Skip to content

feat(policy): add sort support to ListAttributes API #3223

Merged
dsm20 merged 28 commits into
mainfrom
feat/DSPX-2682-add-sort-listattributes
Apr 6, 2026
Merged

feat(policy): add sort support to ListAttributes API #3223
dsm20 merged 28 commits into
mainfrom
feat/DSPX-2682-add-sort-listattributes

Conversation

@dsm20

@dsm20 dsm20 commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

Resolves DSPX-2682, depends on #3187

Proposed Changes

  • Adds strongly-typed sort support to ListAttributes RPC, following the
    pattern established in feat(policy): Add sort support to ListNamespaces API #3192 (ListNamespaces)
  • Sortable fields: name, created_at, updated_at (ASC/DESC), with
    backward-compatible fallback to created_at DESC
  • Includes CASE WHEN ordering in both listAttributesDetail and
    listAttributesSummary SQL queries

Changes

  • Proto: SortAttributesType enum, AttributesSort message, sort
    field on ListAttributesRequest (max 1, buf.validate)
  • SQL: CASE WHEN sort blocks in attributes.sql for both detail and
    summary queries
  • Go: GetAttributesSortParams() helper in utils.go, wired into
    ListAttributes() in attributes.go
  • Tests: 9 unit tests for the helper, 5 integration tests covering
    each sort field + direction + fallback

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Summary by CodeRabbit

Release Notes

  • New Features

    • Added sorting capability for attributes with options to sort by name, creation date, or last updated date in ascending or descending order.
  • Documentation

    • Updated API documentation with new sorting parameters and clarified timestamp parameter constraints.

@dsm20
dsm20 requested review from a team as code owners March 30, 2026 18:33
@dsm20
dsm20 marked this pull request as draft March 30, 2026 18:33
@coderabbitai

coderabbitai Bot commented Mar 30, 2026

Copy link
Copy Markdown

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR adds sorting support to the ListAttributes API by introducing new protobuf message types (AttributesSort, SortAttributesType) and extending the request with a sort field. The database layer was updated to support parameterized sorting by name, created_at, or updated_at in ascending or descending order.

Changes

Cohort / File(s) Summary
Protocol Definitions
service/policy/attributes/attributes.proto, docs/grpc/index.html, service/policy/selectors.proto
Added SortAttributesType enum (name, created_at, updated_at values) and AttributesSort message with field/direction. Extended ListAttributesRequest with optional sort field (max 1 item). Updated generated HTML documentation.
OpenAPI Documentation
docs/openapi/policy/attributes/attributes.openapi.yaml
Added schemas for policy.SortDirection (ASC/DESC), policy.attributes.SortAttributesType, and policy.attributes.AttributesSort. Extended ListAttributesRequest schema with optional sort array field (maxItems: 1).
Database Layer
service/policy/db/attributes.go, service/policy/db/attributes.sql.go, service/policy/db/queries/attributes.sql
Updated ListAttributes to extract sort parameters and pass them to query layer. Modified listAttributesDetail and listAttributesSummary to use parameterized ORDER BY with CASE logic for name/created_at/updated_at sorting. Added NoLimit support in listAttributesSummary for flexible pagination. Updated struct types to include SortField, SortDirection, and NoLimit fields.
Utility Functions & Tests
service/policy/db/utils.go, service/policy/db/utils_test.go
Added GetAttributesSortParams utility function to translate AttributesSort slice into SQL field and direction strings. Comprehensive unit test coverage including nil/empty/unspecified cases and field/direction mappings.
Integration Tests
service/integration/attributes_test.go
Added five integration tests: sorting by name (ASC/DESC), by created_at (ASC), by updated_at (DESC), and fallback to default behavior when field is unspecified. Tests verify correct attribute ordering under each scenario.
Configuration & Documentation
.gitignore, docs/openapi/authorization/authorization.openapi.yaml
Added Claude AI ignore pattern to .gitignore. Updated OpenAPI parameter documentation for createdAt.seconds to use explicit numeric bounds and clarified nanosecond field description.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

Suggested reviewers

  • alkalescent
  • c-r33d
  • elizabethhealy

Poem

🐰 Hop, hop! The attributes now sort with such grace,
By name, time created, or updates—any case!
With SQL's CASE WHEN and parameters neat,
The database queries are speedy and sweet!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title accurately and concisely describes the primary change: adding sort support to the ListAttributes API. It is specific, directly related to the main purpose of the changeset, and follows conventional commit format.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/DSPX-2682-add-sort-listattributes

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces robust sorting capabilities to the ListAttributes API. By defining new Protobuf enums and messages, it enables clients to request sorted results in a type-safe manner. The backend implementation leverages SQL CASE statements to handle dynamic ordering, maintaining backward compatibility by defaulting to the existing created_at DESC behavior when no sort is specified.

Highlights

  • API Enhancement: Added strongly-typed sort support to the ListAttributes RPC, allowing clients to specify sorting by name, created_at, or updated_at fields.
  • Database Updates: Updated SQL queries for attribute listing to include dynamic CASE WHEN ordering, ensuring efficient and flexible sorting at the database level.
  • Testing: Added comprehensive unit tests for the sorting parameter helper and integration tests to verify sorting behavior across different fields and directions.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files
  • Ignored by pattern: docs/openapi/**/* (2)
    • docs/openapi/policy/attributes/attributes.openapi.yaml
    • docs/openapi/policy/selectors.openapi.yaml
  • Ignored by pattern: protocol/**/* (2)
    • protocol/go/policy/attributes/attributes.pb.go
    • protocol/go/policy/selectors.pb.go
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.


The list was static, fixed in time, Now sorting makes it flow in rhyme. With name or date, the order shifts, As code improves with these new gifts.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions github-actions Bot added comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) docs Documentation size/m labels Mar 30, 2026
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 194.065317ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 97.299568ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 387.64141ms
Throughput 257.97 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 42.011967157s
Average Latency 417.982344ms
Throughput 119.01 requests/second

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces sorting capabilities for listing attributes. It adds new protobuf definitions for sort fields and directions, updates the database layer to handle dynamic sorting via SQL CASE statements, and includes comprehensive integration and unit tests. The review feedback identifies a potential issue where the updated listAttributesSummary query might return zero results if callers do not provide a non-zero limit, and suggests a minor refactor to simplify the switch logic in the sorting utility function.

Comment thread service/policy/db/queries/attributes.sql Outdated
Comment thread service/policy/db/utils.go
@github-actions

Copy link
Copy Markdown
Contributor

@dsm20
dsm20 force-pushed the feat/DSPX-2682-add-sort-listattributes branch from 21a1139 to 60d31d8 Compare March 31, 2026 15:51
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 163.099887ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 87.157791ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 388.434078ms
Throughput 257.44 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.032328435s
Average Latency 408.754083ms
Throughput 121.86 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

dsm20 added a commit that referenced this pull request Mar 31, 2026
in response to: #3223 (comment)

SQL (service/policy/db/queries/attributes.sql):
  - Added @no_limit::boolean param to listAttributesSummary query
  - LIMIT @limit_ → LIMIT CASE WHEN @no_limit::boolean THEN NULL ELSE @limit_ END
                                                                                                                                                                           Go (service/policy/db/attributes.go):
  - GetAttributesByNamespace now passes NoLimit: true so deactivate/reactivate namespace operations fetch all attributes
  instead of LIMIT 0 returning zero rows
@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 190.706111ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 92.1467ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 416.938673ms
Throughput 239.84 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.010231836s
Average Latency 407.408316ms
Throughput 121.92 requests/second

dsm20 added a commit that referenced this pull request Mar 31, 2026
in response to: #3223 (comment)

SQL (service/policy/db/queries/attributes.sql):
  - Added @no_limit::boolean param to listAttributesSummary query
  - LIMIT @limit_ → LIMIT CASE WHEN @no_limit::boolean THEN NULL ELSE @limit_ END
                                                                                                                                                                           Go (service/policy/db/attributes.go):
  - GetAttributesByNamespace now passes NoLimit: true so deactivate/reactivate namespace operations fetch all attributes
  instead of LIMIT 0 returning zero rows
@dsm20
dsm20 force-pushed the feat/DSPX-2682-add-sort-listattributes branch from 97d844e to 1317939 Compare March 31, 2026 17:11
@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 181.46669ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 90.987609ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 392.798826ms
Throughput 254.58 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.132785561s
Average Latency 409.71195ms
Throughput 121.56 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 198.317531ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 110.365026ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 433.630998ms
Throughput 230.61 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.137970077s
Average Latency 410.054291ms
Throughput 121.54 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@github-actions

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 198.805277ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 98.985152ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 393.352069ms
Throughput 254.23 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.089575239s
Average Latency 399.079965ms
Throughput 124.72 requests/second

@github-actions

Copy link
Copy Markdown
Contributor

@dsm20
dsm20 marked this pull request as ready for review March 31, 2026 19:06
@dsm20

dsm20 commented Mar 31, 2026

Copy link
Copy Markdown
Contributor Author

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration
Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 31acf73a-6bc5-486a-8169-7d7dd57042da

📥 Commits
Reviewing files that changed from the base of the PR and between e63add2 and 1e05e68.

