From 7e4a9dcbb705e1912528cc536e93107b0aca81b3 Mon Sep 17 00:00:00 2001 From: Ryan Schumacher Date: Wed, 10 Jul 2024 15:24:43 -0500 Subject: [PATCH] feat(core): enable setting KAS url path on encrypt --- cmd/tdf-encrypt.go | 10 ++++++++-- docs/man/encrypt/_index.md | 5 ++++- pkg/handlers/nano-tdf.go | 4 ++-- pkg/handlers/tdf.go | 4 ++-- 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/cmd/tdf-encrypt.go b/cmd/tdf-encrypt.go index 3da594e9..f68ba422 100644 --- a/cmd/tdf-encrypt.go +++ b/cmd/tdf-encrypt.go @@ -39,6 +39,7 @@ func dev_tdfEncryptCmd(cmd *cobra.Command, args []string) { if tdfType == "" { tdfType = TDF3 } + kasURLPath := flagHelper.GetOptionalString("kas-url-path") piped := readPipedStdin() @@ -89,9 +90,9 @@ func dev_tdfEncryptCmd(cmd *cobra.Command, args []string) { var encrypted *bytes.Buffer var err error if tdfType == TDF3 { - encrypted, err = h.EncryptBytes(bytesSlice, values, fileMimeType) + encrypted, err = h.EncryptBytes(bytesSlice, values, fileMimeType, kasURLPath) } else if tdfType == NANO { - encrypted, err = h.EncryptNanoBytes(bytesSlice, values) + encrypted, err = h.EncryptNanoBytes(bytesSlice, values, kasURLPath) } else { cli.ExitWithError("Failed to encrypt", fmt.Errorf("unrecognized tdf-type: %s", tdfType)) } @@ -151,6 +152,11 @@ func init() { encryptCmd.GetDocFlag("tdf-type").Description, ) encryptCmd.Command.GroupID = "tdf" + encryptCmd.Flags().String( + encryptCmd.GetDocFlag("kas-url-path").Name, + encryptCmd.GetDocFlag("kas-url-path").Default, + encryptCmd.GetDocFlag("kas-url-path").Description, + ) RootCmd.AddCommand(&encryptCmd.Command) } diff --git a/docs/man/encrypt/_index.md b/docs/man/encrypt/_index.md index db3fc89c..78a460be 100644 --- a/docs/man/encrypt/_index.md +++ b/docs/man/encrypt/_index.md @@ -14,11 +14,14 @@ command: description: The MIME type of the input data. If not provided, the MIME type is inferred from the input data. - name: tdf-type shorthand: t - description: The type of tdf to encrypt as + description: The type of tdf to encrypt as. TDF3 supports structured manifests and larger payloads. Nano has a smaller footprint and more performant, but does not support structured manifests or large payloads. enum: - tdf3 - nano default: tdf3 + - name: kas-url-path + description: URL path to the KAS service at the platform endpoint domain. Leading slash is required if needed. + default: /kas --- Build a Trusted Data Format (TDF) with encrypted content from a specified file or input from stdin utilizing OpenTDF platform. diff --git a/pkg/handlers/nano-tdf.go b/pkg/handlers/nano-tdf.go index 56899432..a0a85c73 100644 --- a/pkg/handlers/nano-tdf.go +++ b/pkg/handlers/nano-tdf.go @@ -5,7 +5,7 @@ import ( "io" ) -func (h Handler) EncryptNanoBytes(b []byte, values []string) (*bytes.Buffer, error) { +func (h Handler) EncryptNanoBytes(b []byte, values []string, kasUrlPath string) (*bytes.Buffer, error) { var encrypted []byte enc := bytes.NewBuffer(encrypted) @@ -14,7 +14,7 @@ func (h Handler) EncryptNanoBytes(b []byte, values []string) (*bytes.Buffer, err return nil, err } - nanoTDFConfig.SetKasURL(h.platformEndpoint) + nanoTDFConfig.SetKasURL(h.platformEndpoint + kasUrlPath) nanoTDFConfig.SetAttributes(values) // TODO: validate values are FQNs or return an error [https://github.com/opentdf/platform/issues/515] diff --git a/pkg/handlers/tdf.go b/pkg/handlers/tdf.go index aad0bb34..72534509 100644 --- a/pkg/handlers/tdf.go +++ b/pkg/handlers/tdf.go @@ -7,7 +7,7 @@ import ( "github.com/opentdf/platform/sdk" ) -func (h Handler) EncryptBytes(b []byte, values []string, mimeType string) (*bytes.Buffer, error) { +func (h Handler) EncryptBytes(b []byte, values []string, mimeType string, kasUrlPath string) (*bytes.Buffer, error) { var encrypted []byte enc := bytes.NewBuffer(encrypted) @@ -15,7 +15,7 @@ func (h Handler) EncryptBytes(b []byte, values []string, mimeType string) (*byte _, err := h.sdk.CreateTDF(enc, bytes.NewReader(b), sdk.WithDataAttributes(values...), sdk.WithKasInformation(sdk.KASInfo{ - URL: h.platformEndpoint, + URL: h.platformEndpoint + kasUrlPath, }), sdk.WithMimeType(mimeType), )