diff --git a/.github/workflows/vulnerability.yml b/.github/workflows/vulnerability.yml index 9eadc620f..d46ef40b3 100644 --- a/.github/workflows/vulnerability.yml +++ b/.github/workflows/vulnerability.yml @@ -36,7 +36,7 @@ jobs: npm ci - name: Check out and start up platform with deps/containers id: run-platform - uses: opentdf/platform/test/start-up-with-containers@main + uses: opentdf/platform/test/start-up-with-containers@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: platform-ref: ${{ inputs.platform-ref }} - name: Get grpcurl diff --git a/.github/workflows/xtest.yml b/.github/workflows/xtest.yml index 59484bdfc..6e2088a42 100644 --- a/.github/workflows/xtest.yml +++ b/.github/workflows/xtest.yml @@ -278,12 +278,13 @@ jobs: ######## SPIN UP PLATFORM BACKEND ############# - name: Check out and start up platform with deps/containers id: run-platform - uses: opentdf/platform/test/start-up-with-containers@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-up-with-containers@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: platform-ref: ${{ fromJSON(needs.resolve-versions.outputs.platform-tag-to-sha)[matrix.platform-tag] }} ec-tdf-enabled: true extra-keys: ${{ steps.load-extra-keys.outputs.EXTRA_KEYS }} log-type: json + pqc-enabled: true - name: Install uv uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 @@ -567,69 +568,75 @@ jobs: - name: Start additional kas id: kas-alpha if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true kas-name: alpha kas-port: 8181 log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Start additional kas id: kas-beta if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true kas-name: beta kas-port: 8282 log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Start additional kas id: kas-gamma if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true kas-name: gamma kas-port: 8383 log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Start additional kas id: kas-delta if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true kas-port: 8484 kas-name: delta log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Start additional KM kas (km1) id: kas-km1 if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true key-management: ${{ steps.km-check.outputs.supported }} kas-name: km1 kas-port: 8585 log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Start additional KM kas (km2) id: kas-km2 if: ${{ steps.multikas.outputs.supported == 'true' }} - uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix + uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled with: ec-tdf-enabled: true kas-name: km2 key-management: ${{ steps.km-check.outputs.supported }} kas-port: 8686 log-type: json + pqc-enabled: true root-key: ${{ steps.km-check.outputs.root_key }} - name: Run attribute based configuration tests diff --git a/otdf-local/src/otdf_local/services/kas.py b/otdf-local/src/otdf_local/services/kas.py index 0b7adfa64..00de6a2cd 100644 --- a/otdf-local/src/otdf_local/services/kas.py +++ b/otdf-local/src/otdf_local/services/kas.py @@ -77,6 +77,7 @@ def _generate_config(self) -> Path: if self.is_key_management: updates["services.kas.preview.key_management"] = True updates["services.kas.preview.ec_tdf_enabled"] = True + updates["services.kas.preview.hybrid_tdf_enabled"] = True # registered_kas_uri should NOT have /kas suffix updates["services.kas.registered_kas_uri"] = f"http://localhost:{self.port}" diff --git a/spec/DSPX-3499.md b/spec/DSPX-3499.md new file mode 100644 index 000000000..0291e2b7c --- /dev/null +++ b/spec/DSPX-3499.md @@ -0,0 +1,38 @@ +--- +ticket: DSPX-3499 +title: xtest pqc and hybrid pq/t tests skipped or not skipped correctly +status: draft +authors: + - dmihalcik@virtru.com +branches: + - opentdf/tests:DSPX-3499-pqcrun +prs: [] +created: 2026-06-05T00:00:00Z +updated: 2026-06-05T00:00:00Z +jira_priority: Medium +--- + + +# xtest pqc and hybrid pq/t tests skipped or not skipped correctly + +## Summary +Make sure the tests are run if all components could support them. + +## Problem / Motivation +_Why does this work need to happen? What is the user/business pain?_ + +## Proposed Solution +_What will you build, at a functional level? Sketch the approach._ + +## Inputs / Outputs / Contracts +_Function signatures, data shapes, API contracts, CLI flags._ + +## Edge Cases & Constraints +_Boundary conditions, error states, performance limits, security considerations._ + +## Out of Scope +_What this work item explicitly does not cover._ + +## Acceptance Criteria +- [ ] _Clear, testable condition_ +- [ ] _…_