♻️ webserver: security Domain Refactoring (#7867)

Author: pcrespov

packages/pytest-simcore/src/pytest_simcore/helpers/webserver_login.py

@@ -17,7 +17,7 @@
     get_plugin_storage,
 )
 from simcore_service_webserver.products.products_service import list_products
-from simcore_service_webserver.security.api import clean_auth_policy_cache
+from simcore_service_webserver.security import security_service
 from yarl import URL
 
 from .assert_checks import assert_status
@@ -187,7 +187,7 @@ async def __aexit__(self, *args):
         assert self.client.app
         # NOTE: cache key is based on an email. If the email is
         # reused during the test, then it creates quite some noise
-        await clean_auth_policy_cache(self.client.app)
+        await security_service.clean_auth_policy_cache(self.client.app)
         return await super().__aexit__(*args)
 
 

services/web/server/src/simcore_service_webserver/application.py

@@ -7,7 +7,6 @@
 
 from aiohttp import web
 from servicelib.aiohttp.application import create_safe_application
-from simcore_service_webserver.tasks.plugin import setup_tasks
 
 from ._meta import WELCOME_DB_LISTENER_MSG, WELCOME_GC_MSG, WELCOME_MSG, info
 from .activity.plugin import setup_activity
@@ -49,6 +48,7 @@
 from .storage.plugin import setup_storage
 from .studies_dispatcher.plugin import setup_studies_dispatcher
 from .tags.plugin import setup_tags
+from .tasks.plugin import setup_tasks
 from .tracing import setup_app_tracing
 from .trash.plugin import setup_trash
 from .users.plugin import setup_users

services/web/server/src/simcore_service_webserver/catalog/_catalog_rest_client_service.py

@@ -23,14 +23,14 @@
 from pydantic import TypeAdapter
 from servicelib.aiohttp.client_session import get_client_session
 from servicelib.rest_constants import X_PRODUCT_NAME_HEADER
-from simcore_service_webserver.catalog.errors import (
-    CatalogConnectionError,
-    CatalogResponseError,
-)
 from yarl import URL
 
 from .._meta import api_version_prefix
 from ._models import ServiceKeyVersionDict
+from .errors import (
+    CatalogConnectionError,
+    CatalogResponseError,
+)
 from .settings import CatalogSettings, get_plugin_settings
 
 _logger = logging.getLogger(__name__)

services/web/server/src/simcore_service_webserver/director_v2/_director_v2_service.py

@@ -21,7 +21,6 @@
     GroupExtraProperties,
     GroupExtraPropertiesRepo,
 )
-from simcore_service_webserver.director_v2._client import DirectorV2RestClient
 
 from ..application_settings import get_application_settings
 from ..db.plugin import get_database_engine
@@ -31,6 +30,7 @@
 from ..users import preferences_api as user_preferences_service
 from ..users.exceptions import UserDefaultWalletNotFoundError
 from ..wallets import api as wallets_service
+from ._client import DirectorV2RestClient
 from ._client_base import DataType, request_director_v2
 from .exceptions import ComputationNotFoundError, DirectorV2ServiceError
 from .settings import DirectorV2Settings, get_plugin_settings

services/web/server/src/simcore_service_webserver/functions/_controller/_functions_rest.py

@@ -11,12 +11,12 @@
     handle_validation_as_http_error,
     parse_request_path_parameters_as,
 )
-from simcore_service_webserver.utils_aiohttp import envelope_json_response
 
 from ..._meta import API_VTAG as VTAG
 from ...login.decorators import login_required
 from ...models import AuthenticatedRequestContext
 from ...security.decorators import permission_required
+from ...utils_aiohttp import envelope_json_response
 from .. import _functions_service
 from ._functions_rest_exceptions import handle_rest_requests_exceptions
 from ._functions_rest_schemas import FunctionPathParams

services/web/server/src/simcore_service_webserver/functions/_functions_repository.py

