Merge branch 'master' into fix/more_specific_exceptions

.flake8

@@ -43,6 +43,9 @@ exclude =
     # Skip the auto-generated ui file.
     python/tank/authentication/ui/login_dialog.py,
     python/tank/authentication/ui/resources_rc.py,
+    python/tank/platform/qt/ui_busy_dialog.py,
+    python/tank/platform/qt/ui_item.py,
+    python/tank/platform/qt/ui_tank_dialog.py,
     python/tank/authentication/sso_saml2/*,
     tests/python
 

README.md

@@ -1,26 +1,26 @@
-[![VFX Platform](https://img.shields.io/badge/vfxplatform-2020-yellow.svg)](http://www.vfxplatform.com/)
-[![Python 2.7 3.7](https://img.shields.io/badge/python-2.7%20%7C%203.7-blue.svg)](https://www.python.org/)
+[![VFX Platform](https://img.shields.io/badge/vfxplatform-2024%20%7C%202023%20%7C%202022%20%7C%202021-blue.svg)](http://www.vfxplatform.com/)
+[![Python](https://img.shields.io/badge/python-3.11%20%7C%203.10%20%7C%203.9%20%7C%203.7-blue.svg)](https://www.python.org/)
 [![Reference Documentation](http://img.shields.io/badge/doc-reference-blue.svg)](http://developer.shotgridsoftware.com/tk-core)
 [![Build Status](https://dev.azure.com/shotgun-ecosystem/Toolkit/_apis/build/status/shotgunsoftware.tk-core?branchName=master)](https://dev.azure.com/shotgun-ecosystem/Toolkit/_build/latest?definitionId=38&branchName=master)
 [![codecov](https://codecov.io/gh/shotgunsoftware/tk-core/branch/master/graph/badge.svg)](https://codecov.io/gh/shotgunsoftware/tk-core)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
 [![Linting](https://img.shields.io/badge/PEP8%20by-Hound%20CI-a873d1.svg)](https://houndci.com)
 
-# ShotGrid Pipeline Toolkit Core API
+# Flow Production Tracking Core API
 
-This repository represents the ShotGrid Pipeline Toolkit Core API.
+This repository represents the Flow Production Tracking Core API.
 
-## Getting started with the ShotGrid Pipeline Toolkit
+## Getting started with the Flow Production Tracking
 
-Installing the ShotGrid Pipeline Toolkit is normally done via our
-ShotGrid App Store. For detailed instructions on how to get started
+Installing the Flow Production Tracking is normally done via our
+Flow Production Tracking App Store. For detailed instructions on how to get started
 with Toolkit, head over to our support site:
-https://developer.shotgridsoftware.com/e95205a8/?title=An+Overview+of+Toolkit
+https://help.autodesk.com/view/SGDEV/ENU/?contextId=PG_INTEGRATIONS_TOOLKIT_OVERVIEW
 
 ## Reference Documentation and Release Notes
 
 For our *latest released API Documentation*, head over to the Toolkit App Store:
-https://developer.shotgridsoftware.com/d587be80/?title=Integrations+User+Guide
+https://help.autodesk.com/view/SGDEV/ENU/?contextId=SA_INTEGRATIONS_USER_GUIDE
 
 Release Notes for the Core API are also maintained as a wiki document
 and can be found here: https://github.com/shotgunsoftware/tk-core/wiki/Release-Notes

SECURITY.md

@@ -0,0 +1,35 @@
+# Security Policy
+
+## Security
+
+At Autodesk, we know that the security of your data is critical to your studio’s
+operation.
+As the industry shifts to the cloud, Flow Production Tracking knows that security and service
+models are more important than ever.
+
+The confidentiality, integrity, and availability of your content is at the top
+of our priority list.
+Not only do we have a team of Flow Production Tracking engineers dedicated to platform security
+and performance, we are also backed by Autodesk’s security team, also invests
+heavily in the security for broad range of industries and customers.
+We constantly reassess, develop, and improve our risk management program because
+we know that the landscape of security is ever-changing.
+
+If you believe you have found a security vulnerability in any Flow Production Tracking-owned
+repository, please report it to us as described below.
+
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them by sending a message to
+[Autodesk Trust Center](https://www.autodesk.com/trust/contact-us).
+
+Please include as much information as you can provide such as locations,
+configurations, reproduction steps, exploit code, impact, etc.
+
+
+## Additional Information
+
+Please check out the [Flow Production Tracking Security White Paper](https://help.autodesk.com/view/SGSUB/ENU/?guid=SG_Administrator_ar_general_security_ar_security_white_paper_html).

codecov.yml

@@ -3,3 +3,6 @@ ignore:
   # ignore generated QT files
   - "**tank/authentication/ui/login_dialog.py"
   - "**tank/authentication/ui/resources_rc.py"
+
+  # disable PySide6 code coverage for now
+  - "**tank/util/pyside6_patcher.py"

developer/README.md

@@ -1,4 +1,4 @@
-# Shotgun Pipeline Toolkit Core API
+# Flow Production Tracking Core API
 
 ## How to upgrade pyyaml
 
@@ -14,3 +14,13 @@ If you need to upgrade this package you can use the script `upgrade_pyyaml.py`.
 cd tk-core/developer
 python upgrade_pyyaml.py
 ```
+
+
+## The requirements.txt file
+
+The file `developer/requirements.txt` is not used to install any packages,
+however exists so that automated checks for CVEs in dependencies will know about
+bundled packages in `python/tank_vendor`.
+
+For this reason, it's important to add any newly bundled packages to this file,
+and to keep the file up to date if the bundled version of a module changes.

developer/bake_config.py

@@ -295,7 +295,7 @@ def main():
     try:
         sg_connection.find_one("HumanUser", [])
     except ShotgunError as e:
-        logger.error("Could not communicate with ShotGrid: %s" % e)
+        logger.error("Could not communicate with Flow Production Tracking: %s" % e)
         return 3
 
     # Strip any extra whitespaces and make sure every bundle type exists.

developer/build_plugin.py

@@ -815,7 +815,7 @@ def main():
     try:
         sg_connection.find_one("HumanUser", [])
     except Exception as e:
-        logger.error("Could not communicate with ShotGrid: %s" % e)
+        logger.error("Could not communicate with Flow Production Tracking: %s" % e)
         return 3
 
     # we are all set.

developer/requirements.txt

@@ -0,0 +1,14 @@
+#
+# This file aims to reflect the list of python packages installed in the
+# python/tank_vendor folder.
+#
+# Not designed to be run in a PIP install command but rather, it's goal is to
+# provide a list of package+version readable for code scan bot so we can collect
+# security reports.
+#
+
+distro==1.4.0
+ordereddict==1.1
+pyyaml==5.4.1
+ruamel_yaml==0.10.10
+six==1.13.0

developer/shotgun_api_update.sh

@@ -86,6 +86,9 @@ echo "Copying Shotgun API to the required location..."
 # Copy the files to the destination
 cp -R $DEST_REPO/shotgun_api3 $DEST/..
 
+# Copy the software_credits file
+cp $DEST_REPO/software_credits $DEST/software_credits
+
 # Move to the git repo to generate the sha and write it to the $DEST
 pushd $DEST_REPO
 git rev-parse HEAD > $DEST/commit_id

developer/utils/authentication.py

@@ -38,9 +38,9 @@ def add_authentication_options(parser):
     """
     group = optparse.OptionGroup(
         parser,
-        "SG Authentication",
+        "PTR Authentication",
         "In order to download content from the Toolkit app store, the script will need to authenticate "
-        "against any SG site. By default, it will use the toolkit authentication APIs stored "
+        "against any PTR site. By default, it will use the toolkit authentication APIs stored "
         "credentials, and if such are not found, it will prompt for site, username and password.",
     )
 
@@ -49,7 +49,7 @@ def add_authentication_options(parser):
         "--shotgun-host",
         default=None,
         action="store",
-        help="SG host to authenticate with.",
+        help="PTR host to authenticate with.",
     )
 
     group.add_option(
@@ -101,7 +101,7 @@ def authenticate(options):
         sg_user = sg_auth.create_script_user(script_name, script_key, shotgun_host)
 
     else:
-        logger.info("Connect to any SG site to collect AppStore keys.")
+        logger.info("Connect to any PTR site to collect AppStore keys.")
         # get user, prompt if necessary
         sg_user = sg_auth.get_user()
 

developer/utils/caching.py

@@ -97,7 +97,7 @@ def cache_apps(
         # We should not attempt to cache descriptors that are path-based. Not only don't they
         # need to be cached, but they might be using special tokens like CONFIG_FOLDER
         # that can't be understood outside a pipeline configuration. We also skip caching
-        # app_store descriptors in sparse configs since SG Desktop will take care of downloading
+        # app_store descriptors in sparse configs since Flow Production Tracking will take care of downloading
         # these automatically from the app store at runtime.
 
         if desc["type"] in ["dev", "path"]:

docs/authentication.rst

@@ -8,31 +8,31 @@ Authentication
 Introduction
 ----------------------------------------
 
-When you run the ShotGrid pipeline Toolkit, it will connect to ShotGrid on a regular basis in order to carry out
+When you run the Flow Production Tracking, it will connect to Flow Production Tracking on a regular basis in order to carry out
 certain operations. For example, you publish a new render or you browse for an item that you want to load into
-your scene. In order to do that, Toolkit will need to log in to ShotGrid, either to read or write data, which means that it will
-need to make sure the current user is authenticated so that a connection with the ShotGrid server can be established.
+your scene. In order to do that, Toolkit will need to log in to Flow Production Tracking, either to read or write data, which means that it will
