Skip to content

Refactor MasterKeyProvider.master_keys_for_data_key #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 9, 2019
Merged

Refactor MasterKeyProvider.master_keys_for_data_key #200

merged 4 commits into from
Oct 9, 2019

Conversation

mattsb42-aws
Copy link
Member

Description of changes:
As part of building the master key provider keyring, I realized that I needed to be able to get the master key object that decrypted a data key. This is important because we need the key name (ie, key ID) for the keyring trace, but decrypted data key instead contains the provider info. Usually this is fine, but for example in the case of the raw AES master key, they are not the same.

MasterKeyProvider.master_keys_for_data_key gives us this capability by exposing the master key discovery in the public API for this parent class.

In the process of creating master_keys_for_data_key, I realized that I could drastically simplify MasterKeyProvider.decrypt_data_key by using the new master_keys_for_data_key method.

Also, I collapsed the logic of MasterKey.owns_data_key because it was needlessly complex.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@mattsb42-aws mattsb42-aws requested review from ajw-aws and a team October 8, 2019 19:13
ajw-aws
ajw-aws approved these changes Oct 9, 2019
View reviewed changes
Copy link

@ajw-aws ajw-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Good idea to break these tests up.

@mattsb42-aws mattsb42-aws merged commit 952bce4 into aws:keyring Oct 9, 2019
@mattsb42-aws mattsb42-aws deleted the mkp-refactor branch October 9, 2019 20:35
@mattsb42-aws mattsb42-aws added this to the keyrings milestone Feb 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ajw-aws ajw-aws ajw-aws approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
keyrings
Development

Successfully merging this pull request may close these issues.
2 participants
@mattsb42-aws @ajw-aws