feat(xtest): Adds 4.3.0 explicit version check#507
Conversation
|
Warning Review limit reached
More reviews will be available in 9 minutes and 48 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more credits in the billing tab to continue. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. 📝 WalkthroughWalkthroughA new PyTest function ChangesTDF 4.3.0 round-trip encryption test
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new test, test_tdf_spec_target_430, to verify targeting container format 4.3.0. Feedback points out a copy-paste error in a skip message referencing the wrong container format version, as well as missing platform capability checks and skew skips that could cause failures on older platform versions.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
xtest/test_tdfs.py (1)
160-168: ⚡ Quick winConsider adding manifest format validation.
The test could verify that the encrypted TDF actually uses the 4.3.0 format with hexless integrity information. The main
test_tdf_roundtripincludes this check (lines 80-85).✨ Suggested enhancement
ct_file = encrypted_tdf( encrypt_sdk, target_mode="4.3.0", attr_values=attribute_default_rsa.value_fqns, ) + + # Verify the manifest uses 4.3.0 format + looks_like_430(tdfs.manifest(ct_file)) rt_file = encrypted_tdf.rt_file(ct_file, decrypt_sdk)🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@xtest/test_tdfs.py` around lines 160 - 168, After creating ct_file with encrypted_tdf, add assertions to validate the TDF manifest: retrieve the manifest from ct_file (same object produced by encrypted_tdf) and assert the manifest's TDF version equals "4.3.0" and that the manifest's integrity information indicates the hexless format (i.e., check the integrity field/property on the manifest for the hexless indicator). Place these checks after ct_file is created and before calling encrypted_tdf.rt_file / decrypt_sdk.decrypt so the test ensures the encrypted TDF uses the 4.3.0 hexless manifest format.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@xtest/test_tdfs.py`:
- Around line 151-154: Update the pytest skip message to reference the correct
container format version: change the string passed to pytest.skip in the block
that checks encrypt_sdk.supports("hexaflexible") so it says "4.3.0" instead of
"4.2.2" (the check is in the same scope where
encrypt_sdk.supports("hexaflexible") is used and pytest.skip(...) is called).
- Around line 141-148: The test_tdf_spec_target_430 test is missing the
audit_logs fixture and the associated assertions for the decrypt→rewrap KAS
path; add the audit_logs fixture to the test signature (alongside existing
fixtures), call audit_logs.mark() before invoking decrypt on decrypt_sdk, and
after the decrypt/rewrap flow assert audit_logs.rewrap_success() (following the
pattern used in test_tdf_roundtrip for audit verification) so the rewrap
operation is verified by the audit log.
---
Nitpick comments:
In `@xtest/test_tdfs.py`:
- Around line 160-168: After creating ct_file with encrypted_tdf, add assertions
to validate the TDF manifest: retrieve the manifest from ct_file (same object
produced by encrypted_tdf) and assert the manifest's TDF version equals "4.3.0"
and that the manifest's integrity information indicates the hexless format
(i.e., check the integrity field/property on the manifest for the hexless
indicator). Place these checks after ct_file is created and before calling
encrypted_tdf.rt_file / decrypt_sdk.decrypt so the test ensures the encrypted
TDF uses the 4.3.0 hexless manifest format.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
|
X-Test Failure Report |
X-Test Failure Report |
3 participants
I think all head libraries should support these features, so I maybe will disable the feature flags.