Skip to content

feat(sdk): add narrow attribute read API client wrappers#3698

Closed
alkalescent wants to merge 2 commits into
DSPX-2541-attribute-read-apisfrom
DSPX-2541-attribute-read-apis-sdk
Closed

feat(sdk): add narrow attribute read API client wrappers#3698
alkalescent wants to merge 2 commits into
DSPX-2541-attribute-read-apisfrom
DSPX-2541-attribute-read-apis-sdk

Conversation

@alkalescent

Copy link
Copy Markdown
Contributor

Proposed Changes

SDK client wrappers for the narrow attribute read APIs. Stacked on #3634 (proto + generated code).

  • Adds GetKeyMappingsByFqns / GetEntitleableAttributesByFqns to the sdkconnect.AttributesServiceClient interface and connect wrapper.
  • Updates the authorization test mocks that implement that interface (kept with the SDK change since they track this interface).

Plumbing only: switching the granter to consume GetKeyMappingsByFqns, plus an xtest proving split-logic parity with the previous SDK, follow in a separate feature branch.

Stack

  1. feat(policy): add narrow attribute read API protos and generated code #3634 — proto + generated + docs
  2. feat(policy): implement narrow attribute read APIs #3697 — service implementation
  3. this PR — sdk client wrappers

Base is #3634; rebase onto main once it merges.

Add GetKeyMappingsByFqns and GetEntitleableAttributesByFqns RPCs to the
attributes service proto with regenerated protocol/go and docs. The server
methods are Unimplemented stubs here; the DB-backed implementation follows in a
separate service PR so protocol/go releases first.

Signed-off-by: Krish Suchak <[email protected]>
Add GetKeyMappingsByFqns and GetEntitleableAttributesByFqns to the sdkconnect
AttributesServiceClient interface and connect wrapper, and implement the new
methods on the authorization test mocks that satisfy that interface.

Signed-off-by: Krish Suchak <[email protected]>
@alkalescent alkalescent requested review from a team as code owners June 30, 2026 21:34
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: ce31b5af-fd22-4ea4-a1ef-32479921411e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch DSPX-2541-attribute-read-apis-sdk

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added comp:sdk A software development kit, including library, for client applications and inter-service communicati comp:authorization size/s labels Jun 30, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces new client wrapper methods to the SDK for narrow attribute read operations. These changes facilitate future refactoring of the granter logic by providing the necessary plumbing to access key mappings and entitleable attributes via the Connect RPC client.

Highlights

  • SDK Client Expansion: Added GetKeyMappingsByFqns and GetEntitleableAttributesByFqns methods to the AttributesServiceClient interface and the corresponding Connect wrapper.
  • Test Infrastructure: Updated authorization test mocks to implement the new interface methods, ensuring compatibility with the expanded SDK.
New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.


The SDK grows with new calls, To read the attributes behind walls. With mocks now in place, We pick up the pace, As the code base gracefully sprawls.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds two new methods, GetKeyMappingsByFqns and GetEntitleableAttributesByFqns, to the AttributesServiceClient interface and its Connect wrapper implementation. It also updates the corresponding mock clients in the authorization service tests to support these new methods. I have no feedback to provide as there are no review comments.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@alkalescent alkalescent force-pushed the DSPX-2541-attribute-read-apis branch from 10d625d to a40a66d Compare June 30, 2026 21:38
@alkalescent alkalescent requested a review from a team as a code owner June 30, 2026 21:38
@alkalescent

Copy link
Copy Markdown
Contributor Author

Superseded: the generated sdkconnect wrapper is regenerated from the proto by CI (make connect-wrapper-generate, which fails on a dirty tree), so it must ship in the proto PR #3634 along with the AttributesServiceClient mocks it forces. The meaningful SDK change (switching the granter to consume GetKeyMappingsByFqns) plus the xtest parity test will be a separate feature branch.

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 216.407807ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 113.706709ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 420.935631ms
Throughput 237.57 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 46.247538729s
Average Latency 461.004237ms
Throughput 108.11 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • examples
  • otdfctl
  • sdk
  • service
  • lib/fixtures
  • tests-bdd

See the workflow run for details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp:authorization comp:sdk A software development kit, including library, for client applications and inter-service communicati size/s

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant