otdf-python 0.4.1__py3-none-any.whl → 0.4.3__py3-none-any.whl

otdf_python/sdk.py

@@ -37,6 +37,7 @@ class KAS(AbstractContextManager):
         token_source=None,
         sdk_ssl_verify=True,
         use_plaintext=False,
+        kas_allowlist=None,
     ):
         """Initialize the KAS client.
 
@@ -45,6 +46,7 @@ class KAS(AbstractContextManager):
             token_source: Function that returns an authentication token
             sdk_ssl_verify: Whether to verify SSL certificates
             use_plaintext: Whether to use plaintext HTTP connections instead of HTTPS
+            kas_allowlist: Optional KASAllowlist for URL validation
 
         """
         from .kas_client import KASClient
@@ -54,6 +56,7 @@ class KAS(AbstractContextManager):
             token_source=token_source,
             verify_ssl=sdk_ssl_verify,
             use_plaintext=use_plaintext,
+            kas_allowlist=kas_allowlist,
         )
         # Store the parameters for potential use
         self._sdk_ssl_verify = sdk_ssl_verify
@@ -134,7 +137,8 @@ class KAS(AbstractContextManager):
 
     def close(self):
         """Close resources associated with KAS interface."""
-        pass
+        if self._kas_client:
+            self._kas_client.close()
 
     def __exit__(self, exc_type, exc_val, exc_tb):
         self.close()
@@ -219,7 +223,6 @@ class SDK(AbstractContextManager):
 
         def close(self):
             """Close resources associated with the services."""
-            pass
 
         def __exit__(self, exc_type, exc_val, exc_tb):
             self.close()
@@ -377,23 +380,15 @@ class SDK(AbstractContextManager):
     class SplitKeyException(SDKException):
         """Throw when SDK encounters error related to split key operations."""
 
-        pass
-
     class DataSizeNotSupported(SDKException):
         """Throw when user attempts to create TDF larger than maximum size."""
 
-        pass
-
     class KasInfoMissing(SDKException):
         """Throw during TDF creation when no KAS information is present."""
 
-        pass
-
     class KasPublicKeyMissing(SDKException):
         """Throw during encryption when SDK cannot retrieve public key for KAS."""
 
-        pass
-
     class TamperException(SDKException):
         """Base class for exceptions related to signature mismatches."""
 
@@ -407,17 +402,38 @@ class SDK(AbstractContextManager):
     class SegmentSignatureMismatch(TamperException):
         """Throw when segment signature does not match expected value."""
 
-        pass
-
     class KasBadRequestException(SDKException):
         """Throw when KAS returns bad request response."""
 
-        pass
-
     class KasAllowlistException(SDKException):
         """Throw when KAS allowlist check fails."""
 
-        pass
+        def __init__(
+            self,
+            url: str,
+            allowed_origins: set[str] | None = None,
+            message: str | None = None,
+        ):
+            """Initialize exception.
+
+            Args:
+                url: The KAS URL that was rejected
+                allowed_origins: Set of allowed origin URLs
+                message: Optional custom message (auto-generated if not provided)
+
+            """
+            self.url = url
+            self.allowed_origins = allowed_origins or set()
+            if message is None:
+                origins_str = (
+                    ", ".join(sorted(self.allowed_origins))
+                    if self.allowed_origins
+                    else "none"
+                )
+                message = (
+                    f"KAS URL not in allowlist: {url}. Allowed origins: {origins_str}"
+                )
+            super().__init__(message)
 
     class AssertionException(SDKException):
         """Throw when an assertion validation fails."""

otdf_python/sdk_builder.py

@@ -10,6 +10,7 @@ from pathlib import Path
 
 import httpx
 
+from otdf_python.kas_allowlist import KASAllowlist
 from otdf_python.sdk import KAS, SDK
 from otdf_python.sdk_exceptions import AutoConfigureException
 
@@ -47,6 +48,8 @@ class SDKBuilder:
         self.ssl_context: ssl.SSLContext | None = None
         self.auth_token: str | None = None
         self.cert_paths: list[str] = []
+        self._kas_allowlist_urls: list[str] | None = None
+        self._ignore_kas_allowlist: bool = False
 
     @staticmethod
     def new_builder() -> "SDKBuilder":
@@ -120,9 +123,7 @@ class SDKBuilder:
 
         """
         # Normalize the endpoint URL
-        if endpoint and not (
-            endpoint.startswith("http://") or endpoint.startswith("https://")
-        ):
+        if endpoint and not (endpoint.startswith(("http://", "https://"))):
             if self.use_plaintext:
                 endpoint = f"http://{endpoint}"
             else:
@@ -143,9 +144,7 @@ class SDKBuilder:
 
         """
         # Normalize the issuer URL
-        if issuer and not (
-            issuer.startswith("http://") or issuer.startswith("https://")
-        ):
+        if issuer and not (issuer.startswith(("http://", "https://"))):
             issuer = f"https://{issuer}"
 
         self.issuer_endpoint = issuer
@@ -205,6 +204,54 @@ class SDKBuilder:
         self.auth_token = token
         return self
 
