Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add authenticated privacy request route #1819

Merged
merged 8 commits into from
Nov 21, 2022
Merged

Add authenticated privacy request route #1819

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
ce8decd
Add authenticated privacy request route
Nov 18, 2022
8d2630c
Move function to create parent user.
Nov 18, 2022
62535cc
Add tests
Nov 18, 2022
fd73580
Update changelog
Nov 18, 2022
a7cd8aa
Merge remote-tracking branch 'origin/main' into ps-authenticated-priv…
Nov 18, 2022
1063425
Remove commented code
Nov 19, 2022
60c72b4
Merge remote-tracking branch 'origin/main' into ps-authenticated-priv…
Nov 19, 2022
fcc880c
fix merge conflict - keep load_registry only within try block
Nov 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ The types of changes are:
* Privacy-Center-Cypress workflow for CI checks of the Privacy Center. [#1722](https://github.com/ethyca/fides/pull/1722)
* Privacy Center `fides-consent.js` script for accessing consent on external pages. [Details](/clients/privacy-center/packages/fides-consent/README.md)
* Erasure support for Twilio Conversations API [#1673](https://github.com/ethyca/fides/pull/1673)
* Add authenticated privacy request route. [#1819](https://github.com/ethyca/fides/pull/1819)

### Changed

Expand Down
62 changes: 62 additions & 0 deletions src/fides/api/ctl/database/seed.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,18 @@
from fideslang import DEFAULT_TAXONOMY
from fideslib.exceptions import KeyOrNameAlreadyExists
from fideslib.models.client import ClientDetail
from fideslib.models.fides_user import FidesUser
from fideslib.models.fides_user_permissions import FidesUserPermissions
from fideslib.utils.text import to_snake_case
from loguru import logger as log

from fides.api.ctl.database.session import sync_session
from fides.api.ctl.sql_models import sql_model_map # type: ignore[attr-defined]
from fides.api.ctl.utils.errors import AlreadyExistsError, QueryError
from fides.api.ops.api.v1.scope_registry import (
PRIVACY_REQUEST_CREATE,
PRIVACY_REQUEST_READ,
)
from fides.api.ops.models.policy import ActionType, DrpAction, Policy, Rule, RuleTarget
from fides.api.ops.models.storage import StorageConfig
from fides.api.ops.schemas.storage.storage import (
Expand All @@ -34,6 +40,62 @@
DEFAULT_ERASURE_MASKING_STRATEGY = "hmac"


def create_or_update_parent_user() -> None:
with sync_session() as db_session:
if (
not CONFIG.security.parent_server_username
and not CONFIG.security.parent_server_password
):
return

if (
CONFIG.security.parent_server_username
and not CONFIG.security.parent_server_password
or CONFIG.security.parent_server_password
and not CONFIG.security.parent_server_username
):
# Both log and raise are here because the raise message is not showing.
# It could potentially be related to https://github.com/ethyca/fides/issues/1228
adamsachs marked this conversation as resolved.
Show resolved Hide resolved
log.error(
"Both a parent_server_user and parent_server_password must be set to create a parent server user"
)
raise ValueError(
"Both a parent_server_user and parent_server_password must be set to create a parent server user"
)

user = (
FidesUser.get_by(
db_session,
field="username",
value=CONFIG.security.parent_server_username,
)
if CONFIG.security.parent_server_username
else None
)

if user and CONFIG.security.parent_server_password:
if not user.credentials_valid(CONFIG.security.parent_server_password):
log.info("Updating parent user")
user.update_password(db_session, CONFIG.security.parent_server_password)
return

log.info("Creating parent user")
user = FidesUser.create(
db=db_session,
data={
"username": CONFIG.security.parent_server_username,
"password": CONFIG.security.parent_server_password,
},
)
FidesUserPermissions.create(
db=db_session,
data={
"user_id": user.id,
"scopes": [PRIVACY_REQUEST_CREATE, PRIVACY_REQUEST_READ],
},
)


def filter_data_categories(
categories: List[str], excluded_categories: List[str]
) -> List[str]:
Expand Down
3 changes: 3 additions & 0 deletions src/fides/api/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

from fides.api.ctl import view
from fides.api.ctl.database.database import configure_db
from fides.api.ctl.database.seed import create_or_update_parent_user
from fides.api.ctl.routes import admin, crud, datamap, generate, health, validate
from fides.api.ctl.routes.util import API_PREFIX
from fides.api.ctl.ui import (
Expand Down Expand Up @@ -218,6 +219,8 @@ async def setup_server() -> None:

await configure_db(CONFIG.database.sync_database_uri)

create_or_update_parent_user()

log.info("Validating SaaS connector templates...")
try:
registry = load_registry(registry_file)
Expand Down
Loading