Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(tdf): implement tdf3 encrypt and decrypt #73

Merged
merged 7 commits into from
Jan 29, 2024

Conversation

sujankota
Copy link
Contributor

  • Implement tdf3 encrypt and decrypt
  • code coverage ~75%

"encoding/json"
"errors"
"fmt"
"github.com/opentdf/opentdf-v2-poc/internal/archive"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TIL you can import this - I would. think the workspace feature would make this not work?

Either way, shouldn't we move the internal/archive and internal/crypto packages into sdk/internal/...?

sdk/tdf.go Outdated
}

if n != len(writeBuf) {
return errWriteFailed
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can panic here. This only happens if there is an implementation error

Write must return a non-nil error if it returns n < len(p)

https://cs.opensource.google/go/go/+/refs/tags/go1.21.6:src/io/io.go;l=95

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you want to abort the creating of TDF if write call can't write entire segment?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the 'contract' with Write is that it MUST return an error if n != len(writeBuf). But if you want to not require that (postel's law I guess) you can leave this as is. My point is this is more of an assert - the library the client application is passing in (provided by writer) does not meet the agreement for the method definition. I've added a suggestion to simplify

sdk/tdf.go Outdated
}

if !res {
return errRootSigValidation
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably want to export this type, or maybe even make a custom type that is generically ValidationError

@jrschumacher
Copy link
Member

@sujankota @dmihalcik-virtru could we rename internal/sdk to something more scoped like internal/tdfsdk? We are moving the sdk generation to /sdk with a lite wrapper that will make using the services convenient.

That said, we might want to move the tdf related bits into that directory as well as /sdk/tdf. The main reason for this change are go workspaces (isolate service deps from the sdk deps) and clean import strings.

New

package main

import (
  "github.com/opentdf/opentdf-v2-poc/sdk"
  "github.com/opentdf/opentdf-v2-poc/sdk/attributes"
)

func main() {
  client := sdk.NewClient()
}

Old

package main

import (
  "github.com/opentdf/opentdf-v2-poc/internal/sdk"
  "github.com/opentdf/opentdf-v2-poc/internal/sdk/gen/attributes"
)

func main() {
  client := sdk.NewClient()
}

Copy link
Member

@dmihalcik-virtru dmihalcik-virtru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've put in a lot of suggestions for changes to the API. If you don't want to do them yet I'm fine with merging this, then modifying them on a subsequent PR

publicKey string // Public key can be empty.
}

type TDFConfig struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
type TDFConfig struct {
type SDK struct {

)

// NewTDFConfig Create a new instance of tdf config.
func NewTDFConfig() (*TDFConfig, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
func NewTDFConfig() (*TDFConfig, error) {
func New() (*SDK, error) {

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, we may not want to return error here?

Discussion: https://www.reddit.com/r/golang/comments/9bkql2/stop_returning_errors_in_constructors_use/

My thought is that we probably want to do anything that will return an error lazily. If we want, we can add an explicit Validate or Initialize func that returns an error, to allow users the option to avoid 'surprise' errors later in the program


// AddKasInformation Add all the kas urls and their corresponding public keys
// that is required to create and read the tdf.
func (tdfConfig *TDFConfig) AddKasInformation(kasInfoList []KASInfo) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of exposing these mutation functions, we should do some variation of functional options in the New (*SDK) above

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this case the kas list will most likely be derived from the multi-attribute implementation. But agree I think driving creation with WithX on create is the approach we will be taking.

Comment on lines 72 to 83
tdfConfig := TDFConfig{}
tdfConfig.attributes = make([]string, 0)
tdfConfig.kasInfoList = make([]KASInfo, 0)
tdfConfig.tdfPublicKey = tdfPublicKey
tdfConfig.tdfPrivateKey = tdfPrivateKey
tdfConfig.defaultSegmentSize = defaultSegmentSize
tdfConfig.assertions = make([]Assertion, 0)
tdfConfig.enableEncryption = true
tdfConfig.tdfFormat = JSONFormat
tdfConfig.integrityAlgorithm = HS256
tdfConfig.segmentIntegrityAlgorithm = GMAC
return &tdfConfig, nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
tdfConfig := TDFConfig{}
tdfConfig.attributes = make([]string, 0)
tdfConfig.kasInfoList = make([]KASInfo, 0)
tdfConfig.tdfPublicKey = tdfPublicKey
tdfConfig.tdfPrivateKey = tdfPrivateKey
tdfConfig.defaultSegmentSize = defaultSegmentSize
tdfConfig.assertions = make([]Assertion, 0)
tdfConfig.enableEncryption = true
tdfConfig.tdfFormat = JSONFormat
tdfConfig.integrityAlgorithm = HS256
tdfConfig.segmentIntegrityAlgorithm = GMAC
return &tdfConfig, nil
return TDFConfig{
defaultSegmentSize: defaultSegmentSize,
enableEncryption: true,
segmentIntegrityAlgorithm: GMAC,
tdfPrivateKey: tdfPrivateKey,
tdfPublicKey: tdfPublicKey,
}, nil
  • Don't bother setting defaults. Lint might get angry at this but lint is wrong
  • there is no difference between nil and make([]x, 0) afaict
  • I prefer literal inits to a list of field setters, but IDK if is worth codifying yet

