Policy: KAS registry remote public key should permit a port number within the remote key URI #1775

jakedoublev · 2024-11-20T16:57:13Z

This line of regex denies a port number in a registered KAS's remote public key URI: https://github.com/opentdf/platform/blob/main/service/policy/objects.proto#L302

This should be valid: https://local.com:8080/kas/v2/kas_public_key but instead gives:

public_key.remote: URI must be a valid URL (e.g., 'https://demo.com/') followed by additional segments. Each segment must start and end with an alphanumeric character, can contain hyphens, alphanumeric characters, and slashes. [uri_format]

Acceptance Criteria

consider if this.isUri() is a better CEL validator for this need
port numbers are allowed
unit tests added to proto validation for this scenario:

platform/service/policy/kasregistry/key_access_server_registry_test.go

Line 208 in ec46a3a

bad := []struct {

The text was updated successfully, but these errors were encountered:

jakedoublev mentioned this issue Nov 20, 2024

kas-registry create command does not support a port in the remote public key URI opentdf/otdfctl#375

Closed

jrschumacher added the comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) label Jan 28, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Policy: KAS registry remote public key should permit a port number within the remote key URI #1775

Policy: KAS registry remote public key should permit a port number within the remote key URI #1775

jakedoublev commented Nov 20, 2024

Policy: KAS registry remote public key should permit a port number within the remote key URI #1775

Policy: KAS registry remote public key should permit a port number within the remote key URI #1775

Comments

jakedoublev commented Nov 20, 2024

Acceptance Criteria