Skip to content

feat(authz): wire up obligations enforcement in auth service #2756

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jakedoublev merged 44 commits into from
Oct 6, 2025
Merged

feat(authz): wire up obligations enforcement in auth service #2756

jakedoublev merged 44 commits into from
Oct 6, 2025

Conversation

@jakedoublev
Copy link
Contributor

@jakedoublev jakedoublev commented Sep 22, 2025
edited
Loading

Proposed Changes

  • Wires up obligation PDP to JustInTimePDP within Auth Service
  • EntitlementPolicyCache fetches all obligations from policy alongside attributes/subjectmappings/registeredresources
  • Interceptors updated so that IPC requests transmit auth state to downstream called RPCs
  • Update tests
  • Improved Auth Service errors (sanitizing internal information from error responses)
  • Improved Auth Service logging
  • Improved context metadata implementation

Checklist

  • I have added or updated unit tests
  • I have added or updated integration tests (if appropriate)
  • I have added or updated documentation

Testing Instructions

@github-actions
Copy link
Contributor

github-actions bot commented Sep 25, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 183.713939ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Error internal: an unexpected error occurred
Total Time 36.449444ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 375.721756ms
Throughput 266.15 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 41.326208034s
Average Latency 411.375175ms
Throughput 120.99 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 28.384208769s
Average Latency 282.936462ms
Throughput 176.15 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Sep 25, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 177.141715ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Error internal: an unexpected error occurred
Total Time 33.576797ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 360.473371ms
Throughput 277.41 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.317754167s
Average Latency 391.316099ms
Throughput 127.17 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.59678488s
Average Latency 274.872517ms
Throughput 181.18 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Sep 25, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 168.521234ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Error internal: an unexpected error occurred
Total Time 33.964153ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 361.319893ms
Throughput 276.76 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.380158867s
Average Latency 382.583852ms
Throughput 130.28 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 26.628032634s
Average Latency 265.298646ms
Throughput 187.77 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Sep 26, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 169.824607ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Error internal: an unexpected error occurred
Total Time 35.809494ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 361.364369ms
Throughput 276.73 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.870459072s
Average Latency 387.219474ms
Throughput 128.63 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.244916348s
Average Latency 271.16857ms
Throughput 183.52 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Sep 26, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 186.155337ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 107.853843ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 0
Failed Decrypts 100
Total Time 191.165613ms
Throughput 0.00 requests/second

Error Summary

Error Message Occurrences
splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access 100 occurrences

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 24.64928379s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
read error: reader.WriteTo failed: splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 21.098057443s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

@jakedoublev
Copy link
Contributor Author

jakedoublev commented Sep 29, 2025

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request wires up obligation enforcement in the authorization service. The changes span multiple files to fetch obligation policies, evaluate them during decision-making, and include required obligations in the responses. Key modifications include refactoring error handling for better consistency and security, updating data structures to accommodate obligations, and extending the Policy Decision Points (PDPs) with new logic. The test suite is also expanded to cover these new obligation-related functionalities. While the implementation is largely solid, there are a couple of inconsistencies in error handling that could expose internal error details, and a minor typo in a comment.

@github-actions
Copy link
Contributor

github-actions bot commented Sep 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 206.678154ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 121.0582ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 0
Failed Decrypts 100
Total Time 194.901095ms
Throughput 0.00 requests/second

Error Summary

Error Message Occurrences
splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access 100 occurrences

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 26.341747322s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
read error: reader.WriteTo failed: splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 21.89526846s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

@github-actions
Copy link
Contributor

github-actions bot commented Sep 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 188.284643ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 108.193114ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 0
Failed Decrypts 100
Total Time 194.179409ms
Throughput 0.00 requests/second

Error Summary

Error Message Occurrences
splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access 100 occurrences

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 25.668075281s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
read error: reader.WriteTo failed: splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 20.702247797s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