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make([]x, 0) will create a data structure with 0 values. In case if anyone iterates It behaves correctly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like it's ok to iterate over nil.


client := &http.Client{}

response, err := client.Do(request)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Re: my above note about not returning error in a constructor, this might be a java thought, but IMO constructors shouldn't be calling things on the network - they should be quick, synchronous things. Any request should take a Context, and we don't want to have that already with the constructor, probably

}

// SetMetaData Set the meta data.
func (tdfConfig *TDFConfig) SetMetaData(metaData string) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

metadata should be passed into the Create method, not be part of the SDK config. We will need to create another CreateConfig struct or something and then add some functional options for that as well, since we expect the Create (write? do? encrypt no longer makes sense given our move to support 'sign only' tdfs)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree; TDFConfig will be removed completely. I want get the functionality working first and later work on the API

"github.com/opentdf/opentdf-v2-poc/internal/crypto"
)

type AuthConfig struct {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Place holder until auth configuration is implemented

sdk/tdf.go Outdated
}

if n != len(writeBuf) {
return errWriteFailed
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you want to abort the creating of TDF if write call can't write entire segment?

sdk/tdf.go Outdated
Comment on lines 253 to 259
if err != nil {
return fmt.Errorf("io.writer.write failed: %w", err)
}

if n != len(writeBuf) {
return errWriteFailed
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if err != nil {
return fmt.Errorf("io.writer.write failed: %w", err)
}
if n != len(writeBuf) {
return errWriteFailed
}
if err != nil || n != len(writeBuf) {
return fmt.Errorf("io.writer.write failed: %w", err)
}

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both are different types of error. I feel making them separate is more clear.

@strantalis
Copy link
Member

strantalis commented Jan 24, 2024

@sujankota @dmihalcik-virtru could we rename internal/sdk to something more scoped like internal/tdfsdk? We are moving the sdk generation to /sdk with a lite wrapper that will make using the services convenient.

That said, we might want to move the tdf related bits into that directory as well as /sdk/tdf. The main reason for this change are go workspaces (isolate service deps from the sdk deps) and clean import strings.

New

package main

import (
  "github.com/opentdf/opentdf-v2-poc/sdk"
  "github.com/opentdf/opentdf-v2-poc/sdk/attributes"
)

func main() {
  client := sdk.NewClient()
}

Old

package main

import (
  "github.com/opentdf/opentdf-v2-poc/internal/sdk"
  "github.com/opentdf/opentdf-v2-poc/internal/sdk/gen/attributes"
)

func main() {
  client := sdk.NewClient()
}

@jrschumacher

I guess I was thinking maybe the tdf package should live at the root where the sdk package pulls things together making it easy for a pep developer.

I could also see a need to potentially version the tdf pkg separate from the sdk. Maybe?

type tdfKeyAccess struct {
kasPublicKey string
kasURL string
wrappedKey [kKeySize]byte
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will the key size ever need to change?

Body string `json:"requestBody"`
}

type splitKey struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The split key name here is throwing me off a little. What are the thoughts if we created a struct called TDF

type TDF struct {
  Manifest *Manifest // public field 
  crypto crypto.AesGcm // private this will already hold the payload key I believe
}

The manifest holds the attribute info, key access objects (contains kas info) already. Then in the create method we could return this type along with an error.

}

// getManifest Return the manifest.
func (splitKey splitKey) getManifest() (*Manifest, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason to have a get manifest seperate from creating the key splits?

