Skip to content

feat: add keyrings #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 70 commits into from
Apr 16, 2020
Merged

feat: add keyrings #249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
a3d947d
bump attrs to 19.1.0
mattsb42-aws Jun 21, 2019
daaacba
add keyring trace and integrate into updated encrytion/decryption mat…
mattsb42-aws Jun 21, 2019
f254e73
s/KeyRing/Keyring/g
mattsb42-aws Jun 21, 2019
f9aa29d
align cryptographic materials and add write-only interface
mattsb42-aws Jun 27, 2019
01759b9
encrypted_data_keys must only contain EncryptedDataKey
mattsb42-aws Jun 27, 2019
e8e5b82
fix test to be Python 2 compatible
mattsb42-aws Jun 27, 2019
469600c
data encryption key must be set before encrypted data keys can be add…
mattsb42-aws Jun 28, 2019
a27ff74
add signing/verification key checks to Encryption/DecryptionMaterials
mattsb42-aws Jul 2, 2019
b311cda
DecryptionMaterials.algorithm must be set before DecryptionMaterials.…
mattsb42-aws Jul 2, 2019
10ded57
update materials docs and typehints
mattsb42-aws Jul 2, 2019
4f95e53
EncryptionMaterials must not be initialized with encrypted_data_keys …
mattsb42-aws Jul 3, 2019
7302775
add is_complete properties to EncryptionMaterials and DecryptionMater…
mattsb42-aws Jul 3, 2019
f1e7f2f
change KeyringTraceFlag values to bitshifted ints to match other impl…
mattsb42-aws Jul 9, 2019
524d847
normalize EncryptionMaterials._encrypted_data_keys to list and encryp…
mattsb42-aws Jul 9, 2019
d786409
temporarily pin pydocstyle at <4.0.0 to avoid issue breaking flake8-d…
mattsb42-aws Jul 9, 2019
888fc17
temporarily cap pydocstyle at <4.0.0 for decrypt oracle
mattsb42-aws Jul 10, 2019
54dfc23
Merge pull request #163 from mattsb42-aws/keyring-materials
mattsb42-aws Jul 11, 2019
1615d63
Keyring base API (#161)
MeghaShetty Jul 12, 2019
004ea5d
Add keyring base class (#176)
MeghaShetty Aug 1, 2019
fcc05ba
Raw keyrings (#165)
MeghaShetty Aug 2, 2019
2e85bfd
Multi keyrings (#166)
MeghaShetty Aug 3, 2019
998575c
Merge head of master into keyring (#195)
mattsb42-aws Oct 4, 2019
2d4b2c4
Keyring reorg (#198)
mattsb42-aws Oct 7, 2019
a446f37
Reorganize tests to easy readability and further development (#199)
mattsb42-aws Oct 7, 2019
952bce4
Refactor MasterKeyProvider.master_keys_for_data_key (#200)
mattsb42-aws Oct 9, 2019
9ec35ef
feat: enable use of keyrings (#216)
mattsb42-aws Mar 3, 2020
71b795d
chore: remove CPython3.4 advertised support and add CPython3.8 (#217)
mattsb42-aws Mar 5, 2020
45a5632
feat: add AWS KMS keyring and tests
mattsb42-aws Mar 5, 2020
e56b3ed
chore: add helpers for integration tests
mattsb42-aws Mar 5, 2020
f7801c7
chore: refactor end-to-end integration tests with parametrization
mattsb42-aws Mar 5, 2020
16b6528
chore: add integration tests for AWS KMS keyrings
mattsb42-aws Mar 5, 2020
929c5b9
feat: convert client suppliers to callables
mattsb42-aws Mar 6, 2020
2bac0de
feat: convert AWS KMS keyring and helpers to require a callable rathe…
mattsb42-aws Mar 6, 2020
7265c84
feat: restructure client supplier configuration
mattsb42-aws Mar 6, 2020
6c2881a
fix: client suppliers should only require a callable not specifically…
mattsb42-aws Mar 6, 2020
4686fbf
feat: restructure default client supplier to pass through config to c…
mattsb42-aws Mar 7, 2020
ac51602
chore: move client cache into a "private" module
mattsb42-aws Mar 7, 2020
dd4764a
chore: update upstream requirements files
mattsb42-aws Mar 7, 2020
f46df5f
docs: add docstring
mattsb42-aws Mar 7, 2020
d2bbb7b
chore: make negative logic positive
mattsb42-aws Mar 7, 2020
04b5f94
Merge pull request #218 from mattsb42-aws/kms-keyring-reorg
mattsb42-aws Mar 9, 2020
9402826
Examples refresh, take 1 (#219)
mattsb42-aws Mar 12, 2020
1bd5fa6
feat: expose keyring trace in results (#224)
mattsb42-aws Mar 20, 2020
31e4e49
feat: remove specific value definition for keyring trace flags #215 (…
mattsb42-aws Mar 23, 2020
1dac283
feat: change KMS discovery keyring configuration path (#228)
mattsb42-aws Mar 25, 2020
daed717
feat: immutable cryptographic materials (for keyrings) (#231)
mattsb42-aws Mar 31, 2020
8d84ff5
docs: add keyring examples (#221)
mattsb42-aws Mar 31, 2020
52794b3
chore: add GitHub Actions workflows for all CI that does not require …
mattsb42-aws Mar 31, 2020
6a20af6
chore: remove checks from travis and appveyor that were moved to GitH…
mattsb42-aws Mar 31, 2020
353b0e2
chore: merge pull request #233 from mattsb42-aws/ga
mattsb42-aws Mar 31, 2020
1d9189d
fix: expose the KMS keyring key namespace value for public access (#234)
mattsb42-aws Apr 1, 2020
cbce224
docs: fix sphinx formatting and syntax (#235)
mattsb42-aws Apr 1, 2020
cbfe9b0
docs: add raw AES MKP example
mattsb42-aws Apr 2, 2020
97c60ba
docs: add raw RSA MKP example
mattsb42-aws Apr 2, 2020
d6b86c7
docs: add KMS MK/P examples
mattsb42-aws Apr 2, 2020
1a01d32
docs: add MKP combination example
mattsb42-aws Apr 2, 2020
8fb2741
docs: apply suggestions from code review
mattsb42-aws Apr 2, 2020
0de7cdc
docs: revise MKP examples intro
mattsb42-aws Apr 3, 2020
c5d3a94
docs: add MKP examples to readme map
mattsb42-aws Apr 3, 2020
5abbf9c
docs: merge pull request #236 from mattsb42-aws/mkp-examples
mattsb42-aws Apr 6, 2020
3d98f47
fix: correct KMS keyring parameter name from child_key_ids to key_ids…
mattsb42-aws Apr 8, 2020
5ac45bf
chore: disable the test vector handler tests in GitHub Actions (#243)
mattsb42-aws Apr 8, 2020
cd2a171
docs: add CMM examples (#239)
mattsb42-aws Apr 9, 2020
b5be88f
feat: deprecate master key providers (#242)
mattsb42-aws Apr 9, 2020
c733b7a
Merge branch 'master' into keyring
mattsb42-aws Apr 10, 2020
9cc19b1
chore: remove example collected from merge from master
mattsb42-aws Apr 10, 2020
be8634b
chore: merge pull request #244 from mattsb42-aws/keyring-master-merge
mattsb42-aws Apr 10, 2020
8b7a609
docs: fix security issue notifications link in readme (#245)
mattsb42-aws Apr 10, 2020
a6433d4
feat: remove wrapping_algorithm input parameter from RawAESKeyring (#…
mattsb42-aws Apr 14, 2020
fef2ad7
docs: add mention of new examples to changelog (#250)
mattsb42-aws Apr 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .github/workflows/ci_decrypt-oracle.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: Continuous Integration tests for the decrypt oracle