+need to make sure the current user is authenticated so that a connection with the Flow Production Tracking server can be established.
 
 .. note:: The Toolkit authentication API does not require an installed or
     bootstrapped instance of the Toolkit Core platform. You can use it
     simply by importing ``sgtk`` and calling its methods.
 
-Toolkit uses session tokens for authentication. These are unique identifiers which are generated by the ShotGrid server.
-Whenever a ShotGrid API request comes in from Toolkit, this session token is passed along so that the server can
+Toolkit uses session tokens for authentication. These are unique identifiers which are generated by the Flow Production Tracking server.
+Whenever a Flow Production Tracking API request comes in from Toolkit, this session token is passed along so that the server can
 validate it and grant access to the request. These session tokens time out after a certain period of inactivity,
 usually 24 hours, and whenever this happens, the user is typically prompted to enter their password again in order
 for Toolkit to retrieve a new session token.
 
-This ``sgtk.authentication`` API handles the notion of the current user and wraps around the ShotGrid API to ensure that
+This ``sgtk.authentication`` API handles the notion of the current user and wraps around the Flow Production Tracking API to ensure that
 if a session times out, the user is prompted to re-enter their credentials. The API and process for
 authentication can be summarized as follows:
 
 - A :class:`ShotgunAuthenticator` class is used to handle the actual authentication process. This can be called
   in various ways and also wraps around storing authenticated sessions so that the user doesn't have to keep
   typing their password in.
 - After a successful authentication operation, the :class:`ShotgunAuthenticator` returns a :class:`ShotgunUser` object.
-  This object represents the user and can be used to generate a ShotGrid API instance which belongs to the user. The
-  generated API instance is subclassed from the normal ShotGrid API and gracefully traps when the user credentials are
+  This object represents the user and can be used to generate a Flow Production Tracking API instance which belongs to the user. The
+  generated API instance is subclassed from the normal Flow Production Tracking API and gracefully traps when the user credentials are
   no longer valid (which usually happens after a certain period of inactivity). In this case it will automatically
   present the user with a password prompt.
 - :class:`ShotgunUser` objects can be serialized via the :meth:`serialize_user` and :meth:`deserialize_user` methods
@@ -44,7 +44,7 @@ authentication can be summarized as follows:
 - If you want to control how the :class:`ShotgunAuthenticator` creates a user object and caches session data
   inbetween invocations, you can subclass the :class:`DefaultsManager`.
 
-Normally, the tk session is created automatically as part of the DCC launch process, ``tank`` command or ShotGrid
+Normally, the tk session is created automatically as part of the DCC launch process, ``tank`` command or Flow Production Tracking
 Desktop, so there is little to worry about. There are some use cases where controlling the authentication directly
 may be useful:
 
@@ -62,8 +62,8 @@ may be useful:
     sa = sgtk.authentication.ShotgunAuthenticator()
 
     # Use the authenticator to create a user object. This object
-    # identifies a ShotGrid user or script and also wraps around
-    # a ShotGrid API instance which is associated with that user.
+    # identifies a Flow Production Tracking user or script and also wraps around
+    # a Flow Production Tracking API instance which is associated with that user.
     user = sa.create_script_user(api_script="myscript",
                                  api_key="xxxxx",
                                  host="https://myhost.shotgrid.autodesk.com")

docs/core.rst

@@ -38,8 +38,8 @@ Sgtk
 Authentication
 ==============
 
-Certain API operations require ShotGrid data and hence require a way for the API
-to establish a connection to ShotGrid. The easiest way to handle this is by
+Certain API operations require Flow Production Tracking data and hence require a way for the API
+to establish a connection to Flow Production Tracking. The easiest way to handle this is by
 making sure that each API instance has an associated authenticated user:
 
 .. autofunction:: set_authenticated_user
@@ -128,7 +128,7 @@ and copy it to your configuration's ``core/hooks`` folder.
 .. note::
     A core hook cannot be executed before Toolkit (the :class:`Sgtk` instance) has
     been initialized. This happens when :meth:`ToolkitManager.bootstrap_engine` is
-    called during ShotGrid Desktop bootstrap. Any customization of the core behavior
+    called during Flow Production Tracking bootstrap. Any customization of the core behavior
     must be added afterwards.
 
 Here is the list of hooks that be taken over in the Toolkit core.
@@ -168,6 +168,13 @@ context_change.py
 .. autoclass:: context_change.ContextChange
     :members:
 
+default_storage_root.py
+~~~~~~~~~~~~~~~~~~~~~~~
+
+.. automodule:: default_storage_root
+.. autoclass:: default_storage_root.DefaultStorageRoot
+    :members:
+
 engine_init.py
 ~~~~~~~~~~~~~~
 
