Skip to content

fix(policy): order List* results by created_at#3088

Merged
jakedoublev merged 13 commits into
mainfrom
fix/DSPX-2367
Feb 20, 2026
Merged

fix(policy): order List* results by created_at#3088
jakedoublev merged 13 commits into
mainfrom
fix/DSPX-2367

Conversation

@jakedoublev

@jakedoublev jakedoublev commented Feb 19, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Order all List* SQL queries in Policy APIs by created_at (newest first) and regenerate sqlc outputs (except ListKeyAccessGrants which is deprecated)
  • Add deterministic integration tests asserting List* ordering across policy objects
  • Bump otel dependencies to resolve govulncheck failure

Signed-off-by: jakedoublev <jake.vanvorhis@virtru.com>
@jakedoublev
jakedoublev requested review from a team as code owners February 19, 2026 16:51
@github-actions github-actions Bot added comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) size/s labels Feb 19, 2026
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello @jakedoublev, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request standardizes the retrieval order for all list operations within the policy service. By enforcing ordering by creation timestamp, it enhances the predictability and reliability of data presentation. The changes are thoroughly validated with new integration tests, ensuring that clients consistently receive ordered results.

Highlights

  • Consistent List Ordering: Implemented ORDER BY created_at clauses across all List* SQL queries within the policy service to ensure deterministic and consistent ordering of results.
  • Integration Tests: Added comprehensive integration tests to verify that all List* operations correctly order their results by the created_at timestamp.
  • SQL Query Updates: Modified numerous SQL queries and their generated Go code (sqlc outputs) to incorporate the new ordering logic, including changing some DESC orders to ASC for created_at.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • service/integration/actions_test.go
    • Added Test_ListActions_OrdersByCreatedAt_Succeeds to verify the ordering of actions by creation time.
  • service/integration/attribute_values_test.go
    • Added Test_ListAttributeValues_OrdersByCreatedAt_Succeeds to verify the ordering of attribute values by creation time.
  • service/integration/attributes_test.go
    • Added Test_ListAttributes_OrdersByCreatedAt_Succeeds to verify the ordering of attributes by creation time.
  • service/integration/kas_registry_key_test.go
    • Added Test_ListKeys_OrdersByCreatedAt_Succeeds to verify the ordering of KAS keys by creation time.
    • Added Test_ListKeyMappings_OrdersByCreatedAt_Succeeds to verify the ordering of KAS key mappings by creation time.
  • service/integration/kas_registry_test.go
    • Added Test_ListKeyAccessServers_OrdersByCreatedAt_Succeeds to verify the ordering of KAS servers by creation time.
    • Added Test_ListKeyAccessServerGrants_OrdersByCreatedAt_Succeeds to verify the ordering of KAS server grants by creation time.
  • service/integration/keymanagement_test.go
    • Added Test_ListProviderConfig_OrdersByCreatedAt_Succeeds to verify the ordering of provider configurations by creation time.
  • service/integration/list_order_helpers_test.go
    • Added a generic helper function assertIDsInOrder to assert the order of IDs in a slice of items.
  • service/integration/namespaces_test.go
    • Added Test_ListNamespaces_OrdersByCreatedAt_Succeeds to verify the ordering of namespaces by creation time.
  • service/integration/obligation_triggers_test.go
    • Added Test_ListObligationTriggers_OrdersByCreatedAt_Succeeds to verify the ordering of obligation triggers by creation time.
  • service/integration/obligations_test.go
    • Added Test_ListObligations_OrdersByCreatedAt_Succeeds to verify the ordering of obligations by creation time.
  • service/integration/registered_resources_test.go
    • Added Test_ListRegisteredResources_OrdersByCreatedAt_Succeeds to verify the ordering of registered resources by creation time.
    • Added Test_ListRegisteredResourceValues_OrdersByCreatedAt_Succeeds to verify the ordering of registered resource values by creation time.
  • service/integration/resource_mappings_test.go
    • Added Test_ListResourceMappingGroups_OrdersByCreatedAt_Succeeds to verify the ordering of resource mapping groups by creation time.
    • Added Test_ListResourceMappings_OrdersByCreatedAt_Succeeds to verify the ordering of resource mappings by creation time.
