From fdb56a8aeae6b1595b9e4799e026c50d3d18f548 Mon Sep 17 00:00:00 2001 From: b-long Date: Sat, 16 Aug 2025 10:08:55 -0400 Subject: [PATCH 1/5] Add docker start script --- .env-docker | 4 +-- .github/start_opentdf_docker.sh | 59 +++++++++++++++++++++++++++++++++ .gitignore | 2 ++ 3 files changed, 63 insertions(+), 2 deletions(-) create mode 100755 .github/start_opentdf_docker.sh diff --git a/.env-docker b/.env-docker index 34fb1a2..b6431bf 100644 --- a/.env-docker +++ b/.env-docker @@ -2,5 +2,5 @@ OPENTDF_PLATFORM_HOST="localhost" OPENTDF_PLATFORM_PORT=8080 OPENTDF_PLATFORM_URL="http://localhost:8080" -KEYCLOAK_URL="https://localhost:8443/auth" -OIDC_OP_TOKEN_ENDPOINT="https://localhost:8443/auth/realms/opentdf/protocol/openid-connect/token" \ No newline at end of file +KEYCLOAK_URL="http://localhost:8888/auth" +OIDC_OP_TOKEN_ENDPOINT="http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token" \ No newline at end of file diff --git a/.github/start_opentdf_docker.sh b/.github/start_opentdf_docker.sh new file mode 100755 index 0000000..8f4da74 --- /dev/null +++ b/.github/start_opentdf_docker.sh @@ -0,0 +1,59 @@ +#!/usr/bin/env bash + +set -euo pipefail + +if ! [ -d platform ]; then + # Sparse clone opentdf/platform + git clone https://github.com/opentdf/platform.git +fi +cd platform +git checkout DSPX-1539-keytoolnomore + +yq -i '.realms[0].clients[0].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + +yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + +yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + + +if ! [ -d ./keys ]; then + go mod download + + go mod verify + + .github/scripts/init-temp-keys.sh + cp opentdf-example.yaml opentdf.yaml + + # Edit 'opentdf.yaml' for our use case + yq -i 'del(.db)' opentdf.yaml + yq -i '.services.entityresolution.url = "http://localhost:8888/auth"' opentdf.yaml + yq -i '.server.auth.issuer = "http://localhost:8888/auth/realms/opentdf"' opentdf.yaml + yq -i ' +.server.cryptoProvider = { + "type": "standard", + "standard": { + "keys": [ + { + "kid": "r1", + "alg": "rsa:2048", + "private": "kas-private.pem", + "cert": "kas-cert.pem" + }, + { + "kid": "e1", + "alg": "ec:secp256r1", + "private": "kas-ec-private.pem", + "cert": "kas-ec-cert.pem" + } + ] + } +} +' opentdf.yaml + chmod -R 777 ./keys +fi + +docker compose up -d --wait --wait-timeout 360 + +go run ./service provision keycloak + +go run ./service provision fixtures \ No newline at end of file diff --git a/.gitignore b/.gitignore index feb774e..e0a62d0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,8 @@ # Created by https://www.toptal.com/developers/gitignore/api/python # Edit at https://www.toptal.com/developers/gitignore?templates=python +platform/ + ### Python ### # Byte-compiled / optimized / DLL files __pycache__/ From 925c169696ac015c22ce688f3511b4c4148bfac7 Mon Sep 17 00:00:00 2001 From: b-long Date: Mon, 18 Aug 2025 20:43:59 -0400 Subject: [PATCH 2/5] Gemini fixes --- .github/start_opentdf_docker.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/start_opentdf_docker.sh b/.github/start_opentdf_docker.sh index 8f4da74..08d214d 100755 --- a/.github/start_opentdf_docker.sh +++ b/.github/start_opentdf_docker.sh @@ -11,9 +11,9 @@ git checkout DSPX-1539-keytoolnomore yq -i '.realms[0].clients[0].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml -yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml +yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[1].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml -yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml +yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[4].