feat(ci): Enhance authorization bdd test coverage

[elizabethhealy]

Proposed Changes

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4c3b06d4-7286-4147-99aa-52b891bd0b71

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dspx-1311-add-more-authorization-bdd-tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces comprehensive BDD test coverage for the authorization system's attribute rule decisioning. By defining new feature scenarios, it ensures that complex attribute-based access control rules, specifically those involving multiple value matching and hierarchical sensitivity, behave as expected under various conditions.

Highlights

• New BDD Test Suite: Added a new Gherkin feature file to validate attribute rule decisioning logic.
• Authorization Coverage: Implemented test scenarios for anyOf, allOf, and hierarchy rule behaviors to ensure correct permit/deny outcomes.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

---

Rules of access, clear and bright, Checking attributes with all our might. AnyOf, allOf, hierarchy too, Ensuring the system knows what to do.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new BDD feature file, attribute-rules.feature, to validate attribute rule decisioning for anyOf, allOf, and hierarchy rules. The tests cover both permit and deny scenarios for each rule type. A suggestion was made to further enhance test coverage by adding a scenario that verifies the interaction between multiple attributes, ensuring that all relevant attribute rules must be satisfied for access to be granted.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	175.253352ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	93.579793ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	408.796905ms
Throughput	244.62 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.776149517s
Average Latency	406.131051ms
Throughput	122.62 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
✅ go-v0.9.0
✅ java-pull-3298
✅ java-v0.9.0
✅ js-pull-3298
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
cukes-report
opentdfplatformX410DZ.dockerbuild
govulncheck-failure-7
govulncheck-failure-0
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-4

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	201.77006ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	96.936868ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	386.306971ms
Throughput	258.86 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.06526663s
Average Latency	398.782628ms
Throughput	124.80 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
✅ go-v0.9.0
✅ java-pull-3298
✅ java-v0.9.0
✅ js-pull-3298
✅ js-v0.9.0
cukes-report
test-cases-mapping-report
bats-test-results
opentdfplatformL71NUA.dockerbuild
govulncheck-failure-7
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-4

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	199.523331ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	97.607639ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	391.851007ms
Throughput	255.20 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.826546563s
Average Latency	396.925416ms
Throughput	125.54 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
✅ go-v0.9.0
✅ java-pull-3298
✅ java-v0.9.0
✅ js-pull-3298
✅ js-v0.9.0
cukes-report
test-cases-mapping-report
bats-test-results
opentdfplatform7L3DJI.dockerbuild
govulncheck-failure-2
govulncheck-failure-4
govulncheck-failure-1
govulncheck-failure-7
govulncheck-failure-0

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	181.246823ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	89.96484ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	419.954642ms
Throughput	238.12 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.501710996s
Average Latency	402.699499ms
Throughput	123.45 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
✅ go-v0.9.0
✅ java-pull-3298
cukes-report
✅ js-pull-3298
✅ java-v0.9.0
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
opentdfplatformLYO6KC.dockerbuild
govulncheck-failure-7
govulncheck-failure-2
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-4

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	140.573987ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	69.031471ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	329.96572ms
Throughput	303.06 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	31.512190614s
Average Latency	312.796819ms
Throughput	158.67 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
test-cases-mapping-report
bats-test-results
✅ java-pull-3298
✅ go-v0.9.0
✅ java-v0.9.0
✅ js-pull-3298
✅ js-v0.9.0
cukes-report
opentdfplatformH3NRPI.dockerbuild
govulncheck-failure-2
govulncheck-failure-7
govulncheck-failure-4
govulncheck-failure-0
govulncheck-failure-1

[github-actions]

X-Test Failure Report

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	203.738998ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	95.996174ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	395.768043ms
Throughput	252.67 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.332602725s
Average Latency	401.824921ms
Throughput	123.97 requests/second

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	169.966131ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	80.488602ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	399.71568ms
Throughput	250.18 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	40.637885971s
Average Latency	404.232092ms
Throughput	123.04 requests/second

[github-actions]

X-Test Results

✅ go-pull-3298
✅ go-v0.9.0
✅ java-pull-3298
✅ js-pull-3298
✅ java-v0.9.0
cukes-report
✅ js-v0.9.0
test-cases-mapping-report
bats-test-results
opentdfplatformTAGB6M.dockerbuild
govulncheck-failure-2
govulncheck-failure-7
govulncheck-failure-4
govulncheck-failure-0
govulncheck-failure-1

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	212.546073ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	105.492143ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	409.053192ms
Throughput	244.47 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.028736643s
Average Latency	418.744828ms
Throughput	118.97 requests/second

[github-actions]

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

• examples
• sdk
• service
• lib/fixtures
• tests-bdd

See the workflow run for details.

[github-actions]

X-Test Results

✅ go-pull-3298
✅ java-pull-3298
✅ go-v0.9.0
✅ js-pull-3298
✅ java-v0.9.0
test-cases-mapping-report
bats-test-results
✅ js-v0.9.0
cukes-report
opentdfplatformIWN5K7.dockerbuild
govulncheck-failure-1
govulncheck-failure-0
govulncheck-failure-7
govulncheck-failure-2
govulncheck-failure-4