feat(mapping): ADR-0020 phase 2

[gtema]

Implement complete mapping ruleset API with CRUD operations (create,
show, list, update, delete) and rule mutation (insert/update/delete) for
both domain-scoped and global rulesets.

Key changes:

• Add HTTP handlers in v4/mapping/ruleset/ for all CRUD + mutate
  operations
• Add API types with ToSchema/serde/JsonSchema derives for rules and
  conditions
• Implement MatchCriteria with external tagging
  (all_of/any_of/all_of_strict) and nested tree support via
  MatchCondition
• Add OPA policies for all operations (create, show, list, update,
  delete) with shared policy for PUT/POST mutate under
  identity.mapping.ruleset.update
• Fix global ruleset storage indexing in mapping-driver-raft to use
  "global" key when domain_id is None
• Add 29 provider-level integration tests (CRUD, mutate, authenticate,
  vuser lifecycle, immutability for both scoped and global rulesets)
• Add 9 API-level tests covering all CRUD operations and immutability
• Add is_system enforcement to prevent mutation/deletion of system
  rulesets
• Update policy infrastructure: fix role/imply_rule and
  resource/system/user/role tests to align with new enforcer input
  structure
• Extend integration test infrastructure with create_domain! macro and
  sample_ruleset_create helper
• Add vuser lifecycle tests (scoped and global) including delete by
  vuser ID

Signed-off-by: Artem Goncharov artem.goncharov@gmail.com

[github-actions]

🦢 Load Test Results

Goose Attack Report

Plan Overview

Action	Started	Stopped	Elapsed	Users
Increasing	26-06-16 09:52:53	26-06-16 09:52:55	00:00:02	0 → 4
Maintaining	26-06-16 09:52:55	26-06-16 09:53:25	00:00:30	4
Decreasing	26-06-16 09:53:25	26-06-16 09:53:25	00:00:00	0 ← 4

Request Metrics

Method	Name	# Requests	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
GET		7079	0	16.47	11	31	235.97	0.00
	Aggregated	7079	0	16.47	11	31	235.97	0.00

Response Time Metrics

Method	Name	50%ile (ms)	60%ile (ms)	70%ile (ms)	80%ile (ms)	90%ile (ms)	95%ile (ms)	99%ile (ms)	100%ile (ms)
GET		14	16	20	21	22	23	24	31
	Aggregated	14	16	20	21	22	23	24	31

Status Code Metrics

Method	Name	Status Codes
GET		7,079 [200]
	Aggregated	7,079 [200]

Transaction Metrics

Transaction	# Times Run	# Fails	Average (ms)	Min (ms)	Max (ms)	RPS	Failures/s
ListUsers
0.0	0	0	0.00	0	0	0.00	0.00
0.1	4327	0	13.41	11	22	144.23	0.00
ValidateToken
1.0	0	0	0.00	0	0	0.00	0.00
1.1	2752	0	21.37	18	31	91.73	0.00
Aggregated	7079	0	16.47	11	31	235.97	0.00

Scenario Metrics

Transaction	# Users	# Times Run	Average (ms)	Min (ms)	Max (ms)	Scenarios/s	Iterations
ListUsers	2	4325	13.41	11	22	144.17	2162.50
ValidateToken	2	2750	21.37	18	31	91.67	1375.00
Aggregated	4	7075	16.50	11	31	235.83	3537.50

View full report

[github-actions]

