feat(policy): add search support to ListAttributes

[c-r33d]

Summary

• Adds ListAttributes RPC search support by wiring request search into the policy DB list query.
• Applies escaped, case-insensitive matching in the attributes SQL path and adds integration coverage for search behavior, wildcard literals, empty search, and pagination after filtering.

Summary by CodeRabbit

• New Features

  • Added search functionality for attributes, including filtering by fully qualified name with wildcard escaping and combined namespace/state filters.

• Tests

  • Added comprehensive integration tests for attribute search operations, including pagination and filter combinations.

• Chores

  • Updated sqlc tool to version 1.31.1.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 34554b7a-7f93-4295-acdf-0d78827c312a

📥 Commits

Reviewing files that changed from the base of the PR and between fe0ee3f and 042dd42.

📒 Files selected for processing (20)

• .github/workflows/checks.yaml
• Makefile
• service/integration/attributes_test.go
• service/integration/utils.go
• service/policy/db/actions.sql.go
• service/policy/db/attribute_fqn.sql.go
• service/policy/db/attribute_values.sql.go
• service/policy/db/attributes.go
• service/policy/db/attributes.sql.go
• service/policy/db/copyfrom.go
• service/policy/db/db.go
• service/policy/db/key_access_server_registry.sql.go
• service/policy/db/key_management.sql.go
• service/policy/db/models.go
• service/policy/db/namespaces.sql.go
• service/policy/db/obligations.sql.go
• service/policy/db/queries/attributes.sql
• service/policy/db/registered_resources.sql.go
• service/policy/db/resource_mapping.sql.go
• service/policy/db/subject_mappings.sql.go

---

📝 Walkthrough

Walkthrough

This PR upgrades sqlc to v1.31.1 and introduces optional search filtering to the ListAttributes query. The search feature filters attribute results by FQN using LIKE pattern matching, validated with five new integration tests. Existing sort tests are refactored to use namespace-based cleanup.

Changes

Attributes search and sqlc upgrade

Layer / File(s)	Summary
Tool version coordination (sqlc 1.31.1) .github/workflows/checks.yaml, Makefile, service/policy/db/*.sql.go	sqlc version bumped from 1.31.0 to 1.31.1 in CI workflow and build manifest, then 15 autogenerated database files regenerated with the updated version in their header comments.
Search filter in ListAttributes query service/policy/db/queries/attributes.sql, service/policy/db/attributes.sql.go, service/policy/db/attributes.go	listAttributesDetail SQL query adds an optional search filter matching fqns.fqn by LIKE pattern with escape handling; generated Go struct adds Search pgtype.Text parameter with placeholder renumbering; ListAttributes extracts search term from request and passes it to the updated query.
Test infrastructure and search integration tests service/integration/utils.go, service/integration/attributes_test.go	New deleteNamespaces helper for test cleanup via PolicyClient; sort tests refactored to clean up via namespace deletion instead of attribute-row deletion; five new test methods validate search by FQN, wildcard escaping, combined filters, empty-term behavior, and pagination sequencing.

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• opentdf/platform#3223: Adds sort parameter support to ListAttributes and modifies the same listAttributesDetail query; overlaps at parameter wiring and query construction checkpoints.

Suggested reviewers

• elizabethhealy

🐰 A search through the attributes gleams,
With LIKE and ESCAPE joined in SQL dreams,
Now queries find what names and patterns seek,
From FQNs filtered, the results speak!
Tests validate each search and each page,
A wildcard-safe escape upon this stage. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'feat(policy): add search support to ListAttributes' clearly and concisely summarizes the main change: adding search functionality to the ListAttributes operation in the policy service.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dspx-2737-listattributes-search

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces search capabilities to the ListAttributes RPC, enabling more efficient discovery of attributes within the policy system. By integrating search parameters directly into the database query layer, the changes ensure that filtering is performed efficiently at the database level while maintaining support for existing pagination and sorting logic.

Highlights

• Search Support: Added search functionality to the ListAttributes RPC, allowing users to filter attributes by name or FQN.
• SQL Implementation: Updated the policy database query to include case-insensitive matching with escaped wildcard support for robust searching.
• Integration Testing: Expanded the integration test suite to cover various search scenarios, including empty queries, wildcard literals, and pagination behavior.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

A search term flows through SQL streams, / To find the attributes of dreams. / With wildcards escaped and logic aligned, / The data you seek is now easily found.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	198.170193ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	94.4704ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	436.907247ms
Throughput	228.88 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	47.245192417s
Average Latency	470.68243ms
Throughput	105.83 requests/second

[gemini-code-assist]

Code Review

This pull request introduces search functionality when listing attributes, allowing users to filter by name or FQN with proper wildcard escaping, and includes comprehensive integration tests. The reviewer recommended removing redundant LOWER() function calls in the SQL search query to optimize performance, as the database values and search term are already in lowercase.

[github-actions]

X-Test Results

✅ go@main-pull-3554
✅ go@main-v0.9.0
✅ java@main-v0.9.0
✅ js@main-pull-3554
✅ java@main-pull-3554
✅ js@main-v0.9.0
cukes-report
opentdfplatformIPXYR6.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-0
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	162.895731ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	73.158447ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	403.839506ms
Throughput	247.62 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.179999367s
Average Latency	420.310752ms
Throughput	118.54 requests/second

[github-actions]

X-Test Results

✅ go@main-pull-3554
✅ go@main-v0.9.0
✅ java@main-pull-3554
✅ js@main-pull-3554
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdfplatformY1FM60.dockerbuild
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-8
govulncheck-failure-5
govulncheck-failure-0

[github-actions]

X-Test Failure Report

govulncheck-failure-1
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	188.237693ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	88.946071ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	435.247826ms
Throughput	229.75 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.748441707s
Average Latency	435.261759ms
Throughput	114.29 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	179.479628ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	90.726172ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	442.802127ms
Throughput	225.83 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.672425968s
Average Latency	435.102216ms
Throughput	114.49 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[c-r33d]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[github-actions]

X-Test Results

✅ go@main-pull-3554
✅ go@main-v0.9.0
✅ java@main-pull-3554
✅ java@main-v0.9.0
✅ js@main-pull-3554
✅ js@main-v0.9.0
cukes-report
opentdfplatformWBKEZT.dockerbuild
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-5

[elizabethhealy]

lgtm