feat(core): enable setting KAS url path on encrypt

cmd/tdf-encrypt.go

@@ -39,6 +39,7 @@ func dev_tdfEncryptCmd(cmd *cobra.Command, args []string) {
 	if tdfType == "" {
 		tdfType = TDF3
 	}
+	kasURLPath := flagHelper.GetOptionalString("kas-url-path")
 
 	piped := readPipedStdin()
 
@@ -89,9 +90,9 @@ func dev_tdfEncryptCmd(cmd *cobra.Command, args []string) {
 	var encrypted *bytes.Buffer
 	var err error
 	if tdfType == TDF3 {
-		encrypted, err = h.EncryptBytes(bytesSlice, values, fileMimeType)
+		encrypted, err = h.EncryptBytes(bytesSlice, values, fileMimeType, kasURLPath)
 	} else if tdfType == NANO {
-		encrypted, err = h.EncryptNanoBytes(bytesSlice, values)
+		encrypted, err = h.EncryptNanoBytes(bytesSlice, values, kasURLPath)
 	} else {
 		cli.ExitWithError("Failed to encrypt", fmt.Errorf("unrecognized tdf-type: %s", tdfType))
 	}
@@ -151,6 +152,11 @@ func init() {
 		encryptCmd.GetDocFlag("tdf-type").Description,
 	)
 	encryptCmd.Command.GroupID = "tdf"
+	encryptCmd.Flags().String(
+		encryptCmd.GetDocFlag("kas-url-path").Name,
+		encryptCmd.GetDocFlag("kas-url-path").Default,
+		encryptCmd.GetDocFlag("kas-url-path").Description,
+	)
 
 	RootCmd.AddCommand(&encryptCmd.Command)
 }

docs/man/encrypt/_index.md

@@ -14,11 +14,14 @@ command:
       description: The MIME type of the input data. If not provided, the MIME type is inferred from the input data.
     - name: tdf-type
       shorthand: t
-      description:  The type of tdf to encrypt as
+      description: The type of tdf to encrypt as. TDF3 supports structured manifests and larger payloads. Nano has a smaller footprint and more performant, but does not support structured manifests or large payloads.
       enum:
         - tdf3
         - nano
       default: tdf3
+    - name: kas-url-path
+      description: URL path to the KAS service at the platform endpoint domain. Leading slash is required if needed.
+      default: /kas
 ---
 
 Build a Trusted Data Format (TDF) with encrypted content from a specified file or input from stdin utilizing OpenTDF platform.

pkg/handlers/nano-tdf.go

@@ -5,7 +5,7 @@ import (
 	"io"
 )
 
-func (h Handler) EncryptNanoBytes(b []byte, values []string) (*bytes.Buffer, error) {
+func (h Handler) EncryptNanoBytes(b []byte, values []string, kasUrlPath string) (*bytes.Buffer, error) {
 	var encrypted []byte
 	enc := bytes.NewBuffer(encrypted)
 
@@ -14,7 +14,7 @@ func (h Handler) EncryptNanoBytes(b []byte, values []string) (*bytes.Buffer, err
 		return nil, err
 	}
 
-	nanoTDFConfig.SetKasURL(h.platformEndpoint)
+	nanoTDFConfig.SetKasURL(h.platformEndpoint + kasUrlPath)
 	nanoTDFConfig.SetAttributes(values)
 
 	// TODO: validate values are FQNs or return an error [https://github.com/opentdf/platform/issues/515]

pkg/handlers/tdf.go

@@ -7,15 +7,15 @@ import (
 	"github.com/opentdf/platform/sdk"
 )
 
-func (h Handler) EncryptBytes(b []byte, values []string, mimeType string) (*bytes.Buffer, error) {
+func (h Handler) EncryptBytes(b []byte, values []string, mimeType string, kasUrlPath string) (*bytes.Buffer, error) {
 	var encrypted []byte
 	enc := bytes.NewBuffer(encrypted)
 
 	// TODO: validate values are FQNs or return an error [https://github.com/opentdf/platform/issues/515]
 	_, err := h.sdk.CreateTDF(enc, bytes.NewReader(b),
 		sdk.WithDataAttributes(values...),
 		sdk.WithKasInformation(sdk.KASInfo{
-			URL: h.platformEndpoint,
+			URL: h.platformEndpoint + kasUrlPath,
 		}),
 		sdk.WithMimeType(mimeType),
 	)