Skip to content

feat:[PEA-646] Response structure modification in data shipper for ta…#2398

Merged
arunpaladin merged 2 commits into
masterfrom
feat/tagging_shipper_updations
Jun 18, 2026
Merged

feat:[PEA-646] Response structure modification in data shipper for ta…#2398
arunpaladin merged 2 commits into
masterfrom
feat/tagging_shipper_updations

Conversation

@nkeerthana111

@nkeerthana111 nkeerthana111 commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

…gging summary

Description

Please include a summary of the changes and the related issues. Please also include relevant motivation and context. List
any dependencies that are required for this change.

Problem

Solution

Fixes # (issue if any)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Chore (no code changes)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also
list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • My code follows the style guidelines of this project
  • My commit message/PR follows the contribution guidelines of this project
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes

Other Information:

List any documentation updates that are needed for the Wiki

Summary by CodeRabbit

  • Chores

    • Updated GitHub CodeQL workflow to use action version v3.
  • Bug Fixes

    • Improved tagging summary data retrieval with enhanced error handling to prevent service failures.

GitHub recommends upgrading from v2 to v3.
@coderabbitai

coderabbitai Bot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

The PR refactors fetchTaggingSummaryForAssetGroup in AssetGroupUtil to replace manual Gson JSON tree traversal with a typed TaggingSummaryResponse POJO deserialized by Gson and then converted to a Map via Jackson ObjectMapper.convertValue. Exception handling changes from rethrow to swallow. Additionally, the CodeQL workflow is upgraded from codeql-action@v2 to v3.

Changes

TaggingSummary Deserialization Refactor

Layer / File(s) Summary
TaggingSummaryResponse POJO schema
jobs/pacman-data-shipper/.../util/TaggingSummaryResponse.java
Adds the new TaggingSummaryResponse class with five nested public static types (Data, AssetGroupEntry, Stats, AssetType, TagDetail) that model the Lambda tagging compliance response shape.
fetchTaggingSummaryForAssetGroup refactor
jobs/pacman-data-shipper/.../util/AssetGroupUtil.java
Replaces explicit Gson Json* imports with wildcard Gson and adds Jackson TypeReference/ObjectMapper; rewrites fetchTaggingSummaryForAssetGroup to deserialize via TaggingSummaryResponse and ObjectMapper.convertValue; changes exception handling to log-and-swallow; minor cast update in fetchTypeCounts.

CodeQL Workflow Upgrade

Layer / File(s) Summary
CodeQL action version bump
.github/workflows/codeQl.yaml
Updates all three codeql-action step references (init, autobuild, analyze) from @v2 to @v3.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 Hoppity-hop through JSON trees,
Old Gson parsing brought me to my knees.
Now a POJO blooms with fields so neat,
Jackson converts it, tidy and complete!
CodeQL bumped to v3 with flair —
This bunny approves with a nose-twitch flair! 🌸

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description contains only an unfilled template with all sections incomplete. The Problem, Solution, testing methodology, and other critical sections lack substantive content, leaving reviewers without essential context. Fill in all required sections: provide a clear problem statement, describe the solution and design rationale, list dependencies, specify testing performed with reproducible steps, and check relevant change types.
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title refers to the main feature (response structure modification in data shipper for tagging summary) and includes the related issue identifier (PEA-646), accurately summarizing the primary change.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/tagging_shipper_updations

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java (2)

334-337: ⚡ Quick win

Reuse ObjectMapper as a static field instead of instantiating per call.

ObjectMapper is thread-safe after configuration and expensive to create. Instantiating it on every method invocation adds unnecessary overhead, especially if this method is called frequently.

♻️ Suggested refactor

Add a static field at class level:

private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

Then update the method:

-            ObjectMapper mapper = new ObjectMapper();
-            Map<String, Object> summaryInfo = mapper.convertValue(
+            Map<String, Object> summaryInfo = OBJECT_MAPPER.convertValue(
                     summaryResponse.data, new TypeReference<Map<String, Object>>() {
                     });
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java`
around lines 334 - 337, The ObjectMapper is being instantiated locally within
the method in AssetGroupUtil, which creates unnecessary overhead on every
invocation since ObjectMapper is expensive to create. Add a private static final
field named OBJECT_MAPPER initialized with new ObjectMapper() at the class level
in AssetGroupUtil. Then, replace the local instantiation of ObjectMapper mapper
with a reference to the static OBJECT_MAPPER field in the method where
convertValue is called.

326-337: 💤 Low value

Consider using a single serialization library instead of mixing Gson and Jackson.

The code deserializes JSON to POJO using Gson, then converts POJO to Map using Jackson. This mixing introduces potential inconsistencies (different null handling, type coercion, naming strategies) and increases maintenance complexity.

Since the codebase already uses both libraries, pick one for this flow. Jackson can do both steps:

♻️ Alternative using Jackson only
ObjectMapper mapper = new ObjectMapper(); // or reuse static instance
JsonNode root = mapper.readTree(response);
JsonNode dataNode = root.get("data");
if (dataNode == null || dataNode.isNull()) {
    LOGGER.warn("No data found in tagging summary response for ag: {}", ag);
    return resultList;
}
Map<String, Object> summaryInfo = mapper.convertValue(dataNode, new TypeReference<Map<String, Object>>() {});
resultList.add(summaryInfo);
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java`
around lines 326 - 337, Replace the mixed Gson and Jackson usage with Jackson
only to avoid serialization library inconsistencies. Remove the Gson
deserialization that creates the TaggingSummaryResponse object, and instead use
the ObjectMapper to directly read the JSON response as a tree structure, then
extract the "data" node and check if it is null or empty before converting it to
a Map. This consolidates the serialization logic to a single library and
improves maintainability by eliminating potential null handling and type
coercion differences between Gson and Jackson.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/codeQl.yaml:
- Line 50: Replace the mutable version tags (`@v3`) in the three GitHub CodeQL
action references with immutable commit SHAs. For each occurrence of
github/codeql-action/init@v3, github/codeql-action/analyze@v3, and the other
CodeQL action on line 84, replace the `@v3` tag with the full commit SHA (e.g.,
`@abc123def456`...) to ensure these actions are pinned to specific immutable
commits rather than floating version tags that could change unexpectedly.

In
`@jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java`:
- Around line 339-341: The catch block for Exception handling in this method
logs the error but then silently continues without signaling the failure to the
caller, which masks Lambda invocation failures and prevents downstream systems
from distinguishing between missing data and actual failures. Modify the
exception handling to either rethrow the exception after logging (to preserve
the original behavior and allow callers to handle the failure), return an
Optional or result wrapper that explicitly indicates success or failure, or add
monitoring metrics to alert when Lambda failures occur. Ensure the method's
contract clearly communicates whether the operation succeeded or failed to
callers.

---

Nitpick comments:
In
`@jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java`:
- Around line 334-337: The ObjectMapper is being instantiated locally within the
method in AssetGroupUtil, which creates unnecessary overhead on every invocation
since ObjectMapper is expensive to create. Add a private static final field
named OBJECT_MAPPER initialized with new ObjectMapper() at the class level in
AssetGroupUtil. Then, replace the local instantiation of ObjectMapper mapper
with a reference to the static OBJECT_MAPPER field in the method where
convertValue is called.
- Around line 326-337: Replace the mixed Gson and Jackson usage with Jackson
only to avoid serialization library inconsistencies. Remove the Gson
deserialization that creates the TaggingSummaryResponse object, and instead use
the ObjectMapper to directly read the JSON response as a tree structure, then
extract the "data" node and check if it is null or empty before converting it to
a Map. This consolidates the serialization logic to a single library and
improves maintainability by eliminating potential null handling and type
coercion differences between Gson and Jackson.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: e6e7edc6-3aff-402d-9cf6-f906de642a18

📥 Commits

Reviewing files that changed from the base of the PR and between 52c79af and 7fb6d92.

📒 Files selected for processing (3)
  • .github/workflows/codeQl.yaml
  • jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java
  • jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/TaggingSummaryResponse.java

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify all GitHub Actions uses are SHA-pinned (40-hex) rather than mutable tags.
rg -nP '^\s*uses:\s*[^@]+@([a-f0-9]{40})\s*$|^\s*uses:\s*' .github/workflows/*.y*ml

Repository: PaladinCloud/CE

Length of output: 14775


Pin CodeQL actions to immutable commit SHAs.

Lines 50, 65, and 84 use mutable version tags (@v3) instead of immutable commit SHAs. This creates supply-chain risk and should be pinned to specific commits.

🔒 Suggested fix
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@<full_commit_sha>

-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@<full_commit_sha>

-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@<full_commit_sha>
🧰 Tools
🪛 zizmor (1.25.2)

[error] 50-50: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/codeQl.yaml at line 50, Replace the mutable version tags
(`@v3`) in the three GitHub CodeQL action references with immutable commit SHAs.
For each occurrence of github/codeql-action/init@v3,
github/codeql-action/analyze@v3, and the other CodeQL action on line 84, replace
the `@v3` tag with the full commit SHA (e.g., `@abc123def456`...) to ensure these
actions are pinned to specific immutable commits rather than floating version
tags that could change unexpectedly.

Source: Linters/SAST tools

Comment on lines 339 to 341
} catch (Exception e) {
LOGGER.error("Error retrieving tagging summary data", e);
throw e;
LOGGER.error("Error retrieving tagging summary data for ag: {}", ag, e);
}

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Silent error swallowing changes the method's failure contract.

The previous implementation logged and re-threw exceptions, allowing callers to handle failures. The new implementation catches all exceptions and returns an empty list, making it impossible for callers to distinguish between "no tagging data exists" and "the Lambda invocation failed."

This could mask production issues—if the Lambda consistently fails, downstream systems will process empty data without any indication of failure.

Consider either:

  1. Rethrowing after logging (preserves original behavior)
  2. Returning an Optional or a result wrapper that indicates success/failure
  3. At minimum, adding a metric or alert for failures
🛠️ Suggested fix to preserve failure signaling
         } catch (Exception e) {
             LOGGER.error("Error retrieving tagging summary data for ag: {}", ag, e);
+            throw e;
         }
-        return resultList;
     }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@jobs/pacman-data-shipper/src/main/java/com/tmobile/cso/pacman/datashipper/util/AssetGroupUtil.java`
around lines 339 - 341, The catch block for Exception handling in this method
logs the error but then silently continues without signaling the failure to the
caller, which masks Lambda invocation failures and prevents downstream systems
from distinguishing between missing data and actual failures. Modify the
exception handling to either rethrow the exception after logging (to preserve
the original behavior and allow callers to handle the failure), return an
Optional or result wrapper that explicitly indicates success or failure, or add
monitoring metrics to alert when Lambda failures occur. Ensure the method's
contract clearly communicates whether the operation succeeded or failed to
callers.

@arunpaladin arunpaladin merged commit 7f6634e into master Jun 18, 2026
60 checks passed
@arunpaladin arunpaladin deleted the feat/tagging_shipper_updations branch June 18, 2026 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants