fix(policy): return kas uri on keys for definition, namespace and values

service/integration/attribute_fqns_test.go

@@ -1647,6 +1647,108 @@ func (s *AttributeFqnSuite) TestGetAttributesByValueFqns_Fails_WithNonValueFqns(
 	s.Require().ErrorIs(err, db.ErrNotFound)
 }
 
+func (s *AttributeFqnSuite) TestGetAttributeByValueFqns_KAS_Keys_Returned() {
+	kasKey := s.f.GetKasRegistryServerKeys("kas_key_1")
+	fqn := "https://keys.com/attr/kas-key/value/key1"
+
+	kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID)
+	s.Require().NoError(err)
+	s.NotNil(kasReg)
+
+	// Create New Namespace
+	ns, err := s.db.PolicyClient.CreateNamespace(s.ctx, &namespaces.CreateNamespaceRequest{Name: "keys.com"})
+	s.Require().NoError(err)
+	s.NotNil(ns)
+
+	// Create Attribute
+	attr, err := s.db.PolicyClient.CreateAttribute(s.ctx, &attributes.CreateAttributeRequest{
+		Name:        "kas-key",
+		NamespaceId: ns.GetId(),
+		Rule:        policy.AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF,
+		Values:      []string{"key1"},
+	})
+	s.Require().NoError(err)
+	s.NotNil(attr)
+
+	// Assign Kas Key to namespace
+	nsKey, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{
+		NamespaceId: ns.GetId(),
+		KeyId:       kasKey.ID,
+	})
+	s.Require().NoError(err)
+	s.NotNil(nsKey)
+
+	// Get Attribute By Value Fqns. Check NS for key
+	v, err := s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{
+		Fqns: []string{fqn},
+	})
+	s.Require().NoError(err)
+	s.NotNil(v)
+	s.Len(v, 1)
+
+	for _, attr := range v {
+		s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1)
+		s.Empty(attr.GetAttribute().GetKasKeys())
+		s.Empty(attr.GetValue().GetKasKeys())
+		s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri())
+	}
+
+	// Assign Kas Key to Attribute
+	attrKey, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{
+		AttributeId: attr.GetId(),
+		KeyId:       kasKey.ID,
+	})
+	s.Require().NoError(err)
+	s.NotNil(attrKey)
+
+	// Get Attribute By Value Fqns. Check NS and Attribute for Key
+	v, err = s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{
+		Fqns: []string{fqn},
+	})
+	s.Require().NoError(err)
+	s.NotNil(v)
+	s.Len(v, 1)
+
+	for _, attr := range v {
+		s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1)
+		s.Len(attr.GetAttribute().GetKasKeys(), 1)
+		s.Empty(attr.GetValue().GetKasKeys())
+		s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri())
+		s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetAttribute().GetKasKeys()[0].GetKasUri())
+	}
+
+	// Assign Kas Key to Value
+	valueKey, err := s.db.PolicyClient.AssignPublicKeyToValue(s.ctx, &attributes.ValueKey{
+		ValueId: attr.GetValues()[0].GetId(),
+		KeyId:   kasKey.ID,
+	})
+	s.Require().NoError(err)
+	s.NotNil(valueKey)
+
+	// Get Attribute By Value Fqns. Check NS ,Attribute and Value for Key
+	v, err = s.db.PolicyClient.GetAttributesByValueFqns(s.ctx, &attributes.GetAttributeValuesByFqnsRequest{
+		Fqns: []string{fqn},
+	})
+	s.Require().NoError(err)
+	s.NotNil(v)
+	s.Len(v, 1)
+
+	for _, attr := range v {
+		s.Len(attr.GetAttribute().GetNamespace().GetKasKeys(), 1)
+		s.Len(attr.GetAttribute().GetKasKeys(), 1)
+		s.Len(attr.GetValue().GetKasKeys(), 1)
+		s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetAttribute().GetNamespace().GetKasKeys()[0].GetKasUri())
+		s.Equal(kasKey.KeyAccessServerID, attr.GetAttribute().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetAttribute().GetKasKeys()[0].GetKasUri())
+		s.Equal(kasKey.KeyAccessServerID, attr.GetValue().GetKasKeys()[0].GetKasId())
+		s.Equal(kasReg.GetUri(), attr.GetValue().GetKasKeys()[0].GetKasUri())
+	}
+}
+
 func (s *AttributeFqnSuite) bigTestSetup(namespaceName string) bigSetup {
 	// create a new namespace
 	ns, err := s.db.PolicyClient.CreateNamespace(s.ctx, &namespaces.CreateNamespaceRequest{

