Skip to content

feat: add SQLAlchemy storage adapter#8

Merged
Maneesh-Relanto merged 1 commit intomainfrom
feat/sqlalchemy-storage-adapter
Feb 23, 2026
Merged

feat: add SQLAlchemy storage adapter#8
Maneesh-Relanto merged 1 commit intomainfrom
feat/sqlalchemy-storage-adapter

Conversation

@Maneesh-Relanto
Copy link
Owner

@Maneesh-Relanto Maneesh-Relanto commented Feb 23, 2026

Closes the critical 'BLOCKING PRODUCTION USE' gap by providing a persistent SQL-backed storage backend.

What's new

src/rbac/storage/sqlalchemy_adapter.py (new)

  • SQLAlchemyStorage class extending BaseStorage
  • Full CRUD for Users, Roles, Permissions, Resources, RoleAssignments
  • SQLAlchemy 2.x declarative ORM with 6 tables: rbac_users, rbac_roles, rbac_permissions, rbac_resources, rbac_role_permissions (M:M junction), rbac_role_assignments
  • Proper indexes on domain, email, resource_type columns
  • JSON columns for attributes/conditions/metadata (portable across DBs)
  • Soft-delete for Users, Roles, Resources (status='deleted')
  • Cascade deletes: deleting a user/role removes its assignments
  • Circular hierarchy detection for role parent updates
  • Thread-safe scoped sessions with auto commit/rollback
  • initialize() / dispose() lifecycle methods
  • Compatible connection kwargs for SQLite and pooled DBs
  • Supports: SQLite (:memory: and file), PostgreSQL, MySQL

src/rbac/storage/init.py

  • Export SQLAlchemyStorage with graceful ImportError guard (SQLAlchemy optional)

requirements.txt

  • Uncommented sqlalchemy>=2.0.0 as an active dependency
  • Left psycopg2-binary and pymysql commented (install per DB driver)

tests/test_sqlalchemy_storage.py (new)

  • 50 tests across 7 test classes using sqlite:///:memory:
  • TestLifecycle, TestUserCRUD, TestRoleCRUD, TestPermissionCRUD, TestResourceCRUD, TestRoleAssignments, TestUtility, TestPersistence
  • Persistence test uses tmp_path file DB to verify write → new instance → read
  • All 50 tests pass in < 1 second

@Maneesh-Relanto
feat: add SQLAlchemy storage adapter
3ae527f 
Closes the critical 'BLOCKING PRODUCTION USE' gap by providing a
persistent SQL-backed storage backend.

## What's new

### src/rbac/storage/sqlalchemy_adapter.py  (new)
- SQLAlchemyStorage class extending BaseStorage
- Full CRUD for Users, Roles, Permissions, Resources, RoleAssignments
- SQLAlchemy 2.x declarative ORM with 6 tables:
    rbac_users, rbac_roles, rbac_permissions, rbac_resources,
    rbac_role_permissions (M:M junction), rbac_role_assignments
- Proper indexes on domain, email, resource_type columns
- JSON columns for attributes/conditions/metadata (portable across DBs)
- Soft-delete for Users, Roles, Resources (status='deleted')
- Cascade deletes: deleting a user/role removes its assignments
- Circular hierarchy detection for role parent updates
- Thread-safe scoped sessions with auto commit/rollback
- initialize() / dispose() lifecycle methods
- Compatible connection kwargs for SQLite and pooled DBs
- Supports: SQLite (:memory: and file), PostgreSQL, MySQL

### src/rbac/storage/__init__.py
- Export SQLAlchemyStorage with graceful ImportError guard (SQLAlchemy optional)

### requirements.txt
- Uncommented sqlalchemy>=2.0.0 as an active dependency
- Left psycopg2-binary and pymysql commented (install per DB driver)

### tests/test_sqlalchemy_storage.py  (new)
- 50 tests across 7 test classes using sqlite:///:memory:
- TestLifecycle, TestUserCRUD, TestRoleCRUD, TestPermissionCRUD,
  TestResourceCRUD, TestRoleAssignments, TestUtility, TestPersistence
- Persistence test uses tmp_path file DB to verify write → new instance → read
- All 50 tests pass in < 1 second
@Maneesh-Relanto Maneesh-Relanto merged commit 94dc8e6 into main Feb 23, 2026
4 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Maneesh-Relanto