@@ -65,13 +65,13 @@
     get_columns_from_db_model,
     transaction_context,
 )
-from simcore_service_webserver.groups.api import list_all_user_groups_ids
-from simcore_service_webserver.users.api import get_user_primary_group_id
 from sqlalchemy import Text, cast
 from sqlalchemy.ext.asyncio import AsyncConnection
 from sqlalchemy.sql import func
 
 from ..db.plugin import get_asyncpg_engine
+from ..groups.api import list_all_user_groups_ids
+from ..users.api import get_user_primary_group_id
 
 _FUNCTIONS_TABLE_COLS = get_columns_from_db_model(functions_table, RegisteredFunctionDB)
 _FUNCTION_JOBS_TABLE_COLS = get_columns_from_db_model(

services/web/server/src/simcore_service_webserver/garbage_collector/_tasks_users.py

@@ -15,7 +15,7 @@
 from tenacity.wait import wait_exponential
 
 from ..login import login_service
-from ..security.api import clean_auth_policy_cache
+from ..security import security_service
 from ..users.api import update_expired_users
 
 _logger = logging.getLogger(__name__)
@@ -62,7 +62,7 @@ async def _update_expired_users(app: web.Application):
     if updated := await update_expired_users(app):
         # expired users might be cached in the auth. If so, any request
         # with this user-id will get thru producing unexpected side-effects
-        await clean_auth_policy_cache(app)
+        await security_service.clean_auth_policy_cache(app)
 
         # broadcast force logout of user_id
         for user_id in updated:

services/web/server/src/simcore_service_webserver/licenses/_common/exceptions_handlers.py

@@ -1,15 +1,14 @@
 import logging
 
 from servicelib.aiohttp import status
-from simcore_service_webserver.wallets.errors import WalletAccessForbiddenError
 
 from ...exception_handling import (
     ExceptionToHttpErrorMap,
     HttpErrorInfo,
     exception_handling_decorator,
     to_exceptions_handlers_map,
 )
-from ...wallets.errors import WalletNotEnoughCreditsError
+from ...wallets.errors import WalletAccessForbiddenError, WalletNotEnoughCreditsError
 from ..errors import LicensedItemNotFoundError, LicensedItemPricingPlanMatchError
 
 _logger = logging.getLogger(__name__)

services/web/server/src/simcore_service_webserver/licenses/_itis_vip_syncer_service.py

@@ -9,12 +9,12 @@
 from servicelib.async_utils import cancel_wait_task
 from servicelib.background_task_utils import exclusive_periodic
 from servicelib.logging_utils import log_catch, log_context
-from simcore_service_webserver.licenses import (
+
+from ..redis import get_redis_lock_manager_client_sdk, setup_redis
+from . import (
     _itis_vip_service,
     _licensed_resources_service,
 )
-
-from ..redis import get_redis_lock_manager_client_sdk, setup_redis
 from ._itis_vip_models import CategoryTuple, ItisVipData, ItisVipResourceData
 from ._licensed_resources_service import RegistrationState
 
@@ -32,10 +32,10 @@ async def sync_licensed_resources(
             with log_context(
                 _logger, logging.INFO, "Fetching %s and validating", category_url
             ), log_catch(_logger, reraise=True):
-                vip_data_items: list[
-                    ItisVipData
-                ] = await _itis_vip_service.get_category_items(
-                    http_client, category_url
+                vip_data_items: list[ItisVipData] = (
+                    await _itis_vip_service.get_category_items(
+                        http_client, category_url
+                    )
                 )
 
             # REGISTRATION

services/web/server/src/simcore_service_webserver/login/_auth_service.py

@@ -6,11 +6,11 @@
 from simcore_postgres_database.models.users import UserStatus
 from simcore_postgres_database.utils_repos import transaction_context
 from simcore_postgres_database.utils_users import UsersRepo
-from simcore_service_webserver.db.plugin import get_asyncpg_engine
 
+from ..db.plugin import get_asyncpg_engine
 from ..groups import api as groups_service
 from ..products.models import Product
-from ..security import api as security_service
+from ..security import security_service
 from . import _login_service
 from ._constants import MSG_UNKNOWN_EMAIL, MSG_WRONG_PASSWORD
 from ._login_repository_legacy import AsyncpgStorage, get_plugin_storage