Add fideslib models auth (#915)

* Add fideslib models * Fix migration * Fix migration issues * Update CHANGELOG * Run isort * Merge alembic heads to fix error after merging main * Run black and isort * Add new tables to annotations Co-authored-by: Paul Sanders <[email protected]>
ethyca · Jul 18, 2022 · 6dcf74c · 6dcf74c
1 parent c5d4b08
commit 6dcf74c
Show file tree

Hide file tree

Showing 9 changed files with 800 additions and 58 deletions.
diff --git a/.fides/dataset.yml b/.fides/dataset.yml
@@ -26,6 +26,123 @@ dataset:
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
       retention: null
       fields: null
+  - name: auditlog
+    description: null
+    data_categories: null
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    retention: null
+    fields:
+    - name: created_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: action
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: message
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: privacy_request_id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: updated_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: user_id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+  - name: client
+    description: null
+    data_categories: null
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    retention: null
+    fields:
+    - name: created_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: fides_key
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: hashed_secret
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: salt
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: scopes
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: updated_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: user_id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
   - name: data_categories
     description: null
     data_categories: null
@@ -551,6 +668,123 @@ dataset:
       data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
       retention: null
       fields: null
+  - name: fidesuser
+    description: null
+    data_categories: null
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    retention: null
+    fields:
+    - name: created_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: first_name
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: hashed_password
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: last_login_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: last_name
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: password_reset_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: salt
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: updated_at
+      description: The timestamp of when the row was created
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: username
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+  - name: fidesuserpermissions
+    description: null
+    data_categories: null
+    data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+    retention: null
+    fields:
+    - name: created_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: scopes
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: updated_at
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
+    - name: user_id
+      description: null
+      data_categories:
+      - system.operations
+      data_qualifier: aggregated.anonymized.unlinked_pseudonymized.pseudonymized.identified
+      retention: null
+      fields: null
   - name: organizations
     description: null
     data_categories: null

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -33,6 +33,7 @@ The types of changes are:
 * Add db support to `/generate` endpoint [849](https://github.com/ethyca/fides/pull/849)
 * Add BigQuery support for the `generate` cli command [#814](https://github.com/ethyca/fides/pull/814)
 * Added OpenAPI TypeScript client generation for the UI app. See the [README](/clients/admin-ui/src/types/api/README.md) for more details.
+* Added user auth tables [915](https://github.com/ethyca/fides/pull/915)
 * Standardized API error parsing under `~/types/errors`
 
 ### Changed
@@ -44,6 +45,7 @@ The types of changes are:
 * Webserver dependencies now come as a standard part of the package [#881](https://github.com/ethyca/fides/pull/881)
 * Initial configuration wizard UI view
   * Refactored step & form results management to use Redux Toolkit slice.
+* Change `id` field in tables from an integer to a string [915](https://github.com/ethyca/fides/pull/915)
 * Update `fideslang` to `1.1.0`, simplifying the default taxonomy and adding `tags` for resources [#865](https://github.com/ethyca/fides/pull/865)
 * Remove the `obscure` requirement from the `generate` endpoint [#819](https://github.com/ethyca/fides/pull/819)
 

diff --git a/src/fidesctl/api/database/crud.py b/src/fidesctl/api/database/crud.py
@@ -4,6 +4,7 @@
 """
 from typing import Dict, List, Tuple
 
+from fideslib.db.base import Base
 from loguru import logger as log
 from sqlalchemy import column
 from sqlalchemy import delete as _delete
@@ -13,15 +14,14 @@
 from sqlalchemy.future import select
 
 from fidesctl.api.database.session import async_session
-from fidesctl.api.sql_models import SqlAlchemyBase
 from fidesctl.api.utils import errors
 
 
 # CRUD Functions
 async def create_resource(
-    sql_model: SqlAlchemyBase,
+    sql_model: Base,
     resource_dict: Dict,
-) -> SqlAlchemyBase:
+) -> Base:
     """Create a resource in the database."""
     with log.contextualize(
         sql_model=sql_model.__name__, fides_key=resource_dict["fides_key"]
@@ -53,7 +53,7 @@ async def create_resource(
         return await get_resource(sql_model, resource_dict["fides_key"])
 
 
-async def get_resource(sql_model: SqlAlchemyBase, fides_key: str) -> SqlAlchemyBase:
+async def get_resource(sql_model: Base, fides_key: str) -> Base:
     """
     Get a resource from the databse by its FidesKey.
 
@@ -80,7 +80,7 @@ async def get_resource(sql_model: SqlAlchemyBase, fides_key: str) -> SqlAlchemyB
         return sql_resource
 
 
-async def list_resource(sql_model: SqlAlchemyBase) -> List[SqlAlchemyBase]:
+async def list_resource(sql_model: Base) -> List[Base]:
     """
     Get a list of all of the resources of this type from the database.
 
@@ -104,7 +104,7 @@ async def list_resource(sql_model: SqlAlchemyBase) -> List[SqlAlchemyBase]:
         return sql_resources
 
 
-async def update_resource(sql_model: SqlAlchemyBase, resource_dict: Dict) -> Dict:
+async def update_resource(sql_model: Base, resource_dict: Dict) -> Dict:
     """Update a resource in the database by its fides_key."""
 
     with log.contextualize(
@@ -131,7 +131,7 @@ async def update_resource(sql_model: SqlAlchemyBase, resource_dict: Dict) -> Dic
 
 
 async def upsert_resources(
-    sql_model: SqlAlchemyBase,
+    sql_model: Base,
     resource_dicts: List[Dict],
 ) -> Tuple[int, int]:
     """
@@ -180,7 +180,7 @@ async def upsert_resources(
                     raise error
 
 
-async def delete_resource(sql_model: SqlAlchemyBase, fides_key: str) -> SqlAlchemyBase:
+async def delete_resource(sql_model: Base, fides_key: str) -> Base:
     """Delete a resource by its fides_key."""
 
     with log.contextualize(sql_model=sql_model.__name__, fides_key=fides_key):

diff --git a/src/fidesctl/api/database/database.py b/src/fidesctl/api/database/database.py
@@ -7,11 +7,12 @@
 from alembic.config import Config
 from alembic.runtime import migration
 from fideslang import DEFAULT_TAXONOMY
+from fideslib.db.base import Base
 from loguru import logger as log
 from sqlalchemy import create_engine
 from sqlalchemy_utils.functions import create_database, database_exists
 
-from fidesctl.api.sql_models import SqlAlchemyBase, sql_model_map
+from fidesctl.api.sql_models import sql_model_map
 from fidesctl.api.utils.errors import (
     AlreadyExistsError,
     QueryError,
@@ -107,7 +108,7 @@ def reset_db(database_url: str) -> None:
     log.info("Resetting database")
     engine = get_db_engine(database_url)
     connection = engine.connect()
-    SqlAlchemyBase.metadata.drop_all(connection)
+    Base.metadata.drop_all(connection)
 
     migration_context = migration.MigrationContext.configure(connection)
     version = migration_context._version  # pylint: disable=protected-access

diff --git a/src/fidesctl/api/migrations/env.py b/src/fidesctl/api/migrations/env.py
@@ -24,9 +24,9 @@
 # for 'autogenerate' support
 # from myapp import mymodel
 # target_metadata = mymodel.Base.metadata
-from fidesctl.api.sql_models import SqlAlchemyBase
+from fidesctl.api.sql_models import Base
 
-target_metadata = SqlAlchemyBase.metadata
+target_metadata = Base.metadata
 
 # other values from the config, defined by the needs of env.py,
 # can be acquired: