Compare revisions

Martin Weise · Martin Weise · 50c443bb · 50c443bb · 50c443bb · 50c443bb
--- a/.docker/docker-compose.yml
+++ b/.docker/docker-compose.yml
@@ -86,6 +86,9 @@ services:
    ports:
      - "8080:8080"
    environment:
+      LDAP_ROOT: "${IDENTITY_SERVICE_ROOT:-dc=dbrepo,dc=at}"
+      LDAP_ADMIN_DN: "${IDENTITY_SERVICE_ADMIN_DN:-cn=admin,dc=dbrepo,dc=at}"
+      LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}"
      KEYCLOAK_ENABLE_HEALTH_ENDPOINTS: "true"
      KEYCLOAK_ENABLE_HTTPS: "false"
      KEYCLOAK_ENABLE_STATISTICS: "true"
@@ -93,7 +96,7 @@ services:
      KEYCLOAK_DATABASE_NAME: "${AUTH_DB_NAME:-keycloak}"
      KEYCLOAK_DATABASE_USER: "${AUTH_DB_USERNAME:-keycloak}"
      KEYCLOAK_DATABASE_PASSWORD: "${AUTH_DB_PASSWORD:-dbrepo}"
-      METADATA_SERVICE_ENDPOINT: "${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}/api/user"
+      METADATA_SERVICE_ENDPOINT: "${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}"
      SYSTEM_USERNAME: "${SYSTEM_USERNAME:-admin}"
      SYSTEM_PASSWORD: "${SYSTEM_PASSWORD:-admin}"
    healthcheck:
@@ -113,7 +116,7 @@ services:
    init: true
    restart: "no"
    container_name: dbrepo-auth-service-init
-    image: registry.datalab.tuwien.ac.at/dbrepo/metadata-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/metadata-service:1.7.2
    environment:
      AUTH_SERVICE_ADMIN: ${AUTH_SERVICE_ADMIN:-admin}
      AUTH_SERVICE_ADMIN_PASSWORD: ${AUTH_SERVICE_ADMIN_PASSWORD:-admin}
@@ -134,7 +137,7 @@ services:
    restart: "no"
    container_name: dbrepo-metadata-service
    hostname: metadata-service
-    image: registry.datalab.tuwien.ac.at/dbrepo/metadata-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/metadata-service:1.7.2
    volumes:
      - "${SHARED_VOLUME:-/tmp}:/tmp"
    environment:
@@ -197,7 +200,7 @@ services:
    restart: "no"
    container_name: dbrepo-analyse-service
    hostname: analyse-service
-    image: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.7.2
    environment:
      AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
      AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
@@ -252,7 +255,7 @@ services:
    restart: "no"
    container_name: dbrepo-search-db
    hostname: search-db
-    image: registry.datalab.tuwien.ac.at/dbrepo/search-db:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/search-db:1.7.2
    healthcheck:
      test: curl -sSL localhost:9200/_plugins/_security/health | jq .status | grep UP
      interval: 10s
@@ -276,7 +279,7 @@ services:
    restart: "no"
    container_name: dbrepo-search-service
    hostname: search-service
-    image: registry.datalab.tuwien.ac.at/dbrepo/search-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/search-service:1.7.2
    environment:
      AUTH_SERVICE_CLIENT: ${AUTH_SERVICE_CLIENT:-dbrepo-client}
      AUTH_SERVICE_CLIENT_SECRET: ${AUTH_SERVICE_CLIENT_SECRET:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}
@@ -300,12 +303,11 @@ services:
    restart: "no"
    container_name: dbrepo-ui
    hostname: ui
-    image: registry.datalab.tuwien.ac.at/dbrepo/ui:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/ui:1.7.2
    environment:
      NUXT_PUBLIC_API_CLIENT: "${BASE_URL:-http://localhost}"
      NUXT_PUBLIC_API_SERVER: "${BASE_URL:-http://gateway-service}"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_AUTHORIZATION_URL: "${BASE_URL:-http://localhost}/realms/dbrepo/protocol/openid-connect/auth"
-      NUXT_OIDC_PROVIDERS_KEYCLOAK_BASE_URL: "${BASE_URL:-http://localhost}/realms/dbrepo"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_ID: "${AUTH_SERVICE_CLIENT:-dbrepo-client}"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_CLIENT_SECRET: "${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
      NUXT_OIDC_PROVIDERS_KEYCLOAK_LOGOUT_REDIRECT_URI: "${BASE_URL:-http://localhost}"
@@ -377,7 +379,7 @@ services:
    init: true
    container_name: dbrepo-search-service-init
    hostname: search-service-init
-    image: registry.datalab.tuwien.ac.at/dbrepo/search-service-init:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/search-service-init:1.7.2
    environment:
      LOG_LEVEL: ${LOG_LEVEL:-info}
      METADATA_SERVICE_ENDPOINT: ${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}
@@ -434,7 +436,7 @@ services:
    restart: "no"
    container_name: dbrepo-dashboard-service
    hostname: dashboard-service
-    image: registry.datalab.tuwien.ac.at/dbrepo/dashboard-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/dashboard-service:1.7.2
    ports:
      - "3000:3000"
    volumes:
@@ -446,7 +448,7 @@ services:
      LDAP_ADMIN_PASSWORD: "${IDENTITY_SERVICE_ADMIN_PASSWORD:-admin}"
      LDAP_ROOT: "${IDENTITY_SERVICE_ROOT:-dc=dbrepo,dc=at}"
    healthcheck:
-      test: test -f /opt/bitnami/grafana/tmp/grafana.pid
+      test: curl -fsSL --head http://127.0.0.1:3000
      interval: 10s
      timeout: 5s
      retries: 12
@@ -461,7 +463,7 @@ services:
    init: true
    container_name: dbrepo-storage-service-init
    hostname: storage-service-init
-    image: registry.datalab.tuwien.ac.at/dbrepo/storage-service-init:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/storage-service-init:1.7.2
    environment:
      S3_ACCESS_KEY_ID: ${S3_ACCESS_KEY_ID:-seaweedfsadmin}
      S3_BUCKET: "${S3_BUCKET:-dbrepo}"
@@ -477,7 +479,7 @@ services:
    restart: "no"
    container_name: dbrepo-data-service
    hostname: data-service
-    image: registry.datalab.tuwien.ac.at/dbrepo/data-service:1.7.1
+    image: registry.datalab.tuwien.ac.at/dbrepo/data-service:1.7.2
    volumes:
      - "${SHARED_VOLUME:-/tmp}:/tmp"
    environment:
@@ -486,6 +488,7 @@ services:
      AUTH_SERVICE_CLIENT: "${AUTH_SERVICE_CLIENT:-dbrepo-client}"
      AUTH_SERVICE_CLIENT_SECRET: "${AUTH_SERVICE_CLIENT:-MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG}"
      AUTH_SERVICE_ENDPOINT: "${AUTH_SERVICE_ENDPOINT:-http://auth-service:8080}"
+      BASE_URL: "${BASE_URL:-http://localhost}"
      BROKER_EXCHANGE_NAME: "${BROKER_EXCHANGE_NAME:-dbrepo}"
      BROKER_QUEUE_NAME: "${BROKER_QUEUE_NAME:-dbrepo}"
      BROKER_HOST: "${BROKER_ENDPOINT:-broker-service}"

