IFC-1305 Clean up permission identifier custom GraphQL code (#8330)

Author: gmazoyer

backend/infrahub/core/manager.py

@@ -3,11 +3,10 @@
 from copy import copy
 from typing import TYPE_CHECKING, Any, Iterable, Literal, TypeVar, overload
 
-from infrahub_sdk.utils import deep_merge_dict, is_valid_uuid
+from infrahub_sdk.utils import is_valid_uuid
 
 from infrahub.core.constants import (
     SYSTEM_USER_ID,
-    InfrahubKind,
     MetadataOptions,
     RelationshipCardinality,
     RelationshipDirection,
@@ -188,23 +187,6 @@ async def query(
         await query.execute(db=db)
         node_ids = query.get_node_ids()
 
-        if (
-            fields
-            and "identifier" in fields
-            and node_schema.kind
-            in [
-                InfrahubKind.BASEPERMISSION,
-                InfrahubKind.GLOBALPERMISSION,
-                InfrahubKind.OBJECTPERMISSION,
-            ]
-        ):
-            # This is a workaround to ensure we are querying the right fields for permissions
-            # The identifier for permissions needs the same fields as the display label
-            schema_branch = db.schema.get_schema_branch(name=branch.name)
-            display_label_fields = schema_branch.generate_fields_for_display_label(name=node_schema.kind)
-            if display_label_fields:
-                deep_merge_dict(dicta=fields, dictb=display_label_fields)
-
         response = await cls.get_many(
             ids=node_ids,
             fields=fields,
@@ -331,20 +313,6 @@ async def query_peers(
         if not peers_info:
             return []
 
-        if fields and "identifier" in fields:
-            # This is a workaround to ensure we are querying the right fields for permissions
-            # The identifier for permissions needs the same fields as the display label
-            peer_schema = schema.get_peer_schema(db=db, branch=branch)
-            if peer_schema.kind in [
-                InfrahubKind.BASEPERMISSION,
-                InfrahubKind.GLOBALPERMISSION,
-                InfrahubKind.OBJECTPERMISSION,
-            ]:
-                schema_branch = db.schema.get_schema_branch(name=branch.name)
-                display_label_fields = schema_branch.generate_fields_for_display_label(name=peer_schema.kind)
-                if display_label_fields:
-                    deep_merge_dict(dicta=fields, dictb=display_label_fields)
-
         if fetch_peers:
             peer_ids = [peer.peer_id for peer in peers_info]
             peer_nodes = await cls.get_many(

backend/infrahub/core/schema/definitions/core/permission.py

@@ -34,7 +34,6 @@
             read_only=True,
             optional=True,
             allow_override=AllowOverrideType.NONE,
-            deprecation="Use permission display_label instead",
         ),
     ],
     relationships=[

backend/infrahub/graphql/queries/account.py

@@ -72,6 +72,7 @@ async def resolve_account_tokens(
 
 class AccountGlobalPermissionNode(ObjectType):
     id = Field(String, required=True)
+    display_label = Field(String, required=True)
     description = Field(String, required=False)
     name = Field(String, required=True)
     action = Field(String, required=True)
@@ -81,6 +82,7 @@ class AccountGlobalPermissionNode(ObjectType):
 
 class AccountObjectPermissionNode(ObjectType):
     id = Field(String, required=True)
+    display_label = Field(String, required=True)
     description = Field(String, required=False)
     namespace = Field(String, required=True)
     name = Field(String, required=True)
@@ -131,6 +133,7 @@ async def resolve_account_permissions(
             {
                 "node": {
                     "id": obj.id,
+                    "display_label": str(obj),
                     "description": obj.description,
                     "action": obj.action,
                     "decision": obj.decision,
@@ -146,6 +149,7 @@ async def resolve_account_permissions(
             {
                 "node": {
                     "id": obj.id,
+                    "display_label": str(obj),
                     "description": obj.description,
                     "namespace": obj.namespace,
                     "name": obj.name,

backend/tests/component/graphql/test_core_account.py

@@ -59,13 +59,15 @@ async def test_permissions(
             global_permissions {
                 edges {
                     node {
+                        display_label
                         identifier
                     }
                 }
             }
             object_permissions {
                 edges {
                     node {
+                        display_label
                         identifier
                     }
                 }
@@ -83,19 +85,44 @@ async def test_permissions(
 
     assert result.errors is None
     assert result.data
-    perms = [edge["node"]["identifier"] for edge in result.data["InfrahubPermissions"]["global_permissions"]["edges"]]
-    assert perms == [
-        str(GlobalPermission(action=GlobalPermissions.SUPER_ADMIN.value, decision=PermissionDecision.ALLOW_ALL.value))
+    perm_display_labels = [
+        edge["node"]["display_label"] for edge in result.data["InfrahubPermissions"]["global_permissions"]["edges"]
     ]
-
-    perms = [edge["node"]["identifier"] for edge in result.data["InfrahubPermissions"]["object_permissions"]["edges"]]
-    assert perms == [
-        str(
-            ObjectPermission(
-                namespace="*", name="*", action=PermissionAction.ANY.value, decision=PermissionDecision.ALLOW_ALL.value
+    perm_identifiers = [
+        edge["node"]["identifier"] for edge in result.data["InfrahubPermissions"]["global_permissions"]["edges"]
+    ]
+    assert (
+        perm_display_labels
+        == perm_identifiers
+        == [
+            str(
+                GlobalPermission(
+                    action=GlobalPermissions.SUPER_ADMIN.value, decision=PermissionDecision.ALLOW_ALL.value
+                )
             )
-        )
+        ]
+    )
+
+    perm_display_labels = [
+        edge["node"]["display_label"] for edge in result.data["InfrahubPermissions"]["object_permissions"]["edges"]
     ]
+    perm_identifiers = [
+        edge["node"]["identifier"] for edge in result.data["InfrahubPermissions"]["object_permissions"]["edges"]
+    ]
+    assert (
+        perm_display_labels
+        == perm_identifiers
+        == [
+            str(
+                ObjectPermission(
+                    namespace="*",
+                    name="*",
+                    action=PermissionAction.ANY.value,
+                    decision=PermissionDecision.ALLOW_ALL.value,
+                )
+            )
+        ]
+    )
 