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml if ! [ -d ./keys ]; then @@ -49,11 +49,11 @@ if ! [ -d ./keys ]; then } } ' opentdf.yaml - chmod -R 777 ./keys + chmod -R 700 ./keys fi docker compose up -d --wait --wait-timeout 360 go run ./service provision keycloak -go run ./service provision fixtures \ No newline at end of file +go run ./service provision fixtures From 9f87a23f3cfa84ea8dd4fcbf1ec7ae84e1a53db1 Mon Sep 17 00:00:00 2001 From: b-long Date: Mon, 18 Aug 2025 20:46:05 -0400 Subject: [PATCH 3/5] Update GHA configuration --- .../workflows/platform-integration-test.yaml | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/.github/workflows/platform-integration-test.yaml b/.github/workflows/platform-integration-test.yaml index ad91791..fed489a 100644 --- a/.github/workflows/platform-integration-test.yaml +++ b/.github/workflows/platform-integration-test.yaml @@ -55,7 +55,37 @@ jobs: shell: bash run: | .github/scripts/init-temp-keys.sh - cp opentdf-dev.yaml opentdf.yaml + # Edit Keycloak sample file for our use case + yq -i '.realms[0].clients[0].client.directAccessGrantsEnabled = true | .realms[0].clients[0].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + yq -i '.realms[0].clients[1].client.directAccessGrantsEnabled = true | .realms[0].clients[1].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + yq -i '.realms[0].clients[4].client.directAccessGrantsEnabled = true | .realms[0].clients[4].client.serviceAccountsEnabled = true' service/cmd/keycloak_data.yaml + + cp opentdf-example.yaml opentdf.yaml + # Edit 'opentdf.yaml' for our use case + yq -i 'del(.db)' opentdf.yaml + yq -i '.services.entityresolution.url = "http://localhost:8888/auth"' opentdf.yaml + yq -i '.server.auth.issuer = "http://localhost:8888/auth/realms/opentdf"' opentdf.yaml + yq -i ' + .server.cryptoProvider = { + "type": "standard", + "standard": { + "keys": [ + { + "kid": "r1", + "alg": "rsa:2048", + "private": "kas-private.pem", + "cert": "kas-cert.pem" + }, + { + "kid": "e1", + "alg": "ec:secp256r1", + "private": "kas-ec-private.pem", + "cert": "kas-ec-cert.pem" + } + ] + } + } + ' opentdf.yaml sudo chmod -R 777 ./keys working-directory: platform # - name: Trust the locally issued cert From def2e5d021080185b166db9ea4fd42fd1150b8ab Mon Sep 17 00:00:00 2001 From: b-long Date: Mon, 18 Aug 2025 20:48:40 -0400 Subject: [PATCH 4/5] Gemini fixes --- .github/start_opentdf_docker.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/start_opentdf_docker.sh b/.github/start_opentdf_docker.sh index 08d214d..3e175aa 100755 --- a/.github/start_opentdf_docker.sh +++ b/.github/start_opentdf_docker.sh @@ -3,7 +3,6 @@ set -euo pipefail if ! [ -d platform ]; then - # Sparse clone opentdf/platform git clone https://github.com/opentdf/platform.git fi cd platform From 4e09b7a4acee41929ca397323ab9b4866adae27f Mon Sep 17 00:00:00 2001 From: b-long Date: Mon, 18 Aug 2025 20:50:14 -0400 Subject: [PATCH 5/5] Enable PE e2e test --- tests/integration/test_pe_interaction.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/integration/test_pe_interaction.py b/tests/integration/test_pe_interaction.py index 91a41db..7e8dcb2 100644 --- a/tests/integration/test_pe_interaction.py +++ b/tests/integration/test_pe_interaction.py @@ -38,7 +38,6 @@ def decrypt(input_path: Path, output_path: Path, sdk: SDK): raise SDKException("Decryption failed") -@pytest.mark.skip(reason="Skipping until PE environment issues are resolved") @pytest.mark.integration def test_single_attribute_encryption_decryption(): # Encrypt with SDK using a single attribute