Bencher Report

Branch	mapping
Testbed	ubuntu-latest

Click to view all benchmark results

Benchmark	Latency	Benchmark Result nanoseconds (ns) (Result Δ%)	Upper Boundary nanoseconds (ns) (Limit %)
Command_Serde/apply/remove	📈 view plot 🚷 view threshold	134,830.00 ns (-6.09%) Baseline: 143,575.26 ns	467,800.29 ns (28.82%)
Command_Serde/apply/set	📈 view plot 🚷 view threshold	164,990.00 ns (+26.59%) Baseline: 130,335.74 ns	291,975.75 ns (56.51%)
Command_Serde/pack/delete	📈 view plot 🚷 view threshold	118.95 ns (-2.23%) Baseline: 121.66 ns	145.35 ns (81.83%)
Command_Serde/pack/delete_index	📈 view plot 🚷 view threshold	108.57 ns (-4.59%) Baseline: 113.79 ns	136.22 ns (79.70%)
Command_Serde/pack/set	📈 view plot 🚷 view threshold	193.16 ns (-1.78%) Baseline: 196.67 ns	238.85 ns (80.87%)
Command_Serde/pack/set_index	📈 view plot 🚷 view threshold	108.75 ns (-4.58%) Baseline: 113.96 ns	136.06 ns (79.93%)
Command_Serde/unpack/delete	📈 view plot 🚷 view threshold	186.79 ns (-1.29%) Baseline: 189.23 ns	234.51 ns (79.65%)
Command_Serde/unpack/delete_index	📈 view plot 🚷 view threshold	159.00 ns (-3.92%) Baseline: 165.50 ns	206.02 ns (77.18%)
Command_Serde/unpack/set	📈 view plot 🚷 view threshold	243.25 ns (-1.09%) Baseline: 245.92 ns	291.45 ns (83.46%)
Command_Serde/unpack/set_index	📈 view plot 🚷 view threshold	159.59 ns (-2.28%) Baseline: 163.31 ns	203.04 ns (78.60%)
Payload_encryption/pack/inner	📈 view plot 🚷 view threshold	64.65 ns (+2.89%) Baseline: 62.83 ns	77.93 ns (82.96%)
Payload_encryption/pack/remove_cmd	📈 view plot 🚷 view threshold	122.14 ns (+0.70%) Baseline: 121.29 ns	154.59 ns (79.01%)
Payload_encryption/pack/set_cmd	📈 view plot 🚷 view threshold	188.83 ns (-16.64%) Baseline: 226.52 ns	285.91 ns (66.04%)
Payload_encryption/unpack/inner	📈 view plot 🚷 view threshold	170.76 ns (+4.41%) Baseline: 163.55 ns	191.65 ns (89.10%)
Payload_encryption/unpack/remove_cmd	📈 view plot 🚷 view threshold	205.97 ns (+3.94%) Baseline: 198.16 ns	245.92 ns (83.76%)
Payload_encryption/unpack/set_cmd	📈 view plot 🚷 view threshold	255.98 ns (-0.77%) Baseline: 257.98 ns	311.99 ns (82.05%)
Raft_1Node_Latency/prefix/1node	📈 view plot 🚷 view threshold	2,583,000.00 ns (-31.39%) Baseline: 3,764,583.65 ns	6,998,250.19 ns (36.91%)
Raft_1Node_Latency/read/1node	📈 view plot 🚷 view threshold	586.29 ns (+3.55%) Baseline: 566.20 ns	723.12 ns (81.08%)
Raft_1Node_Latency/remove/1node	📈 view plot 🚷 view threshold	399,430.00 ns (+6.09%) Baseline: 376,493.97 ns	977,382.63 ns (40.87%)
Raft_1Node_Latency/write/1node	📈 view plot 🚷 view threshold	402,530.00 ns (+10.55%) Baseline: 364,099.52 ns	778,261.97 ns (51.72%)
build_snapshot/default	📈 view plot 🚷 view threshold	89,885.00 ns (-3.07%) Baseline: 92,728.02 ns	154,531.11 ns (58.17%)
fernet token/project	📈 view plot 🚷 view threshold	1,401.20 ns (-2.30%) Baseline: 1,434.23 ns	1,647.80 ns (85.03%)
get_data_keyspace	📈 view plot 🚷 view threshold	0.31 ns (-2.99%) Baseline: 0.32 ns	0.38 ns (81.80%)
get_db	📈 view plot 🚷 view threshold	0.31 ns (-3.05%) Baseline: 0.32 ns	0.38 ns (81.66%)
get_fernet_token_timestamp/project	📈 view plot 🚷 view threshold	156.91 ns (+6.47%) Baseline: 147.38 ns	176.48 ns (88.91%)
get_keyspace	📈 view plot 🚷 view threshold	4.30 ns (-12.92%) Baseline: 4.94 ns	9.61 ns (44.72%)

🐰 View full continuous benchmarking report in Bencher