⛔ Files ignored due to path filters (2)

  • protocol/go/policy/attributes/attributes.pb.go is excluded by !**/*.pb.go
  • protocol/go/policy/selectors.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (11)

  • docs/grpc/index.html
  • docs/openapi/policy/attributes/attributes.openapi.yaml
  • docs/openapi/policy/selectors.openapi.yaml
  • service/integration/attributes_test.go
  • service/policy/attributes/attributes.proto
  • service/policy/db/attributes.go
  • service/policy/db/attributes.sql.go
  • service/policy/db/queries/attributes.sql
  • service/policy/db/utils.go
  • service/policy/db/utils_test.go
  • service/policy/selectors.proto
 __________________________________________________________
< Your types are so loose they're in an open relationship. >
 ----------------------------------------------------------
  \
   \   \
        \ /\
        ( )
      .( o ).

✨ Finishing Touches
📝 Generate docstrings

  • Create stacked PR
  • Commit on current branch

🧪 Generate unit tests (beta)

  • Create PR with unit tests
  • Commit unit tests in branch feat/DSPX-2682-add-sort-listattributes

Comment @coderabbitai help to get the list of available commands and usage tips.

@dsm20 dsm20 closed this Mar 31, 2026
@github-actions

github-actions Bot commented Apr 6, 2026

Copy link
Copy Markdown
Contributor
Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 196.818369ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 109.238599ms

Benchmark Statistics

Name № Requests Avg Duration Min Duration Max Duration

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 394.567976ms
Throughput 253.44 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.410492559s
Average Latency 401.834434ms
Throughput 123.73 requests/second

@github-actions

github-actions Bot commented Apr 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

  • service
  • tests-bdd

See the workflow run for details.

@dsm20
dsm20 enabled auto-merge April 6, 2026 22:54
@dsm20
dsm20 added this pull request to the merge queue Apr 6, 2026
Merged via the queue into main with commit ec3312f Apr 6, 2026
38 checks passed
@dsm20
dsm20 deleted the feat/DSPX-2682-add-sort-listattributes branch April 6, 2026 23:08
github-merge-queue Bot pushed a commit that referenced this pull request Apr 7, 2026
### Proposed Changes

As per integration tests in
[listAttribute](#3223), this PR
does some refactoring of existing tests to use helpers, adds fuller test
coverage, and protovalidate tests.

Exact changes were as follows:
- Refactor ListNamespaces integration sort tests to use reusable helpers
(createSortTestNamespaces, createNamedSortTestNamespaces), matching the
pattern established in
[ListAttributes](#3223)
- Add missing sort direction tests for full coverage: created_at DESC,
fqn DESC, updated_at ASC
- Add API-level protovalidate test for ListNamespacesRequest.Sort
(validates max_items = 1 constraint)

### Checklist

- [ ] I have added or updated unit tests
- [x] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation

### Testing Instructions



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Tests**
* Refactored namespace sorting tests with reusable helpers for
deterministic setup and simpler assertions.
* Added coverage for missing ascending and descending sort orders
(created_at, fqn, updated_at) and ensured fallback behavior remains
correct.
* Added validator tests for list request sort parameters to confirm
single-sort acceptance and reject multiple-sort inputs.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-merge-queue Bot pushed a commit that referenced this pull request Apr 7, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.23.0](protocol/go/v0.22.0...protocol/go/v0.23.0)
(2026-04-07)


### Features

* **policy:** add sort support to ListAttributes API
([#3223](#3223))
([ec3312f](ec3312f))
* **sdk:** source-file codegen for EntityIdentifier helpers
([#3232](#3232))
([ee8177c](ee8177c))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
github-merge-queue Bot pushed a commit that referenced this pull request Apr 8, 2026
Resolves [DSPX-2685](https://virtru.atlassian.net/browse/DSPX-2685)

