feat(policy): Add resource mapping group FQNs

[jakedoublev]

Summary

• Add fqn to policy.ResourceMappingGroup and generated API docs
• Populate resource mapping group FQNs on get/list/FQN lookup and mutation responses
• Cover resource mapping group FQNs in integration tests

Summary by CodeRabbit

• New Features

  • Resource mapping groups now expose a fully qualified name (fqn) combining namespace and group name in API/CLI responses.

• Documentation

  • API and protocol docs updated to document the new fqn field across relevant specs.

• Tests

  • End-to-end and integration tests expanded to validate fqn presence and propagation for create/read/update/delete flows and listing behaviors.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a fully qualified name (FQN) field to resource mapping groups. The change ensures that these groups can be uniquely identified by a URL-based FQN, which is now calculated dynamically in the database layer and exposed through the API. This improves resource traceability and consistency across the platform's policy management services.

Highlights

• Schema Update: Added the fqn field to the policy.ResourceMappingGroup protobuf definition and updated the generated API documentation.
• Database Logic: Updated SQL queries to calculate and populate the fully qualified name (FQN) for resource mapping groups using a join with attribute_namespaces.
• API Response Consistency: Ensured that mutation responses (create, update, delete) and lookup/list operations now correctly return the populated FQN.
• Testing: Updated integration tests to verify the presence and correctness of the FQN in all resource mapping group operations.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

• Ignored by pattern: docs/openapi/**/* (8)
  • docs/openapi/policy/actions/actions.openapi.yaml
  • docs/openapi/policy/attributes/attributes.openapi.yaml
  • docs/openapi/policy/objects.openapi.yaml
  • docs/openapi/policy/obligations/obligations.openapi.yaml
  • docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
  • docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
  • docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
  • docs/openapi/policy/unsafe/unsafe.openapi.yaml
• Ignored by pattern: protocol/**/* (1)
  • protocol/go/policy/objects.pb.go

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

A group of resources, a name to define, With FQN added, the path is now fine. From database rows to the API call, Consistency reigns, standing proud and tall.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Warning

Rate limit exceeded

@jakedoublev has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 29 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4c4c8dcd-cd4f-4080-b14f-8c1a1916b927

📥 Commits

Reviewing files that changed from the base of the PR and between 3be7eed and ee67106.

⛔ Files ignored due to path filters (1)

• protocol/go/policy/objects.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (5)

• docs/grpc/index.html
• docs/openapi/policy/objects.openapi.yaml
• docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
• service/integration/resource_mappings_test.go
• service/policy/objects.proto

📝 Walkthrough

Walkthrough

Adds a computed fully-qualified name (FQN) for ResourceMappingGroup and propagates it through proto, DB queries, generated sqlc code, service transactional writes, API docs, and tests.

Changes

Resource Mapping Group FQN Addition

Layer / File(s)	Summary
Proto Definition service/policy/objects.proto	ResourceMappingGroup adds string fqn = 4.
Database Queries service/policy/db/queries/resource_mapping.sql	Queries compute fqn using attribute namespace name + group name; list/get and mapping-list updated.
Generated SQL Code service/policy/db/resource_mapping.sql.go	sqlc-generated rows and Scan order updated to include Fqn; commented SQL templates adjusted.
Database CRUD Logic service/policy/db/resource_mapping.go	DB CRUD now populates Fqn; Create/Update/Delete return fully populated groups via Get; mappings handle nullable group JSON.
Service Transaction Wrapping service/policy/resourcemapping/resource_mapping.go	Write operations run in RunInTx; audit deferred until commit; responses populated from transactional results.
gRPC Documentation docs/grpc/index.html	Protocol HTML updated with fqn field row in ResourceMappingGroup table.
OpenAPI Documentation docs/openapi/policy/*/*.openapi.yaml	Multiple OpenAPI schemas updated to include fqn string property and description in policy.ResourceMappingGroup.
Integration Tests service/integration/resource_mappings_test.go	Tests assert computed Fqn across list/get/create/update/delete and mapping listings; helper added to compute expected FQN.
E2E Tests (resource-mapping-groups) otdfctl/e2e/resource-mapping-groups.bats	CLI e2e tests validate .fqn in JSON create/get/update/delete flows and update teardown variables.
E2E Tests (resource-mapping) otdfctl/e2e/resource-mapping.bats	Term-replacement negative assertions switched to refute_line patterns and expected outputs adjusted.

🎯 3 (Moderate) | ⏱️ ~22 minutes

Sequence Diagram(s)

sequenceDiagram
  participant Client
  participant Service
  participant DBLayer
  participant Database
  Client->>Service: Create/Update/Get ResourceMappingGroup
  Service->>DBLayer: call DB CRUD (inside RunInTx for writes)
  DBLayer->>Database: SQL selects/joins compute fqn
  Database-->>DBLayer: rows/json with fqn
  DBLayer-->>Service: fully populated object (includes fqn)
  Service-->>Client: API response (fqn present)

Loading

Suggested reviewers

• ryanulit
• elizabethhealy
• cshamrick

"I hop through namespaces, names in tow,
I stitch the FQN where group names grow,
From proto to DB, through tests I prance,
A rabbit's cheer for that tidy advance! 🐇"

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: adding FQN (fully qualified name) fields to resource mapping groups across the policy service.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DSPX-3195-resource-mapping-group-fqn

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	190.36256ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	101.848942ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	420.958556ms
Throughput	237.55 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.197645876s
Average Latency	430.471436ms
Throughput	115.75 requests/second

[github-actions]

X-Test Failure Report

opentdfplatformUFR31Q.dockerbuild
govulncheck-failure-8

[gemini-code-assist]

Code Review

This pull request introduces a fully qualified name (FQN) for resource mapping groups across the platform. Key changes include updating the Protobuf definition, modifying SQL queries to calculate the FQN by joining with the attribute namespaces table, and updating the database client to populate this new field. Furthermore, CRUD operations for resource mapping groups now return the complete object instead of partial data, and integration tests have been updated to verify the FQN generation and retrieval. I have no feedback to provide as there were no review comments.

[github-actions]

X-Test Failure Report

opentdfplatform2LJ7ST.dockerbuild
govulncheck-failure-8

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.551777ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	92.155583ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	432.292492ms
Throughput	231.32 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.564603105s
Average Latency	433.896344ms
Throughput	114.77 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	185.827262ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	103.040216ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	412.781146ms
Throughput	242.26 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.001152592s
Average Latency	427.589326ms
Throughput	116.28 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
✅ java-pull-3447
✅ js-pull-3447
bats-test-results
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatformUZZFVL.dockerbuild
govulncheck-failure-8

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	194.738702ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	94.241634ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	446.338153ms
Throughput	224.05 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.444914284s
Average Latency	441.968708ms
Throughput	112.50 requests/second

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@service/policy/db/resource_mapping.go`:
- Around line 109-110: The post-write read in CreateResourceMappingGroup (where
the code calls c.GetResourceMappingGroup(ctx, createdID)) and the similar read
after update is creating ambiguous mutation outcomes if the follow-up SELECT
fails; change the implementation to return the final object directly from the
write (use SQL RETURNING to select all computed/derived fields in the
INSERT/UPDATE) or perform the write+read inside a single transaction and return
the row fetched by RETURNING to callers instead of calling
GetResourceMappingGroup separately, ensuring CreateResourceMappingGroup and
UpdateResourceMappingGroup return the final resource mapping without a separate
follow-up query.

In `@service/policy/resourcemapping/resource_mapping.go`:
- Around line 112-125: The success audit (s.logger.Audit.PolicyCRUDSuccess) is
being emitted inside the RunInTx callback (e.g., around the
CreateResourceMappingGroup call), which can produce false positives if the
transaction commit fails; move the success-audit emission to after RunInTx
returns nil: perform txClient.CreateResourceMappingGroup within the callback and
only set rmGroup and return nil there, then after RunInTx returns check err ==
nil, populate auditParams.ObjectID and auditParams.Original from rmGroup and
call s.logger.Audit.PolicyCRUDSuccess (and set rsp.ResourceMappingGroup) — apply
the same change pattern for the other occurrences (the blocks using RunInTx,
CreateResourceMappingGroup/CreateResourceMapping/UpdateResourceMapping/DeleteResourceMapping
and calling PolicyCRUDSuccess inside the callback).
- Around line 311-313: The UpdateResourceMapping handler currently sets
rsp.ResourceMapping to only include Id (resourceMappingID) even though the fully
updated object updatedRM is available; replace the single-field assignment with
populating rsp.ResourceMapping from updatedRM (or copying/transforming updatedRM
into policy.ResourceMapping) so the response returns the full updated object
instead of only the ID, keeping fields like Name, Rules, Labels, etc.,
consistent with the updatedRM structure used earlier in UpdateResourceMapping.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: e4a64c9c-a898-4e0f-84fc-bdf1d8f18ae4

📥 Commits

Reviewing files that changed from the base of the PR and between b4f083b and bff4f5e.

⛔ Files ignored due to path filters (1)

• protocol/go/policy/objects.pb.go is excluded by !**/*.pb.go

📒 Files selected for processing (16)

• docs/grpc/index.html
• docs/openapi/policy/actions/actions.openapi.yaml
• docs/openapi/policy/attributes/attributes.openapi.yaml
• docs/openapi/policy/objects.openapi.yaml
• docs/openapi/policy/obligations/obligations.openapi.yaml
• docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
• docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
• docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
• docs/openapi/policy/unsafe/unsafe.openapi.yaml
• otdfctl/e2e/resource-mapping-groups.bats
• service/integration/resource_mappings_test.go
• service/policy/db/queries/resource_mapping.sql
• service/policy/db/resource_mapping.go
• service/policy/db/resource_mapping.sql.go
• service/policy/objects.proto
• service/policy/resourcemapping/resource_mapping.go

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
bats-test-results
✅ java-pull-3447
✅ java-v0.9.0
✅ js-v0.9.0
✅ js-pull-3447
cukes-report
opentdfplatformK1AU87.dockerbuild
govulncheck-failure-8

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	211.06149ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	103.546126ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	434.313194ms
Throughput	230.25 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.954996087s
Average Latency	447.987445ms
Throughput	111.22 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
✅ java-pull-3447
bats-test-results
✅ java-v0.9.0
✅ js-pull-3447
✅ js-v0.9.0
cukes-report
opentdfplatform7WVQ8L.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	150.125362ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	85.956404ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	413.440468ms
Throughput	241.87 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	41.36360116s
Average Latency	411.999169ms
Throughput	120.88 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	196.453101ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	101.284772ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	424.131484ms
Throughput	235.78 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.298379034s
Average Latency	431.108282ms
Throughput	115.48 requests/second

[github-actions]

X-Test Failure Report

✅ js-v0.9.0
cukes-report
opentdfplatform9DVJRQ.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	179.185497ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	97.772733ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	438.406622ms
Throughput	228.10 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.20525009s
Average Latency	419.539154ms
Throughput	118.47 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
bats-test-results
✅ java-pull-3447
✅ js-pull-3447
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatform8B788D.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	198.947513ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.578324ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	421.634303ms
Throughput	237.17 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.174144579s
Average Latency	439.920241ms
Throughput	113.19 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
✅ java-pull-3447
✅ java-v0.9.0
bats-test-results
✅ js-pull-3447
✅ js-v0.9.0
cukes-report
govulncheck-failure-3
govulncheck-failure-8
opentdfplatformXFJFTB.dockerbuild
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-5

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	174.756145ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	92.515738ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	431.890569ms
Throughput	231.54 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.185944904s
Average Latency	430.341739ms
Throughput	115.78 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
bats-test-results
✅ java-pull-3447
✅ java-v0.9.0
✅ js-pull-3447
✅ js-v0.9.0
cukes-report
opentdfplatformTPNVV3.dockerbuild
govulncheck-failure-5
govulncheck-failure-8
govulncheck-failure-0
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	180.586966ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.151862ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	411.79901ms
Throughput	242.84 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.69465506s
Average Latency	435.483547ms
Throughput	114.43 requests/second

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
✅ java-pull-3447
bats-test-results
✅ js-pull-3447
✅ java-v0.9.0
✅ js-v0.9.0
cukes-report
opentdfplatform1UM1L5.dockerbuild
govulncheck-failure-3
govulncheck-failure-5
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-0

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	193.871984ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	102.584532ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	407.078538ms
Throughput	245.65 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.163956988s
Average Latency	430.457247ms
Throughput	115.84 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• otdfctl
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go-pull-3447
✅ go-v0.9.0
bats-test-results
✅ java-pull-3447
✅ java-v0.9.0
✅ js-pull-3447
✅ js-v0.9.0
cukes-report
opentdfplatformQQ0JC8.dockerbuild
govulncheck-failure-1
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-5