ENG-3275: Populate client_id at write time in EventAuditService and AttachmentService

tvandort · claude · tvandort · commit 4c4670522125 · 2026-04-09T09:26:42.000-04:00
EventAuditService.create_event_audit() gains an explicit client_id kwarg
and falls back to get_client_id() from request context, mirroring the
existing user_id / get_user_id() pattern.

AttachmentService.create_and_upload() injects client_id from request
context into the data dict if the caller hasn't already set it, so API
client uploads are attributed without changing every call site.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/src/fides/service/attachment_service.py b/src/fides/service/attachment_service.py
@@ -10,6 +10,7 @@
 from loguru import logger
 from sqlalchemy.orm import Session
 
+from fides.api.request_context import get_client_id
 from fides.api.models.attachment import (
     Attachment,
     AttachmentReference,
@@ -209,6 +210,11 @@ def create_and_upload(
         """
         db = self._require_db()
 
+        # Populate client_id from request context if not already set by the caller.
+        # This covers API client actors whose user_id is None.
+        if "client_id" not in data:
+            data = {**data, "client_id": get_client_id()}
+
         # Create the attachment record using internal _create_record to avoid
         # triggering the deprecation warning on the public create() method
         attachment = Attachment._create_record(db=db, data=data, check_name=check_name)
diff --git a/src/fides/service/event_audit_service.py b/src/fides/service/event_audit_service.py
@@ -6,7 +6,7 @@
 from sqlalchemy.orm import Session
 
 from fides.api.models.event_audit import EventAudit, EventAuditStatus, EventAuditType
-from fides.api.request_context import get_user_id
+from fides.api.request_context import get_client_id, get_user_id
 
 
 class EventAuditService:
@@ -21,18 +21,22 @@ def create_event_audit(
         status: EventAuditStatus,
         *,
         user_id: Optional[str] = None,
+        client_id: Optional[str] = None,
         resource_type: Optional[str] = None,
         resource_identifier: Optional[str] = None,
         description: Optional[str] = None,
         event_details: Optional[Dict[str, Any]] = None,
     ) -> EventAudit:
         """Create a new audit event record."""
 
-        # Uses the passed in user_id or falls back to the authenticated user via get_user_id()
+        # Prefer explicit args, then fall back to request context.
+        # user_id and client_id are mutually exclusive: a request is attributed
+        # to a human user OR an API client, never both.
         data = {
             "event_type": event_type,
             "status": status,
             "user_id": user_id or get_user_id(),
+            "client_id": client_id or get_client_id(),
             "resource_type": resource_type,
             "resource_identifier": resource_identifier,
             "description": description,
