Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(policy): adds new public keys table #1836

Merged
merged 34 commits into from
Jan 24, 2025
Merged

feat(policy): adds new public keys table #1836

merged 34 commits into from
Jan 24, 2025

Conversation

strantalis
Copy link
Member

@strantalis strantalis commented Jan 6, 2025
edited
Loading

Proposed Changes

Implements the following ADR as discussed here #1485.

  • Adds new public_keys table along with mappings pivot tables for attribute values, definitions and namespaces.
    • On create key if there is a previous key with the same alg it will make previous key inactive while mapping the the new key to the same namespaces, attribute definitions and values.
    • On first mapping public key field was_mapped gets set to true
  • Adds new CRUD RPC's to manage public keys and their associations
    • Updates only allow metadata to be updated considering public keys immutable
  • Returns public keys on GetAttributeValueByFQN rpc
  • Adds new ENUM values
    • KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096
    • KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1
    • KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1
erDiagram

    key_access_server {
        uuid       id                PK
        varchar    uri               UK
        varchar    name              UK "new optional name column"
        jsonb      public_key
        jsonb      metadata
    }

    public_keys {
        uuid        id                      PK 
        boolean     is_active         
        boolean     was_used          
        uuid        key_access_server_id    FK
        varchar(36) key_id
        varchar(50) alg                     "algorithm"
        constraint  unique_key              UK  "enforces unique key_id and algorithm per KAS (key_access_server_id, key_id, alg)"
        constraint  unique_active_key       UK  "enforce only one active key per KAS per algorithm"
        text        public_key
        jsonb       metadata
    }

    attribute_namespace_public_key_map {
        uuid namespace_id  FK
        uuid public_key_id FK
    }

    attribute_definition_public_key_map {
        uuid attribute_definition_id FK
        uuid public_key_id           FK
    }

    attribute_value_public_key_map {
        uuid attribute_value_id FK
        uuid public_key_id      FK
    }

    key_access_server 1 -- 1+ public_keys : "has"
    public_keys 1 -- 1+ attribute_namespace_public_key_map : "maps"
    public_keys 1 -- 1+ attribute_definition_public_key_map : "maps"
    public_keys 1 -- 1+ attribute_value_public_key_map : "maps"
Loading

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@strantalis strantalis changed the title Keys table feat(policy): adds new public keys table Jan 6, 2025
jakedoublev
jakedoublev reviewed Jan 6, 2025
View reviewed changes
Copy link
Contributor

@jakedoublev jakedoublev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a lot of work. Thanks for tackling this @strantalis.

@strantalis strantalis marked this pull request as ready for review January 17, 2025 20:45
@strantalis strantalis requested review from a team as code owners January 17, 2025 20:45
@jakedoublev
Copy link
Contributor

I am comfortable approving this now but would like to give others a chance to review as well.

@strantalis strantalis merged commit cad5048 into opentdf:main Jan 24, 2025
20 of 22 checks passed
This was referenced Jan 21, 2025
Open
Open
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 24, 2025
@opentdf-automation
chore(main): release protocol/go 0.2.24 (#1872)
e66952e 
🤖 I have created a release *beep* *boop*
---


##
[0.2.24](protocol/go/v0.2.23...protocol/go/v0.2.24)
(2025-01-24)


### Features

* **policy:** adds new public keys table
([#1836](#1836))
([cad5048](cad5048))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakedoublev jakedoublev jakedoublev approved these changes

@jrschumacher jrschumacher Awaiting requested review from jrschumacher

@ryanulit ryanulit Awaiting requested review from ryanulit

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@strantalis @jakedoublev