@@ -254,7 +261,7 @@ Templates
 
 The Toolkit template system is used to handle path and string token manipulations.
 
-Since the ShotGrid Toolkit is file system based, Apps will need to resolve file paths whenever
+Since the Flow Production Tracking is file system based, Apps will need to resolve file paths whenever
 they need to read or write data from disk. Apps are file system structure agnostic - meaning
 that they don't know how the file system is organized. The template system handles all this for them.
 
@@ -291,12 +298,12 @@ The template API lets you jump between a list of field values and paths::
     '/projects/bbb/shots/001_002/comp/pub/main_scene.v003.ma'
 
 Note how the above path and template has two different types of fields: The Shot and Step fields are
-high-level fields with equivalent objects in ShotGrid (a Shot and a Pipeline Step) where the name and
+high-level fields with equivalent objects in Flow Production Tracking (a Shot and a Pipeline Step) where the name and
 the version fields are very specific to this particular type of template (in this case a publish path.).
 If we wanted to describe a publish path for an asset rather than a shot, we would still have a name
 and a version field, since this is needed for all publishes, regardless of what type of data it is -
 however, we would not have a Shot and a Step field. Instead, we may have an Asset and a Step field,
-where the asset field would be associated with an asset in ShotGrid.
+where the asset field would be associated with an asset in Flow Production Tracking.
 
 Template
 =========================================
@@ -383,16 +390,6 @@ The following exceptions are raised by the Toolkit Core API classes:
     :inherited-members:
     :members:
 
-.. autoclass:: TankFileDoesNotExistError
-    :show-inheritance:
-    :inherited-members:
-    :members:
-
-.. autoclass:: TankInvalidInterpreterLocationError
-    :show-inheritance:
-    :inherited-members:
-    :members:
-
 .. autoclass:: TankInvalidCoreLocationError
     :show-inheritance:
     :inherited-members:
@@ -402,8 +399,3 @@ The following exceptions are raised by the Toolkit Core API classes:
     :show-inheritance:
     :inherited-members:
     :members:
-
-.. autoclass:: TankUnreadableFileError
-    :show-inheritance:
-    :inherited-members:
-    :members: