Skip to content

Commit b277ab4

Browse files
jakedoublevjakedoublev
authored
feat(policy): add optional name field to registered KASes in policy (#1641)
Resolves #153
1 parent 92ac86a commit b277ab4

File tree

12 files changed

+295
-85
lines changed

12 files changed

+295
-85
lines changed

service/integration/attribute_fqns_test.go

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -242,6 +242,7 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
242242

243243
// create a second kas registration and grant it to the attribute definition
244244
cachedKeyPem := "cached_key"
245+
cachedKASName := "test_kas_name"
245246
cachedKas, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
246247
Uri: "https://example.org/kas2",
247248
PublicKey: &policy.PublicKey{
@@ -255,6 +256,7 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
255256
},
256257
},
257258
},
259+
Name: cachedKASName,
258260
})
259261
s.Require().NoError(err)
260262
s.NotNil(cachedKas)
@@ -283,6 +285,7 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
283285
for _, g := range got.GetGrants() {
284286
if g.GetId() == cachedKasID {
285287
s.Equal(g.GetPublicKey().GetCached().GetKeys()[0].GetPem(), cachedKeyPem)
288+
s.Equal(g.GetName(), cachedKASName)
286289
pemIsPresent = true
287290
}
288291
}
@@ -350,13 +353,15 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Values() {
350353
s.Empty(got.GetValues()[0].GetGrants())
351354

352355
// create a new kas registration
356+
remoteKASName := "testing-io-remote"
353357
remoteKAS, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
354358
Uri: "https://testing.io/kas",
355359
PublicKey: &policy.PublicKey{
356360
PublicKey: &policy.PublicKey_Remote{
357361
Remote: "https://testing.org/kas",
358362
},
359363
},
364+
Name: remoteKASName,
360365
})
361366
s.Require().NoError(err)
362367
s.NotNil(remoteKAS)
@@ -370,7 +375,8 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Values() {
370375
s.NotNil(grant)
371376

372377
// create a second kas registration and grant it to the second value
373-
localKAS, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
378+
cachedKASName := "testion-io-local"
379+
cachedKAS, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
374380
Uri: "https://testing.io/kas2",
375381
PublicKey: &policy.PublicKey{
376382
PublicKey: &policy.PublicKey_Cached{
@@ -383,12 +389,13 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Values() {
383389
},
384390
},
385391
},
392+
Name: cachedKASName,
386393
})
387394
s.Require().NoError(err)
388-
s.NotNil(localKAS)
395+
s.NotNil(cachedKAS)
389396

390397
grant2, err := s.db.PolicyClient.AssignKeyAccessServerToValue(s.ctx, &attributes.ValueKeyAccessServer{
391-
KeyAccessServerId: localKAS.GetId(),
398+
KeyAccessServerId: cachedKAS.GetId(),
392399
ValueId: valueSecond.GetId(),
393400
})
394401
s.Require().NoError(err)
@@ -410,13 +417,16 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Values() {
410417
s.Empty(got.GetGrants())
411418

412419
for _, v := range got.GetValues() {
420+
grants := v.GetGrants()
421+
s.Require().Len(grants, 1)
422+
firstGrant := grants[0]
413423
switch v.GetId() {
414424
case valueFirst.GetId():
415-
s.Require().Len(v.GetGrants(), 1)
416-
s.Equal(remoteKAS.GetId(), v.GetGrants()[0].GetId())
425+
s.Equal(remoteKAS.GetId(), firstGrant.GetId())
426+
s.Equal(remoteKASName, firstGrant.GetName())
417427
case valueSecond.GetId():
418-
s.Require().Len(v.GetGrants(), 1)
419-
s.Equal(localKAS.GetId(), v.GetGrants()[0].GetId())
428+
s.Equal(cachedKAS.GetId(), firstGrant.GetId())
429+
s.Equal(cachedKASName, firstGrant.GetName())
420430
default:
421431
s.Fail("unexpected value", v)
422432
}
@@ -584,13 +594,15 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_NamespaceG
584594
s.NotNil(attr)
585595

586596
// create a new kas registration
597+
nsKASName := "namespace-kas1"
587598
kas, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
588599
Uri: "https://testing_granted_namespace.com/kas",
589600
PublicKey: &policy.PublicKey{
590601
PublicKey: &policy.PublicKey_Remote{
591602
Remote: "https://testing_granted_namespace.com/kas",
592603
},
593604
},
605+
Name: nsKASName,
594606
})
595607
s.Require().NoError(err)
596608
s.NotNil(kas)
@@ -610,8 +622,10 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_NamespaceG
610622

611623
// ensure the namespace has the grants
612624
gotNs := got.GetNamespace()
613-
s.Len(gotNs.GetGrants(), 1)
614-
s.Equal(kas.GetId(), gotNs.GetGrants()[0].GetId())
625+
grants := gotNs.GetGrants()
626+
s.Len(grants, 1)
627+
s.Equal(kas.GetId(), grants[0].GetId())
628+
s.Equal(nsKASName, grants[0].GetName())
615629
}
616630

617631
// for all the big tests set up:

service/integration/attribute_values_test.go

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,8 @@ func (s *AttributeValuesSuite) Test_GetAttributeValue_ContainsKASGrants() {
108108
s.NotNil(got)
109109
s.Empty(got.GetGrants())
110110

111-
fixtureKeyAccessServerID = s.f.GetKasRegistryKey("key_access_server_1").ID
111+
fixtureKeyAccessServer := s.f.GetKasRegistryKey("key_access_server_1")
112+
fixtureKeyAccessServerID := fixtureKeyAccessServer.ID
112113
assignment := &attributes.ValueKeyAccessServer{
113114
ValueId: createdValue.GetId(),
114115
KeyAccessServerId: fixtureKeyAccessServerID,
@@ -122,8 +123,10 @@ func (s *AttributeValuesSuite) Test_GetAttributeValue_ContainsKASGrants() {
122123
s.Require().NoError(err)
123124
s.NotNil(got)
124125
s.Equal(createdValue.GetId(), got.GetId())
125-
s.Len(got.GetGrants(), 1)
126-
s.Equal(fixtureKeyAccessServerID, got.GetGrants()[0].GetId())
126+
gotGrants := got.GetGrants()
127+
s.Len(gotGrants, 1)
128+
s.Equal(fixtureKeyAccessServerID, gotGrants[0].GetId())
129+
s.Equal(fixtureKeyAccessServer.Name, gotGrants[0].GetName())
127130
}
128131

129132
func (s *AttributeValuesSuite) Test_CreateAttributeValue_SetsActiveStateTrueByDefault() {

service/integration/attributes_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,7 @@ func (s *AttributesSuite) Test_GetAttribute_ContainsKASGrants() {
342342
Remote: "https://example.com/kas/key/1",
343343
},
344344
},
345+
Name: "def_kas-name",
345346
}
346347
createdKAS, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, kas)
347348
s.Require().NoError(err)
@@ -362,8 +363,10 @@ func (s *AttributesSuite) Test_GetAttribute_ContainsKASGrants() {
362363
s.Require().NoError(err)
363364
s.NotNil(gotAttr)
364365

365-
s.Len(gotAttr.GetGrants(), 1)
366-
s.Equal(createdKAS.GetId(), gotAttr.GetGrants()[0].GetId())
366+
gotGrants := gotAttr.GetGrants()
367+
s.Len(gotGrants, 1)
368+
s.Equal(createdKAS.GetId(), gotGrants[0].GetId())
369+
s.Equal(kas.GetName(), gotGrants[0].GetName())
367370
}
368371

369372
func (s *AttributesSuite) Test_ListAttributes() {

0 commit comments

Comments
 (0)