From a45a3a97338b781536064964227c353bf3d654c2 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 19 Dec 2022 05:08:43 -0800 Subject: [PATCH 01/10] fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle --- decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index b0d8a8d48..b9bc10ac9 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -16,6 +16,7 @@ import os import aws_encryption_sdk +from aws_encryption_sdk.identifiers import CommitmentPolicy from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider from chalice import Chalice, Response @@ -59,7 +60,7 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: - client = aws_encryption_sdk.EncryptionSDKClient() + client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) ciphertext = APP.current_request.raw_body plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider()) APP.log.debug("Plaintext:") From 9d03bedd624a8f3c42882c8552298d1b2dd02bbc Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 21 Dec 2022 03:44:54 -0800 Subject: [PATCH 02/10] fix: pin tox version < 4.0 --- codebuild/coverage/coverage.yml | 2 +- codebuild/py310/awses_local.yml | 2 +- codebuild/py310/examples.yml | 2 +- codebuild/py310/integ.yml | 2 +- codebuild/py37/awses_local.yml | 2 +- codebuild/py37/examples.yml | 2 +- codebuild/py37/integ.yml | 2 +- codebuild/py38/awses_local.yml | 2 +- codebuild/py38/examples.yml | 2 +- codebuild/py38/integ.yml | 2 +- codebuild/py39/awses_1.7.1.yml | 2 +- codebuild/py39/awses_2.0.0.yml | 2 +- codebuild/py39/awses_latest.yml | 2 +- codebuild/py39/examples.yml | 2 +- codebuild/py39/integ.yml | 2 +- codebuild/release/prod-release.yml | 2 +- codebuild/release/test-release.yml | 2 +- codebuild/release/validate.yml | 4 ++-- 18 files changed, 19 insertions(+), 19 deletions(-) diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml index f82a3a982..51d8b0a6f 100644 --- a/codebuild/coverage/coverage.yml +++ b/codebuild/coverage/coverage.yml @@ -10,5 +10,5 @@ phases: python: latest build: commands: - - pip install tox + - pip install "tox < 4.0" - tox diff --git a/codebuild/py310/awses_local.yml b/codebuild/py310/awses_local.yml index a60eba6d2..beb967f47 100644 --- a/codebuild/py310/awses_local.yml +++ b/codebuild/py310/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py310/examples.yml b/codebuild/py310/examples.yml index 59bb42499..4d64f5c6c 100644 --- a/codebuild/py310/examples.yml +++ b/codebuild/py310/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py310/integ.yml b/codebuild/py310/integ.yml index 3346a06a2..1a2ca5022 100644 --- a/codebuild/py310/integ.yml +++ b/codebuild/py310/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py37/awses_local.yml b/codebuild/py37/awses_local.yml index 9e77d43f7..c4265fc71 100644 --- a/codebuild/py37/awses_local.yml +++ b/codebuild/py37/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py37/examples.yml b/codebuild/py37/examples.yml index 57d1626df..14b220524 100644 --- a/codebuild/py37/examples.yml +++ b/codebuild/py37/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py37/integ.yml b/codebuild/py37/integ.yml index 04d24c26d..6306c20e2 100644 --- a/codebuild/py37/integ.yml +++ b/codebuild/py37/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/awses_local.yml b/codebuild/py38/awses_local.yml index 4e20973d4..936a9ca6c 100644 --- a/codebuild/py38/awses_local.yml +++ b/codebuild/py38/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py38/examples.yml b/codebuild/py38/examples.yml index 1a8f4f826..221ad4f80 100644 --- a/codebuild/py38/examples.yml +++ b/codebuild/py38/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/integ.yml b/codebuild/py38/integ.yml index 28eae25fc..088a2c7ba 100644 --- a/codebuild/py38/integ.yml +++ b/codebuild/py38/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/awses_1.7.1.yml b/codebuild/py39/awses_1.7.1.yml index e261b5e4d..c61024409 100644 --- a/codebuild/py39/awses_1.7.1.yml +++ b/codebuild/py39/awses_1.7.1.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_2.0.0.yml b/codebuild/py39/awses_2.0.0.yml index b4a6654d5..df6cd489c 100644 --- a/codebuild/py39/awses_2.0.0.yml +++ b/codebuild/py39/awses_2.0.0.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_latest.yml b/codebuild/py39/awses_latest.yml index ac70cede8..0675cbb0a 100644 --- a/codebuild/py39/awses_latest.yml +++ b/codebuild/py39/awses_latest.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/examples.yml b/codebuild/py39/examples.yml index 9b1911024..6f07efcea 100644 --- a/codebuild/py39/examples.yml +++ b/codebuild/py39/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/integ.yml b/codebuild/py39/integ.yml index c7452e37e..1e9743e39 100644 --- a/codebuild/py39/integ.yml +++ b/codebuild/py39/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index 1ca777732..df5afb2fc 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 36452b76c..cab56a9fd 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 95dfd5cb2..1043745ee 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -3,7 +3,7 @@ version: 0.2 phases: install: commands: - - pip install tox + - pip install "tox < 4.0" runtime-versions: python: latest pre_build: @@ -13,7 +13,7 @@ phases: - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" build: commands: - NUM_RETRIES=3 From 85b7e7ac196f14231304b9c634a424a0be85cfd8 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 21 Dec 2022 08:39:44 -0800 Subject: [PATCH 03/10] Update decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py Co-authored-by: seebees --- decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index b9bc10ac9..161c318cc 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -60,6 +60,8 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: + // The decrypt oracle needs to be able to decrypt any message + // it does not encrypt messages for