Merge pull request #13 from b-long/develop

0.0.15 - Various packaging improvements

Author: b-long

.github/workflows/build-golang-macos.yaml

@@ -97,7 +97,7 @@ jobs:
         - name: Test Python wheel
           run: |
               # Test wheel installation
-              pip install dist/otdf_python-0.0.13-py3-none-any.whl
+              pip install dist/otdf_python-0.0.15-py3-none-any.whl
 
               # Test wheel functionality
               # python3 validate_otdf_python.py

.github/workflows/build-golang-ubuntu.yaml

@@ -127,7 +127,7 @@ jobs:
             - name: Test Python wheel
               run: |
                   # Test wheel installation
-                  pip install dist/otdf_python-0.0.13-py3-none-any.whl
+                  pip install dist/otdf_python-0.0.15-py3-none-any.whl
 
                   # DISABLED: Need to figure out Ubuntu nested VM
                   # Test wheel functionality

.github/workflows/platform-integration-test.yaml

@@ -0,0 +1,225 @@
+# Based on
+#   https://github.com/opentdf/java-sdk/blob/v0.6.1/.github/workflows/checks.yaml
+name: "Platform Integration testing"
+
+on:
+  pull_request:
+
+# on:
+#   pull_request:
+#     branches:
+#       - main
+#   push:
+#     branches:
+#       - main
+
+permissions:
+  contents: read
+
+jobs:
+
+  platform-integration:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Java SDK
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: bufbuild/buf-setup-action@382440cdb8ec7bc25a68d7b4711163d95f7cc3aa
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check out platform
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+        with:
+          repository: opentdf/platform
+          ref: main
+          path: platform
+      - name: Set up go
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491
+        with:
+          go-version: "1.22.3"
+          check-latest: false
+          cache-dependency-path: |
+            platform/service/go.sum
+            platform/examples/go.sum
+            platform/protocol/go/go.sum
+            platform/sdk/go.sum
+      - run: go mod download
+        working-directory: platform
+      - run: go mod verify
+        working-directory: platform
+      - name: Create keys
+        run: |
+          .github/scripts/init-temp-keys.sh
+          cp opentdf-dev.yaml opentdf.yaml
+          sudo chmod -R 777 ./keys
+        working-directory: platform
+      # - name: Trust the locally issued cert
+      #   run: |
+      #     keytool \
+      #       -importcert \
+      #       -storepass changeit \
+      #       -noprompt \
+      #       -file localhost.crt \
+      #       -keystore $JAVA_HOME/lib/security/cacerts \
+      #       -alias localhost-for-tests
+      #   working-directory: platform/keys
+      - name: Bring the services up
+        run: docker compose up -d --wait --wait-timeout 240
+        working-directory: platform
+      - name: Provision keycloak
+        run: go run ./service provision keycloak
+        working-directory: platform
+      - name: Provision fixtures
+        run: go run ./service provision fixtures
+        working-directory: platform
+      - name: Start server in background
+        uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
+        with:
+          run: |
+            go run ./service start
+          wait-on: |
+            tcp:localhost:8080
+          log-output-if: true
+          wait-for: 90s
+          working-directory: platform
+      - name: Get grpcurl
+        run: go install github.com/fullstorydev/grpcurl/cmd/[email protected]
+      - name: Make sure that the platform is up
+        run: |
+          grpcurl -plaintext localhost:8080 list && \
+          grpcurl -plaintext localhost:8080 kas.AccessService/PublicKey
+
+      # - name: Validate the SDK through the command line interface
+      #   run: |
+      #     printf 'here is some data to encrypt' > data
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       encrypt --kas-url=localhost:8080 --mime-type=text/plain --attr https://example.com/attr/attr1/value/value1 --autoconfigure=false -f data -m 'here is some metadata' > test.tdf
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       decrypt -f test.tdf > decrypted
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       metadata -f test.tdf > metadata
+
+      #     if ! diff -q data decrypted; then
+      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
+      #       exit 1
+      #     fi
+
+      #     if [ "$(< metadata)" != 'here is some metadata' ]; then
+      #       printf 'metadata is incorrect [%s]\n' "$(< metadata)"
+      #       exit 1
+      #     fi
+      #   working-directory: cmdline
+
+      # - name: Encrypt/Decrypt NanoTDF
+      #   run: |
+      #     echo 'here is some data to encrypt' > data
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       encryptnano --kas-url=http://localhost:8080 --attr https://example.com/attr/attr1/value/value1 -f data -m 'here is some metadata' > nano.ntdf
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       decryptnano -f nano.ntdf > decrypted
+
+      #     if ! diff -q data decrypted; then
+      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
+      #       exit 1
+      #     fi
+      #   working-directory: cmdline
+
+      # - uses: JarvusInnovations/background-action@2428e7b970a846423095c79d43f759abf979a635
+      #   name: start another KAS server in background
+      #   with:
+      #     run: >
+      #       <opentdf.yaml >opentdf-beta.yaml yq e '
+      #         (.server.port = 8282)
+      #         | (.mode = ["kas"])
+      #         | (.sdk_config = {"endpoint":"http://localhost:8080","plaintext":true,"client_id":"opentdf","client_secret":"secret"})
+      #       '
+      #       && go run ./service --config-file ./opentdf-beta.yaml start
+      #     wait-on: |
+      #       tcp:localhost:8282
+      #     log-output-if: true
+      #     wait-for: 90s
+      #     working-directory: platform
+      # - name: Make sure that the second platform is up
+      #   run: |
+      #     grpcurl -plaintext localhost:8282 kas.AccessService/PublicKey
+      # - name: Validate multikas through the command line interface
+      #   run: |
+      #     printf 'here is some data to encrypt' > data
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       encrypt --kas-url=localhost:8080,localhost:8282 -f data -m 'here is some metadata' > test.tdf
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       decrypt -f test.tdf > decrypted
+
+      #     java -jar target/cmdline.jar \
+      #       --client-id=opentdf-sdk \
+      #       --client-secret=secret \
+      #       --platform-endpoint=localhost:8080 \
+      #       -i \
+      #       metadata -f test.tdf > metadata
+
+      #     if ! diff -q data decrypted; then
+      #       printf 'decrypted data is incorrect [%s]' "$(< decrypted)"
+      #       exit 1
+      #     fi
+
+      #     if [ "$(< metadata)" != 'here is some metadata' ]; then
+      #       printf 'metadata is incorrect [%s]\n' "$(< metadata)"
+      #       exit 1
+      #     fi
+      #   working-directory: cmdline
+
+  # platform-xtest:
+  #   permissions:
+  #     contents: read
+  #     packages: read
+  #   needs: platform-integration
+  #   uses: opentdf/tests/.github/workflows/xtest.yml@main
+  #   with:
+  #     java-ref: ${{ github.ref }}
+
+  # ci:
+  #   needs:
+  #     - platform-integration
+  #     - platform-xtest
+  #     - mavenverify
+  #     - pr
+  #   runs-on: ubuntu-latest
+  #   if: always()
+  #   steps:
+  #     - if: contains(needs.*.result, 'failure')
+  #       run: echo "Failed due to ${{ contains(needs.*.result, 'failure') }}" && exit 1

