fix(sdk): fixes Manifests JSONs with OIDC #140
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmihalcik-virtru
requested changes
Feb 7, 2024
Member
dmihalcik-virtru
left a comment
dmihalcik-virtru
left a comment
There was a problem hiding this comment.
A couple of small changes (context, naming) but looks good
| return authConfig, nil | ||
| } | ||
| func (a *AuthConfig) fetchOIDCAccessToken(host, realm, clientId, clientSecret, subjectToken string) (string, error) { | ||
| data := url.Values{"grant_type": {"urn:ietf:params:oauth:grant-type:token-exchange"}, "client_id": {clientId}, "client_secret": {clientSecret}, "subject_token": {subjectToken}, "requested_token_type": {"urn:ietf:params:oauth:token-type:access_token"}} |
Member
There was a problem hiding this comment.
did you run go fmt on this?
Contributor
Author
There was a problem hiding this comment.
I did... i wasnt sure if i shouldve done it manually, as it slightly annoyed me, but i left it as is.
dmihalcik-virtru
approved these changes
Feb 7, 2024
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 22, 2024
🤖 I have created a release *beep* *boop* --- ## [0.1.0](sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](#51)) ([8a6b876](8a6b876)) * **auth:** add authorization via casbin ([#417](#417)) ([292f2bd](292f2bd)) * in-process service to service communication ([#311](#311)) ([ec5eb76](ec5eb76)) * **kas:** support HSM and standard crypto ([#497](#497)) ([f0cbe03](f0cbe03)) * key access server assignments ([#111](#111)) ([a48d686](a48d686)), closes [#117](#117) * key access server registry impl ([#66](#66)) ([cf6b3c6](cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](#54)) ([b3f32b1](b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](#586)) ([5e2cba0](5e2cba0)) * **policy:** add FQN pivot table ([#208](#208)) ([abb734c](abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](#96) [#108](#108) ([#191](#191)) ([02e92a6](02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](#83)) ([c144db1](c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](#271)) ([f1bacab](f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](#45)) ([dbd3cf9](dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](#260)) ([7d051a1](7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](#252)) ([84017aa](84017aa)) * **sdk:** Include auth token in grpc ([#367](#367)) ([75cb5cd](75cb5cd)) * **sdk:** normalize token exchange ([#546](#546)) ([9059dff](9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](#435)) ([2d283de](2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](#445)) ([8ecbe79](8ecbe79)) * **sdk:** sdk stub ([#10](#10)) ([8dfca6a](8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](#340)) ([72059cb](72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](#59)) ([59a073b](59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](#73)) ([9d0e0a0](9d0e0a0)) * **tdf:** sdk interface changes ([#123](#123)) ([2aa2422](2aa2422)) * **tdf:** sdk interface cleanup ([#201](#201)) ([6f7d815](6f7d815)) * **tdf:** TDFOption varargs interface ([#235](#235)) ([b3fb720](b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](#373)) ([6548f55](6548f55)) * attribute missing rpc method for listing attribute values ([#69](#69)) ([1b3a831](1b3a831)) * **attribute value:** fixes attribute value crud ([#86](#86)) ([568df9c](568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](#100)) ([e0f6d07](e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](#125)) ([112638b](112638b)), closes [#124](#124) * **proto/acre:** fix resource encoding service typo ([#30](#30)) ([fe709d2](fe709d2)) * remove padding when b64 encoding ([#437](#437)) ([d40e94a](d40e94a)) * SDK Quickstart ([#628](#628)) ([f27ab98](f27ab98)) * **sdk:** change unwrapper creation ([#346](#346)) ([9206435](9206435)) * **sdk:** double bearer token in auth config ([#350](#350)) ([1bf4699](1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](#140)) ([a4b6937](a4b6937)) * **sdk:** handle err ([#548](#548)) ([ebabb6c](ebabb6c)) * **sdk:** make KasInfo fields public ([#320](#320)) ([9a70498](9a70498)) * **sdk:** shutdown conn ([#352](#352)) ([3def038](3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](#309)) ([b34c2fe](b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](#400)) ([a7f1908](a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](#461)) ([7deb51e](7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
tech-guru42
added a commit
to tech-guru42/TDF
that referenced
this pull request
Jun 3, 2024
🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](opentdf/platform#51)) ([8a6b876](opentdf/platform@8a6b876)) * **auth:** add authorization via casbin ([#417](opentdf/platform#417)) ([292f2bd](opentdf/platform@292f2bd)) * in-process service to service communication ([#311](opentdf/platform#311)) ([ec5eb76](opentdf/platform@ec5eb76)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * key access server assignments ([#111](opentdf/platform#111)) ([a48d686](opentdf/platform@a48d686)), closes [#117](opentdf/platform#117) * key access server registry impl ([#66](opentdf/platform#66)) ([cf6b3c6](opentdf/platform@cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](opentdf/platform#54)) ([b3f32b1](opentdf/platform@b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](opentdf/platform#586)) ([5e2cba0](opentdf/platform@5e2cba0)) * **policy:** add FQN pivot table ([#208](opentdf/platform#208)) ([abb734c](opentdf/platform@abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](opentdf/platform#96) [#108](opentdf/platform#108) ([#191](opentdf/platform#191)) ([02e92a6](opentdf/platform@02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](opentdf/platform#83)) ([c144db1](opentdf/platform@c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](opentdf/platform#271)) ([f1bacab](opentdf/platform@f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](opentdf/platform#45)) ([dbd3cf9](opentdf/platform@dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](opentdf/platform#260)) ([7d051a1](opentdf/platform@7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](opentdf/platform#252)) ([84017aa](opentdf/platform@84017aa)) * **sdk:** Include auth token in grpc ([#367](opentdf/platform#367)) ([75cb5cd](opentdf/platform@75cb5cd)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](opentdf/platform#435)) ([2d283de](opentdf/platform@2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](opentdf/platform#445)) ([8ecbe79](opentdf/platform@8ecbe79)) * **sdk:** sdk stub ([#10](opentdf/platform#10)) ([8dfca6a](opentdf/platform@8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](opentdf/platform#340)) ([72059cb](opentdf/platform@72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](opentdf/platform#59)) ([59a073b](opentdf/platform@59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](opentdf/platform#73)) ([9d0e0a0](opentdf/platform@9d0e0a0)) * **tdf:** sdk interface changes ([#123](opentdf/platform#123)) ([2aa2422](opentdf/platform@2aa2422)) * **tdf:** sdk interface cleanup ([#201](opentdf/platform#201)) ([6f7d815](opentdf/platform@6f7d815)) * **tdf:** TDFOption varargs interface ([#235](opentdf/platform#235)) ([b3fb720](opentdf/platform@b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](opentdf/platform#373)) ([6548f55](opentdf/platform@6548f55)) * attribute missing rpc method for listing attribute values ([#69](opentdf/platform#69)) ([1b3a831](opentdf/platform@1b3a831)) * **attribute value:** fixes attribute value crud ([#86](opentdf/platform#86)) ([568df9c](opentdf/platform@568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](opentdf/platform#100)) ([e0f6d07](opentdf/platform@e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](opentdf/platform#125)) ([112638b](opentdf/platform@112638b)), closes [#124](opentdf/platform#124) * **proto/acre:** fix resource encoding service typo ([#30](opentdf/platform#30)) ([fe709d2](opentdf/platform@fe709d2)) * remove padding when b64 encoding ([#437](opentdf/platform#437)) ([d40e94a](opentdf/platform@d40e94a)) * SDK Quickstart ([#628](opentdf/platform#628)) ([f27ab98](opentdf/platform@f27ab98)) * **sdk:** change unwrapper creation ([#346](opentdf/platform#346)) ([9206435](opentdf/platform@9206435)) * **sdk:** double bearer token in auth config ([#350](opentdf/platform#350)) ([1bf4699](opentdf/platform@1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](opentdf/platform#140)) ([a4b6937](opentdf/platform@a4b6937)) * **sdk:** handle err ([#548](opentdf/platform#548)) ([ebabb6c](opentdf/platform@ebabb6c)) * **sdk:** make KasInfo fields public ([#320](opentdf/platform#320)) ([9a70498](opentdf/platform@9a70498)) * **sdk:** shutdown conn ([#352](opentdf/platform#352)) ([3def038](opentdf/platform@3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](opentdf/platform#309)) ([b34c2fe](opentdf/platform@b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](opentdf/platform#400)) ([a7f1908](opentdf/platform@a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](opentdf/platform#461)) ([7deb51e](opentdf/platform@7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
passion-127
added a commit
to passion-127/TDF
that referenced
this pull request
Jun 6, 2024
🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](opentdf/platform#51)) ([8a6b876](opentdf/platform@8a6b876)) * **auth:** add authorization via casbin ([#417](opentdf/platform#417)) ([292f2bd](opentdf/platform@292f2bd)) * in-process service to service communication ([#311](opentdf/platform#311)) ([ec5eb76](opentdf/platform@ec5eb76)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * key access server assignments ([#111](opentdf/platform#111)) ([a48d686](opentdf/platform@a48d686)), closes [#117](opentdf/platform#117) * key access server registry impl ([#66](opentdf/platform#66)) ([cf6b3c6](opentdf/platform@cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](opentdf/platform#54)) ([b3f32b1](opentdf/platform@b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](opentdf/platform#586)) ([5e2cba0](opentdf/platform@5e2cba0)) * **policy:** add FQN pivot table ([#208](opentdf/platform#208)) ([abb734c](opentdf/platform@abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](opentdf/platform#96) [#108](opentdf/platform#108) ([#191](opentdf/platform#191)) ([02e92a6](opentdf/platform@02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](opentdf/platform#83)) ([c144db1](opentdf/platform@c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](opentdf/platform#271)) ([f1bacab](opentdf/platform@f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](opentdf/platform#45)) ([dbd3cf9](opentdf/platform@dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](opentdf/platform#260)) ([7d051a1](opentdf/platform@7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](opentdf/platform#252)) ([84017aa](opentdf/platform@84017aa)) * **sdk:** Include auth token in grpc ([#367](opentdf/platform#367)) ([75cb5cd](opentdf/platform@75cb5cd)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](opentdf/platform#435)) ([2d283de](opentdf/platform@2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](opentdf/platform#445)) ([8ecbe79](opentdf/platform@8ecbe79)) * **sdk:** sdk stub ([#10](opentdf/platform#10)) ([8dfca6a](opentdf/platform@8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](opentdf/platform#340)) ([72059cb](opentdf/platform@72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](opentdf/platform#59)) ([59a073b](opentdf/platform@59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](opentdf/platform#73)) ([9d0e0a0](opentdf/platform@9d0e0a0)) * **tdf:** sdk interface changes ([#123](opentdf/platform#123)) ([2aa2422](opentdf/platform@2aa2422)) * **tdf:** sdk interface cleanup ([#201](opentdf/platform#201)) ([6f7d815](opentdf/platform@6f7d815)) * **tdf:** TDFOption varargs interface ([#235](opentdf/platform#235)) ([b3fb720](opentdf/platform@b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](opentdf/platform#373)) ([6548f55](opentdf/platform@6548f55)) * attribute missing rpc method for listing attribute values ([#69](opentdf/platform#69)) ([1b3a831](opentdf/platform@1b3a831)) * **attribute value:** fixes attribute value crud ([#86](opentdf/platform#86)) ([568df9c](opentdf/platform@568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](opentdf/platform#100)) ([e0f6d07](opentdf/platform@e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](opentdf/platform#125)) ([112638b](opentdf/platform@112638b)), closes [#124](opentdf/platform#124) * **proto/acre:** fix resource encoding service typo ([#30](opentdf/platform#30)) ([fe709d2](opentdf/platform@fe709d2)) * remove padding when b64 encoding ([#437](opentdf/platform#437)) ([d40e94a](opentdf/platform@d40e94a)) * SDK Quickstart ([#628](opentdf/platform#628)) ([f27ab98](opentdf/platform@f27ab98)) * **sdk:** change unwrapper creation ([#346](opentdf/platform#346)) ([9206435](opentdf/platform@9206435)) * **sdk:** double bearer token in auth config ([#350](opentdf/platform#350)) ([1bf4699](opentdf/platform@1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](opentdf/platform#140)) ([a4b6937](opentdf/platform@a4b6937)) * **sdk:** handle err ([#548](opentdf/platform#548)) ([ebabb6c](opentdf/platform@ebabb6c)) * **sdk:** make KasInfo fields public ([#320](opentdf/platform#320)) ([9a70498](opentdf/platform@9a70498)) * **sdk:** shutdown conn ([#352](opentdf/platform#352)) ([3def038](opentdf/platform@3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](opentdf/platform#309)) ([b34c2fe](opentdf/platform@b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](opentdf/platform#400)) ([a7f1908](opentdf/platform@a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](opentdf/platform#461)) ([7deb51e](opentdf/platform@7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Some of the JSONS had small changes that needed to be made in order to work with KAS. This also adds OIDC so it can be tested with KAS.
Changes:
Tested with local KAS and correctly works.