b-long · b-long · May 14, 2025 · May 14, 2025 · May 14, 2025 · May 14, 2025
diff --git a/.github/workflows/build-golang-macos.yaml b/.github/workflows/build-golang-macos.yaml
@@ -47,4 +47,4 @@ jobs:
 
       # - uses: ./.github/workflows/platform-integration-test.yaml
       #   with:
-      #     wheel: dist/otdf_python-0.2.13-py3-none-any.whl
+      #     wheel: dist/otdf_python-0.2.14-py3-none-any.whl
diff --git a/.github/workflows/build-golang-ubuntu.yaml b/.github/workflows/build-golang-ubuntu.yaml
@@ -43,12 +43,12 @@ jobs:
 
       - uses: actions/cache/restore@v4
         with:
-          path: dist/otdf_python-0.2.13-py3-none-any.whl
+          path: dist/otdf_python-0.2.14-py3-none-any.whl
           key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }}
 
       - uses: actions/cache/save@v4
         with:
-          path: dist/otdf_python-0.2.13-py3-none-any.whl
+          path: dist/otdf_python-0.2.14-py3-none-any.whl
           key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}${{ matrix.python3_version }}-data-
@@ -61,5 +61,5 @@ jobs:
     needs: build
     uses: ./.github/workflows/platform-integration-test.yaml
     with:
-      wheel: dist/otdf_python-0.2.13-py3-none-any.whl
+      wheel: dist/otdf_python-0.2.14-py3-none-any.whl
       python_version: ${{ matrix.python3_version }}
diff --git a/.github/workflows/platform-integration-test.yaml b/.github/workflows/platform-integration-test.yaml
@@ -29,7 +29,7 @@ jobs:
 
       - uses: actions/cache/restore@v4
         with:
-          path: dist/otdf_python-0.2.13-py3-none-any.whl
+          path: dist/otdf_python-0.2.14-py3-none-any.whl
           key: ${{ runner.os }}${{ inputs.python_version }}-data-${{ github.sha }}
 
       - name: Prove that the input file is available
@@ -125,6 +125,7 @@ jobs:
           OPENTDF_HOSTNAME: "localhost:8080"
           OIDC_TOKEN_ENDPOINT: "http://localhost:8888/auth/realms/opentdf/protocol/openid-connect/token"
           OPENTDF_KAS_URL: "http://localhost:8080/kas"
+          INSECURE_SKIP_VERIFY: "TRUE"
         run: |
           mkdir validation
           wheel="$(basename ${{ inputs.wheel }} )"
@@ -136,119 +137,7 @@ jobs:
           pip install ./"$wheel"
           python validate_otdf_python.py
 
-      # - name: Validate the SDK through the command line interface
-      #   run: |
-      #     printf 'here is some data to encrypt' > data
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       encrypt --kas-url=localhost:8080 --mime-type=text/plain --attr https://example.com/attr/attr1/value/value1 --autoconfigure=false -f data -m 'here is some metadata' > test.tdf
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       decrypt -f test.tdf > decrypted
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       metadata -f test.tdf > metadata
-
-      #     if ! diff -q data decrypted; then
-      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
-      #       exit 1
-      #     fi
-
-      #     if [ "$(< metadata)" != 'here is some metadata' ]; then
-      #       printf 'metadata is incorrect [%s]\n' "$(< metadata)"
-      #       exit 1
-      #     fi
-      #   working-directory: cmdline
-
-      # - name: Encrypt/Decrypt NanoTDF
-      #   run: |
-      #     echo 'here is some data to encrypt' > data
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       decryptnano -f nano.ntdf > decrypted
-
-      #     if ! diff -q data decrypted; then
-      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
-      #       exit 1
-      #     fi
-      #   working-directory: cmdline
-
-      # - uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
-      #   name: start another KAS server in background
-      #   with:
-      #     run: >
-      #       <opentdf.yaml >opentdf-beta.yaml yq e '
-      #         (.server.port = 8282)
-      #         | (.mode = ["kas"])
-      #         | (.sdk_config = {"endpoint":"http://localhost:8080","plaintext":true,"client_id":"opentdf","client_secret":"secret"})
-      #       '
-      #       && go run ./service --config-file ./opentdf-beta.yaml start
-      #     wait-on: |
-      #       tcp:localhost:8282
-      #     log-output-if: true
-      #     wait-for: 90s
-      #     working-directory: platform
-      # - name: Make sure that the second platform is up
-      #   run: |
-      #     grpcurl -plaintext localhost:8282 kas.AccessService/PublicKey
-      # - name: Validate multikas through the command line interface
-      #   run: |
-      #     printf 'here is some data to encrypt' > data
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       encrypt --kas-url=localhost:8080,localhost:8282 -f data -m 'here is some metadata' > test.tdf
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       decrypt -f test.tdf > decrypted
-
-      #     java -jar target/cmdline.jar \
-      #       --client-id=opentdf-sdk \
-      #       --client-secret=secret \
-      #       --platform-endpoint=localhost:8080 \
-      #       -i \
-      #       metadata -f test.tdf > metadata
-
-      #     if ! diff -q data decrypted; then
-      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
-      #       exit 1
-      #     fi
 
-      #     if [ "$(< metadata)" != 'here is some metadata' ]; then
-      #       printf 'metadata is incorrect [%s]\n' "$(< metadata)"
-      #       exit 1
-      #     fi
-      #   working-directory: cmdline
 
   # platform-xtest:
   #   permissions:

diff --git a/README.md b/README.md
@@ -27,10 +27,10 @@ Install from the [Python Package Index (PyPI)](https://pypi.org):
 pip install otdf_python
 
 # Install a pinned version
-pip install otdf-python==0.2.13
+pip install otdf-python==0.2.14
 
 # Install a pinned version, from test.pypi.org
-pip install -i https://test.pypi.org/simple/ otdf-python==0.2.13
+pip install -i https://test.pypi.org/simple/ otdf-python==0.2.14
 ```
 
 ## Usage

diff --git a/build-scripts/ci-build.sh b/build-scripts/ci-build.sh
@@ -72,4 +72,4 @@ echo "✨✨✨ Build wheel"
 poetry run python3 setup.py bdist_wheel
 
 echo "✨✨✨ Install wheel"
-pip install dist/otdf_python-0.2.13-py3-none-any.whl
+pip install dist/otdf_python-0.2.14-py3-none-any.whl
diff --git a/build-scripts/make_and_validate_script.sh b/build-scripts/make_and_validate_script.sh
@@ -47,7 +47,7 @@ python3 -m pip install --upgrade setuptools wheel
 python3 setup.py bdist_wheel
 
 # Prove that the wheel can be installed
-pip install dist/otdf_python-0.2.13-py3-none-any.whl
+pip install dist/otdf_python-0.2.14-py3-none-any.whl
 
 if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then
     echo "Build is complete, skipping tests."

diff --git a/build-scripts/uv_make_and_validate_script.sh b/build-scripts/uv_make_and_validate_script.sh
@@ -70,7 +70,7 @@ loud_print "Installing wheel"
 uv venv .venv-wheel --python 3.12 "$PY_TYPE"
 source "${BUILD_ROOT}/.venv-wheel/bin/activate"
 pip install pybindgen
-pip install dist/otdf_python-0.2.13-py3-none-any.whl
+pip install dist/otdf_python-0.2.14-py3-none-any.whl
 
 if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then
     echo "Build is complete, skipping tests."

diff --git a/main.go b/main.go
@@ -42,26 +42,17 @@ type OpentdfConfig struct {
 	KasUrl           string
 }
 
-/*
-Based on: https://stackoverflow.com/a/42849112
-func inputValidation(normalConfig DecryptionConfig) (*DecryptionConfig, error) {
-	// Convert our Struct to a Map
-	var inInterface map[string]interface{}
-	inrec, _ := json.Marshal(normalConfig)
-	json.Unmarshal(inrec, &inInterface)
-
-	// Iterate through fields in the map and fail if empty value found
-	for field, val := range inInterface {
-		if val == nil || val == "" {
-			// fmt.Println("KV Pair: ", field, val)
-			return nil, errors.New("Missing configuration value for field " + field)
-		}
+func getEnv(key, defaultValue string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
 	}
-
-	return &normalConfig, nil
+	return defaultValue
 }
-*/
 
+/*
+NOTE: When the environment variable 'INSECURE_SKIP_VERIFY' is set to 'TRUE',
+this option for the OpenTDF SDK will be set.
+*/
 func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) {
 	// NOTE: The 'platformEndpoint' is sometimes referenced as 'host'
 	if strings.Count(config.TokenEndpoint, "http://") == 1 {
@@ -71,16 +62,25 @@ func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) {
 			sdk.WithInsecurePlaintextConn(),
 		)
 	} else if strings.Count(config.TokenEndpoint, "https://") == 1 {
-		return sdk.New(config.PlatformEndpoint,
+		opts := []sdk.Option{
 			sdk.WithClientCredentials(config.ClientId, config.ClientSecret, authScopes),
 			sdk.WithTokenEndpoint(config.TokenEndpoint),
-			sdk.WithInsecureSkipVerifyConn(),
-		)
+		}
+
+		if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" {
+			opts = append(opts, sdk.WithInsecureSkipVerifyConn())
+		}
+
+		return sdk.New(config.PlatformEndpoint, opts...)
 	} else {
 		return nil, errors.New("invalid TokenEndpoint given")
 	}
 }
 
+/*
+NOTE: When the environment variable 'INSECURE_SKIP_VERIFY' is set to 'TRUE',
+this option for the OpenTDF SDK will be set.
+*/
 func peSdkClient(config OpentdfConfig, authScopes []string, token TokenAuth) (*sdk.SDK, error) {
 	// NOTE: The 'platformEndpoint' is sometimes referenced as 'host'
 	if strings.Count(config.TokenEndpoint, "http://") == 1 {
@@ -91,12 +91,17 @@ func peSdkClient(config OpentdfConfig, authScopes []string, token TokenAuth) (*s
 			sdk.WithInsecurePlaintextConn(),
 		)
 	} else if strings.Count(config.TokenEndpoint, "https://") == 1 {
-		return sdk.New(config.PlatformEndpoint,
+		opts := []sdk.Option{
 			sdk.WithClientCredentials(config.ClientId, config.ClientSecret, authScopes),
 			sdk.WithTokenEndpoint(config.TokenEndpoint),
 			sdk.WithTokenExchange(token.AccessToken, []string{token.NpeClientId}),
-			sdk.WithInsecureSkipVerifyConn(),
-		)
+		}
+
+		if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" {
+			opts = append(opts, sdk.WithInsecureSkipVerifyConn())
+		}
+
+		return sdk.New(config.PlatformEndpoint, opts...)
 	} else {
 		return nil, errors.New("invalid TokenEndpoint given")
 	}