Skip to content

fix(policy): properly formatted pem in test fixtures #2409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 9, 2025
Merged

fix(policy): properly formatted pem in test fixtures #2409

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4f24e1d
fix(policy): properly formatted pem in test fixtures
strantalis Jun 6, 2025
e33b8b4
fix: update public_key_ctx to proper pem format
strantalis Jun 6, 2025
9f05f99
fix lint issue
strantalis Jun 6, 2025
813a35b
recommended changes
strantalis Jun 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 17 additions & 13 deletions opentdf-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ logger:
# health_check_period_seconds: 60
services:
kas:
preview:
ec_tdf_enabled: false
key_management: false
root_key: a8c4824daafcfa38ed0d13002e92b08720e6c4fcee67d52e954c1a6e045907d1
keyring:
- kid: e1
alg: ec:secp256r1
Expand Down Expand Up @@ -92,20 +96,20 @@ server:
file:
path: "./traces/traces.log"
prettyPrint: true # Optional, default is compact JSON
maxSize: 50 # Optional, default 20MB
maxBackups: 5 # Optional, default 10
maxAge: 14 # Optional, default 30 days
compress: true # Optional, default false
maxSize: 50 # Optional, default 20MB
maxBackups: 5 # Optional, default 10
maxAge: 14 # Optional, default 30 days
compress: true # Optional, default false
# otlp:
# protocol: grpc # Optional, defaults to grpc
# endpoint: "localhost:4317"
# insecure: true # Set to false if Jaeger requires TLS
# headers: {} # Add if authentication is needed
# HTTP
# protocol: "http/protobuf"
# endpoint: "http://localhost:4318" # Default OTLP HTTP port
# insecure: true # If collector is just HTTP, not HTTPS
# headers: {} # Add if authentication is needed
# protocol: grpc # Optional, defaults to grpc
# endpoint: "localhost:4317"
# insecure: true # Set to false if Jaeger requires TLS
# headers: {} # Add if authentication is needed
# HTTP
# protocol: "http/protobuf"
# endpoint: "http://localhost:4318" # Default OTLP HTTP port
# insecure: true # If collector is just HTTP, not HTTPS
# headers: {} # Add if authentication is needed
cors:
# "*" to allow any origin or a specific domain like "https://yourdomain.com"
allowedorigins:
Expand Down
8 changes: 6 additions & 2 deletions opentdf-kas-mode.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ logger:
output: stdout
services:
kas:
preview:
ec_tdf_enabled: false
key_management: false
root_key: a8c4824daafcfa38ed0d13002e92b08720e6c4fcee67d52e954c1a6e045907d1
keyring:
- kid: e1
alg: ec:secp256r1
Expand All @@ -32,7 +36,7 @@ server:
auth:
enabled: true
enforceDPoP: false
audience: 'http://localhost:8080'
audience: "http://localhost:8080"
issuer: http://localhost:8888/auth/realms/opentdf
policy:
## Default policy for all requests
Expand Down Expand Up @@ -69,7 +73,7 @@ server:
enabled: false
# "*" to allow any origin or a specific domain like "https://yourdomain.com"
allowedorigins:
- '*'
- "*"
# List of methods. Examples: "GET,POST,PUT"
allowedmethods:
- GET
Expand Down
28 changes: 16 additions & 12 deletions service/integration/kas_registry_key_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKeyById_Success() {
s.NotNil(resp)
s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId())
s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId())
s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
}

func (s *KasRegistryKeySuite) Test_GetKasKeyByKey_WrongKas_Fail() {
Expand Down Expand Up @@ -232,7 +232,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKeyByKeyId_Success() {
s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId())
s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId())
validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp)
s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
}

func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasName_Success() {
Expand All @@ -255,7 +255,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasName_Success() {
s.Equal(s.kasKeys[0].KeyAccessServerID, resp.GetKasId())
s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId())
validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp)
s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
}

