Preserve dnd custom endpoints

[Linker44]

Ticket ENG-1825

Description Of Changes

Promoted staged resources for SaaS integrations DnD was overwritten whenever an integration update was available.
We now preserve those changes.

Code Changes

• added logic for preserving dnd custom endpoints on SaaS Configs.

Steps to Confirm

1. Set up a salesforce integration through the integrations tab
2. Set up a monitor
3. go to the action center and promote fields for the Trip endpoint.
4. verify through swagger or DBM that Trip is now part of the saas config and dataset of the connection.
5. bump the version of the salesforce integration on the codebase.
6. once the server restarts verify that Trip remains on the configs.

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Add a high-risk This issue suggests changes that have a high-probability of breaking existing code label to the entry if your change includes a high-risk change (i.e. potential for performance impact or unexpected regression) that should be flagged
  • Updates unreleased work already in Changelog, no new entry necessary
• UX feedback:
  • All UX related changes have been reviewed by a designer
  • No UX review needed
• Followup issues:
  • Followup issues created
  • No followup issues
• Database migrations:
  • Ensure that your downrev is up to date with the latest revision on main
  • Ensure that your downgrade() migration is correct and works
    • If a downgrade migration is not possible for this change, please call this out in the PR description!
  • No migrations
• Documentation:
  • Documentation complete, PR opened in fidesdocs
  • Documentation issue created in fidesdocs
  • If there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • No documentation updates required

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	Dec 19, 2025 3:15pm

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
fides-privacy-center	Ignored		Dec 19, 2025 3:15pm

[greptile-apps]

Greptile Overview

Greptile Summary

This PR successfully implements preservation of promoted/monitored DnD (Data and Discovery) custom endpoints during SaaS integration updates. Previously, when an integration update was available, any custom endpoints that had been promoted from monitoring would be overwritten and lost.

Key Changes:

• Added get_endpoint_resources() to retrieve monitored endpoint resources from the database
• Added merge_saas_config_with_monitored_resources() to preserve custom endpoints in SaaS configs during updates
• Added preserve_monitored_collections_in_dataset_merge() to preserve corresponding dataset collections
• Modified update_saas_instance() and upsert_dataset_config_from_template() to use the new merge logic

Technical Approach:
The solution correctly identifies monitored endpoints by querying StagedResource records with resource_type == "Endpoint", then preserves these endpoints from the existing config when they don't exist in the new template. The implementation properly handles the order of operations: preserved collections are merged into the upcoming dataset before the final dataset merge occurs.

Test Coverage:
Comprehensive tests cover normal flows, edge cases (wrong-case resource types, empty states), and verify that only monitored resources are preserved while non-monitored custom resources are correctly discarded.

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• The implementation is well-designed with proper separation of concerns, comprehensive test coverage including edge cases, and correct integration into the existing codebase. The logic correctly preserves monitored resources while allowing template updates to take precedence for non-monitored resources.
• No files require special attention

Important Files Changed

File Analysis

Filename	Score	Overview
src/fides/service/connection/merge_configs_util.py	4/5	Adds three new functions to preserve monitored endpoints and collections during SaaS config updates. Logic is sound and well-tested.
src/fides/service/connection/connection_service.py	5/5	Integrates the new merge logic into SaaS instance update workflow. Implementation correctly preserves monitored resources during updates.
tests/service/connection/test_merge_configs_util.py	5/5	Comprehensive test coverage for new merge functions with proper edge cases including wrong-case resource types and empty states.

[greptile-apps]

_{2 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[codecov]

Codecov Report

❌ Patch coverage is 89.13043% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 87.17%. Comparing base (902f86b) to head (34c7ed4).

Files with missing lines	Patch %	Lines
src/fides/service/connection/merge_configs_util.py	91.89%	1 Missing and 2 partials ⚠️
src/fides/service/connection/connection_service.py	77.77%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #7121   +/-   ##
=======================================
  Coverage   87.17%   87.17%           
=======================================
  Files         534      534           
  Lines       35312    35355   +43     
  Branches     4113     4122    +9     
=======================================
+ Hits        30783    30821   +38     
- Misses       3638     3640    +2     
- Partials      891      894    +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Linker44]

@greptileai

[greptile-apps]

_{3 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

_{3 files reviewed, 7 comments}

_{Edit Code Review Agent Settings | Greptile}

[Linker44]

@greptileai

[greptile-apps]

_{3 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[galvana]

I think it's possible for a StagedResource to exist but not have it be "accepted" by the user. In this case, we wouldn't want to treat it as an endpoint to preserve. You'll have to verify this, or if this is the correct state once the endpoint/staged resource has been promoted.

Suggested change

	endpoint_resources = StagedResource.filter(
	db=db,
	conditions=(
	(StagedResource.monitor_config_id.in_(monitor_config_ids))
	& (StagedResource.resource_type == "Endpoint")
	),
	).all()
	endpoint_resources = StagedResource.filter(
	db=db,
	conditions=(
	(StagedResource.monitor_config_id.in_(monitor_config_ids))
	& (StagedResource.resource_type == "Endpoint")
	& (StagedResource.diff_status == DiffStatus.MONITORED.value)
	),
	).all()