    • Added Test_ListResourceMappingsByGroupFqns_OrdersByCreatedAt_Succeeds to verify the ordering of resource mappings by group FQNs by creation time.
  • service/integration/subject_mappings_test.go
    • Added Test_ListSubjectMappings_OrdersByCreatedAt_Succeeds to verify the ordering of subject mappings by creation time.
    • Added Test_ListSubjectConditionSet_OrdersByCreatedAt_Succeeds to verify the ordering of subject condition sets by creation time.
  • service/policy/db/actions.sql.go
    • Updated listActions query to order results by created_at.
  • service/policy/db/attribute_values.sql.go
    • Updated listAttributeValues query to order results by created_at.
  • service/policy/db/attributes.sql.go
    • Updated listAttributesByDefOrValueFqns and listAttributesDetail queries to include created_at in GROUP BY and ORDER BY clauses.
    • Updated listAttributesSummary query to order results by created_at.
  • service/policy/db/key_access_server_registry.sql.go
    • Updated listKeyAccessServerGrants and listKeyAccessServers queries to include created_at in GROUP BY and ORDER BY clauses.
    • Changed listKeys query to order results by created_at in ascending order instead of descending.
  • service/policy/db/key_management.sql.go
    • Updated listProviderConfigs query to order results by created_at.
  • service/policy/db/namespaces.sql.go
    • Updated listNamespaces query to order results by created_at.
  • service/policy/db/obligations.sql.go
    • Changed listObligationTriggers query to order results by created_at in ascending order instead of descending.
    • Updated listObligations query to order results by created_at.
  • service/policy/db/queries/actions.sql
    • Added ORDER BY a.created_at to the listActions query.
  • service/policy/db/queries/attribute_values.sql
    • Added ORDER BY av.created_at to the listAttributeValues query.
  • service/policy/db/queries/attributes.sql
    • Added ORDER BY ad.created_at to listAttributesDetail and listAttributesSummary queries.
    • Included ad.created_at in the target_definition CTE and GROUP BY clause for listAttributesByDefOrValueFqns.
  • service/policy/db/queries/key_access_server_registry.sql
    • Added kas.created_at to the listed CTE and GROUP BY clause for listKeyAccessServerGrants.
    • Added ORDER BY listed.kas_created_at to listKeyAccessServerGrants.
    • Added ORDER BY kas.created_at to listKeyAccessServers.
    • Changed ORDER BY kask.created_at DESC to ORDER BY kask.created_at in listKeys.
  • service/policy/db/queries/key_management.sql
    • Added ORDER BY pc.created_at to the listProviderConfigs query.
  • service/policy/db/queries/namespaces.sql
    • Added ORDER BY ns.created_at to the listNamespaces query.
  • service/policy/db/queries/obligations.sql
    • Added ORDER BY od.created_at to the listObligations query.
    • Changed ORDER BY ot.created_at DESC to ORDER BY ot.created_at in listObligationTriggers.
  • service/policy/db/queries/registered_resources.sql
    • Added ORDER BY r.created_at to listRegisteredResources query.
    • Added ORDER BY v.created_at to listRegisteredResourceValues query.
    • Removed trailing newline from deleteRegisteredResourceActionAttributeValues query.
  • service/policy/db/queries/resource_mapping.sql
    • Added ORDER BY rmg.created_at to listResourceMappingGroups query.
    • Added ORDER BY m.created_at to listResourceMappings and listResourceMappingsByFullyQualifiedGroup queries.
  • service/policy/db/queries/subject_mappings.sql
    • Added ORDER BY scs.created_at to listSubjectConditionSets query.
    • Added ORDER BY sm.created_at to listSubjectMappings query.
  • service/policy/db/registered_resources.sql.go
    • Updated listRegisteredResourceValues query to order results by created_at.
    • Updated listRegisteredResources query to order results by created_at.
  • service/policy/db/resource_mapping.sql.go
    • Updated listResourceMappingGroups query to order results by created_at.
    • Updated listResourceMappings and listResourceMappingsByFullyQualifiedGroup queries to order results by created_at.
  • service/policy/db/subject_mappings.sql.go
    • Updated listSubjectConditionSets query to order results by created_at.
    • Updated listSubjectMappings query to order results by created_at.
Activity
  • The author applied gofmt locally, but gofumpt was not available in their environment for full formatting checks.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.


