Skip to content

feat(core): Actually use KeyManager ProviderConfig [backport to release/service/v0.11] #2842

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jakedoublev merged 1 commit into from
Oct 29, 2025
Merged

feat(core): Actually use KeyManager ProviderConfig [backport to release/service/v0.11] #2842

jakedoublev merged 1 commit into from
Oct 29, 2025

Conversation

@opentdf-automation
Copy link
Contributor

@opentdf-automation opentdf-automation bot commented Oct 29, 2025

Description

Backport of #2837 to release/service/v0.11.

@opentdf-automation opentdf-automation bot requested review from a team as code owners October 29, 2025 15:21
@opentdf-automation opentdf-automation bot mentioned this pull request Oct 29, 2025
Merged
3 tasks
@opentdf-automation
feat(core): Actually use KeyManager ProviderConfig (#2837)
1b0e2e1 
### Proposed Changes

- Looking up a key now loads the `manager` field in the key provider
- This is required, as the manager should be the factory key, not the
name
- This allows us to load the same manager multiple times with different
configs.

HOWEVER the config is only looked at on the first load; we should update
this so it evicts and reloads the provider if the config changes. This
hopefully will come in a follow-up.

Similarly, we don't have much in the way of integration tests for these,
since we don't include a key manager that takes a config. I'll look into
starting the Vault sample plugin back up and running.

While I'm here, since our downstream deps no longer create them, I've
removed support for the `KeyManagerFactory` that does *not* take a
context object.

### Checklist

- [x] I have added or updated unit tests
- [ ] I have added or updated integration tests (if appropriate)
- [ ] I have added or updated documentation

### Testing Instructions

(cherry picked from commit 65ba2e0)
@opentdf-automation opentdf-automation bot force-pushed the backport-2837-to-release/service/v0.11 branch from a197aac to 1b0e2e1 Compare October 29, 2025 15:21
@github-actions github-actions bot added comp:db DB component comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) comp:kas Key Access Server size/m labels Oct 29, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 186.04109ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 98.618142ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 364.654805ms
Throughput 274.23 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.440984578s
Average Latency 382.470955ms
Throughput 130.07 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 26.915902676s
Average Latency 268.42739ms
Throughput 185.76 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 182.792415ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 105.22099ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 366.040173ms
Throughput 273.19 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.644686499s
Average Latency 383.884356ms
Throughput 129.38 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.070120946s
Average Latency 269.838226ms
Throughput 184.71 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Failure Report

opentdfplatformYMN5ZT.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Failure Report

opentdfplatformQI6F0L.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34
✅ go-v0.4.34
bats-test-results
test-cases-mapping-report
✅ js-a197aac8f9efeec7fc6550cc97170157b4624743
✅ java-a197aac8f9efeec7fc6550cc97170157b4624743

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Failure Report

opentdfplatformYMN5ZT.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34
bats-test-results
test-cases-mapping-report
✅ go-v0.4.34

2 similar comments
@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Failure Report

opentdfplatformYMN5ZT.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34
bats-test-results
test-cases-mapping-report
✅ go-v0.4.34

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Failure Report

opentdfplatformYMN5ZT.dockerbuild
cukes-report
✅ js-v0.4.34
✅ java-v0.4.34
bats-test-results
test-cases-mapping-report
✅ go-v0.4.34

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 160.536487ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 95.09076ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 366.434521ms
Throughput 272.90 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.43072522s
Average Latency 381.296526ms
Throughput 130.10 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.197342996s
Average Latency 270.794636ms
Throughput 183.84 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 29, 2025

X-Test Results

opentdfplatformLH9UIR.dockerbuild
✅ js-v0.4.34
✅ java-v0.4.34
cukes-report
✅ go-v0.4.34
✅ js-pull-2842
bats-test-results
test-cases-mapping-report
✅ java-pull-2842
✅ go-pull-2842

@jakedoublev jakedoublev merged commit da1c0b1 into release/service/v0.11 Oct 29, 2025
117 of 138 checks passed
@jakedoublev jakedoublev deleted the backport-2837-to-release/service/v0.11 branch October 29, 2025 18:57
@opentdf-automation opentdf-automation bot mentioned this pull request Oct 29, 2025
Merged
c-r33d pushed a commit that referenced this pull request Oct 29, 2025
@opentdf-automation
chore(release): release service 0.11.1 (#2845)
5d14616 
🤖 I have created a release *beep* *boop*
---


##
[0.11.1](service/v0.11.0...service/v0.11.1)
(2025-10-29)


### Features

* **core:** Actually use KeyManager ProviderConfig [backport to
release/service/v0.11]
([#2842](#2842))
([da1c0b1](da1c0b1))


### Bug Fixes

* **authz:** handle individual resource edge cases in decisions
[backport to release/service/v0.11]
([#2846](#2846))
([a4ad9dd](a4ad9dd))
* **policy:** Return the correct total during list responses. [backport
to release/service/v0.11]
([#2843](#2843))
([ebe6469](ebe6469))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@strantalis strantalis strantalis approved these changes

@dmihalcik-virtru dmihalcik-virtru dmihalcik-virtru approved these changes

Assignees

No one assigned

Labels

comp:db DB component comp:kas Key Access Server comp:policy Policy Configuration ( attributes, subject mappings, resource mappings, kas registry) size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@strantalis @dmihalcik-virtru @jakedoublev