aws · mattsb42-aws · Apr 28, 2018 · Mar 28, 2018 · Mar 29, 2018
@@ -10,25 +10,21 @@
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
 # ANY KIND, either express or implied. See the License for the specific
 # language governing permissions and limitations under the License.
-""""""
+"""DynamoDB Encryption Client."""
+from dynamodb_encryption_sdk.encrypted.client import EncryptedClient
 from dynamodb_encryption_sdk.encrypted.item import (
     decrypt_dynamodb_item, decrypt_python_item,
     encrypt_dynamodb_item, encrypt_python_item
 )
-
-# encrypt_item
-# encrypt_raw_item
-# decrypt_item
-# decrypt_raw_item
-# EncryptedTable
-# EncryptedResource
-# EncryptedClient
+from dynamodb_encryption_sdk.encrypted.resource import EncryptedResource
+from dynamodb_encryption_sdk.encrypted.table import EncryptedTable
 
 # TableConfiguration
 # MaterialDescription
 # ItemConfiguration
 
 __all__ = (
     'decrypt_dynamodb_item', 'decrypt_python_item',
-    'encrypt_dynamodb_item', 'encrypt_python_item'
+    'encrypt_dynamodb_item', 'encrypt_python_item',
+    'EncryptedClient', 'EncryptedResource', 'EncryptedTable'
 )
@@ -13,18 +13,27 @@
 """Delegated keys."""
 import abc
 try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
-    from typing import Dict, Text  # pylint: disable=unused-import
+    from typing import Dict, Text  # noqa pylint: disable=unused-import
 except ImportError:  # pragma: no cover
     # We only actually need these imports when running the mypy checks
     pass
 
 import six
 
-from dynamodb_encryption_sdk.identifiers import EncryptionKeyTypes
+from dynamodb_encryption_sdk.identifiers import EncryptionKeyTypes  # noqa pylint: disable=unused-import
 
 __all__ = ('DelegatedKey',)
 
 
+def _raise_not_implemented(method_name):
+    """Raises a standardized ``NotImplementedError`` to report that the specified method
+    is not supported.
+
+    :raises NotImplementedError: when called
+    """
+    raise NotImplementedError('"{}" is not supported by this DelegatedKey'.format(method_name))
+
+
 @six.add_metaclass(abc.ABCMeta)
 class DelegatedKey(object):
     """Delegated keys are black boxes that encrypt, decrypt, sign, and verify data and wrap
@@ -33,6 +42,7 @@ class DelegatedKey(object):
     Unless overridden by a subclass, any method that a delegated key does not implement raises
     a ``NotImplementedError`` detailing this.
     """
+
     #: Most delegated keys should not be used with RawCryptographicMaterials.
     allowed_for_raw_materials = False
 
@@ -41,27 +51,22 @@ def algorithm(self):
         # type: () -> Text
         """Text description of algorithm used by this delegated key."""
 
-    def _raise_not_implemented(self, method_name):
-        """Raises a standardized ``NotImplementedError`` to report that the specified method
-        is not supported.
-
-        :raises NotImplementedError: when called
-        """
-        raise NotImplementedError('"{}" is not supported by this DelegatedKey'.format(method_name))
-
     @classmethod
     def generate(cls, algorithm, key_length):
+        # type: (Text, int) -> None
+        # pylint: disable=unused-argument,no-self-use
         """Generate an instance of this DelegatedKey using the specified algorithm and key length.
 
         :param str algorithm: Text description of algorithm to be used
         :param int key_length: Size of key to generate
         :returns: Generated delegated key
         :rtype: dynamodb_encryption_sdk.delegated_keys.DelegatedKey
         """
-        cls._raise_not_implemented('generate')
+        _raise_not_implemented('generate')
 
     def encrypt(self, algorithm, name, plaintext, additional_associated_data=None):
         # type: (Text, Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument,no-self-use
         """Encrypt data.
 
         :param str algorithm: Text description of algorithm to use to encrypt data
@@ -72,10 +77,11 @@ def encrypt(self, algorithm, name, plaintext, additional_associated_data=None):
         :returns: Encrypted ciphertext
         :rtype: bytes
         """
-        self._raise_not_implemented('encrypt')
+        _raise_not_implemented('encrypt')
 
     def decrypt(self, algorithm, name, ciphertext, additional_associated_data=None):
         # type: (Text, Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument,no-self-use
         """Encrypt data.
 
         :param str algorithm: Text description of algorithm to use to decrypt data
@@ -86,10 +92,11 @@ def decrypt(self, algorithm, name, ciphertext, additional_associated_data=None):
         :returns: Decrypted plaintext
         :rtype: bytes
         """
-        self._raise_not_implemented('decrypt')
+        _raise_not_implemented('decrypt')
 
     def wrap(self, algorithm, content_key, additional_associated_data=None):
         # type: (Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument,no-self-use
         """Wrap content key.
 
         :param str algorithm: Text description of algorithm to use to wrap key
@@ -99,10 +106,11 @@ def wrap(self, algorithm, content_key, additional_associated_data=None):
         :returns: Wrapped key
         :rtype: bytes
         """
-        self._raise_not_implemented('wrap')
+        _raise_not_implemented('wrap')
 
     def unwrap(self, algorithm, wrapped_key, wrapped_key_algorithm, wrapped_key_type, additional_associated_data=None):
         # type: (Text, bytes, Text, EncryptionKeyTypes, Dict[Text, Text]) -> DelegatedKey
+        # pylint: disable=unused-argument,no-self-use
         """Wrap content key.
 
         :param str algorithm: Text description of algorithm to use to unwrap key
@@ -115,31 +123,34 @@ def unwrap(self, algorithm, wrapped_key, wrapped_key_algorithm, wrapped_key_type
         :returns: Delegated key using unwrapped key
         :rtype: dynamodb_encryption_sdk.delegated_keys.DelegatedKey
         """
-        self._raise_not_implemented('unwrap')
+        _raise_not_implemented('unwrap')
 
     def sign(self, algorithm, data):
         # type: (Text, bytes) -> bytes
+        # pylint: disable=unused-argument,no-self-use
         """Sign data.
 
         :param str algorithm: Text description of algorithm to use to sign data
         :param bytes data: Data to sign
         :returns: Signature value
         :rtype: bytes
         """
-        self._raise_not_implemented('sign')
+        _raise_not_implemented('sign')
 
     def verify(self, algorithm, signature, data):
         # type: (Text, bytes, bytes) -> None
+        # pylint: disable=unused-argument,no-self-use
         """Sign data.
 
         :param str algorithm: Text description of algorithm to use to verify signature
         :param bytes signature: Signature to verify
         :param bytes data: Data over which to verify signature
         """
-        self._raise_not_implemented('verify')
+        _raise_not_implemented('verify')
 
     def signing_algorithm(self):
         # type: () -> Text
+        # pylint: disable=no-self-use
         """Provides a description that can inform an appropriate cryptographic materials
         provider about how to build a DelegatedKey for signature verification. If implemented,
         the return value of this method is included in the material description written to
@@ -148,4 +159,4 @@ def signing_algorithm(self):
         :returns: Signing algorithm identifier
         :rtype: str
         """
-        self._raise_not_implemented('signing_algorithm')
+        _raise_not_implemented('signing_algorithm')
@@ -20,10 +20,10 @@
 from cryptography.hazmat.primitives.asymmetric import rsa
 import six
 
-from . import DelegatedKey
 from dynamodb_encryption_sdk.exceptions import JceTransformationError, UnwrappingError
 from dynamodb_encryption_sdk.identifiers import EncryptionKeyTypes, KeyEncodingType, LOGGER_NAME
 from dynamodb_encryption_sdk.internal.crypto.jce_bridge import authentication, encryption, primitives
+from . import DelegatedKey
 
 __all__ = ('JceNameLocalDelegatedKey',)
 _LOGGER = logging.getLogger(LOGGER_NAME)
@@ -67,6 +67,7 @@ def _generate_rsa_key(key_length):
 
 @attr.s
 class JceNameLocalDelegatedKey(DelegatedKey):
+    # pylint: disable=too-many-instance-attributes
     """Delegated key that uses JCE StandardName algorithm values to determine behavior.
 
