bump to protocol v0.2.26

opentdf · Feb 14, 2025 · 89a30ab · 89a30ab
1 parent 6447a1f
commit 89a30ab
Show file tree

Hide file tree

Showing 5 changed files with 101 additions and 104 deletions.
diff --git a/cmd/kas-public-keys.go b/cmd/kas-public-keys.go
@@ -373,6 +373,11 @@ func formatAssociations(assocs []*kasregistry.ListPublicKeyMappingResponse_Assoc
 	return strings.Join(fqns, "\n")
 }
 
+func isValidBase64(s string) bool {
+	_, err := base64.StdEncoding.DecodeString(s)
+	return err == nil
+}
+
 func parseAndFormatKey(key string) (string, error) {
 	if key == "" {
 		return "", errors.New("key is required")
@@ -395,11 +400,6 @@ func parseAndFormatKey(key string) (string, error) {
 	return key, nil
 }
 
-func isValidBase64(s string) bool {
-	_, err := base64.StdEncoding.DecodeString(s)
-	return err == nil
-}
-
 func enumToAlg(enum policy.KasPublicKeyAlgEnum) (string, error) {
 	switch enum {
 	case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048:

diff --git a/docs/man/policy/kas-registry/public-keys/create.md b/docs/man/policy/kas-registry/public-keys/create.md
@@ -16,14 +16,15 @@ command:
     - name: key-id
       shorthand: i
       description: ID of the public key.
+      required: true
     - name: algorithm
       shorthand: a
       description: Algorithm of the public key. (rsa:2048, rsa:4096, ec:secp256r1, ec:secp384r1, ec:secp521r1)
+      required: true
     - name: label
       description: "Optional metadata 'labels' in the format: key=value"
       shorthand: l
-      default: ''
-
+      default: ""
 ---
 
