From 138ec5bf8221e5df3e8c78449e5f0d0f0d72ddf6 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Fri, 4 Dec 2020 16:13:53 -0700
Subject: [PATCH 1/3] chore: Update README section on using
 StrictAwsKmsKeyProvider

Be more explicit about the fact that, when using a
StrictAwsKmsMasterKeyProvider, key aliases are not
supported on decryption
---
 README.rst                                  | 5 ++++-
 src/aws_encryption_sdk/key_providers/kms.py | 1 -
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.rst b/README.rst
index 41ed14540..42fd9ccfb 100644
--- a/README.rst
+++ b/README.rst
@@ -131,7 +131,10 @@ pre-existing instance of a ``botocore session`` to the ``StrictAwsKmsMasterKeyPr
 This latter option can be useful if you have an alternate way to store your AWS credentials or
 you want to reuse an existing instance of a botocore session in order to decrease startup costs.
 
-To create a ``StrictAwsKmsMasterKeyProvider`` you must provide one or more CMKs.
+To create a ``StrictAwsKmsMasterKeyProvider`` you must provide one or more CMKs. For providers that will only
+be used for encryption, you can use a key ARN or alias ARN. For providers that will be used for decryption, you
+must use the key ARN; aliases are not supported.
+
 If you configure the the ``StrictAwsKmsMasterKeyProvider`` with multiple CMKs, the `final message`_
 will include a copy of the data key encrypted by each configured CMK.
 
diff --git a/src/aws_encryption_sdk/key_providers/kms.py b/src/aws_encryption_sdk/key_providers/kms.py
index 46c5d42f0..29a86760a 100644
--- a/src/aws_encryption_sdk/key_providers/kms.py
+++ b/src/aws_encryption_sdk/key_providers/kms.py
@@ -237,7 +237,6 @@ class StrictAwsKmsMasterKeyProvider(BaseKMSMasterKeyProvider):
     ...     'arn:aws:kms:us-east-1:2222222222222:key/22222222-2222-2222-2222-222222222222',
     ...     'arn:aws:kms:us-east-1:3333333333333:key/33333333-3333-3333-3333-333333333333'
     ... ])
-    >>> kms_key_provider.add_master_key('arn:aws:kms:ap-northeast-1:4444444444444:alias/another-key')
 
     .. note::
         If no botocore_session is provided, the default botocore session will be used.

From 8d5597e8ea7ff0c79a61b25fa90ba095a3ca2614 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Mon, 7 Dec 2020 13:47:44 -0700
Subject: [PATCH 2/3] PR feedback: Any valid KMS key identifier can be used on
 encrypt

---
 README.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.rst b/README.rst
index 42fd9ccfb..7c706266b 100644
--- a/README.rst
+++ b/README.rst
@@ -132,8 +132,8 @@ This latter option can be useful if you have an alternate way to store your AWS
 you want to reuse an existing instance of a botocore session in order to decrease startup costs.
 
 To create a ``StrictAwsKmsMasterKeyProvider`` you must provide one or more CMKs. For providers that will only
-be used for encryption, you can use a key ARN or alias ARN. For providers that will be used for decryption, you
-must use the key ARN; aliases are not supported.
+be used for encryption, you can use any valid `KMS key identifier`_. For providers that will be used for decryption, you
+must use the key ARN; key ids, alias names, and alias ARNs are not supported.
 
 If you configure the the ``StrictAwsKmsMasterKeyProvider`` with multiple CMKs, the `final message`_
 will include a copy of the data key encrypted by each configured CMK.
@@ -318,6 +318,7 @@ to your use-case in order to obtain peak performance.
 .. _GitHub: https://github.com/aws/aws-encryption-sdk-python/
 .. _AWS KMS: https://docs.aws.amazon.com/kms/latest/developerguide/overview.html
 .. _KMS customer master key (CMK): https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
+.. _KMS key identifier: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
 .. _boto3 SDK: https://boto3.readthedocs.io/en/latest/
 .. _standard means by which boto3 locates credentials: https://boto3.readthedocs.io/en/latest/guide/configuration.html
 .. _final message: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html

From b68f735f89b6de9ddd134cabf2aa916d143bcca1 Mon Sep 17 00:00:00 2001
From: Benjamin Farley <farleyb@amazon.com>
Date: Mon, 14 Dec 2020 09:32:30 -0700
Subject: [PATCH 3/3] Remove test requirement dependency on old versions of
 attrs

---
 test_vector_handlers/compatibility-requirements/1.7.1 | 1 -
 test_vector_handlers/compatibility-requirements/2.0.0 | 1 -
 2 files changed, 2 deletions(-)

diff --git a/test_vector_handlers/compatibility-requirements/1.7.1 b/test_vector_handlers/compatibility-requirements/1.7.1
index 8d01cab7c..d7dfcfa92 100644
--- a/test_vector_handlers/compatibility-requirements/1.7.1
+++ b/test_vector_handlers/compatibility-requirements/1.7.1
@@ -1,2 +1 @@
 aws-encryption-sdk==1.7.1
-attrs<19.2.0
diff --git a/test_vector_handlers/compatibility-requirements/2.0.0 b/test_vector_handlers/compatibility-requirements/2.0.0
index 14c3b529b..1622ff09d 100644
--- a/test_vector_handlers/compatibility-requirements/2.0.0
+++ b/test_vector_handlers/compatibility-requirements/2.0.0
@@ -1,2 +1 @@
 aws-encryption-sdk==2.0.0
-attrs<19.2.0