@sujankota sujankota requested a review from a team as a code owner January 26, 2024 15:50
@sujankota sujankota enabled auto-merge (squash) January 29, 2024 19:43
@sujankota sujankota merged commit 9d0e0a0 into main Jan 29, 2024
5 of 6 checks passed
@sujankota sujankota deleted the feature/tdf3-manifest-changes branch January 29, 2024 19:46
github-merge-queue bot pushed a commit that referenced this pull request Apr 22, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.1.0](sdk-v0.1.0...sdk/v0.1.0)
(2024-04-22)


### Features

* add structured schema policy config
([#51](#51))
([8a6b876](8a6b876))
* **auth:** add authorization via casbin
([#417](#417))
([292f2bd](292f2bd))
* in-process service to service communication
([#311](#311))
([ec5eb76](ec5eb76))
* **kas:** support HSM and standard crypto
([#497](#497))
([f0cbe03](f0cbe03))
* key access server assignments
([#111](#111))
([a48d686](a48d686)),
closes [#117](#117)
* key access server registry impl
([#66](#66))
([cf6b3c6](cf6b3c6))
* **namespaces CRUD:** protos, generated SDK, db interactivity for
namespaces table ([#54](#54))
([b3f32b1](b3f32b1))
* **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf
([#586](#586))
([5e2cba0](5e2cba0))
* **policy:** add FQN pivot table
([#208](#208))
([abb734c](abb734c))
* **policy:** add soft-delete/deactivation to namespaces, attribute
definitions, attribute values
[#96](#96)
[#108](#108)
([#191](#191))
([02e92a6](02e92a6))
* **resourcemapping:** resource mapping implementation
([#83](#83))
([c144db1](c144db1))
* **sdk:** BACK-1966 get auth wired up to SDK using `Options`
([#271](#271))
([f1bacab](f1bacab))
* **sdk:** BACK-1966 implement fetching a DPoP token
([#45](#45))
([dbd3cf9](dbd3cf9))
* **sdk:** BACK-1966 make the unwrapper retrieve public keys as well
([#260](#260))
([7d051a1](7d051a1))
* **sdk:** BACK-1966 pull rewrap into auth config
([#252](#252))
([84017aa](84017aa))
* **sdk:** Include auth token in grpc
([#367](#367))
([75cb5cd](75cb5cd))
* **sdk:** normalize token exchange
([#546](#546))
([9059dff](9059dff))
* **sdk:** Pass dpop key through to `rewrap`
([#435](#435))
([2d283de](2d283de))
* **sdk:** read `expires_in` from token response and use it to refresh
access tokens ([#445](#445))
([8ecbe79](8ecbe79))
* **sdk:** sdk stub
([#10](#10))
([8dfca6a](8dfca6a))
* **sdk:** take a function so that callers can use this the way that
they want ([#340](#340))
([72059cb](72059cb))
* **subject-mappings:** refactor to meet db schema
([#59](#59))
([59a073b](59a073b))
* **tdf:** implement tdf3 encrypt and decrypt
([#73](#73))
([9d0e0a0](9d0e0a0))
* **tdf:** sdk interface changes
([#123](#123))
([2aa2422](2aa2422))
* **tdf:** sdk interface cleanup
([#201](#201))
([6f7d815](6f7d815))
* **tdf:** TDFOption varargs interface
([#235](#235))
([b3fb720](b3fb720))


### Bug Fixes

* **archive:** remove 10gb zip file test
([#373](#373))
([6548f55](6548f55))
* attribute missing rpc method for listing attribute values
([#69](#69))
([1b3a831](1b3a831))
* **attribute value:** fixes attribute value crud
([#86](#86))
([568df9c](568df9c))
* **issue 90:** remove duplicate attribute_id from attribute value
create/update, and consumes schema setup changes in namespaces that were
introduced for integration testing
([#100](#100))
([e0f6d07](e0f6d07))
* **issue-124:** SDK kas registry import name mismatch
([#125](#125))
([112638b](112638b)),
closes [#124](#124)
* **proto/acre:** fix resource encoding service typo
([#30](#30))
([fe709d2](fe709d2))
* remove padding when b64 encoding
([#437](#437))
([d40e94a](d40e94a))
* SDK Quickstart
([#628](#628))
([f27ab98](f27ab98))
* **sdk:** change unwrapper creation
([#346](#346))
([9206435](9206435))
* **sdk:** double bearer token in auth config
([#350](#350))
([1bf4699](1bf4699))
* **sdk:** fixes Manifests JSONs with OIDC
([#140](#140))
([a4b6937](a4b6937))
* **sdk:** handle err
([#548](#548))
([ebabb6c](ebabb6c))
* **sdk:** make KasInfo fields public
([#320](#320))
([9a70498](9a70498))
* **sdk:** shutdown conn
([#352](#352))
([3def038](3def038))
* **sdk:** temporarily move unwrapper creation into options func.
([#309](#309))
([b34c2fe](b34c2fe))
* **sdk:** use the dialoptions even with no client credentials
([#400](#400))
([a7f1908](a7f1908))
* **security:** add a new encryption keypair different from dpop keypair
([#461](#461))
([7deb51e](7deb51e))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
tech-guru42 added a commit to tech-guru42/TDF that referenced this pull request Jun 3, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0)
(2024-04-22)


### Features

* add structured schema policy config
([#51](opentdf/platform#51))
([8a6b876](opentdf/platform@8a6b876))
* **auth:** add authorization via casbin
([#417](opentdf/platform#417))
([292f2bd](opentdf/platform@292f2bd))
* in-process service to service communication
([#311](opentdf/platform#311))
([ec5eb76](opentdf/platform@ec5eb76))
* **kas:** support HSM and standard crypto
([#497](opentdf/platform#497))
([f0cbe03](opentdf/platform@f0cbe03))
* key access server assignments
([#111](opentdf/platform#111))
([a48d686](opentdf/platform@a48d686)),
closes [#117](opentdf/platform#117)
* key access server registry impl
([#66](opentdf/platform#66))
([cf6b3c6](opentdf/platform@cf6b3c6))
* **namespaces CRUD:** protos, generated SDK, db interactivity for
namespaces table ([#54](opentdf/platform#54))
([b3f32b1](opentdf/platform@b3f32b1))
* **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf
([#586](opentdf/platform#586))
([5e2cba0](opentdf/platform@5e2cba0))
* **policy:** add FQN pivot table
([#208](opentdf/platform#208))
([abb734c](opentdf/platform@abb734c))
* **policy:** add soft-delete/deactivation to namespaces, attribute
definitions, attribute values
[#96](opentdf/platform#96)
[#108](opentdf/platform#108)
([#191](opentdf/platform#191))
([02e92a6](opentdf/platform@02e92a6))
* **resourcemapping:** resource mapping implementation
([#83](opentdf/platform#83))
([c144db1](opentdf/platform@c144db1))
* **sdk:** BACK-1966 get auth wired up to SDK using `Options`
([#271](opentdf/platform#271))
([f1bacab](opentdf/platform@f1bacab))
* **sdk:** BACK-1966 implement fetching a DPoP token
([#45](opentdf/platform#45))
([dbd3cf9](opentdf/platform@dbd3cf9))
* **sdk:** BACK-1966 make the unwrapper retrieve public keys as well
([#260](opentdf/platform#260))
([7d051a1](opentdf/platform@7d051a1))
* **sdk:** BACK-1966 pull rewrap into auth config
([#252](opentdf/platform#252))
([84017aa](opentdf/platform@84017aa))
* **sdk:** Include auth token in grpc
([#367](opentdf/platform#367))
([75cb5cd](opentdf/platform@75cb5cd))
* **sdk:** normalize token exchange
([#546](opentdf/platform#546))
([9059dff](opentdf/platform@9059dff))
* **sdk:** Pass dpop key through to `rewrap`
([#435](opentdf/platform#435))
([2d283de](opentdf/platform@2d283de))
* **sdk:** read `expires_in` from token response and use it to refresh
access tokens ([#445](opentdf/platform#445))
([8ecbe79](opentdf/platform@8ecbe79))
* **sdk:** sdk stub
([#10](opentdf/platform#10))
([8dfca6a](opentdf/platform@8dfca6a))
* **sdk:** take a function so that callers can use this the way that
they want ([#340](opentdf/platform#340))
([72059cb](opentdf/platform@72059cb))
* **subject-mappings:** refactor to meet db schema
([#59](opentdf/platform#59))
([59a073b](opentdf/platform@59a073b))
* **tdf:** implement tdf3 encrypt and decrypt
([#73](opentdf/platform#73))
([9d0e0a0](opentdf/platform@9d0e0a0))
* **tdf:** sdk interface changes
([#123](opentdf/platform#123))
([2aa2422](opentdf/platform@2aa2422))
* **tdf:** sdk interface cleanup
([#201](opentdf/platform#201))
([6f7d815](opentdf/platform@6f7d815))
* **tdf:** TDFOption varargs interface
([#235](opentdf/platform#235))
([b3fb720](opentdf/platform@b3fb720))


### Bug Fixes

* **archive:** remove 10gb zip file test
([#373](opentdf/platform#373))
([6548f55](opentdf/platform@6548f55))
* attribute missing rpc method for listing attribute values
([#69](opentdf/platform#69))
([1b3a831](opentdf/platform@1b3a831))
* **attribute value:** fixes attribute value crud
([#86](opentdf/platform#86))
([568df9c](opentdf/platform@568df9c))
* **issue 90:** remove duplicate attribute_id from attribute value
create/update, and consumes schema setup changes in namespaces that were
introduced for integration testing
([#100](opentdf/platform#100))
([e0f6d07](opentdf/platform@e0f6d07))
* **issue-124:** SDK kas registry import name mismatch
([#125](opentdf/platform#125))
([112638b](opentdf/platform@112638b)),
closes [#124](opentdf/platform#124)
* **proto/acre:** fix resource encoding service typo
([#30](opentdf/platform#30))
([fe709d2](opentdf/platform@fe709d2))
* remove padding when b64 encoding
([#437](opentdf/platform#437))
([d40e94a](opentdf/platform@d40e94a))
* SDK Quickstart
([#628](opentdf/platform#628))
([f27ab98](opentdf/platform@f27ab98))
* **sdk:** change unwrapper creation
([#346](opentdf/platform#346))
([9206435](opentdf/platform@9206435))
* **sdk:** double bearer token in auth config
([#350](opentdf/platform#350))
([1bf4699](opentdf/platform@1bf4699))
* **sdk:** fixes Manifests JSONs with OIDC
([#140](opentdf/platform#140))
([a4b6937](opentdf/platform@a4b6937))
* **sdk:** handle err
([#548](opentdf/platform#548))
([ebabb6c](opentdf/platform@ebabb6c))
* **sdk:** make KasInfo fields public
([#320](opentdf/platform#320))
([9a70498](opentdf/platform@9a70498))
* **sdk:** shutdown conn
([#352](opentdf/platform#352))
([3def038](opentdf/platform@3def038))
* **sdk:** temporarily move unwrapper creation into options func.
([#309](opentdf/platform#309))
([b34c2fe](opentdf/platform@b34c2fe))
* **sdk:** use the dialoptions even with no client credentials
([#400](opentdf/platform#400))
([a7f1908](opentdf/platform@a7f1908))
* **security:** add a new encryption keypair different from dpop keypair
([#461](opentdf/platform#461))
([7deb51e](opentdf/platform@7deb51e))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
passion-127 added a commit to passion-127/TDF that referenced this pull request Jun 6, 2024
🤖 I have created a release *beep* *boop*
---


##
[0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0)
(2024-04-22)


### Features

* add structured schema policy config
([#51](opentdf/platform#51))
([8a6b876](opentdf/platform@8a6b876))
* **auth:** add authorization via casbin
([#417](opentdf/platform#417))
([292f2bd](opentdf/platform@292f2bd))
* in-process service to service communication
([#311](opentdf/platform#311))
([ec5eb76](opentdf/platform@ec5eb76))
* **kas:** support HSM and standard crypto
([#497](opentdf/platform#497))
([f0cbe03](opentdf/platform@f0cbe03))
* key access server assignments
([#111](opentdf/platform#111))
([a48d686](opentdf/platform@a48d686)),
closes [#117](opentdf/platform#117)
* key access server registry impl
([#66](opentdf/platform#66))
([cf6b3c6](opentdf/platform@cf6b3c6))
* **namespaces CRUD:** protos, generated SDK, db interactivity for
namespaces table ([#54](opentdf/platform#54))
([b3f32b1](opentdf/platform@b3f32b1))
* **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf
([#586](opentdf/platform#586))
([5e2cba0](opentdf/platform@5e2cba0))
* **policy:** add FQN pivot table
([#208](opentdf/platform#208))
([abb734c](opentdf/platform@abb734c))
* **policy:** add soft-delete/deactivation to namespaces, attribute
definitions, attribute values
[#96](opentdf/platform#96)
[#108](opentdf/platform#108)
([#191](opentdf/platform#191))
([02e92a6](opentdf/platform@02e92a6))
* **resourcemapping:** resource mapping implementation
([#83](opentdf/platform#83))
([c144db1](opentdf/platform@c144db1))
* **sdk:** BACK-1966 get auth wired up to SDK using `Options`
([#271](opentdf/platform#271))
([f1bacab](opentdf/platform@f1bacab))
* **sdk:** BACK-1966 implement fetching a DPoP token
([#45](opentdf/platform#45))
([dbd3cf9](opentdf/platform@dbd3cf9))
* **sdk:** BACK-1966 make the unwrapper retrieve public keys as well
([#260](opentdf/platform#260))
([7d051a1](opentdf/platform@7d051a1))
* **sdk:** BACK-1966 pull rewrap into auth config
([#252](opentdf/platform#252))
([84017aa](opentdf/platform@84017aa))
* **sdk:** Include auth token in grpc
([#367](opentdf/platform#367))
([75cb5cd](opentdf/platform@75cb5cd))
* **sdk:** normalize token exchange
([#546](opentdf/platform#546))
([9059dff](opentdf/platform@9059dff))
* **sdk:** Pass dpop key through to `rewrap`
([#435](opentdf/platform#435))
([2d283de](opentdf/platform@2d283de))
* **sdk:** read `expires_in` from token response and use it to refresh
access tokens ([#445](opentdf/platform#445))
([8ecbe79](opentdf/platform@8ecbe79))
* **sdk:** sdk stub
([#10](opentdf/platform#10))
([8dfca6a](opentdf/platform@8dfca6a))
* **sdk:** take a function so that callers can use this the way that
they want ([#340](opentdf/platform#340))
([72059cb](opentdf/platform@72059cb))
* **subject-mappings:** refactor to meet db schema
([#59](opentdf/platform#59))
([59a073b](opentdf/platform@59a073b))
* **tdf:** implement tdf3 encrypt and decrypt
([#73](opentdf/platform#73))
([9d0e0a0](opentdf/platform@9d0e0a0))
* **tdf:** sdk interface changes
([#123](opentdf/platform#123))
([2aa2422](opentdf/platform@2aa2422))
* **tdf:** sdk interface cleanup
([#201](opentdf/platform#201))
([6f7d815](opentdf/platform@6f7d815))
* **tdf:** TDFOption varargs interface
([#235](opentdf/platform#235))
([b3fb720](opentdf/platform@b3fb720))


### Bug Fixes

* **archive:** remove 10gb zip file test
([#373](opentdf/platform#373))
([6548f55](opentdf/platform@6548f55))
* attribute missing rpc method for listing attribute values
([#69](opentdf/platform#69))
([1b3a831](opentdf/platform@1b3a831))
* **attribute value:** fixes attribute value crud
([#86](opentdf/platform#86))
([568df9c](opentdf/platform@568df9c))
* **issue 90:** remove duplicate attribute_id from attribute value
create/update, and consumes schema setup changes in namespaces that were
introduced for integration testing
([#100](opentdf/platform#100))
([e0f6d07](opentdf/platform@e0f6d07))
* **issue-124:** SDK kas registry import name mismatch
([#125](opentdf/platform#125))
([112638b](opentdf/platform@112638b)),
closes [#124](opentdf/platform#124)
* **proto/acre:** fix resource encoding service typo
([#30](opentdf/platform#30))
([fe709d2](opentdf/platform@fe709d2))
* remove padding when b64 encoding
([#437](opentdf/platform#437))
([d40e94a](opentdf/platform@d40e94a))
* SDK Quickstart
([#628](opentdf/platform#628))
([f27ab98](opentdf/platform@f27ab98))
* **sdk:** change unwrapper creation
([#346](opentdf/platform#346))
([9206435](opentdf/platform@9206435))
* **sdk:** double bearer token in auth config
([#350](opentdf/platform#350))
([1bf4699](opentdf/platform@1bf4699))
* **sdk:** fixes Manifests JSONs with OIDC
([#140](opentdf/platform#140))
([a4b6937](opentdf/platform@a4b6937))
* **sdk:** handle err
([#548](opentdf/platform#548))
([ebabb6c](opentdf/platform@ebabb6c))
* **sdk:** make KasInfo fields public
([#320](opentdf/platform#320))
([9a70498](opentdf/platform@9a70498))
* **sdk:** shutdown conn
([#352](opentdf/platform#352))
([3def038](opentdf/platform@3def038))
* **sdk:** temporarily move unwrapper creation into options func.
([#309](opentdf/platform#309))
([b34c2fe](opentdf/platform@b34c2fe))
* **sdk:** use the dialoptions even with no client credentials
([#400](opentdf/platform#400))
([a7f1908](opentdf/platform@a7f1908))
* **security:** add a new encryption keypair different from dpop keypair
([#461](opentdf/platform#461))
([7deb51e](opentdf/platform@7deb51e))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants