Jake Van Vorhis issues

Results 35 issues of


                                            Jake Van Vorhis

Enhancement: Policy GetAttributeByFqn db query should employ fewer roundtrips

### Background With the work in https://github.com/opentdf/platform/pull/1353 and earlier, the policy RPC `GetAttributesByValueFqns` calls an internal `GetAttributeByFqn` function and SQL database query to get the KAS grants, namespace, attr, values...

enhancement

comp:db

comp:policy

Enhancement: GetDecisions should not call GetEntitlements

### Background The current logic in authorization service `GetDecisions` [contains a TODO comment](https://github.com/opentdf/platform/blob/main/service/authorization/authorization.go#L249) we should resolve. `GetDecisions` contains resource attributes, and calling `GetAttributesByValueFqns` in policy with those resource attributes will...

CI: job to check PR issue association should allow `relates to` association that is non-closing

https://github.com/orgs/community/discussions/66741 We should update our GHA to allow PR issue relation without closing association via `fixes/closes/resolves` to promote small, tracked PRs with a passing CI pipeline.

ADR: obligations implementation path

# Table of Contents 1. [Background](#background) 2. [Option 1: Obligations as a separate policy construct](#option-1-obligations-as-a-separate-policy-construct) 3. [Option 2: Obligations via flag within existing attributes as previously detailed](#option-2-obligations-via-flag-within-existing-attributes-as-previously-detailed) 4. [Level of...

adr

MatchSubjectMappings should only key off of selector fields and ignore entity representation values of those fields

### Background An RPC was added within Policy `MatchSubjectMappings` when there were two possible logical conditions on the `SubjectMappingOperatorEnum` as `IN` and `NOT_IN`. When those were the only logical operators,...

ADR: Introduce new nestable/recursive condition structure for obligation fulfillments

# Table of Contents 1. [Background](#background) 2. [Option 1: Use SubjectConditionSets again but make names only agnostic](#option-1-use-subjectconditionsets-again-but-make-names-only-agnostic) 3. [Option 2: Use ConditionSets with a flexible and potentially recursive/nestable structure](#option-2-use-conditionsets-with-a-flexible-and-potentially-recursivenestable-structure) #...

adr

SDK should not use gRPC interface methods deprecated in v1.64.0

https://github.com/opentdf/platform/actions/runs/9308669097/job/25622536334?pr=892#step:8:26 ![Screenshot 2024-05-30 at 1 28 37 PM](https://github.com/opentdf/platform/assets/83739412/9b9b6b7a-f8b8-4f45-ba87-d20e624b4f2f) Calls with `grpc.Dial`, `grpc.DialContext`, and `grpc.WithBlock` should be replaced with their equivalents: https://github.com/grpc/grpc-go/blob/v1.64.0/clientconn.go#L198 https://github.com/grpc/grpc-go/blob/v1.64.0/clientconn.go#L215

Epic: configured CryptoProvider enhancements/hardening

### Background At present, the `server.cryptoProvider` in the platform config is used primarily for management of KAS keys. However, the platform engages with other sensitive cryptographic and crypto-adjacent materials (keys...

comp:core

comp:kas

Policy: detached SubjectConditionSets should be able to be pruned

### Background The relation of Attribute Values to Subject Condition Sets (SCSs) is via Subject Mappings (SMs). While every Subject Mapping relates exactly one Attribute Value and one Subject Condition...

comp:policy

Autoconfigure granter validation regex is out of sync with valid policy FQNs

### Background The internal autoconfigure lib contains regex to validate an attribute FQN: https://github.com/opentdf/platform/blob/64798bec1107e379b1a75d2d1b9e14b0fbafb8d3/sdk/internal/autoconfigure/granter.go#L94-L96 https://github.com/opentdf/platform/blob/64798bec1107e379b1a75d2d1b9e14b0fbafb8d3/sdk/internal/autoconfigure/granter.go#L118 This is out of sync with the policy protos for valid namespaces, attributes, and values....