func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasUri_Success() {
Expand All @@ -279,7 +279,7 @@ func (s *KasRegistryKeySuite) Test_GetKasKey_WithKasUri_Success() {
s.Equal(s.kasKeys[0].ID, resp.GetKey().GetId())
validatePrivatePublicCtx(&s.Suite, []byte(s.kasKeys[0].PrivateKeyCtx), []byte(s.kasKeys[0].PublicKeyCtx), resp)
s.Require().NoError(err)
s.Equal(s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
s.Equal(*s.kasKeys[0].ProviderConfigID, resp.GetKey().GetProviderConfig().GetId())
}

func (s *KasRegistryKeySuite) Test_UpdateKey_InvalidKeyId_Fails() {
Expand Down Expand Up @@ -325,7 +325,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Success() {
},
}
resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req)
s.validateListKeysResponse(resp, err)
s.validateListKeysResponse(resp, 2, err)
}

func (s *KasRegistryKeySuite) Test_ListKeys_KasName_Success() {
Expand All @@ -335,7 +335,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasName_Success() {
},
}
resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req)
s.validateListKeysResponse(resp, err)
s.validateListKeysResponse(resp, 2, err)
}

func (s *KasRegistryKeySuite) Test_ListKeys_KasURI_Success() {
Expand All @@ -345,7 +345,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasURI_Success() {
},
}
resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req)
s.validateListKeysResponse(resp, err)
s.validateListKeysResponse(resp, 2, err)
}

func (s *KasRegistryKeySuite) Test_ListKeys_FilterAlgo_NoKeysWithAlgo_Success() {
Expand All @@ -369,7 +369,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_FilterAlgo_TwoKeys_Success() {
KeyAlgorithm: policy.Algorithm_ALGORITHM_RSA_2048,
}
resp, err := s.db.PolicyClient.ListKeys(s.ctx, &req)
s.validateListKeysResponse(resp, err)
s.validateListKeysResponse(resp, 1, err)
}

func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Limit_Success() {
Expand All @@ -387,7 +387,7 @@ func (s *KasRegistryKeySuite) Test_ListKeys_KasID_Limit_Success() {
s.NotNil(resp)
s.Len(resp.GetKasKeys(), 1)
s.GreaterOrEqual(int32(2), resp.GetPagination().GetTotal())
s.Equal(int32(1), resp.GetPagination().GetNextOffset())
s.Equal(int32(0), resp.GetPagination().GetNextOffset())
s.Equal(int32(0), resp.GetPagination().GetCurrentOffset())
}

Expand Down Expand Up @@ -1332,10 +1332,10 @@ func (s *KasRegistryKeySuite) getKasRegistryFixtures() []fixtures.FixtureDataKas
}
}

func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKeysResponse, err error) {
func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKeysResponse, numKeys int, err error) {
s.Require().NoError(err)
s.NotNil(resp)
s.GreaterOrEqual(len(resp.GetKasKeys()), 2)
s.GreaterOrEqual(len(resp.GetKasKeys()), numKeys)
s.GreaterOrEqual(int32(2), resp.GetPagination().GetTotal())

for _, key := range resp.GetKasKeys() {
Expand All @@ -1351,7 +1351,11 @@ func (s *KasRegistryKeySuite) validateListKeysResponse(resp *kasregistry.ListKey
s.Require().NotNil(fixtureKey, "No matching KAS key found for ID: %s", key.GetKey().GetId())
s.Equal(fixtureKey.KeyAccessServerID, key.GetKasId())
s.Equal(fixtureKey.ID, key.GetKey().GetId())
s.Equal(fixtureKey.ProviderConfigID, key.GetKey().GetProviderConfig().GetId())
if fixtureKey.ProviderConfigID == nil {
s.Nil(key.GetKey().GetProviderConfig())
} else {
s.Equal(*fixtureKey.ProviderConfigID, key.GetKey().GetProviderConfig().GetId())
}
validatePrivatePublicCtx(&s.Suite, []byte(fixtureKey.PrivateKeyCtx), []byte(fixtureKey.PublicKeyCtx), key)
s.Require().NoError(err)
}
Expand Down
21 changes: 6 additions & 15 deletions service/integration/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ import (
"time"

