Get InsecureSkipVerify via OpentdfConfig

.github/workflows/build-golang-macos.yaml

@@ -47,4 +47,4 @@ jobs:
 
       # - uses: ./.github/workflows/platform-integration-test.yaml
       #   with:
-      #     wheel: dist/otdf_python-0.2.16-py3-none-any.whl
+      #     wheel: dist/otdf_python-0.2.17-py3-none-any.whl

.github/workflows/build-golang-ubuntu.yaml

@@ -43,12 +43,12 @@ jobs:
 
       - uses: actions/cache/restore@v4
         with:
-          path: dist/otdf_python-0.2.16-py3-none-any.whl
+          path: dist/otdf_python-0.2.17-py3-none-any.whl
           key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }}
 
       - uses: actions/cache/save@v4
         with:
-          path: dist/otdf_python-0.2.16-py3-none-any.whl
+          path: dist/otdf_python-0.2.17-py3-none-any.whl
           key: ${{ runner.os }}${{ matrix.python3_version }}-data-${{ github.sha }}
           restore-keys: |
             ${{ runner.os }}${{ matrix.python3_version }}-data-
@@ -61,5 +61,5 @@ jobs:
     needs: build
     uses: ./.github/workflows/platform-integration-test.yaml
     with:
-      wheel: dist/otdf_python-0.2.16-py3-none-any.whl
+      wheel: dist/otdf_python-0.2.17-py3-none-any.whl
       python_version: ${{ matrix.python3_version }}

.github/workflows/platform-integration-test.yaml

@@ -29,7 +29,7 @@ jobs:
 
       - uses: actions/cache/restore@v4
         with:
-          path: dist/otdf_python-0.2.16-py3-none-any.whl
+          path: dist/otdf_python-0.2.17-py3-none-any.whl
           key: ${{ runner.os }}${{ inputs.python_version }}-data-${{ github.sha }}
 
       - name: Prove that the input file is available

README.md

@@ -27,10 +27,10 @@ Install from the [Python Package Index (PyPI)](https://pypi.org):
 pip install otdf_python
 
 # Install a pinned version
-pip install otdf-python==0.2.16
+pip install otdf-python==0.2.17
 
 # Install a pinned version, from test.pypi.org
-pip install -i https://test.pypi.org/simple/ otdf-python==0.2.16
+pip install -i https://test.pypi.org/simple/ otdf-python==0.2.17
 ```
 
 ## Usage

build-scripts/ci-build.sh

@@ -72,4 +72,4 @@ echo "✨✨✨ Build wheel"
 poetry run python3 setup.py bdist_wheel
 
 echo "✨✨✨ Install wheel"
-pip install dist/otdf_python-0.2.16-py3-none-any.whl
+pip install dist/otdf_python-0.2.17-py3-none-any.whl

build-scripts/make_and_validate_script.sh

@@ -47,7 +47,7 @@ python3 -m pip install --upgrade setuptools wheel
 python3 setup.py bdist_wheel
 
 # Prove that the wheel can be installed
-pip install dist/otdf_python-0.2.16-py3-none-any.whl
+pip install dist/otdf_python-0.2.17-py3-none-any.whl
 
 if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then
     echo "Build is complete, skipping tests."

build-scripts/uv_make_and_validate_script.sh

@@ -70,7 +70,7 @@ loud_print "Installing wheel"
 uv venv .venv-wheel --python 3.12 "$PY_TYPE"
 source "${BUILD_ROOT}/.venv-wheel/bin/activate"
 pip install pybindgen
-pip install dist/otdf_python-0.2.16-py3-none-any.whl
+pip install dist/otdf_python-0.2.17-py3-none-any.whl
 
 if [[ "$SKIP_TESTS" == "-s" || "$SKIP_TESTS" == "--skip-tests" ]]; then
     echo "Build is complete, skipping tests."

main.go

@@ -10,8 +10,6 @@ TODO: Consider testing against attributes that are returned by some listing.
 TODO: Consider exposing an sdkClient that can be returned to the caller
 * Note, previously this failed in a 'gopy' compiled context
 
-TODO: Platform knows about the IdP, perhaps we don't need to specify the TOKEN_ENDPOINT ?
-
 */
 import (
 	"bytes"
@@ -35,11 +33,12 @@ type TokenAuth struct {
 }
 
 type OpentdfConfig struct {
-	ClientId         string
-	ClientSecret     string
-	PlatformEndpoint string
-	TokenEndpoint    string
-	KasUrl           string
+	ClientId           string
+	ClientSecret       string
+	PlatformEndpoint   string
+	TokenEndpoint      string
+	KasUrl             string
+	InsecureSkipVerify bool
 }
 
 func getEnv(key, defaultValue string) string {
@@ -49,10 +48,6 @@ func getEnv(key, defaultValue string) string {
 	return defaultValue
 }
 
-/*
-NOTE: When the environment variable 'INSECURE_SKIP_VERIFY' is set to 'TRUE',
-this option for the OpenTDF SDK will be set.
-*/
 func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) {
 	// NOTE: The 'platformEndpoint' is sometimes referenced as 'host'
 	if strings.Count(config.TokenEndpoint, "http://") == 1 {
@@ -67,7 +62,7 @@ func newSdkClient(config OpentdfConfig, authScopes []string) (*sdk.SDK, error) {
 			sdk.WithTokenEndpoint(config.TokenEndpoint),
 		}
 
-		if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" {
+		if config.InsecureSkipVerify {
 			opts = append(opts, sdk.WithInsecureSkipVerifyConn())
 		}
 
@@ -97,7 +92,7 @@ func peSdkClient(config OpentdfConfig, authScopes []string, token TokenAuth) (*s
 			sdk.WithTokenExchange(token.AccessToken, []string{token.NpeClientId}),
 		}
 
-		if getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE" {
+		if config.InsecureSkipVerify {
 			opts = append(opts, sdk.WithInsecureSkipVerifyConn())
 		}
 

otdf_python_test.go

@@ -18,15 +18,16 @@ import (
 var defaultAuthScopes = []string{"email"}
 
 type TestConfiguration struct {
-	platformEndpoint string
-	tokenEndpoint    string
-	kasEndpoint      string
-	npeClientId      string
-	npeClientSecret  string
-	peUsername       string
-	pePassword       string
-	testAttribute1   string
-	testAttribute2   string
+	platformEndpoint   string
+	tokenEndpoint      string
+	kasEndpoint        string
+	npeClientId        string
+	npeClientSecret    string
+	peUsername         string
+	pePassword         string
+	testAttribute1     string
+	testAttribute2     string
+	insecureSkipVerify bool
 }
 
 var config = TestConfiguration{
@@ -38,8 +39,9 @@ var config = TestConfiguration{
 	peUsername:       os.Getenv("TEST_OPENTDF_SECRET_USER_ID"),
 	pePassword:       os.Getenv("TEST_OPENTDF_SECRET_USER_PASSWORD"),
 	// For default values, we added a helper function
-	testAttribute1: getEnv("TEST_OPENTDF_ATTRIBUTE_1", "https://example.com/attr/attr1/value/value1"),
-	testAttribute2: getEnv("TEST_OPENTDF_ATTRIBUTE_2", "https://example.com/attr/attr1/value/value2"),
+	testAttribute1:     getEnv("TEST_OPENTDF_ATTRIBUTE_1", "https://example.com/attr/attr1/value/value1"),
+	testAttribute2:     getEnv("TEST_OPENTDF_ATTRIBUTE_2", "https://example.com/attr/attr1/value/value2"),
+	insecureSkipVerify: getEnv("INSECURE_SKIP_VERIFY", "FALSE") == "TRUE",
 }
 
 /*
@@ -61,7 +63,7 @@ https://stackoverflow.com/q/24493116
 */
 func authHelper(form url.Values, isPEAuth bool) (TokenAuth, error) {
