Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy: KAS registration lacks validation of URI #1640

Closed
jakedoublev opened this issue Oct 14, 2024 · 0 comments · Fixed by #1656
Closed

Policy: KAS registration lacks validation of URI #1640

jakedoublev opened this issue Oct 14, 2024 · 0 comments · Fixed by #1656

Comments

@jakedoublev
Copy link
Contributor

Background

Registering a KAS to a platform currently requires a unique URI and a public_key that is either remote or cached:

platform/service/policy/kasregistry/key_access_server_registry.proto

Line 22 in 0551247

message CreateKeyAccessServerRequest {

Soon, it will also include (optionally) a common name for the KAS which is also unique: #153

However, the uri field in the proto above has no validation at present.

./otdfctl policy kasr create -r https://remote.com/kas -u 'b' --json
{
  "id": "87859c4d-b7f2-4366-8900-658b2a97de49",
  "uri": "b", // this should not be valid
  "public_key": {
    "PublicKey": {
      "Remote": "https://remote.com/kas"
    }
  },
  "metadata": {
    "created_at": {
      "seconds": 1728938163,
      "nanos": 43877000
    },
    "updated_at": {
      "seconds": 1728938163,
      "nanos": 43877000
    }
  }
}

Acceptance Criteria

  1. define allowed protocol schemes for KAS URIs
  2. enforce valid URI format with a CEL expression at the proto level
@jakedoublev jakedoublev mentioned this issue Oct 16, 2024
Merged
github-merge-queue bot pushed a commit that referenced this issue Nov 4, 2024
@jakedoublev
fix(policy): enhance proto validation across policy requests (#1656)
df534c4 
Resolves #1640 and a host of similar issues with validation throughout
policy service protos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(policy): enhance proto validation across policy requests opentdf/platform
1 participant
@jakedoublev