feat(cli): DSPX-2998 namespace flags for resource mapping commands#3576
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (8)
📝 WalkthroughWalkthroughHandler methods for resource mappings and resource mapping groups are updated to accept ChangesNamespace-scoped Resource Mappings and Groups
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested labels
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces namespace-aware resource mapping management to the otdfctl CLI. By adding support for namespace identifiers and fully qualified names (FQN) as both input flags and filter criteria, the changes allow for more granular control and visibility over resource mappings and their associated groups. These updates align the CLI with the backend service's resource mapping architecture. Highlights
New Features🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Commands grow with namespace in sight, Filtering resources with all of our might. Flags added to lists and to create, Keeping our mappings all perfectly straight. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds support for namespace filtering via namespace-id and namespace-fqn flags across the resource mapping and resource mapping group commands, updating the CLI flags, documentation, and handler methods. The feedback recommends propagating context.Context from the CLI commands down to the SDK calls in CreateResourceMapping and UpdateResourceMapping instead of using context.Background(), which ensures proper cancellation, timeouts, and tracing.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
alkalescent
force-pushed
the
DSPX-2998-rm-namespace-service
branch
from
6f5d979 to
7080723
Compare
alkalescent
force-pushed
the
DSPX-2998-rm-namespace-otdfctl
branch
from
3927e2b to
f8a39f1
Compare
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
alkalescent
force-pushed
the
DSPX-2998-rm-namespace-service
branch
from
7080723 to
011c840
Compare
- Add --namespace-id and --namespace-fqn to resource-mappings create and update, and as filters on resource-mappings list. - Add --namespace-id and --namespace-fqn filters to resource-mapping-groups list. - Surface the owning namespace in command output. Stacked on the service PR (#3567). Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
Thread the command context through the resource mapping create/get/update/delete handlers instead of context.Background(), matching the resource mapping group handlers. Addresses review feedback. Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
… in otdfctl Use the released protocol/go (with resource mapping namespace fields) and sdk. Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
alkalescent
force-pushed
the
DSPX-2998-rm-namespace-otdfctl
branch
from
f8a39f1 to
e27b35b
Compare
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
The added Namespace column widened the resource-mappings list table past the e2e terminal width, truncating the UUID columns the e2e test asserts on. Drop the redundant group_id column (group_name still identifies the group; full id is in get/--json) to make room for Namespace. Add a namespace assertion to the list e2e test so the owning namespace is covered. Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@otdfctl/go.mod`:
- Line 34: The `buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go`
dependency appears as a duplicate entry in the indirect dependencies section of
go.mod with the pseudo-version `v1.36.11-20260415201107-50325440f8f2.1`. Remove
this duplicate entry from the indirect section, and then run `go mod tidy` to
clean up the go.mod file and resolve any remaining dependency conflicts or
duplicates.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 52e65473-980e-42f2-97ba-a872601ff346
⛔ Files ignored due to path filters (1)
otdfctl/go.sumis excluded by!**/*.sum
📒 Files selected for processing (10)
otdfctl/cmd/policy/resourceMappingGroups.gootdfctl/cmd/policy/resourceMappings.gootdfctl/docs/man/policy/resource-mapping-groups/list.mdotdfctl/docs/man/policy/resource-mappings/create.mdotdfctl/docs/man/policy/resource-mappings/list.mdotdfctl/docs/man/policy/resource-mappings/update.mdotdfctl/e2e/resource-mapping.batsotdfctl/go.modotdfctl/pkg/handlers/resourceMappingGroups.gootdfctl/pkg/handlers/resourceMappings.go
Replace the --namespace-id/--namespace-fqn pairs on resource-mappings create/update/list and resource-mapping-groups list with a single --namespace (-s) flag that infers UUID vs FQN via getNamespaceIDAndFQN, matching the actions/attributes/obligations convention. Addresses review feedback from c-r33d. RMG create/update keep their pre-existing --namespace-id. Signed-off-by: Krish Suchak <suchak.krish@gmail.com>
Benchmark results, click to expandBenchmark authorization.GetDecisions Results:
Benchmark authorization.v2.GetMultiResourceDecision Results:
Benchmark Statistics
Bulk Benchmark Results
TDF3 Benchmark Results:
|
|
3 participants
Proposed Changes
Third PR in the stacked series for DSPX-2998. Adds otdfctl support for the new resource mapping namespace fields. Stacked on #3567 (service) — review/merge that first.
policy resource-mappings create/update: add--namespace-idand--namespace-fqn.policy resource-mappings list: add--namespace-id/--namespace-fqnfilters.policy resource-mapping-groups list: add--namespace-id/--namespace-fqnfilters.Migration note (AC3)
Migration support is delivered as a SQL backfill in the service PR (#3567), not via the
otdfctl migrategraph framework. Rationale: RMGs are already mandatorily namespaced (nothing to migrate), and a grouped RM's owning namespace is fully determined by its group, so existing data just needsnamespace_idbackfilled from the group. The create-only graph framework (built for previously-global actions/SM/SCS/RR) is not a natural fit. This was confirmed as the chosen approach.Checklist
Testing Instructions
otdfctl policy resource-mappings create --help(shows the new flags); create/list mappings with--namespace-id/--namespace-fqnagainst a running platform.Related
Summary by CodeRabbit
--namespacefiltering topolicy resource-mapping-groups list.policy resource-mappings create,list,update, anddelete.policy resource-mappings listoutput to include namespace ownership (and adjusted columns accordingly).--namespaceflag.