Redshift connectors

[Avinash-Kamath]

Add Request response for Redshift connectors

Summary by CodeRabbit

• New Features

  • Added Trusted IdP authentication support for connected accounts (credential-based trusted identity).

• Bug Fixes

  • Authentication retry behavior tightened: exhausted retries now raise immediately instead of attempting re-authentication.
  • Custom provider auth fields now preserve intentionally empty values from server responses.

• Chores

  • SDK version bumped to 2.12.0 and generated proto/schema artifacts refreshed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2ccc93a1-ba65-48e3-b690-b25389a29e1f

📥 Commits

Reviewing files that changed from the base of the PR and between d680711 and dd809d3.

📒 Files selected for processing (2)

• scalekit/actions/models/custom_provider.py
• tests/test_permissions.py

---

Walkthrough

Adds Trusted IdP types and wiring: regenerated protobuf descriptors and .pyi entries for TRUSTED_IDP and TrustedIDPAuth, request models serialize trusted_idp into protobuf, responses parse trusted_idp back to dicts (expiry → datetime), CoreClient grpc unauthenticated path stops when retries are exhausted, proto ref and SDK version bumped, small fallback and test updates.

Changes

TrustedIDP Authorization Support

Layer / File(s)	Summary
TrustedIDP schema and protobuf types scalekit/v1/connected_accounts/connected_accounts_pb2.pyi, scalekit/v1/connected_accounts/connected_accounts_pb2.py, scalekit/v1/connections/connections_pb2.pyi	ConnectorType/ConnectionType gain TRUSTED_IDP. New TrustedIDPAuth message and AuthorizationDetails.trusted_idp were added; generated descriptor bytes and serialized offsets/options were regenerated.
Request models convert TrustedIDP to protobuf scalekit/actions/models/requests/create_connected_account_request.py, scalekit/actions/models/requests/update_connected_account_request.py	to_proto() branches now validate authorization_details["trusted_idp"] as a dict, extract db_user, access_key_id, secret_access_key, session_token, construct TrustedIDPAuth, and wrap it in AuthorizationDetails.
Response model parses TrustedIDP from protobuf scalekit/actions/models/responses/get_connected_account_auth_response.py	ConnectedAccount.from_proto() extracts the trusted_idp variant into authorization_details["trusted_idp"] and converts optional expiry to a Python datetime.

Supporting and Hygiene Changes

Layer / File(s)	Summary
Version bump, proto ref, and retry floor scalekit/_version.py, Makefile, scalekit/core.py	Public __version__ updated to 2.12.0. PROTO_REF bumped to v0.1.128.0 in Makefile. CoreClient.grpc_exec now raises ScalekitServerException.promote(exp) immediately when UNAUTHENTICATED and retry <= 0.
AuthField fallback and test expectation change scalekit/actions/models/custom_provider.py, tests/test_permissions.py	AuthField.from_dict now uses d.get(key) or default fallbacks (affecting handling of falsy server values). Tests updated to import ScalekitConflictException and expect it for duplicate-permission creation.

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly Related PRs

• scalekit-inc/scalekit-sdk-python#148: Adds GetConnectedAccountDetailsResponse that builds on ConnectedAccount.from_proto parsing (relevant to the new trusted_idp parsing).

Poem

🐰 I found a trusted IdP today,
Keys tucked in fields that show the way;
Protos grew a new small song,
Requests and responses sing along—
Version hopped to 2.12.0, hip hooray!

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title 'Redshift connectors' is too vague and does not accurately represent the main changes. The PR includes version bumps, Trusted IDP authentication support, error handling improvements, and test fixes—not just Redshift connector changes.	Use a more descriptive title that captures the primary change, such as 'Add Trusted IDP authentication support and fix null AuthField handling' or focus on the main feature being added.
Docstring Coverage	⚠️ Warning	Docstring coverage is 37.50% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch redshift-connectors

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

scalekit/actions/models/responses/get_connected_account_auth_response.py (1)

71-79: ⚡ Quick win

Add Trusted IdP decode parity tests in tests/test_actions.py.

Please add a ConnectedAccount.from_proto() test for the trusted_idp oneof (fields + expiry conversion), mirroring the existing google_dwd coverage pattern.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scalekit/actions/models/responses/get_connected_account_auth_response.py`
around lines 71 - 79, Add a unit test that exercises
ConnectedAccount.from_proto() for the trusted_idp oneof mirroring the google_dwd
test pattern: construct a proto_account with authorization_details.trusted_idp
populated (db_user, access_key_id, secret_access_key, session_token and expiry),
call ConnectedAccount.from_proto(proto_account) and assert the resulting
ConnectedAccount.authorization_details["trusted_idp"] fields match the input
values and that expiry was converted via ToDatetime() (or is None when unset);
follow the existing google_dwd test structure and naming to ensure parity and
coverage.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scalekit/actions/models/requests/create_connected_account_request.py`:
- Around line 60-70: In the branch that handles
self.authorization_details["trusted_idp"] (inside
create_connected_account_request), stop coercing missing keys to empty strings;
instead validate that required fields (e.g., access_key_id and
secret_access_key, and db_user if required) exist and are non-empty strings and
raise a ValueError describing the missing/empty key(s). Replace
idp_data.get("...", "") calls with explicit presence checks on idp_data and pass
the actual values to TrustedIDPAuth (do not default to ""), keeping
AuthorizationDetails(trusted_idp=trusted_idp) as before.

In `@scalekit/core.py`:
- Line 168: When promoting a caught grpc.RpcError, preserve it as the causal
exception by raising the promoted exception with explicit exception chaining;
modify the raise that currently calls ScalekitServerException.promote(exp) so
the new exception is raised "from" the original grpc.RpcError (the caught
variable exp) to maintain the original traceback and cause information for
debugging.

---

Nitpick comments:
In `@scalekit/actions/models/responses/get_connected_account_auth_response.py`:
- Around line 71-79: Add a unit test that exercises
ConnectedAccount.from_proto() for the trusted_idp oneof mirroring the google_dwd
test pattern: construct a proto_account with authorization_details.trusted_idp
populated (db_user, access_key_id, secret_access_key, session_token and expiry),
call ConnectedAccount.from_proto(proto_account) and assert the resulting
ConnectedAccount.authorization_details["trusted_idp"] fields match the input
values and that expiry was converted via ToDatetime() (or is None when unset);
follow the existing google_dwd test structure and naming to ensure parity and
coverage.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 52bc183c-769a-480c-876e-d1ed16db0e9d

📥 Commits

Reviewing files that changed from the base of the PR and between d399a7b and 9d5752f.

📒 Files selected for processing (9)

• scalekit/_version.py
• scalekit/actions/models/requests/create_connected_account_request.py
• scalekit/actions/models/requests/update_connected_account_request.py
• scalekit/actions/models/responses/get_connected_account_auth_response.py
• scalekit/core.py
• scalekit/v1/connected_accounts/connected_accounts_pb2.py
• scalekit/v1/connected_accounts/connected_accounts_pb2.pyi
• scalekit/v1/connections/connections_pb2.py
• scalekit/v1/connections/connections_pb2.pyi