Skip to content

fix(core): access pdp cleanup before actions in ABAC decisioning #2123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
Apr 28, 2025
Merged

fix(core): access pdp cleanup before actions in ABAC decisioning #2123

merged 16 commits into from
Apr 28, 2025

Conversation

jakedoublev
Copy link
Contributor

@jakedoublev jakedoublev commented Apr 28, 2025
edited
Loading

  • Improve readability of access PDP without changing API signatures
  • Improve time complexity with pre-processing improvements
  • significantly broaden test coverage in advance of actions introduction

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 373.93739ms
Throughput 267.42 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m20.413121417s
Average Latency 802.224306ms
Throughput 62.18 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4966
Failed Requests 34
Concurrent Requests 50
Total Time 1m10.333795599s
Average Latency 700.385904ms
Throughput 70.61 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 34 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 410.070981ms
Throughput 243.86 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m23.260352518s
Average Latency 829.299737ms
Throughput 60.05 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4940
Failed Requests 60
Concurrent Requests 50
Total Time 1m14.982526427s
Average Latency 746.322409ms
Throughput 65.88 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 60 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 364.598849ms
Throughput 274.27 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m18.31124114s
Average Latency 780.543406ms
Throughput 63.85 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4944
Failed Requests 56
Concurrent Requests 50
Total Time 1m8.561578484s
Average Latency 682.192683ms
Throughput 72.11 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 56 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 390.13826ms
Throughput 256.32 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m18.910036116s
Average Latency 786.761902ms
Throughput 63.36 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4947
Failed Requests 53
Concurrent Requests 50
Total Time 1m9.820209741s
Average Latency 694.601985ms
Throughput 70.85 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 53 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 371.746333ms
Throughput 269.00 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m17.723894229s
Average Latency 774.836438ms
Throughput 64.33 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4949
Failed Requests 51
Concurrent Requests 50
Total Time 1m8.172178103s
Average Latency 678.361736ms
Throughput 72.60 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 51 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 382.348995ms
Throughput 261.54 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m25.111097293s
Average Latency 847.971366ms
Throughput 58.75 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4947
Failed Requests 53
Concurrent Requests 50
Total Time 1m13.683851442s
Average Latency 733.598188ms
Throughput 67.14 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 53 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 370.743235ms
Throughput 269.73 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m19.180437503s
Average Latency 789.4166ms
Throughput 63.15 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4973
Failed Requests 27
Concurrent Requests 50
Total Time 1m9.202729101s
Average Latency 688.787567ms
Throughput 71.86 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 27 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 380.001731ms
Throughput 263.16 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m22.858134523s
Average Latency 825.955486ms
Throughput 60.34 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4948
Failed Requests 52
Concurrent Requests 50
Total Time 1m12.958848849s
Average Latency 724.87829ms
Throughput 67.82 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 52 occurrences

Standard Benchmark Metrics Skipped or Failed

@jakedoublev jakedoublev marked this pull request as ready for review April 28, 2025 20:30
@jakedoublev jakedoublev requested a review from a team as a code owner April 28, 2025 20:30
@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 368.380854ms
Throughput 271.46 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m20.771854765s
Average Latency 806.327993ms
Throughput 61.90 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4944
Failed Requests 56
Concurrent Requests 50
Total Time 1m10.249531639s
Average Latency 699.902499ms
Throughput 70.38 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 56 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 381.018899ms
Throughput 262.45 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m20.371145712s
Average Latency 800.897183ms
Throughput 62.21 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4947
Failed Requests 53
Concurrent Requests 50
Total Time 1m11.35688504s
Average Latency 709.423291ms
Throughput 69.33 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 53 occurrences

Standard Benchmark Metrics Skipped or Failed

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 378.885365ms
Throughput 263.93 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m20.308389837s
Average Latency 801.401252ms
Throughput 62.26 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4945
Failed Requests 55
Concurrent Requests 50
Total Time 1m11.055579034s
Average Latency 706.509926ms
Throughput 69.59 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 55 occurrences

Standard Benchmark Metrics Skipped or Failed

@jakedoublev jakedoublev requested a review from Copilot April 28, 2025 20:37
Copilot
Copilot AI reviewed Apr 28, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

@github-actions GitHub Actions
Copy link
Contributor

Benchmark results, click to expand

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 370.342486ms
Throughput 270.02 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 1m23.766800539s
Average Latency 835.984363ms
Throughput 59.69 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 4941
Failed Requests 59
Concurrent Requests 50
Total Time 1m13.886925213s
Average Latency 732.3779ms
Throughput 66.87 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: rewrap failed: ocrypto.ComputeECDHKey failed :ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key 59 occurrences

Standard Benchmark Metrics Skipped or Failed

@jakedoublev jakedoublev mentioned this pull request Apr 28, 2025
Closed
@jakedoublev jakedoublev added this pull request to the merge queue Apr 28, 2025
Merged via the queue into main with commit 9b38a3c Apr 28, 2025
26 of 27 checks passed
@jakedoublev jakedoublev deleted the working-commit branch April 28, 2025 21:21
@opentdf-automation opentdf-automation bot mentioned this pull request Apr 28, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request May 22, 2025
@opentdf-automation
chore(main): release service 0.5.3 (#2046)
66550d2 
🤖 I have created a release *beep* *boop*
---


##
[0.5.3](service/v0.5.2...service/v0.5.3)
(2025-05-22)


### Features

* **authz:** authz v2 versioning implementation
([#2173](#2173))
([557fc21](557fc21))
* **authz:** authz v2, ers v2 protos and gencode for ABAC with actions &
registered resource
([#2124](#2124))
([ea7992a](ea7992a))
* **authz:** export entity id prefix constant from entity instead of
authorization service v1
([#2261](#2261))
([94079a9](94079a9))
* **authz:** subject mapping plugin support for ABAC with actions
([#2223](#2223))
([d08b939](d08b939))
* bulk keycloak provisioning
([#2205](#2205))
([59e4485](59e4485))
* **core:** add otel to opentdf services
([#1858](#1858))
([53a7aa0](53a7aa0))
* **core:** Adds EC withSalt options
([#2126](#2126))
([67b6fb8](67b6fb8))
* **core:** enhance db configuration options
([#2285](#2285))
([ed9ff59](ed9ff59))
* **core:** New Key Index and Manager Plugin SPI
([#2095](#2095))
([eb446fc](eb446fc))
* **core:** support onConfigUpdate hook when registering services
([#1992](#1992))
([366d4dc](366d4dc))
* **core:** v2 ERS with proto updates
([#2210](#2210))
([a161ef8](a161ef8))
* **policy:** actions crud service endpoints and proto validation
([#2037](#2037))
([e933fa9](e933fa9))
* **policy:** actions service RPCs should actually hit storage layer
CRUD ([#2063](#2063))
([da4faf5](da4faf5))
* **policy:** add enhanced standard/custom actions protos
([#2020](#2020))
([bbac53f](bbac53f))
* **policy:** Add platform key indexer.
([#2189](#2189))
([861ef8d](861ef8d))
* **policy:** consume lib/identifier parse function
([#2181](#2181))
([1cef22b](1cef22b))
* **policy:** DSPX-1018 NDR retrieval by FQN support
([#2131](#2131))
([0001041](0001041))
* **policy:** DSPX-1057 registered resource action attribute values (DB
+ Service implementation)
([#2191](#2191))
([6bf1b2e](6bf1b2e))
* **policy:** DSPX-1057 registered resource action attribute values
(protos only) ([#2217](#2217))
([6375596](6375596))
* **policy:** DSPX-893 NDR define crud protos
([#2056](#2056))
([55a5c27](55a5c27))
* **policy:** DSPX-898 NDR database schema
([#2055](#2055))
([2a10a6a](2a10a6a))
* **policy:** DSPX-901 NDR database crud
([#2071](#2071))
([20e0a5f](20e0a5f))
* **policy:** DSPX-902 NDR service crud implementation (2/2)
([#2066](#2066))
([030ad33](030ad33))
* **policy:** DSPX-902 NDR service crud protos only (1/2)
([#2092](#2092))
([24b6cb5](24b6cb5))
* **policy:** Finish resource mapping groups
([#2224](#2224))
([5ff754e](5ff754e))
* **policy:** GetMatchedSubjectMappings should provide value FQN
([#2151](#2151))
([ad80044](ad80044))
* **policy:** key management crud
([#2110](#2110))
([4c3d53d](4c3d53d))
* **policy:** Key management proto
([#2115](#2115))
([561f853](561f853))
* **policy:** Modify get request to search for keys by kasid with keyid.
([#2147](#2147))
([780d2e4](780d2e4))
* **policy:** Restrict KAS deletion when tied to Key
([#2144](#2144))
([4c4ab13](4c4ab13))
* **policy:** Return KAS Key structure
([#2172](#2172))
([7f97b99](7f97b99))
* **policy:** rotate keys rpc
([#2180](#2180))
([0d00743](0d00743))
* **policy:** stored enhanced actions database migration, CRUD queries,
SM updates ([#2040](#2040))
([e6b7c79](e6b7c79))
* **sdk:** Add a KAS allowlist
([#2085](#2085))
([d7cfdf3](d7cfdf3))
* **sdk:** add nanotdf plaintext policy
([#2182](#2182))
([e5c56db](e5c56db))
* **sdk:** Use ConnectRPC in the go client
([#2200](#2200))
([fc34ee6](fc34ee6))


