Skip to content

feat(BA-4361): Add entity graph and scope-entity type converters #8739

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
fregataa wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat(BA-4361): Add entity graph and scope-entity type converters #8739

fregataa wants to merge 2 commits into from
+557 −1

Conversation

@fregataa
Copy link
Member

@fregataa fregataa commented Feb 10, 2026

resolves #8738 (BA-4361)

Summary

  • Add ENTITY_GRAPH dict with exhaustive match/case over all EntityType values
  • Add get_relation_type() helper for parent-child edge lookup
  • Add scope_type_to_entity_type() / entity_type_to_scope_type() converters
  • Add InvalidTypeConversionError exception
  • Add SCOPE_TO_ENTITY_MAP / ENTITY_TO_SCOPE_MAP constants
  • Add missing EntityType values (STORAGE_HOST, KEYPAIR, NETWORK, KERNEL_SCHEDULING_HISTORY, DEPLOYMENT_AUTO_SCALING_POLICY, VFOLDER_PERMISSION, USER_ROLE)

@fregataa @claude
feat(BA-4361): Add entity graph and scope-entity type converters
6e2ab9e 
Add ENTITY_GRAPH, get_relation_type, scope_type_to_entity_type/entity_type_to_scope_type
converters with InvalidTypeConversionError. Add missing EntityType values and scope/entity maps.

Co-Authored-By: Claude Opus 4.6 <[email protected]>
@fregataa fregataa added this to the 26.2 milestone Feb 10, 2026
@fregataa fregataa self-assigned this Feb 10, 2026
Copilot AI review requested due to automatic review settings February 10, 2026 15:02
@github-actions github-actions bot added size:XL 500~ LoC comp:manager Related to Manager component comp:common Related to Common component labels Feb 10, 2026
Copilot AI reviewed Feb 10, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds shared permission-type utilities to support RBAC entity relationships and conversions between ScopeType and EntityType, along with corresponding unit tests.

Changes:

  • Introduces an ENTITY_GRAPH describing parent→child entity edges and a get_relation_type() helper.
  • Adds scope_type_to_entity_type() / entity_type_to_scope_type() converters plus InvalidTypeConversionError.
  • Expands EntityType with several missing values and re-exports new APIs through manager permission types; adds unit tests.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

File Description
tests/unit/manager/rbac/test_permission_types.py Adds tests for ENTITY_GRAPH, relation lookup helper, and scope/entity converters.
src/ai/backend/manager/data/permission/types.py Re-exports new common permission graph/mapping utilities for manager-side imports.
src/ai/backend/common/data/permission/types.py Implements entity graph, relation lookup helper, scope/entity converters, and adds new EntityType values.
src/ai/backend/common/data/permission/exceptions.py Adds InvalidTypeConversionError exception type.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/ai/backend/common/data/permission/types.py
Comment on lines +332 to +337
def _get_entity_children(parent: EntityType) -> dict[EntityType, RelationType]:
"""Return the children of a parent entity type with their relation types.

Every EntityType value must have an explicit case to ensure exhaustive coverage.
"""
match parent:
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_get_entity_children() is annotated to always return dict[...], but the match statement has no default (case _) branch. If a new EntityType is added and not handled here, Python will return None, and ENTITY_GRAPH will silently contain an invalid value until a later TypeError. Add an explicit default case that raises (e.g., AssertionError/NotImplementedError) to fail fast and preserve the intended exhaustiveness guarantee.

Copilot uses AI. Check for mistakes.
src/ai/backend/common/data/permission/types.py
Comment on lines +666 to +673
def scope_type_to_entity_type(scope_type: ScopeType) -> EntityType:
"""Convert a ScopeType to its corresponding EntityType.

Raises InvalidTypeConversionError for ScopeType.GLOBAL which has no entity mapping.
"""
match scope_type:
case ScopeType.GLOBAL:
raise InvalidTypeConversionError("ScopeType.GLOBAL has no corresponding EntityType")
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scope_type_to_entity_type() uses match without a default branch. If a new ScopeType is added and not mapped, this function will implicitly return None, which then propagates into SCOPE_TO_ENTITY_MAP during module import. Add a case _ branch that raises InvalidTypeConversionError (or a dedicated exception) so unmapped scope types fail fast with a clear message.

Copilot uses AI. Check for mistakes.
tests/unit/manager/rbac/test_permission_types.py
Comment on lines +199 to +204
def test_every_edge_has_distinct_parent_and_child(self) -> None:
for parent, children in ENTITY_GRAPH.items():
for child in children:
assert parent != child, f"Self-referencing edge: {parent}"


Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

test_no_self_referencing_edges and test_every_edge_has_distinct_parent_and_child assert the same condition (parent != child). Consider removing one to avoid redundant coverage and keep the test suite lean.

Suggested change
def test_every_edge_has_distinct_parent_and_child(self) -> None:
for parent, children in ENTITY_GRAPH.items():
for child in children:
assert parent != child, f"Self-referencing edge: {parent}"

Copilot uses AI. Check for mistakes.
src/ai/backend/common/data/permission/types.py
APP_CONFIG_USER = "app_config:user"
# Session sub
SESSION_KERNEL = "session:kernel"
KERNEL_SCHEDULING_HISTORY = "session:kernel:scheduling_history"
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EntityType values are persisted in RBAC tables using StrEnumType(EntityType, length=32) (e.g., association_scopes_entities / object_permissions). The new value "session:kernel:scheduling_history" is 33 chars long, which will overflow the DB column size and can cause truncation or DB errors when stored. Either shorten this enum value to fit within 32 chars, or widen the related DB columns + alembic migrations and update the StrEnumType(..., length=...) usages accordingly.

Suggested change
KERNEL_SCHEDULING_HISTORY = "session:kernel:scheduling_history"
KERNEL_SCHEDULING_HISTORY = "session:kernel:sched_history"

Copilot uses AI. Check for mistakes.
@fregataa fregataa marked this pull request as draft February 10, 2026 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@fregataa fregataa

Labels

comp:common Related to Common component comp:manager Related to Manager component size:XL 500~ LoC

Projects

None yet

Milestone

26.2

Development

Successfully merging this pull request may close these issues.

Remove role_manager and update db/repository functions for new RBAC schema

1 participant

@fregataa