diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index c2f297ea2..3e035d9dd 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -29,6 +29,7 @@ jobs: - 3.6 - 3.7 - 3.8 + - 3.9 - 3.x architecture: - x64 diff --git a/.gitignore b/.gitignore index 6a18f3190..63097dcba 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ venv/ # Chalice */.chalice/deployments */.chalice/venv +/.history diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index a8ca00f68..000000000 --- a/.travis.yml +++ /dev/null @@ -1,156 +0,0 @@ -sudo: false -language: python -matrix: - include: - # CPython 2.7 - - python: 2.7 - env: TOXENV=py27-integ - stage: Client Tests - - python: 2.7 - env: TOXENV=py27-examples - stage: Client Tests - # CPython 3.5 - - python: 3.5 - env: TOXENV=py35-integ - stage: Client Tests - - python: 3.5 - env: TOXENV=py35-examples - stage: Client Tests - # CPython 3.6 - - python: 3.6 - env: TOXENV=py36-integ - stage: Client Tests - - python: 3.6 - env: TOXENV=py36-examples - stage: Client Tests - # CPython 3.7 - # xenial + sudo are currently needed to get 3.7 - # https://github.com/travis-ci/travis-ci/issues/9815 - - python: 3.7 - env: TOXENV=py37-integ - dist: xenial - sudo: true - stage: Client Tests - - python: 3.7 - env: TOXENV=py37-examples - dist: xenial - sudo: true - stage: Client Tests - # CPython 3.8 - # xenial + sudo are currently needed to get 3.8 - # https://github.com/travis-ci/travis-ci/issues/9815 - - python: 3.8 - env: TOXENV=py38-integ - dist: xenial - sudo: true - stage: Client Tests - - python: 3.8 - env: TOXENV=py38-examples - dist: xenial - sudo: true - stage: Client Tests - ######################## - # Test Vector Handlers # - ######################## - # CPython 2.7 - - python: 2.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py27-awses_1.3.3 - stage: Test Vector Handler Tests - - python: 2.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py27-awses_1.3.max - stage: Test Vector Handler Tests - - python: 2.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py27-awses_latest - stage: Test Vector Handler Tests - # CPython 3.5 - - python: 3.5 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py35-awses_1.3.3 - stage: Test Vector Handler Tests - - python: 3.5 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py35-awses_1.3.max - stage: Test Vector Handler Tests - - python: 3.5 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py35-awses_latest - stage: Test Vector Handler Tests - # CPython 3.6 - - python: 3.6 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py36-awses_1.3.3 - stage: Test Vector Handler Tests - - python: 3.6 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py36-awses_1.3.max - stage: Test Vector Handler Tests - - python: 3.6 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py36-awses_latest - stage: Test Vector Handler Tests - # CPython 3.7 - - python: 3.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py37-awses_1.3.3 - dist: xenial - sudo: true - stage: Test Vector Handler Tests - - python: 3.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py37-awses_1.3.max - dist: xenial - sudo: true - stage: Test Vector Handler Tests - - python: 3.7 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py37-awses_latest - dist: xenial - sudo: true - stage: Test Vector Handler Tests - # CPython 3.8 - - python: 3.8 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py38-awses_1.3.3 - dist: xenial - sudo: true - stage: Test Vector Handler Tests - - python: 3.8 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py38-awses_1.3.max - dist: xenial - sudo: true - stage: Test Vector Handler Tests - - python: 3.8 - env: - TEST_VECTOR_HANDLERS=1 - TOXENV=py38-awses_latest - dist: xenial - sudo: true - stage: Test Vector Handler Tests -install: pip install tox -script: - - | - if [[ -n $TEST_VECTOR_HANDLERS ]]; - then cd test_vector_handlers; - else if [[ -n $DECRYPT_ORACLE ]]; - then cd decrypt_oracle; - fi; - fi - - tox diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 5d7d1d288..1585e5af2 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -14,7 +14,7 @@ Bugfix Features -------- -* Updates to the AWS Encryption SDK. bdbf00c +* Updates to the AWS Encryption SDK. ef90351 Deprecations ^^^^^^^^^^^^ diff --git a/README.rst b/README.rst index f51f61b55..d01707a31 100644 --- a/README.rst +++ b/README.rst @@ -6,7 +6,7 @@ aws-encryption-sdk :target: https://pypi.python.org/pypi/aws-encryption-sdk :alt: Latest Version -.. image:: https://img.shields.io/pypi/pyversions/aws-encryption-sdk-cli.svg +.. image:: https://img.shields.io/pypi/pyversions/aws-encryption-sdk.svg :target: https://pypi.python.org/pypi/aws-encryption-sdk :alt: Supported Python Versions @@ -18,12 +18,6 @@ aws-encryption-sdk :target: https://aws-encryption-sdk-python.readthedocs.io/en/stable/ :alt: Documentation Status -.. image:: https://travis-ci.org/aws/aws-encryption-sdk-python.svg?branch=master - :target: https://travis-ci.org/aws/aws-encryption-sdk-python - -.. image:: https://ci.appveyor.com/api/projects/status/p3e2e63gsnp3cwd8/branch/master?svg=true - :target: https://ci.appveyor.com/project/mattsb42-aws/aws-encryption-sdk-python-qvyet/branch/master - The AWS Encryption SDK for Python provides a fully compliant, native Python implementation of the `AWS Encryption SDK`_. The latest full documentation can be found at `Read the Docs`_. @@ -40,7 +34,7 @@ Required Prerequisites * Python 2.7+ or 3.4+ * cryptography >= 2.5.0 -* boto3 +* boto3 >= 1.10.0 * attrs Installation @@ -119,7 +113,11 @@ StrictAwsKmsMasterKeyProvider A ``StrictAwsKmsMasterKeyProvider`` is configured with an explicit list of AWS KMS CMKs with which to encrypt and decrypt data. On encryption, it encrypts the plaintext with all configured CMKs. On decryption, it only attempts to decrypt ciphertexts that have been wrapped -with one of the configured CMKs. +with