From af4fab7c44372e1b13f66ba4eb810dc3a30911f7 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Wed, 13 Nov 2024 11:24:07 -0500 Subject: [PATCH 01/23] add a test with OR split but one kas isnt running --- .github/workflows/xtest.yml | 2 +- xtest/conftest.py | 106 ++++++++++++++++++++++++++++++++++++ xtest/test_abac.py | 84 ++++++++++++++++++++++++++++ 3 files changed, 191 insertions(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 54bd4710..e210c75a 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -177,7 +177,7 @@ jobs: - name: Run attribute based configuration tests run: |- - pytest test_abac.py + pytest -v test_abac.py working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' diff --git a/xtest/conftest.py b/xtest/conftest.py index 43375f95..0261a0da 100644 --- a/xtest/conftest.py +++ b/xtest/conftest.py @@ -141,6 +141,10 @@ def kas_url_attr(): def kas_url_ns(): return os.getenv("KASURL4", "http://localhost:8484/kas") +@pytest.fixture(scope="session") +def kas_url_not_running(): + return os.getenv("KASURL5", "http://localhost:8989/kas") + @pytest.fixture(scope="module") def attribute_single_kas_grant( @@ -236,6 +240,107 @@ def attribute_two_kas_grant_or( return anyof +@pytest.fixture(scope="module") +def attribute_two_kas_grant_or_non_running_second_kas( + otdfctl: abac.OpentdfCommandLineTool, + kas_url_value1: str, + kas_url_not_running: str, + temporary_namespace: abac.Namespace, +): + anyof = otdfctl.attribute_create( + temporary_namespace, "notrunningbeta", abac.AttributeRule.ANY_OF, ["alpha", "beta"] + ) + assert anyof.values + alpha, beta = anyof.values + assert alpha.value == "alpha" + assert beta.value == "beta" + + # Then assign it to all clientIds = opentdf-sdk + sc = otdfctl.scs_create( + [ + abac.SubjectSet( + condition_groups=[ + abac.ConditionGroup( + boolean_operator=abac.ConditionBooleanTypeEnum.OR, + conditions=[ + abac.Condition( + subject_external_selector_value=".clientId", + operator=abac.SubjectMappingOperatorEnum.IN, + subject_external_values=["opentdf", "opentdf-sdk"], + ) + ], + ) + ] + ) + ], + ) + sm = otdfctl.scs_map(sc, alpha) + assert sm.attribute_value.value == "alpha" + # Now assign it to the current KAS + kas_entry_alpha = otdfctl.kas_registry_create_if_not_present( + kas_url_value1, + load_cached_kas_keys(), + ) + otdfctl.grant_assign_value(kas_entry_alpha, alpha) + + kas_entry_beta = otdfctl.kas_registry_create_if_not_present( + kas_url_not_running, + load_cached_kas_keys(), + ) + otdfctl.grant_assign_value(kas_entry_beta, beta) + return anyof + +@pytest.fixture(scope="module") +def attribute_two_kas_grant_or_non_running_first_kas( + otdfctl: abac.OpentdfCommandLineTool, + kas_url_not_running: str, + kas_url_value2: str, + temporary_namespace: abac.Namespace, +): + anyof = otdfctl.attribute_create( + temporary_namespace, "notrunningalpha", abac.AttributeRule.ANY_OF, ["alpha", "beta"] + ) + assert anyof.values + alpha, beta = anyof.values + assert alpha.value == "alpha" + assert beta.value == "beta" + + # Then assign it to all clientIds = opentdf-sdk + sc = otdfctl.scs_create( + [ + abac.SubjectSet( + condition_groups=[ + abac.ConditionGroup( + boolean_operator=abac.ConditionBooleanTypeEnum.OR, + conditions=[ + abac.Condition( + subject_external_selector_value=".clientId", + operator=abac.SubjectMappingOperatorEnum.IN, + subject_external_values=["opentdf", "opentdf-sdk"], + ) + ], + ) + ] + ) + ], + ) + sm = otdfctl.scs_map(sc, alpha) + assert sm.attribute_value.value == "alpha" + # Now assign it to the current KAS + kas_entry_alpha = otdfctl.kas_registry_create_if_not_present( + kas_url_not_running, + load_cached_kas_keys(), + ) + otdfctl.grant_assign_value(kas_entry_alpha, alpha) + + kas_entry_beta = otdfctl.kas_registry_create_if_not_present( + kas_url_value2, + load_cached_kas_keys(), + ) + otdfctl.grant_assign_value(kas_entry_beta, beta) + return anyof + + @pytest.fixture(scope="module") def attribute_two_kas_grant_and( otdfctl: abac.OpentdfCommandLineTool, @@ -389,6 +494,7 @@ def attr_and_value_kas_grants_or( return anyof + @pytest.fixture(scope="module") def attr_and_value_kas_grants_and( otdfctl: abac.OpentdfCommandLineTool, diff --git a/xtest/test_abac.py b/xtest/test_abac.py index 5020f2f5..5cea8581 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -86,6 +86,90 @@ def test_autoconfigure_two_kas_or( tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") assert filecmp.cmp(pt_file, rt_file) +def test_autoconfigure_two_kas_or_second_kas_not_running( + attribute_two_kas_grant_or_non_running_second_kas, + encrypt_sdk, + decrypt_sdk, + tmp_dir, + pt_file, + kas_url_value1: str, + kas_url_value2: str, +): + skip_if_unsupported(encrypt_sdk, "autoconfigure") + + sample_name = f"test-abac-two-second-kas-non-running-{encrypt_sdk}" + if sample_name in cipherTexts: + ct_file = cipherTexts[sample_name] + else: + ct_file = f"{tmp_dir}/{sample_name}.tdf" + tdfs.encrypt( + encrypt_sdk, + pt_file, + ct_file, + mime_type="text/plain", + fmt="ztdf", + attr_values=[ + attribute_two_kas_grant_or_non_running_second_kas.values[0].fqn, + attribute_two_kas_grant_or_non_running_second_kas.values[1].fqn, + ], + ) + cipherTexts[sample_name] = ct_file + manifest = tdfs.manifest(ct_file) + assert len(manifest.encryptionInformation.keyAccess) == 2 + assert ( + manifest.encryptionInformation.keyAccess[0].sid + == manifest.encryptionInformation.keyAccess[1].sid + ) + assert set([kas_url_value1, kas_url_value2]) == set( + [kao.url for kao in manifest.encryptionInformation.keyAccess] + ) + + rt_file = f"{tmp_dir}test-abac-or-second-kas-non-running-{encrypt_sdk}-{decrypt_sdk}.untdf" + tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") + assert filecmp.cmp(pt_file, rt_file) + +def test_autoconfigure_two_kas_or_first_kas_not_running( + attribute_two_kas_grant_or_non_running_first_kas, + encrypt_sdk, + decrypt_sdk, + tmp_dir, + pt_file, + kas_url_value1: str, + kas_url_value2: str, +): + skip_if_unsupported(encrypt_sdk, "autoconfigure") + + sample_name = f"test-abac-two-first-kas-non-running-{encrypt_sdk}" + if sample_name in cipherTexts: + ct_file = cipherTexts[sample_name] + else: + ct_file = f"{tmp_dir}/{sample_name}.tdf" + tdfs.encrypt( + encrypt_sdk, + pt_file, + ct_file, + mime_type="text/plain", + fmt="ztdf", + attr_values=[ + attribute_two_kas_grant_or_non_running_first_kas.values[0].fqn, + attribute_two_kas_grant_or_non_running_first_kas.values[1].fqn, + ], + ) + cipherTexts[sample_name] = ct_file + manifest = tdfs.manifest(ct_file) + assert len(manifest.encryptionInformation.keyAccess) == 2 + assert ( + manifest.encryptionInformation.keyAccess[0].sid + == manifest.encryptionInformation.keyAccess[1].sid + ) + assert set([kas_url_value1, kas_url_value2]) == set( + [kao.url for kao in manifest.encryptionInformation.keyAccess] + ) + + rt_file = f"{tmp_dir}test-abac-or-first-kas-non-running-{encrypt_sdk}-{decrypt_sdk}.untdf" + tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") + assert filecmp.cmp(pt_file, rt_file) + def skip_if_unsupported(sdk: tdfs.sdk_type, *features: tdfs.feature_type): for feature in features: From 45b5376d09a624035f1ddac515126d1a02f29d3e Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Wed, 13 Nov 2024 11:53:03 -0500 Subject: [PATCH 02/23] js branch --- .github/workflows/xtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e210c75a..b13cdcb6 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -30,7 +30,7 @@ jobs: packages: read env: PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" - JS_REF: "${{ inputs.js-ref || 'main' }}" + JS_REF: "${{ inputs.js-ref || 'fix/split-unwrap' }}" OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" JAVA_REF: "${{ inputs.java-ref || 'main' }}" steps: From fd3c069fc022a32502bc10e09f3b3ae25f1f9fd2 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Wed, 13 Nov 2024 11:56:39 -0500 Subject: [PATCH 03/23] fix kao url checks --- xtest/test_abac.