"github.com/creasty/defaults"
"github.com/docker/docker/api/types/container"
"github.com/docker/go-connections/nat"
"github.com/google/uuid"
"github.com/opentdf/platform/service/internal/fixtures"
tc "github.com/testcontainers/testcontainers-go"
"github.com/testcontainers/testcontainers-go/wait"
Expand Down Expand Up @@ -69,37 +69,28 @@ func TestMain(m *testing.M) {
providerType = tc.ProviderDocker
}

randomSuffix := uuid.NewString()[:8]
containerName := "testcontainer-postgres-" + randomSuffix

req := tc.GenericContainerRequest{
ProviderType: providerType,
ContainerRequest: tc.ContainerRequest{
Image: "postgres:15-alpine",
Name: "testcontainer-postgres",
Name: containerName,
ExposedPorts: []string{"5432/tcp"},
HostConfigModifier: func(config *container.HostConfig) {
config.PortBindings = nat.PortMap{
"5432/tcp": []nat.PortBinding{
{
HostIP: "0.0.0.0",
HostPort: "54322",
},
},
}
},
Env: map[string]string{
"POSTGRES_USER": conf.DB.User,
"POSTGRES_PASSWORD": conf.DB.Password,
"POSTGRES_DB": conf.DB.Database,
},

WaitingFor: wait.ForSQL(nat.Port("5432/tcp"), "pgx", func(host string, port nat.Port) string {
net.JoinHostPort(host, port.Port())
return fmt.Sprintf("postgres://%s:%s@%s/%s?sslmode=disable",
conf.DB.User,
conf.DB.Password,
net.JoinHostPort(host, port.Port()),
conf.DB.Database,
)
}).WithStartupTimeout(time.Second * 5).WithQuery("SELECT 10"),
}).WithStartupTimeout(time.Second * 60).WithQuery("SELECT 1"), // Increased timeout and simplified query
},
Started: true,
}
Expand Down
25 changes: 14 additions & 11 deletions service/internal/fixtures/fixtures.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,15 +144,15 @@ type FixtureDataRegisteredResourceActionAttributeValue struct {
}

type FixtureDataKasRegistryKey struct {
ID string `yaml:"id"`
KeyAccessServerID string `yaml:"key_access_server_id"`
KeyAlgorithm string `yaml:"key_algorithm"`
KeyID string `yaml:"key_id"`
KeyMode string `yaml:"key_mode"`
KeyStatus string `yaml:"key_status"`
PrivateKeyCtx string `yaml:"private_key_ctx"`
PublicKeyCtx string `yaml:"public_key_ctx"`
ProviderConfigID string `yaml:"provider_config_id"`
ID string `yaml:"id"`
KeyAccessServerID string `yaml:"key_access_server_id"`
KeyAlgorithm string `yaml:"key_algorithm"`
KeyID string `yaml:"key_id"`
KeyMode string `yaml:"key_mode"`
KeyStatus string `yaml:"key_status"`
PrivateKeyCtx string `yaml:"private_key_ctx"`
PublicKeyCtx string `yaml:"public_key_ctx"`
ProviderConfigID *string `yaml:"provider_config_id"`
}

type FixtureDataProviderConfig struct {
Expand Down Expand Up @@ -702,10 +702,13 @@ func (f *Fixtures) provisionKasRegistryKeys() int64 {
f.db.StringWrap(d.KeyStatus),
f.db.StringWrap(string(privateCtx)),
f.db.StringWrap(string(pubCtx)),
f.db.StringWrap(d.ProviderConfigID),
})
providerConfigIDSQL := "NULL"
if d.ProviderConfigID != nil {
providerConfigIDSQL = f.db.StringWrap(*d.ProviderConfigID)
}
values[len(values)-1] = append(values[len(values)-1], providerConfigIDSQL)
}

return f.provision(fixtureData.KasRegistryKeys.Metadata.TableName, fixtureData.KasRegistryKeys.Metadata.Columns, values)
}

