Skip to content

chore(xtest): Enables pqc on platform checkouts" #484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dmihalcik-virtru wants to merge 4 commits into
base: main
Choose a base branch
from
+54 −8
Open

chore(xtest): Enables pqc on platform checkouts" #484

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2a8123d
spec: scaffold for DSPX-3499
dmihalcik-virtru Jun 5, 2026
67d3b32
feat(xtest): Enables pqc on server in tests
dmihalcik-virtru Jun 5, 2026
0d20046
chore(ci): bump platform action pin to 045f6355 for pqc key support
dmihalcik-virtru Jun 5, 2026
5019885
chore(ci): bump platform action pin to 29f065e3 to fix start-addition…
dmihalcik-virtru Jun 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/vulnerability.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
npm ci
- name: Check out and start up platform with deps/containers
id: run-platform
uses: opentdf/platform/test/start-up-with-containers@main
uses: opentdf/platform/test/start-up-with-containers@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
platform-ref: ${{ inputs.platform-ref }}
- name: Get grpcurl
Expand Down
21 changes: 14 additions & 7 deletions .github/workflows/xtest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,12 +278,13 @@ jobs:
######## SPIN UP PLATFORM BACKEND #############
- name: Check out and start up platform with deps/containers
id: run-platform
uses: opentdf/platform/test/start-up-with-containers@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-up-with-containers@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
platform-ref: ${{ fromJSON(needs.resolve-versions.outputs.platform-tag-to-sha)[matrix.platform-tag] }}
ec-tdf-enabled: true
extra-keys: ${{ steps.load-extra-keys.outputs.EXTRA_KEYS }}
log-type: json
pqc-enabled: true

- name: Install uv
uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
Expand Down Expand Up @@ -567,69 +568,75 @@ jobs:
- name: Start additional kas
id: kas-alpha
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
kas-name: alpha
kas-port: 8181
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Start additional kas
id: kas-beta
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
kas-name: beta
kas-port: 8282
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Start additional kas
id: kas-gamma
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
kas-name: gamma
kas-port: 8383
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Start additional kas
id: kas-delta
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
kas-port: 8484
kas-name: delta
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Start additional KM kas (km1)
id: kas-km1
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
key-management: ${{ steps.km-check.outputs.supported }}
kas-name: km1
kas-port: 8585
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Start additional KM kas (km2)
id: kas-km2
if: ${{ steps.multikas.outputs.supported == 'true' }}
uses: opentdf/platform/test/start-additional-kas@998929e5c66d41f928b90e6af7dbaa0a14302ca6 # watch-sh-fix
uses: opentdf/platform/test/start-additional-kas@29f065e3c406bb5eb4a0926890f2a7b75e76aa2c # pqc-enabled
with:
ec-tdf-enabled: true
kas-name: km2
key-management: ${{ steps.km-check.outputs.supported }}
kas-port: 8686
log-type: json
pqc-enabled: true
root-key: ${{ steps.km-check.outputs.root_key }}

- name: Run attribute based configuration tests
Expand Down
1 change: 1 addition & 0 deletions otdf-local/src/otdf_local/services/kas.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ def _generate_config(self) -> Path:
if self.is_key_management:
updates["services.kas.preview.key_management"] = True
updates["services.kas.preview.ec_tdf_enabled"] = True
updates["services.kas.preview.hybrid_tdf_enabled"] = True
# registered_kas_uri should NOT have /kas suffix
updates["services.kas.registered_kas_uri"] = f"http://localhost:{self.port}"

Expand Down
38 changes: 38 additions & 0 deletions spec/DSPX-3499.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
ticket: DSPX-3499
title: xtest pqc and hybrid pq/t tests skipped or not skipped correctly
status: draft
authors:
- dmihalcik@virtru.com
branches:
- opentdf/tests:DSPX-3499-pqcrun
prs: []
created: 2026-06-05T00:00:00Z
updated: 2026-06-05T00:00:00Z
jira_priority: Medium
---


# xtest pqc and hybrid pq/t tests skipped or not skipped correctly

## Summary
Make sure the tests are run if all components could support them.

## Problem / Motivation
_Why does this work need to happen? What is the user/business pain?_

## Proposed Solution
_What will you build, at a functional level? Sketch the approach._

## Inputs / Outputs / Contracts
_Function signatures, data shapes, API contracts, CLI flags._

## Edge Cases & Constraints
_Boundary conditions, error states, performance limits, security considerations._

## Out of Scope
_What this work item explicitly does not cover._

## Acceptance Criteria
- [ ] _Clear, testable condition_
- [ ] _…_
Comment thread
dmihalcik-virtru marked this conversation as resolved.
Loading