+    def with_kas_allowlist(self, urls: list[str]) -> "SDKBuilder":
+        """Set the KAS allowlist to restrict which KAS servers the SDK will contact.
+
+        This provides protection against SSRF attacks where malicious TDF files
+        could contain attacker-controlled KAS URLs to steal OIDC credentials.
+
+        By default (if no allowlist is set), only the platform's KAS endpoint
+        is allowed.
+
+        Args:
+            urls: List of trusted KAS URLs. Each URL is normalized to its
+                origin (scheme://host:port) for comparison.
+
+        Returns:
+            self: The builder instance for chaining
+
+        Example:
+            builder.with_kas_allowlist([
+                "https://kas.example.com",
+                "https://kas2.example.com:8443"
+            ])
+
+        """
+        self._kas_allowlist_urls = urls
+        return self
+
+    def with_ignore_kas_allowlist(self, ignore: bool = True) -> "SDKBuilder":
+        """Configure whether to skip KAS allowlist validation.
+
+        WARNING: This is insecure and should only be used for testing or
+        development. When enabled, the SDK will contact any KAS URL found
+        in TDF files, potentially leaking credentials to malicious servers.
+
+        Args:
+            ignore: Whether to ignore the KAS allowlist (default: True)
+
+        Returns:
+            self: The builder instance for chaining
+
+        """
+        self._ignore_kas_allowlist = ignore
+        if ignore:
+            logger.warning(
+                "KAS allowlist validation is disabled. This is insecure and "
+                "should only be used for testing."
+            )
+        return self
+
     def _discover_token_endpoint_from_platform(self) -> None:
         """Discover token endpoint using OpenTDF platform configuration.
 
@@ -360,6 +407,34 @@ class SDKBuilder:
                 f"Error during token acquisition: {e!s}"
             ) from e
 
+    def _create_kas_allowlist(self) -> KASAllowlist | None:
+        """Create the KAS allowlist based on builder configuration.
+
+        Returns:
+            KASAllowlist configured based on builder settings, or None if
+            allowlist validation is disabled.
+
+        """
+        # If ignoring allowlist, return an allow-all instance
+        if self._ignore_kas_allowlist:
+            return KASAllowlist(allow_all=True)
+
+        # If explicit allowlist provided, use it
+        if self._kas_allowlist_urls:
+            allowlist = KASAllowlist(self._kas_allowlist_urls)
+            # Also add the platform URL for convenience
+            if self.platform_endpoint:
+                allowlist.add(self.platform_endpoint)
+                allowlist.add(self.platform_endpoint.rstrip("/") + "/kas")
+            return allowlist
+
+        # Default: create allowlist from platform URL only
+        if self.platform_endpoint:
+            return KASAllowlist.from_platform_url(self.platform_endpoint)
+
+        # No platform endpoint set yet - return None and let SDK handle it
+        return None
+
     def _create_services(self) -> SDK.Services:
         """Create service client instances.
 
@@ -375,11 +450,15 @@ class SDKBuilder:
 
         ssl_verify = not self.insecure_skip_verify
 
+        # Create the KAS allowlist
+        kas_allowlist = self._create_kas_allowlist()
+
         class ServicesImpl(SDK.Services):
-            def __init__(self, builder_instance):
+            def __init__(self, builder_instance, allowlist: KASAllowlist | None):
                 self.closed = False
                 self._ssl_verify = ssl_verify
                 self._builder = builder_instance
+                self._kas_allowlist = allowlist
 
             def kas(self) -> KAS:
                 """Return the KAS interface with SSL verification settings."""
@@ -398,6 +477,7 @@ class SDKBuilder:
                     token_source=token_source,
                     sdk_ssl_verify=self._ssl_verify,
                     use_plaintext=self._builder.use_plaintext,
+                    kas_allowlist=self._kas_allowlist,
                 )
                 return kas_impl
 
@@ -407,7 +487,7 @@ class SDKBuilder:
             def __exit__(self, exc_type, exc_val, exc_tb):
                 self.close()
 
-        return ServicesImpl(self)
+        return ServicesImpl(self, kas_allowlist)
 
     def build(self) -> SDK:
         """Build and return an SDK instance with configured properties.

otdf_python/tdf.py

@@ -183,8 +183,8 @@ class TDF:
         if isinstance(obj, PolicyBody):
             # Convert data_attributes to dataAttributes and use null instead of empty array
             result = {
-                "dataAttributes": obj.data_attributes if obj.data_attributes else None,
-                "dissem": obj.dissem if obj.dissem else None,
+                "dataAttributes": obj.data_attributes or None,
+                "dissem": obj.dissem or None,
             }
             return result
         elif isinstance(obj, AttributeObject):

