorted(
+                    system.privacy_declarations, key=lambda x: x.name
+                )[1].id,
+                "system_id": system.id,
+            },
+            check_name=False,
+        )
+        await async_session_temp.refresh(system)
+        yield system
+        delete(sql_System).where(sql_System.id == system.id)
+
+    async def test_new_cookies(self, test_cookie_system, async_session_temp):
+        """Test adding a new cookie to a privacy declaration.  The other privacy declaration on the
+        system already has a cookie."""
+
+        new_cookies = [{"name": "apple"}]
+        privacy_declaration = sorted(
+            test_cookie_system.privacy_declarations, key=lambda x: x.name
+        )[0]
+
+        await upsert_cookies(
+            async_session_temp,
+            new_cookies,
+            privacy_declaration,
+            test_cookie_system,
+        )
+        await async_session_temp.refresh(test_cookie_system)
+        assert len(test_cookie_system.cookies) == 2
+
+        assert {cookie.name for cookie in test_cookie_system.cookies} == {
+            "strawberry",
+            "apple",
+        }
+        assert len(privacy_declaration.cookies) == 1
+        assert privacy_declaration.cookies[0].name == "apple"
+
+        new_cookie = privacy_declaration.cookies[0]
+        assert new_cookie.created_at is not None
+        assert new_cookie.updated_at is not None
+        assert new_cookie.name == "apple"
+        assert new_cookie.system_id == test_cookie_system.id
+        assert new_cookie.privacy_declaration_id == privacy_declaration.id
+
+    async def test_no_change_to_cookies(self, test_cookie_system, async_session_temp):
+        """Test specified cookies already exist on given privacy declaration, so no change required"""
+        new_cookies = [{"name": "strawberry"}]
+        privacy_declaration = sorted(
+            test_cookie_system.privacy_declarations, key=lambda x: x.name
+        )[1]
+        existing_cookie = privacy_declaration.cookies[0]
+        assert existing_cookie.name == "strawberry"
+
+        await upsert_cookies(
+            async_session_temp,
+            new_cookies,
+            privacy_declaration,
+            test_cookie_system,
+        )
+        await async_session_temp.refresh(test_cookie_system)
+        assert len(test_cookie_system.cookies) == 1
+
+        assert {cookie.name for cookie in test_cookie_system.cookies} == {
+            "strawberry",
+        }
+        assert len(privacy_declaration.cookies) == 1
+        assert privacy_declaration.cookies[0].name == "strawberry"
+
+        new_cookie = privacy_declaration.cookies[0]
+        assert new_cookie.created_at is not None
+        assert new_cookie.updated_at is not None
+        assert new_cookie.name == "strawberry"
+        assert new_cookie.system_id == test_cookie_system.id
+        assert new_cookie.privacy_declaration_id == privacy_declaration.id
+
+    async def test_update_cookies(self, test_cookie_system, async_session_temp):
+        """Test cookie exists but path has changed"""
+        """Test specified cookies already exist on given privacy declaration, so no change required"""
+
+        new_cookies = [{"name": "strawberry", "path": "/"}]
+        privacy_declaration = sorted(
+            test_cookie_system.privacy_declarations, key=lambda x: x.name
+        )[1]
+        existing_cookie = privacy_declaration.cookies[0]
+        assert existing_cookie.name == "strawberry"
+
+        await upsert_cookies(
+            async_session_temp,
+            new_cookies,
+            privacy_declaration,
+            test_cookie_system,
+        )
+        await async_session_temp.refresh(test_cookie_system)
+        assert len(test_cookie_system.cookies) == 1
+        assert test_cookie_system.cookies[0].name == "strawberry"
+        assert test_cookie_system.cookies[0].path == "/"
+
+        assert len(privacy_declaration.cookies) == 1
+        assert privacy_declaration.cookies[0].name == "strawberry"
+        assert privacy_declaration.cookies[0].path == "/"
+
+        new_cookie = privacy_declaration.cookies[0]
+        assert new_cookie.created_at is not None
+        assert new_cookie.updated_at is not None
+        assert new_cookie.name == "strawberry"
+        assert new_cookie.system_id == test_cookie_system.id
+        assert new_cookie.privacy_declaration_id == privacy_declaration.id
+
+    async def test_remove_cookies(self, test_cookie_system, async_session_temp):
+        """Test cookie list is missing a cookie currently on the privacy declaration so add the new
+        cookie and we remove the existing one"""
+
+        new_cookies = [{"name": "apple"}]
+        privacy_declaration = sorted(
+            test_cookie_system.privacy_declarations, key=lambda x: x.name
+        )[1]
+        existing_cookie = privacy_declaration.cookies[0]
+        assert existing_cookie.name == "strawberry"
+
+        await upsert_cookies(
+            async_session_temp,
+            new_cookies,
+            privacy_declaration,
+            test_cookie_system,
+        )
+        await async_session_temp.refresh(test_cookie_system)
+        assert len(test_cookie_system.cookies) == 1
+
+        assert {cookie.name for cookie in test_cookie_system.cookies} == {
+            "apple",
+        }
+        assert len(privacy_declaration.cookies) == 1
+        assert privacy_declaration.cookies[0].name == "apple"
+
+        new_cookie = privacy_declaration.cookies[0]
+        assert new_cookie.created_at is not None
+        assert new_cookie.updated_at is not None
+        assert new_cookie.name == "apple"
+        assert new_cookie.system_id == test_cookie_system.id
+        assert new_cookie.privacy_declaration_id == privacy_declaration.id
+
+    async def test_delete_privacy_declaration(
+        self, test_cookie_system, async_session_temp
+    ):
+        """Test if a privacy declaration is deleted, its cookie is still linked to the system"""
+
+        privacy_declaration = sorted(
+            test_cookie_system.privacy_declarations, key=lambda x: x.name
+        )[1]
+        existing_cookie = privacy_declaration.cookies[0]
+
+        assert existing_cookie.privacy_declaration_id == privacy_declaration.id
+        assert existing_cookie.system_id == test_cookie_system.id
+
+        stmt = delete(PrivacyDeclaration).where(
+            PrivacyDeclaration.id == privacy_declaration.id
+        )
+        await async_session_temp.execute(stmt)
+        await async_session_temp.refresh(existing_cookie)
+
+        assert existing_cookie.privacy_declaration_id is None
+        assert existing_cookie.system_id == test_cookie_system.id
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
index 4feb6ebc94..6a4f724e00 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
@@ -13,6 +13,7 @@
     ComponentType,
     PrivacyExperience,
     PrivacyExperienceConfig,
+    PrivacyExperienceConfigHistory,
 )
 from fides.api.models.privacy_notice import PrivacyNoticeRegion
 from fides.common.api import scope_registry as scopes
@@ -1167,14 +1168,18 @@ def test_update_experience_config_while_ignoring_regions(
         experience_config = get_experience_config_or_error(db, resp["id"])
         assert experience_config.experiences.all() == [privacy_experience_overlay]
         assert experience_config.histories.count() == 2
-        history = experience_config.histories[0]
+        history = experience_config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[0]
         assert history.version == 1.0
         assert history.component == ComponentType.overlay
         assert history.banner_enabled == BannerEnabled.enabled_where_required
         assert history.experience_config_id == experience_config.id
         assert history.disabled is False
 
-        history = experience_config.histories[1]
+        history = experience_config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[1]
         assert history.version == 2.0
         assert history.disabled is True
 
@@ -1224,14 +1229,18 @@ def test_update_experience_config_with_no_regions(
         experience_config = get_experience_config_or_error(db, resp["id"])
         assert experience_config.experiences.all() == []
         assert experience_config.histories.count() == 2
-        history = experience_config.histories[0]
+        history = experience_config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[0]
         assert history.version == 1.0
         assert history.component == ComponentType.overlay
         assert history.banner_enabled == BannerEnabled.enabled_where_required
         assert history.experience_config_id == experience_config.id
         assert history.disabled is False
 
-        history = experience_config.histories[1]
+        history = experience_config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[1]
         assert history.version == 2.0
         assert history.disabled is True
 
@@ -1448,7 +1457,9 @@ def test_update_experience_config_experience_also_updated(
         db.refresh(overlay_experience_config)
         # ExperienceConfig was disabled - this is a change, so another historical record is created
         assert overlay_experience_config.histories.count() == 2
-        experience_config_history = overlay_experience_config.histories[1]
+        experience_config_history = overlay_experience_config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[1]
         assert experience_config_history.version == 2.0
         assert experience_config_history.disabled
         assert experience_config_history.component == ComponentType.overlay
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 4815798aa9..9090daa892 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -5,6 +5,7 @@
 from uuid import uuid4
 
 import pytest
+from fideslang.models import Cookies as CookieSchema
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
@@ -87,6 +88,7 @@ def test_get_privacy_notices_defaults(
             assert "created_at" in notice_detail
             assert "updated_at" in notice_detail
             assert "name" in notice_detail
+            assert "name" in notice_detail
             assert "description" in notice_detail
             assert "regions" in notice_detail
             assert "consent_mechanism" in notice_detail
@@ -755,6 +757,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         )
                     ],
                 },
@@ -824,6 +829,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                         PrivacyNoticeResponse(
                             id=f"{PRIVACY_NOTICE_NAME}-2",
@@ -844,6 +852,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                     ],
                 },
@@ -911,6 +922,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             version=1.0,
                             privacy_notice_history_id="placeholder_id",
                             displayed_in_overlay=True,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                         PrivacyNoticeResponse(
                             id=f"{PRIVACY_NOTICE_NAME}-2",
@@ -929,6 +943,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             version=1.0,
                             privacy_notice_history_id="placeholder_id",
                             displayed_in_overlay=True,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                     ],
                     "third_party_sharing": [
@@ -950,6 +967,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             version=1.0,
                             privacy_notice_history_id="placeholder_id",
                             displayed_in_overlay=True,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                     ],
                 },
@@ -1019,6 +1039,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         ),
                     ],
                     "third_party_sharing": [],
@@ -1153,6 +1176,9 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[
+                                CookieSchema(name="test_cookie", path="/", domain=None)
+                            ],
                         )
                     ],
                     "essential.service.operations.support.optimization": [
@@ -1177,6 +1203,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[],
                         ),
                         PrivacyNoticeResponse(
                             id=f"{PRIVACY_NOTICE_NAME}-3",
@@ -1197,6 +1224,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[],
                         ),
                         PrivacyNoticeResponse(
                             id=f"{PRIVACY_NOTICE_NAME}-2",
@@ -1217,6 +1245,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             displayed_in_overlay=True,
                             displayed_in_privacy_center=False,
                             displayed_in_api=False,
+                            cookies=[],
                         ),
                     ],
                 },
diff --git a/tests/ops/models/test_privacy_experience.py b/tests/ops/models/test_privacy_experience.py
index 78e3e87dcd..27f6ee539a 100644
--- a/tests/ops/models/test_privacy_experience.py
+++ b/tests/ops/models/test_privacy_experience.py
@@ -7,6 +7,7 @@
     ComponentType,
     PrivacyExperience,
     PrivacyExperienceConfig,
+    PrivacyExperienceConfigHistory,
     upsert_privacy_experiences_after_config_update,
     upsert_privacy_experiences_after_notice_update,
 )
@@ -123,11 +124,15 @@ def test_update_privacy_experience_config(self, db):
         assert config.updated_at > config_updated_at
 
         assert config.histories.count() == 2
-        history = config.histories[1]
+        history = config.histories.order_by(PrivacyExperienceConfigHistory.created_at)[
+            1
+        ]
         assert history.component == ComponentType.privacy_center
         assert config.experience_config_history_id == history.id
 
-        old_history = config.histories[0]
+        old_history = config.histories.order_by(
+            PrivacyExperienceConfigHistory.created_at
+        )[0]
         assert old_history.version == 1.0
         assert old_history.component == ComponentType.overlay
 
diff --git a/tests/ops/models/test_privacy_notice.py b/tests/ops/models/test_privacy_notice.py
index 6c519f4ced..c56c02cc80 100644
--- a/tests/ops/models/test_privacy_notice.py
+++ b/tests/ops/models/test_privacy_notice.py
@@ -1,4 +1,5 @@
 import pytest
+from fideslang.models import Cookies as CookieSchema
 from fideslang.validation import FidesValidationError
 from sqlalchemy.orm import Session
 
@@ -12,6 +13,7 @@
     check_conflicting_data_uses,
     new_data_use_conflicts_with_existing_use,
 )
+from fides.api.models.sql_models import Cookies
 
 
 class TestPrivacyNoticeModel:
@@ -697,6 +699,69 @@ def test_conflicting_data_uses(
                 existing_privacy_notices=existing_privacy_notices,
             )
 
+    @pytest.mark.parametrize(
+        "privacy_notice_data_use,declaration_cookies,expected_cookies,description",
+        [
+            (
+                ["marketing.advertising", "third_party_sharing"],
+                [{"name": "test_cookie"}],
+                [CookieSchema(name="test_cookie")],
+                "Data uses overlap exactly",
+            ),
+            (
+                ["marketing.advertising.first_party", "third_party_sharing"],
+                [{"name": "test_cookie"}],
+                [],
+                "Privacy notice use more specific than system's.  Too big a leap to assume system should be adjusted here.",
+            ),
+            (
+                ["marketing", "third_party_sharing"],
+                [{"name": "test_cookie"}],
+                [CookieSchema(name="test_cookie")],
+                "Privacy notice use more general than system's, so system's data use is under the scope of the notice",
+            ),
+            (
+                ["marketing.advertising", "third_party_sharing"],
+                [{"name": "test_cookie"}, {"name": "another_cookie"}],
+                [CookieSchema(name="test_cookie"), CookieSchema(name="another_cookie")],
+                "Test multiple cookies",
+            ),
+            (["marketing.advertising"], [], [], "No cookies returns an empty set"),
+        ],
+    )
+    def test_relevant_cookies(
+        self,
+        privacy_notice_data_use,
+        declaration_cookies,
+        expected_cookies,
+        description,
+        privacy_notice,
+        db,
+        system,
+    ):
+        """Test different combinations of data uses and cookies between the Privacy Notice and the Privacy Declaration"""
+        db.query(Cookies).delete()
+        privacy_notice.data_uses = privacy_notice_data_use
+        privacy_notice.save(db)
+
+        privacy_declaration = system.privacy_declarations[0]
+        assert privacy_declaration.data_use == "marketing.advertising"
+
+        for cookie in declaration_cookies:
+            Cookies.create(
+                db,
+                data={
+                    "name": cookie["name"],
+                    "privacy_declaration_id": privacy_declaration.id,
+                    "system_id": system.id,
+                },
+                check_name=False,
+            )
+
+        assert [
+            CookieSchema.from_orm(cookie) for cookie in privacy_notice.cookies
+        ] == expected_cookies, description
+
     def test_calculate_relevant_systems(
         self,
         db,

From ca52bb10012a0934c5a63d1b346d246de494b4e8 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Thu, 22 Jun 2023 15:32:48 -0400
Subject: [PATCH 25/90] also replace text in relevant modals

---
 .../ConnectorTemplateUploadModal.tsx                   | 10 ++++++----
 .../system_portal_config/DeleteConnectionModal.tsx     |  6 +++---
 .../system_portal_config/OrphanedConnectionModal.tsx   |  8 ++++----
 .../system_portal_config/forms/ConnectorParameters.tsx |  6 +++---
 4 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/clients/admin-ui/src/features/connector-templates/ConnectorTemplateUploadModal.tsx b/clients/admin-ui/src/features/connector-templates/ConnectorTemplateUploadModal.tsx
index 6d1c8413e5..58d7e1c235 100644
--- a/clients/admin-ui/src/features/connector-templates/ConnectorTemplateUploadModal.tsx
+++ b/clients/admin-ui/src/features/connector-templates/ConnectorTemplateUploadModal.tsx
@@ -68,7 +68,9 @@ const ConnectorTemplateUploadModal: React.FC<RequestModalProps> = ({
     if (uploadedFile) {
       try {
         await registerConnectorTemplate(uploadedFile).unwrap();
-        toast(successToastParams("Connector template uploaded successfully."));
+        toast(
+          successToastParams("Integration template uploaded successfully.")
+        );
 
         // refresh the connection types
         const { data } = await refetchConnectionTypes();
@@ -96,10 +98,10 @@ const ConnectorTemplateUploadModal: React.FC<RequestModalProps> = ({
     <Modal isOpen={isOpen} onClose={onClose} size="2xl">
       <ModalOverlay />
       <ModalContent textAlign="left" p={2} data-testid={testId}>
-        <ModalHeader>Upload connector template</ModalHeader>
+        <ModalHeader>Upload integration template</ModalHeader>
         <ModalBody>
           <Text fontSize="sm" mb={4}>
-            Drag and drop your connector template zip file here, or click to
+            Drag and drop your integration template zip file here, or click to
             browse your files.
           </Text>
           <Box
@@ -119,7 +121,7 @@ const ConnectorTemplateUploadModal: React.FC<RequestModalProps> = ({
             {renderFileText()}
           </Box>
           <Text fontSize="sm" mt={4}>
-            A connector template zip file must include a SaaS config and
+            An integration template zip file must include a SaaS config and
             dataset, but may also contain an icon (.svg) and custom functions
             (.py) as optional files.
           </Text>
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
index d50ab4eb26..55bb2681ef 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
@@ -63,7 +63,7 @@ const DeleteConnectionModal: React.FC<DataConnectionProps> = ({
       <Modal isCentered isOpen={isOpen} onClose={closeIfComplete}>
         <ModalOverlay />
         <ModalContent>
-          <ModalHeader>Delete Connection</ModalHeader>
+          <ModalHeader>Delete Integration</ModalHeader>
           <ModalCloseButton />
           <ModalBody pb={6}>
             <Stack direction="column" spacing="15px">
@@ -73,7 +73,7 @@ const DeleteConnectionModal: React.FC<DataConnectionProps> = ({
                 fontWeight="sm"
                 lineHeight="20px"
               >
-                Deleting a connection may impact any privacy request that is
+                Deleting an integration may impact any privacy request that is
                 currently in progress. Do you wish to proceed?
               </Text>
             </Stack>
@@ -108,7 +108,7 @@ const DeleteConnectionModal: React.FC<DataConnectionProps> = ({
                 color: "gray.600",
               }}
             >
-              Delete connection
+              Delete integration
             </Button>
           </ModalFooter>
         </ModalContent>
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
index 7c54bb7021..e2159c9172 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
@@ -116,7 +116,7 @@ const OrphanedConnectionModal: React.FC<DataConnectionProps> = ({
       <Modal isCentered isOpen={isOpen} size="lg" onClose={closeIfComplete}>
         <ModalOverlay />
         <ModalContent>
-          <ModalHeader>Unlinked Connections</ModalHeader>
+          <ModalHeader>Unlinked Integrations</ModalHeader>
           <ModalCloseButton />
           <ModalBody pb={6}>
             <Stack direction="column" spacing="15px">
@@ -126,8 +126,8 @@ const OrphanedConnectionModal: React.FC<DataConnectionProps> = ({
                 fontWeight="sm"
                 lineHeight="20px"
               >
-                These are all the connections that are not linked to a system.
-                Please select a connection to link to a system.
+                These are all the integrations that are not linked to a system.
+                Please select an integration to link to a system.
               </Text>
               <Box maxHeight="350px" height="100%" overflowY="auto">
                 {connectionConfigs.map((connectionConfig) => (
@@ -192,7 +192,7 @@ const OrphanedConnectionModal: React.FC<DataConnectionProps> = ({
                 color: "gray.600",
               }}
             >
-              Link connector
+              Link integration
             </Button>
           </ModalFooter>
         </ModalContent>
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 2bc5cc5368..f98122d5f2 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -193,7 +193,7 @@ export const useConnectorForm = ({
       // @ts-ignore connection_configs isn't on the type yet but will be in the future
       dispatch(setActiveSystem({ ...activeSystem, connection_configs: null }));
       setSelectedConnectionOption(undefined);
-      successAlert(`Connector successfully deleted!`);
+      successAlert(`Integration successfully deleted!`);
     } catch (e) {
       handleError(e);
     }
@@ -270,7 +270,7 @@ export const useConnectorForm = ({
       }
 
       successAlert(
-        `Connector successfully ${
+        `Integration successfully ${
           isCreatingConnectionConfig ? "added" : "updated"
         }!`
       );
@@ -342,7 +342,7 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
       <Box color="gray.700" fontSize="14px" mb={4} h="80px">
         Connect to your {connectionOption!.human_readable} environment by
         providing credential information below. Once you have saved your
-        connector credentials, you can review what data is included when
+        integration credentials, you can review what data is included when
         processing a privacy request in your Dataset configuration.
       </Box>
       <ConnectorParametersForm

From 9ec7bca53d4527bab5f0652ff7e5054257c3a411 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Thu, 22 Jun 2023 16:03:47 -0400
Subject: [PATCH 26/90] replace one more instance that was missed

---
 .../system_portal_config/OrphanedConnectionModal.tsx            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
index e2159c9172..24540330f1 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
@@ -110,7 +110,7 @@ const OrphanedConnectionModal: React.FC<DataConnectionProps> = ({
         color="white"
         colorScheme="primary"
       >
-        Link connector
+        Link integration
       </Button>
 
       <Modal isCentered isOpen={isOpen} size="lg" onClose={closeIfComplete}>

From cf0ac169d1649545ccbaf7259e963237248bd073 Mon Sep 17 00:00:00 2001
From: Jeremy Pople <jeremy@ethyca.com>
Date: Thu, 22 Jun 2023 16:17:19 -0400
Subject: [PATCH 27/90] update README

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 921da9ec50..81aaf751fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -88,6 +88,7 @@ The types of changes are:
 - Removed `pyodbc` in favor of `pymssql` for handling SQL Server connections [#3435](https://github.com/ethyca/fides/pull/3435)
 - Only create a PrivacyRequest when saving consent if at least one notice has system-wide enforcement [#3626](https://github.com/ethyca/fides/pull/3626)
 - Increased the character limit for the `SafeStr` type from 500 to 32000 [#3647](https://github.com/ethyca/fides/pull/3647)
+- Changed "connection" to "integration" on system view and edit pages [#3659](https://github.com/ethyca/fides/pull/3659)
 
 ### Developer Experience
 

From b4f1b3b5a9c36dafcfe655bbbed748778479add9 Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Fri, 23 Jun 2023 10:14:52 -0500
Subject: [PATCH 28/90] Update Fides Pull Request Template: Description of
 Changes placement (#3641)

---
 .github/pull_request_template.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index 2c6cfad0c6..24ea93ab79 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,5 +1,10 @@
 Closes #<issue>
 
+### Description Of Changes
+
+_Write some things here about the changes and any potential caveats_
+
+
 ### Code Changes
 
 * [ ] _list your code changes here_
@@ -18,7 +23,3 @@ Closes #<issue>
 * [ ] Relevant Follow-Up Issues Created
 * [ ] Update `CHANGELOG.md`
 * [ ] For API changes, the [Postman collection](https://github.com/ethyca/fides/blob/main/docs/fides/docs/development/postman/Fides.postman_collection.json) has been updated
-
-### Description Of Changes
-
-_Write some things here about the changes and any potential caveats_

From df2d2439f3d74345fedff9c06b2ec87b63f1eed3 Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Fri, 23 Jun 2023 12:58:44 -0400
Subject: [PATCH 29/90] Subscribe to individual system query in manual create
 (#3662)

---
 CHANGELOG.md                                  |  1 +
 clients/admin-ui/cypress/e2e/systems.cy.ts    | 68 +++++++++++--------
 .../src/features/system/SystemFormTabs.tsx    | 17 ++++-
 .../PrivacyDeclarationStep.tsx                | 11 +--
 4 files changed, 59 insertions(+), 38 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81aaf751fc..65f92e4db4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -69,6 +69,7 @@ The types of changes are:
 - Update to latest asyncpg dependency to avoid build error [#3614](https://github.com/ethyca/fides/pull/3614)
 - Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
 - Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
+- Fix bug where linking an integration would not update the tab when creating a new system [#3662](https://github.com/ethyca/fides/pull/3662)
 
 ### Changed
 
diff --git a/clients/admin-ui/cypress/e2e/systems.cy.ts b/clients/admin-ui/cypress/e2e/systems.cy.ts
index 2361b15a39..a3f9c03e1d 100644
--- a/clients/admin-ui/cypress/e2e/systems.cy.ts
+++ b/clients/admin-ui/cypress/e2e/systems.cy.ts
@@ -111,6 +111,9 @@ describe("System management page", () => {
 
       it("Can step through the flow", () => {
         cy.fixture("systems/system.json").then((system) => {
+          cy.intercept("GET", "/api/v1/system/*", {
+            body: { ...system, privacy_declarations: [] },
+          }).as("getDemoSystem");
           // Fill in the describe form based on fixture data
           cy.visit(ADD_SYSTEMS_ROUTE);
           cy.getByTestId("manual-btn").click();
@@ -145,6 +148,7 @@ describe("System management page", () => {
             "@getDataSubjects",
             "@getDataUses",
             "@getFilteredDatasets",
+            "@getDemoSystem",
           ]);
           cy.getByTestId("new-declaration-form");
           const declaration = system.privacy_declarations[0];
@@ -180,32 +184,41 @@ describe("System management page", () => {
       });
 
       it("can render a warning when there is unsaved data", () => {
-        cy.visit(ADD_SYSTEMS_MANUAL_ROUTE);
-        cy.wait("@getSystems");
-        cy.wait("@getConnectionTypes");
-        cy.getByTestId("create-system-btn").click();
-        cy.getByTestId("input-name").type("test");
-        cy.getByTestId("input-fides_key").type("test");
-        cy.getByTestId("save-btn").click();
-        cy.wait("@postSystem");
+        cy.fixture("systems/system.json").then((system) => {
+          cy.intercept("GET", "/api/v1/system/*", {
+            body: { ...system, privacy_declarations: [] },
+          }).as("getDemoSystem");
+          cy.visit(ADD_SYSTEMS_MANUAL_ROUTE);
+          cy.wait("@getSystems");
+          cy.wait("@getConnectionTypes");
+          cy.getByTestId("create-system-btn").click();
+          cy.getByTestId("input-name").type(system.name);
+          cy.getByTestId("input-fides_key").type(system.fides_key);
+          cy.getByTestId("input-description").type(system.description);
+          cy.getByTestId("save-btn").click();
+          cy.wait("@postSystem");
 
-        // start typing a description
-        const description = "half formed thought";
-        cy.getByTestId("input-description").type(description);
-        // then try navigating to the privacy declarations tab
-        cy.getByTestId("tab-Data uses").click();
-        cy.getByTestId("confirmation-modal");
-        // make sure canceling works
-        cy.getByTestId("cancel-btn").click();
-        cy.getByTestId("input-description").should("have.value", description);
-        // now actually discard
-        cy.getByTestId("tab-Data uses").click();
-        cy.getByTestId("continue-btn").click();
-        // should load the privacy declarations page
-        cy.getByTestId("privacy-declaration-step");
-        // navigate back
-        cy.getByTestId("tab-System information").click();
-        cy.getByTestId("input-description").should("have.value", "");
+          // start typing a description
+          const description = "half formed thought";
+          cy.getByTestId("input-description").clear().type(description);
+          // then try navigating to the privacy declarations tab
+          cy.getByTestId("tab-Data uses").click();
+          cy.getByTestId("confirmation-modal");
+          // make sure canceling works
+          cy.getByTestId("cancel-btn").click();
+          cy.getByTestId("input-description").should("have.value", description);
+          // now actually discard
+          cy.getByTestId("tab-Data uses").click();
+          cy.getByTestId("continue-btn").click();
+          // should load the privacy declarations page
+          cy.getByTestId("privacy-declaration-step");
+          // navigate back and make sure description has the original description
+          cy.getByTestId("tab-System information").click();
+          cy.getByTestId("input-description").should(
+            "have.value",
+            system.description
+          );
+        });
       });
     });
   });
@@ -311,6 +324,7 @@ describe("System management page", () => {
         const { body } = interception.request;
         expect(body.joint_controller.name).to.eql(controllerName);
       });
+      cy.wait("@getFidesctlSystem");
 
       // Switch to the Data Uses tab
       cy.getByTestId("tab-Data uses").click();
@@ -336,15 +350,15 @@ describe("System management page", () => {
       // edit the existing declaration
       cy.getByTestId("accordion-header-improve.system").click();
       cy.getByTestId("improve.system-form").within(() => {
-        cy.getByTestId("input-data_subjects").type(`anonymous{enter}`);
+        cy.getByTestId("input-data_subjects").type(`customer{enter}`);
         cy.getByTestId("save-btn").click();
       });
       cy.wait("@putSystem").then((interception) => {
         const { body } = interception.request;
         expect(body.privacy_declarations.length).to.eql(1);
         expect(body.privacy_declarations[0].data_subjects).to.eql([
-          "customer",
           "anonymous_user",
+          "customer",
         ]);
       });
       cy.getByTestId("saved-indicator");
diff --git a/clients/admin-ui/src/features/system/SystemFormTabs.tsx b/clients/admin-ui/src/features/system/SystemFormTabs.tsx
index 64171f0a84..8cd711f0aa 100644
--- a/clients/admin-ui/src/features/system/SystemFormTabs.tsx
+++ b/clients/admin-ui/src/features/system/SystemFormTabs.tsx
@@ -12,7 +12,11 @@ import ConnectionForm from "~/features/datastore-connections/system_portal_confi
 import PrivacyDeclarationStep from "~/features/system/privacy-declarations/PrivacyDeclarationStep";
 import { System, SystemResponse } from "~/types/api";
 
-import { selectActiveSystem, setActiveSystem } from "./system.slice";
+import {
+  selectActiveSystem,
+  setActiveSystem,
+  useGetSystemByFidesKeyQuery,
+} from "./system.slice";
 import SystemInformationForm from "./SystemInformationForm";
 import UnmountWarning from "./UnmountWarning";
 
@@ -79,6 +83,17 @@ const SystemFormTabs = ({
   const dispatch = useAppDispatch();
   const activeSystem = useAppSelector(selectActiveSystem) as SystemResponse;
 
+  // Once we have saved the system basics, subscribe to the query so that activeSystem
+  // stays up to date when redux invalidates the cache (for example, when we patch a connection config)
+  const { data: systemFromApi } = useGetSystemByFidesKeyQuery(
+    activeSystem?.fides_key,
+    { skip: !activeSystem }
+  );
+
+  useEffect(() => {
+    dispatch(setActiveSystem(systemFromApi));
+  }, [systemFromApi, dispatch]);
+
   const handleSuccess = (system: System) => {
     // show a save message if this is the first time the system was saved
     if (activeSystem === undefined) {
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
index 7634e8aaf1..5f0d2604ea 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationStep.tsx
@@ -1,9 +1,7 @@
 import { Heading, Spinner, Stack, Text } from "@fidesui/react";
 import NextLink from "next/link";
 
-import { useAppDispatch } from "~/app/hooks";
-import { setActiveSystem } from "~/features/system";
-import { System, SystemResponse } from "~/types/api";
+import { SystemResponse } from "~/types/api";
 
 import { usePrivacyDeclarationData } from "./hooks";
 import PrivacyDeclarationManager from "./PrivacyDeclarationManager";
@@ -13,16 +11,10 @@ interface Props {
 }
 
 const PrivacyDeclarationStep = ({ system }: Props) => {
-  const dispatch = useAppDispatch();
-
   const { isLoading, ...dataProps } = usePrivacyDeclarationData({
     includeDatasets: true,
   });
 
-  const onSave = (savedSystem: System) => {
-    dispatch(setActiveSystem(savedSystem));
-  };
-
   return (
     <Stack spacing={3} data-testid="privacy-declaration-step">
       <Heading as="h3" size="md">
@@ -46,7 +38,6 @@ const PrivacyDeclarationStep = ({ system }: Props) => {
       ) : (
         <PrivacyDeclarationManager
           system={system}
-          onSave={onSave}
           includeCustomFields
           includeCookies
           {...dataProps}

From d8cd3d76c1a37381b5b64fc2000d1795f15c6be2 Mon Sep 17 00:00:00 2001
From: Neville Samuell <neville@ethyca.com>
Date: Fri, 23 Jun 2023 13:32:50 -0400
Subject: [PATCH 30/90] Render linebreaks in the Fides.js overlay descriptions,
 etc. (#3665)

---
 CHANGELOG.md                              | 4 ++++
 clients/fides-js/src/components/fides.css | 1 +
 2 files changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 65f92e4db4..cda8d2ad57 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,10 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.15.0...main)
 
+### Fixed
+
+- Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
+
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
 
 ### Added
diff --git a/clients/fides-js/src/components/fides.css b/clients/fides-js/src/components/fides.css
index d697b98908..03272eccce 100644
--- a/clients/fides-js/src/components/fides.css
+++ b/clients/fides-js/src/components/fides.css
@@ -56,6 +56,7 @@ div#fides-overlay {
   font-size: var(--fides-overlay-font-size-body);
   z-index: 1000;
   position: fixed;
+  white-space: pre-line;
 
   /* CSS reset values, adapted from https://www.joshwcomeau.com/css/custom-css-reset/ */
   line-height: calc(1em + 0.4rem);

From f954d4bf77a28c41a2f4cb3a84d08e43b02c953d Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Fri, 23 Jun 2023 14:43:49 -0400
Subject: [PATCH 31/90] Fix dataset yaml not properly reflecting dataset in
 dropdown (#3666)

---
 CHANGELOG.md                                                 | 1 +
 .../system_portal_config/forms/ConnectorParametersForm.tsx   | 5 ++++-
 .../forms/fields/DatasetConfigField/DatasetConfigField.tsx   | 2 --
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cda8d2ad57..d70985841a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -74,6 +74,7 @@ The types of changes are:
 - Fix bug where editing a data use on a system could delete existing data uses [#3627](https://github.com/ethyca/fides/pull/3627)
 - Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
 - Fix bug where linking an integration would not update the tab when creating a new system [#3662](https://github.com/ethyca/fides/pull/3662)
+- Fix dataset yaml not properly reflecting the dataset in the dropdown of system integrations tab [#3666](https://github.com/ethyca/fides/pull/3666)
 
 ### Changed
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index c80456f831..6db1634007 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -382,7 +382,10 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               : null}
             {SystemType.DATABASE === connectionOption.type &&
             !isCreatingConnectionConfig ? (
-              <DatasetConfigField dropdownOptions={datasetDropdownOptions} />
+              <DatasetConfigField
+                dropdownOptions={datasetDropdownOptions}
+                connectionConfig={connectionConfig}
+              />
             ) : null}
             <ButtonGroup size="sm" spacing="8px" variant="outline">
               <Button
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
index f81217c482..c2841554fa 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
@@ -66,7 +66,6 @@ export const DatasetSelect = ({
       isInvalid={isInvalid}
       isRequired={isRequired}
     >
-      {/* <VStack align="flex-start" w="inherit"> */}
       {label ? (
         <Label htmlFor={props.id || props.name} {...labelProps}>
           {label}
@@ -107,7 +106,6 @@ export const DatasetSelect = ({
         />
         {tooltip ? <QuestionTooltip label={tooltip} /> : null}
       </Flex>
-      {/* </VStack> */}
     </FormControl>
   );
 };

From c55abb0b917962191f2dc563d2baa4e8e1391656 Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Fri, 23 Jun 2023 14:44:54 -0400
Subject: [PATCH 32/90] Notice empty state for privacy center (#3640)

---
 CHANGELOG.md                                  |  2 +
 .../modals/NoticeEmptyStateModal.tsx          | 39 +++++++++++++++++++
 .../cypress/e2e/consent-notices.cy.ts         |  5 ++-
 .../privacy-center/cypress/e2e/consent.cy.ts  |  6 ++-
 clients/privacy-center/cypress/e2e/home.cy.ts | 26 ++++++++++++-
 .../features/consent/consent.slice.ts         |  5 ++-
 .../privacy-center/features/consent/hooks.ts  | 10 ++++-
 clients/privacy-center/pages/index.tsx        | 39 ++++++++++++++++++-
 8 files changed, 122 insertions(+), 10 deletions(-)
 create mode 100644 clients/privacy-center/components/modals/NoticeEmptyStateModal.tsx

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d70985841a..d0075d4a8e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,8 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.15.0...main)
 
+### Added
+- Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
 ### Fixed
 
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
diff --git a/clients/privacy-center/components/modals/NoticeEmptyStateModal.tsx b/clients/privacy-center/components/modals/NoticeEmptyStateModal.tsx
new file mode 100644
index 0000000000..848f7e6db1
--- /dev/null
+++ b/clients/privacy-center/components/modals/NoticeEmptyStateModal.tsx
@@ -0,0 +1,39 @@
+import {
+  Button,
+  Modal,
+  ModalBody,
+  ModalContent,
+  ModalFooter,
+  ModalHeader,
+  ModalOverlay,
+  Text,
+} from "@fidesui/react";
+
+const NoticeEmptyStateModal = ({
+  isOpen,
+  onClose,
+}: {
+  isOpen: boolean;
+  onClose: () => void;
+}) => (
+  <Modal isOpen={isOpen} onClose={onClose} isCentered>
+    <ModalOverlay />
+    <ModalContent textAlign="center" data-testid="notice-empty-state">
+      <ModalHeader fontSize="lg" pt={6} fontWeight={500}>
+        Consent management unavailable
+      </ModalHeader>
+      <ModalBody py={0}>
+        <Text fontSize="sm" fontWeight={400} color="gray.500">
+          Consent management is unavailable in your area.
+        </Text>
+      </ModalBody>
+      <ModalFooter display="flex" justifyContent="center" py={6}>
+        <Button size="sm" colorScheme="primary" width="100%" onClick={onClose}>
+          Ok
+        </Button>
+      </ModalFooter>
+    </ModalContent>
+  </Modal>
+);
+
+export default NoticeEmptyStateModal;
diff --git a/clients/privacy-center/cypress/e2e/consent-notices.cy.ts b/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
index cc5fac8f6e..ce382b73c6 100644
--- a/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent-notices.cy.ts
@@ -131,10 +131,11 @@ describe("Privacy notice driven consent", () => {
 
     it("uses the device id found in an already existing cookie", () => {
       const uuid = "4fbb6edf-34f6-4717-a6f1-541fd1e5d585";
-      const now = "2023-04-28T12:00:00.000Z";
+      const createdAt = "2023-04-28T12:00:00.000Z";
+      const updatedAt = "2023-04-29T12:00:00.000Z";
       const cookie = {
         identity: { fides_user_device_id: uuid },
-        fides_meta: { version: "0.9.0", createdAt: now },
+        fides_meta: { version: "0.9.0", createdAt, updatedAt },
         consent: {},
       };
       cy.setCookie(CONSENT_COOKIE_NAME, JSON.stringify(cookie));
diff --git a/clients/privacy-center/cypress/e2e/consent.cy.ts b/clients/privacy-center/cypress/e2e/consent.cy.ts
index a1fc73d595..2709fbc9b4 100644
--- a/clients/privacy-center/cypress/e2e/consent.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent.cy.ts
@@ -7,6 +7,7 @@ describe("Consent modal deeplink", () => {
   beforeEach(() => {
     cy.visit("/?showConsentModal=true");
     cy.loadConfigFixture("config/config_consent.json").as("config");
+    cy.overrideSettings({ IS_OVERLAY_ENABLED: false });
     cy.intercept("POST", `${API_URL}/consent-request`, {
       body: {
         consent_request_id: "consent-request-id",
@@ -56,6 +57,7 @@ describe("Consent settings", () => {
   beforeEach(() => {
     cy.visit("/");
     cy.loadConfigFixture("config/config_consent.json").as("config");
+    cy.overrideSettings({ IS_OVERLAY_ENABLED: false });
   });
 
   describe("when the user isn't verified", () => {
@@ -203,7 +205,7 @@ describe("Consent settings", () => {
       cy.visit("/consent");
       cy.getByTestId("consent");
       cy.loadConfigFixture("config/config_consent.json").as("config");
-      cy.overrideSettings({ IS_OVERLAY_DISABLED: true });
+      cy.overrideSettings({ IS_OVERLAY_ENABLED: false });
     });
 
     it("populates its header and description from config", () => {
@@ -336,7 +338,7 @@ describe("Consent settings", () => {
         cy.visit("/consent?globalPrivacyControl=true");
         cy.getByTestId("consent");
         cy.loadConfigFixture("config/config_consent.json").as("config");
-        cy.overrideSettings({ IS_OVERLAY_DISABLED: true });
+        cy.overrideSettings({ IS_OVERLAY_ENABLED: false });
       });
 
       it("applies the GPC defaults", () => {
diff --git a/clients/privacy-center/cypress/e2e/home.cy.ts b/clients/privacy-center/cypress/e2e/home.cy.ts
index a9685314ec..3ca35c115c 100644
--- a/clients/privacy-center/cypress/e2e/home.cy.ts
+++ b/clients/privacy-center/cypress/e2e/home.cy.ts
@@ -1,8 +1,11 @@
+import { Config } from "~/types/config";
+import { API_URL } from "../support/constants";
+
 describe("Home", () => {
   it("renders the configured page info", () => {
     cy.visit("/");
     cy.getByTestId("home");
-    cy.loadConfigFixture("config/config_all.json").then((config) => {
+    cy.loadConfigFixture("config/config_all.json").then((config: Config) => {
       // DEFER: Test *all* the configurable display options
       // (see https://github.com/ethyca/fides/issues/3216)
 
@@ -32,6 +35,27 @@ describe("Home", () => {
     cy.get("body").should("have.css", "background-color", "rgb(255, 99, 71)");
   });
 
+  it("should show an empty state when notice-driven but there are no notices", () => {
+    const geolocationApiUrl = "https://www.example.com/location";
+    const settings = {
+      IS_OVERLAY_ENABLED: true,
+      IS_GEOLOCATION_ENABLED: true,
+      GEOLOCATION_API_URL: geolocationApiUrl,
+    };
+    cy.intercept("GET", geolocationApiUrl, {
+      fixture: "consent/geolocation.json",
+    }).as("getGeolocation");
+    // Will return undefined when there are no relevant privacy notices
+    cy.intercept("GET", `${API_URL}/privacy-experience/*`, {
+      body: undefined,
+    }).as("getExperience");
+    cy.visit("/");
+    cy.overrideSettings(settings);
+
+    cy.getByTestId("card").contains("Manage your consent").click();
+    cy.getByTestId("notice-empty-state");
+  });
+
   describe("when handling errors", () => {
     // Allow uncaught exceptions to occur without failing the test
     beforeEach(() => {
diff --git a/clients/privacy-center/features/consent/consent.slice.ts b/clients/privacy-center/features/consent/consent.slice.ts
index a8b045e544..e6ef46807e 100644
--- a/clients/privacy-center/features/consent/consent.slice.ts
+++ b/clients/privacy-center/features/consent/consent.slice.ts
@@ -149,7 +149,10 @@ export const consentSlice = createSlice({
       });
     },
 
-    setFidesUserDeviceId(draftState, { payload }: PayloadAction<string>) {
+    setFidesUserDeviceId(
+      draftState,
+      { payload }: PayloadAction<string | undefined>
+    ) {
       draftState.fidesUserDeviceId = payload;
     },
   },
diff --git a/clients/privacy-center/features/consent/hooks.ts b/clients/privacy-center/features/consent/hooks.ts
index 3f7e5f32fd..9ee367292d 100644
--- a/clients/privacy-center/features/consent/hooks.ts
+++ b/clients/privacy-center/features/consent/hooks.ts
@@ -1,4 +1,4 @@
-import { getOrMakeFidesCookie } from "fides-js";
+import { getOrMakeFidesCookie, isNewFidesCookie } from "fides-js";
 import { useEffect } from "react";
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
 import { PrivacyNoticeRegion } from "~/types/api";
@@ -30,7 +30,13 @@ export const useSubscribeToPrivacyExperienceQuery = () => {
   const dispatch = useAppDispatch();
   const { IS_GEOLOCATION_ENABLED, GEOLOCATION_API_URL } = useSettings();
   const cookie = getOrMakeFidesCookie();
-  const { fides_user_device_id: fidesUserDeviceId } = cookie.identity;
+  const hasExistingCookie = !isNewFidesCookie(cookie);
+  // fidesUserDeviceId is only stable in this function if the cookie already exists
+  // Using it when the cookie is new results in an unstable device ID and can
+  // cause infinite fetching of the privacy experience, so make sure we only use a saved one
+  const fidesUserDeviceId = hasExistingCookie
+    ? cookie.identity.fides_user_device_id
+    : undefined;
 
   const skipFetchExperience = !useAppSelector(selectIsNoticeDriven);
   const skipFetchGeolocation =
diff --git a/clients/privacy-center/pages/index.tsx b/clients/privacy-center/pages/index.tsx
index 0e1e750f66..1416052824 100644
--- a/clients/privacy-center/pages/index.tsx
+++ b/clients/privacy-center/pages/index.tsx
@@ -1,4 +1,11 @@
-import { Flex, Heading, Text, Stack, useToast } from "@fidesui/react";
+import {
+  Flex,
+  Heading,
+  Text,
+  Stack,
+  useToast,
+  useDisclosure,
+} from "@fidesui/react";
 import React, { useEffect, useState } from "react";
 import type { NextPage } from "next";
 import { useRouter } from "next/router";
@@ -16,6 +23,11 @@ import { useGetIdVerificationConfigQuery } from "~/features/id-verification";
 import PrivacyCard from "~/components/PrivacyCard";
 import ConsentCard from "~/components/consent/ConsentCard";
 import { useConfig } from "~/features/common/config.slice";
+import { useSubscribeToPrivacyExperienceQuery } from "~/features/consent/hooks";
+import { useAppSelector } from "~/app/hooks";
+import { selectPrivacyExperience } from "~/features/consent/consent.slice";
+import NoticeEmptyStateModal from "~/components/modals/NoticeEmptyStateModal";
+import { selectIsNoticeDriven } from "~/features/common/settings.slice";
 
 const Home: NextPage = () => {
   const router = useRouter();
@@ -48,6 +60,24 @@ const Home: NextPage = () => {
   let isConsentModalOpen = isConsentModalOpenConst;
   const getIdVerificationConfigQuery = useGetIdVerificationConfigQuery();
 
+  // Subscribe to experiences just to see if there are any notices.
+  // The subscription automatically handles skipping if overlay is not enabled
+  useSubscribeToPrivacyExperienceQuery();
+  const noticeEmptyStateModal = useDisclosure();
+  const experience = useAppSelector(selectPrivacyExperience);
+  const isNoticeDriven = useAppSelector(selectIsNoticeDriven);
+  const emptyNotices =
+    experience?.privacy_notices == null ||
+    experience.privacy_notices.length === 0;
+
+  const handleConsentCardOpen = () => {
+    if (isNoticeDriven && emptyNotices) {
+      noticeEmptyStateModal.onOpen();
+    } else {
+      onConsentModalOpen();
+    }
+  };
+
   useEffect(() => {
     if (getIdVerificationConfigQuery.isError) {
       // TODO(#2299): Use error utils from shared package.
@@ -88,7 +118,7 @@ const Home: NextPage = () => {
         title={config.consent.button.title}
         iconPath={config.consent.button.icon_path}
         description={config.consent.button.description}
-        onOpen={onConsentModalOpen}
+        onOpen={handleConsentCardOpen}
       />
     );
     if (router.query?.showConsentModal === "true") {
@@ -178,6 +208,11 @@ const Home: NextPage = () => {
         isVerificationRequired={isVerificationRequired}
         successHandler={consentModalSuccessHandler}
       />
+
+      <NoticeEmptyStateModal
+        isOpen={noticeEmptyStateModal.isOpen}
+        onClose={noticeEmptyStateModal.onClose}
+      />
     </main>
   );
 };

From a081a874bc460bd57c9373dfd6d0392e7245182b Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Mon, 26 Jun 2023 10:19:23 -0400
Subject: [PATCH 33/90] Remove cookies before marshalling to privacy notice
 form (#3670)

---
 CHANGELOG.md                                  |  1 +
 .../cypress/e2e/privacy-notices.cy.ts         | 50 +++++++++++++------
 .../src/features/privacy-notices/form.ts      |  1 +
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d0075d4a8e..db782fbf09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -77,6 +77,7 @@ The types of changes are:
 - Restrict Privacy Center debug logging to development-only [#3638](https://github.com/ethyca/fides/pull/3638)
 - Fix bug where linking an integration would not update the tab when creating a new system [#3662](https://github.com/ethyca/fides/pull/3662)
 - Fix dataset yaml not properly reflecting the dataset in the dropdown of system integrations tab [#3666](https://github.com/ethyca/fides/pull/3666)
+- Fix privacy notices not being able to be edited via the UI after the addition of the `cookies` field [#3670](https://github.com/ethyca/fides/pull/3670)
 
 ### Changed
 
diff --git a/clients/admin-ui/cypress/e2e/privacy-notices.cy.ts b/clients/admin-ui/cypress/e2e/privacy-notices.cy.ts
index 15af445a26..8f3123e844 100644
--- a/clients/admin-ui/cypress/e2e/privacy-notices.cy.ts
+++ b/clients/admin-ui/cypress/e2e/privacy-notices.cy.ts
@@ -227,23 +227,41 @@ describe("Privacy notices", () => {
     });
 
     it("can make an edit", () => {
-      cy.visit(`${PRIVACY_NOTICES_ROUTE}/${ESSENTIAL_NOTICE_ID}`);
-      cy.wait("@getNoticeDetail");
-      const newName = "new name";
-      cy.getByTestId("input-name").clear().type(newName);
-      // should not reflect the new name since this is the edit form
-      cy.getByTestId("input-notice_key").should("have.value", "essential");
-      // but we can still update it
-      const newKey = "custom_key";
-      cy.getByTestId("input-notice_key").clear().type(newKey);
-
-      cy.getByTestId("save-btn").click();
-      cy.wait("@patchNotices").then((interception) => {
-        const { body } = interception.request;
-        expect(body[0].name).to.eql(newName);
-        expect(body[0].notice_key).to.eql(newKey);
+      cy.fixture("privacy-notices/notice.json").then((notice) => {
+        cy.visit(`${PRIVACY_NOTICES_ROUTE}/${ESSENTIAL_NOTICE_ID}`);
+        cy.wait("@getNoticeDetail");
+        const newName = "new name";
+        cy.getByTestId("input-name").clear().type(newName);
+        // should not reflect the new name since this is the edit form
+        cy.getByTestId("input-notice_key").should("have.value", "essential");
+        // but we can still update it
+        const newKey = "custom_key";
+        cy.getByTestId("input-notice_key").clear().type(newKey);
+
+        cy.getByTestId("save-btn").click();
+        cy.wait("@patchNotices").then((interception) => {
+          const { body } = interception.request;
+          const expected = {
+            name: newName,
+            notice_key: newKey,
+            consent_mechanism: notice.consent_mechanism,
+            data_uses: notice.data_uses,
+            description: notice.description,
+            disabled: notice.disabled,
+            displayed_in_api: notice.displayed_in_api,
+            displayed_in_overlay: notice.displayed_in_overlay,
+            displayed_in_privacy_center: notice.displayed_in_privacy_center,
+            enforcement_level: notice.enforcement_level,
+            has_gpc_flag: notice.has_gpc_flag,
+            id: notice.id,
+            internal_description: notice.internal_description,
+            origin: notice.origin,
+            regions: notice.regions,
+          };
+          expect(body[0]).to.eql(expected);
+        });
+        cy.wait("@getNoticeDetail");
       });
-      cy.wait("@getNoticeDetail");
     });
   });
 
diff --git a/clients/admin-ui/src/features/privacy-notices/form.ts b/clients/admin-ui/src/features/privacy-notices/form.ts
index d71913a886..f43c003597 100644
--- a/clients/admin-ui/src/features/privacy-notices/form.ts
+++ b/clients/admin-ui/src/features/privacy-notices/form.ts
@@ -28,6 +28,7 @@ export const transformPrivacyNoticeResponseToCreation = (
     updated_at: updatedAt,
     privacy_notice_history_id: historyId,
     version,
+    cookies,
     ...rest
   } = notice;
   return {

From 3a4798f27948449e71daca253f4f3430a558126d Mon Sep 17 00:00:00 2001
From: Catherine Smith <eastandwestwind@gmail.com>
Date: Mon, 26 Jun 2023 11:34:00 -0400
Subject: [PATCH 34/90] move GPC preferences before we send fidesInitialized
 event (#3561)

---
 CHANGELOG.md                                  |  6 ++++-
 clients/fides-js/src/fides.ts                 | 25 +++++++++----------
 clients/fides-js/src/lib/events.ts            | 10 +++++++-
 clients/fides-js/src/lib/preferences.ts       |  2 +-
 .../cypress/e2e/consent-banner.cy.ts          |  2 +-
 5 files changed, 28 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index db782fbf09..19e52f9a13 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,10 +19,14 @@ The types of changes are:
 
 ### Added
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
-### Fixed
 
+### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
 
+### Changed
+- Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
+
+
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
 
 ### Added
diff --git a/clients/fides-js/src/fides.ts b/clients/fides-js/src/fides.ts
index c4fc1fa93e..5afb053f87 100644
--- a/clients/fides-js/src/fides.ts
+++ b/clients/fides-js/src/fides.ts
@@ -196,8 +196,8 @@ const init = async ({
     _Fides.geolocation = geolocation;
     _Fides.options = options;
     _Fides.initialized = true;
-    dispatchFidesEvent("FidesInitialized", cookie);
-    dispatchFidesEvent("FidesUpdated", cookie);
+    dispatchFidesEvent("FidesInitialized", cookie, options.debug);
+    dispatchFidesEvent("FidesUpdated", cookie, options.debug);
   }
 
   let shouldInitOverlay: boolean = options.isOverlayEnabled;
@@ -255,6 +255,14 @@ const init = async ({
       }
     }
   }
+  if (shouldInitOverlay) {
+    automaticallyApplyGPCPreferences(
+      cookie,
+      fidesRegionString,
+      options.fidesApiUrl,
+      effectiveExperience
+    );
+  }
 
   // Initialize the window.Fides object
   _Fides.consent = cookie.consent;
@@ -270,18 +278,9 @@ const init = async ({
   // For convenience, also dispatch the "FidesUpdated" event; this allows
   // listeners to ignore the initialization event if they prefer
   if (!hasExistingCookie) {
-    dispatchFidesEvent("FidesInitialized", cookie);
-  }
-  dispatchFidesEvent("FidesUpdated", cookie);
-
-  if (shouldInitOverlay) {
-    automaticallyApplyGPCPreferences(
-      cookie,
-      fidesRegionString,
-      options.fidesApiUrl,
-      effectiveExperience
-    );
+    dispatchFidesEvent("FidesInitialized", cookie, options.debug);
   }
+  dispatchFidesEvent("FidesUpdated", cookie, options.debug);
 };
 
 // The global Fides object; this is bound to window.Fides if available
diff --git a/clients/fides-js/src/lib/events.ts b/clients/fides-js/src/lib/events.ts
index 64f5b339cd..73059f4071 100644
--- a/clients/fides-js/src/lib/events.ts
+++ b/clients/fides-js/src/lib/events.ts
@@ -1,4 +1,5 @@
 import { FidesCookie } from "./cookie";
+import { debugLog } from "./consent-utils";
 
 /**
  * Defines the available event names:
@@ -40,13 +41,20 @@ export type FidesEvent = CustomEvent<FidesEventDetail>;
  */
 export const dispatchFidesEvent = (
   type: FidesEventType,
-  cookie: FidesCookie
+  cookie: FidesCookie,
+  debug: boolean
 ) => {
   if (typeof window !== "undefined" && typeof CustomEvent !== "undefined") {
     // Pick a subset of the Fides cookie properties to provide as event detail
     const { consent }: FidesEventDetail = cookie;
     const detail: FidesEventDetail = { consent };
     const event = new CustomEvent(type, { detail });
+    debugLog(
+      debug,
+      `Dispatching event type ${type} with cookie consent ${JSON.stringify(
+        cookie?.consent
+      )}`
+    );
     window.dispatchEvent(event);
   }
 };
diff --git a/clients/fides-js/src/lib/preferences.ts b/clients/fides-js/src/lib/preferences.ts
index 71646dd17b..597b1d1eb4 100644
--- a/clients/fides-js/src/lib/preferences.ts
+++ b/clients/fides-js/src/lib/preferences.ts
@@ -90,5 +90,5 @@ export const updateConsentPreferences = ({
     });
 
   // 5. Dispatch a "FidesUpdated" event
-  dispatchFidesEvent("FidesUpdated", cookie);
+  dispatchFidesEvent("FidesUpdated", cookie, debug);
 };
diff --git a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
index 63f0453fbf..fa7aca6dbb 100644
--- a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
@@ -190,7 +190,7 @@ describe("Consent banner", () => {
   });
 
   describe("when user has no saved consent cookie", () => {
-    describe("when banner is not disabled", () => {
+    describe("when overlay is enabled", () => {
       beforeEach(() => {
         cy.getCookie(CONSENT_COOKIE_NAME).should("not.exist");
         stubConfig({

From 50273e6b0e965c5a89dd44718cbd0c77a0b05121 Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Mon, 26 Jun 2023 17:01:02 -0400
Subject: [PATCH 35/90] Transform null names to an empty string before
 submission (#3683)

---
 CHANGELOG.md                                              | 1 +
 .../privacy-declarations/PrivacyDeclarationManager.tsx    | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 19e52f9a13..92eb2b74de 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -82,6 +82,7 @@ The types of changes are:
 - Fix bug where linking an integration would not update the tab when creating a new system [#3662](https://github.com/ethyca/fides/pull/3662)
 - Fix dataset yaml not properly reflecting the dataset in the dropdown of system integrations tab [#3666](https://github.com/ethyca/fides/pull/3666)
 - Fix privacy notices not being able to be edited via the UI after the addition of the `cookies` field [#3670](https://github.com/ethyca/fides/pull/3670)
+- Add a transform in the case of `null` name fields in privacy declarations for the data use forms [#3683](https://github.com/ethyca/fides/pull/3683)
 
 ### Changed
 
diff --git a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
index 3a8a1318db..5ea9760e4f 100644
--- a/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
+++ b/clients/admin-ui/src/features/system/privacy-declarations/PrivacyDeclarationManager.tsx
@@ -78,9 +78,15 @@ const PrivacyDeclarationManager = ({
     updatedDeclarations: PrivacyDeclarationResponse[],
     isDelete?: boolean
   ) => {
+    // The API can return a null name, but cannot receive a null name,
+    // so do an additional transform here (fides#3862)
+    const transformedDeclarations = updatedDeclarations.map((d) => ({
+      ...d,
+      name: d.name ?? "",
+    }));
     const systemBodyWithDeclaration = {
       ...system,
-      privacy_declarations: updatedDeclarations,
+      privacy_declarations: transformedDeclarations,
     };
     const handleResult = (
       result:

From 243f6e2332cc8660703f13db36776ef006e6c7fa Mon Sep 17 00:00:00 2001
From: Thomas <thomas.lapiana+github@pm.me>
Date: Tue, 27 Jun 2023 16:31:20 +0800
Subject: [PATCH 36/90] Fix AWS Scan Test (#3556)

---
 .github/workflows/backend_checks.yml |   4 +-
 tests/ctl/core/test_system.py        | 221 ++++++++++++++-------------
 2 files changed, 115 insertions(+), 110 deletions(-)

diff --git a/.github/workflows/backend_checks.yml b/.github/workflows/backend_checks.yml
index 500e5a11f2..4c3a44812c 100644
--- a/.github/workflows/backend_checks.yml
+++ b/.github/workflows/backend_checks.yml
@@ -260,8 +260,8 @@ jobs:
         env:
           SNOWFLAKE_FIDESCTL_PASSWORD: ${{ secrets.SNOWFLAKE_FIDESCTL_PASSWORD }}
           REDSHIFT_FIDESCTL_PASSWORD: ${{ secrets.REDSHIFT_FIDESCTL_PASSWORD }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_FIDESCTL_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_FIDESCTL_ACCESS_KEY }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_CTL_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_CTL_SECRET_ACCESS_KEY }}
           OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_FIDESCTL_CLIENT_TOKEN }}
           AWS_DEFAULT_REGION: us-east-1
           BIGQUERY_CONFIG: ${{ secrets.BIGQUERY_CONFIG }}
diff --git a/tests/ctl/core/test_system.py b/tests/ctl/core/test_system.py
index a6eaaf5fc0..c67f768891 100644
--- a/tests/ctl/core/test_system.py
+++ b/tests/ctl/core/test_system.py
@@ -99,18 +99,18 @@ def redshift_describe_clusters() -> Generator:
             {
                 "ClusterIdentifier": "redshift-cluster-1",
                 "Endpoint": {
-                    "Address": "redshift-cluster-1.c2angfh5kpo4.us-east-1.redshift.amazonaws.com",
+                    "Address": "redshift-cluster-1.cue8hjdl1kb1.us-east-1.redshift.amazonaws.com",
                     "Port": 5439,
                 },
-                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149176",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:469973866127:namespace:5eb1f195-7815-4c62-9140-e062dd98da83",
             },
             {
                 "ClusterIdentifier": "redshift-cluster-2",
                 "Endpoint": {
-                    "Address": "redshift-cluster-2.c2angfh5kpo4.us-east-1.redshift.amazonaws.com",
+                    "Address": "redshift-cluster-2.cue8hjdl1kb1.us-east-1.redshift.amazonaws.com",
                     "Port": 5439,
                 },
-                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149177",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:469973866127:namespace:06ba7fe3-8cb3-4e1c-b2c6-cc2f2415a979",
             },
         ]
     }
@@ -120,28 +120,28 @@ def redshift_describe_clusters() -> Generator:
 @pytest.fixture()
 def redshift_systems() -> Generator:
     redshift_systems = [
-        System(
+        System.construct(
             fides_key="redshift-cluster-1",
             organization_fides_key="default_organization",
             name="redshift-cluster-1",
             description="Fides Generated Description for Redshift Cluster: redshift-cluster-1",
             fidesctl_meta=SystemMetadata(
-                endpoint_address="redshift-cluster-1.c2angfh5kpo4.us-east-1.redshift.amazonaws.com",
+                endpoint_address="redshift-cluster-1.cue8hjdl1kb1.us-east-1.redshift.amazonaws.com",
                 endpoint_port="5439",
-                resource_id="arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149176",
+                resource_id="arn:aws:redshift:us-east-1:469973866127:namespace:5eb1f195-7815-4c62-9140-e062dd98da83",
             ),
             system_type="redshift_cluster",
             privacy_declarations=[],
         ),
-        System(
+        System.construct(
             fides_key="redshift-cluster-2",
             organization_fides_key="default_organization",
             name="redshift-cluster-2",
             description="Fides Generated Description for Redshift Cluster: redshift-cluster-2",
             fidesctl_meta=SystemMetadata(
-                endpoint_address="redshift-cluster-2.c2angfh5kpo4.us-east-1.redshift.amazonaws.com",
+                endpoint_address="redshift-cluster-2.cue8hjdl1kb1.us-east-1.redshift.amazonaws.com",
                 endpoint_port="5439",
-                resource_id="arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149177",
+                resource_id="arn:aws:redshift:us-east-1:469973866127:namespace:06ba7fe3-8cb3-4e1c-b2c6-cc2f2415a979",
             ),
             system_type="redshift_cluster",
             privacy_declarations=[],
@@ -189,9 +189,9 @@ def rds_describe_clusters() -> Generator:
         "DBClusters": [
             {
                 "DBClusterIdentifier": "database-2",
-                "Endpoint": "database-2.cluster-ckrdpkkb4ukm.us-east-1.rds.amazonaws.com",
+                "Endpoint": "database-2.cluster-cjh1qplnnv3b.us-east-1.rds.amazonaws.com",
                 "Port": 3306,
-                "DBClusterArn": "arn:aws:rds:us-east-1:910934740016:cluster:database-2",
+                "DBClusterArn": "arn:aws:rds:us-east-1:469973866127:cluster:database-2",
             },
         ]
     }
@@ -205,38 +205,16 @@ def rds_describe_instances() -> Generator:
             {
                 "DBInstanceIdentifier": "database-1",
                 "Endpoint": {
-                    "Address": "database-1.ckrdpkkb4ukm.us-east-1.rds.amazonaws.com",
+                    "Address": "database-1.cjh1qplnnv3b.us-east-1.rds.amazonaws.com",
                     "Port": 3306,
                 },
-                "DBInstanceArn": "arn:aws:rds:us-east-1:910934740016:db:database-1",
+                "DBInstanceArn": "arn:aws:rds:us-east-1:469973866127:db:database-1",
             },
         ]
     }
     yield describe_instances
 
 
-@pytest.mark.unit
-def test_get_system_resource_ids(redshift_systems: List[System]) -> None:
-    expected_result = [
-        "arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149176",
-        "arn:aws:redshift:us-east-1:910934740016:namespace:057d5b0e-7eaa-4012-909c-3957c7149177",
-    ]
-    actual_result = _system.get_system_resource_ids(redshift_systems)
-    assert actual_result == expected_result
-
-
-@pytest.mark.unit
-def test_find_missing_systems(
-    redshift_systems: List[System], rds_systems: List[System]
-) -> None:
-    source_systems = rds_systems + redshift_systems
-    existing_systems = redshift_systems
-    actual_result = _system.find_missing_systems(
-        source_systems=source_systems, existing_systems=existing_systems
-    )
-    assert actual_result == rds_systems
-
-
 @pytest.mark.integration
 def test_get_all_server_systems(
     test_config: FidesConfig, create_test_server_systems: Generator
@@ -249,94 +227,121 @@ def test_get_all_server_systems(
     assert actual_result
 
 
-@pytest.mark.external
-def test_scan_system_aws_passes(
-    test_config: FidesConfig, create_external_server_systems: Generator
-) -> None:
-    _system.scan_system_aws(
-        coverage_threshold=100,
-        manifest_dir="",
-        organization_key="default_organization",
-        aws_config=None,
-        url=test_config.cli.server_url,
-        headers=test_config.user.auth_header,
-    )
+class TestSystemAWS:
+    @pytest.mark.unit
+    def test_get_system_resource_ids(self, redshift_systems: List[System]) -> None:
+        expected_result = [
+            "arn:aws:redshift:us-east-1:469973866127:namespace:5eb1f195-7815-4c62-9140-e062dd98da83",
+            "arn:aws:redshift:us-east-1:469973866127:namespace:06ba7fe3-8cb3-4e1c-b2c6-cc2f2415a979",
+        ]
+        actual_result = _system.get_system_resource_ids(redshift_systems)
+        assert actual_result == expected_result
+
+    @pytest.mark.unit
+    def test_find_missing_systems(
+        self, redshift_systems: List[System], rds_systems: List[System]
+    ) -> None:
+        source_systems = rds_systems + redshift_systems
+        existing_systems = redshift_systems
+        actual_result = _system.find_missing_systems(
+            source_systems=source_systems, existing_systems=existing_systems
+        )
+        assert actual_result == rds_systems
 
+    @pytest.mark.external
+    def test_scan_system_aws_passes(
+        self, test_config: FidesConfig, create_external_server_systems: Generator
+    ) -> None:
+        _system.scan_system_aws(
+            coverage_threshold=100,
+            manifest_dir="",
+            organization_key="default_organization",
+            aws_config=None,
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+        )
 
-@pytest.mark.external
-def test_generate_system_aws(tmpdir: LocalPath, test_config: FidesConfig) -> None:
-    actual_result = _system.generate_system_aws(
-        file_name=f"{tmpdir}/test_file.yml",
-        include_null=False,
-        organization_key="default_organization",
-        aws_config=None,
-        url=test_config.cli.server_url,
-        headers=test_config.user.auth_header,
-    )
-    assert actual_result
+    @pytest.mark.external
+    def test_generate_system_aws(
+        self, tmpdir: LocalPath, test_config: FidesConfig
+    ) -> None:
+        actual_result = _system.generate_system_aws(
+            file_name=f"{tmpdir}/test_file.yml",
+            include_null=False,
+            organization_key="default_organization",
+            aws_config=None,
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+        )
+        assert actual_result
 
 
 OKTA_ORG_URL = "https://dev-78908748.okta.com"
 
 
-@pytest.mark.external
-def test_generate_system_okta(tmpdir: LocalPath, test_config: FidesConfig) -> None:
-    actual_result = _system.generate_system_okta(
-        file_name=f"{tmpdir}/test_file.yml",
-        include_null=False,
-        organization_key="default_organization",
-        okta_config=OktaConfig(
-            orgUrl=OKTA_ORG_URL,
-            token=os.environ["OKTA_CLIENT_TOKEN"],
-        ),
-        url=test_config.cli.server_url,
-        headers=test_config.user.auth_header,
-    )
-    assert actual_result
-
-
-@pytest.mark.external
-def test_scan_system_okta_success(tmpdir: LocalPath, test_config: FidesConfig) -> None:
-    file_name = f"{tmpdir}/test_file.yml"
-    _system.generate_system_okta(
-        file_name=file_name,
-        include_null=False,
-        organization_key="default_organization",
-        okta_config=OktaConfig(
-            orgUrl=OKTA_ORG_URL,
-            token=os.environ["OKTA_CLIENT_TOKEN"],
-        ),
-        url=test_config.cli.server_url,
-        headers=test_config.user.auth_header,
-    )
-    _system.scan_system_okta(
-        manifest_dir=file_name,
-        okta_config=OktaConfig(
-            orgUrl=OKTA_ORG_URL,
-            token=os.environ["OKTA_CLIENT_TOKEN"],
-        ),
-        organization_key="default_organization",
-        coverage_threshold=100,
-        url=test_config.cli.server_url,
-        headers=test_config.user.auth_header,
-    )
-    assert True
-
-
-@pytest.mark.external
-def test_scan_system_okta_fail(tmpdir: LocalPath, test_config: FidesConfig) -> None:
-    with pytest.raises(SystemExit):
+class TestSystemOkta:
+    @pytest.mark.external
+    def test_generate_system_okta(
+        self, tmpdir: LocalPath, test_config: FidesConfig
+    ) -> None:
+        actual_result = _system.generate_system_okta(
+            file_name=f"{tmpdir}/test_file.yml",
+            include_null=False,
+            organization_key="default_organization",
+            okta_config=OktaConfig(
+                orgUrl=OKTA_ORG_URL,
+                token=os.environ["OKTA_CLIENT_TOKEN"],
+            ),
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+        )
+        assert actual_result
+
+    @pytest.mark.external
+    def test_scan_system_okta_success(
+        self, tmpdir: LocalPath, test_config: FidesConfig
+    ) -> None:
+        file_name = f"{tmpdir}/test_file.yml"
+        _system.generate_system_okta(
+            file_name=file_name,
+            include_null=False,
+            organization_key="default_organization",
+            okta_config=OktaConfig(
+                orgUrl=OKTA_ORG_URL,
+                token=os.environ["OKTA_CLIENT_TOKEN"],
+            ),
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+        )
         _system.scan_system_okta(
-            manifest_dir="",
+            manifest_dir=file_name,
             okta_config=OktaConfig(
                 orgUrl=OKTA_ORG_URL,
                 token=os.environ["OKTA_CLIENT_TOKEN"],
             ),
-            coverage_threshold=100,
             organization_key="default_organization",
+            coverage_threshold=100,
             url=test_config.cli.server_url,
             headers=test_config.user.auth_header,
         )
+        assert True
+
+    @pytest.mark.external
+    def test_scan_system_okta_fail(
+        self, tmpdir: LocalPath, test_config: FidesConfig
+    ) -> None:
+        with pytest.raises(SystemExit):
+            _system.scan_system_okta(
+                manifest_dir="",
+                okta_config=OktaConfig(
+                    orgUrl=OKTA_ORG_URL,
+                    token=os.environ["OKTA_CLIENT_TOKEN"],
+                ),
+                coverage_threshold=100,
+                organization_key="default_organization",
+                url=test_config.cli.server_url,
+                headers=test_config.user.auth_header,
+            )
 
 
 class TestUpsertCookies:

From f47bc5d546dc36610511fbbb92279ccb6861231d Mon Sep 17 00:00:00 2001
From: Robert Keyser <39230492+RobertKeyser@users.noreply.github.com>
Date: Tue, 27 Jun 2023 15:41:50 -0500
Subject: [PATCH 37/90] Repoint Links to Moved Fides Documentation (#3643)

---
 CHANGELOG.md                                    | 3 +++
 clients/admin-ui/src/pages/management/about.tsx | 2 +-
 docs/README.md                                  | 2 +-
 docs/fides/docs/development/documentation.md    | 2 +-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 92eb2b74de..c5e4b25967 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,6 +22,9 @@ The types of changes are:
 
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
+- Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
+
+### Developer Experience
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
diff --git a/clients/admin-ui/src/pages/management/about.tsx b/clients/admin-ui/src/pages/management/about.tsx
index d012b3b4fa..6062d317a8 100644
--- a/clients/admin-ui/src/pages/management/about.tsx
+++ b/clients/admin-ui/src/pages/management/about.tsx
@@ -78,7 +78,7 @@ const About: NextPage = () => {
             Please visit{" "}
             <Link
               color="complimentary.500"
-              href="https://docs.ethyca.com/fides/overview"
+              href="https://docs.ethyca.com"
               isExternal
             >
               docs.ethyca.com
diff --git a/docs/README.md b/docs/README.md
index 148ede534e..a73b65f351 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -2,4 +2,4 @@
 
 This is where the autogenerated docs for Fides lives. To run the docs locally, use `nox -s docs_serve` and visit `localhost:8000`
 
-The full, official docs live at https://docs.ethyca.com/fides/overview
+The full, official docs live at https://docs.ethyca.com
diff --git a/docs/fides/docs/development/documentation.md b/docs/fides/docs/development/documentation.md
index 5f4b0b2683..330f5005f1 100644
--- a/docs/fides/docs/development/documentation.md
+++ b/docs/fides/docs/development/documentation.md
@@ -1,6 +1,6 @@
 # Documentation
 
-Primary documentation for Fides now lives at <https://docs.ethyca.com/fides/overview>, however autogenerated documentation as well as developer documentation is still maintained and hosted within the [Fides project repo](https://github.com/ethyca/fides).
+Primary documentation for Fides now lives at <https://docs.ethyca.com>, however autogenerated documentation as well as developer documentation is still maintained and hosted within the [Fides project repo](https://github.com/ethyca/fides).
 
 ## Previewing Docs Locally
 

From 0337c66278f868adf18cf1c095c635cf5df902b9 Mon Sep 17 00:00:00 2001
From: Steve Murphy <steven.d.murphy@gmail.com>
Date: Wed, 28 Jun 2023 12:03:22 +0100
Subject: [PATCH 38/90] Set `sslmode` to `prefer` for SSH connections (#3685)

---
 CHANGELOG.md                                           |  1 +
 src/fides/api/service/connectors/sql_connector.py      |  3 +++
 .../test_external_database_connections.py              | 10 ++++++++++
 3 files changed, 14 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5e4b25967..5d1d039e33 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ The types of changes are:
 
 ### Added
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
+- Set `sslmode` to `prefer` if connecting to Redshift via ssh [#3685](https://github.com/ethyca/fides/pull/3685)
 
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
diff --git a/src/fides/api/service/connectors/sql_connector.py b/src/fides/api/service/connectors/sql_connector.py
index 2a0bb6552f..679c67fd35 100644
--- a/src/fides/api/service/connectors/sql_connector.py
+++ b/src/fides/api/service/connectors/sql_connector.py
@@ -367,16 +367,19 @@ def build_uri(self) -> str:
     def create_client(self) -> Engine:
         """Returns a SQLAlchemy Engine that can be used to interact with a database"""
         config = self.secrets_schema(**self.configuration.secrets or {})
+        connect_args = {}
         if config.ssh_required and CONFIG.security.bastion_server_ssh_private_key:
             self.create_ssh_tunnel(host=config.host, port=config.port)
             self.ssh_server.start()
             uri = self.build_ssh_uri(local_address=self.ssh_server.local_bind_address)
+            connect_args["sslmode"] = "prefer"
         else:
             uri = config.url or self.build_uri()
         return create_engine(
             uri,
             hide_parameters=self.hide_parameters,
             echo=not self.hide_parameters,
+            connect_args=connect_args,
         )
 
     def set_schema(self, connection: Connection) -> None:
diff --git a/tests/ops/integration_tests/test_external_database_connections.py b/tests/ops/integration_tests/test_external_database_connections.py
index 74d7afcfda..89ef83c013 100644
--- a/tests/ops/integration_tests/test_external_database_connections.py
+++ b/tests/ops/integration_tests/test_external_database_connections.py
@@ -63,6 +63,16 @@ def snowflake_test_engine() -> Generator:
     engine.dispose()
 
 
+@pytest.mark.integration_external
+@pytest.mark.integration_redshift
+def test_redshift_sslmode_default(redshift_test_engine):
+    """Confirm that sslmode is set to verify-full for non SSH connections"""
+    _, kwargs = redshift_test_engine.dialect.create_connect_args(
+        redshift_test_engine.url
+    )
+    assert kwargs["sslmode"] == "verify-full"
+
+
 @pytest.mark.integration_external
 @pytest.mark.integration_redshift
 def test_redshift_example_data(redshift_test_engine):

From dd7ebfad4c4a9550178f18452a4860e7f505eeca Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Wed, 28 Jun 2023 14:46:38 -0400
Subject: [PATCH 39/90] GPC indication on fides-js overlay (#3673)

---
 CHANGELOG.md                                  |   1 +
 .../fides-js/src/components/CloseButton.tsx   |  10 +-
 .../fides-js/src/components/ConsentBanner.tsx |  52 ++++++---
 .../fides-js/src/components/ConsentModal.tsx  |   2 +
 clients/fides-js/src/components/GpcBadge.tsx  |  36 ++++++
 clients/fides-js/src/components/GpcInfo.tsx   |  29 +++++
 .../fides-js/src/components/NoticeToggles.tsx |   3 +
 .../fides-js/src/components/WarningIcon.tsx   |  14 +++
 clients/fides-js/src/components/fides.css     |  64 +++++++++-
 clients/fides-js/src/fides.ts                 |  34 ++++--
 clients/fides-js/src/lib/consent-types.ts     |   9 ++
 clients/fides-js/src/lib/consent-utils.ts     |  28 +++++
 clients/fides-js/src/lib/consent-value.ts     |   5 +-
 .../consent/ConfigDrivenConsent.tsx           |   7 +-
 .../components/consent/ConsentItem.tsx        |   2 +-
 .../consent/NoticeDrivenConsent.tsx           |   5 +-
 .../cypress/e2e/consent-banner.cy.ts          | 110 ++++++++++++++++++
 .../privacy-center/cypress/e2e/consent.cy.ts  |   3 +-
 .../features/consent/GpcMessages.tsx          |   2 +-
 .../features/consent/helpers.ts               |  25 +---
 .../privacy-center/features/consent/types.ts  |   9 --
 21 files changed, 372 insertions(+), 78 deletions(-)
 create mode 100644 clients/fides-js/src/components/GpcBadge.tsx
 create mode 100644 clients/fides-js/src/components/GpcInfo.tsx
 create mode 100644 clients/fides-js/src/components/WarningIcon.tsx

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5d1d039e33..479c5e5817 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,7 @@ The types of changes are:
 
 ### Added
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
+- GPC indicators in fides-js banner and modal [#3673](https://github.com/ethyca/fides/pull/3673)
 - Set `sslmode` to `prefer` if connecting to Redshift via ssh [#3685](https://github.com/ethyca/fides/pull/3685)
 
 ### Fixed
diff --git a/clients/fides-js/src/components/CloseButton.tsx b/clients/fides-js/src/components/CloseButton.tsx
index 92eb4bbb26..987026c816 100644
--- a/clients/fides-js/src/components/CloseButton.tsx
+++ b/clients/fides-js/src/components/CloseButton.tsx
@@ -13,16 +13,10 @@ const CloseButton = ({
     className="fides-close-button"
     onClick={onClick}
   >
-    <svg
-      width="16"
-      height="16"
-      viewBox="0 0 16 16"
-      fill="none"
-      xmlns="http://www.w3.org/2000/svg"
-    >
+    <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="none">
       <path
-        d="M7.99999 7.05732L11.3 3.75732L12.2427 4.69999L8.94266 7.99999L12.2427 11.3L11.3 12.2427L7.99999 8.94266L4.69999 12.2427L3.75732 11.3L7.05732 7.99999L3.75732 4.69999L4.69999 3.75732L7.99999 7.05732Z"
         fill="#2D3748"
+        d="m8 7.057 3.3-3.3.943.943-3.3 3.3 3.3 3.3-.943.943-3.3-3.3-3.3 3.3-.943-.943 3.3-3.3-3.3-3.3.943-.943 3.3 3.3Z"
       />
     </svg>
   </button>
diff --git a/clients/fides-js/src/components/ConsentBanner.tsx b/clients/fides-js/src/components/ConsentBanner.tsx
index 8a71139fa1..42438321db 100644
--- a/clients/fides-js/src/components/ConsentBanner.tsx
+++ b/clients/fides-js/src/components/ConsentBanner.tsx
@@ -1,6 +1,8 @@
 import { h, FunctionComponent, VNode } from "preact";
+import { getConsentContext } from "../lib/consent-context";
 import { ExperienceConfig } from "../lib/consent-types";
 import CloseButton from "./CloseButton";
+import { GpcBadge } from "./GpcBadge";
 
 interface BannerProps {
   experience: ExperienceConfig;
@@ -14,26 +16,40 @@ const ConsentBanner: FunctionComponent<BannerProps> = ({
   buttonGroup,
   onClose,
   bannerIsOpen,
-}) => (
-  <div
-    id="fides-banner-container"
-    className={`fides-banner fides-banner-bottom ${
-      bannerIsOpen ? "" : "fides-banner-hidden"
-    } `}
-  >
-    <div id="fides-banner">
-      <div id="fides-banner-inner">
-        <CloseButton ariaLabel="Close banner" onClick={onClose} />
-        <div id="fides-banner-title" className="fides-banner-title">
-          {experience.title}
+}) => {
+  const showGpcBadge = getConsentContext().globalPrivacyControl;
+  return (
+    <div
+      id="fides-banner-container"
+      className={`fides-banner fides-banner-bottom ${
+        bannerIsOpen ? "" : "fides-banner-hidden"
+      } `}
+    >
+      <div id="fides-banner">
+        <div id="fides-banner-inner">
+          <CloseButton ariaLabel="Close banner" onClick={onClose} />
+          <div id="fides-banner-heading">
+            <div id="fides-banner-title" className="fides-banner-title">
+              {experience.title}
+            </div>
+            {showGpcBadge ? (
+              <GpcBadge
+                label="Global Privacy Control Signal"
+                status="detected"
+              />
+            ) : null}
+          </div>
+          <div
+            id="fides-banner-description"
+            className="fides-banner-description"
+          >
+            {experience.description}
+          </div>
+          {buttonGroup}
         </div>
-        <div id="fides-banner-description" className="fides-banner-description">
-          {experience.description}
-        </div>
-        {buttonGroup}
       </div>
     </div>
-  </div>
-);
+  );
+};
 
 export default ConsentBanner;
diff --git a/clients/fides-js/src/components/ConsentModal.tsx b/clients/fides-js/src/components/ConsentModal.tsx
index 7e2f0b60d4..a7a1035805 100644
--- a/clients/fides-js/src/components/ConsentModal.tsx
+++ b/clients/fides-js/src/components/ConsentModal.tsx
@@ -3,6 +3,7 @@ import { Attributes } from "../lib/a11y-dialog";
 import { PrivacyNotice, ExperienceConfig } from "../lib/consent-types";
 import NoticeToggles from "./NoticeToggles";
 import CloseButton from "./CloseButton";
+import GpcInfo from "./GpcInfo";
 
 type NoticeKeys = Array<PrivacyNotice["notice_key"]>;
 
@@ -51,6 +52,7 @@ const ConsentModal = ({
         >
           {experience.description}
         </p>
+        <GpcInfo />
         <div className="fides-modal-notices">
           <NoticeToggles
             notices={notices}
diff --git a/clients/fides-js/src/components/GpcBadge.tsx b/clients/fides-js/src/components/GpcBadge.tsx
new file mode 100644
index 0000000000..f8bf65338a
--- /dev/null
+++ b/clients/fides-js/src/components/GpcBadge.tsx
@@ -0,0 +1,36 @@
+import { h } from "preact";
+import { GpcStatus, PrivacyNotice } from "../lib/consent-types";
+import { getConsentContext } from "../lib/consent-context";
+import { getGpcStatusFromNotice } from "../lib/consent-utils";
+
+export const GpcBadge = ({
+  label,
+  status,
+}: {
+  label: string;
+  status: string;
+}) => (
+  <span className="fides-gpc-label">
+    {label}{" "}
+    <span className={`fides-gpc-badge fides-gpc-badge-${status}`}>
+      {status}
+    </span>
+  </span>
+);
+
+export const GpcBadgeForNotice = ({
+  value,
+  notice,
+}: {
+  value: boolean;
+  notice: PrivacyNotice;
+}) => {
+  const consentContext = getConsentContext();
+  const status = getGpcStatusFromNotice({ value, notice, consentContext });
+
+  if (status === GpcStatus.NONE) {
+    return null;
+  }
+
+  return <GpcBadge label="Global Privacy Control" status={status.valueOf()} />;
+};
diff --git a/clients/fides-js/src/components/GpcInfo.tsx b/clients/fides-js/src/components/GpcInfo.tsx
new file mode 100644
index 0000000000..2c3aee6289
--- /dev/null
+++ b/clients/fides-js/src/components/GpcInfo.tsx
@@ -0,0 +1,29 @@
+import { h } from "preact";
+import WarningIcon from "./WarningIcon";
+import { getConsentContext } from "../lib/consent-context";
+
+const GpcInfo = () => {
+  const context = getConsentContext();
+
+  if (!context.globalPrivacyControl) {
+    return null;
+  }
+
+  return (
+    <div className="fides-gpc-banner">
+      <div className="fides-gpc-warning">
+        <WarningIcon />
+      </div>
+      <div>
+        <p className="fides-gpc-header">Global Privacy Control detected</p>
+        <p>
+          Your global privacy control preference has been honored. You have been
+          automatically opted out of data uses cases which adhere to global
+          privacy control.
+        </p>
+      </div>
+    </div>
+  );
+};
+
+export default GpcInfo;
diff --git a/clients/fides-js/src/components/NoticeToggles.tsx b/clients/fides-js/src/components/NoticeToggles.tsx
index e97af5f6b0..b073743d64 100644
--- a/clients/fides-js/src/components/NoticeToggles.tsx
+++ b/clients/fides-js/src/components/NoticeToggles.tsx
@@ -4,6 +4,7 @@ import { ConsentMechanism, PrivacyNotice } from "../lib/consent-types";
 import Toggle from "./Toggle";
 import Divider from "./Divider";
 import { useDisclosure } from "../lib/hooks";
+import { GpcBadgeForNotice } from "./GpcBadge";
 
 const NoticeToggle = ({
   notice,
@@ -46,7 +47,9 @@ const NoticeToggle = ({
           className="fides-notice-toggle-trigger"
         >
           {notice.name}
+          <GpcBadgeForNotice notice={notice} value={checked} />
         </span>
+
         <Toggle
           name={notice.name || ""}
           id={notice.notice_key}
diff --git a/clients/fides-js/src/components/WarningIcon.tsx b/clients/fides-js/src/components/WarningIcon.tsx
new file mode 100644
index 0000000000..e7d64186af
--- /dev/null
+++ b/clients/fides-js/src/components/WarningIcon.tsx
@@ -0,0 +1,14 @@
+import { h } from "preact";
+
+const WarningIcon = () => (
+  <svg
+    xmlns="http://www.w3.org/2000/svg"
+    width="18"
+    height="18"
+    fill="currentColor"
+  >
+    <path d="M9 12.05a.68.68 0 0 0-.68.7c0 .39.32.7.68.7.39 0 .68-.31.68-.7a.66.66 0 0 0-.68-.7Zm0-1.18c.26 0 .44-.2.44-.46V6.19c0-.26-.2-.47-.44-.47a.49.49 0 0 0-.47.47v4.22c0 .25.21.46.47.46Zm7.27 2.27-5.85-9.9c-.3-.5-.83-.8-1.42-.8-.6 0-1.12.3-1.42.8l-5.86 9.9c-.3.5-.3 1.1-.01 1.6.3.51.83.82 1.43.82h11.72c.6 0 1.13-.3 1.43-.82.29-.5.28-1.1-.02-1.6Zm-.82 1.1c-.1.25-.33.38-.62.38H3.14a.7.7 0 0 1-.61-.35.64.64 0 0 1 0-.65l5.86-9.9A.7.7 0 0 1 9 3.37a.7.7 0 0 1 .61.35l5.86 9.9c.1.2.12.44-.02.63Z" />
+  </svg>
+);
+
+export default WarningIcon;
diff --git a/clients/fides-js/src/components/fides.css b/clients/fides-js/src/components/fides.css
index 03272eccce..0fe1f1ddaa 100644
--- a/clients/fides-js/src/components/fides.css
+++ b/clients/fides-js/src/components/fides.css
@@ -8,6 +8,10 @@
   --fides-overlay-font-color: #4a5568;
   --fides-overlay-font-color-dark: #2d3748;
   --fides-overlay-hover-color: #edf2f7;
+  --fides-overlay-gpc-applied-background-color: #38a169;
+  --fides-overlay-gpc-applied-text-color: white;
+  --fides-overlay-gpc-overridden-background-color: #e53e3e;
+  --fides-overlay-gpc-overridden-text-color: white;
   /* Buttons */
   --fides-overlay-primary-button-background-color: var(
     --fides-overlay-primary-color
@@ -143,6 +147,12 @@ div#fides-banner-container.fides-banner-top.fides-banner-hidden {
   }
 }
 
+div#fides-banner-heading {
+  display: flex;
+  margin-right: 0.8em;
+  align-items: center;
+}
+
 div#fides-banner-title {
   font-size: var(--fides-overlay-font-size-title);
   font-weight: 600;
@@ -286,8 +296,8 @@ div#fides-modal .fides-modal-button-group {
 
 .fides-close-button {
   position: absolute;
-  top: 1em;
-  right: 1em;
+  top: 0.5em;
+  right: 0.2em;
   cursor: pointer;
   background: none;
   border: none;
@@ -423,10 +433,15 @@ div#fides-modal .fides-modal-button-group {
   padding: 0.5em;
   display: flex;
   justify-content: space-between;
+  min-height: 40px;
+  align-items: center;
 }
 
 .fides-notice-toggle .fides-notice-toggle-trigger {
   width: 100%;
+  display: flex;
+  justify-content: space-between;
+  margin-right: 0.5em;
 }
 
 .fides-notice-toggle .fides-notice-toggle-title:hover {
@@ -441,3 +456,48 @@ div#fides-modal .fides-modal-button-group {
 .fides-notice-toggle-expanded {
   background-color: var(--fides-overlay-row-hover-color);
 }
+
+/* GPC */
+.fides-gpc-banner {
+  border: 1px solid var(--fides-overlay-primary-color);
+  border-radius: var(--fides-overlay-component-border-radius);
+  display: flex;
+  padding: 1.1em;
+  margin-bottom: 1em;
+}
+
+.fides-gpc-banner p {
+  margin: 0;
+}
+
+.fides-gpc-warning {
+  color: var(--fides-overlay-primary-color);
+  margin-right: 0.5em;
+}
+
+.fides-gpc-header {
+  font-weight: 700;
+}
+
+.fides-gpc-label {
+  font-weight: 600;
+  font-size: 0.9em;
+}
+
+.fides-gpc-badge {
+  text-transform: uppercase;
+  padding: 0 4px;
+  font-weight: 700;
+  border-radius: var(--fides-overlay-button-border-radius);
+}
+
+.fides-gpc-badge-applied,
+.fides-gpc-badge-detected {
+  background: var(--fides-overlay-gpc-applied-background-color);
+  color: var(--fides-overlay-gpc-applied-text-color);
+}
+
+.fides-gpc-badge-overridden {
+  background: var(--fides-overlay-gpc-overridden-background-color);
+  color: var(--fides-overlay-gpc-overridden-text-color);
+}
diff --git a/clients/fides-js/src/fides.ts b/clients/fides-js/src/fides.ts
index 5afb053f87..7f5feb3316 100644
--- a/clients/fides-js/src/fides.ts
+++ b/clients/fides-js/src/fides.ts
@@ -66,6 +66,7 @@ import {
   UserGeolocation,
   ConsentMethod,
   SaveConsentPreference,
+  ConsentMechanism,
 } from "./lib/consent-types";
 import {
   constructFidesRegionString,
@@ -79,6 +80,7 @@ import { fetchExperience } from "./services/fides/api";
 import { getGeolocation } from "./services/external/geolocation";
 import { OverlayProps } from "./components/Overlay";
 import { updateConsentPreferences } from "./lib/preferences";
+import { resolveConsentValue } from "./lib/consent-value";
 
 export type Fides = {
   consent: CookieKeyConsent;
@@ -131,26 +133,40 @@ const automaticallyApplyGPCPreferences = (
   fidesApiUrl: string,
   effectiveExperience?: PrivacyExperience | null
 ) => {
-  if (!effectiveExperience) {
+  if (!effectiveExperience || !effectiveExperience.privacy_notices) {
     return;
   }
 
-  if (!getConsentContext().globalPrivacyControl) {
+  const context = getConsentContext();
+  if (!context.globalPrivacyControl) {
     return;
   }
 
-  const consentPreferencesToSave: Array<SaveConsentPreference> = [];
-  effectiveExperience.privacy_notices?.forEach((notice) => {
-    if (notice.has_gpc_flag && !notice.current_preference) {
-      consentPreferencesToSave.push(
-        new SaveConsentPreference(
+  let gpcApplied = false;
+  const consentPreferencesToSave = effectiveExperience.privacy_notices.map(
+    (notice) => {
+      if (
+        notice.has_gpc_flag &&
+        !notice.current_preference &&
+        notice.consent_mechanism !== ConsentMechanism.NOTICE_ONLY
+      ) {
+        gpcApplied = true;
+        return new SaveConsentPreference(
           notice,
           transformConsentToFidesUserPreference(false, notice.consent_mechanism)
+        );
+      }
+      return new SaveConsentPreference(
+        notice,
+        transformConsentToFidesUserPreference(
+          resolveConsentValue(notice, context),
+          notice.consent_mechanism
         )
       );
     }
-  });
-  if (consentPreferencesToSave.length > 0) {
+  );
+
+  if (gpcApplied) {
     updateConsentPreferences({
       consentPreferencesToSave,
       experienceId: effectiveExperience.id,
diff --git a/clients/fides-js/src/lib/consent-types.ts b/clients/fides-js/src/lib/consent-types.ts
index be126828f7..df9f56cb9f 100644
--- a/clients/fides-js/src/lib/consent-types.ts
+++ b/clients/fides-js/src/lib/consent-types.ts
@@ -196,6 +196,15 @@ export enum RequestOrigin {
   api = "api",
 }
 
