fix(cli): Prune was not classifying multi-namespaced RRs properly.#3488
Conversation
|
Warning Rate limit exceeded
You’ve run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (2)
📝 WalkthroughWalkthroughThe PR refactors registered resource pruning in the namespaced-policy planner to replace a source-mismatch verification flow with simpler multi-namespace conflict detection. It removes the ChangesRegistered Resource Prune Refactoring
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request updates the CLI prune logic to handle multi-namespaced Registered Resources more safely. Rather than attempting to automatically resolve and prune these resources, which could lead to inconsistent states, the system now flags them as blocked and prompts for manual deletion. This change also simplifies the internal prune planning infrastructure by removing unnecessary verification steps and interactive review dependencies. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. In namespaces deep where resources reside, We found a split that we could not hide. No automated path for this messy state, Manual deletion is now the fate. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request refactors the prune planner by removing the FullSource field from PruneRegisteredResourcePlan and eliminating the need for interactive review during planning. It introduces a MultiNamespaceManualDelete status to handle multi-namespace legacy registered resources that cannot be automatically deleted. The reviewer identified a discrepancy in the test expectation for the new manual delete reason message, which needs to be corrected to match the defined constant.
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
c-r33d
changed the title
c-r33d
changed the title
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
|
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
🤖 I have created a release *beep* *boop* --- ## [0.32.0](opentdf/platform@otdfctl/v0.31.0...otdfctl/v0.32.0) (2026-05-19) ### Features * **cli:** Add better unit testing. ([opentdf#3378](opentdf#3378)) ([3ad33dc](opentdf@3ad33dc)) * **cli:** Add interactive review for prune plans ([opentdf#3421](opentdf#3421)) ([c11680b](opentdf@c11680b)) * **cli:** Add prune confirmation. ([opentdf#3469](opentdf#3469)) ([c6d47ec](opentdf@c6d47ec)) * **cli:** Add prune planner. ([opentdf#3411](opentdf#3411)) ([3e294e6](opentdf@3e294e6)) * **cli:** Add prune summary information ([opentdf#3456](opentdf#3456)) ([c900c53](opentdf@c900c53)) * **cli:** add sensitive flag annotation to DocFlag ([opentdf#3457](opentdf#3457)) ([98f48d2](opentdf@98f48d2)) * **cli:** Confirm and execute pruning of legacy objects ([opentdf#3458](opentdf#3458)) ([24c09dd](opentdf@24c09dd)) * **cli:** Print report on failure ([opentdf#3365](opentdf#3365)) ([05a4473](opentdf@05a4473)) * **cli:** Sort parameters. ([opentdf#3478](opentdf#3478)) ([73ad878](opentdf@73ad878)) * **policy:** Add FQN to RegisteredResourceValues ([opentdf#3446](opentdf#3446)) ([3199583](opentdf@3199583)) * **policy:** Add resource mapping group FQNs ([opentdf#3447](opentdf#3447)) ([6a0b3c6](opentdf@6a0b3c6)) ### Bug Fixes * **cli:** Prune was not classifying multi-namespaced RRs properly. ([opentdf#3488](opentdf#3488)) ([eae8645](opentdf@eae8645)) * **cli:** support json profile output ([opentdf#3448](opentdf#3448)) ([61f194c](opentdf@61f194c)) * **deps:** bump github.com/opentdf/platform/lib/identifier from 0.3.0 to 0.4.0 in /otdfctl ([opentdf#3367](opentdf#3367)) ([aa23179](opentdf@aa23179)) * **deps:** bump github.com/opentdf/platform/protocol/go from 0.27.0 to 0.28.0 in /otdfctl ([opentdf#3419](opentdf#3419)) ([c80374f](opentdf@c80374f)) * **deps:** bump github.com/opentdf/platform/sdk from 0.16.0 to 0.17.0 in /otdfctl ([opentdf#3397](opentdf#3397)) ([bb9fcd6](opentdf@bb9fcd6)) * **deps:** bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /otdfctl ([opentdf#3400](opentdf#3400)) ([5631c37](opentdf@5631c37)) * **deps:** bump module protocol/go to v0.30.0 throughout ([opentdf#3459](opentdf#3459)) ([8eaa502](opentdf@8eaa502)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com> Co-authored-by: Chris Reed <87077975+c-r33d@users.noreply.github.com>
2 participants
1.) RRs with multi-namespaces should be classified as
Blockedand require manual deletion.Note
While we could attempt to locate all the
piecesof a split RR across different namespaces. I think it's better to justhave the customer manually delete / handle multi-namespace pruning since trying to do this for customers could
result in a brittle workflow.
Summary by CodeRabbit
Bug Fixes
Chores