feat: Assertion capability tests using schema (manifest and assertion) #341
Conversation
- Introduced `skip_assertion_schema_skew` to handle cases where the decrypt SDK does not support assertion schemas used by the encrypted TDF. - Consolidated `target_mode` usage to reduce redundancy. - Updated test logic to ensure assertion schema compatibility is verified.
Summary of ChangesHello @pflynn-virtru, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the test infrastructure's ability to handle varying assertion schema versions across different SDKs. By introducing dynamic compatibility checks, it ensures that tests involving V2 assertion schemas (currently only supported by the Go SDK) are appropriately skipped when a decrypting SDK lacks support, preventing false failures and making the test suite more robust and self-documenting as SDK capabilities evolve. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
pflynn-virtru
changed the title
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for V2 assertion schemas in the test infrastructure, enhancing SDK compatibility checks and updating tests to accommodate scenarios where the decrypt SDK cannot verify assertions due to unsupported schema versions. The changes include adding assertion_schema_v2 to the feature_type list, updating the _uncached_supports method, and introducing the skip_assertion_schema_skew function. The tests have been updated to call skip_assertion_schema_skew after encryption.
pflynn-virtru
changed the title
xtest/tdfs.py
Outdated
| case ("ns_grants", ("go" | "java")): | ||
| return True | ||
| case ("assertion_schema_v2", "go"): | ||
| # Go SDK supports V2 assertion schema (urn:opentdf:system:metadata:v2) |
There was a problem hiding this comment.
Do all supported versions support the v2 schema? You may want to add a feature detector to the go/cli.sh for this somehow, e.g. by adding a note to the appropriate otdfctl --help document.
There was a problem hiding this comment.
old versions do not support new assertions (v2, x509, non-DEK/PK)
|
|
||
| # Unknown schema - be conservative and skip | ||
| else: | ||
| pytest.skip( |
There was a problem hiding this comment.
We should fail on these, not skip. Perhaps log a message?
There was a problem hiding this comment.
does a feature check first, then it will only skip if not supported.
xtest/tdfs.py
Outdated
| for assertion in m.assertions: | ||
| if assertion.id == "system-metadata": |
There was a problem hiding this comment.
| for assertion in m.assertions: | |
| if assertion.id == "system-metadata": | |
| system_assertions = (a for a in m.assertions if a.id == "system-metadata") | |
| for assertion in system_assertions: |
…ge and update test failure logic for unknown schemas
|
This pull request adds support for V2 assertion schemas in the test infrastructure, improves SDK compatibility checks for assertion verification, and updates relevant tests to skip cases where the decrypt SDK cannot verify assertions due to unsupported schema versions. The changes ensure that tests are self-documenting and future-proof as SDKs evolve.
Assertion schema compatibility improvements
"assertion_schema_v2"to thefeature_typelist inxtest/tdfs.pyto represent support for the V2 assertion schema._uncached_supportsmethod inxtest/tdfs.pyto declare that only the Go SDK currently supports the V2 assertion schema.skip_assertion_schema_skewfunction inxtest/tdfs.py, which inspects the encrypted TDF file and skips tests if the decrypt SDK does not support the assertion schema used. This makes compatibility checks dynamic and avoids hardcoding SDK support.Test updates for schema compatibility
test_tdf_assertions_unkeyed,test_tdf_assertions_with_keys, andtest_tdf_assertions_422_formatinxtest/test_tdfs.pyto callskip_assertion_schema_skewafter encryption, ensuring tests are skipped if assertion verification would fail due to incompatible schemas. [1] [2] [3] [4] [5]skip_assertion_schema_skewto handle cases where the decrypt SDK does not support assertion schemas used by the encrypted TDF.target_modeusage to reduce redundancy.