🔧 Refactor database engine usage to utilize AsyncEngine for improved async support

pcrespov · pcrespov · commit cbad063d0646 · 2025-06-05T14:06:34.000+02:00
diff --git a/services/web/server/src/simcore_service_webserver/security/_authz_db.py b/services/web/server/src/simcore_service_webserver/security/_authz_db.py
@@ -2,15 +2,14 @@
 from typing import TypedDict
 
 import sqlalchemy as sa
-from aiopg.sa import Engine
-from aiopg.sa.result import ResultProxy
 from models_library.basic_types import IdInt
 from models_library.products import ProductName
 from models_library.users import UserID
 from pydantic import TypeAdapter
 from simcore_postgres_database.models.groups import user_to_groups
 from simcore_postgres_database.models.products import products
 from simcore_postgres_database.models.users import UserRole
+from sqlalchemy.ext.asyncio import AsyncEngine
 
 from ..db.models import UserStatus, users
 
@@ -22,33 +21,38 @@ class AuthInfoDict(TypedDict, total=True):
     role: UserRole
 
 
-async def get_active_user_or_none(engine: Engine, email: str) -> AuthInfoDict | None:
+async def get_active_user_or_none(
+    engine: AsyncEngine, *, email: str
+) -> AuthInfoDict | None:
     """Gets a user with email if ACTIVE othewise return None
 
     Raises:
-        DatabaseError: unexpected errors found in https://github.com/ITISFoundation/osparc-simcore/issues/880 and https://github.com/ITISFoundation/osparc-simcore/pull/1160
+        DatabaseError: unexpected errors found in
+        https://github.com/ITISFoundation/osparc-simcore/issues/880 and
+        https://github.com/ITISFoundation/osparc-simcore/pull/1160
     """
-    async with engine.acquire() as conn:
-        result: ResultProxy = await conn.execute(
+    async with engine.connect() as conn:
+        result = await conn.execute(
             sa.select(users.c.id, users.c.role).where(
                 (users.c.email == email) & (users.c.status == UserStatus.ACTIVE)
             )
         )
-        row = await result.fetchone()
-        assert (
-            row is None or TypeAdapter(IdInt).validate_python(row.id) is not None   # nosec
+        row = result.one_or_none()
+
+        assert (  # nosec
+            row is None or TypeAdapter(IdInt).validate_python(row.id) is not None
         )
-        assert (
-            row is None or TypeAdapter(UserRole).validate_python(row.role) is not None  # nosec
+        assert (  # nosec
+            row is None or TypeAdapter(UserRole).validate_python(row.role) is not None
         )
 
         return AuthInfoDict(id=row.id, role=row.role) if row else None
 
 
 async def is_user_in_product_name(
-    engine: Engine, user_id: UserID, product_name: ProductName
+    engine: AsyncEngine, *, user_id: UserID, product_name: ProductName
 ) -> bool:
-    async with engine.acquire() as conn:
+    async with engine.connect() as conn:
         return (
             await conn.scalar(
                 sa.select(users.c.id)
diff --git a/services/web/server/src/simcore_service_webserver/security/_authz_policy.py b/services/web/server/src/simcore_service_webserver/security/_authz_policy.py
@@ -12,9 +12,9 @@
 )
 from models_library.products import ProductName
 from models_library.users import UserID
+from servicelib.aiohttp.db_asyncpg_engine import get_async_engine
 from simcore_postgres_database.aiopg_errors import DatabaseError
 
-from ..db.plugin import get_database_engine
 from ._authz_access_model import (
     AuthContextDict,
     OptionalContext,
@@ -62,7 +62,9 @@ async def _get_auth_or_none(self, *, email: str) -> AuthInfoDict | None:
             web.HTTPServiceUnavailable: if database raises an exception
         """
         with _handle_exceptions_as_503():
-            return await get_active_user_or_none(get_database_engine(self._app), email)
+            return await get_active_user_or_none(
+                get_async_engine(self._app), email=email
+            )
 
     @cached(
         ttl=_AUTHZ_BURST_CACHE_TTL,
@@ -78,7 +80,7 @@ async def _has_access_to_product(
         """
         with _handle_exceptions_as_503():
             return await is_user_in_product_name(
-                get_database_engine(self._app), user_id, product_name
+                get_async_engine(self._app), user_id=user_id, product_name=product_name
             )
 
     @property
@@ -122,11 +124,6 @@ async def permits(
         :return: True if user has permission to execute this operation within the given context
         """
         if identity is None or permission is None:
-            _logger.debug(
-                "Invalid %s of %s. Denying access.",
-                f"{identity=}",
-                f"{permission=}",
-            )
             return False
 
         auth_info = await self._get_auth_or_none(email=identity)
