diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 000000000..901b896fe --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +src/fidesops/_version.py export-subst diff --git a/.github/workflows/publish.yml b/.github/workflows/publish_to_dockerhub.yml similarity index 95% rename from .github/workflows/publish.yml rename to .github/workflows/publish_to_dockerhub.yml index 45010ed4c..4e70984b2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish_to_dockerhub.yml @@ -1,4 +1,4 @@ -name: Publish +name: Publish to DockerHub on: push: diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml new file mode 100644 index 000000000..d0f83bbd8 --- /dev/null +++ b/.github/workflows/publish_to_pypi.yml @@ -0,0 +1,30 @@ +name: Publish to PyPI + +on: + release: + types: [published] + +env: + TWINE_USERNAME: __token__ + +jobs: + publish_to_pypi: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Install Twine + run: pip install twine + + - name: Create Source Distribution + run: python setup.py sdist + + - name: Test Twine Upload + run: twine upload --repository testpypi dist/* + env: + TWINE_PASSWORD: ${{ secrets.TESTPYPI_TOKEN }} + + - name: Production Twine Upload + run: twine upload dist/* + env: + TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} diff --git a/.github/workflows/safe_pr_checks.yml b/.github/workflows/safe_pr_checks.yml index 8c1cd8de6..2f790d65f 100644 --- a/.github/workflows/safe_pr_checks.yml +++ b/.github/workflows/safe_pr_checks.yml @@ -36,4 +36,4 @@ jobs: - name: Integration Tests run: make pytest-integration - timeout-minutes: 20 \ No newline at end of file + timeout-minutes: 20 diff --git a/MANIFEST.in b/MANIFEST.in new file mode 100644 index 000000000..4e09213df --- /dev/null +++ b/MANIFEST.in @@ -0,0 +1,7 @@ +include LICENSE +include README.md +include requirements.txt +include dev-requirements.txt +include versioneer.py +include src/fidesops/alembic.ini +include src/fidesops/_version.py diff --git a/docs/fidesops/docs/guides/privacy_requests.md b/docs/fidesops/docs/guides/privacy_requests.md index fab99308a..baf8ae8a8 100644 --- a/docs/fidesops/docs/guides/privacy_requests.md +++ b/docs/fidesops/docs/guides/privacy_requests.md @@ -89,7 +89,7 @@ An optional denial reason can be provided when denying a Privacy Request: ## How do I monitor Privacy Requests as they execute? Privacy Requests can be monitored at any time throughout their execution by submitting any of the following requests: -`GET api/v1/privacy-request?id=` +`GET api/v1/privacy-request?request_id=` `GET api/v1/privacy-request?external_id=` diff --git a/docs/fidesops/docs/guides/reporting.md b/docs/fidesops/docs/guides/reporting.md index ea1b4f0f8..eb20c1f26 100644 --- a/docs/fidesops/docs/guides/reporting.md +++ b/docs/fidesops/docs/guides/reporting.md @@ -45,7 +45,7 @@ Check out the [API docs here](/fidesops/api#operations-Privacy_Requests-get_requ Use the `id` query param to view the high level status of a single privacy request. -`GET api/v1/privacy-request?id=` +`GET api/v1/privacy-request?request_id=` If an `external_id` was provided at request creation, we can also track the privacy request using: @@ -98,7 +98,7 @@ logs for `my-postgres-db` (when the `order` collection is starting and finishing that were potentially returned or masked based on the Rules you've specified on the Policy. The embedded execution logs are automatically truncated at 50 logs, so to view the entire list of logs, visit the execution logs endpoint separately. -`GET api/v1/privacy-request?id={privacy_request_id}&verbose=True` +`GET api/v1/privacy-request?request_id={privacy_request_id}&verbose=True` ```json { diff --git a/docs/fidesops/docs/postman/Fidesops.postman_collection.json b/docs/fidesops/docs/postman/Fidesops.postman_collection.json index 459c5a811..86bd62b1f 100644 --- a/docs/fidesops/docs/postman/Fidesops.postman_collection.json +++ b/docs/fidesops/docs/postman/Fidesops.postman_collection.json @@ -774,7 +774,7 @@ "method": "GET", "header": [], "url": { - "raw": "{{host}}/privacy-request/?id={{privacy_request_id}}&verbose=True", + "raw": "{{host}}/privacy-request/?request_id={{privacy_request_id}}&verbose=True", "host": [ "{{host}}" ], @@ -784,7 +784,7 @@ ], "query": [ { - "key": "id", + "key": "request_id", "value": "{{privacy_request_id}}" }, { diff --git a/pyproject.toml b/pyproject.toml index 684e398c9..3d54c778a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -39,22 +39,28 @@ exclude = ''' [tool.pylint.messages_control] disable=[ "bad-option-value", - "line-too-long", - "invalid-name", - "too-few-public-methods", - "no-self-argument", + "broad-except", "dangerous-default-value", "duplicate-code", - "logging-fstring-interpolation", + "fixme", "import-error", - "unused-argument", - "no-self-use", "import-outside-toplevel", - "unsubscriptable-object", # Otherwise throws errors on certain Type annotations + "invalid-name", + "line-too-long", + "logging-fstring-interpolation", + "missing-class-docstring", + "missing-function-docstring", "missing-module-docstring", + "no-self-argument", + "no-self-use", "raise-missing-from", + "too-few-public-methods", "too-many-ancestors", - "fixme"] + "too-many-arguments", + "unnecessary-comprehension", + "unsubscriptable-object", # Otherwise throws errors on certain Type annotations + "unused-argument", +] [tool.pylint.reports] reports="no" diff --git a/requirements.txt b/requirements.txt index e690bbdd9..cb272aa1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,35 +1,36 @@ +alembic==1.6.5 APScheduler==3.8.0 +bcrypt~=3.2.0 +boto3~=1.18.14 +click==7.1.2 +cryptography~=3.4.8 +dask==2021.10.0 +email-validator +emails +fastapi-caching[redis] +fastapi-pagination[sqlalchemy]~= 0.8.3 fastapi[all]==0.68.1 -sqlalchemy==1.4.14 -alembic==1.6.5 fidesctl==0.9.8.4 -python-jose[cryptography]==3.3.0 +multidimensional_urlencode==0.0.4 +pandas==1.3.3 passlib[bcrypt]==1.7.2 psycopg2-binary==2.9.1 -email-validator -emails -fastapi-caching[redis] -sqlalchemy-stubs==0.4 -SQLAlchemy-Utils==0.37.8 -redis==3.5.3 pydantic~=1.8.2 -starlette~=0.14.2 -python-dotenv~=0.19.0 -bcrypt~=3.2.0 -Unidecode==1.2.0 -uvicorn~=0.13.4 pydash==5.0.2 -boto3~=1.18.14 -cryptography~=3.4.8 -fastapi-pagination[sqlalchemy]~= 0.8.3 -dask==2021.10.0 -requests~=2.25.0 +pyjwt pymongo==3.12.0 -pandas==1.3.3 -click==7.1.2 PyMySQL==1.0.2 -sqlalchemy-redshift==0.8.8 +python-dotenv~=0.19.0 +python-jose[cryptography]==3.3.0 +redis==3.5.3 +requests~=2.25.0 snowflake-sqlalchemy==1.3.2 sqlalchemy-bigquery==1.3.0 -multidimensional_urlencode==0.0.4 -pyjwt +sqlalchemy-redshift==0.8.8 +sqlalchemy-stubs==0.4 +SQLAlchemy-Utils==0.37.8 +sqlalchemy==1.4.14 +starlette~=0.14.2 +Unidecode==1.2.0 +uvicorn~=0.13.4 +versioneer==0.19 diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 000000000..53892a5c7 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,11 @@ +[versioneer] +VCS = git +style = pep440 +versionfile_source = src/fidesops/_version.py +versionfile_build = fidesops/_version.py +tag_prefix = +parentdir_prefix = + +[mypy] +[mypy-src.fidesops._version] +ignore_errors = True diff --git a/setup.py b/setup.py index acbac3aa6..3d80ef0d3 100644 --- a/setup.py +++ b/setup.py @@ -1,5 +1,8 @@ import pathlib -from setuptools import setup, find_packages + +from setuptools import find_packages, setup + +import versioneer here = pathlib.Path(__file__).parent.resolve() long_description = open("README.md").read() @@ -10,6 +13,8 @@ setup( name="fidesops", + version=versioneer.get_version(), + cmdclass=versioneer.get_cmdclass(), description="Automation engine for privacy requests", long_description=long_description, long_description_content_type="text/markdown", @@ -18,6 +23,7 @@ python_requires=">=3.7, <4", package_dir={"": "src"}, packages=find_packages(where="src"), + package_data={"fidesops": ["alembic.ini"]}, include_package_data=True, author="Ethyca, Inc.", author_email="fidesteam@ethyca.com", diff --git a/src/fidesops/__init__.py b/src/fidesops/__init__.py index e69de29bb..80edaf050 100644 --- a/src/fidesops/__init__.py +++ b/src/fidesops/__init__.py @@ -0,0 +1,4 @@ +from ._version import get_versions + +__version__ = get_versions()["version"] +del get_versions diff --git a/src/fidesops/_version.py b/src/fidesops/_version.py new file mode 100644 index 000000000..c738ea6ca --- /dev/null +++ b/src/fidesops/_version.py @@ -0,0 +1,564 @@ +# pylint: skip-file +# type: ignore + +# This file helps to compute a version number in source trees obtained from +# git-archive tarball (such as those provided by githubs download-from-tag +# feature). Distribution tarballs (built by setup.py sdist) and build +# directories (produced by setup.py build) will contain a much shorter file +# that just contains the computed version number. + +# This file is released into the public domain. Generated by +# versioneer-0.19 (https://github.com/python-versioneer/python-versioneer) + +"""Git implementation of _version.py.""" + +import errno +import os +import re +import subprocess +import sys + + +def get_keywords(): + """Get the keywords needed to look up the version information.""" + # these strings will be replaced by git during git-archive. + # setup.py/versioneer.py will grep for the variable names, so they must + # each be defined on a line of their own. _version.py will just call + # get_keywords(). + git_refnames = "$Format:%d$" + git_full = "$Format:%H$" + git_date = "$Format:%ci$" + keywords = {"refnames": git_refnames, "full": git_full, "date": git_date} + return keywords + + +class VersioneerConfig: + """Container for Versioneer configuration parameters.""" + + +def get_config(): + """Create, populate and return the VersioneerConfig() object.""" + # these strings are filled in when 'setup.py versioneer' creates + # _version.py + cfg = VersioneerConfig() + cfg.VCS = "git" + cfg.style = "pep440" + cfg.tag_prefix = "" + cfg.parentdir_prefix = "" + cfg.versionfile_source = "src/fidesops/_version.py" + cfg.verbose = False + return cfg + + +class NotThisMethod(Exception): + """Exception raised if a method is not valid for the current scenario.""" + + +LONG_VERSION_PY = {} +HANDLERS = {} + + +def register_vcs_handler(vcs, method): # decorator + """Create decorator to mark a method as the handler of a VCS.""" + + def decorate(f): + """Store f in HANDLERS[vcs][method].""" + if vcs not in HANDLERS: + HANDLERS[vcs] = {} + HANDLERS[vcs][method] = f + return f + + return decorate + + +def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False, env=None): + """Call the given command(s).""" + assert isinstance(commands, list) + p = None + for c in commands: + try: + dispcmd = str([c] + args) + # remember shell=False, so use git.cmd on windows, not just git + p = subprocess.Popen( + [c] + args, + cwd=cwd, + env=env, + stdout=subprocess.PIPE, + stderr=(subprocess.PIPE if hide_stderr else None), + ) + break + except EnvironmentError: + e = sys.exc_info()[1] + if e.errno == errno.ENOENT: + continue + if verbose: + print("unable to run %s" % dispcmd) + print(e) + return None, None + else: + if verbose: + print("unable to find command, tried %s" % (commands,)) + return None, None + stdout = p.communicate()[0].strip().decode() + if p.returncode != 0: + if verbose: + print("unable to run %s (error)" % dispcmd) + print("stdout was %s" % stdout) + return None, p.returncode + return stdout, p.returncode + + +def versions_from_parentdir(parentdir_prefix, root, verbose): + """Try to determine the version from the parent directory name. + + Source tarballs conventionally unpack into a directory that includes both + the project name and a version string. We will also support searching up + two directory levels for an appropriately named parent directory + """ + rootdirs = [] + + for i in range(3): + dirname = os.path.basename(root) + if dirname.startswith(parentdir_prefix): + return { + "version": dirname[len(parentdir_prefix) :], + "full-revisionid": None, + "dirty": False, + "error": None, + "date": None, + } + else: + rootdirs.append(root) + root = os.path.dirname(root) # up a level + + if verbose: + print( + "Tried directories %s but none started with prefix %s" + % (str(rootdirs), parentdir_prefix) + ) + raise NotThisMethod("rootdir doesn't start with parentdir_prefix") + + +@register_vcs_handler("git", "get_keywords") +def git_get_keywords(versionfile_abs): + """Extract version information from the given file.""" + # the code embedded in _version.py can just fetch the value of these + # keywords. When used from setup.py, we don't want to import _version.py, + # so we do it with a regexp instead. This function is not used from + # _version.py. + keywords = {} + try: + f = open(versionfile_abs, "r") + for line in f.readlines(): + if line.strip().startswith("git_refnames ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["refnames"] = mo.group(1) + if line.strip().startswith("git_full ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["full"] = mo.group(1) + if line.strip().startswith("git_date ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["date"] = mo.group(1) + f.close() + except EnvironmentError: + pass + return keywords + + +@register_vcs_handler("git", "keywords") +def git_versions_from_keywords(keywords, tag_prefix, verbose): + """Get version information from git keywords.""" + if not keywords: + raise NotThisMethod("no keywords at all, weird") + date = keywords.get("date") + if date is not None: + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + + # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant + # datestamp. However we prefer "%ci" (which expands to an "ISO-8601 + # -like" string, which we must then edit to make compliant), because + # it's been around since git-1.5.3, and it's too difficult to + # discover which version we're using, or to work around using an + # older one. + date = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + refnames = keywords["refnames"].strip() + if refnames.startswith("$Format"): + if verbose: + print("keywords are unexpanded, not using") + raise NotThisMethod("unexpanded keywords, not a git-archive tarball") + refs = set([r.strip() for r in refnames.strip("()").split(",")]) + # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of + # just "foo-1.0". If we see a "tag: " prefix, prefer those. + TAG = "tag: " + tags = set([r[len(TAG) :] for r in refs if r.startswith(TAG)]) + if not tags: + # Either we're using git < 1.8.3, or there really are no tags. We use + # a heuristic: assume all version tags have a digit. The old git %d + # expansion behaves like git log --decorate=short and strips out the + # refs/heads/ and refs/tags/ prefixes that would let us distinguish + # between branches and tags. By ignoring refnames without digits, we + # filter out many common branch names like "release" and + # "stabilization", as well as "HEAD" and "master". + tags = set([r for r in refs if re.search(r"\d", r)]) + if verbose: + print("discarding '%s', no digits" % ",".join(refs - tags)) + if verbose: + print("likely tags: %s" % ",".join(sorted(tags))) + for ref in sorted(tags): + # sorting will prefer e.g. "2.0" over "2.0rc1" + if ref.startswith(tag_prefix): + r = ref[len(tag_prefix) :] + if verbose: + print("picking %s" % r) + return { + "version": r, + "full-revisionid": keywords["full"].strip(), + "dirty": False, + "error": None, + "date": date, + } + # no suitable tags, so version is "0+unknown", but full hex is still there + if verbose: + print("no suitable tags, using unknown + full revision id") + return { + "version": "0+unknown", + "full-revisionid": keywords["full"].strip(), + "dirty": False, + "error": "no suitable tags", + "date": None, + } + + +@register_vcs_handler("git", "pieces_from_vcs") +def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command): + """Get version from 'git describe' in the root of the source tree. + + This only gets called if the git-archive 'subst' keywords were *not* + expanded, and _version.py hasn't already been rewritten with a short + version string, meaning we're inside a checked out source tree. + """ + GITS = ["git"] + if sys.platform == "win32": + GITS = ["git.cmd", "git.exe"] + + out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root, hide_stderr=True) + if rc != 0: + if verbose: + print("Directory %s not under git control" % root) + raise NotThisMethod("'git rev-parse --git-dir' returned error") + + # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty] + # if there isn't one, this yields HEX[-dirty] (no NUM) + describe_out, rc = run_command( + GITS, + [ + "describe", + "--tags", + "--dirty", + "--always", + "--long", + "--match", + "%s*" % tag_prefix, + ], + cwd=root, + ) + # --long was added in git-1.5.5 + if describe_out is None: + raise NotThisMethod("'git describe' failed") + describe_out = describe_out.strip() + full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root) + if full_out is None: + raise NotThisMethod("'git rev-parse' failed") + full_out = full_out.strip() + + pieces = {} + pieces["long"] = full_out + pieces["short"] = full_out[:7] # maybe improved later + pieces["error"] = None + + # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty] + # TAG might have hyphens. + git_describe = describe_out + + # look for -dirty suffix + dirty = git_describe.endswith("-dirty") + pieces["dirty"] = dirty + if dirty: + git_describe = git_describe[: git_describe.rindex("-dirty")] + + # now we have TAG-NUM-gHEX or HEX + + if "-" in git_describe: + # TAG-NUM-gHEX + mo = re.search(r"^(.