a CMK that matches one of the configured CMK ARNs. + +To create a ``StrictAwsKmsMasterKeyProvider`` you must provide one or more CMKs. For providers that will only +be used for encryption, you can use any valid `KMS key identifier`_. For providers that will be used for decryption, you +must use the key ARN; key ids, alias names, and alias ARNs are not supported. Because the ``StrictAwsKmsMasterKeyProvider`` uses the `boto3 SDK`_ to interact with `AWS KMS`_, it requires AWS Credentials. @@ -128,7 +126,6 @@ pre-existing instance of a ``botocore session`` to the ``StrictAwsKmsMasterKeyPr This latter option can be useful if you have an alternate way to store your AWS credentials or you want to reuse an existing instance of a botocore session in order to decrease startup costs. -To create a ``StrictAwsKmsMasterKeyProvider`` you must provide one or more CMKs. If you configure the the ``StrictAwsKmsMasterKeyProvider`` with multiple CMKs, the `final message`_ will include a copy of the data key encrypted by each configured CMK. @@ -312,6 +309,7 @@ to your use-case in order to obtain peak performance. .. _GitHub: https://github.com/aws/aws-encryption-sdk-python/ .. _AWS KMS: https://docs.aws.amazon.com/kms/latest/developerguide/overview.html .. _KMS customer master key (CMK): https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys +.. _KMS key identifier: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id .. _boto3 SDK: https://boto3.readthedocs.io/en/latest/ .. _standard means by which boto3 locates credentials: https://boto3.readthedocs.io/en/latest/guide/configuration.html .. _final message: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html diff --git a/buildspec.yml b/buildspec.yml new file mode 100644 index 000000000..4a6bdac42 --- /dev/null +++ b/buildspec.yml @@ -0,0 +1,73 @@ +version: 0.2 + +batch: + fast-fail: false + build-list: + - identifier: py27_integ + buildspec: codebuild/py27/integ.yml + - identifier: py27_examples + buildspec: codebuild/py27/examples.yml + - identifier: py27_awses_1_7_1 + buildspec: codebuild/py27/awses_1.7.1.yml + - identifier: py27_awses_2_0_0 + buildspec: codebuild/py27/awses_2.0.0.yml + - identifier: py27_awses_latest + buildspec: codebuild/py27/awses_latest.yml + + - identifier: py35_integ + buildspec: codebuild/py35/integ.yml + - identifier: py35_examples + buildspec: codebuild/py35/examples.yml + - identifier: py35_awses_1_7_1 + buildspec: codebuild/py35/awses_1.7.1.yml + - identifier: py35_awses_2_0_0 + buildspec: codebuild/py35/awses_2.0.0.yml + - identifier: py35_awses_latest + buildspec: codebuild/py35/awses_latest.yml + + - identifier: py36_integ + buildspec: codebuild/py36/integ.yml + - identifier: py36_examples + buildspec: codebuild/py36/examples.yml + - identifier: py36_awses_1_7_1 + buildspec: codebuild/py36/awses_1.7.1.yml + - identifier: py36_awses_2_0_0 + buildspec: codebuild/py36/awses_2.0.0.yml + - identifier: py36_awses_latest + buildspec: codebuild/py36/awses_latest.yml + + - identifier: py37_integ + buildspec: codebuild/py37/integ.yml + - identifier: py37_examples + buildspec: codebuild/py37/examples.yml + - identifier: py37_awses_1_7_1 + buildspec: codebuild/py37/awses_1.7.1.yml + - identifier: py37_awses_2_0_0 + buildspec: codebuild/py37/awses_2.0.0.yml + - identifier: py37_awses_latest + buildspec: codebuild/py37/awses_latest.yml + + - identifier: py38_integ + buildspec: codebuild/py38/integ.yml + - identifier: py38_examples + buildspec: codebuild/py38/examples.yml + - identifier: py38_awses_1_7_1 + buildspec: codebuild/py38/awses_1.7.1.yml + - identifier: py38_awses_2_0_0 + buildspec: codebuild/py38/awses_2.0.0.yml + - identifier: py38_awses_latest + buildspec: codebuild/py38/awses_latest.yml + + - identifier: py39_integ + buildspec: codebuild/py39/integ.yml + - identifier: py39_examples + buildspec: codebuild/py39/examples.yml + - identifier: py39_awses_1_7_1 + buildspec: codebuild/py39/awses_1.7.1.yml + - identifier: py39_awses_2_0_0 + buildspec: codebuild/py39/awses_2.0.0.yml + - identifier: py39_awses_latest + buildspec: codebuild/py39/awses_latest.yml + + - identifier: code_coverage + buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml new file mode 100644 index 000000000..f82a3a982 --- /dev/null +++ b/codebuild/coverage/coverage.yml @@ -0,0 +1,14 @@ +version: 0.2 + +env: + variables: + TOXENV: "coverage" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py27/awses_1.7.1.yml b/codebuild/py27/awses_1.7.1.yml new file mode 100644 index 000000000..8f5cca0ec --- /dev/null +++ b/codebuild/py27/awses_1.7.1.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py27-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py27/awses_2.0.0.yml b/codebuild/py27/awses_2.0.0.yml new file mode 100644 index 000000000..bb667f4df --- /dev/null +++ b/codebuild/py27/awses_2.0.0.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py27-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py27/awses_latest.yml b/codebuild/py27/awses_latest.yml new file mode 100644 index 000000000..a813060e8 --- /dev/null +++ b/codebuild/py27/awses_latest.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py27-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py27/examples.yml b/codebuild/py27/examples.yml new file mode 100644 index 000000000..19091ebdb --- /dev/null +++ b/codebuild/py27/examples.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py27-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py27/integ.yml b/codebuild/py27/integ.yml new file mode 100644 index 000000000..497226f01 --- /dev/null +++ b/codebuild/py27/integ.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py27-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py35/awses_1.7.1.yml b/codebuild/py35/awses_1.7.1.yml new file mode 100644 index 000000000..d7c6e3bd4 --- /dev/null +++ b/codebuild/py35/awses_1.7.1.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py35-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.5.9 + - pyenv local 3.5.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py35/awses_2.0.0.yml b/codebuild/py35/awses_2.0.0.yml new file mode 100644 index 000000000..ae47785fa --- /dev/null +++ b/codebuild/py35/awses_2.0.0.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py35-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.5.9 + - pyenv local 3.5.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py35/awses_latest.yml b/codebuild/py35/awses_latest.yml new file mode 100644 index 000000000..d56efa94f --- /dev/null +++ b/codebuild/py35/awses_latest.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py35-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.5.9 + - pyenv local 3.5.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py35/examples.yml b/codebuild/py35/examples.yml new file mode 100644 index 000000000..b700465ad --- /dev/null +++ b/codebuild/py35/examples.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py35-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.5.9 + - pyenv local 3.5.9 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/py35/integ.yml b/codebuild/py35/integ.yml new file mode 100644 index 000000000..b7e9ba2d7 --- /dev/null +++ b/codebuild/py35/integ.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py35-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.5.9 + - pyenv local 3.5.9 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/py36/awses_1.7.1.yml b/codebuild/py36/awses_1.7.1.yml new file mode 100644 index 000000000..80d2a67e3 --- /dev/null +++ b/codebuild/py36/awses_1.7.1.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py36-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py36/awses_2.0.0.yml b/codebuild/py36/awses_2.0.0.yml new file mode 100644 index 000000000..c54afd266 --- /dev/null +++ b/codebuild/py36/awses_2.0.0.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py36-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py36/awses_latest.yml b/codebuild/py36/awses_latest.yml new file mode 100644 index 000000000..f4f141d28 --- /dev/null +++ b/codebuild/py36/awses_latest.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py36-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py36/examples.yml b/codebuild/py36/examples.yml new file mode 100644 index 000000000..efd098578 --- /dev/null +++ b/codebuild/py36/examples.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py36-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py36/integ.yml b/codebuild/py36/integ.yml new file mode 100644 index 000000000..021741dbe --- /dev/null +++ b/codebuild/py36/integ.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py36-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py37/awses_1.7.1.yml b/codebuild/py37/awses_1.7.1.yml new file mode 100644 index 000000000..08584fb4b --- /dev/null +++ b/codebuild/py37/awses_1.7.1.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py37-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.7.9 + - pyenv local 3.7.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py37/awses_2.0.0.yml b/codebuild/py37/awses_2.0.0.yml new file mode 100644 index 000000000..3935d4b53 --- /dev/null +++ b/codebuild/py37/awses_2.0.0.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py37-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.7.9 + - pyenv local 3.7.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py37/awses_latest.yml b/codebuild/py37/awses_latest.yml new file mode 100644 index 000000000..ec882400b --- /dev/null +++ b/codebuild/py37/awses_latest.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py37-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.7.9 + - pyenv local 3.7.9 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py37/examples.yml b/codebuild/py37/examples.yml new file mode 100644 index 000000000..a43ac5b84 --- /dev/null +++ b/codebuild/py37/examples.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py37-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.7.9 + - pyenv local 3.7.9 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/py37/integ.yml b/codebuild/py37/integ.yml new file mode 100644 index 000000000..7f886c213 --- /dev/null +++ b/codebuild/py37/integ.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py37-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.7.9 + - pyenv local 3.7.9 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/py38/awses_1.7.1.yml b/codebuild/py38/awses_1.7.1.yml new file mode 100644 index 000000000..450166b3f --- /dev/null +++ b/codebuild/py38/awses_1.7.1.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py38-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py38/awses_2.0.0.yml b/codebuild/py38/awses_2.0.0.yml new file mode 100644 index 000000000..5d7210748 --- /dev/null +++ b/codebuild/py38/awses_2.0.0.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py38-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py38/awses_latest.yml b/codebuild/py38/awses_latest.yml new file mode 100644 index 000000000..ba8c26514 --- /dev/null +++ b/codebuild/py38/awses_latest.yml @@ -0,0 +1,21 @@ +version: 0.2 + +env: + variables: + TOXENV: "py38-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - cd test_vector_handlers + - tox diff --git a/codebuild/py38/examples.yml b/codebuild/py38/examples.yml new file mode 100644 index 000000000..7033cb3a3 --- /dev/null +++ b/codebuild/py38/examples.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py38-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py38/integ.yml b/codebuild/py38/integ.yml new file mode 100644 index 000000000..7ab243334 --- /dev/null +++ b/codebuild/py38/integ.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py38-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/codebuild/py39/awses_1.7.1.yml b/codebuild/py39/awses_1.7.1.yml new file mode 100644 index 000000000..2ab614cfb --- /dev/null +++ b/codebuild/py39/awses_1.7.1.