service/integration/attribute_values_test.go

@@ -1025,6 +1025,13 @@ func (s *AttributeValuesSuite) Test_AssignPublicKeyToAttributeValue_Succeeds() {
 	s.Empty(gotAttrValue.GetKasKeys()[0].GetKey().GetProviderConfig())
 	s.Empty(gotAttrValue.GetKasKeys()[0].GetKey().GetPrivateKeyCtx())
 
+	// Get the kas server information associated with the key
+	kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID)
+	s.Require().NoError(err)
+	s.NotNil(kasReg)
+
+	s.Equal(kasReg.GetUri(), gotAttrValue.GetKasKeys()[0].GetKasUri())
+
 	resp, err = s.db.PolicyClient.RemovePublicKeyFromValue(s.ctx, &attributes.ValueKey{
 		ValueId: gotAttrValue.GetId(),
 		KeyId:   gotAttrValue.GetKasKeys()[0].GetKey().GetId(),

service/integration/attributes_test.go

@@ -1344,7 +1344,6 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() {
 	s.Require().NoError(err)
 	s.NotNil(gotAttr)
 	s.Empty(gotAttr.GetKasKeys())
-
 	kasKey := s.f.GetKasRegistryServerKeys("kas_key_1")
 	resp, err := s.db.PolicyClient.AssignPublicKeyToAttribute(s.ctx, &attributes.AttributeKey{
 		AttributeId: s.f.GetAttributeKey("example.com/attr/attr1").ID,
@@ -1356,6 +1355,7 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() {
 	gotAttr, err = s.db.PolicyClient.GetAttribute(s.ctx, s.f.GetAttributeKey("example.com/attr/attr1").ID)
 	s.Require().NoError(err)
 	s.NotNil(gotAttr)
+
 	s.Len(gotAttr.GetKasKeys(), 1)
 	s.Equal(kasKey.KeyAccessServerID, gotAttr.GetKasKeys()[0].GetKasId())
 	s.Equal(kasKey.ID, gotAttr.GetKasKeys()[0].GetKey().GetId())
@@ -1365,6 +1365,13 @@ func (s *AttributesSuite) Test_AssociatePublicKeyToAttribute_Succeeds() {
 	s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetPrivateKeyCtx())
 	s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetProviderConfig())
 
+	// Get the kas server information associated with the key
+	kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID)
+	s.Require().NoError(err)
+	s.NotNil(kasReg)
+
+	s.Equal(kasReg.GetUri(), gotAttr.GetKasKeys()[0].GetKasUri())
+
 	resp, err = s.db.PolicyClient.RemovePublicKeyFromAttribute(s.ctx, &attributes.AttributeKey{
 		AttributeId: resp.GetAttributeId(),
 		KeyId:       resp.GetKeyId(),

service/integration/main_test.go

@@ -61,7 +61,6 @@ func TestMain(m *testing.M) {
 		export TESTCONTAINERS_RYUK_CONTAINER_PRIVILEGED=true; # needed to run Reaper (alternative disable it TESTCONTAINERS_RYUK_DISABLED=true)
 		export TESTCONTAINERS_DOCKER_SOCKET_OVERRIDE=/var/run/docker.sock; # needed to apply the bind with statfs
 	*/
-
 	var providerType tc.ProviderType
 
 	if os.Getenv("TESTCONTAINERS_PODMAN") == "true" {

service/integration/namespaces_test.go

@@ -1176,12 +1176,12 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Returns_Error_When_
 
 func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() {
 	namespaceFix := s.getActiveNamespaceFixtures()[0]
-	gotAttr, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
+	gotNS, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
 		NamespaceId: namespaceFix.ID,
 	})
 	s.Require().NoError(err)
-	s.NotNil(gotAttr)
-	s.Empty(gotAttr.GetKasKeys())
+	s.NotNil(gotNS)
+	s.Empty(gotNS.GetKasKeys())
 
 	kasKey := s.f.GetKasRegistryServerKeys("kas_key_1")
 	resp, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{
@@ -1191,19 +1191,26 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() {
 	s.Require().NoError(err)
 	s.NotNil(resp)
 