 Add a public key to a Key Access Server. The public key must be in PEM format. It can be base64 encoded or plain text.
@@ -48,4 +49,3 @@ create --kas kas-1 --key-id key-1 --key "-----BEGIN CERTIFICATE-----\nMIIB...5Q=
 otdfctl policy kas-registry public-key
 create --kas https://example.com/kas --key-id key-1 --key "-----BEGIN CERTIFICATE-----\nMIIB...5Q=\n-----END CERTIFICATE-----\n" --algorithm rsa:2048
 ```
-
diff --git a/e2e/helpers.bash b/e2e/helpers.bash
@@ -2,11 +2,11 @@
 #!/usr/bin/env bash
 
 # OTDFCTL Helper Functions
-run_otdfctl_kasr () {
+run_otdfctl_kasr() {
     run sh -c "./otdfctl policy kas-registry $HOST $WITH_CREDS $*"
 }
 
-create_kas () {
+create_kas() {
     log_debug "Creating KAS... $1 $2"
 
     run_otdfctl_kasr create --uri "$1" -n "$2" --json
@@ -27,30 +27,30 @@ create_public_key() {
 
     # Select the appropriate key generation function based on the algorithm
     case "$algorithm" in
-        "$RSA_2048_ALG")
-            eval "$(gen_rsa_2048)"
-            key_content="$RSA_2048_PUBLIC_KEY"
-            ;;
-        "$RSA_4096_ALG")
-            eval "$(gen_rsa_4096)"
-            key_content="$RSA_4096_PUBLIC_KEY"
-            ;;
-        "$EC_256_ALG")
-            eval "$(gen_ec256)"
-            key_content="$EC_256_PUBLIC_KEY"
-            ;;
-        "$EC_384_ALG")
-            eval "$(gen_ec384)"
-            key_content="$EC_384_PUBLIC_KEY"
-            ;;
-        "$EC_521_ALG")
-            eval "$(gen_ec521)"
-            key_content="$EC_521_PUBLIC_KEY"
-            ;;
-        *)
-            log_error "Unsupported algorithm: $algorithm"
-            return 1
-            ;;
+    "$RSA_2048_ALG")
+        eval "$(gen_rsa_2048)"
+        key_content="$RSA_2048_PUBLIC_KEY"
+        ;;
+    "$RSA_4096_ALG")
+        eval "$(gen_rsa_4096)"
+        key_content="$RSA_4096_PUBLIC_KEY"
+        ;;
+    "$EC_256_ALG")
+        eval "$(gen_ec256)"
+        key_content="$EC_256_PUBLIC_KEY"
+        ;;
+    "$EC_384_ALG")
+        eval "$(gen_ec384)"
+        key_content="$EC_384_PUBLIC_KEY"
+        ;;
+    "$EC_521_ALG")
+        eval "$(gen_ec521)"
+        key_content="$EC_521_PUBLIC_KEY"
+        ;;
+    *)
+        log_error "Unsupported algorithm: $algorithm"
+        return 1
+        ;;
     esac
 
     # Verify key content is not empty
@@ -83,48 +83,48 @@ create_public_key() {
 }
 
 # Setup Helper
-setup_helper(){
-  load "${BATS_LIB_PATH}/bats-support/load.bash"
-  load "${BATS_LIB_PATH}/bats-assert/load.bash"
-
-  # Initialize IDs to empty strings in case creation fails
-  KAS_ID=""
-  PUBLIC_KEY_ID=""
-  PUBLIC_KEY_IDS=() # Initialize an empty array
-
-  KAS_URI="https://testing-public-key.io"
-  KAS_NAME="public-key-kas"
-
-  RSA_2048_ALG="rsa:2048"
-  RSA_4096_ALG="rsa:4096"
-  EC_256_ALG="ec:secp256r1"
-  EC_384_ALG="ec:secp384r1"
-  EC_521_ALG="ec:secp521r1"
+setup_helper() {
+    load "${BATS_LIB_PATH}/bats-support/load.bash"
+    load "${BATS_LIB_PATH}/bats-assert/load.bash"
+
+    # Initialize IDs to empty strings in case creation fails
+    KAS_ID=""
+    PUBLIC_KEY_ID=""
+    PUBLIC_KEY_IDS=() # Initialize an empty array
+
+    KAS_URI="https://testing-public-key.io"
+    KAS_NAME="public-key-kas"
+
+    RSA_2048_ALG="rsa:2048"
+    RSA_4096_ALG="rsa:4096"
+    EC_256_ALG="ec:secp256r1"
+    EC_384_ALG="ec:secp384r1"
+    EC_521_ALG="ec:secp521r1"
 }
 
 # Cleanup Helper
-cleanup_helper(){
-  # Iterate over the array of public key IDs and delete them
-  for PUBLIC_KEY_ID in "${PUBLIC_KEY_IDS[@]}"; do
-      if [ -n "$PUBLIC_KEY_ID" ]; then
-          log_debug "Running ${run_otdfctl_kasr} public-key unsafe delete --id $PUBLIC_KEY_ID --force --json"
-          run_otdfctl_kasr public-key unsafe delete --id "$PUBLIC_KEY_ID" --force --json
-          log_debug "$output"
-          if [ $? -ne 0 ]; then
-              log_info "Error: Failed to delete public key with ID: $PUBLIC_KEY_ID"
-          fi
-          log_debug "Deleted public key with ID: $PUBLIC_KEY_ID"
-      fi
-  done
-  if [ -n "$KAS_ID" ]; then
-      log_debug "Running ${run_otdfctl_kasr} delete --id $KAS_ID --force --json"
-      run_otdfctl_kasr delete --id "$KAS_ID" --force --json
-      log_debug "$output"
-      if [ $? -ne 0 ]; then
-          log_info "Error: Failed to delete KAS registry with ID: $KAS_ID"
-      fi
-      log_debug "Deleted KAS registry with ID: $KAS_ID"
-  fi
+cleanup_helper() {
+    # Iterate over the array of public key IDs and delete them
+    for PUBLIC_KEY_ID in "${PUBLIC_KEY_IDS[@]}"; do
+        if [ -n "$PUBLIC_KEY_ID" ]; then
+            log_debug "Running ${run_otdfctl_kasr} public-key unsafe delete --id $PUBLIC_KEY_ID --force --json"
+            run_otdfctl_kasr public-key unsafe delete --id "$PUBLIC_KEY_ID" --force --json
+            log_debug "$output"
+            if [ $? -ne 0 ]; then
+                log_info "Error: Failed to delete public key with ID: $PUBLIC_KEY_ID"
+            fi
+            log_debug "Deleted public key with ID: $PUBLIC_KEY_ID"
+        fi
+    done
+    if [ -n "$KAS_ID" ]; then
+        log_debug "Running ${run_otdfctl_kasr} delete --id $KAS_ID --force --json"
+        run_otdfctl_kasr delete --id "$KAS_ID" --force --json
+        log_debug "$output"
+        if [ $? -ne 0 ]; then
+            log_info "Error: Failed to delete KAS registry with ID: $KAS_ID"
+        fi
+        log_debug "Deleted KAS registry with ID: $KAS_ID"
+    fi
 }
 
 # Helper function for debug logging
@@ -143,7 +143,7 @@ log_info() {
 gen_rsa_2048() {
     log_debug "Generating RSA 2048 key pair"
     local private_key public_key
-    
+
     # Generate private key
     private_key=$(openssl genrsa 2048)
 
@@ -158,7 +158,7 @@ gen_rsa_2048() {
 gen_rsa_4096() {
     log_debug "Generating RSA 4096 key pair"
     local private_key public_key
-    
+
     # Generate private key
     private_key=$(openssl genrsa 4096)
 
@@ -170,45 +170,42 @@ gen_rsa_4096() {
 
 # Helper function to generate an EC 256 key pair
 gen_ec256() {
-  log_debug "Generating EC 256 key pair" 
-  local private_key public_key
+    log_debug "Generating EC 256 key pair"
+    local private_key public_key
 
-  # Generate private key
-  private_key=$(openssl ecparam -name prime256v1 -genkey)
+    # Generate private key
+    private_key=$(openssl ecparam -name prime256v1 -genkey)
+
+    # Extract public key
+    public_key=$(echo "$private_key" | openssl ec -pubout)
 
-  # Extract public key
-  public_key=$(echo "$private_key" | openssl ec -pubout)
-
-  printf 'export EC_256_PUBLIC_KEY=%q\n' "$public_key"
+    printf 'export EC_256_PUBLIC_KEY=%q\n' "$public_key"
 }
 
 # Helper function to generate an EC 384 key pair
 gen_ec384() {
-  log_debug "Generating EC 384 key pair"
-  local private_key public_key
+    log_debug "Generating EC 384 key pair"
+    local private_key public_key
 
-  # Generate private key
-  private_key=$(openssl ecparam -name secp384r1 -genkey)
+    # Generate private key
+    private_key=$(openssl ecparam -name secp384r1 -genkey)
 
-  # Extract public key
-  public_key=$(echo "$private_key" | openssl ec -pubout)
+    # Extract public key
+    public_key=$(echo "$private_key" | openssl ec -pubout)
 
-  printf 'export EC_384_PUBLIC_KEY=%q\n' "$public_key"
+    printf 'export EC_384_PUBLIC_KEY=%q\n' "$public_key"
 }
 
 # Helper function to generate an EC 521 key pair
 gen_ec521() {
-  log_debug "Generating EC 521 key pair"
-  local private_key public_key
+    log_debug "Generating EC 521 key pair"
+    local private_key public_key
 
-  # Generate private key
-  private_key=$(openssl ecparam -name secp521r1 -genkey)
+    # Generate private key
+    private_key=$(openssl ecparam -name secp521r1 -genkey)
 
-  # Extract public key
-  public_key=$(echo "$private_key" | openssl ec -pubout)
+    # Extract public key
+    public_key=$(echo "$private_key" | openssl ec -pubout)
 
-  printf 'export EC_521_PUBLIC_KEY=%q\n' "$public_key"
+    printf 'export EC_521_PUBLIC_KEY=%q\n' "$public_key"
 }
-
-
-
diff --git a/go.mod b/go.mod
@@ -2,23 +2,22 @@ module github.com/opentdf/otdfctl
 
 go 1.22.7
 
-replace github.com/opentdf/platform/protocol/go => ../platform/protocol/go
-
 require (
 	github.com/adrg/frontmatter v0.2.0
 	github.com/charmbracelet/bubbles v0.18.0
 	github.com/charmbracelet/bubbletea v1.2.4
 	github.com/charmbracelet/glamour v0.8.0
 	github.com/charmbracelet/huh v0.5.2
 	github.com/charmbracelet/lipgloss v1.0.0
+	github.com/charmbracelet/x/term v0.2.1
 	github.com/creasty/defaults v1.8.0
 	github.com/evertras/bubble-table v0.17.1
 	github.com/gabriel-vasile/mimetype v1.4.8
 	github.com/go-jose/go-jose/v3 v3.0.3
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/google/uuid v1.6.0
 	github.com/opentdf/platform/lib/flattening v0.1.3
-	github.com/opentdf/platform/protocol/go v0.2.24
+	github.com/opentdf/platform/protocol/go v0.2.26
 	github.com/opentdf/platform/sdk v0.3.25
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
@@ -42,7 +41,6 @@ require (
 	github.com/catppuccin/go v0.2.0 // indirect
 	github.com/charmbracelet/x/ansi v0.4.5 // indirect
 	github.com/charmbracelet/x/exp/strings v0.0.0-20240722160745-212f7b056ed0 // indirect
-	github.com/charmbracelet/x/term v0.2.1 // indirect
 	github.com/danieljoos/wincred v1.2.2 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect

diff --git a/go.sum b/go.sum
@@ -228,6 +228,8 @@ github.com/opentdf/platform/lib/flattening v0.1.3 h1:IuOm/wJVXNrzOV676Ticgr0wyBk
 github.com/opentdf/platform/lib/flattening v0.1.3/go.mod h1:Gs/T+6FGZKk9OAdz2Jf1R8CTGeNRYrq1lZGDeYT3hrY=
 github.com/opentdf/platform/lib/ocrypto v0.1.7 h1:IcCYRrwmMqntqUE8frmUDg5EZ0WMdldpGeGhbv9+/A8=
 github.com/opentdf/platform/lib/ocrypto v0.1.7/go.mod h1:4bhKPbRFzURMerH5Vr/LlszHvcoXQbfJXa0bpY7/7yg=
+github.com/opentdf/platform/protocol/go v0.2.26 h1:22ugJFhAjlz7BRAky3eBljIQrsLzmsdkKVM+pjuG09k=
+github.com/opentdf/platform/protocol/go v0.2.26/go.mod h1:eldxqX2oF2ADtG8ivhfwn1lALVMX4aaUM+Lp9ynOJXs=
 github.com/opentdf/platform/sdk v0.3.25 h1:dZEVeWKfbjrnEXKzSado8ebpzIrk2n6R7RSZRbX+FwE=
 github.com/opentdf/platform/sdk v0.3.25/go.mod h1:F+RGbT2o9GlzWH9s8VkZyUNUEEAWA3V2RSs8jNQHbqM=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=