### Bug Fixes

* **core:** access pdp cleanup before actions in ABAC decisioning
([#2123](#2123))
([9b38a3c](9b38a3c))
* **core:** Autobump service
([#2080](#2080))
([006c724](006c724))
* **core:** Autobump service
([#2104](#2104))
([1f72cc7](1f72cc7))
* **core:** Autobump service
([#2108](#2108))
([be5b7d7](be5b7d7))
* **core:** bump to go 1.24 and bump service proto module dependencies
([#2064](#2064))
([94891a0](94891a0))
* **core:** Fix DPoP with grpc-gateway
([#2044](#2044))
([4483ef2](4483ef2))
* **core:** fix service go.mod
([#2141](#2141))
([3b98f6d](3b98f6d))
* **core:** Improves errors when under heavy load
([#2132](#2132))
([4490a14](4490a14))
* **core:** Let legacy KAOs use new trust plugins
([#2218](#2218))
([5aa6916](5aa6916))
* **core:** migrate from mitchellh/mapstructure to go-viper/mapstructure
([#2087](#2087))
([0a3a82e](0a3a82e))
* **core:** update viper to 1.20.1
([#2088](#2088))
([09099e9](09099e9))
* **core:** Updates vulnerable dep go/x/net
([#2072](#2072))
([11c02cd](11c02cd))
* **deps:** bump github.com/creasty/defaults from 1.7.0 to 1.8.0 in
/service ([#2242](#2242))
([86a9b46](86a9b46))
* **deps:** bump github.com/jackc/pgx/v5 from 5.5.5 to 5.7.5 in /service
([#2249](#2249))
([d8f3b67](d8f3b67))
* **deps:** bump the internal group across 1 directory with 2 updates
([#2296](#2296))
([7f92c70](7f92c70))
* **deps:** bump toolchain in /lib/fixtures and /examples to resolve CVE
GO-2025-3563 ([#2061](#2061))
([9c16843](9c16843))
* handle empty private and public key ctx structs
([#2272](#2272))
([f3fc647](f3fc647))
* **policy:** remove predefined rules in actions protos
([#2069](#2069))
([060f059](060f059))
* **policy:** return kas uri on keys for definition, namespace and
values ([#2186](#2186))
([6c55fb8](6c55fb8))
* update key_mode to provide more context
([#2226](#2226))
([44d0805](44d0805))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@pflynn-virtru pflynn-virtru pflynn-virtru approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jakedoublev @pflynn-virtru