## Proposed Changes

- Adds strongly-typed sort support to `ListSubjectMappings` RPC,
following the
pattern established in #3223 (ListAttributes) and #3192 (ListNamespaces)
  - Sortable fields: `created_at`, `updated_at` (ASC/DESC), with
  backward-compatible fallback to `created_at DESC`

## Changes

  **Proto** — `service/policy/subjectmapping/subject_mapping.proto`
- `SortSubjectMappingsType` enum (`UNSPECIFIED`, `CREATED_AT`,
`UPDATED_AT`)
  - `SubjectMappingsSort` message (field + direction)
- `repeated SubjectMappingsSort sort = 11` on
`ListSubjectMappingsRequest` with `max_items = 1` constraint
  - Regenerated protos and docs

  **SQL** — `service/policy/db/queries/subject_mappings.sql`
- CASE WHEN ORDER BY blocks for `created_at` and `updated_at` (ASC/DESC
each)
  - Fallback `sm.created_at DESC` + tiebreaker `sm.id ASC`

**Go** — `service/policy/db/utils.go` +
`service/policy/db/subject_mappings.go`
- `GetSubjectMappingsSortParams()`: maps enum to SQL-compatible
field/direction strings
- `ListSubjectMappings` handler wired to call mapper and pass params to
sqlc query
- Extracted `sortFieldCreatedAt`/`sortFieldUpdatedAt` constants in
`utils.go` to resolve `goconst` lint across all sort helpers
**_(slightly out of scope but necessary to avoid goconst errors)_**

  **Tests**
- 9 unit tests for the enum mapper helper (nil, empty, unspecified, each
field + direction)
- 5 integration tests (created_at ASC/DESC, updated_at ASC/DESC,
unspecified fallback) using `createSortTestSubjectMappings` suite helper
- Protovalidate sort constraint test
(`Test_ListSubjectMappingsRequest_Sort`)

## Notes

- `name` sort is listed in the ticket but the `subject_mappings` table
has no `name` column
- `otdfctl --sort` flag deferred to a follow-up, consistent with #3192
and #3223

### Checklist

  - [x] I have added or updated unit tests
  - [x] I have added or updated integration tests (if appropriate)
  - [x] I have added or updated documentation

[DSPX-2685]:
https://virtru.atlassian.net/browse/DSPX-2685?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added sorting to the subject mappings list: sort by created_at or
updated_at, ASC/DESC, max one sort field per request.

* **Documentation**
* gRPC and OpenAPI docs updated to describe new sort enum, sort object,
and request sort field.

* **Tests**
* Added unit and integration tests covering sort parameter validation
and ordering behavior.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-merge-queue Bot pushed a commit that referenced this pull request Apr 10, 2026
Resolves [DSPX-2686](https://virtru.atlassian.net/browse/DSPX-2686)

## Proposed Changes

- Adds strongly-typed sort support to `ListSubjectConditionSets` RPC,
following the
pattern established in #3223 (ListAttributes) and #3255
(ListSubjectMappings)
- Sortable fields: `created_at`, `updated_at` (ASC/DESC), with
backward-compatible fallback to `created_at DESC`

## Changes

**Proto** — `service/policy/subjectmapping/subject_mapping.proto`
- `SortSubjectConditionSetsType` enum (`UNSPECIFIED`, `CREATED_AT`,
`UPDATED_AT`)
- `SubjectConditionSetsSort` message (field + direction)
- `repeated SubjectConditionSetsSort sort = 11` on
`ListSubjectConditionSetsRequest` with
`max_items = 1` constraint
- Regenerated protos and docs

**SQL** — `service/policy/db/queries/subject_mappings.sql`
- CASE WHEN sort blocks in `listSubjectConditionSets` query
- Fallback `scs.created_at DESC` + tiebreaker `scs.id ASC`

**Go** — `service/policy/db/utils.go` +
`service/policy/db/subject_mappings.go`
- `GetSubjectConditionSetsSortParams()`: maps enum to SQL-compatible
field/direction
strings
- `ListSubjectConditionSets` handler wired to call mapper and pass
params to sqlc query

**Tests**
- 8 unit tests for the enum mapper helper (nil, empty, unspecified, each
field +
direction)
- 5 integration tests (created_at ASC/DESC, updated_at ASC/DESC,
unspecified fallback)
using `createSortTestSubjectConditionSets` suite helper
- Protovalidate sort constraint test
(`Test_ListSubjectConditionSetsRequest_Sort`)

## Notes
- `otdfctl --sort` flag deferred to a follow-up, consistent with #3192,
#3223, and #3255

### Checklist

- [x] I have added or updated unit tests
- [x] I have added or updated integration tests (if appropriate)
- [x] I have added or updated documentation
### Testing Instructions



[DSPX-2686]:
https://virtru.atlassian.net/browse/DSPX-2686?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added sorting for Subject Condition Set listings by created_at or
updated_at (ASC/DESC). Requests accept at most one sort entry; default
ordering is created_at DESC with deterministic tie-breaker when omitted
or unspecified.

* **Documentation**
* Clarified shared sort-direction semantics: unspecified direction → ASC
when a sort field is provided; omitted/UNSPECIFIED sort fields defer to
each List endpoint’s documented default ordering.

* **Tests**
* Added unit and integration tests covering sort parameter handling,
ordering, and validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-merge-queue Bot pushed a commit that referenced this pull request Apr 14, 2026
Resolves DSPX-2689
Proposed Changes
- Adds strongly-typed sort support to ListKeyAccessServers RPC,
following the
pattern established in #3223 (ListAttributes), #3255
(ListSubjectMappings), and #3272 (ListSubjectConditionSets)
- Sortable fields: name, uri, created_at, updated_at (ASC/DESC), with
backward-compatible fallback to created_at DESC
Changes
Proto — service/policy/kasregistry/key_access_server_registry.proto
- SortKeyAccessServersType enum (UNSPECIFIED, NAME, URI, CREATED_AT,
UPDATED_AT)
- KeyAccessServersSort message (field + direction)
- repeated KeyAccessServersSort sort = 11 on ListKeyAccessServersRequest
with
max_items = 1 constraint
- Regenerated protos and docs

SQL — service/policy/db/queries/key_access_server_registry.sql
- CASE WHEN sort blocks in listKeyAccessServers query for 4 fields (8
blocks total)
- Fallback kas.created_at DESC + tiebreaker kas.id ASC

Go — service/policy/db/utils.go +
service/policy/db/key_access_server_registry.go
- GetKeyAccessServersSortParams(): maps enum to SQL-compatible
field/direction strings
- ListKeyAccessServers handler wired to call mapper and pass params to
sqlc query
- Extracted sortFieldName constant in utils.go to resolve goconst lint
across sort helpers (slightly out of scope but necessary to
avoid goconst errors, same pattern as
sortFieldCreatedAt/sortFieldUpdatedAt from #3255)
Tests
- 12 unit tests for the enum mapper helper (nil, empty, unspecified,
each field + direction)
- 9 integration tests (created_at ASC/DESC, updated_at ASC/DESC, name
ASC/DESC, uri ASC/DESC, unspecified fallback) using
createSortTestKeyAccessServers and createNamedSortTestKeyAccessServers
suite helpers
- Protovalidate sort constraint test
(Test_ListKeyAccessServersRequest_Sort)
Notes
- otdfctl --sort flag deferred to a follow-up, consistent with #3192,
#3223, #3255, and #3272
### Checklist

- [x] I have added or updated unit tests
- [x] I have added or updated integration tests (if appropriate)
- [x] I have added or updated documentation

### Testing Instructions



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added sorting for Key Access Servers list (name, URI, created_at,
updated_at) with ASC/DESC; single sort directive accepted; default
ordering is created_at DESC then id ASC.

* **Documentation**
* Protocol and API docs updated to describe new sort parameters,
enums/schemas, and default ordering behavior.

* **Tests**
* Added unit and integration tests to validate sort mapping, behavior,
and single-sort request validation.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
github-merge-queue Bot pushed a commit that referenced this pull request Apr 15, 2026
### Proposed Changes

Resolves DSPX-2690

- Adds strongly-typed sort support to ListObligations RPC, following the
pattern established in #3223 (ListAttributes), #3255
(ListSubjectMappings), #3272 (ListSubjectConditionSets), and the
ListKeyAccessServers PR
- Sortable fields: name, fqn, created_at, updated_at (ASC/DESC), with
backward-compatible fallback to created_at DESC

### Changes

**Proto** — `service/policy/obligations/obligations.proto`
- `SortObligationsType` enum (UNSPECIFIED, NAME, FQN, CREATED_AT,
UPDATED_AT)
- `ObligationsSort` message (field + direction)
- `repeated ObligationsSort sort = 11` on `ListObligationsRequest` with
`max_items = 1` constraint
- Regenerated protos and docs

**SQL** — `service/policy/db/queries/obligations.sql`
- CASE WHEN sort blocks in `listObligations` query for 4 fields (8
blocks total)
- FQN sort uses constructed expression `fqns.fqn || '/obl/' ||
LOWER(od.name)` since obligation FQNs aren't stored in `attribute_fqns`
- Fallback `od.created_at DESC`

**Go** — `service/policy/db/utils.go` +
`service/policy/db/obligations.go`
- `GetObligationsSortParams()`: maps enum to SQL-compatible
field/direction strings
- `ListObligations` handler wired to call mapper and pass params to sqlc
query
- Added `sortFieldName` and `sortFieldFQN` constants in `utils.go` (same
pattern as `sortFieldCreatedAt`/`sortFieldUpdatedAt` from #3255)

**Tests**
- 12 unit tests for the enum mapper helper (nil, empty, unspecified,
each field + direction)
- 9 integration tests (name ASC/DESC, fqn ASC/DESC, created_at ASC/DESC,
updated_at ASC/DESC, unspecified fallback) using
`createSortTestObligations` and `createNamedSortTestObligations` suite
helpers
- Protovalidate sort constraint test
(`Test_ListObligationsRequest_Sort`)

### Notes

- otdfctl `--sort` flag deferred to a follow-up, consistent with #3192,
#3223, #3255, and #3272
- Tie-breaker (`od.id ASC`) deferred to a follow-up refactoring ticket

### Checklist

- [x] I have added or updated unit tests
- [x] I have added or updated integration tests (if appropriate)
- [x] I have added or updated documentation

### Testing Instructions



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **New Features**
* Added sorting to the obligations list API (name, FQN, created_at,
updated_at) with ASC/DESC, single-sort-item constraint, and default
ordering created_at DESC (ties by id ASC).

* **Tests**
* Added unit and integration tests covering all sort fields, directions,
multi-namespace FQN ordering, unspecified fallback, and request
validation for max-items.

* **Documentation**
* Updated API docs and table of contents to document sorting and removed
an obsolete request description.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Signed-off-by: Diego <74568547+dsm20@users.noreply.github.com>
github-merge-queue Bot pushed a commit that referenced this pull request Apr 20, 2026
### Proposed Changes

Resolves DSPX-2691

- Adds strongly-typed sort support to ListRegisteredResources RPC,
following the pattern established in #3223 (ListAttributes), #3255
(ListSubjectMappings), #3272 (ListSubjectConditionSets), #3300
(ListObligations), and the ListKeyAccessServers PR
- Sortable fields: name, created_at, updated_at (ASC/DESC), with
backward-compatible fallback to created_at DESC

### Changes

**Proto** —
`service/policy/registeredresources/registered_resources.proto`
- `SortRegisteredResourcesType` enum (UNSPECIFIED, NAME, CREATED_AT,
UPDATED_AT)
- `RegisteredResourcesSort` message (field + direction)
- `repeated RegisteredResourcesSort sort = 11` on
`ListRegisteredResourcesRequest` with `max_items = 1` constraint
- Regenerated protos and docs

**SQL** — `service/policy/db/queries/registered_resources.sql`
- CASE WHEN sort blocks in `listRegisteredResources` query for 3 fields
(6 blocks total)
- Fallback `r.created_at DESC`

**Go** — `service/policy/db/utils.go` +
`service/policy/db/registered_resources.go`
- `GetRegisteredResourcesSortParams()`: maps enum to SQL-compatible
field/direction strings
- `ListRegisteredResources` handler wired to call mapper and pass params
to sqlc query
- No new constants needed — `sortFieldName`, `sortFieldCreatedAt`,
`sortFieldUpdatedAt` already exist

**Tests**
- 11 unit tests for the enum mapper helper (nil, empty, unspecified,
each field + direction, unspecified direction default)
- 7 integration tests (name ASC/DESC, created_at ASC/DESC, updated_at
ASC/DESC, unspecified fallback) using
`createSortTestRegisteredResources` and
`createNamedSortTestRegisteredResources` suite helpers
- Protovalidate sort constraint test
(`TestListRegisteredResourcesRequest_Sort`)