Data flows like time, Ordered by creation's start, Tests confirm the truth.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly introduces ordering by created_at for all List* SQL queries to ensure deterministic results. This is a good practice for API stability, especially for pagination. The changes are consistently applied across all relevant SQL queries and the corresponding sqlc generated code. Additionally, new integration tests have been added to verify this ordering behavior, which is excellent. A new test helper assertIDsInOrder has been introduced to simplify these tests and reduce code duplication. I have one minor suggestion to improve test consistency.

Comment thread service/integration/subject_mappings_test.go Outdated
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 212.896124ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 100.05018ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 373.32243ms
Throughput 267.86 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.377595598s
Average Latency 402.44029ms
Throughput 123.83 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor

X-Test Failure Report

opentdfplatformTES1PR.dockerbuild

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 154.480862ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 81.839896ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 385.359924ms
Throughput 259.50 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.93427022s
Average Latency 397.642086ms
Throughput 125.21 requests/second

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 202.773718ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 98.45478ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 378.715559ms
Throughput 264.05 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.353941036s
Average Latency 401.554341ms
Throughput 123.90 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 201.447815ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 100.325009ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 379.233591ms
Throughput 263.69 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.780656497s
Average Latency 415.939707ms
Throughput 119.67 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@jakedoublev
jakedoublev marked this pull request as draft February 19, 2026 17:37
@jakedoublev

Copy link
Copy Markdown
Contributor Author

/gemini would ORDER BY ... DESC be more standard?

@gemini-code-assist

Copy link
Copy Markdown
Contributor

That's a great question, @jakedoublev!

You're right that for many list operations, ORDER BY created_at DESC (displaying the newest items first) is a very common and often preferred standard, as users typically want to see the most recent data.

In this pull request, the changes standardize the List* operations to ORDER BY created_at (ascending order, meaning oldest items first). The PR description mentions "standardizes the retrieval order for all list operations" and specifically notes "changing some DESC orders to ASC for created_at."

This indicates a deliberate choice to order from oldest to newest. Is there a specific reason or requirement for this ascending order in the policy service, or was the intent to ensure a consistent, albeit oldest-first, ordering?

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 193.654821ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 97.29551ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 367.146071ms
Throughput 272.37 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.79469878s
Average Latency 386.622256ms
Throughput 128.88 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 195.743549ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 99.115044ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 388.317845ms
Throughput 257.52 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.57236376s
Average Latency 393.931962ms
Throughput 126.35 requests/second

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 200.040799ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 103.362554ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 378.565928ms
Throughput 264.15 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.220661583s
Average Latency 410.478748ms
Throughput 121.30 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

X-Test Failure Report

opentdfplatformPK8082.dockerbuild
cukes-report

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 194.917807ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 96.637886ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 370.835215ms
Throughput 269.66 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.71618601s
Average Latency 395.143618ms
Throughput 125.89 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

X-Test Failure Report

opentdfplatform8P5C6L.dockerbuild
cukes-report

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 194.858204ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 99.035639ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 389.939216ms
Throughput 256.45 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.877183501s
Average Latency 386.627065ms
Throughput 128.61 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

Comment thread service/integration/kas_registry_key_test.go
@jakedoublev
jakedoublev marked this pull request as ready for review February 20, 2026 16:41
@jakedoublev
jakedoublev requested review from a team as code owners February 20, 2026 16:41
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 192.411387ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 96.352517ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 361.053453ms
Throughput 276.97 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.500897083s
Average Latency 383.474525ms
Throughput 129.87 requests/second

Comment thread service/policy/db/queries/attributes.sql
@github-actions

Copy link
Copy Markdown
Contributor

@jakedoublev
jakedoublev added this pull request to the merge queue Feb 20, 2026
Merged via the queue into main with commit ea90ac2 Feb 20, 2026
39 checks passed
@jakedoublev
jakedoublev deleted the fix/DSPX-2367 branch February 20, 2026 17:46
github-merge-queue Bot pushed a commit that referenced this pull request Mar 11, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.14.0](sdk/v0.13.0...sdk/v0.14.0)
(2026-03-11)


### Features

* **sdk:** DSPX-2418 add attribute discovery methods
([#3082](#3082))
([aeeaadd](aeeaadd))


### Bug Fixes

* **ci:** Upgrade toolchain version to 1.25.8
([#3116](#3116))
([e1b7882](e1b7882))
* **policy:** order List* results by created_at
([#3088](#3088))
([ea90ac2](ea90ac2))
* **sdk:** remove testcontainers from consumer dependency graph
([#3129](#3129))
([f17dcdd](f17dcdd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
JBCongdon pushed a commit to JBCongdon/platform that referenced this pull request May 24, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.14.0](opentdf/platform@service/v0.13.0...service/v0.14.0)
(2026-04-21)


### ⚠ BREAKING CHANGES

* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))

### Features

* **authz:** Namespaced policy in decisioning
([opentdf#3226](opentdf#3226))
([0355934](opentdf@0355934))
* **cli:** migrate otdfctl into platform monorepo
([opentdf#3205](opentdf#3205))
([5177bec](opentdf@5177bec))
* fix tracing ([opentdf#3242](opentdf#3242))
([57e5680](opentdf@57e5680))
* **policy:** add GetObligationTrigger RPC
([opentdf#3318](opentdf#3318))
([d68e39d](opentdf@d68e39d))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
([bedc9b3](opentdf@bedc9b3))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))
([04fd85d](opentdf@04fd85d))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
([c0443f1](opentdf@c0443f1))
* **policy:** add sort ListSubjectMappings API
([opentdf#3255](opentdf#3255))
([9d5d757](opentdf@9d5d757))
* **policy:** Add sort support listregisteredresources api
([opentdf#3312](opentdf#3312))
([91a3ff3](opentdf@91a3ff3))
* **policy:** add sort support to ListAttributes API
([opentdf#3223](opentdf#3223))
([ec3312f](opentdf@ec3312f))
* **policy:** add sort support to ListKeyAccessServer
([opentdf#3287](opentdf#3287))
([7fae2d7](opentdf@7fae2d7))
* **policy:** Add sort support to ListNamespaces API
([opentdf#3192](opentdf#3192))
([aac86cd](opentdf@aac86cd))
* **policy:** add sort support to listobligations api
([opentdf#3300](opentdf#3300))
([9221cac](opentdf@9221cac))
* **policy:** add sort support to ListSubjectConditionSets API
([opentdf#3272](opentdf#3272))
([9010f12](opentdf@9010f12))
* **policy:** add SortField proto and update PageRequest for sort
support ([opentdf#3187](opentdf#3187))
([6cf1862](opentdf@6cf1862))
* **policy:** Enforce same namespace when actions referenced downstream
([opentdf#3206](opentdf#3206))
([4b5463a](opentdf@4b5463a))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
([6db1883](opentdf@6db1883))
* **policy:** Namespace subject mappings and condition sets
([opentdf#3172](opentdf#3172))
([6deed50](opentdf@6deed50))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
([3006780](opentdf@3006780))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
([8948018](opentdf@8948018))
* **policy:** rollback migration strategy for namespaced actions
([opentdf#3235](opentdf#3235))
([f7e5e01](opentdf@f7e5e01))
* **policy:** Seed existing namespaces with standard actions
([opentdf#3228](opentdf#3228))
([12136b0](opentdf@12136b0))
* **policy:** Seed namespaces with standard actions on creation +
namespaced actions for obligation triggers
([opentdf#3161](opentdf#3161))
([984d76b](opentdf@984d76b))


### Bug Fixes

* **ci:** Upgrade toolchain version to 1.25.8
([opentdf#3116](opentdf#3116))
([e1b7882](opentdf@e1b7882))
* **core:** do not concat slashes directly in url/file paths
([opentdf#3290](opentdf#3290))
([114c2a7](opentdf@114c2a7))
* **deps:** bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 in /service
([opentdf#3316](opentdf#3316))
([017362e](opentdf@017362e))
* **deps:** bump github.com/opentdf/platform/lib/identifier from 0.2.0
to 0.3.0 in /service
([opentdf#3162](opentdf#3162))
([8bc5dcd](opentdf@8bc5dcd))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.16.0 to
0.17.0 in /service
([opentdf#3125](opentdf#3125))
([29fec61](opentdf@29fec61))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.17.0 to
0.21.0 in /service
([opentdf#3220](opentdf#3220))
([e63add2](opentdf@e63add2))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.21.0 to
0.22.0 in /service
([opentdf#3248](opentdf#3248))
([1ebce73](opentdf@1ebce73))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.22.0 to
0.23.0 in /service
([opentdf#3271](opentdf#3271))
([3338b8e](opentdf@3338b8e))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.23.0 to
0.24.0 in /service
([opentdf#3321](opentdf#3321))
([78e6022](opentdf@78e6022))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.24.0 to
0.25.0 in /service
([opentdf#3333](opentdf#3333))
([3940bf8](opentdf@3940bf8))
* **deps:** bump github.com/opentdf/platform/sdk from 0.13.0 to 0.16.0
in /service ([opentdf#3356](opentdf#3356))
([5617077](opentdf@5617077))
* **deps:** bump
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from
1.42.0 to 1.43.0 in /service
([opentdf#3282](opentdf#3282))
([046374a](opentdf@046374a))
* **deps:** bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in
/service ([opentdf#3281](opentdf#3281))
([56b33f2](opentdf@56b33f2))
* **deps:** bump google.golang.org/grpc from 1.77.0 to 1.79.3 in
/service ([opentdf#3176](opentdf#3176))
([3289502](opentdf@3289502))
* **deps:** remove direct github.com/docker/docker dependency
([opentdf#3229](opentdf#3229))
([2becb27](opentdf@2becb27))
* **deps:** upgrade testcontainers-go to resolve vulns
([opentdf#3299](opentdf#3299))
([72c6f9b](opentdf@72c6f9b))
* **ers:** include standard JWT claims in claims mode entity resolution
([opentdf#3196](opentdf#3196))
([6d50da1](opentdf@6d50da1))
* **ers:** ldap multi-strategy ers
([opentdf#3117](opentdf#3117))
([d3aaf1a](opentdf@d3aaf1a))
* **policy:** deprecate ListAttributeValues in favor of existing
GetAttribute ([opentdf#3108](opentdf#3108))
([7e17c2d](opentdf@7e17c2d))
* **policy:** make obligation trigger uniqueness client-aware
([opentdf#3114](opentdf#3114))
([9265bc3](opentdf@9265bc3))
* **policy:** omit empty attribute values from create responses
([opentdf#3193](opentdf#3193))
([d298378](opentdf@d298378))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
([10d0c0f](opentdf@10d0c0f))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
([c20f039](opentdf@c20f039))
* **policy:** order List* results by created_at
([opentdf#3088](opentdf#3088))
([ea90ac2](opentdf@ea90ac2))
* **sdk:** normalize issuer URL before OIDC discovery
([opentdf#3261](opentdf#3261))
([61f98c9](opentdf@61f98c9))
* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
([f04a385](opentdf@f04a385))
* **sdk:** remove testcontainers from consumer dependency graph
([opentdf#3129](opentdf#3129))
([f17dcdd](opentdf@f17dcdd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) size/s

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants