Skip to content

feat(policy): add FQNs to obligation defs + vals #2749

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Sep 29, 2025
Merged

feat(policy): add FQNs to obligation defs + vals #2749

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
cf7a4f7
obligation fqn impl
alkalescent Sep 17, 2025
b540d19
tests
alkalescent Sep 19, 2025
e34f9e1
Merge branch 'main' of github.com:opentdf/platform into DSPX-1661-fqn
alkalescent Sep 19, 2025
fc6ac38
add fqns to create and get obl defs
alkalescent Sep 19, 2025
06ba0b2
add fqns to get obls by fqn
alkalescent Sep 19, 2025
98ada79
more
alkalescent Sep 19, 2025
6d5a4bb
done w fxs
alkalescent Sep 19, 2025
eb5f9d1
assert fqns in integration tests
alkalescent Sep 19, 2025
6cf3a23
helper fx
alkalescent Sep 19, 2025
597625c
Merge branch 'main' of github.com:opentdf/platform into DSPX-1661-fqn
alkalescent Sep 23, 2025
8cbad0f
Merge branch 'main' of github.com:opentdf/platform into DSPX-1661-fqn
alkalescent Sep 24, 2025
9a10e5d
remove lib identifier changes
alkalescent Sep 24, 2025
a984ab2
revert more
alkalescent Sep 24, 2025
4797c36
Merge branch 'main' of github.com:opentdf/platform into DSPX-1661-fqn
alkalescent Sep 29, 2025
997afc4
update lib/identifier
alkalescent Sep 29, 2025
c299cd3
go mod tidy
alkalescent Sep 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion service/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ require (
github.com/open-policy-agent/opa v1.5.1
github.com/opentdf/platform/lib/fixtures v0.3.0
github.com/opentdf/platform/lib/flattening v0.1.3
github.com/opentdf/platform/lib/identifier v0.1.0
github.com/opentdf/platform/lib/identifier v0.2.0
github.com/opentdf/platform/lib/ocrypto v0.6.0
github.com/opentdf/platform/protocol/go v0.11.0
github.com/opentdf/platform/sdk v0.7.0
Expand Down
4 changes: 2 additions & 2 deletions service/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,8 +251,8 @@ github.com/opentdf/platform/lib/fixtures v0.3.0 h1:pgEm9ynMDIFH7Wd/lre2tfvtura8L
github.com/opentdf/platform/lib/fixtures v0.3.0/go.mod h1:K/r0REv5MYClnkuiCxCOT1LTXbuIDP0kqixlGmPQzXc=
github.com/opentdf/platform/lib/flattening v0.1.3 h1:IuOm/wJVXNrzOV676Ticgr0wyBkL+lVjsoSfh+WSkNo=
github.com/opentdf/platform/lib/flattening v0.1.3/go.mod h1:Gs/T+6FGZKk9OAdz2Jf1R8CTGeNRYrq1lZGDeYT3hrY=
github.com/opentdf/platform/lib/identifier v0.1.0 h1:R6Q9z+iSRTIUWm87s9xIImf4u7B53N7TyRzeJ/VkmwE=
github.com/opentdf/platform/lib/identifier v0.1.0/go.mod h1:/tHnLlSVOq3qmbIYSvKrtuZchQfagenv4wG5twl4oRs=
github.com/opentdf/platform/lib/identifier v0.2.0 h1:lpz/QmkGwlli8PmBvDH2bPqWvpna0n0lbEX0+bH3P0o=
github.com/opentdf/platform/lib/identifier v0.2.0/go.mod h1:/tHnLlSVOq3qmbIYSvKrtuZchQfagenv4wG5twl4oRs=
github.com/opentdf/platform/lib/ocrypto v0.6.0 h1:CvluMv44dZ4vD0oLpJEoKnm4/BGJzaH8HTcTd8I0kWg=
github.com/opentdf/platform/lib/ocrypto v0.6.0/go.mod h1:sYhoBL1bQYgQVSSNpxU13RsrE5JAk8BABT1hfr9L3j8=
github.com/opentdf/platform/protocol/go v0.11.0 h1:HJWV9QOF3ERpiiXJbEJn0IV/B36FQ2gHt9hJnbfd1xo=
Expand Down
2 changes: 2 additions & 0 deletions service/integration/obligations_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1601,6 +1601,7 @@ func (s *ObligationsSuite) assertObligationBasics(obl *policy.Obligation, name,
s.Equal(name, obl.GetName())
s.assertNamespace(obl.GetNamespace(), namespaceID, namespaceName, namespaceFQN)
s.assertMetadata(obl.GetMetadata())
s.Equal(identifier.BuildOblFQN(namespaceFQN, name), obl.GetFqn())
}

func (s *ObligationsSuite) assertNamespace(ns *policy.Namespace, namespaceID, namespaceName, namespaceFQN string) {
Expand Down Expand Up @@ -1633,6 +1634,7 @@ func (s *ObligationsSuite) assertObligationValueBasics(oblValue *policy.Obligati
s.Equal(value, oblValue.GetValue())
s.assertNamespace(oblValue.GetObligation().GetNamespace(), namespaceID, namespaceName, namespaceFQN)
s.assertMetadata(oblValue.GetMetadata())
s.Equal(identifier.BuildOblValFQN(namespaceFQN, oblValue.GetObligation().GetName(), value), oblValue.GetFqn())
}

func (s *ObligationsSuite) setupTriggerTests() *TriggerSetup {
Expand Down
75 changes: 62 additions & 13 deletions service/policy/db/obligations.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,14 @@ import (
"google.golang.org/protobuf/types/known/timestamppb"
)

func setOblValFQNs(values []*policy.ObligationValue, nsFQN, name string) []*policy.ObligationValue {
for i, v := range values {
v.Fqn = identifier.BuildOblValFQN(nsFQN, name, v.GetValue())
values[i] = v
}
return values
}

///
/// Obligation Definitions
///
Expand Down Expand Up @@ -57,13 +65,16 @@ func (c PolicyDBClient) CreateObligation(ctx context.Context, r *obligations.Cre
metadata.CreatedAt = now
metadata.UpdatedAt = now

nsFQN := namespace.GetFqn()
oblVals = setOblValFQNs(oblVals, nsFQN, name)

return &policy.Obligation{
Id: row.ID,
Name: name,
Metadata: metadata,
Namespace: namespace,
Values: oblVals,
Fqn: identifier.BuildOblFQN(namespace.GetFqn(), name),
Fqn: identifier.BuildOblFQN(nsFQN, name),
}, nil
}

Expand All @@ -80,6 +91,7 @@ func (c PolicyDBClient) GetObligation(ctx context.Context, r *obligations.GetObl
return nil, db.WrapIfKnownInvalidQueryErr(err)
}

name := row.Name
oblVals, err := unmarshalObligationValues(row.Values)
if err != nil {
return nil, fmt.Errorf("failed to unmarshal obligation values: %w", err)
Expand All @@ -90,17 +102,21 @@ func (c PolicyDBClient) GetObligation(ctx context.Context, r *obligations.GetObl
return nil, fmt.Errorf("failed to unmarshal obligation namespace: %w", err)
}

nsFQN = namespace.GetFqn()
oblVals = setOblValFQNs(oblVals, nsFQN, name)

metadata := &common.Metadata{}
if err := unmarshalMetadata(row.Metadata, metadata); err != nil {
return nil, fmt.Errorf("failed to unmarshal obligation metadata: %w", err)
}

return &policy.Obligation{
Id: row.ID,
Name: row.Name,
Name: name,
Metadata: metadata,
Namespace: namespace,
Values: oblVals,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}, nil
}

Expand Down Expand Up @@ -139,13 +155,17 @@ func (c PolicyDBClient) GetObligationsByFQNs(ctx context.Context, r *obligations
if err != nil {
return nil, err
}
name := r.Name
nsFQN := namespace.GetFqn()
values = setOblValFQNs(values, nsFQN, name)

obls[i] = &policy.Obligation{
Id: r.ID,
Name: r.Name,
Name: name,
Metadata: metadata,
Namespace: namespace,
Values: values,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}
}

