Skip to content

chore(xtest): Add assertions about policy contents #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dmihalcik-virtru
Copy link
Member

No description provided.

shfmt shellcheck

Update test_policytypes.py

chore(xtest): Add more assertions about nano policies

chore(xtest): follouwp
@dmihalcik-virtru dmihalcik-virtru changed the title chore(xtest): Add nano plaintext policy coverage chore(xtest): Add assertions about policy contents Aug 1, 2025
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary of Changes

Hello @dmihalcik-virtru, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the test suite by introducing a more comprehensive and reusable assertion mechanism for verifying policy types and embedded attributes within encrypted containers, with a specific focus on "nano" container plaintext policies. This improves the robustness and clarity of policy-related tests.

Highlights

  • New Type Definition: A policy_type literal ("plaintext", "encrypted") has been added to tdfs.py to formally define policy types used in the test suite, enhancing type clarity for policy-related operations.
  • Refactored Policy Assertions: A new helper function, assert_expected_attrs, was introduced in test_policytypes.py. This function centralizes and standardizes the verification of policy attributes and policy types (plaintext/embedded vs. encrypted) across different container types, significantly reducing code duplication and improving test maintainability.
  • Enhanced Nano Plaintext Policy Coverage: Existing tests (test_or_attributes_success, test_and_attributes_success, test_hierarchy_attributes_success, test_container_policy_mode) have been updated to utilize the new assert_expected_attrs helper. This specifically extends coverage to ensure correct handling and verification of embedded plaintext policies within "nano" containers, validating their structure and contained attributes.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in issue comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

Copy link

sonarqubecloud bot commented Aug 1, 2025

Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds assertions to verify the contents of TDF policies, which is a valuable addition for ensuring correctness. The new assert_expected_attrs helper function centralizes policy assertions, improving test maintainability. I've suggested some minor improvements to the helper function to improve its readability and error handling.

Comment on lines +299 to +303
if not pt:
if "nano" == tdfs.simple_container(c):
pt = "encrypted"
else:
pt = "plaintext"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The logic to determine pt (policy type) could be simplified. Since tdfs.simple_container(c) returns either nano or ztdf, you can directly assign pt based on whether the container is nano or not.

pt = "encrypted" if "nano" == tdfs.simple_container(c) else "plaintext"

Comment on lines +306 to +316
match tdfs.simple_container(c):
case "nano":
envelope = nano.parse(f.read())
assert envelope.header.version.version == 12
assert (
envelope.header.policy.policy_type == nano.PolicyType.ENCRYPTED
)
assert not envelope.header.policy.embedded
assert envelope.header.policy.encrypted
case _:
assert False, "Unsupported container & policy type pair"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider raising a more descriptive exception message that includes the actual container type. This will help in debugging when an unsupported container type is encountered.

case _:
    raise ValueError(f"Unsupported container type: {c}")

@@ -281,14 +284,53 @@ def test_container_policy_mode(
policy_mode="plaintext",
target_mode=tdfs.select_target_version(encrypt_sdk, decrypt_sdk),
)
assert_expected_attrs(container, "plaintext", ct_file, fqns)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Adding this assertion here ensures that the expected attributes are checked immediately after encryption, providing quicker feedback if something goes wrong during the encryption process.

assert_expected_attrs(container, "plaintext", ct_file, fqns)

@@ -57,6 +57,8 @@

container_version = Literal["4.2.2", "4.3.0"]

policy_type = Literal["plaintext", "encrypted"]

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Consider adding a docstring to explain the purpose of this type alias.

Suggested change
policy_type = Literal["plaintext", "encrypted"]
policy_type = Literal["plaintext", "encrypted"]
"""Type alias for policy type"""

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant