Eng 1695 skip access polling on erasure tasks (#6827)

Vagoasdf · galvana · galvana · commit ca872f4fade7 · 2025-10-24T16:42:20.000-07:00
Co-authored-by: Adrian Galvan &lt;adrian@ethyca.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -21,6 +21,10 @@ Changes can also be flagged with a GitHub label for tracking purposes. The URL o
 
 ## [Unreleased](https://github.com/ethyca/fides/compare/2.73.0..main)
 
+### Changed
+- Updated border radius on our design system theme [#6512](https://github.com/ethyca/fides/pull/6813)
+- Simplified data category selection logic in monitor field list items by replacing `user_assigned_data_categories` with unified `preferred_data_categories` field [#6817](https://github.com/ethyca/fides/pull/6817)
+
 ## [2.73.0](https://github.com/ethyca/fides/compare/2.72.3..2.73.0)
 
 ### Added
@@ -52,6 +56,7 @@ Changes can also be flagged with a GitHub label for tracking purposes. The URL o
 - Fixed incorrect positioning on "Add system" button on system inventory page when Compass was disabled [#6812](https://github.com/ethyca/fides/pull/6812)
 - Fixed missing reference value validation in SaaS requests to apply to all access requests [#6782](https://github.com/ethyca/fides/pull/6782)
 - Fixed an issue where some Special purpose vendors were displaying incorrectly in the TCF modal [#6830](https://github.com/ethyca/fides/pull/6830)
+- Added action guards on polling requests to avoid running access polling requests on erasure tasks [#6827](https://github.com/ethyca/fides/pull/6827)
 
 ### Changed
 - Switch to use `classify_params.llm_model_override` instead of `classify_params.model_override` in monitor config form [#6805](https://github.com/ethyca/fides/pull/6805)
diff --git a/src/fides/api/service/connectors/saas_connector.py b/src/fides/api/service/connectors/saas_connector.py
@@ -277,16 +277,17 @@ def retrieve_data(
 
         # Delegate async requests
         with get_db() as db:
-            if async_dsr_strategy := _get_async_dsr_strategy(
-                db, request_task, query_config, ActionType.access
-            ):
-
-                return async_dsr_strategy.async_retrieve_data(
-                    client=self.create_client(),
-                    request_task_id=request_task.id,
-                    query_config=query_config,
-                    input_data=input_data,
-                )
+            # Guard clause to ensure we only run async access requests for access requests
+            if self.guard_access_request(policy):
+                if async_dsr_strategy := _get_async_dsr_strategy(
+                    db, request_task, query_config, ActionType.access
+                ):
+                    return async_dsr_strategy.async_retrieve_data(
+                        client=self.create_client(),
+                        request_task_id=request_task.id,
+                        query_config=query_config,
+                        input_data=input_data,
+                    )
 
         rows: List[Row] = []
         for read_request in read_requests:
@@ -349,6 +350,19 @@ def retrieve_data(
         self.unset_connector_state()
         return rows
 
+    def guard_access_request(self, policy: Policy) -> bool:
+        """
+        Guard clause to ensure we only run async access requests
+        if the access request is enabled and we are in an Access Request
+        """
+        if (
+            self.configuration.enabled_actions is None
+            or ActionType.access in self.configuration.enabled_actions
+        ):
+            if policy.get_rules_for_action(ActionType.access):
+                return True
+        return False
+
     def _apply_output_template(
         self,
         param_value_maps: List[Dict[str, Any]],
@@ -773,10 +787,11 @@ def run_consent_request(
 
         else:
             # follow the basic (global opt-in/out) SaaS consent flow
-            should_opt_in, filtered_preferences = (
-                build_user_consent_and_filtered_preferences_for_service(
-                    self.configuration.system, privacy_request, session, False
-                )
+            (
+                should_opt_in,
+                filtered_preferences,
+            ) = build_user_consent_and_filtered_preferences_for_service(
+                self.configuration.system, privacy_request, session, False
             )
 
             if should_opt_in is None:
diff --git a/tests/ops/service/privacy_request/test_request_runner_service.py b/tests/ops/service/privacy_request/test_request_runner_service.py
@@ -2051,19 +2051,6 @@ def test_async_callback_erasure_request(
         )
 
         if dsr_version == "use_dsr_3_0":
-            # Access async task fired first
-            assert pr.access_tasks[1].status == ExecutionLogStatus.awaiting_processing
-            jwe_token = mock_send.call_args[0][0].headers["reply-to-token"]
-            auth_header = {"Authorization": "Bearer " + jwe_token}
-            # Post to callback URL to supply access results async
-            # This requeues task and proceeds downstream
-            response = api_client.post(
-                V1_URL_PREFIX + REQUEST_TASK_CALLBACK,
-                headers=auth_header,
-                json={"access_results": [{"id": 1, "user_id": "abcde", "state": "VA"}]},
-            )
-            assert response.status_code == 200
-
             # Erasure task is also expected async results and is now paused
             assert pr.erasure_tasks[1].status == ExecutionLogStatus.awaiting_processing
             jwe_token = mock_send.call_args[0][0].headers["reply-to-token"]
