chore(docs): add Resource constructor helpers and update examples

marythought · claude · marythought · commit 2374648e657b · 2026-04-21T08:45:14.000-07:00
Document the new Resource helper functions (ForAttributeValues,
ForRegisteredResourceValueFqn) for Go, Java, and JavaScript SDKs.
Update GetDecision examples to use the helpers instead of verbose
manual proto construction.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
Signed-off-by: Mary Dickson &lt;mary.dickson@virtru.com&gt;
diff --git a/docs/sdks/authorization.mdx b/docs/sdks/authorization.mdx
@@ -190,6 +190,134 @@ const response = await platformClient.v2.authorization.getDecision({
 - **Claims** are used by the Entity Resolution Service (ERS) for custom claim-based entity resolution.
 - **Registered Resource** identifies an entity by a [registered resource](/components/policy/registered_resources) value FQN stored in platform policy, where the resource acts as a single entity for authorization decisions.
 
+### Resource
+
+A `Resource` identifies the data being accessed in [GetDecision](#getdecision) and [GetDecisionBulk](#getdecisionbulk) calls. It can be specified as a set of attribute value FQNs (most common — e.g. the attributes on a TDF) or as a [registered resource](/components/policy/registered_resources) value FQN stored in platform policy.
+
+<Tabs>
+<TabItem value="go" label="Go">
+
+| Helper | Description |
+|--------|-------------|
+| `authorizationv2.ForAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) |
+| `authorizationv2.ForRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy |
+
+```go
+import authorizationv2 "github.com/opentdf/platform/protocol/go/authorization/v2"
+
+req := &authorizationv2.GetDecisionRequest{
+    Resource: authorizationv2.ForAttributeValues(
+        "https://example.com/attr/classification/value/confidential",
+        "https://example.com/attr/department/value/finance",
+    ),
+    // ...
+}
+```
+
+<details>
+<summary>Without helpers (manual proto construction)</summary>
+
+```go
+&authorizationv2.Resource{
+    Resource: &authorizationv2.Resource_AttributeValues_{
+        AttributeValues: &authorizationv2.Resource_AttributeValues{
+            Fqns: []string{
+                "https://example.com/attr/classification/value/confidential",
+                "https://example.com/attr/department/value/finance",
+            },
+        },
+    },
+}
+```
+
+</details>
+
+</TabItem>
+<TabItem value="java" label="Java">
+
+| Helper | Description |
+|--------|-------------|
+| `Resources.forAttributeValues(fqns...)` | Resource from attribute value FQNs (e.g. those on a TDF) |
+| `Resources.forRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy |
+
+```java
+import io.opentdf.platform.sdk.Resources;
+
+GetDecisionRequest request = GetDecisionRequest.newBuilder()
+    .setResource(Resources.forAttributeValues(
+        "https://example.com/attr/classification/value/confidential",
+        "https://example.com/attr/department/value/finance"))
+    // ...
+    .build();
+```
+
+<details>
+<summary>Without helpers (manual proto construction)</summary>
+
+```java
+Resource.newBuilder()
+    .setAttributeValues(
+        Resource.AttributeValues.newBuilder()
+            .addFqns("https://example.com/attr/classification/value/confidential")
+            .addFqns("https://example.com/attr/department/value/finance"))
+    .build()
+```
+
+</details>
+
+</TabItem>
+<TabItem value="js" label="JavaScript">
+
+| Helper | Description |
+|--------|-------------|
+| `Resources.forAttributeValues(...fqns)` | Resource from attribute value FQNs (e.g. those on a TDF) |
+| `Resources.forRegisteredResourceValueFqn(fqn)` | Resource from a registered resource value FQN in policy |
+
+```typescript
+import { Resources } from '@opentdf/sdk';
+
+const response = await platformClient.v2.authorization.getDecision({
+  resource: Resources.forAttributeValues(
+    'https://example.com/attr/classification/value/confidential',
+    'https://example.com/attr/department/value/finance',
+  ),
+  // ...
+});
+```
+
+<details>
+<summary>Without helpers (manual object construction)</summary>
+
+```typescript
+{
+  resource: {
+    case: 'attributeValues',
+    value: {
+      fqns: [
+        'https://example.com/attr/classification/value/confidential',
+        'https://example.com/attr/department/value/finance',
+      ],
+    },
+  },
+}
+```
+
+</details>
+
+</TabItem>
+</Tabs>
+
+**Resource variants:**
+
+| Variant | Go | Java | JavaScript |
+|---------|-----|------|------------|
+| Attribute values | `ForAttributeValues(fqns...)` | `Resources.forAttributeValues(fqns...)` | `Resources.forAttributeValues(...fqns)` |
+| Registered resource | `ForRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` | `Resources.forRegisteredResourceValueFqn(fqn)` |
+
+:::note
+The helpers do not set `ephemeralId`. For [GetDecisionBulk](#getdecisionbulk) where you need to correlate requests with responses, set `ephemeralId` separately after construction or use manual construction.
+:::
+
 ---
 
 ## GetEntitlements
@@ -419,7 +547,7 @@ await platformClient.v2.authorization.getDecision({ ... })
 |-----------|------|----------|-------------|
 | `entityIdentifier` | `EntityIdentifier` | Yes | The entity requesting access. Use [helpers](#entityidentifier) like `ForEmail(...)` (Go) or `EntityIdentifiers.forEmail(...)` (Java/JS). |
 | `action` | `Action` | Yes | The action being performed (e.g., `decrypt`, `read`). |
-| `resource` | `Resource` | Yes | The resource being accessed, identified by attribute value FQNs. |
+| `resource` | `Resource` | Yes | The resource being accessed. Use [helpers](#resource) like `ForAttributeValues(...)` (Go) or `Resources.forAttributeValues(...)` (Java/JS). |
 
 **Example**
 
@@ -437,16 +565,10 @@ decisionReq := &authorizationv2.GetDecisionRequest{
     Action: &policy.Action{
         Name: "decrypt",
     },
-    Resource: &authorizationv2.Resource{
-        Resource: &authorizationv2.Resource_AttributeValues_{
-            AttributeValues: &authorizationv2.Resource_AttributeValues{
-                Fqns: []string{
-                    "https://company.com/attr/clearance/value/confidential",
-                    "https://company.com/attr/department/value/finance",
-                },
-            },
-        },
-    },
+    Resource: authorizationv2.ForAttributeValues(
+        "https://company.com/attr/clearance/value/confidential",
+        "https://company.com/attr/department/value/finance",
+    ),
 }
 
 decision, err := client.AuthorizationV2.GetDecision(
@@ -479,13 +601,9 @@ import (
 decisionReq := &authorizationv2.GetDecisionRequest{
     EntityIdentifier: authorizationv2.ForToken(jwtToken),
     Action: &policy.Action{Name: "decrypt"},
-    Resource: &authorizationv2.Resource{
-        Resource: &authorizationv2.Resource_AttributeValues_{
-            AttributeValues: &authorizationv2.Resource_AttributeValues{
-                Fqns: []string{"https://company.com/attr/clearance/value/public"},
-            },
-        },
-    },
+    Resource: authorizationv2.ForAttributeValues(
+        "https://company.com/attr/clearance/value/public",
+    ),
 }
 
 decision, err := client.AuthorizationV2.GetDecision(
@@ -554,21 +672,17 @@ for _, dr := range decisionResponse.GetDecisionResponses() {
 
 ```java
 import io.opentdf.platform.sdk.EntityIdentifiers;
+import io.opentdf.platform.sdk.Resources;
 
 GetDecisionRequest request = GetDecisionRequest.newBuilder()
     .setEntityIdentifier(EntityIdentifiers.forEmail("user@company.com"))
     .setAction(
         Action.newBuilder()
             .setName("decrypt")
     )
-    .setResource(
-        Resource.newBuilder()
-            .setAttributeValues(
-                Resource.AttributeValues.newBuilder()
-                    .addFqns("https://company.com/attr/clearance/value/confidential")
-                    .addFqns("https://company.com/attr/department/value/finance")
-            )
-    )
+    .setResource(Resources.forAttributeValues(
+        "https://company.com/attr/clearance/value/confidential",
+        "https://company.com/attr/department/value/finance"))
     .build();
 
 GetDecisionResponse resp = sdk.getServices()
@@ -591,23 +705,16 @@ if (decision.getDecision() == Decision.DECISION_PERMIT) {
 <TabItem value="js" label="JavaScript">
 
 ```typescript
-import { EntityIdentifiers } from '@opentdf/sdk';
+import { EntityIdentifiers, Resources } from '@opentdf/sdk';
 import { Decision } from '@opentdf/sdk/platform/authorization/v2/authorization_pb.js';
 
 const response = await platformClient.v2.authorization.getDecision({
   entityIdentifier: EntityIdentifiers.forEmail('user@company.com'),
   action: { name: 'decrypt' },
-  resource: {
-    resource: {
-      case: 'attributeValues',
-      value: {
-        fqns: [
-          'https://company.com/attr/clearance/value/confidential',
-          'https://company.com/attr/department/value/finance',
-        ],
-      },
-    },
-  },
+  resource: Resources.forAttributeValues(
+    'https://company.com/attr/clearance/value/confidential',
+    'https://company.com/attr/department/value/finance',
+  ),
 });
 
 const decision = response.decision;
@@ -912,29 +1019,38 @@ Identifies the data being accessed. A resource can be specified in two ways:
 | `attributeValues.fqns` | `[]string` | Attribute value FQNs on the resource (1–20). Use this for TDF payloads or any resource identified by attribute values. |
 | `registeredResourceValueFqn` | `string` (URI) | A [registered resource](/components/policy/registered_resources) value FQN stored in platform policy. Alternative to `attributeValues`. |
 
+Use the [Resource helpers](#resource) for concise construction:
+
+<Tabs>
+<TabItem value="go" label="Go">
+
 ```go
-// Go
-&authorizationv2.Resource{
-    EphemeralId: "resource-1",
-    Resource: &authorizationv2.Resource_AttributeValues_{
-        AttributeValues: &authorizationv2.Resource_AttributeValues{
-            Fqns: []string{"https://example.com/attr/classification/value/secret"},
-        },
-    },
-}
+// With helpers
+authorizationv2.ForAttributeValues("https://example.com/attr/classification/value/secret")
+authorizationv2.ForRegisteredResourceValueFqn("https://example.com/registered/value/my-resource")
+```
+
+</TabItem>
+<TabItem value="java" label="Java">
+
+```java
+// With helpers
+Resources.forAttributeValues("https://example.com/attr/classification/value/secret")
+Resources.forRegisteredResourceValueFqn("https://example.com/registered/value/my-resource")
 ```
 
+</TabItem>
+<TabItem value="js" label="JavaScript">
+
 ```typescript
-// JavaScript
-{
-  ephemeralId: 'resource-1',
-  resource: {
-    case: 'attributeValues',
-    value: { fqns: ['https://example.com/attr/classification/value/secret'] },
-  },
-}
+// With helpers
+Resources.forAttributeValues('https://example.com/attr/classification/value/secret')
+Resources.forRegisteredResourceValueFqn('https://example.com/registered/value/my-resource')
 ```
 
+</TabItem>
+</Tabs>
+
 ### EntityEntitlements
 
 Returned by [GetEntitlements](#getentitlements). One per entity, mapping attribute value FQNs to the actions that entity can perform.