+export enum GpcStatus {
+  /** GPC is not relevant for the consent option. */
+  NONE = "none",
+  /** GPC is enabled and consent matches the configured default. */
+  APPLIED = "applied",
+  /** GPC is enabled but consent has been set to override the configured default. */
+  OVERRIDDEN = "overridden",
+}
+
 // ------------------LEGACY TYPES BELOW -------------------
 
 export type ConditionalValue = {
diff --git a/clients/fides-js/src/lib/consent-utils.ts b/clients/fides-js/src/lib/consent-utils.ts
index c1d1b4bbdb..f5b0d629de 100644
--- a/clients/fides-js/src/lib/consent-utils.ts
+++ b/clients/fides-js/src/lib/consent-utils.ts
@@ -1,8 +1,11 @@
+import { ConsentContext } from "./consent-context";
 import {
   ComponentType,
   ConsentMechanism,
   FidesOptions,
+  GpcStatus,
   PrivacyExperience,
+  PrivacyNotice,
   UserConsentPreference,
   UserGeolocation,
   VALID_ISO_3166_LOCATION_REGEX,
@@ -187,3 +190,28 @@ export const hasActionNeededNotices = (experience: PrivacyExperience) =>
       (notice) => notice.current_preference == null
     )
   );
+
+export const getGpcStatusFromNotice = ({
+  value,
+  notice,
+  consentContext,
+}: {
+  value: boolean;
+  notice: PrivacyNotice;
+  consentContext: ConsentContext;
+}) => {
+  // If GPC is not enabled, it won't be applied at all.
+  if (
+    !consentContext.globalPrivacyControl ||
+    !notice.has_gpc_flag ||
+    notice.consent_mechanism === ConsentMechanism.NOTICE_ONLY
+  ) {
+    return GpcStatus.NONE;
+  }
+
+  if (!value) {
+    return GpcStatus.APPLIED;
+  }
+
+  return GpcStatus.OVERRIDDEN;
+};
diff --git a/clients/fides-js/src/lib/consent-value.ts b/clients/fides-js/src/lib/consent-value.ts
index 15b515e44d..60dbf1b28d 100644
--- a/clients/fides-js/src/lib/consent-value.ts
+++ b/clients/fides-js/src/lib/consent-value.ts
@@ -1,5 +1,5 @@
 import { ConsentContext } from "./consent-context";
-import { ConsentValue, PrivacyNotice } from "./consent-types";
+import { ConsentMechanism, ConsentValue, PrivacyNotice } from "./consent-types";
 import { transformUserPreferenceToBoolean } from "./consent-utils";
 
 export const resolveLegacyConsentValue = (
@@ -28,6 +28,9 @@ export const resolveConsentValue = (
   if (notice.current_preference) {
     return transformUserPreferenceToBoolean(notice.current_preference);
   }
+  if (notice.consent_mechanism === ConsentMechanism.NOTICE_ONLY) {
+    return true;
+  }
   const gpcEnabled =
     !!notice.has_gpc_flag && context.globalPrivacyControl === true;
   if (gpcEnabled) {
diff --git a/clients/privacy-center/components/consent/ConfigDrivenConsent.tsx b/clients/privacy-center/components/consent/ConfigDrivenConsent.tsx
index 9346881a2f..9ef2382a03 100644
--- a/clients/privacy-center/components/consent/ConfigDrivenConsent.tsx
+++ b/clients/privacy-center/components/consent/ConfigDrivenConsent.tsx
@@ -1,6 +1,10 @@
 import { Divider, Stack, useToast } from "@fidesui/react";
 import React, { useCallback, useEffect, useMemo } from "react";
-import { getConsentContext, resolveLegacyConsentValue } from "fides-js";
+import {
+  getConsentContext,
+  resolveLegacyConsentValue,
+  GpcStatus,
+} from "fides-js";
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
 import {
   changeConsent,
@@ -10,7 +14,6 @@ import {
 import { getGpcStatus } from "~/features/consent/helpers";
 
 import { useConfig } from "~/features/common/config.slice";
-import { GpcStatus } from "~/features/consent/types";
 import { inspectForBrowserIdentities } from "~/common/browser-identities";
 import { useLocalStorage } from "~/common/hooks";
 import { ConsentPreferences } from "~/types/api";
diff --git a/clients/privacy-center/components/consent/ConsentItem.tsx b/clients/privacy-center/components/consent/ConsentItem.tsx
index c519a66148..ffeea7337e 100644
--- a/clients/privacy-center/components/consent/ConsentItem.tsx
+++ b/clients/privacy-center/components/consent/ConsentItem.tsx
@@ -12,7 +12,7 @@ import {
   ExternalLinkIcon,
 } from "@fidesui/react";
 
-import { GpcStatus } from "~/features/consent/types";
+import { GpcStatus } from "fides-js";
 import { GpcBadge, GpcInfo } from "~/features/consent/GpcMessages";
 
 export type ConsentItemProps = {
diff --git a/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx b/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
index 73d137d9eb..fd3e7eee18 100644
--- a/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
+++ b/clients/privacy-center/components/consent/NoticeDrivenConsent.tsx
@@ -8,6 +8,8 @@ import {
   removeCookiesFromBrowser,
   saveFidesCookie,
   transformUserPreferenceToBoolean,
+  getGpcStatusFromNotice,
+  PrivacyNotice,
 } from "fides-js";
 import { useAppSelector } from "~/app/hooks";
 import {
@@ -16,7 +18,6 @@ import {
   selectPrivacyExperience,
   useUpdatePrivacyPreferencesMutation,
 } from "~/features/consent/consent.slice";
-import { getGpcStatusFromNotice } from "~/features/consent/helpers";
 
 import {
   ConsentMechanism,
@@ -100,7 +101,7 @@ const NoticeDrivenConsent = () => {
       const value = transformUserPreferenceToBoolean(preference);
       const gpcStatus = getGpcStatusFromNotice({
         value,
-        notice,
+        notice: notice as PrivacyNotice,
         consentContext,
       });
 
diff --git a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
index fa7aca6dbb..522a8284e2 100644
--- a/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent-banner.cy.ts
@@ -665,6 +665,23 @@ describe("Consent banner", () => {
             [PRIVACY_NOTICE_KEY_1]: false,
           });
       });
+
+      it("shows indicators that GPC has been applied", () => {
+        // In the banner
+        cy.get("div#fides-banner").within(() => {
+          cy.get("span").contains("Global Privacy Control Signal detected");
+        });
+        // And in the modal
+        cy.get("button").contains("Manage preferences").click();
+        cy.get("div.fides-gpc-banner").contains(
+          "Global Privacy Control detected"
+        );
+        cy.get("span")
+          .contains("Test privacy notice with gpc enabled")
+          .within(() => {
+            cy.get("span").contains("Global Privacy Control applied");
+          });
+      });
     });
 
     describe("when GPC flag is found, and no notices apply to GPC", () => {
@@ -702,6 +719,17 @@ describe("Consent banner", () => {
         // check that preferences do not exist in cookie
         cy.getCookie(CONSENT_COOKIE_NAME).should("not.exist");
       });
+
+      it("does not show gpc indicator but does show it was detected and the info banner", () => {
+        // In the banner
+        cy.get("div.fides-gpc-banner").contains(
+          "Global Privacy Control detected"
+        );
+        // And in the modal
+        cy.get("button").contains("Manage preferences").click();
+        cy.get("div.fides-gpc-banner").should("be.visible");
+        cy.get("div.fides-gpc-badge").should("not.exist");
+      });
     });
 
     describe("when no GPC flag is found, and notices apply to GPC", () => {
@@ -736,6 +764,17 @@ describe("Consent banner", () => {
         // check that preferences do not exist in cookie
         cy.getCookie(CONSENT_COOKIE_NAME).should("not.exist");
       });
+
+      it("does not show any gpc indicators", () => {
+        // In the banner
+        cy.get("div#fides-banner").within(() => {
+          cy.get("span.fides-gpc-badge").should("not.exist");
+        });
+        // And in the modal
+        cy.get("button").contains("Manage preferences").click();
+        cy.get("div.fides-gpc-banner").should("not.exist");
+        cy.get("div.fides-gpc-badge").should("not.exist");
+      });
     });
 
     describe("when experience component is not an overlay", () => {
@@ -1008,6 +1047,18 @@ describe("Consent banner", () => {
         // check that preferences do not exist in cookie
         cy.getCookie(CONSENT_COOKIE_NAME).should("not.exist");
       });
+
+      it("shows gpc indicators in modal", () => {
+        cy.get("#fides-modal-link").click();
+        cy.get("div.fides-gpc-banner").contains(
+          "Global Privacy Control detected"
+        );
+        cy.get("span")
+          .contains("Test privacy notice")
+          .within(() => {
+            cy.get("span").contains("Global Privacy Control overridden");
+          });
+      });
     });
 
     describe("when banner should not be shown but modal link element exists", () => {
@@ -1484,4 +1535,63 @@ describe("Consent banner", () => {
       });
     });
   });
+
+  describe("gpc indicators in the modal", () => {
+    beforeEach(() => {
+      cy.on("window:before:load", (win) => {
+        // eslint-disable-next-line no-param-reassign
+        win.navigator.globalPrivacyControl = true;
+      });
+    });
+    it("renders the proper gpc indicator", () => {
+      stubConfig({
+        experience: {
+          privacy_notices: [
+            mockPrivacyNotice({
+              name: "Applied",
+              notice_key: "applied",
+              has_gpc_flag: true,
+              consent_mechanism: ConsentMechanism.OPT_OUT,
+              default_preference: UserConsentPreference.OPT_IN,
+              current_preference: undefined,
+            }),
+            mockPrivacyNotice({
+              name: "Notice only",
+              notice_key: "notice_only",
+              // notice-only should never have has_gpc_flag true, but just in case,
+              // make sure the expected behavior still holds if it is somehow true
+              has_gpc_flag: true,
+              consent_mechanism: ConsentMechanism.NOTICE_ONLY,
+              default_preference: UserConsentPreference.ACKNOWLEDGE,
+              current_preference: UserConsentPreference.ACKNOWLEDGE,
+            }),
+            mockPrivacyNotice({
+              name: "Overridden",
+              notice_key: "overridden",
+              has_gpc_flag: true,
+              consent_mechanism: ConsentMechanism.OPT_OUT,
+              default_preference: UserConsentPreference.OPT_IN,
+              current_preference: UserConsentPreference.OPT_IN,
+            }),
+          ],
+        },
+      });
+      cy.get("#fides-modal-link").click();
+      cy.get(".fides-notice-toggle")
+        .contains("Applied")
+        .within(() => {
+          cy.get(".fides-gpc-label").contains("applied");
+        });
+      cy.get(".fides-notice-toggle")
+        .contains("Notice only")
+        .within(() => {
+          cy.get(".fides-gpc-label").should("not.exist");
+        });
+      cy.get(".fides-notice-toggle")
+        .contains("Overridden")
+        .within(() => {
+          cy.get(".fides-gpc-label").contains("overridden");
+        });
+    });
+  });
 });
diff --git a/clients/privacy-center/cypress/e2e/consent.cy.ts b/clients/privacy-center/cypress/e2e/consent.cy.ts
index 2709fbc9b4..e2d06e7e14 100644
--- a/clients/privacy-center/cypress/e2e/consent.cy.ts
+++ b/clients/privacy-center/cypress/e2e/consent.cy.ts
@@ -1,5 +1,4 @@
-import { CONSENT_COOKIE_NAME, FidesCookie } from "fides-js";
-import { GpcStatus } from "~/features/consent/types";
+import { CONSENT_COOKIE_NAME, FidesCookie, GpcStatus } from "fides-js";
 import { ConsentPreferencesWithVerificationCode } from "~/types/api";
 import { API_URL } from "../support/constants";
 
diff --git a/clients/privacy-center/features/consent/GpcMessages.tsx b/clients/privacy-center/features/consent/GpcMessages.tsx
index 73898dc698..396e2c9771 100644
--- a/clients/privacy-center/features/consent/GpcMessages.tsx
+++ b/clients/privacy-center/features/consent/GpcMessages.tsx
@@ -7,7 +7,7 @@ import {
   HStack,
   WarningTwoIcon,
 } from "@fidesui/react";
-import { GpcStatus } from "./types";
+import { GpcStatus } from "fides-js";
 
 const BADGE_COLORS = {
   [GpcStatus.NONE]: undefined,
diff --git a/clients/privacy-center/features/consent/helpers.ts b/clients/privacy-center/features/consent/helpers.ts
index bc57dd311e..f79d2722f3 100644
--- a/clients/privacy-center/features/consent/helpers.ts
+++ b/clients/privacy-center/features/consent/helpers.ts
@@ -2,6 +2,7 @@ import {
   ConsentContext,
   CookieKeyConsent,
   resolveLegacyConsentValue,
+  GpcStatus,
 } from "fides-js";
 
 import {
@@ -9,8 +10,7 @@ import {
   LegacyConsentConfig,
   ConsentConfig,
 } from "~/types/config";
-import { PrivacyNoticeResponseWithUserPreferences } from "~/types/api";
-import { FidesKeyToConsent, GpcStatus } from "./types";
+import { FidesKeyToConsent } from "./types";
 
 /**
  * Ascertain whether a consentConfig is V1 or V2 based upon the presence of a `button` key
@@ -102,24 +102,3 @@ export const getGpcStatus = ({
 
   return GpcStatus.OVERRIDDEN;
 };
-
-export const getGpcStatusFromNotice = ({
-  value,
-  notice,
-  consentContext,
-}: {
-  value: boolean;
-  notice: PrivacyNoticeResponseWithUserPreferences;
-  consentContext: ConsentContext;
-}) => {
-  // If GPC is not enabled, it won't be applied at all.
-  if (!consentContext.globalPrivacyControl || !notice.has_gpc_flag) {
-    return GpcStatus.NONE;
-  }
-
-  if (!value) {
-    return GpcStatus.APPLIED;
-  }
-
-  return GpcStatus.OVERRIDDEN;
-};
diff --git a/clients/privacy-center/features/consent/types.ts b/clients/privacy-center/features/consent/types.ts
index 37df806718..0d78a74609 100644
--- a/clients/privacy-center/features/consent/types.ts
+++ b/clients/privacy-center/features/consent/types.ts
@@ -7,12 +7,3 @@ export type FidesKeyToConsent = {
 export type NoticeHistoryIdToPreference = {
   [historyId: string]: UserConsentPreference | undefined;
 };
-
-export enum GpcStatus {
-  /** GPC is not relevant for the consent option. */
-  NONE = "none",
-  /** GPC is enabled and consent matches the configured default. */
-  APPLIED = "applied",
-  /** GPC is enabled but consent has been set to override the configured default. */
-  OVERRIDDEN = "overridden",
-}

From 65a72ffca7d7c596bd8b9e9c23024d6a4fea3e36 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Wed, 28 Jun 2023 15:15:00 -0400
Subject: [PATCH 40/90] Include `data_use` and `data_category` metadata in
 `upload` of access results (#3674)

---
 .fides/redis_dataset.yml                      |  11 +
 CHANGELOG.md                                  |   1 +
 src/fides/api/graph/graph.py                  |   4 +-
 src/fides/api/models/privacy_request.py       |  20 +-
 .../privacy_request/request_runner_service.py |   2 +
 .../storage/storage_uploader_service.py       |  32 ++-
 src/fides/api/task/graph_task.py              |  38 +++
 src/fides/api/tasks/storage.py                |   7 +-
 tests/fixtures/postgres_fixtures.py           |   3 +
 .../test_request_runner_service.py            | 116 +++++++++
 .../service/test_storage_uploader_service.py  |   4 +
 tests/ops/task/test_graph_task.py             | 221 +++++++++++++++++-
 12 files changed, 446 insertions(+), 13 deletions(-)

diff --git a/.fides/redis_dataset.yml b/.fides/redis_dataset.yml
index 56f66e7bf5..c2c3831df3 100644
--- a/.fides/redis_dataset.yml
+++ b/.fides/redis_dataset.yml
@@ -20,6 +20,17 @@ dataset:
                     data_categories: [system.operations]
                     fidesops_meta:
                       data_type: string[]  # List of edges between the upstream collection and the current collection
+          - name: EN_DATA_USE_MAP__<privacy_request_id>
+            description: This map of traversed `Collection`s to associated `DataUse`s is stored and retrieved to be included in access request output packages.
+            data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+            fidesops_meta:
+              data_type: object # Dict mapping `Collection` addresses -> set of associated `DataUse`s
+            fields:
+              - name: <dataset_name>:<collection_name>  # `Collection` address
+                data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+                data_categories: [system.operations]
+                fidesops_meta:
+                  data_type: string[] # set of `DataUse`s associated with this `Collection`
           - name: EN_EMAIL_INFORMATION__<privacy_request_id>__<current_step>__<dataset_name>__<collection_name>  # Usage: For building emails associated with email-connector datasets at the end of the privacy request. This encrypted raw information is retrieved from each relevant email-based collection and used to build a single email per email connector, with instructions on how to mask data on the given dataset.
             fidesops_meta:
               data_type: object  # Stores how to locate and mask records for a given "email" collection.
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 479c5e5817..17e627b443 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ The types of changes are:
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
 - GPC indicators in fides-js banner and modal [#3673](https://github.com/ethyca/fides/pull/3673)
 - Set `sslmode` to `prefer` if connecting to Redshift via ssh [#3685](https://github.com/ethyca/fides/pull/3685)
+- Include `data_use` and `data_category` metadata in `upload` of access results [#3674](https://github.com/ethyca/fides/pull/3674)
 
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
diff --git a/src/fides/api/graph/graph.py b/src/fides/api/graph/graph.py
index 7b62ee4d95..c53eba9371 100644
--- a/src/fides/api/graph/graph.py
+++ b/src/fides/api/graph/graph.py
@@ -18,6 +18,8 @@
     SeedAddress,
 )
 
+DataCategoryFieldMapping = Dict[CollectionAddress, Dict[FidesKey, List[FieldPath]]]
+
 
 class Node:
     """A traversal_node represents a single collection as a graph traversal_node.
@@ -229,7 +231,7 @@ def __init__(self, *datasets: GraphDataset) -> None:
     @property
     def data_category_field_mapping(
         self,
-    ) -> Dict[CollectionAddress, Dict[FidesKey, List[FieldPath]]]:
+    ) -> DataCategoryFieldMapping:
         """
         Maps the data_categories for each traversal_node to a list of field paths that have that
         same data category.
diff --git a/src/fides/api/models/privacy_request.py b/src/fides/api/models/privacy_request.py
index b513ef9eb3..adeebe1225 100644
--- a/src/fides/api/models/privacy_request.py
+++ b/src/fides/api/models/privacy_request.py
@@ -5,7 +5,7 @@
 import json
 from datetime import datetime, timedelta
 from enum import Enum as EnumType
-from typing import Any, Dict, List, Optional, Union
+from typing import Any, Dict, List, Optional, Set, Union
 
 from celery.result import AsyncResult
 from loguru import logger
@@ -660,6 +660,24 @@ def get_cached_access_graph(self) -> Optional[GraphRepr]:
         ] = cache.get_encoded_objects_by_prefix(f"ACCESS_GRAPH__{self.id}")
         return list(value_dict.values())[0] if value_dict else None
 
+    def cache_data_use_map(self, value: Dict[str, Set[str]]) -> None:
+        """
+        Cache a dict of collections traversed in the privacy request
+        mapped to their associated data uses
+        """
+        cache: FidesopsRedis = get_cache()
+        cache.set_encoded_object(f"DATA_USE_MAP__{self.id}", value)
+
+    def get_cached_data_use_map(self) -> Optional[Dict[str, Set[str]]]:
+        """
+        Fetch the collection -> data use map cached for this privacy request
+        """
+        cache: FidesopsRedis = get_cache()
+        value_dict: Optional[
+            Dict[str, Optional[Dict[str, Set[str]]]]
+        ] = cache.get_encoded_objects_by_prefix(f"DATA_USE_MAP__{self.id}")
+        return list(value_dict.values())[0] if value_dict else None
+
     def trigger_policy_webhook(
         self,
         webhook: WebhookTypes,
diff --git a/src/fides/api/service/privacy_request/request_runner_service.py b/src/fides/api/service/privacy_request/request_runner_service.py
index dcfd964b09..b7d5116a63 100644
--- a/src/fides/api/service/privacy_request/request_runner_service.py
+++ b/src/fides/api/service/privacy_request/request_runner_service.py
@@ -231,6 +231,8 @@ def upload_access_results(  # pylint: disable=R0912
                 privacy_request=privacy_request,
                 data=filtered_results,
                 storage_key=storage_destination.key,  # type: ignore
+                data_category_field_mapping=dataset_graph.data_category_field_mapping,
+                data_use_map=privacy_request.get_cached_data_use_map(),
             )
             if download_url:
                 download_urls.append(download_url)
diff --git a/src/fides/api/service/storage/storage_uploader_service.py b/src/fides/api/service/storage/storage_uploader_service.py
index 6ce7dd8e2c..a94143add1 100644
--- a/src/fides/api/service/storage/storage_uploader_service.py
+++ b/src/fides/api/service/storage/storage_uploader_service.py
@@ -1,10 +1,11 @@
-from typing import Any, Dict, Optional
+from typing import Any, Dict, Optional, Set
 
 from fideslang.validation import FidesKey
 from loguru import logger
 from sqlalchemy.orm import Session
 
 from fides.api.common_exceptions import StorageUploadError
+from fides.api.graph.graph import DataCategoryFieldMapping
 from fides.api.models.privacy_request import PrivacyRequest
 from fides.api.models.storage import StorageConfig
 from fides.api.schemas.storage.storage import (
@@ -17,7 +18,12 @@
 
 
 def upload(
-    db: Session, *, privacy_request: PrivacyRequest, data: Dict, storage_key: FidesKey
+    db: Session,
+    privacy_request: PrivacyRequest,
+    data: Dict,
+    storage_key: FidesKey,
+    data_category_field_mapping: Optional[DataCategoryFieldMapping] = None,
+    data_use_map: Optional[Dict[str, Set[str]]] = None,
 ) -> str:
     """
     Retrieves storage configs and calls appropriate upload method
@@ -35,7 +41,9 @@ def upload(
         logger.warning("Storage type not found: {}", storage_key)
         raise StorageUploadError(f"Storage type not found: {storage_key}")
     uploader: Any = _get_uploader_from_config_type(config.type)  # type: ignore
-    return uploader(db, config, data, privacy_request)
+    return uploader(
+        db, config, data, privacy_request, data_category_field_mapping, data_use_map
+    )
 
 
 def get_extension(resp_format: ResponseFormat) -> str:
@@ -76,7 +84,12 @@ def _get_uploader_from_config_type(storage_type: StorageType) -> Any:
 
 
 def _s3_uploader(
-    _: Session, config: StorageConfig, data: Dict, privacy_request: PrivacyRequest
+    _: Session,
+    config: StorageConfig,
+    data: Dict,
+    privacy_request: PrivacyRequest,
+    data_category_field_mapping: Optional[DataCategoryFieldMapping] = None,
+    data_use_map: Optional[Dict[str, Set[str]]] = None,
 ) -> str:
     """Constructs necessary info needed for s3 before calling upload"""
     file_key: str = _construct_file_key(privacy_request.id, config)
@@ -85,13 +98,18 @@ def _s3_uploader(
     auth_method = config.details[StorageDetails.AUTH_METHOD.value]
 
     return upload_to_s3(
-        config.secrets, data, bucket_name, file_key, config.format.value, privacy_request, auth_method  # type: ignore
+        config.secrets, data, bucket_name, file_key, config.format.value, privacy_request, auth_method, data_category_field_mapping, data_use_map  # type: ignore
     )
 
 
 def _local_uploader(
-    _: Session, config: StorageConfig, data: Dict, privacy_request: PrivacyRequest
+    _: Session,
+    config: StorageConfig,
+    data: Dict,
+    privacy_request: PrivacyRequest,
+    data_category_field_mapping: Optional[DataCategoryFieldMapping] = None,
+    data_use_map: Optional[Dict[str, Set[str]]] = None,
 ) -> str:
     """Uploads data to local storage, used for quick-start/demo purposes"""
     file_key: str = _construct_file_key(privacy_request.id, config)
-    return upload_to_local(data, file_key, privacy_request, config.format.value)  # type: ignore
+    return upload_to_local(data, file_key, privacy_request, config.format.value, data_category_field_mapping, data_use_map)  # type: ignore
diff --git a/src/fides/api/task/graph_task.py b/src/fides/api/task/graph_task.py
index a91a7b4754..c156456dd7 100644
--- a/src/fides/api/task/graph_task.py
+++ b/src/fides/api/task/graph_task.py
@@ -38,6 +38,7 @@
 from fides.api.models.connectionconfig import AccessLevel, ConnectionConfig
 from fides.api.models.policy import Policy
 from fides.api.models.privacy_request import ExecutionLogStatus, PrivacyRequest
+from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 from fides.api.schemas.policy import ActionType
 from fides.api.service.connectors.base_connector import BaseConnector
 from fides.api.task.consolidate_query_matches import consolidate_query_matches
@@ -174,6 +175,13 @@ def __init__(
         self.connector: BaseConnector = resources.get_connector(
             self.traversal_node.node.dataset.connection_key  # ConnectionConfig.key
         )
+        self.data_uses: Set[str] = (
+            System.get_data_uses(
+                [self.connector.configuration.system], include_parents=False
+            )
+            if self.connector.configuration.system
+            else {}
+        )
 
         # build incoming edges to the form : [dataset address: [(foreign field, local field)]
         self.incoming_edges_by_collection: Dict[
@@ -658,6 +666,28 @@ def update_mapping_from_cache(
         )
 
 
+def _format_data_use_map_for_caching(
+    env: Dict[CollectionAddress, "GraphTask"]
+) -> Dict[str, Set[str]]:
+    """
+    Create a map of `Collection`s mapped to their associated `DataUse`s
+    to be stored in the cache. This is done before request execution, so that we
+    maintain the _original_ state of the graph as it's used for request execution.
+    The graph is subject to change "from underneath" the request execution runtime,
+    but we want to avoid picking up those changes in our data use map.
+
+    `DataUse`s are associated with a `Collection` by means of the `System`
+    that's linked to a `Collection`'s `Connection` definition.
+
+    Example:
+    {
+       <collection1>: {"data_use_1", "data_use_2"},
+       <collection2>: {"data_use_1"},
+    }
+    """
+    return {collection.value: g_task.data_uses for collection, g_task in env.items()}
+
+
 def start_function(seed: List[Dict[str, Any]]) -> Callable[[], List[Dict[str, Any]]]:
     """Return a function for collections with no upstream dependencies, that just start
     with seed data.
@@ -715,8 +745,16 @@ def termination_fn(
                 privacy_request, env, end_nodes, resources, ActionType.access
             )
         )
+
+        # cache access graph for use in logging/analytics event
         privacy_request.cache_access_graph(format_graph_for_caching(env, end_nodes))
 
+        # cache a map of collections -> data uses for the output package of access requests
+        # this is cached here before request execution, since this is the state of the
+        # graph used for request execution. the graph could change _during_ request execution,
+        # but we don't want those changes in our data use map.
+        privacy_request.cache_data_use_map(_format_data_use_map_for_caching(env))
+
         v = delayed(get(dsk, TERMINATOR_ADDRESS, num_workers=1))
         return v.compute()
 
diff --git a/src/fides/api/tasks/storage.py b/src/fides/api/tasks/storage.py
index 269029dc44..b0c48fc72a 100644
--- a/src/fides/api/tasks/storage.py
+++ b/src/fides/api/tasks/storage.py
@@ -5,7 +5,7 @@
 import secrets
 import zipfile
 from io import BytesIO
-from typing import Any, Dict, Union
+from typing import Any, Dict, Optional, Set, Union
 
 import pandas as pd
 from boto3 import Session
@@ -13,6 +13,7 @@
 from loguru import logger
 
 from fides.api.cryptography.cryptographic_util import bytes_to_b64_str
+from fides.api.graph.graph import DataCategoryFieldMapping
 from fides.api.models.privacy_request import PrivacyRequest
 from fides.api.schemas.storage.storage import (
     ResponseFormat,
@@ -133,6 +134,8 @@ def upload_to_s3(  # pylint: disable=R0913
     resp_format: str,
     privacy_request: PrivacyRequest,
     auth_method: S3AuthMethod,
+    data_category_field_mapping: Optional[DataCategoryFieldMapping] = None,
+    data_use_map: Optional[Dict[str, Set[str]]] = None,
 ) -> str:
     """Uploads arbitrary data to s3 returned from an access request"""
     logger.info("Starting S3 Upload of {}", file_key)
@@ -171,6 +174,8 @@ def upload_to_local(
     file_key: str,
     privacy_request: PrivacyRequest,
     resp_format: str = ResponseFormat.json.value,
+    data_category_field_mapping: Optional[DataCategoryFieldMapping] = None,
+    data_use_map: Optional[Dict[str, Set[str]]] = None,
 ) -> str:
     """Uploads access request data to a local folder - for testing/demo purposes only"""
     if not os.path.exists(LOCAL_FIDES_UPLOAD_DIRECTORY):
diff --git a/tests/fixtures/postgres_fixtures.py b/tests/fixtures/postgres_fixtures.py
index e483b63afa..3ac0668026 100644
--- a/tests/fixtures/postgres_fixtures.py
+++ b/tests/fixtures/postgres_fixtures.py
@@ -19,6 +19,7 @@
     PrivacyRequest,
 )
 from fides.api.models.sql_models import Dataset as CtlDataset
+from fides.api.models.sql_models import System
 from fides.api.service.connectors import PostgreSQLConnector
 from fides.config import CONFIG
 from tests.ops.test_helpers.db_utils import seed_postgres_data
@@ -178,6 +179,7 @@ def disabled_connection_config(
 @pytest.fixture(scope="function")
 def read_connection_config(
     db: Session,
+    system: System,
 ) -> Generator:
     connection_config = ConnectionConfig.create(
         db=db,
@@ -186,6 +188,7 @@ def read_connection_config(
             "key": "my_postgres_db_1_read_config",
             "connection_type": ConnectionType.postgres,
             "access": AccessLevel.read,
+            "system_id": system.id,
             "secrets": integration_secrets["postgres_example"],
             "description": "Read-only connection config",
         },
diff --git a/tests/ops/service/privacy_request/test_request_runner_service.py b/tests/ops/service/privacy_request/test_request_runner_service.py
index ce6ff99211..ba5884c225 100644
--- a/tests/ops/service/privacy_request/test_request_runner_service.py
+++ b/tests/ops/service/privacy_request/test_request_runner_service.py
@@ -17,6 +17,7 @@
     ClientUnsuccessfulException,
     PrivacyRequestPaused,
 )
+from fides.api.graph.config import CollectionAddress, FieldPath
 from fides.api.graph.graph import DatasetGraph
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.models.audit_log import AuditLog, AuditLogAction
@@ -311,6 +312,121 @@ def get_privacy_request_results(
     return PrivacyRequest.get(db=db, object_id=privacy_request.id)
 
 
+@pytest.mark.integration_postgres
+@pytest.mark.integration
+@mock.patch("fides.api.service.privacy_request.request_runner_service.upload")
+def test_upload_access_results_has_data_category_field_mapping(
+    upload_mock: Mock,
+    postgres_example_test_dataset_config_read_access,
+    postgres_integration_db,
+    db,
+    policy,
+    run_privacy_request_task,
+):
+    """
+    Ensure we are passing along a correctly populated data_category_field_mapping to the 'upload' function
+    that publishes the access request output.
+    """
+    customer_email = "customer-1@example.com"
+    data = {
+        "requested_at": "2021-08-30T16:09:37.359Z",
+        "policy_key": policy.key,
+        "identity": {"email": customer_email},
+    }
+
+    pr = get_privacy_request_results(
+        db,
+        policy,
+        run_privacy_request_task,
+        data,
+    )
+
+    # sanity check that acccess results returned as expected
+    results = pr.get_results()
+    assert len(results.keys()) == 11
+
+    # what we're really testing - ensure data_category_field_mapping arg is well-populated
+    args, kwargs = upload_mock.call_args
+    data_category_field_mapping = kwargs["data_category_field_mapping"]
+
+    # make sure the category field mapping generally looks as we expect
+    address_mapping = data_category_field_mapping[
+        CollectionAddress.from_string("postgres_example_test_dataset:address")
+    ]
+    assert len(address_mapping) >= 5
+    assert address_mapping["user.contact.address.street"] == [
+        FieldPath("house"),
+        FieldPath("street"),
+    ]
+    product_mapping = data_category_field_mapping[
+        CollectionAddress.from_string("postgres_example_test_dataset:product")
+    ]
+    assert len(product_mapping) >= 1
+    assert product_mapping["system.operations"] == [
+        FieldPath(
+            "id",
+        ),
+        FieldPath(
+            "name",
+        ),
+        FieldPath(
+            "price",
+        ),
+    ]
+
+
+@pytest.mark.integration_postgres
+@pytest.mark.integration
+@mock.patch("fides.api.service.privacy_request.request_runner_service.upload")
+def test_upload_access_results_has_data_use_map(
+    upload_mock: Mock,
+    postgres_example_test_dataset_config_read_access,
+    postgres_integration_db,
+    db,
+    policy,
+    run_privacy_request_task,
+):
+    """
+    Ensure we are passing along a correctly populated data_use_map to the 'upload' function
+    that publishes the access request output.
+    """
+    customer_email = "customer-1@example.com"
+    data = {
+        "requested_at": "2021-08-30T16:09:37.359Z",
+        "policy_key": policy.key,
+        "identity": {"email": customer_email},
+    }
+
+    pr = get_privacy_request_results(
+        db,
+        policy,
+        run_privacy_request_task,
+        data,
+    )
+
+    # sanity check that acccess results returned as expected
+    results = pr.get_results()
+    assert len(results.keys()) == 11
+
+    # what we're really testing - ensure data_use_map arg is well-populated
+    args, kwargs = upload_mock.call_args
+    data_use_map = kwargs["data_use_map"]
+
+    assert data_use_map == {
+        "postgres_example_test_dataset:report": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:employee": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:customer": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:service_request": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:visit": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:address": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:login": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:orders": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:payment_card": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:order_item": "{'marketing.advertising'}",
+        "postgres_example_test_dataset:product": "{'marketing.advertising'}",
+    }
+
+
 @pytest.mark.integration_postgres
 @pytest.mark.integration
 @mock.patch("fides.api.models.privacy_request.PrivacyRequest.trigger_policy_webhook")
diff --git a/tests/ops/service/test_storage_uploader_service.py b/tests/ops/service/test_storage_uploader_service.py
index 82298a4bf6..ad6beaf700 100644
--- a/tests/ops/service/test_storage_uploader_service.py
+++ b/tests/ops/service/test_storage_uploader_service.py
@@ -78,6 +78,8 @@ def test_uploader_s3_success_secrets_auth(
         "json",
         privacy_request,
         S3AuthMethod.SECRET_KEYS.value,
+        None,
+        None,
     )
 
     storage_config.delete(db)
@@ -183,6 +185,8 @@ def test_uploader_s3_success_automatic_auth(
         "json",
         privacy_request,
         S3AuthMethod.AUTOMATIC.value,
+        None,
+        None,
     )
 
     storage_config.delete(db)
diff --git a/tests/ops/task/test_graph_task.py b/tests/ops/task/test_graph_task.py
index 1b58c83b49..a4e14b5789 100644
--- a/tests/ops/task/test_graph_task.py
+++ b/tests/ops/task/test_graph_task.py
@@ -1,8 +1,10 @@
 from typing import Any, Dict
 from unittest import mock
+from uuid import uuid4
 
 import pytest
 from bson import ObjectId
+from fideslang.models import Dataset
 
 from fides.api.common_exceptions import SkippingConsentPropagation
 from fides.api.graph.config import (
@@ -15,20 +17,28 @@
 )
 from fides.api.graph.graph import DatasetGraph
 from fides.api.graph.traversal import Traversal, TraversalNode
-from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
+from fides.api.models.connectionconfig import (
+    AccessLevel,
+    ConnectionConfig,
+    ConnectionType,
+)
+from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.policy import Policy, Rule, RuleTarget
 from fides.api.models.privacy_request import ExecutionLog, ExecutionLogStatus
+from fides.api.models.sql_models import Dataset as CtlDataset
 from fides.api.schemas.policy import ActionType
 from fides.api.task.graph_task import (
     EMPTY_REQUEST,
     GraphTask,
     TaskResources,
     _evaluate_erasure_dependencies,
+    _format_data_use_map_for_caching,
     build_affected_field_logs,
     collect_queries,
     start_function,
     update_erasure_mapping_from_cache,
 )
+from fides.api.task.task_resources import Connections
 from fides.api.util.consent_util import (
     cache_initial_status_and_identities_for_consent_reporting,
 )
@@ -586,9 +596,9 @@ def test_multiple_rules_targeting_same_field(self, node_fixture):
 
 class TestUpdateErasureMappingFromCache:
     @pytest.fixture(scope="function")
-    def task_resource(self, privacy_request, policy, db):
+    def task_resource(self, privacy_request, policy, db, connection_config):
         tr = TaskResources(privacy_request, policy, [], db)
-        tr.get_connector = lambda x: True
+        tr.get_connector = lambda x: Connections.build_connector(connection_config)
         return tr
 
     @pytest.fixture(scope="function")
@@ -669,6 +679,211 @@ def test_update_erasure_mapping_from_cache_with_data(self, dsk, task_resource):
         assert dsk[CollectionAddress("dr_1", "ds_1")] == 1
 
 
+class TestFormatDataUseMapForCaching:
+    def create_dataset(self, db, fides_key, connection_config):
+        """
+        Util to create dataset and dataset config used in fixtures
+        """
+        ds = Dataset(
+            fides_key=fides_key,
+            organization_fides_key="default_organization",
+            name="Postgres Example Subscribers Dataset",
+            collections=[
+                {
+                    "name": "subscriptions",
+                    "fields": [
+                        {
+                            "name": "email",
+                            "data_categories": ["user.contact.email"],
+                            "fidesops_meta": {
+                                "identity": "email",
+                            },
+                        },
+                    ],
+                },
+            ],
+        )
+        ctl_dataset = CtlDataset(**ds.dict())
+
+        db.add(ctl_dataset)
+        db.commit()
+        dataset_config = DatasetConfig.create(
+            db=db,
+            data={
+                "connection_config_id": connection_config.id,
+                "fides_key": fides_key,
+                "ctl_dataset_id": ctl_dataset.id,
+            },
+        )
+        return ctl_dataset, dataset_config
+
+    @pytest.fixture(scope="function")
+    def connection_config_no_system(self, db):
+        """Connection config used for data_use_map testing, not associated with a system"""
+        connection_config = ConnectionConfig.create(
+            db=db,
+            data={
+                "name": str(uuid4()),
+                "key": "connection_config_data_use_map_no_system",
+                "connection_type": ConnectionType.manual,
+                "access": AccessLevel.write,
+                "disabled": False,
+            },
+        )
+
+        ctl_dataset, dataset_config = self.create_dataset(
+            db, "postgres_example_subscriptions_dataset_no_system", connection_config
+        )
+
+        yield connection_config
+        dataset_config.delete(db)
+        ctl_dataset.delete(db)
+        connection_config.delete(db)
+
+    @pytest.fixture(scope="function")
+    def connection_config_system(self, db, system):
+        """Connection config used for data_use_map testing, associated with a system"""
+        connection_config = ConnectionConfig.create(
+            db=db,
+            data={
+                "name": str(uuid4()),
+                "key": "connection_config_data_use_map",
+                "connection_type": ConnectionType.manual,
+                "access": AccessLevel.write,
+                "disabled": False,
+                "system_id": system.id,
+            },
+        )
+
+        ctl_dataset, dataset_config = self.create_dataset(
+            db, "postgres_example_subscriptions_dataset", connection_config
+        )
+
+        yield connection_config
+        dataset_config.delete(db)
+        ctl_dataset.delete(db)
+        connection_config.delete(db)
+
+    @pytest.fixture(scope="function")
+    def connection_config_system_multiple_decs(self, db, system_multiple_decs):
+        """
+        Connection config used for data_use_map testing, associated with a system
+        that has multiple privacy declarations and data uses
+        """
+        connection_config = ConnectionConfig.create(
+            db=db,
+            data={
+                "name": str(uuid4()),
+                "key": "connection_config_data_use_map_system_multiple_decs",
+                "connection_type": ConnectionType.manual,
+                "access": AccessLevel.write,
+                "disabled": False,
+                "system_id": system_multiple_decs.id,
+            },
+        )
+
+        ctl_dataset, dataset_config = self.create_dataset(
+            db,
+            "postgres_example_subscriptions_dataset_multiple_decs",
+            connection_config,
+        )
+
+        yield connection_config
+        dataset_config.delete(db)
+        ctl_dataset.delete(db)
+        connection_config.delete(db)
+
+    @pytest.mark.parametrize(
+        "connection_config_fixtures,expected_data_use_map",
+        [
+            (
+                [
+                    "connection_config_no_system"
+                ],  # connection config no system, no data uses
+                {"postgres_example_subscriptions_dataset_no_system:subscriptions": {}},
+            ),
+            (
+                [
+                    "connection_config_system"
+                ],  # connection config associated with system and therefore data uses
+                {
+                    "postgres_example_subscriptions_dataset:subscriptions": {
+                        "marketing.advertising"
+                    },
+                },
+            ),
+            (
+                [
+                    "connection_config_system_multiple_decs"
+                ],  # system has multiple declarations, multiple data uses
+                {
+                    "postgres_example_subscriptions_dataset_multiple_decs:subscriptions": {
+                        "marketing.advertising",
+                        "third_party_sharing",
+                    },
+                },
+            ),
+            (
+                [  # ensure map is populated correctly with multiple systems
+                    "connection_config_no_system",
+                    "connection_config_system_multiple_decs",
+                ],
+                {
+                    "postgres_example_subscriptions_dataset_no_system:subscriptions": {},
+                    "postgres_example_subscriptions_dataset_multiple_decs:subscriptions": {
+                        "marketing.advertising",
+                        "third_party_sharing",
+                    },
+                },
+            ),
+        ],
+    )
+    def test_data_use_map(
+        self,
+        connection_config_fixtures,
+        expected_data_use_map,
+        db,
+        privacy_request,
+        policy,
+        request,
+    ):
+        """
+        Unit tests that confirm the output from function used to generate
+        the `Collection` -> `DataUse` map that's cached during access request execution.
+        """
+
+        # load connection config fixtures
+        connection_configs = []
+        for config_fixture in connection_config_fixtures:
+            connection_configs.append(request.getfixturevalue(config_fixture))
+
+        # create a sample traversal with our current dataset state
+        datasets = DatasetConfig.all(db=db)
+        dataset_graphs = [dataset_config.get_graph() for dataset_config in datasets]
+        dataset_graph = DatasetGraph(*dataset_graphs)
+        traversal: Traversal = Traversal(
+            dataset_graph, {"email": {"test_user@example.com"}}
+        )
+        env: Dict[CollectionAddress, Any] = {}
+        task_resources = TaskResources(privacy_request, policy, connection_configs, db)
+
+        # perform the traversal to populate our `env` dict
+        def collect_tasks_fn(
+            tn: TraversalNode, data: Dict[CollectionAddress, GraphTask]
+        ) -> None:
+            """Run the traversal, as an action creating a GraphTask for each traversal_node."""
+            if not tn.is_root_node():
+                data[tn.address] = GraphTask(tn, task_resources)
+
+        traversal.traverse(
+            env,
+            collect_tasks_fn,
+        )
+
+        # ensure that the generated data_use_map looks as expected based on `env` dict
+        assert _format_data_use_map_for_caching(env) == expected_data_use_map
+
+
 class TestGraphTaskAffectedConsentSystems:
     @pytest.fixture()
     def mock_graph_task(

From d300f8cebbb092197fb8a8024fa9a967149d3b96 Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Wed, 28 Jun 2023 16:21:42 -0500
Subject: [PATCH 41/90] [Backend] Add Systems Applicable Filter to Privacy
 Experience List  (#3654)

Adds a ?systems_applicable query param to Privacy Experience List to filter embedded notices that belong to systems. Also use this in the frontend.

Co-authored-by: Allison King <allisonjuliaking@gmail.com>
---
 CHANGELOG.md                                  |  1 +
 .../src/features/system/system.slice.ts       |  2 +-
 clients/fides-js/src/services/fides/api.ts    |  1 +
 .../features/consent/consent.slice.ts         |  2 +
 .../endpoints/privacy_experience_endpoints.py |  3 +-
 src/fides/api/models/privacy_experience.py    |  8 +++
 .../test_privacy_experience_endpoints.py      | 56 +++++++++++++++++++
 tests/ops/models/test_privacy_experience.py   | 19 ++++++-
 8 files changed, 89 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17e627b443..05ad481e23 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ The types of changes are:
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
+- Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 
 ### Developer Experience
 
diff --git a/clients/admin-ui/src/features/system/system.slice.ts b/clients/admin-ui/src/features/system/system.slice.ts
index 6a53b2a3fc..a4f616a7ec 100644
--- a/clients/admin-ui/src/features/system/system.slice.ts
+++ b/clients/admin-ui/src/features/system/system.slice.ts
@@ -46,7 +46,7 @@ const systemApi = baseApi.injectEndpoints({
         params: { resource_type: "system" },
         method: "DELETE",
       }),
-      invalidatesTags: ["System", "Datastore Connection"],
+      invalidatesTags: ["System", "Datastore Connection", "Privacy Notices"],
     }),
     upsertSystems: build.mutation<UpsertResponse, System[]>({
       query: (systems) => ({
diff --git a/clients/fides-js/src/services/fides/api.ts b/clients/fides-js/src/services/fides/api.ts
index 1e53c6840b..20d089f270 100644
--- a/clients/fides-js/src/services/fides/api.ts
+++ b/clients/fides-js/src/services/fides/api.ts
@@ -34,6 +34,7 @@ export const fetchExperience = async (
     component: ComponentType.OVERLAY,
     has_notices: "true",
     has_config: "true",
+    systems_applicable: "true",
     fides_user_device_id: fidesUserDeviceId,
   });
   const response = await fetch(
diff --git a/clients/privacy-center/features/consent/consent.slice.ts b/clients/privacy-center/features/consent/consent.slice.ts
index e6ef46807e..ef412546fb 100644
--- a/clients/privacy-center/features/consent/consent.slice.ts
+++ b/clients/privacy-center/features/consent/consent.slice.ts
@@ -67,6 +67,8 @@ export const consentApi = baseApi.injectEndpoints({
           component: ComponentType.PRIVACY_CENTER,
           has_notices: true,
           show_disabled: false,
+          has_config: true,
+          systems_applicable: true,
           ...payload,
         },
       }),
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
index 1afacfedfb..750f4f9106 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
@@ -70,6 +70,7 @@ def privacy_experience_list(
     has_notices: Optional[bool] = None,
     has_config: Optional[bool] = None,
     fides_user_device_id: Optional[str] = None,
+    systems_applicable: Optional[bool] = False,
     request: Request,  # required for rate limiting
     response: Response,  # required for rate limiting
 ) -> AbstractPage[PrivacyExperience]:
@@ -130,7 +131,7 @@ def privacy_experience_list(
         privacy_notices: List[
             PrivacyNotice
         ] = privacy_experience.get_related_privacy_notices(
-            db, show_disabled, fides_user_provided_identity
+            db, show_disabled, systems_applicable, fides_user_provided_identity
         )
         if should_unescape:
             # Unescape both the experience config and the embedded privacy notices
diff --git a/src/fides/api/models/privacy_experience.py b/src/fides/api/models/privacy_experience.py
index 69571ff2d3..b5fdcd3087 100644
--- a/src/fides/api/models/privacy_experience.py
+++ b/src/fides/api/models/privacy_experience.py
@@ -19,6 +19,7 @@
 )
 from fides.api.models.privacy_preference import CurrentPrivacyPreference
 from fides.api.models.privacy_request import ProvidedIdentity
+from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 
 BANNER_CONSENT_MECHANISMS: Set[ConsentMechanism] = {
     ConsentMechanism.notice_only,
@@ -243,6 +244,7 @@ def get_related_privacy_notices(
         self,
         db: Session,
         show_disabled: Optional[bool] = True,
+        systems_applicable: Optional[bool] = False,
         fides_user_provided_identity: Optional[ProvidedIdentity] = None,
     ) -> List[PrivacyNotice]:
         """Return privacy notices that overlap on at least one region
@@ -260,6 +262,12 @@ def get_related_privacy_notices(
                 PrivacyNotice.disabled.is_(False)
             )
 
+        if systems_applicable:
+            data_uses: set[str] = System.get_data_uses(
+                System.all(db), include_parents=True
+            )
+            privacy_notice_query = privacy_notice_query.filter(PrivacyNotice.data_uses.overlap(data_uses))  # type: ignore
+
         if not fides_user_provided_identity:
             return privacy_notice_query.order_by(PrivacyNotice.created_at.desc()).all()
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
index 27d79126c3..f149717dcd 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
@@ -367,6 +367,62 @@ def test_filter_on_notices_and_region(
         assert notices[1]["id"] == privacy_notice.id
         assert notices[1]["displayed_in_privacy_center"]
 
+    @pytest.mark.usefixtures(
+        "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
+        "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions,
+        "privacy_experience_overlay",  # us_ca
+        "privacy_notice_eu_fr_provide_service_frontend_only",  # eu_fr
+        "privacy_notice_us_ca_provide",  # us_ca
+        "privacy_experience_privacy_center",
+    )
+    def test_filter_on_systems_applicable(
+        self,
+        api_client: TestClient,
+        url,
+        privacy_experience_privacy_center,
+        privacy_notice,
+        system,
+        privacy_notice_us_co_third_party_sharing,
+    ):
+        """For systems applicable filter, notices are only embedded if they are relevant to a system"""
+        resp = api_client.get(
+            url + "?region=us_co",
+        )
+        assert resp.status_code == 200
+        data = resp.json()
+
+        assert data["total"] == 1
+        assert len(data["items"]) == 1
+
+        notices = data["items"][0]["privacy_notices"]
+        assert len(notices) == 2
+        assert notices[0]["regions"] == ["us_co"]
+        assert notices[0]["id"] == privacy_notice_us_co_third_party_sharing.id
+        assert notices[0]["displayed_in_privacy_center"]
+        assert notices[0]["data_uses"] == ["third_party_sharing"]
+
+        assert notices[1]["regions"] == ["us_ca", "us_co"]
+        assert notices[1]["id"] == privacy_notice.id
+        assert notices[1]["displayed_in_privacy_center"]
+        assert notices[1]["data_uses"] == [
+            "marketing.advertising",
+            "third_party_sharing",
+        ]
+
+        resp = api_client.get(
+            url + "?region=us_co&systems_applicable=True",
+        )
+        notices = resp.json()["items"][0]["privacy_notices"]
+        assert len(notices) == 1
+        assert notices[0]["regions"] == ["us_ca", "us_co"]
+        assert notices[0]["id"] == privacy_notice.id
+        assert notices[0]["displayed_in_privacy_center"]
+        assert notices[0]["data_uses"] == [
+            "marketing.advertising",
+            "third_party_sharing",
+        ]
+        assert system.privacy_declarations[0].data_use == "marketing.advertising"
+
     @pytest.mark.usefixtures(
         "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
         "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions,
diff --git a/tests/ops/models/test_privacy_experience.py b/tests/ops/models/test_privacy_experience.py
index 27f6ee539a..0f9f623b40 100644
--- a/tests/ops/models/test_privacy_experience.py
+++ b/tests/ops/models/test_privacy_experience.py
@@ -314,7 +314,7 @@ def test_update_privacy_experience(self, db, experience_config_overlay):
 
         exp.delete(db)
 
-    def test_get_related_privacy_notices(self, db):
+    def test_get_related_privacy_notices(self, db, system):
         """Test PrivacyExperience.get_related_privacy_notices that are embedded in PrivacyExperience request"""
         privacy_experience = PrivacyExperience.create(
             db=db,
@@ -369,6 +369,23 @@ def test_get_related_privacy_notices(self, db):
             == []
         )
 
+        # Privacy notice is applicable to a system - they share a data use
+        assert privacy_experience.get_related_privacy_notices(
+            db, systems_applicable=True
+        ) == [privacy_notice]
+
+        system.privacy_declarations[0].delete(db)
+        db.refresh(system)
+
+        # Privacy notice is no longer applicable to any systems
+        assert (
+            privacy_experience.get_related_privacy_notices(db, systems_applicable=True)
+            == []
+        )
+
+        privacy_notice.histories[0].delete(db)
+        privacy_notice.delete(db)
+
     def test_get_should_show_banner(self, db):
         """Test PrivacyExperience.get_should_show_banner that is calculated at runtime"""
         privacy_experience = PrivacyExperience.create(

From c7effb1f181c886ec9fd19ce54081f7fc22b4ef2 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 28 Jun 2023 14:46:53 -0700
Subject: [PATCH 42/90] Removing required flag for the dataset field (#3690)

---
 .../forms/fields/DatasetConfigField/DatasetConfigField.tsx       | 1 -
 1 file changed, 1 deletion(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
index c2841554fa..3e4b5f6757 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField.tsx
@@ -270,7 +270,6 @@ const DatasetConfigField: React.FC<Props> = ({
         }}
         name={fieldName}
         options={dropdownOptions}
-        isRequired
         onOpen={onOpen}
         isLoading={isLoading}
       />

From c27a417a356398cdd23d8759261414c5ab877cfe Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 28 Jun 2023 15:46:27 -0700
Subject: [PATCH 43/90] Adding array support for unflatten_dict (#3629)

Co-authored-by: Adam Sachs <adam@ethyca.com>
---
 src/fides/api/util/saas_util.py  | 18 ++++---
 tests/ops/util/test_saas_util.py | 93 ++++++++++++++++++--------------
 2 files changed, 65 insertions(+), 46 deletions(-)

diff --git a/src/fides/api/util/saas_util.py b/src/fides/api/util/saas_util.py
index df05a43c8b..aada289ae8 100644
--- a/src/fides/api/util/saas_util.py
+++ b/src/fides/api/util/saas_util.py
@@ -3,7 +3,6 @@
 import json
 import re
 from collections import defaultdict
-from functools import reduce
 from typing import Any, Dict, List, Optional, Set, Tuple
 
 import yaml
@@ -222,11 +221,18 @@ def unflatten_dict(flat_dict: Dict[str, Any], separator: str = ".") -> Dict[str,
                 "'unflatten_dict' expects a flattened dictionary as input."
             )
         keys = path.split(separator)
-        target = reduce(
-            lambda current, key: current.setdefault(key, {}),
-            keys[:-1],
-            output,
-        )
+        target = output
+        for i, current_key in enumerate(keys[:-1]):
+            next_key = keys[i + 1]
+            if next_key.isdigit():
+                target = target.setdefault(current_key, [])
+            else:
+                if isinstance(target, dict):
+                    target = target.setdefault(current_key, {})
+                elif isinstance(target, list):
+                    while len(target) <= int(current_key):
+                        target.append({})
+                    target = target[int(current_key)]
         try:
             target[keys[-1]] = value
         except TypeError as exc:
diff --git a/tests/ops/util/test_saas_util.py b/tests/ops/util/test_saas_util.py
index 3b2ed173b7..9dcba16e32 100644
--- a/tests/ops/util/test_saas_util.py
+++ b/tests/ops/util/test_saas_util.py
@@ -329,50 +329,63 @@ def test_regex_is_not_greedy(self):
         )
 
 
-def test_unflatten_dict():
-    # empty dictionary
-    assert unflatten_dict({}) == {}
-
-    # empty dictionary value
-    assert unflatten_dict({"A": {}}) == {"A": {}}
+class TestUnflattenDict:
+    def test_empty_dict(self):
+        assert unflatten_dict({}) == {}
+
+    def test_empty_dict_value(self):
+        assert unflatten_dict({"A": {}}) == {"A": {}}
+
+    def test_unflattened_dict(self):
+        assert unflatten_dict({"A": "1"}) == {"A": "1"}
+
+    def test_same_level(self):
+        assert unflatten_dict({"A.B": "1", "A.C": "2"}) == {"A": {"B": "1", "C": "2"}}
+
+    def test_mixed_levels(self):
+        assert unflatten_dict(
+            {
+                "A": "1",
+                "B.C": "2",
+                "B.D": "3",
+            }
+        ) == {
+            "A": "1",
+            "B": {"C": "2", "D": "3"},
+        }
 
-    # unflattened dictionary
-    assert unflatten_dict({"A": "1"}) == {"A": "1"}
+    def test_long_path(self):
+        assert unflatten_dict({"A.B.C.D.E.F.G": "1"}) == {
+            "A": {"B": {"C": {"D": {"E": {"F": {"G": "1"}}}}}}
+        }
 
-    # same level
-    assert unflatten_dict({"A.B": "1", "A.C": "2"}) == {"A": {"B": "1", "C": "2"}}
+    def test_single_item_array(self):
+        assert unflatten_dict({"A.0.B": "C"}) == {"A": [{"B": "C"}]}
 
-    # mixed levels
-    assert unflatten_dict(
-        {
-            "A": "1",
-            "B.C": "2",
-            "B.D": "3",
+    def test_multi_item_array(self):
+        assert unflatten_dict({"A.0.B": "C", "A.1.D": "E"}) == {
+            "A": [{"B": "C"}, {"D": "E"}]
         }
-    ) == {
-        "A": "1",
-        "B": {"C": "2", "D": "3"},
-    }
-
-    # long path
-    assert unflatten_dict({"A.B.C.D.E.F.G": "1"}) == {
-        "A": {"B": {"C": {"D": {"E": {"F": {"G": "1"}}}}}}
-    }
-
-    # incoming values should overwrite existing values
-    assert unflatten_dict({"A.B": 1, "A.B": 2}) == {"A": {"B": 2}}
-
-    # conflicting types
-    with pytest.raises(FidesopsException):
-        unflatten_dict({"A.B": 1, "A": 2, "A.C": 3})
-
-    # data passed in is not completely flattened
-    with pytest.raises(FidesopsException):
-        unflatten_dict({"A.B.C": 1, "A": {"B.D": 2}})
-
-    # unflatten_dict shouldn't be called with a None separator
-    with pytest.raises(IndexError):
-        unflatten_dict({"": "1"}, separator=None)
+
+    def test_multi_value_array(self):
+        assert unflatten_dict(
+            {"A.0.B": "C", "A.0.D": "E", "A.1.F": "G", "A.1.H": "I"}
+        ) == {"A": [{"B": "C", "D": "E"}, {"F": "G", "H": "I"}]}
+
+    def test_overwrite_existing_values(self):
+        assert unflatten_dict({"A.B": 1, "A.B": 2}) == {"A": {"B": 2}}
+
+    def test_conflicting_types(self):
+        with pytest.raises(FidesopsException):
+            unflatten_dict({"A.B": 1, "A": 2, "A.C": 3})
+
+    def test_data_not_completely_flattened(self):
+        with pytest.raises(FidesopsException):
+            unflatten_dict({"A.B.C": 1, "A": {"B.D": 2}})
+
+    def test_none_separator(self):
+        with pytest.raises(IndexError):
+            unflatten_dict({"": "1"}, separator=None)
 
 
 def test_replace_version():

From c27a88c1aff197b0ded32dd8dbb2081eeff470ee Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Wed, 28 Jun 2023 18:29:01 -0500
Subject: [PATCH 44/90] [Backend] EU Location Updates [#3611] (#3630)

Update eu regions to drop the eu prefix, so everything is structured "country_region" or just "country". The eu was originally structured like "countrygroup_country".

On a related note, drop back to filtering experiences by country if their specific detected region isn't found.
---
 CHANGELOG.md                                  |   1 +
 .../postman/Fides.postman_collection.json     |   2 +-
 .../d2996381c4dd_eu_locations_migration.py    | 165 +++++++++++++
 .../endpoints/privacy_experience_endpoints.py |  51 +++-
 src/fides/api/models/privacy_experience.py    |   8 +-
 src/fides/api/models/privacy_notice.py        | 183 +++++++-------
 src/fides/api/models/privacy_preference.py    |   5 +-
 src/fides/api/schemas/privacy_preference.py   |   8 +-
 .../privacy_notice_templates.yml              | 232 +++++++++---------
 tests/fixtures/application_fixtures.py        |  55 ++++-
 ...est_privacy_experience_config_endpoints.py |   6 +-
 .../test_privacy_experience_endpoints.py      |  27 +-
 .../test_privacy_notice_endpoints.py          |  36 +--
 .../test_privacy_preference_endpoints.py      |  69 ++++--
 tests/ops/models/test_privacy_experience.py   |  32 +--
 tests/ops/models/test_privacy_notice.py       |  52 ++--
 tests/ops/models/test_privacy_preference.py   |   2 +-
 .../service/connectors/test_saas_connector.py |  10 +-
 .../message_dispatch_service_test.py          |   2 +-
 tests/ops/util/test_consent_util.py           |  78 +++---
 20 files changed, 652 insertions(+), 372 deletions(-)
 create mode 100644 src/fides/api/alembic/migrations/versions/d2996381c4dd_eu_locations_migration.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 05ad481e23..3bbf266b67 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@ The types of changes are:
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
+- Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 
 
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
diff --git a/docs/fides/docs/development/postman/Fides.postman_collection.json b/docs/fides/docs/development/postman/Fides.postman_collection.json
index f4a7c94c1e..823acc508e 100644
--- a/docs/fides/docs/development/postman/Fides.postman_collection.json
+++ b/docs/fides/docs/development/postman/Fides.postman_collection.json
@@ -5630,7 +5630,7 @@
 						"header": [],
 						"body": {
 							"mode": "raw",
-							"raw": "{\n    \"accept_button_label\": \"Accept\",\n    \"reject_button_label\": \"Reject\",\n    \"save_button_label\": \"Save all\",\n    \"title\": \"Here is where you manage your consent!\",\n    \"regions\": [\"us_ca\", \"eu_de\"]\n}",
+							"raw": "{\n    \"accept_button_label\": \"Accept\",\n    \"reject_button_label\": \"Reject\",\n    \"save_button_label\": \"Save all\",\n    \"title\": \"Here is where you manage your consent!\",\n    \"regions\": [\"us_ca\", \"de\"]\n}",
 							"options": {
 								"raw": {
 									"language": "json"
diff --git a/src/fides/api/alembic/migrations/versions/d2996381c4dd_eu_locations_migration.py b/src/fides/api/alembic/migrations/versions/d2996381c4dd_eu_locations_migration.py
new file mode 100644
index 0000000000..bd0282dd73
--- /dev/null
+++ b/src/fides/api/alembic/migrations/versions/d2996381c4dd_eu_locations_migration.py
@@ -0,0 +1,165 @@
+"""add eu locations migration
+
+Revision ID: d2996381c4dd
+Revises: 2be84e68df32
+Create Date: 2023-06-20 21:43:45.404454
+
+"""
+from typing import Dict, List, Optional
+
+from alembic import op
+from sqlalchemy import text
+
+# revision identifiers, used by Alembic.
+from sqlalchemy.engine import Connection, ResultProxy
+from sqlalchemy.sql.elements import TextClause
+
+revision = "d2996381c4dd"
+down_revision = "2be84e68df32"
+branch_labels = None
+depends_on = None
+
+
+region_map: Dict = {
+    "eu_be": "be",
+    "eu_bg": "bg",
+    "eu_cz": "cz",
+    "eu_dk": "dk",
+    "eu_de": "de",
+    "eu_ee": "ee",
+    "eu_ie": "ie",
+    "eu_el": "gr",
+    "eu_es": "es",
+    "eu_fr": "fr",
+    "eu_hr": "hr",
+    "eu_it": "it",
+    "eu_cy": "cy",
+    "eu_lv": "lv",
+    "eu_lt": "lt",
+    "eu_lu": "lu",
+    "eu_hu": "hu",
+    "eu_mt": "mt",
+    "eu_nl": "nl",
+    "eu_at": "at",
+    "eu_pl": "pl",
+    "eu_pt": "pt",
+    "eu_ro": "ro",
+    "eu_si": "si",
+    "eu_sk": "sk",
+    "eu_fi": "fi",
+    "eu_se": "se",
+    "isl": "is",
+    "nor": "no",
+}
+
+
+def get_replacement_region(
+    region: Optional[str], region_mapping: Dict[str, str]
+) -> Optional[str]:
+    """Get new region from region_mapping if it exists"""
+    if not region:
+        return region
+
+    return region_mapping.get(region, region)
+
+
+def upgrade_region_list(
+    bind: Connection,
+    select_query: TextClause,
+    update_query: TextClause,
+    region_mapping: Dict[str, str],
+) -> None:
+    """Upgrade regions for tables that have a "regions" list field"""
+    existing_records: ResultProxy = bind.execute(select_query)
+    for row in existing_records:
+        regions: List[str] = row["regions"] or []
+        regions_updated: bool = False
+        for i, val in enumerate(regions):
+            new_region = get_replacement_region(val, region_mapping)
+            if val != new_region:
+                regions_updated = True
+                regions[i] = new_region
+
+        if regions_updated:
+            bind.execute(
+                update_query,
+                {"id": row["id"], "updated_regions": regions},
+            )
+
+
+def upgrade_region(
+    bind: Connection,
+    select_query: TextClause,
+    update_query: TextClause,
+    region_col_label: str,
+    region_mapping: Dict[str, str],
+):
+    """Upgrade regions for tables that have a character varying field that stores a single region"""
+    existing_records: ResultProxy = bind.execute(select_query)
+    for row in existing_records:
+        region: str = row[region_col_label]
+        new_region = get_replacement_region(region, region_mapping)
+
+        if region != new_region:
+            bind.execute(
+                update_query,
+                {"id": row["id"], "updated_region": new_region},
+            )
+
+
+def migration_eu_regions(region_mapping: Dict[str, str]) -> None:
+    """Generic migration that can upgrade or downgrade regions"""
+    bind: Connection = op.get_bind()
+
+    upgrade_region_list(
+        bind,
+        text("SELECT id, regions FROM privacynotice;"),
+        text("UPDATE privacynotice SET regions = :updated_regions WHERE id= :id"),
+        region_mapping,
+    )
+
+    upgrade_region_list(
+        bind,
+        text("SELECT id, regions FROM privacynoticetemplate;"),
+        text(
+            "UPDATE privacynoticetemplate SET regions = :updated_regions WHERE id= :id"
+        ),
+        region_mapping,
+    )
+
+    upgrade_region_list(
+        bind,
+        text("SELECT id, regions FROM privacynoticehistory;"),
+        text(
+            "UPDATE privacynoticehistory SET regions = :updated_regions WHERE id= :id"
+        ),
+        region_mapping,
+    )
+
+    upgrade_region(
+        bind,
+        text("SELECT id, region FROM privacyexperience;"),
+        text("UPDATE privacyexperience SET region = :updated_region WHERE id= :id"),
+        region_col_label="region",
+        region_mapping=region_mapping,
+    )
+
+    upgrade_region(
+        bind,
+        text("SELECT id, user_geography FROM privacypreferencehistory;"),
+        text(
+            "UPDATE privacypreferencehistory SET user_geography = :updated_region WHERE id= :id"
+        ),
+        region_col_label="user_geography",
+        region_mapping=region_mapping,
+    )
+
+
+def upgrade():
+    migration_eu_regions(region_mapping=region_map)
+
+
+def downgrade():
+    migration_eu_regions(
+        region_mapping={value: key for key, value in region_map.items()}
+    )
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
index 750f4f9106..5e24916300 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
@@ -1,5 +1,5 @@
 import uuid
-from html import unescape
+from html import escape, unescape
 from typing import List, Optional
 
 from fastapi import Depends, HTTPException, Request, Response
@@ -7,7 +7,7 @@
 from fastapi_pagination import paginate as fastapi_paginate
 from fastapi_pagination.bases import AbstractPage
 from loguru import logger
-from sqlalchemy.orm import Session
+from sqlalchemy.orm import Query, Session
 from starlette.status import (
     HTTP_200_OK,
     HTTP_404_NOT_FOUND,
@@ -22,7 +22,7 @@
     PrivacyExperience,
     PrivacyExperienceConfig,
 )
-from fides.api.models.privacy_notice import PrivacyNotice, PrivacyNoticeRegion
+from fides.api.models.privacy_notice import PrivacyNotice
 from fides.api.models.privacy_request import ProvidedIdentity
 from fides.api.schemas.privacy_experience import PrivacyExperienceResponse
 from fides.api.util.api_router import APIRouter
@@ -54,6 +54,44 @@ def get_privacy_experience_or_error(
     return privacy_experience
 
 
+def _filter_experiences_by_region_or_country(
+    db: Session, region: Optional[str], experience_query: Query
+) -> Query:
+    """
+    Return at most two privacy experiences, one overlay and one privacy center experience matching the given region.
+    Experiences are looked up by supplied region first.  If nothing is found, we attempt to look up by country code.
+
+    For example, if region was "fr_idg" and no experiences were saved under this code, we'd look again for experiences
+    saved with "fr".
+    """
+    if not region:
+        return experience_query
+
+    region = escape(region)
+    country: str = region.split("_")[0]
+
+    overlay = PrivacyExperience.get_experience_by_region_and_component(
+        db, region, ComponentType.overlay
+    ) or PrivacyExperience.get_experience_by_region_and_component(
+        db, country, ComponentType.overlay
+    )
+    privacy_center = PrivacyExperience.get_experience_by_region_and_component(
+        db, region, ComponentType.privacy_center
+    ) or PrivacyExperience.get_experience_by_region_and_component(
+        db, country, ComponentType.privacy_center
+    )
+
+    experience_ids: List[str] = []
+    if overlay:
+        experience_ids.append(overlay.id)
+    if privacy_center:
+        experience_ids.append(privacy_center.id)
+
+    if experience_ids:
+        return experience_query.filter(PrivacyExperience.id.in_(experience_ids))
+    return db.query(PrivacyExperience).filter(False)
+
+
 @router.get(
     urls.PRIVACY_EXPERIENCE,
     status_code=HTTP_200_OK,
@@ -65,7 +103,7 @@ def privacy_experience_list(
     db: Session = Depends(deps.get_db),
     params: Params = Depends(),
     show_disabled: Optional[bool] = True,
-    region: Optional[PrivacyNoticeRegion] = None,
+    region: Optional[str] = None,
     component: Optional[ComponentType] = None,
     has_notices: Optional[bool] = None,
     has_config: Optional[bool] = None,
@@ -109,7 +147,10 @@ def privacy_experience_list(
         ).filter(PrivacyExperienceConfig.disabled.is_(False))
 
     if region is not None:
-        experience_query = experience_query.filter(PrivacyExperience.region == region)
+        experience_query = _filter_experiences_by_region_or_country(
+            db=db, region=region, experience_query=experience_query
+        )
+
     if component is not None:
         experience_query = experience_query.filter(
             PrivacyExperience.component == component
diff --git a/src/fides/api/models/privacy_experience.py b/src/fides/api/models/privacy_experience.py
index b5fdcd3087..61a392d274 100644
--- a/src/fides/api/models/privacy_experience.py
+++ b/src/fides/api/models/privacy_experience.py
@@ -316,7 +316,7 @@ def create_default_experience_for_region(
 
     @staticmethod
     def get_experience_by_region_and_component(
-        db: Session, region: PrivacyNoticeRegion, component: ComponentType
+        db: Session, region: str, component: ComponentType
     ) -> Optional[PrivacyExperience]:
         """Load an experience for a given region and component type"""
         return (
@@ -330,7 +330,7 @@ def get_experience_by_region_and_component(
 
     @staticmethod
     def get_experiences_by_region(
-        db: Session, region: PrivacyNoticeRegion
+        db: Session, region: str
     ) -> Tuple[Optional[PrivacyExperience], Optional[PrivacyExperience]]:
         """Load both the overlay and privacy center experience for a given region"""
         overlay_experience: Optional[
@@ -426,7 +426,7 @@ def new_experience_needed(
         (
             overlay_experience,
             privacy_center_experience,
-        ) = PrivacyExperience.get_experiences_by_region(db=db, region=region)
+        ) = PrivacyExperience.get_experiences_by_region(db=db, region=region.value)
 
         privacy_center_notices: Query = get_privacy_notices_by_region_and_component(
             db, region, ComponentType.privacy_center
@@ -511,7 +511,7 @@ def upsert_privacy_experiences_after_config_update(
         (
             overlay_experience,
             privacy_center_experience,
-        ) = PrivacyExperience.get_experiences_by_region(db, region)
+        ) = PrivacyExperience.get_experiences_by_region(db, region.value)
 
         existing_experience: Optional[PrivacyExperience] = (
             overlay_experience
diff --git a/src/fides/api/models/privacy_notice.py b/src/fides/api/models/privacy_notice.py
index babdee213f..443a09416f 100644
--- a/src/fides/api/models/privacy_notice.py
+++ b/src/fides/api/models/privacy_notice.py
@@ -28,99 +28,96 @@ class UserConsentPreference(Enum):
     acknowledge = "acknowledge"  # The user has acknowledged this notice
 
 
-class PrivacyNoticeRegion(Enum):
-    """
-    Enum is not formalized in the DB because it is subject to frequent change
-    """
-
-    us_al = "us_al"  # alabama
-    us_ak = "us_ak"  # alaska
-    us_az = "us_az"  # arizona
-    us_ar = "us_ar"  # arkansas
-    us_ca = "us_ca"  # california
-    us_co = "us_co"  # colorado
-    us_ct = "us_ct"  # connecticut
-    us_de = "us_de"  # delaware
-    us_fl = "us_fl"  # florida
-    us_ga = "us_ga"  # georgia
-    us_hi = "us_hi"  # hawaii
-    us_id = "us_id"  # idaho
-    us_il = "us_il"  # illinois
-    us_in = "us_in"  # indiana
-    us_ia = "us_ia"  # iowa
-    us_ks = "us_ks"  # kansas
-    us_ky = "us_ky"  # kentucky
-    us_la = "us_la"  # louisiana
-    us_me = "us_me"  # maine
-    us_md = "us_md"  # maryland
-    us_ma = "us_ma"  # massachusetts
-    us_mi = "us_mi"  # michigan
-    us_mn = "us_mn"  # minnesota
-    us_ms = "us_ms"  # mississippi
-    us_mo = "us_mo"  # missouri
-    us_mt = "us_mt"  # montana
-    us_ne = "us_ne"  # nebraska
-    us_nv = "us_nv"  # nevada
-    us_nh = "us_nh"  # new hampshire
-    us_nj = "us_nj"  # new jersey
-    us_nm = "us_nm"  # new mexico
-    us_ny = "us_ny"  # new york
-    us_nc = "us_nc"  # north carolina
-    us_nd = "us_nd"  # north dakota
-    us_oh = "us_oh"  # ohio
-    us_ok = "us_ok"  # oklahoma
-    us_or = "us_or"  # oregon
-    us_pa = "us_pa"  # pennsylvania
-    us_ri = "us_ri"  # rhode island
-    us_sc = "us_sc"  # south carolina
-    us_sd = "us_sd"  # south dakota
-    us_tn = "us_tn"  # tennessee
-    us_tx = "us_tx"  # texas
-    us_ut = "us_ut"  # utah
-    us_vt = "us_vt"  # vermont
-    us_va = "us_va"  # virginia
-    us_wa = "us_wa"  # washington
-    us_wv = "us_wv"  # west virginia
-    us_wi = "us_wi"  # wisconsin
-    us_wy = "us_wy"  # wyoming
-
-    eu_be = "eu_be"  # belgium
-    eu_bg = "eu_bg"  # bulgaria
-    eu_cz = "eu_cz"  # czechia
-    eu_dk = "eu_dk"  # denmark
-    eu_de = "eu_de"  # germany
-    eu_ee = "eu_ee"  # estonia
-    eu_ie = "eu_ie"  # ireland
-    eu_el = "eu_el"  # greece
-    eu_es = "eu_es"  # spain
-    eu_fr = "eu_fr"  # france
-    eu_hr = "eu_hr"  # croatia
-    eu_it = "eu_it"  # italy
-    eu_cy = "eu_cy"  # cyprus
-    eu_lv = "eu_lv"  # latvia
-    eu_lt = "eu_lt"  # lithuania
-    eu_lu = "eu_lu"  # luxembourg
-    eu_hu = "eu_hu"  # hungary
-    eu_mt = "eu_mt"  # malta
-    eu_nl = "eu_nl"  # netherlands
-    eu_at = "eu_at"  # austria
-    eu_pl = "eu_pl"  # poland
-    eu_pt = "eu_pt"  # portugal
-    eu_ro = "eu_ro"  # romania
-    eu_si = "eu_si"  # slovenia
-    eu_sk = "eu_sk"  # slovakia
-    eu_fi = "eu_fi"  # finland
-    eu_se = "eu_se"  # sweden
-
-    gb_eng = "gb_eng"  # england
-    gb_sct = "gb_sct"  # scotland
-    gb_wls = "gb_wls"  # wales
-    gb_nir = "gb_nir"  # northern ireland
-
-    isl = "isl"  # iceland, 3 letter country code
-    nor = "nor"  # norway, 3 letter country code
-
-    li = "li"  # liechtenstein
+# Enum defined using functional API so we can use regions like "is"
+PrivacyNoticeRegion = Enum(
+    "PrivacyNoticeRegion",
+    [
+        ("us_al", "us_al"),  # alabama
+        ("us_ak", "us_ak"),  # alaska
+        ("us_az", "us_az"),  # arizona
+        ("us_ar", "us_ar"),  # arkansas
+        ("us_ca", "us_ca"),  # california
+        ("us_co", "us_co"),  # colorado
+        ("us_ct", "us_ct"),  # connecticut
+        ("us_de", "us_de"),  # delaware
+        ("us_fl", "us_fl"),  # florida
+        ("us_ga", "us_ga"),  # georgia
+        ("us_hi", "us_hi"),  # hawaii
+        ("us_id", "us_id"),  # idaho
+        ("us_il", "us_il"),  # illinois
+        ("us_in", "us_in"),  # indiana
+        ("us_ia", "us_ia"),  # iowa
+        ("us_ks", "us_ks"),  # kansas
+        ("us_ky", "us_ky"),  # kentucky
+        ("us_la", "us_la"),  # louisiana
+        ("us_me", "us_me"),  # maine
+        ("us_md", "us_md"),  # maryland
+        ("us_ma", "us_ma"),  # massachusetts
+        ("us_mi", "us_mi"),  # michigan
+        ("us_mn", "us_mn"),  # minnesota
+        ("us_ms", "us_ms"),  # mississippi
+        ("us_mo", "us_mo"),  # missouri
+        ("us_mt", "us_mt"),  # montana
+        ("us_ne", "us_ne"),  # nebraska
+        ("us_nv", "us_nv"),  # nevada
+        ("us_nh", "us_nh"),  # new hampshire
+        ("us_nj", "us_nj"),  # new jersey
+        ("us_nm", "us_nm"),  # new mexico
+        ("us_ny", "us_ny"),  # new york
+        ("us_nc", "us_nc"),  # north carolina
+        ("us_nd", "us_nd"),  # north dakota
+        ("us_oh", "us_oh"),  # ohio
+        ("us_ok", "us_ok"),  # oklahoma
+        ("us_or", "us_or"),  # oregon
+        ("us_pa", "us_pa"),  # pennsylvania
+        ("us_ri", "us_ri"),  # rhode island
+        ("us_sc", "us_sc"),  # south carolina
+        ("us_sd", "us_sd"),  # south dakota
+        ("us_tn", "us_tn"),  # tennessee
+        ("us_tx", "us_tx"),  # texas
+        ("us_ut", "us_ut"),  # utah
+        ("us_vt", "us_vt"),  # vermont
+        ("us_va", "us_va"),  # virginia
+        ("us_wa", "us_wa"),  # washington
+        ("us_wv", "us_wv"),  # west virginia
+        ("us_wi", "us_wi"),  # wisconsin
+        ("us_wy", "us_wy"),  # wyoming
+        ("be", "be"),  # belgium
+        ("bg", "bg"),  # bulgaria
+        ("cz", "cz"),  # czechia
+        ("dk", "dk"),  # denmark
+        ("de", "de"),  # germany
+        ("ee", "ee"),  # estonia
+        ("ie", "ie"),  # ireland
+        ("gr", "gr"),  # greece
+        ("es", "es"),  # spain
+        ("fr", "fr"),  # france
+        ("hr", "hr"),  # croatia
+        ("it", "it"),  # italy
+        ("cy", "cy"),  # cyprus
+        ("lv", "lv"),  # latvia
+        ("lt", "lt"),  # lithuania
+        ("lu", "lu"),  # luxembourg
+        ("hu", "hu"),  # hungary
+        ("mt", "mt"),  # malta
+        ("nl", "nl"),  # netherlands
+        ("at", "at"),  # austria
+        ("pl", "pl"),  # poland
+        ("pt", "pt"),  # portugal
+        ("ro", "ro"),  # romania
+        ("si", "si"),  # slovenia
+        ("sk", "sk"),  # slovakia
+        ("fi", "fi"),  # finland
+        ("se", "se"),  # sweden
+        ("gb_eng", "gb_eng"),  # england
+        ("gb_sct", "gb_sct"),  # scotland
+        ("gb_wls", "gb_wls"),  # wales
+        ("gb_nir", "gb_nir"),  # northern ireland
+        ("is", "is"),  # iceland
+        ("no", "no"),  # norway
+        ("li", "li"),  # liechtenstein
+    ],
+)
 
 
 class ConsentMechanism(Enum):
diff --git a/src/fides/api/models/privacy_preference.py b/src/fides/api/models/privacy_preference.py
index 3942c2b757..f18f41c446 100644
--- a/src/fides/api/models/privacy_preference.py
+++ b/src/fides/api/models/privacy_preference.py
@@ -22,7 +22,6 @@
 from fides.api.models.privacy_notice import (
     PrivacyNotice,
     PrivacyNoticeHistory,
-    PrivacyNoticeRegion,
     UserConsentPreference,
 )
 from fides.api.models.privacy_request import (
@@ -42,7 +41,7 @@ class RequestOrigin(Enum):
 class ConsentMethod(Enum):
     button = "button"
     gpc = "gpc"
-    individual_notice = "api"
+    individual_notice = "individual_notice"
 
 
 class PrivacyPreferenceHistory(Base):
@@ -155,7 +154,7 @@ class PrivacyPreferenceHistory(Base):
         ),
     )
 
-    user_geography = Column(EnumColumn(PrivacyNoticeRegion), index=True)
+    user_geography = Column(String, index=True)
 
     # Relationships
     privacy_notice_history = relationship(PrivacyNoticeHistory)
diff --git a/src/fides/api/schemas/privacy_preference.py b/src/fides/api/schemas/privacy_preference.py
index a6d46a4c0d..9d6a382594 100644
--- a/src/fides/api/schemas/privacy_preference.py
+++ b/src/fides/api/schemas/privacy_preference.py
@@ -5,7 +5,7 @@
 from pydantic import Field, conlist
 
 from fides.api.custom_types import SafeStr
-from fides.api.models.privacy_notice import PrivacyNoticeRegion, UserConsentPreference
+from fides.api.models.privacy_notice import UserConsentPreference
 from fides.api.models.privacy_preference import ConsentMethod, RequestOrigin
 from fides.api.models.privacy_request import ExecutionLogStatus, PrivacyRequestStatus
 from fides.api.schemas.base_class import FidesSchema
@@ -29,7 +29,7 @@ class PrivacyPreferencesRequest(FidesSchema):
     preferences: conlist(ConsentOptionCreate, max_items=50)  # type: ignore
     policy_key: Optional[FidesKey]  # Will use default consent policy if not supplied
     privacy_experience_id: Optional[SafeStr]
-    user_geography: Optional[PrivacyNoticeRegion]
+    user_geography: Optional[SafeStr]
     method: Optional[ConsentMethod]
 
 
@@ -83,9 +83,7 @@ class ConsentReportingSchema(FidesSchema):
     preference: UserConsentPreference = Field(
         title="The user's preference for the given notice: opt_in, opt_out, or acknowledge"
     )
-    user_geography: Optional[PrivacyNoticeRegion] = Field(
-        title="Detected geography of the user"
-    )
+    user_geography: Optional[SafeStr] = Field(title="Detected geography of the user")
     relevant_systems: Optional[List[str]] = Field(
         title="Systems relevant to the given notice by data use.  Note that just because a system is relevant does not mean that a request is necessarily propagated."
     )
diff --git a/src/fides/data/privacy_notices/privacy_notice_templates.yml b/src/fides/data/privacy_notices/privacy_notice_templates.yml
index 32989f9e3c..ce24c8008b 100644
--- a/src/fides/data/privacy_notices/privacy_notice_templates.yml
+++ b/src/fides/data/privacy_notices/privacy_notice_templates.yml
@@ -5,39 +5,39 @@ privacy_notices:
   description: This website uses essential cookies and services to enable core website features and provide a seamless user experience. These cookies and services are used to facilitate features such as navigation, remember user preferences, and ensure the security of the website.
   internal_description: Essential cookies and services, also known as strictly necessary, are technologies that are crucial for the proper functioning of a website. These technologies are typically exempt from requiring user consent under privacy regulations because they are essential for the website to deliver its basic functionalities and services.
   regions:
-    - eu_be
-    - eu_bg
-    - eu_cz
-    - eu_dk
-    - eu_de
-    - eu_ee
-    - eu_ie
-    - eu_el
-    - eu_es
-    - eu_fr
-    - eu_hr
-    - eu_it
-    - eu_cy
-    - eu_lv
-    - eu_lt
-    - eu_lu
-    - eu_hu
-    - eu_mt
-    - eu_nl
-    - eu_at
-    - eu_pl
-    - eu_pt
-    - eu_ro
-    - eu_si
-    - eu_sk
-    - eu_fi
-    - eu_se
+    - be
+    - bg
+    - cz
+    - dk
+    - de
+    - ee
+    - ie
+    - gr
+    - es
+    - fr
+    - hr
+    - it
+    - cy
+    - lv
+    - lt
+    - lu
+    - hu
+    - mt
+    - nl
+    - at
+    - pl
+    - pt
+    - ro
+    - si
+    - sk
+    - fi
+    - se
     - gb_eng
     - gb_sct
     - gb_wls
     - gb_nir
-    - isl
-    - nor
+    - is
+    - "no"
     - li
   consent_mechanism: notice_only
   data_uses:
@@ -54,39 +54,39 @@ privacy_notices:
   description: This website uses functional cookies and services to remember your preferences and choices, such as language preferences, font sizes, region selections, and customized layouts. They enable this website to offer enhanced and personalized functionalities.
   internal_description: Functional cookies and services, also referred to as preferences, are technologies that enhance the usability and personalization of a website. Unlike essential cookies and services, functional technologies are not strictly necessary for the basic operation of the website but provide additional features and improved user experiences. These technologies typically require user consent under privacy regulations.
   regions:
-    - eu_be
-    - eu_bg
-    - eu_cz
-    - eu_dk
-    - eu_de
-    - eu_ee
-    - eu_ie
-    - eu_el
-    - eu_es
-    - eu_fr
-    - eu_hr
-    - eu_it
-    - eu_cy
-    - eu_lv
-    - eu_lt
-    - eu_lu
-    - eu_hu
-    - eu_mt
-    - eu_nl
-    - eu_at
-    - eu_pl
-    - eu_pt
-    - eu_ro
-    - eu_si
-    - eu_sk
-    - eu_fi
-    - eu_se
+    - be
+    - bg
+    - cz
+    - dk
+    - de
+    - ee
+    - ie
+    - gr
+    - es
+    - fr
+    - hr
+    - it
+    - cy
+    - lv
+    - lt
+    - lu
+    - hu
+    - mt
+    - nl
+    - at
+    - pl
+    - pt
+    - ro
+    - si
+    - sk
+    - fi
+    - se
     - gb_eng
     - gb_sct
     - gb_wls
     - gb_nir
-    - isl
-    - nor
+    - is
+    - "no"
     - li
   consent_mechanism: opt_in
   data_uses:
@@ -103,39 +103,39 @@ privacy_notices:
   description: This website uses analytics cookies and services for collecting aggregated data and statistical information. This data helps us analyze and optimize site performance, identify popular content, detect navigation issues, and make informed decisions to enhance the user experience.
   internal_description: Analytics cookies and services, also known as performance, are technologies that gather anonymous information about how visitors interact with a website. These technologies provide insights into website usage, visitor behavior, and performance metrics, allowing website owners to understand and improve their site's effectiveness. Analytics technologies typically require user consent under privacy regulations.
   regions:
-    - eu_be
-    - eu_bg
-    - eu_cz
-    - eu_dk
-    - eu_de
-    - eu_ee
-    - eu_ie
-    - eu_el
-    - eu_es
-    - eu_fr
-    - eu_hr
-    - eu_it
-    - eu_cy
-    - eu_lv
-    - eu_lt
-    - eu_lu
-    - eu_hu
-    - eu_mt
-    - eu_nl
-    - eu_at
-    - eu_pl
-    - eu_pt
-    - eu_ro
-    - eu_si
-    - eu_sk
-    - eu_fi
-    - eu_se
+    - be
+    - bg
+    - cz
+    - dk
+    - de
+    - ee
+    - ie
+    - gr
+    - es
+    - fr
+    - hr
+    - it
+    - cy
+    - lv
+    - lt
+    - lu
+    - hu
+    - mt
+    - nl
+    - at
+    - pl
+    - pt
+    - ro
+    - si
+    - sk
+    - fi
+    - se
     - gb_eng
     - gb_sct
     - gb_wls
     - gb_nir
-    - isl
-    - nor
+    - is
+    - "no"
     - li
   consent_mechanism: opt_in
   data_uses:
@@ -152,39 +152,39 @@ privacy_notices:
   description: This website uses marketing cookies and services to deliver personalized advertisements, promotions, and offers that are relevant to you. They help optimize ad delivery, measure campaign effectiveness, and enable advertisers to reach specific target audiences.
   internal_description: Marketing cookies and services, also referred to as targeting or advertising, are technologies that tracks users' browsing behavior across websites. These technologies enable targeted advertising and marketing campaigns by collecting information about users' interests, preferences, and online activities. Marketing technologies typically require user consent under privacy regulations.
   regions:
-    - eu_be
-    - eu_bg
-    - eu_cz
-    - eu_dk
-    - eu_de
-    - eu_ee
-    - eu_ie
-    - eu_el
-    - eu_es
-    - eu_fr
-    - eu_hr
-    - eu_it
-    - eu_cy
-    - eu_lv
-    - eu_lt
-    - eu_lu
-    - eu_hu
-    - eu_mt
-    - eu_nl
-    - eu_at
-    - eu_pl
-    - eu_pt
-    - eu_ro
-    - eu_si
-    - eu_sk
-    - eu_fi
-    - eu_se
+    - be
+    - bg
+    - cz
+    - dk
+    - de
+    - ee
+    - ie
+    - gr
+    - es
+    - fr
+    - hr
+    - it
+    - cy
+    - lv
+    - lt
+    - lu
+    - hu
+    - mt
+    - nl
+    - at
+    - pl
+    - pt
+    - ro
+    - si
+    - sk
+    - fi
+    - se
     - gb_eng
     - gb_sct
     - gb_wls
     - gb_nir
-    - isl
-    - nor
+    - is
+    - "no"
     - li
   consent_mechanism: opt_in
   data_uses:
diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
index cfbd9e8004..ec706f37fb 100644
--- a/tests/fixtures/application_fixtures.py
+++ b/tests/fixtures/application_fixtures.py
@@ -1577,7 +1577,7 @@ def privacy_experience_france_overlay(
         db=db,
         data={
             "component": ComponentType.overlay,
-            "region": PrivacyNoticeRegion.eu_fr,
+            "region": PrivacyNoticeRegion.fr,
             "experience_config_id": experience_config_overlay.id,
         },
     )
@@ -1587,14 +1587,14 @@ def privacy_experience_france_overlay(
 
 
 @pytest.fixture(scope="function")
-def privacy_notice_eu_fr_provide_service_frontend_only(db: Session) -> Generator:
+def privacy_notice_fr_provide_service_frontend_only(db: Session) -> Generator:
     privacy_notice = PrivacyNotice.create(
         db=db,
         data={
             "name": "example privacy notice us_co provide.service.operations",
             "notice_key": "example_privacy_notice_us_co_provide.service.operations",
             "description": "a sample privacy notice configuration",
-            "regions": [PrivacyNoticeRegion.eu_fr],
+            "regions": [PrivacyNoticeRegion.fr],
             "consent_mechanism": ConsentMechanism.opt_in,
             "data_uses": ["essential.service"],
             "enforcement_level": EnforcementLevel.frontend,
@@ -1615,7 +1615,7 @@ def privacy_notice_eu_cy_provide_service_frontend_only(db: Session) -> Generator
             "name": "example privacy notice eu_cy provide.service.operations",
             "notice_key": "example_privacy_notice_eu_cy_provide.service.operations",
             "description": "a sample privacy notice configuration",
-            "regions": [PrivacyNoticeRegion.eu_cy],
+            "regions": [PrivacyNoticeRegion.cy],
             "consent_mechanism": ConsentMechanism.opt_out,
             "data_uses": ["essential.service"],
             "enforcement_level": EnforcementLevel.frontend,
@@ -1629,8 +1629,8 @@ def privacy_notice_eu_cy_provide_service_frontend_only(db: Session) -> Generator
 
