Conversation
Add a shared UserID identifier type under common/identifier/ and introduce ResolveUserIDByAccessKey on the auth service so any handler/service can resolve an access_key to its owning user_uuid without depending on the keypairs table directly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
comp:manager
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a typed UserID identifier and adds a new auth service action to resolve a keypair owner’s user UUID from an access key, so callers can avoid depending on the keypairs table directly.
Changes:
- Added
UserID = NewType("UserID", UUID)underai.backend.common.identifier.user. - Implemented
ResolveUserIDByAccessKeyAction+ result type and wired it intoAuthService/AuthProcessors. - Added repository + DB source methods to fetch the owning user UUID for a given access key and raise
AccessKeyNotFoundwhen missing.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/ai/backend/manager/services/auth/service.py | Adds resolve_user_id_by_access_key() service method backed by the auth repository. |
| src/ai/backend/manager/services/auth/processors.py | Registers the new action processor and adds it to supported_actions(). |
| src/ai/backend/manager/services/auth/actions/resolve_user_id_by_access_key.py | Defines the new action + result dataclasses. |
| src/ai/backend/manager/repositories/auth/repository.py | Adds repository method get_user_id_by_access_key(). |
| src/ai/backend/manager/repositories/auth/db_source/db_source.py | Adds DB query to resolve keypairs.user by access_key and raises AccessKeyNotFound. |
| src/ai/backend/common/identifier/user.py | Introduces UserID NewType for typed UUID discrimination. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jopemachine
reviewed
May 18, 2026
Tighten the resolve-user-id-by-access-key chain so the repository and db_source both accept AccessKey instead of plain str (matching the action field), drop the redundant UUID(str(row)) re-parse on the GUID-mapped keypairs.user column, and add success / not-found unit coverage on AuthRepository. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jopemachine
reviewed
May 18, 2026
| return row.domain_name, row.role | ||
|
|
||
| @auth_db_source_resilience.apply() | ||
| async def fetch_user_id_by_access_key(self, access_key: AccessKey) -> UserID: |
Member
There was a problem hiding this comment.
Just a question, is there a reason this file uses the Core API and a direct connection instead of the ORM and db_session?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
UserID = NewType("UserID", UUID)undercommon/identifier/user.pyso handler/service signatures can carry the keypair owner's UUID with static-type discrimination (mirrors the existingcommon/identifier/vfolder.pypattern).ResolveUserIDByAccessKeyActionon the auth service plus a backingget_user_id_by_access_keyin the auth repository / db_source (selectskeypairs.c.user, raisesAccessKeyNotFoundwhen missing) so any handler or service can resolve an access_key to its owning user_uuid without depending on the keypairs table directly.AuthProcessorsand add the spec tosupported_actions(). Pure additive — no existing call site is modified.Test plan
pants fmt fix lint checkon the touched files (passes locally)Resolves BA-6063