From b6af91c4ca04098592c2b3e66a74f6c342b9cba1 Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 7 May 2025 09:03:33 -0400 Subject: [PATCH 1/3] fix(policy): return kas uri on definition, namespace and values --- docs/grpc/index.html | 7 + .../policy/actions/actions.swagger.json | 3 + .../policy/attributes/attributes.swagger.json | 3 + .../key_access_server_registry.swagger.json | 3 + .../policy/namespaces/namespaces.swagger.json | 3 + .../resource_mapping.swagger.json | 3 + .../subject_mapping.swagger.json | 3 + .../openapi/policy/unsafe/unsafe.swagger.json | 3 + protocol/go/CHANGELOG.md | 332 ------------------ protocol/go/LICENSE | 19 - protocol/go/README.md | 1 - protocol/go/policy/objects.pb.go | 274 ++++++++------- service/integration/attribute_fqns_test.go | 102 ++++++ service/integration/attribute_values_test.go | 7 + service/integration/attributes_test.go | 9 +- service/integration/main_test.go | 1 - service/integration/namespaces_test.go | 41 ++- service/policy/db/db.go | 2 +- service/policy/db/models.go | 2 +- service/policy/db/query.sql | 14 +- service/policy/db/query.sql.go | 30 +- service/policy/objects.proto | 3 +- 22 files changed, 354 insertions(+), 511 deletions(-) delete mode 100644 protocol/go/CHANGELOG.md delete mode 100644 protocol/go/LICENSE delete mode 100644 protocol/go/README.md diff --git a/docs/grpc/index.html b/docs/grpc/index.html index f4b3ab3218..d97234326b 100644 --- a/docs/grpc/index.html +++ b/docs/grpc/index.html @@ -2186,6 +2186,13 @@

KasKey

+ + kas_uri + string + +

+ + diff --git a/docs/openapi/policy/actions/actions.swagger.json b/docs/openapi/policy/actions/actions.swagger.json index 5bc50cf328..3579b4f085 100644 --- a/docs/openapi/policy/actions/actions.swagger.json +++ b/docs/openapi/policy/actions/actions.swagger.json @@ -329,6 +329,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/attributes/attributes.swagger.json b/docs/openapi/policy/attributes/attributes.swagger.json index 3aed90ca83..798dd82db2 100644 --- a/docs/openapi/policy/attributes/attributes.swagger.json +++ b/docs/openapi/policy/attributes/attributes.swagger.json @@ -1214,6 +1214,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json index 00d34895f3..10e8029a31 100644 --- a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json +++ b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json @@ -686,6 +686,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/namespaces/namespaces.swagger.json b/docs/openapi/policy/namespaces/namespaces.swagger.json index a9e1fd84c0..912d024e0c 100644 --- a/docs/openapi/policy/namespaces/namespaces.swagger.json +++ b/docs/openapi/policy/namespaces/namespaces.swagger.json @@ -519,6 +519,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json index 9388707113..add2c57958 100644 --- a/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json +++ b/docs/openapi/policy/resourcemapping/resource_mapping.swagger.json @@ -692,6 +692,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json index 5d7f7866bf..de36d07ce8 100644 --- a/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json +++ b/docs/openapi/policy/subjectmapping/subject_mapping.swagger.json @@ -699,6 +699,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/docs/openapi/policy/unsafe/unsafe.swagger.json b/docs/openapi/policy/unsafe/unsafe.swagger.json index 0a1b7648cd..c9b7df0e90 100644 --- a/docs/openapi/policy/unsafe/unsafe.swagger.json +++ b/docs/openapi/policy/unsafe/unsafe.swagger.json @@ -589,6 +589,9 @@ }, "key": { "$ref": "#/definitions/policyAsymmetricKey" + }, + "kasUri": { + "type": "string" } } }, diff --git a/protocol/go/CHANGELOG.md b/protocol/go/CHANGELOG.md deleted file mode 100644 index 16059648b8..0000000000 --- a/protocol/go/CHANGELOG.md +++ /dev/null @@ -1,332 +0,0 @@ -# Changelog - -## [0.3.2](https://github.com/opentdf/platform/compare/protocol/go/v0.3.1...protocol/go/v0.3.2) (2025-04-28) - - -### Features - -* **policy:** Key management proto ([#2115](https://github.com/opentdf/platform/issues/2115)) ([561f853](https://github.com/opentdf/platform/commit/561f85301c73c221cf22695afb66deeac594a3d6)) - -## [0.3.1](https://github.com/opentdf/platform/compare/protocol/go/v0.3.0...protocol/go/v0.3.1) (2025-04-23) - - -### Features - -* **policy:** DSPX-902 NDR service crud protos only (1/2) ([#2092](https://github.com/opentdf/platform/issues/2092)) ([24b6cb5](https://github.com/opentdf/platform/commit/24b6cb5f876439dd5bb15ed95a20d18a16da3706)) - -## [0.3.0](https://github.com/opentdf/platform/compare/protocol/go/v0.2.29...protocol/go/v0.3.0) (2025-04-16) - - -### ⚠ BREAKING CHANGES - -* **core:** Require go 1.23+ ([#1979](https://github.com/opentdf/platform/issues/1979)) - -### Features - -* **core:** Require go 1.23+ ([#1979](https://github.com/opentdf/platform/issues/1979)) ([164c922](https://github.com/opentdf/platform/commit/164c922af74b1265fe487362c356abb7f1503ada)) -* **policy:** add enhanced standard/custom actions protos ([#2020](https://github.com/opentdf/platform/issues/2020)) ([bbac53f](https://github.com/opentdf/platform/commit/bbac53fd622defefc6e8831ab041356fe7e23776)) -* **policy:** DSPX-893 NDR define crud protos ([#2056](https://github.com/opentdf/platform/issues/2056)) ([55a5c27](https://github.com/opentdf/platform/commit/55a5c279d0499f684bc62c53838edbcb89bec272)) - - -### Bug Fixes - -* **deps:** bump toolchain in /lib/fixtures and /examples to resolve CVE GO-2025-3563 ([#2061](https://github.com/opentdf/platform/issues/2061)) ([9c16843](https://github.com/opentdf/platform/commit/9c168437db3b138613fe629419dd6bd9f837e881)) -* **policy:** remove predefined rules in actions protos ([#2069](https://github.com/opentdf/platform/issues/2069)) ([060f059](https://github.com/opentdf/platform/commit/060f05941f9b81b007669f51b6205723af8c1680)) - -## [0.2.29](https://github.com/opentdf/platform/compare/protocol/go/v0.2.28...protocol/go/v0.2.29) (2025-03-06) - - -### Bug Fixes - -* **policy:** remove new public keys rpc's ([#1962](https://github.com/opentdf/platform/issues/1962)) ([5049bab](https://github.com/opentdf/platform/commit/5049baba20ddcefa40c280a18e5dd8ef754b7e22)) - -## [0.2.28](https://github.com/opentdf/platform/compare/protocol/go/v0.2.27...protocol/go/v0.2.28) (2025-02-26) - - -### Bug Fixes - -* **core:** Fixes protoJSON parse bug on ec rewrap ([#1943](https://github.com/opentdf/platform/issues/1943)) ([9bebfd0](https://github.com/opentdf/platform/commit/9bebfd01f615f5a438e0695c03dbb1a9ad7badf3)) - -## [0.2.27](https://github.com/opentdf/platform/compare/protocol/go/v0.2.26...protocol/go/v0.2.27) (2025-02-25) - - -### Features - -* **core:** EXPERIMENTAL: EC-wrapped key support ([#1902](https://github.com/opentdf/platform/issues/1902)) ([652266f](https://github.com/opentdf/platform/commit/652266f212ba10b2492a84741f68391a1d39e007)) - - -### Bug Fixes - -* **sdk:** Fix compatibility between bulk and non-bulk rewrap ([#1914](https://github.com/opentdf/platform/issues/1914)) ([74abbb6](https://github.com/opentdf/platform/commit/74abbb66cbb39023f56cd502a7cda294580a41c6)) - -## [0.2.26](https://github.com/opentdf/platform/compare/protocol/go/v0.2.25...protocol/go/v0.2.26) (2025-02-14) - - -### Features - -* add ability to retrieve policy resources by id or name ([#1901](https://github.com/opentdf/platform/issues/1901)) ([deb4455](https://github.com/opentdf/platform/commit/deb4455773cd71d3436510bbeb599f309106ce1d)) - -## [0.2.25](https://github.com/opentdf/platform/compare/protocol/go/v0.2.24...protocol/go/v0.2.25) (2025-01-31) - - -### Bug Fixes - -* add pagination to list public key mappings response ([#1889](https://github.com/opentdf/platform/issues/1889)) ([9898fbd](https://github.com/opentdf/platform/commit/9898fbda305f4eface291a2aaa98d2df80f0ad05)) - -## [0.2.24](https://github.com/opentdf/platform/compare/protocol/go/v0.2.23...protocol/go/v0.2.24) (2025-01-24) - - -### Features - -* **policy:** adds new public keys table ([#1836](https://github.com/opentdf/platform/issues/1836)) ([cad5048](https://github.com/opentdf/platform/commit/cad5048d09609d678d5b5ac2972605dd61f33bb5)) - -## [0.2.23](https://github.com/opentdf/platform/compare/protocol/go/v0.2.22...protocol/go/v0.2.23) (2025-01-17) - - -### Features - -* **core:** adds bulk rewrap to sdk and service ([#1835](https://github.com/opentdf/platform/issues/1835)) ([11698ae](https://github.com/opentdf/platform/commit/11698ae18f66282980a7822dd145e3896c2b605c)) - - -### Bug Fixes - -* **core:** Update fixtures