+)-(\d+)-g([0-9a-f]+)$", git_describe) + if not mo: + # unparseable. Maybe git-describe is misbehaving? + pieces["error"] = "unable to parse git-describe output: '%s'" % describe_out + return pieces + + # tag + full_tag = mo.group(1) + if not full_tag.startswith(tag_prefix): + if verbose: + fmt = "tag '%s' doesn't start with prefix '%s'" + print(fmt % (full_tag, tag_prefix)) + pieces["error"] = "tag '%s' doesn't start with prefix '%s'" % ( + full_tag, + tag_prefix, + ) + return pieces + pieces["closest-tag"] = full_tag[len(tag_prefix) :] + + # distance: number of commits since tag + pieces["distance"] = int(mo.group(2)) + + # commit: short hex revision ID + pieces["short"] = mo.group(3) + + else: + # HEX: no tags + pieces["closest-tag"] = None + count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"], cwd=root) + pieces["distance"] = int(count_out) # total number of commits + + # commit date: see ISO-8601 comment in git_versions_from_keywords() + date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"], cwd=root)[ + 0 + ].strip() + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + + return pieces + + +def plus_or_dot(pieces): + """Return a + if we don't already have one, else return a .""" + if "+" in pieces.get("closest-tag", ""): + return "." + return "+" + + +def render_pep440(pieces): + """Build up version string, with post-release "local version identifier". + + Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you + get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty + + Exceptions: + 1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += plus_or_dot(pieces) + rendered += "%d.g%s" % (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + else: + # exception #1 + rendered = "0+untagged.%d.g%s" % (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + return rendered + + +def render_pep440_pre(pieces): + """TAG[.post0.devDISTANCE] -- No -dirty. + + Exceptions: + 1: no tags. 0.post0.devDISTANCE + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += ".post0.dev%d" % pieces["distance"] + else: + # exception #1 + rendered = "0.post0.dev%d" % pieces["distance"] + return rendered + + +def render_pep440_post(pieces): + """TAG[.postDISTANCE[.dev0]+gHEX] . + + The ".dev0" means dirty. Note that .dev0 sorts backwards + (a dirty tree will appear "older" than the corresponding clean one), + but you shouldn't be releasing software with -dirty anyways. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += plus_or_dot(pieces) + rendered += "g%s" % pieces["short"] + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += "+g%s" % pieces["short"] + return rendered + + +def render_pep440_old(pieces): + """TAG[.postDISTANCE[.dev0]] . + + The ".dev0" means dirty. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + return rendered + + +def render_git_describe(pieces): + """TAG[-DISTANCE-gHEX][-dirty]. + + Like 'git describe --tags --dirty --always'. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render_git_describe_long(pieces): + """TAG-DISTANCE-gHEX[-dirty]. + + Like 'git describe --tags --dirty --always -long'. + The distance/hash is unconditional. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render(pieces, style): + """Render the given version pieces into the requested style.""" + if pieces["error"]: + return { + "version": "unknown", + "full-revisionid": pieces.get("long"), + "dirty": None, + "error": pieces["error"], + "date": None, + } + + if not style or style == "default": + style = "pep440" # the default + + if style == "pep440": + rendered = render_pep440(pieces) + elif style == "pep440-pre": + rendered = render_pep440_pre(pieces) + elif style == "pep440-post": + rendered = render_pep440_post(pieces) + elif style == "pep440-old": + rendered = render_pep440_old(pieces) + elif style == "git-describe": + rendered = render_git_describe(pieces) + elif style == "git-describe-long": + rendered = render_git_describe_long(pieces) + else: + raise ValueError("unknown style '%s'" % style) + + return { + "version": rendered, + "full-revisionid": pieces["long"], + "dirty": pieces["dirty"], + "error": None, + "date": pieces.get("date"), + } + + +def get_versions(): + """Get version information or return default if unable to do so.""" + # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have + # __file__, we can work backwards from there to the root. Some + # py2exe/bbfreeze/non-CPython implementations don't do __file__, in which + # case we can only use expanded keywords. + + cfg = get_config() + verbose = cfg.verbose + + try: + return git_versions_from_keywords(get_keywords(), cfg.tag_prefix, verbose) + except NotThisMethod: + pass + + try: + root = os.path.realpath(__file__) + # versionfile_source is the relative path from the top of the source + # tree (where the .git directory might live) to this file. Invert + # this to find the root from __file__. + for i in cfg.versionfile_source.split("/"): + root = os.path.dirname(root) + except NameError: + return { + "version": "0+unknown", + "full-revisionid": None, + "dirty": None, + "error": "unable to find root of source tree", + "date": None, + } + + try: + pieces = git_pieces_from_vcs(cfg.tag_prefix, root, verbose) + return render(pieces, cfg.style) + except NotThisMethod: + pass + + try: + if cfg.parentdir_prefix: + return versions_from_parentdir(cfg.parentdir_prefix, root, verbose) + except NotThisMethod: + pass + + return { + "version": "0+unknown", + "full-revisionid": None, + "dirty": None, + "error": "unable to compute version", + "date": None, + } diff --git a/src/fidesops/api/__init__.py b/src/fidesops/api/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/api/v1/endpoints/policy_endpoints.py b/src/fidesops/api/v1/endpoints/policy_endpoints.py index 83cf52c19..5c6bd898c 100644 --- a/src/fidesops/api/v1/endpoints/policy_endpoints.py +++ b/src/fidesops/api/v1/endpoints/policy_endpoints.py @@ -16,11 +16,11 @@ from fidesops.api.v1 import urn_registry as urls from fidesops.common_exceptions import ( DataCategoryNotSupported, + DrpActionValidationError, KeyOrNameAlreadyExists, PolicyValidationError, RuleTargetValidationError, RuleValidationError, - DrpActionValidationError, ) from fidesops.models.client import ClientDetail from fidesops.models.policy import ActionType, Policy, Rule, RuleTarget @@ -180,7 +180,7 @@ def create_or_update_rules( for schema in input_data: # Validate all FKs in the input data exist associated_storage_config_id = None - if schema.action_type == ActionType.access.value: + if schema.action_type == ActionType.access: # Only validate the associated StorageConfig on access rules storage_destination_key = schema.storage_destination_key associated_storage_config: StorageConfig = StorageConfig.get_by( @@ -200,8 +200,8 @@ def create_or_update_rules( } failed.append(BulkUpdateFailed(**failure)) continue - else: - associated_storage_config_id = associated_storage_config.id + + associated_storage_config_id = associated_storage_config.id masking_strategy_data = None if schema.masking_strategy: diff --git a/src/fidesops/api/v1/endpoints/policy_webhook_endpoints.py b/src/fidesops/api/v1/endpoints/policy_webhook_endpoints.py index 3a8f17960..93d9ce4f1 100644 --- a/src/fidesops/api/v1/endpoints/policy_webhook_endpoints.py +++ b/src/fidesops/api/v1/endpoints/policy_webhook_endpoints.py @@ -1,5 +1,5 @@ import logging -from typing import List, Union +from typing import List from fastapi import APIRouter, Body, Depends, Security from fastapi_pagination import Page, Params diff --git a/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py b/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py index ae4eb43a9..72e63870c 100644 --- a/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py +++ b/src/fidesops/api/v1/endpoints/privacy_request_endpoints.py @@ -1,3 +1,5 @@ +# pylint: disable=too-many-branches,too-many-locals + import csv import io import logging @@ -50,12 +52,12 @@ from fidesops.schemas.privacy_request import ( BulkPostPrivacyRequests, BulkReviewResponse, + DenyPrivacyRequests, ExecutionLogDetailResponse, PrivacyRequestCreate, PrivacyRequestResponse, PrivacyRequestVerboseResponse, ReviewPrivacyRequestIds, - DenyPrivacyRequests, ) from fidesops.service.privacy_request.request_runner_service import PrivacyRequestRunner from fidesops.service.privacy_request.request_service import ( @@ -212,7 +214,7 @@ def privacy_request_csv_download( ) privacy_request_ids: List[str] = [r.id for r in privacy_request_query] denial_audit_log_query: Query = db.query(AuditLog).filter( - AuditLog.action == AuditLogAction.denied.value, + AuditLog.action == AuditLogAction.denied, AuditLog.privacy_request_id.in_(privacy_request_ids), ) denial_audit_logs: Dict[str, str] = { @@ -270,7 +272,7 @@ def execution_logs_by_dataset_name( def _filter_privacy_request_queryset( query: Query, db: Session = Depends(deps.get_db), - id: Optional[str] = None, + request_id: Optional[str] = None, status: Optional[PrivacyRequestStatus] = None, created_lt: Optional[datetime] = None, created_gt: Optional[datetime] = None, @@ -299,20 +301,21 @@ def _filter_privacy_request_queryset( ]: if end is None or start is None: continue + if not (isinstance(end, datetime) and isinstance(start, datetime)): continue - else: - if end < start: - # With date fields, if the start date is after the end date, return a 400 - # because no records will lie within this range. - raise HTTPException( - status_code=HTTP_400_BAD_REQUEST, - detail=f"Value specified for {field_name}_lt: {end} must be after {field_name}_gt: {start}.", - ) + + if end < start: + # With date fields, if the start date is after the end date, return a 400 + # because no records will lie within this range. + raise HTTPException( + status_code=HTTP_400_BAD_REQUEST, + detail=f"Value specified for {field_name}_lt: {end} must be after {field_name}_gt: {start}.", + ) # Further restrict all PrivacyRequests by query params - if id: - query = query.filter(PrivacyRequest.id.ilike(f"{id}%")) + if request_id: + query = query.filter(PrivacyRequest.id.ilike(f"{request_id}%")) if external_id: query = query.filter(PrivacyRequest.external_id.ilike(f"{external_id}%")) if status: @@ -327,22 +330,22 @@ def _filter_privacy_request_queryset( query = query.filter(PrivacyRequest.started_processing_at > started_gt) if completed_lt: query = query.filter( - PrivacyRequest.status == PrivacyRequestStatus.complete.value, + PrivacyRequest.status == PrivacyRequestStatus.complete, PrivacyRequest.finished_processing_at < completed_lt, ) if completed_gt: query = query.filter( - PrivacyRequest.status == PrivacyRequestStatus.complete.value, + PrivacyRequest.status == PrivacyRequestStatus.complete, PrivacyRequest.finished_processing_at > completed_gt, ) if errored_lt: query = query.filter( - PrivacyRequest.status == PrivacyRequestStatus.error.value, + PrivacyRequest.status == PrivacyRequestStatus.error, PrivacyRequest.finished_processing_at < errored_lt, ) if errored_gt: query = query.filter( - PrivacyRequest.status == PrivacyRequestStatus.error.value, + PrivacyRequest.status == PrivacyRequestStatus.error, PrivacyRequest.finished_processing_at > errored_gt, ) @@ -363,7 +366,7 @@ def get_request_status( *, db: Session = Depends(deps.get_db), params: Params = Depends(), - id: Optional[str] = None, + request_id: Optional[str] = None, status: Optional[PrivacyRequestStatus] = None, created_lt: Optional[datetime] = None, created_gt: Optional[datetime] = None, @@ -380,7 +383,7 @@ def get_request_status( ) -> Union[StreamingResponse, AbstractPage[PrivacyRequest]]: """Returns PrivacyRequest information. Supports a variety of optional query params. - To fetch a single privacy request, use the id query param `?id=`. + To fetch a single privacy request, use the request_id query param `?request_id=`. To see individual execution logs, use the verbose query param `?verbose=True`. """ @@ -389,7 +392,7 @@ def get_request_status( query = _filter_privacy_request_queryset( query, db, - id, + request_id, status, created_lt, created_gt, @@ -409,7 +412,7 @@ def get_request_status( # Conditionally embed execution log details in the response. if verbose: - logger.info(f"Finding execution log details") + logger.info("Finding execution log details") PrivacyRequest.execution_logs_by_dataset = property( execution_logs_by_dataset_name ) @@ -472,7 +475,7 @@ def get_request_preview_queries( if not dataset_configs: raise HTTPException( status_code=HTTP_404_NOT_FOUND, - detail=f"No datasets could be found", + detail="No datasets could be found", ) else: for dataset_key in dataset_keys: @@ -522,7 +525,7 @@ def get_request_preview_queries( logger.info(f"Dry run failed: {err}") raise HTTPException( status_code=HTTP_400_BAD_REQUEST, - detail=f"Dry run failed", + detail="Dry run failed", ) @@ -587,7 +590,7 @@ def review_privacy_request( if privacy_request.status != PrivacyRequestStatus.pending: failed.append( { - "message": f"Cannot transition status", + "message": "Cannot transition status", "data": PrivacyRequestResponse.from_orm(privacy_request), } ) diff --git a/src/fidesops/api/v1/endpoints/storage_endpoints.py b/src/fidesops/api/v1/endpoints/storage_endpoints.py index 37a1cb205..9fcb44b48 100644 --- a/src/fidesops/api/v1/endpoints/storage_endpoints.py +++ b/src/fidesops/api/v1/endpoints/storage_endpoints.py @@ -135,7 +135,7 @@ def patch_config( failed.append( BulkUpdateFailed( **{ - "message": f"Error creating or updating storage config.", + "message": "Error creating or updating storage config.", "data": destination.dict(), } ) diff --git a/src/fidesops/api/v1/endpoints/user_endpoints.py b/src/fidesops/api/v1/endpoints/user_endpoints.py index 50b869cb3..456fb5bdb 100644 --- a/src/fidesops/api/v1/endpoints/user_endpoints.py +++ b/src/fidesops/api/v1/endpoints/user_endpoints.py @@ -1,14 +1,11 @@ import logging +from datetime import datetime from typing import Optional from fastapi import APIRouter, Depends, HTTPException, Security -from fastapi_pagination.ext.sqlalchemy import paginate from fastapi_pagination import Page, Params from fastapi_pagination.bases import AbstractPage - - -from datetime import datetime - +from fastapi_pagination.ext.sqlalchemy import paginate from sqlalchemy.orm import Session from sqlalchemy_utils import escape_like from starlette.status import ( @@ -23,6 +20,14 @@ from fidesops.api import deps from fidesops.api.v1 import urn_registry as urls +from fidesops.api.v1.scope_registry import ( + PRIVACY_REQUEST_READ, + USER_CREATE, + USER_DELETE, + USER_PASSWORD_RESET, + USER_READ, + USER_UPDATE, +) from fidesops.api.v1.urn_registry import V1_URL_PREFIX from fidesops.models.client import ADMIN_UI_ROOT, ClientDetail from fidesops.models.fidesops_user import FidesopsUser @@ -31,26 +36,13 @@ from fidesops.schemas.user import ( UserCreate, UserCreateResponse, - UserUpdate, UserLogin, + UserLoginResponse, UserPasswordReset, UserResponse, - UserLoginResponse, -) - -from fidesops.util.oauth_util import ( - get_current_user, - verify_oauth_client, -) - -from fidesops.api.v1.scope_registry import ( - USER_CREATE, - USER_UPDATE, - PRIVACY_REQUEST_READ, - USER_READ, - USER_DELETE, - USER_PASSWORD_RESET, + UserUpdate, ) +from fidesops.util.oauth_util import get_current_user, verify_oauth_client logger = logging.getLogger(__name__) router = APIRouter(tags=["Users"], prefix=V1_URL_PREFIX) @@ -108,7 +100,7 @@ def _validate_current_user(user_id: str, user_from_token: FidesopsUser) -> None: if user_id != user_from_token.id: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, - detail=f"You are only authorised to update your own user data.", + detail="You are only authorised to update your own user data.", ) @@ -181,7 +173,7 @@ def get_users( username: Optional[str] = None, ) -> AbstractPage[FidesopsUser]: """Returns a paginated list of all users""" - logger.info(f"Returned a paginated list of all users.") + logger.info("Returned a paginated list of all users.") query = FidesopsUser.query(db) if username: query = query.filter(FidesopsUser.username.ilike(f"%{escape_like(username)}%")) @@ -196,7 +188,7 @@ def get_users( ) def get_user(*, db: Session = Depends(deps.get_db), user_id: str) -> FidesopsUser: """Returns a User based on an Id""" - logger.info(f"Returned a User based on Id") + logger.info("Returned a User based on Id") user = FidesopsUser.get_by(db, field="id", value=user_id) if user is None: raise HTTPException(status_code=HTTP_404_NOT_FOUND, detail="User not found") @@ -228,7 +220,7 @@ def delete_user( if not (client.fides_key == ADMIN_UI_ROOT or client.user_id == user.id): raise HTTPException( status_code=HTTP_403_FORBIDDEN, - detail=f"Users can only remove themselves, or be the Admin UI Root User.", + detail="Users can only remove themselves, or be the Admin UI Root User.", ) logger.info(f"Deleting user with id: '{user_id}'.") diff --git a/src/fidesops/api/v1/endpoints/user_permission_endpoints.py b/src/fidesops/api/v1/endpoints/user_permission_endpoints.py index 4f34a2ab6..ba9499b69 100644 --- a/src/fidesops/api/v1/endpoints/user_permission_endpoints.py +++ b/src/fidesops/api/v1/endpoints/user_permission_endpoints.py @@ -1,25 +1,25 @@ import logging -from fastapi import Security, Depends, APIRouter, HTTPException -from starlette.status import HTTP_404_NOT_FOUND, HTTP_201_CREATED, HTTP_400_BAD_REQUEST + +from fastapi import APIRouter, Depends, HTTPException, Security +from sqlalchemy.orm import Session +from starlette.status import HTTP_201_CREATED, HTTP_400_BAD_REQUEST, HTTP_404_NOT_FOUND from fidesops.api import deps from fidesops.api.v1 import urn_registry as urls -from fidesops.api.v1.urn_registry import V1_URL_PREFIX -from fidesops.models.fidesops_user import FidesopsUser -from fidesops.models.fidesops_user_permissions import FidesopsUserPermissions -from fidesops.schemas.oauth import AccessToken -from fidesops.util.oauth_util import verify_oauth_client -from sqlalchemy.orm import Session from fidesops.api.v1.scope_registry import ( USER_PERMISSION_CREATE, - USER_PERMISSION_UPDATE, USER_PERMISSION_READ, + USER_PERMISSION_UPDATE, ) +from fidesops.api.v1.urn_registry import V1_URL_PREFIX +from fidesops.models.fidesops_user import FidesopsUser +from fidesops.models.fidesops_user_permissions import FidesopsUserPermissions from fidesops.schemas.user_permission import ( - UserPermissionsResponse, UserPermissionsCreate, UserPermissionsEdit, + UserPermissionsResponse, ) +from fidesops.util.oauth_util import verify_oauth_client logger = logging.getLogger(__name__) router = APIRouter(tags=["User Permissions"], prefix=V1_URL_PREFIX) @@ -51,7 +51,7 @@ def create_user_permissions( if user.permissions is not None: raise HTTPException( status_code=HTTP_400_BAD_REQUEST, - detail=f"This user already has permissions set.", + detail="This user already has permissions set.", ) logger.info("Created FidesopsUserPermission record") return FidesopsUserPermissions.create( diff --git a/src/fidesops/models/audit_log.py b/src/fidesops/models/audit_log.py index b9a2afffc..8009525a9 100644 --- a/src/fidesops/models/audit_log.py +++ b/src/fidesops/models/audit_log.py @@ -4,7 +4,7 @@ from fidesops.db.base_class import Base -class AuditLogAction(EnumType): +class AuditLogAction(str, EnumType): """Enum for audit log actions, reflecting what a user did""" approved = "approved" diff --git a/src/fidesops/models/policy.py b/src/fidesops/models/policy.py index e72f2f19a..d86c35702 100644 --- a/src/fidesops/models/policy.py +++ b/src/fidesops/models/policy.py @@ -51,7 +51,7 @@ from fidesops.util.data_category import _validate_data_category -class ActionType(EnumType): +class ActionType(str, EnumType): """The purpose of a particular privacy request""" access = "access" diff --git a/src/fidesops/models/privacy_request.py b/src/fidesops/models/privacy_request.py index deaf1ff75..f64656914 100644 --- a/src/fidesops/models/privacy_request.py +++ b/src/fidesops/models/privacy_request.py @@ -57,7 +57,7 @@ logger = logging.getLogger(__name__) -class PrivacyRequestStatus(EnumType): +class PrivacyRequestStatus(str, EnumType): """Enum for privacy request statuses, reflecting where they are in the Privacy Request Lifecycle""" pending = "pending" diff --git a/src/fidesops/schemas/masking/__init__.py b/src/fidesops/schemas/masking/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/schemas/masking/masking_configuration.py b/src/fidesops/schemas/masking/masking_configuration.py index eead97881..5c12499bb 100644 --- a/src/fidesops/schemas/masking/masking_configuration.py +++ b/src/fidesops/schemas/masking/masking_configuration.py @@ -7,8 +7,6 @@ class MaskingConfiguration(BaseModel): """Base class for masking configuration""" - pass - class FormatPreservationConfig(BaseModel): """option to preserve format in masking""" diff --git a/src/fidesops/schemas/saas/__init__.py b/src/fidesops/schemas/saas/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/schemas/saas/saas_config.py b/src/fidesops/schemas/saas/saas_config.py index 049d03200..b8672f1b5 100644 --- a/src/fidesops/schemas/saas/saas_config.py +++ b/src/fidesops/schemas/saas/saas_config.py @@ -1,20 +1,20 @@ -from typing import Any, Dict, List, Literal, Optional, Union, Set +from typing import Any, Dict, List, Literal, Optional, Set, Union + +from pydantic import BaseModel, Extra, root_validator, validator -from fidesops.schemas.saas.shared_schemas import HTTPMethod -from fidesops.service.pagination.pagination_strategy_factory import get_strategy -from pydantic import BaseModel, validator, root_validator, Extra -from fidesops.schemas.base_class import BaseSchema -from fidesops.schemas.dataset import FidesopsDatasetReference, FidesCollectionKey from fidesops.graph.config import ( Collection, + CollectionAddress, Dataset, FieldAddress, ScalarField, - CollectionAddress, - Field, ) +from fidesops.schemas.base_class import BaseSchema +from fidesops.schemas.dataset import FidesCollectionKey, FidesopsDatasetReference +from fidesops.schemas.saas.shared_schemas import HTTPMethod from fidesops.schemas.saas.strategy_configuration import ConnectorParamRef from fidesops.schemas.shared_schemas import FidesOpsKey +from fidesops.service.pagination.pagination_strategy_factory import get_strategy class ParamValue(BaseModel): @@ -149,7 +149,7 @@ def validate_grouped_inputs(cls, values: Dict[str, Any]) -> Dict[str, Any]: collect = param.references[0].field.split(".")[0] referenced_collections.append(collect) - if not len(set(referenced_collections)) == 1: + if len(set(referenced_collections)) != 1: raise ValueError( "Grouped input fields must all reference the same collection." ) diff --git a/src/fidesops/schemas/storage/__init__.py b/src/fidesops/schemas/storage/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/schemas/storage/storage.py b/src/fidesops/schemas/storage/storage.py index 331558a86..4a38a6419 100644 --- a/src/fidesops/schemas/storage/storage.py +++ b/src/fidesops/schemas/storage/storage.py @@ -1,23 +1,12 @@ import logging from enum import Enum -from typing import ( - Any, - Dict, - List, - Optional, - Union, -) +from typing import Any, Dict, List, Optional, Union -from fidesops.schemas.shared_schemas import FidesOpsKey -from pydantic import ( - Extra, - ValidationError, - root_validator, - validator, -) +from pydantic import Extra, ValidationError, root_validator, validator from pydantic.main import BaseModel from fidesops.schemas.api import BulkResponse, BulkUpdateFailed +from fidesops.schemas.shared_schemas import FidesOpsKey logger = logging.getLogger(__name__) diff --git a/src/fidesops/schemas/storage/storage_secrets_docs_only.py b/src/fidesops/schemas/storage/storage_secrets_docs_only.py index c506cd4d5..a69b6901a 100644 --- a/src/fidesops/schemas/storage/storage_secrets_docs_only.py +++ b/src/fidesops/schemas/storage/storage_secrets_docs_only.py @@ -1,11 +1,7 @@ from typing import Union from fidesops.schemas.base_class import NoValidationSchema -from fidesops.schemas.storage.storage import ( - StorageSecretsLocal, - StorageSecretsS3, - StorageSecretsOnetrust, -) +from fidesops.schemas.storage.storage import StorageSecretsOnetrust, StorageSecretsS3 class StorageSecretsS3Docs(StorageSecretsS3, NoValidationSchema): diff --git a/src/fidesops/schemas/third_party/__init__.py b/src/fidesops/schemas/third_party/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/schemas/third_party/onetrust.py b/src/fidesops/schemas/third_party/onetrust.py index 2511c0dac..cf11f2698 100644 --- a/src/fidesops/schemas/third_party/onetrust.py +++ b/src/fidesops/schemas/third_party/onetrust.py @@ -1,7 +1,7 @@ -from typing import List, Dict, Optional +from enum import Enum +from typing import Dict, List, Optional from fidesops.schemas.base_class import BaseSchema -from enum import Enum class OneTrustSubtaskStatus(Enum): diff --git a/src/fidesops/service/masking/__init__.py b/src/fidesops/service/masking/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/masking/strategy/__init__.py b/src/fidesops/service/masking/strategy/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/masking/strategy/masking_strategy_aes_encrypt.py b/src/fidesops/service/masking/strategy/masking_strategy_aes_encrypt.py index 3716d081e..0270da7cc 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_aes_encrypt.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_aes_encrypt.py @@ -1,18 +1,18 @@ -from typing import Optional, List, Dict +from typing import Dict, List, Optional from fidesops.schemas.masking.masking_configuration import ( - MaskingConfiguration, AesEncryptionMaskingConfiguration, HmacMaskingConfiguration, + MaskingConfiguration, ) from fidesops.schemas.masking.masking_secrets import ( MaskingSecretCache, - SecretType, MaskingSecretMeta, + SecretType, ) from fidesops.schemas.masking.masking_strategy_description import ( - MaskingStrategyDescription, MaskingStrategyConfigurationDescription, + MaskingStrategyDescription, ) from fidesops.service.masking.strategy.format_preservation import FormatPreservation from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy @@ -29,7 +29,7 @@ def __init__(self, configuration: AesEncryptionMaskingConfiguration): self.format_preservation = configuration.format_preservation def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[str]]: if values is None: return None @@ -38,23 +38,21 @@ def mask( SecretType, MaskingSecretMeta ] = self._build_masking_secret_meta() key: bytes = SecretsUtil.get_or_generate_secret( - privacy_request_id, SecretType.key, masking_meta[SecretType.key] + request_id, SecretType.key, masking_meta[SecretType.key] ) key_hmac: str = SecretsUtil.get_or_generate_secret( - privacy_request_id, + request_id, SecretType.key_hmac, masking_meta[SecretType.key_hmac], ) - """ - The nonce is generated deterministically such that the same input val will result in same nonce - and therefore the same masked val through the aes strategy. This is called convergent encryption, with this - implementation loosely based on https://www.vaultproject.io/docs/secrets/transit#convergent-encryption - """ + # The nonce is generated deterministically such that the same input val will result in same nonce + # and therefore the same masked val through the aes strategy. This is called convergent encryption, with this + # implementation loosely based on https://www.vaultproject.io/docs/secrets/transit#convergent-encryption masked_values: List[str] = [] for value in values: nonce: bytes = self._generate_nonce( - value, key_hmac, privacy_request_id, masking_meta + value, key_hmac, request_id, masking_meta ) masked: str = encrypt(value, key, nonce) if self.format_preservation is not None: @@ -62,8 +60,8 @@ def mask( masked = formatter.format(masked) masked_values.append(masked) return masked_values - else: - raise ValueError(f"aes_mode {self.mode} is not supported") + + raise ValueError(f"aes_mode {self.mode} is not supported") def secrets_required(self) -> bool: return True @@ -114,10 +112,8 @@ def _generate_nonce( salt: str = SecretsUtil.get_or_generate_secret( privacy_request_id, SecretType.salt_hmac, masking_meta[SecretType.salt_hmac] ) - """ - Trim to 12 bytes, which is recommended length from aes gcm lib: - https://cryptography.io/en/latest/hazmat/primitives/aead/#cryptography.hazmat.primitives.ciphers.aead.AESGCM.encrypt - """ + # Trim to 12 bytes, which is recommended length from aes gcm lib: + # https://cryptography.io/en/latest/hazmat/primitives/aead/#cryptography.hazmat.primitives.ciphers.aead.AESGCM.encrypt return hmac_encrypt_return_bytes( value, key, salt, HmacMaskingConfiguration.Algorithm.sha_256 )[:12] diff --git a/src/fidesops/service/masking/strategy/masking_strategy_factory.py b/src/fidesops/service/masking/strategy/masking_strategy_factory.py index 3af05dc21..6263278e0 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_factory.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_factory.py @@ -3,6 +3,13 @@ from pydantic import ValidationError +from fidesops.common_exceptions import NoSuchStrategyException +from fidesops.common_exceptions import ValidationError as FidesopsValidationError +from fidesops.schemas.masking.masking_configuration import ( + FormatPreservationConfig, + MaskingConfiguration, +) +from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy from fidesops.service.masking.strategy.masking_strategy_aes_encrypt import ( AesEncryptionMaskingStrategy, ) @@ -14,19 +21,9 @@ from fidesops.service.masking.strategy.masking_strategy_random_string_rewrite import ( RandomStringRewriteMaskingStrategy, ) -from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy from fidesops.service.masking.strategy.masking_strategy_string_rewrite import ( StringRewriteMaskingStrategy, ) -from fidesops.common_exceptions import ( - ValidationError as FidesopsValidationError, - NoSuchStrategyException, -) - -from fidesops.schemas.masking.masking_configuration import ( - FormatPreservationConfig, - MaskingConfiguration, -) class SupportedMaskingStrategies(Enum): @@ -41,6 +38,15 @@ class SupportedMaskingStrategies(Enum): aes_encrypt = AesEncryptionMaskingStrategy hmac = HmacMaskingStrategy + @classmethod + def __contains__(cls, item: str) -> bool: + try: + cls[item] + except KeyError: + return False + + return True + def get_strategy( strategy_name: str, @@ -53,7 +59,7 @@ def get_strategy( Returns the strategy given the name and configuration. Raises NoSuchStrategyException if the strategy does not exist """ - if strategy_name not in SupportedMaskingStrategies.__members__: + if not SupportedMaskingStrategies.__contains__(strategy_name): valid_strategies = ", ".join([s.name for s in SupportedMaskingStrategies]) raise NoSuchStrategyException( f"Strategy '{strategy_name}' does not exist. Valid strategies are [{valid_strategies}]" diff --git a/src/fidesops/service/masking/strategy/masking_strategy_hash.py b/src/fidesops/service/masking/strategy/masking_strategy_hash.py index 0a9d5d8d0..29c618fa6 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_hash.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_hash.py @@ -1,5 +1,5 @@ import hashlib -from typing import Optional, List, Dict +from typing import Dict, List, Optional from fidesops.core.config import config from fidesops.schemas.masking.masking_configuration import ( @@ -8,12 +8,12 @@ ) from fidesops.schemas.masking.masking_secrets import ( MaskingSecretCache, - SecretType, MaskingSecretMeta, + SecretType, ) from fidesops.schemas.masking.masking_strategy_description import ( - MaskingStrategyDescription, MaskingStrategyConfigurationDescription, + MaskingStrategyDescription, ) from fidesops.service.masking.strategy.format_preservation import FormatPreservation from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy @@ -37,7 +37,7 @@ def __init__( self.format_preservation = configuration.format_preservation def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[str]]: """Returns the hashed version of the provided values. Returns None if the provided value is None""" @@ -47,7 +47,7 @@ def mask( SecretType, MaskingSecretMeta ] = self._build_masking_secret_meta() salt: str = SecretsUtil.get_or_generate_secret( - privacy_request_id, + request_id, SecretType.salt, masking_meta[SecretType.salt], ) diff --git a/src/fidesops/service/masking/strategy/masking_strategy_hmac.py b/src/fidesops/service/masking/strategy/masking_strategy_hmac.py index 4b41f72dc..c36af59aa 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_hmac.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_hmac.py @@ -1,17 +1,17 @@ -from typing import Optional, List, Dict +from typing import Dict, List, Optional from fidesops.schemas.masking.masking_configuration import ( - MaskingConfiguration, HmacMaskingConfiguration, + MaskingConfiguration, ) from fidesops.schemas.masking.masking_secrets import ( MaskingSecretCache, - SecretType, MaskingSecretMeta, + SecretType, ) from fidesops.schemas.masking.masking_strategy_description import ( - MaskingStrategyDescription, MaskingStrategyConfigurationDescription, + MaskingStrategyDescription, ) from fidesops.service.masking.strategy.format_preservation import FormatPreservation from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy @@ -34,7 +34,7 @@ def __init__( self.format_preservation = configuration.format_preservation def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[str]]: """ Returns a hash using the hmac algorithm, generating a hash of each of the supplied value and the secret hmac_key. @@ -46,10 +46,10 @@ def mask( SecretType, MaskingSecretMeta ] = self._build_masking_secret_meta() key: str = SecretsUtil.get_or_generate_secret( - privacy_request_id, SecretType.key, masking_meta[SecretType.key] + request_id, SecretType.key, masking_meta[SecretType.key] ) salt: str = SecretsUtil.get_or_generate_secret( - privacy_request_id, SecretType.salt, masking_meta[SecretType.salt] + request_id, SecretType.salt, masking_meta[SecretType.salt] ) masked_values: List[str] = [] for value in values: diff --git a/src/fidesops/service/masking/strategy/masking_strategy_nullify.py b/src/fidesops/service/masking/strategy/masking_strategy_nullify.py index 941723f5d..65de1bcad 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_nullify.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_nullify.py @@ -1,16 +1,14 @@ -from typing import Optional, List +from typing import List, Optional from fidesops.schemas.masking.masking_configuration import ( - NullMaskingConfiguration, MaskingConfiguration, + NullMaskingConfiguration, ) from fidesops.schemas.masking.masking_strategy_description import ( MaskingStrategyDescription, - MaskingStrategyConfigurationDescription, ) from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy - NULL_REWRITE = "null_rewrite" @@ -24,7 +22,7 @@ def __init__( """For parity with other MaskingStrategies, but for NullMaskingStrategy, nothing is pulled from the config""" def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[None]]: """Replaces the value with a null value""" if values is None: diff --git a/src/fidesops/service/masking/strategy/masking_strategy_random_string_rewrite.py b/src/fidesops/service/masking/strategy/masking_strategy_random_string_rewrite.py index 3ce182f76..5b707f172 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_random_string_rewrite.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_random_string_rewrite.py @@ -1,19 +1,18 @@ import string -from typing import Optional, List from secrets import choice +from typing import List, Optional from fidesops.schemas.masking.masking_configuration import ( - RandomStringMaskingConfiguration, MaskingConfiguration, + RandomStringMaskingConfiguration, ) from fidesops.schemas.masking.masking_strategy_description import ( - MaskingStrategyDescription, MaskingStrategyConfigurationDescription, + MaskingStrategyDescription, ) from fidesops.service.masking.strategy.format_preservation import FormatPreservation from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy - RANDOM_STRING_REWRITE = "random_string_rewrite" @@ -28,7 +27,7 @@ def __init__( self.format_preservation = configuration.format_preservation def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[str]]: """Replaces the value with a random lowercase string of the configured length""" if values is None: diff --git a/src/fidesops/service/masking/strategy/masking_strategy_string_rewrite.py b/src/fidesops/service/masking/strategy/masking_strategy_string_rewrite.py index 3faa6f629..512ae6a01 100644 --- a/src/fidesops/service/masking/strategy/masking_strategy_string_rewrite.py +++ b/src/fidesops/service/masking/strategy/masking_strategy_string_rewrite.py @@ -1,17 +1,16 @@ -from typing import Optional, List +from typing import List, Optional from fidesops.schemas.masking.masking_configuration import ( - StringRewriteMaskingConfiguration, MaskingConfiguration, + StringRewriteMaskingConfiguration, ) from fidesops.schemas.masking.masking_strategy_description import ( - MaskingStrategyDescription, MaskingStrategyConfigurationDescription, + MaskingStrategyDescription, ) from fidesops.service.masking.strategy.format_preservation import FormatPreservation from fidesops.service.masking.strategy.masking_strategy import MaskingStrategy - STRING_REWRITE = "string_rewrite" @@ -26,7 +25,7 @@ def __init__( self.format_preservation = configuration.format_preservation def mask( - self, values: Optional[List[str]], privacy_request_id: Optional[str] + self, values: Optional[List[str]], request_id: Optional[str] ) -> Optional[List[str]]: """Replaces the value with the value specified in strategy spec. Returns None if input is None""" diff --git a/src/fidesops/service/pagination/__init__.py b/src/fidesops/service/pagination/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/pagination/pagination_strategy.py b/src/fidesops/service/pagination/pagination_strategy.py index f140ff2af..6e0765237 100644 --- a/src/fidesops/service/pagination/pagination_strategy.py +++ b/src/fidesops/service/pagination/pagination_strategy.py @@ -1,9 +1,10 @@ from abc import ABC, abstractmethod from typing import Any, Dict, Optional + from requests import Response + from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.schemas.saas.strategy_configuration import StrategyConfiguration -from fidesops.util.collection_util import Row class PaginationStrategy(ABC): diff --git a/src/fidesops/service/pagination/pagination_strategy_cursor.py b/src/fidesops/service/pagination/pagination_strategy_cursor.py index f15fb2910..a3ca2df09 100644 --- a/src/fidesops/service/pagination/pagination_strategy_cursor.py +++ b/src/fidesops/service/pagination/pagination_strategy_cursor.py @@ -1,6 +1,8 @@ -import pydash from typing import Any, Dict, Optional + +import pydash from requests import Response + from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.schemas.saas.strategy_configuration import ( CursorPaginationConfiguration, diff --git a/src/fidesops/service/pagination/pagination_strategy_factory.py b/src/fidesops/service/pagination/pagination_strategy_factory.py index 14b3ad260..137e79d62 100644 --- a/src/fidesops/service/pagination/pagination_strategy_factory.py +++ b/src/fidesops/service/pagination/pagination_strategy_factory.py @@ -1,6 +1,12 @@ import logging from enum import Enum -from typing import List, Dict, Any +from typing import Any, Dict, List + +from pydantic import ValidationError + +from fidesops.common_exceptions import NoSuchStrategyException +from fidesops.common_exceptions import ValidationError as FidesopsValidationError +from fidesops.schemas.saas.strategy_configuration import StrategyConfiguration from fidesops.service.pagination.pagination_strategy import PaginationStrategy from fidesops.service.pagination.pagination_strategy_cursor import ( CursorPaginationStrategy, @@ -10,14 +16,6 @@ OffsetPaginationStrategy, ) -from pydantic import ValidationError - -from fidesops.common_exceptions import ( - NoSuchStrategyException, - ValidationError as FidesopsValidationError, -) -from fidesops.schemas.saas.strategy_configuration import StrategyConfiguration - logger = logging.getLogger(__name__) @@ -30,6 +28,15 @@ class SupportedPaginationStrategies(Enum): link = LinkPaginationStrategy cursor = CursorPaginationStrategy + @classmethod + def __contains__(cls, item: str) -> bool: + try: + cls[item] + except KeyError: + return False + + return True + def get_strategy( strategy_name: str, @@ -39,7 +46,7 @@ def get_strategy( Returns the strategy given the name and configuration. Raises NoSuchStrategyException if the strategy does not exist """ - if strategy_name not in SupportedPaginationStrategies.__members__: + if not SupportedPaginationStrategies.__contains__(strategy_name): valid_strategies = ", ".join([s.name for s in SupportedPaginationStrategies]) raise NoSuchStrategyException( f"Strategy '{strategy_name}' does not exist. Valid strategies are [{valid_strategies}]" diff --git a/src/fidesops/service/pagination/pagination_strategy_link.py b/src/fidesops/service/pagination/pagination_strategy_link.py index 4e6af5f9f..8b64de08a 100644 --- a/src/fidesops/service/pagination/pagination_strategy_link.py +++ b/src/fidesops/service/pagination/pagination_strategy_link.py @@ -1,16 +1,17 @@ import logging - -import pydash from typing import Any, Dict, Optional from urllib import parse from urllib.parse import urlsplit + +import pydash from requests import Response + +from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.schemas.saas.strategy_configuration import ( LinkPaginationConfiguration, LinkSource, StrategyConfiguration, ) -from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.service.pagination.pagination_strategy import PaginationStrategy STRATEGY_NAME = "link" diff --git a/src/fidesops/service/pagination/pagination_strategy_offset.py b/src/fidesops/service/pagination/pagination_strategy_offset.py index a4a87a3af..08643ebf9 100644 --- a/src/fidesops/service/pagination/pagination_strategy_offset.py +++ b/src/fidesops/service/pagination/pagination_strategy_offset.py @@ -1,15 +1,16 @@ -import pydash from typing import Any, Dict, Optional + +import pydash from requests import Response + from fidesops.common_exceptions import FidesopsException +from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.schemas.saas.strategy_configuration import ( ConnectorParamRef, OffsetPaginationConfiguration, StrategyConfiguration, ) -from fidesops.schemas.saas.shared_schemas import SaaSRequestParams from fidesops.service.pagination.pagination_strategy import PaginationStrategy -from fidesops.util.collection_util import Row STRATEGY_NAME = "offset" diff --git a/src/fidesops/service/processors/__init__.py b/src/fidesops/service/processors/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/processors/post_processor_strategy/__init__.py b/src/fidesops/service/processors/post_processor_strategy/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_factory.py b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_factory.py index e71783b0d..3af31df6b 100644 --- a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_factory.py +++ b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_factory.py @@ -1,24 +1,21 @@ import logging from enum import Enum -from typing import List, Dict, Any +from typing import Any, Dict, List from pydantic import ValidationError -from fidesops.common_exceptions import ( - NoSuchStrategyException, - ValidationError as FidesopsValidationError, -) +from fidesops.common_exceptions import NoSuchStrategyException +from fidesops.common_exceptions import ValidationError as FidesopsValidationError from fidesops.schemas.saas.strategy_configuration import StrategyConfiguration +from fidesops.service.processors.post_processor_strategy.post_processor_strategy import ( + PostProcessorStrategy, +) from fidesops.service.processors.post_processor_strategy.post_processor_strategy_filter import ( FilterPostProcessorStrategy, ) from fidesops.service.processors.post_processor_strategy.post_processor_strategy_unwrap import ( UnwrapPostProcessorStrategy, ) -from fidesops.service.processors.post_processor_strategy.post_processor_strategy import ( - PostProcessorStrategy, -) - logger = logging.getLogger(__name__) @@ -31,6 +28,15 @@ class SupportedPostProcessorStrategies(Enum): unwrap = UnwrapPostProcessorStrategy filter = FilterPostProcessorStrategy + @classmethod + def __contains__(cls, item: str) -> bool: + try: + cls[item] + except KeyError: + return False + + return True + def get_strategy( strategy_name: str, @@ -40,7 +46,7 @@ def get_strategy( Returns the strategy given the name and configuration. Raises NoSuchStrategyException if the strategy does not exist """ - if strategy_name not in SupportedPostProcessorStrategies.__members__: + if not SupportedPostProcessorStrategies.__contains__(strategy_name): valid_strategies = ", ".join([s.name for s in SupportedPostProcessorStrategies]) raise NoSuchStrategyException( f"Strategy '{strategy_name}' does not exist. Valid strategies are [{valid_strategies}]" diff --git a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_filter.py b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_filter.py index 8d8c7fd86..26590bda0 100644 --- a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_filter.py +++ b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_filter.py @@ -1,11 +1,10 @@ import logging -from typing import Any, List, Optional, Dict, Union -from fidesops.common_exceptions import FidesopsException +from typing import Any, Dict, List, Union from fidesops.schemas.saas.strategy_configuration import ( FilterPostProcessorConfiguration, - StrategyConfiguration, IdentityParamRef, + StrategyConfiguration, ) from fidesops.service.processors.post_processor_strategy.post_processor_strategy import ( PostProcessorStrategy, diff --git a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_unwrap.py b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_unwrap.py index 152796249..18ee8cfef 100644 --- a/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_unwrap.py +++ b/src/fidesops/service/processors/post_processor_strategy/post_processor_strategy_unwrap.py @@ -1,17 +1,15 @@ import logging -from typing import Any, List, Optional, Dict, Union - -import pydash as pydash +from typing import Any, Dict, List, Union +import pydash from fidesops.schemas.saas.strategy_configuration import ( - UnwrapPostProcessorConfiguration, StrategyConfiguration, + UnwrapPostProcessorConfiguration, ) from fidesops.service.processors.post_processor_strategy.post_processor_strategy import ( PostProcessorStrategy, ) - STRATEGY_NAME = "unwrap" logger = logging.getLogger(__name__) diff --git a/src/fidesops/service/storage/__init__.py b/src/fidesops/service/storage/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/service/storage/storage_authenticator_service.py b/src/fidesops/service/storage/storage_authenticator_service.py index a350b761c..506475bb2 100644 --- a/src/fidesops/service/storage/storage_authenticator_service.py +++ b/src/fidesops/service/storage/storage_authenticator_service.py @@ -5,15 +5,14 @@ from requests import RequestException from fidesops.schemas.storage.storage import ( - StorageType, - StorageSecrets, + SUPPORTED_STORAGE_SECRETS, StorageSecretsOnetrust, StorageSecretsS3, - SUPPORTED_STORAGE_SECRETS, + StorageType, ) from fidesops.util.storage_authenticator import ( - get_s3_session, get_onetrust_access_token, + get_s3_session, ) logger = logging.getLogger(__name__) diff --git a/src/fidesops/service/storage/storage_uploader_service.py b/src/fidesops/service/storage/storage_uploader_service.py index d3ce9b0a2..bebe2005b 100644 --- a/src/fidesops/service/storage/storage_uploader_service.py +++ b/src/fidesops/service/storage/storage_uploader_service.py @@ -1,20 +1,19 @@ import logging -from typing import Any, Optional, Dict +from typing import Any, Dict, Optional -from fidesops.schemas.shared_schemas import FidesOpsKey +from sqlalchemy.orm import Session +from fidesops.common_exceptions import StorageUploadError from fidesops.models.privacy_request import PrivacyRequest +from fidesops.models.storage import StorageConfig +from fidesops.schemas.shared_schemas import FidesOpsKey from fidesops.schemas.storage.storage import ( - StorageType, FileNaming, - StorageDetails, ResponseFormat, + StorageDetails, + StorageType, ) -from sqlalchemy.orm import Session -from fidesops.models.storage import StorageConfig -from fidesops.tasks.storage import upload_to_s3, upload_to_onetrust, upload_to_local -from fidesops.common_exceptions import StorageUploadError - +from fidesops.tasks.storage import upload_to_local, upload_to_onetrust, upload_to_s3 logger = logging.getLogger(__name__) @@ -32,7 +31,7 @@ def upload( raise StorageUploadError(f"Storage type not found: {storage_key}") if config.secrets is None and config.type != StorageType.local: logger.warning(f"Storage secrets not found: {storage_key}") - raise StorageUploadError(f"Storage secrets not found") + raise StorageUploadError("Storage secrets not found") uploader: Any = _get_uploader_from_config_type(config.type) return uploader(db, config, data, request_id) @@ -59,8 +58,8 @@ def _construct_file_key(request_id: str, config: StorageConfig) -> str: ) if naming != FileNaming.request_id.value: raise ValueError(f"File naming of {naming} not supported") - else: - return f"{request_id}.{get_extension(config.format)}" + + return f"{request_id}.{get_extension(config.format)}" def _get_uploader_from_config_type(storage_type: StorageType) -> Any: diff --git a/src/fidesops/util/encryption/__init__.py b/src/fidesops/util/encryption/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/src/fidesops/util/encryption/secrets_util.py b/src/fidesops/util/encryption/secrets_util.py index fbd59dc06..016875bce 100644 --- a/src/fidesops/util/encryption/secrets_util.py +++ b/src/fidesops/util/encryption/secrets_util.py @@ -1,13 +1,13 @@ import logging import secrets -from typing import TypeVar, Optional, List, Dict +from typing import Dict, List, Optional, TypeVar from fidesops.schemas.masking.masking_secrets import ( - MaskingSecretMeta, MaskingSecretCache, + MaskingSecretMeta, SecretType, ) -from fidesops.util.cache import get_masking_secret_cache_key, get_cache +from fidesops.util.cache import get_cache, get_masking_secret_cache_key T = TypeVar("T") logger = logging.getLogger(__name__) @@ -29,11 +29,11 @@ def get_or_generate_secret( f"Secret type {secret_type} expected from cache but was not present for masking strategy {masking_secret_meta.masking_strategy}" ) return secret - else: - # expected for standalone masking service - return masking_secret_meta.generate_secret_func( - masking_secret_meta.secret_length - ) + + # expected for standalone masking service + return masking_secret_meta.generate_secret_func( + masking_secret_meta.secret_length + ) @staticmethod def _get_secret_from_cache( diff --git a/tests/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/api/v1/endpoints/test_privacy_request_endpoints.py index 796985277..0ed00272a 100644 --- a/tests/api/v1/endpoints/test_privacy_request_endpoints.py +++ b/tests/api/v1/endpoints/test_privacy_request_endpoints.py @@ -1,57 +1,56 @@ import ast - import csv import io - import json from datetime import datetime -from dateutil.parser import parse from typing import List from unittest import mock -from fastapi_pagination import Params import pytest +from dateutil.parser import parse +from fastapi import status +from fastapi_pagination import Params from starlette.testclient import TestClient from fidesops.api.v1.endpoints.privacy_request_endpoints import ( EMBEDDED_EXECUTION_LOG_LIMIT, ) +from fidesops.api.v1.scope_registry import ( + DATASET_CREATE_OR_UPDATE, + PRIVACY_REQUEST_CALLBACK_RESUME, + PRIVACY_REQUEST_READ, + PRIVACY_REQUEST_REVIEW, + STORAGE_CREATE_OR_UPDATE, +) from fidesops.api.v1.urn_registry import ( - PRIVACY_REQUESTS, - V1_URL_PREFIX, - REQUEST_PREVIEW, - PRIVACY_REQUEST_RESUME, DATASETS, PRIVACY_REQUEST_APPROVE, PRIVACY_REQUEST_DENY, -) -from fidesops.api.v1.scope_registry import ( - STORAGE_CREATE_OR_UPDATE, - PRIVACY_REQUEST_READ, - PRIVACY_REQUEST_CALLBACK_RESUME, - DATASET_CREATE_OR_UPDATE, - PRIVACY_REQUEST_REVIEW, + PRIVACY_REQUEST_RESUME, + PRIVACY_REQUESTS, + REQUEST_PREVIEW, + V1_URL_PREFIX, ) from fidesops.core.config import config from fidesops.models.audit_log import AuditLog from fidesops.models.client import ClientDetail +from fidesops.models.policy import ActionType from fidesops.models.privacy_request import ( - PrivacyRequest, ExecutionLog, ExecutionLogStatus, + PrivacyRequest, PrivacyRequestStatus, ) -from fidesops.models.policy import ActionType from fidesops.schemas.dataset import DryRunDatasetResponse from fidesops.schemas.jwt import ( - JWE_PAYLOAD_SCOPES, - JWE_PAYLOAD_CLIENT_ID, JWE_ISSUED_AT, + JWE_PAYLOAD_CLIENT_ID, + JWE_PAYLOAD_SCOPES, ) from fidesops.schemas.masking.masking_secrets import SecretType from fidesops.util.cache import ( - get_identity_cache_key, get_encryption_cache_key, + get_identity_cache_key, get_masking_secret_cache_key, ) from fidesops.util.oauth_util import generate_jwe @@ -416,7 +415,7 @@ def test_get_privacy_requests_displays_reviewer( privacy_request.save(db=db) auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ]) response = api_client.get( - url + f"?id={privacy_request.id}", headers=auth_header + url + f"?request_id={privacy_request.id}", headers=auth_header ) assert 200 == response.status_code @@ -459,7 +458,7 @@ def test_get_privacy_requests_by_id( ): auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ]) response = api_client.get( - url + f"?id={privacy_request.id}", headers=auth_header + url + f"?request_id={privacy_request.id}", headers=auth_header ) assert 200 == response.status_code @@ -504,7 +503,7 @@ def test_get_privacy_requests_by_partial_id( ): auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ]) response = api_client.get( - url + f"?id={privacy_request.id[:5]}", headers=auth_header + url + f"?request_id={privacy_request.id[:5]}", headers=auth_header ) assert 200 == response.status_code @@ -601,6 +600,34 @@ def test_filter_privacy_requests_by_status( assert len(resp["items"]) == 1 assert resp["items"][0]["id"] == failed_privacy_request.id + def test_filter_privacy_requests_by_internal_id( + self, + db, + api_client, + url, + generate_auth_header, + privacy_request, + ): + auth_header = generate_auth_header(scopes=[PRIVACY_REQUEST_READ]) + new_request_id = "test_internal_id_1" + response = api_client.get( + url + f"?request_id={new_request_id}", headers=auth_header + ) + assert response.status_code == status.HTTP_200_OK + resp = response.json() + assert len(resp["items"]) == 0 + + privacy_request.id = new_request_id + privacy_request.save(db) + + response = api_client.get( + url + f"?request_id={new_request_id}", headers=auth_header + ) + assert response.status_code == status.HTTP_200_OK + resp = response.json() + assert len(resp["items"]) == 1 + assert resp["items"][0]["id"] == privacy_request.id + def test_filter_privacy_requests_by_external_id( self, db, diff --git a/tests/service/connectors/test_queryconfig.py b/tests/service/connectors/test_queryconfig.py index bb3ceca4a..a7e3cc7f8 100644 --- a/tests/service/connectors/test_queryconfig.py +++ b/tests/service/connectors/test_queryconfig.py @@ -323,13 +323,13 @@ def test_generate_update_stmt_multiple_fields_same_rule( assert ( text_clause._bindparams["name"].value == HashMaskingStrategy(HashMaskingConfiguration(algorithm="SHA-512")).mask( - ["John Customer"], privacy_request_id=privacy_request.id + ["John Customer"], request_id=privacy_request.id )[0][0:40] ) assert ( text_clause._bindparams["email"].value == HashMaskingStrategy(HashMaskingConfiguration(algorithm="SHA-512")).mask( - ["customer-1@example.com"], privacy_request_id=privacy_request.id + ["customer-1@example.com"], request_id=privacy_request.id )[0] ) clear_cache_secrets(privacy_request.id) @@ -614,7 +614,7 @@ def test_generate_update_stmt_multiple_rules( assert ( mongo_statement[1]["$set"]["birthday"] == HashMaskingStrategy(HashMaskingConfiguration(algorithm="SHA-512")).mask( - ["1988-01-10"], privacy_request_id=privacy_request.id + ["1988-01-10"], request_id=privacy_request.id )[0] ) diff --git a/versioneer.py b/versioneer.py new file mode 100644 index 000000000..8dfec320d --- /dev/null +++ b/versioneer.py @@ -0,0 +1,1856 @@ +# Version: 0.19 +# pylint: skip-file +# type: ignore + +"""The Versioneer - like a rocketeer, but for versions. + +The Versioneer +============== + +* like a rocketeer, but for versions! +* https://github.com/python-versioneer/python-versioneer +* Brian Warner +* License: Public Domain +* Compatible with: Python 3.6, 3.7, 3.8, 3.9 and pypy3 +* [![Latest Version][pypi-image]][pypi-url] +* [![Build Status][travis-image]][travis-url] + +This is a tool for managing a recorded version number in distutils-based +python projects. The goal is to remove the tedious and error-prone "update +the embedded version string" step from your release process. Making a new +release should be as easy as recording a new tag in your version-control +system, and maybe making new tarballs. + + +## Quick Install + +* `pip install versioneer` to somewhere in your $PATH +* add a `[versioneer]` section to your setup.cfg (see [Install](INSTALL.md)) +* run `versioneer install` in your source tree, commit the results +* Verify version information with `python setup.py version` + +## Version Identifiers + +Source trees come from a variety of places: + +* a version-control system checkout (mostly used by developers) +* a nightly tarball, produced by build automation +* a snapshot tarball, produced by a web-based VCS browser, like github's + "tarball from tag" feature +* a release tarball, produced by "setup.py sdist", distributed through PyPI + +Within each source tree, the version identifier (either a string or a number, +this tool is format-agnostic) can come from a variety of places: + +* ask the VCS tool itself, e.g. "git describe" (for checkouts), which knows + about recent "tags" and an absolute revision-id +* the name of the directory into which the tarball was unpacked +* an expanded VCS keyword ($Id$, etc) +* a `_version.py` created by some earlier build step + +For released software, the version identifier is closely related to a VCS +tag. Some projects use tag names that include more than just the version +string (e.g. "myproject-1.2" instead of just "1.2"), in which case the tool +needs to strip the tag prefix to extract the version identifier. For +unreleased software (between tags), the version identifier should provide +enough information to help developers recreate the same tree, while also +giving them an idea of roughly how old the tree is (after version 1.2, before +version 1.3). Many VCS systems can report a description that captures this, +for example `git describe --tags --dirty --always` reports things like +"0.7-1-g574ab98-dirty" to indicate that the checkout is one revision past the +0.7 tag, has a unique revision id of "574ab98", and is "dirty" (it has +uncommitted changes). + +The version identifier is used for multiple purposes: + +* to allow the module to self-identify its version: `myproject.__version__` +* to choose a name and prefix for a 'setup.py sdist' tarball + +## Theory of Operation + +Versioneer works by adding a special `_version.py` file into your source +tree, where your `__init__.py` can import it. This `_version.py` knows how to +dynamically ask the VCS tool for version information at import time. + +`_version.py` also contains `$Revision$` markers, and the installation +process marks `_version.py` to have this marker rewritten with a tag name +during the `git archive` command. As a result, generated tarballs will +contain enough information to get the proper version. + +To allow `setup.py` to compute a version too, a `versioneer.py` is added to +the top level of your source tree, next to `setup.py` and the `setup.cfg` +that configures it. This overrides several distutils/setuptools commands to +compute the version when invoked, and changes `setup.py build` and `setup.py +sdist` to replace `_version.py` with a small static file that contains just +the generated version data. + +## Installation + +See [INSTALL.md](./INSTALL.md) for detailed installation instructions. + +## Version-String Flavors + +Code which uses Versioneer can learn about its version string at runtime by +importing `_version` from your main `__init__.py` file and running the +`get_versions()` function. From the "outside" (e.g. in `setup.py`), you can +import the top-level `versioneer.py` and run `get_versions()`. + +Both functions return a dictionary with different flavors of version +information: + +* `['version']`: A condensed version string, rendered using the selected + style. This is the most commonly used value for the project's version + string. The default "pep440" style yields strings like `0.11`, + `0.11+2.g1076c97`, or `0.11+2.g1076c97.dirty`. See the "Styles" section + below for alternative styles. + +* `['full-revisionid']`: detailed revision identifier. For Git, this is the + full SHA1 commit id, e.g. "1076c978a8d3cfc70f408fe5974aa6c092c949ac". + +* `['date']`: Date and time of the latest `HEAD` commit. For Git, it is the + commit date in ISO 8601 format. This will be None if the date is not + available. + +* `['dirty']`: a boolean, True if the tree has uncommitted changes. Note that + this is only accurate if run in a VCS checkout, otherwise it is likely to + be False or None + +* `['error']`: if the version string could not be computed, this will be set + to a string describing the problem, otherwise it will be None. It may be + useful to throw an exception in setup.py if this is set, to avoid e.g. + creating tarballs with a version string of "unknown". + +Some variants are more useful than others. Including `full-revisionid` in a +bug report should allow developers to reconstruct the exact code being tested +(or indicate the presence of local changes that should be shared with the +developers). `version` is suitable for display in an "about" box or a CLI +`--version` output: it can be easily compared against release notes and lists +of bugs fixed in various releases. + +The installer adds the following text to your `__init__.py` to place a basic +version in `YOURPROJECT.__version__`: + + from ._version import get_versions + __version__ = get_versions()['version'] + del get_versions + +## Styles + +The setup.cfg `style=` configuration controls how the VCS information is +rendered into a version string. + +The default style, "pep440", produces a PEP440-compliant string, equal to the +un-prefixed tag name for actual releases, and containing an additional "local +version" section with more detail for in-between builds. For Git, this is +TAG[+DISTANCE.gHEX[.dirty]] , using information from `git describe --tags +--dirty --always`. For example "0.11+2.g1076c97.dirty" indicates that the +tree is like the "1076c97" commit but has uncommitted changes (".dirty"), and +that this commit is two revisions ("+2") beyond the "0.11" tag. For released +software (exactly equal to a known tag), the identifier will only contain the +stripped tag, e.g. "0.11". + +Other styles are available. See [details.md](details.md) in the Versioneer +source tree for descriptions. + +## Debugging + +Versioneer tries to avoid fatal errors: if something goes wrong, it will tend +to return a version of "0+unknown". To investigate the problem, run `setup.py +version`, which will run the version-lookup code in a verbose mode, and will +display the full contents of `get_versions()` (including the `error` string, +which may help identify what went wrong). + +## Known Limitations + +Some situations are known to cause problems for Versioneer. This details the +most significant ones. More can be found on Github +[issues page](https://github.com/python-versioneer/python-versioneer/issues). + +### Subprojects + +Versioneer has limited support for source trees in which `setup.py` is not in +the root directory (e.g. `setup.py` and `.git/` are *not* siblings). The are +two common reasons why `setup.py` might not be in the root: + +* Source trees which contain multiple subprojects, such as + [Buildbot](https://github.com/buildbot/buildbot), which contains both + "master" and "slave" subprojects, each with their own `setup.py`, + `setup.cfg`, and `tox.ini`. Projects like these produce multiple PyPI + distributions (and upload multiple independently-installable tarballs). +* Source trees whose main purpose is to contain a C library, but which also + provide bindings to Python (and perhaps other languages) in subdirectories. + +Versioneer will look for `.git` in parent directories, and most operations +should get the right version string. However `pip` and `setuptools` have bugs +and implementation details which frequently cause `pip install .` from a +subproject directory to fail to find a correct version string (so it usually +defaults to `0+unknown`). + +`pip install --editable .` should work correctly. `setup.py install` might +work too. + +Pip-8.1.1 is known to have this problem, but hopefully it will get fixed in +some later version. + +[Bug #38](https://github.com/python-versioneer/python-versioneer/issues/38) is tracking +this issue. The discussion in +[PR #61](https://github.com/python-versioneer/python-versioneer/pull/61) describes the +issue from the Versioneer side in more detail. +[pip PR#3176](https://github.com/pypa/pip/pull/3176) and +[pip PR#3615](https://github.com/pypa/pip/pull/3615) contain work to improve +pip to let Versioneer work correctly. + +Versioneer-0.16 and earlier only looked for a `.git` directory next to the +`setup.cfg`, so subprojects were completely unsupported with those releases. + +### Editable installs with setuptools <= 18.5 + +`setup.py develop` and `pip install --editable .` allow you to install a +project into a virtualenv once, then continue editing the source code (and +test) without re-installing after every change. + +"Entry-point scripts" (`setup(entry_points={"console_scripts": ..