on:
pull_request:
push:
# Run once a day
schedule:
- cron: '0 0 * * *'

jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
# The oracle runs in a Python 3.6 Lamba
python-version: 3.6
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: local
run: |
cd decrypt_oracle
tox -- -vv
static-analysis:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
category:
- bandit
- readme
- flake8
- pylint
- flake8-tests
- pylint-tests
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.x
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: |
cd decrypt_oracle
tox -- -vv
40 changes: 40 additions & 0 deletions .github/workflows/ci_static-analysis.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: Static analysis checks

on:
pull_request:
push:
# Run once a day
schedule:
- cron: '0 0 * * *'

jobs:
analysis:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
category:
- bandit
- doc8
- docs
- readme
- flake8
- pylint
- flake8-tests
- pylint-tests
- flake8-examples
- pylint-examples
- black-check
- isort-check
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.x
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: tox -- -vv
88 changes: 88 additions & 0 deletions .github/workflows/ci_test-vector-handler.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
name: Continuous Integration tests for the test vector handler

on:
pull_request:
push:
# Run once a day
schedule:
- cron: '0 0 * * *'

jobs:
tests:
# Leaving this defined but disabled
# until we address the credentials problem.
if: 1 == 0
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os:
- ubuntu-latest
- windows-latest
- macos-latest
python:
- 2.7
- 3.5
- 3.6
- 3.7
- 3.8
- 3.x
architecture:
- x64
- x86
category:
- awses_1.3.3
- awses_1.3.max
- awses_latest
exclude:
# x86 builds are only meaningful for Windows
- os: ubuntu-latest
architecture: x86
- os: macos-latest
architecture: x86
steps:
- uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python }}
architecture: ${{ matrix.architecture }}
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: |
cd test_vector_handlers
tox -- -vv
static-analysis:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
category:
- bandit
- readme
- flake8
- pylint
- flake8-tests
- pylint-tests
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.x
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: |
cd test_vector_handlers
tox -- -vv
100 changes: 100 additions & 0 deletions .github/workflows/ci_tests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
name: Continuous Integration tests

on:
pull_request:
push:
# Run once a day
schedule:
- cron: '0 0 * * *'

env:
AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: |
arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: |
arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2

jobs:
tests:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
os:
- ubuntu-latest
- windows-latest
- macos-latest
python:
- 2.7
- 3.5
- 3.6
- 3.7
- 3.8
- 3.x
architecture:
- x64
- x86
category:
- local
- accept
# These require credentials.
# Enable them once we sort how to provide them.
# - integ
# - examples
exclude:
# x86 builds are only meaningful for Windows
- os: ubuntu-latest
architecture: x86
- os: macos-latest
architecture: x86
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: ${{ matrix.python }}
architecture: ${{ matrix.architecture }}
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: tox -- -vv
upstream-py3:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
category:
- nocmk
- test-upstream-requirements-py37
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 3.7
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: tox -- -vv
upstream-py2:
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
category:
- test-upstream-requirements-py27
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
with:
python-version: 2.7
- run: |
python -m pip install --upgrade pip
pip install --upgrade -r ci-requirements.txt
- name: run test
env:
TOXENV: ${{ matrix.category }}
run: tox -- -vv
Loading