save

Author: strantalis

service/go.mod

@@ -56,6 +56,7 @@ require (
 	cel.dev/expr v0.19.1 // indirect
 	github.com/Masterminds/semver/v3 v3.3.1 // indirect
 	github.com/containerd/continuity v0.4.4 // indirect
+	github.com/oklog/ulid/v2 v2.1.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 )
 

service/go.sum

@@ -256,6 +256,8 @@ github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/oklog/ulid/v2 v2.1.0 h1:+9lhoxAP56we25tyYETBBY1YLA2SaoLvUFgrP2miPJU=
+github.com/oklog/ulid/v2 v2.1.0/go.mod h1:rcEKHmBBKfef9DhnvX7y1HZBYxjXb0cP5ExxNsTT1QQ=
 github.com/open-policy-agent/opa v1.4.2 h1:ag4upP7zMsa4WE2p1pwAFeG4Pn3mNwfAx9DLhhJfbjU=
 github.com/open-policy-agent/opa v1.4.2/go.mod h1:DNzZPKqKh4U0n0ANxcCVlw8lCSv2c+h5G/3QvSYdWZ8=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -282,6 +284,7 @@ github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4a
 github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
 github.com/paulmach/orb v0.10.0 h1:guVYVqzxHE/CQ1KpfGO077TR0ATHSNjp4s6XGLn3W9s=
 github.com/paulmach/orb v0.10.0/go.mod h1:5mULz1xQfs3bmQm63QEJA6lNGujuRafwA5S/EnuLaLU=
+github.com/pborman/getopt v0.0.0-20170112200414-7148bc3a4c30/go.mod h1:85jBQOZwpVEaDAr341tbn15RS4fCAsIst0qp7i8ex1o=
 github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
 github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pierrec/lz4/v4 v4.1.18 h1:xaKrnTkyoqfh1YItXl56+6KJNVYWlEEPuAQW9xsplYQ=

service/integration/attribute_fqns_test.go

@@ -2,6 +2,7 @@ package integration
 
 import (
 	"context"
+	"encoding/base64"
 	"fmt"
 	"log/slog"
 	"strings"
@@ -142,14 +143,6 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithCasingNormalized() {
 	valueFixture := s.f.GetAttributeValueKey(fqnFixtureKey)
 	key := s.f.GetKasRegistryServerKeys("kas_key_1")
 
-	// assign a KAS grant to the value
-	kas, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
-		Uri:       "https://testing_granted_values.com/kas",
-		PublicKey: &policy.PublicKey{},
-	})
-	s.Require().NoError(err)
-	s.NotNil(kas)
-
 	grant, err := s.db.PolicyClient.AssignPublicKeyToValue(s.ctx, &attributes.ValueKey{
 		KeyId:   key.ID,
 		ValueId: valueFixture.ID,
@@ -449,14 +442,6 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
 	s.Require().NoError(err)
 	s.NotNil(a)
 
-	// create a new kas registration
-	remoteKAS, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
-		Uri:       "https://example.org/kas",
-		PublicKey: &policy.PublicKey{},
-	})
-	s.Require().NoError(err)
-	s.NotNil(remoteKAS)
-
 	// make a first grant association to the attribute definition
 	keyMapping, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{
 		KeyId:       key.ID,
@@ -465,17 +450,6 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
 	s.Require().NoError(err)
 	s.NotNil(keyMapping)
 
-	// create a second kas registration and grant it to the attribute definition
-	cachedKeyPem := "cached_key"
-	cachedKASName := "test_kas_name"
-	cachedKas, err := s.db.PolicyClient.CreateKeyAccessServer(s.ctx, &kasregistry.CreateKeyAccessServerRequest{
-		Uri:       "https://example.org/kas2",
-		PublicKey: &policy.PublicKey{},
-		Name:      cachedKASName,
-	})
-	s.Require().NoError(err)
-	s.NotNil(cachedKas)
-
 	keyMapping2, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{
 		KeyId:       key2.ID,
 		AttributeId: a.GetId(),
@@ -490,16 +464,15 @@ func (s *AttributeFqnSuite) TestGetAttributeByFqn_WithKeyAccessGrants_Definition
 
 	// ensure the attribute has the grants
 	s.Len(got.GetGrants(), 2)
-	grantIDs := []string{remoteKAS.GetId(), cachedKas.GetId()}
+	grantIDs := []string{key.KeyAccessServerID, key2.KeyAccessServerID}
 	s.Contains(grantIDs, got.GetGrants()[0].GetId())
 	s.Contains(grantIDs, got.GetGrants()[1].GetId())
-	s.NotEqual(got.GetGrants()[0].GetId(), got.GetGrants()[1].GetId())
-	// ensure grant has cached key pem
 	pemIsPresent := false
-	for _, g := range got.GetGrants() {
+
+	for i, g := range got.GetGrants() {
 		if g.GetId() == key2.KeyAccessServerID {
-			s.Equal(g.GetPublicKey().GetCached().GetKeys()[0].GetPem(), cachedKeyPem)
-			s.Equal(g.GetName(), cachedKASName)
+			s.Equal(base64.StdEncoding.EncodeToString([]byte(g.GetPublicKey().GetCached().GetKeys()[i].GetPem())), key2.PublicKeyCtx)
+			s.Equal(g.GetId(), key2.KeyAccessServerID)
 			pemIsPresent = true
 		}
 	}

service/integration/main_test.go

@@ -12,6 +12,7 @@ import (
 	"github.com/creasty/defaults"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-connections/nat"
+	"github.com/oklog/ulid/v2"
 	"github.com/opentdf/platform/service/internal/fixtures"
 	tc "github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
@@ -73,14 +74,14 @@ func TestMain(m *testing.M) {
 		ProviderType: providerType,
 		ContainerRequest: tc.ContainerRequest{
 			Image:        "postgres:15-alpine",
-			Name:         "testcontainer-postgres",
+			Name:         "testcontainer-postgres-" + ulid.Make().String(),
 			ExposedPorts: []string{"5432/tcp"},
 			HostConfigModifier: func(config *container.HostConfig) {
 				config.PortBindings = nat.PortMap{
 					"5432/tcp": []nat.PortBinding{
 						{
 							HostIP:   "0.0.0.0",
-							HostPort: "54322",
+							HostPort: "",
 						},
 					},
 				}