})`) are a +convenient way to specify executable scripts that should be installed along +with the python package. + +These both work as expected when using modern setuptools. When using +setuptools-18.5 or earlier, however, certain operations will cause +`pkg_resources.DistributionNotFound` errors when running the entrypoint +script, which must be resolved by re-installing the package. This happens +when the install happens with one version, then the egg_info data is +regenerated while a different version is checked out. Many setup.py commands +cause egg_info to be rebuilt (including `sdist`, `wheel`, and installing into +a different virtualenv), so this can be surprising. + +[Bug #83](https://github.com/python-versioneer/python-versioneer/issues/83) describes +this one, but upgrading to a newer version of setuptools should probably +resolve it. + + +## Updating Versioneer + +To upgrade your project to a new release of Versioneer, do the following: + +* install the new Versioneer (`pip install -U versioneer` or equivalent) +* edit `setup.cfg`, if necessary, to include any new configuration settings + indicated by the release notes. See [UPGRADING](./UPGRADING.md) for details. +* re-run `versioneer install` in your source tree, to replace + `SRC/_version.py` +* commit any changed files + +## Future Directions + +This tool is designed to make it easily extended to other version-control +systems: all VCS-specific components are in separate directories like +src/git/ . The top-level `versioneer.py` script is assembled from these +components by running make-versioneer.py . In the future, make-versioneer.py +will take a VCS name as an argument, and will construct a version of +`versioneer.py` that is specific to the given VCS. It might also take the +configuration arguments that are currently provided manually during +installation by editing setup.py . Alternatively, it might go the other +direction and include code from all supported VCS systems, reducing the +number of intermediate scripts. + +## Similar projects + +* [setuptools_scm](https://github.com/pypa/setuptools_scm/) - a non-vendored build-time + dependency +* [minver](https://github.com/jbweston/miniver) - a lightweight reimplementation of + versioneer + +## License + +To make Versioneer easier to embed, all its code is dedicated to the public +domain. The `_version.py` that it creates is also in the public domain. +Specifically, both are released under the Creative Commons "Public Domain +Dedication" license (CC0-1.0), as described in +https://creativecommons.org/publicdomain/zero/1.0/ . + +[pypi-image]: https://img.shields.io/pypi/v/versioneer.svg +[pypi-url]: https://pypi.python.org/pypi/versioneer/ +[travis-image]: +https://img.shields.io/travis/com/python-versioneer/python-versioneer.svg +[travis-url]: https://travis-ci.com/github/python-versioneer/python-versioneer + +""" + +import configparser +import errno +import json +import os +import re +import subprocess +import sys + + +class VersioneerConfig: + """Container for Versioneer configuration parameters.""" + + +def get_root(): + """Get the project root directory. + + We require that all commands are run from the project root, i.e. the + directory that contains setup.py, setup.cfg, and versioneer.py . + """ + root = os.path.realpath(os.path.abspath(os.getcwd())) + setup_py = os.path.join(root, "setup.py") + versioneer_py = os.path.join(root, "versioneer.py") + if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)): + # allow 'python path/to/setup.py COMMAND' + root = os.path.dirname(os.path.realpath(os.path.abspath(sys.argv[0]))) + setup_py = os.path.join(root, "setup.py") + versioneer_py = os.path.join(root, "versioneer.py") + if not (os.path.exists(setup_py) or os.path.exists(versioneer_py)): + err = ("Versioneer was unable to run the project root directory. " + "Versioneer requires setup.py to be executed from " + "its immediate directory (like 'python setup.py COMMAND'), " + "or in a way that lets it use sys.argv[0] to find the root " + "(like 'python path/to/setup.py COMMAND').") + raise VersioneerBadRootError(err) + try: + # Certain runtime workflows (setup.py install/develop in a setuptools + # tree) execute all dependencies in a single python process, so + # "versioneer" may be imported multiple times, and python's shared + # module-import table will cache the first one. So we can't use + # os.path.dirname(__file__), as that will find whichever + # versioneer.py was first imported, even in later projects. + me = os.path.realpath(os.path.abspath(__file__)) + me_dir = os.path.normcase(os.path.splitext(me)[0]) + vsr_dir = os.path.normcase(os.path.splitext(versioneer_py)[0]) + if me_dir != vsr_dir: + print("Warning: build in %s is using versioneer.py from %s" + % (os.path.dirname(me), versioneer_py)) + except NameError: + pass + return root + + +def get_config_from_root(root): + """Read the project setup.cfg file to determine Versioneer config.""" + # This might raise EnvironmentError (if setup.cfg is missing), or + # configparser.NoSectionError (if it lacks a [versioneer] section), or + # configparser.NoOptionError (if it lacks "VCS="). See the docstring at + # the top of versioneer.py for instructions on writing your setup.cfg . + setup_cfg = os.path.join(root, "setup.cfg") + parser = configparser.ConfigParser() + with open(setup_cfg, "r") as f: + parser.read_file(f) + VCS = parser.get("versioneer", "VCS") # mandatory + + def get(parser, name): + if parser.has_option("versioneer", name): + return parser.get("versioneer", name) + return None + cfg = VersioneerConfig() + cfg.VCS = VCS + cfg.style = get(parser, "style") or "" + cfg.versionfile_source = get(parser, "versionfile_source") + cfg.versionfile_build = get(parser, "versionfile_build") + cfg.tag_prefix = get(parser, "tag_prefix") + if cfg.tag_prefix in ("''", '""'): + cfg.tag_prefix = "" + cfg.parentdir_prefix = get(parser, "parentdir_prefix") + cfg.verbose = get(parser, "verbose") + return cfg + + +class NotThisMethod(Exception): + """Exception raised if a method is not valid for the current scenario.""" + + +# these dictionaries contain VCS-specific tools +LONG_VERSION_PY = {} +HANDLERS = {} + + +def register_vcs_handler(vcs, method): # decorator + """Create decorator to mark a method as the handler of a VCS.""" + def decorate(f): + """Store f in HANDLERS[vcs][method].""" + if vcs not in HANDLERS: + HANDLERS[vcs] = {} + HANDLERS[vcs][method] = f + return f + return decorate + + +def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False, + env=None): + """Call the given command(s).""" + assert isinstance(commands, list) + p = None + for c in commands: + try: + dispcmd = str([c] + args) + # remember shell=False, so use git.cmd on windows, not just git + p = subprocess.Popen([c] + args, cwd=cwd, env=env, + stdout=subprocess.PIPE, + stderr=(subprocess.PIPE if hide_stderr + else None)) + break + except EnvironmentError: + e = sys.exc_info()[1] + if e.errno == errno.ENOENT: + continue + if verbose: + print("unable to run %s" % dispcmd) + print(e) + return None, None + else: + if verbose: + print("unable to find command, tried %s" % (commands,)) + return None, None + stdout = p.communicate()[0].strip().decode() + if p.returncode != 0: + if verbose: + print("unable to run %s (error)" % dispcmd) + print("stdout was %s" % stdout) + return None, p.returncode + return stdout, p.returncode + + +LONG_VERSION_PY['git'] = r''' +# This file helps to compute a version number in source trees obtained from +# git-archive tarball (such as those provided by githubs download-from-tag +# feature). Distribution tarballs (built by setup.py sdist) and build +# directories (produced by setup.py build) will contain a much shorter file +# that just contains the computed version number. + +# This file is released into the public domain. Generated by +# versioneer-0.19 (https://github.com/python-versioneer/python-versioneer) + +"""Git implementation of _version.py.""" + +import errno +import os +import re +import subprocess +import sys + + +def get_keywords(): + """Get the keywords needed to look up the version information.""" + # these strings will be replaced by git during git-archive. + # setup.py/versioneer.py will grep for the variable names, so they must + # each be defined on a line of their own. _version.py will just call + # get_keywords(). + git_refnames = "%(DOLLAR)sFormat:%%d%(DOLLAR)s" + git_full = "%(DOLLAR)sFormat:%%H%(DOLLAR)s" + git_date = "%(DOLLAR)sFormat:%%ci%(DOLLAR)s" + keywords = {"refnames": git_refnames, "full": git_full, "date": git_date} + return keywords + + +class VersioneerConfig: + """Container for Versioneer configuration parameters.""" + + +def get_config(): + """Create, populate and return the VersioneerConfig() object.""" + # these strings are filled in when 'setup.py versioneer' creates + # _version.py + cfg = VersioneerConfig() + cfg.VCS = "git" + cfg.style = "%(STYLE)s" + cfg.tag_prefix = "%(TAG_PREFIX)s" + cfg.parentdir_prefix = "%(PARENTDIR_PREFIX)s" + cfg.versionfile_source = "%(VERSIONFILE_SOURCE)s" + cfg.verbose = False + return cfg + + +class NotThisMethod(Exception): + """Exception raised if a method is not valid for the current scenario.""" + + +LONG_VERSION_PY = {} +HANDLERS = {} + + +def register_vcs_handler(vcs, method): # decorator + """Create decorator to mark a method as the handler of a VCS.""" + def decorate(f): + """Store f in HANDLERS[vcs][method].""" + if vcs not in HANDLERS: + HANDLERS[vcs] = {} + HANDLERS[vcs][method] = f + return f + return decorate + + +def run_command(commands, args, cwd=None, verbose=False, hide_stderr=False, + env=None): + """Call the given command(s).""" + assert isinstance(commands, list) + p = None + for c in commands: + try: + dispcmd = str([c] + args) + # remember shell=False, so use git.cmd on windows, not just git + p = subprocess.Popen([c] + args, cwd=cwd, env=env, + stdout=subprocess.PIPE, + stderr=(subprocess.PIPE if hide_stderr + else None)) + break + except EnvironmentError: + e = sys.exc_info()[1] + if e.errno == errno.ENOENT: + continue + if verbose: + print("unable to run %%s" %% dispcmd) + print(e) + return None, None + else: + if verbose: + print("unable to find command, tried %%s" %% (commands,)) + return None, None + stdout = p.communicate()[0].strip().decode() + if p.returncode != 0: + if verbose: + print("unable to run %%s (error)" %% dispcmd) + print("stdout was %%s" %% stdout) + return None, p.returncode + return stdout, p.returncode + + +def versions_from_parentdir(parentdir_prefix, root, verbose): + """Try to determine the version from the parent directory name. + + Source tarballs conventionally unpack into a directory that includes both + the project name and a version string. We will also support searching up + two directory levels for an appropriately named parent directory + """ + rootdirs = [] + + for i in range(3): + dirname = os.path.basename(root) + if dirname.startswith(parentdir_prefix): + return {"version": dirname[len(parentdir_prefix):], + "full-revisionid": None, + "dirty": False, "error": None, "date": None} + else: + rootdirs.append(root) + root = os.path.dirname(root) # up a level + + if verbose: + print("Tried directories %%s but none started with prefix %%s" %% + (str(rootdirs), parentdir_prefix)) + raise NotThisMethod("rootdir doesn't start with parentdir_prefix") + + +@register_vcs_handler("git", "get_keywords") +def git_get_keywords(versionfile_abs): + """Extract version information from the given file.""" + # the code embedded in _version.py can just fetch the value of these + # keywords. When used from setup.py, we don't want to import _version.py, + # so we do it with a regexp instead. This function is not used from + # _version.py. + keywords = {} + try: + f = open(versionfile_abs, "r") + for line in f.readlines(): + if line.strip().startswith("git_refnames ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["refnames"] = mo.group(1) + if line.strip().startswith("git_full ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["full"] = mo.group(1) + if line.strip().startswith("git_date ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["date"] = mo.group(1) + f.close() + except EnvironmentError: + pass + return keywords + + +@register_vcs_handler("git", "keywords") +def git_versions_from_keywords(keywords, tag_prefix, verbose): + """Get version information from git keywords.""" + if not keywords: + raise NotThisMethod("no keywords at all, weird") + date = keywords.get("date") + if date is not None: + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + + # git-2.2.0 added "%%cI", which expands to an ISO-8601 -compliant + # datestamp. However we prefer "%%ci" (which expands to an "ISO-8601 + # -like" string, which we must then edit to make compliant), because + # it's been around since git-1.5.3, and it's too difficult to + # discover which version we're using, or to work around using an + # older one. + date = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + refnames = keywords["refnames"].strip() + if refnames.startswith("$Format"): + if verbose: + print("keywords are unexpanded, not using") + raise NotThisMethod("unexpanded keywords, not a git-archive tarball") + refs = set([r.strip() for r in refnames.strip("()").split(",")]) + # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of + # just "foo-1.0". If we see a "tag: " prefix, prefer those. + TAG = "tag: " + tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)]) + if not tags: + # Either we're using git < 1.8.3, or there really are no tags. We use + # a heuristic: assume all version tags have a digit. The old git %%d + # expansion behaves like git log --decorate=short and strips out the + # refs/heads/ and refs/tags/ prefixes that would let us distinguish + # between branches and tags. By ignoring refnames without digits, we + # filter out many common branch names like "release" and + # "stabilization", as well as "HEAD" and "master". + tags = set([r for r in refs if re.search(r'\d', r)]) + if verbose: + print("discarding '%%s', no digits" %% ",".join(refs - tags)) + if verbose: + print("likely tags: %%s" %% ",".join(sorted(tags))) + for ref in sorted(tags): + # sorting will prefer e.g. "2.0" over "2.0rc1" + if ref.startswith(tag_prefix): + r = ref[len(tag_prefix):] + if verbose: + print("picking %%s" %% r) + return {"version": r, + "full-revisionid": keywords["full"].strip(), + "dirty": False, "error": None, + "date": date} + # no suitable tags, so version is "0+unknown", but full hex is still there + if verbose: + print("no suitable tags, using unknown + full revision id") + return {"version": "0+unknown", + "full-revisionid": keywords["full"].strip(), + "dirty": False, "error": "no suitable tags", "date": None} + + +@register_vcs_handler("git", "pieces_from_vcs") +def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command): + """Get version from 'git describe' in the root of the source tree. + + This only gets called if the git-archive 'subst' keywords were *not* + expanded, and _version.py hasn't already been rewritten with a short + version string, meaning we're inside a checked out source tree. + """ + GITS = ["git"] + if sys.platform == "win32": + GITS = ["git.cmd", "git.exe"] + + out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root, + hide_stderr=True) + if rc != 0: + if verbose: + print("Directory %%s not under git control" %% root) + raise NotThisMethod("'git rev-parse --git-dir' returned error") + + # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty] + # if there isn't one, this yields HEX[-dirty] (no NUM) + describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty", + "--always", "--long", + "--match", "%%s*" %% tag_prefix], + cwd=root) + # --long was added in git-1.5.5 + if describe_out is None: + raise NotThisMethod("'git describe' failed") + describe_out = describe_out.strip() + full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root) + if full_out is None: + raise NotThisMethod("'git rev-parse' failed") + full_out = full_out.strip() + + pieces = {} + pieces["long"] = full_out + pieces["short"] = full_out[:7] # maybe improved later + pieces["error"] = None + + # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty] + # TAG might have hyphens. + git_describe = describe_out + + # look for -dirty suffix + dirty = git_describe.endswith("-dirty") + pieces["dirty"] = dirty + if dirty: + git_describe = git_describe[:git_describe.rindex("-dirty")] + + # now we have TAG-NUM-gHEX or HEX + + if "-" in git_describe: + # TAG-NUM-gHEX + mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe) + if not mo: + # unparseable. Maybe git-describe is misbehaving? + pieces["error"] = ("unable to parse git-describe output: '%%s'" + %% describe_out) + return pieces + + # tag + full_tag = mo.group(1) + if not full_tag.startswith(tag_prefix): + if verbose: + fmt = "tag '%%s' doesn't start with prefix '%%s'" + print(fmt %% (full_tag, tag_prefix)) + pieces["error"] = ("tag '%%s' doesn't start with prefix '%%s'" + %% (full_tag, tag_prefix)) + return pieces + pieces["closest-tag"] = full_tag[len(tag_prefix):] + + # distance: number of commits since tag + pieces["distance"] = int(mo.group(2)) + + # commit: short hex revision ID + pieces["short"] = mo.group(3) + + else: + # HEX: no tags + pieces["closest-tag"] = None + count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"], + cwd=root) + pieces["distance"] = int(count_out) # total number of commits + + # commit date: see ISO-8601 comment in git_versions_from_keywords() + date = run_command(GITS, ["show", "-s", "--format=%%ci", "HEAD"], + cwd=root)[0].strip() + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + + return pieces + + +def plus_or_dot(pieces): + """Return a + if we don't already have one, else return a .""" + if "+" in pieces.get("closest-tag", ""): + return "." + return "+" + + +def render_pep440(pieces): + """Build up version string, with post-release "local version identifier". + + Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you + get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty + + Exceptions: + 1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += plus_or_dot(pieces) + rendered += "%%d.g%%s" %% (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + else: + # exception #1 + rendered = "0+untagged.%%d.g%%s" %% (pieces["distance"], + pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + return rendered + + +def render_pep440_pre(pieces): + """TAG[.post0.devDISTANCE] -- No -dirty. + + Exceptions: + 1: no tags. 0.post0.devDISTANCE + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += ".post0.dev%%d" %% pieces["distance"] + else: + # exception #1 + rendered = "0.post0.dev%%d" %% pieces["distance"] + return rendered + + +def render_pep440_post(pieces): + """TAG[.postDISTANCE[.dev0]+gHEX] . + + The ".dev0" means dirty. Note that .dev0 sorts backwards + (a dirty tree will appear "older" than the corresponding clean one), + but you shouldn't be releasing software with -dirty anyways. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%%d" %% pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += plus_or_dot(pieces) + rendered += "g%%s" %% pieces["short"] + else: + # exception #1 + rendered = "0.post%%d" %% pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += "+g%%s" %% pieces["short"] + return rendered + + +def render_pep440_old(pieces): + """TAG[.postDISTANCE[.dev0]] . + + The ".dev0" means dirty. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%%d" %% pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + else: + # exception #1 + rendered = "0.post%%d" %% pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + return rendered + + +def render_git_describe(pieces): + """TAG[-DISTANCE-gHEX][-dirty]. + + Like 'git describe --tags --dirty --always'. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += "-%%d-g%%s" %% (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render_git_describe_long(pieces): + """TAG-DISTANCE-gHEX[-dirty]. + + Like 'git describe --tags --dirty --always -long'. + The distance/hash is unconditional. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + rendered += "-%%d-g%%s" %% (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render(pieces, style): + """Render the given version pieces into the requested style.""" + if pieces["error"]: + return {"version": "unknown", + "full-revisionid": pieces.get("long"), + "dirty": None, + "error": pieces["error"], + "date": None} + + if not style or style == "default": + style = "pep440" # the default + + if style == "pep440": + rendered = render_pep440(pieces) + elif style == "pep440-pre": + rendered = render_pep440_pre(pieces) + elif style == "pep440-post": + rendered = render_pep440_post(pieces) + elif style == "pep440-old": + rendered = render_pep440_old(pieces) + elif style == "git-describe": + rendered = render_git_describe(pieces) + elif style == "git-describe-long": + rendered = render_git_describe_long(pieces) + else: + raise ValueError("unknown style '%%s'" %% style) + + return {"version": rendered, "full-revisionid": pieces["long"], + "dirty": pieces["dirty"], "error": None, + "date": pieces.get("date")} + + +def get_versions(): + """Get version information or return default if unable to do so.""" + # I am in _version.py, which lives at ROOT/VERSIONFILE_SOURCE. If we have + # __file__, we can work backwards from there to the root. Some + # py2exe/bbfreeze/non-CPython implementations don't do __file__, in which + # case we can only use expanded keywords. + + cfg = get_config() + verbose = cfg.verbose + + try: + return git_versions_from_keywords(get_keywords(), cfg.tag_prefix, + verbose) + except NotThisMethod: + pass + + try: + root = os.path.realpath(__file__) + # versionfile_source is the relative path from the top of the source + # tree (where the .git directory might live) to this file. Invert + # this to find the root from __file__. + for i in cfg.versionfile_source.split('/'): + root = os.path.dirname(root) + except NameError: + return {"version": "0+unknown", "full-revisionid": None, + "dirty": None, + "error": "unable to find root of source tree", + "date": None} + + try: + pieces = git_pieces_from_vcs(cfg.tag_prefix, root, verbose) + return render(pieces, cfg.style) + except NotThisMethod: + pass + + try: + if cfg.parentdir_prefix: + return versions_from_parentdir(cfg.parentdir_prefix, root, verbose) + except NotThisMethod: + pass + + return {"version": "0+unknown", "full-revisionid": None, + "dirty": None, + "error": "unable to compute version", "date": None} +''' + + +@register_vcs_handler("git", "get_keywords") +def git_get_keywords(versionfile_abs): + """Extract version information from the given file.""" + # the code embedded in _version.py can just fetch the value of these + # keywords. When used from setup.py, we don't want to import _version.py, + # so we do it with a regexp instead. This function is not used from + # _version.py. + keywords = {} + try: + f = open(versionfile_abs, "r") + for line in f.readlines(): + if line.strip().startswith("git_refnames ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["refnames"] = mo.group(1) + if line.strip().startswith("git_full ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["full"] = mo.group(1) + if line.strip().startswith("git_date ="): + mo = re.search(r'=\s*"(.*)"', line) + if mo: + keywords["date"] = mo.group(1) + f.close() + except EnvironmentError: + pass + return keywords + + +@register_vcs_handler("git", "keywords") +def git_versions_from_keywords(keywords, tag_prefix, verbose): + """Get version information from git keywords.""" + if not keywords: + raise NotThisMethod("no keywords at all, weird") + date = keywords.get("date") + if date is not None: + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + + # git-2.2.0 added "%cI", which expands to an ISO-8601 -compliant + # datestamp. However we prefer "%ci" (which expands to an "ISO-8601 + # -like" string, which we must then edit to make compliant), because + # it's been around since git-1.5.3, and it's too difficult to + # discover which version we're using, or to work around using an + # older one. + date = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + refnames = keywords["refnames"].strip() + if refnames.startswith("$Format"): + if verbose: + print("keywords are unexpanded, not using") + raise NotThisMethod("unexpanded keywords, not a git-archive tarball") + refs = set([r.strip() for r in refnames.strip("()").split(",")]) + # starting in git-1.8.3, tags are listed as "tag: foo-1.0" instead of + # just "foo-1.0". If we see a "tag: " prefix, prefer those. + TAG = "tag: " + tags = set([r[len(TAG):] for r in refs if r.startswith(TAG)]) + if not tags: + # Either we're using git < 1.8.3, or there really are no tags. We use + # a heuristic: assume all version tags have a digit. The old git %d + # expansion behaves like git log --decorate=short and strips out the + # refs/heads/ and refs/tags/ prefixes that would let us distinguish + # between branches and tags. By ignoring refnames without digits, we + # filter out many common branch names like "release" and + # "stabilization", as well as "HEAD" and "master". + tags = set([r for r in refs if re.search(r'\d', r)]) + if verbose: + print("discarding '%s', no digits" % ",".join(refs - tags)) + if verbose: + print("likely tags: %s" % ",".join(sorted(tags))) + for ref in sorted(tags): + # sorting will prefer e.g. "2.0" over "2.0rc1" + if ref.startswith(tag_prefix): + r = ref[len(tag_prefix):] + if verbose: + print("picking %s" % r) + return {"version": r, + "full-revisionid": keywords["full"].strip(), + "dirty": False, "error": None, + "date": date} + # no suitable tags, so version is "0+unknown", but full hex is still there + if verbose: + print("no suitable tags, using unknown + full revision id") + return {"version": "0+unknown", + "full-revisionid": keywords["full"].strip(), + "dirty": False, "error": "no suitable tags", "date": None} + + +@register_vcs_handler("git", "pieces_from_vcs") +def git_pieces_from_vcs(tag_prefix, root, verbose, run_command=run_command): + """Get version from 'git describe' in the root of the source tree. + + This only gets called if the git-archive 'subst' keywords were *not* + expanded, and _version.py hasn't already been rewritten with a short + version string, meaning we're inside a checked out source tree. + """ + GITS = ["git"] + if sys.platform == "win32": + GITS = ["git.cmd", "git.exe"] + + out, rc = run_command(GITS, ["rev-parse", "--git-dir"], cwd=root, + hide_stderr=True) + if rc != 0: + if verbose: + print("Directory %s not under git control" % root) + raise NotThisMethod("'git rev-parse --git-dir' returned error") + + # if there is a tag matching tag_prefix, this yields TAG-NUM-gHEX[-dirty] + # if there isn't one, this yields HEX[-dirty] (no NUM) + describe_out, rc = run_command(GITS, ["describe", "--tags", "--dirty", + "--always", "--long", + "--match", "%s*" % tag_prefix], + cwd=root) + # --long was added in git-1.5.5 + if describe_out is None: + raise NotThisMethod("'git describe' failed") + describe_out = describe_out.strip() + full_out, rc = run_command(GITS, ["rev-parse", "HEAD"], cwd=root) + if full_out is None: + raise NotThisMethod("'git rev-parse' failed") + full_out = full_out.strip() + + pieces = {} + pieces["long"] = full_out + pieces["short"] = full_out[:7] # maybe improved later + pieces["error"] = None + + # parse describe_out. It will be like TAG-NUM-gHEX[-dirty] or HEX[-dirty] + # TAG might have hyphens. + git_describe = describe_out + + # look for -dirty suffix + dirty = git_describe.endswith("-dirty") + pieces["dirty"] = dirty + if dirty: + git_describe = git_describe[:git_describe.rindex("-dirty")] + + # now we have TAG-NUM-gHEX or HEX + + if "-" in git_describe: + # TAG-NUM-gHEX + mo = re.search(r'^(.+)-(\d+)-g([0-9a-f]+)$', git_describe) + if not mo: + # unparseable. Maybe git-describe is misbehaving? + pieces["error"] = ("unable to parse git-describe output: '%s'" + % describe_out) + return pieces + + # tag + full_tag = mo.group(1) + if not full_tag.startswith(tag_prefix): + if verbose: + fmt = "tag '%s' doesn't start with prefix '%s'" + print(fmt % (full_tag, tag_prefix)) + pieces["error"] = ("tag '%s' doesn't start with prefix '%s'" + % (full_tag, tag_prefix)) + return pieces + pieces["closest-tag"] = full_tag[len(tag_prefix):] + + # distance: number of commits since tag + pieces["distance"] = int(mo.group(2)) + + # commit: short hex revision ID + pieces["short"] = mo.group(3) + + else: + # HEX: no tags + pieces["closest-tag"] = None + count_out, rc = run_command(GITS, ["rev-list", "HEAD", "--count"], + cwd=root) + pieces["distance"] = int(count_out) # total number of commits + + # commit date: see ISO-8601 comment in git_versions_from_keywords() + date = run_command(GITS, ["show", "-s", "--format=%ci", "HEAD"], + cwd=root)[0].strip() + # Use only the last line. Previous lines may contain GPG signature + # information. + date = date.splitlines()[-1] + pieces["date"] = date.strip().replace(" ", "T", 1).replace(" ", "", 1) + + return pieces + + +def do_vcs_install(manifest_in, versionfile_source, ipy): + """Git-specific installation logic for Versioneer. + + For Git, this means creating/changing .gitattributes to mark _version.py + for export-subst keyword substitution. + """ + GITS = ["git"] + if sys.platform == "win32": + GITS = ["git.cmd", "git.exe"] + files = [manifest_in, versionfile_source] + if ipy: + files.append(ipy) + try: + me = __file__ + if me.endswith(".pyc") or me.endswith(".pyo"): + me = os.path.splitext(me)[0] + ".py" + versioneer_file = os.path.relpath(me) + except NameError: + versioneer_file = "versioneer.py" + files.append(versioneer_file) + present = False + try: + f = open(".gitattributes", "r") + for line in f.readlines(): + if line.strip().startswith(versionfile_source): + if "export-subst" in line.strip().split()[1:]: + present = True + f.close() + except EnvironmentError: + pass + if not present: + f = open(".gitattributes", "a+") + f.write("%s export-subst\n" % versionfile_source) + f.close() + files.append(".gitattributes") + run_command(GITS, ["add", "--"] + files) + + +def versions_from_parentdir(parentdir_prefix, root, verbose): + """Try to determine the version from the parent directory name. + + Source tarballs conventionally unpack into a directory that includes both + the project name and a version string. We will also support searching up + two directory levels for an appropriately named parent directory + """ + rootdirs = [] + + for i in range(3): + dirname = os.path.basename(root) + if dirname.startswith(parentdir_prefix): + return {"version": dirname[len(parentdir_prefix):], + "full-revisionid": None, + "dirty": False, "error": None, "date": None} + else: + rootdirs.append(root) + root = os.path.dirname(root) # up a level + + if verbose: + print("Tried directories %s but none started with prefix %s" % + (str(rootdirs), parentdir_prefix)) + raise NotThisMethod("rootdir doesn't start with parentdir_prefix") + + +SHORT_VERSION_PY = """ +# This file was generated by 'versioneer.py' (0.19) from +# revision-control system data, or from the parent directory name of an +# unpacked source archive. Distribution tarballs contain a pre-generated copy +# of this file. + +import json + +version_json = ''' +%s +''' # END VERSION_JSON + + +def get_versions(): + return json.loads(version_json) +""" + + +def versions_from_file(filename): + """Try to determine the version from _version.py if present.""" + try: + with open(filename) as f: + contents = f.read() + except EnvironmentError: + raise NotThisMethod("unable to read _version.py") + mo = re.search(r"version_json = '''\n(.*)''' # END VERSION_JSON", + contents, re.M | re.S) + if not mo: + mo = re.search(r"version_json = '''\r\n(.*)''' # END VERSION_JSON", + contents, re.M | re.S) + if not mo: + raise NotThisMethod("no version_json in _version.py") + return json.loads(mo.group(1)) + + +def write_to_version_file(filename, versions): + """Write the given version number to the given _version.py file.""" + os.unlink(filename) + contents = json.dumps(versions, sort_keys=True, + indent=1, separators=(",", ": ")) + with open(filename, "w") as f: + f.write(SHORT_VERSION_PY % contents) + + print("set %s to '%s'" % (filename, versions["version"])) + + +def plus_or_dot(pieces): + """Return a + if we don't already have one, else return a .""" + if "+" in pieces.get("closest-tag", ""): + return "." + return "+" + + +def render_pep440(pieces): + """Build up version string, with post-release "local version identifier". + + Our goal: TAG[+DISTANCE.gHEX[.dirty]] . Note that if you + get a tagged build and then dirty it, you'll get TAG+0.gHEX.dirty + + Exceptions: + 1: no tags. git_describe was just HEX. 0+untagged.DISTANCE.gHEX[.dirty] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += plus_or_dot(pieces) + rendered += "%d.g%s" % (pieces["distance"], pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + else: + # exception #1 + rendered = "0+untagged.%d.g%s" % (pieces["distance"], + pieces["short"]) + if pieces["dirty"]: + rendered += ".dirty" + return rendered + + +def render_pep440_pre(pieces): + """TAG[.post0.devDISTANCE] -- No -dirty. + + Exceptions: + 1: no tags. 0.post0.devDISTANCE + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += ".post0.dev%d" % pieces["distance"] + else: + # exception #1 + rendered = "0.post0.dev%d" % pieces["distance"] + return rendered + + +def render_pep440_post(pieces): + """TAG[.postDISTANCE[.dev0]+gHEX] . + + The ".dev0" means dirty. Note that .dev0 sorts backwards + (a dirty tree will appear "older" than the corresponding clean one), + but you shouldn't be releasing software with -dirty anyways. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += plus_or_dot(pieces) + rendered += "g%s" % pieces["short"] + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + rendered += "+g%s" % pieces["short"] + return rendered + + +def render_pep440_old(pieces): + """TAG[.postDISTANCE[.dev0]] . + + The ".dev0" means dirty. + + Exceptions: + 1: no tags. 0.postDISTANCE[.dev0] + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"] or pieces["dirty"]: + rendered += ".post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + else: + # exception #1 + rendered = "0.post%d" % pieces["distance"] + if pieces["dirty"]: + rendered += ".dev0" + return rendered + + +def render_git_describe(pieces): + """TAG[-DISTANCE-gHEX][-dirty]. + + Like 'git describe --tags --dirty --always'. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + if pieces["distance"]: + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render_git_describe_long(pieces): + """TAG-DISTANCE-gHEX[-dirty]. + + Like 'git describe --tags --dirty --always -long'. + The distance/hash is unconditional. + + Exceptions: + 1: no tags. HEX[-dirty] (note: no 'g' prefix) + """ + if pieces["closest-tag"]: + rendered = pieces["closest-tag"] + rendered += "-%d-g%s" % (pieces["distance"], pieces["short"]) + else: + # exception #1 + rendered = pieces["short"] + if pieces["dirty"]: + rendered += "-dirty" + return rendered + + +def render(pieces, style): + """Render the given version pieces into the requested style.""" + if pieces["error"]: + return {"version": "unknown", + "full-revisionid": pieces.get("long"), + "dirty": None, + "error": pieces["error"], + "date": None} + + if not style or style == "default": + style = "pep440" # the default + + if style == "pep440": + rendered = render_pep440(pieces) + elif style == "pep440-pre": + rendered = render_pep440_pre(pieces) + elif style == "pep440-post": + rendered = render_pep440_post(pieces) + elif style == "pep440-old": + rendered = render_pep440_old(pieces) + elif style == "git-describe": + rendered = render_git_describe(pieces) + elif style == "git-describe-long": + rendered = render_git_describe_long(pieces) + else: + raise ValueError("unknown style '%s'" % style) + + return {"version": rendered, "full-revisionid": pieces["long"], + "dirty": pieces["dirty"], "error": None, + "date": pieces.get("date")} + + +class VersioneerBadRootError(Exception): + """The project root directory is unknown or missing key files.""" + + +def get_versions(verbose=False): + """Get the project version from whatever source is available. + + Returns dict with two keys: 'version' and 'full'. + """ + if "versioneer" in sys.modules: + # see the discussion in cmdclass.py:get_cmdclass() + del sys.modules["versioneer"] + + root = get_root() + cfg = get_config_from_root(root) + + assert cfg.VCS is not None, "please set [versioneer]VCS= in setup.cfg" + handlers = HANDLERS.get(cfg.VCS) + assert handlers, "unrecognized VCS '%s'" % cfg.VCS + verbose = verbose or cfg.verbose + assert cfg.versionfile_source is not None, \ + "please set versioneer.versionfile_source" + assert cfg.tag_prefix is not None, "please set versioneer.tag_prefix" + + versionfile_abs = os.path.join(root, cfg.versionfile_source) + + # extract version from first of: _version.py, VCS command (e.g. 'git + # describe'), parentdir. This is meant to work for developers using a + # source checkout, for users of a tarball created by 'setup.py sdist', + # and for users of a tarball/zipball created by 'git archive' or github's + # download-from-tag feature or the equivalent in other VCSes. + + get_keywords_f = handlers.get("get_keywords") + from_keywords_f = handlers.get("keywords") + if get_keywords_f and from_keywords_f: + try: + keywords = get_keywords_f(versionfile_abs) + ver = from_keywords_f(keywords, cfg.tag_prefix, verbose) + if verbose: + print("got version from expanded keyword %s" % ver) + return ver + except NotThisMethod: + pass + + try: + ver = versions_from_file(versionfile_abs) + if verbose: + print("got version from file %s %s" % (versionfile_abs, ver)) + return ver + except NotThisMethod: + pass + + from_vcs_f = handlers.get("pieces_from_vcs") + if from_vcs_f: + try: + pieces = from_vcs_f(cfg.tag_prefix, root, verbose) + ver = render(pieces, cfg.style) + if verbose: + print("got version from VCS %s" % ver) + return ver + except NotThisMethod: + pass + + try: + if cfg.parentdir_prefix: + ver = versions_from_parentdir(cfg.parentdir_prefix, root, verbose) + if verbose: + print("got version from parentdir %s" % ver) + return ver + except NotThisMethod: + pass + + if verbose: + print("unable to compute version") + + return {"version": "0+unknown", "full-revisionid": None, + "dirty": None, "error": "unable to compute version", + "date": None} + + +def get_version(): + """Get the short version string for this project.""" + return get_versions()["version"] + + +def get_cmdclass(cmdclass=None): + """Get the custom setuptools/distutils subclasses used by Versioneer. + + If the package uses a different cmdclass (e.g. one from numpy), it + should be provide as an argument. + """ + if "versioneer" in sys.modules: + del sys.modules["versioneer"] + # this fixes the "python setup.py develop" case (also 'install' and + # 'easy_install .'), in which subdependencies of the main project are + # built (using setup.py bdist_egg) in the same python process. Assume + # a main project A and a dependency B, which use different versions + # of Versioneer. A's setup.py imports A's Versioneer, leaving it in + # sys.modules by the time B's setup.py is executed, causing B to run + # with the wrong versioneer. Setuptools wraps the sub-dep builds in a + # sandbox that restores sys.modules to it's pre-build state, so the + # parent is protected against the child's "import versioneer". By + # removing ourselves from sys.modules here, before the child build + # happens, we protect the child from the parent's versioneer too. + # Also see https://github.com/python-versioneer/python-versioneer/issues/52 + + cmds = {} if cmdclass is None else cmdclass.copy() + + # we add "version" to both distutils and setuptools + from distutils.core import Command + + class cmd_version(Command): + description = "report generated version string" + user_options = [] + boolean_options = [] + + def initialize_options(self): + pass + + def finalize_options(self): + pass + + def run(self): + vers = get_versions(verbose=True) + print("Version: %s" % vers["version"]) + print(" full-revisionid: %s" % vers.get("full-revisionid")) + print(" dirty: %s" % vers.get("dirty")) + print(" date: %s" % vers.get("date")) + if vers["error"]: + print(" error: %s" % vers["error"]) + cmds["version"] = cmd_version + + # we override "build_py" in both distutils and setuptools + # + # most invocation pathways end up running build_py: + # distutils/build -> build_py + # distutils/install -> distutils/build ->.. + # setuptools/bdist_wheel -> distutils/install ->.. + # setuptools/bdist_egg -> distutils/install_lib -> build_py + # setuptools/install -> bdist_egg ->.. + # setuptools/develop -> ? + # pip install: + # copies source tree to a tempdir before running egg_info/etc + # if .git isn't copied too, 'git describe' will fail + # then does setup.py bdist_wheel, or sometimes setup.py install + # setup.py egg_info -> ? + + # we override different "build_py" commands for both environments + if 'build_py' in cmds: + _build_py = cmds['build_py'] + elif "setuptools" in sys.modules: + from setuptools.command.build_py import build_py as _build_py + else: + from distutils.command.build_py import build_py as _build_py + + class cmd_build_py(_build_py): + def run(self): + root = get_root() + cfg = get_config_from_root(root) + versions = get_versions() + _build_py.run(self) + # now locate _version.py in the new build/ directory and replace + # it with an updated value + if cfg.versionfile_build: + target_versionfile = os.path.join(self.build_lib, + cfg.versionfile_build) + print("UPDATING %s" % target_versionfile) + write_to_version_file(target_versionfile, versions) + cmds["build_py"] = cmd_build_py + + if "setuptools" in sys.modules: + from setuptools.command.build_ext import build_ext as _build_ext + else: + from distutils.command.build_ext import build_ext as _build_ext + + class cmd_build_ext(_build_ext): + def run(self): + root = get_root() + cfg = get_config_from_root(root) + versions = get_versions() + _build_ext.run(self) + if self.inplace: + # build_ext --inplace will only build extensions in + # build/lib<..> dir with no _version.py to write to. + # As in place builds will already have a _version.py + # in the module dir, we do not need to write one. + return + # now locate _version.py in the new build/ directory and replace + # it with an updated value + target_versionfile = os.path.join(self.build_lib, + cfg.versionfile_source) + print("UPDATING %s" % target_versionfile) + write_to_version_file(target_versionfile, versions) + cmds["build_ext"] = cmd_build_ext + + if "cx_Freeze" in sys.modules: # cx_freeze enabled? + from cx_Freeze.dist import build_exe as _build_exe + # nczeczulin reports that py2exe won't like the pep440-style string + # as FILEVERSION, but it can be used for PRODUCTVERSION, e.g. + # setup(console=[{ + # "version": versioneer.get_version().split("+", 1)[0], # FILEVERSION + # "product_version": versioneer.get_version(), + # ... + + class cmd_build_exe(_build_exe): + def run(self): + root = get_root() + cfg = get_config_from_root(root) + versions = get_versions() + target_versionfile = cfg.versionfile_source + print("UPDATING %s" % target_versionfile) + write_to_version_file(target_versionfile, versions) + + _build_exe.run(self) + os.unlink(target_versionfile) + with open(cfg.versionfile_source, "w") as f: + LONG = LONG_VERSION_PY[cfg.VCS] + f.write(LONG % + {"DOLLAR": "$", + "STYLE": cfg.style, + "TAG_PREFIX": cfg.tag_prefix, + "PARENTDIR_PREFIX": cfg.parentdir_prefix, + "VERSIONFILE_SOURCE": cfg.versionfile_source, + }) + cmds["build_exe"] = cmd_build_exe + del cmds["build_py"] + + if 'py2exe' in sys.modules: # py2exe enabled? + from py2exe.distutils_buildexe import py2exe as _py2exe + + class cmd_py2exe(_py2exe): + def run(self): + root = get_root() + cfg = get_config_from_root(root) + versions = get_versions() + target_versionfile = cfg.versionfile_source + print("UPDATING %s" % target_versionfile) + write_to_version_file(target_versionfile, versions) + + _py2exe.run(self) + os.unlink(target_versionfile) + with open(cfg.versionfile_source, "w") as f: + LONG = LONG_VERSION_PY[cfg.VCS] + f.write(LONG % + {"DOLLAR": "$", + "STYLE": cfg.style, + "TAG_PREFIX": cfg.tag_prefix, + "PARENTDIR_PREFIX": cfg.parentdir_prefix, + "VERSIONFILE_SOURCE": cfg.versionfile_source, + }) + cmds["py2exe"] = cmd_py2exe + + # we override different "sdist" commands for both environments + if 'sdist' in cmds: + _sdist = cmds['sdist'] + elif "setuptools" in sys.modules: + from setuptools.command.sdist import sdist as _sdist + else: + from distutils.command.sdist import sdist as _sdist + + class cmd_sdist(_sdist): + def run(self): + versions = get_versions() + self._versioneer_generated_versions = versions + # unless we update this, the command will keep using the old + # version + self.distribution.metadata.version = versions["version"] + return _sdist.run(self) + + def make_release_tree(self, base_dir, files): + root = get_root() + cfg = get_config_from_root(root) + _sdist.make_release_tree(self, base_dir, files) + # now locate _version.py in the new base_dir directory + # (remembering that it may be a hardlink) and replace it with an + # updated value + target_versionfile = os.path.join(base_dir, cfg.versionfile_source) + print("UPDATING %s" % target_versionfile) + write_to_version_file(target_versionfile, + self._versioneer_generated_versions) + cmds["sdist"] = cmd_sdist + + return cmds + + +CONFIG_ERROR = """ +setup.cfg is missing the necessary Versioneer configuration. You need +a section like: + + [versioneer] + VCS = git + style = pep440 + versionfile_source = src/myproject/_version.py + versionfile_build = myproject/_version.py + tag_prefix = + parentdir_prefix = myproject- + +You will also need to edit your setup.py to use the results: + + import versioneer + setup(version=versioneer.get_version(), + cmdclass=versioneer.get_cmdclass(), ...) + +Please read the docstring in ./versioneer.py for configuration instructions, +edit setup.cfg, and re-run the installer or 'python versioneer.py setup'. +""" + +SAMPLE_CONFIG = """ +# See the docstring in versioneer.py for instructions. Note that you must +# re-run 'versioneer.py setup' after changing this section, and commit the +# resulting files. + +[versioneer] +#VCS = git +#style = pep440 +#versionfile_source = +#versionfile_build = +#tag_prefix = +#parentdir_prefix = + +""" + +INIT_PY_SNIPPET = """ +from ._version import get_versions +__version__ = get_versions()['version'] +del get_versions +""" + + +def do_setup(): + """Do main VCS-independent setup function for installing Versioneer.""" + root = get_root() + try: + cfg = get_config_from_root(root) + except (EnvironmentError, configparser.NoSectionError, + configparser.NoOptionError) as e: + if isinstance(e, (EnvironmentError, configparser.NoSectionError)): + print("Adding sample versioneer config to setup.cfg", + file=sys.stderr) + with open(os.path.join(root, "setup.cfg"), "a") as f: + f.write(SAMPLE_CONFIG) + print(CONFIG_ERROR, file=sys.stderr) + return 1 + + print(" creating %s" % cfg.versionfile_source) + with open(cfg.versionfile_source, "w") as f: + LONG = LONG_VERSION_PY[cfg.VCS] + f.write(LONG % {"DOLLAR": "$", + "STYLE": cfg.style, + "TAG_PREFIX": cfg.tag_prefix, + "PARENTDIR_PREFIX": cfg.parentdir_prefix, + "VERSIONFILE_SOURCE": cfg.versionfile_source, + }) + + ipy = os.path.join(os.path.dirname(cfg.versionfile_source), + "__init__.py") + if os.path.exists(ipy): + try: + with open(ipy, "r") as f: + old = f.read() + except EnvironmentError: + old = "" + if INIT_PY_SNIPPET not in old: + print(" appending to %s" % ipy) + with open(ipy, "a") as f: + f.write(INIT_PY_SNIPPET) + else: + print(" %s unmodified" % ipy) + else: + print(" %s doesn't exist, ok" % ipy) + ipy = None + + # Make sure both the top-level "versioneer.py" and versionfile_source + # (PKG/_version.py, used by runtime code) are in MANIFEST.in, so + # they'll be copied into source distributions. Pip won't be able to + # install the package without this. + manifest_in = os.path.join(root, "MANIFEST.in") + simple_includes = set() + try: + with open(manifest_in, "r") as f: + for line in f: + if line.startswith("include "): + for include in line.split()[1:]: + simple_includes.add(include) + except EnvironmentError: + pass + # That doesn't cover everything MANIFEST.in can do + # (http://docs.python.org/2/distutils/sourcedist.html#commands), so + # it might give some false negatives. Appending redundant 'include' + # lines is safe, though. + if "versioneer.py" not in simple_includes: + print(" appending 'versioneer.py' to MANIFEST.in") + with open(manifest_in, "a") as f: + f.write("include versioneer.py\n") + else: + print(" 'versioneer.py' already in MANIFEST.in") + if cfg.versionfile_source not in simple_includes: + print(" appending versionfile_source ('%s') to MANIFEST.in" % + cfg.versionfile_source) + with open(manifest_in, "a") as f: + f.write("include %s\n" % cfg.versionfile_source) + else: + print(" versionfile_source already in MANIFEST.in") + + # Make VCS-specific changes. For git, this means creating/changing + # .gitattributes to mark _version.py for export-subst keyword + # substitution. + do_vcs_install(manifest_in, cfg.versionfile_source, ipy) + return 0 + + +def scan_setup_py(): + """Validate the contents of setup.py against Versioneer's expectations.""" + found = set() + setters = False + errors = 0 + with open("setup.py", "r") as f: + for line in f.readlines(): + if "import versioneer" in line: + found.add("import") + if "versioneer.get_cmdclass()" in line: + found.add("cmdclass") + if "versioneer.get_version()" in line: + found.add("get_version") + if "versioneer.VCS" in line: + setters = True + if "versioneer.versionfile_source" in line: + setters = True + if len(found) != 3: + print("") + print("Your setup.py appears to be missing some important items") + print("(but I might be wrong). Please make sure it has something") + print("roughly like the following:") + print("") + print(" import versioneer") + print(" setup( version=versioneer.get_version(),") + print(" cmdclass=versioneer.get_cmdclass(), ...)") + print("") + errors += 1 + if setters: + print("You should remove lines like 'versioneer.VCS = ' and") + print("'versioneer.versionfile_source = ' . This configuration") + print("now lives in setup.cfg, and should be removed from setup.py") + print("") + errors += 1 + return errors + + +if __name__ == "__main__": + cmd = sys.argv[1] + if cmd == "setup": + errors = do_setup() + errors += scan_setup_py() + if errors: + sys.exit(1)