Merge branch 'main' into HJ-88-87_model-changes

CHANGELOG.md

@@ -19,6 +19,7 @@ The types of changes are:
 
 ### Added
 - New page in the Cookie House sample app to demonstrate the use of embedding the FidesJS SDK on the page [#5564](https://github.com/ethyca/fides/pull/5564)
+- Added event based communication example to the Cookie House sample app [#5597](https://github.com/ethyca/fides/pull/5597)
 - Added new erasure tests for BigQuery Enterprise [#5554](https://github.com/ethyca/fides/pull/5554)
 - Migration to add the `hidden` and `data_use` columns to `stagedresource` table, prereqs for Data Catalog work in Fidesplus [#5600](https://github.com/ethyca/fides/pull/5600/)
 

clients/fides-js/src/components/notices/NoticeOverlay.tsx

@@ -258,12 +258,12 @@ const NoticeOverlay: FunctionComponent<OverlayProps> = ({
     if (isConsentOverride(options) && experience.privacy_notices) {
       if (options.fidesConsentOverride === ConsentMethod.ACCEPT) {
         fidesDebugger(
-          "Consent automatically accepted by fides_accept_all override!",
+          "Consent automatically accepted by fides_consent_override!",
         );
         handleAcceptAll(true);
       } else if (options.fidesConsentOverride === ConsentMethod.REJECT) {
         fidesDebugger(
-          "Consent automatically rejected by fides_reject_all override!",
+          "Consent automatically rejected by fides_consent_override!",
         );
         handleRejectAll(true);
       }

clients/fides-js/src/components/tcf/TcfOverlay.tsx

@@ -362,12 +362,12 @@ export const TcfOverlay = ({
   useEffect(() => {
     if (options.fidesConsentOverride === ConsentMethod.ACCEPT) {
       fidesDebugger(
-        "Consent automatically accepted by fides_accept_all override!",
+        "Consent automatically accepted by fides_consent_override!",
       );
       handleAcceptAll(true);
     } else if (options.fidesConsentOverride === ConsentMethod.REJECT) {
       fidesDebugger(
-        "Consent automatically rejected by fides_reject_all override!",
+        "Consent automatically rejected by fides_consent_override!",
       );
       handleRejectAll(true);
     }
@@ -389,7 +389,7 @@ export const TcfOverlay = ({
   }, [cookie, options.debug]);
 
   const handleDismiss = useCallback(() => {
-    handleUpdateAllPreferences(ConsentMethod.DISMISS, draftIds!);
+    handleUpdateAllPreferences(ConsentMethod.DISMISS, draftIds);
   }, [handleUpdateAllPreferences, draftIds]);
 
   const experienceConfig =
@@ -461,7 +461,7 @@ export const TcfOverlay = ({
           : () => (
               <TcfTabs
                 experience={experience}
-                enabledIds={draftIds!}
+                enabledIds={draftIds}
                 onChange={(updatedIds) => {
                   setDraftIds(updatedIds);
                   dispatchFidesEvent("FidesUIChanged", cookie, options.debug);

clients/sample-app/package.json

@@ -22,7 +22,7 @@
     "react": "18.3.1",
     "react-dom": "18.3.1",
     "react-hook-form": "7.38.0",
-    "react-select": "^5.7.3",
+    "react-select": "^5.8.3",
     "sass": "1.55.0"
   },
   "devDependencies": {

clients/sample-app/src/pages/embedded-consent.tsx

@@ -61,14 +61,17 @@ const IndexPage = ({ gtmContainerId, privacyCenterUrl }: Props) => {
         <script>{`window.fides_overrides = { fides_embed: true, fides_disable_banner: true }`}</script>
         {/* Allow the embedded consent modal to fill the screen */}
         <style>{`
-          #fides-embed-container {
-            --fides-overlay-width: 'auto'
+          /* Embedded overlay is set to inherit page styling, but in this case there is no other page information so we'll set these styles the modal defaults. */
+          body {
+            font-family: var(--fides-overlay-font-family);
+            color: var(--fides-overlay-font-color-dark);
+            font-size: var(--fides-overlay-font-size-body);
+            background-color: var(--fides-overlay-background-color);
           }
 