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-awses_1.7.1" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py39/awses_2.0.0.yml b/codebuild/py39/awses_2.0.0.yml new file mode 100644 index 000000000..ed4f0e37b --- /dev/null +++ b/codebuild/py39/awses_2.0.0.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-awses_2.0.0" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py39/awses_latest.yml b/codebuild/py39/awses_latest.yml new file mode 100644 index 000000000..21b37c2bd --- /dev/null +++ b/codebuild/py39/awses_latest.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-awses_latest" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - cd test_vector_handlers + - tox diff --git a/codebuild/py39/examples.yml b/codebuild/py39/examples.yml new file mode 100644 index 000000000..892cdaa63 --- /dev/null +++ b/codebuild/py39/examples.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/py39/integ.yml b/codebuild/py39/integ.yml new file mode 100644 index 000000000..c652c7b25 --- /dev/null +++ b/codebuild/py39/integ.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - tox diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml new file mode 100644 index 000000000..aa985e361 --- /dev/null +++ b/codebuild/release/prod-release.yml @@ -0,0 +1,41 @@ +version: 0.2 + +env: + variables: + BRANCH: "master" + secrets-manager: + TWINE_USERNAME: PyPiAdmin:username + TWINE_PASSWORD: PyPiAdmin:password + +phases: + install: + commands: + - pip install tox + - pip install --upgrade pip + runtime-versions: + python: latest + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py) + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + build: + commands: + - tox -e park + - tox -e release + +batch: + fast-fail: true + build-graph: + - identifier: release_to_prod + - identifier: validate_prod_release + depend-on: + - release_to_prod + buildspec: codebuild/release/validate.yml + env: + variables: + PIP_INDEX_URL: https://pypi.python.org/simple/ diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml new file mode 100644 index 000000000..6c0ce85c9 --- /dev/null +++ b/codebuild/release/test-release.yml @@ -0,0 +1,43 @@ +version: 0.2 + +env: + variables: + BRANCH: "master" + secrets-manager: + TWINE_USERNAME: TestPyPiCryptoTools:username + TWINE_PASSWORD: TestPyPiCryptoTools:password + +phases: + install: + commands: + - pip install tox + - pip install --upgrade pip + runtime-versions: + python: latest + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py) + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + build: + commands: + - tox -e park + - tox -e test-release + + +batch: + fast-fail: true + build-graph: + - identifier: release_to_staging + - identifier: validate_staging_release + depend-on: + - release_to_staging + buildspec: codebuild/release/validate.yml + env: + variables: + PIP_INDEX_URL: https://test.pypi.org/simple/ + PIP_EXTRA_INDEX_URL: https://pypi.python.org/simple/ diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml new file mode 100644 index 000000000..1f65c0631 --- /dev/null +++ b/codebuild/release/validate.yml @@ -0,0 +1,16 @@ +version: 0.2 + +phases: + install: + commands: + - pip install tox + runtime-versions: + python: latest + pre_build: + commands: + - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git + - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete + - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt + build: + commands: + - tox -e test diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index c3248add1..b0d8a8d48 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -16,7 +16,7 @@ import os import aws_encryption_sdk -from aws_encryption_sdk.key_providers.kms import KMSMasterKeyProvider +from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider from chalice import Chalice, Response from .key_providers.counting import CountingMasterKey @@ -27,9 +27,9 @@ APP.log.setLevel(logging.DEBUG) -def _master_key_provider() -> KMSMasterKeyProvider: +def _master_key_provider() -> DiscoveryAwsKmsMasterKeyProvider: """Build the V0 master key provider.""" - master_key_provider = KMSMasterKeyProvider() + master_key_provider = DiscoveryAwsKmsMasterKeyProvider() master_key_provider.add_master_key_provider(NullMasterKey()) master_key_provider.add_master_key_provider(CountingMasterKey()) return master_key_provider @@ -59,8 +59,9 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: + client = aws_encryption_sdk.EncryptionSDKClient() ciphertext = APP.current_request.raw_body - plaintext, _header = aws_encryption_sdk.decrypt(source=ciphertext, key_provider=_master_key_provider()) + plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider()) APP.log.debug("Plaintext:") APP.log.debug(plaintext) response = Response(body=plaintext, headers={"Content-Type": "application/octet-stream"}, status_code=200) diff --git a/decrypt_oracle/test/integration/integration_test_utils.py b/decrypt_oracle/test/integration/integration_test_utils.py index 610a930d6..eeb6219ac 100644 --- a/decrypt_oracle/test/integration/integration_test_utils.py +++ b/decrypt_oracle/test/integration/integration_test_utils.py @@ -17,8 +17,10 @@ from collections import namedtuple from typing import Any, Callable, Iterable, Optional, Text +import aws_encryption_sdk import pytest -from aws_encryption_sdk.key_providers.kms import KMSMasterKeyProvider +from aws_encryption_sdk.identifiers import CommitmentPolicy +from aws_encryption_sdk.key_providers.kms import StrictAwsKmsMasterKeyProvider HERE = os.path.abspath(os.path.dirname(__file__)) DEPLOYMENT_REGION = "AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION" @@ -27,6 +29,8 @@ _KMS_MKP = None _ENDPOINT = None +CLIENT = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) + def decrypt_endpoint() -> Text: """Build the API endpoint based on environment variables.""" @@ -77,7 +81,7 @@ def kms_master_key_provider(cache: Optional[bool] = True): return _KMS_MKP cmk_arn = get_cmk_arn() - _kms_master_key_provider = KMSMasterKeyProvider(key_ids=[cmk_arn]) + _kms_master_key_provider = StrictAwsKmsMasterKeyProvider(key_ids=[cmk_arn]) if cache: _KMS_MKP = _kms_master_key_provider diff --git a/decrypt_oracle/test/unit/key_providers/test_u_counting.py b/decrypt_oracle/test/unit/key_providers/test_u_counting.py index f779b5169..ebeaee198 100644 --- a/decrypt_oracle/test/unit/key_providers/test_u_counting.py +++ b/decrypt_oracle/test/unit/key_providers/test_u_counting.py @@ -11,11 +11,10 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Unit test for ``aws_encryption_sdk_decrypt_oracle.key_providers.counting``.""" -import aws_encryption_sdk import pytest from aws_encryption_sdk_decrypt_oracle.key_providers.counting import CountingMasterKey -from ...integration.integration_test_utils import filtered_test_vectors +from ...integration.integration_test_utils import CLIENT, filtered_test_vectors pytestmark = [pytest.mark.unit, pytest.mark.local] @@ -24,7 +23,7 @@ def test_counting_master_key_decrypt_vectors(vector): master_key = CountingMasterKey() - plaintext, _header = aws_encryption_sdk.decrypt(source=vector.ciphertext, key_provider=master_key) + plaintext, _header = CLIENT.decrypt(source=vector.ciphertext, key_provider=master_key) assert plaintext == vector.plaintext @@ -33,8 +32,8 @@ def test_counting_master_key_cycle(): plaintext = b"some super secret plaintext" master_key = CountingMasterKey() - ciphertext, _header = aws_encryption_sdk.encrypt(source=plaintext, key_provider=master_key) - decrypted, _header = aws_encryption_sdk.decrypt(source=ciphertext, key_provider=master_key) + ciphertext, _header = CLIENT.encrypt(source=plaintext, key_provider=master_key) + decrypted, _header = CLIENT.decrypt(source=ciphertext, key_provider=master_key) assert plaintext != ciphertext assert plaintext == decrypted diff --git a/decrypt_oracle/test/unit/key_providers/test_u_null.py b/decrypt_oracle/test/unit/key_providers/test_u_null.py index 918ef0e5a..4c3a2e4d7 100644 --- a/decrypt_oracle/test/unit/key_providers/test_u_null.py +++ b/decrypt_oracle/test/unit/key_providers/test_u_null.py @@ -11,11 +11,10 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Unit test for ``aws_encryption_sdk_decrypt_oracle.key_providers.null``.""" -import aws_encryption_sdk import pytest from aws_encryption_sdk_decrypt_oracle.key_providers.null import NullMasterKey -from ...integration.integration_test_utils import filtered_test_vectors +from ...integration.integration_test_utils import CLIENT, filtered_test_vectors pytestmark = [pytest.mark.unit, pytest.mark.local] @@ -23,8 +22,7 @@ @pytest.mark.parametrize("vector", filtered_test_vectors(lambda x: x.key_type == "null")) def test_null_master_key_decrypt_vectors(vector): master_key = NullMasterKey() - - plaintext, _header = aws_encryption_sdk.decrypt(source=vector.ciphertext, key_provider=master_key) + plaintext, _header = CLIENT.decrypt(source=vector.ciphertext, key_provider=master_key) assert plaintext == vector.plaintext @@ -33,8 +31,8 @@ def test_null_master_key_cycle(): plaintext = b"some super secret plaintext" master_key = NullMasterKey() - ciphertext, _header = aws_encryption_sdk.encrypt(source=plaintext, key_provider=master_key) - decrypted, _header = aws_encryption_sdk.decrypt(source=ciphertext, key_provider=master_key) + ciphertext, _header = CLIENT.encrypt(source=plaintext, key_provider=master_key) + decrypted, _header = CLIENT.decrypt(source=ciphertext, key_provider=master_key) assert plaintext != ciphertext assert plaintext == decrypted diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index f0a7804e5..31ef18772 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -95,6 +95,8 @@ passenv = AWS_DEFAULT_REGION \ # Pass through AWS credentials pointer in ECS/CodeBuild AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + # AWS Role access in CodeBuild is via the contaner URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ # Used to manage test generators AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_GENERATE_TEST_VECTORS \ AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION \ diff --git a/requirements.txt b/requirements.txt index 51badb814..fab293c05 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -boto3>=1.4.4 +boto3>=1.10.0 cryptography>=2.5.0 attrs>=17.4.0 wrapt>=1.10.11 diff --git a/setup.cfg b/setup.cfg index 038fc5924..1f83b2654 100644 --- a/setup.cfg +++ b/setup.cfg @@ -9,6 +9,7 @@ branch = True [coverage:report] show_missing = True +fail_under = 95 [tool:pytest] log_level = DEBUG diff --git a/setup.py b/setup.py index 6ceb2d8fb..98d24c563 100644 --- a/setup.py +++ b/setup.py @@ -52,6 +52,8 @@ def get_requirements(): "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/src/aws_encryption_sdk/internal/crypto/elliptic_curve.py b/src/aws_encryption_sdk/internal/crypto/elliptic_curve.py index 47af50b8c..83e6b2def 100644 --- a/src/aws_encryption_sdk/internal/crypto/elliptic_curve.py +++ b/src/aws_encryption_sdk/internal/crypto/elliptic_curve.py @@ -123,7 +123,7 @@ def _ecc_decode_compressed_point(curve, compressed_point): y_order_map = {b"\x02": 0, b"\x03": 1} raw_x = compressed_point[1:] raw_x = to_bytes(raw_x) - x = int_from_bytes(raw_x, "big") + x = int_from_bytes(raw_x, "big") # pylint: disable=not-callable raw_y = compressed_point[0] # In Python3, bytes index calls return int values rather than strings if isinstance(raw_y, six.integer_types): diff --git a/src/aws_encryption_sdk/key_providers/kms.py b/src/aws_encryption_sdk/key_providers/kms.py index ff5ef350d..23ac6b7a1 100644 --- a/src/aws_encryption_sdk/key_providers/kms.py +++ b/src/aws_encryption_sdk/key_providers/kms.py @@ -274,16 +274,19 @@ def