Skip to content

fix(core): kas registry commands UX improvements #434

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Dec 3, 2024
Merged

fix(core): kas registry commands UX improvements #434

merged 10 commits into from
Dec 3, 2024

Conversation

@jakedoublev
Copy link
Contributor

@jakedoublev jakedoublev commented Nov 20, 2024
edited
Loading

  1. align flags throughout KAS registry commands (i.e. --public-key should not have different shorthands, --id as -i should be consistent throughout all commands)
  2. improve code readability
  3. improve CLI e2e coverage of KAS registry CRUD

@jakedoublev jakedoublev requested a review from a team as a code owner November 20, 2024 18:56
@jakedoublev jakedoublev enabled auto-merge (squash) November 21, 2024 21:19
@jakedoublev jakedoublev mentioned this pull request Nov 21, 2024
Closed
@jakedoublev jakedoublev changed the title fix(core): kas registry get should allow -i 'id' flag shorthand fix(core): kas registry commands UX improvements Nov 21, 2024
@jakedoublev
Copy link
Contributor Author

jakedoublev commented Nov 21, 2024

@dmihalcik-virtru is it accurate that the KAS key pem should not be base64 encoded? That appears to be the case in our x-tests: https://github.com/opentdf/tests/blob/450ca7ffef8656eae765e1b62795a24e860d678b/xtest/conftest.py#L102

@dmihalcik-virtru
Copy link
Member

dmihalcik-virtru commented Dec 2, 2024

The KAS kas_public_key REST endpoint takes a fmt parameter which can be used to control how it is returned. IIRC it currently maybe handles raw and pkcs8 (or maybe 12 for certs)? Maybe you can do CERTIFICATE or PUBLIC KEY types? We probably should be storing PKCS8 in the database, it probably doesn't matter if they are also pem encoded or not and i could see the value either way (less logic for serving PEM encoded variants, which is what most clients will want - at least until we transition to JWK, but more efficient/more direct to store the ASN.1 binary directly).

@jakedoublev
Copy link
Contributor Author

jakedoublev commented Dec 2, 2024

Thanks @dmihalcik-virtru. With the underlying structure managed by the platform and the otdfctl CLI as a simple client, it sounds like the solution for now is to not base64 encode the public key of a registered KAS in these CLI e2e tests or examples.

@jakedoublev jakedoublev merged commit bed3701 into main Dec 3, 2024
9 checks passed
@jakedoublev jakedoublev deleted the fix/kasr-get-i branch December 3, 2024 15:12
@opentdf-automation opentdf-automation bot mentioned this pull request Dec 3, 2024
Merged
jakedoublev pushed a commit that referenced this pull request Dec 5, 2024
@opentdf-automation
chore(main): release 0.17.0 (#440)
8267840 
🤖 I have created a release *beep* *boop*
---


##
[0.17.0](v0.16.0...v0.17.0)
(2024-12-05)


### Features

* **core:** pagination of LIST commands
([#447](#447))
([673a064](673a064))
* **core:** subject condition set prune
([#439](#439))
([c4c8b8b](c4c8b8b))


### Bug Fixes

* **core:** kas registry get should allow -i 'id' flag shorthand
([#434](#434))
([bed3701](bed3701))
* **core:** sm list should provide value fqn instead of just value
string ([#438](#438))
([9a7cb72](9a7cb72))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
@opentdf-automation opentdf-automation bot mentioned this pull request Jun 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrschumacher jrschumacher jrschumacher approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jakedoublev @dmihalcik-virtru @jrschumacher