Add role-based filtering and imporve code

services/external/Dockerfile

@@ -17,9 +17,13 @@ RUN apt-get update && apt-get install -y \
     && rm -rf /var/lib/apt/lists/*
 
 # Copy requirements
+COPY shared/requirements-tracing.txt /tmp/
+
 COPY services/external/requirements.txt .
 
 # Install Python dependencies
+RUN pip install --no-cache-dir -r /tmp/requirements-tracing.txt
+
 RUN pip install --no-cache-dir -r requirements.txt
 
 # Copy shared libraries from the shared stage

services/external/app/api/city_operations.py

@@ -15,7 +15,7 @@ from app.schemas.traffic import TrafficDataResponse
 from app.registry.city_registry import CityRegistry
 from app.registry.geolocation_mapper import GeolocationMapper
 from app.repositories.city_data_repository import CityDataRepository
-from app.cache.redis_cache import ExternalDataCache
+from app.cache.redis_wrapper import ExternalDataCache
 from app.services.weather_service import WeatherService
 from app.services.traffic_service import TrafficService
 from shared.routing.route_builder import RouteBuilder

services/external/app/api/traffic_data.py

@@ -12,6 +12,8 @@ import structlog
 from app.schemas.traffic import TrafficDataResponse
 from app.services.traffic_service import TrafficService
 from shared.routing.route_builder import RouteBuilder
+from shared.auth.decorators import get_current_user_dep
+from shared.auth.access_control import analytics_tier_required
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.core.database import get_db
 
@@ -29,6 +31,7 @@ def get_traffic_service():
     route_builder.build_base_route("traffic-data"),
     response_model=List[TrafficDataResponse]
 )
+@analytics_tier_required
 async def list_traffic_data(
     tenant_id: UUID = Path(..., description="Tenant ID"),
     start_date: Optional[date] = Query(None),
@@ -36,10 +39,11 @@ async def list_traffic_data(
     latitude: Optional[float] = Query(None),
     longitude: Optional[float] = Query(None),
     limit: int = Query(100, ge=1, le=1000),
+    current_user: dict = Depends(get_current_user_dep),
     db: AsyncSession = Depends(get_db),
     traffic_service: TrafficService = Depends(get_traffic_service)
 ):
-    """List stored traffic data records"""
+    """List stored traffic data records (Professional+ tier required)"""
     try:
         logger.info("Listing traffic data", tenant_id=tenant_id)
 
@@ -64,9 +68,11 @@ async def list_traffic_data(
     route_builder.build_resource_detail_route("traffic-data", "traffic_id"),
     response_model=TrafficDataResponse
 )
+@analytics_tier_required
 async def get_traffic_data(
     tenant_id: UUID = Path(..., description="Tenant ID"),
     traffic_id: UUID = Path(..., description="Traffic data ID"),
+    current_user: dict = Depends(get_current_user_dep),
     db: AsyncSession = Depends(get_db),
     traffic_service: TrafficService = Depends(get_traffic_service)
 ):

services/external/app/api/weather_data.py

@@ -12,6 +12,8 @@ import structlog
 from app.schemas.weather import WeatherDataResponse
 from app.services.weather_service import WeatherService
 from shared.routing.route_builder import RouteBuilder
+from shared.auth.decorators import get_current_user_dep
+from shared.auth.access_control import analytics_tier_required
 from sqlalchemy.ext.asyncio import AsyncSession
 from app.core.database import get_db
 
@@ -29,6 +31,7 @@ def get_weather_service():
     route_builder.build_base_route("weather-data"),
     response_model=List[WeatherDataResponse]
 )
+@analytics_tier_required
 async def list_weather_data(
     tenant_id: UUID = Path(..., description="Tenant ID"),
     start_date: Optional[date] = Query(None),
@@ -36,10 +39,11 @@ async def list_weather_data(
     latitude: Optional[float] = Query(None),
     longitude: Optional[float] = Query(None),
     limit: int = Query(100, ge=1, le=1000),
+    current_user: dict = Depends(get_current_user_dep),
     db: AsyncSession = Depends(get_db),
     weather_service: WeatherService = Depends(get_weather_service)
 ):
-    """List stored weather data records"""
+    """List stored weather data records (Professional+ tier required)"""
     try:
         logger.info("Listing weather data", tenant_id=tenant_id)
 