     :param bytes key: Raw key bytes
@@ -76,6 +77,7 @@ class JceNameLocalDelegatedKey(DelegatedKey):
     :param key_encoding: Identifies how the provided key is encoded
     :type key_encoding: dynamodb_encryption_sdk.identifiers.KeyEncodingTypes
     """
+
     key = attr.ib(validator=attr.validators.instance_of(bytes), repr=False)
     _algorithm = attr.ib(validator=attr.validators.instance_of(six.string_types))
     _key_type = attr.ib(validator=attr.validators.instance_of(EncryptionKeyTypes))
@@ -116,7 +118,11 @@ def __attrs_post_init__(self):
         except KeyError:
             pass
         else:
-            self.__key = key_transformer.load_key(self.key, self._key_type, self._key_encoding)
+            self.__key = key_transformer.load_key(  # attrs confuses pylint: disable=attribute-defined-outside-init
+                self.key,
+                self._key_type,
+                self._key_encoding
+            )
             self._enable_encryption()
             self._enable_wrap()
             return
@@ -129,7 +135,11 @@ def __attrs_post_init__(self):
         except KeyError:
             pass
         else:
-            self.__key = key_transformer.load_key(self.key, self._key_type, self._key_encoding)
+            self.__key = key_transformer.load_key(  # attrs confuses pylint: disable=attribute-defined-outside-init
+                self.key,
+                self._key_type,
+                self._key_encoding
+            )
             self._enable_authentication()
             return
 
@@ -172,6 +182,7 @@ def allowed_for_raw_materials(self):
 
     def _encrypt(self, algorithm, name, plaintext, additional_associated_data=None):
         # type: (Text, Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument
         """
         Encrypt data.
 
@@ -189,6 +200,7 @@ def _encrypt(self, algorithm, name, plaintext, additional_associated_data=None):
 
     def _decrypt(self, algorithm, name, ciphertext, additional_associated_data=None):
         # type: (Text, Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument
         """Encrypt data.
 
         :param str algorithm: Java StandardName transformation string of algorithm to use to decrypt data
@@ -204,6 +216,7 @@ def _decrypt(self, algorithm, name, ciphertext, additional_associated_data=None)
 
     def _wrap(self, algorithm, content_key, additional_associated_data=None):
         # type: (Text, bytes, Dict[Text, Text]) -> bytes
+        # pylint: disable=unused-argument
         """Wrap content key.
 
         :param str algorithm: Text description of algorithm to use to wrap key
@@ -220,6 +233,7 @@ def _wrap(self, algorithm, content_key, additional_associated_data=None):
 
     def _unwrap(self, algorithm, wrapped_key, wrapped_key_algorithm, wrapped_key_type, additional_associated_data=None):
         # type: (Text, bytes, Text, EncryptionKeyTypes, Dict[Text, Text]) -> DelegatedKey
+        # pylint: disable=unused-argument
         """Wrap content key.
 
         :param str algorithm: Text description of algorithm to use to unwrap key

@@ -10,13 +10,21 @@
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
 # ANY KIND, either express or implied. See the License for the specific
 # language governing permissions and limitations under the License.
-import attr
+"""Resources for encrypting items."""
 import copy
 
+import attr
+
+try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
+    from typing import Dict  # noqa pylint: disable=unused-import
+except ImportError:  # pragma: no cover
+    # We only actually need these imports when running the mypy checks
+    pass
+
 from dynamodb_encryption_sdk.exceptions import InvalidArgumentError
 from dynamodb_encryption_sdk.identifiers import ItemAction
 from dynamodb_encryption_sdk.material_providers import CryptographicMaterialsProvider
-from dynamodb_encryption_sdk.materials import DecryptionMaterials, EncryptionMaterials
+from dynamodb_encryption_sdk.materials import DecryptionMaterials, EncryptionMaterials  # noqa pylint: disable=unused-import
 from dynamodb_encryption_sdk.structures import AttributeActions, EncryptionContext
 
 __all__ = ('CryptoConfig',)
@@ -33,11 +41,13 @@ class CryptoConfig(object):
     :param attribute_actions: Description of what action should be taken for each attribute
     :type attribute_actions: dynamodb_encryption_sdk.structures.AttributeActions
     """
+
     materials_provider = attr.ib(validator=attr.validators.instance_of(CryptographicMaterialsProvider))
     encryption_context = attr.ib(validator=attr.validators.instance_of(EncryptionContext))
     attribute_actions = attr.ib(validator=attr.validators.instance_of(AttributeActions))
 
     def __attrs_post_init__(self):
+        # type: () -> None
         """Make sure that primary index attributes are not being encrypted."""
         if self.encryption_context.partition_key_name is not None:
             if self.attribute_actions.action(self.encryption_context.partition_key_name) is ItemAction.ENCRYPT_AND_SIGN:
@@ -48,6 +58,7 @@ def __attrs_post_init__(self):
                 raise InvalidArgumentError('Cannot encrypt sort key')
 
     def decryption_materials(self):
+        # type: () -> DecryptionMaterials
         """Load decryption materials from instance resources.
 
         :returns: Decryption materials
@@ -56,6 +67,7 @@ def decryption_materials(self):
         return self.materials_provider.decryption_materials(self.encryption_context)
 
     def encryption_materials(self):
+        # type: () -> EncryptionMaterials
         """Load encryption materials from instance resources.
 
         :returns: Encryption materials
@@ -64,6 +76,7 @@ def encryption_materials(self):
         return self.materials_provider.encryption_materials(self.encryption_context)
 
     def copy(self):
+        # type: () -> CryptoConfig
         """Return a copy of this instance with a copied instance of its encryption context.
 
         :returns: New CryptoConfig identical to this one
@@ -77,6 +90,7 @@ def copy(self):
 
 
 def validate_get_arguments(kwargs):
+    # type: (Dict[Text, Any]) -> None
     """Verify that attribute filtering parameters are not found in the request.
 
     :raises InvalidArgumentError: if banned parameters are found

@@ -10,15 +10,15 @@
 # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
 # ANY KIND, either express or implied. See the License for the specific
 # language governing permissions and limitations under the License.
-""""""
+"""High-level helper class to provide a familiar interface to encrypted tables."""
 import attr
 import botocore.client
 
-from . import CryptoConfig, validate_get_arguments
-from .item import decrypt_dynamodb_item, encrypt_dynamodb_item
 from dynamodb_encryption_sdk.internal.utils import TableInfoCache
 from dynamodb_encryption_sdk.material_providers import CryptographicMaterialsProvider
 from dynamodb_encryption_sdk.structures import AttributeActions, EncryptionContext
+from . import CryptoConfig, validate_get_arguments
+from .item import decrypt_dynamodb_item, encrypt_dynamodb_item
 
 __all__ = ('EncryptedClient',)
 
@@ -44,6 +44,7 @@ class EncryptedClient(object):
         We do not currently support the ``update_item`` method.
 
     """
+
     _client = attr.ib(validator=attr.validators.instance_of(botocore.client.BaseClient))
     _materials_provider = attr.ib(validator=attr.validators.instance_of(CryptographicMaterialsProvider))
     _attribute_actions = attr.ib(

@@ -12,23 +12,23 @@
 # language governing permissions and limitations under the License.
 """Top-level functions for encrypting and decrypting DynamoDB items."""
 try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
-    from typing import Any, Callable, Dict  # pylint: disable=unused-import
-    from dynamodb_encryption_sdk.internal import dynamodb_types  # pylint: disable=unused-import
+    from dynamodb_encryption_sdk.internal import dynamodb_types  # noqa pylint: disable=unused-import
 except ImportError:  # pragma: no cover
     # We only actually need these imports when running the mypy checks
     pass
 
-from . import CryptoConfig
 from dynamodb_encryption_sdk.exceptions import DecryptionError, EncryptionError
 from dynamodb_encryption_sdk.identifiers import ItemAction
 from dynamodb_encryption_sdk.internal.crypto.authentication import sign_item, verify_item_signature
 from dynamodb_encryption_sdk.internal.crypto.encryption import decrypt_attribute, encrypt_attribute
 from dynamodb_encryption_sdk.internal.formatting.material_description import (
     deserialize as deserialize_material_description, serialize as serialize_material_description
 )
-from dynamodb_encryption_sdk.internal.identifiers import MaterialDescriptionKeys, MaterialDescriptionValues
 from dynamodb_encryption_sdk.internal.formatting.transform import ddb_to_dict, dict_to_ddb
-from dynamodb_encryption_sdk.internal.identifiers import ReservedAttributes
+from dynamodb_encryption_sdk.internal.identifiers import (
+    MaterialDescriptionKeys, MaterialDescriptionValues, ReservedAttributes
+)
+from . import CryptoConfig  # noqa pylint: disable=unused-import
 
 __all__ = ('encrypt_dynamodb_item', 'encrypt_python_item', 'decrypt_dynamodb_item', 'decrypt_python_item')