High level helpers #3

mattsb42-aws · 2018-03-26T21:33:44Z

The primary purpose of this change is to add high-level helper objects that provide friendly abstractions on top of the item encryption functions that behave like boto3 DynamoDB Client, Resource, and Table objects.

Also included here are various ephemera surfaced in #1 such as improving deep type checking with attrs.

…nfig and cleaning up class

…aning up docs

…ames

…ixed getmoto/moto#1505

…ribute actions in place, but do update the attribute actions used with the table info available

…tedClient

… hypothesis scenarios

…esource batch operation tests

* get item validation to not allow attribute filtering * allow for per-request CryptoConfig provisioning on batch methods

This was present in order to maintain consistent behavior if the libary was used with attrs < 17.0, but we are now using features of attrs that were introduced after 17.0. I think we can safely remove these safety barriers to get simpler, cleaner looking code.

The original idea was to have the encoding type centrally defined, but we need to stick to utf-8 for compatibility anyway, so I think it is simpler to just explicitly state it where it is needed.

…urce/Table

* fix issues with AWS KMS CMP building KMS encryption context * fix issues with handling decimals

…ot compatible with DYNAMODB_CONTEXT

* add unit tests for all material providers

…t is used for attributes, not items

…ntegration tests

…cryptedResource integration tests

…ntegration tests

…tate those it supports

… is necessary because boto3 DDB clients do not always expect DDB JSON

…o generate rather than bytes for symmetric and bits for RSA

…ing to change and they are currently necessary if you are building an EncryptionContext manually

…query paginators that transparently decrypt the resulting items

mattsb42-aws · 2018-04-17T16:29:12Z

This PR rather grew out of control...closing to split it up into more manageable pieces.

mattsb42-aws added 30 commits March 23, 2018 13:55

initial draft of EncryptedTable

190dc0e

adding encryption_context_values property for TableInfo objects

b5c82ac

simplifying possible per-item configuration to only accept a CryptoCo…

1496a56

…nfig and cleaning up class

adding TableInfoCache helper

0ad53cb

initial draft of EncryptedResource

4dab1bb

fixing EncryptedTable encrypted-multi-get response processing and cle…

c236f7c

…aning up docs

initial draft of EncryptedClient

15c3160

fixing mismatched get/put code in EncryptedTable

5ee9201

fixing output of TableInfo.encryption_context_values to use correct n…

8636629

…ames

separating encrypted item check from cycle item check

ea46688

streamlining encrypted item tests

3ae7eb2

adding hypothesis pytest marker

a32304e

blacklisting quote characters in hypothesis strings until moto bug is f…

5baf0df

…ixed getmoto/moto#1505

adding functional tests for EncryptedTable

7aeaaec

fixing Encrypted Table/Resource/Client to not modify the provided att…

cb2efeb

…ribute actions in place, but do update the attribute actions used with the table info available

adding single-item tests for EncryptedClient

2e03b64

adding comments and manual mode

2de9d97

fixing batch_write_item handling

63e8a65

clean up after the moto table

6abecd4

initial draft of batch_write_item and batch_get_item tests for Encryp…

043308b

…tedClient

adding check for reserved attributes in encrypt_dynamodb_item

4af5a4f

reorganizing tests to reflect source structure

d84ad45

separating out batch check logic and removing irrelevant actions from…

79f8988

… hypothesis scenarios

adding type validators for encrypted helpers

1a102fb

consolidating batch cycle testing logic and adding initial EncryptedR…

ebf7e12

…esource batch operation tests

adding :

0acd275

* get item validation to not allow attribute filtering * allow for per-request CryptoConfig provisioning on batch methods

revamp custom validators to consolidate code and simplify reuse

3a00752

Normalize all encoding to explicit utf-8.

e515838

The original idea was to have the encoding type centrally defined, but we need to stick to utf-8 for compatibility anyway, so I think it is simpler to just explicitly state it where it is needed.

Add __all__ definitions where they are missing

dacae61

mattsb42-aws added 27 commits March 28, 2018 20:40

consolidate crypto config building logic across encrypted Client/Reso…

da84f37

…urce/Table

flake8-tests fixes

ab89eb3

pylint-tests update and fixes

bc261f2

add wrapped-aes-hmac encrypted item test vectors

9a223e5

* add direct AWS KMS encrypted item test vectors

ac3673b

* fix issues with AWS KMS CMP building KMS encryption context * fix issues with handling decimals

fix hypothesis decimal strategy to fully filter out values that are n…

fd7ebd0

…ot compatible with DYNAMODB_CONTEXT

* rename EncryptionKeyTypes to EncryptionKeyType for consistency

84f8366

* add unit tests for all material providers

rename ItemAction to CryptoAction to make the name make more sense: i…

09218fc

…t is used for attributes, not items

add code samples to encrypted helper docstrings

974a58a

separate logic for table cycle checks to prepare for EncryptedTable i…

4f50db3

…ntegration tests

add EncryptedTable integration tests

b4e55dd

add CloudFormation template to build table used for integration tests

3aa4b6c

separate resource_cycle_batch_items_check logic out to prepare for En…

92ae239

…cryptedResource integration tests

add EncryptedResource integration tests

fbead80

separate client cycle items checkers to prepare for EncryptedClient i…

9b73b00

…ntegration tests

add EncryptedClient integration tests

ac11e8b

add pytest acceptance and examples test markers

1e58f30

add examples infrastructure and simple EncryptedTable example with test

05a8c24

add more examples using the KMS CMP

81e3276

update docs index to include all modules

7dcc626

update JceNameLocalDelegatedKey docs to explain algorithm names and s…

e25908a

…tate those it supports

add ability to control item transformer used in EncryptedClient: this…

1bb5b7d

… is necessary because boto3 DDB clients do not always expect DDB JSON

add batch_writer to EncryptedTable

df0a8f0

fix JceNameLocalDelegatedKey.generate to only accept number of bits t…

9c570de

…o generate rather than bytes for symmetric and bits for RSA

removing provider stores stub that was accidentally added at some point

fbeba88

move item transformers out of the internal namespace: they are not go…

4e4d717

…ing to change and they are currently necessary if you are building an EncryptionContext manually

add EncryptedPaginator support to EncryptedClient to enable scan and …

6bc9e4b

…query paginators that transparently decrypt the resulting items

mattsb42-aws closed this Apr 17, 2018

mattsb42-aws deleted the high-level-helpers branch May 2, 2018 22:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

High level helpers #3

High level helpers #3

Uh oh!

mattsb42-aws commented Mar 26, 2018

Uh oh!

mattsb42-aws commented Apr 17, 2018

Uh oh!

Uh oh!

High level helpers #3

High level helpers #3

Uh oh!

Conversation

mattsb42-aws commented Mar 26, 2018

Uh oh!

mattsb42-aws commented Apr 17, 2018

Uh oh!

Uh oh!