-	gotAttr, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
+	gotNS, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
 		NamespaceId: namespaceFix.ID,
 	})
 	s.Require().NoError(err)
-	s.NotNil(gotAttr)
-	s.Len(gotAttr.GetKasKeys(), 1)
-	s.Equal(kasKey.KeyAccessServerID, gotAttr.GetKasKeys()[0].GetKasId())
-	s.Equal(kasKey.ID, gotAttr.GetKasKeys()[0].GetKey().GetId())
+	s.NotNil(gotNS)
+	s.Len(gotNS.GetKasKeys(), 1)
+	s.Equal(kasKey.KeyAccessServerID, gotNS.GetKasKeys()[0].GetKasId())
+	s.Equal(kasKey.ID, gotNS.GetKasKeys()[0].GetKey().GetId())
 	publicKeyCtx, err := base64.StdEncoding.DecodeString(kasKey.PublicKeyCtx)
 	s.Require().NoError(err)
-	s.Equal(publicKeyCtx, gotAttr.GetKasKeys()[0].GetKey().GetPublicKeyCtx())
-	s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetPrivateKeyCtx())
-	s.Empty(gotAttr.GetKasKeys()[0].GetKey().GetProviderConfig())
+	s.Equal(publicKeyCtx, gotNS.GetKasKeys()[0].GetKey().GetPublicKeyCtx())
+	s.Empty(gotNS.GetKasKeys()[0].GetKey().GetPrivateKeyCtx())
+	s.Empty(gotNS.GetKasKeys()[0].GetKey().GetProviderConfig())
+
+	// Get the kas server information associated with the key
+	kasReg, err := s.db.PolicyClient.GetKeyAccessServer(s.ctx, kasKey.KeyAccessServerID)
+	s.Require().NoError(err)
+	s.NotNil(kasReg)
+
+	s.Equal(kasReg.GetUri(), gotNS.GetKasKeys()[0].GetKasUri())
 
 	resp, err = s.db.PolicyClient.RemovePublicKeyFromNamespace(s.ctx, &namespaces.NamespaceKey{
 		NamespaceId: resp.GetNamespaceId(),
@@ -1212,22 +1219,22 @@ func (s *NamespacesSuite) Test_AssociatePublicKeyToNamespace_Succeeds() {
 	s.Require().NoError(err)
 	s.NotNil(resp)
 
-	gotAttr, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
+	gotNS, err = s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
 		NamespaceId: namespaceFix.ID,
 	})
 	s.Require().NoError(err)
-	s.NotNil(gotAttr)
-	s.Empty(gotAttr.GetKasKeys())
+	s.NotNil(gotNS)
+	s.Empty(gotNS.GetKasKeys())
 }
 
 func (s *NamespacesSuite) Test_RemovePublicKeyFromNamespace_Not_Found_Fails() {
 	namespaceFix := s.getActiveNamespaceFixtures()[0]
-	gotAttr, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
+	gotNS, err := s.db.PolicyClient.GetNamespace(s.ctx, &namespaces.GetNamespaceRequest_NamespaceId{
 		NamespaceId: namespaceFix.ID,
 	})
 	s.Require().NoError(err)
-	s.NotNil(gotAttr)
-	s.Empty(gotAttr.GetKasKeys())
+	s.NotNil(gotNS)
+	s.Empty(gotNS.GetKasKeys())
 
 	kasKey := s.f.GetKasRegistryServerKeys("kas_key_1")
 	resp, err := s.db.PolicyClient.AssignPublicKeyToNamespace(s.ctx, &namespaces.NamespaceKey{