@github-actions
Copy link
Contributor

github-actions bot commented Sep 29, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 191.696677ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 114.89199ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 0
Failed Decrypts 100
Total Time 191.438993ms
Throughput 0.00 requests/second

Error Summary

Error Message Occurrences
splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access 100 occurrences

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 25.140457327s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
read error: reader.WriteTo failed: splitKey.unable to reconstruct split key: map[{https://localhost:8080 }:kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access]
kao unwrap failed for split {https://localhost:8080 }: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 0
Failed Requests 5000
Concurrent Requests 50
Total Time 20.456628883s
Throughput 0.00 requests/second

Error Summary:

Error Message Occurrences
ReadNanoTDF error: getNanoRewrapKey: rewrapError: internal: internal error
rpc error: code = Internal desc = could not perform access		 5000 occurrences

@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 184.064848ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 99.108234ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 356.770887ms
Throughput 280.29 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 40.802883437s
Average Latency 406.494567ms
Throughput 122.54 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.170174543s
Average Latency 270.945137ms
Throughput 184.03 requests/second

@jakedoublev
Revert "test"
c03a6fd 
This reverts commit a63fde6.
@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 180.518253ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 105.712563ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 360.616048ms
Throughput 277.30 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.231165765s
Average Latency 390.028077ms
Throughput 127.45 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.374531342s
Average Latency 272.728832ms
Throughput 182.65 requests/second

@jakedoublev jakedoublev marked this pull request as ready for review October 2, 2025 16:29
@jakedoublev jakedoublev requested a review from a team as a code owner October 2, 2025 16:29
@github-actions
Copy link
Contributor

github-actions bot commented Oct 2, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 192.745974ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 110.97815ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 362.487036ms
Throughput 275.87 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.79888282s
Average Latency 395.939087ms
Throughput 125.63 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.800050065s
Average Latency 276.753639ms
Throughput 179.86 requests/second

c-r33d
c-r33d reviewed Oct 3, 2025
View reviewed changes
c-r33d
c-r33d reviewed Oct 3, 2025
View reviewed changes
c-r33d
c-r33d previously approved these changes Oct 3, 2025
View reviewed changes
@github-actions
Copy link
Contributor

github-actions bot commented Oct 3, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 178.3166ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 111.179547ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 369.557666ms
Throughput 270.59 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.291810983s
Average Latency 390.577705ms
Throughput 127.25 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.565049269s
Average Latency 274.662258ms
Throughput 181.39 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 3, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 179.124023ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 100.956196ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 373.618497ms
Throughput 267.65 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 39.379310289s
Average Latency 391.971771ms
Throughput 126.97 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.005328625s
Average Latency 268.963126ms
Throughput 185.15 requests/second

@github-actions
Copy link
Contributor

github-actions bot commented Oct 3, 2025

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 176.433906ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric Value
Approved Decision Requests 1000
Denied Decision Requests 0
Total Time 92.9938ms

Standard Benchmark Metrics Skipped or Failed

Bulk Benchmark Results

Metric Value
Total Decrypts 100
Successful Decrypts 100
Failed Decrypts 0
Total Time 363.38715ms
Throughput 275.19 requests/second

TDF3 Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 38.613622793s
Average Latency 383.821897ms
Throughput 129.49 requests/second

NANOTDF Benchmark Results:

Metric Value
Total Requests 5000
Successful Requests 5000
Failed Requests 0
Concurrent Requests 50
Total Time 27.262546719s
Average Latency 271.357473ms
Throughput 183.40 requests/second

@jakedoublev jakedoublev enabled auto-merge October 3, 2025 17:43
@jakedoublev jakedoublev requested a review from c-r33d October 3, 2025 20:40
@jakedoublev jakedoublev added this pull request to the merge queue Oct 6, 2025
Merged via the queue into main with commit 11b3ea9 Oct 6, 2025
32 checks passed
@jakedoublev jakedoublev deleted the feat/DSPX-1355-authz branch October 6, 2025 13:57
@opentdf-automation opentdf-automation bot mentioned this pull request Oct 3, 2025
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 22, 2025
@opentdf-automation
chore(main): release service 0.11.0 (#2744)
e353b0b 
🤖 I have created a release *beep* *boop*
---


