diff --git a/.github/workflows/build-golang-macos.yaml b/.github/workflows/build-golang-macos.yaml index f3b97bb..49372b4 100644 --- a/.github/workflows/build-golang-macos.yaml +++ b/.github/workflows/build-golang-macos.yaml @@ -47,4 +47,4 @@ jobs: # - uses: ./.github/workflows/platform-integration-test.yaml # with: - # wheel: dist/otdf_python-0.2.16-py3-none-any.whl + # wheel: dist/otdf_python-0.2.17-py3-none-any.whl diff --git a/.github/workflows/build-golang-ubuntu.yaml b/.github/workflows/build-golang-ubuntu.yaml index 399c8b6..19ccb71 100644 --- a/.github/workflows/build-golang-ubuntu.yaml +++ b/.github/workflows/build-golang-ubuntu.yaml @@ -43,12 +43,12 @@ jobs: - uses: actions/cache/restore@v4 with: - path: dist/otdf_python-0.2.16-py3-none-any.whl + path: dist/otdf_python-0.2.17-py3-none-any.whl key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }} - uses: actions/cache/save@v4 with: - path: dist/otdf_python-0.2.16-py3-none-any.whl + path: dist/otdf_python-0.2.17-py3-none-any.whl key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }} restore-keys: | ${{ runner.os }}${{ matrix.python3_version }}-data- @@ -61,5 +61,5 @@ jobs: needs: build uses: ./.github/workflows/platform-integration-test.yaml with: - wheel: dist/otdf_python-0.2.16-py3-none-any.whl + wheel: dist/otdf_python-0.2.17-py3-none-any.whl python_version: ${{ matrix.python3_version }} diff --git a/.github/workflows/platform-integration-test.yaml b/.github/workflows/platform-integration-test.yaml index af19b5d..c2cf5ba 100644 --- a/.github/workflows/platform-integration-test.yaml +++ b/.github/workflows/platform-integration-test.yaml @@ -29,7 +29,7 @@ jobs: - uses: actions/cache/restore@v4 with: - path: dist/otdf_python-0.2.16-py3-none-any.whl + path: dist/otdf_python-0.2.17-py3-none-any.whl key: ${{ runner.os }}${{ inputs.python_version }}-data-${{ github.sha }} - name: Prove that the input file is available diff --git a/README.md b/README.md index c2a8ecb..2d587bd 100644 --- a/README.md +++ b/README.md @@ -27,10 +27,10 @@ Install from the [Python Package Index (PyPI)](https://pypi.org): pip install otdf_python # Install a pinned version -pip install otdf-python==0.2.16 +pip install otdf-python==0.2.17 # Install a pinned version, from test.pypi.org -pip install -i https://test.pypi.org/simple/ otdf-python==0.2.16 +pip install -i https://test.pypi.org/simple/ otdf-python==0.2.17 ``` ## Usage diff --git a/build-scripts/ci-build.sh b/build-scripts/ci-build.sh index 305c8ab..16ee2e4 100755 --- a/build-scripts/ci-build.sh +++ b/build-scripts/ci-build.sh @@ -72,4 +72,4 @@ echo "✨✨✨ Build wheel" poetry run python3 setup.py bdist_wheel echo "✨✨✨ Install wheel" -pip install dist/otdf_python-0.2.16-py3-none-any.whl +pip install dist/otdf_python-0.2.17-py3-none-any.whl diff --git a/build-scripts/make_and_validate_script.sh b/build-scripts/make_and_validate_script.sh index 53940d5..5887c00 100755 --- a/build-scripts/make_and_validate_script.sh +++ b/build-scripts/make_and_validate_script.sh @@ -47,7 +47,7 @@ python3 -m pip install --upgrade setuptools wheel python3 setup.py bdist_wheel # Prove that the wheel can be installed -pip install dist/otdf_python-0.2.16-py3-none-any.whl +pip install dist/otdf_python-0.2.17-py3-none-any.whl if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then echo "Build is complete, skipping tests." diff --git a/build-scripts/uv_make_and_validate_script.sh b/build-scripts/uv_make_and_validate_script.sh index 8dd4da7..7200241 100755 --- a/build-scripts/uv_make_and_validate_script.sh +++ b/build-scripts/uv_make_and_validate_script.sh @@ -70,7 +70,7 @@ loud_print "Installing wheel" uv venv .venv-wheel --python 3.12 "$PY_TYPE" source "${BUILD_ROOT}/.venv-wheel/bin/activate" pip install pybindgen -pip install dist/otdf_python-0.2.16-py3-none-any.whl +pip install dist/otdf_python-0.2.17-py3-none-any.whl if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then echo "Build is complete, skipping tests." diff --git a/main.go b/main.go index cff45c3..8e96a3b 100644 --- a/main.go +++ b/main.go @@ -10,8 +10,6 @@ TODO: Consider testing against attributes that are returned by some listing. TODO: Consider exposing an sdkClient that can be returned to the caller * Note, previously