refactor(BA-5071): Apply RBAC Creator pattern to ImageAlias#10014
Conversation
github-actions
Bot
added
size:M
There was a problem hiding this comment.
Pull request overview
This PR refactors the image alias creation flow to use the RBAC-scoped entity creation pattern so that creating an ImageAlias also records the appropriate scope→entity association for permissioning.
Changes:
- Added
RBACElementType.IMAGE_ALIASto represent image-alias RBAC entities. - Updated image alias creation to use
RBACEntityCreator/execute_rbac_entity_creatoracross service, repository, and DB source layers. - Updated unit test assertions to validate RBAC creator metadata (element type + scope ref).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/unit/manager/services/image/test_image_service.py | Updates unit test to assert RBACEntityCreator usage and correct RBAC scope metadata. |
| src/ai/backend/manager/services/image/service.py | Switches alias-by-id service logic from Creator to RBACEntityCreator with image scope reference. |
| src/ai/backend/manager/repositories/image/repository.py | Updates repository method signature to accept RBACEntityCreator for alias creation. |
| src/ai/backend/manager/repositories/image/db_source/db_source.py | Uses execute_rbac_entity_creator when inserting image aliases, ensuring RBAC association rows are created. |
| src/ai/backend/common/data/permission/types.py | Adds IMAGE_ALIAS to RBACElementType. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # === Auto sub-entities with direct GET APIs === | ||
| IMAGE_ALIAS = "image:alias" | ||
|
|
There was a problem hiding this comment.
RBACElementType.IMAGE_ALIAS is introduced with a value containing : ("image:alias"). This makes RBACElementType values incompatible with the existing ...Id / ...Ref string serialization helpers that use val.partition(":") (e.g., RBACElementRef.from_str() / .to_str()), because round-tripping will break when the enum value itself contains :. Consider either (1) using a colon-free value for RBACElementType (while mapping to EntityType.IMAGE_ALIAS elsewhere), or (2) updating the parsing helpers to split from the right (e.g., rpartition) so element types may safely contain :.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-actions
Bot
added
size:L
- Add IMAGE_ALIAS to RBACElementType enum - Replace Creator/execute_creator with RBACEntityCreator/execute_rbac_entity_creator for ImageAlias creation in image domain - Scope association: ImageAlias → IMAGE (parent scope) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: octodog <mu001@lablup.com>
Summary
IMAGE_ALIAS = "image:alias"toRBACElementTypeenumCreator/execute_creatortoRBACEntityCreator/execute_rbac_entity_creatorin image domainTest plan
pants lintpassesResolves BA-5071
📚 Documentation preview 📚: https://sorna--10014.org.readthedocs.build/en/10014/
📚 Documentation preview 📚: https://sorna-ko--10014.org.readthedocs.build/ko/10014/