anyone. client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) ciphertext = APP.current_request.raw_body plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider()) From a096c6561d0a79835f2ff2d5a8ae817dd76c3c71 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 21 Dec 2022 17:12:45 +0000 Subject: [PATCH 04/10] fix: change forward-slashes to pound for comment --- decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index 161c318cc..0da46025a 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -60,8 +60,8 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: - // The decrypt oracle needs to be able to decrypt any message - // it does not encrypt messages for anyone. + # The decrypt oracle needs to be able to decrypt any message + # it does not encrypt messages for anyone. client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) ciphertext = APP.current_request.raw_body plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider()) From 5a227495a42f27b6910961f1dc8335a3fef71282 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 21 Dec 2022 09:51:40 -0800 Subject: [PATCH 05/10] fix: linting issue - ran autoformatter --- decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index 0da46025a..820b9e015 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -60,7 +60,7 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: - # The decrypt oracle needs to be able to decrypt any message + # The decrypt oracle needs to be able to decrypt any message # it does not encrypt messages for anyone. client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) ciphertext = APP.current_request.raw_body From edda53f1d84e7326868eca4aa97459a5230a6f12 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Thu, 22 Dec 2022 01:31:24 -0800 Subject: [PATCH 06/10] fix: deprecate python36 from chalice --- decrypt_oracle/.chalice/buildspec.yaml | 2 +- decrypt_oracle/.chalice/pipeline.py | 2 +- decrypt_oracle/tox.ini | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/decrypt_oracle/.chalice/buildspec.yaml b/decrypt_oracle/.chalice/buildspec.yaml index 657c5a4be..d7c256698 100644 --- a/decrypt_oracle/.chalice/buildspec.yaml +++ b/decrypt_oracle/.chalice/buildspec.yaml @@ -2,7 +2,7 @@ version: 0.2 phases: install: commands: - - pip install tox + - pip install "tox < 4.0" build: commands: - cd decrypt_oracle diff --git a/decrypt_oracle/.chalice/pipeline.py b/decrypt_oracle/.chalice/pipeline.py index 45e050a2d..39eb7865c 100644 --- a/decrypt_oracle/.chalice/pipeline.py +++ b/decrypt_oracle/.chalice/pipeline.py @@ -23,7 +23,7 @@ APPLICATION_NAME = "AwsEncryptionSdkDecryptOraclePython" PIPELINE_STACK_NAME = "{}DeployPipeline".format(APPLICATION_NAME) -CODEBUILD_IMAGE = "aws/codebuild/python:3.6.5" +CODEBUILD_IMAGE = "aws/codebuild/standard:5.0" BUILDSPEC = "decrypt_oracle/.chalice/buildspec.yaml" GITHUB_REPO = "aws-encryption-sdk-python" WAITER_CONFIG = dict(Delay=10) diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index ce640bd32..d2ac8fc00 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -35,7 +35,7 @@ envlist = [testenv:generate-pipeline] -basepython = python3.9 +basepython = python3 skip_install = true deps = troposphere[policy] @@ -44,7 +44,7 @@ commands = python .chalice/pipeline.py {posargs} [testenv:chalice-prep] -basepython = python3.9 +basepython = python3 skip_install = true recreate = true deps = {[testenv:build]deps} @@ -59,7 +59,7 @@ commands = python {toxinidir}/.chalice/build-requirements.py [testenv:chalice] -basepython = python3.9 +basepython = python3 recreate = true deps = {[testenv:chalice-prep]deps} @@ -69,7 +69,7 @@ commands = chalice {posargs} [testenv:chalice-deploy] -basepython = python3.9 +basepython = python3 recreate = true deps = {[testenv:chalice]deps} From 30392065f5b77f5f64edb91d8e912f09da927d1a Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 9 Jan 2023 13:31:23 -0800 Subject: [PATCH 07/10] Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- decrypt_oracle/tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index d2ac8fc00..17bcdf4bc 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -35,7 +35,7 @@ envlist = [testenv:generate-pipeline] -basepython = python3 +basepython = python3.9 skip_install = true deps = troposphere[policy] From ff56fbedb975eff5d140240daeac3fdab51a8fb6 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 9 Jan 2023 13:31:36 -0800 Subject: [PATCH 08/10] Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- decrypt_oracle/tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index 17bcdf4bc..b99255ee2 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -44,7 +44,7 @@ commands = python .chalice/pipeline.py {posargs} [testenv:chalice-prep] -basepython = python3 +basepython = python3.9 skip_install = true recreate = true deps = {[testenv:build]deps} From 27c79d996f5163dd1c61f476b1bb17b556e2d10b Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 9 Jan 2023 13:31:50 -0800 Subject: [PATCH 09/10] Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- decrypt_oracle/tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index b99255ee2..e5711cf99 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -59,7 +59,7 @@ commands = python {toxinidir}/.chalice/build-requirements.py [testenv:chalice] -basepython = python3 +basepython = python3.9 recreate = true deps = {[testenv:chalice-prep]deps} From 18ae584575dace7bb30093be2b6e3d1af38031a7 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 9 Jan 2023 13:31:57 -0800 Subject: [PATCH 10/10] Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- decrypt_oracle/tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index e5711cf99..ce640bd32 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -69,7 +69,7 @@ commands = chalice {posargs} [testenv:chalice-deploy] -basepython = python3 +basepython = python3.9 recreate = true deps = {[testenv:chalice]deps}