### Notes

- otdfctl `--sort` flag deferred to a follow-up, consistent with #3192,
#3223, #3255, #3272, and #3300
- Tie-breaker (`r.id ASC`) deferred to a follow-up refactoring ticket

### Checklist

- [x] I have added or updated unit tests
- [x] I have added or updated integration tests (if appropriate)
- [x] I have added or updated documentation

### Testing Instructions



<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

## Release Notes

* **New Features**
* Added sorting functionality to registered resources lists. Sort by
name, creation date, or update date in ascending or descending order.
Defaults to creation date (descending) when not specified.

* **Documentation**
* Updated API documentation with new sorting options and default
ordering behavior.

* **Tests**
* Added integration and unit tests covering all sorting configurations.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
JBCongdon pushed a commit to JBCongdon/platform that referenced this pull request May 24, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.14.0](opentdf/platform@service/v0.13.0...service/v0.14.0)
(2026-04-21)


### ⚠ BREAKING CHANGES

* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))

### Features

* **authz:** Namespaced policy in decisioning
([opentdf#3226](opentdf#3226))
([0355934](opentdf@0355934))
* **cli:** migrate otdfctl into platform monorepo
([opentdf#3205](opentdf#3205))
([5177bec](opentdf@5177bec))
* fix tracing ([opentdf#3242](opentdf#3242))
([57e5680](opentdf@57e5680))
* **policy:** add GetObligationTrigger RPC
([opentdf#3318](opentdf#3318))
([d68e39d](opentdf@d68e39d))
* **policy:** add namespace field to Actions proto
([opentdf#3130](opentdf#3130))
([bedc9b3](opentdf@bedc9b3))
* **policy:** add namespace field to RegisteredResource proto
([opentdf#3110](opentdf#3110))
([04fd85d](opentdf@04fd85d))
* **policy:** add namespaced actions schema and namespace-aware action
queries ([opentdf#3154](opentdf#3154))
([c0443f1](opentdf@c0443f1))
* **policy:** add sort ListSubjectMappings API
([opentdf#3255](opentdf#3255))
([9d5d757](opentdf@9d5d757))
* **policy:** Add sort support listregisteredresources api
([opentdf#3312](opentdf#3312))
([91a3ff3](opentdf@91a3ff3))
* **policy:** add sort support to ListAttributes API
([opentdf#3223](opentdf#3223))
([ec3312f](opentdf@ec3312f))
* **policy:** add sort support to ListKeyAccessServer
([opentdf#3287](opentdf#3287))
([7fae2d7](opentdf@7fae2d7))
* **policy:** Add sort support to ListNamespaces API
([opentdf#3192](opentdf#3192))
([aac86cd](opentdf@aac86cd))
* **policy:** add sort support to listobligations api
([opentdf#3300](opentdf#3300))
([9221cac](opentdf@9221cac))
* **policy:** add sort support to ListSubjectConditionSets API
([opentdf#3272](opentdf#3272))
([9010f12](opentdf@9010f12))
* **policy:** add SortField proto and update PageRequest for sort
support ([opentdf#3187](opentdf#3187))
([6cf1862](opentdf@6cf1862))
* **policy:** Enforce same namespace when actions referenced downstream
([opentdf#3206](opentdf#3206))
([4b5463a](opentdf@4b5463a))
* **policy:** namespace Registered Resources
([opentdf#3111](opentdf#3111))
([6db1883](opentdf@6db1883))
* **policy:** Namespace subject mappings and condition sets
([opentdf#3172](opentdf#3172))
([6deed50](opentdf@6deed50))
* **policy:** Namespace subject mappings and subject condition sets.
([opentdf#3143](opentdf#3143))
([3006780](opentdf@3006780))
* **policy:** optional namespace for RRs
([opentdf#3165](opentdf#3165))
([8948018](opentdf@8948018))
* **policy:** rollback migration strategy for namespaced actions
([opentdf#3235](opentdf#3235))
([f7e5e01](opentdf@f7e5e01))
* **policy:** Seed existing namespaces with standard actions
([opentdf#3228](opentdf#3228))
([12136b0](opentdf@12136b0))
* **policy:** Seed namespaces with standard actions on creation +
namespaced actions for obligation triggers
([opentdf#3161](opentdf#3161))
([984d76b](opentdf@984d76b))


### Bug Fixes

* **ci:** Upgrade toolchain version to 1.25.8
([opentdf#3116](opentdf#3116))
([e1b7882](opentdf@e1b7882))
* **core:** do not concat slashes directly in url/file paths
([opentdf#3290](opentdf#3290))
([114c2a7](opentdf@114c2a7))
* **deps:** bump github.com/jackc/pgx/v5 from 5.7.5 to 5.9.0 in /service
([opentdf#3316](opentdf#3316))
([017362e](opentdf@017362e))
* **deps:** bump github.com/opentdf/platform/lib/identifier from 0.2.0
to 0.3.0 in /service
([opentdf#3162](opentdf#3162))
([8bc5dcd](opentdf@8bc5dcd))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.16.0 to
0.17.0 in /service
([opentdf#3125](opentdf#3125))
([29fec61](opentdf@29fec61))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.17.0 to
0.21.0 in /service
([opentdf#3220](opentdf#3220))
([e63add2](opentdf@e63add2))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.21.0 to
0.22.0 in /service
([opentdf#3248](opentdf#3248))
([1ebce73](opentdf@1ebce73))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.22.0 to
0.23.0 in /service
([opentdf#3271](opentdf#3271))
([3338b8e](opentdf@3338b8e))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.23.0 to
0.24.0 in /service
([opentdf#3321](opentdf#3321))
([78e6022](opentdf@78e6022))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.24.0 to
0.25.0 in /service
([opentdf#3333](opentdf#3333))
([3940bf8](opentdf@3940bf8))
* **deps:** bump github.com/opentdf/platform/sdk from 0.13.0 to 0.16.0
in /service ([opentdf#3356](opentdf#3356))
([5617077](opentdf@5617077))
* **deps:** bump
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from
1.42.0 to 1.43.0 in /service
([opentdf#3282](opentdf#3282))
([046374a](opentdf@046374a))
* **deps:** bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in
/service ([opentdf#3281](opentdf#3281))
([56b33f2](opentdf@56b33f2))
* **deps:** bump google.golang.org/grpc from 1.77.0 to 1.79.3 in
/service ([opentdf#3176](opentdf#3176))
([3289502](opentdf@3289502))
* **deps:** remove direct github.com/docker/docker dependency
([opentdf#3229](opentdf#3229))
([2becb27](opentdf@2becb27))
* **deps:** upgrade testcontainers-go to resolve vulns
([opentdf#3299](opentdf#3299))
([72c6f9b](opentdf@72c6f9b))
* **ers:** include standard JWT claims in claims mode entity resolution
([opentdf#3196](opentdf#3196))
([6d50da1](opentdf@6d50da1))
* **ers:** ldap multi-strategy ers
([opentdf#3117](opentdf#3117))
([d3aaf1a](opentdf@d3aaf1a))
* **policy:** deprecate ListAttributeValues in favor of existing
GetAttribute ([opentdf#3108](opentdf#3108))
([7e17c2d](opentdf@7e17c2d))
* **policy:** make obligation trigger uniqueness client-aware
([opentdf#3114](opentdf#3114))
([9265bc3](opentdf@9265bc3))
* **policy:** omit empty attribute values from create responses
([opentdf#3193](opentdf#3193))
([d298378](opentdf@d298378))
* **policy:** only require namespace on GetAction if no id provided
([opentdf#3144](opentdf#3144))
([10d0c0f](opentdf@10d0c0f))
* **policy:** Optional namespace on actions protos, NamespacedPolicy
feature flag ([opentdf#3155](opentdf#3155))
([c20f039](opentdf@c20f039))
* **policy:** order List* results by created_at
([opentdf#3088](opentdf#3088))
([ea90ac2](opentdf@ea90ac2))
* **sdk:** normalize issuer URL before OIDC discovery
([opentdf#3261](opentdf#3261))
([61f98c9](opentdf@61f98c9))
* **sdk:** reclassify KAS 400 errors — distinguish tamper from
misconfiguration
([opentdf#3166](opentdf#3166))
([f04a385](opentdf@f04a385))
* **sdk:** remove testcontainers from consumer dependency graph
([opentdf#3129](opentdf#3129))
([f17dcdd](opentdf@f17dcdd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) docs Documentation size/m

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants