[ENG-740] 2/6 - DSR cache storage

[johnewart]

Ticket ENG-2758

Description Of Changes

Adds a DSR cache store on top of the indexing RedisCacheManager that has well-known operations to avoid "arbitrary" key names and ensures consistency. Does not integrate the new store with any APIs or other code, this is just the DSR cache itself.

Code Changes

• Adds a DSR cache store, does not integrate it yet

Steps to Confirm

No manual steps, has tests.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Mar 19, 2026 8:48pm
fides-privacy-center	Ignored		Mar 19, 2026 8:48pm

[greptile-apps]

Greptile Summary

Introduces a DSR cache store on top of the RedisCacheManager with standardized key naming (dsr:{id}:{part}) and lazy migration from legacy key formats. The store provides type-specific convenience methods for DSR-related cache operations and maintains an index for efficient listing and clearing.

Key changes:

• New DSRCacheStore class with convenience methods for identity, custom fields, encryption, DRP, masking secrets, async execution, and retry count
• KeyMapper utility to map between legacy and new key formats for backward compatibility
• Comprehensive test coverage including in-memory implementations and migration scenarios
• Test fixtures to prevent full app/DB startup for cache-only tests

Confidence Score: 3/5

• Safe to merge with minor documentation fix needed
• The implementation is solid with comprehensive tests and clear migration strategy. However, the documentation references a non-existent function, and the SCAN pattern usage could potentially match unintended keys (though this is noted in previous review threads).
• Pay attention to src/fides/common/cache/__init__.py (fix documentation) and src/fides/common/cache/dsr_store.py (SCAN pattern already flagged in previous threads)

Important Files Changed

Filename	Overview
src/fides/common/cache/init.py	Added DSRCacheStore and DSR_KEY_PREFIX to exports, but the documented example function get_dsr_cache_store() doesn't exist
src/fides/common/cache/dsr_store.py	New DSR cache store with lazy migration support; SCAN pattern *{dsr_id}* in get_all_keys() and clear() could match unintended keys
src/fides/common/cache/key_mapping.py	Maps legacy Redis key patterns to new DSR store format; clean implementation with clear documentation

_{Last reviewed commit: 48c0bb7}

[greptile-apps]

_{7 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

SCAN pattern *{dsr_id}* could match unintended keys. If a DSR ID like "abc" exists, keys containing "abc" anywhere (e.g., dsr:xyz-abc-123:field or some-other-key-abc) will be matched. Use anchored pattern like dsr:{dsr_id}:* for new keys, and handle legacy separately if needed.

[johnewart]

This is by design to keep consistency with the existing way keys are globbed by the DSR clearing and not break existing data that may be in Redis until everything moves over to the new index method

[greptile-apps]

Same SCAN pattern issue here. *{dsr_id}* could delete unrelated keys that happen to contain the DSR ID substring. Use dsr:{dsr_id}:* for new keys and handle legacy keys with separate patterns.

[johnewart]

Same here.

[greptile-apps]

Additional Comments (1)

tests/common/cache/test_dsr_store.py
Variable s should use a more descriptive name

    def remove_key_from_index(self, index_prefix: str, key: str) -> None:
        index_set = self._index.get(index_prefix)
        if index_set is not None:
            index_set.discard(key)

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[JadeCara]

These don't seem to be used (yet) - do we need them imported here?

[JadeCara]

Overall looks good! I am excited for this change :)

[greptile-apps]

_{7 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 0% with 168 lines in your changes missing coverage. Please review.
✅ Project coverage is 84.28%. Comparing base (b1a43cc) to head (48c0bb7).
⚠️ Report is 7 commits behind head on johnewart/ENG-740/0-redis-cache-manager.

Files with missing lines	Patch %	Lines
src/fides/common/cache/dsr_store.py	0.00%	90 Missing ⚠️
src/fides/common/cache/key_mapping.py	0.00%	74 Missing ⚠️
src/fides/common/cache/__init__.py	0.00%	4 Missing ⚠️

❌ Your patch check has failed because the patch coverage (0.00%) is below the target coverage (100.00%). You can increase the patch coverage or adjust the target coverage.
❌ Your project check has failed because the head coverage (84.28%) is below the target coverage (85.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                             Coverage Diff                             @@
##           johnewart/ENG-740/0-redis-cache-manager    #7463      +/-   ##
===========================================================================
- Coverage                                    85.53%   84.28%   -1.25%     
===========================================================================
  Files                                          564      564              
  Lines                                        37812    37910      +98     
  Branches                                      4399     4403       +4     
===========================================================================
- Hits                                         32341    31951     -390     
- Misses                                        4479     4956     +477     
- Partials                                       992     1003      +11     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.