Skip to content

feat(sdk): add ergonomic Resource constructors for authorization#3337

Merged
marythought merged 2 commits intomainfrom
DSPX-2816-resource-constructors
Apr 21, 2026
Merged

feat(sdk): add ergonomic Resource constructors for authorization#3337
marythought merged 2 commits intomainfrom
DSPX-2816-resource-constructors

Conversation

@marythought
Copy link
Copy Markdown
Contributor

@marythought marythought commented Apr 20, 2026
edited
Loading

Summary

  • Add ForAttributeValues(fqns ...string) and ForRegisteredResourceValueFqn(fqn string) helpers to the authorization v2 package
  • Follows the same codegen pattern as the existing EntityIdentifier helpers (ForEmail, ForClientID, etc.)
  • Reduces verbose nested protobuf construction to single-line calls

Before:

&authorizationv2.Resource{
    Resource: &authorizationv2.Resource_AttributeValues_{
        AttributeValues: &authorizationv2.Resource_AttributeValues{
            Fqns: []string{"https://example.com/attr/department/value/finance"},
        },
    },
}

After:

authorizationv2.ForAttributeValues("https://example.com/attr/department/value/finance")

Example — GetDecision authorization call:

import (
    authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2"
    "github.com/opentdf/platform/protocol/go/policy"
)

decisionReq := &authorizationv2.GetDecisionRequest{
    EntityIdentifier: authorizationv2.ForEmail("user@company.com"),
    Action: &policy.Action{Name: "decrypt"},
    Resource: authorizationv2.ForAttributeValues(
        "https://company.com/attr/clearance/value/confidential",
        "https://company.com/attr/department/value/finance",
    ),
}

decision, err := client.AuthorizationV2.GetDecision(ctx, decisionReq)

Test plan

  • Unit tests for both ForAttributeValues (single, multiple, zero FQNs) and ForRegisteredResourceValueFqn (valid + empty string)
  • All existing entity identifier tests still pass
  • Codegen produces correct resource.gen.go
  • golangci-lint passes with 0 issues
  • CI checks pass

🤖 Generated with Claude Code

@marythought @claude
feat(sdk): add ergonomic Resource constructors for authorization
af94126 
Add ForAttributeValues and ForRegisteredResourceValueFqn helpers to
reduce boilerplate when building Resource objects for authorization calls.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
@marythought marythought requested review from a team as code owners April 20, 2026 23:17
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Apr 20, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 20, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Adds two new helper constructor functions (ForAttributeValues and ForRegisteredResourceValueFqn) for the authorization v2 Resource type across generated and internal Go files, along with corresponding unit tests covering both constructors and their produced resource behaviors.

Changes

Cohort / File(s) Summary
Generated Helper Constructors
protocol/go/authorization/v2/resource.gen.go		 Added two exported helper constructor functions that return *Resource instances with AttributeValues and RegisteredResourceValueFqn oneof fields respectively.
Implementation
protocol/go/internal/authorization/v2/resource.go		 Implemented the two helper functions that construct authorizationv2.Resource messages by populating the appropriate oneof fields from variadic or single string arguments.
Unit Tests
protocol/go/internal/authorization/v2/resource_test.go		 Added comprehensive test coverage for both constructors, verifying resource type variants via assertions and validating that embedded field values match provided inputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Suggested labels

comp:sdk, size/s

Suggested reviewers

  • dmihalcik-virtru
  • pflynn-virtru

Poem

🐰 A hop and a bound through constructors so neat,
Resource creation, now simple and sweet,
AttributeValues dance, FQNs take flight,
Helper functions craft what's perfectly right!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title 'feat(sdk): add ergonomic Resource constructors for authorization' directly and specifically describes the main change: adding helper constructors for creating Resource objects with improved ergonomics.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch DSPX-2816-resource-constructors

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 155.447966ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 80.308086ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 402.026519ms
Throughput 248.74 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.576701543s
Average Latency 414.236317ms
Throughput 120.26 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 20, 2026

X-Test Results

✅ go-pull-3337
✅ go-v0.9.0
✅ java-pull-3337
✅ java-v0.9.0
✅ js-pull-3337
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
opentdfplatform5TW9WA.dockerbuild
govulncheck-failure-7
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-4

@marythought @claude
chore(sdk): add zero-args test for ForAttributeValues
b5fa102 
Document the behavior of ForAttributeValues() called with no
arguments, which produces a Resource with a nil FQN slice.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 186.472136ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 99.596742ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 393.03219ms
Throughput 254.43 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 43.49941198s
Average Latency 433.296102ms
Throughput 114.94 requests/second

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • otdfctl
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026

X-Test Results

✅ go-pull-3337
✅ java-pull-3337
✅ go-v0.9.0
✅ js-pull-3337
test-cases-mapping-report
✅ java-v0.9.0
bats-test-results
✅ js-v0.9.0
cukes-report
opentdfplatformX1NRQW.dockerbuild
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-0
govulncheck-failure-5

@marythought marythought mentioned this pull request Apr 21, 2026
Merged
3 tasks
@marythought marythought enabled auto-merge April 21, 2026 16:51
@marythought marythought added this pull request to the merge queue Apr 21, 2026
Merged via the queue into main with commit 4a786ca Apr 21, 2026
41 checks passed
@marythought marythought deleted the DSPX-2816-resource-constructors branch April 21, 2026 17:11
@opentdf-automation opentdf-automation Bot mentioned this pull request Apr 21, 2026
Merged
@marythought marythought mentioned this pull request Apr 21, 2026
Merged
4 tasks
This was referenced Apr 23, 2026
Open
Open
marythought added a commit to opentdf/docs that referenced this pull request Apr 24, 2026
@marythought @claude
chore(docs): add Resource constructor helpers and update examples (#301)
a82f860 
## Summary

- Add `### Resource` section documenting helper functions for all 3 SDKs
(`ForAttributeValues`, `ForRegisteredResourceValueFqn`)
- Add `<SdkVersion>` annotations with minimum SDK versions: Go v0.17.0,
Java v0.14.0, JS v0.15.0
- Update GetDecision examples (Go, Java, JS) to use helpers instead of
verbose proto construction
- Update Type Reference Resource section with tabbed helper examples
- Add note about `ephemeralId` not being set by helpers (relevant for
GetDecisionBulk)

Based on #303 (SdkVersion component + EntityIdentifier annotations).

**Companion PRs (SDK implementations):**
- Go: opentdf/platform#3337
- Java: opentdf/java-sdk#354
- JavaScript: opentdf/web-sdk#921

## Test plan

- [ ] `npm run build` passes
- [ ] Visual review of rendered authorization page
- [ ] CI checks pass

🤖 Generated with [Claude Code](https://claude.com/claude-code)

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Documentation**
* Enhanced authorization docs with a new Resource section describing
attribute-value and registered-resource formats, plus language-specific
helper APIs and “without helpers” manual examples.
* Updated GetDecision/GetDecisionBulk/GetEntitlements parameter docs to
link entity/resource types and note Resource helper usage.
* Rewrote multi-language GetDecision samples (Go/Java/JavaScript) to use
Resource/Entity helper constructors.
* Added Go TDFObject type reference and minor Go example ctx
initialization updates.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pflynn-virtru pflynn-virtru pflynn-virtru approved these changes

Assignees

No one assigned

Labels

size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marythought @pflynn-virtru