Skip to content

ENG-2149: basic DB support for monitor stewards #7131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
adamsachs merged 15 commits into from
Dec 23, 2025
Merged

ENG-2149: basic DB support for monitor stewards #7131

adamsachs merged 15 commits into from
Dec 23, 2025

Conversation

@adamsachs
Copy link
Contributor

@adamsachs adamsachs commented Dec 16, 2025
edited
Loading

Ticket ENG-2149

Description Of Changes

Initial DB model support for monitor stewards: join table for many-to-many relationship between users and monitors.

Steps to Confirm

  1. test with associated fidesplus branch: https://github.com/ethyca/fidesplus/pull/2927

Pre-Merge Checklist

  • Issue requirements met
  • All CI pipelines succeeded
  • CHANGELOG.md updated
    • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
    • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
    • Updates unreleased work already in Changelog, no new entry necessary
  • UX feedback:
    • All UX related changes have been reviewed by a designer
    • No UX review needed
  • Followup issues:
    • Followup issues created
    • No followup issues
  • Database migrations:
    • Ensure that your downrev is up to date with the latest revision on main
    • Ensure that your downgrade() migration is correct and works
      • If a downgrade migration is not possible for this change, please call this out in the PR description!
    • No migrations
  • Documentation:
    • Documentation complete, PR opened in fidesdocs
    • Documentation issue created in fidesdocs
    • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
    • No documentation updates required

@vercel
Copy link

vercel bot commented Dec 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Review Updated (UTC)
fides-plus-nightly Ignored Ignored Preview Dec 23, 2025 10:56am
fides-privacy-center Ignored Ignored Dec 23, 2025 10:56am

@codecov
Copy link

codecov bot commented Dec 16, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.17%. Comparing base (95efd69) to head (59cd7f0).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7131   +/-   ##
=======================================
  Coverage   87.17%   87.17%           
=======================================
  Files         534      535    +1     
  Lines       35312    35325   +13     
  Branches     4113     4113           
=======================================
+ Hits        30783    30796   +13     
  Misses       3638     3638           
  Partials      891      891

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

adamsachs
adamsachs commented Dec 18, 2025
View reviewed changes
Copy link
Contributor Author

@adamsachs adamsachs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quick self review:

src/fides/api/oauth/utils.py
return set(endpoint_scopes.scopes).issubset(user_scopes)


def roles_have_scopes(roles: List[str], required_scopes: Iterable[str]) -> bool:
Copy link
Contributor Author

@adamsachs adamsachs Dec 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a simple abstraction for some scope/role checks, used in the fidesplus branch.

i wanted to leverage this same helper in other utility methods already in this module, to make the code DRYer, but it doesn't quite work, because the helpers here generally take the scopes directly from the endpoint as SecurityScopes

@adamsachs adamsachs marked this pull request as ready for review December 18, 2025 16:48
@adamsachs adamsachs requested a review from a team as a code owner December 18, 2025 16:48
@adamsachs adamsachs requested review from JadeCara and vcruces and removed request for a team and JadeCara December 18, 2025 16:48
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Dec 18, 2025
edited
Loading

Greptile Summary

  • Adds database model support for monitor stewards feature with a new many-to-many join table linking users to monitor configurations
  • Implements proper foreign key relationships and unique constraints to prevent duplicate steward assignments
  • Includes comprehensive test coverage for the new roles_have_scopes utility function used for authorization validation

Important Files Changed

Filename Overview
src/fides/api/alembic/migrations/versions/xx_2025_12_18_1400_b9c8e7f6d5a4_add_monitor_steward_table.py New migration creates monitorsteward join table but uses mixed design with both separate ID primary key and unique constraint on foreign key pair
src/fides/api/models/detection_discovery/monitor_steward.py New join table model with proper unique constraint preventing duplicate user-monitor assignments
src/fides/api/models/detection_discovery/core.py Added many-to-many relationship from MonitorConfig to FidesUser via stewards property using secondary table

Confidence score: 4/5

  • This PR is generally safe to merge but requires attention to database migration design consistency
  • Score reflects solid implementation with proper constraints and relationships, but migration design doesn't follow existing SystemManager pattern which uses composite primary keys rather than separate ID fields
  • Pay close attention to the migration file design and consider aligning with existing join table patterns in the codebase

PR Description Notes:

  • Missing required db-migration label in changelog entry despite including database migration

greptile-apps[bot]
greptile-apps bot reviewed Dec 18, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

9 files reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

@adamsachs
Copy link
Contributor Author

adamsachs commented Dec 19, 2025

@greptile

adamsachs
adamsachs commented Dec 19, 2025
View reviewed changes
...api/alembic/migrations/versions/xx_2025_12_23_1400_b9c8e7f6d5a4_add_monitor_steward_table.py
sa.ForeignKeyConstraint(["user_id"], ["fidesuser.id"], ondelete="CASCADE"),
sa.PrimaryKeyConstraint("id"),
sa.UniqueConstraint(
"user_id", "monitor_config_id", name="uq_monitorsteward_user_monitor"
Copy link
Contributor Author

@adamsachs adamsachs Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

decided to add this to enforce uniqueness, i.e. at the moment we'll only support a single link between users and monitors. i got worried about accidental duplicates and the complexity to support multiple types of joins was not worth it for this first increment - we only need a single join, and it shouldn't be hard to remove constraints as we go forward (the opposite is not true - harder to add constraints then remove them!)

greptile-apps[bot]
greptile-apps bot reviewed Dec 19, 2025
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

9 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

vcruces
vcruces approved these changes Dec 19, 2025
View reviewed changes
Copy link
Contributor

@vcruces vcruces left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work! I tested adding, removing, and fetching monitor stewards. I also tested filtering by steward in /aggregate-results, and everything worked as expected. The migration applied and rolled back cleanly

@adamsachs adamsachs added this pull request to the merge queue Dec 23, 2025
Merged via the queue into main with commit cfbf98a Dec 23, 2025
70 checks passed
@adamsachs adamsachs deleted the asachs/ENG-2149 branch December 23, 2025 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vcruces vcruces vcruces approved these changes

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@adamsachs @vcruces