 
 @pytest.fixture(scope="function")
-def privacy_preference_history_eu_fr_provide_service_frontend_only(
-    db: Session, privacy_notice_eu_fr_provide_service_frontend_only
+def privacy_preference_history_fr_provide_service_frontend_only(
+    db: Session, privacy_notice_fr_provide_service_frontend_only
 ) -> Generator:
     provided_identity_data = {
         "privacy_request_id": None,
@@ -1645,7 +1645,8 @@ def privacy_preference_history_eu_fr_provide_service_frontend_only(
         data={
             "preference": "opt_in",
             "provided_identity_id": provided_identity.id,
-            "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.privacy_notice_history_id,
+            "privacy_notice_history_id": privacy_notice_fr_provide_service_frontend_only.privacy_notice_history_id,
+            "user_geography": "fr_idg",
         },
         check_name=False,
     )
@@ -2288,3 +2289,43 @@ def privacy_experience_overlay(db: Session, experience_config_overlay) -> Genera
 
     yield privacy_experience
     privacy_experience.delete(db)
+
+
+@pytest.fixture(scope="function")
+def privacy_experience_privacy_center_france(
+    db: Session, experience_config_privacy_center
+) -> Generator:
+    privacy_experience = PrivacyExperience.create(
+        db=db,
+        data={
+            "component": ComponentType.privacy_center,
+            "region": PrivacyNoticeRegion.fr,
+            "experience_config_id": experience_config_privacy_center.id,
+        },
+    )
+
+    yield privacy_experience
+    privacy_experience.delete(db)
+
+
+@pytest.fixture(scope="function")
+def privacy_notice_france(db: Session) -> Generator:
+    privacy_notice = PrivacyNotice.create(
+        db=db,
+        data={
+            "name": "example privacy notice",
+            "notice_key": "example_privacy_notice",
+            "description": "user description",
+            "regions": [
+                PrivacyNoticeRegion.fr,
+            ],
+            "consent_mechanism": ConsentMechanism.opt_in,
+            "data_uses": ["marketing.advertising", "third_party_sharing"],
+            "enforcement_level": EnforcementLevel.system_wide,
+            "displayed_in_privacy_center": True,
+            "displayed_in_overlay": False,
+            "displayed_in_api": False,
+        },
+    )
+
+    yield privacy_notice
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
index 6a4f724e00..e80e7b0ec0 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
@@ -358,7 +358,7 @@ def test_create_overlay_config_missing_details(
                 "accept_button_label": "Accept",
                 "description": "We care about your privacy",
                 "component": "overlay",
-                "regions": ["eu_it"],
+                "regions": ["it"],
                 "reject_button_label": "Reject",
                 "save_button_label": "Save",
                 "title": "Manage your privacy",
@@ -386,7 +386,7 @@ def test_create_privacy_center_config_missing_details(
                 "accept_button_label": "Accept",
                 "description": "We care about your privacy",
                 "component": "privacy_center",
-                "regions": ["eu_it"],
+                "regions": ["it"],
                 "save_button_label": "Save",
             },
             headers=auth_header,
@@ -412,7 +412,7 @@ def test_create_experience_duplicate_regions(
                 "reject_button_label": "Reject all",
                 "save_button_label": "Save",
                 "title": "Control your privacy",
-                "regions": ["eu_it", "eu_it"],
+                "regions": ["it", "it"],
             },
             headers=auth_header,
         )
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
index f149717dcd..b2f9f6646a 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
@@ -150,6 +150,8 @@ def test_get_privacy_experiences_region_filter(
         url,
         privacy_experience_privacy_center,
         privacy_experience_overlay,
+        privacy_notice_france,
+        privacy_experience_privacy_center_france,
     ):
         resp = api_client.get(
             url + "?region=us_co",
@@ -176,13 +178,22 @@ def test_get_privacy_experiences_region_filter(
         resp = api_client.get(
             url + "?region=bad_region",
         )
-        assert resp.status_code == 422
+        assert resp.status_code == 200
+        assert resp.json()["total"] == 0
 
         resp = api_client.get(
-            url + "?region=eu_it",
-        )
+            url + "?region=fr_idg",
+        )  # There are no experiences with "fr_idg" so we fell back to searching for "fr"
         assert resp.status_code == 200
-        assert resp.json()["total"] == 0
+        assert resp.json()["total"] == 1
+        data = resp.json()
+        assert len(data["items"]) == 1
+        assert {exp["id"] for exp in data["items"]} == {
+            privacy_experience_privacy_center_france.id
+        }
+        assert len(data["items"][0]["privacy_notices"]) == 1
+        assert data["items"][0]["privacy_notices"][0]["regions"] == ["fr"]
+        assert data["items"][0]["privacy_notices"][0]["id"] == privacy_notice_france.id
 
     def test_get_privacy_experiences_components_filter(
         self,
@@ -252,7 +263,7 @@ def test_get_privacy_experiences_has_notices_no_regions_overlap(
     @pytest.mark.usefixtures(
         "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
         "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions
-        "privacy_notice_eu_fr_provide_service_frontend_only",
+        "privacy_notice_fr_provide_service_frontend_only",
     )
     def test_get_privacy_experiences_has_notices(
         self,
@@ -333,7 +344,7 @@ def test_get_privacy_experiences_has_notices(
         "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
         "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions,
         "privacy_experience_overlay",  # us_ca
-        "privacy_notice_eu_fr_provide_service_frontend_only",  # eu_fr
+        "privacy_notice_fr_provide_service_frontend_only",  # fr
         "privacy_notice_us_ca_provide",  # us_ca
     )
     def test_filter_on_notices_and_region(
@@ -371,7 +382,7 @@ def test_filter_on_notices_and_region(
         "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
         "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions,
         "privacy_experience_overlay",  # us_ca
-        "privacy_notice_eu_fr_provide_service_frontend_only",  # eu_fr
+        "privacy_notice_fr_provide_service_frontend_only",  # eu_fr
         "privacy_notice_us_ca_provide",  # us_ca
         "privacy_experience_privacy_center",
     )
@@ -427,7 +438,7 @@ def test_filter_on_systems_applicable(
         "privacy_notice_us_co_provide_service_operations",  # not displayed in overlay or privacy center
         "privacy_notice_eu_cy_provide_service_frontend_only",  # doesn't overlap with any regions,
         "privacy_experience_privacy_center",
-        "privacy_notice_eu_fr_provide_service_frontend_only",  # eu_fr
+        "privacy_notice_fr_provide_service_frontend_only",  # fr
         "privacy_notice_us_co_third_party_sharing",  # us_co
     )
     def test_filter_on_notices_and_region_and_show_disabled_is_false(
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 9090daa892..8026787cc4 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -643,7 +643,7 @@ def test_get_privacy_notice_unescaped(
                     "notice_key": "test_privacy_notice_1",
                     "description": maybe_dangerous_description,
                     "regions": [
-                        PrivacyNoticeRegion.eu_be.value,
+                        PrivacyNoticeRegion.be.value,
                         PrivacyNoticeRegion.us_ca.value,
                     ],
                     "consent_mechanism": ConsentMechanism.opt_in.value,
@@ -794,7 +794,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             f"{PRIVACY_NOTICE_NAME}-2"
                         ),
                         regions=[
-                            PrivacyNoticeRegion.eu_be,
+                            PrivacyNoticeRegion.be,
                         ],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["marketing.advertising"],
@@ -840,7 +840,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                                 f"{PRIVACY_NOTICE_NAME}-2"
                             ),
                             regions=[
-                                PrivacyNoticeRegion.eu_be,
+                                PrivacyNoticeRegion.be,
                             ],
                             consent_mechanism=ConsentMechanism.opt_in,
                             data_uses=["marketing.advertising"],
@@ -889,7 +889,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             f"{PRIVACY_NOTICE_NAME}-2"
                         ),
                         regions=[
-                            PrivacyNoticeRegion.eu_be,
+                            PrivacyNoticeRegion.be,
                         ],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["marketing.advertising"],
@@ -933,7 +933,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                                 f"{PRIVACY_NOTICE_NAME}-2"
                             ),
                             regions=[
-                                PrivacyNoticeRegion.eu_be,
+                                PrivacyNoticeRegion.be,
                             ],
                             consent_mechanism=ConsentMechanism.opt_in,
                             data_uses=["marketing.advertising"],
@@ -1005,7 +1005,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                             f"{PRIVACY_NOTICE_NAME}-2"
                         ),
                         regions=[
-                            PrivacyNoticeRegion.eu_be,
+                            PrivacyNoticeRegion.be,
                         ],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["marketing.advertising"],
@@ -1027,7 +1027,7 @@ def test_get_privacy_notice_by_data_use_wrong_scope(
                                 f"{PRIVACY_NOTICE_NAME}-2"
                             ),
                             regions=[
-                                PrivacyNoticeRegion.eu_be,
+                                PrivacyNoticeRegion.be,
                             ],
                             consent_mechanism=ConsentMechanism.opt_in,
                             data_uses=["marketing.advertising"],
@@ -1311,7 +1311,7 @@ def notice_request(self, load_default_data_uses) -> Dict[str, Any]:
             "notice_key": "test_privacy_notice_1",
             "description": "my test privacy notice",
             "regions": [
-                PrivacyNoticeRegion.eu_be.value,
+                PrivacyNoticeRegion.be.value,
                 PrivacyNoticeRegion.us_ca.value,
             ],
             "consent_mechanism": ConsentMechanism.opt_in.value,
@@ -1326,7 +1326,7 @@ def notice_request_no_key(self, load_default_data_uses) -> Dict[str, Any]:
             "name": "My Test Privacy Notice",
             "description": "my test privacy notice",
             "regions": [
-                PrivacyNoticeRegion.eu_be.value,
+                PrivacyNoticeRegion.be.value,
                 PrivacyNoticeRegion.us_ca.value,
             ],
             "consent_mechanism": ConsentMechanism.opt_in.value,
@@ -1436,7 +1436,7 @@ def test_post_invalid_privacy_notice_invalid_values(
         assert resp.status_code == 422
 
         notice_request_bad_region["regions"] = [
-            PrivacyNoticeRegion.eu_be.value,
+            PrivacyNoticeRegion.be.value,
             "invalid_region",
         ]
         # try post with one invalid region one valid region specified, should be rejected
@@ -1522,7 +1522,7 @@ def test_post_invalid_privacy_notice_data_use_conflicts_within_request(
         # change the name on the copied notice so that it's "different"
         notice_request_identical_use["name"] = "different notice name"
         # keep one overlapping region with other request notice, no overlaps with
-        notice_request_identical_use["regions"] = [PrivacyNoticeRegion.eu_be.value]
+        notice_request_identical_use["regions"] = [PrivacyNoticeRegion.be.value]
         resp = api_client.post(
             url,
             headers=auth_header,
@@ -1535,7 +1535,7 @@ def test_post_invalid_privacy_notice_data_use_conflicts_within_request(
         # change the name on the copied notice so that it's "different"
         notice_request_child_use["name"] = "different notice name"
         # keep one overlapping region with other request notice, no overlaps with
-        notice_request_child_use["region"] = [PrivacyNoticeRegion.eu_be.value]
+        notice_request_child_use["region"] = [PrivacyNoticeRegion.be.value]
         # update our data_use to be a child of the other request notice
         notice_request_child_use["data_use"] = ["marketing.advertising.first_party"]
 
@@ -1682,7 +1682,7 @@ def test_post_privacy_notice(
 
         before_creation = datetime.now().isoformat()
         overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
-            db, PrivacyNoticeRegion.eu_be
+            db, PrivacyNoticeRegion.be
         )
         assert overlay_exp is None
         assert privacy_center_exp is None
@@ -1718,7 +1718,7 @@ def test_post_privacy_notice(
         assert response_notice["disabled"] == db_notice.disabled
 
         overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
-            db, PrivacyNoticeRegion.eu_be
+            db, PrivacyNoticeRegion.be
         )
         assert overlay_exp is not None  # Overlay Experience Created Automatically
         assert (
@@ -1754,7 +1754,7 @@ def test_post_privacy_notice_no_notice_key(
 
         before_creation = datetime.now().isoformat()
         overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
-            db, PrivacyNoticeRegion.eu_be
+            db, PrivacyNoticeRegion.be
         )
         assert overlay_exp is None
         assert privacy_center_exp is None
@@ -1792,7 +1792,7 @@ def test_post_privacy_notice_no_notice_key(
         assert response_notice["notice_key"] == "my_test_privacy_notice"
 
         overlay_exp, privacy_center_exp = PrivacyExperience.get_experiences_by_region(
-            db, PrivacyNoticeRegion.eu_be
+            db, PrivacyNoticeRegion.be
         )
         assert overlay_exp is not None
         assert privacy_center_exp is None
@@ -1826,7 +1826,7 @@ def test_post_privacy_notice_response_escaped(
                     "notice_key": "test_privacy_notice_1",
                     "description": maybe_dangerous_description,
                     "regions": [
-                        PrivacyNoticeRegion.eu_be.value,
+                        PrivacyNoticeRegion.be.value,
                         PrivacyNoticeRegion.us_ca.value,
                     ],
                     "consent_mechanism": ConsentMechanism.opt_in.value,
@@ -2167,7 +2167,7 @@ def test_patch_privacy_notice_invalid_body(
         assert resp.status_code == 422
 
         patch_privacy_notice_payload_bad_region["regions"] = [
-            PrivacyNoticeRegion.eu_be.value,
+            PrivacyNoticeRegion.be.value,
             "invalid_region",
         ]
         # try patch with one invalid region one valid region specified, should be rejected
diff --git a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
index 3629407023..aa26f2326d 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
@@ -218,7 +218,7 @@ def test_verify_then_set_privacy_preferences_but_no_privacy_request_created(
         api_client,
         verification_code,
         db: Session,
-        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_notice_fr_provide_service_frontend_only,
         privacy_experience_france_overlay,
         consent_policy,
     ):
@@ -244,14 +244,14 @@ def test_verify_then_set_privacy_preferences_but_no_privacy_request_created(
             "code": verification_code,
             "preferences": [
                 {
-                    "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.histories[
+                    "privacy_notice_history_id": privacy_notice_fr_provide_service_frontend_only.histories[
                         0
                     ].id,
                     "preference": "opt_out",
                 }
             ],
             "policy_key": consent_policy.key,
-            "user_geography": "eu_fr",
+            "user_geography": "fr_idg",
             "privacy_experience_id": privacy_experience_france_overlay.id,
             "method": "button",
         }
@@ -278,7 +278,7 @@ def test_verify_then_set_privacy_preferences_but_no_privacy_request_created(
         assert (
             response_json["privacy_notice_history"]
             == PrivacyNoticeHistorySchema.from_orm(
-                privacy_notice_eu_fr_provide_service_frontend_only.histories[0]
+                privacy_notice_fr_provide_service_frontend_only.histories[0]
             ).dict()
         )
         db.refresh(consent_request)
@@ -289,6 +289,8 @@ def test_verify_then_set_privacy_preferences_but_no_privacy_request_created(
         assert privacy_preference_history.privacy_request_id is None
         assert not run_privacy_request_mock.called
 
+        assert privacy_preference_history.user_geography == "fr_idg"
+
         privacy_preference_history.delete(db=db)
 
     @pytest.mark.usefixtures(
@@ -1237,7 +1239,7 @@ def test_save_privacy_preferences_for_fides_user_device_id_no_notice_has_system_
         api_client,
         url,
         consent_policy,
-        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_notice_fr_provide_service_frontend_only,
         privacy_experience_france_overlay,
     ):
         """PrivacyPreferences and CurrentPrivacyPreferences saved for the given fides user device id
@@ -1254,7 +1256,7 @@ def test_save_privacy_preferences_for_fides_user_device_id_no_notice_has_system_
             },
             "preferences": [
                 {
-                    "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.histories[
+                    "privacy_notice_history_id": privacy_notice_fr_provide_service_frontend_only.histories[
                         0
                     ].id,
                     "preference": "opt_out",
@@ -1274,7 +1276,7 @@ def test_save_privacy_preferences_for_fides_user_device_id_no_notice_has_system_
         assert response_json["preference"] == "opt_out"
         assert (
             response_json["privacy_notice_history"]["id"]
-            == privacy_notice_eu_fr_provide_service_frontend_only.histories[0].id
+            == privacy_notice_fr_provide_service_frontend_only.histories[0].id
         )
 
         # Fetch current privacy preference that was updated
@@ -1409,6 +1411,31 @@ def test_get_historical_preferences(
             == privacy_experience_privacy_center.id
         )
 
+    def test_get_historical_preferences_user_geography_unsupported(
+        self,
+        api_client: TestClient,
+        url,
+        generate_auth_header,
+        privacy_preference_history_fr_provide_service_frontend_only,
+    ) -> None:
+        """Just verifying it's fine if the user geography is not an official privacy notice region"""
+
+        auth_header = generate_auth_header(scopes=[PRIVACY_PREFERENCE_HISTORY_READ])
+        response = api_client.get(url, headers=auth_header)
+        assert response.status_code == 200
+        assert len(response.json()["items"]) == 1
+        assert response.json()["total"] == 1
+        assert response.json()["page"] == 1
+        assert response.json()["size"] == 50
+
+        response_body = response.json()["items"][0]
+
+        assert (
+            response_body["id"]
+            == privacy_preference_history_fr_provide_service_frontend_only.id
+        )
+        assert response_body["user_geography"] == "fr_idg"
+
     def test_get_historical_preferences_ordering(
         self,
         api_client: TestClient,
@@ -1416,7 +1443,7 @@ def test_get_historical_preferences_ordering(
         generate_auth_header,
         privacy_preference_history,
         privacy_preference_history_us_ca_provide,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ) -> None:
         auth_header = generate_auth_header(scopes=[PRIVACY_PREFERENCE_HISTORY_READ])
         response = api_client.get(url, headers=auth_header)
@@ -1431,7 +1458,7 @@ def test_get_historical_preferences_ordering(
         # Records ordered most recently created first
         assert (
             response_body[0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.id
+            == privacy_preference_history_fr_provide_service_frontend_only.id
         )
         assert response_body[1]["id"] == privacy_preference_history_us_ca_provide.id
         assert response_body[2]["id"] == privacy_preference_history.id
@@ -1443,7 +1470,7 @@ def test_get_historical_preferences_date_filtering(
         generate_auth_header,
         privacy_preference_history,
         privacy_preference_history_us_ca_provide,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ) -> None:
         auth_header = generate_auth_header(scopes=[PRIVACY_PREFERENCE_HISTORY_READ])
 
@@ -1459,7 +1486,7 @@ def test_get_historical_preferences_date_filtering(
         # Filter for everything created before the last preference plus an hour
         response = api_client.get(
             url
-            + f"?request_timestamp_lt={(privacy_preference_history_eu_fr_provide_service_frontend_only.created_at + timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%S.%f')}",
+            + f"?request_timestamp_lt={(privacy_preference_history_fr_provide_service_frontend_only.created_at + timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%S.%f')}",
             headers=auth_header,
         )
         assert response.status_code == 200
@@ -1467,7 +1494,7 @@ def test_get_historical_preferences_date_filtering(
 
         assert (
             response.json()["items"][0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.id
+            == privacy_preference_history_fr_provide_service_frontend_only.id
         )
         assert (
             response.json()["items"][1]["id"]
@@ -1485,7 +1512,7 @@ def test_get_historical_preferences_date_filtering(
         assert response.json()["total"] == 2
         assert (
             response.json()["items"][0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.id
+            == privacy_preference_history_fr_provide_service_frontend_only.id
         )
         assert (
             response.json()["items"][1]["id"]
@@ -1495,7 +1522,7 @@ def test_get_historical_preferences_date_filtering(
         # Invalid filter
         response = api_client.get(
             url
-            + f"?request_timestamp_lt={privacy_preference_history.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}&request_timestamp_gt={privacy_preference_history_eu_fr_provide_service_frontend_only.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}",
+            + f"?request_timestamp_lt={privacy_preference_history.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}&request_timestamp_gt={privacy_preference_history_fr_provide_service_frontend_only.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}",
             headers=auth_header,
         )
         assert response.status_code == 400
@@ -1576,7 +1603,7 @@ def test_get_current_preference_ordering(
         generate_auth_header,
         privacy_preference_history,
         privacy_preference_history_us_ca_provide,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ) -> None:
         auth_header = generate_auth_header(scopes=[CURRENT_PRIVACY_PREFERENCE_READ])
         response = api_client.get(url, headers=auth_header)
@@ -1591,7 +1618,7 @@ def test_get_current_preference_ordering(
         # Records ordered most recently created first
         assert (
             response_body[0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.current_privacy_preference.id
+            == privacy_preference_history_fr_provide_service_frontend_only.current_privacy_preference.id
         )
         assert (
             response_body[1]["id"]
@@ -1609,7 +1636,7 @@ def test_get_current_preferences_date_filtering(
         generate_auth_header,
         privacy_preference_history,
         privacy_preference_history_us_ca_provide,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ) -> None:
         auth_header = generate_auth_header(scopes=[CURRENT_PRIVACY_PREFERENCE_READ])
 
@@ -1625,7 +1652,7 @@ def test_get_current_preferences_date_filtering(
         # Filter for everything updated before the last preference plus an hour
         response = api_client.get(
             url
-            + f"?updated_lt={(privacy_preference_history_eu_fr_provide_service_frontend_only.current_privacy_preference.updated_at + timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%S.%f')}",
+            + f"?updated_lt={(privacy_preference_history_fr_provide_service_frontend_only.current_privacy_preference.updated_at + timedelta(hours=1)).strftime('%Y-%m-%dT%H:%M:%S.%f')}",
             headers=auth_header,
         )
         assert response.status_code == 200
@@ -1633,7 +1660,7 @@ def test_get_current_preferences_date_filtering(
 
         assert (
             response.json()["items"][0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.current_privacy_preference.id
+            == privacy_preference_history_fr_provide_service_frontend_only.current_privacy_preference.id
         )
         assert (
             response.json()["items"][1]["id"]
@@ -1654,7 +1681,7 @@ def test_get_current_preferences_date_filtering(
         assert response.json()["total"] == 2
         assert (
             response.json()["items"][0]["id"]
-            == privacy_preference_history_eu_fr_provide_service_frontend_only.current_privacy_preference.id
+            == privacy_preference_history_fr_provide_service_frontend_only.current_privacy_preference.id
         )
         assert (
             response.json()["items"][1]["id"]
@@ -1664,7 +1691,7 @@ def test_get_current_preferences_date_filtering(
         # Invalid filter
         response = api_client.get(
             url
-            + f"?updated_lt={privacy_preference_history.current_privacy_preference.updated_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}&updated_gt={privacy_preference_history_eu_fr_provide_service_frontend_only.current_privacy_preference.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}",
+            + f"?updated_lt={privacy_preference_history.current_privacy_preference.updated_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}&updated_gt={privacy_preference_history_fr_provide_service_frontend_only.current_privacy_preference.created_at.strftime('%Y-%m-%dT%H:%M:%S.%f')}",
             headers=auth_header,
         )
         assert response.status_code == 400
diff --git a/tests/ops/models/test_privacy_experience.py b/tests/ops/models/test_privacy_experience.py
index 0f9f623b40..58c27903bf 100644
--- a/tests/ops/models/test_privacy_experience.py
+++ b/tests/ops/models/test_privacy_experience.py
@@ -187,7 +187,7 @@ def test_get_experience_by_component_and_region(self, db):
         """Test PrivacyExperience.get_experience_by_region_and_component method"""
         assert (
             PrivacyExperience.get_experience_by_region_and_component(
-                db, PrivacyNoticeRegion.eu_at, ComponentType.overlay
+                db, PrivacyNoticeRegion.at, ComponentType.overlay
             )
             is None
         )
@@ -196,19 +196,19 @@ def test_get_experience_by_component_and_region(self, db):
             db=db,
             data={
                 "component": "privacy_center",
-                "region": "eu_at",
+                "region": "at",
             },
         )
 
         assert (
             PrivacyExperience.get_experience_by_region_and_component(
-                db, PrivacyNoticeRegion.eu_at, ComponentType.overlay
+                db, PrivacyNoticeRegion.at, ComponentType.overlay
             )
             is None
         )
         assert (
             PrivacyExperience.get_experience_by_region_and_component(
-                db, PrivacyNoticeRegion.eu_at, ComponentType.privacy_center
+                db, PrivacyNoticeRegion.at, ComponentType.privacy_center
             )
             == pc_exp
         )
@@ -225,7 +225,7 @@ def test_unlink_privacy_experience_config(
             db=db,
             data={
                 "component": "privacy_center",
-                "region": "eu_at",
+                "region": "at",
                 "experience_config_id": experience_config_privacy_center.id,
             },
         )
@@ -250,7 +250,7 @@ def test_link_default_experience_config(self, db, experience_config_privacy_cent
             db=db,
             data={
                 "component": "privacy_center",
-                "region": "eu_at",
+                "region": "at",
                 "experience_config_id": experience_config_privacy_center.id,
             },
         )
@@ -320,7 +320,7 @@ def test_get_related_privacy_notices(self, db, system):
             db=db,
             data={
                 "component": ComponentType.overlay,
-                "region": "eu_it",
+                "region": "it",
             },
         )
 
@@ -333,7 +333,7 @@ def test_get_related_privacy_notices(self, db, system):
                 "name": "Test privacy notice",
                 "notice_key": "test_privacy_notice",
                 "description": "a test sample privacy notice configuration",
-                "regions": [PrivacyNoticeRegion.eu_fr, PrivacyNoticeRegion.eu_it],
+                "regions": [PrivacyNoticeRegion.fr, PrivacyNoticeRegion.it],
                 "consent_mechanism": ConsentMechanism.opt_in,
                 "data_uses": ["marketing.advertising", "third_party_sharing"],
                 "enforcement_level": EnforcementLevel.system_wide,
@@ -357,7 +357,7 @@ def test_get_related_privacy_notices(self, db, system):
         # While privacy notice is displayed in the overlay, it doesn't have a matching region
         assert privacy_experience.get_related_privacy_notices(db) == []
 
-        privacy_notice.regions = ["eu_it"]
+        privacy_notice.regions = ["it"]
         privacy_notice.save(db)
         privacy_notice.disabled = True
         privacy_notice.save(db)
@@ -392,7 +392,7 @@ def test_get_should_show_banner(self, db):
             db=db,
             data={
                 "component": ComponentType.privacy_center,
-                "region": "eu_it",
+                "region": "it",
             },
         )
 
@@ -411,7 +411,7 @@ def test_get_should_show_banner(self, db):
                 "name": "Test privacy notice",
                 "notice_key": "test_privacy_notice",
                 "description": "a test sample privacy notice configuration",
-                "regions": [PrivacyNoticeRegion.eu_fr, PrivacyNoticeRegion.eu_it],
+                "regions": [PrivacyNoticeRegion.fr, PrivacyNoticeRegion.it],
                 "consent_mechanism": ConsentMechanism.opt_out,
                 "data_uses": ["marketing.advertising", "third_party_sharing"],
                 "enforcement_level": EnforcementLevel.system_wide,
@@ -760,7 +760,7 @@ def test_overlay_experience_needed(self, db):
                 "name": "example privacy notice",
                 "notice_key": "example_privacy_notice",
                 "regions": [
-                    PrivacyNoticeRegion.eu_it,
+                    PrivacyNoticeRegion.it,
                 ],
                 "consent_mechanism": ConsentMechanism.opt_in,
                 "data_uses": ["marketing.advertising"],
@@ -774,25 +774,25 @@ def test_overlay_experience_needed(self, db):
         (
             overlay_experience,
             privacy_center_experience,
-        ) = PrivacyExperience.get_experiences_by_region(db, PrivacyNoticeRegion.eu_it)
+        ) = PrivacyExperience.get_experiences_by_region(db, PrivacyNoticeRegion.it)
         assert overlay_experience is None
         assert privacy_center_experience is None
 
         added_exp = upsert_privacy_experiences_after_notice_update(
-            db, [PrivacyNoticeRegion.eu_it]
+            db, [PrivacyNoticeRegion.it]
         )
 
         (
             overlay_experience,
             privacy_center_experience,
-        ) = PrivacyExperience.get_experiences_by_region(db, PrivacyNoticeRegion.eu_it)
+        ) = PrivacyExperience.get_experiences_by_region(db, PrivacyNoticeRegion.it)
 
         assert overlay_experience is not None
         assert privacy_center_experience is None
         assert added_exp == [overlay_experience]
 
         assert overlay_experience.component == ComponentType.overlay
-        assert overlay_experience.region == PrivacyNoticeRegion.eu_it
+        assert overlay_experience.region == PrivacyNoticeRegion.it
         assert (
             overlay_experience.experience_config_id
             == "pri-7ae3-f06b-4096-970f-0bbbdef-over"
diff --git a/tests/ops/models/test_privacy_notice.py b/tests/ops/models/test_privacy_notice.py
index c56c02cc80..5eaa5fe1b6 100644
--- a/tests/ops/models/test_privacy_notice.py
+++ b/tests/ops/models/test_privacy_notice.py
@@ -289,7 +289,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_1",
                         notice_key="pn_1",
                         data_uses=["marketing.advertising", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -308,7 +308,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_1",
                         notice_key="pn_1",
                         data_uses=["marketing.advertising", "third_party_sharing"],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -316,7 +316,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -330,7 +330,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -338,7 +338,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -349,7 +349,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_1",
                         notice_key="pn_1",
                         data_uses=["marketing.advertising", "third_party_sharing"],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -360,7 +360,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "personalize",
                         ],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -371,7 +371,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_1",
                         notice_key="pn_1",
                         data_uses=["marketing.advertising", "third_party_sharing"],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -379,7 +379,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -393,7 +393,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.third_party.targeted",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -401,7 +401,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -420,7 +420,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -431,13 +431,13 @@ def test_dry_update_copies_cleanly(
                         name="pn_1",
                         notice_key="pn_1",
                         data_uses=["marketing.advertising", "third_party_sharing"],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     ),
                     PrivacyNotice(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     ),
                 ],
                 [],
@@ -562,7 +562,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -571,7 +571,7 @@ def test_dry_update_copies_cleanly(
                         notice_key="pn_2",
                         disabled=True,
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -586,7 +586,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -594,7 +594,7 @@ def test_dry_update_copies_cleanly(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -609,7 +609,7 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     )
                 ],
                 [
@@ -618,7 +618,7 @@ def test_dry_update_copies_cleanly(
                         notice_key="pn_2",
                         disabled=True,
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     )
                 ],
             ),
@@ -633,13 +633,13 @@ def test_dry_update_copies_cleanly(
                             "marketing.advertising.first_party.contextual",
                             "third_party_sharing",
                         ],
-                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_ca, PrivacyNoticeRegion.be],
                     ),
                     PrivacyNotice(
                         name="pn_2",
                         notice_key="pn_2",
                         data_uses=["marketing.advertising.first_party", "personalize"],
-                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.eu_be],
+                        regions=[PrivacyNoticeRegion.us_co, PrivacyNoticeRegion.be],
                     ),
                 ],
                 [],
@@ -769,13 +769,13 @@ def test_calculate_relevant_systems(
         privacy_notice,
         privacy_notice_us_ca_provide,
         privacy_notice_us_co_provide_service_operations,
-        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_notice_fr_provide_service_frontend_only,
     ):
         """
         privacy_notice fixture: marketing.advertising/third party sharing
         privacy_notice_us_ca_provide fixture: essential
         privacy_notice_us_co_provide_service_operations: essential.service.operations
-        privacy_notice_eu_fr_provide_service_frontend_only:  essential.service but fe only
+        privacy_notice_fr_provide_service_frontend_only:  essential.service but fe only
         """
 
         # Only system's data use is advertising
@@ -793,7 +793,7 @@ def test_calculate_relevant_systems(
             == []
         )
         assert (
-            privacy_notice_eu_fr_provide_service_frontend_only.histories[
+            privacy_notice_fr_provide_service_frontend_only.histories[
                 0
             ].calculate_relevant_systems(db)
             == []
@@ -813,7 +813,7 @@ def test_calculate_relevant_systems(
             == []
         ), "Privacy notice data use is a child of the system: N/A"
         assert (
-            privacy_notice_eu_fr_provide_service_frontend_only.histories[
+            privacy_notice_fr_provide_service_frontend_only.histories[
                 0
             ].calculate_relevant_systems(db)
             == []
diff --git a/tests/ops/models/test_privacy_preference.py b/tests/ops/models/test_privacy_preference.py
index 01f1097ad3..a51ac2f1d6 100644
--- a/tests/ops/models/test_privacy_preference.py
+++ b/tests/ops/models/test_privacy_preference.py
@@ -175,7 +175,7 @@ def test_create_privacy_preference(
             preference_history_record.user_agent
             == "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24"
         )
-        assert preference_history_record.user_geography == PrivacyNoticeRegion.us_ca
+        assert preference_history_record.user_geography == "us_ca"
         assert preference_history_record.url_recorded == "example.com/privacy_center"
 
         # Assert PrivacyRequest.privacy_preferences relationship
diff --git a/tests/ops/service/connectors/test_saas_connector.py b/tests/ops/service/connectors/test_saas_connector.py
index 7493dd8b31..8e8c664541 100644
--- a/tests/ops/service/connectors/test_saas_connector.py
+++ b/tests/ops/service/connectors/test_saas_connector.py
@@ -479,14 +479,14 @@ def test_enforcement_level_not_system_wide(
         db,
         consent_policy,
         privacy_request_with_consent_policy,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
         mailchimp_transactional_connection_config_no_secrets,
     ):
         """Can only propagate preferences that have a system wide enforcement level"""
-        privacy_preference_history_eu_fr_provide_service_frontend_only.privacy_request_id = (
+        privacy_preference_history_fr_provide_service_frontend_only.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
-        privacy_preference_history_eu_fr_provide_service_frontend_only.save(db)
+        privacy_preference_history_fr_provide_service_frontend_only.save(db)
 
         connector = get_connector(mailchimp_transactional_connection_config_no_secrets)
         with pytest.raises(SkippingConsentPropagation) as exc:
@@ -499,9 +499,9 @@ def test_enforcement_level_not_system_wide(
             )
         assert "no actionable consent preferences to propagate" in str(exc)
 
-        db.refresh(privacy_preference_history_eu_fr_provide_service_frontend_only)
+        db.refresh(privacy_preference_history_fr_provide_service_frontend_only)
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.affected_system_status
+            privacy_preference_history_fr_provide_service_frontend_only.affected_system_status
             == {}
         )  # This is updated elsewhere, in graph task, not tested here
 
diff --git a/tests/ops/service/messaging/message_dispatch_service_test.py b/tests/ops/service/messaging/message_dispatch_service_test.py
index fe37f6d8bf..42778f01bf 100644
--- a/tests/ops/service/messaging/message_dispatch_service_test.py
+++ b/tests/ops/service/messaging/message_dispatch_service_test.py
@@ -501,7 +501,7 @@ def test_email_dispatch_consent_request_email_fulfillment_for_sovrn_new_workflow
                                 privacy_notice_history=PrivacyNoticeHistorySchema(
                                     name="Analytics",
                                     notice_key="analytics",
-                                    regions=["eu_fr"],
+                                    regions=["fr"],
                                     id="test_3",
                                     privacy_notice_id="39391",
                                     consent_mechanism=ConsentMechanism.opt_in,
diff --git a/tests/ops/util/test_consent_util.py b/tests/ops/util/test_consent_util.py
index 463bbc66cd..b2e5400229 100644
--- a/tests/ops/util/test_consent_util.py
+++ b/tests/ops/util/test_consent_util.py
@@ -173,7 +173,7 @@ def test_enforcement_frontend_only(
         db,
         system,
         privacy_request_with_consent_policy,
-        privacy_notice_eu_fr_provide_service_frontend_only,
+        privacy_notice_fr_provide_service_frontend_only,
         fides_user_provided_identity,
     ):
         """
@@ -185,7 +185,7 @@ def test_enforcement_frontend_only(
             db=db,
             data={
                 "preference": preference,
-                "privacy_notice_history_id": privacy_notice_eu_fr_provide_service_frontend_only.privacy_notice_history_id,
+                "privacy_notice_history_id": privacy_notice_fr_provide_service_frontend_only.privacy_notice_history_id,
                 "fides_user_device_provided_identity_id": fides_user_provided_identity.id,
             },
             check_name=False,
@@ -321,14 +321,14 @@ def test_cache_initial_status_and_identities_for_consent_reporting(
         privacy_request_with_consent_policy,
         connection_config,
         privacy_preference_history,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ):
         privacy_preference_history.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
 
-        privacy_preference_history_eu_fr_provide_service_frontend_only.privacy_request_id = (
+        privacy_preference_history_fr_provide_service_frontend_only.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
@@ -338,21 +338,21 @@ def test_cache_initial_status_and_identities_for_consent_reporting(
             privacy_request_with_consent_policy,
             connection_config,
             relevant_preferences=[
-                privacy_preference_history_eu_fr_provide_service_frontend_only
+                privacy_preference_history_fr_provide_service_frontend_only
             ],
             relevant_user_identities={"email": "customer-1@example.com"},
         )
 
         db.refresh(privacy_preference_history)
-        db.refresh(privacy_preference_history_eu_fr_provide_service_frontend_only)
+        db.refresh(privacy_preference_history_fr_provide_service_frontend_only)
 
         # Relevant systems
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.affected_system_status
+            privacy_preference_history_fr_provide_service_frontend_only.affected_system_status
             == {connection_config.name: "pending"}
         )
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.secondary_user_ids
+            privacy_preference_history_fr_provide_service_frontend_only.secondary_user_ids
             == {"email": "customer-1@example.com"}
         )
 
@@ -368,14 +368,14 @@ def test_add_complete_system_status_for_consent_reporting(
         privacy_request_with_consent_policy,
         connection_config,
         privacy_preference_history,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ):
         privacy_preference_history.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
 
-        privacy_preference_history_eu_fr_provide_service_frontend_only.privacy_request_id = (
+        privacy_preference_history_fr_provide_service_frontend_only.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
@@ -385,7 +385,7 @@ def test_add_complete_system_status_for_consent_reporting(
             privacy_request_with_consent_policy,
             connection_config,
             relevant_preferences=[
-                privacy_preference_history_eu_fr_provide_service_frontend_only
+                privacy_preference_history_fr_provide_service_frontend_only
             ],
             relevant_user_identities={"email": "customer-1@example.com"},
         )
@@ -395,15 +395,15 @@ def test_add_complete_system_status_for_consent_reporting(
         )
 
         db.refresh(privacy_preference_history)
-        db.refresh(privacy_preference_history_eu_fr_provide_service_frontend_only)
+        db.refresh(privacy_preference_history_fr_provide_service_frontend_only)
 
         # Relevant systems
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.affected_system_status
+            privacy_preference_history_fr_provide_service_frontend_only.affected_system_status
             == {connection_config.name: "complete"}
         )
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.secondary_user_ids
+            privacy_preference_history_fr_provide_service_frontend_only.secondary_user_ids
             == {"email": "customer-1@example.com"}
         )
 
@@ -419,14 +419,14 @@ def test_add_error_system_status_for_consent_reporting(
         privacy_request_with_consent_policy,
         connection_config,
         privacy_preference_history,
-        privacy_preference_history_eu_fr_provide_service_frontend_only,
+        privacy_preference_history_fr_provide_service_frontend_only,
     ):
         privacy_preference_history.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
 
-        privacy_preference_history_eu_fr_provide_service_frontend_only.privacy_request_id = (
+        privacy_preference_history_fr_provide_service_frontend_only.privacy_request_id = (
             privacy_request_with_consent_policy.id
         )
         privacy_preference_history.save(db)
@@ -436,7 +436,7 @@ def test_add_error_system_status_for_consent_reporting(
             privacy_request_with_consent_policy,
             connection_config,
             relevant_preferences=[
-                privacy_preference_history_eu_fr_provide_service_frontend_only
+                privacy_preference_history_fr_provide_service_frontend_only
             ],
             relevant_user_identities={"email": "customer-1@example.com"},
         )
@@ -446,15 +446,15 @@ def test_add_error_system_status_for_consent_reporting(
         )
 
         db.refresh(privacy_preference_history)
-        db.refresh(privacy_preference_history_eu_fr_provide_service_frontend_only)
+        db.refresh(privacy_preference_history_fr_provide_service_frontend_only)
 
         # Relevant systems
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.affected_system_status
+            privacy_preference_history_fr_provide_service_frontend_only.affected_system_status
             == {connection_config.name: "error"}
         )
         assert (
-            privacy_preference_history_eu_fr_provide_service_frontend_only.secondary_user_ids
+            privacy_preference_history_fr_provide_service_frontend_only.secondary_user_ids
             == {"email": "customer-1@example.com"}
         )
 
@@ -492,7 +492,7 @@ def test_create_privacy_notices_util(self, db, load_default_data_uses):
             notice_key="test_notice",
             description="test description",
             internal_description="internal description",
-            regions=["eu_it"],
+            regions=["it"],
             consent_mechanism="opt_out",
             data_uses=["train_ai_system"],
             enforcement_level=EnforcementLevel.not_applicable,
@@ -500,7 +500,7 @@ def test_create_privacy_notices_util(self, db, load_default_data_uses):
         )
 
         privacy_notices, affected_regions = create_privacy_notices_util(db, [schema])
-        assert affected_regions == {PrivacyNoticeRegion.eu_it}
+        assert affected_regions == {PrivacyNoticeRegion.it}
 
         assert len(privacy_notices) == 1
         notice = privacy_notices[0]
@@ -508,7 +508,7 @@ def test_create_privacy_notices_util(self, db, load_default_data_uses):
         assert notice.notice_key == "test_notice"
         assert notice.description == "test description"
         assert notice.internal_description == "internal description"
-        assert notice.regions == [PrivacyNoticeRegion.eu_it]
+        assert notice.regions == [PrivacyNoticeRegion.it]
         assert notice.consent_mechanism == ConsentMechanism.opt_out
         assert notice.enforcement_level == EnforcementLevel.not_applicable
         assert notice.disabled is False
@@ -524,7 +524,7 @@ def test_create_privacy_notices_util(self, db, load_default_data_uses):
         assert history.notice_key == "test_notice"
         assert history.description == "test description"
         assert history.internal_description == "internal description"
-        assert history.regions == [PrivacyNoticeRegion.eu_it]
+        assert history.regions == [PrivacyNoticeRegion.it]
         assert history.consent_mechanism == ConsentMechanism.opt_out
         assert history.enforcement_level == EnforcementLevel.not_applicable
         assert history.disabled is False
@@ -796,7 +796,7 @@ def test_ensure_unique_ids(self, db, load_default_data_uses):
                     PrivacyNoticeWithId(
                         id="test_id_1",
                         name="A",
-                        regions=["eu_it"],
+                        regions=["it"],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["essential"],
                         enforcement_level=EnforcementLevel.system_wide,
@@ -805,7 +805,7 @@ def test_ensure_unique_ids(self, db, load_default_data_uses):
                     PrivacyNoticeWithId(
                         id="test_id_1",
                         name="A",
-                        regions=["eu_it"],
+                        regions=["it"],
                         consent_mechanism=ConsentMechanism.opt_out,
                         data_uses=["essential"],
                         enforcement_level=EnforcementLevel.frontend,
@@ -829,7 +829,7 @@ def test_overlapping_data_uses(self, db, load_default_data_uses):
                         id="test_id_1",
                         notice_key="a",
                         name="A",
-                        regions=["eu_it"],
+                        regions=["it"],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["essential"],
                         enforcement_level=EnforcementLevel.system_wide,
@@ -839,7 +839,7 @@ def test_overlapping_data_uses(self, db, load_default_data_uses):
                         id="test_id_2",
                         notice_key="b",
                         name="B",
-                        regions=["eu_it"],
+                        regions=["it"],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["essential.service"],
                         enforcement_level=EnforcementLevel.frontend,
@@ -851,7 +851,7 @@ def test_overlapping_data_uses(self, db, load_default_data_uses):
         assert exc._excinfo[1].status_code == 422
         assert (
             exc._excinfo[1].detail
-            == "Privacy Notice 'A' has already assigned data use 'essential' to region 'eu_it'"
+            == "Privacy Notice 'A' has already assigned data use 'essential' to region 'it'"
         )
 
     def test_bad_data_uses(self, db, load_default_data_uses):
@@ -864,7 +864,7 @@ def test_bad_data_uses(self, db, load_default_data_uses):
                         id="test_id_1",
                         name="A",
                         notice_key="a",
-                        regions=["eu_it"],
+                        regions=["it"],
                         consent_mechanism=ConsentMechanism.opt_in,
                         data_uses=["bad use"],
                         enforcement_level=EnforcementLevel.system_wide,
@@ -884,7 +884,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
                     id="test_id_1",
                     notice_key="a",
                     name="A",
-                    regions=["eu_it"],
+                    regions=["it"],
                     consent_mechanism=ConsentMechanism.opt_in,
                     data_uses=["essential"],
                     enforcement_level=EnforcementLevel.system_wide,
@@ -894,7 +894,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
                     id="test_id_2",
                     notice_key="b",
                     name="B",
-                    regions=["eu_it"],
+                    regions=["it"],
                     consent_mechanism=ConsentMechanism.opt_in,
                     data_uses=["improve"],
                     enforcement_level=EnforcementLevel.frontend,
@@ -911,14 +911,14 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
 
         assert first_template.id == "test_id_1"
         assert first_template.name == "A"
-        assert first_template.regions == [PrivacyNoticeRegion.eu_it]
+        assert first_template.regions == [PrivacyNoticeRegion.it]
         assert first_template.consent_mechanism == ConsentMechanism.opt_in
         assert first_template.data_uses == ["essential"]
         assert first_template.enforcement_level == EnforcementLevel.system_wide
 
         assert second_template.id == "test_id_2"
         assert second_template.name == "B"
-        assert second_template.regions == [PrivacyNoticeRegion.eu_it]
+        assert second_template.regions == [PrivacyNoticeRegion.it]
         assert second_template.consent_mechanism == ConsentMechanism.opt_in
         assert second_template.data_uses == ["improve"]
         assert second_template.enforcement_level == EnforcementLevel.frontend
@@ -931,7 +931,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
                     id="test_id_2",
                     notice_key="b",
                     name="B",
-                    regions=["eu_it"],
+                    regions=["it"],
                     consent_mechanism=ConsentMechanism.opt_out,
                     data_uses=["marketing.advertising"],
                     enforcement_level=EnforcementLevel.frontend,
@@ -942,7 +942,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
                     id="test_id_3",
                     notice_key="c",
                     name="C",
-                    regions=["eu_it"],
+                    regions=["it"],
                     consent_mechanism=ConsentMechanism.opt_out,
                     data_uses=["improve"],
                     enforcement_level=EnforcementLevel.system_wide,
@@ -964,7 +964,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
         # First template didn't change
         assert first_template.id == "test_id_1"
         assert first_template.name == "A"
-        assert first_template.regions == [PrivacyNoticeRegion.eu_it]
+        assert first_template.regions == [PrivacyNoticeRegion.it]
         assert first_template.consent_mechanism == ConsentMechanism.opt_in
         assert first_template.data_uses == ["essential"]
         assert first_template.enforcement_level == EnforcementLevel.system_wide
@@ -972,7 +972,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
         # Second template updated data use and consent mechanism
         assert second_template.id == "test_id_2"
         assert second_template.name == "B"
-        assert second_template.regions == [PrivacyNoticeRegion.eu_it]
+        assert second_template.regions == [PrivacyNoticeRegion.it]
         assert second_template.consent_mechanism == ConsentMechanism.opt_out
         assert second_template.data_uses == ["marketing.advertising"]
         assert second_template.enforcement_level == EnforcementLevel.frontend
@@ -981,7 +981,7 @@ def test_create_two_templates_then_update_second(self, db, load_default_data_use
         # Third template is new
         assert third_template.id == "test_id_3"
         assert third_template.name == "C"
-        assert third_template.regions == [PrivacyNoticeRegion.eu_it]
+        assert third_template.regions == [PrivacyNoticeRegion.it]
         assert third_template.consent_mechanism == ConsentMechanism.opt_out
         assert third_template.data_uses == ["improve"]
         assert third_template.enforcement_level == EnforcementLevel.system_wide

From 028ee832d0113b15f095930ffb11574f2c20f396 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 28 Jun 2023 16:35:57 -0700
Subject: [PATCH 45/90] Updating DSR data pre-processor to support manual data
 (#3693)

---
 .../privacy_request/dsr_package/dsr_report_builder.py        | 5 ++++-
 tests/ops/service/test_storage_uploader_service.py           | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/fides/api/service/privacy_request/dsr_package/dsr_report_builder.py b/src/fides/api/service/privacy_request/dsr_package/dsr_report_builder.py
index 5fd2d12a6a..97ef6d5d0f 100644
--- a/src/fides/api/service/privacy_request/dsr_package/dsr_report_builder.py
+++ b/src/fides/api/service/privacy_request/dsr_package/dsr_report_builder.py
@@ -155,7 +155,10 @@ def generate(self) -> BytesIO:
             # pre-process data to split the dataset:collection keys
             datasets: Dict[str, Any] = defaultdict(lambda: defaultdict(list))
             for key, rows in self.dsr_data.items():
-                [dataset_name, collection_name] = key.split(":")
+                parts = key.split(":", 1)
+                dataset_name, collection_name = (
+                    parts if len(parts) > 1 else ("manual", parts[0])
+                )
                 datasets[dataset_name][collection_name].extend(rows)
 
             for dataset_name, collections in datasets.items():
diff --git a/tests/ops/service/test_storage_uploader_service.py b/tests/ops/service/test_storage_uploader_service.py
index ad6beaf700..abb7bfe24f 100644
--- a/tests/ops/service/test_storage_uploader_service.py
+++ b/tests/ops/service/test_storage_uploader_service.py
@@ -358,6 +358,7 @@ def data(self) -> Dict[str, Any]:
                 {"uuid": "xyz-122-333", "name": "foo1", "email": "foo@bar1"},
             ],
             "mongo:foobar": [{"_id": 1, "customer": {"x": 1, "y": [1, 2]}}],
+            "filing_cabinet": [{"id": "123"}],  # represents manual data
         }
 
     def test_json_data(self, data, privacy_request):
@@ -374,6 +375,7 @@ def test_csv_format(self, data, privacy_request):
             "mongo:address.csv",
             "mysql:customer.csv",
             "mongo:foobar.csv",
+            "filing_cabinet.csv",
         ]
 
         with zipfile.open("mongo:address.csv") as address_csv:
@@ -449,6 +451,9 @@ def test_html_format(self, data, privacy_request):
             "/mysql/customer/2.html",
             "/mysql/customer/index.html",
             "/mysql/index.html",
+            "/manual/filing_cabinet/1.html",
+            "/manual/filing_cabinet/index.html",
+            "/manual/index.html",
             "/index.html",
         ]
 

From cd579f7b927255a2b09e8600922b4aab0e3af534 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew.c.j1995@gmail.com>
Date: Thu, 29 Jun 2023 15:07:30 -0400
Subject: [PATCH 46/90] Deprecate connection config fields in UI (#3684)

Co-authored-by: Adrian Galvan <adrian@ethyca.com>
---
 CHANGELOG.md                                  |  1 +
 .../datastore-connection.slice.ts             |  2 +-
 .../forms/ConnectorParameters.tsx             | 23 ++++----
 .../forms/ConnectorParametersForm.tsx         | 54 -------------------
 ...da6_make_connectionconfig_name_optional.py | 30 +++++++++++
 src/fides/api/models/connectionconfig.py      | 16 ++----
 .../connection_config.py                      |  6 +--
 .../saas/connector_registry_service.py        |  5 +-
 .../saas/connection_template_fixtures.py      | 14 ++---
 .../test_connection_config_endpoints.py       |  9 +++-
 .../test_connection_template_endpoints.py     | 13 +++--
 tests/ops/api/v1/endpoints/test_system.py     | 18 +++----
 12 files changed, 79 insertions(+), 112 deletions(-)
 create mode 100644 src/fides/api/alembic/migrations/versions/7315b9d7fda6_make_connectionconfig_name_optional.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3bbf266b67..300e4aae47 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,7 @@ The types of changes are:
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
+- Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 
 
diff --git a/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts b/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
index 905d62720d..6a936ae2bb 100644
--- a/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
+++ b/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
@@ -89,7 +89,7 @@ const initialState: DatastoreConnectionParams = {
 };
 
 export type CreateSaasConnectionConfig = {
-  connectionConfig: CreateSaasConnectionConfigRequest;
+  connectionConfig: Omit<CreateSaasConnectionConfigRequest, "name">;
   systemFidesKey: string;
 };
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index f98122d5f2..da9bd9c79e 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -53,9 +53,8 @@ const createSaasConnector = async (
   systemFidesKey: string,
   createSaasConnectorFunc: any
 ) => {
-  const connectionConfig: CreateSaasConnectionConfigRequest = {
+  const connectionConfig: Omit<CreateSaasConnectionConfigRequest, "name"> = {
     description: values.description,
-    name: values.name,
     instance_key: formatKey(values.instance_key as string),
     saas_connector_type: connectionOption.identifier,
     secrets: {},
@@ -91,16 +90,16 @@ export const patchConnectionConfig = async (
       ? formatKey(values.instance_key as string)
       : connectionConfig?.key;
 
-  const params1: Omit<ConnectionConfigurationResponse, "created_at"> = {
-    access: AccessLevel.WRITE,
-    connection_type: (connectionOption.type === SystemType.SAAS
-      ? connectionOption.type
-      : connectionOption.identifier) as ConnectionType,
-    description: values.description,
-    disabled: false,
-    key,
-    name: values.name,
-  };
+  const params1: Omit<ConnectionConfigurationResponse, "created_at" | "name"> =
+    {
+      access: AccessLevel.WRITE,
+      connection_type: (connectionOption.type === SystemType.SAAS
+        ? connectionOption.type
+        : connectionOption.identifier) as ConnectionType,
+      description: values.description,
+      disabled: false,
+      key,
+    };
   const payload = await patchFunc({
     systemFidesKey,
     connectionConfigs: [params1],
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 6db1634007..1552809b06 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -13,7 +13,6 @@ import {
   NumberInput,
   NumberInputField,
   NumberInputStepper,
-  Textarea,
   Tooltip,
   VStack,
 } from "@fidesui/react";
@@ -267,59 +266,6 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
       {(props: FormikProps<Values>) => (
         <Form noValidate>
           <VStack align="stretch" gap="16px">
-            <Field
-              id="name"
-              name="name"
-              validate={(value: string) => validateField("Name", value)}
-            >
-              {({ field }: { field: FieldInputProps<string> }) => (
-                <FormControl
-                  display="flex"
-                  isRequired
-                  isInvalid={props.errors.name && props.touched.name}
-                >
-                  {getFormLabel("name", "Name")}
-                  <VStack align="flex-start" w="inherit">
-                    <Input
-                      {...field}
-                      autoComplete="off"
-                      autoFocus
-                      color="gray.700"
-                      placeholder={`Enter a friendly name for your new ${
-                        connectionOption!.human_readable
-                      } integration`}
-                      size="sm"
-                      data-testid="input-name"
-                    />
-                    <FormErrorMessage>{props.errors.name}</FormErrorMessage>
-                  </VStack>
-                  <Flex alignItems="center" h="32px" visibility="hidden">
-                    <CircleHelpIcon marginLeft="8px" />
-                  </Flex>
-                </FormControl>
-              )}
-            </Field>
-            {/* Description */}
-            <Field id="description" name="description">
-              {({ field }: { field: FieldInputProps<string> }) => (
-                <FormControl display="flex">
-                  {getFormLabel("description", "Description")}
-                  <Textarea
-                    {...field}
-                    color="gray.700"
-                    placeholder={`Enter a description for your new ${
-                      connectionOption!.human_readable
-                    } integration`}
-                    resize="none"
-                    size="sm"
-                    value={field.value || ""}
-                  />
-                  <Flex alignItems="center" h="32px" visibility="hidden">
-                    <CircleHelpIcon marginLeft="8px" />
-                  </Flex>
-                </FormControl>
-              )}
-            </Field>
             {/* Connection Identifier */}
             {connectionOption.type !== SystemType.MANUAL ? (
               <Field
diff --git a/src/fides/api/alembic/migrations/versions/7315b9d7fda6_make_connectionconfig_name_optional.py b/src/fides/api/alembic/migrations/versions/7315b9d7fda6_make_connectionconfig_name_optional.py
new file mode 100644
index 0000000000..4832136c7e
--- /dev/null
+++ b/src/fides/api/alembic/migrations/versions/7315b9d7fda6_make_connectionconfig_name_optional.py
@@ -0,0 +1,30 @@
+"""make ConnectionConfig.name optional
+
+Revision ID: 7315b9d7fda6
+Revises: d2996381c4dd
+Create Date: 2023-06-26 20:39:29.953904
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "7315b9d7fda6"
+down_revision = "d2996381c4dd"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.alter_column("connectionconfig", "name", nullable=True)
+
+    op.drop_index(op.f("ix_connectionconfig_name"), table_name="connectionconfig")
+
+
+def downgrade():
+    op.alter_column("connectionconfig", "name", nullable=False)
+
+    conn = op.get_bind()
+    conn.execute(
+        "CREATE UNIQUE INDEX IF NOT EXISTS ix_connectionconfig_name ON connectionconfig (name);"
+    )
diff --git a/src/fides/api/models/connectionconfig.py b/src/fides/api/models/connectionconfig.py
index efdc575829..57bad62b7e 100644
--- a/src/fides/api/models/connectionconfig.py
+++ b/src/fides/api/models/connectionconfig.py
@@ -14,7 +14,7 @@
 )
 
 from fides.api.common_exceptions import KeyOrNameAlreadyExists
-from fides.api.db.base_class import Base, FidesBase, JSONTypeOverride, get_key_from_data
+from fides.api.db.base_class import Base, FidesBase, JSONTypeOverride
 from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 from fides.api.schemas.policy import ActionType
 from fides.api.schemas.saas.saas_config import SaaSConfig
@@ -105,7 +105,7 @@ class ConnectionConfig(Base):
     Stores credentials to connect fidesops to an engineer's application databases.
     """
 
-    name = Column(String, index=True, unique=True, nullable=False)
+    name = Column(String, nullable=True)
     key = Column(String, index=True, unique=True, nullable=False)
     description = Column(String, index=True, nullable=True)
     connection_type = Column(Enum(ConnectionType), nullable=False)
@@ -155,10 +155,12 @@ class ConnectionConfig(Base):
     )
 
     @property
-    def system_key(self) -> str:
+    def system_key(self) -> Optional[str]:
         """Property for caching a system identifier for systems (or connector names as a fallback) for consent reporting"""
         if self.system:
             return self.system.fides_key
+        # TODO: Remove this fallback once all connection configs are linked to systems
+        # This will always be None in the future. `self.system` will always be set.
         return self.name
 
     @classmethod
@@ -169,7 +171,6 @@ def create_without_saving(
         # Build properly formatted key/name for ConnectionConfig.
         # Borrowed from OrmWrappedFidesBase.create
         if hasattr(cls, "key"):
-            data["key"] = get_key_from_data(data, cls.__name__)
             if db.query(cls).filter_by(key=data["key"]).first():
                 raise KeyOrNameAlreadyExists(
                     f"Key {data['key']} already exists in {cls.__name__}. Keys will be snake-cased names if not provided. "
@@ -177,13 +178,6 @@ def create_without_saving(
                     ""
                 )
 
-        if hasattr(cls, "name"):
-            data["name"] = data.get("name")
-            if db.query(cls).filter_by(name=data["name"]).first():
-                raise KeyOrNameAlreadyExists(
-                    f"Name {data['name']} already exists in {cls.__name__}."
-                )
-
         # Create
         db_obj = cls(**data)  # type: ignore
         return db_obj
diff --git a/src/fides/api/schemas/connection_configuration/connection_config.py b/src/fides/api/schemas/connection_configuration/connection_config.py
index 1f3fe26d0c..8ab65baeaf 100644
--- a/src/fides/api/schemas/connection_configuration/connection_config.py
+++ b/src/fides/api/schemas/connection_configuration/connection_config.py
@@ -20,7 +20,7 @@ class CreateConnectionConfiguration(BaseModel):
     Note that secrets are *NOT* allowed to be supplied here.
     """
 
-    name: str
+    name: Optional[str]
     key: Optional[FidesKey]
     connection_type: ConnectionType
     access: AccessLevel
@@ -93,7 +93,7 @@ class ConnectionConfigurationResponse(BaseModel):
     Do *NOT* add "secrets" to this schema.
     """
 
-    name: str
+    name: Optional[str]
     key: FidesKey
     description: Optional[str]
     connection_type: ConnectionType
@@ -128,7 +128,7 @@ class BulkPatchConnectionConfigurationWithSecrets(BulkResponse):
 class SaasConnectionTemplateValues(BaseModel):
     """Schema with values to create both a Saas ConnectionConfig and DatasetConfig from a template"""
 
-    name: str  # For ConnectionConfig
+    name: Optional[str]  # For ConnectionConfig
     key: Optional[FidesKey]  # For ConnectionConfig
     description: Optional[str]  # For ConnectionConfig
     secrets: connection_secrets_schemas  # For ConnectionConfig
diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index 93c16863fc..a7283b8980 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -323,13 +323,14 @@ def create_connection_config_from_template_no_save(
     )
 
     data = {
-        "name": template_values.name,
-        "key": template_values.key,
+        "key": template_values.key if template_values.key else template_values.instance_key,
         "description": template_values.description,
         "connection_type": ConnectionType.saas,
         "access": AccessLevel.write,
         "saas_config": config_from_template,
     }
+    if template_values.name:
+        data["name"] = template_values.name
 
     if system_id:
         data["system_id"] = system_id
diff --git a/tests/fixtures/saas/connection_template_fixtures.py b/tests/fixtures/saas/connection_template_fixtures.py
index dfa3d8a31c..04aeeac704 100644
--- a/tests/fixtures/saas/connection_template_fixtures.py
+++ b/tests/fixtures/saas/connection_template_fixtures.py
@@ -31,7 +31,6 @@ def secondary_sendgrid_instance(db):
     connection_config, dataset_config = instantiate_connector(
         db,
         "sendgrid",
-        "sendgrid_connection_config_secondary",
         "secondary_sendgrid_instance",
         "Sendgrid ConnectionConfig description",
         secrets,
@@ -49,7 +48,6 @@ def secondary_mailchimp_instance(db):
     """
     connection_config, dataset_config = instantiate_mailchimp(
         db,
-        "mailchimp_connection_config_secondary",
         "secondary_mailchimp_instance",
     )
     yield connection_config, dataset_config
@@ -67,7 +65,6 @@ def tertiary_mailchimp_instance(db):
     """
     connection_config, dataset_config = instantiate_mailchimp(
         db,
-        "mailchimp_connection_config_tertiary",
         "tertiary_mailchimp_instance",
     )
     yield connection_config, dataset_config
@@ -75,7 +72,7 @@ def tertiary_mailchimp_instance(db):
     connection_config.delete(db)
 
 
-def instantiate_mailchimp(db, key, fides_key) -> tuple[ConnectionConfig, DatasetConfig]:
+def instantiate_mailchimp(db, fides_key) -> tuple[ConnectionConfig, DatasetConfig]:
     secrets = {
         "domain": "test_mailchimp_domain",
         "username": "test_mailchimp_username",
@@ -84,7 +81,6 @@ def instantiate_mailchimp(db, key, fides_key) -> tuple[ConnectionConfig, Dataset
     return instantiate_connector(
         db,
         "mailchimp",
-        key,
         fides_key,
         "Mailchimp ConnectionConfig description",
         secrets,
@@ -94,7 +90,6 @@ def instantiate_mailchimp(db, key, fides_key) -> tuple[ConnectionConfig, Dataset
 def instantiate_connector(
     db,
     connector_type,
-    key,
     fides_key,
     description,
     secrets,
@@ -106,15 +101,14 @@ def instantiate_connector(
         ConnectorTemplate
     ] = ConnectorRegistry.get_connector_template(connector_type)
     template_vals = SaasConnectionTemplateValues(
-        name=key,
-        key=key,
+        key=fides_key,
         description=description,
         secrets=secrets,
         instance_key=fides_key,
     )
 
     connection_config = ConnectionConfig.filter(
-        db=db, conditions=(ConnectionConfig.key == key)
+        db=db, conditions=(ConnectionConfig.key == fides_key)
     ).first()
     assert connection_config is None
 
@@ -140,7 +134,7 @@ def instantiate_connector(
     )
 
     connection_config = ConnectionConfig.filter(
-        db=db, conditions=(ConnectionConfig.key == key)
+        db=db, conditions=(ConnectionConfig.key == fides_key)
     ).first()
     assert connection_config is not None
     dataset_config = DatasetConfig.filter(
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index f9cbd3cd81..fd047b9a15 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -707,6 +707,14 @@ def test_patch_http_connection_successful_analytics(
         assert call_args[5] is None
 
 
+    def test_patch_connections_no_name(self, api_client, generate_auth_header, url, payload):
+        auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
+        del payload[0]["name"]
+        response = api_client.patch(url, headers=auth_header, json=payload)
+        assert 200 == response.status_code
+        assert response.json()["succeeded"][0]["name"] is None
+
+
 class TestGetConnections:
     @pytest.fixture(scope="function")
     def url(self, oauth_client: ClientDetail, policy) -> str:
@@ -1279,7 +1287,6 @@ def test_delete_saas_connection_config(
         connection_config, dataset_config = instantiate_connector(
             db,
             "sendgrid",
-            "sendgrid_connection_config_secondary",
             "secondary_sendgrid_instance",
             "Sendgrid ConnectionConfig description",
             secrets,
diff --git a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
index 225d305064..6efcffc382 100644
--- a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
@@ -1143,18 +1143,17 @@ def test_connection_config_name_already_exists(
             headers=auth_header,
             json=request_body,
         )
-        assert resp.status_code == 400
-        assert (
-            f"Name {connection_config.name} already exists in ConnectionConfig"
-            in resp.json()["detail"]
-        )
+        # names don't have to be unique
+        assert resp.status_code == 200
+
 
     def test_create_connection_from_template_without_supplying_connection_key(
         self, db, generate_auth_header, api_client, base_url
     ):
         auth_header = generate_auth_header(scopes=[SAAS_CONNECTION_INSTANTIATE])
+        instance_key = "secondary_mailchimp_instance"
         request_body = {
-            "instance_key": "secondary_mailchimp_instance",
+            "instance_key": instance_key,
             "secrets": {
                 "domain": "test_mailchimp_domain",
                 "username": "test_mailchimp_username",
@@ -1181,7 +1180,7 @@ def test_create_connection_from_template_without_supplying_connection_key(
         assert connection_config is not None
         assert dataset_config is not None
 
-        assert connection_config.key == "mailchimp_connector"
+        assert connection_config.key == instance_key
         dataset_config.delete(db)
         connection_config.delete(db)
 
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index d9d81d0dfd..a27fed9f31 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -298,15 +298,13 @@ def test_connection_config_key_already_exists(
     ):
         auth_header = generate_auth_header(scopes=[SAAS_CONNECTION_INSTANTIATE])
         request_body = {
-            "instance_key": "secondary_mailchimp_instance",
+            "instance_key": connection_config.key,
             "secrets": {
                 "domain": "test_mailchimp_domain",
                 "username": "test_mailchimp_username",
                 "api_key": "test_mailchimp_api_key",
             },
-            "name": connection_config.name,
             "description": "Mailchimp ConnectionConfig description",
-            "key": connection_config.key,
         }
         resp = api_client.post(
             base_url.format(saas_connector_type="mailchimp"),
@@ -332,25 +330,23 @@ def test_connection_config_name_already_exists(
             },
             "name": connection_config.name,
             "description": "Mailchimp ConnectionConfig description",
-            "key": "brand_new_key",
         }
         resp = api_client.post(
             base_url.format(saas_connector_type="mailchimp"),
             headers=auth_header,
             json=request_body,
         )
-        assert resp.status_code == 400
-        assert (
-            f"Name {connection_config.name} already exists in ConnectionConfig"
-            in resp.json()["detail"]
-        )
+        # names don't have to be unique
+        assert resp.status_code == 200
+
 
     def test_create_connection_from_template_without_supplying_connection_key(
         self, db, generate_auth_header, api_client, base_url
     ):
         auth_header = generate_auth_header(scopes=[SAAS_CONNECTION_INSTANTIATE])
+        instance_key = "secondary_mailchimp_instance"
         request_body = {
-            "instance_key": "secondary_mailchimp_instance",
+            "instance_key": instance_key,
             "secrets": {
                 "domain": "test_mailchimp_domain",
                 "username": "test_mailchimp_username",
@@ -377,7 +373,7 @@ def test_create_connection_from_template_without_supplying_connection_key(
         assert connection_config is not None
         assert dataset_config is not None
 
-        assert connection_config.key == "mailchimp_connector"
+        assert connection_config.key == instance_key
         dataset_config.delete(db)
         connection_config.delete(db)
 

From f63a843acc1e2b756cbe85c8276075ddb5e2ee7e Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Thu, 29 Jun 2023 15:44:50 -0700
Subject: [PATCH 47/90] Update front-end to treat fields with default values as
 required (#3694)

---
 CHANGELOG.md                                             | 1 +
 .../forms/ConnectorParametersForm.tsx                    | 9 +++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 300e4aae47..7be964b866 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,6 +34,7 @@ The types of changes are:
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
+- Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
 
 
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 1552809b06..7a93ab451e 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -132,6 +132,11 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
     return undefined;
   };
 
+  const isRequiredSecretValue = (key: string): boolean =>
+    secretsSchema?.required?.includes(key) ||
+    (secretsSchema?.properties?.[key] !== undefined &&
+      "default" in secretsSchema.properties[key]);
+
   const getFormField = (
     key: string,
     item: ConnectionTypeSecretSchemaProperty
@@ -141,7 +146,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
       name={key}
       key={key}
       validate={
-        secretsSchema?.required?.includes(key) || item.type === "integer"
+        isRequiredSecretValue(key) || item.type === "integer"
           ? (value: string) =>
               validateField(item.title, value, item.allOf?.[0].$ref)
           : false
@@ -150,7 +155,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
       {({ field, form }: { field: FieldInputProps<string>; form: any }) => (
         <FormControl
           display="flex"
-          isRequired={secretsSchema?.required?.includes(key)}
+          isRequired={isRequiredSecretValue(key)}
           isInvalid={form.errors[key] && form.touched[key]}
         >
           {getFormLabel(key, item.title)}

From 1594e81d4d2bd8e1dcd68f479c005c823c4ba644 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Fri, 30 Jun 2023 07:16:08 -0400
Subject: [PATCH 48/90] avoid circular deps caused within `api.api.v1` (#3692)

---
 CHANGELOG.md                                  |  1 +
 .../docs/development/development_tips.md      |  2 +-
 scripts/quickstart.py                         |  2 +-
 .../api/api/v1/endpoints/config_endpoints.py  |  2 +-
 .../api/v1/endpoints/connection_endpoints.py  | 16 ++++----
 .../v1/endpoints/connection_type_endpoints.py | 10 ++---
 .../v1/endpoints/consent_request_endpoints.py | 16 ++++----
 .../api/api/v1/endpoints/dataset_endpoints.py | 22 +++++-----
 .../api/api/v1/endpoints/drp_endpoints.py     |  2 +-
 .../api/v1/endpoints/encryption_endpoints.py  | 12 +++---
 .../identity_verification_endpoints.py        |  2 +-
 .../v1/endpoints/manual_webhook_endpoints.py  | 10 ++---
 .../api/api/v1/endpoints/masking_endpoints.py |  2 +-
 .../api/v1/endpoints/messaging_endpoints.py   | 24 +++++------
 .../api/api/v1/endpoints/oauth_endpoints.py   | 20 +++++-----
 .../api/api/v1/endpoints/policy_endpoints.py  |  2 +-
 .../v1/endpoints/policy_webhook_endpoints.py  |  2 +-
 .../privacy_experience_config_endpoints.py    |  4 +-
 .../endpoints/privacy_experience_endpoints.py |  4 +-
 .../v1/endpoints/privacy_notice_endpoints.py  |  4 +-
 .../endpoints/privacy_preference_endpoints.py | 21 +++++-----
 .../v1/endpoints/privacy_request_endpoints.py | 40 +++++++++----------
 .../v1/endpoints/registration_endpoints.py    |  2 +-
 .../api/api/v1/endpoints/router_factory.py    | 14 +++----
 .../api/v1/endpoints/saas_config_endpoints.py | 18 ++++-----
 .../api/api/v1/endpoints/storage_endpoints.py | 24 +++++------
 src/fides/api/api/v1/endpoints/system.py      | 10 ++---
 .../api/api/v1/endpoints/user_endpoints.py    |  4 +-
 .../v1/endpoints/user_permission_endpoints.py |  4 +-
 src/fides/api/api/v1/endpoints/validate.py    |  2 +-
 src/fides/api/app_setup.py                    |  2 +-
 src/fides/api/main.py                         |  2 +-
 src/fides/api/oauth/utils.py                  |  2 +-
 src/fides/api/schemas/privacy_experience.py   |  2 +-
 .../service/connectors/fides/fides_client.py  |  2 +-
 .../privacy_request/request_runner_service.py |  8 ++--
 .../privacy_request/request_service.py        |  2 +-
 src/fides/api/util/connection_util.py         |  2 +-
 src/fides/api/util/consent_util.py            |  2 +-
 .../utils.py => util/endpoint_utils.py}       |  0
 src/fides/cli/utils.py                        |  2 +-
 src/fides/common/api/v1/__init__.py           |  0
 .../{api => common}/api/v1/urn_registry.py    |  0
 src/fides/core/api.py                         |  2 +-
 tests/ctl/api/test_admin.py                   |  2 +-
 tests/ctl/api/test_generate.py                |  2 +-
 tests/ctl/api/test_validate.py                |  2 +-
 tests/ctl/core/test_api.py                    |  4 +-
 tests/ops/api/test_ratelimit.py               |  2 +-
 .../api/v1/endpoints/test_config_endpoints.py |  2 +-
 .../test_connection_config_endpoints.py       |  2 +-
 .../test_connection_template_endpoints.py     | 12 +++---
 .../test_consent_request_endpoints.py         | 14 +++----
 .../v1/endpoints/test_dataset_endpoints.py    | 18 ++++-----
 .../api/v1/endpoints/test_drp_endpoints.py    | 14 +++----
 .../v1/endpoints/test_encryption_endpoints.py | 12 +++---
 .../api/v1/endpoints/test_health_endpoints.py |  2 +-
 .../test_identity_verification_endpoints.py   |  2 +-
 .../api/v1/endpoints/test_manual_webhooks.py  | 12 +++---
 .../v1/endpoints/test_masking_endpoints.py    |  2 +-
 .../v1/endpoints/test_messaging_endpoints.py  | 24 +++++------
 .../api/v1/endpoints/test_oauth_endpoints.py  | 20 +++++-----
 .../api/v1/endpoints/test_policy_endpoints.py | 18 ++++-----
 .../test_policy_webhook_endpoints.py          | 14 +++----
 ...est_privacy_experience_config_endpoints.py |  2 +-
 .../test_privacy_experience_endpoints.py      |  2 +-
 .../test_privacy_notice_endpoints.py          | 12 +++---
 .../test_privacy_preference_endpoints.py      | 16 ++++----
 .../test_privacy_request_endpoints.py         | 38 +++++++++---------
 .../endpoints/test_registration_endpoints.py  |  2 +-
 .../endpoints/test_saas_config_endpoints.py   | 14 +++----
 .../v1/endpoints/test_storage_endpoints.py    | 24 +++++------
 tests/ops/api/v1/endpoints/test_system.py     |  2 +-
 .../api/v1/endpoints/test_user_endpoints.py   | 14 +++----
 .../test_user_permission_endpoints.py         |  2 +-
 tests/ops/api/v1/test_exception_handlers.py   |  2 +-
 tests/ops/api/v1/test_utils.py                |  4 +-
 ...st_connection_configuration_integration.py |  2 +-
 .../privacy_request/test_request_service.py   |  2 +-
 tests/ops/util/test_api_router.py             |  2 +-
 80 files changed, 322 insertions(+), 324 deletions(-)
 rename src/fides/api/{api/v1/endpoints/utils.py => util/endpoint_utils.py} (100%)
 create mode 100644 src/fides/common/api/v1/__init__.py
 rename src/fides/{api => common}/api/v1/urn_registry.py (100%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7be964b866..02bb90a3d3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,7 @@ The types of changes are:
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
+- Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
 
 ### Developer Experience
 
diff --git a/docs/fides/docs/development/development_tips.md b/docs/fides/docs/development/development_tips.md
index 6d5b557539..321286559a 100644
--- a/docs/fides/docs/development/development_tips.md
+++ b/docs/fides/docs/development/development_tips.md
@@ -10,7 +10,7 @@ If you're looking for a general getting started guide, please see the [Overview]
 
 ### API URLs
 
-We define API URLs for specific API versions as constants within `fides.api.api.v1.urn_registry` (where `v1` can be substituted for that particular API version), then import those URLs into their specific API views. Since we are on the first version, there is no clear precedent set for overriding URLs between versions yet. The most likely change is that we'll override the `APIRouter` class instantiation with a different base path (ie. `/api/v2` instead of `/api/v1`). For example:
+We define API URLs for specific API versions as constants within `fides.common.api.v1.urn_registry` (where `v1` can be substituted for that particular API version), then import those URLs into their specific API views. Since we are on the first version, there is no clear precedent set for overriding URLs between versions yet. The most likely change is that we'll override the `APIRouter` class instantiation with a different base path (ie. `/api/v2` instead of `/api/v1`). For example:
 
 ```sh
 PRIVACY_REQUEST = "/privacy-request"
diff --git a/scripts/quickstart.py b/scripts/quickstart.py
index 0a0fa8d905..69b7e61b73 100644
--- a/scripts/quickstart.py
+++ b/scripts/quickstart.py
@@ -13,10 +13,10 @@
 import yaml
 from loguru import logger
 
-from fides.api.api.v1 import urn_registry as ops_urls
 from fides.api.models.connectionconfig import ConnectionType
 from fides.api.models.policy import ActionType
 from fides.common.api.scope_registry import SCOPE_REGISTRY
+from fides.common.api.v1 import urn_registry as ops_urls
 from fides.config import get_config
 
 CONFIG = get_config()
diff --git a/src/fides/api/api/v1/endpoints/config_endpoints.py b/src/fides/api/api/v1/endpoints/config_endpoints.py
index 00204470a5..269576ed01 100644
--- a/src/fides/api/api/v1/endpoints/config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/config_endpoints.py
@@ -7,7 +7,6 @@
 from starlette.status import HTTP_200_OK
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.application_config import (
@@ -15,6 +14,7 @@
 )
 from fides.api.util.api_router import APIRouter
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1 import urn_registry as urls
 from fides.config import censor_config
 from fides.config import get_config as get_app_config
 
diff --git a/src/fides/api/api/v1/endpoints/connection_endpoints.py b/src/fides/api/api/v1/endpoints/connection_endpoints.py
index c0e472b960..2e414d32f5 100644
--- a/src/fides/api/api/v1/endpoints/connection_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_endpoints.py
@@ -16,13 +16,6 @@
 from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1.urn_registry import (
-    CONNECTION_BY_KEY,
-    CONNECTION_SECRETS,
-    CONNECTION_TEST,
-    CONNECTIONS,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import ClientUnsuccessfulException, ConnectionException
 from fides.api.models.connectionconfig import (
     ConnectionConfig,
@@ -30,7 +23,7 @@
     ConnectionType,
 )
 from fides.api.models.datasetconfig import DatasetConfig
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+from fides.api.models.sql_models import ( # type: ignore[attr-defined]
     Dataset as CtlDataset,
 )
 from fides.api.oauth.utils import verify_oauth_client
@@ -58,6 +51,13 @@
     CONNECTION_DELETE,
     CONNECTION_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    CONNECTION_BY_KEY,
+    CONNECTION_SECRETS,
+    CONNECTION_TEST,
+    CONNECTIONS,
+    V1_URL_PREFIX,
+)
 
 router = APIRouter(tags=["Connections"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
index 2960643971..b846b8d961 100644
--- a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
@@ -6,11 +6,6 @@
 from fastapi_pagination.bases import AbstractPage
 from starlette.status import HTTP_404_NOT_FOUND
 
-from fides.api.api.v1.urn_registry import (
-    CONNECTION_TYPE_SECRETS,
-    CONNECTION_TYPES,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import NoSuchConnectionTypeSecretSchemaError
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.connection_configuration.connection_config import (
@@ -24,6 +19,11 @@
     get_connection_types,
 )
 from fides.common.api.scope_registry import CONNECTION_TYPE_READ
+from fides.common.api.v1.urn_registry import (
+    CONNECTION_TYPE_SECRETS,
+    CONNECTION_TYPES,
+    V1_URL_PREFIX,
+)
 
 router = APIRouter(tags=["Connection Types"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/consent_request_endpoints.py b/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
index 4f3a0899b1..8feae125c2 100644
--- a/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/consent_request_endpoints.py
@@ -26,14 +26,6 @@
 from fides.api.api.v1.endpoints.privacy_request_endpoints import (
     create_privacy_request_func,
 )
-from fides.api.api.v1.endpoints.utils import validate_start_and_end_filters
-from fides.api.api.v1.urn_registry import (
-    CONSENT_REQUEST,
-    CONSENT_REQUEST_PREFERENCES,
-    CONSENT_REQUEST_PREFERENCES_WITH_ID,
-    CONSENT_REQUEST_VERIFY,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import (
     FunctionalityNotConfigured,
     IdentityVerificationException,
@@ -66,8 +58,16 @@
 from fides.api.util.consent_util import (
     get_or_create_fides_user_device_id_provided_identity,
 )
+from fides.api.util.endpoint_utils import validate_start_and_end_filters
 from fides.api.util.logger import Pii
 from fides.common.api.scope_registry import CONSENT_READ
+from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST,
+    CONSENT_REQUEST_PREFERENCES,
+    CONSENT_REQUEST_PREFERENCES_WITH_ID,
+    CONSENT_REQUEST_VERIFY,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/src/fides/api/api/v1/endpoints/dataset_endpoints.py b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
index 70f2aa9076..f1b59dbd5a 100644
--- a/src/fides/api/api/v1/endpoints/dataset_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
@@ -24,16 +24,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.urn_registry import (
-    CONNECTION_DATASETS,
-    DATASET_BY_KEY,
-    DATASET_CONFIGS,
-    DATASET_VALIDATE,
-    DATASETCONFIG_BY_KEY,
-    DATASETS,
-    V1_URL_PREFIX,
-    YAML_DATASETS,
-)
 from fides.api.common_exceptions import (
     SaaSConfigNotFoundException,
     TraversalError,
@@ -47,7 +37,7 @@
     convert_dataset_to_graph,
     to_graph_field,
 )
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+from fides.api.models.sql_models import ( # type: ignore[attr-defined]
     Dataset as CtlDataset,
 )
 from fides.api.oauth.utils import verify_oauth_client
@@ -68,6 +58,16 @@
     DATASET_DELETE,
     DATASET_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    CONNECTION_DATASETS,
+    DATASET_BY_KEY,
+    DATASET_CONFIGS,
+    DATASET_VALIDATE,
+    DATASETCONFIG_BY_KEY,
+    DATASETS,
+    V1_URL_PREFIX,
+    YAML_DATASETS,
+)
 
 X_YAML = "application/x-yaml"
 
diff --git a/src/fides/api/api/v1/endpoints/drp_endpoints.py b/src/fides/api/api/v1/endpoints/drp_endpoints.py
index 697d1306c2..a5ddd480d9 100644
--- a/src/fides/api/api/v1/endpoints/drp_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/drp_endpoints.py
@@ -15,7 +15,6 @@
 
 from fides.api import common_exceptions
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.privacy_request_endpoints import (
     get_privacy_request_or_error,
 )
@@ -47,6 +46,7 @@
 from fides.api.util.cache import FidesopsRedis
 from fides.api.util.logger import Pii
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1 import urn_registry as urls
 from fides.config import CONFIG
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/src/fides/api/api/v1/endpoints/encryption_endpoints.py b/src/fides/api/api/v1/endpoints/encryption_endpoints.py
index a89369ebc2..c8d20bed35 100644
--- a/src/fides/api/api/v1/endpoints/encryption_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/encryption_endpoints.py
@@ -3,12 +3,6 @@
 from fastapi import Security
 from loguru import logger
 
-from fides.api.api.v1.urn_registry import (
-    DECRYPT_AES,
-    ENCRYPT_AES,
-    ENCRYPTION_KEY,
-    V1_URL_PREFIX,
-)
 from fides.api.cryptography import cryptographic_util
 from fides.api.cryptography.cryptographic_util import b64_str_to_bytes, bytes_to_b64_str
 from fides.api.oauth.utils import verify_oauth_client
@@ -26,6 +20,12 @@
     encrypt_verify_secret_length as aes_gcm_encrypt,
 )
 from fides.common.api.scope_registry import ENCRYPTION_EXEC
+from fides.common.api.v1.urn_registry import (
+    DECRYPT_AES,
+    ENCRYPT_AES,
+    ENCRYPTION_KEY,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 router = APIRouter(tags=["Encryption"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py b/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
index 5f141cfa5d..032a02c399 100644
--- a/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/identity_verification_endpoints.py
@@ -4,10 +4,10 @@
 from sqlalchemy.orm import Session
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.messaging import MessagingConfig
 from fides.api.schemas.identity_verification import IdentityVerificationConfigResponse
 from fides.api.util.api_router import APIRouter
+from fides.common.api.v1 import urn_registry as urls
 from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Identity Verification"], prefix=urls.V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py b/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
index 48ec0036cb..6a72aa17e2 100644
--- a/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/manual_webhook_endpoints.py
@@ -16,11 +16,6 @@
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.dataset_endpoints import _get_connection_config
-from fides.api.api.v1.urn_registry import (
-    ACCESS_MANUAL_WEBHOOK,
-    ACCESS_MANUAL_WEBHOOKS,
-    V1_URL_PREFIX,
-)
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.oauth.utils import verify_oauth_client
@@ -35,6 +30,11 @@
     WEBHOOK_DELETE,
     WEBHOOK_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    ACCESS_MANUAL_WEBHOOK,
+    ACCESS_MANUAL_WEBHOOKS,
+    V1_URL_PREFIX,
+)
 
 router = APIRouter(tags=["Manual Webhooks"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/masking_endpoints.py b/src/fides/api/api/v1/endpoints/masking_endpoints.py
index d57f155c2c..b01ddd5bcf 100644
--- a/src/fides/api/api/v1/endpoints/masking_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/masking_endpoints.py
@@ -4,7 +4,6 @@
 from loguru import logger
 from starlette.status import HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
-from fides.api.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 from fides.api.common_exceptions import NoSuchStrategyException, ValidationError
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.schemas.masking.masking_api import MaskingAPIRequest, MaskingAPIResponse
@@ -15,6 +14,7 @@
 from fides.api.service.masking.strategy.masking_strategy import MaskingStrategy
 from fides.api.util.api_router import APIRouter
 from fides.common.api.scope_registry import MASKING_EXEC, MASKING_READ
+from fides.common.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 
 router = APIRouter(tags=["Masking"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/messaging_endpoints.py b/src/fides/api/api/v1/endpoints/messaging_endpoints.py
index 60459c454c..05b62ed05e 100644
--- a/src/fides/api/api/v1/endpoints/messaging_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/messaging_endpoints.py
@@ -18,18 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.urn_registry import (
-    MESSAGING_ACTIVE_DEFAULT,
-    MESSAGING_BY_KEY,
-    MESSAGING_CONFIG,
-    MESSAGING_DEFAULT,
-    MESSAGING_DEFAULT_BY_TYPE,
-    MESSAGING_DEFAULT_SECRETS,
-    MESSAGING_SECRETS,
-    MESSAGING_STATUS,
-    MESSAGING_TEST,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import (
     MessageDispatchException,
     MessagingConfigNotFoundException,
@@ -69,6 +57,18 @@
     MESSAGING_DELETE,
     MESSAGING_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    MESSAGING_ACTIVE_DEFAULT,
+    MESSAGING_BY_KEY,
+    MESSAGING_CONFIG,
+    MESSAGING_DEFAULT,
+    MESSAGING_DEFAULT_BY_TYPE,
+    MESSAGING_DEFAULT_SECRETS,
+    MESSAGING_SECRETS,
+    MESSAGING_STATUS,
+    MESSAGING_TEST,
+    V1_URL_PREFIX,
+)
 from fides.config.config_proxy import ConfigProxy
 
 router = APIRouter(tags=["Messaging"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/oauth_endpoints.py b/src/fides/api/api/v1/endpoints/oauth_endpoints.py
index 5eeeac3b9c..1aba22e98d 100644
--- a/src/fides/api/api/v1/endpoints/oauth_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/oauth_endpoints.py
@@ -14,16 +14,6 @@
 from fides.api.api.v1.endpoints.saas_config_endpoints import (
     verify_oauth_connection_config,
 )
-from fides.api.api.v1.urn_registry import (
-    CLIENT,
-    CLIENT_BY_ID,
-    CLIENT_SCOPE,
-    OAUTH_CALLBACK,
-    ROLE,
-    SCOPE,
-    TOKEN,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import (
     AuthenticationFailure,
     FidesopsException,
@@ -52,6 +42,16 @@
     SCOPE_REGISTRY,
     ScopeRegistryEnum,
 )
+from fides.common.api.v1.urn_registry import (
+    CLIENT,
+    CLIENT_BY_ID,
+    CLIENT_SCOPE,
+    OAUTH_CALLBACK,
+    ROLE,
+    SCOPE,
+    TOKEN,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 router = APIRouter(tags=["OAuth"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/policy_endpoints.py b/src/fides/api/api/v1/endpoints/policy_endpoints.py
index d97a6ef5af..9b2159c2f0 100644
--- a/src/fides/api/api/v1/endpoints/policy_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/policy_endpoints.py
@@ -18,7 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.common_exceptions import (
     DataCategoryNotSupported,
     DrpActionValidationError,
@@ -38,6 +37,7 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.logger import Pii
 from fides.common.api import scope_registry
+from fides.common.api.v1 import urn_registry as urls
 
 router = APIRouter(tags=["DSR Policy"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
index 9829837e71..3d68b4e5e9 100644
--- a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
@@ -12,7 +12,6 @@
 from starlette.status import HTTP_200_OK, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.connection_endpoints import (
     get_connection_config_or_error,
 )
@@ -30,6 +29,7 @@
 from fides.api.schemas.policy_webhooks import PolicyWebhookDeleteResponse
 from fides.api.util.api_router import APIRouter
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1 import urn_registry as urls
 
 router = APIRouter(tags=["DSR Policy Webhooks"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
index 4ba42b8aa4..1fcf8eb2c8 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_config_endpoints.py
@@ -16,8 +16,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.endpoints.utils import human_friendly_list, transform_fields
 from fides.api.models.privacy_experience import (
     ComponentType,
     PrivacyExperience,
@@ -37,8 +35,10 @@
     PRIVACY_EXPERIENCE_ESCAPE_FIELDS,
     UNESCAPE_SAFESTR_HEADER,
 )
+from fides.api.util.endpoint_utils import human_friendly_list, transform_fields
 from fides.common.api import scope_registry
 from fides.common.api.scope_registry import PRIVACY_EXPERIENCE_UPDATE
+from fides.common.api.v1 import urn_registry as urls
 
 router = APIRouter(tags=["Privacy Experience Config"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
index 5e24916300..555b05beaa 100644
--- a/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_experience_endpoints.py
@@ -15,8 +15,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.endpoints.utils import fides_limiter, transform_fields
 from fides.api.models.privacy_experience import (
     ComponentType,
     PrivacyExperience,
@@ -32,6 +30,8 @@
     UNESCAPE_SAFESTR_HEADER,
     get_fides_user_device_id_provided_identity,
 )
+from fides.api.util.endpoint_utils import fides_limiter, transform_fields
+from fides.common.api.v1 import urn_registry as urls
 from fides.config import CONFIG
 
 router = APIRouter(tags=["Privacy Experience"], prefix=urls.V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
index 596181f586..dd489de6ba 100644
--- a/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_notice_endpoints.py
@@ -15,8 +15,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.endpoints.utils import transform_fields
 from fides.api.common_exceptions import ValidationError
 from fides.api.models.privacy_experience import (
     upsert_privacy_experiences_after_notice_update,
@@ -34,7 +32,9 @@
     prepare_privacy_notice_patches,
     validate_notice_data_uses,
 )
+from fides.api.util.endpoint_utils import transform_fields
 from fides.common.api import scope_registry
+from fides.common.api.v1 import urn_registry as urls
 
 router = APIRouter(tags=["Privacy Notice"], prefix=urls.V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
index fd2180c13c..dd863b45a1 100644
--- a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
@@ -19,18 +19,6 @@
 from fides.api.api.v1.endpoints.privacy_request_endpoints import (
     create_privacy_request_func,
 )
-from fides.api.api.v1.endpoints.utils import (
-    fides_limiter,
-    validate_start_and_end_filters,
-)
-from fides.api.api.v1.urn_registry import (
-    CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
-    CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
-    CURRENT_PRIVACY_PREFERENCES_REPORT,
-    HISTORICAL_PRIVACY_PREFERENCES_REPORT,
-    PRIVACY_PREFERENCES,
-    V1_URL_PREFIX,
-)
 from fides.api.db.seed import DEFAULT_CONSENT_POLICY
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.privacy_experience import PrivacyExperience
@@ -67,10 +55,19 @@
 from fides.api.util.consent_util import (
     get_or_create_fides_user_device_id_provided_identity,
 )
+from fides.api.util.endpoint_utils import fides_limiter, validate_start_and_end_filters
 from fides.common.api.scope_registry import (
     CURRENT_PRIVACY_PREFERENCE_READ,
     PRIVACY_PREFERENCE_HISTORY_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
+    CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
+    CURRENT_PRIVACY_PREFERENCES_REPORT,
+    HISTORICAL_PRIVACY_PREFERENCES_REPORT,
+    PRIVACY_PREFERENCES,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
index f707702c33..5a355d93fa 100644
--- a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
@@ -34,26 +34,6 @@
 from fides.api.api.v1.endpoints.manual_webhook_endpoints import (
     get_access_manual_webhook_or_404,
 )
-from fides.api.api.v1.endpoints.utils import validate_start_and_end_filters
-from fides.api.api.v1.urn_registry import (
-    PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
-    PRIVACY_REQUEST_APPROVE,
-    PRIVACY_REQUEST_AUTHENTICATED,
-    PRIVACY_REQUEST_BULK_RETRY,
-    PRIVACY_REQUEST_DENY,
-    PRIVACY_REQUEST_MANUAL_ERASURE,
-    PRIVACY_REQUEST_MANUAL_INPUT,
-    PRIVACY_REQUEST_NOTIFICATIONS,
-    PRIVACY_REQUEST_RESUME,
-    PRIVACY_REQUEST_RESUME_FROM_REQUIRES_INPUT,
-    PRIVACY_REQUEST_RETRY,
-    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
-    PRIVACY_REQUEST_VERIFY_IDENTITY,
-    PRIVACY_REQUESTS,
-    REQUEST_PREVIEW,
-    REQUEST_STATUS_LOGS,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import (
     FunctionalityNotConfigured,
     IdentityNotFoundException,
@@ -129,6 +109,7 @@
 from fides.api.util.api_router import APIRouter
 from fides.api.util.cache import FidesopsRedis
 from fides.api.util.collection_util import Row
+from fides.api.util.endpoint_utils import validate_start_and_end_filters
 from fides.api.util.enums import ColumnSort
 from fides.api.util.logger import Pii
 from fides.common.api.scope_registry import (
@@ -142,6 +123,25 @@
     PRIVACY_REQUEST_UPLOAD_DATA,
     PRIVACY_REQUEST_VIEW_DATA,
 )
+from fides.common.api.v1.urn_registry import (
+    PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
+    PRIVACY_REQUEST_APPROVE,
+    PRIVACY_REQUEST_AUTHENTICATED,
+    PRIVACY_REQUEST_BULK_RETRY,
+    PRIVACY_REQUEST_DENY,
+    PRIVACY_REQUEST_MANUAL_ERASURE,
+    PRIVACY_REQUEST_MANUAL_INPUT,
+    PRIVACY_REQUEST_NOTIFICATIONS,
+    PRIVACY_REQUEST_RESUME,
+    PRIVACY_REQUEST_RESUME_FROM_REQUIRES_INPUT,
+    PRIVACY_REQUEST_RETRY,
+    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
+    PRIVACY_REQUEST_VERIFY_IDENTITY,
+    PRIVACY_REQUESTS,
+    REQUEST_PREVIEW,
+    REQUEST_STATUS_LOGS,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/src/fides/api/api/v1/endpoints/registration_endpoints.py b/src/fides/api/api/v1/endpoints/registration_endpoints.py
index 8a61d49a04..73f374cc0f 100644
--- a/src/fides/api/api/v1/endpoints/registration_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/registration_endpoints.py
@@ -5,10 +5,10 @@
 
 from fides.api.analytics import send_registration
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.registration import UserRegistration
 from fides.api.schemas import registration as schemas
 from fides.api.util.api_router import APIRouter
+from fides.common.api.v1 import urn_registry as urls
 
 router = APIRouter(
     tags=["Registration"],
diff --git a/src/fides/api/api/v1/endpoints/router_factory.py b/src/fides/api/api/v1/endpoints/router_factory.py
index ced90ef5ec..09fa13f4a9 100644
--- a/src/fides/api/api/v1/endpoints/router_factory.py
+++ b/src/fides/api/api/v1/endpoints/router_factory.py
@@ -14,13 +14,6 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from starlette.status import HTTP_422_UNPROCESSABLE_ENTITY
 
-from fides.api.api.v1.endpoints.utils import (
-    API_PREFIX,
-    CLI_SCOPE_PREFIX_MAPPING,
-    forbid_if_default,
-    forbid_if_editing_any_is_default,
-    forbid_if_editing_is_default,
-)
 from fides.api.db.crud import (
     create_resource,
     delete_resource,
@@ -39,6 +32,13 @@
 from fides.api.schemas.dataset import validate_data_categories_against_db
 from fides.api.util import errors
 from fides.api.util.api_router import APIRouter
+from fides.api.util.endpoint_utils import (
+    API_PREFIX,
+    CLI_SCOPE_PREFIX_MAPPING,
+    forbid_if_default,
+    forbid_if_editing_any_is_default,
+    forbid_if_editing_is_default,
+)
 from fides.common.api.scope_registry import CREATE, DELETE, READ, UPDATE
 
 
diff --git a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
index 385bf0dd8a..642f68c789 100644
--- a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
@@ -18,15 +18,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.urn_registry import (
-    AUTHORIZE,
-    CONNECTION_TYPES,
-    REGISTER_CONNECTOR_TEMPLATE,
-    SAAS_CONFIG,
-    SAAS_CONFIG_VALIDATE,
-    SAAS_CONNECTOR_FROM_TEMPLATE,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import FidesopsException, KeyOrNameAlreadyExists
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
 from fides.api.models.datasetconfig import DatasetConfig
@@ -64,6 +55,15 @@
     SAAS_CONFIG_READ,
     SAAS_CONNECTION_INSTANTIATE,
 )
+from fides.common.api.v1.urn_registry import (
+    AUTHORIZE,
+    CONNECTION_TYPES,
+    REGISTER_CONNECTOR_TEMPLATE,
+    SAAS_CONFIG,
+    SAAS_CONFIG_VALIDATE,
+    SAAS_CONNECTOR_FROM_TEMPLATE,
+    V1_URL_PREFIX,
+)
 
 router = APIRouter(tags=["SaaS Configs"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/storage_endpoints.py b/src/fides/api/api/v1/endpoints/storage_endpoints.py
index 2b2f76d47d..a2d6ff637b 100644
--- a/src/fides/api/api/v1/endpoints/storage_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/storage_endpoints.py
@@ -21,18 +21,6 @@
 )
 
 from fides.api.api import deps
-from fides.api.api.v1.urn_registry import (
-    STORAGE_ACTIVE_DEFAULT,
-    STORAGE_BY_KEY,
-    STORAGE_CONFIG,
-    STORAGE_DEFAULT,
-    STORAGE_DEFAULT_BY_TYPE,
-    STORAGE_DEFAULT_SECRETS,
-    STORAGE_SECRETS,
-    STORAGE_STATUS,
-    STORAGE_UPLOAD,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import KeyOrNameAlreadyExists, StorageUploadError
 from fides.api.models.connectionconfig import ConnectionTestStatus
 from fides.api.models.privacy_request import PrivacyRequest
@@ -71,6 +59,18 @@
     STORAGE_DELETE,
     STORAGE_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    STORAGE_ACTIVE_DEFAULT,
+    STORAGE_BY_KEY,
+    STORAGE_CONFIG,
+    STORAGE_DEFAULT,
+    STORAGE_DEFAULT_BY_TYPE,
+    STORAGE_DEFAULT_SECRETS,
+    STORAGE_SECRETS,
+    STORAGE_STATUS,
+    STORAGE_UPLOAD,
+    V1_URL_PREFIX,
+)
 
 router = APIRouter(tags=["Storage"], prefix=V1_URL_PREFIX)
 
diff --git a/src/fides/api/api/v1/endpoints/system.py b/src/fides/api/api/v1/endpoints/system.py
index cd8fbe7823..1c56ab7c92 100644
--- a/src/fides/api/api/v1/endpoints/system.py
+++ b/src/fides/api/api/v1/endpoints/system.py
@@ -13,11 +13,6 @@
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.saas_config_endpoints import instantiate_connection
-from fides.api.api.v1.urn_registry import (
-    INSTANTIATE_SYSTEM_CONNECTION,
-    SYSTEM_CONNECTIONS,
-    V1_URL_PREFIX,
-)
 from fides.api.db.crud import (
     get_resource,
     get_resource_with_custom_fields,
@@ -57,6 +52,11 @@
     SYSTEM_READ,
     SYSTEM_UPDATE,
 )
+from fides.common.api.v1.urn_registry import (
+    INSTANTIATE_SYSTEM_CONNECTION,
+    SYSTEM_CONNECTIONS,
+    V1_URL_PREFIX,
+)
 
 SYSTEM_ROUTER = APIRouter(tags=["System"], prefix=f"{V1_URL_PREFIX}/system")
 SYSTEM_CONNECTIONS_ROUTER = APIRouter(
diff --git a/src/fides/api/api/v1/endpoints/user_endpoints.py b/src/fides/api/api/v1/endpoints/user_endpoints.py
index ce341f0bc1..692526deb2 100644
--- a/src/fides/api/api/v1/endpoints/user_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/user_endpoints.py
@@ -24,9 +24,7 @@
 
 from fides.api.api import deps
 from fides.api.api.deps import get_db
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.api.v1.endpoints.user_permission_endpoints import validate_user_id
-from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.common_exceptions import AuthenticationError, AuthorizationError
 from fides.api.cryptography.cryptographic_util import b64_str_to_str
 from fides.api.cryptography.schemas.jwt import JWE_PAYLOAD_CLIENT_ID
@@ -64,6 +62,8 @@
     USER_READ,
     USER_UPDATE,
 )
+from fides.common.api.v1 import urn_registry as urls
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 from fides.config import CONFIG, FidesConfig, get_config
 
 router = APIRouter(tags=["Users"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/user_permission_endpoints.py b/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
index 6e21c39590..a1ee269fca 100644
--- a/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/user_permission_endpoints.py
@@ -7,8 +7,6 @@
 from starlette.status import HTTP_201_CREATED, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1 import urn_registry as urls
-from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.fides_user_permissions import FidesUserPermissions
 from fides.api.oauth.roles import APPROVER, OWNER, RoleRegistryEnum
@@ -25,6 +23,8 @@
     USER_PERMISSION_READ,
     USER_PERMISSION_UPDATE,
 )
+from fides.common.api.v1 import urn_registry as urls
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 from fides.config import CONFIG
 
 router = APIRouter(tags=["User Permissions"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/api/v1/endpoints/validate.py b/src/fides/api/api/v1/endpoints/validate.py
index 297b1d64d6..0792065c98 100644
--- a/src/fides/api/api/v1/endpoints/validate.py
+++ b/src/fides/api/api/v1/endpoints/validate.py
@@ -7,9 +7,9 @@
 from fastapi import Response, Security, status
 from pydantic import BaseModel
 
-from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.util.api_router import APIRouter
+from fides.api.util.endpoint_utils import API_PREFIX
 from fides.common.api import scope_registry
 from fides.connectors.models import (
     AWSConfig,
diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index bc864ba691..3af79f82d3 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -17,7 +17,6 @@
 from fides.api.api.deps import get_api_session
 from fides.api.api.v1 import CTL_ROUTER
 from fides.api.api.v1.api import api_router
-from fides.api.api.v1.endpoints.utils import fides_limiter
 from fides.api.api.v1.exception_handlers import ExceptionHandlers
 from fides.api.common_exceptions import FunctionalityNotConfigured, RedisConnectionError
 from fides.api.db.database import configure_db
@@ -35,6 +34,7 @@
     load_default_experience_configs_on_startup,
     load_default_notices_on_startup,
 )
+from fides.api.util.endpoint_utils import fides_limiter
 from fides.api.util.errors import FidesError
 from fides.api.util.logger import setup as setup_logging
 from fides.api.util.system_manager_oauth_util import (
diff --git a/src/fides/api/main.py b/src/fides/api/main.py
index 000e6049fc..809d843ccc 100644
--- a/src/fides/api/main.py
+++ b/src/fides/api/main.py
@@ -14,7 +14,6 @@
 from uvicorn import Config, Server
 
 import fides
-from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.app_setup import (
     check_redis,
     create_fides_app,
@@ -36,6 +35,7 @@
     match_route,
     path_is_in_ui_directory,
 )
+from fides.api.util.endpoint_utils import API_PREFIX
 from fides.api.util.logger import _log_exception
 from fides.cli.utils import FIDES_ASCII_ART
 from fides.config import CONFIG, check_required_webserver_config_values
diff --git a/src/fides/api/oauth/utils.py b/src/fides/api/oauth/utils.py
index a10266e703..9f8041262d 100644
--- a/src/fides/api/oauth/utils.py
+++ b/src/fides/api/oauth/utils.py
@@ -16,7 +16,6 @@
 from starlette.status import HTTP_404_NOT_FOUND
 
 from fides.api.api.deps import get_db
-from fides.api.api.v1.urn_registry import TOKEN, V1_URL_PREFIX
 from fides.api.common_exceptions import AuthenticationError, AuthorizationError
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -30,6 +29,7 @@
 from fides.api.oauth.roles import get_scopes_from_roles
 from fides.api.schemas.external_https import WebhookJWE
 from fides.api.schemas.oauth import OAuth2ClientCredentialsBearer
+from fides.common.api.v1.urn_registry import TOKEN, V1_URL_PREFIX
 from fides.config import CONFIG
 
 JWT_ENCRYPTION_ALGORITHM = ALGORITHMS.A256GCM
diff --git a/src/fides/api/schemas/privacy_experience.py b/src/fides/api/schemas/privacy_experience.py
index 6b876b7bb0..0ad68e30a2 100644
--- a/src/fides/api/schemas/privacy_experience.py
+++ b/src/fides/api/schemas/privacy_experience.py
@@ -5,11 +5,11 @@
 
 from pydantic import Extra, Field, root_validator, validator
 
-from fides.api.api.v1.endpoints.utils import human_friendly_list
 from fides.api.models.privacy_experience import BannerEnabled, ComponentType
 from fides.api.models.privacy_notice import PrivacyNoticeRegion
 from fides.api.schemas.base_class import FidesSchema
 from fides.api.schemas.privacy_notice import PrivacyNoticeResponseWithUserPreferences
+from fides.api.util.endpoint_utils import human_friendly_list
 
 
 class ExperienceConfigSchema(FidesSchema):
diff --git a/src/fides/api/service/connectors/fides/fides_client.py b/src/fides/api/service/connectors/fides/fides_client.py
index 47167a1335..a2f65c9bf2 100644
--- a/src/fides/api/service/connectors/fides/fides_client.py
+++ b/src/fides/api/service/connectors/fides/fides_client.py
@@ -6,7 +6,6 @@
 from httpx import AsyncClient, Client, HTTPStatusError, Request, RequestError, Timeout
 from loguru import logger
 
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.privacy_request import PrivacyRequestStatus
 from fides.api.schemas.privacy_request import (
     PrivacyRequestCreate,
@@ -18,6 +17,7 @@
 from fides.api.util.collection_util import Row
 from fides.api.util.errors import FidesError
 from fides.api.util.wrappers import sync
+from fides.common.api.v1 import urn_registry as urls
 
 COMPLETION_STATUSES = [
     PrivacyRequestStatus.complete,
diff --git a/src/fides/api/service/privacy_request/request_runner_service.py b/src/fides/api/service/privacy_request/request_runner_service.py
index b7d5116a63..1e854150e0 100644
--- a/src/fides/api/service/privacy_request/request_runner_service.py
+++ b/src/fides/api/service/privacy_request/request_runner_service.py
@@ -9,10 +9,6 @@
 from sqlalchemy.orm import Query, Session
 
 from fides.api import common_exceptions
-from fides.api.api.v1.urn_registry import (
-    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import (
     ClientUnsuccessfulException,
     IdentityNotFoundException,
@@ -83,6 +79,10 @@
 from fides.api.util.collection_util import Row
 from fides.api.util.logger import Pii, _log_exception, _log_warning
 from fides.api.util.wrappers import sync
+from fides.common.api.v1.urn_registry import (
+    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/src/fides/api/service/privacy_request/request_service.py b/src/fides/api/service/privacy_request/request_service.py
index ca8d588622..10a6b7545b 100644
--- a/src/fides/api/service/privacy_request/request_service.py
+++ b/src/fides/api/service/privacy_request/request_service.py
@@ -7,7 +7,6 @@
 from httpx import AsyncClient
 from loguru import logger
 
-from fides.api.api.v1.urn_registry import PRIVACY_REQUESTS, V1_URL_PREFIX
 from fides.api.common_exceptions import PrivacyRequestNotFound
 from fides.api.models.policy import Policy
 from fides.api.models.privacy_request import PrivacyRequest, PrivacyRequestStatus
@@ -17,6 +16,7 @@
 from fides.api.schemas.privacy_request import PrivacyRequestResponse
 from fides.api.schemas.redis_cache import Identity
 from fides.api.service.masking.strategy.masking_strategy import MaskingStrategy
+from fides.common.api.v1.urn_registry import PRIVACY_REQUESTS, V1_URL_PREFIX
 
 
 def build_required_privacy_request_kwargs(
diff --git a/src/fides/api/util/connection_util.py b/src/fides/api/util/connection_util.py
index 48b391e4dd..c8d6770f42 100644
--- a/src/fides/api/util/connection_util.py
+++ b/src/fides/api/util/connection_util.py
@@ -11,7 +11,6 @@
     HTTP_422_UNPROCESSABLE_ENTITY,
 )
 
-from fides.api.api.v1.urn_registry import CONNECTION_TYPES, SAAS_CONFIG
 from fides.api.common_exceptions import KeyOrNameAlreadyExists
 from fides.api.common_exceptions import ValidationError as FidesValidationError
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
@@ -40,6 +39,7 @@
 from fides.api.service.privacy_request.request_runner_service import (
     queue_privacy_request,
 )
+from fides.common.api.v1.urn_registry import CONNECTION_TYPES, SAAS_CONFIG
 
 # pylint: disable=too-many-nested-blocks,too-many-branches,too-many-statements
 
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index cf94f4b621..9a892100ec 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -7,7 +7,6 @@
 from sqlalchemy.orm import Session
 from starlette.status import HTTP_404_NOT_FOUND, HTTP_422_UNPROCESSABLE_ENTITY
 
-from fides.api.api.v1.endpoints.utils import transform_fields
 from fides.api.common_exceptions import ValidationError
 from fides.api.custom_types import SafeStr
 from fides.api.models.connectionconfig import ConnectionConfig
@@ -35,6 +34,7 @@
 from fides.api.schemas.privacy_experience import ExperienceConfigCreateWithId
 from fides.api.schemas.privacy_notice import PrivacyNoticeCreation, PrivacyNoticeWithId
 from fides.api.schemas.redis_cache import Identity
+from fides.api.util.endpoint_utils import transform_fields
 from fides.config.helpers import load_file
 
 PRIVACY_NOTICE_ESCAPE_FIELDS = ["name", "description", "internal_description"]
diff --git a/src/fides/api/api/v1/endpoints/utils.py b/src/fides/api/util/endpoint_utils.py
similarity index 100%
rename from src/fides/api/api/v1/endpoints/utils.py
rename to src/fides/api/util/endpoint_utils.py
diff --git a/src/fides/cli/utils.py b/src/fides/cli/utils.py
index e246ce5a1e..9cf1893f9c 100644
--- a/src/fides/cli/utils.py
+++ b/src/fides/cli/utils.py
@@ -24,7 +24,7 @@
 from requests import get, put
 
 import fides
-from fides.api.api.v1.urn_registry import REGISTRATION, V1_URL_PREFIX
+from fides.common.api.v1.urn_registry import REGISTRATION, V1_URL_PREFIX
 from fides.common.utils import check_response, echo_green, echo_red
 from fides.config import FidesConfig
 from fides.config.credentials_settings import (
diff --git a/src/fides/common/api/v1/__init__.py b/src/fides/common/api/v1/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/fides/api/api/v1/urn_registry.py b/src/fides/common/api/v1/urn_registry.py
similarity index 100%
rename from src/fides/api/api/v1/urn_registry.py
rename to src/fides/common/api/v1/urn_registry.py
diff --git a/src/fides/core/api.py b/src/fides/core/api.py
index aed5df1d63..339e9c19e0 100644
--- a/src/fides/core/api.py
+++ b/src/fides/core/api.py
@@ -3,7 +3,7 @@
 
 import requests
 
-from fides.api.api.v1.endpoints.utils import API_PREFIX
+from fides.api.util.endpoint_utils import API_PREFIX
 
 
 def generate_resource_url(
diff --git a/tests/ctl/api/test_admin.py b/tests/ctl/api/test_admin.py
index 0d2ca2b533..e623dc254b 100644
--- a/tests/ctl/api/test_admin.py
+++ b/tests/ctl/api/test_admin.py
@@ -2,8 +2,8 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.util import errors
+from fides.api.util.endpoint_utils import API_PREFIX
 from fides.config import FidesConfig
 
 
diff --git a/tests/ctl/api/test_generate.py b/tests/ctl/api/test_generate.py
index c6cd3c6fe2..08c27f0b42 100644
--- a/tests/ctl/api/test_generate.py
+++ b/tests/ctl/api/test_generate.py
@@ -7,7 +7,7 @@
 from starlette.testclient import TestClient
 
 from fides.api.api.v1.endpoints.generate import GenerateResponse
-from fides.api.api.v1.endpoints.utils import API_PREFIX
+from fides.api.util.endpoint_utils import API_PREFIX
 from fides.config import FidesConfig
 
 EXTERNAL_CONFIG_BODY = {
diff --git a/tests/ctl/api/test_validate.py b/tests/ctl/api/test_validate.py
index 7c4257bedf..7d299e7608 100644
--- a/tests/ctl/api/test_validate.py
+++ b/tests/ctl/api/test_validate.py
@@ -6,8 +6,8 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.endpoints.utils import API_PREFIX
 from fides.api.api.v1.endpoints.validate import ValidateResponse
+from fides.api.util.endpoint_utils import API_PREFIX
 from fides.config import FidesConfig
 
 EXTERNAL_CONFIG_BODY = {
diff --git a/tests/ctl/core/test_api.py b/tests/ctl/core/test_api.py
index 727119e3bd..7a95d94718 100644
--- a/tests/ctl/core/test_api.py
+++ b/tests/ctl/core/test_api.py
@@ -21,12 +21,11 @@
 from starlette.testclient import TestClient
 
 from fides.api.api.v1.endpoints import health
-from fides.api.api.v1.endpoints.utils import API_PREFIX, CLI_SCOPE_PREFIX_MAPPING
-from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.db.crud import get_resource
 from fides.api.models.sql_models import Dataset, PrivacyDeclaration, System
 from fides.api.oauth.roles import OWNER, VIEWER
 from fides.api.schemas.system import PrivacyDeclarationResponse
+from fides.api.util.endpoint_utils import API_PREFIX, CLI_SCOPE_PREFIX_MAPPING
 from fides.common.api.scope_registry import (
     CREATE,
     DELETE,
@@ -41,6 +40,7 @@
     SYSTEM_UPDATE,
     UPDATE,
 )
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 from fides.config import FidesConfig, get_config
 from fides.core import api as _api
 
diff --git a/tests/ops/api/test_ratelimit.py b/tests/ops/api/test_ratelimit.py
index b4988cd2b2..7051e53f89 100644
--- a/tests/ops/api/test_ratelimit.py
+++ b/tests/ops/api/test_ratelimit.py
@@ -5,8 +5,8 @@
 from slowapi.extension import Limiter
 from slowapi.util import get_remote_address
 
-from fides.api.api.v1.urn_registry import HEALTH
 from fides.api.main import app
+from fides.common.api.v1.urn_registry import HEALTH
 from fides.config import CONFIG, SecuritySettings
 
 LIMIT = 2
diff --git a/tests/ops/api/v1/endpoints/test_config_endpoints.py b/tests/ops/api/v1/endpoints/test_config_endpoints.py
index 546f2c5b06..3a0722552e 100644
--- a/tests/ops/api/v1/endpoints/test_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_config_endpoints.py
@@ -6,11 +6,11 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1 import urn_registry as urls
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.oauth.roles import CONTRIBUTOR, OWNER, VIEWER
 from fides.api.schemas.storage.storage import StorageType
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1 import urn_registry as urls
 
 
 class TestPatchApplicationConfig:
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index fd047b9a15..e6b9e46be4 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -10,7 +10,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import CONNECTIONS, SAAS_CONFIG, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
 from fides.api.models.connectionconfig import (
     AccessLevel,
@@ -28,6 +27,7 @@
     CONNECTION_READ,
     STORAGE_DELETE,
 )
+from fides.common.api.v1.urn_registry import CONNECTIONS, SAAS_CONFIG, V1_URL_PREFIX
 from tests.fixtures.application_fixtures import integration_secrets
 from tests.fixtures.saas.connection_template_fixtures import instantiate_connector
 
diff --git a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
index 6efcffc382..70845423c2 100644
--- a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
@@ -4,12 +4,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    CONNECTION_TYPE_SECRETS,
-    CONNECTION_TYPES,
-    SAAS_CONNECTOR_FROM_TEMPLATE,
-    V1_URL_PREFIX,
-)
 from fides.api.models.client import ClientDetail
 from fides.api.models.connectionconfig import (
     AccessLevel,
@@ -27,6 +21,12 @@
     CONNECTION_TYPE_READ,
     SAAS_CONNECTION_INSTANTIATE,
 )
+from fides.common.api.v1.urn_registry import (
+    CONNECTION_TYPE_SECRETS,
+    CONNECTION_TYPES,
+    SAAS_CONNECTOR_FROM_TEMPLATE,
+    V1_URL_PREFIX,
+)
 
 
 class TestGetConnections:
diff --git a/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py b/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
index e47cb9d5f8..3235e385ea 100644
--- a/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_consent_request_endpoints.py
@@ -8,13 +8,6 @@
 import pytest
 from requests import Session
 
-from fides.api.api.v1.urn_registry import (
-    CONSENT_REQUEST,
-    CONSENT_REQUEST_PREFERENCES,
-    CONSENT_REQUEST_PREFERENCES_WITH_ID,
-    CONSENT_REQUEST_VERIFY,
-    V1_URL_PREFIX,
-)
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.models.privacy_request import (
     Consent,
@@ -25,6 +18,13 @@
 from fides.api.schemas.messaging.messaging import MessagingServiceType
 from fides.api.util.consent_util import get_fides_user_device_id_provided_identity
 from fides.common.api.scope_registry import CONNECTION_READ, CONSENT_READ
+from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST,
+    CONSENT_REQUEST_PREFERENCES,
+    CONSENT_REQUEST_PREFERENCES_WITH_ID,
+    CONSENT_REQUEST_VERIFY,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/endpoints/test_dataset_endpoints.py b/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
index 3d20bb331f..be63c605c4 100644
--- a/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_dataset_endpoints.py
@@ -14,7 +14,15 @@
 from sqlalchemy.orm.attributes import flag_modified
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
+from fides.api.models.connectionconfig import ConnectionConfig
+from fides.api.models.datasetconfig import DatasetConfig
+from fides.common.api.scope_registry import (
+    CTL_DATASET_READ,
+    DATASET_CREATE_OR_UPDATE,
+    DATASET_DELETE,
+    DATASET_READ,
+)
+from fides.common.api.v1.urn_registry import (
     CONNECTION_DATASETS,
     DATASET_BY_KEY,
     DATASET_CONFIGS,
@@ -24,14 +32,6 @@
     V1_URL_PREFIX,
     YAML_DATASETS,
 )
-from fides.api.models.connectionconfig import ConnectionConfig
-from fides.api.models.datasetconfig import DatasetConfig
-from fides.common.api.scope_registry import (
-    CTL_DATASET_READ,
-    DATASET_CREATE_OR_UPDATE,
-    DATASET_DELETE,
-    DATASET_READ,
-)
 
 
 def _reject_key(dict: Dict, key: str) -> Dict:
diff --git a/tests/ops/api/v1/endpoints/test_drp_endpoints.py b/tests/ops/api/v1/endpoints/test_drp_endpoints.py
index c25afe982e..322e68e3cd 100644
--- a/tests/ops/api/v1/endpoints/test_drp_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_drp_endpoints.py
@@ -8,13 +8,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    DRP_DATA_RIGHTS,
-    DRP_EXERCISE,
-    DRP_REVOKE,
-    DRP_STATUS,
-    V1_URL_PREFIX,
-)
 from fides.api.models.policy import DrpAction
 from fides.api.models.privacy_request import (
     PrivacyRequest,
@@ -30,6 +23,13 @@
     PRIVACY_REQUEST_REVIEW,
     STORAGE_CREATE_OR_UPDATE,
 )
+from fides.common.api.v1.urn_registry import (
+    DRP_DATA_RIGHTS,
+    DRP_EXERCISE,
+    DRP_REVOKE,
+    DRP_STATUS,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/endpoints/test_encryption_endpoints.py b/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
index 6593cf007a..04272f4f8c 100644
--- a/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_encryption_endpoints.py
@@ -5,18 +5,18 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    DECRYPT_AES,
-    ENCRYPT_AES,
-    ENCRYPTION_KEY,
-    V1_URL_PREFIX,
-)
 from fides.api.cryptography.cryptographic_util import b64_str_to_bytes, bytes_to_b64_str
 from fides.api.util.encryption.aes_gcm_encryption_scheme import (
     decrypt,
     encrypt_verify_secret_length,
 )
 from fides.common.api.scope_registry import ENCRYPTION_EXEC, STORAGE_CREATE_OR_UPDATE
+from fides.common.api.v1.urn_registry import (
+    DECRYPT_AES,
+    ENCRYPT_AES,
+    ENCRYPTION_KEY,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/endpoints/test_health_endpoints.py b/tests/ops/api/v1/endpoints/test_health_endpoints.py
index 089b64625e..6f5c3b03f7 100644
--- a/tests/ops/api/v1/endpoints/test_health_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_health_endpoints.py
@@ -1,7 +1,7 @@
 from starlette.testclient import TestClient
 
 import fides
-from fides.api.api.v1.urn_registry import HEALTH
+from fides.common.api.v1.urn_registry import HEALTH
 
 
 def test_health(api_client: TestClient) -> None:
diff --git a/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py b/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
index 75f853486c..b46165f39b 100644
--- a/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_identity_verification_endpoints.py
@@ -1,8 +1,8 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import ID_VERIFICATION_CONFIG, V1_URL_PREFIX
 from fides.api.models.application_config import ApplicationConfig
+from fides.common.api.v1.urn_registry import ID_VERIFICATION_CONFIG, V1_URL_PREFIX
 from fides.config import get_config
 
 
diff --git a/tests/ops/api/v1/endpoints/test_manual_webhooks.py b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
index 2b219cb128..c8c5a994b4 100644
--- a/tests/ops/api/v1/endpoints/test_manual_webhooks.py
+++ b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
@@ -2,12 +2,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    ACCESS_MANUAL_WEBHOOK,
-    ACCESS_MANUAL_WEBHOOKS,
-    CONNECTION_TEST,
-    V1_URL_PREFIX,
-)
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.common.api.scope_registry import (
     CONNECTION_READ,
@@ -16,6 +10,12 @@
     WEBHOOK_DELETE,
     WEBHOOK_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    ACCESS_MANUAL_WEBHOOK,
+    ACCESS_MANUAL_WEBHOOKS,
+    CONNECTION_TEST,
+    V1_URL_PREFIX,
+)
 
 
 class TestGetAccessManualWebhook:
diff --git a/tests/ops/api/v1/endpoints/test_masking_endpoints.py b/tests/ops/api/v1/endpoints/test_masking_endpoints.py
index aff4a6f987..ed094139e8 100644
--- a/tests/ops/api/v1/endpoints/test_masking_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_masking_endpoints.py
@@ -2,7 +2,6 @@
 
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 from fides.api.schemas.masking.masking_api import MaskingAPIResponse
 from fides.api.schemas.masking.masking_configuration import (
     AesEncryptionMaskingConfiguration,
@@ -23,6 +22,7 @@
     StringRewriteMaskingStrategy,
 )
 from fides.common.api.scope_registry import MASKING_EXEC, MASKING_READ
+from fides.common.api.v1.urn_registry import MASKING, MASKING_STRATEGY, V1_URL_PREFIX
 
 
 class TestGetMaskingStrategies:
diff --git a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
index 15bd4f6fb2..e8e5feac02 100644
--- a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
@@ -7,18 +7,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    MESSAGING_ACTIVE_DEFAULT,
-    MESSAGING_BY_KEY,
-    MESSAGING_CONFIG,
-    MESSAGING_DEFAULT,
-    MESSAGING_DEFAULT_BY_TYPE,
-    MESSAGING_DEFAULT_SECRETS,
-    MESSAGING_SECRETS,
-    MESSAGING_STATUS,
-    MESSAGING_TEST,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import MessageDispatchException
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.models.messaging import MessagingConfig
@@ -34,6 +22,18 @@
     MESSAGING_DELETE,
     MESSAGING_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    MESSAGING_ACTIVE_DEFAULT,
+    MESSAGING_BY_KEY,
+    MESSAGING_CONFIG,
+    MESSAGING_DEFAULT,
+    MESSAGING_DEFAULT_BY_TYPE,
+    MESSAGING_DEFAULT_SECRETS,
+    MESSAGING_SECRETS,
+    MESSAGING_STATUS,
+    MESSAGING_TEST,
+    V1_URL_PREFIX,
+)
 from fides.config import get_config
 
 PAGE_SIZE = Params().size
diff --git a/tests/ops/api/v1/endpoints/test_oauth_endpoints.py b/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
index 5b0583010e..6caa312595 100644
--- a/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_oauth_endpoints.py
@@ -6,16 +6,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    CLIENT,
-    CLIENT_BY_ID,
-    CLIENT_SCOPE,
-    OAUTH_CALLBACK,
-    ROLE,
-    SCOPE,
-    TOKEN,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import OAuth2TokenException
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -37,6 +27,16 @@
     SCOPE_REGISTRY,
     STORAGE_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    CLIENT,
+    CLIENT_BY_ID,
+    CLIENT_SCOPE,
+    OAUTH_CALLBACK,
+    ROLE,
+    SCOPE,
+    TOKEN,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/endpoints/test_policy_endpoints.py b/tests/ops/api/v1/endpoints/test_policy_endpoints.py
index a9c3830a8c..313280a632 100644
--- a/tests/ops/api/v1/endpoints/test_policy_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_policy_endpoints.py
@@ -5,15 +5,6 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import POLICY_DETAIL as POLICY_DETAIL_URI
-from fides.api.api.v1.urn_registry import POLICY_LIST as POLICY_CREATE_URI
-from fides.api.api.v1.urn_registry import RULE_DETAIL as RULE_DETAIL_URI
-from fides.api.api.v1.urn_registry import RULE_LIST as RULE_CREATE_URI
-from fides.api.api.v1.urn_registry import (
-    RULE_TARGET_DETAIL,
-    RULE_TARGET_LIST,
-    V1_URL_PREFIX,
-)
 from fides.api.models.client import ClientDetail
 from fides.api.models.policy import ActionType, DrpAction, Policy, Rule, RuleTarget
 from fides.api.service.masking.strategy.masking_strategy_nullify import (
@@ -21,6 +12,15 @@
 )
 from fides.api.util.data_category import DataCategory, generate_fides_data_categories
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1.urn_registry import POLICY_DETAIL as POLICY_DETAIL_URI
+from fides.common.api.v1.urn_registry import POLICY_LIST as POLICY_CREATE_URI
+from fides.common.api.v1.urn_registry import RULE_DETAIL as RULE_DETAIL_URI
+from fides.common.api.v1.urn_registry import RULE_LIST as RULE_CREATE_URI
+from fides.common.api.v1.urn_registry import (
+    RULE_TARGET_DETAIL,
+    RULE_TARGET_LIST,
+    V1_URL_PREFIX,
+)
 
 
 class TestGetPolicies:
diff --git a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
index c7faf2ebe8..d86192d249 100644
--- a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
@@ -3,13 +3,6 @@
 
 import pytest
 
-from fides.api.api.v1.urn_registry import (
-    POLICY_POST_WEBHOOK_DETAIL,
-    POLICY_PRE_WEBHOOK_DETAIL,
-    POLICY_WEBHOOKS_POST,
-    POLICY_WEBHOOKS_PRE,
-    V1_URL_PREFIX,
-)
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.policy import PolicyPostWebhook, PolicyPreWebhook
 from fides.common.api.scope_registry import (
@@ -18,6 +11,13 @@
     WEBHOOK_DELETE,
     WEBHOOK_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    POLICY_POST_WEBHOOK_DETAIL,
+    POLICY_PRE_WEBHOOK_DETAIL,
+    POLICY_WEBHOOKS_POST,
+    POLICY_WEBHOOKS_PRE,
+    V1_URL_PREFIX,
+)
 from tests.ops.api.v1.endpoints.test_privacy_request_endpoints import stringify_date
 
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
index e80e7b0ec0..e0e801350f 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_config_endpoints.py
@@ -7,7 +7,6 @@
 from fides.api.api.v1.endpoints.privacy_experience_config_endpoints import (
     get_experience_config_or_error,
 )
-from fides.api.api.v1.urn_registry import EXPERIENCE_CONFIG, V1_URL_PREFIX
 from fides.api.models.privacy_experience import (
     BannerEnabled,
     ComponentType,
@@ -17,6 +16,7 @@
 )
 from fides.api.models.privacy_notice import PrivacyNoticeRegion
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1.urn_registry import EXPERIENCE_CONFIG, V1_URL_PREFIX
 
 
 class TestGetExperienceConfigList:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
index b2f9f6646a..cc9aba6e9e 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
@@ -4,8 +4,8 @@
 from starlette.status import HTTP_200_OK
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import PRIVACY_EXPERIENCE, V1_URL_PREFIX
 from fides.api.models.privacy_notice import ConsentMechanism
+from fides.common.api.v1.urn_registry import PRIVACY_EXPERIENCE, V1_URL_PREFIX
 
 
 class TestGetPrivacyExperiences:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 8026787cc4..66aeaac6e9 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -9,12 +9,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    PRIVACY_NOTICE,
-    PRIVACY_NOTICE_BY_DATA_USE,
-    PRIVACY_NOTICE_DETAIL,
-    V1_URL_PREFIX,
-)
 from fides.api.models.privacy_experience import ComponentType, PrivacyExperience
 from fides.api.models.privacy_notice import (
     ConsentMechanism,
@@ -25,6 +19,12 @@
 )
 from fides.api.schemas.privacy_notice import PrivacyNoticeResponse
 from fides.common.api import scope_registry as scopes
+from fides.common.api.v1.urn_registry import (
+    PRIVACY_NOTICE,
+    PRIVACY_NOTICE_BY_DATA_USE,
+    PRIVACY_NOTICE_DETAIL,
+    V1_URL_PREFIX,
+)
 
 
 class TestGetPrivacyNotices:
diff --git a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
index aa26f2326d..24d569d556 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
@@ -7,14 +7,6 @@
 from starlette.status import HTTP_200_OK, HTTP_403_FORBIDDEN
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
-    CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
-    CURRENT_PRIVACY_PREFERENCES_REPORT,
-    HISTORICAL_PRIVACY_PREFERENCES_REPORT,
-    PRIVACY_PREFERENCES,
-    V1_URL_PREFIX,
-)
 from fides.api.models.privacy_preference import (
     ConsentMethod,
     CurrentPrivacyPreference,
@@ -34,6 +26,14 @@
     CURRENT_PRIVACY_PREFERENCE_READ,
     PRIVACY_PREFERENCE_HISTORY_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
+    CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
+    CURRENT_PRIVACY_PREFERENCES_REPORT,
+    HISTORICAL_PRIVACY_PREFERENCES_REPORT,
+    PRIVACY_PREFERENCES,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
index fbe218c008..480df0274c 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
@@ -18,25 +18,6 @@
     EMBEDDED_EXECUTION_LOG_LIMIT,
     validate_manual_input,
 )
-from fides.api.api.v1.urn_registry import (
-    CONNECTION_DATASETS,
-    PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
-    PRIVACY_REQUEST_APPROVE,
-    PRIVACY_REQUEST_AUTHENTICATED,
-    PRIVACY_REQUEST_BULK_RETRY,
-    PRIVACY_REQUEST_DENY,
-    PRIVACY_REQUEST_MANUAL_ERASURE,
-    PRIVACY_REQUEST_MANUAL_INPUT,
-    PRIVACY_REQUEST_NOTIFICATIONS,
-    PRIVACY_REQUEST_RESUME,
-    PRIVACY_REQUEST_RESUME_FROM_REQUIRES_INPUT,
-    PRIVACY_REQUEST_RETRY,
-    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
-    PRIVACY_REQUEST_VERIFY_IDENTITY,
-    PRIVACY_REQUESTS,
-    REQUEST_PREVIEW,
-    V1_URL_PREFIX,
-)
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
     JWE_PAYLOAD_CLIENT_ID,
@@ -93,6 +74,25 @@
     PRIVACY_REQUEST_VIEW_DATA,
     STORAGE_CREATE_OR_UPDATE,
 )
+from fides.common.api.v1.urn_registry import (
+    CONNECTION_DATASETS,
+    PRIVACY_REQUEST_ACCESS_MANUAL_WEBHOOK_INPUT,
+    PRIVACY_REQUEST_APPROVE,
+    PRIVACY_REQUEST_AUTHENTICATED,
+    PRIVACY_REQUEST_BULK_RETRY,
+    PRIVACY_REQUEST_DENY,
+    PRIVACY_REQUEST_MANUAL_ERASURE,
+    PRIVACY_REQUEST_MANUAL_INPUT,
+    PRIVACY_REQUEST_NOTIFICATIONS,
+    PRIVACY_REQUEST_RESUME,
+    PRIVACY_REQUEST_RESUME_FROM_REQUIRES_INPUT,
+    PRIVACY_REQUEST_RETRY,
+    PRIVACY_REQUEST_TRANSFER_TO_PARENT,
+    PRIVACY_REQUEST_VERIFY_IDENTITY,
+    PRIVACY_REQUESTS,
+    REQUEST_PREVIEW,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 
 page_size = Params().size
diff --git a/tests/ops/api/v1/endpoints/test_registration_endpoints.py b/tests/ops/api/v1/endpoints/test_registration_endpoints.py
index 820845a5f1..a7ee947d67 100644
--- a/tests/ops/api/v1/endpoints/test_registration_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_registration_endpoints.py
@@ -2,8 +2,8 @@
 
 import pytest
 
-from fides.api.api.v1.urn_registry import REGISTRATION, V1_URL_PREFIX
 from fides.api.models.registration import UserRegistration
+from fides.common.api.v1.urn_registry import REGISTRATION, V1_URL_PREFIX
 
 
 class TestUserRegistration:
diff --git a/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py b/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
index a511c6ba5e..d4e98c5efd 100644
--- a/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_saas_config_endpoints.py
@@ -7,13 +7,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    AUTHORIZE,
-    REGISTER_CONNECTOR_TEMPLATE,
-    SAAS_CONFIG,
-    SAAS_CONFIG_VALIDATE,
-    V1_URL_PREFIX,
-)
 from fides.api.models.connectionconfig import (
     AccessLevel,
     ConnectionConfig,
@@ -27,6 +20,13 @@
     SAAS_CONFIG_DELETE,
     SAAS_CONFIG_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    AUTHORIZE,
+    REGISTER_CONNECTOR_TEMPLATE,
+    SAAS_CONFIG,
+    SAAS_CONFIG_VALIDATE,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from tests.ops.api.v1.endpoints.test_dataset_endpoints import _reject_key
 from tests.ops.test_helpers.saas_test_utils import create_zip_file
diff --git a/tests/ops/api/v1/endpoints/test_storage_endpoints.py b/tests/ops/api/v1/endpoints/test_storage_endpoints.py
index e587393919..2af9932c40 100644
--- a/tests/ops/api/v1/endpoints/test_storage_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_storage_endpoints.py
@@ -8,18 +8,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    STORAGE_ACTIVE_DEFAULT,
-    STORAGE_BY_KEY,
-    STORAGE_CONFIG,
-    STORAGE_DEFAULT,
-    STORAGE_DEFAULT_BY_TYPE,
-    STORAGE_DEFAULT_SECRETS,
-    STORAGE_SECRETS,
-    STORAGE_STATUS,
-    STORAGE_UPLOAD,
-    V1_URL_PREFIX,
-)
 from fides.api.common_exceptions import KeyOrNameAlreadyExists, KeyValidationError
 from fides.api.models.application_config import ApplicationConfig
 from fides.api.models.client import ClientDetail
@@ -40,6 +28,18 @@
     STORAGE_DELETE,
     STORAGE_READ,
 )
+from fides.common.api.v1.urn_registry import (
+    STORAGE_ACTIVE_DEFAULT,
+    STORAGE_BY_KEY,
+    STORAGE_CONFIG,
+    STORAGE_DEFAULT,
+    STORAGE_DEFAULT_BY_TYPE,
+    STORAGE_DEFAULT_SECRETS,
+    STORAGE_SECRETS,
+    STORAGE_STATUS,
+    STORAGE_UPLOAD,
+    V1_URL_PREFIX,
+)
 from fides.config import get_config
 from fides.config.config_proxy import ConfigProxy
 
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index a27fed9f31..7a8f5edcea 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -11,7 +11,6 @@
 )
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import V1_URL_PREFIX
 from fides.api.models.connectionconfig import (
     AccessLevel,
     ConnectionConfig,
@@ -24,6 +23,7 @@
     SAAS_CONNECTION_INSTANTIATE,
     STORAGE_DELETE,
 )
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 
 page_size = Params().size
 
diff --git a/tests/ops/api/v1/endpoints/test_user_endpoints.py b/tests/ops/api/v1/endpoints/test_user_endpoints.py
index d74db97fe9..88c83a4a0b 100644
--- a/tests/ops/api/v1/endpoints/test_user_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_user_endpoints.py
@@ -16,13 +16,6 @@
 )
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import (
-    LOGIN,
-    LOGOUT,
-    USER_DETAIL,
-    USERS,
-    V1_URL_PREFIX,
-)
 from fides.api.cryptography.cryptographic_util import str_to_b64_str
 from fides.api.cryptography.schemas.jwt import (
     JWE_ISSUED_AT,
@@ -50,6 +43,13 @@
     USER_READ,
     USER_UPDATE,
 )
+from fides.common.api.v1.urn_registry import (
+    LOGIN,
+    LOGOUT,
+    USER_DETAIL,
+    USERS,
+    V1_URL_PREFIX,
+)
 from fides.config import CONFIG
 from tests.conftest import generate_auth_header_for_user
 
diff --git a/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py b/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
index ab8f41c1ae..31afa30e6e 100644
--- a/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_user_permission_endpoints.py
@@ -8,7 +8,6 @@
     HTTP_422_UNPROCESSABLE_ENTITY,
 )
 
-from fides.api.api.v1.urn_registry import USER_PERMISSIONS, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.fides_user_permissions import FidesUserPermissions
@@ -29,6 +28,7 @@
     USER_PERMISSION_READ,
     USER_PERMISSION_UPDATE,
 )
+from fides.common.api.v1.urn_registry import USER_PERMISSIONS, V1_URL_PREFIX
 from fides.config import CONFIG
 from tests.conftest import generate_auth_header_for_user, generate_role_header_for_user
 
diff --git a/tests/ops/api/v1/test_exception_handlers.py b/tests/ops/api/v1/test_exception_handlers.py
index 95235fdb70..76cd8a2c77 100644
--- a/tests/ops/api/v1/test_exception_handlers.py
+++ b/tests/ops/api/v1/test_exception_handlers.py
@@ -3,8 +3,8 @@
 import pytest
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import HEALTH, PRIVACY_REQUESTS, V1_URL_PREFIX
 from fides.common.api.scope_registry import CLIENT_CREATE
+from fides.common.api.v1.urn_registry import HEALTH, PRIVACY_REQUESTS, V1_URL_PREFIX
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/api/v1/test_utils.py b/tests/ops/api/v1/test_utils.py
index c79296207c..cf25b4ee9f 100644
--- a/tests/ops/api/v1/test_utils.py
+++ b/tests/ops/api/v1/test_utils.py
@@ -4,12 +4,12 @@
 import pytest
 from fastapi import HTTPException
 
-from fides.api.api.v1.endpoints.utils import (
+from fides.api.schemas.privacy_notice import PrivacyNotice
+from fides.api.util.endpoint_utils import (
     human_friendly_list,
     transform_fields,
     validate_start_and_end_filters,
 )
-from fides.api.schemas.privacy_notice import PrivacyNotice
 
 
 class TestValidateStartAndEndFilters:
diff --git a/tests/ops/integration_tests/test_connection_configuration_integration.py b/tests/ops/integration_tests/test_connection_configuration_integration.py
index e7da2f0c56..490fea8b77 100644
--- a/tests/ops/integration_tests/test_connection_configuration_integration.py
+++ b/tests/ops/integration_tests/test_connection_configuration_integration.py
@@ -6,7 +6,6 @@
 from sqlalchemy.orm import Session
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import CONNECTIONS, V1_URL_PREFIX
 from fides.api.common_exceptions import ConnectionException
 from fides.api.models.client import ClientDetail
 from fides.api.models.connectionconfig import ConnectionTestStatus
@@ -27,6 +26,7 @@
     CONNECTION_READ,
     STORAGE_READ,
 )
+from fides.common.api.v1.urn_registry import CONNECTIONS, V1_URL_PREFIX
 
 
 @pytest.mark.integration_postgres
diff --git a/tests/ops/service/privacy_request/test_request_service.py b/tests/ops/service/privacy_request/test_request_service.py
index c6000b60c4..8e889fc8de 100644
--- a/tests/ops/service/privacy_request/test_request_service.py
+++ b/tests/ops/service/privacy_request/test_request_service.py
@@ -3,7 +3,6 @@
 import pytest
 from httpx import HTTPStatusError
 
-from fides.api.api.v1.urn_registry import LOGIN, V1_URL_PREFIX
 from fides.api.cryptography.cryptographic_util import str_to_b64_str
 from fides.api.db.seed import create_or_update_parent_user
 from fides.api.models.privacy_request import PrivacyRequest, PrivacyRequestStatus
@@ -11,6 +10,7 @@
     build_required_privacy_request_kwargs,
     poll_server_for_completion,
 )
+from fides.common.api.v1.urn_registry import LOGIN, V1_URL_PREFIX
 from fides.config import CONFIG
 
 
diff --git a/tests/ops/util/test_api_router.py b/tests/ops/util/test_api_router.py
index ab8d16ec64..d468b947c5 100644
--- a/tests/ops/util/test_api_router.py
+++ b/tests/ops/util/test_api_router.py
@@ -2,9 +2,9 @@
 from starlette.status import HTTP_200_OK, HTTP_404_NOT_FOUND
 from starlette.testclient import TestClient
 
-from fides.api.api.v1.urn_registry import PRIVACY_REQUESTS, V1_URL_PREFIX
 from fides.api.models.client import ClientDetail
 from fides.common.api.scope_registry import PRIVACY_REQUEST_READ
+from fides.common.api.v1.urn_registry import PRIVACY_REQUESTS, V1_URL_PREFIX
 
 
 class TestApiRouter:

From f4ca8cc418ecf9304e555856dcba0e678a5536d2 Mon Sep 17 00:00:00 2001
From: Steve Murphy <steven.d.murphy@gmail.com>
Date: Fri, 30 Jun 2023 12:53:16 +0100
Subject: [PATCH 49/90] Handle Keys and Collections with a double underscore
 (#3688)

---
 CHANGELOG.md                          |  3 +--
 src/fides/api/task/graph_task.py      | 14 ++++++++++++--
 src/fides/api/task/task_resources.py  | 11 ++++++++---
 src/fides/api/util/collection_util.py | 18 ++++++++++++++++++
 tests/ops/task/test_task_resources.py |  7 +++++++
 5 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02bb90a3d3..b58f74d153 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,12 +25,11 @@ The types of changes are:
 
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
+- Handle names with a double underscore when processing access and erasure requests [#3688](https://github.com/ethyca/fides/pull/3688)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
 
-### Developer Experience
-
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
diff --git a/src/fides/api/task/graph_task.py b/src/fides/api/task/graph_task.py
index c156456dd7..000652e53d 100644
--- a/src/fides/api/task/graph_task.py
+++ b/src/fides/api/task/graph_task.py
@@ -46,7 +46,13 @@
 from fides.api.task.refine_target_path import FieldPathNodeInput
 from fides.api.task.task_resources import TaskResources
 from fides.api.util.cache import get_cache
-from fides.api.util.collection_util import NodeInput, Row, append, partition
+from fides.api.util.collection_util import (
+    NodeInput,
+    Row,
+    append,
+    extract_key_for_address,
+    partition,
+)
 from fides.api.util.consent_util import add_errored_system_status_for_consent_reporting
 from fides.api.util.logger import Pii
 from fides.api.util.saas_util import FIDESOPS_GROUPED_INPUTS
@@ -771,7 +777,11 @@ def get_cached_data_for_erasures(
     value_dict = cache.get_encoded_objects_by_prefix(
         f"PLACEHOLDER_RESULTS__{privacy_request_id}"
     )
-    return {k.split("__")[-1]: v for k, v in value_dict.items()}
+    number_of_leading_strings_to_exclude = 3
+    return {
+        extract_key_for_address(k, number_of_leading_strings_to_exclude): v
+        for k, v in value_dict.items()
+    }
 
 
 def update_erasure_mapping_from_cache(
diff --git a/src/fides/api/task/task_resources.py b/src/fides/api/task/task_resources.py
index 8bbf984d27..7bf86f37d6 100644
--- a/src/fides/api/task/task_resources.py
+++ b/src/fides/api/task/task_resources.py
@@ -32,7 +32,7 @@
 )
 from fides.api.service.connectors.base_email_connector import BaseEmailConnector
 from fides.api.util.cache import get_cache
-from fides.api.util.collection_util import Row
+from fides.api.util.collection_util import Row, extract_key_for_address
 
 
 class Connections:
@@ -147,7 +147,11 @@ def get_all_cached_objects(self) -> Dict[str, Optional[List[Row]]]:
             f"{self.request.id}__access_request"
         )
         # extract request id to return a map of address:value
-        return {k.split("__")[-1]: v for k, v in value_dict.items()}
+        number_of_leading_strings_to_exclude = 2
+        return {
+            extract_key_for_address(k, number_of_leading_strings_to_exclude): v
+            for k, v in value_dict.items()
+        }
 
     def cache_erasure(self, key: str, value: int) -> None:
         """Cache that a node's masking is complete. Object will be stored in redis under
@@ -163,7 +167,8 @@ def get_all_cached_erasures(self) -> Dict[str, int]:
             f"{self.request.id}__erasure_request"
         )
         # extract request id to return a map of address:value
-        return {k.split("__")[-1]: v for k, v in value_dict.items()}  # type: ignore
+        number_of_leading_strings_to_exclude = 2
+        return {extract_key_for_address(k, number_of_leading_strings_to_exclude): v for k, v in value_dict.items()}  # type: ignore
 
     def write_execution_log(  # pylint: disable=too-many-arguments
         self,
diff --git a/src/fides/api/util/collection_util.py b/src/fides/api/util/collection_util.py
index 6b550a245c..acde73e0cd 100644
--- a/src/fides/api/util/collection_util.py
+++ b/src/fides/api/util/collection_util.py
@@ -52,3 +52,21 @@ def filter_nonempty_values(d: Optional[Dict[Any, Any]]) -> Dict[Any, Any]:
     if d:
         return {e[0]: e[1] for e in d.items() if e[1]}
     return {}
+
+
+def extract_key_for_address(
+    full_request_id: str, number_of_leading_strings_to_exclude: int
+) -> str:
+    """
+    Handles extracting the correct Dataset:Collection to map to extracted
+    values.
+
+    Due to differences in the number of leading strings based on access or
+    erasure, a parameter is used to ensure the correct values are returned.
+
+    Handles an edge case where double underscores exist in either the fides_key
+    of the Dataset or the Collection name.
+    """
+    request_id_dataset, collection = full_request_id.split(":")
+    dataset = request_id_dataset.split("__", number_of_leading_strings_to_exclude)[-1]
+    return f"{dataset}:{collection}"
diff --git a/tests/ops/task/test_task_resources.py b/tests/ops/task/test_task_resources.py
index 87306bf378..d5a13794c4 100644
--- a/tests/ops/task/test_task_resources.py
+++ b/tests/ops/task/test_task_resources.py
@@ -16,6 +16,10 @@ def test_cache_object(self, db, privacy_request, policy, integration_manual_conf
             "access_request__postgres_example:payment",
             [{"id": 2, "ccn": "111-111-1111-1111", "customer_id": 1}],
         )
+        resources.cache_object(
+            "access_request__postgres__double__underscore__example:double__underscore__collection",
+            [{"id": 3, "last_name": "Doe"}],
+        )
         resources.cache_erasure("manual_example:filing-cabinet", 2)
 
         # Only access results from "cache_object" are returned
@@ -24,6 +28,9 @@ def test_cache_object(self, db, privacy_request, policy, integration_manual_conf
                 {"id": 2, "ccn": "111-111-1111-1111", "customer_id": 1}
             ],
             "postgres_example:customer": [{"id": 1, "last_name": "Doe"}],
+            "postgres__double__underscore__example:double__underscore__collection": [
+                {"id": 3, "last_name": "Doe"}
+            ],
         }
 
     def test_cache_erasure(

From c169bc5180dc9c1a1f5d5b92491a1ffad23a36ec Mon Sep 17 00:00:00 2001
From: Robert Keyser <39230492+RobertKeyser@users.noreply.github.com>
Date: Fri, 30 Jun 2023 09:36:23 -0500
Subject: [PATCH 50/90] Allow Privacy Action Cards to Grow (#3669)

---
 CHANGELOG.md                               |  1 +
 clients/privacy-center/components/Card.tsx | 10 ++--------
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b58f74d153..2ca3466e4d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,6 +35,7 @@ The types of changes are:
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
+- Privacy center action cards are now able to expand to accommodate longer text [#3669](https://github.com/ethyca/fides/pull/3669)
 
 
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
diff --git a/clients/privacy-center/components/Card.tsx b/clients/privacy-center/components/Card.tsx
index 488ee3519e..222d0097af 100644
--- a/clients/privacy-center/components/Card.tsx
+++ b/clients/privacy-center/components/Card.tsx
@@ -23,7 +23,7 @@ const Card: React.FC<CardProps> = ({
     data-testid="card"
     flexDirection="column"
     gap="12px"
-    h="176px"
+    minH="176px"
     key={title}
     m={2}
     onClick={() => {
@@ -57,13 +57,7 @@ const Card: React.FC<CardProps> = ({
     >
       {title}
     </Text>
-    <Text
-      color="gray.600"
-      fontSize="xs"
-      fontWeight="normal"
-      lineHeight="16px"
-      noOfLines={3}
-    >
+    <Text color="gray.600" fontSize="xs" fontWeight="normal" lineHeight="16px">
       {description}
     </Text>
   </Flex>

From a77cdfa2d3a6d95755bf789852dcd0af10407c59 Mon Sep 17 00:00:00 2001
From: Robert Keyser <39230492+RobertKeyser@users.noreply.github.com>
Date: Fri, 30 Jun 2023 10:45:25 -0500
Subject: [PATCH 51/90] Allow Banner and Modal to Scroll with Long Descriptions
 (#3713)

---
 CHANGELOG.md                              | 1 +
 clients/fides-js/src/components/fides.css | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2ca3466e4d..366c94e7d8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ The types of changes are:
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
+- Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
diff --git a/clients/fides-js/src/components/fides.css b/clients/fides-js/src/components/fides.css
index 0fe1f1ddaa..443aaf4b35 100644
--- a/clients/fides-js/src/components/fides.css
+++ b/clients/fides-js/src/components/fides.css
@@ -85,6 +85,7 @@ div#fides-banner-container {
   display: flex;
   justify-content: center;
   visibility: visible;
+  max-height: 100%;
 }
 
 div#fides-banner {
@@ -93,6 +94,7 @@ div#fides-banner {
   color: var(--fides-overlay-body-font-color);
   box-sizing: border-box;
   padding: var(--fides-overlay-padding);
+  overflow-y: scroll;
 
   display: flex;
   flex-direction: row;
@@ -250,6 +252,7 @@ div.fides-modal-content {
   border-radius: var(--fides-overlay-component-border-radius);
   max-height: 100%;
   max-width: 100%;
+  overflow-y: scroll;
 
   z-index: 2;
   position: fixed;

From bc65cbb1e9caa30e06560e6568769825c89c6afa Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Fri, 30 Jun 2023 13:49:40 -0400
Subject: [PATCH 52/90] Add unescape-safestr header to both fides-js fetch and
 privacy center calls (#3706)

---
 CHANGELOG.md                                   | 3 +++
 clients/fides-js/src/services/fides/api.ts     | 1 +
 clients/privacy-center/common/CommonHeaders.ts | 1 +
 3 files changed, 5 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 366c94e7d8..94986419b3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,9 @@ The types of changes are:
 - Handle names with a double underscore when processing access and erasure requests [#3688](https://github.com/ethyca/fides/pull/3688)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
+- Privacy center and fides-js now pass in `Unescape-Safestr` as a header so that special characters can be rendered properly [#3706](https://github.com/ethyca/fides/pull/3706)
+
+### Developer Experience
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
 - Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 
diff --git a/clients/fides-js/src/services/fides/api.ts b/clients/fides-js/src/services/fides/api.ts
index 20d089f270..31e2cb7554 100644
--- a/clients/fides-js/src/services/fides/api.ts
+++ b/clients/fides-js/src/services/fides/api.ts
@@ -27,6 +27,7 @@ export const fetchExperience = async (
   const fetchOptions: RequestInit = {
     method: "GET",
     mode: "cors",
+    headers: [["Unescape-Safestr", "true"]],
   };
   const params = new URLSearchParams({
     show_disabled: "false",
diff --git a/clients/privacy-center/common/CommonHeaders.ts b/clients/privacy-center/common/CommonHeaders.ts
index 8b4bb3b0db..fd85b77d30 100644
--- a/clients/privacy-center/common/CommonHeaders.ts
+++ b/clients/privacy-center/common/CommonHeaders.ts
@@ -9,5 +9,6 @@ export function addCommonHeaders(headers: Headers, token?: string | null) {
   if (token) {
     headers.set("authorization", `Bearer ${token}`);
   }
+  headers.set("Unescape-Safestr", "true");
   return headers;
 }

From 100e1180b498a716294d280314e291fc5e0c0f98 Mon Sep 17 00:00:00 2001
From: jpople <jeremy@ethyca.com>
Date: Fri, 30 Jun 2023 13:59:12 -0400
Subject: [PATCH 53/90] 3631: add gear icon to nav (#3701)

---
 CHANGELOG.md                                  |  1 +
 clients/admin-ui/cypress/e2e/nav-bar.cy.ts    | 11 ++-
 .../admin-ui/cypress/e2e/organization.cy.ts   |  2 +-
 clients/admin-ui/cypress/e2e/taxonomy.cy.ts   |  2 +-
 .../admin-ui/src/features/common/Header.tsx   | 13 ++++
 .../src/features/common/nav/v2/NavTopBar.tsx  |  4 ++
 .../features/common/nav/v2/nav-config.test.ts | 29 +++-----
 .../src/features/common/nav/v2/nav-config.ts  | 70 +++++++++----------
 8 files changed, 70 insertions(+), 62 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 94986419b3..77d770c2ec 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,6 +36,7 @@ The types of changes are:
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
+- Moved "management" tab from nav into settings icon in top right [#3701](https://github.com/ethyca/fides/pull/3701)
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
diff --git a/clients/admin-ui/cypress/e2e/nav-bar.cy.ts b/clients/admin-ui/cypress/e2e/nav-bar.cy.ts
index b9ec2ae7ec..890983ccfb 100644
--- a/clients/admin-ui/cypress/e2e/nav-bar.cy.ts
+++ b/clients/admin-ui/cypress/e2e/nav-bar.cy.ts
@@ -6,11 +6,10 @@ describe("Nav Bar", () => {
   it("renders all navigation links", () => {
     cy.visit("/");
 
-    cy.get("nav a").should("have.length", 4);
+    cy.get("nav a").should("have.length", 3);
     cy.contains("nav a", "Home");
-    cy.contains("nav a", "Privacy requests");
     cy.contains("nav a", "Data map");
-    cy.contains("nav a", "Management");
+    cy.contains("nav a", "Privacy requests");
   });
 
   it("styles the active navigation link based on the current route", () => {
@@ -22,18 +21,18 @@ describe("Nav Bar", () => {
     cy.contains("nav a", "Home")
       .should("have.css", "background-color")
       .should("eql", ACTIVE_COLOR);
-    cy.contains("nav a", "Management")
+    cy.contains("nav a", "Data map")
       .should("have.css", "background-color")
       .should("not.eql", ACTIVE_COLOR);
 
     // Navigate by clicking a nav link.
-    cy.contains("nav a", "Management").click();
+    cy.contains("nav a", "Data map").click();
 
     // The nav should update which page is active.
     cy.contains("nav a", "Home")
       .should("have.css", "background-color")
       .should("not.eql", ACTIVE_COLOR);
-    cy.contains("nav a", "Management")
+    cy.contains("nav a", "Data map")
       .should("have.css", "background-color")
       .should("eql", ACTIVE_COLOR);
   });
diff --git a/clients/admin-ui/cypress/e2e/organization.cy.ts b/clients/admin-ui/cypress/e2e/organization.cy.ts
index 4cbfa0492e..2f38247c07 100644
--- a/clients/admin-ui/cypress/e2e/organization.cy.ts
+++ b/clients/admin-ui/cypress/e2e/organization.cy.ts
@@ -10,7 +10,7 @@ describe("Organization page", () => {
 
   it("can navigate to the Organization page", () => {
     cy.visit("/");
-    cy.contains("nav a", "Management").click();
+    cy.getByTestId("management-btn").click();
     cy.contains("nav a", "Organization").click();
     cy.getByTestId("organization-management");
   });
diff --git a/clients/admin-ui/cypress/e2e/taxonomy.cy.ts b/clients/admin-ui/cypress/e2e/taxonomy.cy.ts
index 70921c53f1..5861fd56f7 100644
--- a/clients/admin-ui/cypress/e2e/taxonomy.cy.ts
+++ b/clients/admin-ui/cypress/e2e/taxonomy.cy.ts
@@ -8,7 +8,7 @@ describe("Taxonomy management page", () => {
 
   it("Can navigate to the taxonomy page", () => {
     cy.visit("/");
-    cy.contains("nav a", "Management").click();
+    cy.getByTestId("management-btn").click();
     cy.contains("nav a", "Taxonomy").click();
     cy.getByTestId("taxonomy-tabs");
     cy.getByTestId("tab-Data Categories");
diff --git a/clients/admin-ui/src/features/common/Header.tsx b/clients/admin-ui/src/features/common/Header.tsx
index 2c17dbd745..75b06810ff 100644
--- a/clients/admin-ui/src/features/common/Header.tsx
+++ b/clients/admin-ui/src/features/common/Header.tsx
@@ -1,6 +1,7 @@
 import {
   Button,
   Flex,
+  IconButton,
   Link,
   Menu,
   MenuButton,
@@ -8,6 +9,7 @@ import {
   MenuItem,
   MenuList,
   QuestionIcon,
+  SettingsIcon,
   Stack,
   Text,
   UserIcon,
@@ -21,6 +23,8 @@ import { INDEX_ROUTE } from "~/constants";
 import { logout, selectUser, useLogoutMutation } from "~/features/auth";
 import Image from "~/features/common/Image";
 
+import { USER_MANAGEMENT_ROUTE } from "./nav/v2/routes";
+
 const useHeader = () => {
   const { username } = useAppSelector(selectUser) ?? { username: "" };
   return { username };
@@ -59,6 +63,15 @@ const Header: React.FC = () => {
             <QuestionIcon color="gray.700" boxSize={4} />
           </Button>
         </Link>
+        <NextLink href={USER_MANAGEMENT_ROUTE} passHref>
+          <IconButton
+            aria-label="Management"
+            size="sm"
+            variant="ghost"
+            icon={<SettingsIcon color="gray.700" boxSize={4} />}
+            data-testid="management-btn"
+          />
+        </NextLink>
         {username && (
           <Menu>
             <MenuButton
diff --git a/clients/admin-ui/src/features/common/nav/v2/NavTopBar.tsx b/clients/admin-ui/src/features/common/nav/v2/NavTopBar.tsx
index 7dc04bde9a..493e5ce0a3 100644
--- a/clients/admin-ui/src/features/common/nav/v2/NavTopBar.tsx
+++ b/clients/admin-ui/src/features/common/nav/v2/NavTopBar.tsx
@@ -21,6 +21,10 @@ export const NavTopBar = () => {
       borderColor="gray.100"
     >
       {nav.groups.map((group) => {
+        // "Management" is navigated to via the gear icon, so don't display it in the nav
+        if (group.title === "Management") {
+          return null;
+        }
         // The group links to its first child's path.
         const { path } = group.children[0]!;
 
diff --git a/clients/admin-ui/src/features/common/nav/v2/nav-config.test.ts b/clients/admin-ui/src/features/common/nav/v2/nav-config.test.ts
index fb04f77367..4af3cf0713 100644
--- a/clients/admin-ui/src/features/common/nav/v2/nav-config.test.ts
+++ b/clients/admin-ui/src/features/common/nav/v2/nav-config.test.ts
@@ -35,19 +35,8 @@ describe("configureNavGroups", () => {
       children: [{ title: "Home", path: "/" }],
     });
 
-    expect(navGroups[1]).toMatchObject({
-      title: "Privacy requests",
-      children: [
-        { title: "Request manager", path: routes.PRIVACY_REQUESTS_ROUTE },
-        {
-          title: "Connection manager",
-          path: routes.DATASTORE_CONNECTION_ROUTE,
-        },
-      ],
-    });
-
     // NOTE: the data map should _not_ include the Plus routes (/plus/datamap, /classify-systems, etc.)
-    expect(navGroups[2]).toMatchObject({
+    expect(navGroups[1]).toMatchObject({
       title: "Data map",
       children: [
         { title: "View systems", path: routes.SYSTEM_ROUTE },
@@ -56,12 +45,14 @@ describe("configureNavGroups", () => {
       ],
     });
 
-    expect(navGroups[3]).toMatchObject({
-      title: "Management",
+    expect(navGroups[2]).toMatchObject({
+      title: "Privacy requests",
       children: [
-        { title: "Users", path: routes.USER_MANAGEMENT_ROUTE },
-        { title: "Taxonomy", path: routes.TAXONOMY_ROUTE },
-        { title: "About Fides", path: routes.ABOUT_ROUTE },
+        { title: "Request manager", path: routes.PRIVACY_REQUESTS_ROUTE },
+        {
+          title: "Connection manager",
+          path: routes.DATASTORE_CONNECTION_ROUTE,
+        },
       ],
     });
   });
@@ -79,7 +70,7 @@ describe("configureNavGroups", () => {
     });
 
     // The data map _should_ include the actual "/plus/datamap".
-    expect(navGroups[2]).toMatchObject({
+    expect(navGroups[1]).toMatchObject({
       title: "Data map",
       children: [
         { title: "View map", path: routes.DATAMAP_ROUTE },
@@ -147,7 +138,7 @@ describe("configureNavGroups", () => {
       });
 
       // The data map should _not_ include the actual "/plus/datamap".
-      expect(navGroups[2]).toMatchObject({
+      expect(navGroups[1]).toMatchObject({
         title: "Data map",
         children: [
           { title: "View systems", path: routes.SYSTEM_ROUTE },
diff --git a/clients/admin-ui/src/features/common/nav/v2/nav-config.ts b/clients/admin-ui/src/features/common/nav/v2/nav-config.ts
index 8c9fca5ed0..ff8e1730ba 100644
--- a/clients/admin-ui/src/features/common/nav/v2/nav-config.ts
+++ b/clients/admin-ui/src/features/common/nav/v2/nav-config.ts
@@ -32,6 +32,41 @@ export const NAV_CONFIG: NavConfigGroup[] = [
       },
     ],
   },
+  {
+    title: "Data map",
+    routes: [
+      {
+        title: "View map",
+        path: routes.DATAMAP_ROUTE,
+        requiresPlus: true,
+        scopes: [ScopeRegistryEnum.DATAMAP_READ],
+      },
+      {
+        title: "View systems",
+        path: routes.SYSTEM_ROUTE,
+        scopes: [ScopeRegistryEnum.SYSTEM_READ],
+      },
+      {
+        title: "Add systems",
+        path: routes.ADD_SYSTEMS_ROUTE,
+        scopes: [ScopeRegistryEnum.SYSTEM_CREATE],
+      },
+      {
+        title: "Manage datasets",
+        path: routes.DATASET_ROUTE,
+        scopes: [
+          ScopeRegistryEnum.CTL_DATASET_CREATE,
+          ScopeRegistryEnum.CTL_DATASET_UPDATE,
+        ],
+      },
+      {
+        title: "Classify systems",
+        path: routes.CLASSIFY_SYSTEMS_ROUTE,
+        requiresPlus: true,
+        scopes: [ScopeRegistryEnum.SYSTEM_UPDATE], // temporary scope until we decide what to do here
+      },
+    ],
+  },
   {
     title: "Privacy requests",
     routes: [
@@ -79,41 +114,6 @@ export const NAV_CONFIG: NavConfigGroup[] = [
       },
     ],
   },
-  {
-    title: "Data map",
-    routes: [
-      {
-        title: "View map",
-        path: routes.DATAMAP_ROUTE,
-        requiresPlus: true,
-        scopes: [ScopeRegistryEnum.DATAMAP_READ],
-      },
-      {
-        title: "View systems",
-        path: routes.SYSTEM_ROUTE,
-        scopes: [ScopeRegistryEnum.SYSTEM_READ],
-      },
-      {
-        title: "Add systems",
-        path: routes.ADD_SYSTEMS_ROUTE,
-        scopes: [ScopeRegistryEnum.SYSTEM_CREATE],
-      },
-      {
-        title: "Manage datasets",
-        path: routes.DATASET_ROUTE,
-        scopes: [
-          ScopeRegistryEnum.CTL_DATASET_CREATE,
-          ScopeRegistryEnum.CTL_DATASET_UPDATE,
-        ],
-      },
-      {
-        title: "Classify systems",
-        path: routes.CLASSIFY_SYSTEMS_ROUTE,
-        requiresPlus: true,
-        scopes: [ScopeRegistryEnum.SYSTEM_UPDATE], // temporary scope until we decide what to do here
-      },
-    ],
-  },
   {
     title: "Management",
     routes: [

From 0ded7e836dd374c07ed43afb6affc1e5ebeaabdb Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Fri, 30 Jun 2023 13:37:10 -0500
Subject: [PATCH 54/90] [Backend] Validation on Notice Keys within Region
 (#3703)

When creating or updating a notice, check all existing notices, as well as any incoming notices to see if there are going to be any notice key overlaps within a specific region.
---
 src/fides/api/models/privacy_notice.py        |  40 ++++++-
 src/fides/api/util/consent_util.py            |   7 ++
 .../test_privacy_notice_endpoints.py          |  69 ++++++++++++
 tests/ops/models/test_privacy_notice.py       | 103 ++++++++++++++++++
 tests/ops/util/test_consent_util.py           |  35 ++++++
 5 files changed, 253 insertions(+), 1 deletion(-)

diff --git a/src/fides/api/models/privacy_notice.py b/src/fides/api/models/privacy_notice.py
index 443a09416f..e2ca09d41f 100644
--- a/src/fides/api/models/privacy_notice.py
+++ b/src/fides/api/models/privacy_notice.py
@@ -3,6 +3,7 @@
 import re
 from collections import defaultdict
 from enum import Enum
+from html import unescape
 from typing import Any, Dict, Iterable, List, Optional, Tuple, Type, Union
 
 from fideslang.validation import FidesKey
@@ -311,6 +312,43 @@ def update(self, db: Session, *, data: dict[str, Any]) -> PrivacyNotice:
 PRIVACY_NOTICE_TYPE = Union[PrivacyNotice, PrivacyNoticeTemplate]
 
 
+def check_conflicting_notice_keys(
+    new_privacy_notices: Iterable[PRIVACY_NOTICE_TYPE],
+    existing_privacy_notices: Iterable[Union[PRIVACY_NOTICE_TYPE]],
+    ignore_disabled: bool = True,  # For PrivacyNoticeTemplates, set to False
+) -> None:
+    """
+    Checks to see if new notice keys will conflict with any existing notice keys for a specific region
+    """
+    # Map regions to existing notice key, notice name
+    notice_keys_by_region: Dict[
+        PrivacyNoticeRegion, List[Tuple[str, str]]
+    ] = defaultdict(list)
+    for privacy_notice in existing_privacy_notices:
+        if privacy_notice.disabled and ignore_disabled:
+            continue
+        for region in privacy_notice.regions:
+            notice_keys_by_region[PrivacyNoticeRegion(region)].append(
+                (privacy_notice.notice_key, privacy_notice.name)
+            )
+
+    for privacy_notice in new_privacy_notices:
+        if privacy_notice.disabled and ignore_disabled:
+            # Skip validation if the notice is disabled
+            continue
+        # check each of the incoming notice's regions
+        for region in privacy_notice.regions:
+            region_notice_keys = notice_keys_by_region[PrivacyNoticeRegion(region)]
+            # check the incoming notice keys
+            for notice_key, notice_name in region_notice_keys:
+                if notice_key == privacy_notice.notice_key:
+                    raise ValidationError(
+                        message=f"Privacy Notice '{unescape(notice_name)}' has already assigned notice key '{notice_key}' to region '{region}'"
+                    )
+            # add the new notice key to our map
+            region_notice_keys.append((privacy_notice.notice_key, privacy_notice.name))
+
+
 def check_conflicting_data_uses(
     new_privacy_notices: Iterable[PRIVACY_NOTICE_TYPE],
     existing_privacy_notices: Iterable[Union[PRIVACY_NOTICE_TYPE]],
@@ -360,7 +398,7 @@ def check_conflicting_data_uses(
                     # an existing DataUse
                     if new_data_use_conflicts_with_existing_use(existing_use, data_use):
                         raise ValidationError(
-                            message=f"Privacy Notice '{notice_name}' has already assigned data use '{existing_use}' to region '{region}'"
+                            message=f"Privacy Notice '{unescape(notice_name)}' has already assigned data use '{existing_use}' to region '{region}'"
                         )
                 # add the data use to our map, to effectively include it in validation against the
                 # following incoming records
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index 9a892100ec..7463b8e0f3 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -22,6 +22,7 @@
     PrivacyNoticeTemplate,
     UserConsentPreference,
     check_conflicting_data_uses,
+    check_conflicting_notice_keys,
 )
 from fides.api.models.privacy_preference import PrivacyPreferenceHistory
 from fides.api.models.privacy_request import (
@@ -316,6 +317,7 @@ def create_privacy_notices_util(
         for privacy_notice in privacy_notice_schemas
     ]
     check_conflicting_data_uses(new_notices, existing_notices)
+    check_conflicting_notice_keys(new_notices, existing_notices)
 
     created_privacy_notices: List[PrivacyNotice] = []
     affected_regions: Set = set()
@@ -440,6 +442,11 @@ def prepare_privacy_notice_patches(
             existing_notices.values(),
             ignore_disabled=ignore_disabled,
         )
+        check_conflicting_notice_keys(
+            validation_updates,
+            existing_notices.values(),
+            ignore_disabled=ignore_disabled,
+        )
     except ValidationError as e:
         raise HTTPException(HTTP_422_UNPROCESSABLE_ENTITY, detail=e.message)
 
diff --git a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
index 66aeaac6e9..c747172364 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_notice_endpoints.py
@@ -2000,6 +2000,32 @@ def test_post_multiple_privacy_notice(
         assert response_notice_2["updated_at"] == db_notice_2.updated_at.isoformat()
         assert response_notice_2["disabled"] == db_notice_2.disabled
 
+    def test_post_multiple_privacy_notice_notice_key_overlap(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        notice_request: dict[str, Any],
+        notice_request_2: dict[str, Any],
+        url,
+        db,
+    ):
+        """
+        Test posting multiple new privacy notices with overlay in notice key
+        """
+
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_NOTICE_CREATE])
+        # Override second notice to have the same notice key as the first notice
+        notice_request_2["notice_key"] = "test_privacy_notice_1"
+
+        resp = api_client.post(
+            url, headers=auth_header, json=[notice_request, notice_request_2]
+        )
+        assert resp.status_code == 422
+        assert (
+            resp.json()["detail"]
+            == "Privacy Notice 'test privacy notice 1' has already assigned notice key 'test_privacy_notice_1' to region 'us_ca'"
+        )
+
 
 class TestPatchPrivacyNotices:
     @pytest.fixture(scope="function")
@@ -2247,6 +2273,7 @@ def test_patch_invalid_privacy_notice_data_use_conflicts_within_request(
 
         # conflict with identical data uses within region
         # we make the two patch payload items have the same data_use, they should fail
+        patch_privacy_notice_payload["name"] = "my notice's name"
         patch_privacy_notice_payload_updated_data_use = (
             patch_privacy_notice_payload.copy()
         )
@@ -2268,6 +2295,10 @@ def test_patch_invalid_privacy_notice_data_use_conflicts_within_request(
             ],
         )  # direct overlap in the requests
         assert resp.status_code == 422
+        assert (
+            resp.json()["detail"]
+            == "Privacy Notice 'my notice's name' has already assigned data use 'improve' to region 'PrivacyNoticeRegion.us_ca'"
+        )
 
         # conflict with parent/child data uses within region
         # we make the two patch payload items have parent/child data uses, they should fail
@@ -2953,6 +2984,44 @@ def test_patch_multiple_privacy_notices(
         )
         assert response_notice_2["data_uses"] == db_notice_2.data_uses
 
+    def test_patch_multiple_privacy_notices_notice_key_overlap(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        patch_privacy_notice_payload: dict[str, Any],
+        patch_privacy_notice_payload_us_ca_provide: dict[str, Any],
+        privacy_notice: PrivacyNotice,
+        privacy_notice_us_ca_provide: PrivacyNotice,
+        url,
+        db,
+    ):
+        """
+        Test patching multiple privacy notices notice_key_overlap
+        """
+
+        auth_header = generate_auth_header(scopes=[scopes.PRIVACY_NOTICE_UPDATE])
+        # Make notice keys match
+        patch_privacy_notice_payload_us_ca_provide[
+            "notice_key"
+        ] = patch_privacy_notice_payload["notice_key"]
+        patch_privacy_notice_payload["name"] = "My notice's name"
+        # Set disabled to False, because disabled notice keys are ignoredc
+        patch_privacy_notice_payload["disabled"] = False
+
+        resp = api_client.patch(
+            url,
+            headers=auth_header,
+            json=[
+                patch_privacy_notice_payload,
+                patch_privacy_notice_payload_us_ca_provide,
+            ],
+        )
+        assert resp.status_code == 422
+        assert (
+            resp.json()["detail"]
+            == "Privacy Notice 'My notice's name' has already assigned notice key 'updated_privacy_notice_key' to region 'PrivacyNoticeRegion.us_ca'"
+        )
+
     def test_patching_privacy_notice_twice(
         self,
         api_client: TestClient,
diff --git a/tests/ops/models/test_privacy_notice.py b/tests/ops/models/test_privacy_notice.py
index 5eaa5fe1b6..f3c2460260 100644
--- a/tests/ops/models/test_privacy_notice.py
+++ b/tests/ops/models/test_privacy_notice.py
@@ -11,6 +11,7 @@
     PrivacyNoticeRegion,
     UserConsentPreference,
     check_conflicting_data_uses,
+    check_conflicting_notice_keys,
     new_data_use_conflicts_with_existing_use,
 )
 from fides.api.models.sql_models import Cookies
@@ -699,6 +700,108 @@ def test_conflicting_data_uses(
                 existing_privacy_notices=existing_privacy_notices,
             )
 
+    @pytest.mark.parametrize(
+        "should_error,new_privacy_notices,existing_privacy_notices",
+        [
+            (
+                True,
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["marketing.advertising"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["improve"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+            ),
+            (
+                True,
+                [
+                    PrivacyNotice(
+                        name="pn_2",
+                        notice_key="pn_2",
+                        data_uses=["improve"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    ),
+                    PrivacyNotice(
+                        name="pn_2",
+                        notice_key="pn_2",
+                        data_uses=["essential.service"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    ),
+                ],
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["marketing.advertising"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+            ),
+            (
+                False,
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["marketing.advertising"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+                [
+                    PrivacyNotice(
+                        name="pn_2",
+                        notice_key="pn_2",
+                        data_uses=["improve"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+            ),
+            (
+                False,
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["marketing.advertising"],
+                        regions=[PrivacyNoticeRegion.us_ca],
+                    )
+                ],
+                [
+                    PrivacyNotice(
+                        name="pn_1",
+                        notice_key="pn_1",
+                        data_uses=["improve"],
+                        regions=[PrivacyNoticeRegion.us_va],
+                    )
+                ],
+            ),
+        ],
+    )
+    def test_check_conflicting_privacy_notice_keys(
+        self, should_error, new_privacy_notices, existing_privacy_notices
+    ):
+        if should_error:
+            with pytest.raises(ValidationError):
+                check_conflicting_notice_keys(
+                    new_privacy_notices=new_privacy_notices,
+                    existing_privacy_notices=existing_privacy_notices,
+                )
+        else:
+            check_conflicting_notice_keys(
+                new_privacy_notices=new_privacy_notices,
+                existing_privacy_notices=existing_privacy_notices,
+            )
+
     @pytest.mark.parametrize(
         "privacy_notice_data_use,declaration_cookies,expected_cookies,description",
         [
diff --git a/tests/ops/util/test_consent_util.py b/tests/ops/util/test_consent_util.py
index b2e5400229..069f43d254 100644
--- a/tests/ops/util/test_consent_util.py
+++ b/tests/ops/util/test_consent_util.py
@@ -854,6 +854,41 @@ def test_overlapping_data_uses(self, db, load_default_data_uses):
             == "Privacy Notice 'A' has already assigned data use 'essential' to region 'it'"
         )
 
+    def test_overlapping_notice_keys(self, db, load_default_data_uses):
+        """Can't have overlapping notice keys on incoming templates, and we also check these for disabled templates"""
+        with pytest.raises(HTTPException) as exc:
+            upsert_privacy_notice_templates_util(
+                db,
+                [
+                    PrivacyNoticeWithId(
+                        id="test_id_1",
+                        notice_key="a",
+                        name="A",
+                        regions=["it"],
+                        consent_mechanism=ConsentMechanism.opt_in,
+                        data_uses=["essential"],
+                        enforcement_level=EnforcementLevel.system_wide,
+                        displayed_in_overlay=True,
+                    ),
+                    PrivacyNoticeWithId(
+                        id="test_id_2",
+                        notice_key="a",
+                        name="B",
+                        regions=["it"],
+                        consent_mechanism=ConsentMechanism.opt_in,
+                        data_uses=["marketing"],
+                        enforcement_level=EnforcementLevel.frontend,
+                        disabled=True,
+                        displayed_in_overlay=True,
+                    ),
+                ],
+            )
+        assert exc._excinfo[1].status_code == 422
+        assert (
+            exc._excinfo[1].detail
+            == "Privacy Notice 'A' has already assigned notice key 'a' to region 'it'"
+        )
+
     def test_bad_data_uses(self, db, load_default_data_uses):
         """Test data uses must exist"""
         with pytest.raises(HTTPException) as exc:

From 1212eadf972fa9beed2908d377a3ee39e1f3d6f7 Mon Sep 17 00:00:00 2001
From: jpople <jeremy@ethyca.com>
Date: Fri, 30 Jun 2023 17:02:40 -0400
Subject: [PATCH 55/90] 3601: test connection results toast (#3700)

---
 CHANGELOG.md                                  |   1 +
 .../datastore-connections/TestData.tsx        |   2 +-
 .../system_portal_config/TestConnection.tsx   | 122 ------------------
 .../TestConnectionMessage.tsx                 |  19 +++
 .../forms/ConnectorParameters.tsx             |  39 +++---
 .../forms/ConnectorParametersForm.tsx         |  36 ++----
 6 files changed, 56 insertions(+), 163 deletions(-)
 delete mode 100644 clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnection.tsx
 create mode 100644 clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnectionMessage.tsx

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 77d770c2ec..52a213dbb2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -36,6 +36,7 @@ The types of changes are:
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
+- Changed results from clicking "Test connection" to be a toast instead of statically displayed on the page [#3700](https://github.com/ethyca/fides/pull/3700)
 - Moved "management" tab from nav into settings icon in top right [#3701](https://github.com/ethyca/fides/pull/3701)
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
diff --git a/clients/admin-ui/src/features/datastore-connections/TestData.tsx b/clients/admin-ui/src/features/datastore-connections/TestData.tsx
index 1901e7bcc3..d0f854074f 100644
--- a/clients/admin-ui/src/features/datastore-connections/TestData.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/TestData.tsx
@@ -5,7 +5,7 @@ import { formatDate } from "../common/utils";
 
 type TestDataProps = {
   succeeded?: boolean;
-  timestamp: string;
+  timestamp: string | number;
 };
 
 const TestData: React.FC<TestDataProps> = ({ succeeded, timestamp }) => {
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnection.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnection.tsx
deleted file mode 100644
index ee3a503015..0000000000
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnection.tsx
+++ /dev/null
@@ -1,122 +0,0 @@
-import {
-  Box,
-  Divider,
-  ErrorWarningIcon,
-  GreenCheckCircleIcon,
-  Heading,
-  HStack,
-  Tag,
-  Text,
-  VStack,
-} from "@fidesui/react";
-import { formatDate } from "common/utils";
-import React from "react";
-
-import { ConnectionSystemTypeMap } from "~/types/api";
-
-type TestConnectionProps = {
-  response: any;
-  connectionOption: ConnectionSystemTypeMap;
-};
-
-const TestConnection: React.FC<TestConnectionProps> = ({
-  response,
-  connectionOption,
-}) => (
-  <>
-    <Divider color="gray.100" />
-    <VStack align="flex-start" mt="16px">
-      {response.data?.test_status === "succeeded" && (
-        <>
-          <HStack>
-            <Heading as="h5" color="gray.700" size="xs">
-              Successfully connected to {connectionOption!.human_readable}
-            </Heading>
-            <Tag colorScheme="green" size="sm" variant="solid">
-              Success
-            </Tag>
-          </HStack>
-          <Text color="gray.500" fontSize="sm" mt="12px !important">
-            {formatDate(response.fulfilledTimeStamp)}
-          </Text>
-          <Box
-            bg="green.100"
-            border="1px solid"
-            borderColor="green.300"
-            color="green.700"
-            mt="16px"
-            borderRadius="6px"
-          >
-            <HStack
-              alignItems="flex-start"
-              margin={["14px", "17px", "14px", "17px"]}
-            >
-              <GreenCheckCircleIcon />
-              <Box>
-                <Heading
-                  as="h5"
-                  color="green.500"
-                  fontWeight="semibold"
-                  size="xs"
-                >
-                  Success message:
-                </Heading>
-                <Text color="gray.700" fontSize="sm" fontWeight="400">
-                  {response.data.msg}
-                </Text>
-              </Box>
-            </HStack>
-          </Box>
-        </>
-      )}
-      {response.data?.test_status === "failed" && (
-        <>
-          <HStack>
-            <Heading as="h5" color="gray.700" size="xs">
-              Output error to {connectionOption!.human_readable}
-            </Heading>
-            <Tag colorScheme="red" size="sm" variant="solid">
-              Error
-            </Tag>
-          </HStack>
-          <Text color="gray.500" fontSize="sm" mt="12px !important">
-            {formatDate(response.fulfilledTimeStamp)}
-          </Text>
-          <Box
-            bg="red.50"
-            border="1px solid"
-            borderColor="red.300"
-            color="red.300"
-            mt="16px"
-            borderRadius="6px"
-          >
-            <HStack
-              alignItems="flex-start"
-              margin={["14px", "17px", "14px", "17px"]}
-            >
-              <ErrorWarningIcon />
-              <Box>
-                <Heading
-                  as="h5"
-                  color="red.500"
-                  fontWeight="semibold"
-                  size="xs"
-                >
-                  Error message:
-                </Heading>
-                <Text color="gray.700" fontSize="sm" fontWeight="400">
-                  {response.data.failure_reason}
-                </Text>
-                <Text color="gray.700" fontSize="sm" fontWeight="400">
-                  {response.data.msg}
-                </Text>
-              </Box>
-            </HStack>
-          </Box>
-        </>
-      )}
-    </VStack>
-  </>
-);
-
-export default TestConnection;
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnectionMessage.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnectionMessage.tsx
new file mode 100644
index 0000000000..2e4d62f81a
--- /dev/null
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/TestConnectionMessage.tsx
@@ -0,0 +1,19 @@
+import { Text } from "@fidesui/react";
+import React from "react";
+