--- a/.docs/.openapi/api-data.yaml
+++ b/.docs/.openapi/api-data.yaml
@@ -8,10 +8,10 @@ info:
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
-  version: 1.7.1
+  version: 1.7.2
 externalDocs:
  description: Sourcecode Documentation
-  url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.7.1/system-services-metadata/
+  url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.7.2/system-services-metadata/
 servers:
 - url: http://localhost
  description: Development instance

--- a/.docs/.openapi/api-metadata.yaml
+++ b/.docs/.openapi/api-metadata.yaml
@@ -8,10 +8,10 @@ info:
  license:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
-  version: 1.7.1
+  version: 1.7.2
 externalDocs:
  description: Sourcecode Documentation
-  url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.7.1/system-services-metadata/
+  url: https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/1.7.2/system-services-metadata/
 servers:
 - url: http://localhost
  description: Development instance

--- a/.docs/.openapi/api.base.yaml
+++ b/.docs/.openapi/api.base.yaml
@@ -24,7 +24,7 @@ info:
    name: Apache 2.0
    url: https://www.apache.org/licenses/LICENSE-2.0
  title: DBRepo REST API
-  version: 1.7.1
+  version: 1.7.2
 openapi: 3.1.0
 servers:
  - description: Test Instance

--- a/.docs/.openapi/api.yaml
+++ b/.docs/.openapi/api.yaml
@@ -16,7 +16,7 @@ info:
    name: Apache 2.0
    url: 'https://www.apache.org/licenses/LICENSE-2.0'
  title: DBRepo REST API
-  version: 1.7.1
+  version: 1.7.2
 servers:
  - description: Test Instance
    url: 'https://test.dbrepo.tuwien.ac.at'

--- a/.docs/changelog.md
+++ b/.docs/changelog.md
@@ -2,8 +2,20 @@
 author: Martin Weise
 ---

+## v1.7.2 (2025-03-13)
+
+[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.7.2)
+
+#### Fixes
+
+* Fixed a wrong configuration of `caffeine` in the Data Service that did not find views/subsets after table creation
+  within the cache period of 60 seconds
+  in [#506](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/issues/506).
+
 ## v1.7.1 (2025-03-06)

+[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.7.1)
+
 #### Features

 * Added support to download `pandas` DataFrame by PID
@@ -18,7 +30,7 @@ author: Martin Weise

 ## v1.7.0 (2025-03-03)

-[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.7.1)
+[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.7.0)

 !!! warning "Contains Breaking Changes"


--- a/.docs/index.md
+++ b/.docs/index.md
@@ -14,7 +14,7 @@ author: Martin Weise
 ![Maintainability Rating](./images/maintainability.svg)
 ![Security Rating](./images/security.svg)

-Documentation for version: [v1.7.1](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/releases).
+Documentation for version: [v1.7.2](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/releases).

 DBRepo is a repository for data in databases that are used from the beginning until the end of a research 
 project supporting data evolution, -citation and -versioning. It implements the query store of the 

