feat(policy): ListNamespaces search by c-r33d · Pull Request #3552 · opentdf/platform

c-r33d · 2026-05-29T22:29:06Z

Proposed Changes

1.) Add substring searching to ListNamespaces, fqn field.
2.) Escape characters used by LIKE\ILIKE from incoming input
3.) Specify \ as the escape character

Checklist

I have added or updated unit tests
I have added or updated integration tests (if appropriate)
I have added or updated documentation

Testing Instructions

Summary by CodeRabbit

New Features
- Added search functionality to namespace listing with support for name and FQN matching
- Search is case-insensitive and supports prefix matching
- Search integrates with namespace state filtering (ACTIVE/INACTIVE)
- Special wildcard characters are properly escaped to prevent unexpected matches
Tests
- Added comprehensive test coverage for search functionality, pagination, and edge cases

gemini-code-assist · 2026-05-29T22:29:16Z

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a search feature for the ListNamespaces endpoint, enabling users to perform substring queries on namespace names and FQNs. The implementation includes backend logic to safely handle user input by escaping SQL wildcard characters and sanitizing parameters, ensuring secure database interactions. The changes also include updated documentation and extensive test coverage to validate the new functionality.

Highlights

Search Functionality: Added substring search capabilities to the ListNamespaces API, allowing users to filter namespaces by name or FQN.
Security and Sanitization: Implemented robust input sanitization for search terms to prevent SQL injection and ensure LIKE wildcard characters are treated as literals.
Testing: Added comprehensive integration and unit tests to verify search filtering, pagination, and edge-case handling.

New Features

🧠 You can now enable Memory (public preview) to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Ignored Files

Ignored by pattern: docs/openapi/**/* (1)
- docs/openapi/policy/namespaces/namespaces.openapi.yaml

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	`/gemini review`	Performs a code review for the current pull request in its current state.
Pull Request Summary	`/gemini summary`	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	`/gemini help`	Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Namespaces listed in a row, With search terms now to help them show. Wildcards escaped with care, Security is always there, And tests ensure the data flow.

Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

gemini-code-assist

Code Review

This pull request implements a substring search feature for listing namespaces, allowing users to search by name or FQN. It includes SQL query updates to filter by search terms, helper functions to safely escape SQL LIKE wildcards, and comprehensive integration and unit tests. One issue was identified where commented-out validation options in the Protobuf file were incorrectly parsed and rendered as user-facing HTML documentation for ListNamespacesRequest.

coderabbitai · 2026-05-29T22:31:35Z

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: eb3469ec-fc72-4fb1-9ca3-e01cc0f7e438

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR adds search term filtering to the ListNamespaces API. The implementation introduces safe PostgreSQL LIKE pattern utilities, updates the query with a search WHERE predicate, wires search through the service layer, and validates with comprehensive integration tests covering exact matching, prefix matching, wildcard escaping, state combination, and pagination sequencing.

Changes

Namespace Search Feature

Layer / File(s)	Summary
Search pattern utilities and validation `service/policy/db/utils.go`, `service/policy/db/utils_test.go`, `service/policy/namespaces/namespaces_test.go`	Helper functions `pgtypeSubstringSearchPattern` and `escapeLikePattern` normalize and safely escape user search input for PostgreSQL LIKE queries. A validator test confirms `ListNamespacesRequest` with a `Search` field passes protovalidate checks.
SQL query and query generation updates `service/policy/db/queries/namespaces.sql`, `service/policy/db/namespaces.sql.go`	The `listNamespaces` query WHERE clause is refactored to separate the active filter from a new optional search predicate using `FQN LIKE ... ESCAPE '\'`. Generated code adjusts placeholder indexes for sort and pagination parameters and adds a `Search` field to `listNamespacesParams`.
Service layer search integration `service/policy/db/namespaces.go`	The `ListNamespaces` service method calls `pgtypeSubstringSearchPattern` on the request term and passes the result to the database query via the updated parameters.
Integration test coverage for search behavior `service/integration/namespaces_test.go`	Six integration tests exercise exact name/FQN search, prefix matching, wildcard literal escaping, combination with state filtering, empty term equivalence, and pagination applied after filtering.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested reviewers

elizabethhealy
alkalescent

Poem

🐰 A bunny's search hops with delight,
Safe patterns escape through the night,
LIKE and ESCAPE bind the way,
Wildcard literals can't run astray,
Tests confirm each query shines bright!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(policy): ListNamespaces search' clearly and specifically describes the main change: adding search functionality to the ListNamespaces feature in the policy service.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch dspx-2736-listnamespaces

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2026-05-29T22:32:04Z

X-Test Failure Report

opentdf~~platform~~FGCYCD.dockerbuild
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

github-actions · 2026-05-29T22:34:33Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	179.496719ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	131.67939ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	417.870724ms
Throughput	239.31 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.074740018s
Average Latency	418.803417ms
Throughput	118.84 requests/second

github-actions · 2026-05-29T22:37:05Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	279.932661ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	151.912874ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	451.337967ms
Throughput	221.56 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	43.625093933s
Average Latency	434.11893ms
Throughput	114.61 requests/second

github-actions · 2026-05-29T22:45:16Z

X-Test Results

✅ go@main-v0.9.0
✅ go@main-pull-3552
✅ java@main-v0.9.0
✅ java@main-pull-3552
✅ js@main-pull-3552
✅ js@main-v0.9.0
cukes-report
opentdf~~platform~~MU3SAL.dockerbuild
govulncheck-failure-3
govulncheck-failure-8
govulncheck-failure-1
govulncheck-failure-2
govulncheck-failure-5
govulncheck-failure-0

c-r33d · 2026-06-01T13:09:57Z

@coderabbitai review

coderabbitai · 2026-06-01T13:10:04Z

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

Invalidated by push of e812c91

github-actions · 2026-06-01T17:53:36Z

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	183.507689ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	100.236318ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	409.991445ms
Throughput	243.91 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	44.412559654s
Average Latency	442.209862ms
Throughput	112.58 requests/second

github-actions · 2026-06-01T17:54:37Z

⚠️ Govulncheck found vulnerabilities ⚠️

The following modules have known vulnerabilities:

examples
otdfctl
sdk
service
lib/fixtures
tests-bdd

See the workflow run for details.

github-actions · 2026-06-01T18:01:10Z

X-Test Results

✅ go@main-pull-3552
✅ java@main-pull-3552
✅ js@main-pull-3552
✅ go@main-v0.9.0
✅ java@main-v0.9.0
✅ js@main-v0.9.0
cukes-report
opentdf~~platform~~343YGV.dockerbuild
govulncheck-failure-1
govulncheck-failure-8
govulncheck-failure-3
govulncheck-failure-2
govulncheck-failure-0
govulncheck-failure-5

c-r33d added 2 commits May 29, 2026 17:12

feat(policy): Search support namespaces.

8e6353b

add one more test.

889870d

c-r33d requested review from a team as code owners May 29, 2026 22:29

github-actions Bot added comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) docs Documentation labels May 29, 2026

github-actions Bot added the size/s label May 29, 2026

c-r33d changed the title ~~Dspx 2736 listnamespaces~~ feat(policy): ListNamespaces search May 29, 2026

gemini-code-assist Bot reviewed May 29, 2026

View reviewed changes

Comment thread docs/grpc/index.html Outdated

fix leftover comments.

6b9e5b5

elizabethhealy reviewed Jun 1, 2026

View reviewed changes

Comment thread service/integration/namespaces_test.go Outdated

elizabethhealy previously approved these changes Jun 1, 2026

View reviewed changes

fix naming.

e812c91

c-r33d merged commit fe0ee3f into search-term-impl Jun 1, 2026
34 of 35 checks passed

c-r33d deleted the dspx-2736-listnamespaces branch June 1, 2026 18:03

coderabbitai Bot mentioned this pull request Jun 3, 2026

feat(policy): add search support to ListKeys #3558

Merged

Conversation

c-r33d commented May 29, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed Changes

Checklist

Testing Instructions

Summary by CodeRabbit

Uh oh!

gemini-code-assist Bot commented May 29, 2026

Summary of Changes

Highlights

Footnotes

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

coderabbitai Bot commented May 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Walkthrough

Changes

Estimated code review effort

Suggested reviewers

Poem

❌ Failed checks (1 warning)

Uh oh!

github-actions Bot commented May 29, 2026

X-Test Failure Report

Uh oh!

github-actions Bot commented May 29, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions Bot commented May 29, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions Bot commented May 29, 2026

X-Test Results

Uh oh!

c-r33d commented Jun 1, 2026

Uh oh!

coderabbitai Bot commented Jun 1, 2026

Uh oh!

Uh oh!

github-actions Bot commented Jun 1, 2026

Benchmark authorization.GetDecisions Results:

Benchmark authorization.v2.GetMultiResourceDecision Results:

Benchmark Statistics

Bulk Benchmark Results

TDF3 Benchmark Results:

Uh oh!

github-actions Bot commented Jun 1, 2026

⚠️ Govulncheck found vulnerabilities ⚠️

Uh oh!

github-actions Bot commented Jun 1, 2026

X-Test Results

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

c-r33d commented May 29, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 29, 2026 •

edited

Loading