+type TestConnectionMessageProps = {
+  status: "success" | "error";
+};
+
+const TestConnectionMessage: React.FC<TestConnectionMessageProps> = ({
+  status,
+}) => (
+  <>
+    {status === "success" && <Text>Connection test was successful</Text>}
+    {status === "error" && (
+      <Text>Test failed: please check your connection info</Text>
+    )}
+  </>
+);
+
+export default TestConnectionMessage;
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index da9bd9c79e..2a197477b5 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -1,4 +1,4 @@
-import { Box, Flex, SlideFade, Spacer } from "@fidesui/react";
+import { Box, Flex, Spacer, useToast, UseToastOptions } from "@fidesui/react";
 import { useAPIHelper } from "common/hooks";
 import { useAlert } from "common/hooks/useAlert";
 import { ConnectionTypeSecretSchemaReponse } from "connection-type/types";
@@ -19,9 +19,10 @@ import {
 import { useState } from "react";
 
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
+import { DEFAULT_TOAST_PARAMS } from "~/features/common/toast";
 import { useGetConnectionTypeSecretSchemaQuery } from "~/features/connection-type";
 import { formatKey } from "~/features/datastore-connections/system_portal_config/helpers";
-import TestConnection from "~/features/datastore-connections/system_portal_config/TestConnection";
+import TestConnectionMessage from "~/features/datastore-connections/system_portal_config/TestConnectionMessage";
 import TestData from "~/features/datastore-connections/TestData";
 import {
   selectActiveSystem,
@@ -39,7 +40,9 @@ import {
 } from "~/types/api";
 
 import { ConnectionConfigFormValues } from "../types";
-import ConnectorParametersForm from "./ConnectorParametersForm";
+import ConnectorParametersForm, {
+  TestConnectionResponse,
+} from "./ConnectorParametersForm";
 
 /**
  * Only handles creating saas connectors. The BE handler automatically
@@ -296,11 +299,22 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
   connectionConfig,
   setSelectedConnectionOption,
 }) => {
-  const [response, setResponse] = useState<any>();
+  const [response, setResponse] = useState<TestConnectionResponse>();
 
-  const handleTestConnectionClick = (value: any) => {
+  const toast = useToast();
+
+  const handleTestConnectionClick = (value: TestConnectionResponse) => {
     setResponse(value);
+    const status: UseToastOptions["status"] =
+      value.data?.test_status === "succeeded" ? "success" : "error";
+    const toastParams = {
+      ...DEFAULT_TOAST_PARAMS,
+      status,
+      description: <TestConnectionMessage status={status} />,
+    };
+    toast(toastParams);
   };
+
   const skip = connectionOption.type === SystemType.MANUAL;
   const { data: secretsSchema } = useGetConnectionTypeSecretSchemaQuery(
     connectionOption!.identifier,
@@ -360,7 +374,9 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
 
       {connectionConfig ? (
         <Flex mt="4" justifyContent="between" alignItems="center">
-          {response ? (
+          {response &&
+          response.data &&
+          response.fulfilledTimeStamp !== undefined ? (
             <TestData
               succeeded={response.data.test_status === "succeeded"}
               timestamp={response.fulfilledTimeStamp}
@@ -374,17 +390,6 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
           <Spacer />
         </Flex>
       ) : null}
-
-      {response && (
-        <SlideFade in>
-          <Box mt="16px" maxW="528px" w="fit-content">
-            <TestConnection
-              response={response}
-              connectionOption={connectionOption}
-            />
-          </Box>
-        </SlideFade>
-      )}
     </>
   );
 };
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 7a93ab451e..33c58b5179 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -17,7 +17,6 @@ import {
   VStack,
 } from "@fidesui/react";
 import { Option } from "common/form/inputs";
-import { useAPIHelper } from "common/hooks";
 import {
   ConnectionTypeSecretSchemaProperty,
   ConnectionTypeSecretSchemaReponse,
@@ -25,7 +24,8 @@ import {
 import { useLazyGetDatastoreConnectionStatusQuery } from "datastore-connections/datastore-connection.slice";
 import DSRCustomizationModal from "datastore-connections/system_portal_config/forms/DSRCustomizationForm/DSRCustomizationModal";
 import { Field, FieldInputProps, Form, Formik, FormikProps } from "formik";
-import React, { useEffect, useRef } from "react";
+import React from "react";
+import { DatastoreConnectionStatus } from "src/features/datastore-connections/types";
 
 import DatasetConfigField from "~/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
 import {
@@ -41,6 +41,11 @@ import { fillInDefaults } from "./helpers";
 
 const FIDES_DATASET_REFERENCE = "#/definitions/FidesDatasetReference";
 
+export interface TestConnectionResponse {
+  data?: DatastoreConnectionStatus;
+  fulfilledTimeStamp?: number;
+}
+
 type ConnectorParametersFormProps = {
   secretsSchema?: ConnectionTypeSecretSchemaReponse;
   defaultValues: ConnectionConfigFormValues;
@@ -52,7 +57,7 @@ type ConnectorParametersFormProps = {
   /**
    * Parent callback when Test Connection is clicked
    */
-  onTestConnectionClick: (value: any) => void;
+  onTestConnectionClick: (value: TestConnectionResponse) => void;
   /**
    * Text for the test button. Defaults to "Test connection"
    */
@@ -79,10 +84,8 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   onDelete,
   deleteResult,
 }) => {
-  const mounted = useRef(false);
-  const { handleError } = useAPIHelper();
-
-  const [trigger, result] = useLazyGetDatastoreConnectionStatusQuery();
+  const [trigger, { isLoading, isFetching }] =
+    useLazyGetDatastoreConnectionStatusQuery();
 
   const validateConnectionIdentifier = (value: string) => {
     let error;
@@ -242,23 +245,10 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   };
 
   const handleTestConnectionClick = async () => {
-    try {
-      await trigger(connectionConfig!.key).unwrap();
-    } catch (error) {
-      handleError(error);
-    }
+    const result = await trigger(connectionConfig!.key);
+    onTestConnectionClick(result);
   };
 
-  useEffect(() => {
-    mounted.current = true;
-    if (result.isSuccess) {
-      onTestConnectionClick(result);
-    }
-    return () => {
-      mounted.current = false;
-    };
-  }, [onTestConnectionClick, result]);
-
   return (
     <Formik
       enableReinitialize
@@ -346,7 +336,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                   isSubmitting ||
                   deleteResult.isLoading
                 }
-                isLoading={result.isLoading || result.isFetching}
+                isLoading={isLoading || isFetching}
                 loadingText="Testing"
                 onClick={handleTestConnectionClick}
                 variant="outline"

From f526d9ffb176006d701493c9d0eff6b4884e811f Mon Sep 17 00:00:00 2001
From: Sean Preston <sean@ethyca.com>
Date: Wed, 5 Jul 2023 15:53:48 +0100
Subject: [PATCH 56/90] Merge pull request from GHSA-r25m-cr6v-p9hq

* fix for vuln

* Apply suggestions from code review

Use correct spelling of malicious.

Co-authored-by: Adam Sachs <adam@ethyca.com>

* Update src/fides/api/main.py

Verbiage

Co-authored-by: Thomas <thomas.lapiana+github@pm.me>

---------

Co-authored-by: Adam Sachs <adam@ethyca.com>
Co-authored-by: Thomas <thomas.lapiana+github@pm.me>
Co-authored-by: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
---
 src/fides/api/common_exceptions.py |  4 ++++
 src/fides/api/main.py              | 20 ++++++++++++++++++++
 tests/ops/util/test_api_router.py  | 21 +++++++++++++++++++++
 3 files changed, 45 insertions(+)

diff --git a/src/fides/api/common_exceptions.py b/src/fides/api/common_exceptions.py
index c12d52946f..45e7937f5d 100644
--- a/src/fides/api/common_exceptions.py
+++ b/src/fides/api/common_exceptions.py
@@ -223,6 +223,10 @@ class SSHTunnelConfigNotFoundException(Exception):
     """Exception for when Fides is configured to use an SSH tunnel without config provided."""
 
 
+class MalisciousUrlException(Exception):
+    """Fides has detected a potentially maliscious URL."""
+
+
 class AuthenticationError(HTTPException):
     """To be raised when attempting to fetch an access token using
     invalid credentials.
diff --git a/src/fides/api/main.py b/src/fides/api/main.py
index 809d843ccc..83e5dec239 100644
--- a/src/fides/api/main.py
+++ b/src/fides/api/main.py
@@ -1,6 +1,7 @@
 """
 Contains the code that sets up the API.
 """
+import os
 import sys
 from datetime import datetime, timezone
 from logging import WARNING
@@ -11,6 +12,7 @@
 from fideslog.sdk.python.event import AnalyticsEvent
 from loguru import logger
 from starlette.background import BackgroundTask
+from urllib.parse import unquote
 from uvicorn import Config, Server
 
 import fides
@@ -20,6 +22,7 @@
     log_startup,
     run_database_startup,
 )
+from fides.api.common_exceptions import MalisciousUrlException
 from fides.api.middleware import handle_audit_log_resource
 from fides.api.schemas.analytics import Event, ExtraData
 
@@ -151,6 +154,17 @@ def read_index() -> Response:
     return get_admin_index_as_response()
 
 
+def sanitise_url_path(path: str) -> str:
+    """Returns a URL path that does not contain any ../ or //"""
+    path = unquote(path)
+    path = os.path.normpath(path)
+    for token in path.split("/"):
+        if ".." in token:
+            logger.warning(f"Potentially dangerous use of URL hierarchy in path: {path}")
+            raise MalisciousUrlException()
+    return path
+
+
 @app.get("/{catchall:path}", response_class=Response, tags=["Default"])
 def read_other_paths(request: Request) -> Response:
     """
@@ -158,6 +172,12 @@ def read_other_paths(request: Request) -> Response:
     """
     # check first if requested file exists (for frontend assets)
     path = request.path_params["catchall"]
+    logger.debug(f"Catch all path detected: {path}")
+    try:
+        path = sanitise_url_path(path)
+    except MalisciousUrlException:
+        # if a maliscious URL is detected, route the user to the index
+        return get_admin_index_as_response()
 
     # search for matching route in package (i.e. /dataset)
     ui_file = match_route(get_ui_file_map(), path)
diff --git a/tests/ops/util/test_api_router.py b/tests/ops/util/test_api_router.py
index d468b947c5..e1872fb1ca 100644
--- a/tests/ops/util/test_api_router.py
+++ b/tests/ops/util/test_api_router.py
@@ -45,3 +45,24 @@ def test_non_existent_route_404(
             f"{V1_URL_PREFIX}/route/does/not/exist/", headers=auth_header
         )
         assert resp_4.status_code == HTTP_404_NOT_FOUND
+
+    def test_malicious_url(
+        self,
+        api_client: TestClient,
+        url,
+    ) -> None:
+        malicious_paths = [
+            "../../../../../../../../../etc/passwd",
+            "..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd",
+            "%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd",
+            "%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd",
+            "..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f..%c0%2f/etc/passwd",
+            ".../...//.../...//.../...//.../...//.../...//.../...//.../...//.../...//.../...//etc/passwd",
+            "...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2f...%2f...%2f%2fetc/passwd",
+            "%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//%2e%2e%2e/%2e%2e%2e//etc/passwd",
+            "%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2f%2e%2e%2e%2f%2e%2e%2e%2f%2fetc/passwd",
+        ]
+        for path in malicious_paths:
+            resp = api_client.get(f"{url}/{path}")
+            assert resp.status_code == 200
+            assert resp.text == "<h1>Privacy is a Human Right!</h1>"

From 111bf3bf1fec0521be89a32eae42f3729a61115e Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Wed, 5 Jul 2023 15:11:59 -0500
Subject: [PATCH 57/90] [Backend] Fix Validation Error where Current Privacy
 Preferences might be None (#3719)

Fix bug where if a single user saves their preferences in rapid succession, the older PrivacyPreferenceHistory history record will no longer have a relationship with the CurrentPrivacyPreference record because a newer PrivacyPreferenceHistory had superseded it.  This just affected serialization of the response when saving preferences.
---
 CHANGELOG.md                                  |  1 +
 .../endpoints/privacy_preference_endpoints.py | 10 +--
 src/fides/api/main.py                         |  6 +-
 src/fides/api/models/privacy_preference.py    | 24 ++++++-
 .../saas/connector_registry_service.py        |  4 +-
 .../test_connection_config_endpoints.py       |  5 +-
 .../test_connection_template_endpoints.py     |  1 -
 tests/ops/api/v1/endpoints/test_system.py     |  1 -
 tests/ops/models/test_privacy_preference.py   | 67 ++++++++++++++++++-
 9 files changed, 103 insertions(+), 16 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 52a213dbb2..ea0b004440 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ The types of changes are:
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 - Privacy center and fides-js now pass in `Unescape-Safestr` as a header so that special characters can be rendered properly [#3706](https://github.com/ethyca/fides/pull/3706)
+- Fixed ValidationError for saving PrivacyPreferences [#3719](https://github.com/ethyca/fides/pull/3719)
 
 ### Developer Experience
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
diff --git a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
index dd863b45a1..22f386a93e 100644
--- a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
@@ -344,7 +344,10 @@ def _save_privacy_preferences_for_identities(
 
     needs_server_side_propagation: bool = False
     for privacy_preference in request_data.preferences:
-        historical_preference: PrivacyPreferenceHistory = PrivacyPreferenceHistory.create(
+        (
+            historical_preference,
+            current_preference,
+        ) = PrivacyPreferenceHistory.create_history_and_upsert_current_preference(
             db=db,
             data={
                 "anonymized_ip_address": request_data.anonymized_ip_address,
@@ -376,11 +379,8 @@ def _save_privacy_preferences_for_identities(
             },
             check_name=False,
         )
-        upserted_current_preference: CurrentPrivacyPreference = (
-            historical_preference.current_privacy_preference
-        )
         created_historical_preferences.append(historical_preference)
-        upserted_current_preferences.append(upserted_current_preference)
+        upserted_current_preferences.append(current_preference)
 
         if (
             historical_preference.privacy_notice_history.enforcement_level
diff --git a/src/fides/api/main.py b/src/fides/api/main.py
index 83e5dec239..bff514e432 100644
--- a/src/fides/api/main.py
+++ b/src/fides/api/main.py
@@ -6,13 +6,13 @@
 from datetime import datetime, timezone
 from logging import WARNING
 from typing import Callable, Optional
+from urllib.parse import unquote
 
 from fastapi import HTTPException, Request, Response, status
 from fastapi.responses import FileResponse
 from fideslog.sdk.python.event import AnalyticsEvent
 from loguru import logger
 from starlette.background import BackgroundTask
-from urllib.parse import unquote
 from uvicorn import Config, Server
 
 import fides
@@ -160,7 +160,9 @@ def sanitise_url_path(path: str) -> str:
     path = os.path.normpath(path)
     for token in path.split("/"):
         if ".." in token:
-            logger.warning(f"Potentially dangerous use of URL hierarchy in path: {path}")
+            logger.warning(
+                f"Potentially dangerous use of URL hierarchy in path: {path}"
+            )
             raise MalisciousUrlException()
     return path
 
diff --git a/src/fides/api/models/privacy_preference.py b/src/fides/api/models/privacy_preference.py
index f18f41c446..7c9d3b787c 100644
--- a/src/fides/api/models/privacy_preference.py
+++ b/src/fides/api/models/privacy_preference.py
@@ -3,7 +3,7 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Any, Dict, Optional, Type
+from typing import Any, Dict, Optional, Tuple, Type
 
 from sqlalchemy import ARRAY, Column, DateTime
 from sqlalchemy import Enum as EnumColumn
@@ -205,6 +205,24 @@ def create(
         data: dict[str, Any],
         check_name: bool = False,
     ) -> PrivacyPreferenceHistory:
+        """Method that creates a PrivacyPreferenceRecord and upserts a CurrentPrivacyPreference record.
+
+        The only difference between this and PrivacyPreference.create_history_and_upsert_current_preference
+        is the response.
+        """
+        history, _ = cls.create_history_and_upsert_current_preference(
+            db, data=data, check_name=check_name
+        )
+        return history
+
+    @classmethod
+    def create_history_and_upsert_current_preference(
+        cls: Type[PrivacyPreferenceHistory],
+        db: Session,
+        *,
+        data: dict[str, Any],
+        check_name: bool = False,
+    ) -> Tuple[PrivacyPreferenceHistory, CurrentPrivacyPreference]:
         """Create a PrivacyPreferenceHistory record and then upsert the CurrentPrivacyPreference record.
         If separate CurrentPrivacyPreferences exist for both a verified provided identity and a fides user device
         id provided identity, consolidate these "current" preferences into a single record.
@@ -285,11 +303,11 @@ def create(
         if current_preference:
             current_preference.update(db=db, data=current_privacy_preference_data)
         else:
-            CurrentPrivacyPreference.create(
+            current_preference = CurrentPrivacyPreference.create(
                 db=db, data=current_privacy_preference_data, check_name=False
             )
 
-        return created_privacy_preference_history
+        return created_privacy_preference_history, current_preference
 
 
 class CurrentPrivacyPreference(Base):
diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index a7283b8980..e832940d0d 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -323,7 +323,9 @@ def create_connection_config_from_template_no_save(
     )
 
     data = {
-        "key": template_values.key if template_values.key else template_values.instance_key,
+        "key": template_values.key
+        if template_values.key
+        else template_values.instance_key,
         "description": template_values.description,
         "connection_type": ConnectionType.saas,
         "access": AccessLevel.write,
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index e6b9e46be4..4758426591 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -706,8 +706,9 @@ def test_patch_http_connection_successful_analytics(
         assert call_args[4] is None
         assert call_args[5] is None
 
-
-    def test_patch_connections_no_name(self, api_client, generate_auth_header, url, payload):
+    def test_patch_connections_no_name(
+        self, api_client, generate_auth_header, url, payload
+    ):
         auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
         del payload[0]["name"]
         response = api_client.patch(url, headers=auth_header, json=payload)
diff --git a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
index 70845423c2..c7d6b901e6 100644
--- a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
@@ -1146,7 +1146,6 @@ def test_connection_config_name_already_exists(
         # names don't have to be unique
         assert resp.status_code == 200
 
-
     def test_create_connection_from_template_without_supplying_connection_key(
         self, db, generate_auth_header, api_client, base_url
     ):
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index 7a8f5edcea..b737ea93ad 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -339,7 +339,6 @@ def test_connection_config_name_already_exists(
         # names don't have to be unique
         assert resp.status_code == 200
 
-
     def test_create_connection_from_template_without_supplying_connection_key(
         self, db, generate_auth_header, api_client, base_url
     ):
diff --git a/tests/ops/models/test_privacy_preference.py b/tests/ops/models/test_privacy_preference.py
index a51ac2f1d6..a1cafff501 100644
--- a/tests/ops/models/test_privacy_preference.py
+++ b/tests/ops/models/test_privacy_preference.py
@@ -9,7 +9,6 @@
     IdentityNotFoundException,
     PrivacyNoticeHistoryNotFound,
 )
-from fides.api.models.privacy_notice import PrivacyNoticeRegion
 from fides.api.models.privacy_preference import (
     PrivacyPreferenceHistory,
     RequestOrigin,
@@ -246,6 +245,72 @@ def test_create_privacy_preference(
         preference_history_record.delete(db)
         next_preference_history_record.delete(db)
 
+    def test_create_history_and_upsert_current_preferences(
+        self,
+        db,
+        privacy_notice,
+    ):
+        provided_identity_data = {
+            "privacy_request_id": None,
+            "field_name": "email",
+            "hashed_value": ProvidedIdentity.hash_value("test@email.com"),
+            "encrypted_value": {"value": "test@email.com"},
+        }
+        fides_user_provided_identity_data = {
+            "privacy_request_id": None,
+            "field_name": "fides_user_device_id",
+            "hashed_value": ProvidedIdentity.hash_value(
+                "test_fides_user_device_id_1234567"
+            ),
+            "encrypted_value": {"value": "test_fides_user_device_id_1234567"},
+        }
+        provided_identity = ProvidedIdentity.create(db, data=provided_identity_data)
+        fides_user_provided_identity = ProvidedIdentity.create(
+            db, data=fides_user_provided_identity_data
+        )
+
+        privacy_notice_history = privacy_notice.histories[0]
+
+        email, hashed_email = extract_identity_from_provided_identity(
+            provided_identity, ProvidedIdentityType.email
+        )
+        phone_number, hashed_phone_number = extract_identity_from_provided_identity(
+            provided_identity, ProvidedIdentityType.phone_number
+        )
+        (
+            fides_user_device_id,
+            hashed_device_id,
+        ) = extract_identity_from_provided_identity(
+            fides_user_provided_identity, ProvidedIdentityType.fides_user_device_id
+        )
+
+        (
+            preference_history_record,
+            current_record,
+        ) = PrivacyPreferenceHistory.create_history_and_upsert_current_preference(
+            db=db,
+            data={
+                "email": email,
+                "fides_user_device": fides_user_device_id,
+                "fides_user_device_provided_identity_id": fides_user_provided_identity.id,
+                "hashed_email": hashed_email,
+                "hashed_fides_user_device": hashed_device_id,
+                "hashed_phone_number": hashed_phone_number,
+                "phone_number": phone_number,
+                "preference": "opt_out",
+                "privacy_notice_history_id": privacy_notice_history.id,
+                "provided_identity_id": provided_identity.id,
+                "request_origin": "privacy_center",
+                "secondary_user_ids": {"ga_client_id": "test"},
+                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24",
+                "user_geography": "us_ca",
+                "url_recorded": "example.com/privacy_center",
+            },
+            check_name=False,
+        )
+
+        assert current_record == preference_history_record.current_privacy_preference
+
     def test_cache_system_status(self, privacy_preference_history, db):
         assert privacy_preference_history.affected_system_status == {}
 

From 3add450ec06befdb7485df957b164da695a71fd0 Mon Sep 17 00:00:00 2001
From: Steve Murphy <steven.d.murphy@gmail.com>
Date: Thu, 6 Jul 2023 11:42:42 +0100
Subject: [PATCH 58/90] Update CHANGELOG for `2.15.1` (#3735)

Co-authored-by: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
---
 CHANGELOG.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ea0b004440..27efc56c22 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,17 +15,15 @@ The types of changes are:
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
-## [Unreleased](https://github.com/ethyca/fides/compare/2.15.0...main)
+## [Unreleased](https://github.com/ethyca/fides/compare/2.15.1...main)
 
 ### Added
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
 - GPC indicators in fides-js banner and modal [#3673](https://github.com/ethyca/fides/pull/3673)
-- Set `sslmode` to `prefer` if connecting to Redshift via ssh [#3685](https://github.com/ethyca/fides/pull/3685)
 - Include `data_use` and `data_category` metadata in `upload` of access results [#3674](https://github.com/ethyca/fides/pull/3674)
 
 ### Fixed
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
-- Handle names with a double underscore when processing access and erasure requests [#3688](https://github.com/ethyca/fides/pull/3688)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 - Privacy center and fides-js now pass in `Unescape-Safestr` as a header so that special characters can be rendered properly [#3706](https://github.com/ethyca/fides/pull/3706)
@@ -33,7 +31,6 @@ The types of changes are:
 
 ### Developer Experience
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
-- Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
@@ -42,8 +39,23 @@ The types of changes are:
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
+
+
+## [2.15.1](https://github.com/ethyca/fides/compare/2.15.0...2.15.1)
+
+### Added
+- Set `sslmode` to `prefer` if connecting to Redshift via ssh [#3685](https://github.com/ethyca/fides/pull/3685)
+
+### Changed
 - Privacy center action cards are now able to expand to accommodate longer text [#3669](https://github.com/ethyca/fides/pull/3669)
 
+### Fixed
+- Handle names with a double underscore when processing access and erasure requests [#3688](https://github.com/ethyca/fides/pull/3688)
+- Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
+
+### Security
+- Resolve path traversal vulnerability in webserver API [CVE-2023-36827](https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq)
+
 
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
 

From 8b73b24c3ea043ab398974406018472cd252732f Mon Sep 17 00:00:00 2001
From: Robert Keyser <39230492+RobertKeyser@users.noreply.github.com>
Date: Thu, 6 Jul 2023 10:14:50 -0500
Subject: [PATCH 59/90] Treat Underscore as a Special Character for Passwords
 (#3717)

---
 CHANGELOG.md                                        |  2 ++
 .../admin-ui/src/features/common/form/validation.ts |  2 +-
 src/fides/api/schemas/user.py                       |  2 +-
 tests/ops/api/v1/endpoints/test_user_endpoints.py   | 13 +++++++++++++
 4 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27efc56c22..dec07eec94 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,8 @@ The types of changes are:
 
 ### Developer Experience
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
+- Treat underscores as special characters in user passwords [#3717](https://github.com/ethyca/fides/pull/3717)
+- Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 
 ### Changed
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
diff --git a/clients/admin-ui/src/features/common/form/validation.ts b/clients/admin-ui/src/features/common/form/validation.ts
index 5f691a6961..c0c78be891 100644
--- a/clients/admin-ui/src/features/common/form/validation.ts
+++ b/clients/admin-ui/src/features/common/form/validation.ts
@@ -6,4 +6,4 @@ export const passwordValidation = Yup.string()
   .matches(/[0-9]/, "Password must have at least one number.")
   .matches(/[A-Z]/, "Password must have at least one capital letter.")
   .matches(/[a-z]/, "Password must have at least one lowercase letter.")
-  .matches(/[\W]/, "Password must have at least one symbol.");
+  .matches(/[\W_]/, "Password must have at least one symbol.");
diff --git a/src/fides/api/schemas/user.py b/src/fides/api/schemas/user.py
index de5b37a035..84f1ce4c2d 100644
--- a/src/fides/api/schemas/user.py
+++ b/src/fides/api/schemas/user.py
@@ -46,7 +46,7 @@ def validate_password(cls, password: str) -> str:
             raise ValueError("Password must have at least one capital letter.")
         if re.search("[a-z]", decoded_password) is None:
             raise ValueError("Password must have at least one lowercase letter.")
-        if re.search(r"[\W]", decoded_password) is None:
+        if re.search(r"[\W_]", decoded_password) is None:
             raise ValueError("Password must have at least one symbol.")
 
         return decoded_password
diff --git a/tests/ops/api/v1/endpoints/test_user_endpoints.py b/tests/ops/api/v1/endpoints/test_user_endpoints.py
index 88c83a4a0b..2a057c400f 100644
--- a/tests/ops/api/v1/endpoints/test_user_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_user_endpoints.py
@@ -163,6 +163,19 @@ def test_create_user(
             VIEWER
         ], "User given viewer role by default on create"
 
+    def test_underscore_in_password(
+        self,
+        api_client,
+        generate_auth_header,
+        url,
+    ) -> None:
+        auth_header = generate_auth_header([USER_CREATE])
+        body = {"username": "test_user", "password": str_to_b64_str("Test_passw0rd")}
+
+        response = api_client.post(url, headers=auth_header, json=body)
+
+        assert HTTP_201_CREATED == response.status_code
+
     def test_create_user_as_root(
         self,
         db,

From c4640a838ededce66f12cb3c6a706b186bff6e43 Mon Sep 17 00:00:00 2001
From: jpople <jeremy@ethyca.com>
Date: Thu, 6 Jul 2023 11:29:11 -0400
Subject: [PATCH 60/90] 3632 clickable system tiles (#3734)

---
 CHANGELOG.md                                  | 11 +++++-----
 clients/admin-ui/cypress/e2e/systems.cy.ts    |  8 +++++++
 .../src/features/system/SystemCard.tsx        | 22 +++++++++++++------
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dec07eec94..733a564f08 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,11 +18,13 @@ The types of changes are:
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.15.1...main)
 
 ### Added
+
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
 - GPC indicators in fides-js banner and modal [#3673](https://github.com/ethyca/fides/pull/3673)
 - Include `data_use` and `data_category` metadata in `upload` of access results [#3674](https://github.com/ethyca/fides/pull/3674)
 
 ### Fixed
+
 - Render linebreaks in the Fides.js overlay descriptions, etc. [#3665](https://github.com/ethyca/fides/pull/3665)
 - Broken link to Fides docs site on the About Fides page in Admin UI [#3643](https://github.com/ethyca/fides/pull/3643)
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
@@ -30,17 +32,20 @@ The types of changes are:
 - Fixed ValidationError for saving PrivacyPreferences [#3719](https://github.com/ethyca/fides/pull/3719)
 
 ### Developer Experience
+
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
 - Treat underscores as special characters in user passwords [#3717](https://github.com/ethyca/fides/pull/3717)
 - Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 
 ### Changed
+
 - Moved GPC preferences slightly earlier in Fides.js lifecycle [#3561](https://github.com/ethyca/fides/pull/3561)
 - Changed results from clicking "Test connection" to be a toast instead of statically displayed on the page [#3700](https://github.com/ethyca/fides/pull/3700)
 - Moved "management" tab from nav into settings icon in top right [#3701](https://github.com/ethyca/fides/pull/3701)
 - Remove name and description fields from integration form [#3684](https://github.com/ethyca/fides/pull/3684)
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
+- In "view systems", system cards can now be clicked and link to that system's `configure/[id]` page [#3734](https://github.com/ethyca/fides/pull/3734)
 
 
 ## [2.15.1](https://github.com/ethyca/fides/compare/2.15.0...2.15.1)
@@ -58,10 +63,10 @@ The types of changes are:
 ### Security
 - Resolve path traversal vulnerability in webserver API [CVE-2023-36827](https://github.com/ethyca/fides/security/advisories/GHSA-r25m-cr6v-p9hq)
 
-
 ## [2.15.0](https://github.com/ethyca/fides/compare/2.14.1...2.15.0)
 
 ### Added
+
 - Privacy center can now render its consent values based on Privacy Notices and Privacy Experiences [#3411](https://github.com/ethyca/fides/pull/3411)
 - Add Google Tag Manager and Privacy Center ENV vars to sample app [#2949](https://github.com/ethyca/fides/pull/2949)
 - Add `notice_key` field to Privacy Notice UI form [#3403](https://github.com/ethyca/fides/pull/3403)
@@ -163,7 +168,6 @@ The types of changes are:
 
 - Update privacy centre email and phone validation to allow for both to be blank [#3432](https://github.com/ethyca/fides/pull/3432)
 
-
 ## [2.14.0](https://github.com/ethyca/fides/compare/2.13.0...2.14.0)
 
 ### Added
@@ -215,7 +219,6 @@ The types of changes are:
 
 - Remove `fides export` command and backing code [#3256](https://github.com/ethyca/fides/pull/3256)
 
-
 ## [2.13.0](https://github.com/ethyca/fides/compare/2.12.1...2.13.0)
 
 ### Added
@@ -313,7 +316,6 @@ The types of changes are:
 - Fixed unit tests for saas connector type endpoints now that we have >50 [#3101](https://github.com/ethyca/fides/pull/3101)
 - Fixed nox docs link [#3121](https://github.com/ethyca/fides/pull/3121/files)
 
-
 ### Developer Experience
 
 - Update fides deploy to use a new database.load_samples setting to initialize sample Systems, Datasets, and Connections for testing [#3102](https://github.com/ethyca/fides/pull/3102)
@@ -321,7 +323,6 @@ The types of changes are:
 - Add smoke tests for consent management [#3158](https://github.com/ethyca/fides/pull/3158)
 - Added nox command that opens dev docs [#3082](https://github.com/ethyca/fides/pull/3082)
 
-
 ## [2.11.0](https://github.com/ethyca/fides/compare/2.10.0...2.11.0)
 
 ### Added
diff --git a/clients/admin-ui/cypress/e2e/systems.cy.ts b/clients/admin-ui/cypress/e2e/systems.cy.ts
index a3f9c03e1d..94a83b4121 100644
--- a/clients/admin-ui/cypress/e2e/systems.cy.ts
+++ b/clients/admin-ui/cypress/e2e/systems.cy.ts
@@ -292,6 +292,14 @@ describe("System management page", () => {
       cy.getByTestId("system-not-found");
     });
 
+    it("Can go to a system's edit page by clicking its card", () => {
+      cy.visit(SYSTEM_ROUTE);
+      cy.getByTestId("system-fidesctl_system").within(() => {
+        cy.getByTestId("system-box").click();
+      });
+      cy.url().should("contain", "/systems/configure/fidesctl_system");
+    });
+
     it("Can go through the edit flow", () => {
       cy.getByTestId("system-fidesctl_system").within(() => {
         cy.getByTestId("more-btn").click();
diff --git a/clients/admin-ui/src/features/system/SystemCard.tsx b/clients/admin-ui/src/features/system/SystemCard.tsx
index ada914e2bb..5c3c59a3c0 100644
--- a/clients/admin-ui/src/features/system/SystemCard.tsx
+++ b/clients/admin-ui/src/features/system/SystemCard.tsx
@@ -11,6 +11,7 @@ import {
   useDisclosure,
   useToast,
 } from "@fidesui/react";
+import Link from "next/link";
 import { useRouter } from "next/router";
 
 import { useAppDispatch } from "~/app/hooks";
@@ -57,14 +58,21 @@ const SystemCard = ({ system }: SystemCardProps) => {
 
   return (
     <Box display="flex" data-testid={`system-${system.fides_key}`}>
-      <Box flexGrow={1} p={4}>
-        <Heading as="h2" fontSize="16px" mb={2}>
-          {systemName}
-        </Heading>
-        <Box color="gray.600" fontSize="14px">
-          <Text>{system.description}</Text>
+      <Link href={`${SYSTEM_ROUTE}/configure/${system.fides_key}`} passHref>
+        <Box
+          flexGrow={1}
+          p={4}
+          data-testid="system-box"
+          _hover={{ cursor: "pointer" }}
+        >
+          <Heading as="h2" fontSize="16px" mb={2}>
+            {systemName}
+          </Heading>
+          <Box color="gray.600" fontSize="14px">
+            <Text>{system.description}</Text>
+          </Box>
         </Box>
-      </Box>
+      </Link>
       <Menu>
         <MenuButton
           as={IconButton}

From 5aea738463960d81821c11ae7ade1d627a46bf32 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Thu, 6 Jul 2023 09:46:17 -0700
Subject: [PATCH 61/90] Merge pull request from GHSA-g95c-2jgm-hqc6

Co-authored-by: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
---
 .../saas/connector_registry_service.py        |  4 +++
 src/fides/api/util/unsafe_file_util.py        | 34 +++++++++++++++++++
 tests/ops/util/test_unsafe_file_util.py       | 26 ++++++++++++++
 3 files changed, 64 insertions(+)
 create mode 100644 src/fides/api/util/unsafe_file_util.py
 create mode 100644 tests/ops/util/test_unsafe_file_util.py

diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index e832940d0d..aab226ada2 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -40,6 +40,7 @@
     replace_dataset_placeholders,
     replace_version,
 )
+from fides.api.util.unsafe_file_util import verify_zip
 from fides.config import CONFIG
 
 
@@ -181,6 +182,9 @@ def save_template(cls, db: Session, zip_file: ZipFile) -> None:
         custom connector template, registers the template, and saves it to the database.
         """
 
+        # verify the zip file before we use it
+        verify_zip(zip_file)
+
         config_contents = None
         dataset_contents = None
         icon_contents = None
diff --git a/src/fides/api/util/unsafe_file_util.py b/src/fides/api/util/unsafe_file_util.py
new file mode 100644
index 0000000000..d8ef9bc627
--- /dev/null
+++ b/src/fides/api/util/unsafe_file_util.py
@@ -0,0 +1,34 @@
+from typing import Optional
+from zipfile import ZipFile
+
+MAX_FILE_SIZE = 16 * 1024 * 1024  # 16 MB
+CHUNK_SIZE = 1024
+
+
+def verify_zip(zip_file: ZipFile, max_file_size: Optional[int] = None) -> None:
+    """
+    Function to safely verify the contents of zipped files. It prevents potential
+    'zip bomb' attacks by checking the file size of the files in the zip without fully
+    extracting them. If the size of any file in the zip exceeds the specified
+    max_file_size, it raises a ValueError. If the max_file_size is not provided,
+    it uses a default value of 16 MB.
+
+    :param zip_file: A ZipFile object to be verified.
+    :param max_file_size: An optional integer specifying the maximum bytes allowed per file. If not provided, a default value is used.
+    :raises ValueError: If a file in the zip file exceeds the maximum allowed size
+    """
+
+    if max_file_size is None:
+        max_file_size = MAX_FILE_SIZE
+
+    for file_info in zip_file.infolist():
+        file_size = 0
+
+        with zip_file.open(file_info) as file:
+            # wraps the file read in an iterator that stops once no bytes
+            # are returned or the max file size is reached
+            for chunk in iter(lambda: file.read(CHUNK_SIZE), b""):
+                file_size += len(chunk)
+
+                if file_size > max_file_size:
+                    raise ValueError("File size exceeds maximum allowed size")
diff --git a/tests/ops/util/test_unsafe_file_util.py b/tests/ops/util/test_unsafe_file_util.py
new file mode 100644
index 0000000000..d452bcf23c
--- /dev/null
+++ b/tests/ops/util/test_unsafe_file_util.py
@@ -0,0 +1,26 @@
+from io import BytesIO
+from zipfile import ZipFile
+
+import pytest
+
+from fides.api.util.unsafe_file_util import verify_zip
+from tests.ops.test_helpers.saas_test_utils import create_zip_file
+
+
+class TestVerifyZip:
+    @pytest.fixture
+    def zip_file(self) -> BytesIO:
+        return create_zip_file(
+            {
+                "config.yml": "This file isn't that big, but it will be considered suspicious if the max file size is set too low",
+            }
+        )
+
+    def test_verify_zip(self, zip_file):
+        verify_zip(ZipFile(zip_file))
+
+    def test_verify_zip_with_small_file_size_limit(self, zip_file):
+        """We set the max file size to 1 byte, so the zip file should be rejected."""
+        with pytest.raises(ValueError) as exc:
+            verify_zip(ZipFile(zip_file), 1)
+        assert "File size exceeds maximum allowed size" in str(exc.value)

From 8beaace082b325e693dc7682029a3cb7e6c2b69d Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Thu, 6 Jul 2023 10:40:19 -0700
Subject: [PATCH 62/90] Merge pull request from GHSA-3rw2-wfc8-wmj5

* Adding checks for malicious SVGs

* Fixing merge conflicts

---------

Co-authored-by: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
---
 requirements.txt                              |  1 +
 .../saas/connector_registry_service.py        |  3 +-
 src/fides/api/util/unsafe_file_util.py        | 24 +++++++++
 tests/ops/util/test_unsafe_file_util.py       | 49 ++++++++++++++++++-
 4 files changed, 75 insertions(+), 2 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 90ee39b71b..8b92504e32 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,6 +8,7 @@ colorama>=0.4.3
 cryptography==38.0.3
 dask==2022.9.2
 deepdiff==6.3.0
+defusedxml==0.7.1
 expandvars==0.9.0
 fastapi[all]==0.89.1
 fastapi-caching[redis]==0.3.0
diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index aab226ada2..fe37d50ad1 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -40,7 +40,7 @@
     replace_dataset_placeholders,
     replace_version,
 )
-from fides.api.util.unsafe_file_util import verify_zip
+from fides.api.util.unsafe_file_util import verify_svg, verify_zip
 from fides.config import CONFIG
 
 
@@ -214,6 +214,7 @@ def save_template(cls, db: Session, zip_file: ZipFile) -> None:
                     )
             elif info.filename.endswith(".svg"):
                 if not icon_contents:
+                    verify_svg(file_contents)
                     icon_contents = str_to_b64_str(file_contents)
                 else:
                     raise ValidationError(
diff --git a/src/fides/api/util/unsafe_file_util.py b/src/fides/api/util/unsafe_file_util.py
index d8ef9bc627..5c5d99a409 100644
--- a/src/fides/api/util/unsafe_file_util.py
+++ b/src/fides/api/util/unsafe_file_util.py
@@ -1,10 +1,34 @@
 from typing import Optional
 from zipfile import ZipFile
 
+from defusedxml.ElementTree import fromstring
+
+from fides.api.common_exceptions import ValidationError
+
 MAX_FILE_SIZE = 16 * 1024 * 1024  # 16 MB
 CHUNK_SIZE = 1024
 
 
+def verify_svg(contents: str) -> None:
+    """
+    Verifies the provided SVG content.
+
+    This function checks the given SVG content string for potential issues and throws an exception if any are found.
+    It first attempts to parse the SVG content using 'defusedxml.fromstring'. If the parsing is unsuccessful, this
+    will raise an exception, indicating that the SVG content may contain unsafe XML.
+
+    :param contents: The SVG content as a string.
+    :raises ValidationError: If the SVG content contains unsafe XML or 'use xlink'
+    """
+    try:
+        fromstring(contents)
+    except Exception:
+        raise ValidationError("SVG file contains unsafe XML.")
+
+    if "use xlink" in contents:
+        raise ValidationError("SVG files with xlink references are not allowed.")
+
+
 def verify_zip(zip_file: ZipFile, max_file_size: Optional[int] = None) -> None:
     """
     Function to safely verify the contents of zipped files. It prevents potential
diff --git a/tests/ops/util/test_unsafe_file_util.py b/tests/ops/util/test_unsafe_file_util.py
index d452bcf23c..3cadda9b07 100644
--- a/tests/ops/util/test_unsafe_file_util.py
+++ b/tests/ops/util/test_unsafe_file_util.py
@@ -3,10 +3,57 @@
 
 import pytest
 
-from fides.api.util.unsafe_file_util import verify_zip
+from fides.api.common_exceptions import ValidationError
+from fides.api.util.unsafe_file_util import verify_svg, verify_zip
 from tests.ops.test_helpers.saas_test_utils import create_zip_file
 
 
+class TestVerifySvg:
+    def test_verify_svg(self):
+        verify_svg(
+            """<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100">
+                <circle cx="50" cy="50" r="40"/>
+            </svg>
+            """
+        )
+
+    def test_verify_svg_no_laughing_allowed(self):
+        """Test "billion laughs attack" is prevented"""
+        with pytest.raises(ValidationError) as exc:
+            verify_svg(
+                """<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+                <!DOCTYPE svg [
+                <!ENTITY lol "lol">
+                <!ELEMENT lolz (#PCDATA)>
+                <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
+                <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
+                <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
+                <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
+                <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
+                <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
+                <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
+                <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
+                <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
+                ]>
+                <svg>
+                    <lolz>&lol9;</lolz>
+                </svg>
+                """
+            )
+        assert "SVG file contains unsafe XML." in str(exc.value)
+
+    def test_verify_svg_with_xlink(self):
+        with pytest.raises(ValidationError) as exc:
+            verify_svg(
+                """<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 100 100">
+                    <circle id="circle" cx="50" cy="50" r="40"/>
+                    <use xlink:href="#circle"/>
+                </svg>
+                """
+            )
+        assert "SVG files with xlink references are not allowed." in str(exc.value)
+
+
 class TestVerifyZip:
     @pytest.fixture
     def zip_file(self) -> BytesIO:

From 3374452f06a5bc6a1c86fc92e844d9c0be0f64af Mon Sep 17 00:00:00 2001
From: Kelsey Thomas <101993653+Kelsey-Ethyca@users.noreply.github.com>
Date: Thu, 6 Jul 2023 14:30:10 -0700
Subject: [PATCH 63/90] Updated CHANGELOG.md for release 2.16.0 (#3742)

---
 CHANGELOG.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 733a564f08..439633de0d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,7 +15,9 @@ The types of changes are:
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
-## [Unreleased](https://github.com/ethyca/fides/compare/2.15.1...main)
+## [Unreleased](https://github.com/ethyca/fides/compare/2.16.0...main)
+
+## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
 ### Added
 

From 827541d68502264db8b18c51b7385f9643589b57 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Fri, 7 Jul 2023 05:45:59 -0700
Subject: [PATCH 64/90] Fixing misc test failures (#3744)

---
 pyproject.toml                          | 3 ++-
 src/fides/api/util/unsafe_file_util.py  | 2 +-
 tests/fixtures/saas_example_fixtures.py | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index e9514397b7..49622cbda3 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -39,8 +39,10 @@ module = [
   "botocore.*",
   "bson.*",
   "celery.*",
+  "citext.*",
   "dask.*",
   "deepdiff.*",
+  "defusedxml.ElementTree.*",
   "fideslang.*",
   "fideslog.*",
   "firebase_admin.*",
@@ -62,7 +64,6 @@ module = [
   "twilio.*",
   "uvicorn.*",
   "validators.*",
-  "citext.*",
 ]
 ignore_missing_imports = true
 
diff --git a/src/fides/api/util/unsafe_file_util.py b/src/fides/api/util/unsafe_file_util.py
index 5c5d99a409..1b1123178e 100644
--- a/src/fides/api/util/unsafe_file_util.py
+++ b/src/fides/api/util/unsafe_file_util.py
@@ -51,7 +51,7 @@ def verify_zip(zip_file: ZipFile, max_file_size: Optional[int] = None) -> None:
         with zip_file.open(file_info) as file:
             # wraps the file read in an iterator that stops once no bytes
             # are returned or the max file size is reached
-            for chunk in iter(lambda: file.read(CHUNK_SIZE), b""):
+            for chunk in iter(lambda f=file: f.read(CHUNK_SIZE), b""):  # type: ignore
                 file_size += len(chunk)
 
                 if file_size > max_file_size:
diff --git a/tests/fixtures/saas_example_fixtures.py b/tests/fixtures/saas_example_fixtures.py
index ea7d3ffcca..dc3e98090c 100644
--- a/tests/fixtures/saas_example_fixtures.py
+++ b/tests/fixtures/saas_example_fixtures.py
@@ -658,7 +658,7 @@ def planet_express_invalid_dataset() -> str:
 
 @pytest.fixture
 def planet_express_icon() -> str:
-    return encode_file_contents(
+    return load_as_string(
         "tests/fixtures/saas/test_data/planet_express/planet_express.svg"
     )
 

From bf0efa28ca125e9ece890bf787db400f27be7938 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew.c.j1995@gmail.com>
Date: Fri, 7 Jul 2023 10:17:06 -0400
Subject: [PATCH 65/90] Fix integration tab permissions (#3707)

---
 CHANGELOG.md                                  |   1 +
 .../api/v1/endpoints/connection_endpoints.py  |  53 +-
 .../api/api/v1/endpoints/dataset_endpoints.py |   2 +-
 .../v1/endpoints/policy_webhook_endpoints.py  |   4 +-
 src/fides/api/api/v1/endpoints/system.py      |  47 +-
 src/fides/api/app_setup.py                    |  12 +-
 src/fides/api/oauth/system_manager.py         |  16 +-
 .../system_manager_oauth_util.py              |   0
 src/fides/api/util/connection_util.py         |  47 ++
 tests/lib/test_system_oauth_util.py           |   2 +-
 tests/ops/api/v1/endpoints/test_system.py     | 461 ++++++++++++++++--
 11 files changed, 536 insertions(+), 109 deletions(-)
 rename src/fides/api/{util => oauth}/system_manager_oauth_util.py (100%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 439633de0d..2cad7a14ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -57,6 +57,7 @@ The types of changes are:
 
 ### Changed
 - Privacy center action cards are now able to expand to accommodate longer text [#3669](https://github.com/ethyca/fides/pull/3669)
+- Update integration endpoint permissions [#3707](https://github.com/ethyca/fides/pull/3707)
 
 ### Fixed
 - Handle names with a double underscore when processing access and erasure requests [#3688](https://github.com/ethyca/fides/pull/3688)
diff --git a/src/fides/api/api/v1/endpoints/connection_endpoints.py b/src/fides/api/api/v1/endpoints/connection_endpoints.py
index 2e414d32f5..eed569b032 100644
--- a/src/fides/api/api/v1/endpoints/connection_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_endpoints.py
@@ -2,7 +2,7 @@
 
 from typing import List, Optional
 
-from fastapi import Depends, HTTPException
+from fastapi import Depends
 from fastapi.params import Query, Security
 from fastapi_pagination import Page, Params
 from fastapi_pagination.bases import AbstractPage
@@ -13,7 +13,7 @@
 from sqlalchemy import null, or_
 from sqlalchemy.orm import Session
 from sqlalchemy_utils import escape_like
-from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND
+from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT
 
 from fides.api.api import deps
 from fides.api.common_exceptions import ClientUnsuccessfulException, ConnectionException
@@ -22,10 +22,6 @@
     ConnectionTestStatus,
     ConnectionType,
 )
-from fides.api.models.datasetconfig import DatasetConfig
-from fides.api.models.sql_models import ( # type: ignore[attr-defined]
-    Dataset as CtlDataset,
-)
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.connection_configuration import connection_secrets_schemas
 from fides.api.schemas.connection_configuration.connection_config import (
@@ -41,8 +37,9 @@
 from fides.api.service.connectors import get_connector
 from fides.api.util.api_router import APIRouter
 from fides.api.util.connection_util import (
+    delete_connection_config,
+    get_connection_config_or_error,
     patch_connection_configs,
-    requeue_requires_input_requests,
     validate_secrets,
 )
 from fides.api.util.logger import Pii
@@ -62,20 +59,6 @@
 router = APIRouter(tags=["Connections"], prefix=V1_URL_PREFIX)
 
 
-def get_connection_config_or_error(
-    db: Session, connection_key: FidesKey
-) -> ConnectionConfig:
-    """Helper to load the ConnectionConfig object or throw a 404"""
-    connection_config = ConnectionConfig.get_by(db, field="key", value=connection_key)
-    logger.info("Finding connection configuration with key '{}'", connection_key)
-    if not connection_config:
-        raise HTTPException(
-            status_code=HTTP_404_NOT_FOUND,
-            detail=f"No connection configuration found with key '{connection_key}'.",
-        )
-    return connection_config
-
-
 @router.get(
     CONNECTIONS,
     dependencies=[Security(verify_oauth_client, scopes=[CONNECTION_READ])],
@@ -216,33 +199,7 @@ def patch_connections(
 def delete_connection(
     connection_key: FidesKey, *, db: Session = Depends(deps.get_db)
 ) -> None:
-    """Removes the connection configuration with matching key."""
-    connection_config = get_connection_config_or_error(db, connection_key)
-    connection_type = connection_config.connection_type
-    logger.info("Deleting connection config with key '{}'.", connection_key)
-    if connection_config.saas_config:
-        saas_dataset_fides_key = connection_config.saas_config.get("fides_key")
-
-        dataset_config = db.query(DatasetConfig).filter(
-            DatasetConfig.connection_config_id == connection_config.id
-        )
-        dataset_config.delete(synchronize_session="evaluate")
-
-        if saas_dataset_fides_key:
-            logger.info("Deleting saas dataset with key '{}'.", saas_dataset_fides_key)
-            saas_dataset = (
-                db.query(CtlDataset)
-                .filter(CtlDataset.fides_key == saas_dataset_fides_key)
-                .first()
-            )
-            saas_dataset.delete(db)  # type: ignore[union-attr]
-
-    connection_config.delete(db)
-
-    # Access Manual Webhooks are cascade deleted if their ConnectionConfig is deleted,
-    # so we queue any privacy requests that are no longer blocked by webhooks
-    if connection_type == ConnectionType.manual_webhook:
-        requeue_requires_input_requests(db)
+    delete_connection_config(db, connection_key)
 
 
 def connection_status(
diff --git a/src/fides/api/api/v1/endpoints/dataset_endpoints.py b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
index f1b59dbd5a..fc329f5348 100644
--- a/src/fides/api/api/v1/endpoints/dataset_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
@@ -37,7 +37,7 @@
     convert_dataset_to_graph,
     to_graph_field,
 )
-from fides.api.models.sql_models import ( # type: ignore[attr-defined]
+from fides.api.models.sql_models import (  # type: ignore[attr-defined]
     Dataset as CtlDataset,
 )
 from fides.api.oauth.utils import verify_oauth_client
diff --git a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
index 3d68b4e5e9..9a703f6172 100644
--- a/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/policy_webhook_endpoints.py
@@ -12,9 +12,6 @@
 from starlette.status import HTTP_200_OK, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
-from fides.api.api.v1.endpoints.connection_endpoints import (
-    get_connection_config_or_error,
-)
 from fides.api.api.v1.endpoints.policy_endpoints import get_policy_or_error
 from fides.api.common_exceptions import KeyOrNameAlreadyExists, WebhookOrderException
 from fides.api.db.base_class import get_key_from_data
@@ -28,6 +25,7 @@
 from fides.api.schemas import policy_webhooks as schemas
 from fides.api.schemas.policy_webhooks import PolicyWebhookDeleteResponse
 from fides.api.util.api_router import APIRouter
+from fides.api.util.connection_util import get_connection_config_or_error
 from fides.common.api import scope_registry as scopes
 from fides.common.api.v1 import urn_registry as urls
 
diff --git a/src/fides/api/api/v1/endpoints/system.py b/src/fides/api/api/v1/endpoints/system.py
index 1c56ab7c92..fd359a23b0 100644
--- a/src/fides/api/api/v1/endpoints/system.py
+++ b/src/fides/api/api/v1/endpoints/system.py
@@ -5,11 +5,12 @@
 from fastapi_pagination.bases import AbstractPage
 from fastapi_pagination.ext.sqlalchemy import paginate
 from fideslang.models import System as SystemSchema
+from fideslang.validation import FidesKey
 from pydantic.types import conlist
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import Session
 from starlette import status
-from starlette.status import HTTP_200_OK
+from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.saas_config_endpoints import instantiate_connection
@@ -28,7 +29,12 @@
 )
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.sql_models import System  # type: ignore[attr-defined]
-from fides.api.oauth.utils import verify_oauth_client, verify_oauth_client_prod
+from fides.api.oauth.system_manager_oauth_util import (
+    verify_oauth_client_for_system_from_fides_key,
+    verify_oauth_client_for_system_from_fides_key_cli,
+    verify_oauth_client_for_system_from_request_body_cli,
+)
+from fides.api.oauth.utils import verify_oauth_client_prod
 from fides.api.schemas.connection_configuration.connection_config import (
     BulkPutConnectionConfiguration,
     ConnectionConfigurationResponse,
@@ -38,13 +44,13 @@
 )
 from fides.api.schemas.system import SystemResponse
 from fides.api.util.api_router import APIRouter
-from fides.api.util.connection_util import patch_connection_configs
-from fides.api.util.system_manager_oauth_util import (
-    verify_oauth_client_for_system_from_fides_key_cli,
-    verify_oauth_client_for_system_from_request_body_cli,
+from fides.api.util.connection_util import (
+    delete_connection_config,
+    patch_connection_configs,
 )
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_DELETE,
     CONNECTION_READ,
     SAAS_CONNECTION_INSTANTIATE,
     SYSTEM_CREATE,
@@ -70,7 +76,11 @@
 
 @SYSTEM_CONNECTIONS_ROUTER.get(
     "",
-    dependencies=[Security(verify_oauth_client, scopes=[CONNECTION_READ])],
+    dependencies=[
+        Security(
+            verify_oauth_client_for_system_from_fides_key, scopes=[CONNECTION_READ]
+        )
+    ],
     status_code=HTTP_200_OK,
     response_model=Page[ConnectionConfigurationResponse],
 )
@@ -88,7 +98,12 @@ def get_system_connections(
 
 @SYSTEM_CONNECTIONS_ROUTER.patch(
     "",
-    dependencies=[Security(verify_oauth_client, scopes=[CONNECTION_CREATE_OR_UPDATE])],
+    dependencies=[
+        Security(
+            verify_oauth_client_for_system_from_fides_key,
+            scopes=[CONNECTION_CREATE_OR_UPDATE],
+        )
+    ],
     status_code=HTTP_200_OK,
     response_model=BulkPutConnectionConfiguration,
 )
@@ -109,6 +124,22 @@ def patch_connections(
     return patch_connection_configs(db, configs, system)
 
 
+@SYSTEM_CONNECTIONS_ROUTER.delete(
+    "/{connection_key}",
+    dependencies=[
+        Security(
+            verify_oauth_client_for_system_from_fides_key, scopes=[CONNECTION_DELETE]
+        )
+    ],
+    status_code=HTTP_204_NO_CONTENT,
+    response_model=None,
+)
+def delete_connection(
+    connection_key: FidesKey, *, db: Session = Depends(deps.get_db)
+) -> None:
+    delete_connection_config(db, connection_key)
+
+
 @SYSTEM_ROUTER.put(
     "/",
     response_model=SystemResponse,
diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index 3af79f82d3..07cf43c9b2 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -22,6 +22,12 @@
 from fides.api.db.database import configure_db
 from fides.api.db.seed import create_or_update_parent_user
 from fides.api.models.application_config import ApplicationConfig
+from fides.api.oauth.system_manager_oauth_util import (
+    get_system_fides_key,
+    get_system_schema,
+    verify_oauth_client_for_system_from_fides_key_cli,
+    verify_oauth_client_for_system_from_request_body_cli,
+)
 from fides.api.oauth.utils import get_root_client, verify_oauth_client_prod
 from fides.api.service.connectors.saas.connector_registry_service import (
     update_saas_configs,
@@ -37,12 +43,6 @@
 from fides.api.util.endpoint_utils import fides_limiter
 from fides.api.util.errors import FidesError
 from fides.api.util.logger import setup as setup_logging
-from fides.api.util.system_manager_oauth_util import (
-    get_system_fides_key,
-    get_system_schema,
-    verify_oauth_client_for_system_from_fides_key_cli,
-    verify_oauth_client_for_system_from_request_body_cli,
-)
 from fides.config import CONFIG
 
 VERSION = fides.__version__
diff --git a/src/fides/api/oauth/system_manager.py b/src/fides/api/oauth/system_manager.py
index c72eb78092..f064ef8ee7 100644
--- a/src/fides/api/oauth/system_manager.py
+++ b/src/fides/api/oauth/system_manager.py
@@ -1,5 +1,17 @@
-from fides.common.api.scope_registry import SYSTEM_DELETE, SYSTEM_UPDATE
+from fides.common.api.scope_registry import (
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_DELETE,
+    CONNECTION_READ,
+    SYSTEM_DELETE,
+    SYSTEM_UPDATE,
+)
 
 # System managers are separate from roles, because you are just granted these
 # permissions to specific system(s) not to all resources of a given type
-SYSTEM_MANAGER_SCOPES = [SYSTEM_UPDATE, SYSTEM_DELETE]
+SYSTEM_MANAGER_SCOPES = [
+    SYSTEM_UPDATE,
+    SYSTEM_DELETE,
+    CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_READ,
+    CONNECTION_DELETE,
+]
diff --git a/src/fides/api/util/system_manager_oauth_util.py b/src/fides/api/oauth/system_manager_oauth_util.py
similarity index 100%
rename from src/fides/api/util/system_manager_oauth_util.py
rename to src/fides/api/oauth/system_manager_oauth_util.py
diff --git a/src/fides/api/util/connection_util.py b/src/fides/api/util/connection_util.py
index c8d6770f42..7e014be197 100644
--- a/src/fides/api/util/connection_util.py
+++ b/src/fides/api/util/connection_util.py
@@ -1,6 +1,7 @@
 from typing import List, Optional
 
 from fastapi import HTTPException
+from fideslang.validation import FidesKey
 from loguru import logger
 from pydantic import ValidationError
 from pydantic.types import conlist
@@ -14,8 +15,10 @@
 from fides.api.common_exceptions import KeyOrNameAlreadyExists
 from fides.api.common_exceptions import ValidationError as FidesValidationError
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
+from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.models.privacy_request import PrivacyRequest, PrivacyRequestStatus
+from fides.api.models.sql_models import Dataset as CtlDataset  # type: ignore
 from fides.api.models.sql_models import System  # type: ignore
 from fides.api.schemas.api import BulkUpdateFailed
 from fides.api.schemas.connection_configuration import (
@@ -250,3 +253,47 @@ def patch_connection_configs(
         succeeded=created_or_updated,
         failed=failed,
     )
+
+
+def get_connection_config_or_error(
+    db: Session, connection_key: FidesKey
+) -> ConnectionConfig:
+    """Helper to load the ConnectionConfig object or throw a 404"""
+    connection_config = ConnectionConfig.get_by(db, field="key", value=connection_key)
+    logger.info("Finding connection configuration with key '{}'", connection_key)
+    if not connection_config:
+        raise HTTPException(
+            status_code=HTTP_404_NOT_FOUND,
+            detail=f"No connection configuration found with key '{connection_key}'.",
+        )
+    return connection_config
+
+
+def delete_connection_config(db: Session, connection_key: FidesKey) -> None:
+    """Removes the connection configuration with matching key."""
+    connection_config = get_connection_config_or_error(db, connection_key)
+    connection_type = connection_config.connection_type
+    logger.info("Deleting connection config with key '{}'.", connection_key)
+    if connection_config.saas_config:
+        saas_dataset_fides_key = connection_config.saas_config.get("fides_key")
+
+        dataset_config = db.query(DatasetConfig).filter(
+            DatasetConfig.connection_config_id == connection_config.id
+        )
+        dataset_config.delete(synchronize_session="evaluate")
+
+        if saas_dataset_fides_key:
+            logger.info("Deleting saas dataset with key '{}'.", saas_dataset_fides_key)
+            saas_dataset = (
+                db.query(CtlDataset)
+                .filter(CtlDataset.fides_key == saas_dataset_fides_key)
+                .first()
+            )
+            saas_dataset.delete(db)  # type: ignore[union-attr]
+
+    connection_config.delete(db)
+
+    # Access Manual Webhooks are cascade deleted if their ConnectionConfig is deleted,
+    # so we queue any privacy requests that are no longer blocked by webhooks
+    if connection_type == ConnectionType.manual_webhook:
+        requeue_requires_input_requests(db)
diff --git a/tests/lib/test_system_oauth_util.py b/tests/lib/test_system_oauth_util.py
index c55672e02b..7e6bd65f85 100644
--- a/tests/lib/test_system_oauth_util.py
+++ b/tests/lib/test_system_oauth_util.py
@@ -14,7 +14,7 @@
 )
 from fides.api.oauth.jwt import generate_jwe
 from fides.api.oauth.roles import OWNER, VIEWER
-from fides.api.util.system_manager_oauth_util import (
+from fides.api.oauth.system_manager_oauth_util import (
     SystemAuthContainer,
     _get_system_from_fides_key,
     _get_system_from_request_body,
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index b737ea93ad..6a28092c61 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -1,15 +1,19 @@
 import json
 from unittest import mock
+from uuid import uuid4
 
 import pytest
 from fastapi_pagination import Params
 from sqlalchemy.orm import Session
 from starlette.status import (
+    HTTP_200_OK,
     HTTP_401_UNAUTHORIZED,
     HTTP_403_FORBIDDEN,
     HTTP_404_NOT_FOUND,
+    HTTP_204_NO_CONTENT,
 )
 from starlette.testclient import TestClient
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 
 from fides.api.models.connectionconfig import (
     AccessLevel,
@@ -17,13 +21,20 @@
     ConnectionType,
 )
 from fides.api.models.datasetconfig import DatasetConfig
+from fides.api.models.fides_user import FidesUser
+from fides.api.models.manual_webhook import AccessManualWebhook
+from fides.api.models.privacy_request import PrivacyRequestStatus
+from fides.api.models.sql_models import Dataset
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
     CONNECTION_READ,
     SAAS_CONNECTION_INSTANTIATE,
     STORAGE_DELETE,
+    SYSTEM_MANAGER_UPDATE,
+    CONNECTION_DELETE,
 )
-from fides.common.api.v1.urn_registry import V1_URL_PREFIX
+from tests.conftest import generate_role_header_for_user
+from tests.fixtures.saas.connection_template_fixtures import instantiate_connector
 
 page_size = Params().size
 
@@ -60,6 +71,46 @@ def payload():
     ]
 
 
+@pytest.fixture(scope="function")
+def connections():
+    return [
+        {
+            "name": "My Main Postgres DB",
+            "key": "postgres_db_1",
+            "connection_type": "postgres",
+            "access": "write",
+            "secrets": {
+                "url": None,
+                "host": "http://localhost",
+                "port": 5432,
+                "dbname": "test",
+                "db_schema": "test",
+                "username": "test",
+                "password": "test",
+            },
+        },
+        {
+            "name": "My Mongo DB",
+            "connection_type": "mongodb",
+            "access": "read",
+            "key": "mongo-db-key",
+        },
+        {
+            "secrets": {
+                "domain": "test_mailchimp_domain",
+                "username": "test_mailchimp_username",
+                "api_key": "test_mailchimp_api_key",
+            },
+            "name": "My Mailchimp Test",
+            "description": "Mailchimp ConnectionConfig description",
+            "key": "mailchimp-asdfasdf-asdftgg-dfgdfg",
+            "connection_type": "saas",
+            "saas_connector_type": "mailchimp",
+            "access": "read",
+        },
+    ]
+
+
 class TestPatchSystemConnections:
     def test_patch_connections_valid_system(
         self, api_client: TestClient, generate_auth_header, url, payload
@@ -67,7 +118,7 @@ def test_patch_connections_valid_system(
         auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
         resp = api_client.patch(url, headers=auth_header, json=payload)
 
-        assert resp.status_code == 200
+        assert resp.status_code == HTTP_200_OK
 
     def test_patch_connections_with_invalid_system(
         self, api_client: TestClient, generate_auth_header, url_invalid_system
@@ -81,6 +132,68 @@ def test_patch_connections_with_invalid_system(
             == "A valid system must be provided to create or update connections"
         )
 
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code",
+        [
+            ("owner_user", HTTP_200_OK),
+            ("contributor_user", HTTP_200_OK),
+            ("approver_user", HTTP_403_FORBIDDEN),
+        ],
+    )
+    def test_patch_connections_role_check(
+        self,
+        api_client: TestClient,
+        payload,
+        request,
+        url,
+        acting_user_role: FidesUser,
+        expected_status_code,
+        system,
+        generate_auth_header,
+    ):
+        acting_user_role = request.getfixturevalue(acting_user_role)
+        auth_header = generate_role_header_for_user(
+            acting_user_role, roles=acting_user_role.permissions.roles
+        )
+        resp = api_client.patch(url, headers=auth_header, json=payload)
+        assert resp.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code, assign_system",
+        [
+            ("viewer_user", HTTP_403_FORBIDDEN, False),
+            ("viewer_user", HTTP_200_OK, True),
+            ("viewer_and_approver_user", HTTP_403_FORBIDDEN, False),
+            ("viewer_and_approver_user", HTTP_200_OK, True),
+        ],
+    )
+    def test_patch_connections_role_check_viewer(
+        self,
+        api_client: TestClient,
+        payload,
+        request,
+        acting_user_role: FidesUser,
+        expected_status_code,
+        assign_system,
+        system,
+        generate_auth_header,
+        generate_system_manager_header,
+    ):
+        url = V1_URL_PREFIX + f"/system/{system.fides_key}/connection"
+        acting_user_role = request.getfixturevalue(acting_user_role)
+
+        if assign_system:
+            assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
+            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
+            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            auth_header = generate_system_manager_header([system.id])
+        else:
+            auth_header = generate_role_header_for_user(
+                acting_user_role, roles=acting_user_role.permissions.roles
+            )
+        resp = api_client.patch(url, headers=auth_header, json=payload)
+        assert resp.status_code == expected_status_code
+
 
 class TestGetConnections:
     def test_get_connections_not_authenticated(
@@ -114,51 +227,15 @@ def test_get_connection_configs(
         generate_auth_header,
         connection_config,
         url,
+        connections,
         db: Session,
     ) -> None:
-        connections = [
-            {
-                "name": "My Main Postgres DB",
-                "key": "postgres_db_1",
-                "connection_type": "postgres",
-                "access": "write",
-                "secrets": {
-                    "url": None,
-                    "host": "http://localhost",
-                    "port": 5432,
-                    "dbname": "test",
-                    "db_schema": "test",
-                    "username": "test",
-                    "password": "test",
-                },
-            },
-            {
-                "name": "My Mongo DB",
-                "connection_type": "mongodb",
-                "access": "read",
-                "key": "mongo-db-key",
-            },
-            {
-                "secrets": {
-                    "domain": "test_mailchimp_domain",
-                    "username": "test_mailchimp_username",
-                    "api_key": "test_mailchimp_api_key",
-                },
-                "name": "My Mailchimp Test",
-                "description": "Mailchimp ConnectionConfig description",
-                "key": "mailchimp-asdfasdf-asdftgg-dfgdfg",
-                "connection_type": "saas",
-                "saas_connector_type": "mailchimp",
-                "access": "read",
-            },
-        ]
-
         auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
         api_client.patch(url, headers=auth_header, json=connections)
 
         auth_header = generate_auth_header(scopes=[CONNECTION_READ])
         resp = api_client.get(url, headers=auth_header)
-        assert resp.status_code == 200
+        assert resp.status_code == HTTP_200_OK
 
         response_body = json.loads(resp.text)
         assert len(response_body["items"]) == 3
@@ -185,6 +262,310 @@ def test_get_connection_configs(
         assert response_body["page"] == 1
         assert response_body["size"] == page_size
 
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code, assign_system",
+        [
+            ("viewer_user", HTTP_200_OK, False),
+            ("viewer_user", HTTP_200_OK, True),
+            ("viewer_and_approver_user", HTTP_200_OK, False),
+            ("viewer_and_approver_user", HTTP_200_OK, True),
+        ],
+    )
+    def test_get_connection_configs_role_viewer(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        generate_system_manager_header,
+        connection_config,
+        connections,
+        acting_user_role,
+        expected_status_code,
+        assign_system,
+        system,
+        request,
+        db: Session,
+    ) -> None:
+        url = V1_URL_PREFIX + f"/system/{system.fides_key}/connection"
+        patch_auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
+        api_client.patch(url, headers=patch_auth_header, json=connections)
+
+        acting_user_role = request.getfixturevalue(acting_user_role)
+
+        if assign_system:
+            assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
+            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
+            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            auth_header = generate_system_manager_header([system.id])
+        else:
+            auth_header = generate_role_header_for_user(
+                acting_user_role, roles=acting_user_role.permissions.roles
+            )
+
+        resp = api_client.get(url, headers=auth_header)
+        assert resp.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code",
+        [
+            ("owner_user", HTTP_200_OK),
+            ("contributor_user", HTTP_200_OK),
+            ("approver_user", HTTP_403_FORBIDDEN),
+        ],
+    )
+    def test_get_connection_configs_role(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        connection_config,
+        connections,
+        acting_user_role,
+        expected_status_code,
+        system,
+        request,
+        db: Session,
+    ) -> None:
+        url = V1_URL_PREFIX + f"/system/{system.fides_key}/connection"
+        patch_auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
+        api_client.patch(url, headers=patch_auth_header, json=connections)
+
+        acting_user_role = request.getfixturevalue(acting_user_role)
+        auth_header = generate_role_header_for_user(
+            acting_user_role, roles=acting_user_role.permissions.roles
+        )
+
+        resp = api_client.get(url, headers=auth_header)
+        assert resp.status_code == expected_status_code
+
+
+class TestDeleteSystemConnectionConfig:
+    @pytest.fixture(scope="function")
+    def url(self, connection_config, system) -> str:
+        return (
+            V1_URL_PREFIX
+            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+        )
+
+    def test_delete_connection_config_not_authenticated(
+        self, url, api_client: TestClient, generate_auth_header, connection_config
+    ) -> None:
+        # Test not authenticated
+
+        resp = api_client.delete(url, headers={})
+        assert resp.status_code == HTTP_401_UNAUTHORIZED
+
+    def test_delete_connection_config_wrong_scope(
+        self, url, api_client: TestClient, generate_auth_header, connection_config
+    ) -> None:
+        auth_header = generate_auth_header(scopes=[CONNECTION_READ])
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == HTTP_403_FORBIDDEN
+
+    def test_delete_connection_config_does_not_exist(
+        self, api_client: TestClient, generate_auth_header, system
+    ) -> None:
+        auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
+        url = (
+            V1_URL_PREFIX + f"/system/{system.fides_key}/connection/non_existent_config"
+        )
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == HTTP_404_NOT_FOUND
+
+    def test_delete_connection_config(
+        self,
+        url,
+        api_client: TestClient,
+        db: Session,
+        generate_auth_header,
+        connection_config,
+    ) -> None:
+        auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
+        # the key needs to be cached before the delete
+        key = connection_config.key
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == HTTP_204_NO_CONTENT
+        assert db.query(ConnectionConfig).filter_by(key=key).first() is None
+
+    @mock.patch("fides.api.util.connection_util.queue_privacy_request")
+    def test_delete_manual_webhook_connection_config(
+        self,
+        mock_queue,
+        url,
+        api_client: TestClient,
+        db: Session,
+        generate_auth_header,
+        integration_manual_webhook_config,
+        access_manual_webhook,
+        privacy_request_requires_input,
+        system,
+    ) -> None:
+        """Assert both the connection config and its webhook are deleted"""
+        assert (
+            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook.id).first()
+            is not None
+        )
+
+        assert (
+            db.query(ConnectionConfig)
+            .filter_by(key=integration_manual_webhook_config.key)
+            .first()
+            is not None
+        )
+        url = (
+            V1_URL_PREFIX
+            + f"/system/{system.fides_key}/connection/{integration_manual_webhook_config.key}"
+        )
+        auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == HTTP_204_NO_CONTENT
+
+        assert (
+            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook.id).first()
+            is None
+        )
+
+        assert (
+            db.query(ConnectionConfig)
+            .filter_by(key=integration_manual_webhook_config.key)
+            .first()
+            is None
+        )
+        assert (
+            mock_queue.called
+        ), "Deleting this last webhook caused 'requires_input' privacy requests to be queued"
+        assert (
+            mock_queue.call_args.kwargs["privacy_request_id"]
+            == privacy_request_requires_input.id
+        )
+        db.refresh(privacy_request_requires_input)
+        assert (
+            privacy_request_requires_input.status == PrivacyRequestStatus.in_processing
+        )
+
+    def test_delete_saas_connection_config(
+        self, api_client: TestClient, db: Session, generate_auth_header, system
+    ) -> None:
+        secrets = {
+            "domain": "test_sendgrid_domain",
+            "api_key": "test_sendgrid_api_key",
+        }
+        connection_config, dataset_config = instantiate_connector(
+            db,
+            "sendgrid",
+            "secondary_sendgrid_instance",
+            "Sendgrid ConnectionConfig description",
+            secrets,
+        )
+        dataset = dataset_config.ctl_dataset
+
+        auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
+
+        url = (
+            V1_URL_PREFIX
+            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+        )
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == HTTP_204_NO_CONTENT
+        assert (
+            db.query(ConnectionConfig).filter_by(key=connection_config.key).first()
+            is None
+        )
+        assert db.query(DatasetConfig).filter_by(id=dataset_config.id).first() is None
+        assert db.query(Dataset).filter_by(id=dataset.id).first() is None
+
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code, assign_system",
+        [
+            ("viewer_user", HTTP_403_FORBIDDEN, False),
+            ("viewer_user", HTTP_204_NO_CONTENT, True),
+            ("viewer_and_approver_user", HTTP_403_FORBIDDEN, False),
+            ("viewer_and_approver_user", HTTP_204_NO_CONTENT, True),
+        ],
+    )
+    def test_delete_connection_configs_role_viewer(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        generate_system_manager_header,
+        acting_user_role,
+        expected_status_code,
+        assign_system,
+        system,
+        request,
+        db: Session,
+    ) -> None:
+        connection_config = ConnectionConfig.create(
+            db=db,
+            data={
+                "name": str(uuid4()),
+                "key": "my_postgres_db_1",
+                "connection_type": ConnectionType.postgres,
+                "access": AccessLevel.write,
+                "disabled": False,
+                "description": "Primary postgres connection",
+            },
+        )
+        url = (
+            V1_URL_PREFIX
+            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+        )
+
+        acting_user_role = request.getfixturevalue(acting_user_role)
+
+        if assign_system:
+            assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
+            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
+            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            auth_header = generate_system_manager_header([system.id])
+        else:
+            auth_header = generate_role_header_for_user(
+                acting_user_role, roles=acting_user_role.permissions.roles
+            )
+
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == expected_status_code
+
+    @pytest.mark.parametrize(
+        "acting_user_role, expected_status_code",
+        [
+            ("owner_user", HTTP_204_NO_CONTENT),
+            ("contributor_user", HTTP_204_NO_CONTENT),
+            ("approver_user", HTTP_403_FORBIDDEN),
+        ],
+    )
+    def test_delete_connection_configs_role_check(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        acting_user_role,
+        expected_status_code,
+        system,
+        request,
+        db: Session,
+    ) -> None:
+        connection_config = ConnectionConfig.create(
+            db=db,
+            data={
+                "name": str(uuid4()),
+                "key": "my_postgres_db_1",
+                "connection_type": ConnectionType.postgres,
+                "access": AccessLevel.write,
+                "disabled": False,
+                "description": "Primary postgres connection",
+            },
+        )
+        url = (
+            V1_URL_PREFIX
+            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+        )
+
+        acting_user_role = request.getfixturevalue(acting_user_role)
+        auth_header = generate_role_header_for_user(
+            acting_user_role, roles=acting_user_role.permissions.roles
+        )
+
+        resp = api_client.delete(url, headers=auth_header)
+        assert resp.status_code == expected_status_code
+
 
 class TestInstantiateSystemConnectionFromTemplate:
     @pytest.fixture(scope="function")

From 962905f13a2c5c6d421ce2deacd9fa6fc619b580 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Fri, 7 Jul 2023 17:23:30 -0400
Subject: [PATCH 66/90] make malicious url test more robust to env differences
 (#3748)

---
 CHANGELOG.md                      |  1 +
 tests/ops/util/test_api_router.py | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2cad7a14ed..d524c3da9f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,6 +38,7 @@ The types of changes are:
 - Reorganized some `api.api.v1` code to avoid circular dependencies on `quickstart` [#3692](https://github.com/ethyca/fides/pull/3692)
 - Treat underscores as special characters in user passwords [#3717](https://github.com/ethyca/fides/pull/3717)
 - Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
+- Make malicious url test more robust to environmental differences [#3748](https://github.com/ethyca/fides/pull/3748)
 
 ### Changed
 
diff --git a/tests/ops/util/test_api_router.py b/tests/ops/util/test_api_router.py
index e1872fb1ca..d3ad965ed1 100644
--- a/tests/ops/util/test_api_router.py
+++ b/tests/ops/util/test_api_router.py
@@ -1,3 +1,6 @@
+from unittest import mock
+from unittest.mock import Mock
+
 import pytest
 from starlette.status import HTTP_200_OK, HTTP_404_NOT_FOUND
 from starlette.testclient import TestClient
@@ -46,11 +49,25 @@ def test_non_existent_route_404(
         )
         assert resp_4.status_code == HTTP_404_NOT_FOUND
 
+    @mock.patch("fides.api.main.get_admin_index_as_response")
     def test_malicious_url(
         self,
+        mock_admin_index_response: Mock,
         api_client: TestClient,
         url,
     ) -> None:
+        """
+        Assert that malicious URLs that attempt path traversal attacks
+        are NOT treated as legitimate URLs, and instead the basic "admin" index
+        response is returned.
+        """
+
+        # admin index response changes depending on environment.
+        # we mock the value here to give ourselves a consistent response to evaluate against.
+        # what we want to ensure is that the admin index response is what gets returned,
+        # indicating that the attempted path traversal does not occur.
+        mock_admin_index_response.return_value = "<h1>Privacy is a Human Right!</h1>"
+
         malicious_paths = [
             "../../../../../../../../../etc/passwd",
             "..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd",

From 7d443f643d3ab58f0f2769017ab7478b44d82141 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Fri, 7 Jul 2023 17:53:15 -0400
Subject: [PATCH 67/90] ignore type checker on `click` decorators to bypass
 known library issue (#3746)

---
 CHANGELOG.md                        |  1 +
 src/fides/cli/__init__.py           |  2 +-
 src/fides/cli/commands/annotate.py  |  2 +-
 src/fides/cli/commands/deploy.py    |  2 +-
 src/fides/cli/commands/generate.py  | 10 +++---
 src/fides/cli/commands/ungrouped.py | 16 ++++-----
 src/fides/cli/commands/view.py      |  2 +-
 src/fides/cli/options.py            | 53 ++++++++++++++++-------------
 8 files changed, 47 insertions(+), 41 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d524c3da9f..a0fb9f8de0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -39,6 +39,7 @@ The types of changes are:
 - Treat underscores as special characters in user passwords [#3717](https://github.com/ethyca/fides/pull/3717)
 - Allow Privacy Notices banner and modal to scroll as needed [#3713](https://github.com/ethyca/fides/pull/3713)
 - Make malicious url test more robust to environmental differences [#3748](https://github.com/ethyca/fides/pull/3748)
+- Ignore type checker on click decorators to bypass known issue with `click` version `8.1.4` [#3746](https://github.com/ethyca/fides/pull/3746)
 
 ### Changed
 
diff --git a/src/fides/cli/__init__.py b/src/fides/cli/__init__.py
index 1366d4ccb5..33781cc3ad 100644
--- a/src/fides/cli/__init__.py
+++ b/src/fides/cli/__init__.py
@@ -64,7 +64,7 @@
 PACKAGE = "ethyca-fides"
 
 
-@group(
+@group(  # type: ignore
     context_settings=CONTEXT_SETTINGS,
     invoke_without_command=True,
     name="fides",
diff --git a/src/fides/cli/commands/annotate.py b/src/fides/cli/commands/annotate.py
index 95460b82d4..ac456b5aca 100644
--- a/src/fides/cli/commands/annotate.py
+++ b/src/fides/cli/commands/annotate.py
@@ -14,7 +14,7 @@ def annotate(ctx: click.Context) -> None:
     """
 
 
-@annotate.command(name="dataset")
+@annotate.command(name="dataset")  # type: ignore
 @click.pass_context
 @click.argument("input_filename", type=str)
 @click.option(
diff --git a/src/fides/cli/commands/deploy.py b/src/fides/cli/commands/deploy.py
index 1f1ce6d891..f779496384 100644
--- a/src/fides/cli/commands/deploy.py
+++ b/src/fides/cli/commands/deploy.py
@@ -30,7 +30,7 @@ def deploy(ctx: click.Context) -> None:
     """
 
 
-@deploy.command()
+@deploy.command()  # type: ignore
 @click.pass_context
 @click.option(
     "--no-pull",
diff --git a/src/fides/cli/commands/generate.py b/src/fides/cli/commands/generate.py
index 83258b4540..6eec5a01f0 100644
--- a/src/fides/cli/commands/generate.py
+++ b/src/fides/cli/commands/generate.py
@@ -39,7 +39,7 @@ def generate_dataset(ctx: click.Context) -> None:
     """
 
 
-@generate_dataset.command(name="db")
+@generate_dataset.command(name="db")  # type: ignore
 @click.pass_context
 @click.argument("output_filename", type=str)
 @credentials_id_option
@@ -77,7 +77,7 @@ def generate_dataset_gcp(ctx: click.Context) -> None:
     """
 
 
-@generate_dataset_gcp.command(name="bigquery")
+@generate_dataset_gcp.command(name="bigquery")  # type: ignore
 @click.pass_context
 @click.argument("dataset_name", type=str)
 @click.argument("output_filename", type=str)
@@ -119,7 +119,7 @@ def generate_dataset_aws(ctx: click.Context) -> None:
     """
 
 
-@generate_dataset_aws.command(name="dynamodb")
+@generate_dataset_aws.command(name="dynamodb")  # type: ignore
 @click.pass_context
 @click.argument("output_filename", type=str)
 @credentials_id_option
@@ -165,7 +165,7 @@ def generate_system(ctx: click.Context) -> None:
     """
 
 
-@generate_system.command(name="okta")
+@generate_system.command(name="okta")  # type: ignore
 @click.pass_context
 @click.argument("output_filename", type=str)
 @credentials_id_option
@@ -205,7 +205,7 @@ def generate_system_okta(
     )
 
 
-@generate_system.command(name="aws")
+@generate_system.command(name="aws")  # type: ignore
 @click.pass_context
 @click.argument("output_filename", type=str)
 @credentials_id_option
diff --git a/src/fides/cli/commands/ungrouped.py b/src/fides/cli/commands/ungrouped.py
index 9b7fe5e768..2d8477a2fe 100644
--- a/src/fides/cli/commands/ungrouped.py
+++ b/src/fides/cli/commands/ungrouped.py
@@ -37,7 +37,7 @@
 from fides.core.utils import git_is_dirty
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @resource_type_argument
 @fides_key_argument
@@ -61,7 +61,7 @@ def delete(ctx: click.Context, resource_type: str, fides_key: str) -> None:
     )
 
 
-@click.command(name="get")
+@click.command(name="get")  # type: ignore
 @click.pass_context
 @resource_type_argument
 @fides_key_argument
@@ -82,7 +82,7 @@ def get_resource(ctx: click.Context, resource_type: str, fides_key: str) -> None
     echo_green(yaml.dump({resource_type: [resource]}))
 
 
-@click.command(name="ls")
+@click.command(name="ls")  # type: ignore
 @click.pass_context
 @resource_type_argument
 @with_analytics
@@ -117,7 +117,7 @@ def list_resources(ctx: click.Context, verbose: bool, resource_type: str) -> Non
             echo_red(f"No {resource_type.capitalize()} resources found!")
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @click.argument("fides_dir", default=".", type=click.Path(exists=True))
 @click.option(
@@ -162,7 +162,7 @@ def status(ctx: click.Context) -> None:
     )
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @click.option("--port", "-p", type=int, default=8080)
 def webserver(ctx: click.Context, port: int = 8080) -> None:
@@ -190,7 +190,7 @@ def worker(ctx: click.Context) -> None:
     start_worker()
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @dry_flag
 @click.option(
@@ -216,7 +216,7 @@ def push(ctx: click.Context, dry: bool, diff: bool, manifests_dir: str) -> None:
     )
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @manifests_dir_argument
 @click.option(
@@ -310,7 +310,7 @@ def parse(ctx: click.Context, manifests_dir: str, verbose: bool = False) -> None
         pretty_echo(taxonomy.dict(), color="green")
 
 
-@click.command()
+@click.command()  # type: ignore
 @click.pass_context
 @manifests_dir_argument
 @click.option(
diff --git a/src/fides/cli/commands/view.py b/src/fides/cli/commands/view.py
index 62d974b1ac..2a9e965e63 100644
--- a/src/fides/cli/commands/view.py
+++ b/src/fides/cli/commands/view.py
@@ -16,7 +16,7 @@ def view(ctx: click.Context) -> None:
     """
 
 
-@view.command(name="config")
+@view.command(name="config")  # type: ignore
 @click.pass_context
 @click.argument("section", default="", type=str)
 @click.option(
diff --git a/src/fides/cli/options.py b/src/fides/cli/options.py
index d6416c644e..9ace71b1c4 100644
--- a/src/fides/cli/options.py
+++ b/src/fides/cli/options.py
@@ -7,6 +7,11 @@
 import rich_click as click
 from fideslang import model_list
 
+# Note - the type: ignore comments throughout this file are a workaround
+# for a known issue with the `click` library:
+# https://github.com/pallets/click/issues/2558
+# If/when that issue is resolved, they can be removed.
+
 
 def coverage_threshold_option(command: Callable) -> Callable:
     """An option decorator that sets a required coverage percentage."""
@@ -16,7 +21,7 @@ def coverage_threshold_option(command: Callable) -> Callable:
         type=click.IntRange(0, 100),
         default=100,
         help="Set the coverage percentage for a passing scan.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -25,7 +30,7 @@ def resource_type_argument(command: Callable) -> Callable:
     command = click.argument(
         "resource_type",
         type=click.Choice(model_list, case_sensitive=False),
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -34,7 +39,7 @@ def fides_key_argument(command: Callable) -> Callable:
     command = click.argument(
         "fides_key",
         type=str,
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -44,7 +49,7 @@ def fides_key_option(command: Callable) -> Callable:
         "-k",
         "--fides-key",
         default="",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -52,7 +57,7 @@ def manifests_dir_argument(command: Callable) -> Callable:
     "Add the manifests_dir argument."
     command = click.argument(
         "manifests_dir", type=click.Path(exists=True), default=".fides/"
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -60,7 +65,7 @@ def dry_flag(command: Callable) -> Callable:
     "Add a flag that prevents side-effects."
     command = click.option(
         "--dry", is_flag=True, help="Do not upload results to the Fides webserver."
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -71,7 +76,7 @@ def yes_flag(command: Callable) -> Callable:
         "-y",
         is_flag=True,
         help="Automatically responds `yes` to any prompts.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -82,7 +87,7 @@ def verbose_flag(command: Callable) -> Callable:
         "-v",
         is_flag=True,
         help="Enable verbose output.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -92,7 +97,7 @@ def include_null_flag(command: Callable) -> Callable:
         "--include-null",
         is_flag=True,
         help="Include null attributes.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -104,7 +109,7 @@ def organization_fides_key_option(command: Callable) -> Callable:
         default="default_organization",
         show_default=True,
         help="The `organization_fides_key` of the `Organization` you want to specify.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -116,7 +121,7 @@ def output_directory_option(command: Callable) -> Callable:
         default=".fides/",
         show_default=True,
         help="The output directory for the data map to be exported to.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -126,7 +131,7 @@ def credentials_id_option(command: Callable) -> Callable:
         "--credentials-id",
         type=str,
         help="Use credentials keys defined within Fides config.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -136,7 +141,7 @@ def connection_string_option(command: Callable) -> Callable:
         "--connection-string",
         type=str,
         help="Use the connection string option to connect to a database.",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -146,7 +151,7 @@ def okta_org_url_option(command: Callable) -> Callable:
         "--org-url",
         type=str,
         help="Connect to Okta using an 'Org URL'. _Requires options `--org-url` & `--token`._",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -156,7 +161,7 @@ def okta_token_option(command: Callable) -> Callable:
         "--token",
         type=str,
         help="Connect to Okta using a token. _Requires options `--org-url` and `--token`._",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -166,7 +171,7 @@ def aws_access_key_id_option(command: Callable) -> Callable:
         "--access_key_id",
         type=str,
         help="Connect to AWS using an `Access Key ID`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -176,7 +181,7 @@ def aws_secret_access_key_option(command: Callable) -> Callable:
         "--secret_access_key",
         type=str,
         help="Connect to AWS using an `Access Key`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -186,7 +191,7 @@ def aws_region_option(command: Callable) -> Callable:
         "--region",
         type=str,
         help="Connect to AWS using a specific `Region`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -227,7 +232,7 @@ def username_option(command: Callable) -> Callable:
         help="If not provided, will be pulled from the config file or prompted for.",
         default="",
         callback=prompt_username,
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -238,7 +243,7 @@ def password_option(command: Callable) -> Callable:
         help="If not provided, will be pulled from the config file or prompted for.",
         default="",
         callback=prompt_password,
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -247,7 +252,7 @@ def first_name_option(command: Callable) -> Callable:
         "-f",
         "--first-name",
         default="",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
@@ -256,15 +261,15 @@ def last_name_option(command: Callable) -> Callable:
         "-l",
         "--last-name",
         default="",
-    )(command)
+    )(command)  # type: ignore
     return command
 
 
 def username_argument(command: Callable) -> Callable:
-    command = click.argument("username", type=str)(command)
+    command = click.argument("username", type=str)(command) # type: ignore
     return command
 
 
 def password_argument(command: Callable) -> Callable:
-    command = click.argument("password", type=str)(command)
+    command = click.argument("password", type=str)(command) # type: ignore
     return command

From cadbea19538b5c703cf666292a33baef2736b096 Mon Sep 17 00:00:00 2001
From: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
Date: Mon, 10 Jul 2023 08:50:51 +0100
Subject: [PATCH 68/90] Bump python versions to latest (3.10.12, 3.9.17, and
 3.8.17) (#3733)

Co-authored-by: Thomas <thomas.lapiana+github@pm.me>
---
 .github/workflows/backend_checks.yml | 12 ++++++------
 .github/workflows/cli_checks.yml     |  2 +-
 CHANGELOG.md                         |  5 ++++-
 Dockerfile                           |  2 +-
 docs/fides/Dockerfile                |  4 ++--
 5 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/backend_checks.yml b/.github/workflows/backend_checks.yml
index 4c3a44812c..8a8ff4e7f9 100644
--- a/.github/workflows/backend_checks.yml
+++ b/.github/workflows/backend_checks.yml
@@ -12,7 +12,7 @@ on:
 
 env:
   IMAGE: ethyca/fides:local
-  DEFAULT_PYTHON_VERSION: "3.10.11"
+  DEFAULT_PYTHON_VERSION: "3.10.12"
 
 jobs:
   ###############
@@ -41,7 +41,7 @@ jobs:
     strategy:
       matrix:
         # NOTE: These are the currently supported/tested Python Versions
-        python_version: ["3.8.16", "3.9.16", "3.10.11"]
+        python_version: ["3.8.17", "3.9.17", "3.10.12"]
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -183,7 +183,7 @@ jobs:
     needs: Check-Container-Startup
     strategy:
       matrix:
-        python_version: ["3.8.16", "3.9.16", "3.10.11"]
+        python_version: ["3.8.17", "3.9.17", "3.10.12"]
         test_selection:
           - "ctl-not-external"
           - "ops-unit"
@@ -234,7 +234,7 @@ jobs:
     strategy:
       max-parallel: 1 # This prevents collisions in shared external resources
       matrix:
-        python_version: ["3.8.16", "3.9.16", "3.10.11"]
+        python_version: ["3.8.17", "3.9.17", "3.10.12"]
     runs-on: ubuntu-latest
     timeout-minutes: 20
     # In PRs run with the "unsafe" label, or run on a "push" event to main
@@ -274,7 +274,7 @@ jobs:
     strategy:
       max-parallel: 1 # This prevents collisions in shared external resources
       matrix:
-        python_version: ["3.8.16", "3.9.16", "3.10.11"]
+        python_version: ["3.8.17", "3.9.17", "3.10.12"]
     runs-on: ubuntu-latest
     timeout-minutes: 20
     # In PRs run with the "unsafe" label, or run on a "push" event to main
@@ -320,7 +320,7 @@ jobs:
     strategy:
       max-parallel: 1 # This prevents collisions in shared external resources
       matrix:
-        python_version: ["3.8.16", "3.9.16", "3.10.11"]
+        python_version: ["3.8.17", "3.9.17", "3.10.12"]
     steps:
       - name: Download container
         uses: actions/download-artifact@v3
diff --git a/.github/workflows/cli_checks.yml b/.github/workflows/cli_checks.yml
index 2b39411fc2..161648fd8d 100644
--- a/.github/workflows/cli_checks.yml
+++ b/.github/workflows/cli_checks.yml
@@ -14,7 +14,7 @@ on:
       - "main"
 
 env:
-  DEFAULT_PYTHON_VERSION: "3.10.11"
+  DEFAULT_PYTHON_VERSION: "3.10.12"
 
 jobs:
   # Basic smoke test of a local install of the fides Python CLI
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0fb9f8de0..0750b2f97e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,10 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.16.0...main)
 
+### Changed
+
+- Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
+
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
 ### Added
@@ -51,7 +55,6 @@ The types of changes are:
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
 - In "view systems", system cards can now be clicked and link to that system's `configure/[id]` page [#3734](https://github.com/ethyca/fides/pull/3734)
 
-
 ## [2.15.1](https://github.com/ethyca/fides/compare/2.15.0...2.15.1)
 
 ### Added
diff --git a/Dockerfile b/Dockerfile
index e880aa91df..47905e6676 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # If you update this, also update `DEFAULT_PYTHON_VERSION` in the GitHub workflow files
-ARG PYTHON_VERSION="3.10.11"
+ARG PYTHON_VERSION="3.10.12"
 #########################
 ## Compile Python Deps ##
 #########################
diff --git a/docs/fides/Dockerfile b/docs/fides/Dockerfile
index 81e8d70665..1f40ec7df7 100644
--- a/docs/fides/Dockerfile
+++ b/docs/fides/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.10.11-slim-bullseye as build
+FROM python:3.10.12-slim-bullseye as build
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -31,7 +31,7 @@ COPY . .
 RUN pip install -U pip && pip install . && pip install -r docs/fides/requirements.txt
 
 
-FROM python:3.10.11-slim-bullseye as docs
+FROM python:3.10.12-slim-bullseye as docs
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     git \

From 4f91375e9aa62ed2a84dedae4f2a73c61c5f83d0 Mon Sep 17 00:00:00 2001
From: Kelsey Thomas <101993653+Kelsey-Ethyca@users.noreply.github.com>
Date: Mon, 10 Jul 2023 12:26:09 -0700
Subject: [PATCH 69/90] Add enable/disable toggle to integration tab (#3593)

Co-authored-by: Allison King <allisonjuliaking@gmail.com>
---
 CHANGELOG.md                                  |  1 +
 .../datastore-connections/ConnectionMenu.tsx  |  1 +
 .../DisableConnectionModal.tsx                | 31 ++++++++++++++-----
 .../datastore-connection.slice.ts             |  2 +-
 .../forms/ConnectorParametersForm.tsx         | 13 ++++++++
 5 files changed, 40 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0750b2f97e..9c68e39af9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -28,6 +28,7 @@ The types of changes are:
 - Empty state for when there are no relevant privacy notices in the privacy center [#3640](https://github.com/ethyca/fides/pull/3640)
 - GPC indicators in fides-js banner and modal [#3673](https://github.com/ethyca/fides/pull/3673)
 - Include `data_use` and `data_category` metadata in `upload` of access results [#3674](https://github.com/ethyca/fides/pull/3674)
+- Add enable/disable toggle to integration tab [#3593] (https://github.com/ethyca/fides/pull/3593)
 
 ### Fixed
 
diff --git a/clients/admin-ui/src/features/datastore-connections/ConnectionMenu.tsx b/clients/admin-ui/src/features/datastore-connections/ConnectionMenu.tsx
index 930946600e..239da56ac9 100644
--- a/clients/admin-ui/src/features/datastore-connections/ConnectionMenu.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/ConnectionMenu.tsx
@@ -65,6 +65,7 @@ const ConnectionMenu: React.FC<ConnectionMenuProps> = ({
           connection_type={connection_type}
           access_type={access_type}
           name={name}
+          isSwitch={false}
         />
         <DeleteConnectionModal connection_key={connection_key} />
       </MenuList>
diff --git a/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
index 5648c03a4b..857a5b7d27 100644
--- a/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
@@ -8,7 +8,9 @@ import {
   ModalFooter,
   ModalHeader,
   ModalOverlay,
+  Spacer,
   Stack,
+  Switch,
   Text,
   useDisclosure,
 } from "@fidesui/react";
@@ -25,6 +27,7 @@ type DataConnectionProps = {
   name: string;
   access_type: AccessLevel;
   connection_type: ConnectionType;
+  isSwitch: boolean;
 };
 
 const DisableConnectionModal: React.FC<DataConnectionProps> = ({
@@ -33,6 +36,7 @@ const DisableConnectionModal: React.FC<DataConnectionProps> = ({
   name,
   access_type,
   connection_type,
+  isSwitch,
 }) => {
   const { isOpen, onOpen, onClose } = useDisclosure();
   const [patchConnection, patchConnectionResult] =
@@ -40,13 +44,14 @@ const DisableConnectionModal: React.FC<DataConnectionProps> = ({
 
   const handleDisableConnection = async () => {
     const shouldDisable = !disabled;
-    patchConnection({
+    await patchConnection({
       key: connection_key,
       name,
       disabled: shouldDisable,
       access: access_type,
       connection_type,
     });
+    onClose();
   };
 
   const closeIfComplete = () => {
@@ -57,12 +62,24 @@ const DisableConnectionModal: React.FC<DataConnectionProps> = ({
 
   return (
     <>
-      <MenuItem
-        _focus={{ color: "complimentary.500", bg: "gray.100" }}
-        onClick={onOpen}
-      >
-        <Text fontSize="sm">{disabled ? "Enable" : "Disable"}</Text>
-      </MenuItem>
+      {isSwitch ? (
+        <>
+          <Spacer />
+          <Text fontSize="md">{disabled ? "Enable" : "Disable"}</Text>
+          <Switch
+            colorScheme="complimentary"
+            isChecked={!disabled}
+            onChange={onOpen}
+          />
+        </>
+      ) : (
+        <MenuItem
+          _focus={{ color: "complimentary.500", bg: "gray.100" }}
+          onClick={onOpen}
+        >
+          <Text fontSize="sm">{disabled ? "Enable" : "Disable"}</Text>
+        </MenuItem>
+      )}
       <Modal isCentered isOpen={isOpen} onClose={closeIfComplete}>
         <ModalOverlay />
         <ModalContent>
diff --git a/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts b/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
index 6a936ae2bb..6402580630 100644
--- a/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