{otdf_python-0.4.1.dist-info → otdf_python-0.4.3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: otdf-python
-Version: 0.4.1
+Version: 0.4.3
 Summary: Unofficial OpenTDF SDK for Python
 Project-URL: Homepage, https://github.com/b-long/opentdf-python-sdk
 Project-URL: Repository, https://github.com/b-long/opentdf-python-sdk
@@ -22,13 +22,14 @@ Classifier: Topic :: Security :: Cryptography
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
 Classifier: Typing :: Typed
 Requires-Python: >=3.10
-Requires-Dist: connect-python[compiler]<0.5,>=0.4.2
+Requires-Dist: connect-python<0.7,>=0.6.0
 Requires-Dist: cryptography>=45.0.4
 Requires-Dist: grpcio-status>=1.74.0
 Requires-Dist: grpcio-tools>=1.74.0
 Requires-Dist: grpcio>=1.74.0
 Requires-Dist: httpx>=0.28.1
 Requires-Dist: protobuf>=6.31.1
+Requires-Dist: protoc-gen-connect-python<0.7,>=0.6.0
 Requires-Dist: protoc-gen-openapiv2>=0.0.1
 Requires-Dist: pyjwt>=2.10.1
 Requires-Dist: typing-extensions>=4.14.1

{otdf_python-0.4.1.dist-info → otdf_python-0.4.3.dist-info}/RECORD

@@ -5,9 +5,9 @@ otdf_python/aesgcm.py,sha256=jQgVSEeKM6MJuH2tvlClXIzvg11a5O_GEY9Sh56CrxE,1947
 otdf_python/assertion_config.py,sha256=rw0SIB3xG-nAeb5r_liuxLphU4tcj-zlq8rVvXncX-Y,2317
 otdf_python/asym_crypto.py,sha256=EYkMNhZJP5khH0IvICTOG2bMg_TMvd6wXDu5zW0jpj4,7234
 otdf_python/auth_headers.py,sha256=uOLflFunBCw59nwk23rdiFQWOFrS19HugQXuQPGv3xE,986
-otdf_python/autoconfigure_utils.py,sha256=ShmqQrz_Fx8NrJwcSU1LhNOvIaYRlVo5F5jOikoGR98,3699
-otdf_python/cli.py,sha256=HKIzuIXIW2sBwW3jy9sGq8WVFlxlKrdKac9MjJig88Y,19940
-otdf_python/collection_store.py,sha256=elUkxIZ3SxR7Ny6pAoaYRYwkF0lzF_A21WKPpQCCGvE,1442
+otdf_python/autoconfigure_utils.py,sha256=W5aJ0tC7HWfGb_1Mva_oxgduUzSpPoyDeaq0rPwgPAs,3689
+otdf_python/cli.py,sha256=icooiGgRh8H1IlP-_iO7paLB60IXUSaSacODABeqrS4,21165
+otdf_python/collection_store.py,sha256=sYL6VMFDBfHfCCLk14iybeC_qoUlpJFB0wOMt1bdwpY,1429
 otdf_python/collection_store_impl.py,sha256=3RqO3rvDCosajKpuls5DiO2_SWYsNQul9_9L7n-lQ68,758
 otdf_python/config.py,sha256=l1Ykg1gFUrFZTnd6bwMI6oi_clR5uCZ_Y1qH7QKtW90,2523
 otdf_python/connect_client.py,sha256=TpHpcU2t19pSqWn30cqzfM48nDG590BfNTlDPgUu054,45
@@ -16,61 +16,62 @@ otdf_python/crypto_utils.py,sha256=x0cEltQDVW8bxJ9L555KQKJU4_dI5Uw2h7j9oQGNT38,2
 otdf_python/dpop.py,sha256=-76xjKz9Alf529StB_jQWhr-gCAOBkpssaSYQw2EH1A,2295
 otdf_python/ecc_constants.py,sha256=rCVZCWZ9zhyq2sqnUGFadiZ1CwXXe5T9olDtFYCJCIs,5846
 otdf_python/ecc_mode.py,sha256=aEAISAZpXcS72gXRUlYgH8n8EJP7zIpOeSVPxUJdAG8,3163
-otdf_python/ecdh.py,sha256=ut_WC2DMSOqlzyoIq8nWD8L51BGLiqzQPZB7FnrN2h8,10231
+otdf_python/ecdh.py,sha256=fwxE80qFSIkfJeUz3GNhEndRKkZrBN06FE1gnvwUHHI,10201
 otdf_python/eckeypair.py,sha256=qcPKv0OS1lYxRICj9dhAW_eMz32anFBtpI8EJfXxpX0,2470
 otdf_python/header.py,sha256=peG14kE_KAUCW4fY82sqcWF5zTAVAnJfFXCHtC8Z0iQ,7189
 otdf_python/invalid_zip_exception.py,sha256=M_bAiXEjJdxPfA178YH-uHGRwMrNBKzjQzlQ54aDP2w,292
-otdf_python/kas_client.py,sha256=dC0A23-dWU0S7vy2-VVp55RYFX9xdX0Seerd3M-CBek,25961