.pre-commit-config.yaml

@@ -40,7 +40,7 @@ repos:
 
     - repo: https://github.com/astral-sh/ruff-pre-commit
       # Ruff version.
-      rev: v0.6.8
+      rev: v0.6.9
       hooks:
         # Run the linter.
         - id: ruff

poetry.lock

@@ -1,8 +1,8 @@
 [tool.poetry]
 name = "otdf-python"
 # Should match 'setup.py' version number (used for gopy/pybindgen)
-version = "0.0.13"
-description = ""
+version = "0.0.15"
+description = "Unofficial OpenTDF SDK for Python."
 authors = ["b-long <[email protected]>"]
 readme = "README.md"
 package-mode = false

pyproject.toml

@@ -24,7 +24,7 @@
     url="https://github.com/b-long/opentdf-python-sdk",
     package_data={"otdf_python": ["*.so"]},
     # Should match 'pyproject.toml' version number
-    version="0.0.13",
+    version="0.0.15",
     author_email="[email protected]",
     include_package_data=True,
 )

setup.py

@@ -81,7 +81,7 @@ def build_extension(self, ext: Extension):
 
 setuptools.setup(
     name="otdf_python",
-    version="0.0.13",
+    version="0.0.15",
     author="b-long",
     description="Unofficial OpenTDF SDK for Python.",
     long_description_content_type="text/markdown",