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xtest/test_abac.py b/xtest/test_abac.py index 5cea8581..e3ed58f5 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -93,7 +93,7 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( tmp_dir, pt_file, kas_url_value1: str, - kas_url_value2: str, + kas_url_not_running: str, ): skip_if_unsupported(encrypt_sdk, "autoconfigure") @@ -120,7 +120,7 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) - assert set([kas_url_value1, kas_url_value2]) == set( + assert set([kas_url_value1, kas_url_not_running]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) @@ -134,7 +134,7 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( decrypt_sdk, tmp_dir, pt_file, - kas_url_value1: str, + kas_url_not_running: str, kas_url_value2: str, ): skip_if_unsupported(encrypt_sdk, "autoconfigure") @@ -162,7 +162,7 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) - assert set([kas_url_value1, kas_url_value2]) == set( + assert set([kas_url_not_running, kas_url_value2]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) From 9fbb93ffcb94e9e715b36b380ee33e47b722d217 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Wed, 13 Nov 2024 12:08:15 -0500 Subject: [PATCH 04/23] use main --- .github/workflows/xtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index b13cdcb6..e210c75a 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -30,7 +30,7 @@ jobs: packages: read env: PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" - JS_REF: "${{ inputs.js-ref || 'fix/split-unwrap' }}" + JS_REF: "${{ inputs.js-ref || 'main' }}" OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" JAVA_REF: "${{ inputs.java-ref || 'main' }}" steps: From b2e174b060e59a5585425cbf10929d67e1911387 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Wed, 13 Nov 2024 12:09:35 -0500 Subject: [PATCH 05/23] linting --- xtest/conftest.py | 13 ++++++++++--- xtest/test_abac.py | 6 +++++- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/xtest/conftest.py b/xtest/conftest.py index 0261a0da..a49abe0e 100644 --- a/xtest/conftest.py +++ b/xtest/conftest.py @@ -141,6 +141,7 @@ def kas_url_attr(): def kas_url_ns(): return os.getenv("KASURL4", "http://localhost:8484/kas") + @pytest.fixture(scope="session") def kas_url_not_running(): return os.getenv("KASURL5", "http://localhost:8989/kas") @@ -248,7 +249,10 @@ def attribute_two_kas_grant_or_non_running_second_kas( temporary_namespace: abac.Namespace, ): anyof = otdfctl.attribute_create( - temporary_namespace, "notrunningbeta", abac.AttributeRule.ANY_OF, ["alpha", "beta"] + temporary_namespace, + "notrunningbeta", + abac.AttributeRule.ANY_OF, + ["alpha", "beta"], ) assert anyof.values alpha, beta = anyof.values @@ -290,6 +294,7 @@ def attribute_two_kas_grant_or_non_running_second_kas( otdfctl.grant_assign_value(kas_entry_beta, beta) return anyof + @pytest.fixture(scope="module") def attribute_two_kas_grant_or_non_running_first_kas( otdfctl: abac.OpentdfCommandLineTool, @@ -298,7 +303,10 @@ def attribute_two_kas_grant_or_non_running_first_kas( temporary_namespace: abac.Namespace, ): anyof = otdfctl.attribute_create( - temporary_namespace, "notrunningalpha", abac.AttributeRule.ANY_OF, ["alpha", "beta"] + temporary_namespace, + "notrunningalpha", + abac.AttributeRule.ANY_OF, + ["alpha", "beta"], ) assert anyof.values alpha, beta = anyof.values @@ -494,7 +502,6 @@ def attr_and_value_kas_grants_or( return anyof - @pytest.fixture(scope="module") def attr_and_value_kas_grants_and( otdfctl: abac.OpentdfCommandLineTool, diff --git a/xtest/test_abac.py b/xtest/test_abac.py index e3ed58f5..2d670553 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -86,6 +86,7 @@ def test_autoconfigure_two_kas_or( tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") assert filecmp.cmp(pt_file, rt_file) + def test_autoconfigure_two_kas_or_second_kas_not_running( attribute_two_kas_grant_or_non_running_second_kas, encrypt_sdk, @@ -128,6 +129,7 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") assert filecmp.cmp(pt_file, rt_file) + def test_autoconfigure_two_kas_or_first_kas_not_running( attribute_two_kas_grant_or_non_running_first_kas, encrypt_sdk, @@ -166,7 +168,9 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) - rt_file = f"{tmp_dir}test-abac-or-first-kas-non-running-{encrypt_sdk}-{decrypt_sdk}.untdf" + rt_file = ( + f"{tmp_dir}test-abac-or-first-kas-non-running-{encrypt_sdk}-{decrypt_sdk}.untdf" + ) tdfs.decrypt(decrypt_sdk, ct_file, rt_file, "ztdf") assert filecmp.cmp(pt_file, rt_file) From c5d38d178e78f76fa2e6a568d2fc15d30e79179b Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:06:42 -0500 Subject: [PATCH 06/23] trigger --- .github/workflows/xtest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e210c75a..e5f15327 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,3 +181,4 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + From df798813d5b241223c36edd21442abf61fc35cb3 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:07:30 -0500 Subject: [PATCH 07/23] trigger2 --- .github/workflows/xtest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e5f15327..e210c75a 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,4 +181,3 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' - From e1e733a688ea95661a9c52c055618066586f9d52 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:07:43 -0500 Subject: [PATCH 08/23] trigger3 --- .github/workflows/xtest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e210c75a..e5f15327 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,3 +181,4 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + From ac24a3429ca7cb6dee8d7be7d4ec4e2bf27f8c79 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:07:52 -0500 Subject: [PATCH 09/23] trigger4 --- .github/workflows/xtest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e5f15327..e210c75a 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,4 +181,3 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' - From 9f0799a392442f4f8d850ac86912fc4466617b2f Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:18:55 -0500 Subject: [PATCH 10/23] trigger js commit 8b1de24 --- .github/workflows/xtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index e210c75a..a11c0b91 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -30,7 +30,7 @@ jobs: packages: read env: PLATFORM_REF: "${{ inputs.platform-ref || 'main' }}" - JS_REF: "${{ inputs.js-ref || 'main' }}" + JS_REF: "${{ inputs.js-ref || '8b1de243c4330b62d2c82e41cf676fb2f2e01150' }}" OTDFCTL_REF: "${{ inputs.otdfctl-ref || 'main' }}" JAVA_REF: "${{ inputs.java-ref || 'main' }}" steps: From 6d9b1c5962aa3444e51d63394051fb3239245524 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:19:08 -0500 Subject: [PATCH 11/23] trigger 8b1de24 2 --- .github/workflows/xtest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index a11c0b91..29fcf011 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,3 +181,4 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + From 12fec4d9d7095d5321db05659e331c315cdb5565 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:19:17 -0500 Subject: [PATCH 12/23] trigger 8b1de24 3 --- .github/workflows/xtest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 29fcf011..a11c0b91 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,4 +181,3 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' - From b7f02ce631bd74e17fae603e777132e427c8ef39 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:19:33 -0500 Subject: [PATCH 13/23] trigger 8b1de24 4 --- .github/workflows/xtest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index a11c0b91..29fcf011 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -181,3 +181,4 @@ jobs: working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + From a8f70e3c21a8456d51755980bfd64aa6c257d366 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 11:57:47 -0500 Subject: [PATCH 14/23] check placement within kao list --- xtest/test_abac.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/xtest/test_abac.py b/xtest/test_abac.py index 2d670553..3c843fbe 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -121,6 +121,7 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) + assert manifest.encryptionInformation.keyAccess[1].url == kas_url_not_running assert set([kas_url_value1, kas_url_not_running]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) @@ -164,6 +165,7 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) + assert manifest.encryptionInformation.keyAccess[0].url == kas_url_not_running assert set([kas_url_not_running, kas_url_value2]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) From 2f642737d662c9ee689159bb0ee0bb6a423a2c52 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 12:27:06 -0500 Subject: [PATCH 15/23] alter the manifest if kao does not have non existant kas in right place --- xtest/test_abac.py | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/xtest/test_abac.py b/xtest/test_abac.py index 3c843fbe..442bde85 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -87,6 +87,21 @@ def test_autoconfigure_two_kas_or( assert filecmp.cmp(pt_file, rt_file) +def move_item(lst, current_index, desired_index): + # Validate indices + if current_index < 0 or current_index >= len(lst): + raise IndexError("Current index is out of range.") + if desired_index < 0 or desired_index >= len(lst): + raise IndexError("Desired index is out of range.") + + # Remove the item from the current index + item = lst.pop(current_index) + + # Insert the item at the desired index + lst.insert(desired_index, item) + + return lst + def test_autoconfigure_two_kas_or_second_kas_not_running( attribute_two_kas_grant_or_non_running_second_kas, encrypt_sdk, @@ -116,12 +131,23 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( ) cipherTexts[sample_name] = ct_file manifest = tdfs.manifest(ct_file) + + if manifest.encryptionInformation.keyAccess[1].url != kas_url_not_running: + def move_last(manifest: tdfs.Manifest) -> tdfs.Manifest: + manifest.encryptionInformation.keyAccess = move_item( + manifest.encryptionInformation.keyAccess, 0, 1) + return manifest + ct_file = tdfs.update_manifest("kao_not_running_last", ct_file, move_last) + + + manifest = tdfs.manifest(ct_file) + assert manifest.encryptionInformation.keyAccess[1].url == kas_url_not_running + assert len(manifest.encryptionInformation.keyAccess) == 2 assert ( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) - assert manifest.encryptionInformation.keyAccess[1].url == kas_url_not_running assert set([kas_url_value1, kas_url_not_running]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) @@ -160,12 +186,22 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( ) cipherTexts[sample_name] = ct_file manifest = tdfs.manifest(ct_file) + if manifest.encryptionInformation.keyAccess[0].url != kas_url_not_running: + def move_first(manifest: tdfs.Manifest) -> tdfs.Manifest: + manifest.encryptionInformation.keyAccess = move_item( + manifest.encryptionInformation.keyAccess, 1, 0) + return manifest + ct_file = tdfs.update_manifest("kao_not_running_first", ct_file, move_first) + + + manifest = tdfs.manifest(ct_file) + assert manifest.encryptionInformation.keyAccess[0].url == kas_url_not_running + assert len(manifest.encryptionInformation.keyAccess) == 2 assert ( manifest.encryptionInformation.keyAccess[0].sid == manifest.encryptionInformation.keyAccess[1].sid ) - assert manifest.encryptionInformation.keyAccess[0].url == kas_url_not_running assert set([kas_url_not_running, kas_url_value2]) == set( [kao.url for kao in manifest.encryptionInformation.keyAccess] ) From ac60c122f58ab6236bbee77fe5132cc35d25584b Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Mon, 18 Nov 2024 12:42:46 -0500 Subject: [PATCH 16/23] formatting --- xtest/test_abac.