-otdf_python/kas_connect_rpc_client.py,sha256=2orgU6HPqAykELc0YR7K8XkCEBZ9japZm4W-Eb8_jCg,7817
+otdf_python/kas_allowlist.py,sha256=0yX3J9J1od_ew0sp3pX6kfav39pTz7aBBpMnVkE5T7s,5884
+otdf_python/kas_client.py,sha256=N5mQubRUrnJCtSxTiiyjf7DEfsg2wVZ02xufuZBH_b0,27532
+otdf_python/kas_connect_rpc_client.py,sha256=cB3cBomCClmu-InUpw8R35cLyJQ8X0PoEsFvYSH0RUM,8950
 otdf_python/kas_info.py,sha256=V-5om8k4RKbhE0h1CS1Rxb18TYcHKvq_hEPP6ah8K_o,738
 otdf_python/kas_key_cache.py,sha256=6hfzRAg9o_IfRErWSe-_gGTG9kRyYENMizMY1Shkmfk,1548
 otdf_python/key_type.py,sha256=2gQlXOj35J3ISCcWjU3sGYUxmlZR47BMq6Xr2yoKA8k,928
 otdf_python/key_type_constants.py,sha256=MV2Dsea3A6nnnYztoD0N1QxhrbQXZfaXaqCr2rI6sqo,954
 otdf_python/manifest.py,sha256=aglGw9EdtZZIxmwqy82sV5wum_mKkjzew4brSgxmJjc,7047
-otdf_python/nanotdf.py,sha256=-tgt-78V7XOm8pPGgBIf1kHRn_Ctm9dudf3UZsT1AsU,34073
-otdf_python/nanotdf_ecdsa_struct.py,sha256=HI7Ca15opfRvQkk7Ja-Xw5Jkrs8Ml5OJsw4zsh2T5fc,4076
-otdf_python/nanotdf_type.py,sha256=pJXcDTc0nqOYAcFU06iy2w_rCbRKmSdsrbOaBbS6C_Q,1112
+otdf_python/nanotdf.py,sha256=y1mLktlZ-mRCup2vzGY4ZbFeNEhWpCYLOZYjzTSPEtc,33921
+otdf_python/nanotdf_ecdsa_struct.py,sha256=jTQKFAicTfMfN9CxJZYQcnEYGmtfAQoDOhz8ta-pGAQ,4066
+otdf_python/nanotdf_type.py,sha256=3MQzT6lJ3WJKMICFyyYZXX2_cFYcZ5G4m1uif-l9Nxo,1112
 otdf_python/policy_binding_serializer.py,sha256=oOcGBYOISPTzHRtk8JszwLTraY_F2OoevOf0a53jGHA,1271
 otdf_python/policy_info.py,sha256=aq74dZg9PhTZ6cMkZyFsu3D754C5YijFMiuoYEL-1bY,2076
 otdf_python/policy_object.py,sha256=LikIsahPkKr-iYA0lhgQitCbh8CsmxUBYyBs6VYfmxY,512
 otdf_python/policy_stub.py,sha256=RfU_fICqsAOnTXOHpKhtKC0RJ3KoWhDxO0XecZWM548,159
 otdf_python/resource_locator.py,sha256=bjK935XcfNq-PyqidHNq8eIiPeZEStYdQvmQ9B9GY20,6290
-otdf_python/sdk.py,sha256=bo6ACCds5ELppIcnKOvasP8Swl1Y7hiLNVuIEu9S7Eg,14074
-otdf_python/sdk_builder.py,sha256=cmeBcgE76jCG7aN4qbn3dYuVdNF6kbJi9xY7jnuD26k,14581
+otdf_python/sdk.py,sha256=-3Zuyfvf8ZM6iqxFpFDRAxCSfe35r6-TIuOOGUbPNPM,15058
+otdf_python/sdk_builder.py,sha256=xTPoBjB3eGwoWjfSgiPmiNnEZJ8g-LUQVZDmo7BM9cY,17649
 otdf_python/sdk_exceptions.py,sha256=2GElGyM5LKN8Uh_lAiT6Ho4oNRWYRQsMNOK5s2jiv28,687
 otdf_python/symmetric_and_payload_config.py,sha256=iPHeZSeY9BjsQ-wkvdm6-FIR7773EgGiaIvSG-ICOHw,1158
-otdf_python/tdf.py,sha256=PtVBY_vAPIGz1I4gUlHPLPxa1gCCsd2nlRm0SrbaoJA,20840
+otdf_python/tdf.py,sha256=lqaSSGfd-nzlmjpYoXa6ZLihZIJA170dwodKt_iRko8,20799
 otdf_python/tdf_reader.py,sha256=WMetzX4CIKJ15f4J_zyFGtObQO6bQ33KC_ykIonH9ik,5228
 otdf_python/tdf_writer.py,sha256=FLm1P26J4p6WPyKsjOb7QLYJqDIMDsBONqBW_JuFxyw,798
 otdf_python/token_source.py,sha256=YHbP7deSSXo1CvzVGJX7DkOuBgqwfP_Ockm8CE-MN0o,1011
 otdf_python/version.py,sha256=uDKJKsSQoaEH-JlqAwiXDxceLRX9hkG4I3NVLEfDCHA,2025
 otdf_python/zip_reader.py,sha256=qrHv-ecs09tz99ZKdOMiWaciYf2XsQOUTiXy1JHjuEY,1705
 otdf_python/zip_writer.py,sha256=5-KChgEXCf4TKAAML-R8cqpAiap85ur1l2lJCCac6BE,2405
-otdf_python_proto/__init__.py,sha256=2MVQMcsELGYF8NyXU8OFFQdXM1_WTKpdA9MUqiMazE8,931
-otdf_python_proto/authorization/__init__.py,sha256=hDpCNPxPswsfkcrCiv3Y78nqAQ_FxE9uDrYqeIqKipg,42
+otdf_python_proto/__init__.py,sha256=nZXR7jFOxpw52PahIE5PzTm5xEmH01xphIq5PTH_Qhc,925
+otdf_python_proto/authorization/__init__.py,sha256=PQ8pNK86JNhOg7rcvbOQzAx5nm0hdjQqj-xIwDD4izY,237
+otdf_python_proto/authorization/authorization_connect.py,sha256=Z4Xnz39cc9Dp74HBWc4uM-3aKRdSD0fcBoz2OCNbppw,12287
 otdf_python_proto/authorization/authorization_pb2.py,sha256=VxRCF1popd01Po0uC-H3Uz85Z6y39ICuzwjFuRWkDoE,9085
 otdf_python_proto/authorization/authorization_pb2.pyi,sha256=43mV-jbbgxjvzuKkJE-tcLg4JrqtqoQwB5WT9k4j3Ew,8927
-otdf_python_proto/authorization/authorization_pb2_connect.py,sha256=PrbEg9mUSMA6Bwh5pCtwkIHEQ-phcd1vW0uIizBwqis,10162
+otdf_python_proto/authorization/v2/authorization_connect.py,sha256=K5yRvu3JfA9ljtbTsXJ3KMx9GAUypLpqiI8IPPgiIZs,16310
 otdf_python_proto/authorization/v2/authorization_pb2.py,sha256=pz5GE1cBmcyWHCG3ba46_We-ywY7dx2oxZwHgvtJJtA,12998
 otdf_python_proto/authorization/v2/authorization_pb2.pyi,sha256=0azk9XIOxBU5u0b8_PnHnfaGM13tQPBgN4i42oRSI2Q,7497
-otdf_python_proto/authorization/v2/authorization_pb2_connect.py,sha256=UdsbFiFW2_yDIKsUlhgM4mUWzZaZ8J8rfxqVwWFjMYY,13129
 otdf_python_proto/common/__init__.py,sha256=cJlVANj7I0xoLUerst-2su60AFtywyrFHPOIKIzS65Q,35
 otdf_python_proto/common/common_pb2.py,sha256=F2Ap8Lf-LJGnk_-BsrAfoidYtkkTsc24OvZgikBigDs,3599
 otdf_python_proto/common/common_pb2.pyi,sha256=iitFFATcqvxfhdgAGlPFmYeyHeLSyBKKzvSNgm8kioM,2860
 otdf_python_proto/entity/__init__.py,sha256=Q5bx_n1hD8DQR8f78iflJzw90RJZLeIj--Q6YaHqJ_4,35
 otdf_python_proto/entity/entity_pb2.py,sha256=LpdkNpqn-L808SfYI6JWATfmud_9oYRpHbnX02qXQB8,3178
 otdf_python_proto/entity/entity_pb2.pyi,sha256=vkQau-BYeQvGV_Sr0YqqPDgiLuecErOey_Dn0zpHTN4,2423
-otdf_python_proto/entityresolution/__init__.py,sha256=YAlVbWPddWxz9U5ldGLwFxs1VvvM9x7c8_JalKwXa4U,45
+otdf_python_proto/entityresolution/__init__.py,sha256=ehWfHEQ42uXht7gxRIr4jlwGq-OcYZUDLqwyhDo9-oI,228
+otdf_python_proto/entityresolution/entity_resolution_connect.py,sha256=XniXuD9UVp44ZNt8DE7DEp4Y75sYjLYFvpikzN8uavU,9547
 otdf_python_proto/entityresolution/entity_resolution_pb2.py,sha256=XrPNnZ7GvHE0w0iHharpSte30l_DjhDlNE__mJigWTg,5032
 otdf_python_proto/entityresolution/entity_resolution_pb2.pyi,sha256=Yn8snkOsfkYPb4CngTMJcTe75RdOJUT_Yo4rk-mMTaM,3001
-otdf_python_proto/entityresolution/entity_resolution_pb2_connect.py,sha256=7NFAV7cx27R8b__2eM0MAiwPaT8E3TEmm-QrhauW3nE,7972
+otdf_python_proto/entityresolution/v2/entity_resolution_connect.py,sha256=VCu9jytqWuF__a08LX5iIo_kFbJEbXfkYsuAu_xoaik,9948
 otdf_python_proto/entityresolution/v2/entity_resolution_pb2.py,sha256=G_CHQ76xCYAV6hfY1-tbncOCu7FqtdLH2FzOwO0vlvM,4680
 otdf_python_proto/entityresolution/v2/entity_resolution_pb2.pyi,sha256=wRcDT1bcKvyjMgPi8-MrQYLUDEaWjy2MY0YbsxF3Gjo,2942
-otdf_python_proto/entityresolution/v2/entity_resolution_pb2_connect.py,sha256=mnj_IuaBr_AjAGtvIc4QZzcHgG2UuYFnbA7cEH-f8RQ,8178