     gql_params = await prepare_graphql_params(
         db=db,

frontend/app/src/shared/api/graphql/graphql-env.d.ts

@@ -4,10 +4,10 @@
 export type introspection_types = {
     'AccountGlobalPermissionEdge': { kind: 'OBJECT'; name: 'AccountGlobalPermissionEdge'; fields: { 'node': { name: 'node'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountGlobalPermissionNode'; ofType: null; }; } }; }; };
     'AccountGlobalPermissionEdges': { kind: 'OBJECT'; name: 'AccountGlobalPermissionEdges'; fields: { 'count': { name: 'count'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'edges': { name: 'edges'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountGlobalPermissionEdge'; ofType: null; }; }; }; } }; }; };
-    'AccountGlobalPermissionNode': { kind: 'OBJECT'; name: 'AccountGlobalPermissionNode'; fields: { 'action': { name: 'action'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'decision': { name: 'decision'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'description': { name: 'description'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'identifier': { name: 'identifier'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'name': { name: 'name'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
+    'AccountGlobalPermissionNode': { kind: 'OBJECT'; name: 'AccountGlobalPermissionNode'; fields: { 'action': { name: 'action'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'decision': { name: 'decision'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'description': { name: 'description'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'display_label': { name: 'display_label'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'identifier': { name: 'identifier'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'name': { name: 'name'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
     'AccountObjectPermissionEdge': { kind: 'OBJECT'; name: 'AccountObjectPermissionEdge'; fields: { 'node': { name: 'node'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountObjectPermissionNode'; ofType: null; }; } }; }; };
     'AccountObjectPermissionEdges': { kind: 'OBJECT'; name: 'AccountObjectPermissionEdges'; fields: { 'count': { name: 'count'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'edges': { name: 'edges'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountObjectPermissionEdge'; ofType: null; }; }; }; } }; }; };
-    'AccountObjectPermissionNode': { kind: 'OBJECT'; name: 'AccountObjectPermissionNode'; fields: { 'action': { name: 'action'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'decision': { name: 'decision'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'description': { name: 'description'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'identifier': { name: 'identifier'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'name': { name: 'name'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'namespace': { name: 'namespace'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
+    'AccountObjectPermissionNode': { kind: 'OBJECT'; name: 'AccountObjectPermissionNode'; fields: { 'action': { name: 'action'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'decision': { name: 'decision'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'description': { name: 'description'; type: { kind: 'SCALAR'; name: 'String'; ofType: null; } }; 'display_label': { name: 'display_label'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'id': { name: 'id'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'identifier': { name: 'identifier'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'name': { name: 'name'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; 'namespace': { name: 'namespace'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'String'; ofType: null; }; } }; }; };
     'AccountPermissionsEdges': { kind: 'OBJECT'; name: 'AccountPermissionsEdges'; fields: { 'global_permissions': { name: 'global_permissions'; type: { kind: 'OBJECT'; name: 'AccountGlobalPermissionEdges'; ofType: null; } }; 'object_permissions': { name: 'object_permissions'; type: { kind: 'OBJECT'; name: 'AccountObjectPermissionEdges'; ofType: null; } }; }; };
     'AccountTokenEdge': { kind: 'OBJECT'; name: 'AccountTokenEdge'; fields: { 'node': { name: 'node'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountTokenNode'; ofType: null; }; } }; }; };
     'AccountTokenEdges': { kind: 'OBJECT'; name: 'AccountTokenEdges'; fields: { 'count': { name: 'count'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'SCALAR'; name: 'Int'; ofType: null; }; } }; 'edges': { name: 'edges'; type: { kind: 'NON_NULL'; name: never; ofType: { kind: 'LIST'; name: never; ofType: { kind: 'NON_NULL'; name: never; ofType: { kind: 'OBJECT'; name: 'AccountTokenEdge'; ofType: null; }; }; }; } }; }; };

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "infrahub-server"
-version = "1.7.4"
+version = "1.8.0b0"
 description = "Infrahub is taking a new approach to Infrastructure Management by providing a new generation of datastore to organize and control all the data that defines how an infrastructure should run."
 authors = [{ name = "OpsMill", email = "info@opsmill.com" }]
 requires-python = ">=3.12,<3.15"

python_testcontainers/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "infrahub-testcontainers"
-version = "1.7.4"
+version = "1.8.0b0"
 requires-python = ">=3.10"
 
 description = "Testcontainers instance for Infrahub to easily build integration tests"

python_testcontainers/uv.lock

@@ -11,6 +11,7 @@ type AccountGlobalPermissionNode {
   action: String!
   decision: String!
   description: String
+  display_label: String!
   id: String!
   identifier: String!
   name: String!
@@ -29,6 +30,7 @@ type AccountObjectPermissionNode {
   action: String!
   decision: String!
   description: String
+  display_label: String!
   id: String!
   identifier: String!
   name: String!