feat(cli): DSPX-2998 namespace flags for resource mapping commands#3576
feat(cli): DSPX-2998 namespace flags for resource mapping commands#3576alkalescent wants to merge 1 commit into
Conversation
- Add --namespace-id and --namespace-fqn to resource-mappings create and update, and as filters on resource-mappings list. - Add --namespace-id and --namespace-fqn filters to resource-mapping-groups list. - Surface the owning namespace in command output. Stacked on the service PR (#3567). Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces namespace-aware resource mapping management to the otdfctl CLI. By adding support for namespace identifiers and fully qualified names (FQN) as both input flags and filter criteria, the changes allow for more granular control and visibility over resource mappings and their associated groups. These updates align the CLI with the backend service's resource mapping architecture. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Commands grow with namespace in sight, Filtering resources with all of our might. Flags added to lists and to create, Keeping our mappings all perfectly straight. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds support for namespace filtering via namespace-id and namespace-fqn flags across the resource mapping and resource mapping group commands, updating the CLI flags, documentation, and handler methods. The feedback recommends propagating context.Context from the CLI commands down to the SDK calls in CreateResourceMapping and UpdateResourceMapping instead of using context.Background(), which ensures proper cancellation, timeouts, and tracing.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| // Creates and returns the created resource mapping | ||
| func (h *Handler) CreateResourceMapping(attributeID string, terms []string, grpID string, metadata *common.MetadataMutable) (*policy.ResourceMapping, error) { | ||
| func (h *Handler) CreateResourceMapping(attributeID string, terms []string, grpID, namespaceID, namespaceFqn string, metadata *common.MetadataMutable) (*policy.ResourceMapping, error) { |
There was a problem hiding this comment.
In Go, it is a best practice to propagate context.Context to downstream handlers and SDK calls rather than using context.Background(). This enables proper cancellation, timeouts, and tracing.
Please update the signature of CreateResourceMapping to accept ctx context.Context as the first parameter, and use it in the CreateResourceMapping SDK call on the next line.
| func (h *Handler) CreateResourceMapping(attributeID string, terms []string, grpID, namespaceID, namespaceFqn string, metadata *common.MetadataMutable) (*policy.ResourceMapping, error) { | |
| func (h *Handler) CreateResourceMapping(ctx context.Context, attributeID string, terms []string, grpID, namespaceID, namespaceFqn string, metadata *common.MetadataMutable) (*policy.ResourceMapping, error) { |
| // TODO: verify updation behavior | ||
| // Updates and returns the updated resource mapping | ||
| func (h *Handler) UpdateResourceMapping(id string, attrValueID string, grpID string, terms []string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.ResourceMapping, error) { | ||
| func (h *Handler) UpdateResourceMapping(id, attrValueID, grpID, namespaceID, namespaceFqn string, terms []string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.ResourceMapping, error) { |
There was a problem hiding this comment.
In Go, it is a best practice to propagate context.Context to downstream handlers and SDK calls rather than using context.Background(). This enables proper cancellation, timeouts, and tracing.
Please update the signature of UpdateResourceMapping to accept ctx context.Context as the first parameter, and use it in the UpdateResourceMapping SDK call on the next line.
| func (h *Handler) UpdateResourceMapping(id, attrValueID, grpID, namespaceID, namespaceFqn string, terms []string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.ResourceMapping, error) { | |
| func (h *Handler) UpdateResourceMapping(ctx context.Context, id, attrValueID, grpID, namespaceID, namespaceFqn string, terms []string, metadata *common.MetadataMutable, behavior common.MetadataUpdateEnum) (*policy.ResourceMapping, error) { |
| metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0}) | ||
|
|
||
| resourceMapping, err := h.CreateResourceMapping(attrID, terms, grpID, getMetadataMutable(metadataLabels)) | ||
| resourceMapping, err := h.CreateResourceMapping(attrID, terms, grpID, nsID, nsFqn, getMetadataMutable(metadataLabels)) |
There was a problem hiding this comment.
Pass the command's context (cmd.Context()) to the updated CreateResourceMapping handler method to support proper context propagation.
| resourceMapping, err := h.CreateResourceMapping(attrID, terms, grpID, nsID, nsFqn, getMetadataMutable(metadataLabels)) | |
| resourceMapping, err := h.CreateResourceMapping(cmd.Context(), attrID, terms, grpID, nsID, nsFqn, getMetadataMutable(metadataLabels)) |
| metadataLabels = c.Flags.GetStringSlice("label", metadataLabels, cli.FlagsStringSliceOptions{Min: 0}) | ||
|
|
||
| resourceMapping, err := h.UpdateResourceMapping(id, attrValueID, grpID, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior()) | ||
| resourceMapping, err := h.UpdateResourceMapping(id, attrValueID, grpID, nsID, nsFqn, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior()) |
There was a problem hiding this comment.
Pass the command's context (cmd.Context()) to the updated UpdateResourceMapping handler method to support proper context propagation.
| resourceMapping, err := h.UpdateResourceMapping(id, attrValueID, grpID, nsID, nsFqn, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior()) | |
| resourceMapping, err := h.UpdateResourceMapping(cmd.Context(), id, attrValueID, grpID, nsID, nsFqn, terms, getMetadataMutable(metadataLabels), getMetadataUpdateBehavior()) |
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
|
1 participant
Proposed Changes
Third PR in the stacked series for DSPX-2998. Adds otdfctl support for the new resource mapping namespace fields. Stacked on #3567 (service) — review/merge that first.
policy resource-mappings create/update: add--namespace-idand--namespace-fqn.policy resource-mappings list: add--namespace-id/--namespace-fqnfilters.policy resource-mapping-groups list: add--namespace-id/--namespace-fqnfilters.Migration note (AC3)
Migration support is delivered as a SQL backfill in the service PR (#3567), not via the
otdfctl migrategraph framework. Rationale: RMGs are already mandatorily namespaced (nothing to migrate), and a grouped RM's owning namespace is fully determined by its group, so existing data just needsnamespace_idbackfilled from the group. The create-only graph framework (built for previously-global actions/SM/SCS/RR) is not a natural fit. This was confirmed as the chosen approach.Checklist
Testing Instructions
otdfctl policy resource-mappings create --help(shows the new flags); create/list mappings with--namespace-id/--namespace-fqnagainst a running platform.Related