chore(ci): Support key-management in start-additional-kas action (#2903)

c-r33d · web-flow · commit 56b07403bfb0 · 2025-11-13T20:33:52.000Z
### Proposed Changes

1.) Add support for basic key management tests within the
start-additional-kas github action

### Checklist

- [ ] I have added or updated unit tests
- [ ] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation

### Testing Instructions
diff --git a/test/start-additional-kas/action.yaml b/test/start-additional-kas/action.yaml
@@ -17,18 +17,35 @@ inputs:
     description: 'Whether to enable ECC wrapping for TDFs'
     required: false
     type: boolean
+  key-management:
+    default: false
+    description: 'Whether or not key_management is enabled for this KAS'
+    type: boolean
+  root-key:
+    default: ''
+    description: 'The root key to be used with key_management'
+    type: string
 
 runs:
   using: 'composite'
   steps:
+    - name: Validate inputs
+      if: ${{ inputs.key-management == 'true' && inputs.root-key == '' }}
+      shell: bash
+      run: |
+        echo "Error: root-key is required when key-management is true."
+        exit 1
     - uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635 # v1.0.7
       name: Start another KAS server in background
       with:
         run: >
           <opentdf-dev.yaml >opentdf-${{ inputs.kas-name }}.yaml yq e '
             (.server.port = ${{ inputs.kas-port }})
             | (.mode = ["kas"])
-            | (.services.kas.ec_tdf_enabled = ${{ inputs.ec-tdf-enabled }})
+            | (.services.kas.preview.ec_tdf_enabled = ${{ inputs.ec-tdf-enabled }})
+            | (.services.kas.preview.key_management = ${{ inputs.key-management }})
+            | (.services.kas.registered_kas_uri = "http://localhost:${{ inputs.kas-port }}")
+            | (.services.kas.root_key = "${{ inputs.root-key }}")
             | (.sdk_config = {"client_id":"opentdf","client_secret":"secret","core":{"endpoint":"http://localhost:8080","plaintext":true}})
           '
           && .github/scripts/watch.sh opentdf-${{ inputs.kas-name }}.yaml ./opentdf --config-file ./opentdf-${{ inputs.kas-name }}.yaml start