validate_config(self): class StrictAwsKmsMasterKeyProvider(BaseKMSMasterKeyProvider): """Strict Master Key Provider for KMS. It is configured with an explicit list of AWS KMS master keys that - should be used for encryption in decryption. On encryption, the plaintext will be encrypted with all configured - master keys. On decryption, the ciphertext will be decrypted with the first master key that can decrypt. If the - ciphertext is encrypted with a master key that was not explicitly configured, decryption will fail. + should be used for encryption and decryption. On encryption, the plaintext will be encrypted with all configured + master keys. On decryption, it only attempts to decrypt ciphertexts that have been wrapped with a CMK that + matches one of the configured CMK ARNs. If the ciphertext is encrypted with a master key that was not + explicitly configured, decryption will fail. To create a StrictAwsKmsMasterKeyProvider you must provide + one or more CMKs. For providers that will only be used for encryption, you can use any valid KMS key + identifier. For providers that will be used for decryption, you must use the key ARN; key ids, alias names, and + alias ARNs are not supported. >>> import aws_encryption_sdk >>> kms_key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[ ... 'arn:aws:kms:us-east-1:2222222222222:key/22222222-2222-2222-2222-222222222222', ... 'arn:aws:kms:us-east-1:3333333333333:key/33333333-3333-3333-3333-333333333333' ... ]) - >>> kms_key_provider.add_master_key('arn:aws:kms:ap-northeast-1:4444444444444:alias/another-key') .. note:: If no botocore_session is provided, the default botocore session will be used. diff --git a/src/aws_encryption_sdk/streaming_client.py b/src/aws_encryption_sdk/streaming_client.py index f33831508..78ea70b7a 100644 --- a/src/aws_encryption_sdk/streaming_client.py +++ b/src/aws_encryption_sdk/streaming_client.py @@ -72,6 +72,8 @@ class _ClientConfig(object): :param source: Source data to encrypt or decrypt :type source: str, bytes, io.IOBase, or file + :param commitment_policy: The commitment policy to use during encryption and decryption + :type commitment_policy: aws_encryption_sdk.identifiers.CommitmentPolicy :param materials_manager: `CryptoMaterialsManager` from which to obtain cryptographic materials (either `materials_manager` or `key_provider` required) :type materials_manager: aws_encryption_sdk.materials_manager.base.CryptoMaterialsManager @@ -728,7 +730,7 @@ class DecryptorConfig(_ClientConfig): class StreamDecryptor(_EncryptionStream): # pylint: disable=too-many-instance-attributes - """Provides a streaming encryptor for encrypting a stream source. + """Provides a streaming decryptor for decrypting a stream source. Behaves as a standard file-like object. .. note:: diff --git a/test/unit/test_streaming_client_encryption_stream.py b/test/unit/test_streaming_client_encryption_stream.py index 9aa1361b4..342711247 100644 --- a/test/unit/test_streaming_client_encryption_stream.py +++ b/test/unit/test_streaming_client_encryption_stream.py @@ -344,7 +344,7 @@ def test_next(self): ) self.mock_source_stream.closed = False mock_stream.readline = MagicMock(return_value=sentinel.line) - test = mock_stream.next() + test = mock_stream.next() # pylint: disable=not-callable mock_stream.readline.assert_called_once_with() assert test is sentinel.line @@ -355,7 +355,7 @@ def test_next_stream_closed(self): mock_stream.close() with pytest.raises(StopIteration): - mock_stream.next() + mock_stream.next() # pylint: disable=not-callable def test_next_source_stream_closed_and_buffer_empty(self): mock_stream = MockEncryptionStream( @@ -365,7 +365,7 @@ def test_next_source_stream_closed_and_buffer_empty(self): mock_stream.output_buffer = b"" with pytest.raises(StopIteration): - mock_stream.next() + mock_stream.next() # pylint: disable=not-callable @patch("aws_encryption_sdk.streaming_client._EncryptionStream.closed", new_callable=PropertyMock) def test_iteration(self, mock_closed): diff --git a/test_vector_handlers/compatibility-requirements/1.7.1 b/test_vector_handlers/compatibility-requirements/1.7.1 new file mode 100644 index 000000000..d7dfcfa92 --- /dev/null +++ b/test_vector_handlers/compatibility-requirements/1.7.1 @@ -0,0 +1 @@ +aws-encryption-sdk==1.7.1 diff --git a/test_vector_handlers/compatibility-requirements/2.0.0 b/test_vector_handlers/compatibility-requirements/2.0.0 new file mode 100644 index 000000000..1622ff09d --- /dev/null +++ b/test_vector_handlers/compatibility-requirements/2.0.0 @@ -0,0 +1 @@ +aws-encryption-sdk==2.0.0 diff --git a/test_vector_handlers/src/awses_test_vectors/internal/aws_kms.py b/test_vector_handlers/src/awses_test_vectors/internal/aws_kms.py index 5893c6270..c63e167bc 100644 --- a/test_vector_handlers/src/awses_test_vectors/internal/aws_kms.py +++ b/test_vector_handlers/src/awses_test_vectors/internal/aws_kms.py @@ -15,12 +15,12 @@ from aws_encryption_sdk.identifiers import AlgorithmSuite except ImportError: from aws_encryption_sdk.identifiers import Algorithm as AlgorithmSuite -from aws_encryption_sdk.key_providers.kms import KMSMasterKeyProvider +from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider, StrictAwsKmsMasterKeyProvider from awses_test_vectors.internal.defaults import ENCODING # This lets us easily use a single boto3 client per region for all KMS master keys. -KMS_MASTER_KEY_PROVIDER = KMSMasterKeyProvider() +KMS_MASTER_KEY_PROVIDER = DiscoveryAwsKmsMasterKeyProvider() def arn_from_key_id(key_id): @@ -34,7 +34,8 @@ def arn_from_key_id(key_id): :returns: Full Arn for KMS CMK that key ID identifies :rtype: str """ - encrypted_data_key = KMS_MASTER_KEY_PROVIDER.master_key(key_id.encode(ENCODING)).generate_data_key( + provider = StrictAwsKmsMasterKeyProvider(key_ids=[key_id]) + encrypted_data_key = provider.master_key(key_id.encode(ENCODING)).generate_data_key( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, encryption_context={} ) return encrypted_data_key.key_provider.key_info.decode(ENCODING) diff --git a/test_vector_handlers/src/awses_test_vectors/internal/mypy_types.py b/test_vector_handlers/src/awses_test_vectors/internal/mypy_types.py index e669c8a2f..3712643e8 100644 --- a/test_vector_handlers/src/awses_test_vectors/internal/mypy_types.py +++ b/test_vector_handlers/src/awses_test_vectors/internal/mypy_types.py @@ -15,10 +15,10 @@ try: # Python 3.5.0 and 3.5.1 have incompatible typing modules from typing import ( # noqa pylint: disable=unused-import + IO, Any, Callable, Dict, - IO, Iterable, Optional, Tuple, diff --git a/test_vector_handlers/src/awses_test_vectors/internal/util.py b/test_vector_handlers/src/awses_test_vectors/internal/util.py index 4963ff5e7..da5552f13 100644 --- a/test_vector_handlers/src/awses_test_vectors/internal/util.py +++ b/test_vector_handlers/src/awses_test_vectors/internal/util.py @@ -25,6 +25,7 @@ try: # Python 3.5.0 and 3.5.1 have incompatible typing modules from typing import Any, Callable, Dict, Iterable, Type # noqa pylint: disable=unused-import + from awses_test_vectors.internal.mypy_types import ( # noqa pylint: disable=unused-import ISINSTANCE, MANIFEST_VERSION, diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/full_message/decrypt.py b/test_vector_handlers/src/awses_test_vectors/manifests/full_message/decrypt.py index 0cfda32e5..1c685c0de 100644 --- a/test_vector_handlers/src/awses_test_vectors/manifests/full_message/decrypt.py +++ b/test_vector_handlers/src/awses_test_vectors/manifests/full_message/decrypt.py @@ -21,6 +21,7 @@ import attr import aws_encryption_sdk import six +from aws_encryption_sdk.identifiers import CommitmentPolicy from aws_encryption_sdk.key_providers.base import MasterKeyProvider from awses_test_vectors.internal.defaults import ENCODING @@ -34,7 +35,8 @@ from awses_test_vectors.manifests.master_key import MasterKeySpec, master_key_provider_from_master_key_specs try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable, Dict, IO, Iterable, Optional # noqa pylint: disable=unused-import + from typing import IO, Callable, Dict, Iterable, Optional # noqa pylint: disable=unused-import + from awses_test_vectors.internal.mypy_types import ( # noqa pylint: disable=unused-import DECRYPT_SCENARIO_SPEC, FULL_MESSAGE_DECRYPT_MANIFEST, @@ -89,6 +91,7 @@ def __init__( description=None, # type: Optional[str] ): # noqa=D107 # type: (...) -> None + """Set initial values for the test scenario.""" # Workaround pending resolution of attrs/mypy interaction. # https://github.com/python/mypy/issues/2088 # https://github.com/python-attrs/attrs/issues/215 @@ -155,7 +158,8 @@ def run(self, name): :param str name: Descriptive name for this scenario to use in any logging or errors """ - plaintext, _header = aws_encryption_sdk.decrypt(source=self.ciphertext, key_provider=self.master_key_provider) + client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) + plaintext, _header = client.decrypt(source=self.ciphertext, key_provider=self.master_key_provider) if plaintext != self.plaintext: raise ValueError("Decrypted plaintext does not match expected value for scenario '{}'".format(name)) @@ -197,6 +201,7 @@ def __init__( client_version=aws_encryption_sdk.__version__, # type: Optional[str] ): # noqa=D107 # type: (...) -> None + """Set initial values for the manifest.""" # Workaround pending resolution of attrs/mypy interaction. # https://github.com/python/mypy/issues/2088 # https://github.com/python-attrs/attrs/issues/215 diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py b/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py index a74612d4a..ba94c1626 100644 --- a/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py +++ b/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py @@ -40,13 +40,14 @@ from awses_test_vectors.manifests.master_key import MasterKeySpec, master_key_provider_from_master_key_specs try: - from aws_encryption_sdk.identifiers import AlgorithmSuite + from aws_encryption_sdk.identifiers import AlgorithmSuite, CommitmentPolicy except ImportError: from aws_encryption_sdk.identifiers import Algorithm as AlgorithmSuite try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable, Dict, IO, Iterable, Optional # noqa pylint: disable=unused-import + from typing import IO, Callable, Dict, Iterable, Optional # noqa pylint: disable=unused-import + from awses_test_vectors.internal.mypy_types import ( # noqa pylint: disable=unused-import ENCRYPT_SCENARIO_SPEC, PLAINTEXTS_SPEC, @@ -133,7 +134,8 @@ def run(self, ciphertext_writer, plaintext_uri): :return: Decrypt test scenario that describes the generated scenario :rtype: MessageDecryptionTestScenario """ - ciphertext, _header = aws_encryption_sdk.encrypt( + client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) + ciphertext, _header = client.encrypt( source=self.plaintext, algorithm=self.algorithm, frame_length=self.frame_size, diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/keys.py b/test_vector_handlers/src/awses_test_vectors/manifests/keys.py index 441caac01..783ae9da6 100644 --- a/test_vector_handlers/src/awses_test_vectors/manifests/keys.py +++ b/test_vector_handlers/src/awses_test_vectors/manifests/keys.py @@ -25,13 +25,14 @@ from awses_test_vectors.internal.util import dictionary_validator, membership_validator, validate_manifest_type try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import cast, Dict, Iterable, Optional # noqa pylint: disable=unused-import + from typing import Dict, Iterable, Optional, cast # noqa pylint: disable=unused-import + from awses_test_vectors.internal.mypy_types import ( # noqa pylint: disable=unused-import AWS_KMS_KEY_SPEC, - MANUAL_KEY_SPEC, KEY_SPEC, KEYS_MANIFEST, MANIFEST_VERSION, + MANUAL_KEY_SPEC, ) except ImportError: # pragma: no