Expand Down Expand Up @@ -187,12 +207,17 @@ func (c PolicyDBClient) ListObligations(ctx context.Context, r *obligations.List
return nil, nil, err
}

name := r.Name
nsFQN := namespace.GetFqn()
values = setOblValFQNs(values, nsFQN, name)

obls[i] = &policy.Obligation{
Id: r.ID,
Name: r.Name,
Name: name,
Metadata: metadata,
Namespace: namespace,
Values: values,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}
}

Expand Down Expand Up @@ -246,13 +271,18 @@ func (c PolicyDBClient) UpdateObligation(ctx context.Context, r *obligations.Upd
}
metadata.CreatedAt = obl.GetMetadata().GetCreatedAt()
metadata.UpdatedAt = now
namespace := obl.GetNamespace()
nsFQN := namespace.GetFqn()
values := obl.GetValues()
values = setOblValFQNs(values, nsFQN, name)

return &policy.Obligation{
Id: id,
Name: name,
Metadata: metadata,
Namespace: obl.GetNamespace(),
Values: obl.GetValues(),
Namespace: namespace,
Values: values,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}, nil
}

Expand Down Expand Up @@ -333,10 +363,13 @@ func (c PolicyDBClient) CreateObligationValue(ctx context.Context, r *obligation
metadata.CreatedAt = now
metadata.UpdatedAt = now

name := row.Name
nsFQN = namespace.GetFqn()
obl := &policy.Obligation{
Id: row.ObligationID,
Name: row.Name,
Name: name,
Namespace: namespace,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}

return &policy.ObligationValue{
Expand All @@ -345,7 +378,7 @@ func (c PolicyDBClient) CreateObligationValue(ctx context.Context, r *obligation
Value: value,
Metadata: metadata,
Triggers: triggers,
Fqn: identifier.BuildOblValFQN(namespace.GetFqn(), obl.GetName(), value),
Fqn: identifier.BuildOblValFQN(nsFQN, name, value),
}, nil
}

Expand Down Expand Up @@ -378,18 +411,23 @@ func (c PolicyDBClient) GetObligationValue(ctx context.Context, r *obligations.G
return nil, fmt.Errorf("failed to unmarshal obligation triggers: %w", err)
}

name := row.Name
value := row.Value
nsFQN = namespace.GetFqn()
obl := &policy.Obligation{
Id: row.ObligationID,
Name: row.Name,
Name: name,
Namespace: namespace,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}

return &policy.ObligationValue{
Id: row.ID,
Obligation: obl,
Value: row.Value,
Value: value,
Metadata: metadata,
Triggers: triggers,
Fqn: identifier.BuildOblValFQN(nsFQN, name, value),
}, nil
}

Expand Down Expand Up @@ -432,18 +470,23 @@ func (c PolicyDBClient) GetObligationValuesByFQNs(ctx context.Context, r *obliga
return nil, fmt.Errorf("failed to unmarshal obligation triggers: %w", err)
}

name := r.Name
value := r.Value
nsFQN := namespace.GetFqn()
obl := &policy.Obligation{
Id: r.ObligationID,
Name: r.Name,
Name: name,
Namespace: namespace,
Fqn: identifier.BuildOblFQN(nsFQN, name),
}

vals[i] = &policy.ObligationValue{
Id: r.ID,
Value: r.Value,
Value: value,
Metadata: metadata,
Obligation: obl,
Triggers: triggers,
Fqn: identifier.BuildOblValFQN(nsFQN, name, value),
}
}

Expand Down Expand Up @@ -510,12 +553,18 @@ func (c PolicyDBClient) UpdateObligationValue(ctx context.Context, r *obligation
}
}

obl := oblVal.GetObligation()
name := obl.GetName()
namespace := obl.GetNamespace()
nsFQN := namespace.GetFqn()
obl.Fqn = identifier.BuildOblFQN(nsFQN, name)
return &policy.ObligationValue{
Id: id,
Value: value,
Metadata: metadata,
Obligation: oblVal.GetObligation(),
Obligation: obl,
Triggers: triggers,
Fqn: identifier.BuildOblValFQN(nsFQN, name, value),
}, nil
}

Expand Down
Loading