-otdf_python_proto/kas/__init__.py,sha256=8gcnDu9Hr7l0iJa3tVUjZruOjnewelau1Vt124Ln1n4,226
+otdf_python_proto/kas/__init__.py,sha256=k72BA06RTfm0yGAL-H6dDkQFBUiZJXT3RHnIQIRpwhs,220
+otdf_python_proto/kas/kas_connect.py,sha256=aBPlxHUcB_XAPgLi4ElXyrefdnrrrYKFb_PbDw9Yg_w,10860
 otdf_python_proto/kas/kas_pb2.py,sha256=FuWeaQYjICzKFmovm1sqdAPCcDn-tariNUs4CHHNUV8,11431
 otdf_python_proto/kas/kas_pb2.pyi,sha256=w-S-AoFOZn3jn39iLyLFW4Sw4bKxr0GA8OSVF-SnR-s,8594
-otdf_python_proto/kas/kas_pb2_connect.py,sha256=kFOs0mwynx-lutAqNp5m3HvEQyVCCAjHtj4JcJ8Q-Yo,8664
 otdf_python_proto/legacy_grpc/__init__.py,sha256=zpWWFl-aIfDdJqBnMFk6lDSzsKfZ4pjkp2LYxGE1S9c,40
 otdf_python_proto/legacy_grpc/authorization/authorization_pb2_grpc.py,sha256=Xn_jbL7EyOKolHp_0wxOqN3Eqm0eWjb4meB6X8xJPM0,6922
 otdf_python_proto/legacy_grpc/authorization/v2/authorization_pb2_grpc.py,sha256=i6SlVNT3uRfKr11hIZGGwPmmCZag-28kUzJjj8h_Zy0,9109
@@ -100,38 +101,47 @@ otdf_python_proto/policy/objects_pb2.py,sha256=4izyxIYyD_9q6Bj3hff5cfjgvYIGW6ewZ
 otdf_python_proto/policy/objects_pb2.pyi,sha256=nuK89_2Z1R6I1xE0EokL2lUdEIEuzVFne0IqykpC7uI,24523
 otdf_python_proto/policy/selectors_pb2.py,sha256=uqgIS0DtfOYDqzJ6WNq9D9aLa-RnTpN9a5o7YGMF7xM,5301
 otdf_python_proto/policy/selectors_pb2.pyi,sha256=FdC8ZLkgBBspwdjA1JlaeSgPo3R2qUIDws-9vNRXAUs,5162
+otdf_python_proto/policy/actions/__init__.py,sha256=GPRrOk6_i6Jgj9PrWX8tCdqYoVKdJJp7ucu1XtY3iFU,208
+otdf_python_proto/policy/actions/actions_connect.py,sha256=jdmPjw8LdyaEACeHVsU075FUqV39vmGs8tIxF151Uj8,18087
 otdf_python_proto/policy/actions/actions_pb2.py,sha256=QRcrBnuu1iDWjVQLl0dWHCwuOwnLguzn4w9f2201xjM,8858
 otdf_python_proto/policy/actions/actions_pb2.pyi,sha256=ZBgv2xtG4PW7vXUJkzbfvMPaKUmztVw6_FG5iN0Ph-I,4298
-otdf_python_proto/policy/actions/actions_pb2_connect.py,sha256=u6M1o9T8lWtkLSp2sMG7mQwxNPMixK2VxZ3IVVyfAAM,14472
+otdf_python_proto/policy/attributes/__init__.py,sha256=3lHYfbXDGAuuhfSwb1YJfVJJWPvTtcoshyhLOi_hIr0,226
+otdf_python_proto/policy/attributes/attributes_connect.py,sha256=r-_r5pqiFr_CCQ05UnzbEcYld2KOY4nY5q0s2cYxnp4,72451
 otdf_python_proto/policy/attributes/attributes_pb2.py,sha256=wnK1qsuOVOePneFfDGtBDxiyvP9S8XA48mMTexybYBE,33029
 otdf_python_proto/policy/attributes/attributes_pb2.pyi,sha256=lpxvoxiRhSn1LEupx1fOcBc6pOdWcrTXAx_boHvGFZY,16259
-otdf_python_proto/policy/attributes/attributes_pb2_connect.py,sha256=M57-dw9vfiDJuwmCxLHlZhBxrXXPULbyyiopykh_xkU,56796
+otdf_python_proto/policy/kasregistry/__init__.py,sha256=zj_8G65KIhOSiOeMkyMEZFomWYkfD9E5aWASgwV4n3M,295
+otdf_python_proto/policy/kasregistry/key_access_server_registry_connect.py,sha256=L5r5ZAMnM8gfEdPXZiQ61MrCxtlzvpaxjJGZj5MsEQk,52727
 otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.py,sha256=5RRqC6MsfBM9TEmPedRZYKMjdVWptMXXTUolUU4FPXI,45921
 otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2.pyi,sha256=hpIgoFXZtY6HsjfHPi_Ybxm0CddK_AYy8YTlfdzR1Jk,24030
-otdf_python_proto/policy/kasregistry/key_access_server_registry_pb2_connect.py,sha256=R2hkmB9X_Utg3C5fIWSGcTYZB9X3dJVy8gGaxkq6RFE,40328