--- a/.docs/kubernetes.md
+++ b/.docs/kubernetes.md
@@ -14,7 +14,7 @@ helm upgrade --install dbrepo \
  -n dbrepo \
  "oci://registry.datalab.tuwien.ac.at/dbrepo/helm/dbrepo" \
  --values ./values.yaml \
-  --version "1.7.1" \
+  --version "1.7.2" \
  --create-namespace \
  --cleanup-on-fail
 ```

--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,9 +11,9 @@ variables:
  SONARQUBE_VERSION: "10.0"
  BUN_VERSION: "1.1.40"
  DOC_VERSION: "1.7"
-  APP_VERSION: "1.7.1"
-  CHART_VERSION: "1.7.1"
-  SUPPORTED_VERSIONS: "[\"1.7.0\",\"1.7.1\"]"
+  APP_VERSION: "1.7.2"
+  CHART_VERSION: "1.7.2"
+  SUPPORTED_VERSIONS: "[\"1.7.0\",\"1.7.1\",\"1.7.2\"]"
  CACHE_FALLBACK_KEY: "${CI_DEFAULT_BRANCH}"
  # This will supress any download for dependencies and plugins or upload messages which would clutter the console log.
  # `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
@@ -250,6 +250,7 @@ build-helm:
  stage: build
  only:
    - merge_requests
+    - tags
    - /^release-.*/
  before_script:
    - apk add --no-cache helm make
@@ -468,8 +469,8 @@ clean-images:
  image: docker:${DOCKER_VERSION}-dind
  only:
    refs:
+      - tags
      - dev
-      - /^release-.*/
  before_script:
    - "docker logout ${CI_REGISTRY_URL}"
    - "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin ${CI_REGISTRY_URL}"
@@ -531,8 +532,7 @@ release-helm:
  stage: release
  image: docker:${DOCKER_VERSION}-dind
  only:
-    - /^release-.*/
-  when: manual
+    - tags
  needs:
    - build-helm
  dependencies:
@@ -592,10 +592,8 @@ release-docs:
 release-libs:
  stage: release
  image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
-  when: manual
  only:
-    refs:
-      - /^release-.*/
+    - tags
  variables:
    PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
  before_script:

--- a/Makefile
+++ b/Makefile
 .PHONY: all

-APP_VERSION ?= 1.7.1
-CHART_VERSION ?= 1.7.1
+APP_VERSION ?= 1.7.2
+CHART_VERSION ?= 1.7.2
 REPOSITORY_URL ?= registry.datalab.tuwien.ac.at/dbrepo

 .PHONY: all

--- a/dbrepo-analyse-service/Pipfile
+++ b/dbrepo-analyse-service/Pipfile
@@ -21,7 +21,7 @@ numpy = "*"
 pandas = "*"
 minio = "*"
 pydantic = "*"
-dbrepo = {path = "./lib/dbrepo-1.7.1.tar.gz"}
+dbrepo = {path = "./lib/dbrepo-1.7.2.tar.gz"}
 opensearch-py = "*"

 [dev-packages]

--- a/dbrepo-analyse-service/Pipfile.lock
+++ b/dbrepo-analyse-service/Pipfile.lock
 {
    "_meta": {
        "hash": {
-            "sha256": "15b4fb696eabcc9059097bb4250de1545aa9c00211e2d50386e7ceead50aee4f"
+            "sha256": "91a5f1d0235af5d5d1888395045bf7550fd647d7dfa55abfe50cb745f91305f6"
        },
        "pipfile-spec": 6,
        "requires": {
@@ -18,11 +18,11 @@
    "default": {
        "aiohappyeyeballs": {
            "hashes": [
-                "sha256:19728772cb12263077982d2f55453babd8bec6a052a926cd5c0c42796da8bf62",
-                "sha256:6cac4f5dd6e34a9644e69cf9021ef679e4394f54e58a183056d12009e42ea9e3"
+                "sha256:c3f9d0113123803ccadfdf3f0faa505bc78e6a72d1cc4806cbd719826e943558",
+                "sha256:f349ba8f4b75cb25c99c5c2d84e997e485204d2902a9597802b0371f09331fb8"
            ],
            "markers": "python_version >= '3.9'",
-            "version": "==2.4.8"
+            "version": "==2.6.1"
        },
        "aiohttp": {
            "hashes": [
@@ -164,11 +164,11 @@
        },
        "attrs": {
            "hashes": [
-                "sha256:1c97078a80c814273a76b2a298a932eb681c87415c11dee0a6921de7f1b02c3e",
-                "sha256:c75a69e28a550a7e93789579c22aa26b0f5b83b75dc4e08fe092980051e1090a"
+                "sha256:18a06db706db43ac232cce80443fcd9f2500702059ecf53489e3c5a3f417acaf",
+                "sha256:611344ff0a5fed735d86d7784610c84f8126b95e549bcad9ff61b4242f2d386b"
            ],
            "markers": "python_version >= '3.8'",
-            "version": "==25.1.0"
+            "version": "==25.2.0"
        },
        "blinker": {
            "hashes": [
@@ -180,20 +180,20 @@
        },
        "boto3": {
            "hashes": [
-                "sha256:4c661389e68437a3fbc1f63decea24b88f7175e022c68622848d47fdf6e0144f",
-                "sha256:e2f4a1edb7e6dbd541c2962117e1c6fea8d5a42788c441a958700a43a3ca7c47"
+                "sha256:8eec08363ef5db05c2fbf58e89f0c0de6276cda2fdce01e76b3b5f423cd5c0f4",
+                "sha256:da6c22fc8a7e9bca5d7fc465a877ac3d45b6b086d776bd1a6c55bdde60523741"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.8'",
