diff --git a/docs/Configuring.md b/docs/Configuring.md index ebdc752ef..da3b2f646 100644 --- a/docs/Configuring.md +++ b/docs/Configuring.md @@ -88,11 +88,12 @@ Root level key `server` | `auth.cache_refresh` | Interval in which the IDP jwks should be refreshed | `15m` | OPENTDF_SERVER_AUTH_CACHE_REFRESH | | `auth.dpopskew` | The amount of time drift allowed between when the client generated a dpop proof and the server time. | `1h` | OPENTDF_SERVER_AUTH | | `auth.skew` | The amount of time drift allowed between a tokens `exp` claim and the server time. | `1m` | OPENTDF_SERVER_AUTH_SKEW | -| `auth.public_client_id` | [DEPRECATED] The oidc client id. This is leveraged by otdfctl. | | OPENTDF_SERVER_AUTH_PUBLIC_CLIENT_ID | +| `auth.public_client_id` | [DEPRECATED] The oidc client id. This is leveraged by otdfctl. | | OPENTDF_SERVER_AUTH_PUBLIC_CLIENT_ID | | `auth.enforceDPoP` | If true, DPoP bindings on Access Tokens are enforced. | `false` | OPENTDF_SERVER_AUTH_ENFORCEDPOP | | `cryptoProvider` | A list of public/private keypairs and their use. Described [below](#crypto-provider) | empty | | | `enable_pprof` | Enable golang performance profiling | `false` | OPENTDF_SERVER_ENABLE_PPROF | | `grpc.reflection` | The configuration for the grpc server. | `true` | OPENTDF_SERVER_GRPC_REFLECTION | +| `public_hostname` | The public facing hostname for the server. | | OPENTDF_SERVER_PUBLIC_HOSTNAME | | `host` | The host address for the server. | `""` | OPENTDF_SERVER_HOST | | `port` | The port number for the server. | `9000` | OPENTDF_SERVER_PORT | | `tls.enabled` | Enable tls. | `false` | OPENTDF_SERVER_TLS_ENABLED | diff --git a/opentdf-dev.yaml b/opentdf-dev.yaml index 4605d10c2..77a562b3d 100644 --- a/opentdf-dev.yaml +++ b/opentdf-dev.yaml @@ -19,6 +19,10 @@ logger: # health_check_period_seconds: 60 services: kas: + preview: + ec_tdf_enabled: false + key_management: false + root_key: a8c4824daafcfa38ed0d13002e92b08720e6c4fcee67d52e954c1a6e045907d1 # For local development testing only keyring: - kid: e1 alg: ec:secp256r1 @@ -47,6 +51,7 @@ services: # list_request_limit_default: 1000 # list_request_limit_max: 2500 server: + public_hostname: localhost tls: enabled: false cert: ./keys/platform.crt @@ -92,20 +97,20 @@ server: file: path: "./traces/traces.log" prettyPrint: true # Optional, default is compact JSON - maxSize: 50 # Optional, default 20MB - maxBackups: 5 # Optional, default 10 - maxAge: 14 # Optional, default 30 days - compress: true # Optional, default false + maxSize: 50 # Optional, default 20MB + maxBackups: 5 # Optional, default 10 + maxAge: 14 # Optional, default 30 days + compress: true # Optional, default false # otlp: - # protocol: grpc # Optional, defaults to grpc - # endpoint: "localhost:4317" - # insecure: true # Set to false if Jaeger requires TLS - # headers: {} # Add if authentication is needed - # HTTP - # protocol: "http/protobuf" - # endpoint: "http://localhost:4318" # Default OTLP HTTP port - # insecure: true # If collector is just HTTP, not HTTPS - # headers: {} # Add if authentication is needed + # protocol: grpc # Optional, defaults to grpc + # endpoint: "localhost:4317" + # insecure: true # Set to false if Jaeger requires TLS + # headers: {} # Add if authentication is needed + # HTTP + # protocol: "http/protobuf" + # endpoint: "http://localhost:4318" # Default OTLP HTTP port + # insecure: true # If collector is just HTTP, not HTTPS + # headers: {} # Add if authentication is needed cors: # "*" to allow any origin or a specific domain like "https://yourdomain.com" allowedorigins: diff --git a/opentdf-kas-mode.yaml b/opentdf-kas-mode.yaml index 08a92d4a1..b04da6d42 100644 --- a/opentdf-kas-mode.yaml +++ b/opentdf-kas-mode.yaml @@ -13,6 +13,10 @@ logger: output: stdout services: kas: + preview: + ec_tdf_enabled: false + key_management: false + # root_key: # create key `openssl rand 32 -hex` keyring: - kid: e1 alg: ec:secp256r1 @@ -25,6 +29,7 @@ services: alg: rsa:2048 legacy: true server: + public_hostname: localhost tls: enabled: false cert: ./keys/platform.crt @@ -32,7 +37,7 @@ server: auth: enabled: true enforceDPoP: false - audience: 'http://localhost:8080' + audience: "http://localhost:8080" issuer: http://localhost:8888/auth/realms/opentdf policy: ## Default policy for all requests @@ -69,7 +74,7 @@ server: enabled: false # "*" to allow any origin or a specific domain like "https://yourdomain.com" allowedorigins: - - '*' + - "*" # List of methods. Examples: "GET,POST,PUT" allowedmethods: - GET diff --git a/service/go.mod b/service/go.mod index d6fff6823..3b5ce7251 100644 --- a/service/go.mod +++ b/service/go.mod @@ -16,7 +16,6 @@ require ( github.com/casbin/casbin/v2 v2.106.0 github.com/creasty/defaults v1.8.0 github.com/dgraph-io/ristretto v0.2.0 - github.com/docker/docker v28.2.2+incompatible github.com/docker/go-connections v0.5.0 github.com/eko/gocache/lib/v4 v4.2.0 github.com/eko/gocache/store/ristretto/v4 v4.2.2 @@ -61,6 +60,7 @@ require ( github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/dgryski/go-farm v0.0.0-20240924180020-3414d57e47da // indirect + github.com/docker/docker v28.2.2+incompatible // indirect github.com/ebitengine/purego v0.8.2 // indirect github.com/moby/go-archive v0.1.0 // indirect github.com/moby/sys/atomicwriter v0.1.0 // indirect diff --git a/service/integration/kas_registry_key_test.go b/service/integration/kas_registry_key_test.go index 89f1ebf70..6f14dc995 100644 --- a/service/integration/kas_registry_key_test.go +++ b/service/integration/kas_registry_key_test.go @@ -180,7 +180,11 @@ func (s *KasRegistryKeySuite) Test_GetKasKeyById_Success() { s.NotNil(resp) s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId()) s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId()) - s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + if s.kasKeys[0].ProviderConfigID == nil { + s.Nil(resp.GetKey().GetProviderConfig()) + } else { + s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + } } func (s *KasRegistryKeySuite) Test_GetKasKeyByKey_WrongKas_Fail() { @@ -232,7 +236,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKeyByKeyId_Success() { s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId()) s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId()) validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp) - s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) } func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasName_Success() { @@ -255,7 +259,11 @@ func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasName_Success() { s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId()) s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId()) validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp) - s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + if s.kasKeys[0].ProviderConfigID == nil { + s.Nil(resp.GetKey().GetProviderConfig()) + } else { + s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + } } func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasUri_Success() { @@ -279,7 +287,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasUri_Success() { s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId()) validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp) s.Require().NoError(err) - s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) + s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId()) } func (s *KasRegistryKeySuite) Test_UpdateKey_InvalidKeyId_Fails() { @@ -325,7 +333,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Success() { }, } resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req) - s.validateListKeysResponse(resp, err) + s.validateListKeysResponse(resp, 2, err) } func (s *KasRegistryKeySuite) Test_ListKeys_KasName_Success() { @@ -335,7 +343,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasName_Success() { }, } resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req) - s.validateListKeysResponse(resp, err) + s.validateListKeysResponse(resp, 2, err) } func (s *KasRegistryKeySuite) Test_ListKeys_KasURI_Success() { @@ -345,7 +353,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasURI_Success() { }, } resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req) - s.validateListKeysResponse(resp, err) + s.validateListKeysResponse(resp, 2, err) } func (s *KasRegistryKeySuite) Test_ListKeys_FilterAlgo_NoKeysWithAlgo_Success() { @@ -369,7 +377,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_FilterAlgo_TwoKeys_Success() { KeyAlgorithm: policy.Algorithm_ALGORITHM_RSA_2048, } resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req) - s.validateListKeysResponse(resp, err) + s.validateListKeysResponse(resp, 1, err) } func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Limit_Success() { @@ -387,7 +395,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Limit_Success() { s.NotNil(resp) s.Len(resp.GetKasKeys(), 1) s.GreaterOrEqual(int32(2), resp.GetPagination().GetTotal()) - s.Equal(int32(1), resp.GetPagination().GetNextOffset()) + s.Equal(int32(0), resp.GetPagination().GetNextOffset()) s.Equal(int32(0), resp.GetPagination().GetCurrentOffset()) } @@ -1332,10 +1340,10 @@ func (s *KasRegistryKeySuite) getKasRegistryFixtures() []fixtures.FixtureDataKas } } -func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKeysResponse, err error) { +func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKeysResponse, numKeys int, err error) { s.Require().NoError(err) s.NotNil(resp) - s.GreaterOrEqual(len(resp.GetKasKeys()), 2) + s.GreaterOrEqual(len(resp.GetKasKeys()), numKeys) s.GreaterOrEqual(int32(2), resp.GetPagination().GetTotal()) for _, key := range resp.GetKasKeys() { @@ -1351,7 +1359,11 @@ func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKey s.Require().NotNil(fixtureKey, "No matching KAS key found for ID: %s", key.GetKey().GetId()) s.Equal(fixtureKey.KeyAccessServerID, key.GetKasId()) s.Equal(fixtureKey.ID, key.GetKey().GetId()) - s.Equal(fixtureKey.ProviderConfigID, key.GetKey().GetProviderConfig().GetId()) + if fixtureKey.ProviderConfigID == nil { + s.Nil(key.GetKey().GetProviderConfig()) + } else { + s.Equal(*fixtureKey.ProviderConfigID, key.GetKey().GetProviderConfig().GetId()) + } validatePrivatePublicCtx(&s.Suite, []byte(fixtureKey.PrivateKeyCtx), []byte(fixtureKey.PublicKeyCtx), key) s.Require().NoError(err) } diff --git a/service/integration/main_test.go b/service/integration/main_test.go index 3876cd3bd..1d50ec338 100644 --- a/service/integration/main_test.go +++ b/service/integration/main_test.go @@ -10,8 +10,8 @@ import ( "time" "github.com/creasty/defaults" - "github.com/docker/docker/api/types/container" "github.com/docker/go-connections/nat" + "github.com/google/uuid" "github.com/opentdf/platform/service/internal/fixtures" tc "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/wait" @@ -69,37 +69,28 @@ func TestMain(m *testing.M) { providerType = tc.ProviderDocker } + randomSuffix := uuid.NewString()[:8] + containerName := "testcontainer-postgres-" + randomSuffix + req := tc.GenericContainerRequest{ ProviderType: providerType, ContainerRequest: tc.ContainerRequest{ Image: "postgres:15-alpine", - Name: "testcontainer-postgres", + Name: containerName, ExposedPorts: []string{"5432/tcp"}, - HostConfigModifier: func(config *container.HostConfig) { - config.PortBindings = nat.PortMap{ - "5432/tcp": []nat.PortBinding{ - { - HostIP: "0.0.0.0", - HostPort: "54322", - }, - }, - } - }, Env: map[string]string{ "POSTGRES_USER": conf.DB.User, "POSTGRES_PASSWORD": conf.DB.Password, "POSTGRES_DB": conf.DB.Database, }, - WaitingFor: wait.ForSQL(nat.Port("5432/tcp"), "pgx", func(host string, port nat.Port) string { - net.JoinHostPort(host, port.Port()) return fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable", conf.DB.User, conf.DB.Password, net.JoinHostPort(host, port.Port()), conf.DB.Database, ) - }).WithStartupTimeout(time.Second * 5).WithQuery("SELECT 10"), + }).WithStartupTimeout(time.Second * 60).WithQuery("SELECT 1"), // Increased timeout and simplified query }, Started: true, } diff --git a/service/internal/fixtures/fixtures.go b/service/internal/fixtures/fixtures.go index 6b476fb46..19e1ded22 100644 --- a/service/internal/fixtures/fixtures.go +++ b/service/internal/fixtures/fixtures.go @@ -144,15 +144,15 @@ type FixtureDataRegisteredResourceActionAttributeValue struct { } type FixtureDataKasRegistryKey struct { - ID string `yaml:"id"` - KeyAccessServerID string `yaml:"key_access_server_id"` - KeyAlgorithm string `yaml:"key_algorithm"` - KeyID string `yaml:"key_id"` - KeyMode string `yaml:"key_mode"` - KeyStatus string `yaml:"key_status"` - PrivateKeyCtx string `yaml:"private_key_ctx"` - PublicKeyCtx string `yaml:"public_key_ctx"` - ProviderConfigID string `yaml:"provider_config_id"` + ID string `yaml:"id"` + KeyAccessServerID string `yaml:"key_access_server_id"` + KeyAlgorithm string `yaml:"key_algorithm"` + KeyID string `yaml:"key_id"` + KeyMode string `yaml:"key_mode"` + KeyStatus string `yaml:"key_status"` + PrivateKeyCtx string `yaml:"private_key_ctx"` + PublicKeyCtx string `yaml:"public_key_ctx"` + ProviderConfigID *string `yaml:"provider_config_id"` } type FixtureDataProviderConfig struct { @@ -702,10 +702,13 @@ func (f *Fixtures) provisionKasRegistryKeys() int64 { f.db.StringWrap(d.KeyStatus), f.db.StringWrap(string(privateCtx)), f.db.StringWrap(string(pubCtx)), - f.db.StringWrap(d.ProviderConfigID), }) + providerConfigIDSQL := "NULL" + if d.ProviderConfigID != nil { + providerConfigIDSQL = f.db.StringWrap(*d.ProviderConfigID) + } + values[len(values)-1] = append(values[len(values)-1], providerConfigIDSQL) } - return f.provision(fixtureData.KasRegistryKeys.Metadata.TableName, fixtureData.KasRegistryKeys.Metadata.Columns, values) } diff --git a/service/internal/fixtures/policy_fixtures.yaml b/service/internal/fixtures/policy_fixtures.yaml index 40d7266f3..4b668c2d6 100644 --- a/service/internal/fixtures/policy_fixtures.yaml +++ b/service/internal/fixtures/policy_fixtures.yaml @@ -228,7 +228,6 @@ subject_mappings: # subject_condition_working_group_blue_scenario subject_condition_set_id: 10d03422-7eae-43b9-ac3b-d10400171858 - subject_mapping_sdk_attribute1: id: bc28cacb-1687-4c87-9c63-eae55e271320 attribute_value_id: 74babca6-016f-4f3e-a99b-4e46ea8d0fd8 @@ -544,22 +543,21 @@ kas_registry_keys: id: 7b9c4f44-ee74-418c-b05c-8320e01953be key_access_server_id: 34f2acdc-3d9c-4e92-80b6-90fe4dc9afcb # key_access_server_1 key_algorithm: 1 # ALGORITHM_RSA_2048 - key_id: kas_key_1 - key_mode: 1 # KEY_MODE_LOCAL + key_id: rsa_key_1 + key_mode: 1 # KEY_MODE_LOCAL key_status: 1 # KEY_STATUS_ACTIVE - private_key_ctx: eyJ3cmFwcGVkS2V5IjoiYTJWNUNnPT0iLCJrZXlJZCI6ImtleSJ9Cg== - public_key_ctx: eyJwZW0iOiJhMlY1Q2c9PSJ9Cg== - provider_config_id: 4ab6b1c4-fa5c-4036-8921-53f8c267b728 # provider_config_1 + private_key_ctx: eyAid3JhcHBlZEtleSI6ICJsY2JxNjgyR3NpaStqRWtRNjJzV0lYa1dXVkpqZ1dQdXZobUJ0OUtpWUZKL28zWENseVJkNGMwS0RGdHVvaGRCdzJqdlZHd2VGZnNwaTllV0dNSXpFbDZiY0VSYzUycTVIdmlINWtjVDlSY25KaFV2M2lONjM1UndIek52akdFVktLVU5CdjRwZkVOMzB3N29wSFBpZ3owS1ExVkJNSk5PM1lEOUZWQTdVb0h4MGVKY0Y3WlFKSkdYeHdwUVYwTXR3bHFtUnBxNFEyVTl2cFlyajY3ODdRSEdmOWhlZ0lYTkErcjByM1RDTHB3YzVZM0E5aEhreWp3N1FnWEU4dWVKSUx1TW04N0NlckpweVpPQ3NySDN2QWppWUFWdjcvZEVKcWpYMUFnYUI4NFQ3aHhERmVqOUpLaEl5OWVLWk5yTndNWW1Bc0hwYkEzamc1R0VIQjdFM2ZYRXFoaTFTTllhR1ZpZHRvSnVTLzNrVm5JTEtOWTZpZnRvNllMTEJBdWlQQVJjNTZVblVTS0hZQ1dtTko3QkM4Y0hhN2FIdDllUW1lVVRicVZmMGg3aDQ2M3FZQ2F6RDhYT0FMUTBuQ3lPQ3I5dUxkV1o1QThLbHFmMytqKzcyOGtaYUJFN2tKZ1I1UFh0dDFMTHlYcThmSEhPRXNOWXMzT3RSOGN3akV1ZGpvVVRJMTd1YkJOYjhYZU01emFaL1dmdWZDcWp2UGVjREt6cHJVbzdlanBrZjZKOEJ0RStZSFZRSjdNMWJWb1ZlQ0tFTWUvK3p5Y2Zpc3BzbmZsQ1ZtNkJNdFlMdmtVLzIzRWRiOWNNN1BRR3lFTEZOeDMyQXRwUXpMRUUrNWVaWWFhUU5Za3hEaWF0c3ZkMkQyNEVSTVhmWGp1YWg4MTBOSVpUZTE4cStGMitZMEtuTU9LZHpqV3AyUXdvNHVIb3JidndRRkwzOXZrVHJmZTIzelhVY2Q2N1pCTmpJUUNGc0prOW5sRk9ORjhrc25XVzQ5aHdxSjk1dXJtaG5zSGRSZlBrbVc2SHZ0UnVTclN3L2VmOGZ0MUZmMlZGMUNKUXArSnc2YnpKWmRQSzdsTmxmN1F3N2trREtqSGxnTTVnanZlZVJXZjE5Q3FqaTdHM1FhSS9Oa3FDdEplWllLZmZGU1RtbStIY3o0bXpMQkpzc3hNdGgvUkRaQzVTaVVJODJhZ0h0QkJ5VC9DK3A2NEE3cjZGeFNvdmRNTi9mTU5ZSUx3NGRQV3VxdDZwNmVnTUlyMFNVYXBpUHJpTjBiRjNaN2d5R1QxQXZyMHVnaU9qQUI3L3pybDJHaWFlajFUV01YS08zd2J4L0VzUVdpMDNWcmxWanBIdjl2Y2hlWjdGTzliREJUUkxKZHI0QkU4RWs0YkZCaytxRkZOQXZXcC9GZDFiNnFiKytEdU5Iajg1V2R3WE1PaW9nNUlSSzdjZUlNT0xQY214TnE3YXh5WnkrTm0yQ2VocjN5Qk9OQzFQRml4U2NMSGJZUEJlTU9EaGJHWXo5NEVaYkxHOWJpL1B5RkJiNERYSGlLemxrNEtTZ3BYZ1FLUHBSRWx6aUNiYVB3WlowZVljUEhoaktVNHQ3a2k3TlR2MlFYVU1nK3V2dVZWajJtcGpSMTJ5bmJiS2xJNDJoUEcxYW1FV0JlM1JjNmZ4cW5uQnVScnlMWjdEYW5wa252V0t5UXE3S1pHSHJGemlaMEE3Q1VSejFnT2R4d2xDQXEvRnAxZ2oxMGpNMFpJK3lod1RGcnhCUDJXdHF1S1dBREhGMHBGblNWdUpKUnlzUFR2aXNSYVM1N3d2aVZZQnRCcnRGYmZhTHBGcytwQ2ViYk81K0dRZ29wWlZaSDM5c0lnY0dIY3B4RU1zdDBCd3JuUGZIM0RRbGJqVmdrWlFmNkJiZUpDNWFBL2tEVTVSZFNiUTI1NjNCcGRMRUREQ3dvaVU5NW5LcE1tOE8zVTIxMEdRMHgveFdFYUMxdDJkOVM2RlVFbFRVSlJYWVZNZVB2Z3JaMnZGajl5YTZvNm5LVWt4RXAyaUlkS2d1ckR4MEVNSHZ2NU90TEZYTnVXWVdIU0o3czNET3JWNjZxUXRYaHF6VUlsRjRHWERVYUpmZ3NtUTk0MU03eUFqL3RibjBHUGFkMENsRXZWd25ucGpnNEpoZ2Y1dlpCaC9TcG5Na2hia1RIQis0ajhrT1dFTHdWc2ZDU3RTa0ZGdHAxY1VtRVI5RWhqSzhjSmJ3L2FKVTU5ZkZmZDJXR0N6VUxIZkEyMURLcld6SWwzODhray94cXdUN1E5aU92Y1NSN1pzdE10R1RRWG54Q1gvV3A4VG9qNjRIM2RsR2p6TGhGeDZ1Qk53WFQxMTRSeGw4ZWZLdW9VZzd0ZHcxcVdtOUplUC92TVF6VTlLd2Z5SExLNmdDQUlmWkpneVkrcnVyN0YrZVNPRUlEeWlkRnJLM1NWTFE3T1lHRmVXaFRNS01HdzdaV2VuTC9xWDdBUFErdkdoMmpQNTJVN2VsT0t4L1RsTkZ5UHJHL2FZUDN0MDRTdWVZUkd2RXAremZkVU0xbmYvN3YvRHhzc1VSS29zQUdHa1JwbzBLQ3NUU0I4UzhxdTlNKzA3YjBSREVXai9QdHVrZWdvRUR1KzZ4azN0WmRqclpWTTIxZURDaDhxME9HbS9KeDBITWVlUHFIY28zeEdTMUpYMW90QVp3UEhaaUkyaWNjWksrV21KTExaSXJYSzRsSG8vd1lpQitOeUlwZDJWd2dTdXZua3hhTlF5dmxtdWtSaTJCTzM1ZEdDNVFaY1V5d2lCZlRoSzdzRC9CMjJHNDZlUVNHeTdqeTlJSmJaMXhNKzVHcXVxOTdPOCtWOVIreEcydW1ZN0grWG90NlBaRjVPT0hERmI2cEVUSThsNDJDdDV2bElJMmRmWXFqZWR6WHAvb1drdXFub2FQejNnUU4wS2JGaDlsazZvVXVJMWlMaHBDMWxIR283em8xV3E0NDFlUW9nS3dhWFNDcGxQNDE0UW44dFE0elcvRTdjZ2hLbnpWMTg1K2lHdXBxTnNoWTBlS1VtSzB2Rkx3dkcrdnc9PSIsICJrZXlfaWQiOiAiY29uZmlnIiB9 + public_key_ctx: eyAicGVtIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVU12VkVORFFXVlhaMEYzU1VKQlowbFZSakE1UVdwSWFsbEpPRU5TZWtWR1NtcGpWRVJFWTJsa1pFZ3dkMFJSV1VwTGIxcEphSFpqVGtGUlJVd0tRbEZCZDBScVJVMU5RVzlIUVRGVlJVRjNkMFJoTWtaNlRVSTBXRVJVU1RCTlJGVjNUbXBGZVUxVVFYaE5iRzlZUkZSSk1VMUVWWGRPYWtWNVRWUkJlQXBOYkc5M1JHcEZUVTFCYjBkQk1WVkZRWGQzUkdFeVJucE5TVWxDU1dwQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSUlVaQlFVOURRVkU0UVUxSlNVSkRaMHREQ2tGUlJVRnNWRUk1ZWtzM2R6RjFNRzFtT1dJNWJtZzRVM3AwSzB0NVpGZHZialV5VURWTlkyazRaMVlyZW1GUVdqbG1NMHBpY2xsSFZXWldXRzE2Um1FS2JWRXJUakJtVGpaUmFEaFZPV2x6YnpGUFozVkhXREIxZVRSd1YxazNlbTFYVFhGdFJqVnBTazlJTkVOQmRUVm5WMlZ1YzNJNVIyRlhNMWxtZUV0V1JncFdVbnBLY1V4MFUzcEJUM2x2UTBsaE5WRXJTVEpVZG1kTmVFWmpTRll3U0dONE9YVTVla2RZZERkS05VZGxWMXBUTTNJMk9VZzRNR1JHVWpkR2MwbFJDazFoVERaUlVIaG1VV05XT1ZKaWRXOXdlVUZ3T0U0M1RrdGlVM3A0T0VaVVpFSllVV0U0UW5WeFRYTnZObFp5SzBjclpDOW9lVnA2WWxwVmMxcEVVelFLWjNSdE5uSkNRbFVyYUU4ek1FTjZXbkJhWkhCRVRWTlBkamxqTkdOWlVYbHBkRWx3UmpCcmJWZFFjRTAyWWl0S1V6UnlOMmhHVVU1a1kxQldWWEJXZUFvdlZHb3dSVUZOYVdzcmNIcFpRVXh5YWxSTFpqbEhjbUprZDBsRVFWRkJRbTh4VFhkVlZFRmtRbWRPVmtoUk5FVkdaMUZWYTJSVE0wSnVXSE5uWlV0U0NuVk5MMGhDTlc5c00zbGFjVlJ2TUhkSWQxbEVWbEl3YWtKQ1ozZEdiMEZWYTJSVE0wSnVXSE5uWlV0U2RVMHZTRUkxYjJ3emVWcHhWRzh3ZDBSM1dVUUtWbEl3VkVGUlNDOUNRVlYzUVhkRlFpOTZRVTVDWjJ0eGFHdHBSemwzTUVKQlVYTkdRVUZQUTBGUlJVRlRaWG94UVZaaE5WaEhWWEJyTlVnNFRIcHlTUXA0VTBWelVuUkhVaXRTVjJOSmRHeE1aVlZMYzNOUFRUTnpZMDFtVUVaNlNuUXlUbGR3ZDBOd1NUUmlZMkZHUVZnemVGbExSMWx4Vm5aelZtcHhiVEZWQ25SS1ltaDZkekZoVVZCVVQyWnZORFpsT1hOR0sybHhaR0pwYkVwbFJVbFFabGxEYjB3MlZYUjBSbTk2VEM5TFoyazFlV0ZsU1hCU2NURmlhSEZ3VmpjS1RWUm1TbTFDYkhWSWNrWmhkV05GYUVGTVRESm9LMHRzUTFSNmFtSnNRbkJaTjFocFZGWkhjM0paYzBWMk1tRjNORWgyYjFwWlZrWlZWM0l4UTFKWFlncHBjREI0ZEZaMVNYRTVSRmhoYTBaSllXVlFXbFpuTUhSQ2N6VkJlakJ6VUdscE5VZFVWalV6VlhkbWNqWTRWamhCWVhGUlNFOXlWR1JRTDJaYWRrTjNDbVJYVFdkS1NubHRjMjFWVWlzMWNUSkNUbkp2WkhsVFdEZDRSelp4ZW5FME1tNUJWMVp3U2xOdmIwZzVaV2RTWVhadVowUTVVWFJyZVdVNUt6QnVSVzBLVkdjOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iIH0= + provider_config_id: 4ab6b1c4-fa5c-4036-8921-53f8c267b728 kas_key_2: id: 7b7197e4-f2de-4f74-b2f5-17c2d87ba13c key_access_server_id: 34f2acdc-3d9c-4e92-80b6-90fe4dc9afcb # key_access_server_1 - key_algorithm: 1 # ALGORITHM_RSA_2048 - key_id: kas_key_2 - key_mode: 1 # KEY_MODE_LOCAL + key_algorithm: 3 # ALGORITHM_EC_P256 + key_id: ec_key_1 + key_mode: 1 # KEY_MODE_LOCAL key_status: 1 # KEY_STATUS_ACTIVE - private_key_ctx: eyJ3cmFwcGVkS2V5IjoiYTJWNUNnPT0iLCJrZXlJZCI6ImtleSJ9Cg== - public_key_ctx: eyJwZW0iOiJhMlY1Q2c9PSJ9Cg== - provider_config_id: 19098106-54a1-4d33-8846-4894b5b6db3e # provider_config_2 + private_key_ctx: eyAid3JhcHBlZF9rZXkiOiAiMXZ2V2pJZ2E2emM0bkhKVHEwL3RmM2hKZXU2VlpDY2o5WTVvbXZNekN2MEw5OVNxcGNpUHY5dUw1ZTQzeHVabTBYMDR3ekJ4VVdhUnJBaWJQRGN2TzFOQWJwS1ZObVNPODRyaXE4aklVeTRJRTRWeHBiTWYwL0duR1U2RjJIODhWb251K2YxMFRQeXdvVWgrU0dXTUZRZWU0eHFkaDJvQ2JlY3FiWklkK1JRR3dRUUh4dUlmOVljUW53MXJXcVMyRHhEekc5cGtleVZCTFBnaTQvZmo5SWhHVmtQQ0RaRFpZYys5MksrZ2UzT0htSlVSSWlURUI4b3BXbVNTc2Zhblc5YkJSYURWdWwxV3EyaHVrK1piVWhqeEZ6bEJWVHRuUVQ2c2R3Yzl0YlpSd0Rqa2ViVGExNVJHVkRKZFhZK1drTHZ2a2J0TVdWZHJQdlNNT2hwRndtcGNvN2g5VjRMdnRLalhvcTA9IiwgImtleV9pZCI6ICJjb25maWciIH0= + public_key_ctx: eyAicGVtIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVUpqUkVORFFWSmxaMEYzU1VKQlowbFZXRGRMUW14blVUaENWa3BEYldkWlp6SldTM0pyUWt3eVl6UkpkME5uV1VsTGIxcEplbW93UlVGM1NYY0tSR3BGVFUxQmIwZEJNVlZGUVhkM1JHRXlSbnBOUWpSWVJGUkpNRTFFVlhkT2FrVjVUVlJCZUUxc2IxaEVWRWt4VFVSVmQwNXFSWGxOVkVGNFRXeHZkd3BFYWtWTlRVRnZSMEV4VlVWQmQzZEVZVEpHZWsxR2EzZEZkMWxJUzI5YVNYcHFNRU5CVVZsSlMyOWFTWHBxTUVSQlVXTkVVV2RCUldRNFJGSnlhRTFFQ2xCUlUyTkpVR3hTZFZaaVdtSlZZakoxV1RoVlRFSldaVzFSZW5oblZEZHZURGRaTjFWR1NHSmtTWFZuVjBGRFVsVm5UMEl6VjJ0a1MzTTVjVXBFYUcwS1EwUkZZazh2WXl0YWMzSnpUa3RPVkUxR1JYZElVVmxFVmxJd1QwSkNXVVZHUlM5MlluVjJWVms1U2tVdk4xb3hSR0pTY25kcE1tWTNUV1JGVFVJNFJ3cEJNVlZrU1hkUldVMUNZVUZHUlM5MlluVjJWVms1U2tVdk4xb3hSR0pTY25kcE1tWTNUV1JGVFVFNFIwRXhWV1JGZDBWQ0wzZFJSazFCVFVKQlpqaDNDa05uV1VsTGIxcEplbW93UlVGM1NVUlNkMEYzVWtGSloxSnliVEJvU1VwSWFYaHlVVEpGT0VneWVtZE1SMVZMUkdsUlJYcE5aRWMwYzNGRWIySTBjVm9LZVN0clEwbElTMjVIZEUxU05GcHlia3BxSzJaM2FrSTJhelZzZVhSM1dYRnhibGxJWVU1NWNFVmlTVlUwYWpWcUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyIgfQ== ############## # Provider Config @@ -581,7 +579,6 @@ provider_configs: provider_name: gcp config: eyJzb21lIjogInZhbHVlIn0g - ## # Registered Resources # @@ -653,5 +650,5 @@ registered_resource_action_attribute_values: registered_resource_value_id: 1d2c3b4a-5e6f-7a89-0b1c-2d3e4f5a6789 # loaded by migration action_name: custom_action_1 - # example.com/attr/attr1/value/value2 + # example.com/attr/attr1/value/value2 attribute_value_id: 2fe8dea1-3555-498c-afe9-99724f35f3d3