Merge branch 'main' into fix/metadata-render

Author: jakedoublev

.github/spellcheck.ignore

@@ -0,0 +1,98 @@
+AllOf
+AnyOf
+Auth
+CLI's
+Changelog
+ConditionGroup
+CoolTool
+Decrypt
+ERS
+FQNs
+Hostname
+JSON
+JWT
+KASes
+KASs
+LDAP
+MacOS
+NPM
+Namespace
+Nano
+OIDC
+OpenTDF
+PDP
+PKCE
+README
+RadService
+SCS
+SDK
+ShinyThing
+TDF
+TDF'd
+TDFd
+TDFs
+TLS
+TODO
+TUI
+URI
+Unassign
+acmeco
+args
+attr
+auth
+cli
+clientId
+clientSecret
+config
+data-centric
+decrypt
+decryptable
+decrypted
+dev
+encodings
+enum
+https
+idP
+jq
+json
+jwt
+kas
+kas-url-path
+kasg
+kasr
+keychain
+keycloak
+keyring
+localhost
+namespace
+namespaces
+nano
+ns
+otdfctl
+performant
+poc
+pubkey
+quickstart
+resm
+resolvers
+scs
+sm
+stdin
+stdout
+stdout
+subcommand
+subcs
+subm
+submap
+tdf
+tdf-type
+tls
+tls-no-verify
+txt
+unassign
+unassignment
+upsert
+uri
+with-client-creds
+with-client-creds-file
+yaml

.github/workflows/ci.yaml

@@ -4,8 +4,24 @@ on:
   pull_request:
     branches:
       - main
+    paths-ignore:
+      - '**/*.yaml'
+      - '**/*.md'
+      - LICENSE
+      - CODEOWNERS
+      - '.gitignore'
 
 jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          go-version-file: go.mod
+          go-package: ./...
+
   golangci:
     name: lint
     runs-on: ubuntu-22.04
@@ -66,6 +82,8 @@ jobs:
         working-directory: platform
       - run: go run ./service provision keycloak
         working-directory: platform
+      - run: go run ./service provision fixtures
+        working-directory: platform
       - uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
         name: start server in background
         with:
@@ -85,4 +103,5 @@ jobs:
       - name: Setup Bats and bats libs
         uses: bats-core/[email protected]
       - run: tests/encrypt-decrypt.bats
-
+      - run: tests/kas-grants.bats
+      - run: tests/kas-registry.bats

.github/workflows/pr-lint.yaml

@@ -24,6 +24,7 @@ jobs:
             chore
             docs
           scopes: |
+            main
             core
             tui
             demo

.github/workflows/release.yaml

@@ -1,9 +1,8 @@
 name: Release
 
 permissions:
-  contents: read
+  contents: write
   pull-requests: write
-  packages: write
   issues: write
 
 on:
@@ -15,48 +14,52 @@ jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate a token
+        id: generate_token
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          private-key: "${{ secrets.AUTOMATION_KEY }}"
       - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f
         id: release
         with:
+          token: ${{ steps.generate_token.outputs.token }}
           release-type: go
 
-      ###
-      # Tag the release
-      - name: tag major and minor versions
-        if: ${{ steps.release.outputs.release_created }}
-        run: |
-          git config user.name github-actions[bot]
-          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
-          git remote add gh-token "https://${{ secrets.GITHUB_TOKEN }}@github.com/googleapis/release-please-action.git"
-          git tag -d v${{ steps.release.outputs.major }} || true
-          git tag -d v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
-          git push origin :v${{ steps.release.outputs.major }} || true
-          git push origin :v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
-          git tag -a v${{ steps.release.outputs.major }} -m "Release v${{ steps.release.outputs.major }}"
-          git tag -a v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} -m "Release v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}"
-          git push origin v${{ steps.release.outputs.major }}
-          git push origin v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}
-
-      ###
-      # Build the release
       - uses: actions/checkout@v4
         if: ${{ steps.release.outputs.release_created }}
       - uses: actions/setup-go@v5
         if: ${{ steps.release.outputs.release_created }}
-      - name: make-targets
+        with: 
+          go-version-file: go.mod
+
+      ## TODO get this working again 
+      ## fatal: unable to access 'https://github.com/opentdf/otdfctl/': The requested URL returned error: 403
+      # - name: Tag semver and push to repo
+      #   if: ${{ steps.release.outputs.release_created }}
+      #   run: |
+      #     git config user.name github-actions[bot]
+      #     git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+      #     git remote add gh-token "https://${{ steps.generate_token.outputs.token }}@github.com/googleapis/release-please-action.git"
+      #     git tag -d v${{ steps.release.outputs.major }} || true
+      #     git tag -d v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+      #     git push origin :v${{ steps.release.outputs.major }} || true
+      #     git push origin :v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} || true
+      #     git tag -a v${{ steps.release.outputs.major }} -m "Release v${{ steps.release.outputs.major }}"
+      #     git tag -a v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }} -m "Release v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}"
+      #     git push origin v${{ steps.release.outputs.major }}
+      #     git push origin v${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}
+
+      - name: Build, compress, and draft checksums
         if: ${{ steps.release.outputs.release_created }}
         env:
           SEM_VER: ${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }}
           COMMIT_SHA: ${{ steps.release.outputs.sha }}
         run: make build
-      - name: Compress the builds and generate checksums
-        if: ${{ steps.release.outputs.release_created }}
-        env:
-          SEM_VER: ${{ steps.release.outputs.major }}.${{ steps.release.outputs.minor }}.${{ steps.release.outputs.patch }}
-        run: make zip-builds
+
       - name: Upload Release Artifact
         if: ${{ steps.release.outputs.release_created }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh release upload ${{ steps.release.outputs.tag_name }} ./output/**/*
+        run: gh release upload ${{ steps.release.outputs.tag_name }} ./output/*
 

