feat(cli): Subject mapping commit

[c-r33d]

Proposed Changes

1.) Add logic to commit subject mappings
2.) Wire in action / scs needed deps.

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5cfbcb97-4597-4a96-9253-810843ffce77

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch commit-sm

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces the necessary infrastructure and logic to support subject mapping migrations within the CLI. It wires in the required dependencies and implements the execution flow to ensure subject mappings are correctly created and managed during the migration process.

Highlights

• Subject Mapping Execution: Implemented the core logic for executing subject mapping migrations, including resolving dependencies for actions and subject condition sets.
• Executor Interface Expansion: Updated the ExecutorHandler interface to include CreateNewSubjectMapping, enabling the creation of subject mappings during the migration process.
• Test Coverage: Added comprehensive unit tests for subject mapping execution, covering successful creation, error handling, and status validation.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

The mapping logic now takes flight, To make the policy plans run right. With actions bound and sets in place, We migrate with a steady pace.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request implements the execution logic for migrating subject mappings within the namespaced policy framework. It introduces the CreateNewSubjectMapping method to the ExecutorHandler interface, updates the migration plan to track execution results, and adds the core logic for resolving actions and subject condition sets during migration. Review feedback highlights the need to handle the TargetStatusExistingStandard status for consistency with other migration phases and recommends using the specific namespaces provided in action and subject condition set bindings during lookup to avoid potential resolution failures.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	188.918905ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	90.452882ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	421.699988ms
Throughput	237.14 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.586620899s
Average Latency	403.792028ms
Throughput	123.19 requests/second

[github-actions]

X-Test Failure Report

✅ go-pull-3305
✅ java-pull-3305
✅ js-pull-3305
✅ java-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
govulncheck-failure-8
opentdfplatform73V90Z.dockerbuild
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	192.041638ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.705082ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	403.568044ms
Throughput	247.79 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.680230154s
Average Latency	395.039238ms
Throughput	126.01 requests/second

[github-actions]

X-Test Results

✅ go-pull-3305
✅ go-v0.9.0
✅ java-pull-3305
✅ js-pull-3305
✅ java-v0.9.0
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
opentdfplatformSYUTVL.dockerbuild
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	214.552243ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.466459ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	412.151858ms
Throughput	242.63 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.094374038s
Average Latency	419.017471ms
Throughput	118.78 requests/second

[github-actions]

X-Test Failure Report

✅ java-v0.9.0
✅ js-pull-3305
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
opentdfplatformZLP2AZ.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	194.028458ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	99.520279ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	387.164165ms
Throughput	258.29 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.159811004s
Average Latency	400.144648ms
Throughput	124.50 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go-pull-3305
✅ go-v0.9.0
✅ java-pull-3305
✅ java-v0.9.0
✅ js-pull-3305
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
opentdfplatform8BJ5L8.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-5