-          body {
-            font-family: "Inter", sans-serif;
-            color: #171923;
-            font-size: 14px;
+          /* Allow the embedded consent modal to fill the width of the screen */
+          #fides-embed-container {
+            --fides-overlay-width: 'auto'
           }
         `}</style>
       </Head>
@@ -101,6 +104,15 @@ const IndexPage = ({ gtmContainerId, privacyCenterUrl }: Props) => {
           `}
         </Script>
       ) : null}
+      {/* Support for Flutter InAppWebView communication https://inappwebview.dev/docs/webview/javascript/communication */}
+      {/* eslint-disable-next-line @next/next/no-before-interactive-script-outside-document */}
+      <Script id="flutter-inappwebview" strategy="beforeInteractive">
+        {`window.addEventListener("FidesInitialized", function() {
+            Fides.onFidesEvent("FidesUpdated", (detail) => {
+              window.flutter_inappwebview?.callHandler('FidesUpdated', detail);
+            });
+          }, {once: true});`}
+      </Script>
       <div id="fides-embed-container" />
     </>
   );

clients/sample-app/src/pages/index.tsx

@@ -98,6 +98,15 @@ const IndexPage = ({ gtmContainerId, privacyCenterUrl, products }: Props) => {
           `}
         </Script>
       ) : null}
+      {/* Support for Flutter InAppWebView communication https://inappwebview.dev/docs/webview/javascript/communication */}
+      {/* eslint-disable-next-line @next/next/no-before-interactive-script-outside-document */}
+      <Script id="flutter-inappwebview" strategy="beforeInteractive">
+        {`window.addEventListener("FidesInitialized", function() {
+            Fides.onFidesEvent("FidesUpdated", (detail) => {
+              window.flutter_inappwebview?.callHandler('FidesUpdated', detail);
+            });
+          }, {once: true});`}
+      </Script>
       <Home privacyCenterUrl={privacyCenterUrl} products={products} />
     </>
   );

src/fides/api/api/v1/endpoints/admin.py

@@ -66,7 +66,15 @@ async def db_action(action: DBActions, revision: Optional[str] = "head") -> Dict
             reset_db(CONFIG.database.sync_database_uri)
             action_text = "reset"
 
-        await configure_db(CONFIG.database.sync_database_uri, revision=revision)
+        try:
+            logger.info("Database being configured...")
+            await configure_db(CONFIG.database.sync_database_uri, revision=revision)
+        except Exception as e:
+            logger.exception("Database configuration failed: {e}")
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail=f"Database configuration failed: {e}. Check server logs for more details",
+            )
 
     return {
         "data": {

src/fides/api/app_setup.py

@@ -163,9 +163,12 @@ async def run_database_startup(app: FastAPI) -> None:
         raise FidesError("No database uri provided")
 
     if CONFIG.database.automigrate:
-        await configure_db(
-            CONFIG.database.sync_database_uri, samples=CONFIG.database.load_samples
-        )
+        try:
+            await configure_db(
+                CONFIG.database.sync_database_uri, samples=CONFIG.database.load_samples
+            )
+        except Exception as e:
+            logger.error("Error occurred during database configuration: {}", str(e))
     else:
         logger.info("Skipping auto-migration due to 'automigrate' configuration value.")
 

src/fides/api/db/database.py

@@ -138,3 +138,4 @@ async def configure_db(
         error_type = get_full_exception_name(error)
         log.error("Unable to configure database: {}: {}", error_type, error)
         log.opt(exception=True).error(error)
+        raise

src/fides/api/schemas/saas/strategy_configuration.py

@@ -1,7 +1,7 @@
 from enum import Enum
 from typing import Any, Dict, List, Optional, Union
 
-from pydantic import BaseModel, ConfigDict, field_validator, model_validator
+from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator
 
 from fides.api.schemas.saas.saas_config import Header, QueryParam, SaaSRequest
 from fides.api.schemas.saas.shared_schemas import (
@@ -154,8 +154,19 @@ class OAuth2BaseConfiguration(StrategyConfiguration):
 
 class OAuth2AuthorizationCodeConfiguration(OAuth2BaseConfiguration):
     """
+    Oauth Authorization that requires manual user interaction to get authorization
     The standard OAuth2 configuration but with an additional property to configure
     the authorization request for the Authorization Code flow.
     """
 
     authorization_request: SaaSRequest
+
+
+class OAuth2ClientCredentialsConfiguration(OAuth2BaseConfiguration):
+    """
+    Ouath authorization that does not require manual user interation to get authorization
+    The standard OAuth2 configuration, but excluding the refresh token during logging
+    since the client credentials flow does not require a refresh token.
+    """
+
+    refresh_request: Optional[SaaSRequest] = Field(exclude=True)

tests/ctl/cli/test_cli.py

@@ -145,13 +145,16 @@ def test_parse(test_config_path: str, test_cli_runner: CliRunner) -> None:
 
 
 class TestDB:
+    @pytest.mark.skip(
+        "This test is timing out only in CI: Safe-Tests (3.10.13, ctl-not-external)"
+    )
     @pytest.mark.integration
     def test_reset_db(self, test_config_path: str, test_cli_runner: CliRunner) -> None:
         result = test_cli_runner.invoke(
             cli, ["-f", test_config_path, "db", "reset", "-y"]
         )
         print(result.output)
-        assert result.exit_code == 0
+        assert result.exit_code == 0, result.output
 
     @pytest.mark.integration
     def test_init_db(self, test_config_path: str, test_cli_runner: CliRunner) -> None:

tests/ctl/conftest.py

@@ -45,11 +45,18 @@ def monkeypatch_requests(test_client, monkeysession) -> None:
 
 
 @pytest.fixture(scope="session", autouse=True)
-def setup_db(api_client, config):
-    """Apply migrations at beginning and end of testing session"""
+@pytest.mark.usefixtures("monkeypatch_requests")
+def setup_ctl_db(test_config, test_client, config):
+    "Sets up the database for testing."
     assert config.test_mode
-    assert requests.post != api_client.post
-    yield api_client.post(url=f"{config.cli.server_url}/v1/admin/db/reset")
+    assert (
+        requests.post == test_client.post
+    )  # Sanity check to make sure monkeypatch_requests fixture has run
+    yield api.db_action(
+        server_url=test_config.cli.server_url,
+        headers=config.user.auth_header,
+        action="reset",
+    )
 
 
 @pytest.fixture(scope="session")

tests/fixtures/saas_example_fixtures.py

@@ -19,6 +19,7 @@
 from fides.api.schemas.saas.saas_config import ParamValue
 from fides.api.schemas.saas.strategy_configuration import (
     OAuth2AuthorizationCodeConfiguration,
+    OAuth2ClientCredentialsConfiguration,
 )
 from fides.api.service.masking.strategy.masking_strategy_nullify import (
     NullMaskingStrategy,
@@ -390,6 +391,75 @@ def oauth2_authorization_code_connection_config(
     connection_config.delete(db)
 
 
+## TODO: base on the previous connection config to set up a new improved
+
+
+@pytest.fixture(scope="function")
+def oauth2_client_credentials_configuration() -> OAuth2ClientCredentialsConfiguration:
+    return {
+        "token_request": {
+            "method": "POST",
+            "path": "/oauth/token",
+            "headers": [
+                {
+                    "name": "Content-Type",
+                    "value": "application/x-www-form-urlencoded",
+                }
+            ],
+            "query_params": [
+                {"name": "client_id", "value": "<client_id>"},
+                {"name": "client_secret", "value": "<client_secret>"},
+                {"name": "grant_type", "value": "client_credentials"},
+            ],
+        },
+    }
+
+
+@pytest.fixture(scope="function")
+def oauth2_client_credentials_connection_config(
+    db: Session, oauth2_client_credentials_configuration
+) -> Generator:
+    secrets = {
+        "domain": "localhost",
+        "client_id": "client",
+        "client_secret": "secret",
+        "access_token": "access",
+    }
+    saas_config = {
+        "fides_key": "oauth2_client_credentials_connector",
+        "name": "OAuth2 Client Credentials Connector",
+        "type": "custom",
+        "description": "Generic OAuth2 connector for testing",
+        "version": "0.0.1",
+        "connector_params": [{"name": item} for item in secrets.keys()],
+        "client_config": {
+            "protocol": "https",
+            "host": secrets["domain"],
+            "authentication": {
+                "strategy": "oauth2_client_credentials",
+                "configuration": oauth2_client_credentials_configuration,
+            },
+        },
+        "endpoints": [],
+        "test_request": {"method": "GET", "path": "/test"},
+    }
+
+    fides_key = saas_config["fides_key"]
+    connection_config = ConnectionConfig.create(
+        db=db,
+        data={
+            "key": fides_key,
+            "name": fides_key,
+            "connection_type": ConnectionType.saas,
+            "access": AccessLevel.write,
+            "secrets": secrets,
+            "saas_config": saas_config,
+        },
+    )
+    yield connection_config
+    connection_config.delete(db)
+
+
 @pytest.fixture(scope="session")
 def saas_config() -> Dict[str, Any]:
     saas_config = {}