+otdf_python_proto/policy/keymanagement/__init__.py,sha256=baBSBdjBbaErAIjjn0GxUPfYYRq7R4MfsrvpK02uews,245
+otdf_python_proto/policy/keymanagement/key_management_connect.py,sha256=-e1fc4S3-xJ_Tdy9T0JMMTXIFhMeN7qx0sls-gMUjeM,20883
 otdf_python_proto/policy/keymanagement/key_management_pb2.py,sha256=MVAJKkR_B2nqN9jqWg7JLWByKFFfoi4unj1hbToByCE,8129
 otdf_python_proto/policy/keymanagement/key_management_pb2.pyi,sha256=9HoPHqEKIO8jhx9TpkwFJWSHiInpkq04LiNPUCYeDU4,4381
-otdf_python_proto/policy/keymanagement/key_management_pb2_connect.py,sha256=_ghDKFEFCaofp2j4U9mQ8RgizFHAN2XSJQsSHRBH_Zg,16662
+otdf_python_proto/policy/namespaces/__init__.py,sha256=JIdic8yq55x9BrQzaJtgEp3J7AcnOZ1c0eiTXd2iDpw,222
+otdf_python_proto/policy/namespaces/namespaces_connect.py,sha256=gJmN8r8bCDX9KTyEJc7X5RnvgxPiANfRvTTFNom06wk,35163
 otdf_python_proto/policy/namespaces/namespaces_pb2.py,sha256=NTdUbii-WF0VNiVvM29ZmAni7W4dgmNkOGq2ytP31pk,15222
 otdf_python_proto/policy/namespaces/namespaces_pb2.pyi,sha256=plOpaSBszfi7p71XKZvTg1e1nJUhvoz1wrcYDX9cByQ,7148
-otdf_python_proto/policy/namespaces/namespaces_pb2_connect.py,sha256=mXn8N0hmguejlkbL-IwwSYl-nXGdrfGPLQ0XMEKCXLM,27828
+otdf_python_proto/policy/registeredresources/__init__.py,sha256=U6A5CRMFUhwjxOdxaRpgfIBx9bJZ7KcnBNKPQouSaeI,281
+otdf_python_proto/policy/registeredresources/registered_resources_connect.py,sha256=FVJPkbH7vO_oUiJRW6qW2nkJhmomO_9YQ1yDCEYYhQ8,48569
 otdf_python_proto/policy/registeredresources/registered_resources_pb2.py,sha256=5pb4vm0SEOG-U8FORKa9Z1Fe2tbgcWEEJworZE_LS00,23112
 otdf_python_proto/policy/registeredresources/registered_resources_pb2.pyi,sha256=MsFkcXQbdvu7JQGeS-HYFHB7V3yWtpAPEmhoARjDvMI,10132
-otdf_python_proto/policy/registeredresources/registered_resources_pb2_connect.py,sha256=KI17dRxTVL71j_qHlwEs1MZPVtayt-Ay5xwZgfmizq0,38350
+otdf_python_proto/policy/resourcemapping/__init__.py,sha256=9_It9dJRLAOIf1y9n3LxEQa7-WI51B_E3OfhKBNuFw4,257
+otdf_python_proto/policy/resourcemapping/resource_mapping_connect.py,sha256=RdhIMj6FLUxFNsCL2edVJRRJPefEe9enkWpsU2Y9djo,46405
 otdf_python_proto/policy/resourcemapping/resource_mapping_pb2.py,sha256=vnMJu2jEr3NHH5aUx5hquQAyHlUwtgh2lL9YdXil2bs,21745
 otdf_python_proto/policy/resourcemapping/resource_mapping_pb2.pyi,sha256=B4I6nj1bHNI8VZImfuBeXJ6S_-tovN0DbwfncTujUw4,10380
-otdf_python_proto/policy/resourcemapping/resource_mapping_pb2_connect.py,sha256=wuqKoDgpdGr0mo_JQ_MO2vshdXLDKVs1x_-9Ou4SchU,36062
+otdf_python_proto/policy/subjectmapping/__init__.py,sha256=Cyaic3XmuOOqIWOVO31JJvafc-YQMoLCcohzoeZU6Yc,251
+otdf_python_proto/policy/subjectmapping/subject_mapping_connect.py,sha256=lMcaLSAs_N6245as4-Wdp746LyjKwldeDdD_QQiwr_Q,49436
 otdf_python_proto/policy/subjectmapping/subject_mapping_pb2.py,sha256=iNZp_sHDLXtSUdMNayWHJyZl0050Ag5v-naq0r2FmUM,18093
 otdf_python_proto/policy/subjectmapping/subject_mapping_pb2.pyi,sha256=kPkRm8xw3KiEu9LiUmKCbouHVryeEFWyk19Eo6L6rus,10903
-otdf_python_proto/policy/subjectmapping/subject_mapping_pb2_connect.py,sha256=tn9Ib6TPWoYKQ7B-RKL2cliSPAC6DYLatXO6Ao2Ys7I,38548