##
[0.11.0](service/v0.10.0...service/v0.11.0)
(2025-10-22)


### Features

* **authz:** add obligation fulfillment logic to obligation PDP
([#2740](#2740))
([2f8d30d](2f8d30d))
* **authz:** audit logs should properly handle obligations
([#2824](#2824))
([874ec7b](874ec7b))
* **authz:** defer to request auth as decision/entitlements entity
([#2789](#2789))
([feb34d8](feb34d8))
* **authz:** obligations protos within auth service
([#2745](#2745))
([41ee5a8](41ee5a8))
* **authz:** protovalidate tests for new authz obligations fields
([#2747](#2747))
([73e6319](73e6319))
* **authz:** service logic to use request auth as entity identifier in
PDP decisions/entitlements
([#2790](#2790))
([6784e88](6784e88))
* **authz:** wire up obligations enforcement in auth service
([#2756](#2756))
([11b3ea9](11b3ea9))
* **core:** propagate token clientID on configured claim via interceptor
into shared context metadata
([#2760](#2760))
([0f77246](0f77246))
* **kas:** Add required obligations to kao metadata.:
([#2806](#2806))
([16fb26c](16fb26c))
* **policy:** add FQNs to obligation defs + vals
([#2749](#2749))
([fa2585c](fa2585c))
* **policy:** Add obligation support to KAS
([#2786](#2786))
([bb1bca0](bb1bca0))
* **policy:** List obligation triggers rpc
([#2823](#2823))
([206abe3](206abe3))
* **policy:** namespace root certificates
([#2771](#2771))
([beaff21](beaff21))
* **policy:** Proto - root certificates by namespace
([#2800](#2800))
([0edb359](0edb359))
* **policy:** Protos List obligation triggers
([#2803](#2803))
([b32df81](b32df81))
* **policy:** Return built obligations fqns with triggers.
([#2830](#2830))
([e843018](e843018))
* **policy:** Return obligations from GetAttributeValue calls
([#2742](#2742))
([aa9b393](aa9b393))


### Bug Fixes

* **core:** CORS
([#2787](#2787))
([a030ac6](a030ac6))
* **core:** deprecate policy WithValue selector not utilized by RPC
([#2794](#2794))
([c573595](c573595))
* **core:** deprecated stale protos and add better upgrade comments
([#2793](#2793))
([f2678cc](f2678cc))
* **core:** Don't require known manager names
([#2792](#2792))
([8a56a96](8a56a96))
* **core:** Fix mode negation and core mode
([#2779](#2779))
([de9807d](de9807d))
* **core:** resolve environment loading issues
([#2827](#2827))
([9af3184](9af3184))
* **deps:** bump github.com/opentdf/platform/lib/ocrypto from 0.6.0 to
0.7.0 in /service
([#2812](#2812))
([a6d180d](a6d180d))
* **deps:** bump github.com/opentdf/platform/protocol/go from 0.12.0 to
0.13.0 in /service
([#2814](#2814))
([5e9c695](5e9c695))
* **deps:** bump github.com/opentdf/platform/sdk from 0.7.0 to 0.9.0 in
/service ([#2798](#2798))
([d6bc9a8](d6bc9a8))
* **deps:** bump github.com/opentdf/platform/sdk from 0.9.0 to 0.10.0 in
/service ([#2831](#2831))
([412dfd1](412dfd1))
* ECC key loading (deprecated)
([#2757](#2757))
([49990eb](49990eb))
* **policy:** Change to nil
([#2746](#2746))
([a449434](a449434))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
@jp-ayyappan jp-ayyappan mentioned this pull request Dec 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@c-r33d c-r33d c-r33d approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

comp:authorization size/m

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakedoublev @c-r33d