-            "version": "==1.37.6"
+            "version": "==1.37.11"
        },
        "botocore": {
            "hashes": [
-                "sha256:2cb121a403cbec047d76e2401a402a6b2efd3309169037fbac588e8f7125aec4",
-                "sha256:cd282fe9c8adbb55a08c7290982a98ac6cc4507fa1c493f48bc43fd6c8376a57"
+                "sha256:02505309b1235f9f15a6da79103ca224b3f3dc5f6a62f8630fbb2c6ed05e2da8",
+                "sha256:72eb3a9a58b064be26ba154e5e56373633b58f951941c340ace0d379590d98b5"
            ],
            "markers": "python_version >= '3.8'",
-            "version": "==1.37.6"
+            "version": "==1.37.11"
        },
        "certifi": {
            "hashes": [
@@ -425,9 +425,9 @@
        },
        "dbrepo": {
            "hashes": [
-                "sha256:e70ea4f7030191eb80116e5d0a4b17b041c94c80359d5d8e707d62218edd9a54"
+                "sha256:e7c1d1a6c0c251e68ce8b865b3e5e95545cc5d861f0d0014a6ad1d8842eb21ed"
            ],
-            "path": "./lib/dbrepo-1.7.1.tar.gz"
+            "path": "./lib/dbrepo-1.7.2.tar.gz"
        },
        "events": {
            "hashes": [
@@ -736,11 +736,11 @@
        },
        "jinja2": {
            "hashes": [
-                "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb",
-                "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"
+                "sha256:0137fb05990d35f1275a587e9aee6d56da821fc83491a0fb838183be43f66d6d",
+                "sha256:85ece4451f492d0c13c5dd7c13a64681a86afae63a5f347908daf103ce6d2f67"
            ],
            "markers": "python_version >= '3.7'",
-            "version": "==3.1.5"
+            "version": "==3.1.6"
        },
        "jmespath": {
            "hashes": [
@@ -1102,11 +1102,11 @@
        },
        "prometheus-flask-exporter": {
            "hashes": [
-                "sha256:587c770a1061e93d72c5cbcdefbd7b633fb764e39dffd7dd16932c9124559244",
-                "sha256:ab49b2c40b57cd35cd51e91e59b3c306b3754477095c4f3cf679034c5122398c"
+                "sha256:41fc9bbd7d48cc958ed8384aacf60c3621d9e903768be61c4e7f0c63872eaf1a",
+                "sha256:94922a636d4c1d8b68e1ee605c30a23e9bbb0b21756df8222aa919634871784c"
            ],
            "index": "pypi",
-            "version": "==0.23.1"
+            "version": "==0.23.2"
        },
        "propcache": {
            "hashes": [
@@ -1591,11 +1591,11 @@
        },
        "setuptools": {
            "hashes": [
-                "sha256:4880473a969e5f23f2a2be3646b2dfd84af9028716d398e46192f84bc36900d2",
-                "sha256:558e47c15f1811c1fa7adbd0096669bf76c1d3f433f58324df69f3f5ecac4e8f"
+                "sha256:199466a166ff664970d0ee145839f5582cb9bca7a0a3a2e795b6a9cb2308e9c6",
+                "sha256:43b4ee60e10b0d0ee98ad11918e114c70701bc6051662a9a675a0496c1a158f4"
            ],
            "markers": "python_version >= '3.9'",
-            "version": "==75.8.2"
+            "version": "==76.0.0"
        },
        "six": {
            "hashes": [

--- a/dbrepo-analyse-service/lib/dbrepo-1.7.1.tar.gz
+++ b/dbrepo-analyse-service/lib/dbrepo-1.7.1.tar.gz
--- a/dbrepo-analyse-service/lib/dbrepo-1.7.1-py3-none-any.whl
+++ b/dbrepo-analyse-service/lib/dbrepo-1.7.1-py3-none-any.whl
--- a/dbrepo-analyse-service/lib/dbrepo-1.7.2.tar.gz
+++ b/dbrepo-analyse-service/lib/dbrepo-1.7.2.tar.gz
--- a/dbrepo-auth-service/listeners/target/create-event-listener.jar
+++ b/dbrepo-auth-service/listeners/target/create-event-listener.jar
--- a/dbrepo-dashboard-service/access.py
+++ b/dbrepo-dashboard-service/access.py
+import logging
+
+from grafana_client.client import GrafanaException
+
+from api.dto import Permission
+from dbrepo.api.dto import Database
+from clients import grafana_client
+
+statistics_row_title = '${table_id}'
+
+
+def update_anonymous_read_access(uid: str, is_public: bool, is_schema_public: bool) -> None:
+    grafana = grafana_client.connect()
+    permissions = grafana.dashboard.get_permissions_by_uid(uid)
+    viewer_role = [permission for permission in permissions if
+                   'permissionName' in permission and permission['permissionName'] != 'View']
+    permission = ''
+    if is_public or is_schema_public:
+        permission = 'View'
+    if len(viewer_role) == 0:
+        logging.warning(f'Failed to find permissionName=View')
+        return None