+otdf_python_proto/policy/unsafe/__init__.py,sha256=1TYTtYZyHxNQ2HaMCONHJ1U9dZDp3ZoZv19wZ78NhBI,202
+otdf_python_proto/policy/unsafe/unsafe_connect.py,sha256=f-WA7NClXBfxs9wkdSVKUf7LwvK5WfDGkNsqboZ2k2g,37202
 otdf_python_proto/policy/unsafe/unsafe_pb2.py,sha256=j8J3FGM6nL6VDJvZUdrq6MAQ0GvHCDRH1q3-Djw5NfE,14936
 otdf_python_proto/policy/unsafe/unsafe_pb2.pyi,sha256=Pu72GtZTZWdD_L9SqqyeV8SQu9VXdVEEAGECrzHFmWs,5879
-otdf_python_proto/policy/unsafe/unsafe_pb2_connect.py,sha256=OqKigFTTVPKQkL4TOMLqnEUKBc2zUp8qSSOk2TKP6U8,29839
-otdf_python_proto/wellknownconfiguration/__init__.py,sha256=X3GeZJ1mG_N1MViryjkqUU099f2qzR6bnoDQXGWhKpc,51
+otdf_python_proto/wellknownconfiguration/__init__.py,sha256=xK8XUrwCL9elWuMTx6vVgWdWdcACugoF0b5OYsFclj4,240
+otdf_python_proto/wellknownconfiguration/wellknown_configuration_connect.py,sha256=fVQfo4OsTK8e63ytmiGyMe1AxgirktNqI_O3rQ6o6Nc,6342
 otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2.py,sha256=g9xSm9TxX0IPMqiFCaridJvI2TrL8PrXVFPgu8tX9VM,3863
 otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2.pyi,sha256=Zw4vROvTgomnFqsalJrYda632ojXH0FVXSzTXxerybw,1490
-otdf_python_proto/wellknownconfiguration/wellknown_configuration_pb2_connect.py,sha256=i9rGG2mgQZfk6xGCp1ywu4QqKWSiwpuLoNKGUwl43t8,5346
-otdf_python-0.4.1.dist-info/METADATA,sha256=uYTDX1sh7JDcDDoO0iwjs7srIxPVmOTTUyjSSP5UDcc,5132
-otdf_python-0.4.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-otdf_python-0.4.1.dist-info/licenses/LICENSE,sha256=DPrPHdI6tfZcqk9kzQ37vh1Ftk7LJYdMrUtwKl7L3Pw,1074
-otdf_python-0.4.1.dist-info/RECORD,,
+otdf_python-0.4.3.dist-info/METADATA,sha256=OCF50LC7pWodNWzwurJp5yWLBleo01O7g3p6QhRo5Ug,5175
+otdf_python-0.4.3.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+otdf_python-0.4.3.dist-info/licenses/LICENSE,sha256=DPrPHdI6tfZcqk9kzQ37vh1Ftk7LJYdMrUtwKl7L3Pw,1074
+otdf_python-0.4.3.dist-info/RECORD,,

otdf_python_proto/__init__.py

@@ -13,25 +13,21 @@ except metadata.PackageNotFoundError:
     __version__ = "0.0.0"
 
 # Import submodules to make them available
-from . import authorization
+# Note: authorization, entityresolution, wellknownconfiguration and policy subdirectories
+# are imported lazily to avoid import errors from generated protobuf files
 from . import common
 from . import entity
-from . import entityresolution
 from . import kas
 from . import legacy_grpc
 from . import logger
 from . import policy
-from . import wellknownconfiguration
 
 # Export main module categories
 __all__ = [
-    "authorization",
     "common",
     "entity",
-    "entityresolution",
     "kas",
     "legacy_grpc",
     "logger",
     "policy",
-    "wellknownconfiguration",
 ]

otdf_python_proto/authorization/__init__.py

@@ -1 +1,11 @@
 """authorization protobuf definitions."""
+
+from .authorization_connect import (
+    AuthorizationServiceClient,
+    AuthorizationServiceClientSync,
+)
+
+__all__ = [
+    "AuthorizationServiceClient",
+    "AuthorizationServiceClientSync",
+]