@@ -64,9 +68,11 @@ async def list_weather_data(
     route_builder.build_resource_detail_route("weather-data", "weather_id"),
     response_model=WeatherDataResponse
 )
+@analytics_tier_required
 async def get_weather_data(
     tenant_id: UUID = Path(..., description="Tenant ID"),
     weather_id: UUID = Path(..., description="Weather data ID"),
+    current_user: dict = Depends(get_current_user_dep),
     db: AsyncSession = Depends(get_db),
     weather_service: WeatherService = Depends(get_weather_service)
 ):

services/external/app/cache/redis_wrapper.py

@@ -1,15 +1,13 @@
-# services/external/app/cache/redis_cache.py
+# services/external/app/cache/redis_wrapper.py
 """
-Redis cache layer for fast training data access
+Redis cache layer for fast training data access using shared Redis implementation
 """
 
 from typing import List, Dict, Any, Optional
 import json
 from datetime import datetime, timedelta
 import structlog
-import redis.asyncio as redis
-
-from app.core.config import settings
+from shared.redis_utils import get_redis_client
 
 logger = structlog.get_logger()
 
@@ -18,12 +16,11 @@ class ExternalDataCache:
     """Redis cache for external data service"""
 
     def __init__(self):
-        self.redis_client = redis.from_url(
-            settings.REDIS_URL,
-            encoding="utf-8",
-            decode_responses=True
-        )
-        self.ttl = 86400 * 7
+        self.ttl = 86400 * 7  # 7 days
+
+    async def _get_client(self):
+        """Get the shared Redis client"""
+        return await get_redis_client()
 
     def _weather_cache_key(
         self,
@@ -43,7 +40,8 @@ class ExternalDataCache:
         """Get cached weather data"""
         try:
             key = self._weather_cache_key(city_id, start_date, end_date)
-            cached = await self.redis_client.get(key)
+            client = await self._get_client()
+            cached = await client.get(key)
 
             if cached:
                 logger.debug("Weather cache hit", city_id=city_id, key=key)
@@ -84,7 +82,8 @@ class ExternalDataCache:
 
                 serializable_data.append(record_dict)
 
-            await self.redis_client.setex(
+            client = await self._get_client()
+            await client.setex(
                 key,
                 self.ttl,
                 json.dumps(serializable_data)
@@ -113,7 +112,8 @@ class ExternalDataCache:
         """Get cached traffic data"""
         try:
             key = self._traffic_cache_key(city_id, start_date, end_date)
-            cached = await self.redis_client.get(key)
+            client = await self._get_client()
+            cached = await client.get(key)
 
             if cached:
                 logger.debug("Traffic cache hit", city_id=city_id, key=key)
@@ -154,7 +154,8 @@ class ExternalDataCache:
 
                 serializable_data.append(record_dict)
 
-            await self.redis_client.setex(
+            client = await self._get_client()
+            await client.setex(
                 key,
                 self.ttl,
                 json.dumps(serializable_data)
@@ -168,11 +169,18 @@ class ExternalDataCache:
     async def invalidate_city_cache(self, city_id: str):
         """Invalidate all cache entries for a city"""
         try:
+            client = await self._get_client()
             pattern = f"*:{city_id}:*"
-            async for key in self.redis_client.scan_iter(match=pattern):
-                await self.redis_client.delete(key)
 
-            logger.info("City cache invalidated", city_id=city_id)
+            # Use scan_iter for safer key pattern matching
+            keys_to_delete = []
+            async for key in client.scan_iter(match=pattern):
+                keys_to_delete.append(key)
+
+            if keys_to_delete:
+                await client.delete(*keys_to_delete)
+
+            logger.info("City cache invalidated", city_id=city_id, keys_deleted=len(keys_to_delete))
 
         except Exception as e:
             logger.error("Error invalidating cache", error=str(e))

services/external/app/models/__init__.py

@@ -4,6 +4,13 @@ External Service Models Package
 Import all models to ensure they are registered with SQLAlchemy Base.
 """
 
+# Import AuditLog model for this service
+from shared.security import create_audit_log_model
+from shared.database.base import Base
+
+# Create audit log model for this service
+AuditLog = create_audit_log_model(Base)
+
 # Import all models to register them with the Base metadata
 from .traffic import (
     TrafficData,
@@ -31,4 +38,5 @@ __all__ = [
     # City-based models (new)
     "CityWeatherData",
     "CityTrafficData",
+    "AuditLog",
 ]

services/external/migrations/versions/20251015_1230_b97bab14ac47_initial_schema_20251015_1230.py

@@ -1,8 +1,8 @@
-"""initial_schema_20251009_2039
+"""initial_schema_20251015_1230
 
-Revision ID: e1c05c379c10
+Revision ID: b97bab14ac47
 Revises: 
-Create Date: 2025-10-09 20:39:49.989716+02:00
+Create Date: 2025-10-15 12:30:54.963197+02:00
 
 """
 from typing import Sequence, Union
@@ -12,7 +12,7 @@ import sqlalchemy as sa
 from sqlalchemy.dialects import postgresql
 
 # revision identifiers, used by Alembic.
-revision: str = 'e1c05c379c10'
+revision: str = 'b97bab14ac47'
 down_revision: Union[str, None] = None
 branch_labels: Union[str, Sequence[str], None] = None
 depends_on: Union[str, Sequence[str], None] = None
@@ -20,6 +20,38 @@ depends_on: Union[str, Sequence[str], None] = None
 
 def upgrade() -> None:
     # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('audit_logs',
+    sa.Column('id', sa.UUID(), nullable=False),
+    sa.Column('tenant_id', sa.UUID(), nullable=False),
+    sa.Column('user_id', sa.UUID(), nullable=False),
+    sa.Column('action', sa.String(length=100), nullable=False),
+    sa.Column('resource_type', sa.String(length=100), nullable=False),
+    sa.Column('resource_id', sa.String(length=255), nullable=True),
+    sa.Column('severity', sa.String(length=20), nullable=False),
+    sa.Column('service_name', sa.String(length=100), nullable=False),
+    sa.Column('description', sa.Text(), nullable=True),
+    sa.Column('changes', postgresql.JSON(astext_type=sa.Text()), nullable=True),
+    sa.Column('audit_metadata', postgresql.JSON(astext_type=sa.Text()), nullable=True),
+    sa.Column('ip_address', sa.String(length=45), nullable=True),
+    sa.Column('user_agent', sa.Text(), nullable=True),
+    sa.Column('endpoint', sa.String(length=255), nullable=True),
+    sa.Column('method', sa.String(length=10), nullable=True),
+    sa.Column('created_at', sa.DateTime(timezone=True), nullable=False),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index('idx_audit_resource_type_action', 'audit_logs', ['resource_type', 'action'], unique=False)
+    op.create_index('idx_audit_service_created', 'audit_logs', ['service_name', 'created_at'], unique=False)
+    op.create_index('idx_audit_severity_created', 'audit_logs', ['severity', 'created_at'], unique=False)
+    op.create_index('idx_audit_tenant_created', 'audit_logs', ['tenant_id', 'created_at'], unique=False)
+    op.create_index('idx_audit_user_created', 'audit_logs', ['user_id', 'created_at'], unique=False)
+    op.create_index(op.f('ix_audit_logs_action'), 'audit_logs', ['action'], unique=False)
+    op.create_index(op.f('ix_audit_logs_created_at'), 'audit_logs', ['created_at'], unique=False)
+    op.create_index(op.f('ix_audit_logs_resource_id'), 'audit_logs', ['resource_id'], unique=False)
+    op.create_index(op.f('ix_audit_logs_resource_type'), 'audit_logs', ['resource_type'], unique=False)
+    op.create_index(op.f('ix_audit_logs_service_name'), 'audit_logs', ['service_name'], unique=False)
+    op.create_index(op.f('ix_audit_logs_severity'), 'audit_logs', ['severity'], unique=False)
+    op.create_index(op.f('ix_audit_logs_tenant_id'), 'audit_logs', ['tenant_id'], unique=False)
+    op.create_index(op.f('ix_audit_logs_user_id'), 'audit_logs', ['user_id'], unique=False)
     op.create_table('city_traffic_data',
     sa.Column('id', sa.UUID(), nullable=False),
     sa.Column('city_id', sa.String(length=50), nullable=False),
@@ -265,4 +297,18 @@ def downgrade() -> None:
     op.drop_index(op.f('ix_city_traffic_data_city_id'), table_name='city_traffic_data')
     op.drop_index('idx_city_traffic_lookup', table_name='city_traffic_data')
     op.drop_table('city_traffic_data')
+    op.drop_index(op.f('ix_audit_logs_user_id'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_tenant_id'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_severity'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_service_name'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_resource_type'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_resource_id'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_created_at'), table_name='audit_logs')
+    op.drop_index(op.f('ix_audit_logs_action'), table_name='audit_logs')
+    op.drop_index('idx_audit_user_created', table_name='audit_logs')
+    op.drop_index('idx_audit_tenant_created', table_name='audit_logs')
+    op.drop_index('idx_audit_severity_created', table_name='audit_logs')
+    op.drop_index('idx_audit_service_created', table_name='audit_logs')
+    op.drop_index('idx_audit_resource_type_action', table_name='audit_logs')
+    op.drop_table('audit_logs')
     # ### end Alembic commands ###