cover # We only actually need these imports when running the mypy checks @@ -141,6 +142,7 @@ def __init__( material, # type: Iterable[str] ): # noqa=D107 # type: (...) -> None + """Set initial values for the ManualKeySpec.""" # Workaround pending resolution of attrs/mypy interaction. # https://github.com/python/mypy/issues/2088 # https://github.com/python-attrs/attrs/issues/215 diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py b/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py index b018f21a5..05975ccbf 100644 --- a/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py +++ b/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py @@ -34,6 +34,7 @@ try: # Python 3.5.0 and 3.5.1 have incompatible typing modules from typing import Iterable # noqa pylint: disable=unused-import + from awses_test_vectors.internal.mypy_types import MASTER_KEY_SPEC # noqa pylint: disable=unused-import except ImportError: # pragma: no cover # We only actually need these imports when running the mypy checks diff --git a/test_vector_handlers/tox.ini b/test_vector_handlers/tox.ini index 420032dd0..484c3dddc 100644 --- a/test_vector_handlers/tox.ini +++ b/test_vector_handlers/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{27,34,35,36,37}-awses_{1.3.3,1.3.max,latest}, + py{27,34,35,36,37}-awses_{1.7.1,2.0.0,latest}, # 1.2.0 and 1.2.max are being difficult because of attrs bandit, doc8, readme, docs, {flake8,pylint}{,-tests}, @@ -41,6 +41,8 @@ commands = pytest --basetemp={envtmpdir} -l --cov awses_test_vectors test/ {posa passenv = # Pass through AWS credentials AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + # AWS Role access in CodeBuild is via the contaner URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ # Pass through AWS profile name (useful for local testing) AWS_PROFILE sitepackages = False @@ -48,6 +50,8 @@ deps = -rtest/requirements.txt awses_1.3.3: -rcompatibility-requirements/1.3.3 awses_1.3.max: -rcompatibility-requirements/1.3.max + awses_1.7.1: -rcompatibility-requirements/1.7.1 + awses_2.0.0: -rcompatibility-requirements/2.0.0 awses_latest: -rcompatibility-requirements/latest commands = {[testenv:base-command]commands} @@ -88,7 +92,8 @@ commands = {[testenv:mypy-coverage]commands} [testenv:mypy-py2] -basepython = {[testenv:mypy-common]basepython} +# We only test 2.7, please upgrade +basepython = python2.7 deps = {[testenv:mypy-common]deps} commands = python -m mypy \ diff --git a/tox.ini b/tox.ini index 2ea33b9e5..43030695e 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{27,34,35,36,37}-{local,integ,accept,examples}, nocmk, + py{27,34,35,36,37,38,39}-{local,integ,accept,examples}, nocmk, bandit, doc8, readme, docs, {flake8,pylint}{,-tests,-examples}, isort-check, black-check, @@ -35,8 +35,12 @@ envlist = # test-release :: Builds dist files and uploads to testpypi pypirc profile. # release :: Builds dist files and uploads to pypi pypirc profile. +# Reporting environments: +# +# coverage :: Runs code coverage, failing the build if coverage is below the configured threshold + [testenv:base-command] -commands = pytest --basetemp={envtmpdir} -l --cov aws_encryption_sdk {posargs} +commands = pytest --basetemp={envtmpdir} -l {posargs} [testenv] passenv = @@ -46,6 +50,8 @@ passenv = AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2 \ # Pass through AWS credentials AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + # AWS Role access in CodeBuild is via the contaner URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ # Pass through AWS profile name (useful for local testing) AWS_PROFILE \ # Pass through custom pip config file settings @@ -60,6 +66,10 @@ commands = all: {[testenv:base-command]commands} test/ examples/test/ manual: {[testenv:base-command]commands} +# Run code coverage on the unit tests +[testenv:coverage] +commands = {[testenv:base-command]commands} --cov aws_encryption_sdk test/ -m local + # Verify that local tests work without environment variables present [testenv:nocmk] basepython = python3 @@ -343,12 +353,31 @@ deps = {[testenv:build]deps} twine passenv = + # Intentionally omit TWINE_REPOSITORY_URL from the passenv list, + # as this overrides other ways of setting the repository and could + # unexpectedly result in releasing to the wrong repo {[testenv]passenv} \ TWINE_USERNAME \ - TWINE_PASSWORD \ - TWINE_REPOSITORY_URL + TWINE_PASSWORD commands = {[testenv:build]commands} + +[testenv:release-private] +basepython = python3 +skip_install = true +deps = {[testenv:release-base]deps} +passenv = + {[testenv:release-base]passenv} \ + TWINE_REPOSITORY_URL +setenv = + # Explicitly set the URL as the env variable value, which will cause us to + # throw an error if the variable is not set. Otherwise, omission of the + # env variable could cause us to unintentionally upload to the wrong repo + TWINE_REPOSITORY_URL = {env:TWINE_REPOSITORY_URL} +commands = + {[testenv:release-base]commands} + # Omitting an explicit repository will cause twine to use the repository + # specified in the environment variable twine upload --skip-existing {toxinidir}/dist/* [testenv:test-release] @@ -357,9 +386,9 @@ skip_install = true deps = {[testenv:release-base]deps} passenv = {[testenv:release-base]passenv} -setenv = - TWINE_REPOSITORY_URL = https://test.pypi.org/legacy/ -commands = {[testenv:release-base]commands} +commands = + {[testenv:release-base]commands} + twine upload --skip-existing --repository testpypi {toxinidir}/dist/* [testenv:release] basepython = python3 @@ -367,8 +396,6 @@ skip_install = true deps = {[testenv:release-base]deps} passenv = {[testenv:release-base]passenv} -whitelist_externals = unset commands = - # Unsetting the TWINE_REPOSITORY_URL defaults twine to using production PyPI - unset TWINE_REPOSITORY_URL {[testenv:release-base]commands} + twine upload --skip-existing --repository pypi {toxinidir}/dist/*