and flattening in sdk and service ([#1827](https://github.com/opentdf/platform/issues/1827)) ([d6d6a7a](https://github.com/opentdf/platform/commit/d6d6a7a2dffdb96cf7f7f731a4e6e66e06930e59)) - -## [0.2.22](https://github.com/opentdf/platform/compare/protocol/go/v0.2.21...protocol/go/v0.2.22) (2024-11-14) - - -### Features - -* **sdk:** add collections for nanotdf ([#1695](https://github.com/opentdf/platform/issues/1695)) ([6497bf3](https://github.com/opentdf/platform/commit/6497bf3a7cee9b6900569bc6cc2c39b2f647fb52)) - -## [0.2.21](https://github.com/opentdf/platform/compare/protocol/go/v0.2.20...protocol/go/v0.2.21) (2024-11-13) - - -### Features - -* backend migration to connect-rpc ([#1733](https://github.com/opentdf/platform/issues/1733)) ([d10ba3c](https://github.com/opentdf/platform/commit/d10ba3cb22175a000ba5d156987c9f201749ae88)) -* **policy:** subject condition sets prune service/db ([#1688](https://github.com/opentdf/platform/issues/1688)) ([3cdd1b2](https://github.com/opentdf/platform/commit/3cdd1b26e81cb004b02af44e914baef3422cdcde)), closes [#1178](https://github.com/opentdf/platform/issues/1178) - -## [0.2.20](https://github.com/opentdf/platform/compare/protocol/go/v0.2.19...protocol/go/v0.2.20) (2024-11-05) - - -### Features - -* add generated connect-rpc code ([#1708](https://github.com/opentdf/platform/issues/1708)) ([92ac86a](https://github.com/opentdf/platform/commit/92ac86aa84d645fb5db26c17716d52457673f2de)) - -## [0.2.19](https://github.com/opentdf/platform/compare/protocol/go/v0.2.18...protocol/go/v0.2.19) (2024-11-05) - - -### Features - -* **policy:** 1651 move GetAttributesByValueFqns RPC request validation to protovalidate ([#1657](https://github.com/opentdf/platform/issues/1657)) ([c7d6b15](https://github.com/opentdf/platform/commit/c7d6b1542c10d3e2a35fa00efaf7d415f63c7dca)) -* **policy:** add optional name field to registered KASes in policy ([#1636](https://github.com/opentdf/platform/issues/1636)) ([f1382c1](https://github.com/opentdf/platform/commit/f1382c16893cefd40e930f4112ac7a61c9b05898)) -* **policy:** limit/offset throughout LIST protos/gencode ([#1668](https://github.com/opentdf/platform/issues/1668)) ([7de6cce](https://github.com/opentdf/platform/commit/7de6cce5c9603228bc0ef5566b5b2d10c4a12ee4)) -* **policy:** subject condition sets prune protos/gencode ([#1687](https://github.com/opentdf/platform/issues/1687)) ([a627e02](https://github.com/opentdf/platform/commit/a627e021e9df2c06e1c86acfc0a4ee83c4bce932)) - - -### Bug Fixes - -* **policy:** enhance proto validation across policy requests ([#1656](https://github.com/opentdf/platform/issues/1656)) ([df534c4](https://github.com/opentdf/platform/commit/df534c40f3f500190b200923e5157701b438431b)) -* **policy:** make MatchSubjectMappings operator agnostic ([#1658](https://github.com/opentdf/platform/issues/1658)) ([cb63819](https://github.com/opentdf/platform/commit/cb63819d107ed65cb5d467a956d713bd55214cdb)) - -## [0.2.18](https://github.com/opentdf/platform/compare/protocol/go/v0.2.17...protocol/go/v0.2.18) (2024-10-11) - - -### Features - -* **policy:** DSP-51 - deprecate PublicKey local field ([#1590](https://github.com/opentdf/platform/issues/1590)) ([e3ed0b5](https://github.com/opentdf/platform/commit/e3ed0b5ce6039000c9e3c574d3d6ce2931781235)) - -## [0.2.17](https://github.com/opentdf/platform/compare/protocol/go/v0.2.16...protocol/go/v0.2.17) (2024-09-25) - - -### Bug Fixes - -* **core:** Fix POST /v1/entitlements body parsing ([#1574](https://github.com/opentdf/platform/issues/1574)) ([fcae7ef](https://github.com/opentdf/platform/commit/fcae7ef0eba2c43ab93f5a2815e7b3e1dec69364)) - -## [0.2.16](https://github.com/opentdf/platform/compare/protocol/go/v0.2.15...protocol/go/v0.2.16) (2024-09-19) - - -### Bug Fixes - -* **core:** Fix parsing /v1/authorization ([#1554](https://github.com/opentdf/platform/issues/1554)) ([b7d694d](https://github.com/opentdf/platform/commit/b7d694d5df3867f278007660c32acb72c868735e)), closes [#1553](https://github.com/opentdf/platform/issues/1553) - -## [0.2.15](https://github.com/opentdf/platform/compare/protocol/go/v0.2.14...protocol/go/v0.2.15) (2024-09-04) - - -### Features - -* **policy:** 1398 add metadata support to Resource Mapping Groups ([#1412](https://github.com/opentdf/platform/issues/1412)) ([87b7b2f](https://github.com/opentdf/platform/commit/87b7b2ff6f7b39d34823ba926758fba25489c0a6)) - -## [0.2.14](https://github.com/opentdf/platform/compare/protocol/go/v0.2.13...protocol/go/v0.2.14) (2024-08-20) - - -### Features - -* **policy:** 1277 protos and service methods for Resource Mapping Groups operations ([#1343](https://github.com/opentdf/platform/issues/1343)) ([570f402](https://github.com/opentdf/platform/commit/570f4023183898212dcd007e5b42135ccf1d285a)) -* **sdk:** Load KAS keys from policy service ([#1346](https://github.com/opentdf/platform/issues/1346)) ([fe628a0](https://github.com/opentdf/platform/commit/fe628a013e41fb87585eb53a61988f822b40a71a)) - -## [0.2.13](https://github.com/opentdf/platform/compare/protocol/go/v0.2.12...protocol/go/v0.2.13) (2024-08-16) - - -### Features - -* **core:** Adds key ids to kas registry ([#1347](https://github.com/opentdf/platform/issues/1347)) ([e6c76ee](https://github.com/opentdf/platform/commit/e6c76ee415e08ec8681ae4ff8fb9d5d04ea7d2bb)) -* **core:** validate kas uri ([#1351](https://github.com/opentdf/platform/issues/1351)) ([2b70931](https://github.com/opentdf/platform/commit/2b7093136f6af1b6a86e613c095cefe403c9a06c)) - - -### Bug Fixes - -* **core:** align policy kas grant assignments http gateway methods with actions ([#1299](https://github.com/opentdf/platform/issues/1299)) ([031c6ca](https://github.com/opentdf/platform/commit/031c6ca87b8e252a4254f10bfcc78b45e5111ed9)) - -## [0.2.12](https://github.com/opentdf/platform/compare/protocol/go/v0.2.11...protocol/go/v0.2.12) (2024-08-13) - - -### Features - -* **core:** further support in policy for namespace grants ([#1334](https://github.com/opentdf/platform/issues/1334)) ([d56231e](https://github.com/opentdf/platform/commit/d56231ea632c6072613c18cf1fcb9770cedf49e3)) -* **core:** policy support for LIST of kas grants (protos/db) ([#1317](https://github.com/opentdf/platform/issues/1317)) ([599fc56](https://github.com/opentdf/platform/commit/599fc56dbcc3ae8ff2f46584c9bae7c1619a590d)) - -## [0.2.11](https://github.com/opentdf/platform/compare/protocol/go/v0.2.10...protocol/go/v0.2.11) (2024-08-12) - - -### Features - -* **authz:** Typed Entities ([#1249](https://github.com/opentdf/platform/issues/1249)) ([cfab3ad](https://github.com/opentdf/platform/commit/cfab3ad8a72f3a2f1a28ccca988459ddcdcbd7f6)) -* **policy:** 1277 add Resource Mapping Group to objects proto ([#1309](https://github.com/opentdf/platform/issues/1309)) ([514f1b8](https://github.com/opentdf/platform/commit/514f1b8e2d6c56056a8258e144380974b1f84d1b)), closes [#1277](https://github.com/opentdf/platform/issues/1277) - - -### Bug Fixes - -* **core:** bump golang.org/x/net from 0.22.0 to 0.23.0 in /protocol/go ([#627](https://github.com/opentdf/platform/issues/627)) ([6008320](https://github.com/opentdf/platform/commit/60083203f34ad75a6618e4aeaee05caddd6b0fe6)) -* **kas:** Regenerate protos and fix tests from info rpc removal ([#1291](https://github.com/opentdf/platform/issues/1291)) ([91a2fe6](https://github.com/opentdf/platform/commit/91a2fe65c63aa5ac6ca2f058dbc0c29ca2a26536)) -* **policy:** deprecates and reserves value members from value object in protos ([#1151](https://github.com/opentdf/platform/issues/1151)) ([07fcc9e](https://github.com/opentdf/platform/commit/07fcc9ec93f00beeb863e67d0ca1465c783c2a54)) - -## [0.2.10](https://github.com/opentdf/platform/compare/protocol/go/v0.2.9...protocol/go/v0.2.10) (2024-07-14) - - -### Bug Fixes - -* **policy:** mark value members as deprecated within protos ([#1152](https://github.com/opentdf/platform/issues/1152)) ([d18c889](https://github.com/opentdf/platform/commit/d18c8893cdd73344021de638e2d92859a320eed4)) - -## [0.2.9](https://github.com/opentdf/platform/compare/protocol/go/v0.2.8...protocol/go/v0.2.9) (2024-07-11) - - -### Features - -* **core:** GetEntitlements with_comprehensive_hierarchy ([#1121](https://github.com/opentdf/platform/issues/1121)) ([ac85bf7](https://github.com/opentdf/platform/commit/ac85bf7aef6c9a00bfa0900f6ff3533059ab4bc8)), closes [#1054](https://github.com/opentdf/platform/issues/1054) - -## [0.2.8](https://github.com/opentdf/platform/compare/protocol/go/v0.2.7...protocol/go/v0.2.8) (2024-07-09) - - -### Features - -* **core:** CONTAINS SubjectMapping Operator ([#1109](https://github.com/opentdf/platform/issues/1109)) ([65cd4af](https://github.com/opentdf/platform/commit/65cd4af366d2d6d17ad72157d5d4d31f6620cc1f)) - -## [0.2.7](https://github.com/opentdf/platform/compare/protocol/go/v0.2.6...protocol/go/v0.2.7) (2024-07-03) - - -### Bug Fixes - -* **policy:** unsafe service attribute update should allow empty names for PATCH-style API ([#1094](https://github.com/opentdf/platform/issues/1094)) ([3c56d0f](https://github.com/opentdf/platform/commit/3c56d0f4ebbda81bf6ca6924176885d93faed48b)) - -## [0.2.6](https://github.com/opentdf/platform/compare/protocol/go/v0.2.5...protocol/go/v0.2.6) (2024-07-02) - - -### Features - -* **policy:** register unsafe service in platform ([#1066](https://github.com/opentdf/platform/issues/1066)) ([b7796cd](https://github.com/opentdf/platform/commit/b7796cdbe3b16903ac83033c8d99495aa10c8e2c)) - -## [0.2.5](https://github.com/opentdf/platform/compare/protocol/go/v0.2.4...protocol/go/v0.2.5) (2024-07-02) - - -### Features - -* **policy:** add unsafe attribute RPC db connectivity ([#1022](https://github.com/opentdf/platform/issues/1022)) ([fbc02f3](https://github.com/opentdf/platform/commit/fbc02f34f3c3ae663b83944132f7dfd6897f6271)) - - -### Bug Fixes - -* **policy:** rename unsafe rpcs for aligned casbin action determination ([#1067](https://github.com/opentdf/platform/issues/1067)) ([7861e4a](https://github.com/opentdf/platform/commit/7861e4a5092ee702565b6cd152fd592f3c19435f)) - -## [0.2.4](https://github.com/opentdf/platform/compare/protocol/go/v0.2.3...protocol/go/v0.2.4) (2024-06-18) - - -### Features - -* **core:** New cryptoProvider config ([#939](https://github.com/opentdf/platform/issues/939)) ([8150623](https://github.com/opentdf/platform/commit/81506237e2e640af34df8c745b71c3f20358d5a4)) -* **policy:** add unsafe service protos and unsafe service proto Go gencode ([#1003](https://github.com/opentdf/platform/issues/1003)) ([55cc045](https://github.com/opentdf/platform/commit/55cc0459f8e5594765cecf62c3e2a1adff40a565)) - - -### Bug Fixes - -* **core:** policy resource-mappings fix doc drift in proto comments ([#980](https://github.com/opentdf/platform/issues/980)) ([09ab763](https://github.com/opentdf/platform/commit/09ab763263d092653bbded294895dcc08d03bdb2)) - -## [0.2.3](https://github.com/opentdf/platform/compare/protocol/go/v0.2.2...protocol/go/v0.2.3) (2024-05-17) - - -### Features - -* **authz:** Handle jwts as entity chains in decision requests ([#759](https://github.com/opentdf/platform/issues/759)) ([65612e0](https://github.com/opentdf/platform/commit/65612e08b418eb17c9576903c002685daed21ec1)) - - -### Bug Fixes - -* **policy:** make resource-mappings update patch instead of put in RESTful gateway ([#824](https://github.com/opentdf/platform/issues/824)) ([1878bb5](https://github.com/opentdf/platform/commit/1878bb55fb17419487e6c8add6d363469e364923)), closes [#313](https://github.com/opentdf/platform/issues/313) - -## [0.2.2](https://github.com/opentdf/platform/compare/protocol/go/v0.2.1...protocol/go/v0.2.2) (2024-05-13) - - -### Bug Fixes - -* **core:** Bump libs patch version ([#779](https://github.com/opentdf/platform/issues/779)) ([3b68dea](https://github.com/opentdf/platform/commit/3b68dea867609071047554a6a7697becaaee2805)) - -## [0.2.1](https://github.com/opentdf/platform/compare/protocol/go/v0.2.0...protocol/go/v0.2.1) (2024-05-07) - - -### Features - -* **ers:** Create entity resolution service, replace idp plugin ([#660](https://github.com/opentdf/platform/issues/660)) ([ff44112](https://github.com/opentdf/platform/commit/ff441128a4b2ef97c3f739ee3f6f42be273b31dc)) - - -### Bug Fixes - -* **policy:** normalize FQN lookup to lower case ([#668](https://github.com/opentdf/platform/issues/668)) ([cd8a875](https://github.com/opentdf/platform/commit/cd8a8750e2a87cb65bc6c8815d8db131dca4f02d)), closes [#669](https://github.com/opentdf/platform/issues/669) - -## [0.2.0](https://github.com/opentdf/platform/compare/protocol/go/v0.1.0...protocol/go/v0.2.0) (2024-04-25) - - -### Features - -* **policy:** move key access server registry under policy ([#655](https://github.com/opentdf/platform/issues/655)) ([7b63394](https://github.com/opentdf/platform/commit/7b633942cc5b929122b9f765a5f35cb7b4dd391f)) - -## [0.1.0](https://github.com/opentdf/platform/compare/protocol/go-v0.1.0...protocol/go/v0.1.0) (2024-04-22) - - -### Features - -* **attr value lookup by fqn:** adds GetAttributesByFqns rpc in attributes service [#243](https://github.com/opentdf/platform/issues/243) ([#250](https://github.com/opentdf/platform/issues/250)) ([b810d33](https://github.com/opentdf/platform/commit/b810d33ad514967d7963310fc7dd60fb6b21cc78)) -* **auth:** add authorization via casbin ([#417](https://github.com/opentdf/platform/issues/417)) ([292f2bd](https://github.com/opentdf/platform/commit/292f2bd46a856aaac3b4c996b481f6b4872613cb)) -* **authorization service:** Gets the attributes from the in-memory service connection inside the GetDecisions request ([#273](https://github.com/opentdf/platform/issues/273)) ([ce57117](https://github.com/opentdf/platform/commit/ce57117faad274bc63776b41198dc47fee5bb677)) -* **authorization:** entitlements ([#247](https://github.com/opentdf/platform/issues/247)) ([42c4f27](https://github.com/opentdf/platform/commit/42c4f27fd03d9802b402d723fcb16e71a61a3048)) -* **core:** exposes new well-known configuration endpoint ([#299](https://github.com/opentdf/platform/issues/299)) ([d52cd21](https://github.com/opentdf/platform/commit/d52cd216e3345cd6ef2dbe4f99b78d0f214f7f5d)) -* **idp-add-on:** PLAT-3005 Add keycloak idp add on and idp add on protos ([#233](https://github.com/opentdf/platform/issues/233)) ([2365e61](https://github.com/opentdf/platform/commit/2365e6185cf43a93fa9369e960c5cfd28ef59778)) -* **kas:** authorization decisions ([#431](https://github.com/opentdf/platform/issues/431)) ([82e8895](https://github.com/opentdf/platform/commit/82e88953beedd503bb161b9c728e31fdcb195624)) -* **PLAT-2950:** Update buf generated interface code for java ([#240](https://github.com/opentdf/platform/issues/240)) ([d7e2642](https://github.com/opentdf/platform/commit/d7e26425528ca80545738ece554510f82fb189fb)) -* **policy object selectors:** adds initial selector protos, moves policy object type messages to top-level to avoid circular imports, and provides subject mappings in response to GetAttributeValuesByFqns ([#372](https://github.com/opentdf/platform/issues/372)) ([e9d9241](https://github.com/opentdf/platform/commit/e9d9241c022ddbd425120a54e8f73ffdab4e2ae0)) -* **policy subject mappings condition sets / migrations:** adds DB schema, fixes migrate down command, adds migrate up command, bumps goose ([#286](https://github.com/opentdf/platform/issues/286)) ([4d7a032](https://github.com/opentdf/platform/commit/4d7a0327b1a71ff666ef5ffecefe13adac721aab)) -* **policy:** adds support for match subject request to get entitlements without FQN scopes ([#347](https://github.com/opentdf/platform/issues/347)) ([63c34a5](https://github.com/opentdf/platform/commit/63c34a5b58e748ee0691f03522c19d9b34ad96fb)) -* **policy:** enhance and expand metadata and normalize API ([#314](https://github.com/opentdf/platform/issues/314)) ([9389f3b](https://github.com/opentdf/platform/commit/9389f3b724076ba5a47ea1de44e3a58080b50905)) -* **policy:** enhance subject mappings with subject condition sets ([#321](https://github.com/opentdf/platform/issues/321)) ([df692eb](https://github.com/opentdf/platform/commit/df692eb6bce2b0aa70692ede2cb718f69c8a7a09)) -* **policy:** list attrs by namespace ([#479](https://github.com/opentdf/platform/issues/479)) ([92d8f8c](https://github.com/opentdf/platform/commit/92d8f8cfed2c27a1d893fd22581d66e7e41d9516)) -* **policy:** list attrs by namespace name ([#487](https://github.com/opentdf/platform/issues/487)) ([04e723f](https://github.com/opentdf/platform/commit/04e723faf6e90e75e05e625b51428da9579e3fb7)) -* **policy:** rework attribute value members ([#398](https://github.com/opentdf/platform/issues/398)) ([1cb7d0c](https://github.com/opentdf/platform/commit/1cb7d0c981a5cdcdb3dd070f887aedf609274a57)) -* **policy:** support attribute value creation ([#454](https://github.com/opentdf/platform/issues/454)) ([432ee6b](https://github.com/opentdf/platform/commit/432ee6b277059827f28c4bf7b24f59273632a5b1)) -* **policy:** update