Expand Down
25 changes: 11 additions & 14 deletions service/internal/fixtures/policy_fixtures.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,6 @@ subject_mappings:
# subject_condition_working_group_blue_scenario
subject_condition_set_id: 10d03422-7eae-43b9-ac3b-d10400171858


subject_mapping_sdk_attribute1:
id: bc28cacb-1687-4c87-9c63-eae55e271320
attribute_value_id: 74babca6-016f-4f3e-a99b-4e46ea8d0fd8
Expand Down Expand Up @@ -544,22 +543,21 @@ kas_registry_keys:
id: 7b9c4f44-ee74-418c-b05c-8320e01953be
key_access_server_id: 34f2acdc-3d9c-4e92-80b6-90fe4dc9afcb # key_access_server_1
key_algorithm: 1 # ALGORITHM_RSA_2048
key_id: kas_key_1
key_mode: 1 # KEY_MODE_LOCAL
key_id: rsa_key_1
key_mode: 1 # KEY_MODE_LOCAL
key_status: 1 # KEY_STATUS_ACTIVE
private_key_ctx: eyJ3cmFwcGVkS2V5IjoiYTJWNUNnPT0iLCJrZXlJZCI6ImtleSJ9Cg==
public_key_ctx: eyJwZW0iOiJhMlY1Q2c9PSJ9Cg==
provider_config_id: 4ab6b1c4-fa5c-4036-8921-53f8c267b728 # provider_config_1
private_key_ctx: eyAid3JhcHBlZEtleSI6ICJsY2JxNjgyR3NpaStqRWtRNjJzV0lYa1dXVkpqZ1dQdXZobUJ0OUtpWUZKL28zWENseVJkNGMwS0RGdHVvaGRCdzJqdlZHd2VGZnNwaTllV0dNSXpFbDZiY0VSYzUycTVIdmlINWtjVDlSY25KaFV2M2lONjM1UndIek52akdFVktLVU5CdjRwZkVOMzB3N29wSFBpZ3owS1ExVkJNSk5PM1lEOUZWQTdVb0h4MGVKY0Y3WlFKSkdYeHdwUVYwTXR3bHFtUnBxNFEyVTl2cFlyajY3ODdRSEdmOWhlZ0lYTkErcjByM1RDTHB3YzVZM0E5aEhreWp3N1FnWEU4dWVKSUx1TW04N0NlckpweVpPQ3NySDN2QWppWUFWdjcvZEVKcWpYMUFnYUI4NFQ3aHhERmVqOUpLaEl5OWVLWk5yTndNWW1Bc0hwYkEzamc1R0VIQjdFM2ZYRXFoaTFTTllhR1ZpZHRvSnVTLzNrVm5JTEtOWTZpZnRvNllMTEJBdWlQQVJjNTZVblVTS0hZQ1dtTko3QkM4Y0hhN2FIdDllUW1lVVRicVZmMGg3aDQ2M3FZQ2F6RDhYT0FMUTBuQ3lPQ3I5dUxkV1o1QThLbHFmMytqKzcyOGtaYUJFN2tKZ1I1UFh0dDFMTHlYcThmSEhPRXNOWXMzT3RSOGN3akV1ZGpvVVRJMTd1YkJOYjhYZU01emFaL1dmdWZDcWp2UGVjREt6cHJVbzdlanBrZjZKOEJ0RStZSFZRSjdNMWJWb1ZlQ0tFTWUvK3p5Y2Zpc3BzbmZsQ1ZtNkJNdFlMdmtVLzIzRWRiOWNNN1BRR3lFTEZOeDMyQXRwUXpMRUUrNWVaWWFhUU5Za3hEaWF0c3ZkMkQyNEVSTVhmWGp1YWg4MTBOSVpUZTE4cStGMitZMEtuTU9LZHpqV3AyUXdvNHVIb3JidndRRkwzOXZrVHJmZTIzelhVY2Q2N1pCTmpJUUNGc0prOW5sRk9ORjhrc25XVzQ5aHdxSjk1dXJtaG5zSGRSZlBrbVc2SHZ0UnVTclN3L2VmOGZ0MUZmMlZGMUNKUXArSnc2YnpKWmRQSzdsTmxmN1F3N2trREtqSGxnTTVnanZlZVJXZjE5Q3FqaTdHM1FhSS9Oa3FDdEplWllLZmZGU1RtbStIY3o0bXpMQkpzc3hNdGgvUkRaQzVTaVVJODJhZ0h0QkJ5VC9DK3A2NEE3cjZGeFNvdmRNTi9mTU5ZSUx3NGRQV3VxdDZwNmVnTUlyMFNVYXBpUHJpTjBiRjNaN2d5R1QxQXZyMHVnaU9qQUI3L3pybDJHaWFlajFUV01YS08zd2J4L0VzUVdpMDNWcmxWanBIdjl2Y2hlWjdGTzliREJUUkxKZHI0QkU4RWs0YkZCaytxRkZOQXZXcC9GZDFiNnFiKytEdU5Iajg1V2R3WE1PaW9nNUlSSzdjZUlNT0xQY214TnE3YXh5WnkrTm0yQ2VocjN5Qk9OQzFQRml4U2NMSGJZUEJlTU9EaGJHWXo5NEVaYkxHOWJpL1B5RkJiNERYSGlLemxrNEtTZ3BYZ1FLUHBSRWx6aUNiYVB3WlowZVljUEhoaktVNHQ3a2k3TlR2MlFYVU1nK3V2dVZWajJtcGpSMTJ5bmJiS2xJNDJoUEcxYW1FV0JlM1JjNmZ4cW5uQnVScnlMWjdEYW5wa252V0t5UXE3S1pHSHJGemlaMEE3Q1VSejFnT2R4d2xDQXEvRnAxZ2oxMGpNMFpJK3lod1RGcnhCUDJXdHF1S1dBREhGMHBGblNWdUpKUnlzUFR2aXNSYVM1N3d2aVZZQnRCcnRGYmZhTHBGcytwQ2ViYk81K0dRZ29wWlZaSDM5c0lnY0dIY3B4RU1zdDBCd3JuUGZIM0RRbGJqVmdrWlFmNkJiZUpDNWFBL2tEVTVSZFNiUTI1NjNCcGRMRUREQ3dvaVU5NW5LcE1tOE8zVTIxMEdRMHgveFdFYUMxdDJkOVM2RlVFbFRVSlJYWVZNZVB2Z3JaMnZGajl5YTZvNm5LVWt4RXAyaUlkS2d1ckR4MEVNSHZ2NU90TEZYTnVXWVdIU0o3czNET3JWNjZxUXRYaHF6VUlsRjRHWERVYUpmZ3NtUTk0MU03eUFqL3RibjBHUGFkMENsRXZWd25ucGpnNEpoZ2Y1dlpCaC9TcG5Na2hia1RIQis0ajhrT1dFTHdWc2ZDU3RTa0ZGdHAxY1VtRVI5RWhqSzhjSmJ3L2FKVTU5ZkZmZDJXR0N6VUxIZkEyMURLcld6SWwzODhray94cXdUN1E5aU92Y1NSN1pzdE10R1RRWG54Q1gvV3A4VG9qNjRIM2RsR2p6TGhGeDZ1Qk53WFQxMTRSeGw4ZWZLdW9VZzd0ZHcxcVdtOUplUC92TVF6VTlLd2Z5SExLNmdDQUlmWkpneVkrcnVyN0YrZVNPRUlEeWlkRnJLM1NWTFE3T1lHRmVXaFRNS01HdzdaV2VuTC9xWDdBUFErdkdoMmpQNTJVN2VsT0t4L1RsTkZ5UHJHL2FZUDN0MDRTdWVZUkd2RXAremZkVU0xbmYvN3YvRHhzc1VSS29zQUdHa1JwbzBLQ3NUU0I4UzhxdTlNKzA3YjBSREVXai9QdHVrZWdvRUR1KzZ4azN0WmRqclpWTTIxZURDaDhxME9HbS9KeDBITWVlUHFIY28zeEdTMUpYMW90QVp3UEhaaUkyaWNjWksrV21KTExaSXJYSzRsSG8vd1lpQitOeUlwZDJWd2dTdXZua3hhTlF5dmxtdWtSaTJCTzM1ZEdDNVFaY1V5d2lCZlRoSzdzRC9CMjJHNDZlUVNHeTdqeTlJSmJaMXhNKzVHcXVxOTdPOCtWOVIreEcydW1ZN0grWG90NlBaRjVPT0hERmI2cEVUSThsNDJDdDV2bElJMmRmWXFqZWR6WHAvb1drdXFub2FQejNnUU4wS2JGaDlsazZvVXVJMWlMaHBDMWxIR283em8xV3E0NDFlUW9nS3dhWFNDcGxQNDE0UW44dFE0elcvRTdjZ2hLbnpWMTg1K2lHdXBxTnNoWTBlS1VtSzB2Rkx3dkcrdnc9PSIsICJrZXlfaWQiOiAiY29uZmlnIiB9
public_key_ctx: eyAicGVtIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVU12VkVORFFXVlhaMEYzU1VKQlowbFZSakE1UVdwSWFsbEpPRU5TZWtWR1NtcGpWRVJFWTJsa1pFZ3dkMFJSV1VwTGIxcEphSFpqVGtGUlJVd0tRbEZCZDBScVJVMU5RVzlIUVRGVlJVRjNkMFJoTWtaNlRVSTBXRVJVU1RCTlJGVjNUbXBGZVUxVVFYaE5iRzlZUkZSSk1VMUVWWGRPYWtWNVRWUkJlQXBOYkc5M1JHcEZUVTFCYjBkQk1WVkZRWGQzUkdFeVJucE5TVWxDU1dwQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSUlVaQlFVOURRVkU0UVUxSlNVSkRaMHREQ2tGUlJVRnNWRUk1ZWtzM2R6RjFNRzFtT1dJNWJtZzRVM3AwSzB0NVpGZHZialV5VURWTlkyazRaMVlyZW1GUVdqbG1NMHBpY2xsSFZXWldXRzE2Um1FS2JWRXJUakJtVGpaUmFEaFZPV2x6YnpGUFozVkhXREIxZVRSd1YxazNlbTFYVFhGdFJqVnBTazlJTkVOQmRUVm5WMlZ1YzNJNVIyRlhNMWxtZUV0V1JncFdVbnBLY1V4MFUzcEJUM2x2UTBsaE5WRXJTVEpVZG1kTmVFWmpTRll3U0dONE9YVTVla2RZZERkS05VZGxWMXBUTTNJMk9VZzRNR1JHVWpkR2MwbFJDazFoVERaUlVIaG1VV05XT1ZKaWRXOXdlVUZ3T0U0M1RrdGlVM3A0T0VaVVpFSllVV0U0UW5WeFRYTnZObFp5SzBjclpDOW9lVnA2WWxwVmMxcEVVelFLWjNSdE5uSkNRbFVyYUU4ek1FTjZXbkJhWkhCRVRWTlBkamxqTkdOWlVYbHBkRWx3UmpCcmJWZFFjRTAyWWl0S1V6UnlOMmhHVVU1a1kxQldWWEJXZUFvdlZHb3dSVUZOYVdzcmNIcFpRVXh5YWxSTFpqbEhjbUprZDBsRVFWRkJRbTh4VFhkVlZFRmtRbWRPVmtoUk5FVkdaMUZWYTJSVE0wSnVXSE5uWlV0U0NuVk5MMGhDTlc5c00zbGFjVlJ2TUhkSWQxbEVWbEl3YWtKQ1ozZEdiMEZWYTJSVE0wSnVXSE5uWlV0U2RVMHZTRUkxYjJ3emVWcHhWRzh3ZDBSM1dVUUtWbEl3VkVGUlNDOUNRVlYzUVhkRlFpOTZRVTVDWjJ0eGFHdHBSemwzTUVKQlVYTkdRVUZQUTBGUlJVRlRaWG94UVZaaE5WaEhWWEJyTlVnNFRIcHlTUXA0VTBWelVuUkhVaXRTVjJOSmRHeE1aVlZMYzNOUFRUTnpZMDFtVUVaNlNuUXlUbGR3ZDBOd1NUUmlZMkZHUVZnemVGbExSMWx4Vm5aelZtcHhiVEZWQ25SS1ltaDZkekZoVVZCVVQyWnZORFpsT1hOR0sybHhaR0pwYkVwbFJVbFFabGxEYjB3MlZYUjBSbTk2VEM5TFoyazFlV0ZsU1hCU2NURmlhSEZ3VmpjS1RWUm1TbTFDYkhWSWNrWmhkV05GYUVGTVRESm9LMHRzUTFSNmFtSnNRbkJaTjFocFZGWkhjM0paYzBWMk1tRjNORWgyYjFwWlZrWlZWM0l4UTFKWFlncHBjREI0ZEZaMVNYRTVSRmhoYTBaSllXVlFXbFpuTUhSQ2N6VkJlakJ6VUdscE5VZFVWalV6VlhkbWNqWTRWamhCWVhGUlNFOXlWR1JRTDJaYWRrTjNDbVJYVFdkS1NubHRjMjFWVWlzMWNUSkNUbkp2WkhsVFdEZDRSelp4ZW5FME1tNUJWMVp3U2xOdmIwZzVaV2RTWVhadVowUTVVWFJyZVdVNUt6QnVSVzBLVkdjOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0iIH0=
provider_config_id: 4ab6b1c4-fa5c-4036-8921-53f8c267b728
kas_key_2:
id: 7b7197e4-f2de-4f74-b2f5-17c2d87ba13c
key_access_server_id: 34f2acdc-3d9c-4e92-80b6-90fe4dc9afcb # key_access_server_1
key_algorithm: 1 # ALGORITHM_RSA_2048
key_id: kas_key_2
key_mode: 1 # KEY_MODE_LOCAL
key_algorithm: 3 # ALGORITHM_EC_P256
key_id: ec_key_1
key_mode: 1 # KEY_MODE_LOCAL
key_status: 1 # KEY_STATUS_ACTIVE
private_key_ctx: eyJ3cmFwcGVkS2V5IjoiYTJWNUNnPT0iLCJrZXlJZCI6ImtleSJ9Cg==
public_key_ctx: eyJwZW0iOiJhMlY1Q2c9PSJ9Cg==
provider_config_id: 19098106-54a1-4d33-8846-4894b5b6db3e # provider_config_2
private_key_ctx: eyAid3JhcHBlZF9rZXkiOiAiMXZ2V2pJZ2E2emM0bkhKVHEwL3RmM2hKZXU2VlpDY2o5WTVvbXZNekN2MEw5OVNxcGNpUHY5dUw1ZTQzeHVabTBYMDR3ekJ4VVdhUnJBaWJQRGN2TzFOQWJwS1ZObVNPODRyaXE4aklVeTRJRTRWeHBiTWYwL0duR1U2RjJIODhWb251K2YxMFRQeXdvVWgrU0dXTUZRZWU0eHFkaDJvQ2JlY3FiWklkK1JRR3dRUUh4dUlmOVljUW53MXJXcVMyRHhEekc5cGtleVZCTFBnaTQvZmo5SWhHVmtQQ0RaRFpZYys5MksrZ2UzT0htSlVSSWlURUI4b3BXbVNTc2Zhblc5YkJSYURWdWwxV3EyaHVrK1piVWhqeEZ6bEJWVHRuUVQ2c2R3Yzl0YlpSd0Rqa2ViVGExNVJHVkRKZFhZK1drTHZ2a2J0TVdWZHJQdlNNT2hwRndtcGNvN2g5VjRMdnRLalhvcTA9IiwgImtleV9pZCI6ICJjb25maWciIH0=
public_key_ctx: eyAicGVtIjogIkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVUpqUkVORFFWSmxaMEYzU1VKQlowbFZXRGRMUW14blVUaENWa3BEYldkWlp6SldTM0pyUWt3eVl6UkpkME5uV1VsTGIxcEplbW93UlVGM1NYY0tSR3BGVFUxQmIwZEJNVlZGUVhkM1JHRXlSbnBOUWpSWVJGUkpNRTFFVlhkT2FrVjVUVlJCZUUxc2IxaEVWRWt4VFVSVmQwNXFSWGxOVkVGNFRXeHZkd3BFYWtWTlRVRnZSMEV4VlVWQmQzZEVZVEpHZWsxR2EzZEZkMWxJUzI5YVNYcHFNRU5CVVZsSlMyOWFTWHBxTUVSQlVXTkVVV2RCUldRNFJGSnlhRTFFQ2xCUlUyTkpVR3hTZFZaaVdtSlZZakoxV1RoVlRFSldaVzFSZW5oblZEZHZURGRaTjFWR1NHSmtTWFZuVjBGRFVsVm5UMEl6VjJ0a1MzTTVjVXBFYUcwS1EwUkZZazh2WXl0YWMzSnpUa3RPVkUxR1JYZElVVmxFVmxJd1QwSkNXVVZHUlM5MlluVjJWVms1U2tVdk4xb3hSR0pTY25kcE1tWTNUV1JGVFVJNFJ3cEJNVlZrU1hkUldVMUNZVUZHUlM5MlluVjJWVms1U2tVdk4xb3hSR0pTY25kcE1tWTNUV1JGVFVFNFIwRXhWV1JGZDBWQ0wzZFJSazFCVFVKQlpqaDNDa05uV1VsTGIxcEplbW93UlVGM1NVUlNkMEYzVWtGSloxSnliVEJvU1VwSWFYaHlVVEpGT0VneWVtZE1SMVZMUkdsUlJYcE5aRWMwYzNGRWIySTBjVm9LZVN0clEwbElTMjVIZEUxU05GcHlia3BxSzJaM2FrSTJhelZzZVhSM1dYRnhibGxJWVU1NWNFVmlTVlUwYWpWcUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyIgfQ==

##############
# Provider Config
Expand All @@ -581,7 +579,6 @@ provider_configs:
provider_name: gcp
config: eyJzb21lIjogInZhbHVlIn0g


##
# Registered Resources
#
Expand Down Expand Up @@ -653,5 +650,5 @@ registered_resource_action_attribute_values:
registered_resource_value_id: 1d2c3b4a-5e6f-7a89-0b1c-2d3e4f5a6789
# loaded by migration
action_name: custom_action_1
# example.com/attr/attr1/value/value2
# example.com/attr/attr1/value/value2
attribute_value_id: 2fe8dea1-3555-498c-afe9-99724f35f3d3
Loading