Skip to content

feat(sdk): Call init if obligations are empty. #2825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
c-r33d merged 5 commits into from
Oct 21, 2025
Merged

feat(sdk): Call init if obligations are empty. #2825

c-r33d merged 5 commits into from
Oct 21, 2025

Conversation

@c-r33d
Copy link
Contributor

@c-r33d c-r33d commented Oct 20, 2025
edited
Loading

Proposed Changes

1.) Call Init if obligations are empty, instead of throwing an error. Only return an error if we do not have any required obligations returned from the server. (Note: It's possible there is no error and no required obligations, which the code handles.)
2.) Rename return object type from Obligations to RequiredObligations

Important

Since the goal of the Obligations() function
is to return the required obligations on the TDF
do not return an error if we have greater than 0 obligation fqns.

This is to avoid confusion for downstream peps that just want to know
the required obligations for the TDF.

It's possible that we have a RewrapForbidden error because of obligations
in which we should not return that to the consumer of the SDK, just that
these are the required obligations.

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@c-r33d c-r33d requested review from a team as code owners October 20, 2025 19:30
@github-actions github-actions bot added the comp:sdk A software development kit, including library, for client applications and inter-service communicati label Oct 20, 2025
@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Oct 20, 2025

Summary of Changes

Hello @c-r33d, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the SDK's handling of TDF and NanoTDF obligations by introducing a more resilient mechanism for their retrieval. Instead of failing when obligations are not pre-populated, the system will now proactively attempt to initialize them via an Init() call. This improvement streamlines the process of accessing obligations, making the SDK more robust and user-friendly by reducing the need for explicit pre-initialization checks.

Highlights

  • Automatic Obligation Initialization: The Obligations method in both NanoTDFReader and Reader (for TDF and NanoTDF respectively) will now automatically call Init() to populate requiredObligations if they are found to be empty. This change prevents an error from being returned and ensures that obligations are always attempted to be retrieved, potentially triggering a rewrap call.
  • Error Handling Simplification: The ErrObligationsNotPopulated error has been removed from the SDK, as the new logic handles the case where obligations are not yet populated by attempting to initialize them.
  • Test Case Updates: Existing test cases in sdk/nanotdf_test.go and sdk/tdf_test.go have been updated to reflect this new behavior. Specifically, tests now expect NoError when calling Obligations even if they weren't explicitly populated beforehand, and a new fakeObligationFQN constant was introduced for testing purposes. The handleRewrapRequest in nanotdf_test.go now includes metadata with obligations.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Obligations wait, Init called, a new rewrap, Data flows freely.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the SDK by modifying the Obligations method in both TDFReader and NanoTDFReader. The method now automatically calls Init() to fetch obligations if they aren't already populated, which improves the developer experience. The implementation correctly handles cases where Init() might fail but still return the necessary obligations, for instance, during a rewrap failure. The accompanying test updates are thorough and validate the new behavior. My feedback consists of minor suggestions to improve comment clarity for better long-term maintainability.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 20, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 175.553469ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 108.082265ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 358.431791ms
Throughput 278.99 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.885920067s
Average Latency 387.531392ms
Throughput 128.58 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.492818406s
Average Latency 274.003286ms
Throughput 181.87 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 20, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 183.497539ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 101.632012ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 359.802327ms
Throughput 277.93 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.598849742s
Average Latency 394.848278ms
Throughput 126.27 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.762424137s
Average Latency 276.483077ms
Throughput 180.10 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 20, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 167.171457ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 92.627624ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 373.005689ms
Throughput 268.09 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.01203789s
Average Latency 387.97915ms
Throughput 128.17 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.136907146s
Average Latency 270.481186ms
Throughput 184.25 requests/second

jakedoublev
jakedoublev previously approved these changes Oct 21, 2025
View reviewed changes
dmihalcik-virtru
dmihalcik-virtru reviewed Oct 21, 2025
View reviewed changes
@c-r33d c-r33d enabled auto-merge October 21, 2025 17:41
@c-r33d c-r33d disabled auto-merge October 21, 2025 18:25
@github-actions
Copy link
Contributor

github-actions bot commented Oct 21, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 169.590886ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 95.808937ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 357.522655ms
Throughput 279.70 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.481750076s
Average Latency 383.07036ms
Throughput 129.93 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.267774985s
Average Latency 271.939533ms
Throughput 183.37 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 21, 2025

X-Test Failure Results

opentdfplatform7XXVE3.dockerbuild
cukes-report
✅ js-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2825
✅ java-pull-2825
✅ go-pull-2825

@github-actions
Copy link
Contributor

github-actions bot commented Oct 21, 2025

X-Test Failure Results

opentdfplatform7XXVE3.dockerbuild
cukes-report
✅ js-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-pull-2825
✅ java-pull-2825
✅ go-pull-2825
✅ java-v0.4.34

@c-r33d c-r33d added this pull request to the merge queue Oct 21, 2025
Merged via the queue into main with commit 14191e4 Oct 21, 2025
61 of 64 checks passed
@c-r33d c-r33d deleted the feat/DSPX-1357-call-init branch October 21, 2025 22:15
@opentdf-automation opentdf-automation bot mentioned this pull request Oct 21, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 21, 2025
@opentdf-automation
chore(main): release sdk 0.10.0 (#2801)
ebdc8bf 
🤖 I have created a release *beep* *boop*
---


##
[0.10.0](sdk/v0.9.0...sdk/v0.10.0)
(2025-10-21)


### Features

* **policy:** Proto - root certificates by namespace
([#2800](#2800))
([0edb359](0edb359))
* **policy:** Protos List obligation triggers
([#2803](#2803))
([b32df81](b32df81))
* **sdk:** Add obligations support.
([#2759](#2759))
([3cccfd2](3cccfd2))
* **sdk:** Call init if obligations are empty.
([#2825](#2825))
([14191e4](14191e4))


### Bug Fixes

* **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.6.0 to
0.7.0 in /sdk ([#2810](#2810))
([1c5cf5f](1c5cf5f))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.12.0 to
0.13.0 in /sdk
([#2813](#2813))
([1643ed2](1643ed2))
* **sdk:** Fix the bug in ResourceLocator serialization logic
([#2791](#2791))
([01329d6](01329d6))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strantalis strantalis strantalis approved these changes

@pflynn-virtru pflynn-virtru pflynn-virtru approved these changes

@dmihalcik-virtru dmihalcik-virtru dmihalcik-virtru left review comments

@jakedoublev jakedoublev jakedoublev left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp:sdk A software development kit, including library, for client applications and inter-service communicati size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@c-r33d @strantalis @dmihalcik-virtru @pflynn-virtru @jakedoublev