.github/workflows/security-check.yaml

@@ -0,0 +1,22 @@
+name: 'spellcheck'
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths-ignore:
+      - LICENSE
+      - CODEOWNERS
+      - '.gitignore'
+      - '**/*.go'
+
+jobs:
+  spellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: matheus23/[email protected]
+        with:
+          files-to-check: '**/*.md'
+          files-to-exclude: 'CHANGELOG.md'
+          words-to-ignore-file: './.github/spellcheck.ignore'

.github/workflows/spellcheck.yaml

@@ -6,6 +6,10 @@ otdfctl.yaml
 
 # Ignore the tructl binary
 otdfctl
+otdfctl_testbuild
+
+# Misc
+creds.json
 
 # Hugo
 public/

.gitignore

@@ -0,0 +1,79 @@
+# Changelog
+
+## [0.12.2](https://github.com/opentdf/otdfctl/compare/v0.12.1...v0.12.2) (2024-08-27)
+
+
+### Bug Fixes
+
+* **core:** improve KASR docs and add spellcheck GHA to pipeline ([#323](https://github.com/opentdf/otdfctl/issues/323)) ([a77cf30](https://github.com/opentdf/otdfctl/commit/a77cf30dc8077d034cb4c9df8cc94712b1a17dff)), closes [#335](https://github.com/opentdf/otdfctl/issues/335) [#337](https://github.com/opentdf/otdfctl/issues/337)
+* create new http client to ignore tls verification ([#324](https://github.com/opentdf/otdfctl/issues/324)) ([4d4afb7](https://github.com/opentdf/otdfctl/commit/4d4afb7e5b6411bb08a92bc53181ac5730ca1992))
+
+## [0.12.1](https://github.com/opentdf/otdfctl/compare/v0.12.0...v0.12.1) (2024-08-26)
+
+
+### Bug Fixes
+
+* **core:** remove documentation that cached kas pubkey is base64 ([#320](https://github.com/opentdf/otdfctl/issues/320)) ([fce8f44](https://github.com/opentdf/otdfctl/commit/fce8f44f767f35ccc4863f88d46e7ffcbd80f37a)), closes [#321](https://github.com/opentdf/otdfctl/issues/321)
+
+## [0.12.0](https://github.com/opentdf/otdfctl/compare/v0.11.4...v0.12.0) (2024-08-23)
+
+
+### Features
+
+* **ci:** attr e2e tests with mixed casing ([#315](https://github.com/opentdf/otdfctl/issues/315)) ([50ce712](https://github.com/opentdf/otdfctl/commit/50ce712eab38f6686611e2b306bda5cacd55c28e))
+* **core:** kasr cached keys to deprecate local ([#318](https://github.com/opentdf/otdfctl/issues/318)) ([5419cc3](https://github.com/opentdf/otdfctl/commit/5419cc39e143eb484f836ca1ee671d626d5e2c60)), closes [#317](https://github.com/opentdf/otdfctl/issues/317)
+
+## [0.11.4](https://github.com/opentdf/otdfctl/compare/v0.11.3...v0.11.4) (2024-08-22)
+
+
+### Bug Fixes
+
+* update workflow permissions ([#310](https://github.com/opentdf/otdfctl/issues/310)) ([3979fe8](https://github.com/opentdf/otdfctl/commit/3979fe85c9ab6511376d98b672cbfebddbf9bb84))
+
+## [0.11.3](https://github.com/opentdf/otdfctl/compare/v0.11.2...v0.11.3) (2024-08-22)
+
+
+### Bug Fixes
+
+* **core:** do not import unused fmt ([#306](https://github.com/opentdf/otdfctl/issues/306)) ([0dc552d](https://github.com/opentdf/otdfctl/commit/0dc552d3d6814f910c04d5f8cefa35404b4945f5))
+* **core:** nil panic on set-default ([#304](https://github.com/opentdf/otdfctl/issues/304)) ([92bbfa3](https://github.com/opentdf/otdfctl/commit/92bbfa32ae42b73b68551c2f9d3551d357bc5922))
+* **core:** warn and do now allow deletion of default profile ([#308](https://github.com/opentdf/otdfctl/issues/308)) ([fdd8167](https://github.com/opentdf/otdfctl/commit/fdd8167e8e2b22d652b48d796a756f86398bfd3c))
+* make file not building correctly ([#307](https://github.com/opentdf/otdfctl/issues/307)) ([64eb821](https://github.com/opentdf/otdfctl/commit/64eb82170fdcc50396194271be358bf9c9d43049))
+
+## [0.11.2](https://github.com/opentdf/otdfctl/compare/v0.11.1...v0.11.2) (2024-08-22)
+
+
+### Bug Fixes
+
+* disable tagging ([#302](https://github.com/opentdf/otdfctl/issues/302)) ([2b5db85](https://github.com/opentdf/otdfctl/commit/2b5db852ed0088e61f1180500135cd1865f9798b))
+
+## [0.11.1](https://github.com/opentdf/otdfctl/compare/v0.11.0...v0.11.1) (2024-08-22)
+
+
+### Bug Fixes
+
+* release-please tweak ([#300](https://github.com/opentdf/otdfctl/issues/300)) ([29fc836](https://github.com/opentdf/otdfctl/commit/29fc8360ae0b701aefe70b25d1838f442fd7eb8d))
+
+## [0.11.0](https://github.com/opentdf/otdfctl/compare/v0.10.0...v0.11.0) (2024-08-22)
+
+
+### Features
+
+* move git checkout before tagging ([#298](https://github.com/opentdf/otdfctl/issues/298)) ([1114e25](https://github.com/opentdf/otdfctl/commit/1114e25a90946e85622c8ff7a7befbf18beb4ba1))
+
+## [0.10.0](https://github.com/opentdf/otdfctl/compare/v0.9.4...v0.10.0) (2024-08-22)
+
+
+### Features
+
+* add profile support for cli ([#289](https://github.com/opentdf/otdfctl/issues/289)) ([15700f3](https://github.com/opentdf/otdfctl/commit/15700f3375196595e4a0ea3a7a6dea4da06d8612))
+* **core:** add scaffolding and POC for auth code flow ([#144](https://github.com/opentdf/otdfctl/issues/144)) ([03ecbfb](https://github.com/opentdf/otdfctl/commit/03ecbfb4f689f4a9f161a5a03d80efd50f728780))
+* **core:** support kas grants to namespaces ([#292](https://github.com/opentdf/otdfctl/issues/292)) ([f2c6689](https://github.com/opentdf/otdfctl/commit/f2c6689d2f775b1aed907d553c42d87c8464e6c7)), closes [#269](https://github.com/opentdf/otdfctl/issues/269)
+* improve auth with client credentials ([#286](https://github.com/opentdf/otdfctl/issues/286)) ([9c4968f](https://github.com/opentdf/otdfctl/commit/9c4968f48d1ba23a61ed5c8ad23a109bf141ba56))
+* improve auth with client credentials ([#296](https://github.com/opentdf/otdfctl/issues/296)) ([0f533c7](https://github.com/opentdf/otdfctl/commit/0f533c7278a53ddd90656b3c7efcaee1c5bfd957))
+
+
+### Bug Fixes
+
+* **core:** bump platform deps ([#276](https://github.com/opentdf/otdfctl/issues/276)) ([e4ced99](https://github.com/opentdf/otdfctl/commit/e4ced996ae336b9db6db88906683f6600a2e5bf4))
+* reduce prints ([#277](https://github.com/opentdf/otdfctl/issues/277)) ([8b5734a](https://github.com/opentdf/otdfctl/commit/8b5734a18636071566fd8c4cfc808f3f240a02a5))