feat(policy): rollback migration strategy for namespaced actions

[elizabethhealy]

Proposed Changes

Highlights

• Migration Rollback Strategy: Implemented a data-aware rollback strategy for the 'add_namespace_to_actions' migration that automatically canonicalizes action IDs and remaps references.
• Database Integrity: Added logic to safely merge namespace-scoped duplicate actions into a single global action during rollback, preventing constraint violations.
• Documentation Update: Updated migration documentation to reflect that rolling back the namespace migration is now a safe, albeit lossy, automated process.

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

Summary by CodeRabbit

Release Notes

• New Features

  • Actions can now be scoped to namespaces, enabling more granular control and organization across different environments.

• Chores

  • Updated database infrastructure with automatic migration and rollback handling to ensure data consistency and safety during system upgrades.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2151762f-ea24-427a-b89c-f93724969a57

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main focus of the changeset: implementing a rollback migration strategy for namespace-scoped actions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dsxp-2540-custom-down-actions-migration

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the database migration rollback process for namespaced actions. It introduces a robust mechanism to handle the transition from namespace-scoped actions back to global-only action semantics, ensuring that references are correctly remapped and duplicate rows are merged without manual intervention.

Highlights

• Migration Rollback Strategy: Implemented a data-aware rollback strategy for the 'add_namespace_to_actions' migration that automatically canonicalizes action IDs and remaps references.
• Database Integrity: Added logic to safely merge namespace-scoped duplicate actions into a single global action during rollback, preventing constraint violations.
• Documentation Update: Updated migration documentation to reflect that rolling back the namespace migration is now a safe, albeit lossy, automated process.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

The namespaces grow and expand, / But rollback was not quite as planned. / With logic now tight, / We merge them to right, / And leave the database safely spanned.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request implements a data-aware rollback strategy for the add_namespace_to_actions migration, ensuring that namespace-scoped actions are safely merged back into global actions by canonicalizing IDs and remapping references. The feedback focuses on performance optimizations for the migration script, including indexing the temporary remap table and utilizing TRUNCATE instead of DELETE for more efficient table repopulation.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.324596ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	94.2024ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	394.331476ms
Throughput	253.59 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.767538978s
Average Latency	395.970706ms
Throughput	125.73 requests/second

[github-actions]

X-Test Results

✅ go-pull-3235
✅ go-v0.9.0
✅ java-pull-3235
✅ js-pull-3235
✅ java-v0.9.0
test-cases-mapping-report
✅ js-v0.9.0
bats-test-results
cukes-report
opentdfplatformT2C7BU.dockerbuild

[elizabethhealy]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[elizabethhealy]

after seeding with namespaced policy and running migration down a few times to get to this migration:

== Post-down validations ==
✅ duplicate action names: 0
✅ actions.namespace_id column exists: 0
✅ subject_mapping_actions orphan action refs: 0
✅ subject_mapping_actions resolved refs: all referenced action_ids resolve
✅ registered_resource_action_attribute_values orphan action refs: 0
✅ registered_resource_action_attribute_values resolved refs: all referenced action_ids resolve
✅ obligation_triggers orphan action refs: 0
✅ obligation_triggers resolved refs: all referenced action_ids resolve
✅ standard CRUD rows present: 4

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	190.807247ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	89.455114ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	413.254941ms
Throughput	241.98 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.35546979s
Average Latency	410.481059ms
Throughput	120.90 requests/second

[github-actions]

X-Test Results

✅ go-pull-3235
✅ go-v0.9.0
✅ java-pull-3235
✅ js-pull-3235
✅ java-v0.9.0
test-cases-mapping-report
bats-test-results
✅ js-v0.9.0
cukes-report
opentdfplatformESW6LD.dockerbuild

[jakedoublev]

This looks good to me. Do you have any ideas for how we can test the down migration path better in CI? This seems like a particularly risky migration.

[elizabethhealy]

@jakedoublev i think its definitely possible but it will probably be a larger effort since we dont have any migration test infra atm

The base branch was changed.