this failed in a 'gopy' compiled context -TODO: Platform knows about the IdP, perhaps we don't need to specify the TOKEN_ENDPOINT ? - */ import ( "bytes" @@ -35,11 +33,12 @@ type TokenAuth struct { } type OpentdfConfig struct { - ClientId string - ClientSecret string - PlatformEndpoint string - TokenEndpoint string - KasUrl string + ClientId string + ClientSecret string + PlatformEndpoint string + TokenEndpoint string + KasUrl string + InsecureSkipVerify bool } func getEnv(key, defaultValue string) string { @@ -49,10 +48,6 @@ func getEnv(key, defaultValue string) string { return defaultValue } -/* -NOTE: When the environment variable 'INSECURE_SKIP_VERIFY' is set to 'TRUE', -this option for the OpenTDF SDK will be set. -*/ func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) { // NOTE: The 'platformEndpoint' is sometimes referenced as 'host' if strings.Count(config.TokenEndpoint, "http://") == 1 { @@ -67,7 +62,7 @@ func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) { sdk.WithTokenEndpoint(config.TokenEndpoint), } - if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" { + if config.InsecureSkipVerify { opts = append(opts, sdk.WithInsecureSkipVerifyConn()) } @@ -97,7 +92,7 @@ func peSdkClient(config OpentdfConfig, authScopes []string, token TokenAuth) (*s sdk.WithTokenExchange(token.AccessToken, []string{token.NpeClientId}), } - if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" { + if config.InsecureSkipVerify { opts = append(opts, sdk.WithInsecureSkipVerifyConn()) } diff --git a/otdf_python_test.go b/otdf_python_test.go index 009ac5c..7d041d1 100644 --- a/otdf_python_test.go +++ b/otdf_python_test.go @@ -18,15 +18,16 @@ import ( var defaultAuthScopes = []string{"email"} type TestConfiguration struct { - platformEndpoint string - tokenEndpoint string - kasEndpoint string - npeClientId string - npeClientSecret string - peUsername string - pePassword string - testAttribute1 string - testAttribute2 string + platformEndpoint string + tokenEndpoint string + kasEndpoint string + npeClientId string + npeClientSecret string + peUsername string + pePassword string + testAttribute1 string + testAttribute2 string + insecureSkipVerify bool } var config = TestConfiguration{ @@ -38,8 +39,9 @@ var config = TestConfiguration{ peUsername: os.Getenv("TEST_OPENTDF_SECRET_USER_ID"), pePassword: os.Getenv("TEST_OPENTDF_SECRET_USER_PASSWORD"), // For default values, we added a helper function - testAttribute1: getEnv("TEST_OPENTDF_ATTRIBUTE_1", "https://example.com/attr/attr1/value/value1"), - testAttribute2: getEnv("TEST_OPENTDF_ATTRIBUTE_2", "https://example.com/attr/attr1/value/value2"), + testAttribute1: getEnv("TEST_OPENTDF_ATTRIBUTE_1", "https://example.com/attr/attr1/value/value1"), + testAttribute2: getEnv("TEST_OPENTDF_ATTRIBUTE_2", "https://example.com/attr/attr1/value/value2"), + insecureSkipVerify: getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE", } /* @@ -61,7 +63,7 @@ https://stackoverflow.com/q/24493116 */ func authHelper(form url.Values, isPEAuth bool) (TokenAuth, error) { tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + TLSClientConfig: &tls.Config{InsecureSkipVerify: config.insecureSkipVerify}, } // FIXME: Use a client with TLS verification // client := http.Client{} @@ -133,11 +135,12 @@ func getMultiDataAttribute(config TestConfiguration) []string { func doEncryptString(t *testing.T, dataAttributes []string) { got, err := EncryptString("Hello, world", OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, dataAttributes, defaultAuthScopes) if err != nil { t.Fatal(err) @@ -198,11 +201,12 @@ func encrypt_file_NPE(t *testing.T, dataAttributes []string) string { defer tmpOutputFile.Close() got, err := EncryptFile(tmpInputFile.Name(), tmpOutputFile.Name(), OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, dataAttributes, defaultAuthScopes) if err != nil { t.Error("Failed to EncryptFile()!") @@ -244,11 +248,12 @@ func encrypt_file_PE(t *testing.T, dataAttributes []string, tokenAuth TokenAuth) defer tmpOutputFile.Close() got, err := EncryptFilePE(tmpInputFile.Name(), tmpOutputFile.Name(), OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, tokenAuth, dataAttributes, defaultAuthScopes) if err != nil { t.Fatal("Failed to EncryptFilePE()!") @@ -301,11 +306,12 @@ func e2e_test_as_PE(t *testing.T, dataAttributes []string) { t.Error(err) } got, err := DecryptFilePE(input_TDF_path, plaintext_output_path.Name(), OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, token_for_decrypt, defaultAuthScopes) if err != nil { t.Fatal(err) @@ -376,11 +382,12 @@ func Test_Multifile_NPE_Encrypt_Files_In_Dir_Nil_Attributes(t *testing.T) { } cfg := OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, } got, err := EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv"}, cfg, nil, defaultAuthScopes) @@ -409,11 +416,12 @@ func Test_Multifile_NPE_Encrypt_Files_With_Extensions_Nil_Attributes(t *testing. // Call the EncryptFilesWithExtensionsNPE function got, err := EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv", ".pdf"}, OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, nil, defaultAuthScopes) if err != nil { t.Fatal("Failed to EncryptFilesWithExtensionsNPE()!", err) @@ -440,11 +448,12 @@ func Test_Multifile_NPE_Decrypt_Files_In_Dir_Nil_Attributes(t *testing.T) { // Encrypt the file _, err = EncryptFilesInDirNPE(tmpDir, OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, nil, defaultAuthScopes) if err != nil { t.Fatal("Failed to EncryptFilesInDirNPE()!", err) @@ -452,11 +461,12 @@ func Test_Multifile_NPE_Decrypt_Files_In_Dir_Nil_Attributes(t *testing.T) { // Call the DecryptFilesInDirNPE function got, err := DecryptFilesInDirNPE(tmpDir, OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, defaultAuthScopes) if err != nil { t.Fatal("Failed to DecryptFilesInDirNPE()!", err) @@ -482,11 +492,12 @@ func Test_Multifile_NPE_Decrypt_Files_With_Extensions_Nil_Attributes(t *testing. // Encrypt the files _, err = EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv", ".pdf"}, OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, nil, defaultAuthScopes) if err != nil { t.Fatal("Failed to EncryptFilesWithExtensionsNPE()!", err) @@ -494,11 +505,12 @@ func Test_Multifile_NPE_Decrypt_Files_With_Extensions_Nil_Attributes(t *testing. // Call the DecryptFilesWithExtensionsNPE function got, err := DecryptFilesWithExtensionsNPE(tmpDir, []string{".tdf"}, OpentdfConfig{ - ClientId: config.npeClientId, - ClientSecret: config.npeClientSecret, - PlatformEndpoint: config.platformEndpoint, - TokenEndpoint: config.tokenEndpoint, - KasUrl: config.kasEndpoint, + ClientId: config.npeClientId, + ClientSecret: config.npeClientSecret, + PlatformEndpoint: config.platformEndpoint, + TokenEndpoint: config.tokenEndpoint, + KasUrl: config.kasEndpoint, + InsecureSkipVerify: config.insecureSkipVerify, }, defaultAuthScopes) if err != nil { t.Fatal("Failed to DecryptFilesWithExtensionsNPE()!", err) diff --git a/pyproject.toml b/pyproject.toml index 6abe122..d07e162 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,7 +1,7 @@ [project] name = "otdf-python" # Should match 'setup.py' version number (used for gopy/pybindgen) -version = "0.2.16" +version = "0.2.17" description = "Unofficial OpenTDF SDK for Python." authors = [ {name="b-long", email="b-long@users.noreply.github.com"} @@ -19,7 +19,7 @@ pybindgen = "^0.22.1" [tool.poetry] package-mode = false -version = "0.2.16" +version = "0.2.17" [tool.poetry.dependencies] python = ">=3.10,<3.14" diff --git a/setup.py b/setup.py index ca72efe..c354275 100644 --- a/setup.py +++ b/setup.py @@ -24,7 +24,7 @@ url="https://github.com/b-long/opentdf-python-sdk", package_data={"otdf_python": ["*.so"]}, # Should match 'pyproject.toml' version number - version="0.2.16", + version="0.2.17", author_email="b-long@users.noreply.github.com", include_package_data=True, ) diff --git a/setup_ci.py b/setup_ci.py index a0610bd..e7dd46a 100644 --- a/setup_ci.py +++ b/setup_ci.py @@ -81,7 +81,7 @@ def build_extension(self, ext: Extension): setuptools.setup( name="otdf_python", - version="0.2.16", + version="0.2.17", author="b-long", description="Unofficial OpenTDF SDK for Python.", long_description_content_type="text/markdown", diff --git a/uv.lock b/uv.lock index ed0bce7..af5db85 100644 --- a/uv.lock +++ b/uv.lock @@ -3,5 +3,5 @@ requires-python = ">=3.10" [[package]] name = "otdf-python" -version = "0.2.16" +version = "0.2.17" source = { editable = "." }