+++ b/clients/admin-ui/src/features/datastore-connections/datastore-connection.slice.ts
@@ -351,7 +351,7 @@ export const datastoreConnectionApi = baseApi.injectEndpoints({
         method: "PATCH",
         body: [{ key, name, disabled, connection_type, access }],
       }),
-      invalidatesTags: () => ["Datastore Connection", "Datasets"],
+      invalidatesTags: () => ["Datastore Connection", "Datasets", "System"],
     }),
     updateDatastoreConnectionSecrets: build.mutation<
       DatastoreConnectionSecretsResponse,
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 33c58b5179..cc90154aa4 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -27,6 +27,7 @@ import { Field, FieldInputProps, Form, Formik, FormikProps } from "formik";
 import React from "react";
 import { DatastoreConnectionStatus } from "src/features/datastore-connections/types";
 
+import DisableConnectionModal from "~/features/datastore-connections/DisableConnectionModal";
 import DatasetConfigField from "~/features/datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
 import {
   ConnectionConfigurationResponse,
@@ -249,6 +250,8 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
     onTestConnectionClick(result);
   };
 
+  const isDisabledConnection = connectionConfig?.disabled || false;
+
   return (
     <Formik
       enableReinitialize
@@ -361,6 +364,16 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               >
                 Save
               </Button>
+              {connectionConfig ? (
+                <DisableConnectionModal
+                  connection_key={connectionConfig?.key}
+                  disabled={isDisabledConnection}
+                  connection_type={connectionConfig?.connection_type}
+                  access_type={connectionConfig?.access}
+                  name={connectionConfig?.name}
+                  isSwitch
+                />
+              ) : null}
               {connectionConfig ? (
                 <DeleteConnectionModal
                   connectionKey={connectionConfig.key}

From 5c624d36dcd3bf1011acfd37d02d48c2852fb4a6 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Mon, 10 Jul 2023 16:19:18 -0700
Subject: [PATCH 70/90] Allow connection configs with duplicate names (#3770)

---
 CHANGELOG.md                                  |  1 +
 src/fides/api/db/base_class.py                | 12 ++++++--
 .../api/models/authentication_request.py      |  4 +--
 src/fides/api/models/datasetconfig.py         |  2 +-
 src/fides/api/util/connection_util.py         |  4 ++-
 .../test_connection_config_endpoints.py       | 30 ++++++++++++++++---
 6 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c68e39af9..12a6098173 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -37,6 +37,7 @@ The types of changes are:
 - Add Systems Applicable Filter to Privacy Experience List [#3654](https://github.com/ethyca/fides/pull/3654)
 - Privacy center and fides-js now pass in `Unescape-Safestr` as a header so that special characters can be rendered properly [#3706](https://github.com/ethyca/fides/pull/3706)
 - Fixed ValidationError for saving PrivacyPreferences [#3719](https://github.com/ethyca/fides/pull/3719)
+- Fixed issue preventing ConnectionConfigs with duplicate names from saving [#3770](https://github.com/ethyca/fides/pull/3770)
 
 ### Developer Experience
 
diff --git a/src/fides/api/db/base_class.py b/src/fides/api/db/base_class.py
index f3731890a7..4d1933a542 100644
--- a/src/fides/api/db/base_class.py
+++ b/src/fides/api/db/base_class.py
@@ -4,7 +4,7 @@
 
 import json
 import re
-from typing import Any, Type, TypeVar
+from typing import Any, Optional, Type, TypeVar
 from uuid import uuid4
 
 from fideslang.models import FidesKey  # type: ignore
@@ -226,7 +226,13 @@ def get_by_key_or_id(
         return db_obj
 
     @classmethod
-    def create_or_update(cls: Type[T], db: Session, *, data: dict[str, Any]) -> T:
+    def create_or_update(
+        cls: Type[T],
+        db: Session,
+        *,
+        data: dict[str, Any],
+        check_name: Optional[bool] = True,
+    ) -> T:
         """Create an object, or update the existing version.
 
         There's an edge case where `data["id"]` and `data["key"]` can point attempt
@@ -239,7 +245,7 @@ def create_or_update(cls: Type[T], db: Session, *, data: dict[str, Any]) -> T:
         if db_obj:
             db_obj.update(db=db, data=data)  # type: ignore
         else:
-            db_obj = cls.create(db=db, data=data)
+            db_obj = cls.create(db=db, data=data, check_name=check_name)  # type: ignore
         return db_obj
 
     @classmethod
diff --git a/src/fides/api/models/authentication_request.py b/src/fides/api/models/authentication_request.py
index 0d85297ddd..fbc742e37d 100644
--- a/src/fides/api/models/authentication_request.py
+++ b/src/fides/api/models/authentication_request.py
@@ -15,9 +15,7 @@ class AuthenticationRequest(Base):
     state = Column(String, index=True, unique=True, nullable=False)
 
     @classmethod
-    def create_or_update(
-        cls, db: Session, *, data: Dict[str, Any]
-    ) -> "AuthenticationRequest":
+    def create_or_update(cls, db: Session, *, data: Dict[str, Any]) -> "AuthenticationRequest":  # type: ignore[override]
         """
         Look up authentication request by connection_key. If found, update this authentication request, otherwise
         create a new one.
diff --git a/src/fides/api/models/datasetconfig.py b/src/fides/api/models/datasetconfig.py
index 286cebd70e..405df13d67 100644
--- a/src/fides/api/models/datasetconfig.py
+++ b/src/fides/api/models/datasetconfig.py
@@ -120,7 +120,7 @@ def upsert_ctl_dataset(ctl_dataset_obj: Optional[CtlDataset]) -> CtlDataset:
         return dataset
 
     @classmethod
-    def create_or_update(cls, db: Session, *, data: Dict[str, Any]) -> "DatasetConfig":
+    def create_or_update(cls, db: Session, *, data: Dict[str, Any]) -> "DatasetConfig":  # type: ignore[override]
         """
         Look up dataset by config and fides_key. If found, update this dataset, otherwise
         create a new one.
diff --git a/src/fides/api/util/connection_util.py b/src/fides/api/util/connection_util.py
index 7e014be197..9ef357f678 100644
--- a/src/fides/api/util/connection_util.py
+++ b/src/fides/api/util/connection_util.py
@@ -213,7 +213,9 @@ def patch_connection_configs(
             config_dict["system_id"] = system.id
 
         try:
-            connection_config = ConnectionConfig.create_or_update(db, data=config_dict)
+            connection_config = ConnectionConfig.create_or_update(
+                db, data=config_dict, check_name=False
+            )
             created_or_updated.append(
                 ConnectionConfigurationResponse(**connection_config.__dict__)
             )
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index 4758426591..d1da15afa1 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -706,14 +706,36 @@ def test_patch_http_connection_successful_analytics(
         assert call_args[4] is None
         assert call_args[5] is None
 
-    def test_patch_connections_no_name(
-        self, api_client, generate_auth_header, url, payload
-    ):
+    def test_patch_connections_no_name(self, api_client, generate_auth_header, url):
+        # two connection configs without names
+        payload = [
+            {
+                "key": "postgres_db_1",
+                "connection_type": "postgres",
+                "access": "write",
+                "secrets": {
+                    "url": None,
+                    "host": "http://localhost",
+                    "port": 5432,
+                    "dbname": "test",
+                    "db_schema": "test",
+                    "username": "test",
+                    "password": "test",
+                },
+            },
+            {
+                "key": "mongo_db_1",
+                "connection_type": "mongodb",
+                "access": "read",
+            },
+        ]
         auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
-        del payload[0]["name"]
         response = api_client.patch(url, headers=auth_header, json=payload)
+
         assert 200 == response.status_code
+        assert len(response.json()["succeeded"]) == 2
         assert response.json()["succeeded"][0]["name"] is None
+        assert response.json()["succeeded"][1]["name"] is None
 
 
 class TestGetConnections:

From 956745d50abd9473f51a140484e6918ba088f0eb Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Tue, 11 Jul 2023 07:02:31 -0400
Subject: [PATCH 71/90] move db-dependent routers up a few levels to reduce
 circular dependencies (#3741)

---
 CHANGELOG.md                     |  4 ++++
 src/fides/api/api/v1/__init__.py |  8 ++++----
 src/fides/api/app_setup.py       | 15 +++++++++++++--
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 12a6098173..430c655350 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,10 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.16.0...main)
 
+### Developer Experience
+
+- Changed where db-dependent routers were imported to avoid dependency issues [#3741](https://github.com/ethyca/fides/pull/3741)
+
 ### Changed
 
 - Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
diff --git a/src/fides/api/api/v1/__init__.py b/src/fides/api/api/v1/__init__.py
index 38e9599020..bb0150b16b 100644
--- a/src/fides/api/api/v1/__init__.py
+++ b/src/fides/api/api/v1/__init__.py
@@ -5,7 +5,6 @@
 """
 from fastapi import APIRouter
 
-from .endpoints.admin import ADMIN_ROUTER
 from .endpoints.generate import GENERATE_ROUTER
 from .endpoints.generic import (
     DATA_CATEGORY_ROUTER,
@@ -18,7 +17,6 @@
     POLICY_ROUTER,
     REGISTRY_ROUTER,
 )
-from .endpoints.health import HEALTH_ROUTER
 from .endpoints.system import (
     SYSTEM_CONNECTION_INSTANTIATE_ROUTER,
     SYSTEM_CONNECTIONS_ROUTER,
@@ -26,8 +24,11 @@
 )
 from .endpoints.validate import VALIDATE_ROUTER
 
+# ADMIN and HEALTH routers are explicitly _excluded_ here.
+# those depend directly on database modules, and therefore
+# cause circular dependency problems when initialized as
+# part of this module. see https://github.com/ethyca/fides/issues/3652
 routers = [
-    ADMIN_ROUTER,
     DATA_CATEGORY_ROUTER,
     DATA_SUBJECT_ROUTER,
     DATA_QUALIFIER_ROUTER,
@@ -35,7 +36,6 @@
     DATASET_ROUTER,
     EVALUATION_ROUTER,
     GENERATE_ROUTER,
-    HEALTH_ROUTER,
     ORGANIZATION_ROUTER,
     POLICY_ROUTER,
     REGISTRY_ROUTER,
diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index 07cf43c9b2..7cd263d070 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -5,7 +5,7 @@
 from os.path import dirname, join
 from typing import List, Optional, Pattern, Union
 
-from fastapi import FastAPI
+from fastapi import APIRouter, FastAPI
 from loguru import logger
 from redis.exceptions import RedisError, ResponseError
 from slowapi.errors import RateLimitExceeded  # type: ignore
@@ -17,6 +17,8 @@
 from fides.api.api.deps import get_api_session
 from fides.api.api.v1 import CTL_ROUTER
 from fides.api.api.v1.api import api_router
+from fides.api.api.v1.endpoints.admin import ADMIN_ROUTER
+from fides.api.api.v1.endpoints.health import HEALTH_ROUTER
 from fides.api.api.v1.exception_handlers import ExceptionHandlers
 from fides.api.common_exceptions import FunctionalityNotConfigured, RedisConnectionError
 from fides.api.db.database import configure_db
@@ -47,7 +49,16 @@
 
 VERSION = fides.__version__
 
-ROUTERS = [CTL_ROUTER, api_router]
+# DB_ROUTER holds routers that have direct DB dependencies.
+# these routers are initialized _outside_ of inner `api` module
+# to avoid cyclical dependency chains.
+# see https://github.com/ethyca/fides/issues/3652
+DB_ROUTER = APIRouter()
+DB_ROUTER.include_router(ADMIN_ROUTER)
+DB_ROUTER.include_router(HEALTH_ROUTER)
+
+
+ROUTERS = [CTL_ROUTER, api_router, DB_ROUTER]
 DEFAULT_PRIVACY_NOTICES_PATH = join(
     dirname(__file__),
     "../data/privacy_notices",

From 1fe9a0edb57aba65d425e8cb5e4d7e89f4862004 Mon Sep 17 00:00:00 2001
From: Catherine Smith <eastandwestwind@gmail.com>
Date: Tue, 11 Jul 2023 10:30:00 -0400
Subject: [PATCH 72/90] Adds polyfill service to fides-js route (#3759)

---
 CHANGELOG.md                                 | 1 +
 clients/privacy-center/pages/api/fides-js.ts | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 430c655350..affc8ba996 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ The types of changes are:
 ### Changed
 
 - Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
+- Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
 
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
diff --git a/clients/privacy-center/pages/api/fides-js.ts b/clients/privacy-center/pages/api/fides-js.ts
index 4700cae6d8..4b0b32b008 100644
--- a/clients/privacy-center/pages/api/fides-js.ts
+++ b/clients/privacy-center/pages/api/fides-js.ts
@@ -96,6 +96,11 @@ export default async function handler(
   }
   const script = `
   (function () {
+    // This polyfill service adds a fetch polyfill only when needed, depending on browser making the request 
+    var script = document.createElement('script');
+    script.src = 'https://polyfill.io/v3/polyfill.min.js?features=fetch';
+    document.head.appendChild(script);
+    
     // Include generic fides.js script
     ${fidesJS}
 

From fcc9f3e95c938f94e106e09a724fc40d7b0083d3 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew.c.j1995@gmail.com>
Date: Tue, 11 Jul 2023 11:58:53 -0400
Subject: [PATCH 73/90] Fix creating and editing manual integrations (#3772)

---
 CHANGELOG.md                                  |  1 +
 .../forms/ConnectorParameters.tsx             |  4 +-
 .../forms/ConnectorParametersForm.tsx         | 93 +++++++++----------
 .../DSRCustomizationModal.tsx                 | 51 ++++++----
 4 files changed, 83 insertions(+), 66 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index affc8ba996..5ced3d9e81 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ The types of changes are:
 - Privacy center and fides-js now pass in `Unescape-Safestr` as a header so that special characters can be rendered properly [#3706](https://github.com/ethyca/fides/pull/3706)
 - Fixed ValidationError for saving PrivacyPreferences [#3719](https://github.com/ethyca/fides/pull/3719)
 - Fixed issue preventing ConnectionConfigs with duplicate names from saving [#3770](https://github.com/ethyca/fides/pull/3770)
+- Fixed creating and editing manual integrations [#3772](https://github.com/ethyca/fides/pull/3772) 
 
 ### Developer Experience
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 2a197477b5..5b2f10ddd2 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -89,7 +89,9 @@ export const patchConnectionConfig = async (
   patchFunc: any
 ) => {
   const key =
-    [SystemType.DATABASE, SystemType.EMAIL].indexOf(connectionOption.type) > -1
+    [SystemType.DATABASE, SystemType.EMAIL, SystemType.MANUAL].indexOf(
+      connectionOption.type
+    ) > -1
       ? formatKey(values.instance_key as string)
       : connectionConfig?.key;
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index cc90154aa4..927f56053d 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -265,54 +265,52 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
         <Form noValidate>
           <VStack align="stretch" gap="16px">
             {/* Connection Identifier */}
-            {connectionOption.type !== SystemType.MANUAL ? (
-              <Field
-                id="instance_key"
-                name="instance_key"
-                validate={validateConnectionIdentifier}
-              >
-                {({ field }: { field: FieldInputProps<string> }) => (
-                  <FormControl
-                    display="flex"
-                    isRequired
-                    isInvalid={
-                      props.errors.instance_key && props.touched.instance_key
-                    }
+            <Field
+              id="instance_key"
+              name="instance_key"
+              validate={validateConnectionIdentifier}
+            >
+              {({ field }: { field: FieldInputProps<string> }) => (
+                <FormControl
+                  display="flex"
+                  isRequired
+                  isInvalid={
+                    props.errors.instance_key && props.touched.instance_key
+                  }
+                >
+                  {getFormLabel("instance_key", "Integration Identifier")}
+                  <VStack align="flex-start" w="inherit">
+                    <Input
+                      {...field}
+                      autoComplete="off"
+                      color="gray.700"
+                      isDisabled={!!connectionConfig?.key}
+                      placeholder={`A unique identifier for your new ${
+                        connectionOption!.human_readable
+                      } integration`}
+                      size="sm"
+                    />
+                    <FormErrorMessage>
+                      {props.errors.instance_key}
+                    </FormErrorMessage>
+                  </VStack>
+                  <Tooltip
+                    aria-label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
+                    hasArrow
+                    label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
+                    placement="right-start"
+                    openDelay={500}
                   >
-                    {getFormLabel("instance_key", "Integration Identifier")}
-                    <VStack align="flex-start" w="inherit">
-                      <Input
-                        {...field}
-                        autoComplete="off"
-                        color="gray.700"
-                        isDisabled={!!connectionConfig?.key}
-                        placeholder={`A unique identifier for your new ${
-                          connectionOption!.human_readable
-                        } integration`}
-                        size="sm"
+                    <Flex alignItems="center" h="32px">
+                      <CircleHelpIcon
+                        marginLeft="8px"
+                        _hover={{ cursor: "pointer" }}
                       />
-                      <FormErrorMessage>
-                        {props.errors.instance_key}
-                      </FormErrorMessage>
-                    </VStack>
-                    <Tooltip
-                      aria-label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
-                      hasArrow
-                      label="The fides_key will allow fidesops to associate dataset field references appropriately. Must be a unique alphanumeric value with no spaces (underscores allowed) to represent this integration."
-                      placement="right-start"
-                      openDelay={500}
-                    >
-                      <Flex alignItems="center" h="32px">
-                        <CircleHelpIcon
-                          marginLeft="8px"
-                          _hover={{ cursor: "pointer" }}
-                        />
-                      </Flex>
-                    </Tooltip>
-                  </FormControl>
-                )}
-              </Field>
-            ) : null}
+                    </Flex>
+                  </Tooltip>
+                </FormControl>
+              )}
+            </Field>
             {/* Dynamic connector secret fields */}
 
             {connectionOption.type !== SystemType.MANUAL && secretsSchema
@@ -346,8 +344,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               >
                 {testButtonLabel}
               </Button>
-              {connectionOption.type === SystemType.MANUAL &&
-              connectionConfig ? (
+              {connectionOption.type === SystemType.MANUAL ? (
                 <DSRCustomizationModal connectionConfig={connectionConfig} />
               ) : null}
               <Button
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/DSRCustomizationForm/DSRCustomizationModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/DSRCustomizationForm/DSRCustomizationModal.tsx
index b7b34d3373..fca7c91cbf 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/DSRCustomizationForm/DSRCustomizationModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/DSRCustomizationForm/DSRCustomizationModal.tsx
@@ -9,6 +9,7 @@ import {
   ModalHeader,
   ModalOverlay,
   Spinner,
+  Tooltip,
   useDisclosure,
   VStack,
 } from "@fidesui/react";
@@ -30,7 +31,7 @@ import DSRCustomizationForm from "./DSRCustomizationForm";
 import { Field } from "./types";
 
 type Props = {
-  connectionConfig: ConnectionConfigurationResponse;
+  connectionConfig?: ConnectionConfigurationResponse;
 };
 
 const DSRCustomizationModal: React.FC<Props> = ({ connectionConfig }) => {
@@ -43,7 +44,9 @@ const DSRCustomizationModal: React.FC<Props> = ({ connectionConfig }) => {
   const { isOpen, onOpen, onClose } = useDisclosure();
 
   const { data, isFetching, isLoading, isSuccess } =
-    useGetAccessManualHookQuery(connectionConfig.key);
+    useGetAccessManualHookQuery(connectionConfig ? connectionConfig.key : "", {
+      skip: !connectionConfig,
+    });
 
   const [createAccessManualWebhook] = useCreateAccessManualWebhookMutation();
   const [patchAccessManualWebhook] = usePatchAccessManualWebhookMutation();
@@ -55,7 +58,7 @@ const DSRCustomizationModal: React.FC<Props> = ({ connectionConfig }) => {
       const params:
         | CreateAccessManualWebhookRequest
         | PatchAccessManualWebhookRequest = {
-        connection_key: connectionConfig.key as string,
+        connection_key: connectionConfig!.key as string,
         body: { ...values } as any,
       };
       if (fields.length > 0) {
@@ -83,22 +86,36 @@ const DSRCustomizationModal: React.FC<Props> = ({ connectionConfig }) => {
     };
   }, [data, isSuccess]);
 
+  const DSRButton = (
+    <Button
+      bg="primary.800"
+      color="white"
+      isDisabled={!connectionConfig || isSubmitting}
+      isLoading={isSubmitting}
+      loadingText="Submitting"
+      size="sm"
+      variant="solid"
+      onClick={onOpen}
+      _active={{ bg: "primary.500" }}
+      _hover={{ bg: "primary.400" }}
+    >
+      Customize DSR
+    </Button>
+  );
+
   return (
     <>
-      <Button
-        bg="primary.800"
-        color="white"
-        isDisabled={isSubmitting}
-        isLoading={isSubmitting}
-        loadingText="Submitting"
-        size="sm"
-        variant="solid"
-        onClick={onOpen}
-        _active={{ bg: "primary.500" }}
-        _hover={{ bg: "primary.400" }}
-      >
-        Customize DSR
-      </Button>
+      {!connectionConfig ? (
+        <Tooltip
+          label="Save an Integration first to customize the DSR"
+          placement="top"
+          shouldWrapChildren
+        >
+          {DSRButton}
+        </Tooltip>
+      ) : (
+        DSRButton
+      )}
       <Modal isCentered isOpen={isOpen} size="lg" onClose={onClose}>
         <ModalOverlay />
         <ModalContent minWidth="775px">

From 53ce232eb5b72d06b773cbca66aaa831f91e9aa3 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Tue, 11 Jul 2023 12:43:08 -0400
Subject: [PATCH 74/90] cascade deletes from system -> connectionconfig ->
 datasetconfig (#3771)

---
 CHANGELOG.md                             |  1 +
 src/fides/api/models/connectionconfig.py |  1 +
 src/fides/api/models/sql_models.py       |  1 +
 tests/ctl/core/test_api.py               | 47 ++++++++++++++++++++++++
 4 files changed, 50 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5ced3d9e81..163f4af32e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,7 @@ The types of changes are:
 - Fixed ValidationError for saving PrivacyPreferences [#3719](https://github.com/ethyca/fides/pull/3719)
 - Fixed issue preventing ConnectionConfigs with duplicate names from saving [#3770](https://github.com/ethyca/fides/pull/3770)
 - Fixed creating and editing manual integrations [#3772](https://github.com/ethyca/fides/pull/3772) 
+- Fix lingering integration artifacts by cascading deletes from System [#3771](https://github.com/ethyca/fides/pull/3771)
 
 ### Developer Experience
 
diff --git a/src/fides/api/models/connectionconfig.py b/src/fides/api/models/connectionconfig.py
index 57bad62b7e..6b4cf9f0bf 100644
--- a/src/fides/api/models/connectionconfig.py
+++ b/src/fides/api/models/connectionconfig.py
@@ -138,6 +138,7 @@ class ConnectionConfig(Base):
     datasets = relationship(  # type: ignore[misc]
         "DatasetConfig",
         back_populates="connection_config",
+        cascade="all, delete",
     )
 
     access_manual_webhook = relationship(  # type: ignore[misc]
diff --git a/src/fides/api/models/sql_models.py b/src/fides/api/models/sql_models.py
index 0e8b03b310..9cd3d41b29 100644
--- a/src/fides/api/models/sql_models.py
+++ b/src/fides/api/models/sql_models.py
@@ -342,6 +342,7 @@ class System(Base, FidesBase):
     connection_configs = relationship(
         "ConnectionConfig",
         back_populates="system",
+        cascade="all, delete",
         uselist=False,
         lazy="selectin",
     )
diff --git a/tests/ctl/core/test_api.py b/tests/ctl/core/test_api.py
index 7a95d94718..2d007c72f0 100644
--- a/tests/ctl/core/test_api.py
+++ b/tests/ctl/core/test_api.py
@@ -22,6 +22,8 @@
 
 from fides.api.api.v1.endpoints import health
 from fides.api.db.crud import get_resource
+from fides.api.models.connectionconfig import ConnectionConfig
+from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.sql_models import Dataset, PrivacyDeclaration, System
 from fides.api.oauth.roles import OWNER, VIEWER
 from fides.api.schemas.system import PrivacyDeclarationResponse
@@ -1642,6 +1644,51 @@ def test_system_delete_as_system_manager(
         assert result.json()["message"] == "resource deleted"
         assert result.json()["resource"]["fides_key"] == system.fides_key
 
+    def test_delete_system_deletes_connection_config_and_dataset(
+        self,
+        test_config,
+        db,
+        system,
+        generate_auth_header,
+        dataset_config: DatasetConfig,
+    ) -> None:
+        """
+        Ensure that deleting the system also deletes any associated
+        ConnectionConfig and DatasetConfig records
+        """
+        auth_header = generate_auth_header(scopes=[SYSTEM_DELETE])
+
+        connection_config = dataset_config.connection_config
+        connection_config.system_id = (
+            system.id
+        )  # tie the connectionconfig to the system we will delete
+        connection_config.save(db)
+        # the keys are cached before the delete
+        connection_config_key = connection_config.key
+        dataset_config_key = dataset_config.fides_key
+
+        # delete the system via API
+        result = _api.delete(
+            url=test_config.cli.server_url,
+            resource_type="system",
+            resource_id=system.fides_key,
+            headers=auth_header,
+        )
+        assert result.status_code == HTTP_200_OK
+
+        # ensure our system itself was deleted
+        assert db.query(System).filter_by(fides_key=system.fides_key).first() is None
+        # ensure our associated ConnectionConfig was deleted
+        assert (
+            db.query(ConnectionConfig).filter_by(key=connection_config_key).first()
+            is None
+        )
+        # and ensure our associated DatasetConfig was deleted
+        assert (
+            db.query(DatasetConfig).filter_by(fides_key=dataset_config_key).first()
+            is None
+        )
+
     def test_owner_role_gets_404_if_system_not_found(
         self,
         test_config,

From 12dff1aa4425d2283b5461b3d54cd033789001a1 Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Tue, 11 Jul 2023 13:02:21 -0400
Subject: [PATCH 75/90] Enable privacy notices and experiences by default in
 production (#3773)

---
 CHANGELOG.md                    | 1 +
 clients/admin-ui/src/flags.json | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 163f4af32e..3a8a2127df 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -63,6 +63,7 @@ The types of changes are:
 - Update EU PrivacyNoticeRegion codes and allow experience filtering to drop back to country filtering if region not found [#3630](https://github.com/ethyca/fides/pull/3630)
 - Fields with default fields are now flagged as required in the front-end [#3694](https://github.com/ethyca/fides/pull/3694)
 - In "view systems", system cards can now be clicked and link to that system's `configure/[id]` page [#3734](https://github.com/ethyca/fides/pull/3734)
+- Enable privacy notice and privacy experience feature flags by default [#3773](https://github.com/ethyca/fides/pull/3773)
 
 ## [2.15.1](https://github.com/ethyca/fides/compare/2.15.0...2.15.1)
 
diff --git a/clients/admin-ui/src/flags.json b/clients/admin-ui/src/flags.json
index 34a4c5a8ee..c8f3074cf9 100644
--- a/clients/admin-ui/src/flags.json
+++ b/clients/admin-ui/src/flags.json
@@ -22,13 +22,13 @@
     "description": "Page to configure consent privacy notices",
     "development": true,
     "test": true,
-    "production": false
+    "production": true
   },
   "privacyExperience": {
     "description": "Page to configure consent privacy experiences",
     "development": true,
     "test": true,
-    "production": false
+    "production": true
   },
   "standaloneConnections": {
     "description": "Allow the creation of standalone connections for testing",

From 10cebca618ea28ae4bda2594d9dfe79ad36d5a73 Mon Sep 17 00:00:00 2001
From: Thomas <thomas.lapiana+github@pm.me>
Date: Thu, 13 Jul 2023 14:30:55 +0800
Subject: [PATCH 76/90] Refactor logging configuration (#3758)

---
 CHANGELOG.md                                  |   1 +
 docker-compose.yml                            |   1 +
 src/fides/api/alembic/migrations/env.py       |   6 +-
 .../api/api/v1/endpoints/dataset_endpoints.py |   7 +-
 src/fides/api/app_setup.py                    |   6 +-
 src/fides/api/main.py                         |  13 +-
 src/fides/api/models/datasetconfig.py         |   5 +-
 src/fides/api/util/data_category.py           |   3 +-
 src/fides/api/util/logger.py                  | 134 +++++++-----------
 src/fides/config/logging_settings.py          |   4 +
 tests/ctl/api/test_admin.py                   |  17 +--
 .../v1/endpoints/test_messaging_endpoints.py  |  16 ++-
 tests/ops/api/v1/endpoints/test_system.py     |  30 ++--
 13 files changed, 122 insertions(+), 121 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3a8a2127df..290b0247fa 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -24,6 +24,7 @@ The types of changes are:
 ### Changed
 
 - Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
+- Logging Updates [#3758](https://github.com/ethyca/fides/pull/3758)
 - Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
 
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
diff --git a/docker-compose.yml b/docker-compose.yml
index e42200790a..d22c5d7e7e 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,7 @@ services:
       FIDES__CLI__SERVER_PORT: "8080"
       FIDES__DATABASE__SERVER: "fides-db"
       FIDES__DEV_MODE: "True"
+      FIDES__LOGGING__COLORIZE: "True"
       FIDES__USER__ANALYTICS_OPT_OUT: "True"
       FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS: "True"
       FIDES__SECURITY__BASTION_SERVER_HOST: ${FIDES__SECURITY__BASTION_SERVER_HOST-}
diff --git a/src/fides/api/alembic/migrations/env.py b/src/fides/api/alembic/migrations/env.py
index 6a096af394..eee0f83516 100644
--- a/src/fides/api/alembic/migrations/env.py
+++ b/src/fides/api/alembic/migrations/env.py
@@ -14,11 +14,7 @@
 # Interpret the config file for Python logging.
 # This line sets up loggers basically.
 fileConfig(alembic_config.config_file_name)
-setup_fidesapi_logger(
-    fides_config.logging.level,
-    serialize=fides_config.logging.serialization,
-    desination=fides_config.logging.destination,
-)
+setup_fidesapi_logger(CONFIG)
 
 # add your model's MetaData object here
 # for 'autogenerate' support
diff --git a/src/fides/api/api/v1/endpoints/dataset_endpoints.py b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
index fc329f5348..240ae2a7ee 100644
--- a/src/fides/api/api/v1/endpoints/dataset_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/dataset_endpoints.py
@@ -37,9 +37,6 @@
     convert_dataset_to_graph,
     to_graph_field,
 )
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
-    Dataset as CtlDataset,
-)
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.api import BulkUpdateFailed
 from fides.api.schemas.dataset import (
@@ -69,6 +66,10 @@
     YAML_DATASETS,
 )
 
+from fides.api.models.sql_models import (  # type: ignore[attr-defined] # isort: skip
+    Dataset as CtlDataset,
+)
+
 X_YAML = "application/x-yaml"
 
 router = APIRouter(tags=["Dataset Configs"], prefix=V1_URL_PREFIX)
diff --git a/src/fides/api/app_setup.py b/src/fides/api/app_setup.py
index 7cd263d070..6a19ff41cd 100644
--- a/src/fides/api/app_setup.py
+++ b/src/fides/api/app_setup.py
@@ -79,11 +79,7 @@ def create_fides_app(
     security_env: str = CONFIG.security.env,
 ) -> FastAPI:
     """Return a properly configured application."""
-    setup_logging(
-        CONFIG.logging.level,
-        serialize=CONFIG.logging.serialization,
-        desination=CONFIG.logging.destination,
-    )
+    setup_logging(CONFIG)
     logger.bind(api_config=CONFIG.logging.json()).debug(
         "Logger configuration options in use"
     )
diff --git a/src/fides/api/main.py b/src/fides/api/main.py
index bff514e432..8d6af692b3 100644
--- a/src/fides/api/main.py
+++ b/src/fides/api/main.py
@@ -133,7 +133,13 @@ async def prepare_and_log_request(
 async def log_request(request: Request, call_next: Callable) -> Response:
     """Log basic information about every request handled by the server."""
     start = datetime.now()
-    response = await call_next(request)
+
+    # If the request fails, we still want to log it
+    try:
+        response = await call_next(request)
+    except:  # pylint: disable=bare-except
+        response = Response(status_code=500)
+
     handler_time = datetime.now() - start
     logger.bind(
         method=request.method,
@@ -252,7 +258,10 @@ async def setup_server() -> None:
         )
     )
 
-    logger.info(FIDES_ASCII_ART)
+    # It's just a random bunch of strings when serialized
+    if not CONFIG.logging.serialization:
+        logger.info(FIDES_ASCII_ART)
+
     logger.info(f"Fides startup complete! v{VERSION}")
 
 
diff --git a/src/fides/api/models/datasetconfig.py b/src/fides/api/models/datasetconfig.py
index 405df13d67..7ecce4aa8e 100644
--- a/src/fides/api/models/datasetconfig.py
+++ b/src/fides/api/models/datasetconfig.py
@@ -19,10 +19,11 @@
 )
 from fides.api.graph.data_type import parse_data_type_string
 from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+from fides.api.util.saas_util import merge_datasets
+
+from fides.api.models.sql_models import (  # type: ignore[attr-defined] # isort: skip
     Dataset as CtlDataset,
 )
-from fides.api.util.saas_util import merge_datasets
 
 
 class DatasetConfig(Base):
diff --git a/src/fides/api/util/data_category.py b/src/fides/api/util/data_category.py
index ccb0e60670..472cc71d70 100644
--- a/src/fides/api/util/data_category.py
+++ b/src/fides/api/util/data_category.py
@@ -6,7 +6,8 @@
 from sqlalchemy.orm import Session
 
 from fides.api import common_exceptions
-from fides.api.models.sql_models import (  # type: ignore[attr-defined]
+
+from fides.api.models.sql_models import (  # type: ignore[attr-defined] # isort: skip
     DataCategory as DataCategoryDbModel,
 )
 
diff --git a/src/fides/api/util/logger.py b/src/fides/api/util/logger.py
index feb743c5d7..ea7e179951 100644
--- a/src/fides/api/util/logger.py
+++ b/src/fides/api/util/logger.py
@@ -7,12 +7,11 @@
 
 import logging
 import sys
-from types import FrameType
-from typing import Dict, List, Optional, Union
+from typing import Dict, List
 
 from loguru import logger
 
-from fides.config import CONFIG
+from fides.config import CONFIG, FidesConfig
 
 MASKED = "MASKED"
 
@@ -42,77 +41,54 @@ def _log_warning(exc: BaseException, dev_mode: bool = False) -> None:
         logger.error(exc)
 
 
-class FidesAPIHandler(logging.Handler):
+def create_handler_dicts(
+    level: str, sink: str, serialize: bool, colorize: bool, include_called_from: bool
+) -> List[Dict]:
     """
-    The logging.Handler used by the api logger.
+    Creates dictionaries used for configuring loguru handlers.
+
+    Two dictionaries are returned, one for standard logs and another to handle
+    logs that include "extra" information.
     """
+    time_format = "<green>{time:YYYY-MM-DD HH:mm:ss.SSS}</green>"
+    level_format = "<level>{level: <8}</level>"
+    called_from_format = (
+        ("<cyan>{name}</cyan>:<cyan>{function}</cyan>:<cyan>{line}</cyan>")
+        if include_called_from
+        else ""
+    )
+    message_format = "<level>{message}</level>"
+
+    log_format = (
+        time_format
+        + " | "
+        + level_format
+        + " | "
+        + called_from_format
+        + " - "
+        + message_format
+    )
 
-    def __init__(
-        self,
-        level: Union[int, str],
-        include_extra: bool = False,
-        serialize: str = "",
-        sink: str = "",
-    ) -> None:
-        super().__init__(level=level)
-        self.loguru_vals: Dict = {
-            "level": level,
-            "serialize": serialize == "json",
-            "sink": sys.stdout if sink == "" else sink,
-        }
-
-        format_module = ""
-        if level == logging.DEBUG or level == logging.getLevelName(logging.DEBUG):
-            format_module = " (<c>{module}:{function}:{line}</c>)"
-
-        format_extra = ""
-        self.loguru_vals["filter"] = "lambda logRecord: not bool(logRecord['extra'])"
-        if include_extra:
-            format_extra = " | {extra}"
-            self.loguru_vals["filter"] = "lambda logRecord: bool(logRecord['extra'])"
-
-        self.loguru_vals["format"] = (
-            "<d>{time:YYYY-MM-DD HH:mm:ss.SSS}</d> [<lvl>{level}</lvl>]%s: {message}%s"
-            % (format_module, format_extra)
-        )
-
-    def emit(self, record: logging.LogRecord) -> None:
-        """
-        Log the specified record.
-        """
-        # Get corresponding Loguru level if it exists
-        level: Union[int, str]
-        try:
-            level = logger.level(record.levelname).name
-        except ValueError:
-            level = record.levelno
-
-        # Determine the caller that originated the log entry
-        frame: Optional[FrameType] = logging.currentframe()
-        depth = 2
-        while frame is not None and frame.f_code.co_filename == logging.__file__:
-            frame = frame.f_back
-            depth += 1
-
-        logger.opt(depth=depth, exception=record.exc_info).log(
-            level, record.getMessage()
-        )
-
-    def loguru_config(self) -> Dict:
-        """
-        Returns only the fields required to pass a FidesAPIHandler
-        as a handler kwarg in Loguru's logger.configure().
-        """
-        return {
-            "level": self.loguru_vals["level"],
-            "filter": eval(self.loguru_vals["filter"]),
-            "format": self.loguru_vals["format"],
-            "serialize": self.loguru_vals["serialize"],
-            "sink": self.loguru_vals["sink"],
-        }
-
-
-def setup(level: str, serialize: str = "", desination: str = "") -> None:
+    standard_dict = {
+        "colorize": colorize,
+        "format": log_format,
+        "level": level,
+        "serialize": serialize,
+        "sink": sys.stdout if sink == "" else sink,
+        "filter": lambda logRecord: not bool(logRecord["extra"]),
+        "diagnose": False,
+        "backtrace": True,
+        "catch": True,
+    }
+    extra_dict = {
+        **standard_dict,
+        "format": log_format + " | {extra}",
+        "filter": lambda logRecord: bool(logRecord["extra"]),
+    }
+    return [standard_dict, extra_dict]
+
+
+def setup(config: FidesConfig) -> None:
     """
     Removes all handlers from all loggers, and sets those
     loggers to propagate log entries to the root logger.
@@ -126,16 +102,14 @@ def setup(level: str, serialize: str = "", desination: str = "") -> None:
         logging.getLogger(name).handlers = []
         logging.getLogger(name).propagate = True
 
-    logger.configure(
-        handlers=[
-            FidesAPIHandler(
-                level, sink=desination, serialize=serialize
-            ).loguru_config(),
-            FidesAPIHandler(
-                level, include_extra=True, sink=desination, serialize=serialize
-            ).loguru_config(),
-        ]
+    handlers = create_handler_dicts(
+        level=config.logging.level,
+        include_called_from=config.dev_mode,
+        sink=config.logging.destination,
+        serialize=config.logging.serialization == "json",
+        colorize=config.logging.colorize,
     )
+    logger.configure(handlers=handlers)
 
 
 def obfuscate_message(message: str) -> str:
diff --git a/src/fides/config/logging_settings.py b/src/fides/config/logging_settings.py
index 09492b7476..0c23ab107b 100644
--- a/src/fides/config/logging_settings.py
+++ b/src/fides/config/logging_settings.py
@@ -20,6 +20,10 @@ class LoggingSettings(FidesSettings):
         default="",
         description="The output location for log files. Accepts any valid file path. If left unset, log entries are printed to stdout and log files are not produced.",
     )
+    colorize: bool = Field(
+        default=False,
+        description="Force colored logs. Any value set via environment variables is considered 'True'.",
+    )
     level: str = Field(
         default="INFO",
         description="The minimum log entry level to produce. Also accepts TRACE, DEBUG, WARNING, ERROR, or CRITICAL (case insensitive).",
diff --git a/tests/ctl/api/test_admin.py b/tests/ctl/api/test_admin.py
index e623dc254b..ce951fb548 100644
--- a/tests/ctl/api/test_admin.py
+++ b/tests/ctl/api/test_admin.py
@@ -26,12 +26,13 @@ def test_db_reset_dev_mode_disabled(
     test_config: FidesConfig,
     test_config_dev_mode_disabled: FidesConfig,  # temporarily switches off config.dev_mode
     test_client: TestClient,
+    loguru_caplog,
 ) -> None:
-    with pytest.raises(
-        errors.FunctionalityNotConfigured,
-        match="unable to reset fides database outside of dev_mode.",
-    ):
-        test_client.post(
-            test_config.cli.server_url + API_PREFIX + "/admin/db/reset/",
-            headers=test_config.user.auth_header,
-        )
+    error_message = "unable to reset fides database outside of dev_mode."
+    test_client.post(
+        test_config.cli.server_url + API_PREFIX + "/admin/db/reset/",
+        headers=test_config.user.auth_header,
+    )
+
+    assert "ERROR" in loguru_caplog.text
+    assert error_message in loguru_caplog.text
diff --git a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
index e8e5feac02..ec83ba7ce0 100644
--- a/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_messaging_endpoints.py
@@ -1459,19 +1459,23 @@ def test_get_active_default_app_setting_invalid(
         url,
         api_client: TestClient,
         generate_auth_header,
+        loguru_caplog,
     ):
         """
         This is contrived and should not be able to occur, but here we test what happens
         if somehow the `notifications.notification_service_type` config property is set
         to an invalid value.
         """
+
+        error_message = "Unknown notification_service_type"
         auth_header = generate_auth_header([MESSAGING_READ])
-        with pytest.raises(ValueError) as e:
-            api_client.get(
-                url,
-                headers=auth_header,
-            )
-        assert "Unknown notification_service_type" in str(e)
+        api_client.get(
+            url,
+            headers=auth_header,
+        )
+
+        assert "ERROR" in loguru_caplog.text
+        assert error_message in loguru_caplog.text
 
     @pytest.mark.usefixtures("notification_service_type_mailgun")
     def test_get_active_default_config(
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index 6a28092c61..e56ee71cec 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -7,13 +7,12 @@
 from sqlalchemy.orm import Session
 from starlette.status import (
     HTTP_200_OK,
+    HTTP_204_NO_CONTENT,
     HTTP_401_UNAUTHORIZED,
     HTTP_403_FORBIDDEN,
     HTTP_404_NOT_FOUND,
-    HTTP_204_NO_CONTENT,
 )
 from starlette.testclient import TestClient
-from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 
 from fides.api.models.connectionconfig import (
     AccessLevel,
@@ -27,12 +26,13 @@
 from fides.api.models.sql_models import Dataset
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
+    CONNECTION_DELETE,
     CONNECTION_READ,
     SAAS_CONNECTION_INSTANTIATE,
     STORAGE_DELETE,
     SYSTEM_MANAGER_UPDATE,
-    CONNECTION_DELETE,
 )
+from fides.common.api.v1.urn_registry import V1_URL_PREFIX
 from tests.conftest import generate_role_header_for_user
 from tests.fixtures.saas.connection_template_fixtures import instantiate_connector
 
@@ -184,8 +184,12 @@ def test_patch_connections_role_check_viewer(
 
         if assign_system:
             assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
-            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
-            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            system_manager_auth_header = generate_auth_header(
+                scopes=[SYSTEM_MANAGER_UPDATE]
+            )
+            api_client.put(
+                assign_url, headers=system_manager_auth_header, json=[system.fides_key]
+            )
             auth_header = generate_system_manager_header([system.id])
         else:
             auth_header = generate_role_header_for_user(
@@ -293,8 +297,12 @@ def test_get_connection_configs_role_viewer(
 
         if assign_system:
             assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
-            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
-            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            system_manager_auth_header = generate_auth_header(
+                scopes=[SYSTEM_MANAGER_UPDATE]
+            )
+            api_client.put(
+                assign_url, headers=system_manager_auth_header, json=[system.fides_key]
+            )
             auth_header = generate_system_manager_header([system.id])
         else:
             auth_header = generate_role_header_for_user(
@@ -513,8 +521,12 @@ def test_delete_connection_configs_role_viewer(
 
         if assign_system:
             assign_url = V1_URL_PREFIX + f"/user/{acting_user_role.id}/system-manager"
-            system_manager_auth_header = generate_auth_header(scopes=[SYSTEM_MANAGER_UPDATE])
-            api_client.put(assign_url, headers=system_manager_auth_header, json=[system.fides_key])
+            system_manager_auth_header = generate_auth_header(
+                scopes=[SYSTEM_MANAGER_UPDATE]
+            )
+            api_client.put(
+                assign_url, headers=system_manager_auth_header, json=[system.fides_key]
+            )
             auth_header = generate_system_manager_header([system.id])
         else:
             auth_header = generate_role_header_for_user(

From 369c78970e8491a1edd854cc14152189a41b59a0 Mon Sep 17 00:00:00 2001
From: jpople <jeremy@ethyca.com>
Date: Thu, 13 Jul 2023 11:55:43 -0400
Subject: [PATCH 77/90] Remove 'successfully added custom fields' toast (#3779)

---
 CHANGELOG.md                                        |  4 ++++
 .../src/features/common/custom-fields/hooks.ts      | 13 +++++--------
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 290b0247fa..1794cb9952 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -27,6 +27,10 @@ The types of changes are:
 - Logging Updates [#3758](https://github.com/ethyca/fides/pull/3758)
 - Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
 
+### Removed
+
+- Removed "Custom field(s) successfully saved" toast [#3779](https://github.com/ethyca/fides/pull/3779)
+
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
 ### Added
diff --git a/clients/admin-ui/src/features/common/custom-fields/hooks.ts b/clients/admin-ui/src/features/common/custom-fields/hooks.ts
index 5313f5b189..fd6874f884 100644
--- a/clients/admin-ui/src/features/common/custom-fields/hooks.ts
+++ b/clients/admin-ui/src/features/common/custom-fields/hooks.ts
@@ -23,7 +23,7 @@ export const useCustomFields = ({
   resourceFidesKey,
   resourceType,
 }: UseCustomFieldsOptions) => {
-  const { errorAlert, successAlert } = useAlert();
+  const { errorAlert } = useAlert();
   const { plus: isEnabled } = useFeatures();
 
   // This keeps track of the fides key that was initially passed in. If that key started out blank,
@@ -149,7 +149,10 @@ export const useCustomFields = ({
 
       // This will be undefined if the form never rendered a `CustomFieldList` that would assign
       // form values.
-      if (!customFieldValuesFromForm) {
+      if (
+        !customFieldValuesFromForm ||
+        Object.keys(customFieldValuesFromForm).length === 0
+      ) {
         return;
       }
 
@@ -184,10 +187,6 @@ export const useCustomFields = ({
             return upsertCustomFieldMutationTrigger(body);
           })
         );
-
-        successAlert(
-          `Custom field(s) successfully saved and added to this ${resourceType} form.`
-        );
       } catch (e) {
         errorAlert(
           `One or more custom fields have failed to save, please try again.`
@@ -202,9 +201,7 @@ export const useCustomFields = ({
       deleteCustomFieldMutationTrigger,
       errorAlert,
       resourceFidesKey,
-      resourceType,
       sortedCustomFieldDefinitionIds,
-      successAlert,
       upsertCustomFieldMutationTrigger,
     ]
   );

From 49fe64c43a0276ddb9efb5eecfaee84b53ef052a Mon Sep 17 00:00:00 2001
From: jpople <jeremy@ethyca.com>
Date: Thu, 13 Jul 2023 13:52:44 -0400
Subject: [PATCH 78/90] Alphabetize system cards in "view systems" page (#3781)

---
 CHANGELOG.md                                         | 1 +
 clients/admin-ui/src/features/system/system.slice.ts | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1794cb9952..ce3c89f001 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,6 +26,7 @@ The types of changes are:
 - Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
 - Logging Updates [#3758](https://github.com/ethyca/fides/pull/3758)
 - Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
+- Sort system cards alphabetically by name on "View systems" page [#3781](https://github.com/ethyca/fides/pull/3781)
 
 ### Removed
 
diff --git a/clients/admin-ui/src/features/system/system.slice.ts b/clients/admin-ui/src/features/system/system.slice.ts
index a4f616a7ec..5f0dcffcb8 100644
--- a/clients/admin-ui/src/features/system/system.slice.ts
+++ b/clients/admin-ui/src/features/system/system.slice.ts
@@ -25,6 +25,14 @@ const systemApi = baseApi.injectEndpoints({
     getAllSystems: build.query<SystemResponse[], void>({
       query: () => ({ url: `system/` }),
       providesTags: () => ["System"],
+      transformResponse: (systems: SystemResponse[]) =>
+        systems.sort((a, b) => {
+          const displayName = (system: SystemResponse) =>
+            system.name === "" || system.name == null
+              ? system.fides_key
+              : system.name;
+          return displayName(a).localeCompare(displayName(b));
+        }),
     }),
     getSystemByFidesKey: build.query<SystemResponse, string>({
       query: (fides_key) => ({ url: `system/${fides_key}/` }),

From dacba24db9f8be21e63332adef1da168df25c8ab Mon Sep 17 00:00:00 2001
From: Dawn Pattison <pattisdr@users.noreply.github.com>
Date: Thu, 13 Jul 2023 16:56:22 -0500
Subject: [PATCH 79/90] [Backend] Record when Consent is Served  (#3777)

Add the ability to record whenever the components display consent to the user.

- Add a new endpoint for the frontend to call when they serve consent via a particular component.
- Add new tables to store that consent was served.
- Update the requests that save preferences to optionally pass in the id where we served the preference to be able to calculate conversion in the future.
- When retrieving preferences for a given user embedded on notices, also return whether that notice was served.
---
 .fides/db_dataset.yml                         | 130 ++++
 CHANGELOG.md                                  |   3 +
 .../7c562441c589_track_notices_served.py      | 356 +++++++++
 .../endpoints/privacy_preference_endpoints.py | 350 +++++++--
 src/fides/api/db/base.py                      |   2 +
 src/fides/api/models/privacy_experience.py    |  67 +-
 src/fides/api/models/privacy_notice.py        |   8 +-
 src/fides/api/models/privacy_preference.py    | 541 +++++++++----
 src/fides/api/schemas/privacy_notice.py       |   6 +
 src/fides/api/schemas/privacy_preference.py   |  42 +-
 src/fides/api/util/consent_util.py            |   4 +-
 src/fides/cli/options.py                      |  92 ++-
 src/fides/common/api/v1/urn_registry.py       |   2 +
 tests/fixtures/application_fixtures.py        |  43 +-
 .../test_privacy_experience_endpoints.py      |  29 +-
 .../test_privacy_preference_endpoints.py      | 716 +++++++++++++++++-
 tests/ops/models/test_privacy_preference.py   | 185 +++++
 17 files changed, 2338 insertions(+), 238 deletions(-)
 create mode 100644 src/fides/api/alembic/migrations/versions/7c562441c589_track_notices_served.py

diff --git a/.fides/db_dataset.yml b/.fides/db_dataset.yml
index a73b4c3261..c18d939d08 100644
--- a/.fides/db_dataset.yml
+++ b/.fides/db_dataset.yml
@@ -2204,6 +2204,10 @@ dataset:
         data_categories:
         - system.operations
         data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      - name: served_notice_history_id
+        data_categories:
+          - system.operations
+        data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: userregistration
     description: 'Records the registration status of this Fides deployment'
     data_categories: null
@@ -2277,4 +2281,130 @@ dataset:
     - name: updated_at
       data_categories:
       - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+  - name: lastservednotice
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    fields:
+    - name: created_at
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: fides_user_device_provided_identity_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_notice_history_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_notice_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: provided_identity_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: served_notice_history_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: updated_at
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+  - name: servednoticehistory
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    fields:
+    - name: acknowledge_mode
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: anonymized_ip_address
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: created_at
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: updated_at
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: email
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: fides_user_device
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: fides_user_device_provided_identity_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: hashed_email
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: hashed_fides_user_device
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: hashed_phone_number
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: phone_number
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_experience_config_history_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_experience_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: privacy_notice_history_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: provided_identity_id
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: request_origin
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: serving_component
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: updated_at
+      description: 'Fides Generated Description for Column: updated_at'
+      data_categories: [ ]
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: url_recorded
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: user_agent
+      data_categories:
+      - user
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: user_geography
+      data_categories:
+      - user
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ce3c89f001..dc14f0043e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -32,6 +32,9 @@ The types of changes are:
 
 - Removed "Custom field(s) successfully saved" toast [#3779](https://github.com/ethyca/fides/pull/3779)
 
+### Added
+- Record when consent is served [#3777](https://github.com/ethyca/fides/pull/3777)
+
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
 ### Added
diff --git a/src/fides/api/alembic/migrations/versions/7c562441c589_track_notices_served.py b/src/fides/api/alembic/migrations/versions/7c562441c589_track_notices_served.py
new file mode 100644
index 0000000000..86183bcaaa
--- /dev/null
+++ b/src/fides/api/alembic/migrations/versions/7c562441c589_track_notices_served.py
@@ -0,0 +1,356 @@
+"""track notices served
+
+Revision ID: 7c562441c589
+Revises: 7315b9d7fda6
+Create Date: 2023-07-10 16:42:37.433995
+
+"""
+import sqlalchemy as sa
+import sqlalchemy_utils
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "7c562441c589"
+down_revision = "7315b9d7fda6"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.create_table(
+        "servednoticehistory",
+        sa.Column("id", sa.String(length=255), nullable=False),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column(
+            "anonymized_ip_address",
+            sqlalchemy_utils.types.encrypted.encrypted_type.StringEncryptedType(),
+            nullable=True,
+        ),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column(
+            "email",
+            sqlalchemy_utils.types.encrypted.encrypted_type.StringEncryptedType(),
+            nullable=True,
+        ),
+        sa.Column(
+            "fides_user_device",
+            sqlalchemy_utils.types.encrypted.encrypted_type.StringEncryptedType(),
+            nullable=True,
+        ),
+        sa.Column("hashed_email", sa.String(), nullable=True),
+        sa.Column("hashed_fides_user_device", sa.String(), nullable=True),
+        sa.Column("hashed_phone_number", sa.String(), nullable=True),
+        sa.Column(
+            "phone_number",
+            sqlalchemy_utils.types.encrypted.encrypted_type.StringEncryptedType(),
+            nullable=True,
+        ),
+        sa.Column("request_origin", sa.String(), nullable=True),
+        sa.Column("url_recorded", sa.String(), nullable=True),
+        sa.Column(
+            "user_agent",
+            sqlalchemy_utils.types.encrypted.encrypted_type.StringEncryptedType(),
+            nullable=True,
+        ),
+        sa.Column("user_geography", sa.String(), nullable=True),
+        sa.Column("acknowledge_mode", sa.Boolean(), nullable=True),
+        sa.Column("serving_component", sa.String(), nullable=False),
+        sa.Column("fides_user_device_provided_identity_id", sa.String(), nullable=True),
+        sa.Column("privacy_experience_config_history_id", sa.String(), nullable=True),
+        sa.Column("privacy_experience_id", sa.String(), nullable=True),
+        sa.Column("privacy_notice_history_id", sa.String(), nullable=False),
+        sa.Column("provided_identity_id", sa.String(), nullable=True),
+        sa.ForeignKeyConstraint(
+            ["fides_user_device_provided_identity_id"],
+            ["providedidentity.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["privacy_experience_config_history_id"],
+            ["privacyexperienceconfighistory.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["privacy_experience_id"],
+            ["privacyexperience.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["privacy_notice_history_id"],
+            ["privacynoticehistory.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["provided_identity_id"],
+            ["providedidentity.id"],
+        ),
+        sa.PrimaryKeyConstraint("id"),
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_created_at"),
+        "servednoticehistory",
+        ["created_at"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_fides_user_device_provided_identity_id"),
+        "servednoticehistory",
+        ["fides_user_device_provided_identity_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_hashed_email"),
+        "servednoticehistory",
+        ["hashed_email"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_hashed_fides_user_device"),
+        "servednoticehistory",
+        ["hashed_fides_user_device"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_hashed_phone_number"),
+        "servednoticehistory",
+        ["hashed_phone_number"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_id"), "servednoticehistory", ["id"], unique=False
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_privacy_experience_config_history_id"),
+        "servednoticehistory",
+        ["privacy_experience_config_history_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_privacy_experience_id"),
+        "servednoticehistory",
+        ["privacy_experience_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_privacy_notice_history_id"),
+        "servednoticehistory",
+        ["privacy_notice_history_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_provided_identity_id"),
+        "servednoticehistory",
+        ["provided_identity_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_serving_component"),
+        "servednoticehistory",
+        ["serving_component"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_servednoticehistory_user_geography"),
+        "servednoticehistory",
+        ["user_geography"],
+        unique=False,
+    )
+    op.create_table(
+        "lastservednotice",
+        sa.Column("id", sa.String(length=255), nullable=False),
+        sa.Column(
+            "created_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column(
+            "updated_at",
+            sa.DateTime(timezone=True),
+            server_default=sa.text("now()"),
+            nullable=True,
+        ),
+        sa.Column("served_notice_history_id", sa.String(), nullable=False),
+        sa.Column("provided_identity_id", sa.String(), nullable=True),
+        sa.Column("fides_user_device_provided_identity_id", sa.String(), nullable=True),
+        sa.Column("privacy_notice_id", sa.String(), nullable=False),
+        sa.Column("privacy_notice_history_id", sa.String(), nullable=False),
+        sa.ForeignKeyConstraint(
+            ["fides_user_device_provided_identity_id"],
+            ["providedidentity.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["privacy_notice_history_id"],
+            ["privacynoticehistory.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["privacy_notice_id"],
+            ["privacynotice.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["provided_identity_id"],
+            ["providedidentity.id"],
+        ),
+        sa.ForeignKeyConstraint(
+            ["served_notice_history_id"],
+            ["servednoticehistory.id"],
+        ),
+        sa.PrimaryKeyConstraint("id"),
+        sa.UniqueConstraint(
+            "fides_user_device_provided_identity_id",
+            "privacy_notice_id",
+            name="last_served_fides_user_device_identity_privacy_notice",
+        ),
+        sa.UniqueConstraint(
+            "provided_identity_id",
+            "privacy_notice_id",
+            name="last_served_identity_privacy_notice",
+        ),
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_created_at"),
+        "lastservednotice",
+        ["created_at"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_fides_user_device_provided_identity_id"),
+        "lastservednotice",
+        ["fides_user_device_provided_identity_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_id"), "lastservednotice", ["id"], unique=False
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_privacy_notice_history_id"),
+        "lastservednotice",
+        ["privacy_notice_history_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_privacy_notice_id"),
+        "lastservednotice",
+        ["privacy_notice_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_provided_identity_id"),
+        "lastservednotice",
+        ["provided_identity_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_served_notice_history_id"),
+        "lastservednotice",
+        ["served_notice_history_id"],
+        unique=False,
+    )
+    op.create_index(
+        op.f("ix_lastservednotice_updated_at"),
+        "lastservednotice",
+        ["updated_at"],
+        unique=False,
+    )
+
+    op.add_column(
+        "privacypreferencehistory",
+        sa.Column("served_notice_history_id", sa.String(), nullable=True),
+    )
+    op.create_index(
+        op.f("ix_privacypreferencehistory_served_notice_history_id"),
+        "privacypreferencehistory",
+        ["served_notice_history_id"],
+        unique=False,
+    )
+    op.create_foreign_key(
+        "privacy_preference_served_notice_fk",
+        "privacypreferencehistory",
+        "servednoticehistory",
+        ["served_notice_history_id"],
+        ["id"],
+    )
+
+
+def downgrade():
+    op.drop_constraint(
+        "privacy_preference_served_notice_fk",
+        "privacypreferencehistory",
+        type_="foreignkey",
+    )
+    op.drop_index(
+        op.f("ix_privacypreferencehistory_served_notice_history_id"),
+        table_name="privacypreferencehistory",
+    )
+    op.drop_column("privacypreferencehistory", "served_notice_history_id")
+    op.drop_index(op.f("ix_lastservednotice_updated_at"), table_name="lastservednotice")
+    op.drop_index(
+        op.f("ix_lastservednotice_served_notice_history_id"),
+        table_name="lastservednotice",
+    )
+    op.drop_index(
+        op.f("ix_lastservednotice_provided_identity_id"), table_name="lastservednotice"
+    )
+    op.drop_index(
+        op.f("ix_lastservednotice_privacy_notice_id"), table_name="lastservednotice"
+    )
+    op.drop_index(
+        op.f("ix_lastservednotice_privacy_notice_history_id"),
+        table_name="lastservednotice",
+    )
+    op.drop_index(op.f("ix_lastservednotice_id"), table_name="lastservednotice")
+    op.drop_index(
+        op.f("ix_lastservednotice_fides_user_device_provided_identity_id"),
+        table_name="lastservednotice",
+    )
+    op.drop_index(op.f("ix_lastservednotice_created_at"), table_name="lastservednotice")
+    op.drop_table("lastservednotice")
+    op.drop_index(
+        op.f("ix_servednoticehistory_user_geography"), table_name="servednoticehistory"
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_serving_component"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_provided_identity_id"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_privacy_notice_history_id"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_privacy_experience_id"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_privacy_experience_config_history_id"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(op.f("ix_servednoticehistory_id"), table_name="servednoticehistory")
+    op.drop_index(
+        op.f("ix_servednoticehistory_hashed_phone_number"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_hashed_fides_user_device"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_hashed_email"), table_name="servednoticehistory"
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_fides_user_device_provided_identity_id"),
+        table_name="servednoticehistory",
+    )
+    op.drop_index(
+        op.f("ix_servednoticehistory_created_at"), table_name="servednoticehistory"
+    )
+    op.drop_table("servednoticehistory")
diff --git a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
index 22f386a93e..0430c17946 100644
--- a/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_preference_endpoints.py
@@ -1,6 +1,6 @@
 import ipaddress
 from datetime import datetime
-from typing import List, Optional, Tuple
+from typing import List, Optional, Tuple, Type, Union
 
 from fastapi import Depends, HTTPException, Request, Response
 from fastapi.params import Security
@@ -10,7 +10,12 @@
 from loguru import logger
 from sqlalchemy import literal
 from sqlalchemy.orm import Query, Session
-from starlette.status import HTTP_200_OK, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND
+from starlette.status import (
+    HTTP_200_OK,
+    HTTP_400_BAD_REQUEST,
+    HTTP_404_NOT_FOUND,
+    HTTP_422_UNPROCESSABLE_ENTITY,
+)
 
 from fides.api.api.deps import get_db
 from fides.api.api.v1.endpoints.consent_request_endpoints import (
@@ -19,6 +24,7 @@
 from fides.api.api.v1.endpoints.privacy_request_endpoints import (
     create_privacy_request_func,
 )
+from fides.api.custom_types import SafeStr
 from fides.api.db.seed import DEFAULT_CONSENT_POLICY
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.privacy_experience import PrivacyExperience
@@ -29,7 +35,9 @@
 )
 from fides.api.models.privacy_preference import (
     CurrentPrivacyPreference,
+    LastServedNotice,
     PrivacyPreferenceHistory,
+    ServedNoticeHistory,
 )
 from fides.api.models.privacy_request import (
     ConsentRequest,
@@ -42,6 +50,9 @@
     ConsentReportingSchema,
     CurrentPrivacyPreferenceReportingSchema,
     CurrentPrivacyPreferenceSchema,
+    LastServedNoticeSchema,
+    NoticesServedCreate,
+    NoticesServedRequest,
     PrivacyPreferencesCreate,
     PrivacyPreferencesRequest,
 )
@@ -61,10 +72,12 @@
     PRIVACY_PREFERENCE_HISTORY_READ,
 )
 from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST_NOTICES_SERVED,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
     CURRENT_PRIVACY_PREFERENCES_REPORT,
     HISTORICAL_PRIVACY_PREFERENCES_REPORT,
+    NOTICES_SERVED,
     PRIVACY_PREFERENCES,
     V1_URL_PREFIX,
 )
@@ -74,6 +87,25 @@
 router = APIRouter(tags=["Privacy Preference"], prefix=V1_URL_PREFIX)
 
 
+def get_served_notice_history(
+    db: Session, served_notice_history_id: str
+) -> ServedNoticeHistory:
+    """
+    Helper method to load a ServedNoticeHistory record or throw a 404
+    """
+    logger.info("Finding ServedNoticeHistory with id '{}'", served_notice_history_id)
+    served_notice_history = ServedNoticeHistory.get(
+        db=db, object_id=served_notice_history_id
+    )
+    if not served_notice_history:
+        raise HTTPException(
+            status_code=HTTP_404_NOT_FOUND,
+            detail=f"No ServedNoticeHistory record found for id {served_notice_history_id}.",
+        )
+
+    return served_notice_history
+
+
 @router.post(
     CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
     status_code=HTTP_200_OK,
@@ -121,7 +153,7 @@ def consent_request_verify_for_privacy_preferences(
 
 
 def verify_privacy_notice_and_historical_records(
-    db: Session, data: PrivacyPreferencesRequest
+    db: Session, notice_history_list: List[SafeStr]
 ) -> None:
     """
     Used when saving privacy preferences: runs a check that makes sure all the privacy notice histories referenced by
@@ -138,24 +170,40 @@ def verify_privacy_notice_and_historical_records(
             PrivacyNoticeHistory.privacy_notice_id == PrivacyNotice.id,
         )
         .filter(
-            PrivacyNoticeHistory.id.in_(
-                [
-                    consent_option.privacy_notice_history_id
-                    for consent_option in data.preferences
-                ]
-            ),
+            PrivacyNoticeHistory.id.in_(notice_history_list),
         )
         .distinct()
         .count()
     )
 
-    if privacy_notice_count < len(data.preferences):
+    if privacy_notice_count < len(notice_history_list):
         raise HTTPException(
             status_code=HTTP_400_BAD_REQUEST,
             detail="Invalid privacy notice histories in request",
         )
 
 
+def verify_valid_service_notice_history_records(
+    db: Session, data: PrivacyPreferencesRequest
+) -> None:
+    """Verify service notice history records specified in the request (that link an event that a notice was
+    served to the event that saved the preference) are valid before saving privacy preferences
+    """
+    for preference in data.preferences:
+        if preference.served_notice_history_id:
+            served_notice_history = get_served_notice_history(
+                db, preference.served_notice_history_id
+            )
+            if (
+                served_notice_history.privacy_notice_history_id
+                != preference.privacy_notice_history_id
+            ):
+                raise HTTPException(
+                    status_code=HTTP_422_UNPROCESSABLE_ENTITY,
+                    detail=f"The ServedNoticeHistory record '{served_notice_history.id}' did not serve the PrivacyNoticeHistory record '{preference.privacy_notice_history_id}'.",
+                )
+
+
 def extract_identity_from_provided_identity(
     identity: Optional[ProvidedIdentity], identity_type: ProvidedIdentityType
 ) -> Tuple[Optional[str], Optional[str]]:
@@ -197,11 +245,11 @@ def anonymize_ip_address(ip_address: Optional[str]) -> Optional[str]:
 
 
 def _get_request_origin_and_config(
-    db: Session, data: PrivacyPreferencesRequest
+    db: Session, data: Union[PrivacyPreferencesRequest, NoticesServedRequest]
 ) -> Tuple[Optional[str], Optional[str]]:
     """
-    Extract details to save with the privacy preferences preferences from the
-    Experience history if applicable: request origin (privacy center, overlay)
+    Extract details to save with the privacy preferences or notices
+    served from the Experience history if applicable: request origin (privacy center, overlay)
     and the Experience Config history.
 
     Additionally validate that the experience config history is valid if supplied.
@@ -231,12 +279,14 @@ def _get_request_origin_and_config(
     return origin, experience_config_history_id
 
 
-def supplement_privacy_preferences_with_user_and_experience_details(
-    db: Session, request: Request, data: PrivacyPreferencesRequest
-) -> PrivacyPreferencesCreate:
+def supplement_request_with_user_and_experience_details(
+    db: Session,
+    request: Request,
+    data: Union[PrivacyPreferencesRequest, NoticesServedRequest],
+    resource_type: Union[Type[PrivacyPreferencesCreate], Type[NoticesServedCreate]],
+) -> Union[PrivacyPreferencesCreate, NoticesServedCreate]:
     """
     Pull additional user information from request headers and experience to record for consent reporting purposes
-
     """
 
     request_headers = request.headers
@@ -247,7 +297,7 @@ def supplement_privacy_preferences_with_user_and_experience_details(
         db, data
     )
 
-    return PrivacyPreferencesCreate(
+    return resource_type(
         **data.dict(),
         anonymized_ip_address=anonymize_ip_address(ip_address),
         experience_config_history_id=experience_config_history_id,
@@ -278,42 +328,43 @@ def save_privacy_preferences_with_verified_identity(
     Creates historical records for these preferences for record keeping, and also updates current preferences.
     Creates a privacy request to propagate preferences to third party systems.
     """
-    verify_privacy_notice_and_historical_records(db=db, data=data)
+    verify_privacy_notice_and_historical_records(
+        db=db,
+        notice_history_list=[
+            consent_option.privacy_notice_history_id
+            for consent_option in data.preferences
+        ],
+    )
+    verify_valid_service_notice_history_records(db, data)
+
     consent_request, provided_identity = _get_consent_request_and_provided_identity(
         db=db,
         consent_request_id=consent_request_id,
         verification_code=data.code,
     )
-    if not provided_identity.hashed_value:
-        raise HTTPException(
-            status_code=HTTP_404_NOT_FOUND, detail="Provided identity missing"
-        )
 
-    if provided_identity.field_name == ProvidedIdentityType.fides_user_device_id:
-        # If consent request was saved against a fides user device id only, this is our primary identity
-        # This workflow is for when customers don't want to collect email/phone number.
-        fides_user_provided_identity = provided_identity
-        provided_identity = None  # type: ignore[assignment]
-    else:
-        # Get the fides user device id from the dictionary of browser identifiers
-        try:
-            fides_user_provided_identity = (
-                get_or_create_fides_user_device_id_provided_identity(
-                    db=db, identity_data=data.browser_identity
-                )
-            )
-        except HTTPException:
-            fides_user_provided_identity = None
+    (
+        provided_identity_verified,
+        fides_user_provided_identity,
+    ) = classify_identities_for_privacy_center_consent_reporting(
+        db=db,
+        provided_identity=provided_identity,
+        browser_identity=data.browser_identity,
+    )
 
     logger.info("Saving privacy preferences")
+
+    request_data = supplement_request_with_user_and_experience_details(
+        db, request, data, resource_type=PrivacyPreferencesCreate
+    )
+    assert isinstance(request_data, PrivacyPreferencesCreate)  # For mypy
+
     return _save_privacy_preferences_for_identities(
         db=db,
         consent_request=consent_request,
-        verified_provided_identity=provided_identity,
+        verified_provided_identity=provided_identity_verified,
         fides_user_provided_identity=fides_user_provided_identity,
-        request_data=supplement_privacy_preferences_with_user_and_experience_details(
-            db, request, data
-        ),
+        request_data=request_data,
     )
 
 
@@ -373,6 +424,7 @@ def _save_privacy_preferences_for_identities(
                 if verified_provided_identity
                 else None,
                 "request_origin": request_data.request_origin,
+                "served_notice_history_id": privacy_preference.served_notice_history_id,
                 "user_agent": request_data.user_agent,
                 "user_geography": request_data.user_geography,
                 "url_recorded": request_data.url_recorded,
@@ -429,6 +481,72 @@ def _save_privacy_preferences_for_identities(
     return upserted_current_preferences
 
 
+def _save_notices_served_for_identities(
+    db: Session,
+    verified_provided_identity: Optional[ProvidedIdentity],
+    fides_user_provided_identity: Optional[ProvidedIdentity],
+    request_data: NoticesServedCreate,
+) -> List[LastServedNotice]:
+    """
+    Common code that saves that notices have been served (both historical and current records).
+    We store a historical record for every single time a notice was served to the user in the frontend,
+    and a separate "last served notice" for just the last time a notice was served to a given user.
+    """
+    created_notices_served: List[ServedNoticeHistory] = []
+    upserted_last_served: List[LastServedNotice] = []
+
+    email, hashed_email = extract_identity_from_provided_identity(
+        verified_provided_identity, ProvidedIdentityType.email
+    )
+    phone_number, hashed_phone_number = extract_identity_from_provided_identity(
+        verified_provided_identity, ProvidedIdentityType.phone_number
+    )
+    fides_user_device_id, hashed_device_id = extract_identity_from_provided_identity(
+        fides_user_provided_identity, ProvidedIdentityType.fides_user_device_id
+    )
+
+    for notice_history_id in request_data.privacy_notice_history_ids:
+        (
+            historical_preference,
+            current_preference,
+        ) = ServedNoticeHistory.save_notice_served_and_last_notice_served(
+            db=db,
+            data={
+                "acknowledge_mode": request_data.acknowledge_mode,
+                "anonymized_ip_address": request_data.anonymized_ip_address,
+                "email": email,
+                "fides_user_device": fides_user_device_id,
+                "fides_user_device_provided_identity_id": fides_user_provided_identity.id
+                if fides_user_provided_identity
+                else None,
+                "hashed_email": hashed_email,
+                "hashed_fides_user_device": hashed_device_id,
+                "hashed_phone_number": hashed_phone_number,
+                "phone_number": phone_number,
+                "privacy_experience_config_history_id": request_data.experience_config_history_id
+                if request_data.experience_config_history_id
+                else None,
+                "privacy_experience_id": request_data.privacy_experience_id
+                if request_data.privacy_experience_id
+                else None,
+                "privacy_notice_history_id": notice_history_id,
+                "provided_identity_id": verified_provided_identity.id
+                if verified_provided_identity
+                else None,
+                "request_origin": request_data.request_origin,
+                "serving_component": request_data.serving_component,
+                "url_recorded": request_data.url_recorded,
+                "user_agent": request_data.user_agent,
+                "user_geography": request_data.user_geography,
+            },
+            check_name=False,
+        )
+        created_notices_served.append(historical_preference)
+        upserted_last_served.append(current_preference)
+
+    return upserted_last_served
+
+
 @router.patch(
     PRIVACY_PREFERENCES,
     status_code=HTTP_200_OK,
@@ -447,21 +565,32 @@ def save_privacy_preferences(
     Creates historical records for these preferences for record keeping, and also updates current preferences.
     Creates a privacy request to propagate preferences to third party systems.
     """
-    verify_privacy_notice_and_historical_records(db=db, data=data)
+    verify_privacy_notice_and_historical_records(
+        db=db,
+        notice_history_list=[
+            consent_option.privacy_notice_history_id
+            for consent_option in data.preferences
+        ],
+    )
+
+    verify_valid_service_notice_history_records(db, data)
 
     fides_user_provided_identity = get_or_create_fides_user_device_id_provided_identity(
         db=db, identity_data=data.browser_identity
     )
 
     logger.info("Saving privacy preferences with respect to fides user device id")
+    request_data = supplement_request_with_user_and_experience_details(
+        db, request, data, resource_type=PrivacyPreferencesCreate
+    )
+
+    assert isinstance(request_data, PrivacyPreferencesCreate)  # For mypy
     return _save_privacy_preferences_for_identities(
         db=db,
         consent_request=None,
         verified_provided_identity=None,
         fides_user_provided_identity=fides_user_provided_identity,
-        request_data=supplement_privacy_preferences_with_user_and_experience_details(
-            db, request, data
-        ),
+        request_data=request_data,
     )
 
 
@@ -553,6 +682,9 @@ def get_historical_consent_report(
                 "truncated_ip_address"
             ),
             PrivacyPreferenceHistory.method.label("method"),
+            PrivacyPreferenceHistory.served_notice_history_id.label(
+                "served_notice_history_id"
+            ),
         )
         .outerjoin(
             PrivacyRequest,
@@ -569,3 +701,129 @@ def get_historical_consent_report(
     query = query.order_by(PrivacyPreferenceHistory.created_at.desc())
 
     return paginate(query, params)
+
+
+@router.patch(
+    NOTICES_SERVED,
+    status_code=HTTP_200_OK,
+    response_model=List[LastServedNoticeSchema],
+)
+@fides_limiter.limit(CONFIG.security.public_request_rate_limit)
+def save_notices_served(
+    *,
+    db: Session = Depends(get_db),
+    data: NoticesServedRequest,
+    request: Request,
+    response: Response,  # required for rate limiting
+) -> List[LastServedNotice]:
+    """Records what notices were served to a fides user device id only.  Generally called by the banner
+    or an overlay.
+
+    All notices that were served in an experience should be included in the request body.
+    """
+    verify_privacy_notice_and_historical_records(
+        db=db, notice_history_list=data.privacy_notice_history_ids
+    )
+
+    fides_user_provided_identity = get_or_create_fides_user_device_id_provided_identity(
+        db=db, identity_data=data.browser_identity
+    )
+
+    logger.info("Recording notices served with respect to fides user device id")
+    request_data = supplement_request_with_user_and_experience_details(
+        db, request, data, resource_type=NoticesServedCreate
+    )
+    assert isinstance(request_data, NoticesServedCreate)  # For mypy
+    return _save_notices_served_for_identities(
+        db=db,
+        verified_provided_identity=None,
+        fides_user_provided_identity=fides_user_provided_identity,
+        request_data=request_data,
+    )
+
+
+def classify_identities_for_privacy_center_consent_reporting(
+    db: Session,
+    provided_identity: ProvidedIdentity,
+    browser_identity: Identity,
+) -> Tuple[Optional[ProvidedIdentity], Optional[ProvidedIdentity]]:
+    """For consent reporting purposes, we distinguish which type of identities we have that
+    identity the user.
+
+    We want to classify the "provided_identity" as an identifier saved against an email or phone,
+    and the "fides_user_provided_identity" as an identifier saved against the fides user device id.
+    """
+    if not provided_identity.hashed_value:
+        raise HTTPException(
+            status_code=HTTP_404_NOT_FOUND, detail="Provided identity missing"
+        )
+
+    if provided_identity.field_name == ProvidedIdentityType.fides_user_device_id:
+        # If consent request was saved against a fides user device id only, this is our primary identity
+        # This workflow is for when customers don't want to collect email/phone number.
+        fides_user_provided_identity = provided_identity
+        provided_identity = None  # type: ignore[assignment]
+    else:
+        # Get the fides user device id from the dictionary of browser identifiers
+        try:
+            fides_user_provided_identity = (
+                get_or_create_fides_user_device_id_provided_identity(
+                    db=db, identity_data=browser_identity
+                )
+            )
+        except HTTPException:
+            fides_user_provided_identity = None
+
+    return provided_identity, fides_user_provided_identity
+
+
+@router.patch(
+    CONSENT_REQUEST_NOTICES_SERVED,
+    status_code=HTTP_200_OK,
+    response_model=List[LastServedNoticeSchema],
+)
+def save_notices_served_via_privacy_center(
+    *,
+    consent_request_id: str,
+    db: Session = Depends(get_db),
+    data: NoticesServedRequest,
+    request: Request,
+) -> List[LastServedNotice]:
+    """Saves that notices were served via a verified identity flow (privacy center)
+
+    Capable of saving that notices were served against a verified email/phone number and a fides user device id
+    simultaneously.
+
+    Creates a ServedNoticeHistory history record for every notice in the request and upserts
+    a LastServedNotice record.
+    """
+    verify_privacy_notice_and_historical_records(
+        db=db,
+        notice_history_list=data.privacy_notice_history_ids,
+    )
+    _, provided_identity = _get_consent_request_and_provided_identity(
+        db=db,
+        consent_request_id=consent_request_id,
+        verification_code=data.code,
+    )
+
+    (
+        provided_identity_verified,
+        fides_user_provided_identity,
+    ) = classify_identities_for_privacy_center_consent_reporting(
+        db=db,
+        provided_identity=provided_identity,
+        browser_identity=data.browser_identity,
+    )
+
+    logger.info("Saving notices served for privacy center")
+    request_data = supplement_request_with_user_and_experience_details(
+        db, request, data, resource_type=NoticesServedCreate
+    )
+    assert isinstance(request_data, NoticesServedCreate)
+    return _save_notices_served_for_identities(
+        db=db,
+        verified_provided_identity=provided_identity_verified,
+        fides_user_provided_identity=fides_user_provided_identity,
+        request_data=request_data,
+    )
diff --git a/src/fides/api/db/base.py b/src/fides/api/db/base.py
index 2d9b5c17ed..534c8a94cf 100644
--- a/src/fides/api/db/base.py
+++ b/src/fides/api/db/base.py
@@ -26,7 +26,9 @@
 )
 from fides.api.models.privacy_preference import (
     CurrentPrivacyPreference,
+    LastServedNotice,
     PrivacyPreferenceHistory,
+    ServedNoticeHistory,
 )
 from fides.api.models.privacy_request import PrivacyRequest
 from fides.api.models.registration import UserRegistration
diff --git a/src/fides/api/models/privacy_experience.py b/src/fides/api/models/privacy_experience.py
index 61a392d274..d782e23e94 100644
--- a/src/fides/api/models/privacy_experience.py
+++ b/src/fides/api/models/privacy_experience.py
@@ -17,7 +17,10 @@
     create_historical_data_from_record,
     update_if_modified,
 )
-from fides.api.models.privacy_preference import CurrentPrivacyPreference
+from fides.api.models.privacy_preference import (
+    CurrentPrivacyPreference,
+    LastServedNotice,
+)
 from fides.api.models.privacy_request import ProvidedIdentity
 from fides.api.models.sql_models import System  # type: ignore[attr-defined]
 
@@ -273,21 +276,16 @@ def get_related_privacy_notices(
 
         notices: List[PrivacyNotice] = []
         for notice in privacy_notice_query.order_by(PrivacyNotice.created_at.desc()):
-            saved_preference: Optional[
-                CurrentPrivacyPreference
-            ] = CurrentPrivacyPreference.get_preference_for_notice_and_fides_user_device(
+            cache_saved_preference_on_notice(
                 db=db,
+                notice=notice,
+                fides_user_provided_identity=fides_user_provided_identity,
+            )
+            cache_notice_served(
+                db=db,
+                notice=notice,
                 fides_user_provided_identity=fides_user_provided_identity,
-                privacy_notice=notice,
             )
-            if saved_preference:
-                # Temporarily cache the preference for the given fides user device id in memory.
-                if saved_preference.preference_matches_latest_version:
-                    notice.current_preference = saved_preference.preference
-                    notice.outdated_preference = None
-                else:
-                    notice.current_preference = None
-                    notice.outdated_preference = saved_preference.preference
             notices.append(notice)
 
         return notices
@@ -539,3 +537,46 @@ def upsert_privacy_experiences_after_config_update(
             )
             linked_regions.append(region)
     return linked_regions, unlinked_regions
+
+
+def cache_saved_preference_on_notice(
+    db: Session, notice: PrivacyNotice, fides_user_provided_identity: ProvidedIdentity
+) -> None:
+    """At runtime, cache any previously saved preference values for the given user on the privacy notice"""
+    saved_preference: Optional[
+        CurrentPrivacyPreference
+    ] = CurrentPrivacyPreference.get_preference_for_notice_and_fides_user_device(
+        db=db,
+        fides_user_provided_identity=fides_user_provided_identity,
+        privacy_notice=notice,
+    )
+    if saved_preference:
+        # Temporarily cache the preference for the given fides user device id in memory.
+        if saved_preference.preference_matches_latest_version:
+            notice.current_preference = saved_preference.preference
+            notice.outdated_preference = None
+        else:
+            notice.current_preference = None
+            notice.outdated_preference = saved_preference.preference
+
+
+def cache_notice_served(
+    db: Session, notice: PrivacyNotice, fides_user_provided_identity: ProvidedIdentity
+) -> None:
+    """At runtime, cache if the current notice or a previous version of the notice was served to the user
+    if applicable"""
+    served_notice: Optional[
+        LastServedNotice
+    ] = LastServedNotice.get_last_served_for_notice_and_fides_user_device(
+        db=db,
+        fides_user_provided_identity=fides_user_provided_identity,
+        privacy_notice=notice,
+    )
+    if served_notice:
+        # Temporarily cache that the notice was served for the given fides user device id in memory.
+        if served_notice.served_latest_version:
+            notice.current_served = True
+            notice.outdated_served = None
+        else:
+            notice.current_served = None
+            notice.outdated_served = True
diff --git a/src/fides/api/models/privacy_notice.py b/src/fides/api/models/privacy_notice.py
index e2ca09d41f..1d999b4d69 100644
--- a/src/fides/api/models/privacy_notice.py
+++ b/src/fides/api/models/privacy_notice.py
@@ -164,8 +164,12 @@ class PrivacyNoticeBase:
 
     # Attribute that can be temporarily cached as the result of "get_related_privacy_notices"
     # for a given user, for surfacing CurrentPrivacyPreferences for the user.
-    current_preference = None
-    outdated_preference = None
+    current_preference: Optional[str] = None
+    outdated_preference: Optional[str] = None
+    # Attributes that can be temporarily cached on the notice to see if the most
+    # recent version or a previous version of a notice have ever been served to the user
+    current_served: Optional[bool] = None
+    outdated_served: Optional[bool] = None
 
     def applies_to_system(self, system: System) -> bool:
         """Privacy Notice applies to System if a data use matches or the Privacy Notice
diff --git a/src/fides/api/models/privacy_preference.py b/src/fides/api/models/privacy_preference.py
index 7c9d3b787c..2da3838220 100644
--- a/src/fides/api/models/privacy_preference.py
+++ b/src/fides/api/models/privacy_preference.py
@@ -1,14 +1,15 @@
-# pylint: disable=R0401, C0302
+# pylint: disable=R0401, C0302, W0143
 
 from __future__ import annotations
 
 from enum import Enum
-from typing import Any, Dict, Optional, Tuple, Type
+from typing import Any, Dict, Optional, Tuple, Type, Union
 
-from sqlalchemy import ARRAY, Column, DateTime
+from sqlalchemy import ARRAY, Boolean, Column, DateTime
 from sqlalchemy import Enum as EnumColumn
 from sqlalchemy import ForeignKey, String, UniqueConstraint, func
 from sqlalchemy.dialects.postgresql import JSONB
+from sqlalchemy.ext.declarative import declared_attr
 from sqlalchemy.ext.mutable import MutableDict, MutableList
 from sqlalchemy.orm import Session, relationship
 from sqlalchemy_utils import StringEncryptedType
@@ -44,16 +45,12 @@ class ConsentMethod(Enum):
     individual_notice = "individual_notice"
 
 
-class PrivacyPreferenceHistory(Base):
-    """The DB ORM model for storing PrivacyPreferenceHistory, used for saving
-    every time consent preferences are saved for reporting purposes.
+class ConsentReportingMixin:
+    """Mixin to be shared between PrivacyPreferenceHistory and ServedNoticeHistory
+    Contains common user details, and information about the notice, experience, experience config, etc.
+    for use in consent reporting.
     """
 
-    # Systems capable of propagating their consent, and their status.  If the preference is
-    # not relevant for the system, or we couldn't propagate a preference, the status is skipped
-    affected_system_status = Column(
-        MutableDict.as_mutable(JSONB), server_default="{}", default=dict
-    )
     anonymized_ip_address = Column(
         StringEncryptedType(
             type_in=String(),
@@ -81,18 +78,18 @@ class PrivacyPreferenceHistory(Base):
             padding="pkcs5",
         ),
     )
+
     # Optional FK to a fides user device id provided identity, if applicable
-    fides_user_device_provided_identity_id = Column(
-        String, ForeignKey(ProvidedIdentity.id), index=True
-    )
+    @declared_attr
+    def fides_user_device_provided_identity_id(cls) -> Column:
+        return Column(String, ForeignKey(ProvidedIdentity.id), index=True)
+
     # Hashed email, for searching
     hashed_email = Column(String, index=True)
     # Hashed fides user device id, for searching
     hashed_fides_user_device = Column(String, index=True)
     # Hashed phone number, for searching
     hashed_phone_number = Column(String, index=True)
-    # Button, individual notices
-    method = Column(EnumColumn(ConsentMethod))
     # Encrypted phone number, for reporting
     phone_number = Column(
         StringEncryptedType(
@@ -102,36 +99,204 @@ class PrivacyPreferenceHistory(Base):
             padding="pkcs5",
         ),
     )
-    # Whether the user wants to opt in, opt out, or has acknowledged the notice
-    preference = Column(EnumColumn(UserConsentPreference), nullable=False, index=True)
+
     # The specific version of the experience config the user was shown to present the relevant notice
     # Contains the version, language, button labels, description, etc.
-    privacy_experience_config_history_id = Column(
-        String,
-        ForeignKey("privacyexperienceconfighistory.id"),
-        nullable=True,
-        index=True,
-    )
+    @declared_attr
+    def privacy_experience_config_history_id(cls) -> Column:
+        return Column(
+            String,
+            ForeignKey("privacyexperienceconfighistory.id"),
+            nullable=True,
+            index=True,
+        )
+
     # The specific experience under which the user was presented the relevant notice
     # Minimal information stored here, mostly just region and component type
-    privacy_experience_id = Column(
-        String, ForeignKey("privacyexperience.id"), nullable=True, index=True
-    )
+    @declared_attr
+    def privacy_experience_id(cls) -> Column:
+        return Column(
+            String, ForeignKey("privacyexperience.id"), nullable=True, index=True
+        )
+
     # The specific historical record the user consented to
-    privacy_notice_history_id = Column(
-        String, ForeignKey(PrivacyNoticeHistory.id), nullable=False, index=True
+    @declared_attr
+    def privacy_notice_history_id(cls) -> Column:
+        return Column(
+            String, ForeignKey(PrivacyNoticeHistory.id), nullable=False, index=True
+        )
+
+    # Optional FK to a verified provided identity (like email or phone), if applicable
+    @declared_attr
+    def provided_identity_id(cls) -> Column:
+        return Column(String, ForeignKey(ProvidedIdentity.id), index=True)
+
+    # Location where we received the request
+    request_origin = Column(EnumColumn(RequestOrigin))  # privacy center, overlay, API
+
+    url_recorded = Column(String)
+    user_agent = Column(
+        StringEncryptedType(
+            type_in=String(),
+            key=CONFIG.security.app_encryption_key,
+            engine=AesGcmEngine,
+            padding="pkcs5",
+        ),
+    )
+
+    user_geography = Column(String, index=True)
+
+    # Relationships
+    @declared_attr
+    def privacy_notice_history(cls) -> relationship:
+        return relationship(PrivacyNoticeHistory)
+
+    @declared_attr
+    def provided_identity(cls) -> relationship:
+        return relationship(ProvidedIdentity, foreign_keys=[cls.provided_identity_id])
+
+    @declared_attr
+    def fides_user_device_provided_identity(cls) -> relationship:
+        return relationship(
+            ProvidedIdentity, foreign_keys=[cls.fides_user_device_provided_identity_id]
+        )
+
+
+class ServingComponent(Enum):
+    overlay = "overlay"
+    banner = "banner"
+    privacy_center = "privacy_center"
+
+
+def _validate_notice_and_identity(
+    db: Session, data: dict[str, Any]
+) -> PrivacyNoticeHistory:
+    """Validates that the PrivacyNoticeHistory specified in the data dictionary
+    exists and that at least one provided identity type is supplied in the data
+
+    Shares some common checks we run before saving PrivacyPreferenceHistory
+    or ServedPreferenceHistory
+    """
+    privacy_notice_history = PrivacyNoticeHistory.get(
+        db=db, object_id=data.get("privacy_notice_history_id")
+    )
+    if not privacy_notice_history:
+        raise PrivacyNoticeHistoryNotFound()
+
+    if not data.get("provided_identity_id") and not data.get(
+        "fides_user_device_provided_identity_id"
+    ):
+        raise IdentityNotFoundException(
+            "Must supply a verified provided identity id or a fides_user_device_provided_identity_id"
+        )
+
+    return privacy_notice_history
+
+
+class ServedNoticeHistory(ConsentReportingMixin, Base):
+    """A historical record of every time a notice was served in the UI to an end user"""
+
+    acknowledge_mode = Column(
+        Boolean,
+        default=False,
+    )
+    serving_component = Column(EnumColumn(ServingComponent), nullable=False, index=True)
+
+    last_served_notice = (
+        relationship(  # Only exists if this is the same as the Last Served Notice
+            "LastServedNotice",
+            back_populates="served_notice_history",
+            cascade="all, delete",
+            uselist=False,
+        )
+    )
+
+    @classmethod
+    def create(
+        cls: Type[ServedNoticeHistory],
+        db: Session,
+        *,
+        data: dict[str, Any],
+        check_name: bool = False,
+    ) -> ServedNoticeHistory:
+        """Method that creates a ServedNoticeHistory record and upserts a LastServedNotice record.
+
+        The only difference between this and ServedNoticeHistory.save_notice_served_and_last_notice_served
+        is the response.
+        """
+        history, _ = cls.save_notice_served_and_last_notice_served(
+            db, data=data, check_name=check_name
+        )
+        return history
+
+    @classmethod
+    def save_notice_served_and_last_notice_served(
+        cls: Type[ServedNoticeHistory],
+        db: Session,
+        *,
+        data: dict[str, Any],
+        check_name: bool = False,
+    ) -> Tuple[ServedNoticeHistory, LastServedNotice]:
+        """Create a ServedNoticeHistory record and then upsert the LastServedNotice record.
+
+        If separate LastServedNotice records exist for both a verified provided identity and a fides user device
+        id provided identity, consolidate when the notice was last served into a single record.
+
+        There is only one LastServedNotice for each PrivacyNotice/ProvidedIdentity.
+        """
+        privacy_notice_history = _validate_notice_and_identity(db, data)
+
+        created_served_notice_history = super().create(
+            db=db, data=data, check_name=check_name
+        )
+
+        last_served_data = {
+            "provided_identity_id": created_served_notice_history.provided_identity_id,
+            "privacy_notice_id": privacy_notice_history.privacy_notice_id,
+            "privacy_notice_history_id": privacy_notice_history.id,
+            "served_notice_history_id": created_served_notice_history.id,
+            "fides_user_device_provided_identity_id": created_served_notice_history.fides_user_device_provided_identity_id,
+        }
+
+        upserted_last_served_notice_record = upsert_last_saved_record(
+            db,
+            created_historical_record=created_served_notice_history,
+            current_record_class=LastServedNotice,
+            privacy_notice_history=privacy_notice_history,
+            current_record_data=last_served_data,
+        )
+        assert isinstance(
+            upserted_last_served_notice_record, LastServedNotice
+        )  # For mypy
+
+        return created_served_notice_history, upserted_last_served_notice_record
+
+
+class PrivacyPreferenceHistory(ConsentReportingMixin, Base):
+    """The DB ORM model for storing PrivacyPreferenceHistory, used for saving
+    every time consent preferences are saved for reporting purposes.
+    """
+
+    # Systems capable of propagating their consent, and their status.  If the preference is
+    # not relevant for the system, or we couldn't propagate a preference, the status is skipped
+    affected_system_status = Column(
+        MutableDict.as_mutable(JSONB), server_default="{}", default=dict
     )
-    # The privacy request created to propage the preferences
+
+    # Button, individual notices
+    method = Column(EnumColumn(ConsentMethod))
+    # Whether the user wants to opt in, opt out, or has acknowledged the notice
+    preference = Column(EnumColumn(UserConsentPreference), nullable=False, index=True)
+
+    # The privacy request created to propagate the preferences
     privacy_request_id = Column(
         String, ForeignKey(PrivacyRequest.id, ondelete="SET NULL"), index=True
     )
-    # Optional FK to a verified provided identity (like email or phone), if applicable
-    provided_identity_id = Column(String, ForeignKey(ProvidedIdentity.id), index=True)
 
-    # Systems whose data use match.  This doesn't necessarily mean we propagate. Some may be intentionally skipped later.
+    # Systems whose data use match.  This doesn't necessarily mean we propagate.
+    # Some may be intentionally skipped later.
     relevant_systems = Column(MutableList.as_mutable(ARRAY(String)))
-    # Location where we received the request
-    request_origin = Column(EnumColumn(RequestOrigin))  # privacy center, overlay, API
+
     # Relevant identities are added to the report during request propagation
     secondary_user_ids = Column(
         MutableDict.as_mutable(
@@ -144,27 +309,15 @@ class PrivacyPreferenceHistory(Base):
         ),
     )  # Cache secondary user ids (cookies, etc) if known for reporting purposes.
 
-    url_recorded = Column(String)
-    user_agent = Column(
-        StringEncryptedType(
-            type_in=String(),
-            key=CONFIG.security.app_encryption_key,
-            engine=AesGcmEngine,
-            padding="pkcs5",
-        ),
+    # The record of where we served the notice in the frontend, for conversion purposes
+    served_notice_history_id = Column(
+        String, ForeignKey(ServedNoticeHistory.id), index=True
     )
 
-    user_geography = Column(String, index=True)
-
     # Relationships
-    privacy_notice_history = relationship(PrivacyNoticeHistory)
     privacy_request = relationship(PrivacyRequest, backref="privacy_preferences")
-    provided_identity = relationship(
-        ProvidedIdentity, foreign_keys=[provided_identity_id]
-    )
-    fides_user_device_provided_identity = relationship(
-        ProvidedIdentity, foreign_keys=[fides_user_device_provided_identity_id]
-    )
+    served_notice_history = relationship(ServedNoticeHistory, backref="served_notices")
+
     current_privacy_preference = relationship(  # Only exists if this is the same as the Current Privacy Preference
         "CurrentPrivacyPreference",
         back_populates="privacy_preference_history",
@@ -229,18 +382,7 @@ def create_history_and_upsert_current_preference(
 
         There is only one CurrentPrivacyPreference for each PrivacyNotice/ProvidedIdentity.
         """
-        privacy_notice_history = PrivacyNoticeHistory.get(
-            db=db, object_id=data.get("privacy_notice_history_id")
-        )
-        if not privacy_notice_history:
-            raise PrivacyNoticeHistoryNotFound()
-
-        if not data.get("provided_identity_id") and not data.get(
-            "fides_user_device_provided_identity_id"
-        ):
-            raise IdentityNotFoundException(
-                "Must supply a verified provided identity id or a fides_user_device_provided_identity_id"
-            )
+        privacy_notice_history = _validate_notice_and_identity(db, data)
 
         data["relevant_systems"] = privacy_notice_history.calculate_relevant_systems(db)
         created_privacy_preference_history = super().create(
@@ -256,65 +398,20 @@ def create_history_and_upsert_current_preference(
             "fides_user_device_provided_identity_id": created_privacy_preference_history.fides_user_device_provided_identity_id,
         }
 
-        existing_current_preference_on_provided_identity = None
-        # Check if there are Current Privacy Preferences saved against the ProvidedIdentity
-        if created_privacy_preference_history.provided_identity_id:
-            existing_current_preference_on_provided_identity = (
-                db.query(CurrentPrivacyPreference)
-                .filter(
-                    CurrentPrivacyPreference.provided_identity_id
-                    == created_privacy_preference_history.provided_identity_id,
-                    CurrentPrivacyPreference.privacy_notice_id
-                    == privacy_notice_history.privacy_notice_id,
-                )
-                .first()
-            )
-
-        # Check if there are Current Privacy Preferences saved against the Fides User Device Id Provided Identity
-        existing_current_preference_on_fides_user_device_provided_identity = None
-        if created_privacy_preference_history.fides_user_device_provided_identity_id:
-            existing_current_preference_on_fides_user_device_provided_identity = (
-                db.query(CurrentPrivacyPreference)
-                .filter(
-                    CurrentPrivacyPreference.fides_user_device_provided_identity_id
-                    == created_privacy_preference_history.fides_user_device_provided_identity_id,
-                    CurrentPrivacyPreference.privacy_notice_id
-                    == privacy_notice_history.privacy_notice_id,
-                )
-                .first()
-            )
-
-        if (
-            existing_current_preference_on_provided_identity
-            and existing_current_preference_on_fides_user_device_provided_identity
-            and existing_current_preference_on_provided_identity
-            != existing_current_preference_on_fides_user_device_provided_identity
-        ):
-            # If both exist and were saved separately, let's delete one so we can consolidate.
-            # Let's consider these identities as belonging to the same user, and can save their current preferences together.
-            existing_current_preference_on_fides_user_device_provided_identity.delete(
-                db
-            )
-
-        current_preference: Optional[CurrentPrivacyPreference] = (
-            existing_current_preference_on_provided_identity
-            or existing_current_preference_on_fides_user_device_provided_identity
+        current_preference = upsert_last_saved_record(
+            db,
+            created_historical_record=created_privacy_preference_history,
+            current_record_class=CurrentPrivacyPreference,
+            privacy_notice_history=privacy_notice_history,
+            current_record_data=current_privacy_preference_data,
         )
-        if current_preference:
-            current_preference.update(db=db, data=current_privacy_preference_data)
-        else:
-            current_preference = CurrentPrivacyPreference.create(
-                db=db, data=current_privacy_preference_data, check_name=False
-            )
+        assert isinstance(current_preference, CurrentPrivacyPreference)  # For mypy
 
         return created_privacy_preference_history, current_preference
 
 
-class CurrentPrivacyPreference(Base):
-    """Stores only the user's most recently saved preference for a given privacy notice
-
-    The specific privacy notice history and privacy preference history record are linked as well.
-    """
+class LastSavedMixin:
+    """Stores common fields for the last saved preference or last served notice"""
 
     created_at = Column(DateTime(timezone=True), server_default=func.now(), index=True)
     updated_at = Column(
@@ -323,43 +420,72 @@ class CurrentPrivacyPreference(Base):
         onupdate=func.now(),
         index=True,
     )
+
+    @declared_attr
+    def provided_identity_id(cls) -> Column:
+        return Column(String, ForeignKey(ProvidedIdentity.id), index=True)
+
+    @declared_attr
+    def fides_user_device_provided_identity_id(cls) -> Column:
+        return Column(String, ForeignKey(ProvidedIdentity.id), index=True)
+
+    @declared_attr
+    def privacy_notice_id(cls) -> Column:
+        return Column(String, ForeignKey(PrivacyNotice.id), nullable=False, index=True)
+
+    @declared_attr
+    def privacy_notice_history_id(cls) -> Column:
+        return Column(
+            String, ForeignKey(PrivacyNoticeHistory.id), nullable=False, index=True
+        )
+
+    # Relationships
+    @declared_attr
+    def provided_identity(cls) -> relationship:
+        return relationship(ProvidedIdentity, foreign_keys=[cls.provided_identity_id])
+
+    @declared_attr
+    def fides_user_device_provided_identity(cls) -> relationship:
+        return relationship(
+            ProvidedIdentity, foreign_keys=[cls.fides_user_device_provided_identity_id]
+        )
+
+    @declared_attr
+    def privacy_notice(cls) -> relationship:
+        return relationship(PrivacyNotice)
+
+    @declared_attr
+    def privacy_notice_history(cls) -> relationship:
+        return relationship(PrivacyNoticeHistory)
+
+
+class CurrentPrivacyPreference(LastSavedMixin, Base):
+    """Stores only the user's most recently saved preference for a given privacy notice
+
+    The specific privacy notice history and privacy preference history record are linked as well.
+    """
+
     preference = Column(EnumColumn(UserConsentPreference), nullable=False, index=True)
-    provided_identity_id = Column(String, ForeignKey(ProvidedIdentity.id), index=True)
-    fides_user_device_provided_identity_id = Column(
-        String, ForeignKey(ProvidedIdentity.id), index=True
-    )
-    privacy_notice_id = Column(
-        String, ForeignKey(PrivacyNotice.id), nullable=False, index=True
-    )
-    privacy_notice_history_id = Column(
-        String, ForeignKey(PrivacyNoticeHistory.id), nullable=False, index=True
-    )
+
     privacy_preference_history_id = Column(
         String, ForeignKey(PrivacyPreferenceHistory.id), nullable=False, index=True
     )
 
-    UniqueConstraint(
-        provided_identity_id, privacy_notice_id, name="identity_privacy_notice"
-    )
-
-    UniqueConstraint(
-        fides_user_device_provided_identity_id,
-        privacy_notice_id,
-        name="fides_user_device_identity_privacy_notice",
+    __table_args__ = (
+        UniqueConstraint(
+            "provided_identity_id", "privacy_notice_id", name="identity_privacy_notice"
+        ),
+        UniqueConstraint(
+            "fides_user_device_provided_identity_id",
+            "privacy_notice_id",
+            name="fides_user_device_identity_privacy_notice",
+        ),
     )
 
     # Relationships
-    privacy_notice = relationship(PrivacyNotice)
-    privacy_notice_history = relationship(PrivacyNoticeHistory)
     privacy_preference_history = relationship(
         PrivacyPreferenceHistory, cascade="delete, delete-orphan", single_parent=True
     )
-    provided_identity = relationship(
-        ProvidedIdentity, foreign_keys=[provided_identity_id]
-    )
-    fides_user_device_provided_identity = relationship(
-        ProvidedIdentity, foreign_keys=[fides_user_device_provided_identity_id]
-    )
 
     @property
     def preference_matches_latest_version(self) -> bool:
@@ -388,3 +514,130 @@ def get_preference_for_notice_and_fides_user_device(
             )
             .first()
         )
+
+
+class LastServedNotice(LastSavedMixin, Base):
+    """Stores the last time a notice was served for a given user
+
+    Also consolidates serving notices among various user identities.
+    """
+
+    served_notice_history_id = Column(
+        String, ForeignKey(ServedNoticeHistory.id), nullable=False, index=True
+    )
+
+    __table_args__ = (
+        UniqueConstraint(
+            "provided_identity_id",
+            "privacy_notice_id",
+            name="last_served_identity_privacy_notice",
+        ),
+        UniqueConstraint(
+            "fides_user_device_provided_identity_id",
+            "privacy_notice_id",
+            name="last_served_fides_user_device_identity_privacy_notice",
+        ),
+    )
+
+    # Relationships
+    served_notice_history = relationship(
+        ServedNoticeHistory, cascade="delete, delete-orphan", single_parent=True
+    )
+
+    @property
+    def served_latest_version(self) -> bool:
+        """Returns True if the user was last served the latest version of this Notice"""
+        return (
+            self.privacy_notice.privacy_notice_history_id
+            == self.privacy_notice_history_id
+        )
+
+    @classmethod
+    def get_last_served_for_notice_and_fides_user_device(
+        cls,
+        db: Session,
+        fides_user_provided_identity: ProvidedIdentity,
+        privacy_notice: PrivacyNotice,
+    ) -> Optional[LastServedNotice]:
+        """Retrieves the LastServedNotice record for the user with the given identity
+        for the given notice"""
+        return (
+            db.query(LastServedNotice)
+            .filter(
+                LastServedNotice.fides_user_device_provided_identity_id
+                == fides_user_provided_identity.id,
+                LastServedNotice.privacy_notice_id == privacy_notice.id,
+            )
+            .first()
+        )
+
+
+def upsert_last_saved_record(
+    db: Session,
+    created_historical_record: Union[PrivacyPreferenceHistory, ServedNoticeHistory],
+    current_record_class: Union[Type[CurrentPrivacyPreference], Type[LastServedNotice]],
+    privacy_notice_history: PrivacyNoticeHistory,
+    current_record_data: Dict[str, str],
+) -> Union[CurrentPrivacyPreference, LastServedNotice]:
+    """
+    Upserts our record of when a user was served consent or when the last saved their preferences for a given notice.
+
+    After we save historical records, this method is called to update a separate table that stores just our most
+    recently saved record.
+
+    If we have historical records for multiple identities, and we determine they are the same identity,
+    their preferences are consolidated into the same record.
+    """
+    existing_record_for_provided_identity: Optional[
+        Union[CurrentPrivacyPreference, LastServedNotice]
+    ] = None
+    # Check if we have "current" records for the ProvidedIdentity (usu an email or phone)/Privacy Notice
+    if created_historical_record.provided_identity_id:
+        existing_record_for_provided_identity = (
+            db.query(current_record_class)  # type: ignore[assignment]
+            .filter(
+                current_record_class.provided_identity_id
+                == created_historical_record.provided_identity_id,
+                current_record_class.privacy_notice_id
+                == privacy_notice_history.privacy_notice_id,
+            )
+            .first()
+        )
+
+    # Check if we have "current" records for the Fides User Device ID and the Privacy Notice
+    existing_record_for_fides_user_device: Optional[
+        Union[CurrentPrivacyPreference, LastServedNotice]
+    ] = None
+    if created_historical_record.fides_user_device_provided_identity_id:
+        existing_record_for_fides_user_device = (
+            db.query(current_record_class)  # type: ignore[assignment]
+            .filter(
+                current_record_class.fides_user_device_provided_identity_id
+                == created_historical_record.fides_user_device_provided_identity_id,
+                current_record_class.privacy_notice_id
+                == privacy_notice_history.privacy_notice_id,
+            )
+            .first()
+        )
+
+    if (
+        existing_record_for_provided_identity
+        and existing_record_for_fides_user_device
+        and existing_record_for_provided_identity
+        != existing_record_for_fides_user_device
+    ):
+        # If both exist and were saved separately, let's delete one so we can consolidate.
+        # Let's consider these identities as belonging to the same user.
+        existing_record_for_fides_user_device.delete(db)
+
+    current_record: Optional[Union[CurrentPrivacyPreference, LastServedNotice]] = (
+        existing_record_for_provided_identity or existing_record_for_fides_user_device
+    )
+    if current_record:
+        current_record.update(db=db, data=current_record_data)
+    else:
+        current_record = current_record_class.create(
+            db=db, data=current_record_data, check_name=False
+        )
+
+    return current_record
diff --git a/src/fides/api/schemas/privacy_notice.py b/src/fides/api/schemas/privacy_notice.py
index ae8a229356..6ff69e98d8 100644
--- a/src/fides/api/schemas/privacy_notice.py
+++ b/src/fides/api/schemas/privacy_notice.py
@@ -157,6 +157,12 @@ class PrivacyNoticeResponseWithUserPreferences(PrivacyNoticeResponse):
     outdated_preference: Optional[
         UserConsentPreference
     ]  # If no current preference, check if we have a preference saved for a previous version.
+    current_served: Optional[
+        bool
+    ]  # Do we have a record of the most recent version of this notice being served to the user?
+    outdated_served: Optional[
+        bool
+    ]  # Have we served an older version of this notice to the user?
 
 
 class PrivacyNoticeHistorySchema(PrivacyNoticeCreation, PrivacyNoticeWithId):
diff --git a/src/fides/api/schemas/privacy_preference.py b/src/fides/api/schemas/privacy_preference.py
index 9d6a382594..4db0ef1e1f 100644
--- a/src/fides/api/schemas/privacy_preference.py
+++ b/src/fides/api/schemas/privacy_preference.py
@@ -6,7 +6,11 @@
 
 from fides.api.custom_types import SafeStr
 from fides.api.models.privacy_notice import UserConsentPreference
-from fides.api.models.privacy_preference import ConsentMethod, RequestOrigin
+from fides.api.models.privacy_preference import (
+    ConsentMethod,
+    RequestOrigin,
+    ServingComponent,
+)
 from fides.api.models.privacy_request import ExecutionLogStatus, PrivacyRequestStatus
 from fides.api.schemas.base_class import FidesSchema
 from fides.api.schemas.policy import ActionType
@@ -19,6 +23,7 @@ class ConsentOptionCreate(FidesSchema):
 
     privacy_notice_history_id: str
     preference: UserConsentPreference
+    served_notice_history_id: Optional[str]
 
 
 class PrivacyPreferencesRequest(FidesSchema):
@@ -51,6 +56,38 @@ class MinimalPrivacyPreferenceHistorySchema(FidesSchema):
     privacy_notice_history: PrivacyNoticeHistorySchema
 
 
+class NoticesServedRequest(FidesSchema):
+    """Request body when indicating that notices were served in the UI"""
+
+    browser_identity: Identity
+    code: Optional[SafeStr]  # For verified identity workflow only
+    privacy_notice_history_ids: List[SafeStr]
+    privacy_experience_id: Optional[SafeStr]
+    user_geography: Optional[SafeStr]
+    acknowledge_mode: Optional[bool]
+    serving_component: ServingComponent
+
+
+class NoticesServedCreate(NoticesServedRequest):
+    """Schema used on the backend only where we supplement the NoticesServedRequest request body
+    with information obtained from the request headers and the experience"""
+
+    anonymized_ip_address: Optional[str]
+    experience_config_history_id: Optional[SafeStr]
+    request_origin: Optional[RequestOrigin]
+    url_recorded: Optional[SafeStr]
+    user_agent: Optional[SafeStr]
+
+
+class LastServedNoticeSchema(FidesSchema):
+    """Schema that surfaces the last version of a notice that was shown to a user"""
+
+    id: str
+    updated_at: datetime
+    privacy_notice_history: PrivacyNoticeHistorySchema
+    served_notice_history_id: str
+
+
 class ConsentReportingSchema(FidesSchema):
     """Schema for consent reporting - largely a join of PrivacyPreferenceHistory and PrivacyRequest"""
 
@@ -102,6 +139,9 @@ class ConsentReportingSchema(FidesSchema):
     )
     truncated_ip_address: Optional[str] = Field(title="Truncated ip address")
     method: Optional[ConsentMethod] = Field(title="Method of consent preference")
+    served_notice_history_id: Optional[str] = Field(
+        title="The id of the record where the notice was served to the end user"
+    )
 
 
 class CurrentPrivacyPreferenceSchema(FidesSchema):
diff --git a/src/fides/api/util/consent_util.py b/src/fides/api/util/consent_util.py
index 7463b8e0f3..8ee7c8d4bb 100644
--- a/src/fides/api/util/consent_util.py
+++ b/src/fides/api/util/consent_util.py
@@ -235,12 +235,12 @@ def get_fides_user_device_id_provided_identity(
 
 def get_or_create_fides_user_device_id_provided_identity(
     db: Session,
-    identity_data: Identity,
+    identity_data: Optional[Identity],
 ) -> ProvidedIdentity:
     """Gets an existing fides user device id provided identity or creates one if it doesn't exist.
     Raises an error if no fides user device id is supplied.
     """
-    if not identity_data.fides_user_device_id:
+    if not identity_data or not identity_data.fides_user_device_id:
         raise HTTPException(
             HTTP_422_UNPROCESSABLE_ENTITY,
             detail="Fides user device id not found in identity data",
diff --git a/src/fides/cli/options.py b/src/fides/cli/options.py
index 9ace71b1c4..013e4ecea2 100644
--- a/src/fides/cli/options.py
+++ b/src/fides/cli/options.py
@@ -21,7 +21,9 @@ def coverage_threshold_option(command: Callable) -> Callable:
         type=click.IntRange(0, 100),
         default=100,
         help="Set the coverage percentage for a passing scan.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -30,7 +32,9 @@ def resource_type_argument(command: Callable) -> Callable:
     command = click.argument(
         "resource_type",
         type=click.Choice(model_list, case_sensitive=False),
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -39,7 +43,9 @@ def fides_key_argument(command: Callable) -> Callable:
     command = click.argument(
         "fides_key",
         type=str,
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -49,7 +55,9 @@ def fides_key_option(command: Callable) -> Callable:
         "-k",
         "--fides-key",
         default="",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -57,7 +65,9 @@ def manifests_dir_argument(command: Callable) -> Callable:
     "Add the manifests_dir argument."
     command = click.argument(
         "manifests_dir", type=click.Path(exists=True), default=".fides/"
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -65,7 +75,9 @@ def dry_flag(command: Callable) -> Callable:
     "Add a flag that prevents side-effects."
     command = click.option(
         "--dry", is_flag=True, help="Do not upload results to the Fides webserver."
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -76,7 +88,9 @@ def yes_flag(command: Callable) -> Callable:
         "-y",
         is_flag=True,
         help="Automatically responds `yes` to any prompts.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -87,7 +101,9 @@ def verbose_flag(command: Callable) -> Callable:
         "-v",
         is_flag=True,
         help="Enable verbose output.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -97,7 +113,9 @@ def include_null_flag(command: Callable) -> Callable:
         "--include-null",
         is_flag=True,
         help="Include null attributes.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -109,7 +127,9 @@ def organization_fides_key_option(command: Callable) -> Callable:
         default="default_organization",
         show_default=True,
         help="The `organization_fides_key` of the `Organization` you want to specify.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -121,7 +141,9 @@ def output_directory_option(command: Callable) -> Callable:
         default=".fides/",
         show_default=True,
         help="The output directory for the data map to be exported to.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -131,7 +153,9 @@ def credentials_id_option(command: Callable) -> Callable:
         "--credentials-id",
         type=str,
         help="Use credentials keys defined within Fides config.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -141,7 +165,9 @@ def connection_string_option(command: Callable) -> Callable:
         "--connection-string",
         type=str,
         help="Use the connection string option to connect to a database.",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -151,7 +177,9 @@ def okta_org_url_option(command: Callable) -> Callable:
         "--org-url",
         type=str,
         help="Connect to Okta using an 'Org URL'. _Requires options `--org-url` & `--token`._",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -161,7 +189,9 @@ def okta_token_option(command: Callable) -> Callable:
         "--token",
         type=str,
         help="Connect to Okta using a token. _Requires options `--org-url` and `--token`._",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -171,7 +201,9 @@ def aws_access_key_id_option(command: Callable) -> Callable:
         "--access_key_id",
         type=str,
         help="Connect to AWS using an `Access Key ID`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -181,7 +213,9 @@ def aws_secret_access_key_option(command: Callable) -> Callable:
         "--secret_access_key",
         type=str,
         help="Connect to AWS using an `Access Key`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -191,7 +225,9 @@ def aws_region_option(command: Callable) -> Callable:
         "--region",
         type=str,
         help="Connect to AWS using a specific `Region`. _Requires options `--access_key_id`, `--secret_access_key` & `--region`._",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -232,7 +268,9 @@ def username_option(command: Callable) -> Callable:
         help="If not provided, will be pulled from the config file or prompted for.",
         default="",
         callback=prompt_username,
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -243,7 +281,9 @@ def password_option(command: Callable) -> Callable:
         help="If not provided, will be pulled from the config file or prompted for.",
         default="",
         callback=prompt_password,
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -252,7 +292,9 @@ def first_name_option(command: Callable) -> Callable:
         "-f",
         "--first-name",
         default="",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
@@ -261,15 +303,17 @@ def last_name_option(command: Callable) -> Callable:
         "-l",
         "--last-name",
         default="",
-    )(command)  # type: ignore
+    )(
+        command
+    )  # type: ignore
     return command
 
 
 def username_argument(command: Callable) -> Callable:
-    command = click.argument("username", type=str)(command) # type: ignore
+    command = click.argument("username", type=str)(command)  # type: ignore
     return command
 
 
 def password_argument(command: Callable) -> Callable:
-    command = click.argument("password", type=str)(command) # type: ignore
+    command = click.argument("password", type=str)(command)  # type: ignore
     return command
diff --git a/src/fides/common/api/v1/urn_registry.py b/src/fides/common/api/v1/urn_registry.py
index 6ff88a2348..d2495161fa 100644
--- a/src/fides/common/api/v1/urn_registry.py
+++ b/src/fides/common/api/v1/urn_registry.py
@@ -21,10 +21,12 @@
 CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID = (
     "/consent-request/{consent_request_id}/privacy-preferences"
 )
+CONSENT_REQUEST_NOTICES_SERVED = "/consent-request/{consent_request_id}/notices-served"
 CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY = (
     "/consent-request/{consent_request_id}/verify-for-privacy-preferences"
 )
 PRIVACY_PREFERENCES = "/privacy-preferences"
+NOTICES_SERVED = "/notices-served"
 
 # Reporting endpoints - have records for *all* users
 HISTORICAL_PRIVACY_PREFERENCES_REPORT = "/historical-privacy-preferences"
diff --git a/tests/fixtures/application_fixtures.py b/tests/fixtures/application_fixtures.py
index ec706f37fb..94eece4b5b 100644
--- a/tests/fixtures/application_fixtures.py
+++ b/tests/fixtures/application_fixtures.py
@@ -47,7 +47,10 @@
     PrivacyNotice,
     PrivacyNoticeRegion,
 )
-from fides.api.models.privacy_preference import PrivacyPreferenceHistory
+from fides.api.models.privacy_preference import (
+    PrivacyPreferenceHistory,
+    ServedNoticeHistory,
+)
 from fides.api.models.privacy_request import (
     Consent,
     ConsentRequest,
@@ -1462,6 +1465,24 @@ def privacy_notice(db: Session) -> Generator:
     yield privacy_notice
 
 
+@pytest.fixture(scope="function")
+def served_notice_history(
+    db: Session, privacy_notice, fides_user_provided_identity
+) -> Generator:
+    pref_1 = ServedNoticeHistory.create(
+        db=db,
+        data={
+            "acknowledge_mode": False,
+            "serving_component": "overlay",
+            "fides_user_device_provided_identity_id": fides_user_provided_identity.id,
+            "privacy_notice_history_id": privacy_notice.privacy_notice_history_id,
+        },
+        check_name=False,
+    )
+    yield pref_1
+    pref_1.delete(db)
+
+
 @pytest.fixture(scope="function")
 def privacy_notice_us_ca_provide(db: Session) -> Generator:
     privacy_notice = PrivacyNotice.create(
@@ -1527,6 +1548,24 @@ def privacy_preference_history_us_ca_provide_for_fides_user(
     pref_1.delete(db)
 
 
+@pytest.fixture(scope="function")
+def served_notice_history_us_ca_provide_for_fides_user(
+    db: Session, privacy_notice_us_ca_provide, fides_user_provided_identity
+) -> Generator:
+    pref_1 = ServedNoticeHistory.create(
+        db=db,
+        data={
+            "acknowledge_mode": False,
+            "serving_component": "overlay",
+            "fides_user_device_provided_identity_id": fides_user_provided_identity.id,
+            "privacy_notice_history_id": privacy_notice_us_ca_provide.privacy_notice_history_id,
+        },
+        check_name=False,
+    )
+    yield pref_1
+    pref_1.delete(db)
+
+
 @pytest.fixture(scope="function")
 def privacy_notice_us_co_third_party_sharing(db: Session) -> Generator:
     privacy_notice = PrivacyNotice.create(
@@ -2120,6 +2159,7 @@ def privacy_preference_history(
     provided_identity_and_consent_request,
     privacy_notice,
     privacy_experience_privacy_center,
+    served_notice_history,
 ):
     provided_identity, consent_request = provided_identity_and_consent_request
     privacy_notice_history = privacy_notice.histories[0]
@@ -2139,6 +2179,7 @@ def privacy_preference_history(
             "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24",
             "user_geography": "us_ca",
             "url_recorded": "example.com/privacy_center",
+            "served_notice_history_id": served_notice_history.id,
         },
         check_name=False,
     )
diff --git a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
index cc9aba6e9e..a5a851a68b 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_experience_endpoints.py
@@ -549,16 +549,18 @@ def test_get_privacy_experiences_nonexistent_fides_user_device_id_filter(
         assert resp["privacy_notices"][0]["current_preference"] is None
         assert resp["privacy_notices"][0]["outdated_preference"] is None
 
+        assert resp["privacy_notices"][0]["current_served"] is None
+        assert resp["privacy_notices"][0]["outdated_served"] is None
+
     @pytest.mark.usefixtures(
         "privacy_notice_us_ca_provide",
         "fides_user_provided_identity",
         "privacy_preference_history_us_ca_provide_for_fides_user",
+        "served_notice_history_us_ca_provide_for_fides_user",
         "privacy_experience_overlay",
     )
     def test_get_privacy_experiences_fides_user_device_id_filter(
-        self,
-        api_client: TestClient,
-        url,
+        self, db, api_client: TestClient, url, privacy_notice_us_ca_provide
     ):
         resp = api_client.get(
             url + "?fides_user_device_id=051b219f-20e4-45df-82f7-5eb68a00889f",
@@ -572,7 +574,28 @@ def test_get_privacy_experiences_fides_user_device_id_filter(
         assert data["privacy_notices"][0]["default_preference"] == "opt_out"
         assert data["privacy_notices"][0]["current_preference"] == "opt_in"
         assert data["privacy_notices"][0]["outdated_preference"] is None
+        # Assert that the notice was served is surfaced
+        assert data["privacy_notices"][0]["current_served"] is True
+        assert data["privacy_notices"][0]["outdated_served"] is None
+
         assert (
             data["privacy_notices"][0]["notice_key"]
             == "example_privacy_notice_us_ca_provide"
         )
+
+        privacy_notice_us_ca_provide.update(db, data={"description": "new_description"})
+        assert privacy_notice_us_ca_provide.version == 2.0
+        assert privacy_notice_us_ca_provide.description == "new_description"
+        resp = api_client.get(
+            url + "?fides_user_device_id=051b219f-20e4-45df-82f7-5eb68a00889f",
+        )
+        assert resp.status_code == 200
+        data = resp.json()["items"][0]
+        # Assert outdated preference is displayed for fides user device id
+        assert data["privacy_notices"][0]["consent_mechanism"] == "opt_in"
+        assert data["privacy_notices"][0]["default_preference"] == "opt_out"
+        assert data["privacy_notices"][0]["current_preference"] is None
+        assert data["privacy_notices"][0]["outdated_preference"] == "opt_in"
+        # Assert outdated served is displayed for fides user device id
+        assert data["privacy_notices"][0]["current_served"] is None
+        assert data["privacy_notices"][0]["outdated_served"] is True
diff --git a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
index 24d569d556..ec86013dff 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_preference_endpoints.py
@@ -10,8 +10,10 @@
 from fides.api.models.privacy_preference import (
     ConsentMethod,
     CurrentPrivacyPreference,
+    LastServedNotice,
     PrivacyPreferenceHistory,
     RequestOrigin,
+    ServingComponent,
     UserConsentPreference,
 )
 from fides.api.models.privacy_request import (
@@ -27,10 +29,12 @@
     PRIVACY_PREFERENCE_HISTORY_READ,
 )
 from fides.common.api.v1.urn_registry import (
+    CONSENT_REQUEST_NOTICES_SERVED,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_VERIFY,
     CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID,
     CURRENT_PRIVACY_PREFERENCES_REPORT,
     HISTORICAL_PRIVACY_PREFERENCES_REPORT,
+    NOTICES_SERVED,
     PRIVACY_PREFERENCES,
     V1_URL_PREFIX,
 )
@@ -43,7 +47,9 @@ def verification_code(self) -> str:
         return "abcd"
 
     @pytest.fixture(scope="function")
-    def request_body(self, privacy_notice, verification_code, consent_policy):
+    def request_body(
+        self, privacy_notice, verification_code, consent_policy, served_notice_history
+    ):
         return {
             "browser_identity": {"ga_client_id": "test"},
             "code": verification_code,
@@ -51,6 +57,7 @@ def request_body(self, privacy_notice, verification_code, consent_policy):
                 {
                     "privacy_notice_history_id": privacy_notice.histories[0].id,
                     "preference": "opt_out",
+                    "served_notice_history_id": served_notice_history.id,
                 }
             ],
             "policy_key": consent_policy.key,
@@ -553,6 +560,35 @@ def test_set_duplicate_preferences_for_the_same_notice_in_one_request(
             response.status_code == 400
         ), "Gets picked up by the duplicate privacy notice check"
 
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_preferences_invalid_served_notice_history_id(
+        self,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        request_body,
+        privacy_notice,
+        served_notice_history_us_ca_provide_for_fides_user,
+    ):
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        request_body["preferences"][0][
+            "served_notice_history_id"
+        ] = served_notice_history_us_ca_provide_for_fides_user.id
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_PRIVACY_PREFERENCES_WITH_ID.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 422
+        assert (
+            response.json()["detail"]
+            == f"The ServedNoticeHistory record '{served_notice_history_us_ca_provide_for_fides_user.id}' did not serve the PrivacyNoticeHistory record '{privacy_notice.histories[0].id}'."
+        )
+
     @pytest.mark.usefixtures(
         "subject_identity_verification_required",
         "automatically_approved",
@@ -574,6 +610,7 @@ def test_set_privacy_preferences(
         request_body,
         privacy_notice,
         privacy_notice_us_ca_provide,
+        served_notice_history,
     ):
         provided_identity, consent_request = provided_identity_and_consent_request
         consent_request.cache_identity_verification_code(verification_code)
@@ -632,6 +669,14 @@ def test_set_privacy_preferences(
         db.refresh(first_privacy_preference_history_created)
         db.refresh(second_privacy_preference_history_created)
 
+        assert (
+            first_privacy_preference_history_created.served_notice_history_id
+            == served_notice_history.id
+        )
+        assert (
+            second_privacy_preference_history_created.served_notice_history_id is None
+        )
+
         assert first_privacy_preference_history_created.privacy_request_id is not None
         assert second_privacy_preference_history_created.privacy_request_id is not None
 
@@ -1060,7 +1105,13 @@ def url(self) -> str:
         return V1_URL_PREFIX + PRIVACY_PREFERENCES
 
     @pytest.fixture(scope="function")
-    def request_body(self, privacy_notice, consent_policy, privacy_experience_overlay):
+    def request_body(
+        self,
+        privacy_notice,
+        consent_policy,
+        privacy_experience_overlay,
+        served_notice_history,
+    ):
         return {
             "browser_identity": {
                 "ga_client_id": "test",
@@ -1070,6 +1121,7 @@ def request_body(self, privacy_notice, consent_policy, privacy_experience_overla
                 {
                     "privacy_notice_history_id": privacy_notice.histories[0].id,
                     "preference": "opt_out",
+                    "served_notice_history_id": served_notice_history.id,
                 }
             ],
             "policy_key": consent_policy.key,
@@ -1116,6 +1168,34 @@ def test_save_privacy_preferences_with_bad_notice(
         )
         assert response.status_code == 400
 
+    @pytest.mark.usefixtures(
+        "privacy_notice",
+    )
+    def test_save_privacy_preferences_with_invalid_served_notice_history(
+        self,
+        api_client,
+        url,
+        request_body,
+        served_notice_history_us_ca_provide_for_fides_user,
+    ):
+        request_body["preferences"][0][
+            "served_notice_history_id"
+        ] = served_notice_history_us_ca_provide_for_fides_user.id
+        response = api_client.patch(url, json=request_body)
+        assert response.status_code == 422
+
+    @pytest.mark.usefixtures(
+        "privacy_notice",
+    )
+    def test_save_privacy_preferences_with_served_notice_history_not_found(
+        self, api_client, url, request_body
+    ):
+        request_body["preferences"][0][
+            "served_notice_history_id"
+        ] = "bad_served_notice_history_id"
+        response = api_client.patch(url, json=request_body)
+        assert response.status_code == 404
+
     def test_save_privacy_preferences_bad_experience_id(
         self,
         api_client,
@@ -1146,6 +1226,7 @@ def test_save_privacy_preferences_with_respect_to_fides_user_device_id(
         request_body,
         privacy_notice,
         privacy_experience_overlay,
+        served_notice_history,
     ):
         """Assert CurrentPrivacyPreference records were updated and PrivacyPreferenceHistory records were created
         for recordkeeping with respect to the fides user device id in the request
@@ -1217,6 +1298,10 @@ def test_save_privacy_preferences_with_respect_to_fides_user_device_id(
         assert privacy_preference_history.anonymized_ip_address == masked_ip
         assert privacy_preference_history.url_recorded is None
         assert privacy_preference_history.method == ConsentMethod.button
+        assert (
+            privacy_preference_history.served_notice_history_id
+            == served_notice_history.id
+        )
 
         # Privacy request created and queued because a privacy notice has system wide enforcement
         assert privacy_preference_history.privacy_request_id is not None
@@ -1339,6 +1424,7 @@ def test_get_historical_preferences(
         generate_auth_header,
         privacy_preference_history,
         privacy_request_with_consent_policy,
+        served_notice_history,
         system,
         privacy_experience_privacy_center,
     ) -> None:
@@ -1410,6 +1496,7 @@ def test_get_historical_preferences(
             response_body["privacy_experience_id"]
             == privacy_experience_privacy_center.id
         )
+        assert response_body["served_notice_history_id"] == served_notice_history.id
 
     def test_get_historical_preferences_user_geography_unsupported(
         self,
@@ -1697,3 +1784,628 @@ def test_get_current_preferences_date_filtering(
         assert response.status_code == 400
         assert "Value specified for updated_lt" in response.json()["detail"]
         assert "must be after updated_gt" in response.json()["detail"]
+
+
+class TestSaveNoticesServedForFidesDeviceId:
+    @pytest.fixture(scope="function")
+    def url(self) -> str:
+        return V1_URL_PREFIX + NOTICES_SERVED
+
+    @pytest.fixture(scope="function")
+    def request_body(self, privacy_notice, privacy_experience_overlay):
+        return {
+            "browser_identity": {
+                "fides_user_device_id": "f7e54703-cd57-495e-866d-042e67c81734",
+            },
+            "privacy_notice_history_ids": [privacy_notice.histories[0].id],
+            "privacy_experience_id": privacy_experience_overlay.id,
+            "user_geography": "us_ca",
+            "acknowledge_mode": False,
+            "serving_component": ServingComponent.banner.value,
+        }
+
+    @pytest.mark.usefixtures(
+        "privacy_notice",
+    )
+    def test_no_fides_user_device_id_supplied(self, api_client, url, request_body):
+        """We need a fides user device id in the request body to save that consent was served"""
+        del request_body["browser_identity"]["fides_user_device_id"]
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 422
+
+    @pytest.mark.usefixtures(
+        "privacy_notice",
+    )
+    def test_bad_fides_user_device_id_supplied(self, api_client, url, request_body):
+        """Testing validation that fides user device id must be in expected uuid format"""
+        request_body["browser_identity"][
+            "fides_user_device_id"
+        ] = "bad_fides_user_device_id"
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 422
+        assert (
+            response.json()["detail"][0]["msg"]
+            == "badly formed hexadecimal UUID string"
+        )
+
+    def test_record_notices_served_with_bad_notice(self, api_client, url, request_body):
+        """Every notice history in request body needs to be valid"""
+        request_body["privacy_notice_history_ids"] = ["bad_history"]
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 400
+
+    def test_record_notices_served_bad_experience_id(
+        self,
+        api_client,
+        url,
+        request_body,
+    ):
+        """Privacy experiences need to be valid when recording notices served"""
+        request_body["privacy_experience_id"] = "bad_id"
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 404
+        assert response.json()["detail"] == f"Privacy Experience 'bad_id' not found."
+
+    @mock.patch(
+        "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
+    )
+    def test_record_notices_served_with_respect_to_fides_user_device_id(
+        self,
+        mock_anonymize,
+        db,
+        api_client,
+        url,
+        request_body,
+        privacy_notice,
+        privacy_experience_overlay,
+    ):
+        """Test recording that a notice was served to the given user with this fides user device id
+
+        We create a ServedNoticeHistory record for every single time a notice is served.
+        Separately, we upsert a LastServedNotice record whose intent is to capture the last saved
+        notice across versions and across time, consolidating known user identities
+
+        """
+        test_device_id = "f7e54703-cd57-495e-866d-042e67c81734"
+        masked_ip = "12.214.31.0"
+        mock_anonymize.return_value = masked_ip
+        response = api_client.patch(
+            url, json=request_body, headers={"Origin": "http://localhost:8080"}
+        )
+        assert response.status_code == 200
+        assert len(response.json()) == 1
+        response_json = response.json()[0]
+        assert (
+            response_json["privacy_notice_history"]["id"]
+            == privacy_notice.histories[0].id
+        )
+
+        served_notice_history_id = response_json["served_notice_history_id"]
+
+        # Fetch last served notice record that was updated
+        last_served_notice = LastServedNotice.get(db, object_id=response_json["id"])
+        assert last_served_notice.created_at is not None
+        assert last_served_notice.updated_at is not None
+        assert last_served_notice.provided_identity_id is None
+        assert last_served_notice.fides_user_device_provided_identity_id is not None
+        assert last_served_notice.privacy_notice_id == privacy_notice.id
+        assert (
+            last_served_notice.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+
+        # Get corresponding historical record that was just created
+        served_notice_history = last_served_notice.served_notice_history
+
+        assert served_notice_history.id == served_notice_history_id
+        assert served_notice_history.updated_at is not None
+        assert served_notice_history.anonymized_ip_address == masked_ip
+        assert served_notice_history.created_at is not None
+        assert served_notice_history.email is None
+        assert (
+            served_notice_history.fides_user_device == test_device_id
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_email is None
+        assert (
+            served_notice_history.hashed_fides_user_device
+            == ProvidedIdentity.hash_value(test_device_id)
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_phone_number is None
+        assert served_notice_history.phone_number is None
+        assert (
+            served_notice_history.request_origin == RequestOrigin.overlay
+        )  # Retrieved from privacy experience history
+        assert served_notice_history.url_recorded is None
+        assert (
+            served_notice_history.user_agent == "testclient"
+        )  # Retrieved from request headers
+        assert served_notice_history.user_geography == "us_ca"
+        assert served_notice_history.acknowledge_mode is False
+        assert served_notice_history.serving_component == ServingComponent.banner
+
+        fides_user_device_provided_identity = (
+            served_notice_history.fides_user_device_provided_identity
+        )
+        # Same fides user device identity added to both the historical and current record
+        assert (
+            last_served_notice.fides_user_device_provided_identity
+            == fides_user_device_provided_identity
+        )
+        assert (
+            fides_user_device_provided_identity.hashed_value
+            == ProvidedIdentity.hash_value(test_device_id)
+        )
+        assert (
+            fides_user_device_provided_identity.encrypted_value["value"]
+            == test_device_id
+        )
+
+        assert (
+            served_notice_history.privacy_experience_config_history_id
+            == privacy_experience_overlay.experience_config.experience_config_history_id
+        )
+        assert (
+            served_notice_history.privacy_experience_id == privacy_experience_overlay.id
+        )
+        assert (
+            served_notice_history.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+        assert served_notice_history.provided_identity_id is None
+
+        last_served_notice.delete(db)
+        served_notice_history.delete(db)
+
+
+class TestSaveNoticesServedPrivacyCenter:
+    @pytest.fixture(scope="function")
+    def verification_code(self) -> str:
+        return "abcd"
+
+    @pytest.fixture(scope="function")
+    def request_body(
+        self, privacy_notice, verification_code, privacy_experience_privacy_center
+    ):
+        return {
+            "browser_identity": {
+                "fides_user_device_id": "f7e54703-cd57-495e-866d-042e67c81734"
+            },
+            "code": verification_code,
+            "privacy_notice_history_ids": [privacy_notice.histories[0].id],
+            "privacy_experience_id": privacy_experience_privacy_center.id,
+            "user_geography": "us_co",
+            "serving_component": ServingComponent.privacy_center.value,
+        }
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_notices_served_no_matching_consent_request_id(
+        self, api_client, request_body
+    ):
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id='non_existent_consent_id')}",
+            json=request_body,
+        )
+        assert response.status_code == 404
+        assert "not found" in response.json()["detail"]
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_notices_served_code_expired(
+        self, provided_identity_and_consent_request, api_client, request_body
+    ):
+        _, consent_request = provided_identity_and_consent_request
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 400
+        assert "code expired" in response.json()["detail"]
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_notices_served_invalid_code(
+        self,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        request_body,
+    ):
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        request_body["code"] = "non_matching_code"
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 403
+        assert "Incorrect identification" in response.json()["detail"]
+
+    @pytest.mark.usefixtures("subject_identity_verification_required", "system")
+    @mock.patch(
+        "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
+    )
+    def test_save_notices_served(
+        self,
+        mock_anonymize,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        db: Session,
+        request_body,
+        privacy_notice,
+        privacy_experience_privacy_center,
+    ):
+        """Verify code, save notices served, and return.
+
+        The fact that notices were served is saved with respect to two provided identities -
+        one for the email and one for the fides user device id
+        """
+        masked_ip = "12.214.31.0"  # Mocking because hostname for FastAPI TestClient is "testclient"
+        mock_anonymize.return_value = masked_ip
+
+        provided_identity, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        test_device_id = "f7e54703-cd57-495e-866d-042e67c81734"
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 200
+        assert len(response.json()) == 1
+        response_json = response.json()[0]
+
+        assert (
+            response_json["privacy_notice_history"]["id"]
+            == privacy_notice.histories[0].id
+        )
+
+        served_notice_history_id = response_json["served_notice_history_id"]
+
+        # Fetch last served notice record that was updated
+        last_served_notice = LastServedNotice.get(db, object_id=response_json["id"])
+        assert last_served_notice.created_at is not None
+        assert last_served_notice.updated_at is not None
+        assert last_served_notice.provided_identity_id == provided_identity.id
+        assert last_served_notice.fides_user_device_provided_identity_id is not None
+        assert last_served_notice.privacy_notice_id == privacy_notice.id
+        assert (
+            last_served_notice.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+
+        # Get corresponding historical record that was just created
+        served_notice_history = last_served_notice.served_notice_history
+
+        assert served_notice_history.id == served_notice_history_id
+        assert served_notice_history.updated_at is not None
+        assert served_notice_history.anonymized_ip_address == masked_ip
+        assert served_notice_history.created_at is not None
+        assert served_notice_history.email == "test@email.com"
+        assert (
+            served_notice_history.fides_user_device == test_device_id
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_email == ProvidedIdentity.hash_value(
+            "test@email.com"
+        )
+        assert (
+            served_notice_history.hashed_fides_user_device
+            == ProvidedIdentity.hash_value(test_device_id)
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_phone_number is None
+        assert served_notice_history.phone_number is None
+        assert (
+            served_notice_history.request_origin == RequestOrigin.privacy_center
+        )  # Retrieved from privacy experience history
+        assert served_notice_history.url_recorded is None
+        assert (
+            served_notice_history.user_agent == "testclient"
+        )  # Retrieved from request headers
+        assert served_notice_history.user_geography == "us_co"
+        assert served_notice_history.acknowledge_mode is False
+        assert (
+            served_notice_history.serving_component == ServingComponent.privacy_center
+        )
+
+        fides_user_device_provided_identity = (
+            served_notice_history.fides_user_device_provided_identity
+        )
+        # Same fides user device identity added to both the historical and current record
+        assert (
+            last_served_notice.fides_user_device_provided_identity
+            == fides_user_device_provided_identity
+        )
+        assert (
+            fides_user_device_provided_identity.hashed_value
+            == ProvidedIdentity.hash_value(test_device_id)
+        )
+        assert (
+            fides_user_device_provided_identity.encrypted_value["value"]
+            == test_device_id
+        )
+
+        assert (
+            served_notice_history.privacy_experience_config_history_id
+            == privacy_experience_privacy_center.experience_config.experience_config_history_id
+        )
+        assert (
+            served_notice_history.privacy_experience_id
+            == privacy_experience_privacy_center.id
+        )
+        assert (
+            served_notice_history.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+        assert served_notice_history.provided_identity_id == provided_identity.id
+
+        last_served_notice.delete(db)
+        served_notice_history.delete(db)
+
+    @pytest.mark.usefixtures("subject_identity_verification_required", "system")
+    @mock.patch(
+        "fides.api.api.v1.endpoints.privacy_preference_endpoints.anonymize_ip_address"
+    )
+    def test_save_notices_served_device_id_only(
+        self,
+        mock_anonymize,
+        fides_user_provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        db: Session,
+        request_body,
+        privacy_notice,
+        privacy_experience_privacy_center,
+    ):
+        """Verify code, save notices served, and return.
+
+        This tests when someone has set up their privacy center so we're not actually collecting
+        email/phone number there.  The original consent request was saved against a fides user
+        device id only
+        """
+        masked_ip = "12.214.31.0"  # Mocking because hostname for FastAPI TestClient is "testclient"
+        mock_anonymize.return_value = masked_ip
+
+        (
+            fides_user_provided_identity,
+            consent_request,
+        ) = fides_user_provided_identity_and_consent_request
+
+        consent_request.cache_identity_verification_code(verification_code)
+
+        test_device_id = "051b219f-20e4-45df-82f7-5eb68a00889f"
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 200
+        assert len(response.json()) == 1
+        response_json = response.json()[0]
+
+        assert (
+            response_json["privacy_notice_history"]["id"]
+            == privacy_notice.histories[0].id
+        )
+
+        served_notice_history_id = response_json["served_notice_history_id"]
+
+        # Fetch last served notice record that was updated
+        last_served_notice = LastServedNotice.get(db, object_id=response_json["id"])
+        assert last_served_notice.created_at is not None
+        assert last_served_notice.updated_at is not None
+        assert last_served_notice.provided_identity_id is None
+        assert (
+            last_served_notice.fides_user_device_provided_identity_id
+            == fides_user_provided_identity.id
+        )
+        assert last_served_notice.privacy_notice_id == privacy_notice.id
+        assert (
+            last_served_notice.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+
+        # Get corresponding historical record that was just created
+        served_notice_history = last_served_notice.served_notice_history
+
+        assert served_notice_history.id == served_notice_history_id
+        assert served_notice_history.updated_at is not None
+        assert served_notice_history.anonymized_ip_address == masked_ip
+        assert served_notice_history.created_at is not None
+        assert served_notice_history.email is None
+        assert (
+            served_notice_history.fides_user_device == test_device_id
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_email is None
+        assert (
+            served_notice_history.hashed_fides_user_device
+            == ProvidedIdentity.hash_value(test_device_id)
+        )  # Cached here for reporting
+        assert served_notice_history.hashed_phone_number is None
+        assert served_notice_history.phone_number is None
+        assert (
+            served_notice_history.request_origin == RequestOrigin.privacy_center
+        )  # Retrieved from privacy experience history
+        assert served_notice_history.url_recorded is None
+        assert (
+            served_notice_history.user_agent == "testclient"
+        )  # Retrieved from request headers
+        assert served_notice_history.user_geography == "us_co"
+        assert served_notice_history.acknowledge_mode is False
+        assert (
+            served_notice_history.serving_component == ServingComponent.privacy_center
+        )
+
+        fides_user_device_provided_identity = (
+            served_notice_history.fides_user_device_provided_identity
+        )
+        # Same fides user device identity added to both the historical and current record
+        assert (
+            last_served_notice.fides_user_device_provided_identity
+            == fides_user_provided_identity
+            == fides_user_device_provided_identity
+        )
+        assert (
+            fides_user_device_provided_identity.hashed_value
+            == ProvidedIdentity.hash_value(test_device_id)
+        )
+        assert (
+            fides_user_device_provided_identity.encrypted_value["value"]
+            == test_device_id
+        )
+
+        assert (
+            served_notice_history.privacy_experience_config_history_id
+            == privacy_experience_privacy_center.experience_config.experience_config_history_id
+        )
+        assert (
+            served_notice_history.privacy_experience_id
+            == privacy_experience_privacy_center.id
+        )
+        assert (
+            served_notice_history.privacy_notice_history_id
+            == privacy_notice.histories[0].id
+        )
+        assert served_notice_history.provided_identity_id is None
+
+        last_served_notice.delete(db)
+        served_notice_history.delete(db)
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_notices_served_invalid_code_respects_attempt_count(
+        self,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        request_body,
+    ):
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        request_body["code"] = "987632"  # Bad code
+
+        for _ in range(0, CONFIG.security.identity_verification_attempt_limit):
+            response = api_client.patch(
+                f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+                json=request_body,
+            )
+            assert response.status_code == 403
+            assert "Incorrect identification" in response.json()["detail"]
+
+        assert (
+            consent_request._get_cached_verification_code_attempt_count()
+            == CONFIG.security.identity_verification_attempt_limit
+        )
+
+        request_body["code"] = verification_code
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert response.status_code == 403
+        assert (
+            response.json()["detail"] == f"Attempt limit hit for '{consent_request.id}'"
+        )
+        assert consent_request.get_cached_verification_code() is None
+        assert consent_request._get_cached_verification_code_attempt_count() == 0
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    @patch("fides.api.models.privacy_request.ConsentRequest.verify_identity")
+    def test_save_notices_served_missing_identity_data(
+        self,
+        mock_verify_identity: MagicMock,
+        db,
+        api_client,
+        verification_code,
+        request_body,
+    ):
+        provided_identity_data = {
+            "privacy_request_id": None,
+            "field_name": "email",
+            "hashed_value": None,
+            "encrypted_value": None,
+        }
+        provided_identity = ProvidedIdentity.create(db, data=provided_identity_data)
+
+        consent_request_data = {
+            "provided_identity_id": provided_identity.id,
+        }
+        consent_request = ConsentRequest.create(db, data=consent_request_data)
+        consent_request.cache_identity_verification_code(verification_code)
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+
+        assert response.status_code == 404
+        assert mock_verify_identity.called
+        assert "missing" in response.json()["detail"]
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_privacy_notices_served_invalid_privacy_notice_history_id(
+        self,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        request_body,
+    ):
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        request_body["privacy_notice_history_ids"] = ["bad_id"]
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert (
+            response.status_code == 400
+        ), "Gets picked up by the duplicate privacy notice check"
+
+    @pytest.mark.usefixtures(
+        "subject_identity_verification_required",
+    )
+    def test_save_notices_viewed_for_the_same_notice_in_one_request(
+        self,
+        provided_identity_and_consent_request,
+        api_client,
+        verification_code,
+        request_body,
+        privacy_notice,
+    ):
+        _, consent_request = provided_identity_and_consent_request
+        consent_request.cache_identity_verification_code(verification_code)
+
+        request_body["privacy_notice_history_ids"] = [
+            privacy_notice.histories[0].id,
+            privacy_notice.histories[0].id,
+        ]
+
+        response = api_client.patch(
+            f"{V1_URL_PREFIX}{CONSENT_REQUEST_NOTICES_SERVED.format(consent_request_id=consent_request.id)}",
+            json=request_body,
+        )
+        assert (
+            response.status_code == 400
+        ), "Gets picked up by the duplicate privacy notice check"
diff --git a/tests/ops/models/test_privacy_preference.py b/tests/ops/models/test_privacy_preference.py
index a1cafff501..745b896ea4 100644
--- a/tests/ops/models/test_privacy_preference.py
+++ b/tests/ops/models/test_privacy_preference.py
@@ -9,9 +9,13 @@
     IdentityNotFoundException,
     PrivacyNoticeHistoryNotFound,
 )
+from fides.api.models.privacy_experience import PrivacyExperienceConfig
 from fides.api.models.privacy_preference import (
+    LastServedNotice,
     PrivacyPreferenceHistory,
     RequestOrigin,
+    ServedNoticeHistory,
+    ServingComponent,
     UserConsentPreference,
 )
 from fides.api.models.privacy_request import (
@@ -641,3 +645,184 @@ def test_anonymize_ipv6(self):
             anonymize_ip_address("2001:0db8:85a3:0000:0000:8a2e:0370:7334")
             == "2001:0db8:85a3:0000:0000:0000:0000:0000"
         )
+
+
+class TestServedNoticeHistory:
+    def test_created_record_of_notice_served_and_upsert_last_served_notice(
+        self,
+        db,
+        privacy_notice,
+        privacy_experience_privacy_center,
+        experience_config_privacy_center,
+    ):
+        provided_identity_data = {
+            "privacy_request_id": None,
+            "field_name": "email",
+            "hashed_value": ProvidedIdentity.hash_value("ethyca@email.com"),
+            "encrypted_value": {"value": "ethyca@email.com"},
+        }
+        fides_user_provided_identity_data = {
+            "privacy_request_id": None,
+            "field_name": "fides_user_device_id",
+            "hashed_value": ProvidedIdentity.hash_value(
+                "test_fides_user_device_id_abcdefg"
+            ),
+            "encrypted_value": {"value": "test_fides_user_device_id_abcdefg"},
+        }
+        provided_identity = ProvidedIdentity.create(db, data=provided_identity_data)
+        fides_user_provided_identity = ProvidedIdentity.create(
+            db, data=fides_user_provided_identity_data
+        )
+
+        privacy_notice_history = privacy_notice.histories[0]
+
+        email, hashed_email = extract_identity_from_provided_identity(
+            provided_identity, ProvidedIdentityType.email
+        )
+        phone_number, hashed_phone_number = extract_identity_from_provided_identity(
+            provided_identity, ProvidedIdentityType.phone_number
+        )
+        (
+            fides_user_device_id,
+            hashed_device_id,
+        ) = extract_identity_from_provided_identity(
+            fides_user_provided_identity, ProvidedIdentityType.fides_user_device_id
+        )
+
+        served_notice_history_record = ServedNoticeHistory.create(
+            db=db,
+            data={
+                "anonymized_ip_address": "12.214.31.0",
+                "email": email,
+                "fides_user_device": fides_user_device_id,
+                "fides_user_device_provided_identity_id": fides_user_provided_identity.id,
+                "hashed_email": hashed_email,
+                "hashed_fides_user_device": hashed_device_id,
+                "hashed_phone_number": hashed_phone_number,
+                "phone_number": phone_number,
+                "privacy_notice_history_id": privacy_notice_history.id,
+                "provided_identity_id": provided_identity.id,
+                "request_origin": "privacy_center",
+                "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24",
+                "user_geography": "us_co",
+                "url_recorded": "example.com/privacy_center",
+                "acknowledge_mode": False,
+                "serving_component": ServingComponent.privacy_center,
+                "privacy_experience_id": privacy_experience_privacy_center.id,
+                "privacy_experience_config_history_id": experience_config_privacy_center.histories[
+                    0
+                ].id,
+            },
+            check_name=False,
+        )
+        assert served_notice_history_record.email == "ethyca@email.com"
+        assert (
+            served_notice_history_record.hashed_email
+            == provided_identity.hashed_value
+            is not None
+        )
+        assert (
+            served_notice_history_record.fides_user_device
+            == fides_user_device_id
+            is not None
+        )
+        assert (
+            served_notice_history_record.hashed_fides_user_device
+            == hashed_device_id
+            is not None
+        )
+        assert (
+            served_notice_history_record.fides_user_device_provided_identity
+            == fides_user_provided_identity
+        )
+
+        assert served_notice_history_record.phone_number is None
+        assert served_notice_history_record.hashed_phone_number is None
+        assert (
+            served_notice_history_record.privacy_notice_history
+            == privacy_notice_history
+        )
+        assert served_notice_history_record.provided_identity == provided_identity
+        assert (
+            served_notice_history_record.request_origin == RequestOrigin.privacy_center
+        )
+        assert (
+            served_notice_history_record.user_agent
+            == "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/324.42 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/425.24"
+        )
+        assert served_notice_history_record.user_geography == "us_co"
+        assert served_notice_history_record.url_recorded == "example.com/privacy_center"
+
+        # Assert ServedNoticeHistory record upserted
+        last_served_notice = served_notice_history_record.last_served_notice
+        assert last_served_notice.privacy_notice_history == privacy_notice_history
+        assert last_served_notice.privacy_notice_id == privacy_notice.id
+        assert last_served_notice.provided_identity_id == provided_identity.id
+        assert (
+            last_served_notice.fides_user_device_provided_identity_id
+            == fides_user_provided_identity.id
+        )
+        assert (
+            last_served_notice.served_notice_history_id
+            == served_notice_history_record.id
+        )
+
+        served_notice_history_record.delete(db)
+        last_served_notice.delete(db)
+
+
+class TestLastServedNotice:
+    def test_served_latest_version(
+        self,
+        db,
+        served_notice_history_us_ca_provide_for_fides_user,
+        privacy_notice_us_ca_provide,
+    ):
+        last_served = (
+            served_notice_history_us_ca_provide_for_fides_user.last_served_notice
+        )
+        assert last_served.served_latest_version is True
+
+        privacy_notice_us_ca_provide.update(db, data={"description": "new_description"})
+        assert privacy_notice_us_ca_provide.version == 2.0
+        assert privacy_notice_us_ca_provide.description == "new_description"
+
+        assert last_served.served_latest_version is False
+
+    def test_get_last_served_for_notice_and_fides_user_device(
+        self,
+        db,
+        fides_user_provided_identity,
+        served_notice_history_us_ca_provide_for_fides_user,
+        privacy_notice_us_ca_provide,
+        empty_provided_identity,
+        privacy_notice,
+    ):
+        retrieved_record = (
+            LastServedNotice.get_last_served_for_notice_and_fides_user_device(
+                db,
+                fides_user_provided_identity=fides_user_provided_identity,
+                privacy_notice=privacy_notice_us_ca_provide,
+            )
+        )
+        assert (
+            retrieved_record
+            == served_notice_history_us_ca_provide_for_fides_user.last_served_notice
+        )
+
+        assert (
+            LastServedNotice.get_last_served_for_notice_and_fides_user_device(
+                db,
+                fides_user_provided_identity=empty_provided_identity,
+                privacy_notice=privacy_notice_us_ca_provide,
+            )
+            is None
+        )
+        assert (
+            LastServedNotice.get_last_served_for_notice_and_fides_user_device(
+                db,
+                fides_user_provided_identity=fides_user_provided_identity,
+                privacy_notice=privacy_notice,
+            )
+            is None
+        )

From 55acc85e5c1be0a2ee9219f7e0e80e415383f25d Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Mon, 17 Jul 2023 09:58:14 -0400
Subject: [PATCH 80/90] UI tabs for fides-js (#3782)

---
 CHANGELOG.md                                  |  3 +
 .../fides-js/src/components/ConsentModal.tsx  | 28 +++++--
 clients/fides-js/src/components/Overlay.tsx   |  1 +
 clients/fides-js/src/components/TcfTabs.tsx   | 77 +++++++++++++++++++
 clients/fides-js/src/components/fides.css     | 36 +++++++++
 clients/fides-js/src/fides.ts                 |  1 +
 clients/fides-js/src/lib/consent-types.ts     |  3 +
 clients/package-lock.json                     | 16 ++--
 .../privacy-center/app/server-environment.ts  |  6 ++
 clients/privacy-center/pages/api/fides-js.ts  |  1 +
 .../public/fides-js-components-demo.html      |  1 +
 11 files changed, 157 insertions(+), 16 deletions(-)
 create mode 100644 clients/fides-js/src/components/TcfTabs.tsx

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dc14f0043e..8bd9a04040 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -17,6 +17,9 @@ The types of changes are:
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.16.0...main)
 
+### Added
+
+- Tab component for `fides-js` [#3782](https://github.com/ethyca/fides/pull/3782)
 ### Developer Experience
 
 - Changed where db-dependent routers were imported to avoid dependency issues [#3741](https://github.com/ethyca/fides/pull/3741)
diff --git a/clients/fides-js/src/components/ConsentModal.tsx b/clients/fides-js/src/components/ConsentModal.tsx
index a7a1035805..ee09de1645 100644
--- a/clients/fides-js/src/components/ConsentModal.tsx
+++ b/clients/fides-js/src/components/ConsentModal.tsx
@@ -1,9 +1,14 @@
 import { h, VNode } from "preact";
 import { Attributes } from "../lib/a11y-dialog";
-import { PrivacyNotice, ExperienceConfig } from "../lib/consent-types";
+import {
+  PrivacyNotice,
+  ExperienceConfig,
+  FidesOptions,
+} from "../lib/consent-types";
 import NoticeToggles from "./NoticeToggles";
 import CloseButton from "./CloseButton";
 import GpcInfo from "./GpcInfo";
+import TcfTabs from "./TcfTabs";
 
 type NoticeKeys = Array<PrivacyNotice["notice_key"]>;
 
@@ -14,6 +19,7 @@ const ConsentModal = ({
   enabledNoticeKeys,
   onChange,
   buttonGroup,
+  options,
 }: {
   attributes: Attributes;
   experience: ExperienceConfig;
@@ -22,8 +28,10 @@ const ConsentModal = ({
   onClose: () => void;
   onChange: (enabledNoticeKeys: NoticeKeys) => void;
   buttonGroup: VNode;
+  options: FidesOptions;
 }) => {
   const { container, overlay, dialog, title, closeButton } = attributes;
+  const showTcf = options.tcfEnabled;
 
   return (
     // @ts-ignore A11yDialog ref obj type isn't quite the same
@@ -53,13 +61,17 @@ const ConsentModal = ({
           {experience.description}
         </p>
         <GpcInfo />
-        <div className="fides-modal-notices">
-          <NoticeToggles
-            notices={notices}
-            enabledNoticeKeys={enabledNoticeKeys}
-            onChange={onChange}
-          />
-        </div>
+        {showTcf ? (
+          <TcfTabs />
+        ) : (
+          <div className="fides-modal-notices">
+            <NoticeToggles
+              notices={notices}
+              enabledNoticeKeys={enabledNoticeKeys}
+              onChange={onChange}
+            />
+          </div>
+        )}
         {buttonGroup}
         {experience.privacy_policy_link_label &&
         experience.privacy_policy_url ? (
diff --git a/clients/fides-js/src/components/Overlay.tsx b/clients/fides-js/src/components/Overlay.tsx
index 94c9dfbb95..5310023cd4 100644
--- a/clients/fides-js/src/components/Overlay.tsx
+++ b/clients/fides-js/src/components/Overlay.tsx
@@ -193,6 +193,7 @@ const Overlay: FunctionComponent<OverlayProps> = ({
             }}
           />
         }
+        options={options}
       />
     </div>
   );
diff --git a/clients/fides-js/src/components/TcfTabs.tsx b/clients/fides-js/src/components/TcfTabs.tsx
new file mode 100644
index 0000000000..6a221e6642
--- /dev/null
+++ b/clients/fides-js/src/components/TcfTabs.tsx
@@ -0,0 +1,77 @@
+import { h } from "preact";
+import { useRef, useState } from "preact/hooks";
+
+const TCF_TABS = [
+  { name: "Purposes", content: "one" },
+  { name: "Features", content: "two" },
+  { name: "Vendors", content: "three" },
+];
+
+const KEY_ARROW_RIGHT = "ArrowRight";
+const KEY_ARROW_LEFT = "ArrowLeft";
+
+const TcfTabs = () => {
+  const [activeTabIndex, setActiveTabIndex] = useState(0);
+  const inputRefs = [
+    useRef<HTMLButtonElement>(null),
+    useRef<HTMLButtonElement>(null),
+    useRef<HTMLButtonElement>(null),
+  ];
+  const handleKeyDown = (event: KeyboardEvent) => {
+    let newActiveTab;
+    if (event.code === KEY_ARROW_RIGHT) {
+      event.preventDefault();
+      newActiveTab =
+        activeTabIndex === TCF_TABS.length - 1 ? 0 : activeTabIndex + 1;
+    }
+    if (event.code === KEY_ARROW_LEFT) {
+      event.preventDefault();
+      newActiveTab =
+        activeTabIndex === 0 ? TCF_TABS.length - 1 : activeTabIndex - 1;
+    }
+    if (newActiveTab != null) {
+      setActiveTabIndex(newActiveTab);
+      inputRefs[newActiveTab].current?.focus();
+    }
+  };
+  return (
+    <div className="fides-tabs">
+      <ul role="tablist" className="fides-tab-list">
+        {TCF_TABS.map(({ name }, idx) => (
+          <li role="presentation" key={name}>
+            <button
+              id={`fides-tab-${name}`}
+              aria-selected={idx === activeTabIndex}
+              onClick={() => {
+                setActiveTabIndex(idx);
+              }}
+              role="tab"
+              type="button"
+              className="fides-tab-button"
+              tabIndex={idx === activeTabIndex ? undefined : -1}
+              onKeyDown={handleKeyDown}
+              ref={inputRefs[idx]}
+            >
+              {name}
+            </button>
+          </li>
+        ))}
+      </ul>
+      <div className="tabpanel-container">
+        {TCF_TABS.map(({ name, content }, idx) => (
+          <section
+            role="tabpanel"
+            id={`fides-panel-${name}`}
+            aria-labelledby={`fides-tab-${name}`}
+            tabIndex={-1}
+            hidden={idx !== activeTabIndex}
+            key={name}
+          >
+            {content}
+          </section>
+        ))}
+      </div>
+    </div>
+  );
+};
+export default TcfTabs;
diff --git a/clients/fides-js/src/components/fides.css b/clients/fides-js/src/components/fides.css
index 443aaf4b35..59da7a5612 100644
--- a/clients/fides-js/src/components/fides.css
+++ b/clients/fides-js/src/components/fides.css
@@ -504,3 +504,39 @@ div#fides-modal .fides-modal-button-group {
   background: var(--fides-overlay-gpc-overridden-background-color);
   color: var(--fides-overlay-gpc-overridden-text-color);
 }
+
+.fides-tab-list {
+  padding: 0;
+  display: flex;
+  list-style-type: none;
+}
+
+.fides-tab-list > li {
+  width: 100%;
+}
+
+.fides-tab-button {
+  background: none;
+  border-width: 0 0 1px 0;
+  border-bottom: 1px solid var(--fides-overlay-row-divider-color);
+  color: var(--fides-overlay-body-font-color);
+  font-weight: 500;
+  padding: 0.6em 1.2em;
+  cursor: pointer;
+  width: 100%;
+}
+
+.fides-tab-button[aria-selected="true"] {
+  color: var(--fides-overlay-primary-active-color);
+  border-bottom-width: 2px;
+  border-color: var(--fides-overlay-primary-active-color);
+  font-weight: 600;
+}
+
+.fides-tab-button::focus-visible {
+  outline: 1px auto Highlight;
+  outline: 1px auto -webkit-focus-ring-color;
+}
+.fides-tab-button:focus:not(:focus-visible) {
+  outline: 0;
+}
diff --git a/clients/fides-js/src/fides.ts b/clients/fides-js/src/fides.ts
index 7f5feb3316..3d25c550b2 100644
--- a/clients/fides-js/src/fides.ts
+++ b/clients/fides-js/src/fides.ts
@@ -313,6 +313,7 @@ _Fides = {
     modalLinkId: null,
     privacyCenterUrl: "",
     fidesApiUrl: "",
+    tcfEnabled: false,
   },
   fides_meta: {},
   identity: {},
diff --git a/clients/fides-js/src/lib/consent-types.ts b/clients/fides-js/src/lib/consent-types.ts
index df9f56cb9f..a9dc406292 100644
--- a/clients/fides-js/src/lib/consent-types.ts
+++ b/clients/fides-js/src/lib/consent-types.ts
@@ -35,6 +35,9 @@ export type FidesOptions = {
 
   // URL for the Fides API, used to fetch and save consent preferences. Required.
   fidesApiUrl: string;
+
+  // Whether we should show the TCF modal
+  tcfEnabled: boolean;
 };
 
 export class SaveConsentPreference {
diff --git a/clients/package-lock.json b/clients/package-lock.json
index 345e71f5a7..4dfdaabbaf 100644
--- a/clients/package-lock.json
+++ b/clients/package-lock.json
@@ -7810,13 +7810,13 @@
       "integrity": "sha512-HQsw0QXiN5fdlO+R8/JzCZnR3Fqp8E87YVnhHlaPtNGJjt6ffbV0LpOkieIb1x6V1+xt878IYq77SpXHWAqKkA=="
     },
     "node_modules/cypress": {
-      "version": "12.13.0",
-      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.13.0.tgz",
-      "integrity": "sha512-QJlSmdPk+53Zhy69woJMySZQJoWfEWun3X5OOenGsXjRPVfByVTHorxNehbzhZrEzH9RDUDqVcck0ahtlS+N/Q==",
+      "version": "12.17.1",
+      "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.17.1.tgz",
+      "integrity": "sha512-eKfBgO6t8waEyhegL4gxD7tcI6uTCGttu+ZU7y9Hq8BlpMztd7iLeIF4AJFAnbZH1xjX+wwgg4cRKFNSvv3VWQ==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
-        "@cypress/request": "^2.88.10",
+        "@cypress/request": "^2.88.11",
         "@cypress/xvfb": "^1.2.4",
         "@types/node": "^14.14.31",
         "@types/sinonjs__fake-timers": "8.1.1",
@@ -7853,7 +7853,7 @@
         "pretty-bytes": "^5.6.0",
         "proxy-from-env": "1.0.0",
         "request-progress": "^3.0.0",
-        "semver": "^7.3.2",
+        "semver": "^7.5.3",
         "supports-color": "^8.1.1",
         "tmp": "~0.2.1",
         "untildify": "^4.0.0",
@@ -7970,9 +7970,9 @@
       }
     },
     "node_modules/cypress/node_modules/semver": {
-      "version": "7.5.1",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
-      "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==",
       "dev": true,
       "dependencies": {
         "lru-cache": "^6.0.0"
diff --git a/clients/privacy-center/app/server-environment.ts b/clients/privacy-center/app/server-environment.ts
index 149425db65..0ec9d6a35f 100644
--- a/clients/privacy-center/app/server-environment.ts
+++ b/clients/privacy-center/app/server-environment.ts
@@ -45,6 +45,7 @@ export interface PrivacyCenterSettings {
   OVERLAY_PARENT_ID: string | null; // (optional) ID of the parent DOM element where the overlay should be inserted
   MODAL_LINK_ID: string | null; // (optional) ID of the DOM element that should trigger the consent modal
   PRIVACY_CENTER_URL: string; // e.g. http://localhost:3000
+  TCF_ENABLED: boolean; // whether we should render the TCF modal
 }
 
 /**
@@ -62,6 +63,7 @@ export type PrivacyCenterClientSettings = Pick<
   | "OVERLAY_PARENT_ID"
   | "MODAL_LINK_ID"
   | "PRIVACY_CENTER_URL"
+  | "TCF_ENABLED"
 >;
 
 export type Styles = string;
@@ -274,6 +276,9 @@ export const loadPrivacyCenterEnvironment =
       PRIVACY_CENTER_URL:
         process.env.FIDES_PRIVACY_CENTER__PRIVACY_CENTER_URL ||
         "http://localhost:3000",
+      TCF_ENABLED: process.env.FIDES_PRIVACY_CENTER__TCF_ENABLED
+        ? process.env.FIDES_PRIVACY_CENTER__TCF_ENABLED === "true"
+        : false,
     };
 
     // Load configuration file (if it exists)
@@ -292,6 +297,7 @@ export const loadPrivacyCenterEnvironment =
       OVERLAY_PARENT_ID: settings.OVERLAY_PARENT_ID,
       MODAL_LINK_ID: settings.MODAL_LINK_ID,
       PRIVACY_CENTER_URL: settings.PRIVACY_CENTER_URL,
+      TCF_ENABLED: settings.TCF_ENABLED,
     };
 
     // For backwards-compatibility, override FIDES_API_URL with the value from the config file if present
diff --git a/clients/privacy-center/pages/api/fides-js.ts b/clients/privacy-center/pages/api/fides-js.ts
index 4b0b32b008..df1a36eb1f 100644
--- a/clients/privacy-center/pages/api/fides-js.ts
+++ b/clients/privacy-center/pages/api/fides-js.ts
@@ -81,6 +81,7 @@ export default async function handler(
       modalLinkId: environment.settings.MODAL_LINK_ID,
       privacyCenterUrl: environment.settings.PRIVACY_CENTER_URL,
       fidesApiUrl: environment.settings.FIDES_API_URL,
+      tcfEnabled: environment.settings.TCF_ENABLED,
     },
     geolocation,
   };
diff --git a/clients/privacy-center/public/fides-js-components-demo.html b/clients/privacy-center/public/fides-js-components-demo.html
index 3614d6c117..5b815b1502 100644
--- a/clients/privacy-center/public/fides-js-components-demo.html
+++ b/clients/privacy-center/public/fides-js-components-demo.html
@@ -119,6 +119,7 @@
           modalLinkId: null,
           privacyCenterUrl: "http://localhost:3000",
           fidesApiUrl: "http://localhost:8080/api/v1",
+          tcfEnabled: false,
         },
       };
       window.Fides.init(fidesConfig);

From ec70d25cb4cc1bfa6476ddabc88f998d11135393 Mon Sep 17 00:00:00 2001
From: Allison King <allison@ethyca.com>
Date: Mon, 17 Jul 2023 11:23:28 -0400
Subject: [PATCH 81/90] Update TS types for privacy notice locations (#3787)

---
 CHANGELOG.md                                  |  3 +
 .../fixtures/privacy-notices/list.json        |  8 +--
 .../fixtures/privacy-notices/notice.json      |  2 +-
 .../ConnectionGridItem.tsx                    |  2 +-
 .../ConnectionTypeLogo.tsx                    |  2 +-
 .../forms/ConnectorParametersForm.tsx         |  2 +-
 .../manual/ConnectorParametersForm.tsx        |  2 +-
 .../forms/ConnectorParametersForm.tsx         |  4 +-
 .../models/ConnectionConfigurationResponse.ts |  2 +-
 .../src/types/api/models/ConsentMethod.ts     |  2 +-
 .../api/models/ConsentReportingSchema.ts      |  3 +-
 ...reateConnectionConfigurationWithSecrets.ts |  2 +-
 .../types/api/models/PrivacyNoticeRegion.ts   | 60 +++++++++----------
 .../api/models/PrivacyPreferencesRequest.ts   |  3 +-
 .../models/SaasConnectionTemplateValues.ts    |  2 +-
 15 files changed, 50 insertions(+), 49 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8bd9a04040..c5b5f4859e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,6 +38,9 @@ The types of changes are:
 ### Added
 - Record when consent is served [#3777](https://github.com/ethyca/fides/pull/3777)
 
+### Fixed
+- Privacy notice UI's list of possible regions now matches the backend's list [#3787](https://github.com/ethyca/fides/pull/3787)
+
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
 ### Added
diff --git a/clients/admin-ui/cypress/fixtures/privacy-notices/list.json b/clients/admin-ui/cypress/fixtures/privacy-notices/list.json
index 65c3c24ada..934666fa55 100644
--- a/clients/admin-ui/cypress/fixtures/privacy-notices/list.json
+++ b/clients/admin-ui/cypress/fixtures/privacy-notices/list.json
@@ -27,7 +27,7 @@
       "description": "Ensures you are correctly notifying the user about your advertising practices and for appropriate locations, collecting the users consent preferences.",
       "internal_description": null,
       "origin": null,
-      "regions": ["eu_fr", "eu_ie"],
+      "regions": ["fr", "ie"],
       "consent_mechanism": "opt_in",
       "data_uses": ["advertising.first_party.contextual"],
       "enforcement_level": "system_wide",
@@ -48,7 +48,7 @@
       "description": "Ensures you are correctly notifying the user about your advertising practices and for appropriate locations, collecting the users consent preferences.",
       "internal_description": null,
       "origin": null,
-      "regions": ["eu_fr", "eu_ie"],
+      "regions": ["fr", "ie"],
       "consent_mechanism": "opt_in",
       "data_uses": ["collect"],
       "enforcement_level": "system_wide",
@@ -69,7 +69,7 @@
       "description": "This is for data processing activities that enhance the capability or features of your site but may not be strictly necessary.",
       "internal_description": null,
       "origin": null,
-      "regions": ["eu_fr", "eu_ie"],
+      "regions": ["fr", "ie"],
       "consent_mechanism": "opt_in",
       "data_uses": ["improve.system"],
       "enforcement_level": "system_wide",
@@ -90,7 +90,7 @@
       "description": "Notify the user about data processing activities that are essential to your services functionality. Typically consent is not required for this.",
       "internal_description": null,
       "origin": null,
-      "regions": ["eu_fr", "eu_ie"],
+      "regions": ["fr", "ie"],
       "consent_mechanism": "notice_only",
       "data_uses": ["provide.service"],
       "enforcement_level": "system_wide",
diff --git a/clients/admin-ui/cypress/fixtures/privacy-notices/notice.json b/clients/admin-ui/cypress/fixtures/privacy-notices/notice.json
index 4824ec44ae..b2e4fd85bc 100644
--- a/clients/admin-ui/cypress/fixtures/privacy-notices/notice.json
+++ b/clients/admin-ui/cypress/fixtures/privacy-notices/notice.json
@@ -4,7 +4,7 @@
   "description": "Notify the user about data processing activities that are essential to your services functionality. Typically consent is not required for this.",
   "internal_description": null,
   "origin": null,
-  "regions": ["eu_fr", "eu_ie"],
+  "regions": ["fr", "ie"],
   "consent_mechanism": "notice_only",
   "data_uses": ["provide.service"],
   "enforcement_level": "not_applicable",
diff --git a/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx b/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
index 56f943947b..f21bd57bae 100644
--- a/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/ConnectionGridItem.tsx
@@ -58,7 +58,7 @@ const ConnectionGridItem: React.FC<ConnectionGridItemProps> = ({
         <ConnectionMenu
           connection_key={connectionData.key}
           disabled={!!connectionData.disabled}
-          name={connectionData.name}
+          name={connectionData.name ?? connectionData.key}
           connection_type={connectionData.connection_type}
           access_type={connectionData.access}
         />
diff --git a/clients/admin-ui/src/features/datastore-connections/ConnectionTypeLogo.tsx b/clients/admin-ui/src/features/datastore-connections/ConnectionTypeLogo.tsx
index be7c752110..66cf2696d5 100644
--- a/clients/admin-ui/src/features/datastore-connections/ConnectionTypeLogo.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/ConnectionTypeLogo.tsx
@@ -48,7 +48,7 @@ const ConnectionTypeLogo: React.FC<ConnectionTypeLogoProps & ImageProps> = ({
   };
   const getAltValue = (): string => {
     if (isDatastoreConnection(data)) {
-      return data.name;
+      return data.name ?? data.key;
     }
     if (isConnectionSystemTypeMap(data)) {
       return data.human_readable;
diff --git a/clients/admin-ui/src/features/datastore-connections/add-connection/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/add-connection/forms/ConnectorParametersForm.tsx
index b47559edc5..ebaafbff06 100644
--- a/clients/admin-ui/src/features/datastore-connections/add-connection/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/add-connection/forms/ConnectorParametersForm.tsx
@@ -195,7 +195,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   const getInitialValues = () => {
     const initialValues = { ...defaultValues };
     if (connection?.key) {
-      initialValues.name = connection.name;
+      initialValues.name = connection.name ?? "";
       initialValues.description = connection.description as string;
       initialValues.instance_key =
         connection.connection_type === ConnectionType.SAAS
diff --git a/clients/admin-ui/src/features/datastore-connections/add-connection/manual/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/add-connection/manual/ConnectorParametersForm.tsx
index 160086262d..d33ec9c540 100644
--- a/clients/admin-ui/src/features/datastore-connections/add-connection/manual/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/add-connection/manual/ConnectorParametersForm.tsx
@@ -30,7 +30,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   );
   const getInitialValues = () => {
     if (connection?.key) {
-      defaultValues.name = connection.name;
+      defaultValues.name = connection.name ?? "";
       defaultValues.description = connection.description as string;
     }
     return defaultValues;
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 927f56053d..c3ccc1c609 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -213,7 +213,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
   const getInitialValues = () => {
     const initialValues = { ...defaultValues };
     if (connectionConfig?.key) {
-      initialValues.name = connectionConfig.name;
+      initialValues.name = connectionConfig.name ?? "";
       initialValues.description = connectionConfig.description as string;
       initialValues.instance_key =
         connectionConfig.connection_type === ConnectionType.SAAS
@@ -367,7 +367,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
                   disabled={isDisabledConnection}
                   connection_type={connectionConfig?.connection_type}
                   access_type={connectionConfig?.access}
-                  name={connectionConfig?.name}
+                  name={connectionConfig?.name ?? connectionConfig.key}
                   isSwitch
                 />
               ) : null}
diff --git a/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts b/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
index df2af50827..897bf2b827 100644
--- a/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
+++ b/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
@@ -12,7 +12,7 @@ import type { SaaSConfigBase } from "./SaaSConfigBase";
  * Do *NOT* add "secrets" to this schema.
  */
 export type ConnectionConfigurationResponse = {
-  name: string;
+  name?: string;
   key: string;
   description?: string;
   connection_type: ConnectionType;
diff --git a/clients/admin-ui/src/types/api/models/ConsentMethod.ts b/clients/admin-ui/src/types/api/models/ConsentMethod.ts
index 951ebc7a4e..8d0b4dd52c 100644
--- a/clients/admin-ui/src/types/api/models/ConsentMethod.ts
+++ b/clients/admin-ui/src/types/api/models/ConsentMethod.ts
@@ -8,5 +8,5 @@
 export enum ConsentMethod {
   BUTTON = "button",
   GPC = "gpc",
-  API = "api",
+  INDIVIDUAL_NOTICE = "individual_notice",
 }
diff --git a/clients/admin-ui/src/types/api/models/ConsentReportingSchema.ts b/clients/admin-ui/src/types/api/models/ConsentReportingSchema.ts
index 94a00c40cb..13138ef47c 100644
--- a/clients/admin-ui/src/types/api/models/ConsentReportingSchema.ts
+++ b/clients/admin-ui/src/types/api/models/ConsentReportingSchema.ts
@@ -5,7 +5,6 @@
 import type { ActionType } from "./ActionType";
 import type { ConsentMethod } from "./ConsentMethod";
 import type { ExecutionLogStatus } from "./ExecutionLogStatus";
-import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 import type { PrivacyRequestStatus } from "./PrivacyRequestStatus";
 import type { RequestOrigin } from "./RequestOrigin";
 import type { UserConsentPreference } from "./UserConsentPreference";
@@ -27,7 +26,7 @@ export type ConsentReportingSchema = {
   approver_id?: string;
   privacy_notice_history_id: string;
   preference: UserConsentPreference;
-  user_geography?: PrivacyNoticeRegion;
+  user_geography?: string;
   relevant_systems?: Array<string>;
   affected_system_status: Record<string, ExecutionLogStatus>;
   url_recorded?: string;
diff --git a/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts b/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
index 8096369510..a8c39fe9a2 100644
--- a/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
+++ b/clients/admin-ui/src/types/api/models/CreateConnectionConfigurationWithSecrets.ts
@@ -25,7 +25,7 @@ import type { TimescaleDocsSchema } from "./TimescaleDocsSchema";
  * Schema for creating a connection configuration including secrets.
  */
 export type CreateConnectionConfigurationWithSecrets = {
-  name: string;
+  name?: string;
   key?: string;
   connection_type: ConnectionType;
   access: AccessLevel;
diff --git a/clients/admin-ui/src/types/api/models/PrivacyNoticeRegion.ts b/clients/admin-ui/src/types/api/models/PrivacyNoticeRegion.ts
index 797d8482b1..45837854b2 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyNoticeRegion.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyNoticeRegion.ts
@@ -3,7 +3,7 @@
 /* eslint-disable */
 
 /**
- * Enum is not formalized in the DB because it is subject to frequent change
+ * An enumeration.
  */
 export enum PrivacyNoticeRegion {
   US_AL = "us_al",
@@ -56,38 +56,38 @@ export enum PrivacyNoticeRegion {
   US_WV = "us_wv",
   US_WI = "us_wi",
   US_WY = "us_wy",
-  EU_BE = "eu_be",
-  EU_BG = "eu_bg",
-  EU_CZ = "eu_cz",
-  EU_DK = "eu_dk",
-  EU_DE = "eu_de",
-  EU_EE = "eu_ee",
-  EU_IE = "eu_ie",
-  EU_EL = "eu_el",
-  EU_ES = "eu_es",
-  EU_FR = "eu_fr",
-  EU_HR = "eu_hr",
-  EU_IT = "eu_it",
-  EU_CY = "eu_cy",
-  EU_LV = "eu_lv",
-  EU_LT = "eu_lt",
-  EU_LU = "eu_lu",
-  EU_HU = "eu_hu",
-  EU_MT = "eu_mt",
-  EU_NL = "eu_nl",
-  EU_AT = "eu_at",
-  EU_PL = "eu_pl",
-  EU_PT = "eu_pt",
-  EU_RO = "eu_ro",
-  EU_SI = "eu_si",
-  EU_SK = "eu_sk",
-  EU_FI = "eu_fi",
-  EU_SE = "eu_se",
+  BE = "be",
+  BG = "bg",
+  CZ = "cz",
+  DK = "dk",
+  DE = "de",
+  EE = "ee",
+  IE = "ie",
+  GR = "gr",
+  ES = "es",
+  FR = "fr",
+  HR = "hr",
+  IT = "it",
+  CY = "cy",
+  LV = "lv",
+  LT = "lt",
+  LU = "lu",
+  HU = "hu",
+  MT = "mt",
+  NL = "nl",
+  AT = "at",
+  PL = "pl",
+  PT = "pt",
+  RO = "ro",
+  SI = "si",
+  SK = "sk",
+  FI = "fi",
+  SE = "se",
   GB_ENG = "gb_eng",
   GB_SCT = "gb_sct",
   GB_WLS = "gb_wls",
   GB_NIR = "gb_nir",
-  ISL = "isl",
-  NOR = "nor",
+  IS = "is",
+  NO = "no",
   LI = "li",
 }
diff --git a/clients/admin-ui/src/types/api/models/PrivacyPreferencesRequest.ts b/clients/admin-ui/src/types/api/models/PrivacyPreferencesRequest.ts
index 618986f031..0846cde464 100644
--- a/clients/admin-ui/src/types/api/models/PrivacyPreferencesRequest.ts
+++ b/clients/admin-ui/src/types/api/models/PrivacyPreferencesRequest.ts
@@ -5,7 +5,6 @@
 import type { ConsentMethod } from "./ConsentMethod";
 import type { ConsentOptionCreate } from "./ConsentOptionCreate";
 import type { Identity } from "./Identity";
-import type { PrivacyNoticeRegion } from "./PrivacyNoticeRegion";
 
 /**
  * Request body for creating PrivacyPreferences.
@@ -16,6 +15,6 @@ export type PrivacyPreferencesRequest = {
   preferences: Array<ConsentOptionCreate>;
   policy_key?: string;
   privacy_experience_id?: string;
-  user_geography?: PrivacyNoticeRegion;
+  user_geography?: string;
   method?: ConsentMethod;
 };
diff --git a/clients/admin-ui/src/types/api/models/SaasConnectionTemplateValues.ts b/clients/admin-ui/src/types/api/models/SaasConnectionTemplateValues.ts
index 4d394114de..e364b5081e 100644
--- a/clients/admin-ui/src/types/api/models/SaasConnectionTemplateValues.ts
+++ b/clients/admin-ui/src/types/api/models/SaasConnectionTemplateValues.ts
@@ -22,7 +22,7 @@ import type { TimescaleDocsSchema } from "./TimescaleDocsSchema";
  * Schema with values to create both a Saas ConnectionConfig and DatasetConfig from a template
  */
 export type SaasConnectionTemplateValues = {
-  name: string;
+  name?: string;
   key?: string;
   description?: string;
   secrets:

From e9aeaf041d36cd7bfa5fda6e84258e3942a8be50 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Mon, 17 Jul 2023 22:15:49 -0400
Subject: [PATCH 82/90] fix broken build (`pyyaml` and `pymssql` issues related
 to `cython` version `3.0`) (#3802)

---
 requirements.txt               |  6 +++---
 tests/ctl/core/test_dataset.py | 21 +++++++++++----------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/requirements.txt b/requirements.txt
index 8b92504e32..44bd7b4343 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -13,7 +13,7 @@ expandvars==0.9.0
 fastapi[all]==0.89.1
 fastapi-caching[redis]==0.3.0
 fastapi-pagination[sqlalchemy]~= 0.10.0
-fideslang==1.4.2
+fideslang==1.4.3
 fideslog==1.2.10
 firebase-admin==5.3.0
 GitPython==3.1.31
@@ -36,10 +36,10 @@ pydantic==1.10.9
 pydash==6.0.2
 PyJWT==2.4.0
 pymongo==3.13.0
-pymssql==2.2.7
+# pymssql==2.2.7 -- temporarily commented out due to what seems like cython 3.0 issues - see https://github.com/ethyca/fides/issues/3800
 PyMySQL==1.0.2
 python-jose[cryptography]==3.3.0
-pyyaml>=5,<6
+pyyaml>=5,<7
 redis==3.5.3
 RestrictedPython==6.0.0
 rich-click==1.6.1
diff --git a/tests/ctl/core/test_dataset.py b/tests/ctl/core/test_dataset.py
index 79a453952d..a58455fa73 100644
--- a/tests/ctl/core/test_dataset.py
+++ b/tests/ctl/core/test_dataset.py
@@ -4,7 +4,7 @@
 from urllib.parse import quote_plus
 from uuid import uuid4
 
-import pymssql
+# import pymssql TODO: temporary workaround because of cython 3.0 issues -  see https://github.com/ethyca/fides/issues/3800
 import pytest
 import sqlalchemy
 from fideslang.manifests import write_manifest
@@ -471,16 +471,17 @@ def database_setup(self) -> Generator:
                     for query in queries:
                         engine.execute(sqlalchemy.sql.text(query))
                 else:
+                    pass  # TODO: temporary workaround because of cython 3.0 issues -  see https://github.com/ethyca/fides/issues/3800
                     # This special MSSQL case is required due to how autocommit is activated
-                    with pymssql.connect(
-                        database_parameters["server"],
-                        database_parameters["username"],
-                        database_parameters["password"],
-                        autocommit=True,
-                    ) as connection:
-                        for query in queries:
-                            with connection.cursor() as cursor:
-                                cursor.execute(query)
+                    # with pymssql.connect(
+                    #     database_parameters["server"],
+                    #     database_parameters["username"],
+                    #     database_parameters["password"],
+                    #     autocommit=True,
+                    # ) as connection:
+                    #     for query in queries:
+                    #         with connection.cursor() as cursor:
+                    #             cursor.execute(query)
             except:
                 print(f"> FAILED DB SETUP: {database_parameters.get('setup_url')}")
                 # We don't want to error all tests if a single setup fails

From aa76b4b786370cae73ab97d89f1dc8c197b461c0 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew.c.j1995@gmail.com>
Date: Tue, 18 Jul 2023 10:33:07 -0400
Subject: [PATCH 83/90] show/hide connector values (#3775)

---
 CHANGELOG.md                                  |   1 +
 .../forms/ConnectorParameters.tsx             |  47 +++++--
 .../forms/ConnectorParametersForm.tsx         | 120 ++++++++++--------
 .../system_portal_config/forms/helpers.ts     |  10 +-
 .../src/features/system/system.slice.ts       |  21 ++-
 .../models/ConnectionConfigurationResponse.ts |   1 +
 .../api/v1/endpoints/connection_endpoints.py  |  47 +------
 .../v1/endpoints/connection_type_endpoints.py |  10 +-
 .../api/v1/endpoints/saas_config_endpoints.py |   2 +
 src/fides/api/api/v1/endpoints/system.py      |  67 +++++++++-
 src/fides/api/db/seed.py                      |   2 +
 .../connection_config.py                      | 107 +++++++++-------
 .../connection_type_system_map.py             |  23 ++++
 .../enums/__init__.py                         |   0
 .../enums/system_type.py                      |   8 ++
 .../enums/test_status.py                      |  17 +++
 .../saas_config_template_values.py            |  16 +++
 .../saas/connector_registry_service.py        |   2 +-
 src/fides/api/util/connection_type.py         |   6 +-
 src/fides/api/util/connection_util.py         |  60 ++++++++-
 .../saas/connection_template_fixtures.py      |   2 +-
 .../test_connection_config_endpoints.py       |  27 ++--
 .../test_connection_template_endpoints.py     |   4 +-
 .../api/v1/endpoints/test_manual_webhooks.py  |   8 +-
 .../test_policy_webhook_endpoints.py          |   1 +
 tests/ops/api/v1/endpoints/test_system.py     |  42 +++++-
 .../test_connection_config.py                 |  62 +++++++++
 tests/ops/util/test_connection_type.py        |   2 +-
 28 files changed, 522 insertions(+), 193 deletions(-)
 create mode 100644 src/fides/api/schemas/connection_configuration/connection_type_system_map.py
 create mode 100644 src/fides/api/schemas/connection_configuration/enums/__init__.py
 create mode 100644 src/fides/api/schemas/connection_configuration/enums/system_type.py
 create mode 100644 src/fides/api/schemas/connection_configuration/enums/test_status.py
 create mode 100644 src/fides/api/schemas/connection_configuration/saas_config_template_values.py
 create mode 100644 tests/ops/schemas/connection_configuration/test_connection_config.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5b5f4859e..47e54fc17a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,7 @@ The types of changes are:
 - Bumped supported Python versions to `3.10.12`, `3.9.17`, and `3.8.17` [#3733](https://github.com/ethyca/fides/pull/3733)
 - Logging Updates [#3758](https://github.com/ethyca/fides/pull/3758)
 - Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
+- Show/hide integration values [#3775](https://github.com/ethyca/fides/pull/3775)
 - Sort system cards alphabetically by name on "View systems" page [#3781](https://github.com/ethyca/fides/pull/3781)
 
 ### Removed
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 5b2f10ddd2..efa9b20aca 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -7,16 +7,14 @@ import {
   useCreateSassConnectionConfigMutation,
   useDeleteDatastoreConnectionMutation,
   useGetConnectionConfigDatasetConfigsQuery,
-  useUpdateDatastoreConnectionSecretsMutation,
 } from "datastore-connections/datastore-connection.slice";
 import { useDatasetConfigField } from "datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
 import {
   CreateSaasConnectionConfigRequest,
   CreateSaasConnectionConfigResponse,
-  DatastoreConnectionSecretsRequest,
   DatastoreConnectionSecretsResponse,
 } from "datastore-connections/types";
-import { useState } from "react";
+import { useMemo, useState } from "react";
 
 import { useAppDispatch, useAppSelector } from "~/app/hooks";
 import { DEFAULT_TOAST_PARAMS } from "~/features/common/toast";
@@ -25,9 +23,11 @@ import { formatKey } from "~/features/datastore-connections/system_portal_config
 import TestConnectionMessage from "~/features/datastore-connections/system_portal_config/TestConnectionMessage";
 import TestData from "~/features/datastore-connections/TestData";
 import {
+  ConnectionConfigSecretsRequest,
   selectActiveSystem,
   setActiveSystem,
   usePatchSystemConnectionConfigsMutation,
+  usePatchSystemConnectionSecretsMutation,
 } from "~/features/system/system.slice";
 import {
   AccessLevel,
@@ -69,7 +69,7 @@ const createSaasConnector = async (
   };
 
   Object.entries(secretsSchema!.properties).forEach((key) => {
-    params.connectionConfig.secrets[key[0]] = values[key[0]];
+    params.connectionConfig.secrets[key[0]] = values.secrets[key[0]];
   });
   return (await createSaasConnectorFunc(
     params
@@ -124,18 +124,32 @@ export const patchConnectionConfig = async (
 const upsertConnectionConfigSecrets = async (
   values: ConnectionConfigFormValues,
   secretsSchema: ConnectionTypeSecretSchemaReponse,
-  connectionConfigFidesKey: string,
-  upsertFunc: any
+  systemFidesKey: string,
+  originalSecrets: Record<string, string>,
+  patchFunc: any
 ) => {
-  const params2: DatastoreConnectionSecretsRequest = {
-    connection_key: connectionConfigFidesKey,
+  const params2: ConnectionConfigSecretsRequest = {
+    systemFidesKey,
     secrets: {},
   };
   Object.entries(secretsSchema!.properties).forEach((key) => {
-    params2.secrets[key[0]] = values[key[0]];
+    /*
+     * Only patch secrets that have changed. Otherwise, sensitive secrets
+     * would get overwritten with "**********" strings
+     */
+    if (
+      !(key[0] in originalSecrets) ||
+      values.secrets[key[0]] !== originalSecrets[key[0]]
+    ) {
+      params2.secrets[key[0]] = values.secrets[key[0]];
+    }
   });
 
-  return (await upsertFunc(
+  if (Object.keys(params2.secrets).length === 0) {
+    return Promise.resolve();
+  }
+
+  return (await patchFunc(
     params2
   ).unwrap()) as DatastoreConnectionSecretsResponse;
 };
@@ -180,8 +194,8 @@ export const useConnectorForm = ({
   });
 
   const [createSassConnectionConfig] = useCreateSassConnectionConfigMutation();
-  const [updateDatastoreConnectionSecrets] =
-    useUpdateDatastoreConnectionSecretsMutation();
+  const [updateSystemConnectionSecrets] =
+    usePatchSystemConnectionSecretsMutation();
   const [patchDatastoreConnection] = usePatchSystemConnectionConfigsMutation();
   const [deleteDatastoreConnection, deleteDatastoreConnectionResult] =
     useDeleteDatastoreConnectionMutation();
@@ -189,6 +203,10 @@ export const useConnectorForm = ({
     connectionConfig?.key || ""
   );
 
+  const originalSecrets = useMemo(
+    () => (connectionConfig ? { ...connectionConfig.secrets } : {}),
+    [connectionConfig]
+  );
   const activeSystem = useAppSelector(selectActiveSystem) as SystemResponse;
 
   const handleDelete = async (id: string) => {
@@ -248,8 +266,9 @@ export const useConnectorForm = ({
           await upsertConnectionConfigSecrets(
             secretsPayload,
             secretsSchema!,
-            payload.succeeded[0].key,
-            updateDatastoreConnectionSecrets
+            systemFidesKey,
+            originalSecrets,
+            updateSystemConnectionSecrets
           );
         }
       }
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index c3ccc1c609..0e7274bc19 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -101,7 +101,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
 
   const validateField = (label: string, value: string, type?: string) => {
     let error;
-    if (typeof value === "undefined" || value === "") {
+    if (typeof value === "undefined" || value === "" || value === undefined) {
       error = `${label} is required`;
     }
     if (type === FIDES_DATASET_REFERENCE) {
@@ -146,9 +146,9 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
     item: ConnectionTypeSecretSchemaProperty
   ): JSX.Element => (
     <Field
-      id={key}
-      name={key}
-      key={key}
+      id={`secrets.${key}`}
+      name={`secrets.${key}`}
+      key={`secrets.${key}`}
       validate={
         isRequiredSecretValue(key) || item.type === "integer"
           ? (value: string) =>
@@ -156,57 +156,68 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
           : false
       }
     >
-      {({ field, form }: { field: FieldInputProps<string>; form: any }) => (
-        <FormControl
-          display="flex"
-          isRequired={isRequiredSecretValue(key)}
-          isInvalid={form.errors[key] && form.touched[key]}
-        >
-          {getFormLabel(key, item.title)}
-          <VStack align="flex-start" w="inherit">
-            {item.type !== "integer" && (
-              <Input
-                {...field}
-                placeholder={getPlaceholder(item)}
-                autoComplete="off"
-                color="gray.700"
-                size="sm"
-              />
-            )}
-            {item.type === "integer" && (
-              <NumberInput
-                allowMouseWheel
-                color="gray.700"
-                defaultValue={0}
-                min={0}
-                size="sm"
-              >
-                <NumberInputField {...field} autoComplete="off" />
-                <NumberInputStepper>
-                  <NumberIncrementStepper />
-                  <NumberDecrementStepper />
-                </NumberInputStepper>
-              </NumberInput>
-            )}
-            <FormErrorMessage>{form.errors[key]}</FormErrorMessage>
-          </VStack>
-          <Tooltip
-            aria-label={item.description}
-            hasArrow
-            label={item.description}
-            placement="right-start"
-            openDelay={500}
+      {({ field, form }: { field: FieldInputProps<string>; form: any }) => {
+        const error = form.errors.secrets && form.errors.secrets[key];
+        const touch = form.touched.secrets ? form.touched.secrets[key] : false;
+
+        return (
+          <FormControl
+            display="flex"
+            isRequired={isRequiredSecretValue(key)}
+            isInvalid={error && touch}
           >
-            <Flex
-              alignItems="center"
-              h="32px"
-              visibility={item.description ? "visible" : "hidden"}
+            {getFormLabel(key, item.title)}
+            <VStack align="flex-start" w="inherit">
+              {item.type !== "integer" && (
+                <Input
+                  {...field}
+                  placeholder={getPlaceholder(item)}
+                  autoComplete="off"
+                  color="gray.700"
+                  size="sm"
+                />
+              )}
+              {item.type === "integer" && (
+                <NumberInput
+                  allowMouseWheel
+                  color="gray.700"
+                  onChange={(value) => {
+                    form.setFieldValue(field.name, value);
+                  }}
+                  defaultValue={field.value ?? 0}
+                  min={0}
+                  size="sm"
+                >
+                  <NumberInputField {...field} autoComplete="off" />
+                  <NumberInputStepper>
+                    <NumberIncrementStepper />
+                    <NumberDecrementStepper />
+                  </NumberInputStepper>
+                </NumberInput>
+              )}
+              <FormErrorMessage>{error}</FormErrorMessage>
+            </VStack>
+            <Tooltip
+              aria-label={item.description}
+              hasArrow
+              label={item.description}
+              placement="right-start"
+              openDelay={500}
             >
-              <CircleHelpIcon marginLeft="8px" _hover={{ cursor: "pointer" }} />
-            </Flex>
-          </Tooltip>
-        </FormControl>
-      )}
+              <Flex
+                alignItems="center"
+                h="32px"
+                visibility={item.description ? "visible" : "hidden"}
+              >
+                <CircleHelpIcon
+                  marginLeft="8px"
+                  _hover={{ cursor: "pointer" }}
+                />
+              </Flex>
+            </Tooltip>
+          </FormControl>
+        );
+      }}
     </Field>
   );
 
@@ -219,6 +230,9 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
         connectionConfig.connection_type === ConnectionType.SAAS
           ? (connectionConfig.saas_config?.fides_key as string)
           : connectionConfig.key;
+      // @ts-ignore
+      initialValues.secrets = connectionConfig.secrets;
+      return initialValues;
     }
     return fillInDefaults(initialValues, secretsSchema);
   };
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/helpers.ts b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/helpers.ts
index eb3f1b7188..933966754d 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/helpers.ts
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/helpers.ts
@@ -14,10 +14,16 @@ export const fillInDefaults = (
     Object.entries(connectionSchema.properties).forEach((key) => {
       const [name, schema] = key;
 
+      if (!("secrets" in filledInValues)) {
+        filledInValues.secrets = {};
+      }
+
       if (schema.type === "integer") {
-        filledInValues[name] = schema.default ? Number(schema.default) : 0;
+        filledInValues.secrets[name] = schema.default
+          ? Number(schema.default)
+          : 0;
       } else {
-        filledInValues[name] = schema.default ?? "";
+        filledInValues.secrets[name] = schema.default ?? "";
       }
     });
   }
diff --git a/clients/admin-ui/src/features/system/system.slice.ts b/clients/admin-ui/src/features/system/system.slice.ts
index 5f0dcffcb8..c5534e8a1e 100644
--- a/clients/admin-ui/src/features/system/system.slice.ts
+++ b/clients/admin-ui/src/features/system/system.slice.ts
@@ -7,6 +7,7 @@ import {
   ConnectionConfigurationResponse,
   System,
   SystemResponse,
+  TestStatusMessage,
 } from "~/types/api";
 
 interface SystemDeleteResponse {
@@ -20,6 +21,13 @@ interface UpsertResponse {
   updated: number;
 }
 
+export type ConnectionConfigSecretsRequest = {
+  systemFidesKey: string;
+  secrets: {
+    [key: string]: any;
+  };
+};
+
 const systemApi = baseApi.injectEndpoints({
   endpoints: (build) => ({
     getAllSystems: build.query<SystemResponse[], void>({
@@ -98,7 +106,17 @@ const systemApi = baseApi.injectEndpoints({
       }),
       invalidatesTags: ["Datamap", "System", "Datastore Connection"],
     }),
-
+    patchSystemConnectionSecrets: build.mutation<
+      TestStatusMessage,
+      ConnectionConfigSecretsRequest
+    >({
+      query: ({ secrets, systemFidesKey }) => ({
+        url: `/system/${systemFidesKey}/connection/secrets?verify=false`,
+        method: "PATCH",
+        body: secrets,
+      }),
+      invalidatesTags: () => ["Datastore Connection"],
+    }),
     getSystemConnectionConfigs: build.query<
       ConnectionConfigurationResponse[],
       string
@@ -120,6 +138,7 @@ export const {
   useUpsertSystemsMutation,
   usePatchSystemConnectionConfigsMutation,
   useGetSystemConnectionConfigsQuery,
+  usePatchSystemConnectionSecretsMutation,
 } = systemApi;
 
 export interface State {
diff --git a/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts b/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
index 897bf2b827..ed88a25abb 100644
--- a/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
+++ b/clients/admin-ui/src/types/api/models/ConnectionConfigurationResponse.ts
@@ -23,4 +23,5 @@ export type ConnectionConfigurationResponse = {
   last_test_timestamp?: string;
   last_test_succeeded?: boolean;
   saas_config?: SaaSConfigBase;
+  secrets?: object;
 };
diff --git a/src/fides/api/api/v1/endpoints/connection_endpoints.py b/src/fides/api/api/v1/endpoints/connection_endpoints.py
index eed569b032..0611cc966b 100644
--- a/src/fides/api/api/v1/endpoints/connection_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_endpoints.py
@@ -16,33 +16,27 @@
 from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT
 
 from fides.api.api import deps
-from fides.api.common_exceptions import ClientUnsuccessfulException, ConnectionException
-from fides.api.models.connectionconfig import (
-    ConnectionConfig,
-    ConnectionTestStatus,
-    ConnectionType,
-)
+from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.connection_configuration import connection_secrets_schemas
 from fides.api.schemas.connection_configuration.connection_config import (
     BulkPutConnectionConfiguration,
     ConnectionConfigurationResponse,
     CreateConnectionConfigurationWithSecrets,
-    SystemType,
-    TestStatus,
 )
 from fides.api.schemas.connection_configuration.connection_secrets import (
     TestStatusMessage,
 )
-from fides.api.service.connectors import get_connector
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
+from fides.api.schemas.connection_configuration.enums.test_status import TestStatus
 from fides.api.util.api_router import APIRouter
 from fides.api.util.connection_util import (
+    connection_status,
     delete_connection_config,
     get_connection_config_or_error,
     patch_connection_configs,
     validate_secrets,
 )
-from fides.api.util.logger import Pii
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
     CONNECTION_DELETE,
@@ -202,39 +196,6 @@ def delete_connection(
     delete_connection_config(db, connection_key)
 
 
-def connection_status(
-    connection_config: ConnectionConfig, msg: str, db: Session = Depends(deps.get_db)
-) -> TestStatusMessage:
-    """Connect, verify with a trivial query or API request, and report the status."""
-
-    connector = get_connector(connection_config)
-    try:
-        status: ConnectionTestStatus | None = connector.test_connection()
-
-    except (ConnectionException, ClientUnsuccessfulException) as exc:
-        logger.warning(
-            "Connection test failed on {}: {}",
-            connection_config.key,
-            Pii(str(exc)),
-        )
-        connection_config.update_test_status(
-            test_status=ConnectionTestStatus.failed, db=db
-        )
-        return TestStatusMessage(
-            msg=msg,
-            test_status=ConnectionTestStatus.failed,
-            failure_reason=str(exc),
-        )
-
-    logger.info("Connection test {} on {}", status.value, connection_config.key)  # type: ignore
-    connection_config.update_test_status(test_status=status, db=db)  # type: ignore
-
-    return TestStatusMessage(
-        msg=msg,
-        test_status=status,
-    )
-
-
 @router.put(
     CONNECTION_SECRETS,
     status_code=HTTP_200_OK,
diff --git a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
index b846b8d961..bf6cf903cd 100644
--- a/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/connection_type_endpoints.py
@@ -8,14 +8,14 @@
 
 from fides.api.common_exceptions import NoSuchConnectionTypeSecretSchemaError
 from fides.api.oauth.utils import verify_oauth_client
-from fides.api.schemas.connection_configuration.connection_config import (
+from fides.api.schemas.connection_configuration.connection_type_system_map import (
     ConnectionSystemTypeMap,
-    SystemType,
 )
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
 from fides.api.schemas.policy import ActionType
 from fides.api.util.api_router import APIRouter
 from fides.api.util.connection_type import (
-    connection_type_secret_schema,
+    get_connection_type_secret_schema,
     get_connection_types,
 )
 from fides.common.api.scope_registry import CONNECTION_TYPE_READ
@@ -77,7 +77,7 @@ def get_all_connection_types(
     CONNECTION_TYPE_SECRETS,
     dependencies=[Security(verify_oauth_client, scopes=[CONNECTION_TYPE_READ])],
 )
-def get_connection_type_secret_schema(
+def get_connection_type_secret_schema_route(
     *, connection_type: str
 ) -> Optional[Dict[str, Any]]:
     """Returns the secret fields that should be supplied to authenticate with a particular connection type
@@ -86,7 +86,7 @@ def get_connection_type_secret_schema(
     to authenticate.
     """
     try:
-        return connection_type_secret_schema(connection_type=connection_type)
+        return get_connection_type_secret_schema(connection_type=connection_type)
     except NoSuchConnectionTypeSecretSchemaError:
         raise HTTPException(
             status_code=HTTP_404_NOT_FOUND,
diff --git a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
index 642f68c789..be9e1a2863 100644
--- a/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/saas_config_endpoints.py
@@ -25,6 +25,8 @@
 from fides.api.oauth.utils import verify_oauth_client
 from fides.api.schemas.connection_configuration.connection_config import (
     SaasConnectionTemplateResponse,
+)
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
     SaasConnectionTemplateValues,
 )
 from fides.api.schemas.saas.connector_template import ConnectorTemplate
diff --git a/src/fides/api/api/v1/endpoints/system.py b/src/fides/api/api/v1/endpoints/system.py
index fd359a23b0..e94082f00e 100644
--- a/src/fides/api/api/v1/endpoints/system.py
+++ b/src/fides/api/api/v1/endpoints/system.py
@@ -1,4 +1,4 @@
-from typing import Dict, List
+from typing import Dict, List, Optional
 
 from fastapi import Depends, Response, Security
 from fastapi_pagination import Page, Params
@@ -6,6 +6,7 @@
 from fastapi_pagination.ext.sqlalchemy import paginate
 from fideslang.models import System as SystemSchema
 from fideslang.validation import FidesKey
+from loguru import logger
 from pydantic.types import conlist
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import Session
@@ -35,18 +36,27 @@
     verify_oauth_client_for_system_from_request_body_cli,
 )
 from fides.api.oauth.utils import verify_oauth_client_prod
+from fides.api.schemas.connection_configuration import connection_secrets_schemas
 from fides.api.schemas.connection_configuration.connection_config import (
     BulkPutConnectionConfiguration,
     ConnectionConfigurationResponse,
     CreateConnectionConfigurationWithSecrets,
     SaasConnectionTemplateResponse,
+)
+from fides.api.schemas.connection_configuration.connection_secrets import (
+    TestStatusMessage,
+)
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
     SaasConnectionTemplateValues,
 )
 from fides.api.schemas.system import SystemResponse
 from fides.api.util.api_router import APIRouter
 from fides.api.util.connection_util import (
+    connection_status,
     delete_connection_config,
+    get_connection_config_or_error,
     patch_connection_configs,
+    validate_secrets,
 )
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
@@ -124,6 +134,61 @@ def patch_connections(
     return patch_connection_configs(db, configs, system)
 
 
+@SYSTEM_CONNECTIONS_ROUTER.patch(
+    "/secrets",
+    dependencies=[
+        Security(
+            verify_oauth_client_for_system_from_fides_key,
+            scopes=[CONNECTION_CREATE_OR_UPDATE],
+        )
+    ],
+    status_code=HTTP_200_OK,
+    response_model=TestStatusMessage,
+)
+def patch_connection_secrets(
+    fides_key: FidesKey,
+    *,
+    db: Session = Depends(deps.get_db),
+    unvalidated_secrets: connection_secrets_schemas,
+    verify: Optional[bool] = True,
+) -> TestStatusMessage:
+    """
+    Patch secrets that will be used to connect to a specified connection_type.
+
+    The specific secrets will be connection-dependent. For example, the components needed to connect to a Postgres DB
+    will differ from Dynamo DB.
+    """
+
+    system = get_system(db, fides_key)
+    connection_config = get_connection_config_or_error(
+        db, system.connection_configs.key
+    )
+    # Inserts unchanged sensitive values. The FE does not send masked values sensitive secrets.
+    if connection_config.secrets is not None:
+        for key, value in connection_config.secrets.items():
+            if key not in unvalidated_secrets:
+                unvalidated_secrets[key] = value  # type: ignore
+    else:
+        connection_config.secrets = {}
+
+    validated_secrets = validate_secrets(
+        db, unvalidated_secrets, connection_config
+    ).dict()
+
+    for key, value in validated_secrets.items():
+        connection_config.secrets[key] = value  # type: ignore
+
+    # Save validated secrets, regardless of whether they've been verified.
+    logger.info("Updating connection config secrets for '{}'", connection_config.key)
+    connection_config.save(db=db)
+
+    msg = f"Secrets updated for ConnectionConfig with key: {connection_config.key}."
+    if verify:
+        return connection_status(connection_config, msg, db)
+
+    return TestStatusMessage(msg=msg, test_status=None)
+
+
 @SYSTEM_CONNECTIONS_ROUTER.delete(
     "/{connection_key}",
     dependencies=[
diff --git a/src/fides/api/db/seed.py b/src/fides/api/db/seed.py
index 53f5e63f28..151b4d94aa 100644
--- a/src/fides/api/db/seed.py
+++ b/src/fides/api/db/seed.py
@@ -29,6 +29,8 @@
 from fides.api.oauth.roles import OWNER
 from fides.api.schemas.connection_configuration.connection_config import (
     CreateConnectionConfigurationWithSecrets,
+)
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
     SaasConnectionTemplateValues,
 )
 from fides.api.schemas.dataset import DatasetConfigCtlDataset
diff --git a/src/fides/api/schemas/connection_configuration/connection_config.py b/src/fides/api/schemas/connection_configuration/connection_config.py
index 8ab65baeaf..5031b77029 100644
--- a/src/fides/api/schemas/connection_configuration/connection_config.py
+++ b/src/fides/api/schemas/connection_configuration/connection_config.py
@@ -1,16 +1,18 @@
 from datetime import datetime
-from enum import Enum
-from typing import List, Optional, Union
+from typing import Any, Dict, List, Optional, cast
 
 from fideslang.models import Dataset
 from fideslang.validation import FidesKey
-from pydantic import BaseModel, Extra
+from loguru import logger
+from pydantic import BaseModel, Extra, root_validator
 
+from fides.api.common_exceptions import NoSuchConnectionTypeSecretSchemaError
 from fides.api.models.connectionconfig import AccessLevel, ConnectionType
 from fides.api.schemas.api import BulkResponse, BulkUpdateFailed
 from fides.api.schemas.connection_configuration import connection_secrets_schemas
 from fides.api.schemas.policy import ActionType
 from fides.api.schemas.saas.saas_config import SaaSConfigBase
+from fides.api.util.connection_type import get_connection_type_secret_schema
 
 
 class CreateConnectionConfiguration(BaseModel):
@@ -47,43 +49,40 @@ class Config:
         extra = Extra.forbid
 
 
-class TestStatus(Enum):
-    passed = "passed"
-    failed = "failed"
-    untested = "untested"
-
-    def str_to_bool(self) -> Optional[bool]:
-        """Translates query param string to optional/bool value
-        for filtering ConnectionConfig.last_test_succeeded field"""
-        if self == self.passed:
-            return True
-        if self == self.failed:
-            return False
-        return None
-
-
-class SystemType(Enum):
-    saas = "saas"
-    database = "database"
-    manual = "manual"
-    email = "email"
-
-
-class ConnectionSystemTypeMap(BaseModel):
+def mask_sensitive_fields(
+    connection_secrets: Dict[str, Any], secret_schema: Dict[str, Any]
+) -> Dict[str, Any]:
     """
-    Describes the returned schema for connection types
+    Mask sensitive fields in the given secrets based on the provided schema.
+    This function traverses the given secrets dictionary and uses the provided schema to
+    identify fields that have been marked as sensitive. The function replaces the sensitive
+    field values with a mask string ('********').
+    Args:
+        connection_secrets (Dict[str, Any]): The secrets to be masked.
+        secret_schema (Dict[str, Any]): The schema defining which fields are sensitive.
+    Returns:
+        Dict[str, Any]: The secrets dictionary with sensitive fields masked.
     """
+    if connection_secrets is None:
+        return connection_secrets
 
-    identifier: Union[ConnectionType, str]
-    type: SystemType
-    human_readable: str
-    encoded_icon: Optional[str]
+    connection_secret_keys = connection_secrets.keys()
+    secret_schema_keys = secret_schema["properties"].keys()
+    new_connection_secrets = {}
 
-    class Config:
-        """Use enum values and set orm mode"""
+    for key in connection_secret_keys:
+        if key in secret_schema_keys:
+            new_connection_secrets[key] = connection_secrets[key]
 
-        use_enum_values = True
-        orm_mode = True
+    for key, val in new_connection_secrets.items():
+        prop = secret_schema["properties"].get(key, {})
+
+        if isinstance(val, dict):
+            mask_sensitive_fields(val, prop)
+        elif prop.get("sensitive", False):
+            new_connection_secrets[key] = "**********"
+
+    return new_connection_secrets
 
 
 class ConnectionConfigurationResponse(BaseModel):
@@ -104,6 +103,34 @@ class ConnectionConfigurationResponse(BaseModel):
     last_test_timestamp: Optional[datetime]
     last_test_succeeded: Optional[bool]
     saas_config: Optional[SaaSConfigBase]
+    secrets: Optional[Dict[str, Any]]
+
+    @root_validator()
+    def mask_sensitive_values(cls, values: Dict[str, Any]) -> Dict[str, Any]:
+        """Mask sensitive values in the response."""
+        if values.get("secrets") is None:
+            return values
+
+        connection_type = (
+            values["saas_config"].type
+            if values.get("connection_type") == ConnectionType.saas
+            else values.get("connection_type").value  # type: ignore
+        )
+        try:
+            secret_schema = get_connection_type_secret_schema(
+                connection_type=connection_type
+            )
+        except NoSuchConnectionTypeSecretSchemaError as e:
+            logger.error(e)
+            # if there is no schema, we don't know what values to mask.
+            # so all the secrets are removed.
+            values["secrets"] = None
+            return values
+
+        values["secrets"] = mask_sensitive_fields(
+            cast(dict, values.get("secrets")), secret_schema
+        )
+        return values
 
     class Config:
         """Set orm_mode to support mapping to ConnectionConfig"""
@@ -125,16 +152,6 @@ class BulkPatchConnectionConfigurationWithSecrets(BulkResponse):
     failed: List[BulkUpdateFailed]
 
 
-class SaasConnectionTemplateValues(BaseModel):
-    """Schema with values to create both a Saas ConnectionConfig and DatasetConfig from a template"""
-
-    name: Optional[str]  # For ConnectionConfig
-    key: Optional[FidesKey]  # For ConnectionConfig
-    description: Optional[str]  # For ConnectionConfig
-    secrets: connection_secrets_schemas  # For ConnectionConfig
-    instance_key: FidesKey  # For DatasetConfig.fides_key
-
-
 class SaasConnectionTemplateResponse(BaseModel):
     connection: ConnectionConfigurationResponse
     dataset: Dataset
diff --git a/src/fides/api/schemas/connection_configuration/connection_type_system_map.py b/src/fides/api/schemas/connection_configuration/connection_type_system_map.py
new file mode 100644
index 0000000000..355aa396a7
--- /dev/null
+++ b/src/fides/api/schemas/connection_configuration/connection_type_system_map.py
@@ -0,0 +1,23 @@
+from typing import Optional, Union
+
+from pydantic import BaseModel
+
+from fides.api.models.connectionconfig import ConnectionType
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
+
+
+class ConnectionSystemTypeMap(BaseModel):
+    """
+    Describes the returned schema for connection types
+    """
+
+    identifier: Union[ConnectionType, str]
+    type: SystemType
+    human_readable: str
+    encoded_icon: Optional[str]
+
+    class Config:
+        """Use enum values and set orm mode"""
+
+        use_enum_values = True
+        orm_mode = True
diff --git a/src/fides/api/schemas/connection_configuration/enums/__init__.py b/src/fides/api/schemas/connection_configuration/enums/__init__.py
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/src/fides/api/schemas/connection_configuration/enums/system_type.py b/src/fides/api/schemas/connection_configuration/enums/system_type.py
new file mode 100644
index 0000000000..275a63f3f5
--- /dev/null
+++ b/src/fides/api/schemas/connection_configuration/enums/system_type.py
@@ -0,0 +1,8 @@
+from enum import Enum
+
+
+class SystemType(Enum):
+    saas = "saas"
+    database = "database"
+    manual = "manual"
+    email = "email"
diff --git a/src/fides/api/schemas/connection_configuration/enums/test_status.py b/src/fides/api/schemas/connection_configuration/enums/test_status.py
new file mode 100644
index 0000000000..6e5b8fd3bf
--- /dev/null
+++ b/src/fides/api/schemas/connection_configuration/enums/test_status.py
@@ -0,0 +1,17 @@
+from enum import Enum
+from typing import Optional
+
+
+class TestStatus(Enum):
+    passed = "passed"
+    failed = "failed"
+    untested = "untested"
+
+    def str_to_bool(self) -> Optional[bool]:
+        """Translates query param string to optional/bool value
+        for filtering ConnectionConfig.last_test_succeeded field"""
+        if self == self.passed:
+            return True
+        if self == self.failed:
+            return False
+        return None
diff --git a/src/fides/api/schemas/connection_configuration/saas_config_template_values.py b/src/fides/api/schemas/connection_configuration/saas_config_template_values.py
new file mode 100644
index 0000000000..1ba0fad11f
--- /dev/null
+++ b/src/fides/api/schemas/connection_configuration/saas_config_template_values.py
@@ -0,0 +1,16 @@
+from typing import Optional
+
+from fideslang.validation import FidesKey
+from pydantic import BaseModel
+
+from fides.api.schemas.connection_configuration import connection_secrets_schemas
+
+
+class SaasConnectionTemplateValues(BaseModel):
+    """Schema with values to create both a Saas ConnectionConfig and DatasetConfig from a template"""
+
+    name: Optional[str]  # For ConnectionConfig
+    key: Optional[FidesKey]  # For ConnectionConfig
+    description: Optional[str]  # For ConnectionConfig
+    secrets: connection_secrets_schemas  # For ConnectionConfig
+    instance_key: FidesKey  # For DatasetConfig.fides_key
diff --git a/src/fides/api/service/connectors/saas/connector_registry_service.py b/src/fides/api/service/connectors/saas/connector_registry_service.py
index fe37d50ad1..4e55c7e32d 100644
--- a/src/fides/api/service/connectors/saas/connector_registry_service.py
+++ b/src/fides/api/service/connectors/saas/connector_registry_service.py
@@ -25,7 +25,7 @@
 )
 from fides.api.models.custom_connector_template import CustomConnectorTemplate
 from fides.api.models.datasetconfig import DatasetConfig
-from fides.api.schemas.connection_configuration.connection_config import (
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
     SaasConnectionTemplateValues,
 )
 from fides.api.schemas.saas.connector_template import ConnectorTemplate
diff --git a/src/fides/api/util/connection_type.py b/src/fides/api/util/connection_type.py
index 1b8fcfd163..eb746ed6d1 100644
--- a/src/fides/api/util/connection_type.py
+++ b/src/fides/api/util/connection_type.py
@@ -10,10 +10,10 @@
     SaaSSchemaFactory,
     secrets_schemas,
 )
-from fides.api.schemas.connection_configuration.connection_config import (
+from fides.api.schemas.connection_configuration.connection_type_system_map import (
     ConnectionSystemTypeMap,
-    SystemType,
 )
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
 from fides.api.schemas.policy import SUPPORTED_ACTION_TYPES, ActionType
 from fides.api.schemas.saas.saas_config import SaaSConfig
 from fides.api.service.connectors.consent_email_connector import (
@@ -28,7 +28,7 @@
 from fides.api.util.saas_util import load_config_from_string
 
 
-def connection_type_secret_schema(*, connection_type: str) -> dict[str, Any]:
+def get_connection_type_secret_schema(*, connection_type: str) -> dict[str, Any]:
     """Returns the secret fields that should be supplied to authenticate with a particular connection type.
 
     Note that this does not return actual secrets, instead we return the *types* of
diff --git a/src/fides/api/util/connection_util.py b/src/fides/api/util/connection_util.py
index 9ef357f678..e47037e2c4 100644
--- a/src/fides/api/util/connection_util.py
+++ b/src/fides/api/util/connection_util.py
@@ -1,6 +1,6 @@
 from typing import List, Optional
 
-from fastapi import HTTPException
+from fastapi import Depends, HTTPException
 from fideslang.validation import FidesKey
 from loguru import logger
 from pydantic import ValidationError
@@ -12,9 +12,18 @@
     HTTP_422_UNPROCESSABLE_ENTITY,
 )
 
-from fides.api.common_exceptions import KeyOrNameAlreadyExists
+from fides.api.api import deps
+from fides.api.common_exceptions import (
+    ClientUnsuccessfulException,
+    ConnectionException,
+    KeyOrNameAlreadyExists,
+)
 from fides.api.common_exceptions import ValidationError as FidesValidationError
-from fides.api.models.connectionconfig import ConnectionConfig, ConnectionType
+from fides.api.models.connectionconfig import (
+    ConnectionConfig,
+    ConnectionTestStatus,
+    ConnectionType,
+)
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.models.privacy_request import PrivacyRequest, PrivacyRequestStatus
@@ -30,11 +39,17 @@
     BulkPutConnectionConfiguration,
     ConnectionConfigurationResponse,
     CreateConnectionConfigurationWithSecrets,
-    SaasConnectionTemplateValues,
+)
+from fides.api.schemas.connection_configuration.connection_secrets import (
+    TestStatusMessage,
 )
 from fides.api.schemas.connection_configuration.connection_secrets_saas import (
     validate_saas_secrets_external_references,
 )
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
+    SaasConnectionTemplateValues,
+)
+from fides.api.service.connectors import get_connector
 from fides.api.service.connectors.saas.connector_registry_service import (
     ConnectorRegistry,
     create_connection_config_from_template_no_save,
@@ -42,6 +57,7 @@
 from fides.api.service.privacy_request.request_runner_service import (
     queue_privacy_request,
 )
+from fides.api.util.logger import Pii
 from fides.common.api.v1.urn_registry import CONNECTION_TYPES, SAAS_CONFIG
 
 # pylint: disable=too-many-nested-blocks,too-many-branches,too-many-statements
@@ -234,10 +250,11 @@ def patch_connection_configs(
                     data=orig_data,
                 )
             )
-        except Exception:
+        except Exception as e:
             logger.warning(
                 "Create/update failed for connection config with key '{}'.", config.key
             )
+            logger.error(e)
             # remove secrets information from the return for security reasons.
             orig_data.pop("secrets", None)
             orig_data.pop("saas_connector_type", None)
@@ -299,3 +316,36 @@ def delete_connection_config(db: Session, connection_key: FidesKey) -> None:
     # so we queue any privacy requests that are no longer blocked by webhooks
     if connection_type == ConnectionType.manual_webhook:
         requeue_requires_input_requests(db)
+
+
+def connection_status(
+    connection_config: ConnectionConfig, msg: str, db: Session = Depends(deps.get_db)
+) -> TestStatusMessage:
+    """Connect, verify with a trivial query or API request, and report the status."""
+
+    connector = get_connector(connection_config)
+    try:
+        status: ConnectionTestStatus | None = connector.test_connection()
+
+    except (ConnectionException, ClientUnsuccessfulException) as exc:
+        logger.warning(
+            "Connection test failed on {}: {}",
+            connection_config.key,
+            Pii(str(exc)),
+        )
+        connection_config.update_test_status(
+            test_status=ConnectionTestStatus.failed, db=db
+        )
+        return TestStatusMessage(
+            msg=msg,
+            test_status=ConnectionTestStatus.failed,
+            failure_reason=str(exc),
+        )
+
+    logger.info("Connection test {} on {}", status.value, connection_config.key)  # type: ignore
+    connection_config.update_test_status(test_status=status, db=db)  # type: ignore
+
+    return TestStatusMessage(
+        msg=msg,
+        test_status=status,
+    )
diff --git a/tests/fixtures/saas/connection_template_fixtures.py b/tests/fixtures/saas/connection_template_fixtures.py
index 04aeeac704..c7e0debe20 100644
--- a/tests/fixtures/saas/connection_template_fixtures.py
+++ b/tests/fixtures/saas/connection_template_fixtures.py
@@ -6,7 +6,7 @@
 
 from fides.api.models.connectionconfig import ConnectionConfig
 from fides.api.models.datasetconfig import DatasetConfig
-from fides.api.schemas.connection_configuration.connection_config import (
+from fides.api.schemas.connection_configuration.saas_config_template_values import (
     SaasConnectionTemplateValues,
 )
 from fides.api.service.connectors.saas.connector_registry_service import (
diff --git a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
index d1da15afa1..eddf1cce70 100644
--- a/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_config_endpoints.py
@@ -310,7 +310,9 @@ def test_patch_connections_bulk_create(
         assert postgres_connection["updated_at"] is not None
         assert postgres_connection["last_test_timestamp"] is None
         assert postgres_connection["disabled"] is False
-        assert "secrets" not in postgres_connection
+        assert postgres_connection["secrets"]["password"] == "**********"
+        assert postgres_connection["secrets"]["url"] == "**********"
+        # assert "secrets" not in postgres_connection
 
         mongo_connection = response_body["succeeded"][1]
         mongo_resource = db.query(ConnectionConfig).filter_by(key="my_mongo_db").first()
@@ -322,7 +324,7 @@ def test_patch_connections_bulk_create(
         assert mongo_connection["created_at"] is not None
         assert mongo_connection["updated_at"] is not None
         assert mongo_connection["last_test_timestamp"] is None
-        assert "secrets" not in mongo_connection
+        assert mongo_connection["secrets"] is None
 
         assert response_body["failed"] == []  # No failures
 
@@ -510,7 +512,8 @@ def test_patch_connections_bulk_update(
         postgres_connection = response_body["succeeded"][0]
         assert postgres_connection["access"] == "read"
         assert postgres_connection["disabled"] is True
-        assert "secrets" not in postgres_connection
+        assert postgres_connection["secrets"]["password"] == "**********"
+        assert postgres_connection["secrets"]["url"] == "**********"
         assert postgres_connection["updated_at"] is not None
         postgres_resource = (
             db.query(ConnectionConfig).filter_by(key="postgres_db_1").first()
@@ -525,7 +528,7 @@ def test_patch_connections_bulk_update(
         assert mongo_connection["updated_at"] is not None
         mongo_resource = db.query(ConnectionConfig).filter_by(key="my_mongo_db").first()
         assert mongo_resource.access.value == "write"
-        assert "secrets" not in mongo_connection
+        assert mongo_connection["secrets"] is None
         assert not mongo_resource.disabled
 
         mysql_connection = response_body["succeeded"][2]
@@ -533,14 +536,14 @@ def test_patch_connections_bulk_update(
         assert mysql_connection["updated_at"] is not None
         mysql_resource = db.query(ConnectionConfig).filter_by(key="my_mysql_db").first()
         assert mysql_resource.access.value == "read"
-        assert "secrets" not in mysql_connection
+        assert mysql_connection["secrets"] is None
 
         mssql_connection = response_body["succeeded"][3]
         assert mssql_connection["access"] == "write"
         assert mssql_connection["updated_at"] is not None
         mssql_resource = db.query(ConnectionConfig).filter_by(key="my_mssql_db").first()
         assert mssql_resource.access.value == "write"
-        assert "secrets" not in mssql_connection
+        assert mssql_connection["secrets"] is None
 
         mariadb_connection = response_body["succeeded"][4]
         assert mariadb_connection["access"] == "write"
@@ -549,7 +552,7 @@ def test_patch_connections_bulk_update(
             db.query(ConnectionConfig).filter_by(key="my_mariadb_db").first()
         )
         assert mariadb_resource.access.value == "write"
-        assert "secrets" not in mariadb_connection
+        assert mariadb_connection["secrets"] is None
 
         bigquery_connection = response_body["succeeded"][5]
         assert bigquery_connection["access"] == "write"
@@ -558,7 +561,7 @@ def test_patch_connections_bulk_update(
             db.query(ConnectionConfig).filter_by(key="my_bigquery_db").first()
         )
         assert bigquery_resource.access.value == "write"
-        assert "secrets" not in bigquery_connection
+        assert bigquery_connection["secrets"] is None
 
         redshift_connection = response_body["succeeded"][6]
         assert redshift_connection["access"] == "read"
@@ -567,7 +570,7 @@ def test_patch_connections_bulk_update(
             db.query(ConnectionConfig).filter_by(key="my_redshift_cluster").first()
         )
         assert redshift_resource.access.value == "read"
-        assert "secrets" not in redshift_connection
+        assert redshift_connection["secrets"] is None
 
         snowflake_connection = response_body["succeeded"][7]
         assert snowflake_connection["access"] == "write"
@@ -578,7 +581,7 @@ def test_patch_connections_bulk_update(
         )
         assert snowflake_resource.access.value == "write"
         assert snowflake_resource.description == "Backup snowflake db"
-        assert "secrets" not in snowflake_connection
+        assert snowflake_connection["secrets"] is None
 
         manual_webhook_connection = response_body["succeeded"][8]
         assert manual_webhook_connection["access"] == "read"
@@ -588,7 +591,7 @@ def test_patch_connections_bulk_update(
         )
         assert manual_webhook_resource.access.value == "read"
         assert manual_webhook_resource.connection_type == ConnectionType.manual_webhook
-        assert "secrets" not in manual_webhook_connection
+        assert manual_webhook_connection["secrets"] is None
 
         postgres_resource.delete(db)
         mongo_resource.delete(db)
@@ -772,6 +775,7 @@ def test_get_connection_configs(
             "access",
             "updated_at",
             "saas_config",
+            "secrets",
             "name",
             "last_test_timestamp",
             "last_test_succeeded",
@@ -1189,6 +1193,7 @@ def test_get_connection_config(
             "disabled",
             "description",
             "saas_config",
+            "secrets",
         }
 
         assert response_body["key"] == "my_postgres_db_1"
diff --git a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
index c7d6b901e6..d8e72c4ba5 100644
--- a/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_connection_template_endpoints.py
@@ -12,7 +12,7 @@
 )
 from fides.api.models.datasetconfig import DatasetConfig
 from fides.api.models.policy import ActionType
-from fides.api.schemas.connection_configuration.connection_config import SystemType
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
 from fides.api.service.connectors.saas.connector_registry_service import (
     ConnectorRegistry,
 )
@@ -1286,7 +1286,7 @@ def test_instantiate_connection_from_template(
         connection_data = resp.json()["connection"]
         assert connection_data["key"] == "mailchimp_connection_config"
         assert connection_data["name"] == "Mailchimp Connector"
-        assert "secrets" not in connection_data
+        assert connection_data["secrets"]["api_key"] == "**********"
 
         dataset_data = resp.json()["dataset"]
         assert dataset_data["fides_key"] == "secondary_mailchimp_instance"
diff --git a/tests/ops/api/v1/endpoints/test_manual_webhooks.py b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
index c8c5a994b4..d964af80e4 100644
--- a/tests/ops/api/v1/endpoints/test_manual_webhooks.py
+++ b/tests/ops/api/v1/endpoints/test_manual_webhooks.py
@@ -98,7 +98,7 @@ def test_get_manual_webhook(
         assert connection_config_details["access"] == "read"
         assert connection_config_details["created_at"] is not None
         assert connection_config_details["updated_at"] is not None
-        assert "secrets" not in connection_config_details
+        assert connection_config_details["secrets"] is None
 
 
 class TestPostAccessManualWebhook:
@@ -349,7 +349,7 @@ def test_post_manual_webhook(
         assert connection_config_details["access"] == "read"
         assert connection_config_details["created_at"] is not None
         assert connection_config_details["updated_at"] is not None
-        assert "secrets" not in connection_config_details
+        assert connection_config_details["secrets"] is None
 
         manual_webhook = AccessManualWebhook.get(db=db, object_id=resp["id"])
         manual_webhook.delete(db)
@@ -441,7 +441,7 @@ def test_patch_manual_webhook(
         assert connection_config_details["access"] == "read"
         assert connection_config_details["created_at"] is not None
         assert connection_config_details["updated_at"] is not None
-        assert "secrets" not in connection_config_details
+        assert connection_config_details["secrets"] is None
 
 
 class TestDeleteAccessManualWebhook:
@@ -564,7 +564,7 @@ def test_get_manual_webhooks(
         assert connection_config_details["access"] == "read"
         assert connection_config_details["created_at"] is not None
         assert connection_config_details["updated_at"] is not None
-        assert "secrets" not in connection_config_details
+        assert connection_config_details["secrets"] is None
 
 
 class TestManualWebhookTest:
diff --git a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
index d86192d249..7c9182c9e6 100644
--- a/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_policy_webhook_endpoints.py
@@ -36,6 +36,7 @@ def embedded_http_connection_config(connection_config: ConnectionConfig) -> Dict
         "disabled": False,
         "description": None,
         "saas_config": None,
+        "secrets": None,
     }
 
 
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index e56ee71cec..227976627a 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -249,6 +249,7 @@ def test_get_connection_configs(
             "access",
             "updated_at",
             "saas_config",
+            "secrets",
             "name",
             "last_test_timestamp",
             "last_test_succeeded",
@@ -266,6 +267,45 @@ def test_get_connection_configs(
         assert response_body["page"] == 1
         assert response_body["size"] == page_size
 
+    def test_get_connection_configs_masks_secrets(
+        self,
+        api_client: TestClient,
+        generate_auth_header,
+        connection_config,
+        url,
+        connections,
+        db: Session,
+    ) -> None:
+        auth_header = generate_auth_header(scopes=[CONNECTION_CREATE_OR_UPDATE])
+        api_client.patch(url, headers=auth_header, json=connections)
+
+        auth_header = generate_auth_header(scopes=[CONNECTION_READ])
+        resp = api_client.get(url, headers=auth_header)
+        assert resp.status_code == HTTP_200_OK
+
+        response_body = json.loads(resp.text)
+        assert len(response_body["items"]) == 3
+        connection_1 = response_body["items"][0]["secrets"]
+        connection_2 = response_body["items"][1]["secrets"]
+        connection_3 = response_body["items"][2]["secrets"]
+        assert connection_1 == {
+            "api_key": "**********",
+            "domain": "test_mailchimp_domain",
+            "username": "test_mailchimp_username",
+        }
+
+        assert connection_2 == {
+            "db_schema": "test",
+            "dbname": "test",
+            "host": "http://localhost",
+            "password": "**********",
+            "port": 5432,
+            "url": "**********",
+            "username": "test",
+        }
+
+        assert connection_3 == None
+
     @pytest.mark.parametrize(
         "acting_user_role, expected_status_code, assign_system",
         [
@@ -872,7 +912,7 @@ def test_instantiate_connection_from_template(
         connection_data = resp.json()["connection"]
         assert connection_data["key"] == "mailchimp_connection_config"
         assert connection_data["name"] == "Mailchimp Connector"
-        assert "secrets" not in connection_data
+        assert connection_data["secrets"]["api_key"] == "**********"
 
         dataset_data = resp.json()["dataset"]
         assert dataset_data["fides_key"] == "secondary_mailchimp_instance"
diff --git a/tests/ops/schemas/connection_configuration/test_connection_config.py b/tests/ops/schemas/connection_configuration/test_connection_config.py
new file mode 100644
index 0000000000..deef6eca24
--- /dev/null
+++ b/tests/ops/schemas/connection_configuration/test_connection_config.py
@@ -0,0 +1,62 @@
+from fides.api.schemas.connection_configuration.connection_config import (
+    mask_sensitive_fields,
+)
+
+import pytest
+
+
+class TestMaskSenstiveValues:
+    @pytest.fixture(scope="function")
+    def secret_schema(self):
+        return {
+            "additionalProperties": False,
+            "description": "Aircall secrets schema",
+            "properties": {
+                "api_id": {"sensitive": False, "title": "API ID", "type": "string"},
+                "api_token": {
+                    "sensitive": True,
+                    "title": "API Token",
+                    "type": "string",
+                },
+                "domain": {
+                    "default": "api.aircall.io",
+                    "sensitive": False,
+                    "title": "Domain",
+                    "type": "string",
+                },
+            },
+            "required": ["api_id", "api_token"],
+            "title": "aircall_schema",
+            "type": "object",
+        }
+
+    @pytest.fixture(scope="function")
+    def connection_secrets(self):
+        return {
+            "api_id": "secret-test",
+            "api_token": "testing with new value",
+            "domain": "api.aircall.io",
+        }
+
+    def test_mask_sensitive_fields(self, secret_schema, connection_secrets):
+        masked_secrets = mask_sensitive_fields(connection_secrets, secret_schema)
+        assert masked_secrets == {
+            "api_id": "secret-test",
+            "api_token": "**********",
+            "domain": "api.aircall.io",
+        }
+
+    def test_mask_sensitive_fields_remove_non_schema_values(
+        self, connection_secrets, secret_schema
+    ):
+        connection_secrets["non_schema_value"] = "this should be removed"
+        connection_secrets["another_non_schema_value"] = "this should also be removed"
+
+        masked_secrets = mask_sensitive_fields(connection_secrets, secret_schema)
+        keys = masked_secrets.keys()
+        assert "non_schema_value" not in keys
+        assert "another_non_schema_value" not in keys
+
+    def test_return_none_if_no_secrets(self, secret_schema):
+        masked_secrets = mask_sensitive_fields(None, secret_schema)
+        assert masked_secrets is None
diff --git a/tests/ops/util/test_connection_type.py b/tests/ops/util/test_connection_type.py
index 906052637c..25f3800dc2 100644
--- a/tests/ops/util/test_connection_type.py
+++ b/tests/ops/util/test_connection_type.py
@@ -2,7 +2,7 @@
 
 from fides.api.models.connectionconfig import ConnectionType
 from fides.api.models.policy import ActionType
-from fides.api.schemas.connection_configuration.connection_config import SystemType
+from fides.api.schemas.connection_configuration.enums.system_type import SystemType
 from fides.api.service.connectors.saas.connector_registry_service import (
     ConnectorRegistry,
 )

From 88b0dcc9236afd83a4bdd23061cf39462a72b5ab Mon Sep 17 00:00:00 2001
From: Kelsey Thomas <101993653+Kelsey-Ethyca@users.noreply.github.com>
Date: Wed, 19 Jul 2023 11:15:17 -0400
Subject: [PATCH 84/90] clean up ui on integration tab (#3823)

---
 .../DisableConnectionModal.tsx                | 10 ++---
 .../system_portal_config/ConnectionForm.tsx   |  2 +-
 .../DeleteConnectionModal.tsx                 | 30 +++++++-------
 .../OrphanedConnectionModal.tsx               |  4 +-
 .../forms/ConnectorParameters.tsx             | 10 ++++-
 .../forms/ConnectorParametersForm.tsx         | 39 ++++++++++---------
 6 files changed, 53 insertions(+), 42 deletions(-)

diff --git a/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
index 857a5b7d27..19f5dffd92 100644
--- a/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/DisableConnectionModal.tsx
@@ -1,5 +1,6 @@
 import {
   Button,
+  Flex,
   MenuItem,
   Modal,
   ModalBody,
@@ -8,7 +9,6 @@ import {
   ModalFooter,
   ModalHeader,
   ModalOverlay,
-  Spacer,
   Stack,
   Switch,
   Text,
@@ -63,15 +63,15 @@ const DisableConnectionModal: React.FC<DataConnectionProps> = ({
   return (
     <>
       {isSwitch ? (
-        <>
-          <Spacer />
-          <Text fontSize="md">{disabled ? "Enable" : "Disable"}</Text>
+        <Flex justifyContent="space-between" alignItems="center">
+          <Text fontSize="sm">Enable integration</Text>
           <Switch
+            marginLeft="8px"
             colorScheme="complimentary"
             isChecked={!disabled}
             onChange={onOpen}
           />
-        </>
+        </Flex>
       ) : (
         <MenuItem
           _focus={{ color: "complimentary.500", bg: "gray.100" }}
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
index f38e4c654f..143b6850fb 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/ConnectionForm.tsx
@@ -79,7 +79,7 @@ const ConnectionForm = ({ connectionConfig, systemFidesKey }: Props) => {
         ) : null}
         <Restrict scopes={[ScopeRegistryEnum.CONNECTOR_TEMPLATE_REGISTER]}>
           <Button
-            colorScheme="primary"
+            variant="outline"
             type="submit"
             minWidth="auto"
             data-testid="upload-btn"
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
index 55bb2681ef..280fec3011 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
@@ -1,5 +1,7 @@
 import {
   Button,
+  Flex,
+  IconButton,
   Modal,
   ModalBody,
   ModalCloseButton,
@@ -14,6 +16,8 @@ import {
 } from "@fidesui/react";
 import React from "react";
 
+import { TrashCanSolidIcon } from "~/features/common/Icon/TrashCanSolidIcon";
+
 type DataConnectionProps = {
   connectionKey: string;
   onDelete: (connection_key: string) => void;
@@ -44,20 +48,18 @@ const DeleteConnectionModal: React.FC<DataConnectionProps> = ({
     <>
       <>
         <Spacer />
-        <Button
-          bg="red.500"
-          color="white"
-          isDisabled={deleteResult.isLoading}
-          isLoading={deleteResult.isLoading}
-          loadingText="Deleting"
-          size="sm"
-          variant="solid"
-          onClick={onOpen}
-          _active={{ bg: "red.400" }}
-          _hover={{ bg: "red.300" }}
-        >
-          Delete
-        </Button>
+        <Flex alignItems="center">
+          <Text fontSize="sm">Delete Integration</Text>
+          <IconButton
+            marginLeft="8px"
+            aria-label="Delete integration"
+            variant="outline"
+            icon={<TrashCanSolidIcon />}
+            isDisabled={deleteResult.isLoading}
+            onClick={onOpen}
+            size="sm"
+          />
+        </Flex>
       </>
 
       <Modal isCentered isOpen={isOpen} onClose={closeIfComplete}>
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
index 24540330f1..8a099f9a4e 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/OrphanedConnectionModal.tsx
@@ -106,9 +106,7 @@ const OrphanedConnectionModal: React.FC<DataConnectionProps> = ({
         loadingText="Deleting"
         onClick={onOpen}
         size="sm"
-        variant="solid"
-        color="white"
-        colorScheme="primary"
+        variant="outline"
       >
         Link integration
       </Button>
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index efa9b20aca..6660c03071 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -373,7 +373,15 @@ export const ConnectorParameters: React.FC<ConnectorParametersProps> = ({
 
   return (
     <>
-      <Box color="gray.700" fontSize="14px" mb={4} h="80px">
+      <Box
+        borderRadius="6px"
+        border="1px"
+        borderColor="gray.200"
+        backgroundColor="gray.50"
+        fontSize="14px"
+        p={4}
+        mb={4}
+      >
         Connect to your {connectionOption!.human_readable} environment by
         providing credential information below. Once you have saved your
         integration credentials, you can review what data is included when
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 0e7274bc19..d7285b1cb5 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -13,6 +13,7 @@ import {
   NumberInput,
   NumberInputField,
   NumberInputStepper,
+  Spacer,
   Tooltip,
   VStack,
 } from "@fidesui/react";
@@ -278,6 +279,25 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
       {(props: FormikProps<Values>) => (
         <Form noValidate>
           <VStack align="stretch" gap="16px">
+            <ButtonGroup size="sm" spacing="8px" variant="outline">
+              {connectionConfig ? (
+                <DisableConnectionModal
+                  connection_key={connectionConfig?.key}
+                  disabled={isDisabledConnection}
+                  connection_type={connectionConfig?.connection_type}
+                  access_type={connectionConfig?.access}
+                  name={connectionConfig?.name ?? connectionConfig.key}
+                  isSwitch
+                />
+              ) : null}
+              {connectionConfig ? (
+                <DeleteConnectionModal
+                  connectionKey={connectionConfig.key}
+                  onDelete={onDelete}
+                  deleteResult={deleteResult}
+                />
+              ) : null}
+            </ButtonGroup>
             {/* Connection Identifier */}
             <Field
               id="instance_key"
@@ -345,7 +365,6 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
             ) : null}
             <ButtonGroup size="sm" spacing="8px" variant="outline">
               <Button
-                colorScheme="gray.700"
                 isDisabled={
                   !connectionConfig?.key ||
                   isSubmitting ||
@@ -361,6 +380,7 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               {connectionOption.type === SystemType.MANUAL ? (
                 <DSRCustomizationModal connectionConfig={connectionConfig} />
               ) : null}
+              <Spacer />
               <Button
                 bg="primary.800"
                 color="white"
@@ -375,23 +395,6 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               >
                 Save
               </Button>
-              {connectionConfig ? (
-                <DisableConnectionModal
-                  connection_key={connectionConfig?.key}
-                  disabled={isDisabledConnection}
-                  connection_type={connectionConfig?.connection_type}
-                  access_type={connectionConfig?.access}
-                  name={connectionConfig?.name ?? connectionConfig.key}
-                  isSwitch
-                />
-              ) : null}
-              {connectionConfig ? (
-                <DeleteConnectionModal
-                  connectionKey={connectionConfig.key}
-                  onDelete={onDelete}
-                  deleteResult={deleteResult}
-                />
-              ) : null}
             </ButtonGroup>
           </VStack>
         </Form>

From d5e9ddae7fec0f925c3ad2a9e9ad7ce79a473613 Mon Sep 17 00:00:00 2001
From: Dave Quinlan <83430497+daveqnet@users.noreply.github.com>
Date: Wed, 19 Jul 2023 16:44:16 +0100
Subject: [PATCH 85/90] docs: update 2.16.0 changelog to include file upload
 vulnerability fixes (#3820)

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 47e54fc17a..88b677e062 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -81,6 +81,10 @@ The types of changes are:
 - In "view systems", system cards can now be clicked and link to that system's `configure/[id]` page [#3734](https://github.com/ethyca/fides/pull/3734)
 - Enable privacy notice and privacy experience feature flags by default [#3773](https://github.com/ethyca/fides/pull/3773)
 
+### Security
+- Resolve Zip bomb file upload vulnerability [CVE-2023-37480](https://github.com/ethyca/fides/security/advisories/GHSA-g95c-2jgm-hqc6)
+- Resolve SVG bomb (billion laughs) file upload vulnerability [CVE-2023-37481](https://github.com/ethyca/fides/security/advisories/GHSA-3rw2-wfc8-wmj5)
+
 ## [2.15.1](https://github.com/ethyca/fides/compare/2.15.0...2.15.1)
 
 ### Added

From 97b7823f91ccb800552afc79cf9179eb6416d3c5 Mon Sep 17 00:00:00 2001
From: Andrew Jackson <andrew.c.j1995@gmail.com>
Date: Wed, 19 Jul 2023 11:53:16 -0400
Subject: [PATCH 86/90] Update system connection delete route (#3785)

---
 CHANGELOG.md                                  |  1 +
 .../DeleteConnectionModal.tsx                 |  6 +-
 .../forms/ConnectorParameters.tsx             |  8 +-
 .../forms/ConnectorParametersForm.tsx         |  2 +-
 .../src/features/system/system.slice.ts       |  8 ++
 src/fides/api/api/v1/endpoints/system.py      | 21 +++--
 src/fides/api/db/system.py                    |  2 +-
 tests/fixtures/postgres_fixtures.py           |  7 +-
 .../saas/connection_template_fixtures.py      |  6 ++
 tests/ops/api/v1/endpoints/test_system.py     | 93 ++++++++-----------
 10 files changed, 81 insertions(+), 73 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 88b677e062..baf891824c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@ The types of changes are:
 - Add polyfill service to fides-js route [#3759](https://github.com/ethyca/fides/pull/3759)
 - Show/hide integration values [#3775](https://github.com/ethyca/fides/pull/3775)
 - Sort system cards alphabetically by name on "View systems" page [#3781](https://github.com/ethyca/fides/pull/3781)
+- Update admin ui to use new integration delete route [#3785](https://github.com/ethyca/fides/pull/3785)
 
 ### Removed
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
index 280fec3011..efdd881887 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/DeleteConnectionModal.tsx
@@ -19,20 +19,18 @@ import React from "react";
 import { TrashCanSolidIcon } from "~/features/common/Icon/TrashCanSolidIcon";
 
 type DataConnectionProps = {
-  connectionKey: string;
-  onDelete: (connection_key: string) => void;
+  onDelete: () => void;
   deleteResult: any;
 };
 
 const DeleteConnectionModal: React.FC<DataConnectionProps> = ({
-  connectionKey,
   onDelete,
   deleteResult,
 }) => {
   const { isOpen, onOpen, onClose } = useDisclosure();
 
   const handleDeleteConnection = () => {
-    onDelete(connectionKey);
+    onDelete();
   };
 
   const closeIfComplete = () => {
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
index 6660c03071..d866afc89f 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParameters.tsx
@@ -5,7 +5,6 @@ import { ConnectionTypeSecretSchemaReponse } from "connection-type/types";
 import {
   CreateSaasConnectionConfig,
   useCreateSassConnectionConfigMutation,
-  useDeleteDatastoreConnectionMutation,
   useGetConnectionConfigDatasetConfigsQuery,
 } from "datastore-connections/datastore-connection.slice";
 import { useDatasetConfigField } from "datastore-connections/system_portal_config/forms/fields/DatasetConfigField/DatasetConfigField";
@@ -26,6 +25,7 @@ import {
   ConnectionConfigSecretsRequest,
   selectActiveSystem,
   setActiveSystem,
+  useDeleteSystemConnectionConfigMutation,
   usePatchSystemConnectionConfigsMutation,
   usePatchSystemConnectionSecretsMutation,
 } from "~/features/system/system.slice";
@@ -198,7 +198,7 @@ export const useConnectorForm = ({
     usePatchSystemConnectionSecretsMutation();
   const [patchDatastoreConnection] = usePatchSystemConnectionConfigsMutation();
   const [deleteDatastoreConnection, deleteDatastoreConnectionResult] =
-    useDeleteDatastoreConnectionMutation();
+    useDeleteSystemConnectionConfigMutation();
   const { data: allDatasetConfigs } = useGetConnectionConfigDatasetConfigsQuery(
     connectionConfig?.key || ""
   );
@@ -209,9 +209,9 @@ export const useConnectorForm = ({
   );
   const activeSystem = useAppSelector(selectActiveSystem) as SystemResponse;
 
-  const handleDelete = async (id: string) => {
+  const handleDelete = async () => {
     try {
-      await deleteDatastoreConnection(id);
+      await deleteDatastoreConnection(systemFidesKey);
       // @ts-ignore connection_configs isn't on the type yet but will be in the future
       dispatch(setActiveSystem({ ...activeSystem, connection_configs: null }));
       setSelectedConnectionOption(undefined);
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index d7285b1cb5..4fe0d83646 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -68,7 +68,7 @@ type ConnectorParametersFormProps = {
   connectionOption: ConnectionSystemTypeMap;
   isCreatingConnectionConfig: boolean;
   datasetDropdownOptions: Option[];
-  onDelete: (id: string) => void;
+  onDelete: () => void;
   deleteResult: any;
 };
 
diff --git a/clients/admin-ui/src/features/system/system.slice.ts b/clients/admin-ui/src/features/system/system.slice.ts
index c5534e8a1e..ae043f5d24 100644
--- a/clients/admin-ui/src/features/system/system.slice.ts
+++ b/clients/admin-ui/src/features/system/system.slice.ts
@@ -126,6 +126,13 @@ const systemApi = baseApi.injectEndpoints({
       }),
       providesTags: ["Datamap", "System", "Datastore Connection"],
     }),
+    deleteSystemConnectionConfig: build.mutation({
+      query: (systemFidesKey) => ({
+        url: `/system/${systemFidesKey}/connection`,
+        method: "DELETE",
+      }),
+      invalidatesTags: () => ["Datastore Connection", "System"],
+    }),
   }),
 });
 
@@ -137,6 +144,7 @@ export const {
   useDeleteSystemMutation,
   useUpsertSystemsMutation,
   usePatchSystemConnectionConfigsMutation,
+  useDeleteSystemConnectionConfigMutation,
   useGetSystemConnectionConfigsQuery,
   usePatchSystemConnectionSecretsMutation,
 } = systemApi;
diff --git a/src/fides/api/api/v1/endpoints/system.py b/src/fides/api/api/v1/endpoints/system.py
index e94082f00e..fbe76156d3 100644
--- a/src/fides/api/api/v1/endpoints/system.py
+++ b/src/fides/api/api/v1/endpoints/system.py
@@ -1,6 +1,6 @@
 from typing import Dict, List, Optional
 
-from fastapi import Depends, Response, Security
+from fastapi import Depends, Response, Security, HTTPException
 from fastapi_pagination import Page, Params
 from fastapi_pagination.bases import AbstractPage
 from fastapi_pagination.ext.sqlalchemy import paginate
@@ -11,7 +11,7 @@
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import Session
 from starlette import status
-from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT
+from starlette.status import HTTP_200_OK, HTTP_204_NO_CONTENT, HTTP_404_NOT_FOUND
 
 from fides.api.api import deps
 from fides.api.api.v1.endpoints.saas_config_endpoints import instantiate_connection
@@ -190,7 +190,7 @@ def patch_connection_secrets(
 
 
 @SYSTEM_CONNECTIONS_ROUTER.delete(
-    "/{connection_key}",
+    "",
     dependencies=[
         Security(
             verify_oauth_client_for_system_from_fides_key, scopes=[CONNECTION_DELETE]
@@ -199,10 +199,17 @@ def patch_connection_secrets(
     status_code=HTTP_204_NO_CONTENT,
     response_model=None,
 )
-def delete_connection(
-    connection_key: FidesKey, *, db: Session = Depends(deps.get_db)
-) -> None:
-    delete_connection_config(db, connection_key)
+def delete_connection(fides_key: str, *, db: Session = Depends(deps.get_db)) -> None:
+    system = get_system(db, fides_key)
+    if system.connection_configs is None:
+        raise HTTPException(
+            status_code=HTTP_404_NOT_FOUND,
+            detail="No integration found linked to this system",
+        )
+
+    # system.connection_configs will temporarily only have one config
+    # it will be updated to have multiple configs in the future
+    delete_connection_config(db, system.connection_configs.key)
 
 
 @SYSTEM_ROUTER.put(
diff --git a/src/fides/api/db/system.py b/src/fides/api/db/system.py
index 924f8fb6d6..0ec276930a 100644
--- a/src/fides/api/db/system.py
+++ b/src/fides/api/db/system.py
@@ -37,7 +37,7 @@ def get_system(db: Session, fides_key: str) -> System:
     if system is None:
         raise HTTPException(
             status_code=HTTP_404_NOT_FOUND,
-            detail="A valid system must be provided to create or update connections",
+            detail="A valid system must be provided to create, update, and delete connections",
         )
     return system
 
diff --git a/tests/fixtures/postgres_fixtures.py b/tests/fixtures/postgres_fixtures.py
index 3ac0668026..c1bb19da30 100644
--- a/tests/fixtures/postgres_fixtures.py
+++ b/tests/fixtures/postgres_fixtures.py
@@ -3,6 +3,7 @@
 
 import pytest
 from sqlalchemy.orm import Session
+from sqlalchemy.orm.exc import ObjectDeletedError
 from sqlalchemy_utils.functions import drop_database
 
 from fides.api.db.session import get_db_engine, get_db_session
@@ -153,7 +154,11 @@ def connection_config(
         },
     )
     yield connection_config
-    connection_config.delete(db)
+
+    try:
+        connection_config.delete(db)
+    except ObjectDeletedError:
+        pass
 
 
 @pytest.fixture(scope="function")
diff --git a/tests/fixtures/saas/connection_template_fixtures.py b/tests/fixtures/saas/connection_template_fixtures.py
index c7e0debe20..3313301754 100644
--- a/tests/fixtures/saas/connection_template_fixtures.py
+++ b/tests/fixtures/saas/connection_template_fixtures.py
@@ -93,6 +93,7 @@ def instantiate_connector(
     fides_key,
     description,
     secrets,
+    system=None,
 ) -> tuple[ConnectionConfig, DatasetConfig]:
     """
     Helper to genericize instantiation of a SaaS connector
@@ -142,4 +143,9 @@ def instantiate_connector(
         conditions=(DatasetConfig.fides_key == fides_key),
     ).first()
     assert dataset_config is not None
+
+    if system:
+        system.connection_configs = connection_config
+        db.commit()
+
     return connection_config, dataset_config
diff --git a/tests/ops/api/v1/endpoints/test_system.py b/tests/ops/api/v1/endpoints/test_system.py
index 227976627a..450e965e5a 100644
--- a/tests/ops/api/v1/endpoints/test_system.py
+++ b/tests/ops/api/v1/endpoints/test_system.py
@@ -23,7 +23,7 @@
 from fides.api.models.fides_user import FidesUser
 from fides.api.models.manual_webhook import AccessManualWebhook
 from fides.api.models.privacy_request import PrivacyRequestStatus
-from fides.api.models.sql_models import Dataset
+from fides.api.models.sql_models import Dataset, System
 from fides.common.api.scope_registry import (
     CONNECTION_CREATE_OR_UPDATE,
     CONNECTION_DELETE,
@@ -129,7 +129,7 @@ def test_patch_connections_with_invalid_system(
         assert resp.status_code == HTTP_404_NOT_FOUND
         assert (
             resp.json()["detail"]
-            == "A valid system must be provided to create or update connections"
+            == "A valid system must be provided to create, update, and delete connections"
         )
 
     @pytest.mark.parametrize(
@@ -214,7 +214,7 @@ def test_get_connections_with_invalid_system(
 
         assert (
             resp.json()["detail"]
-            == "A valid system must be provided to create or update connections"
+            == "A valid system must be provided to create, update, and delete connections"
         )
         assert resp.status_code == HTTP_404_NOT_FOUND
 
@@ -387,11 +387,16 @@ def test_get_connection_configs_role(
 
 class TestDeleteSystemConnectionConfig:
     @pytest.fixture(scope="function")
-    def url(self, connection_config, system) -> str:
-        return (
-            V1_URL_PREFIX
-            + f"/system/{system.fides_key}/connection/{connection_config.key}"
-        )
+    def url(self, system) -> str:
+        return V1_URL_PREFIX + f"/system/{system.fides_key}/connection"
+
+    @pytest.fixture(scope="function")
+    def system_linked_with_connection_config(
+        self, system: System, connection_config, db: Session
+    ):
+        system.connection_configs = connection_config
+        db.commit()
+        return system
 
     def test_delete_connection_config_not_authenticated(
         self, url, api_client: TestClient, generate_auth_header, connection_config
@@ -409,14 +414,12 @@ def test_delete_connection_config_wrong_scope(
         assert resp.status_code == HTTP_403_FORBIDDEN
 
     def test_delete_connection_config_does_not_exist(
-        self, api_client: TestClient, generate_auth_header, system
+        self, api_client: TestClient, generate_auth_header, url
     ) -> None:
         auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
-        url = (
-            V1_URL_PREFIX + f"/system/{system.fides_key}/connection/non_existent_config"
-        )
         resp = api_client.delete(url, headers=auth_header)
         assert resp.status_code == HTTP_404_NOT_FOUND
+        assert resp.json()["detail"] == "No integration found linked to this system"
 
     def test_delete_connection_config(
         self,
@@ -424,11 +427,11 @@ def test_delete_connection_config(
         api_client: TestClient,
         db: Session,
         generate_auth_header,
-        connection_config,
+        system_linked_with_connection_config,
     ) -> None:
         auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
         # the key needs to be cached before the delete
-        key = connection_config.key
+        key = system_linked_with_connection_config.connection_configs.key
         resp = api_client.delete(url, headers=auth_header)
         assert resp.status_code == HTTP_204_NO_CONTENT
         assert db.query(ConnectionConfig).filter_by(key=key).first() is None
@@ -437,7 +440,6 @@ def test_delete_connection_config(
     def test_delete_manual_webhook_connection_config(
         self,
         mock_queue,
-        url,
         api_client: TestClient,
         db: Session,
         generate_auth_header,
@@ -447,8 +449,12 @@ def test_delete_manual_webhook_connection_config(
         system,
     ) -> None:
         """Assert both the connection config and its webhook are deleted"""
+        access_manual_webhook_id = access_manual_webhook.id
+        integration_manual_webhook_config_id = integration_manual_webhook_config.id
+        system.connection_configs = integration_manual_webhook_config
+        db.commit()
         assert (
-            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook.id).first()
+            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook_id).first()
             is not None
         )
 
@@ -458,27 +464,24 @@ def test_delete_manual_webhook_connection_config(
             .first()
             is not None
         )
-        url = (
-            V1_URL_PREFIX
-            + f"/system/{system.fides_key}/connection/{integration_manual_webhook_config.key}"
-        )
+        url = V1_URL_PREFIX + f"/system/{system.fides_key}/connection"
         auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
         resp = api_client.delete(url, headers=auth_header)
         assert resp.status_code == HTTP_204_NO_CONTENT
 
         assert (
-            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook.id).first()
+            db.query(AccessManualWebhook).filter_by(id=access_manual_webhook_id).first()
             is None
         )
 
         assert (
             db.query(ConnectionConfig)
-            .filter_by(key=integration_manual_webhook_config.key)
+            .filter_by(key=integration_manual_webhook_config_id)
             .first()
             is None
         )
         assert (
-            mock_queue.called
+            mock_queue.called == True
         ), "Deleting this last webhook caused 'requires_input' privacy requests to be queued"
         assert (
             mock_queue.call_args.kwargs["privacy_request_id"]
@@ -502,15 +505,13 @@ def test_delete_saas_connection_config(
             "secondary_sendgrid_instance",
             "Sendgrid ConnectionConfig description",
             secrets,
+            system,
         )
         dataset = dataset_config.ctl_dataset
 
         auth_header = generate_auth_header(scopes=[CONNECTION_DELETE])
 
-        url = (
-            V1_URL_PREFIX
-            + f"/system/{system.fides_key}/connection/{connection_config.key}"
-        )
+        url = V1_URL_PREFIX + f"/system/{connection_config.system.fides_key}/connection"
         resp = api_client.delete(url, headers=auth_header)
         assert resp.status_code == HTTP_204_NO_CONTENT
         assert (
@@ -537,24 +538,13 @@ def test_delete_connection_configs_role_viewer(
         acting_user_role,
         expected_status_code,
         assign_system,
-        system,
+        system_linked_with_connection_config,
         request,
         db: Session,
     ) -> None:
-        connection_config = ConnectionConfig.create(
-            db=db,
-            data={
-                "name": str(uuid4()),
-                "key": "my_postgres_db_1",
-                "connection_type": ConnectionType.postgres,
-                "access": AccessLevel.write,
-                "disabled": False,
-                "description": "Primary postgres connection",
-            },
-        )
         url = (
             V1_URL_PREFIX
-            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+            + f"/system/{system_linked_with_connection_config.fides_key}/connection"
         )
 
         acting_user_role = request.getfixturevalue(acting_user_role)
@@ -565,9 +555,13 @@ def test_delete_connection_configs_role_viewer(
                 scopes=[SYSTEM_MANAGER_UPDATE]
             )
             api_client.put(
-                assign_url, headers=system_manager_auth_header, json=[system.fides_key]
+                assign_url,
+                headers=system_manager_auth_header,
+                json=[system_linked_with_connection_config.fides_key],
+            )
+            auth_header = generate_system_manager_header(
+                [system_linked_with_connection_config.id]
             )
-            auth_header = generate_system_manager_header([system.id])
         else:
             auth_header = generate_role_header_for_user(
                 acting_user_role, roles=acting_user_role.permissions.roles
@@ -590,24 +584,13 @@ def test_delete_connection_configs_role_check(
         generate_auth_header,
         acting_user_role,
         expected_status_code,
-        system,
+        system_linked_with_connection_config,
         request,
         db: Session,
     ) -> None:
-        connection_config = ConnectionConfig.create(
-            db=db,
-            data={
-                "name": str(uuid4()),
-                "key": "my_postgres_db_1",
-                "connection_type": ConnectionType.postgres,
-                "access": AccessLevel.write,
-                "disabled": False,
-                "description": "Primary postgres connection",
-            },
-        )
         url = (
             V1_URL_PREFIX
-            + f"/system/{system.fides_key}/connection/{connection_config.key}"
+            + f"/system/{system_linked_with_connection_config.fides_key}/connection"
         )
 
         acting_user_role = request.getfixturevalue(acting_user_role)

From 361eb72b076fc74be6648e855ec5c23c1b123ed9 Mon Sep 17 00:00:00 2001
From: Adam Sachs <adam@ethyca.com>
Date: Wed, 19 Jul 2023 12:27:28 -0400
Subject: [PATCH 87/90] support active property on taxonomy elements (#3784)

---
 .fides/db_dataset.yml                         |  16 +++
 CHANGELOG.md                                  |   2 +
 ...b91_add_active_column_taxonomy_elements.py |  41 ++++++
 src/fides/api/api/v1/endpoints/generic.py     |   9 +-
 src/fides/api/models/sql_models.py            |   4 +
 src/fides/api/schemas/taxonomy_extensions.py  |  29 ++++
 tests/ctl/core/test_api.py                    | 126 ++++++++++++++++++
 7 files changed, 221 insertions(+), 6 deletions(-)
 create mode 100644 src/fides/api/alembic/migrations/versions/5abb65a8cb91_add_active_column_taxonomy_elements.py
 create mode 100644 src/fides/api/schemas/taxonomy_extensions.py

diff --git a/.fides/db_dataset.yml b/.fides/db_dataset.yml
index c18d939d08..352e7a8f74 100644
--- a/.fides/db_dataset.yml
+++ b/.fides/db_dataset.yml
@@ -376,6 +376,10 @@ dataset:
       data_categories:
         - system.operations
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: active
+      data_categories:
+        - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: ctl_data_qualifiers
     data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
     fields:
@@ -419,6 +423,10 @@ dataset:
       data_categories:
         - system.operations
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: active
+      data_categories:
+        - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: ctl_data_subjects
     data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
     fields:
@@ -470,6 +478,10 @@ dataset:
       data_categories:
         - system.operations
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: active
+      data_categories:
+        - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: ctl_data_uses
     data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
     fields:
@@ -536,6 +548,10 @@ dataset:
       data_categories:
         - system.operations
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    - name: active
+      data_categories:
+        - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
   - name: ctl_datasets
     data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
     fields:
diff --git a/CHANGELOG.md b/CHANGELOG.md
index baf891824c..f616f6d69c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -38,7 +38,9 @@ The types of changes are:
 - Removed "Custom field(s) successfully saved" toast [#3779](https://github.com/ethyca/fides/pull/3779)
 
 ### Added
+
 - Record when consent is served [#3777](https://github.com/ethyca/fides/pull/3777)
+- Add an `active` property to taxonomy elements [#3784](https://github.com/ethyca/fides/pull/3784)
 
 ### Fixed
 - Privacy notice UI's list of possible regions now matches the backend's list [#3787](https://github.com/ethyca/fides/pull/3787)
diff --git a/src/fides/api/alembic/migrations/versions/5abb65a8cb91_add_active_column_taxonomy_elements.py b/src/fides/api/alembic/migrations/versions/5abb65a8cb91_add_active_column_taxonomy_elements.py
new file mode 100644
index 0000000000..77b828e023
--- /dev/null
+++ b/src/fides/api/alembic/migrations/versions/5abb65a8cb91_add_active_column_taxonomy_elements.py
@@ -0,0 +1,41 @@
+"""add_active_column_taxonomy_elements
+
+Revision ID: 5abb65a8cb91
+Revises: 7c562441c589
+Create Date: 2023-07-14 11:08:55.169966
+
+"""
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision = "5abb65a8cb91"
+down_revision = "7c562441c589"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.add_column(
+        "ctl_data_categories",
+        sa.Column("active", sa.BOOLEAN(), nullable=False, server_default="t"),
+    )
+    op.add_column(
+        "ctl_data_subjects",
+        sa.Column("active", sa.BOOLEAN(), nullable=False, server_default="t"),
+    )
+    op.add_column(
+        "ctl_data_uses",
+        sa.Column("active", sa.BOOLEAN(), nullable=False, server_default="t"),
+    )
+    op.add_column(
+        "ctl_data_qualifiers",
+        sa.Column("active", sa.BOOLEAN(), nullable=False, server_default="t"),
+    )
+
+
+def downgrade():
+    op.drop_column("ctl_data_uses", "active")
+    op.drop_column("ctl_data_subjects", "active")
+    op.drop_column("ctl_data_categories", "active")
+    op.drop_column("ctl_data_qualifiers", "active")
diff --git a/src/fides/api/api/v1/endpoints/generic.py b/src/fides/api/api/v1/endpoints/generic.py
index 2b502d0d46..5158da86a1 100644
--- a/src/fides/api/api/v1/endpoints/generic.py
+++ b/src/fides/api/api/v1/endpoints/generic.py
@@ -2,16 +2,13 @@
 This module generates all of the routers for the boilerplate/generic
 objects that don't require any extra logic.
 """
-from fideslang import (
+from fideslang import Dataset, Evaluation, Organization, Policy, Registry
+
+from fides.api.schemas.taxonomy_extensions import (
     DataCategory,
     DataQualifier,
-    Dataset,
     DataSubject,
     DataUse,
-    Evaluation,
-    Organization,
-    Policy,
-    Registry,
 )
 
 from .router_factory import generic_router_factory  # type: ignore[attr-defined]
diff --git a/src/fides/api/models/sql_models.py b/src/fides/api/models/sql_models.py
index 9cd3d41b29..d54dbe84c7 100644
--- a/src/fides/api/models/sql_models.py
+++ b/src/fides/api/models/sql_models.py
@@ -152,6 +152,7 @@ class DataCategory(Base, FidesBase):
 
     parent_key = Column(Text)
     is_default = Column(BOOLEAN, default=False)
+    active = Column(BOOLEAN, default=True, nullable=False)
 
     @classmethod
     def from_fideslang_obj(
@@ -177,6 +178,7 @@ class DataQualifier(Base, FidesBase):
 
     parent_key = Column(Text)
     is_default = Column(BOOLEAN, default=False)
+    active = Column(BOOLEAN, default=True, nullable=False)
 
 
 class DataSubject(Base, FidesBase):
@@ -188,6 +190,7 @@ class DataSubject(Base, FidesBase):
     rights = Column(JSON, nullable=True)
     automated_decisions_or_profiling = Column(BOOLEAN, nullable=True)
     is_default = Column(BOOLEAN, default=False)
+    active = Column(BOOLEAN, default=True, nullable=False)
 
 
 class DataUse(Base, FidesBase):
@@ -204,6 +207,7 @@ class DataUse(Base, FidesBase):
     legitimate_interest = Column(BOOLEAN, nullable=True)
     legitimate_interest_impact_assessment = Column(String, nullable=True)
     is_default = Column(BOOLEAN, default=False)
+    active = Column(BOOLEAN, default=True, nullable=False)
 
     @staticmethod
     def get_parent_uses_from_key(data_use_key: str) -> Set[str]:
diff --git a/src/fides/api/schemas/taxonomy_extensions.py b/src/fides/api/schemas/taxonomy_extensions.py
new file mode 100644
index 0000000000..a229e33979
--- /dev/null
+++ b/src/fides/api/schemas/taxonomy_extensions.py
@@ -0,0 +1,29 @@
+"""
+Fides-specific extensions to the pydantic models of taxonomy elements as defined in fideslang.
+"""
+
+from fideslang.models import DataCategory as BaseDataCategory
+from fideslang.models import DataQualifier as BaseDataQualifier
+from fideslang.models import DataSubject as BaseDataSubject
+from fideslang.models import DataUse as BaseDataUse
+from pydantic import Field
+
+active_field = Field(
+    default=True, description="Indicates whether the resource is currently 'active'."
+)
+
+
+class DataUse(BaseDataUse):
+    active: bool = active_field
+
+
+class DataCategory(BaseDataCategory):
+    active: bool = active_field
+
+
+class DataQualifier(BaseDataQualifier):
+    active: bool = active_field
+
+
+class DataSubject(BaseDataSubject):
+    active: bool = active_field
diff --git a/tests/ctl/core/test_api.py b/tests/ctl/core/test_api.py
index 2d007c72f0..383389263e 100644
--- a/tests/ctl/core/test_api.py
+++ b/tests/ctl/core/test_api.py
@@ -27,6 +27,12 @@
 from fides.api.models.sql_models import Dataset, PrivacyDeclaration, System
 from fides.api.oauth.roles import OWNER, VIEWER
 from fides.api.schemas.system import PrivacyDeclarationResponse
+from fides.api.schemas.taxonomy_extensions import (
+    DataCategory,
+    DataQualifier,
+    DataSubject,
+    DataUse,
+)
 from fides.api.util.endpoint_utils import API_PREFIX, CLI_SCOPE_PREFIX_MAPPING
 from fides.common.api.scope_registry import (
     CREATE,
@@ -49,6 +55,12 @@
 CONFIG = get_config()
 
 TAXONOMY_ENDPOINTS = ["data_category", "data_subject", "data_use", "data_qualifier"]
+TAXONOMY_EXTENSIONS = {
+    "data_category": DataCategory,
+    "data_subject": DataSubject,
+    "data_use": DataUse,
+    "data_qualifier": DataQualifier,
+}
 
 
 # Helper Functions
@@ -1863,6 +1875,120 @@ def test_api_cannot_upsert_is_default(
         )
 
 
+@pytest.mark.integration
+class TestCrudActiveProperty:
+    """
+    Ensure `active` property is exposed properly via CRUD endpoints.
+    Specific tests for this property since it's a fides-specific
+    extension to the underlying fideslang taxonomy models.
+    """
+
+    @pytest.mark.parametrize("endpoint", TAXONOMY_ENDPOINTS)
+    def test_api_can_update_active_on_default(
+        self, test_config: FidesConfig, endpoint: str
+    ) -> None:
+        """Ensure we can toggle `active` property on default taxonomy elements"""
+        resource = getattr(DEFAULT_TAXONOMY, endpoint)[0]
+        resource = TAXONOMY_EXTENSIONS[endpoint](
+            **resource.dict()
+        )  # cast resource to extended model
+        resource.active = False
+        json_resource = resource.json(exclude_none=True)
+        result = _api.update(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            json_resource=json_resource,
+        )
+        assert result.status_code == 200
+        assert result.json()["active"] is False
+
+        result = _api.get(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            resource_id=resource.fides_key,
+        )
+        assert result.json()["active"] is False
+
+        resource.active = True
+        json_resource = resource.json(exclude_none=True)
+        result = _api.update(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            json_resource=json_resource,
+        )
+        assert result.status_code == 200
+        assert result.json()["active"] is True
+
+        result = _api.get(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            resource_id=resource.fides_key,
+        )
+        assert result.json()["active"] is True
+
+    @pytest.mark.parametrize("endpoint", TAXONOMY_ENDPOINTS)
+    def test_api_can_create_with_active_property(
+        self,
+        test_config: FidesConfig,
+        endpoint: str,
+        generate_auth_header,
+    ) -> None:
+        """Ensure we can create taxonomy elements with `active` property set"""
+        # get a default taxonomy element as a sample resource
+        resource = getattr(DEFAULT_TAXONOMY, endpoint)[0]
+        resource = TAXONOMY_EXTENSIONS[endpoint](
+            **resource.dict()
+        )  # cast resource to extended model
+        resource.fides_key = resource.fides_key + "_test_create_active_false"
+        resource.is_default = False
+        resource.active = False
+        json_resource = resource.json(exclude_none=True)
+        token_scopes: List[str] = [f"{CLI_SCOPE_PREFIX_MAPPING[endpoint]}:{CREATE}"]
+        auth_header = generate_auth_header(scopes=token_scopes)
+        result = _api.create(
+            url=test_config.cli.server_url,
+            headers=auth_header,
+            resource_type=endpoint,
+            json_resource=json_resource,
+        )
+        assert result.status_code == 201
+        assert result.json()["active"] is False
+
+        result = _api.get(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            resource_id=resource.fides_key,
+        )
+        assert result.json()["active"] is False
+
+        resource.fides_key = resource.fides_key + "_test_create_active_true"
+        resource.active = True
+        json_resource = resource.json(exclude_none=True)
+        token_scopes: List[str] = [f"{CLI_SCOPE_PREFIX_MAPPING[endpoint]}:{CREATE}"]
+        auth_header = generate_auth_header(scopes=token_scopes)
+        result = _api.create(
+            url=test_config.cli.server_url,
+            headers=auth_header,
+            resource_type=endpoint,
+            json_resource=json_resource,
+        )
+        assert result.status_code == 201
+        assert result.json()["active"] is True
+
+        result = _api.get(
+            url=test_config.cli.server_url,
+            headers=test_config.user.auth_header,
+            resource_type=endpoint,
+            resource_id=resource.fides_key,
+        )
+        assert result.json()["active"] is True
+
+
 @pytest.mark.integration
 def test_static_sink(test_config: FidesConfig) -> None:
     """Make sure we are hosting something at / and not getting a 404"""

From f28be4a5da07dc3041e0c7304ea8da5516ad0bd6 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 19 Jul 2023 10:17:44 -0700
Subject: [PATCH 88/90] Removing unused property from DeleteConnectionModal
 (#3831)

---
 CHANGELOG.md                                                     | 1 +
 .../system_portal_config/forms/ConnectorParametersForm.tsx       | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f616f6d69c..7e4efc04e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -44,6 +44,7 @@ The types of changes are:
 
 ### Fixed
 - Privacy notice UI's list of possible regions now matches the backend's list [#3787](https://github.com/ethyca/fides/pull/3787)
+- Admin UI "property does not existing" build issue [#3831](https://github.com/ethyca/fides/pull/3831)
 
 ## [2.16.0](https://github.com/ethyca/fides/compare/2.15.1...2.16.0)
 
diff --git a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
index 4fe0d83646..c603a5fe40 100644
--- a/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
+++ b/clients/admin-ui/src/features/datastore-connections/system_portal_config/forms/ConnectorParametersForm.tsx
@@ -292,7 +292,6 @@ const ConnectorParametersForm: React.FC<ConnectorParametersFormProps> = ({
               ) : null}
               {connectionConfig ? (
                 <DeleteConnectionModal
-                  connectionKey={connectionConfig.key}
                   onDelete={onDelete}
                   deleteResult={deleteResult}
                 />

From 9d5acdbc192e426adb8361a1bd0029ac4a0a935e Mon Sep 17 00:00:00 2001
From: Catherine Smith <eastandwestwind@gmail.com>
Date: Wed, 19 Jul 2023 19:44:25 +0100
Subject: [PATCH 89/90] Prefetch geolocation and experience API calls (#3698)

---
 CHANGELOG.md                                  |  2 +
 clients/fides-js/src/fides.ts                 |  2 +
 .../src/services/external/geolocation.ts      |  2 +-
 .../__tests__/common/geolocation.test.ts      | 85 ++++++++++++++-----
 clients/privacy-center/common/geolocation.ts  | 25 ++++--
 clients/privacy-center/pages/api/fides-js.ts  | 43 ++++++++--
 6 files changed, 123 insertions(+), 36 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7e4efc04e3..05541a565c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,6 +20,8 @@ The types of changes are:
 ### Added
 
 - Tab component for `fides-js` [#3782](https://github.com/ethyca/fides/pull/3782)
+- Prefetches API calls as part of Fides.js [#3698](https://github.com/ethyca/fides/pull/3698)
+
 ### Developer Experience
 
 - Changed where db-dependent routers were imported to avoid dependency issues [#3741](https://github.com/ethyca/fides/pull/3741)
diff --git a/clients/fides-js/src/fides.ts b/clients/fides-js/src/fides.ts
index 3d25c550b2..bd191721d1 100644
--- a/clients/fides-js/src/fides.ts
+++ b/clients/fides-js/src/fides.ts
@@ -330,6 +330,8 @@ if (typeof window !== "undefined") {
 
 // Export everything from ./lib/* to use when importing fides.mjs as a module
 export * from "./components";
+export * from "./services/fides/api";
+export * from "./services/external/geolocation";
 export * from "./lib/consent";
 export * from "./lib/consent-context";
 export * from "./lib/consent-types";
diff --git a/clients/fides-js/src/services/external/geolocation.ts b/clients/fides-js/src/services/external/geolocation.ts
index d4e9add3ab..eadeadfb4b 100644
--- a/clients/fides-js/src/services/external/geolocation.ts
+++ b/clients/fides-js/src/services/external/geolocation.ts
@@ -1,4 +1,4 @@
-import { UserGeolocation } from "~/lib/consent-types";
+import { UserGeolocation } from "../../lib/consent-types";
 import { debugLog } from "../../lib/consent-utils";
 
 /**
diff --git a/clients/privacy-center/__tests__/common/geolocation.test.ts b/clients/privacy-center/__tests__/common/geolocation.test.ts
index 063d620797..8256e51cb9 100644
--- a/clients/privacy-center/__tests__/common/geolocation.test.ts
+++ b/clients/privacy-center/__tests__/common/geolocation.test.ts
@@ -1,10 +1,22 @@
 import { createRequest } from "node-mocks-http";
 
-import { getGeolocation } from "~/common/geolocation";
+import { lookupGeolocation } from "~/common/geolocation";
+import { PrivacyCenterClientSettings } from "~/app/server-environment";
 
 describe("getGeolocation", () => {
+  const privacyCenterSettings: PrivacyCenterClientSettings = {
+    FIDES_API_URL: "",
+    DEBUG: false,
+    GEOLOCATION_API_URL: "",
+    IS_GEOLOCATION_ENABLED: false,
+    IS_OVERLAY_ENABLED: false,
+    TCF_ENABLED: false,
+    OVERLAY_PARENT_ID: null,
+    MODAL_LINK_ID: null,
+    PRIVACY_CENTER_URL: "privacy.example.com",
+  };
   describe("when using geolocation headers", () => {
-    it("returns geolocation data from country & region headers", () => {
+    it("returns geolocation data from country & region headers", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js",
         headers: {
@@ -12,7 +24,7 @@ describe("getGeolocation", () => {
           "CloudFront-Viewer-Country-Region": "NY",
         },
       });
-      const geolocation = getGeolocation(req);
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
       expect(geolocation).toEqual({
         country: "US",
         location: "US-NY",
@@ -20,49 +32,49 @@ describe("getGeolocation", () => {
       });
     });
 
-    it("returns geolocation data from country header", () => {
+    it("returns geolocation data from country header", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js",
         headers: {
           "CloudFront-Viewer-Country": "FR",
         },
       });
-      const geolocation = getGeolocation(req);
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
       expect(geolocation).toEqual({
         country: "FR",
         location: "FR",
       });
     });
 
-    it("ignores only region headers", () => {
+    it("ignores only region headers", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js",
         headers: {
           "CloudFront-Viewer-Country-Region": "NY",
         },
       });
-      const geolocation = getGeolocation(req);
-      expect(geolocation).toBeUndefined();
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
+      expect(geolocation).toBeNull();
     });
 
-    it("handles invalid geolocation headers", () => {
+    it("handles invalid geolocation headers", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js",
         headers: {
           "CloudFront-Viewer-Country": "Magicland",
         },
       });
-      const geolocation = getGeolocation(req);
-      expect(geolocation).toBeUndefined();
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
+      expect(geolocation).toBeNull();
     });
   });
 
   describe("when using ?geolocation query param", () => {
-    it("returns geolocation data from query param", () => {
+    it("returns geolocation data from query param", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js?geolocation=FR-IDF",
       });
-      const geolocation = getGeolocation(req);
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
       expect(geolocation).toEqual({
         country: "FR",
         location: "FR-IDF",
@@ -70,24 +82,24 @@ describe("getGeolocation", () => {
       });
     });
 
-    it("handles invalid geolocation query param", () => {
+    it("handles invalid geolocation query param", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js?geolocation=America",
       });
-      const geolocation = getGeolocation(req);
-      expect(geolocation).toBeUndefined();
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
+      expect(geolocation).toBeNull();
     });
   });
 
   describe("when using both headers and query param", () => {
-    it("overrides headers with explicit geolocation query param", () => {
+    it("overrides headers with explicit geolocation query param", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js?geolocation=US-CA",
         headers: {
           "CloudFront-Viewer-Country": "FR",
         },
       });
-      const geolocation = getGeolocation(req);
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
       expect(geolocation).toEqual({
         country: "US",
         location: "US-CA",
@@ -96,13 +108,42 @@ describe("getGeolocation", () => {
     });
   });
 
-  describe("when using neither headers nor query param", () => {
-    it("returns undefined geolocation", () => {
+  describe("when using neither headers nor query param nor geolocation URL", () => {
+    it("returns undefined geolocation", async () => {
       const req = createRequest({
         url: "https://privacy.example.com/fides.js",
       });
-      const geolocation = getGeolocation(req);
-      expect(geolocation).toBeUndefined();
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
+      expect(geolocation).toBeNull();
+    });
+  });
+
+  describe("when using geolocation URL", () => {
+    it("fetches data from geolocation URL", async () => {
+      privacyCenterSettings.IS_GEOLOCATION_ENABLED = true;
+      privacyCenterSettings.GEOLOCATION_API_URL = "some-geolocation-api.com";
+      privacyCenterSettings.IS_OVERLAY_ENABLED = true;
+      global.fetch = jest.fn(() =>
+        Promise.resolve({
+          ok: true,
+          json: () =>
+            Promise.resolve({
+              country: "US",
+              location: "US-CA",
+              region: "CA",
+            }),
+        })
+      ) as jest.Mock;
+      const req = createRequest({
+        url: "https://privacy.example.com/fides.js",
+      });
+
+      const geolocation = await lookupGeolocation(req, privacyCenterSettings);
+      expect(geolocation).toEqual({
+        country: "US",
+        location: "US-CA",
+        region: "CA",
+      });
     });
   });
 });
diff --git a/clients/privacy-center/common/geolocation.ts b/clients/privacy-center/common/geolocation.ts
index 5a5f732b6a..efd8458b51 100644
--- a/clients/privacy-center/common/geolocation.ts
+++ b/clients/privacy-center/common/geolocation.ts
@@ -1,5 +1,6 @@
 import type { NextApiRequest } from "next";
-import type { UserGeolocation } from "fides-js";
+import { getGeolocation, UserGeolocation } from "fides-js";
+import { PrivacyCenterClientSettings } from "~/app/server-environment";
 
 // Regex to validate a location string, which must:
 // 1) Start with a 2-3 character country code (e.g. "US")
@@ -20,14 +21,15 @@ export const LOCATION_HEADERS = [
  * Lookup the "geolocation" (ie country and region) for the given request by looking for either:
  * 1) An explicit "geolocation" query param (e.g. https://privacy.example.com/some/path?geolocation=US-CA)
  * 2) Supported geolocation headers (e.g. "Cloudfront-Viewer-Country: US")
+ * 3) A geolocation API URL to infer location based on IP
  *
- * If neither of these are found, return an undefined geolocation.
+ * If none of these are found, return a null geolocation.
  *
- * NOTE: This specifically *does not* include performing a geo-IP lookup... yet!
  */
-export const getGeolocation = (
-  req: NextApiRequest
-): UserGeolocation | undefined => {
+export const lookupGeolocation = async (
+  req: NextApiRequest,
+  settings: PrivacyCenterClientSettings
+): Promise<UserGeolocation | null> => {
   // DEFER: read headers to determine & return the request's IP address
 
   // Check for a provided "geolocation" query param
@@ -62,5 +64,14 @@ export const getGeolocation = (
       };
     }
   }
-  return undefined;
+
+  // Get geolocation using API URL, if provided and overlay is enabled, else null is returned
+  if (settings.IS_OVERLAY_ENABLED) {
+    return getGeolocation(
+      settings.IS_GEOLOCATION_ENABLED,
+      settings.GEOLOCATION_API_URL,
+      settings.DEBUG
+    );
+  }
+  return null;
 };
diff --git a/clients/privacy-center/pages/api/fides-js.ts b/clients/privacy-center/pages/api/fides-js.ts
index df1a36eb1f..35f39535ed 100644
--- a/clients/privacy-center/pages/api/fides-js.ts
+++ b/clients/privacy-center/pages/api/fides-js.ts
@@ -3,9 +3,15 @@ import { promises as fsPromises } from "fs";
 import type { NextApiRequest, NextApiResponse } from "next";
 import { CacheControl, stringify } from "cache-control-parser";
 
-import { ConsentOption, FidesConfig } from "fides-js";
+import {
+  ConsentOption,
+  FidesConfig,
+  constructFidesRegionString,
+  CONSENT_COOKIE_NAME,
+  fetchExperience,
+} from "fides-js";
 import { loadPrivacyCenterEnvironment } from "~/app/server-environment";
-import { getGeolocation, LOCATION_HEADERS } from "~/common/geolocation";
+import { lookupGeolocation, LOCATION_HEADERS } from "~/common/geolocation";
 
 const FIDES_JS_MAX_AGE_SECONDS = 60 * 60; // one hour
 
@@ -52,9 +58,6 @@ export default async function handler(
   req: NextApiRequest,
   res: NextApiResponse
 ) {
-  // Check if a geolocation was provided via headers or query param; if so, inject into the bundle
-  const geolocation = getGeolocation(req);
-
   // Load the configured consent options (data uses, defaults, etc.) from environment
   const environment = await loadPrivacyCenterEnvironment();
   let options: ConsentOption[] = [];
@@ -67,6 +70,33 @@ export default async function handler(
     }));
   }
 
+  // Check if a geolocation was provided via headers, query param, or obtainable via a geolocation URL;
+  // if so, inject into the bundle, along with privacy experience
+  const geolocation = await lookupGeolocation(req, environment.settings);
+  let experience;
+  if (geolocation) {
+    const fidesRegionString = constructFidesRegionString(geolocation);
+    if (fidesRegionString && environment.settings.IS_OVERLAY_ENABLED) {
+      let fidesUserDeviceId = null;
+      if (Object.keys(req.cookies).length) {
+        const fidesCookie = req.cookies[CONSENT_COOKIE_NAME];
+        if (fidesCookie) {
+          fidesUserDeviceId =
+            JSON.parse(fidesCookie)?.identity?.fides_user_device_id;
+        }
+      }
+      if (environment.settings.DEBUG) {
+        console.log("Fetching relevant experiences from server-side...");
+      }
+      experience = await fetchExperience(
+        fidesRegionString,
+        environment.settings.FIDES_API_URL,
+        fidesUserDeviceId,
+        environment.settings.DEBUG
+      );
+    }
+  }
+
   // Create the FidesConfig JSON that will be used to initialize fides.js
   const fidesConfig: FidesConfig = {
     consent: {
@@ -83,7 +113,8 @@ export default async function handler(
       fidesApiUrl: environment.settings.FIDES_API_URL,
       tcfEnabled: environment.settings.TCF_ENABLED,
     },
-    geolocation,
+    experience: experience || undefined,
+    geolocation: geolocation || undefined,
   };
   const fidesConfigJSON = JSON.stringify(fidesConfig);
 

From d6d8121fecad2ffcb9b6ea62bd131fc62da7d6c1 Mon Sep 17 00:00:00 2001
From: Adrian Galvan <adrian@ethyca.com>
Date: Wed, 19 Jul 2023 13:31:51 -0700
Subject: [PATCH 90/90] Adding location override (#3814)

---
 .../features/consent/consent.slice.ts         | 28 +++++++++++++++----
 clients/privacy-center/pages/index.tsx        | 24 ++++++++++++++--
 2 files changed, 45 insertions(+), 7 deletions(-)

diff --git a/clients/privacy-center/features/consent/consent.slice.ts b/clients/privacy-center/features/consent/consent.slice.ts
index ef412546fb..8f5d716539 100644
--- a/clients/privacy-center/features/consent/consent.slice.ts
+++ b/clients/privacy-center/features/consent/consent.slice.ts
@@ -110,12 +110,15 @@ type State = {
   persistedFidesKeyToConsent: FidesKeyToConsent;
   /** User id based on the device */
   fidesUserDeviceId: string | undefined;
+  /** Location (ex: US-CA) */
+  location: string | undefined;
 };
 
 const initialState: State = {
   fidesKeyToConsent: {},
   persistedFidesKeyToConsent: {},
   fidesUserDeviceId: undefined,
+  location: undefined,
 };
 
 export const consentSlice = createSlice({
@@ -157,6 +160,14 @@ export const consentSlice = createSlice({
     ) {
       draftState.fidesUserDeviceId = payload;
     },
+
+    setLocation(draftState, action: PayloadAction<string | undefined>) {
+      draftState.location = action.payload;
+    },
+
+    clearLocation(draftState) {
+      draftState.location = undefined;
+    },
   },
 });
 
@@ -165,6 +176,8 @@ export const {
   changeConsent,
   updateUserConsentPreferencesFromApi,
   setFidesUserDeviceId,
+  setLocation,
+  clearLocation,
 } = consentSlice.actions;
 
 export const selectConsentState = (state: RootState) => state.consent;
@@ -186,13 +199,18 @@ export const selectFidesUserDeviceId = createSelector(
 );
 
 export const selectUserRegion = createSelector(
-  [(RootState) => RootState, selectSettings],
-  (RootState, settingsState) => {
+  [(RootState) => RootState, selectConsentState, selectSettings],
+  (RootState, consentState, settingsState) => {
     const { settings } = settingsState;
     if (settings?.IS_GEOLOCATION_ENABLED && settings?.GEOLOCATION_API_URL) {
-      const geolocation = consentApi.endpoints.getUserGeolocation.select(
-        settings.GEOLOCATION_API_URL
-      )(RootState)?.data;
+      let geolocation: UserGeolocation | undefined = {
+        location: consentState.location,
+      };
+      if (!geolocation.location) {
+        geolocation = consentApi.endpoints.getUserGeolocation.select(
+          settings.GEOLOCATION_API_URL
+        )(RootState)?.data;
+      }
       return constructFidesRegionString(geolocation) as PrivacyNoticeRegion;
     }
     return undefined;
diff --git a/clients/privacy-center/pages/index.tsx b/clients/privacy-center/pages/index.tsx
index 1416052824..71d072de73 100644
--- a/clients/privacy-center/pages/index.tsx
+++ b/clients/privacy-center/pages/index.tsx
@@ -24,13 +24,18 @@ import PrivacyCard from "~/components/PrivacyCard";
 import ConsentCard from "~/components/consent/ConsentCard";
 import { useConfig } from "~/features/common/config.slice";
 import { useSubscribeToPrivacyExperienceQuery } from "~/features/consent/hooks";
-import { useAppSelector } from "~/app/hooks";
-import { selectPrivacyExperience } from "~/features/consent/consent.slice";
+import { useAppDispatch, useAppSelector } from "~/app/hooks";
+import {
+  clearLocation,
+  selectPrivacyExperience,
+  setLocation,
+} from "~/features/consent/consent.slice";
 import NoticeEmptyStateModal from "~/components/modals/NoticeEmptyStateModal";
 import { selectIsNoticeDriven } from "~/features/common/settings.slice";
 
 const Home: NextPage = () => {
   const router = useRouter();
+  const dispatch = useAppDispatch();
   const config = useConfig();
   const [isVerificationRequired, setIsVerificationRequired] =
     useState<boolean>(false);
@@ -64,6 +69,21 @@ const Home: NextPage = () => {
   // The subscription automatically handles skipping if overlay is not enabled
   useSubscribeToPrivacyExperienceQuery();
   const noticeEmptyStateModal = useDisclosure();
+
+  useEffect(() => {
+    if (router.query.geolocation) {
+      // Ensure the query parameter is a string
+      const geolocation = Array.isArray(router.query.geolocation)
+        ? router.query.geolocation[0]
+        : router.query.geolocation;
+
+      dispatch(setLocation(geolocation));
+    } else {
+      // clear the location override if the geolocation query param isn't provided
+      dispatch(clearLocation());
+    }
+  }, [router.query.geolocation, dispatch]);
+
   const experience = useAppSelector(selectPrivacyExperience);
   const isNoticeDriven = useAppSelector(selectIsNoticeDriven);
   const emptyNotices =