 	tr := &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: config.insecureSkipVerify},
 	}
 	// FIXME: Use a client with TLS verification
 	// client := http.Client{}
@@ -133,11 +135,12 @@ func getMultiDataAttribute(config TestConfiguration) []string {
 func doEncryptString(t *testing.T, dataAttributes []string) {
 
 	got, err := EncryptString("Hello, world", OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, dataAttributes, defaultAuthScopes)
 	if err != nil {
 		t.Fatal(err)
@@ -198,11 +201,12 @@ func encrypt_file_NPE(t *testing.T, dataAttributes []string) string {
 	defer tmpOutputFile.Close()
 
 	got, err := EncryptFile(tmpInputFile.Name(), tmpOutputFile.Name(), OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, dataAttributes, defaultAuthScopes)
 	if err != nil {
 		t.Error("Failed to EncryptFile()!")
@@ -244,11 +248,12 @@ func encrypt_file_PE(t *testing.T, dataAttributes []string, tokenAuth TokenAuth)
 	defer tmpOutputFile.Close()
 
 	got, err := EncryptFilePE(tmpInputFile.Name(), tmpOutputFile.Name(), OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, tokenAuth, dataAttributes, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to EncryptFilePE()!")
@@ -301,11 +306,12 @@ func e2e_test_as_PE(t *testing.T, dataAttributes []string) {
 		t.Error(err)
 	}
 	got, err := DecryptFilePE(input_TDF_path, plaintext_output_path.Name(), OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, token_for_decrypt, defaultAuthScopes)
 	if err != nil {
 		t.Fatal(err)
@@ -376,11 +382,12 @@ func Test_Multifile_NPE_Encrypt_Files_In_Dir_Nil_Attributes(t *testing.T) {
 	}
 
 	cfg := OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}
 
 	got, err := EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv"}, cfg, nil, defaultAuthScopes)
@@ -409,11 +416,12 @@ func Test_Multifile_NPE_Encrypt_Files_With_Extensions_Nil_Attributes(t *testing.
 
 	// Call the EncryptFilesWithExtensionsNPE function
 	got, err := EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv", ".pdf"}, OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, nil, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to EncryptFilesWithExtensionsNPE()!", err)
@@ -440,23 +448,25 @@ func Test_Multifile_NPE_Decrypt_Files_In_Dir_Nil_Attributes(t *testing.T) {
 
 	// Encrypt the file
 	_, err = EncryptFilesInDirNPE(tmpDir, OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, nil, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to EncryptFilesInDirNPE()!", err)
 	}
 
 	// Call the DecryptFilesInDirNPE function
 	got, err := DecryptFilesInDirNPE(tmpDir, OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to DecryptFilesInDirNPE()!", err)
@@ -482,23 +492,25 @@ func Test_Multifile_NPE_Decrypt_Files_With_Extensions_Nil_Attributes(t *testing.
 
 	// Encrypt the files
 	_, err = EncryptFilesWithExtensionsNPE(tmpDir, []string{".txt", ".csv", ".pdf"}, OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, nil, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to EncryptFilesWithExtensionsNPE()!", err)
 	}
 
 	// Call the DecryptFilesWithExtensionsNPE function
 	got, err := DecryptFilesWithExtensionsNPE(tmpDir, []string{".tdf"}, OpentdfConfig{
-		ClientId:         config.npeClientId,
-		ClientSecret:     config.npeClientSecret,
-		PlatformEndpoint: config.platformEndpoint,
-		TokenEndpoint:    config.tokenEndpoint,
-		KasUrl:           config.kasEndpoint,
+		ClientId:           config.npeClientId,
+		ClientSecret:       config.npeClientSecret,
+		PlatformEndpoint:   config.platformEndpoint,
+		TokenEndpoint:      config.tokenEndpoint,
+		KasUrl:             config.kasEndpoint,
+		InsecureSkipVerify: config.insecureSkipVerify,
 	}, defaultAuthScopes)
 	if err != nil {
 		t.Fatal("Failed to DecryptFilesWithExtensionsNPE()!", err)

pyproject.toml

@@ -1,7 +1,7 @@
 [project]
 name = "otdf-python"
 # Should match 'setup.py' version number (used for gopy/pybindgen)
-version = "0.2.16"
+version = "0.2.17"
 description = "Unofficial OpenTDF SDK for Python."
 authors = [
     {name="b-long", email="b-long@users.noreply.github.com"}
@@ -19,7 +19,7 @@ pybindgen = "^0.22.1"
 
 [tool.poetry]
 package-mode = false
-version = "0.2.16"
+version = "0.2.17"
 
 [tool.poetry.dependencies]
 python = ">=3.10,<3.14"

setup.py

@@ -24,7 +24,7 @@
     url="https://github.com/b-long/opentdf-python-sdk",
     package_data={"otdf_python": ["*.so"]},
     # Should match 'pyproject.toml' version number
-    version="0.2.16",
+    version="0.2.17",
     author_email="b-long@users.noreply.github.com",
     include_package_data=True,
 )

setup_ci.py

@@ -81,7 +81,7 @@ def build_extension(self, ext: Extension):
 
 setuptools.setup(
     name="otdf_python",
-    version="0.2.16",
+    version="0.2.17",
     author="b-long",
     description="Unofficial OpenTDF SDK for Python.",
     long_description_content_type="text/markdown",