Skip to content

feat: Infer tenant/provider ID from user's org membership#217

Draft
parmani-nv wants to merge 1 commit intoNVIDIA:mainfrom
parmani-nv:feat/infer_tenant_provider_id
Draft

feat: Infer tenant/provider ID from user's org membership#217
parmani-nv wants to merge 1 commit intoNVIDIA:mainfrom
parmani-nv:feat/infer_tenant_provider_id

Conversation

@parmani-nv
Copy link
Contributor

@parmani-nv parmani-nv commented Mar 9, 2026

Description

Removes the need for callers to pass explicit infrastructureProviderId and tenantId query parameters on Allocation and InstanceType read endpoints by inferring the caller's provider/tenant identity directly from their org membership, aligning these handlers with the pattern already established by the IPBlock and Site handlers.

Allocation (GetAll / GetByID)

  • Replaced the manual provider/tenant query-param validation block with IsProviderOrTenant.
  • GetAll now uses the dual-query-merge pattern (mapset union): results from the provider perspective and the tenant perspective are merged, so dual-role users receive a combined view in a single call.
  • infrastructureProviderId is fully deprecated. tenantId is demoted to an optional provider-side filter (ignored when the caller only has the Tenant role).

InstanceType (GetAll / GetByID)

  • Migrated from GetIsProviderRequest (which required a disambiguation query param for dual-role users) to IsProviderOrTenant with the same dual-query-merge pattern.
  • infrastructureProviderId and tenantId query params are deprecated.

Instance / InstanceBatch Create

  • tenantId in the request body is now optional; when omitted, the tenant is inferred from the caller's org membership.
  • ValidateOrgMembership calls removed (already performed inside IsProviderOrTenant / GetTenantForOrg).

Swagger / OpenAPI fixes

  • Corrected siteId annotation on the Allocation and InstanceType endpoints from required: true to required: false, matching actual runtime behaviour (the field was never enforced as required in code).

Tests

  • Updated allocation and instancetype test suites to exercise inferred-ID paths and remove now-invalid required-param scenarios.

Type of Change

  • Feature - New feature or functionality (feat:)

Services Affected

  • API - API models or endpoints updated

Related Issues (Optional)

Breaking Changes

  • This PR contains breaking changes

What changes:
The infrastructureProviderId and tenantId query parameters on GET /allocation and GET /instance-type (list and by-ID) are now deprecated and no longer required. Clients that currently pass them will not break — provider-side tenantId still works as a filter — but the enforcement that at least one must be present is removed. Any integration test or client that asserted a 400 response when those params were absent will need to be updated.

The tenantId field in the POST /instance and POST /instance/batch request body is now optional. Existing callers that supply it continue to work; the value is cross-validated against the org's inferred tenant.

@parmani-nv
feat: Infer tenant/provider ID from user's org membership
aaeafbc 
Replace explicit infrastructureProviderId and tenantId query parameters
with automatic inference via the IsProviderOrTenant helper, aligning
allocation and instancetype handlers with the pattern established by
ipblock and site handlers.
- Allocation GetAll/GetByID: replace manual provider/tenant validation
  with IsProviderOrTenant and dual-query-merge pattern using mapset
- InstanceType GetAll/GetByID: same pattern migration from
  GetIsProviderRequest to IsProviderOrTenant
- Instance/InstanceBatch create: infer TenantID from org when not
  provided in request body
- Make TenantID optional in instance create request validation
- Remove redundant ValidateOrgMembership calls (already performed
  inside IsProviderOrTenant)
- Deprecate explicit infrastructureProviderId and tenantId query params
- Fix siteId swagger annotation: marked as required (true) but code
  never enforced it — changed to optional (false) to match actual
  behavior, consistent with ipblock handler
- Update tests to reflect inferred ID behavior

Signed-off-by: Parham Armani <parmani@nvidia.com>
@copy-pr-bot
Copy link

copy-pr-bot bot commented Mar 9, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

@parmani-nv parmani-nv marked this pull request as draft March 9, 2026 20:29
hwadekar-nv
hwadekar-nv reviewed Mar 9, 2026
View reviewed changes
api/pkg/api/handler/allocation.go

// Create response
var filterTenantIDs []uuid.UUID
if provider != nil {
Copy link
Contributor

@hwadekar-nv hwadekar-nv Mar 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't be here 'tenant' instead provider?

@thossain-nv
Copy link
Contributor

thossain-nv commented Mar 11, 2026

@parmani-nv Can we move this out of draft? Any implementation missing or is it ready to review?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hwadekar-nv hwadekar-nv hwadekar-nv left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@parmani-nv @thossain-nv @hwadekar-nv