feat(sdk): ergonomic EntityIdentifier constructors for authorization v2#3232
feat(sdk): ergonomic EntityIdentifier constructors for authorization v2#3232marythought wants to merge 6 commits intomainfrom
Conversation
…ion v2 Adds five convenience constructors (ForToken, WithRequestToken, ForClientID, ForEmail, ForUserName) that eliminate the 4-level proto nesting previously required to build an EntityIdentifier for v2 authorization requests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdded a new Go source file implementing five exported EntityIdentifier constructors (token, request token, client ID, email, username) and a private helper, plus a test file with unit tests validating each constructor's return type and stored values. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a set of ergonomic constructor functions within the SDK to streamline the instantiation of authorization entity identifiers. By abstracting the underlying protocol buffer structure, these changes make the developer experience more intuitive and reduce the verbosity required for common authorization tasks. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. With builders clean and code so bright, / The nested structs now take to flight. / No more deep chains to make us weep, / Just simple calls for us to keep. Footnotes
|
github-actions
bot
added
the
comp:sdk
|
Warning Gemini encountered an error creating the review. You can try again by commenting |
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
…tion/v2
Moves the convenience constructors into the authorizationv2 package itself
so callers don't need an extra import — authorizationv2.ForClientID() works
directly alongside authorizationv2.GetDecisionRequest{}.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
…r tests Removes the testify dependency from protocol/go to avoid adding new external dependencies to the proto module. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@protocol/go/authorization/v2/entity_identifier_test.go`:
- Around line 34-98: The three tests TestForClientID, TestForEmail, and
TestForUserName duplicate the same assertions; refactor them into a single
table-driven test (e.g., TestEntityChainConstructors) that iterates over cases
with fields: name, constructor (ForClientID/ForEmail/ForUserName), input string,
a small checker to extract the expected value from the entity (using type
assertions to *entity.Entity_ClientId, *entity.Entity_EmailAddress,
*entity.Entity_UserName), and expected value; inside each subtest call the
constructor, use extractEntityChain and chain.GetEntities(), assert len==1, run
the checker and compare the returned value to expected, and assert
e.GetCategory() == entity.Entity_CATEGORY_SUBJECT to replace the three existing
tests.
- Around line 1-107: Add edge-case unit tests that exercise empty-string inputs
and ensure constructors behave as intended: create tests like
TestForClientID_EmptyString, TestForEmail_EmptyString,
TestForUserName_EmptyString and TestForToken_EmptyString that call
ForClientID(""), ForEmail(""), ForUserName(""), ForToken("") respectively, use
extractEntityChain(t, eid) (or GetIdentifier for Token) to retrieve the created
entity, assert the chain/entities length is still correct (e.g., 1) and that the
specific field (ClientId, EmailAddress, UserName, Token.Jwt) equals the empty
string (or whatever the defined behavior should be), and for WithRequestToken
consider a test asserting that WithRequestToken still returns true/false as
expected; make sure to follow existing test patterns (extractEntityChain, type
assertions like (*entity.Entity_ClientId), and category checks) to keep
consistency.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 77800d08-e88c-4e00-81e7-569b52d2fa87
📒 Files selected for processing (1)
protocol/go/authorization/v2/entity_identifier_test.go
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
…e cases Refactors ForClientID, ForEmail, and ForUserName tests into a single table-driven TestEntityChainConstructors and adds empty-string edge cases for all constructors. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Moves entity identifier convenience constructors from protocol/go/authorization/v2/ to sdk/ to avoid being wiped by make proto-generate. Renames functions with EntityIdentifier prefix for clarity in the sdk package context (e.g., EntityIdentifierForClientID). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Signed-off-by: Mary Dickson <mary.dickson@virtru.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
Pull request was converted to draft
|
Implementation approach is pending decision on ADR: Proto helper code generation. The current PR places helpers in the |
1 participant
Summary
EntityIdentifierForToken,EntityIdentifierWithRequestToken,EntityIdentifierForClientID,EntityIdentifierForEmail,EntityIdentifierForUserName) in thesdkpackage that return a ready-to-use*authorizationv2.EntityIdentifiersdkpackage so no extra import is needed for existing SDK consumersThese helpers work with all four v2 authorization methods:
GetDecision— single resource authorization checkGetDecisionMultiResource— check one entity against multiple resourcesGetDecisionBulk— batch of full decision requestsGetEntitlements— retrieve attribute entitlements for an entityExample
Before:
After:
Test plan
go test ./sdk/... -run TestEntityIdentifier— all tests passgo test ./sdk/... -run TestEntityChain— table-driven tests passgolangci-lint run sdk/entity_identifier.go sdk/entity_identifier_test.go— 0 issues🤖 Generated with Claude Code