feat(policy): add sort support to listobligations api#3300
Merged
Conversation
has buf.validate as per usual and comments for docs. regen protos as well
api-level tests for no items, 1 item, and 2 items sort (pass pass fail)
fqn and name in utils
in listObligations query, remove ORDER BY replace with CASE WHEN block. FQN is assembled here. also regenerated sqlc
this is getting saved for a later PR since its inconsistent across listAPIs
12 unit tests, full coverage) in utils_test.go
wire sort params into the go DB function in /db/obligations.go
full coverage (created_at, updated_at, name, fqn. two helpers for time based and name based sorting. uses assertIDsInOrder helper across each integration test
Contributor
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces sorting capabilities to the ListObligations API, enabling clients to request ordered data based on specific fields. The changes involve updating the protocol definitions, database query logic, and service layer to handle sort parameters, while maintaining backward compatibility with existing default ordering. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Ignored Files
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. The obligations list is long, To sort them right, not wrong. With fields defined and SQL set, The best results you'll surely get. Footnotes
|
github-actions
Bot
added
comp:db
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 46 minutes and 2 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds single-field typed sorting to ListObligations end-to-end: new proto enum/message and OpenAPI schemas, validator constraint (max 1), GetObligationsSortParams helper, dynamic CASE-driven SQL ORDER BY with direction, wiring through DB call params, unit/integration tests, and docs updates. Default ordering remains created_at DESC, id ASC. Changes
Sequence Diagram(s)sequenceDiagram
participant Client
participant Server
participant Validator
participant Utils
participant DB
Client->>Server: ListObligationsRequest (optional sort)
Server->>Validator: validate request
Validator-->>Server: validation result
Server->>Utils: GetObligationsSortParams(sort)
Utils-->>Server: (sort_field, sort_direction)
Server->>DB: listObligations(params including sort_field, sort_direction)
DB-->>Server: rows ordered per CASE/ORDER BY
Server-->>Client: ListObligationsResponse (ordered results)
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
dsm20
changed the title
dsm20
changed the title
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces sorting capabilities for the ListObligations endpoint, allowing results to be ordered by name, FQN, creation date, or update date. The implementation includes updates to the protobuf definitions, service logic to parse sort parameters, and SQL queries utilizing CASE statements for dynamic ordering. Comprehensive integration and unit tests have been added to verify the new functionality. Feedback highlights that the SQL implementation lacks the 'id ASC' tie-breaker mentioned in the documentation, which is necessary to ensure deterministic pagination when multiple records share the same timestamp.
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 6
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@docs/grpc/index.html`:
- Line 13206: Restore a non-empty description for the GetObligationRequest entry
in the generated docs by replacing the empty paragraph at the
GetObligationRequest section with a short summary (e.g., "Request message to
retrieve obligation details by ID and optional filters") so the documentation
regains context; locate the GetObligationRequest heading in the generated HTML
and update the empty <p>...</p> into a concise one-line description matching the
request purpose.
- Around line 13573-13580: The docs claim a tie-breaker "id ASC (tie-breaker)"
for ListObligationsRequest.sort/ObligationsSort which is not implemented; update
the HTML table cell describing the sort field in docs/grpc/index.html to remove
or neutralize the specific tie-breaker language and instead state the concrete
default ordering that matches the service (e.g., "created_at DESC" and leave
tie-breaking as implementation-defined or deferred), ensuring the text for the
sort field (the <td> describing ObligationsSort) matches actual endpoint
behavior.
In `@docs/openapi/policy/obligations/obligations.openapi.yaml`:
- Around line 1787-1790: The docs for ListObligationsRequest.sort currently
assert a tie-breaker "then id ASC (tie-breaker)" which is not implemented;
update the description for the ListObligationsRequest.sort field by removing the
tie-breaker clause and any wording that implies a stable secondary ordering,
leaving only the documented default ordering that matches current endpoint
behavior (e.g., "created_at DESC" or the existing default phrasing) so the
OpenAPI text no longer guarantees id ASC as a tie-breaker.
- Around line 547-553: Update the policy.SortDirection schema to document how
SORT_DIRECTION_UNSPECIFIED should be treated: add an endpoint-neutral
description stating that SORT_DIRECTION_UNSPECIFIED maps to ascending order
(UNSPECIFIED => ASC) and note that concrete per-endpoint default ordering should
still be documented in each request's docs; reference the enum value
SORT_DIRECTION_UNSPECIFIED and the schema name policy.SortDirection so the
change is applied to the central enum definition rather than individual
endpoints.
In `@service/integration/obligations_test.go`:
- Around line 1990-2000: The helper createNamedSortTestObligations currently
always uses nsExampleCom so it creates all obligations in one namespace and
masks FQN-based sorting bugs; modify createNamedSortTestObligations to create
obligations across multiple namespaces (e.g., alternate between nsExampleCom and
another test namespace obtained via s.getNamespaceData or accept a namespace
list) by fetching distinct namespaceIDs with s.getNamespaceData (or use existing
namespace fixtures) and using those namespaceIDs when calling
s.createObligation; update the related fixtures/tests (including the similar
code around lines 2036-2064) so the generated obligations span at least two
namespaces to properly exercise full FQN sorting.
In `@service/policy/db/queries/obligations.sql`:
- Around line 190-199: The ORDER BY lacks a final unique tie-breaker, causing
nondeterministic pagination; update the ORDER BY in obligations.sql (the CASE
expressions and final default) to always append od.id ASC as the ultimate
deterministic tie-breaker (so the current tail "od.created_at DESC" becomes
"od.created_at DESC, od.id ASC" and ensure id ASC is applied after any
CASE-driven sort to satisfy the contract "created_at DESC, then id ASC").
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: a2eecd90-c407-411a-a178-4b5469d1885b
⛔ Files ignored due to path filters (1)
protocol/go/policy/obligations/obligations.pb.gois excluded by!**/*.pb.go
📒 Files selected for processing (10)
docs/grpc/index.htmldocs/openapi/policy/obligations/obligations.openapi.yamlservice/integration/obligations_test.goservice/policy/db/obligations.goservice/policy/db/obligations.sql.goservice/policy/db/queries/obligations.sqlservice/policy/db/utils.goservice/policy/db/utils_test.goservice/policy/obligations/obligations.protoservice/policy/obligations/obligations_test.go
Contributor
linter was upset
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Contributor
dsm20
force-pushed
the
add-sort-support-listobligations-api
branch
from
6e0ee93 to
29f6256
Compare
policy-bot-opentdf
Bot
dismissed stale reviews from c-r33d
Invalidated by push of 29f6256
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@service/policy/db/utils_test.go`:
- Around line 655-669: Add a new test case to the existing sort mapping table
that asserts FQN with an explicit DESC direction; specifically create a case
alongside the existing "FQN with ASC" and unspecified-direction cases using an
obligations.ObligationsSort with Field:
obligations.SortObligationsType_SORT_OBLIGATIONS_TYPE_FQN and Direction:
policy.SortDirection_SORT_DIRECTION_DESC, and set expectedField to "fqn" and
expectedDir to "DESC" so the test verifies the mapper returns the correct
descending mapping.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: d6502799-58a3-4a00-9c55-9ce2b45a47cf
📒 Files selected for processing (1)
service/policy/db/utils_test.go
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Contributor
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Contributor
now FQN is simply namespace + obligation name, instead of adding in the arbitrary "/obl/". this is for futureproofing in the event we decide to rename the FQN to some other structure where /obl/ becomes antiquated
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Contributor
Contributor
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Contributor
|
Contributor
c-r33d
approved these changes
Apr 15, 2026
This was referenced Apr 15, 2026
3 tasks
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 17, 2026
🤖 I have created a release *beep* *boop* --- ## [0.24.0](protocol/go/v0.23.0...protocol/go/v0.24.0) (2026-04-17) ### Features * **policy:** add GetObligationTrigger RPC ([#3318](#3318)) ([d68e39d](d68e39d)) * **policy:** add sort ListSubjectMappings API ([#3255](#3255)) ([9d5d757](9d5d757)) * **policy:** add sort support to ListKeyAccessServer ([#3287](#3287)) ([7fae2d7](7fae2d7)) * **policy:** add sort support to listobligations api ([#3300](#3300)) ([9221cac](9221cac)) * **policy:** add sort support to ListSubjectConditionSets API ([#3272](#3272)) ([9010f12](9010f12)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
This was referenced Apr 18, 2026
github-merge-queue Bot
pushed a commit
that referenced
this pull request
Apr 20, 2026
### Proposed Changes Resolves DSPX-2691 - Adds strongly-typed sort support to ListRegisteredResources RPC, following the pattern established in #3223 (ListAttributes), #3255 (ListSubjectMappings), #3272 (ListSubjectConditionSets), #3300 (ListObligations), and the ListKeyAccessServers PR - Sortable fields: name, created_at, updated_at (ASC/DESC), with backward-compatible fallback to created_at DESC ### Changes **Proto** — `service/policy/registeredresources/registered_resources.proto` - `SortRegisteredResourcesType` enum (UNSPECIFIED, NAME, CREATED_AT, UPDATED_AT) - `RegisteredResourcesSort` message (field + direction) - `repeated RegisteredResourcesSort sort = 11` on `ListRegisteredResourcesRequest` with `max_items = 1` constraint - Regenerated protos and docs **SQL** — `service/policy/db/queries/registered_resources.sql` - CASE WHEN sort blocks in `listRegisteredResources` query for 3 fields (6 blocks total) - Fallback `r.created_at DESC` **Go** — `service/policy/db/utils.go` + `service/policy/db/registered_resources.go` - `GetRegisteredResourcesSortParams()`: maps enum to SQL-compatible field/direction strings - `ListRegisteredResources` handler wired to call mapper and pass params to sqlc query - No new constants needed — `sortFieldName`, `sortFieldCreatedAt`, `sortFieldUpdatedAt` already exist **Tests** - 11 unit tests for the enum mapper helper (nil, empty, unspecified, each field + direction, unspecified direction default) - 7 integration tests (name ASC/DESC, created_at ASC/DESC, updated_at ASC/DESC, unspecified fallback) using `createSortTestRegisteredResources` and `createNamedSortTestRegisteredResources` suite helpers - Protovalidate sort constraint test (`TestListRegisteredResourcesRequest_Sort`) ### Notes - otdfctl `--sort` flag deferred to a follow-up, consistent with #3192, #3223, #3255, #3272, and #3300 - Tie-breaker (`r.id ASC`) deferred to a follow-up refactoring ticket ### Checklist - [x] I have added or updated unit tests - [x] I have added or updated integration tests (if appropriate) - [x] I have added or updated documentation ### Testing Instructions <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **New Features** * Added sorting functionality to registered resources lists. Sort by name, creation date, or update date in ascending or descending order. Defaults to creation date (descending) when not specified. * **Documentation** * Updated API documentation with new sorting options and default ordering behavior. * **Tests** * Added integration and unit tests covering all sorting configurations. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Merged
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
Resolves DSPX-2690
Changes
Proto —
service/policy/obligations/obligations.protoSortObligationsTypeenum (UNSPECIFIED, NAME, FQN, CREATED_AT, UPDATED_AT)ObligationsSortmessage (field + direction)repeated ObligationsSort sort = 11onListObligationsRequestwithmax_items = 1constraintSQL —
service/policy/db/queries/obligations.sqllistObligationsquery for 4 fields (8 blocks total)fqns.fqn || '/obl/' || LOWER(od.name)since obligation FQNs aren't stored inattribute_fqnsod.created_at DESCGo —
service/policy/db/utils.go+service/policy/db/obligations.goGetObligationsSortParams(): maps enum to SQL-compatible field/direction stringsListObligationshandler wired to call mapper and pass params to sqlc querysortFieldNameandsortFieldFQNconstants inutils.go(same pattern assortFieldCreatedAt/sortFieldUpdatedAtfrom feat(policy): add sort ListSubjectMappings API #3255)Tests
createSortTestObligationsandcreateNamedSortTestObligationssuite helpersTest_ListObligationsRequest_Sort)Notes
--sortflag deferred to a follow-up, consistent with feat(policy): Add sort support to ListNamespaces API #3192, feat(policy): add sort support to ListAttributes API #3223, feat(policy): add sort ListSubjectMappings API #3255, and feat(policy): add sort support to ListSubjectConditionSets API #3272od.id ASC) deferred to a follow-up refactoring ticketChecklist
Testing Instructions
Summary by CodeRabbit
New Features
Tests
Documentation