Skip to content

fix(core): deprecated stale protos and add better upgrade comments #2793

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 9, 2025
Merged

fix(core): deprecated stale protos and add better upgrade comments #2793

merged 4 commits into from
Oct 9, 2025

Conversation

@jakedoublev
Copy link
Contributor

@jakedoublev jakedoublev commented Oct 9, 2025
edited
Loading

Proposed Changes

  • Deprecated selectors that have drifted from original implementation and have not been implemented
  • Improve legacy kas grants deprecation upgrade comments

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@jakedoublev jakedoublev requested review from a team as code owners October 9, 2025 15:14
@github-actions github-actions bot added comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) docs Documentation size/s labels Oct 9, 2025
@gemini-code-assist
Copy link
Contributor

Summary of Changes

Hello @jakedoublev, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on cleaning up the core API by formally deprecating and improving documentation for various Protocol Buffer definitions. The changes aim to remove unused components, clarify the intended usage of existing fields, and provide better guidance for migrating away from legacy Key Access Server (KAS) grant mechanisms, thereby streamlining the API and reducing potential confusion for developers.

Highlights

  • Deprecated Unused Selectors: Several selector Protocol Buffer definitions, including AttributeDefinitionSelector, AttributeNamespaceSelector, and AttributeValueSelector, have been explicitly marked as deprecated because they were never utilized in the system.
  • Improved Deprecation Comments for KAS Grants: Deprecation messages for legacy Key Access Server (KAS) grant-related fields and RPCs have been enhanced to clearly guide users towards utilizing the PublicKey equivalents, such as AssignPublicKeyToAttributeRequest instead of AssignKeyAccessServerToAttributeRequest.
  • Refined ID Field Deprecation: The id fields in GetAttributeRequest and GetAttributeValueRequest now have updated deprecation comments, advising users to 'utilize identifier' for clarity.
  • Removed Unused Field: The with_value field in GetAttributeValuesByFqnsRequest has been removed and its field number reserved, as it was not being used.
Ignored Files
  • Ignored by pattern: docs/openapi/**/* (11)
    • docs/openapi/policy/actions/actions.openapi.yaml
    • docs/openapi/policy/attributes/attributes.openapi.yaml
    • docs/openapi/policy/kasregistry/key_access_server_registry.openapi.yaml
    • docs/openapi/policy/namespaces/namespaces.openapi.yaml
    • docs/openapi/policy/objects.openapi.yaml
    • docs/openapi/policy/obligations/obligations.openapi.yaml
    • docs/openapi/policy/registeredresources/registered_resources.openapi.yaml
    • docs/openapi/policy/resourcemapping/resource_mapping.openapi.yaml
    • docs/openapi/policy/selectors.openapi.yaml
    • docs/openapi/policy/subjectmapping/subject_mapping.openapi.yaml
    • docs/openapi/policy/unsafe/unsafe.openapi.yaml
  • Ignored by pattern: protocol/**/* (8)
    • protocol/go/policy/attributes/attributes.pb.go
    • protocol/go/policy/attributes/attributes_grpc.pb.go
    • protocol/go/policy/attributes/attributesconnect/attributes.connect.go
    • protocol/go/policy/namespaces/namespaces.pb.go
    • protocol/go/policy/namespaces/namespaces_grpc.pb.go
    • protocol/go/policy/namespaces/namespacesconnect/namespaces.connect.go
    • protocol/go/policy/objects.pb.go
    • protocol/go/policy/selectors.pb.go
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Old protos now fade, New paths for data are made, Code cleanup's parade.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 9, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request effectively deprecates several unused or outdated proto messages and fields, and improves the deprecation comments for others to guide developers. The changes are logical and improve the maintainability of the API definitions. I've identified a few minor inconsistencies in the deprecation comments, such as capitalization, and one potentially inconsistent field deprecation that should be reviewed.

c-r33d
c-r33d previously approved these changes Oct 9, 2025
View reviewed changes
@jakedoublev
Copy link
Contributor Author

We'll need to merge #2794 first as there are callers of the AttributeValueSelector we want to reserve within this PR as it has not been utilized by the service RPC for some time.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 9, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 176.868491ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 101.38775ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 373.421751ms
Throughput 267.79 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.390543584s
Average Latency 401.826833ms
Throughput 123.79 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.943062077s
Average Latency 278.678677ms
Throughput 178.94 requests/second

@jakedoublev jakedoublev enabled auto-merge October 9, 2025 18:17
strantalis
strantalis reviewed Oct 9, 2025
View reviewed changes
@strantalis strantalis disabled auto-merge October 9, 2025 18:44
@strantalis strantalis merged commit f2678cc into main Oct 9, 2025
47 of 52 checks passed
@strantalis strantalis deleted the fix/DSPX-1614 branch October 9, 2025 18:45
This was referenced Oct 9, 2025
Merged
Merged
dmihalcik-virtru added a commit that referenced this pull request Oct 10, 2025
@dmihalcik-virtru
fix(ci): Partial rollback of #2793
7d4a502 
This should fix some breaking builds
@gemini-code-assist gemini-code-assist bot mentioned this pull request Oct 10, 2025
Closed
3 tasks
github-merge-queue bot pushed a commit that referenced this pull request Oct 14, 2025
@opentdf-automation
chore(main): release protocol/go 0.12.0 (#2795)
417f6a4 
🤖 I have created a release *beep* *boop*
---


##
[0.12.0](protocol/go/v0.11.0...protocol/go/v0.12.0)
(2025-10-14)


### Features

* **authz:** defer to request auth as decision/entitlements entity
([#2789](#2789))
([feb34d8](feb34d8))
* **policy:** Proto - root certificates by namespace
([#2800](#2800))
([0edb359](0edb359))


### Bug Fixes

* **core:** deprecated stale protos and add better upgrade comments
([#2793](#2793))
([f2678cc](f2678cc))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
github-merge-queue bot pushed a commit that referenced this pull request Oct 22, 2025
@opentdf-automation
chore(main): release service 0.11.0 (#2744)
e353b0b 
🤖 I have created a release *beep* *boop*
---


##
[0.11.0](service/v0.10.0...service/v0.11.0)
(2025-10-22)


### Features

* **authz:** add obligation fulfillment logic to obligation PDP
([#2740](#2740))
([2f8d30d](2f8d30d))
* **authz:** audit logs should properly handle obligations
([#2824](#2824))
([874ec7b](874ec7b))
* **authz:** defer to request auth as decision/entitlements entity
([#2789](#2789))
([feb34d8](feb34d8))
* **authz:** obligations protos within auth service
([#2745](#2745))
([41ee5a8](41ee5a8))
* **authz:** protovalidate tests for new authz obligations fields
([#2747](#2747))
([73e6319](73e6319))
* **authz:** service logic to use request auth as entity identifier in
PDP decisions/entitlements
([#2790](#2790))
([6784e88](6784e88))
* **authz:** wire up obligations enforcement in auth service
([#2756](#2756))
([11b3ea9](11b3ea9))
* **core:** propagate token clientID on configured claim via interceptor
into shared context metadata
([#2760](#2760))
([0f77246](0f77246))
* **kas:** Add required obligations to kao metadata.:
([#2806](#2806))
([16fb26c](16fb26c))
* **policy:** add FQNs to obligation defs + vals
([#2749](#2749))
([fa2585c](fa2585c))
* **policy:** Add obligation support to KAS
([#2786](#2786))
([bb1bca0](bb1bca0))
* **policy:** List obligation triggers rpc
([#2823](#2823))
([206abe3](206abe3))
* **policy:** namespace root certificates
([#2771](#2771))
([beaff21](beaff21))
* **policy:** Proto - root certificates by namespace
([#2800](#2800))
([0edb359](0edb359))
* **policy:** Protos List obligation triggers
([#2803](#2803))
([b32df81](b32df81))
* **policy:** Return built obligations fqns with triggers.
([#2830](#2830))
([e843018](e843018))
* **policy:** Return obligations from GetAttributeValue calls
([#2742](#2742))
([aa9b393](aa9b393))


### Bug Fixes

* **core:** CORS
([#2787](#2787))
([a030ac6](a030ac6))
* **core:** deprecate policy WithValue selector not utilized by RPC
([#2794](#2794))
([c573595](c573595))
* **core:** deprecated stale protos and add better upgrade comments
([#2793](#2793))
([f2678cc](f2678cc))
* **core:** Don't require known manager names
([#2792](#2792))
([8a56a96](8a56a96))
* **core:** Fix mode negation and core mode
([#2779](#2779))
([de9807d](de9807d))
* **core:** resolve environment loading issues
([#2827](#2827))
([9af3184](9af3184))
* **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.6.0 to
0.7.0 in /service
([#2812](#2812))
([a6d180d](a6d180d))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.12.0 to
0.13.0 in /service
([#2814](#2814))
([5e9c695](5e9c695))
* **deps:** bump github.com/opentdf/platform/sdk from 0.7.0 to 0.9.0 in
/service ([#2798](#2798))
([d6bc9a8](d6bc9a8))
* **deps:** bump github.com/opentdf/platform/sdk from 0.9.0 to 0.10.0 in
/service ([#2831](#2831))
([412dfd1](412dfd1))
* ECC key loading (deprecated)
([#2757](#2757))
([49990eb](49990eb))
* **policy:** Change to nil
([#2746](#2746))
([a449434](a449434))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strantalis strantalis strantalis approved these changes

@c-r33d c-r33d c-r33d left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) docs Documentation size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jakedoublev @strantalis @c-r33d