fixtures, proto comments, and proto field names to reflect use of jq selector syntax within Conditions of Subject Sets ([#523](https://github.com/opentdf/platform/issues/523)) ([16f40f7](https://github.com/opentdf/platform/commit/16f40f7727f7c695f9b5d9f5aac26c348dbee4a2)) - - -### Bug Fixes - -* **authorization:** remove access pdp internal AttributeInstance type and use policy proto generated struct types instead ([#485](https://github.com/opentdf/platform/issues/485)) ([8435f59](https://github.com/opentdf/platform/commit/8435f59d60e654098caa002505cedf364811840b)) -* **policy:** Adds policy package infix ([#280](https://github.com/opentdf/platform/issues/280)) ([57e8ef9](https://github.com/opentdf/platform/commit/57e8ef9b1fcb9dbbc317e62fd6ea9e24f10b356f)) -* **protos:** authorization service's ResourceAttribute message should map to updated platform policy schema ([#238](https://github.com/opentdf/platform/issues/238)) ([bf381dc](https://github.com/opentdf/platform/commit/bf381dc9618d505f3aa5e0a27f79faf373a866c7)) diff --git a/protocol/go/LICENSE b/protocol/go/LICENSE deleted file mode 100644 index 156808cead..0000000000 --- a/protocol/go/LICENSE +++ /dev/null @@ -1,19 +0,0 @@ -# The Clear BSD License - -Copyright 2023 Virtru Corporation -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted (subject to the limitations in the disclaimer below) -provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. -* Neither the name of Virtru Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without - specific prior written permission. -NO EXPRESS OR IMPLIED LICENSES TO ANY PARTY'S PATENT RIGHTS ARE GRANTED BY THIS LICENSE. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE diff --git a/protocol/go/README.md b/protocol/go/README.md deleted file mode 100644 index 4e768b56d8..0000000000 --- a/protocol/go/README.md +++ /dev/null @@ -1 +0,0 @@ -# \ No newline at end of file diff --git a/protocol/go/policy/objects.pb.go b/protocol/go/policy/objects.pb.go index 0c3b0f33bd..326041d49f 100644 --- a/protocol/go/policy/objects.pb.go +++ b/protocol/go/policy/objects.pb.go @@ -2135,8 +2135,9 @@ type KasKey struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - KasId string `protobuf:"bytes,1,opt,name=kas_id,json=kasId,proto3" json:"kas_id,omitempty"` - Key *AsymmetricKey `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + KasId string `protobuf:"bytes,1,opt,name=kas_id,json=kasId,proto3" json:"kas_id,omitempty"` + Key *AsymmetricKey `protobuf:"bytes,2,opt,name=key,proto3" json:"key,omitempty"` + KasUri string `protobuf:"bytes,3,opt,name=kas_uri,json=kasUri,proto3" json:"kas_uri,omitempty"` } func (x *KasKey) Reset() { @@ -2185,6 +2186,13 @@ func (x *KasKey) GetKey() *AsymmetricKey { return nil } +func (x *KasKey) GetKasUri() string { + if x != nil { + return x.KasUri + } + return "" +} + type AsymmetricKey struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2705,141 +2713,143 @@ var file_policy_objects_proto_rawDesc = []byte{ 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x22, 0x48, 0x0a, 0x06, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x15, + 0x64, 0x61, 0x74, 0x61, 0x22, 0x61, 0x0a, 0x06, 0x4b, 0x61, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x61, 0x73, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x61, 0x73, 0x49, 0x64, 0x12, 0x27, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x73, 0x79, 0x6d, - 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x8c, - 0x03, 0x0a, 0x0d, 0x41, 0x73, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, - 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x36, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x61, - 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, - 0x6d, 0x52, 0x0c, 0x6b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, - 0x30, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, - 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x2a, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, - 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, - 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x43, 0x74, 0x78, 0x12, 0x26, 0x0a, 0x0f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, - 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x70, 0x72, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x42, 0x0a, 0x0f, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, - 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x0e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, - 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x9e, 0x02, - 0x0a, 0x0c, 0x53, 0x79, 0x6d, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x15, - 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x09, 0x6b, 0x65, - 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2a, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x6b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x42, 0x0a, 0x0f, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, - 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2a, 0xb3, - 0x01, 0x0a, 0x15, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, - 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x28, 0x0a, 0x24, 0x41, 0x54, 0x54, 0x52, - 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, - 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, - 0x4c, 0x4c, 0x5f, 0x4f, 0x46, 0x10, 0x01, 0x12, 0x23, 0x0a, 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, - 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, - 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x59, 0x5f, 0x4f, 0x46, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, - 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x48, 0x49, 0x45, 0x52, 0x41, 0x52, 0x43, - 0x48, 0x59, 0x10, 0x03, 0x2a, 0xca, 0x01, 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, - 0x6e, 0x75, 0x6d, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, - 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, - 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, - 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, - 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x10, 0x01, 0x12, 0x28, 0x0a, 0x24, 0x53, 0x55, 0x42, 0x4a, - 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, - 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x49, 0x4e, - 0x10, 0x02, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, - 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, - 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x53, 0x10, - 0x03, 0x2a, 0x90, 0x01, 0x0a, 0x18, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, - 0x6f, 0x6f, 0x6c, 0x65, 0x61, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2b, - 0x0a, 0x27, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, - 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, - 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x43, - 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44, 0x10, 0x01, - 0x12, 0x22, 0x0a, 0x1e, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, - 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, - 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x5d, 0x0a, 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, - 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, - 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, - 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, - 0x4c, 0x10, 0x02, 0x2a, 0x88, 0x02, 0x0a, 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, - 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, - 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, - 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, - 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, - 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, - 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, - 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, - 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, - 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, - 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, - 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, - 0x52, 0x31, 0x10, 0x06, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, + 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x17, + 0x0a, 0x07, 0x6b, 0x61, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x6b, 0x61, 0x73, 0x55, 0x72, 0x69, 0x22, 0x8c, 0x03, 0x0a, 0x0d, 0x41, 0x73, 0x79, 0x6d, + 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, + 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, + 