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/xtest/test_abac.py b/xtest/test_abac.py index 442bde85..170be26b 100644 --- a/xtest/test_abac.py +++ b/xtest/test_abac.py @@ -96,12 +96,13 @@ def move_item(lst, current_index, desired_index): # Remove the item from the current index item = lst.pop(current_index) - + # Insert the item at the desired index lst.insert(desired_index, item) return lst + def test_autoconfigure_two_kas_or_second_kas_not_running( attribute_two_kas_grant_or_non_running_second_kas, encrypt_sdk, @@ -133,13 +134,15 @@ def test_autoconfigure_two_kas_or_second_kas_not_running( manifest = tdfs.manifest(ct_file) if manifest.encryptionInformation.keyAccess[1].url != kas_url_not_running: + def move_last(manifest: tdfs.Manifest) -> tdfs.Manifest: manifest.encryptionInformation.keyAccess = move_item( - manifest.encryptionInformation.keyAccess, 0, 1) + manifest.encryptionInformation.keyAccess, 0, 1 + ) return manifest + ct_file = tdfs.update_manifest("kao_not_running_last", ct_file, move_last) - manifest = tdfs.manifest(ct_file) assert manifest.encryptionInformation.keyAccess[1].url == kas_url_not_running @@ -187,13 +190,15 @@ def test_autoconfigure_two_kas_or_first_kas_not_running( cipherTexts[sample_name] = ct_file manifest = tdfs.manifest(ct_file) if manifest.encryptionInformation.keyAccess[0].url != kas_url_not_running: + def move_first(manifest: tdfs.Manifest) -> tdfs.Manifest: manifest.encryptionInformation.keyAccess = move_item( - manifest.encryptionInformation.keyAccess, 1, 0) + manifest.encryptionInformation.keyAccess, 1, 0 + ) return manifest + ct_file = tdfs.update_manifest("kao_not_running_first", ct_file, move_first) - manifest = tdfs.manifest(ct_file) assert manifest.encryptionInformation.keyAccess[0].url == kas_url_not_running From 7ff637b4c7c81ae07ae0cc395901b3082574cd89 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 10:23:22 -0500 Subject: [PATCH 17/23] running just go-java vvv --- .github/workflows/xtest.yml | 24 ++++++++++++------------ xtest/sdk/js/cli/cli.sh | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 29fcf011..6cd1ea08 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -138,17 +138,17 @@ jobs: run: |- pip install -r requirements.txt working-directory: otdftests/xtest - - name: Validate xtests - if: ${{ !inputs }} - run: |- - pytest test_nano.py test_self.py - working-directory: otdftests/xtest - - name: Run xtests - run: |- - pytest -v test_tdfs.py - working-directory: otdftests/xtest - env: - PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + # - name: Validate xtests + # if: ${{ !inputs }} + # run: |- + # pytest test_nano.py test_self.py + # working-directory: otdftests/xtest + # - name: Run xtests + # run: |- + # pytest -v test_tdfs.py + # working-directory: otdftests/xtest + # env: + # PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' ######## ATTRIBUTE BASED CONFIGURATION ############# - name: Start additional kas @@ -177,7 +177,7 @@ jobs: - name: Run attribute based configuration tests run: |- - pytest -v test_abac.py + pytest -vvv test_abac.py::test_autoconfigure_two_kas_or_first_kas_not_running --sdks-encrypt "go" --sdks-decrypt "java" working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' diff --git a/xtest/sdk/js/cli/cli.sh b/xtest/sdk/js/cli/cli.sh index 7dfac8c6..b784cade 100755 --- a/xtest/sdk/js/cli/cli.sh +++ b/xtest/sdk/js/cli/cli.sh @@ -42,7 +42,7 @@ args=( --kasEndpoint "$KASURL" --ignoreAllowList --oidcEndpoint "$KCFULLURL" - --auth opentdf:secret + --auth $CLIENTID:$CLIENTSECRET ) # default for js cli is nano if [ "$4" == "ztdf" ]; then From f1d181b332ee294c77cf6d9b0f65bacd45399a27 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 10:36:22 -0500 Subject: [PATCH 18/23] try with debug logging --- xtest/sdk/java/cli.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xtest/sdk/java/cli.sh b/xtest/sdk/java/cli.sh index a7e1cce0..23028b81 100755 --- a/xtest/sdk/java/cli.sh +++ b/xtest/sdk/java/cli.sh @@ -59,4 +59,4 @@ if [ -n "$6" ]; then fi echo java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" -f "$2" ">" "$3" -java -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" -f "$2" >"$3" +java -Dlog4j.debug -jar "$SCRIPT_DIR"/cmdline.jar "${args[@]}" -f "$2" >"$3" From a31cc8ed640ce161dd2abaf6e1aa267a012492c2 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 10:42:07 -0500 Subject: [PATCH 19/23] try not verbose --- .github/workflows/xtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 6cd1ea08..8b9ad374 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -177,7 +177,7 @@ jobs: - name: Run attribute based configuration tests run: |- - pytest -vvv test_abac.py::test_autoconfigure_two_kas_or_first_kas_not_running --sdks-encrypt "go" --sdks-decrypt "java" + pytest test_abac.py::test_autoconfigure_two_kas_or_first_kas_not_running --sdks-encrypt "go" --sdks-decrypt "java" working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' From b17f377508a66d2c3a51a8013ae682153a38ea41 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 10:53:54 -0500 Subject: [PATCH 20/23] try printing -s --- .github/workflows/xtest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 8b9ad374..dd9c9a65 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -177,7 +177,7 @@ jobs: - name: Run attribute based configuration tests run: |- - pytest test_abac.py::test_autoconfigure_two_kas_or_first_kas_not_running --sdks-encrypt "go" --sdks-decrypt "java" + pytest -s test_abac.py::test_autoconfigure_two_kas_or_first_kas_not_running --sdks-encrypt "go" --sdks-decrypt "java" working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' From bd7329430310c5eeae4ef4fce96ffd802a9a4781 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 11:27:38 -0500 Subject: [PATCH 21/23] try decrypting after failure --- .github/workflows/xtest.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index dd9c9a65..635264ee 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -182,3 +182,11 @@ jobs: env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + - name: Run decrypt + if: always() + run: |- + sdk/java/cli.sh decrypt tmp/test-abac-two-first-kas-non-running-go-kao_not_running_first.tdf tmp/test-abac-or-first-kas-non-running-go-java.untdf ztdf + working-directory: otdftests/xtest + env: + PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + From ac3d15b0113437ac1df34677b202ae6effd72f30 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 11:38:30 -0500 Subject: [PATCH 22/23] add step to unzip and read the manifest --- .github/workflows/xtest.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 635264ee..8afd9da9 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -182,6 +182,16 @@ jobs: env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + - name: unzip + if: always() + run: |- + mkdir -p ./unzippedtdf + unzip tmp/test-abac-two-first-kas-non-running-go-kao_not_running_first.tdf -d ./unzippedtdf + cat unzippedtdf/0.manifest.json + working-directory: otdftests/xtest + env: + PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + - name: Run decrypt if: always() run: |- From 3865e03eb56b27bde4201c7b2f3f63b193827ed2 Mon Sep 17 00:00:00 2001 From: Elizabeth Healy Date: Tue, 19 Nov 2024 11:46:10 -0500 Subject: [PATCH 23/23] upload as artifact --- .github/workflows/xtest.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 8afd9da9..25e050f2 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -187,11 +187,18 @@ jobs: run: |- mkdir -p ./unzippedtdf unzip tmp/test-abac-two-first-kas-non-running-go-kao_not_running_first.tdf -d ./unzippedtdf - cat unzippedtdf/0.manifest.json + echo $(cat unzippedtdf/0.manifest.json) working-directory: otdftests/xtest env: PLATFORM_DIR: '../../${{ steps.run-platform.outputs.platform-working-dir }}' + - name: Upload manifest as artifact + uses: actions/upload-artifact@v3 + with: + name: manifest-output + path: otdftests/xtest/unzippedtdf/0.manifest.json + + - name: Run decrypt if: always() run: |-