+    try:
+        response = grafana_client.generic_post(f'/api/access-control/dashboards/{uid}/builtInRoles/Viewer',
+                                               Permission(permission=permission).model_dump())
+        if response.status_code != 200:
+            raise OSError(f'Failed to update anonymous read access: {response.content}')
+    except GrafanaException as e:
+        raise OSError(f'Failed to update anonymous read access: {e.message}')
+    logging.info(f"Updated anonymous read access for dashboard with uid: {uid}")
--- a/dbrepo-dashboard-service/api/dto.py
+++ b/dbrepo-dashboard-service/api/dto.py
+from __future__ import annotations
+
+from typing import Optional
+
+from pydantic import BaseModel
+
+
+class Datasource(BaseModel):
+    uid: str
+    type: str
+    id: Optional[int] = None
+    orgId: Optional[int] = None
+    name: Optional[str] = None
+    typeLogoUrl: Optional[str] = None
+    access: Optional[str] = None
+    url: Optional[str] = None
+    user: Optional[str] = None
+    basicAuth: Optional[bool] = None
+    withCredentials: Optional[bool] = None
+    isDefault: Optional[bool] = None
+    version: Optional[int] = None
+    readOnly: Optional[bool] = None
+    jsonData: Optional[dict] = None
+    secureJsonFields: Optional[dict] = None
+    basicAuthUser: Optional[str] = None
+    basicAuthPassword: Optional[str] = None
+    password: Optional[str] = None
+
+
+class CreateDatasource(BaseModel):
+    name: str
+    type: str
+    access: str
+    url: str
+    basicAuth: bool
+    version: int
+    readOnly: bool
+    jsonData: Optional[dict] = None
+    secureJsonData: Optional[dict] = None
+    basicAuthUser: Optional[str] = None
+
+
+class Permission(BaseModel):
+    permission: str
+
+
+class CreateDatasourceRequest(BaseModel):
+    database_internal_name: str
+    readonly: bool
+    type: str
--- a/dbrepo-dashboard-service/clients/grafana_client.py
+++ b/dbrepo-dashboard-service/clients/grafana_client.py
+import logging
+import os
+
+import requests
+from requests import Response
+
+from grafana_client import GrafanaApi
+
+url = os.getenv('DASHBOARD_UI_ENDPOINT', 'http://localhost:3000')
+username = os.getenv('SYSTEM_USERNAME', 'admin')
+password = os.getenv('SYSTEM_PASSWORD', 'admin')
+
+
+def connect() -> GrafanaApi:
+    return GrafanaApi.from_url(url=f'{url}', credential=(username, password))
+
+
+def generic_get(api_url: str) -> Response:
+    request_url = url + api_url
+    logging.debug(f'generic get url={request_url}, auth=({username}, <reacted>)')
+    return requests.get(request_url, auth=(username, password))
+
+
+def generic_post(api_url: str, payload: dict) -> Response:
+    request_url = url + api_url
+    logging.debug(f'generic post url={request_url}, payload={payload}, auth=({username}, <reacted>)')
+    return requests.post(request_url, json=payload, auth=(username, password))
--- a/dbrepo-dashboard-service/clients/keycloak_client.py
+++ b/dbrepo-dashboard-service/clients/keycloak_client.py
+from dataclasses import dataclass
+from typing import List
+
+import requests
+from flask import current_app
+from jwt import jwk_from_pem, JWT
+
+
+@dataclass(init=True, eq=True)
+class User:
+    username: str
+    roles: List[str]
+
+
+class KeycloakClient:
+
+    def obtain_user_token(self, username: str, password: str) -> str:
+        response = requests.post(
+            f"{current_app.config['AUTH_SERVICE_ENDPOINT']}/realms/dbrepo/protocol/openid-connect/token",
+            data={
+                "username": username,
+                "password": password,
+                "grant_type": "password",
+                "client_id": current_app.config["AUTH_SERVICE_CLIENT"],
+                "client_secret": current_app.config["AUTH_SERVICE_CLIENT_SECRET"]
+            })
+        body = response.json()
+        if "access_token" not in body:
+            raise AssertionError(f"Failed to obtain user token(s): {response.status_code}")
+        return response.json()["access_token"]
+
+    def verify_jwt(self, access_token: str) -> User:
+        public_key = jwk_from_pem(str(current_app.config["JWT_PUBKEY"]).encode('utf-8'))
+        payload = JWT().decode(message=access_token, key=public_key, do_time_check=True)
+        return User(username=payload.get('client_id'), roles=payload.get('realm_access')["roles"])
No results found