0x12, 0x36, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, + 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x0c, 0x6b, 0x65, 0x79, 0x41, + 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x30, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, + 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, + 0x09, 0x6b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2a, 0x0a, 0x08, 0x6b, 0x65, + 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x07, 0x6b, + 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x0a, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, + 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x26, 0x0a, 0x0f, + 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, + 0x79, 0x43, 0x74, 0x78, 0x12, 0x42, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x9e, 0x02, 0x0a, 0x0c, 0x53, 0x79, 0x6d, 0x6d, 0x65, + 0x74, 0x72, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x30, + 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x11, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x2a, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x4d, + 0x6f, 0x64, 0x65, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x17, 0x0a, 0x07, + 0x6b, 0x65, 0x79, 0x5f, 0x63, 0x74, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x6b, + 0x65, 0x79, 0x43, 0x74, 0x78, 0x12, 0x42, 0x0a, 0x0f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x65, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x64, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x64, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2a, 0xb3, 0x01, 0x0a, 0x15, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, 0x75, 0x6c, 0x65, 0x54, 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, + 0x6d, 0x12, 0x28, 0x0a, 0x24, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, + 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, + 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x41, + 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4c, 0x4c, 0x5f, 0x4f, 0x46, 0x10, 0x01, + 0x12, 0x23, 0x0a, 0x1f, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, 0x54, 0x45, 0x5f, 0x52, 0x55, + 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x59, + 0x5f, 0x4f, 0x46, 0x10, 0x02, 0x12, 0x26, 0x0a, 0x22, 0x41, 0x54, 0x54, 0x52, 0x49, 0x42, 0x55, + 0x54, 0x45, 0x5f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, + 0x4d, 0x5f, 0x48, 0x49, 0x45, 0x52, 0x41, 0x52, 0x43, 0x48, 0x59, 0x10, 0x03, 0x2a, 0xca, 0x01, + 0x0a, 0x1a, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, + 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2d, 0x0a, 0x29, + 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, + 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, + 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x53, + 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, + 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x10, + 0x01, 0x12, 0x28, 0x0a, 0x24, 0x53, 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, + 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, + 0x55, 0x4d, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x2d, 0x0a, 0x29, 0x53, + 0x55, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x4d, 0x41, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x5f, 0x4f, + 0x50, 0x45, 0x52, 0x41, 0x54, 0x4f, 0x52, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x49, 0x4e, 0x5f, + 0x43, 0x4f, 0x4e, 0x54, 0x41, 0x49, 0x4e, 0x53, 0x10, 0x03, 0x2a, 0x90, 0x01, 0x0a, 0x18, 0x43, + 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x6f, 0x6f, 0x6c, 0x65, 0x61, 0x6e, 0x54, + 0x79, 0x70, 0x65, 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4f, 0x4e, 0x44, 0x49, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, + 0x45, 0x44, 0x10, 0x00, 0x12, 0x23, 0x0a, 0x1f, 0x43, 0x4f, 0x4e, 0x44, 0x49, 0x54, 0x49, 0x4f, + 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, + 0x4e, 0x55, 0x4d, 0x5f, 0x41, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x22, 0x0a, 0x1e, 0x43, 0x4f, 0x4e, + 0x44, 0x49, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x42, 0x4f, 0x4f, 0x4c, 0x45, 0x41, 0x4e, 0x5f, 0x54, + 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x5d, 0x0a, + 0x0a, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x53, + 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, + 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, + 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, + 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x02, 0x2a, 0x88, 0x02, 0x0a, + 0x13, 0x4b, 0x61, 0x73, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, + 0x45, 0x6e, 0x75, 0x6d, 0x12, 0x27, 0x0a, 0x23, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, - 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x2a, 0x9b, - 0x01, 0x0a, 0x09, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15, - 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, - 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, - 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, - 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, - 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, - 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15, + 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, + 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, + 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, + 0x38, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, + 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x52, + 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, + 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, + 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35, 0x36, 0x52, + 0x31, 0x10, 0x05, 0x12, 0x28, 0x0a, 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, + 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, + 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x10, 0x06, 0x12, 0x28, 0x0a, + 0x24, 0x4b, 0x41, 0x53, 0x5f, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x5f, 0x4b, 0x45, 0x59, 0x5f, + 0x41, 0x4c, 0x47, 0x5f, 0x45, 0x4e, 0x55, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x53, 0x45, 0x43, 0x50, + 0x35, 0x32, 0x31, 0x52, 0x31, 0x10, 0x07, 0x2a, 0x9b, 0x01, 0x0a, 0x09, 0x41, 0x6c, 0x67, 0x6f, + 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x19, 0x0a, 0x15, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, + 0x48, 0x4d, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, + 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x4c, 0x47, 0x4f, + 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x02, + 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, + 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x03, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, + 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, - 0x33, 0x38, 0x34, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, - 0x48, 0x4d, 0x5f, 0x45, 0x43, 0x5f, 0x50, 0x35, 0x32, 0x31, 0x10, 0x05, 0x2a, 0x73, 0x0a, 0x09, - 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, - 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, - 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, - 0x54, 0x55, 0x53, 0x5f, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, - 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x49, 0x4e, 0x41, 0x43, 0x54, - 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, - 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x4d, 0x50, 0x52, 0x4f, 0x4d, 0x49, 0x53, 0x45, 0x44, 0x10, - 0x03, 0x2a, 0x4c, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, - 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, - 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, - 0x44, 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, 0x4c, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, - 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x02, 0x42, - 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, - 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, - 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, - 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, - 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x35, 0x32, 0x31, 0x10, 0x05, 0x2a, 0x73, 0x0a, 0x09, 0x4b, 0x65, 0x79, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, + 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x41, 0x43, 0x54, + 0x49, 0x56, 0x45, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x49, 0x4e, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x02, 0x12, 0x1a, + 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x4d, + 0x50, 0x52, 0x4f, 0x4d, 0x49, 0x53, 0x45, 0x44, 0x10, 0x03, 0x2a, 0x4c, 0x0a, 0x07, 0x4b, 0x65, + 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, + 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x12, 0x0a, 0x0e, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, 0x4c, 0x4f, 0x43, 0x41, + 0x4c, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x4d, 0x4f, 0x44, 0x45, 0x5f, + 0x52, 0x45, 0x4d, 0x4f, 0x54, 0x45, 0x10, 0x02, 0x42, 0x82, 0x01, 0x0a, 0x0a, 0x63, 0x6f, 0x6d, + 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x0c, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x73, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, + 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, + 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x58, 0x58, 0xaa, 0x02, 0x06, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xca, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0xe2, + 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/service/integration/attribute_fqns_test.go b/service/integration/attribute_fqns_test.go index 80bbdca645..f917012ec8 100644 --- a/service/integration/attribute_fqns_test.go +++ b/service/integration/attribute_fqns_test.go @@ -1647,6 +1647,108 @@ func (s *AttributeFqnSuite) TestGetAttributesByValueFqns_Fails_WithNonValueFqns( s.Require().ErrorIs(err, db.ErrNotFound) } +func (s *AttributeFqnSuite) TestGetAttributeByValueFqns_KAS_Keys_Returned() { + kasKey := s.f.GetKasRegistryServerKeys("kas_key_1") + fqn := "https://keys.com/attr/kas-key/value/key1" + + kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID) + s.Require().NoError(err) + s.NotNil(kasReg) + + // Create New Namespace + ns, err := s.db.PolicyClient.CreateNamespace(s.ctx, &namespaces.CreateNamespaceRequest{Name: "keys.com"}) + s.Require().NoError(err) + s.NotNil(ns) + + // Create Attribute + attr, err := s.db.PolicyClient.CreateAttribute(s.ctx, &attributes.CreateAttributeRequest{ + Name: "kas-key", + NamespaceId: ns.GetId(), + Rule: policy.AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF, + Values: []string{"key1"}, + }) + s.Require().NoError(err) + s.NotNil(attr) + + // Assign Kas Key to namespace + nsKey, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{ + NamespaceId: ns.GetId(), + KeyId: kasKey.ID, + }) + s.Require().NoError(err) + s.NotNil(nsKey) + + // Get Attribute By Value Fqns. Check NS for key + v, err := s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{ + Fqns: []string{fqn}, + }) + s.Require().NoError(err) + s.NotNil(v) + s.Len(v, 1) + + for _, attr := range v { + s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1) + s.Empty(attr.GetAttribute().GetKasKeys()) + s.Empty(attr.GetValue().GetKasKeys()) + s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri()) + } + + // Assign Kas Key to Attribute + attrKey, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{ + AttributeId: attr.GetId(), + KeyId: kasKey.ID, + }) + s.Require().NoError(err) + s.NotNil(attrKey) + + // Get Attribute By Value Fqns. Check NS and Attribute for Key + v, err = s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{ + Fqns: []string{fqn}, + }) + s.Require().NoError(err) + s.NotNil(v) + s.Len(v, 1) + + for _, attr := range v { + s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1) + s.Len(attr.GetAttribute().GetKasKeys(), 1) + s.Empty(attr.GetValue().GetKasKeys()) + s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri()) + s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetAttribute().GetKasKeys()[0].GetKasUri()) + } + + // Assign Kas Key to Value + valueKey, err := s.db.PolicyClient.AssignPublicKeyToValue(s.ctx, &attributes.ValueKey{ + ValueId: attr.GetValues()[0].GetId(), + KeyId: kasKey.ID, + }) + s.Require().NoError(err) + s.NotNil(valueKey) + + // Get Attribute By Value Fqns. Check NS ,Attribute and Value for Key + v, err = s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{ + Fqns: []string{fqn}, + }) + s.Require().NoError(err) + s.NotNil(v) + s.Len(v, 1) + + for _, attr := range v { + s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1) + s.Len(attr.GetAttribute().GetKasKeys(), 1) + s.Len(attr.GetValue().GetKasKeys(), 1) + s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri()) + s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetAttribute().GetKasKeys()[0].GetKasUri()) + s.Equal(kasKey.KeyAccessServerID, attr.GetValue().GetKasKeys()[0].GetKasId()) + s.Equal(kasReg.GetUri(), attr.GetValue().GetKasKeys()[0].GetKasUri()) + } +} + func (s *AttributeFqnSuite) bigTestSetup(namespaceName string) bigSetup { // create a new namespace ns, err := s.db.PolicyClient.CreateNamespace(s.ctx, &namespaces.CreateNamespaceRequest{ diff --git a/service/integration/attribute_values_test.go b/service/integration/attribute_values_test.go index 4f695aef88..ff27770e9b 100644 --- a/service/integration/attribute_values_test.go +++ b/service/integration/attribute_values_test.go @@ -1025,6 +1025,13 @@ func (s *AttributeValuesSuite) Test_AssignPublicKeyToAttributeValue_Succeeds() { s.Empty(gotAttrValue.GetKasKeys()[0].GetKey().GetProviderConfig()) s.Empty(gotAttrValue.GetKasKeys()[0].GetKey().GetPrivateKeyCtx()) + // Get the kas server information associated with the key + kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID) + s.Require().NoError(err) + s.NotNil(kasReg) + + s.Equal(kasReg.GetUri(), gotAttrValue.GetKasKeys()[0].GetKasUri()) + resp, err = s.db.PolicyClient.RemovePublicKeyFromValue(s.ctx, &attributes.ValueKey{ ValueId: gotAttrValue.GetId(), KeyId: gotAttrValue.GetKasKeys()[0].GetKey().GetId(), diff --git a/service/integration/attributes_test.go b/service/integration/attributes_test.go index 6d68e1d40c..d55e4ceff1 100644 --- a/service/integration/attributes_test.go +++ b/service/integration/attributes_test.go @@ -1344,7 +1344,6 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() { s.Require().NoError(err) s.NotNil(gotAttr) s.Empty(gotAttr.GetKasKeys()) - kasKey := s.f.GetKasRegistryServerKeys("kas_key_1") resp, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{ AttributeId: s.f.GetAttributeKey("example.com/attr/attr1").ID, @@ -1356,6 +1355,7 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() { gotAttr, err = s.db.PolicyClient.GetAttribute(s.ctx, s.f.GetAttributeKey("example.com/attr/attr1").ID) s.Require().NoError(err) s.NotNil(gotAttr) + s.Len(gotAttr.GetKasKeys(), 1) s.Equal(kasKey.KeyAccessServerID, gotAttr.GetKasKeys()[0].GetKasId()) s.Equal(kasKey.ID, gotAttr.GetKasKeys()[0].GetKey().GetId()) @@ -1365,6 +1365,13 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() { s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetPrivateKeyCtx()) s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetProviderConfig()) + // Get the kas server information associated with the key + kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID) + s.Require().NoError(err) + s.NotNil(kasReg) + + s.Equal(kasReg.GetUri(), gotAttr.GetKasKeys()[0].GetKasUri()) + resp, err = s.db.PolicyClient.RemovePublicKeyFromAttribute(s.ctx, &attributes.AttributeKey{ AttributeId: resp.GetAttributeId(), KeyId: resp.GetKeyId(), diff --git a/service/integration/main_test.go b/service/integration/main_test.go index 10949ea630..3876cd3bda 100644 --- a/service/integration/main_test.go +++ b/service/integration/main_test.go @@ -61,7 +61,6 @@ func TestMain(m *testing.M) { export TESTCONTAINERS_RYUK_CONTAINER_PRIVILEGED=true; # needed to run Reaper (alternative disable it TESTCONTAINERS_RYUK_DISABLED=true) export TESTCONTAINERS_DOCKER_SOCKET_OVERRIDE=/var/run/docker.sock; # needed to apply the bind with statfs */ - var providerType tc.ProviderType if os.Getenv("TESTCONTAINERS_PODMAN") == "true" { diff --git a/service/integration/namespaces_test.go b/service/integration/namespaces_test.go index e57c2df2a4..9d8f4f254b 100644 --- a/service/integration/namespaces_test.go +++ b/service/integration/namespaces_test.go @@ -1176,12 +1176,12 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Returns_Error_When_ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() { namespaceFix := s.getActiveNamespaceFixtures()[0] - gotAttr, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ + gotNS, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ NamespaceId: namespaceFix.ID, }) s.Require().NoError(err) - s.NotNil(gotAttr) - s.Empty(gotAttr.GetKasKeys()) + s.NotNil(gotNS) + s.Empty(gotNS.GetKasKeys()) kasKey := s.f.GetKasRegistryServerKeys("kas_key_1") resp, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{ @@ -1191,19 +1191,26 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() { s.Require().NoError(err) s.NotNil(resp) - gotAttr, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ + gotNS, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ NamespaceId: namespaceFix.ID, }) s.Require().NoError(err) - s.NotNil(gotAttr) - s.Len(gotAttr.GetKasKeys(), 1) - s.Equal(kasKey.KeyAccessServerID, gotAttr.GetKasKeys()[0].GetKasId()) - s.Equal(kasKey.ID, gotAttr.GetKasKeys()[0].GetKey().GetId()) + s.NotNil(gotNS) + s.Len(gotNS.GetKasKeys(), 1) + s.Equal(kasKey.KeyAccessServerID, gotNS.GetKasKeys()[0].GetKasId()) + s.Equal(kasKey.ID, gotNS.GetKasKeys()[0].GetKey().GetId()) publicKeyCtx, err := base64.StdEncoding.DecodeString(kasKey.PublicKeyCtx) s.Require().NoError(err) - s.Equal(publicKeyCtx, gotAttr.GetKasKeys()[0].GetKey().GetPublicKeyCtx()) - s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetPrivateKeyCtx()) - s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetProviderConfig()) + s.Equal(publicKeyCtx, gotNS.GetKasKeys()[0].GetKey().GetPublicKeyCtx()) + s.Empty(gotNS.GetKasKeys()[0].GetKey().GetPrivateKeyCtx()) + s.Empty(gotNS.GetKasKeys()[0].GetKey().GetProviderConfig()) + + // Get the kas server information associated with the key + kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID) + s.Require().NoError(err) + s.NotNil(kasReg) + + s.Equal(kasReg.GetUri(), gotNS.GetKasKeys()[0].GetKasUri()) resp, err = s.db.PolicyClient.RemovePublicKeyFromNamespace(s.ctx, &namespaces.NamespaceKey{ NamespaceId: resp.GetNamespaceId(), @@ -1212,22 +1219,22 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() { s.Require().NoError(err) s.NotNil(resp) - gotAttr, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ + gotNS, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ NamespaceId: namespaceFix.ID, }) s.Require().NoError(err) - s.NotNil(gotAttr) - s.Empty(gotAttr.GetKasKeys()) + s.NotNil(gotNS) + s.Empty(gotNS.GetKasKeys()) } func (s *NamespacesSuite) Test_RemovePublicKeyFromNamespace_Not_Found_Fails() { namespaceFix := s.getActiveNamespaceFixtures()[0] - gotAttr, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ + gotNS, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{ NamespaceId: namespaceFix.ID, }) s.Require().NoError(err) - s.NotNil(gotAttr) - s.Empty(gotAttr.GetKasKeys()) + s.NotNil(gotNS) + s.Empty(gotNS.GetKasKeys()) kasKey := s.f.GetKasRegistryServerKeys("kas_key_1") resp, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{ diff --git a/service/policy/db/db.go b/service/policy/db/db.go index eeee39e428..0e4c3f4a0b 100644 --- a/service/policy/db/db.go +++ b/service/policy/db/db.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.28.0 +// sqlc v1.29.0 package db diff --git a/service/policy/db/models.go b/service/policy/db/models.go index 743cc8f7fe..b4a0558ae8 100644 --- a/service/policy/db/models.go +++ b/service/policy/db/models.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.28.0 +// sqlc v1.29.0 package db diff --git a/service/policy/db/query.sql b/service/policy/db/query.sql index 26d766988e..7d6b25d72a 100644 --- a/service/policy/db/query.sql +++ b/service/policy/db/query.sql @@ -529,6 +529,7 @@ WITH target_definition AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -541,6 +542,7 @@ WITH target_definition AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE fqns.fqn = ANY(@fqns::TEXT[]) @@ -576,6 +578,7 @@ namespaces AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -588,6 +591,7 @@ namespaces AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON n.id = nmp_keys.namespace_id WHERE n.active = TRUE @@ -669,6 +673,7 @@ values AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -681,6 +686,7 @@ values AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE av.active = TRUE @@ -759,11 +765,13 @@ LEFT JOIN ( 'key_algorithm', kask.key_algorithm, 'public_key_ctx', ENCODE(kask.public_key_ctx::TEXT::BYTEA, 'base64') ), - 'kas_id', kask.key_access_server_id + 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri ) ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE (sqlc.narg('id')::uuid IS NULL OR ad.id = sqlc.narg('id')::uuid) @@ -866,6 +874,7 @@ LEFT JOIN ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -878,6 +887,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kas.id = kask.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE (sqlc.narg('id')::uuid IS NULL OR av.id = sqlc.narg('id')::uuid) @@ -1097,6 +1107,7 @@ LEFT JOIN ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -1109,6 +1120,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON ns.id = nmp_keys.namespace_id WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL diff --git a/service/policy/db/query.sql.go b/service/policy/db/query.sql.go index e367ddc89f..628c05ec5c 100644 --- a/service/policy/db/query.sql.go +++ b/service/policy/db/query.sql.go @@ -1,6 +1,6 @@ // Code generated by sqlc. DO NOT EDIT. // versions: -// sqlc v1.28.0 +// sqlc v1.29.0 // source: query.sql package db @@ -456,11 +456,13 @@ LEFT JOIN ( 'key_algorithm', kask.key_algorithm, 'public_key_ctx', ENCODE(kask.public_key_ctx::TEXT::BYTEA, 'base64') ), - 'kas_id', kask.key_access_server_id + 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri ) ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE ($1::uuid IS NULL OR ad.id = $1::uuid) @@ -545,11 +547,13 @@ type GetAttributeRow struct { // 'key_algorithm', kask.key_algorithm, // 'public_key_ctx', ENCODE(kask.public_key_ctx::TEXT::BYTEA, 'base64') // ), -// 'kas_id', kask.key_access_server_id +// 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri // ) // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_definition_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.definition_id // ) defk ON ad.id = defk.definition_id // WHERE ($1::uuid IS NULL OR ad.id = $1::uuid) @@ -601,6 +605,7 @@ LEFT JOIN ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -613,6 +618,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kas.id = kask.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE ($1::uuid IS NULL OR av.id = $1::uuid) @@ -664,6 +670,7 @@ type GetAttributeValueRow struct { // JSONB_AGG( // DISTINCT JSONB_BUILD_OBJECT( // 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri, // 'key', JSONB_BUILD_OBJECT( // 'id', kask.id, // 'key_id', kask.key_id, @@ -676,6 +683,7 @@ type GetAttributeValueRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_value_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kas.id = kask.id // GROUP BY k.value_id // ) value_keys ON av.id = value_keys.value_id // WHERE ($1::uuid IS NULL OR av.id = $1::uuid) @@ -831,6 +839,7 @@ LEFT JOIN ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -843,6 +852,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON ns.id = nmp_keys.namespace_id WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL @@ -891,6 +901,7 @@ type GetNamespaceRow struct { // JSONB_AGG( // DISTINCT JSONB_BUILD_OBJECT( // 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri, // 'key', JSONB_BUILD_OBJECT( // 'id', kask.id, // 'key_id', kask.key_id, @@ -903,6 +914,7 @@ type GetNamespaceRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_namespace_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.namespace_id // ) nmp_keys ON ns.id = nmp_keys.namespace_id // WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL @@ -3961,6 +3973,7 @@ WITH target_definition AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -3973,6 +3986,7 @@ WITH target_definition AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE fqns.fqn = ANY($1::TEXT[]) @@ -4008,6 +4022,7 @@ namespaces AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -4020,6 +4035,7 @@ namespaces AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON n.id = nmp_keys.namespace_id WHERE n.active = TRUE @@ -4101,6 +4117,7 @@ values AS ( JSONB_AGG( DISTINCT JSONB_BUILD_OBJECT( 'kas_id', kask.key_access_server_id, + 'kas_uri', kas.uri, 'key', JSONB_BUILD_OBJECT( 'id', kask.id, 'key_id', kask.key_id, @@ -4113,6 +4130,7 @@ values AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id + LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE av.active = TRUE @@ -4176,6 +4194,7 @@ type listAttributesByDefOrValueFqnsRow struct { // JSONB_AGG( // DISTINCT JSONB_BUILD_OBJECT( // 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri, // 'key', JSONB_BUILD_OBJECT( // 'id', kask.id, // 'key_id', kask.key_id, @@ -4188,6 +4207,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_definition_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.definition_id // ) defk ON ad.id = defk.definition_id // WHERE fqns.fqn = ANY($1::TEXT[]) @@ -4223,6 +4243,7 @@ type listAttributesByDefOrValueFqnsRow struct { // JSONB_AGG( // DISTINCT JSONB_BUILD_OBJECT( // 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri, // 'key', JSONB_BUILD_OBJECT( // 'id', kask.id, // 'key_id', kask.key_id, @@ -4235,6 +4256,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_namespace_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.namespace_id // ) nmp_keys ON n.id = nmp_keys.namespace_id // WHERE n.active = TRUE @@ -4316,6 +4338,7 @@ type listAttributesByDefOrValueFqnsRow struct { // JSONB_AGG( // DISTINCT JSONB_BUILD_OBJECT( // 'kas_id', kask.key_access_server_id, +// 'kas_uri', kas.uri, // 'key', JSONB_BUILD_OBJECT( // 'id', kask.id, // 'key_id', kask.key_id, @@ -4328,6 +4351,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_value_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id +// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.value_id // ) value_keys ON av.id = value_keys.value_id // WHERE av.active = TRUE diff --git a/service/policy/objects.proto b/service/policy/objects.proto index 10ce3e2b43..b69fd573fc 100644 --- a/service/policy/objects.proto +++ b/service/policy/objects.proto @@ -322,7 +322,6 @@ message KeyAccessServer { // Kas keys associated with this KAS repeated KasKey kas_keys = 5; - // Optional // Unique name of the KAS instance string name = 20; @@ -435,7 +434,6 @@ message RegisteredResourceValue { common.Metadata metadata = 100; } - // Supported key algorithms. enum Algorithm { ALGORITHM_UNSPECIFIED = 0; @@ -468,6 +466,7 @@ enum KeyMode { message KasKey { string kas_id = 1; AsymmetricKey key = 2; + string kas_uri = 3; } message AsymmetricKey { From b6e22671214025c6f12caae5e851a01e03307eeb Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 7 May 2025 14:29:11 -0400 Subject: [PATCH 2/3] move to inner join --- service/policy/db/query.sql | 12 ++++++------ service/policy/db/query.sql.go | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/service/policy/db/query.sql b/service/policy/db/query.sql index 7d6b25d72a..c124433e5b 100644 --- a/service/policy/db/query.sql +++ b/service/policy/db/query.sql @@ -542,7 +542,7 @@ WITH target_definition AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE fqns.fqn = ANY(@fqns::TEXT[]) @@ -591,7 +591,7 @@ namespaces AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON n.id = nmp_keys.namespace_id WHERE n.active = TRUE @@ -686,7 +686,7 @@ values AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE av.active = TRUE @@ -771,7 +771,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE (sqlc.narg('id')::uuid IS NULL OR ad.id = sqlc.narg('id')::uuid) @@ -887,7 +887,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kas.id = kask.id + INNER JOIN key_access_servers kas ON kas.id = kask.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE (sqlc.narg('id')::uuid IS NULL OR av.id = sqlc.narg('id')::uuid) @@ -1120,7 +1120,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON ns.id = nmp_keys.namespace_id WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL diff --git a/service/policy/db/query.sql.go b/service/policy/db/query.sql.go index 628c05ec5c..9758ce5863 100644 --- a/service/policy/db/query.sql.go +++ b/service/policy/db/query.sql.go @@ -462,7 +462,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE ($1::uuid IS NULL OR ad.id = $1::uuid) @@ -553,7 +553,7 @@ type GetAttributeRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_definition_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id +// INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.definition_id // ) defk ON ad.id = defk.definition_id // WHERE ($1::uuid IS NULL OR ad.id = $1::uuid) @@ -618,7 +618,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kas.id = kask.id + INNER JOIN key_access_servers kas ON kas.id = kask.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE ($1::uuid IS NULL OR av.id = $1::uuid) @@ -683,7 +683,7 @@ type GetAttributeValueRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_value_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kas.id = kask.id +// INNER JOIN key_access_servers kas ON kas.id = kask.id // GROUP BY k.value_id // ) value_keys ON av.id = value_keys.value_id // WHERE ($1::uuid IS NULL OR av.id = $1::uuid) @@ -852,7 +852,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON ns.id = nmp_keys.namespace_id WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL @@ -914,7 +914,7 @@ type GetNamespaceRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_namespace_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id +// INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.namespace_id // ) nmp_keys ON ns.id = nmp_keys.namespace_id // WHERE fqns.attribute_id IS NULL AND fqns.value_id IS NULL @@ -3986,7 +3986,7 @@ WITH target_definition AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_definition_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.definition_id ) defk ON ad.id = defk.definition_id WHERE fqns.fqn = ANY($1::TEXT[]) @@ -4035,7 +4035,7 @@ namespaces AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_namespace_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.namespace_id ) nmp_keys ON n.id = nmp_keys.namespace_id WHERE n.active = TRUE @@ -4130,7 +4130,7 @@ values AS ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id + INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE av.active = TRUE @@ -4207,7 +4207,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_definition_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id +// INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.definition_id // ) defk ON ad.id = defk.definition_id // WHERE fqns.fqn = ANY($1::TEXT[]) @@ -4256,7 +4256,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_namespace_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id +// INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.namespace_id // ) nmp_keys ON n.id = nmp_keys.namespace_id // WHERE n.active = TRUE @@ -4351,7 +4351,7 @@ type listAttributesByDefOrValueFqnsRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_value_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// LEFT JOIN key_access_servers kas ON kask.key_access_server_id = kas.id +// INNER JOIN key_access_servers kas ON kask.key_access_server_id = kas.id // GROUP BY k.value_id // ) value_keys ON av.id = value_keys.value_id // WHERE av.active = TRUE From bfeaba52689725bfde314ef2e8e8a6e98eda3ce1 Mon Sep 17 00:00:00 2001 From: strantalis Date: Wed, 7 May 2025 14:45:10 -0400 Subject: [PATCH 3/3] fix inner join --- service/policy/db/query.sql | 2 +- service/policy/db/query.sql.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/service/policy/db/query.sql b/service/policy/db/query.sql index c124433e5b..4a1f0ef7a3 100644 --- a/service/policy/db/query.sql +++ b/service/policy/db/query.sql @@ -887,7 +887,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - INNER JOIN key_access_servers kas ON kas.id = kask.id + INNER JOIN key_access_servers kas ON kas.id = kask.key_access_server_id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE (sqlc.narg('id')::uuid IS NULL OR av.id = sqlc.narg('id')::uuid) diff --git a/service/policy/db/query.sql.go b/service/policy/db/query.sql.go index 9758ce5863..9c7ea683c9 100644 --- a/service/policy/db/query.sql.go +++ b/service/policy/db/query.sql.go @@ -618,7 +618,7 @@ LEFT JOIN ( ) FILTER (WHERE kask.id IS NOT NULL) AS keys FROM attribute_value_public_key_map k INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id - INNER JOIN key_access_servers kas ON kas.id = kask.id + INNER JOIN key_access_servers kas ON kas.id = kask.key_access_server_id GROUP BY k.value_id ) value_keys ON av.id = value_keys.value_id WHERE ($1::uuid IS NULL OR av.id = $1::uuid) @@ -683,7 +683,7 @@ type GetAttributeValueRow struct { // ) FILTER (WHERE kask.id IS NOT NULL) AS keys // FROM attribute_value_public_key_map k // INNER JOIN key_access_server_keys kask ON k.key_access_server_key_id = kask.id -// INNER JOIN key_access_servers kas ON kas.id = kask.id +// INNER JOIN key_access_servers kas ON kas.id = kask.key_access_server_id // GROUP BY k.value_id // ) value_keys ON av.id = value_keys.value_id // WHERE ($1::uuid IS NULL OR av.id = $1::uuid)