Skip to content

fix(sdk): Fuzz testing and protocol fixes #761

fix(sdk): Fuzz testing and protocol fixes

fix(sdk): Fuzz testing and protocol fixes #761

Workflow file for this run

name: "Checks"
on:
pull_request:
branches:
- main
push:
branches:
- main
merge_group:
branches:
- main
types:
- checks_requested
permissions:
contents: read
jobs:
pr:
name: Validate PR title
if: contains(fromJSON('["pull_request", "pull_request_target"]'), github.event_name)
runs-on: ubuntu-22.04
permissions:
pull-requests: read
steps:
- uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
mavenverify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK
uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
with:
java-version: "11"
distribution: "adopt"
server-id: github
- name: Maven Verify
run: mvn --batch-mode verify
env:
BUF_INPUT_HTTPS_USERNAME: opentdf-bot
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
sonarcloud:
name: SonarCloud Scan
runs-on: ubuntu-22.04
steps:
- name: Check out repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
fetch-depth: 0
- uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK
uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
with:
java-version: "17"
distribution: "temurin"
server-id: github
- name: Cache SonarCloud packages
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Cache Maven packages
uses: actions/cache@v4
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: Maven Test Coverage
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BUF_INPUT_HTTPS_USERNAME: opentdf-bot
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
run: mvn --batch-mode clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=opentdf_java-sdk -P coverage
platform-integration:
runs-on: ubuntu-22.04
steps:
- name: Checkout Java SDK
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
- uses: bufbuild/buf-setup-action@2211e06e8cf26d628cda2eea15c95f8c42b080b3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up JDK
uses: actions/setup-java@5896cecc08fd8a1fbdfaf517e29b571164b031f7
with:
java-version: "11"
distribution: "adopt"
server-id: github
- name: Build java SDK
run: |
mvn --batch-mode clean install -DskipTests
env:
BUF_INPUT_HTTPS_USERNAME: opentdf-bot
BUF_INPUT_HTTPS_PASSWORD: ${{ secrets.PERSONAL_ACCESS_TOKEN_OPENTDF }}
- name: Check out platform
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
repository: opentdf/platform
ref: main
path: platform
- name: Set up go
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
with:
go-version: "1.22.3"
check-latest: false
cache-dependency-path: |
platform/service/go.sum
platform/examples/go.sum
platform/protocol/go/go.sum
platform/sdk/go.sum
- run: go mod download
working-directory: platform
- run: go mod verify
working-directory: platform
- name: Create keys
run: |
.github/scripts/init-temp-keys.sh
cp opentdf-dev.yaml opentdf.yaml
sudo chmod -R 777 ./keys
working-directory: platform
- name: Trust the locally issued cert
run: |
keytool \
-importcert \
-storepass changeit \
-noprompt \
-file localhost.crt \
-keystore $JAVA_HOME/lib/security/cacerts \
-alias localhost-for-tests
working-directory: platform/keys
- name: Bring the services up
run: docker compose up -d --wait --wait-timeout 240
working-directory: platform
- name: Provision keycloak
run: go run ./service provision keycloak
working-directory: platform
- name: Provision fixtures
run: go run ./service provision fixtures
working-directory: platform
- name: Start server in background
uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
with:
run: |
go run ./service start
wait-on: |
tcp:localhost:8080
log-output-if: true
wait-for: 90s
working-directory: platform
- name: Get grpcurl
run: go install github.com/fullstorydev/grpcurl/cmd/grpcurl@v1.8.9
- name: Make sure that the platform is up
run: |
grpcurl -plaintext localhost:8080 list && \
grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey
- name: Validate the SDK through the command line interface
run: |
printf 'here is some data to encrypt' > data
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
encrypt --kas-url=localhost:8080 --mime-type=text/plain --attr https://example.com/attr/attr1/value/value1 --autoconfigure=false -f data -m 'here is some metadata' > test.tdf
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
decrypt -f test.tdf > decrypted
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
metadata -f test.tdf > metadata
if ! diff -q data decrypted; then
printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
exit 1
fi
if [ "$(< metadata)" != 'here is some metadata' ]; then
printf 'metadata is incorrect [%s]\n' "$(< metadata)"
exit 1
fi
working-directory: cmdline
- name: Encrypt/Decrypt NanoTDF
run: |
echo 'here is some data to encrypt' > data
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
decryptnano -f nano.ntdf > decrypted
if ! diff -q data decrypted; then
printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
exit 1
fi
working-directory: cmdline
- uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
name: start another KAS server in background
with:
run: >
<opentdf.yaml >opentdf-beta.yaml yq e '
(.server.port = 8282)
| (.mode = ["kas"])
| (.sdk_config = {"endpoint":"http://localhost:8080","plaintext":true,"client_id":"opentdf","client_secret":"secret"})
'
&& go run ./service --config-file ./opentdf-beta.yaml start
wait-on: |
tcp:localhost:8282
log-output-if: true
wait-for: 90s
working-directory: platform
- name: Make sure that the second platform is up
run: |
grpcurl -plaintext localhost:8282 kas.AccessService/PublicKey
- name: Validate multikas through the command line interface
run: |
printf 'here is some data to encrypt' > data
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
encrypt --kas-url=localhost:8080,localhost:8282 -f data -m 'here is some metadata' > test.tdf
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
decrypt -f test.tdf > decrypted
java -jar target/cmdline.jar \
--client-id=opentdf-sdk \
--client-secret=secret \
--platform-endpoint=localhost:8080 \
-h\
metadata -f test.tdf > metadata
if ! diff -q data decrypted; then
printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
exit 1
fi
if [ "$(< metadata)" != 'here is some metadata' ]; then
printf 'metadata is incorrect [%s]\n' "$(< metadata)"
exit 1
fi
working-directory: cmdline
platform-xtest:
permissions:
contents: read
packages: read
needs: platform-integration
uses: opentdf/tests/.github/workflows/xtest.yml@main
with:
java-ref: ${{ github.ref }}
ci:
needs:
- platform-integration
- platform-xtest
- mavenverify
- sonarcloud
- pr
runs-on: ubuntu-latest
if: always()
steps:
- if: contains(needs.*.result, 'failure')
run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1