chore(keyring examples): refactor keyring examples and move master key provider examples to legacy

examples/src/__init__.py

@@ -1,13 +1,3 @@
-# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 """Stub module indicator to make linter configuration simpler."""

examples/src/keyrings/aws_kms_discovery_keyring_example.py → examples/src/aws_kms_discovery_keyring_example.py

@@ -43,7 +43,7 @@
     DiscoveryFilter,
 )
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_discovery_multi_keyring_example.py → examples/src/aws_kms_discovery_multi_keyring_example.py

@@ -40,7 +40,7 @@
     DiscoveryFilter,
 )
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
@@ -56,7 +56,7 @@
 def encrypt_and_decrypt_with_keyring(
     kms_key_id: str,
     aws_account_id: str,
-    aws_regions: list[str]
+    aws_regions: list
 ):
     """Demonstrate an encrypt/decrypt cycle using an AWS KMS Discovery Multi Keyring.
 

examples/src/keyrings/aws_kms_keyring_example.py → examples/src/aws_kms_keyring_example.py

@@ -24,7 +24,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_mrk_discovery_keyring_example.py → examples/src/aws_kms_mrk_discovery_keyring_example.py

@@ -45,7 +45,7 @@
     DiscoveryFilter,
 )
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_mrk_discovery_multi_keyring_example.py → examples/src/aws_kms_mrk_discovery_multi_keyring_example.py

@@ -47,7 +47,7 @@
     DiscoveryFilter,
 )
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
@@ -64,7 +64,7 @@ def encrypt_and_decrypt_with_keyring(
     mrk_key_id_encrypt: str,
     mrk_encrypt_region: str,
     aws_account_id: str,
-    aws_regions: list[str]
+    aws_regions: list
 ):
     """Demonstrate decryption using an AWS KMS MRK Discovery Multi keyring.
 

examples/src/keyrings/aws_kms_mrk_keyring_example.py → examples/src/aws_kms_mrk_keyring_example.py

@@ -28,7 +28,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsMrkKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_mrk_multi_keyring_example.py → examples/src/aws_kms_mrk_multi_keyring_example.py

@@ -34,7 +34,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsMrkKeyringInput, CreateAwsKmsMrkMultiKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_multi_keyring_example.py → examples/src/aws_kms_multi_keyring_example.py

@@ -43,7 +43,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsKeyringInput, CreateAwsKmsMultiKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/aws_kms_rsa_keyring_example.py → examples/src/aws_kms_rsa_keyring_example.py

@@ -21,7 +21,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsRsaKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/branch_key_id_supplier_example.py → examples/src/branch_key_id_supplier_example.py

@@ -4,7 +4,7 @@
 
 from aws_cryptographic_materialproviders.mpl.models import GetBranchKeyIdInput, GetBranchKeyIdOutput
 from aws_cryptographic_materialproviders.mpl.references import IBranchKeyIdSupplier
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 
 class ExampleBranchKeyIdSupplier(IBranchKeyIdSupplier):

examples/src/keyrings/file_streaming_example.py → examples/src/file_streaming_example.py

@@ -31,7 +31,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import AesWrappingAlg, CreateRawAesKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/hierarchical_keyring_example.py → examples/src/hierarchical_keyring_example.py

@@ -47,7 +47,7 @@
     DefaultCache,
 )
 from aws_cryptographic_materialproviders.mpl.references import IBranchKeyIdSupplier, IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/legacy/pylintrc

@@ -0,0 +1,44 @@
+[MESSAGE CONTROL]
+# Disabling messages that either we don't care about we intentionally break.
+disable =
+    invalid-name,  # we prefer long, descriptive, names for examples
+    bad-continuation,  # we let black handle this
+    ungrouped-imports,  # we let isort handle this
+    no-member,  # breaks with attrs
+    no-self-use,  # interesting to keep in mind for later refactoring, but not blocking
+    useless-object-inheritance,  # we need to support Python 2, so no, not useless
+    duplicate-code,  # some examples may be similar
+    too-few-public-methods,  # does not allow value stores
+    too-many-locals,  # examples may sometimes have more locals defined for clarity than would be appropriate in code
+    no-else-return,  # we omit this on purpose for brevity where it would add no value
+    attribute-defined-outside-init,  # breaks with attrs_post_init
+    abstract-method,  # throws false positives on io.BaseIO grandchildren
+    redefined-outer-name,  # we do this on purpose in multiple places
+    consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation
+
+[BASIC]
+# Allow function names up to 50 characters
+function-rgx = [a-z_][a-z0-9_]{2,50}$
+# Allow method names up to 50 characters
+method-rgx = [a-z_][a-z0-9_]{2,50}$
+# Allow class attribute names up to 50 characters
+# Whitelist class attribute names: iv
+class-attribute-rgx = (([A-Za-z_][A-Za-z0-9_]{2,50}|(__.*__))$)|(^iv$)
+# Whitelist attribute names: iv
+attr-rgx = ([a-z_][a-z0-9_]{2,30}$)|(^iv$)
+# Whitelist argument names: iv, b
+argument-rgx = ([a-z_][a-z0-9_]{2,30}$)|(^iv$)|(^b$)
+# Whitelist variable names: iv, b, _b, x, y, r, s
+variable-rgx = ([a-z_][a-z0-9_]{2,30}$)|(^iv$)|(^b$)|(^_b$)|(^x$)|(^y$)|(^r$)|(^s$)
+
+[VARIABLES]
+additional-builtins = raw_input
+
+[DESIGN]
+max-args = 10
+
+[FORMAT]
+max-line-length = 120
+
+[REPORTS]
+msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg}

examples/src/keyrings/migration_set_commitment_policy_example.py → examples/src/migration_set_commitment_policy_example.py

@@ -27,7 +27,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import CreateAwsKmsKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/multi_keyring_example.py → examples/src/multi_keyring_example.py

@@ -49,7 +49,7 @@
     CreateRawAesKeyringInput,
 )
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/pylintrc

@@ -1,6 +1,7 @@
 [MESSAGE CONTROL]
 # Disabling messages that either we don't care about we intentionally break.
 disable =
+    import-error, # ignore mpl import errors
     invalid-name,  # we prefer long, descriptive, names for examples
     bad-continuation,  # we let black handle this
     ungrouped-imports,  # we let isort handle this

examples/src/keyrings/raw_aes_keyring_example.py → examples/src/raw_aes_keyring_example.py

@@ -29,7 +29,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import AesWrappingAlg, CreateRawAesKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/src/keyrings/raw_rsa_keyring_example.py → examples/src/raw_rsa_keyring_example.py

@@ -42,7 +42,7 @@
 from cryptography.hazmat.backends import default_backend as crypto_default_backend
 from cryptography.hazmat.primitives import serialization as crypto_serialization
 from cryptography.hazmat.primitives.asymmetric import rsa
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
@@ -240,7 +240,7 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file
 
     # 10. Test decrypt for the original ciphertext using raw_rsa_keyring_bob
     try:
-        plaintext_bytes_bob, _ = client.decrypt(
+        plaintext_bytes_bob, _ = client.decrypt(  # pylint: disable=unused-variable
             source=ciphertext,
             keyring=raw_rsa_keyring_bob
         )

examples/src/keyrings/required_encryption_context_cmm.py → examples/src/required_encryption_context_cmm.py

@@ -19,7 +19,7 @@
     CreateRequiredEncryptionContextCMMInput,
 )
 from aws_cryptographic_materialproviders.mpl.references import ICryptographicMaterialsManager, IKeyring
-from typing import Dict, List
+from typing import Dict, List  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
@@ -53,7 +53,8 @@ def encrypt_and_decrypt_with_keyring(
     #    Most encrypted data should have an associated encryption context
     #    to protect integrity. This sample uses placeholder values.
     #    For more information see:
-    #    blogs.aws.amazon.com/security/post/Tx2LZ6WBJJANTNW/How-to-Protect-the-Integrity-of-Your-Encrypted-Data-by-Using-AWS-Key-Management  # noqa: E501
+    #    pylint: disable=line-too-long
+    #    blogs.aws.amazon.com/security/post/Tx2LZ6WBJJANTNW/How-to-Protect-the-Integrity-of-Your-Encrypted-Data-by-Using-AWS-Key-Management
     encryption_context: Dict[str, str] = {
         "key1": "value1",
         "key2": "value2",

examples/src/keyrings/set_encryption_algorithm_suite_example.py → examples/src/set_encryption_algorithm_suite_example.py

@@ -45,7 +45,7 @@
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
 from aws_cryptographic_materialproviders.mpl.models import AesWrappingAlg, CreateRawAesKeyringInput
 from aws_cryptographic_materialproviders.mpl.references import IKeyring
-from typing import Dict
+from typing import Dict  # noqa pylint: disable=wrong-import-order
 
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy

examples/test/__init__.py

@@ -1,13 +1,3 @@
-# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-# http://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 """Stub module indicator to make linter configuration simpler."""

examples/test/examples_test_utils.py → examples/test/legacy/examples_test_utils.py

@@ -15,7 +15,7 @@
 import sys
 
 os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes"
-sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])])
+sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "..", "test", "integration"])])
 
 static_plaintext = (
     b"Lorem ipsum dolor sit amet, consectetur adipiscing elit. "

examples/test/legacy/pylintrc

@@ -0,0 +1,22 @@
+[MESSAGES CONTROL]
+# Disabling messages that we either don't care about for tests or are necessary to break for tests.
+disable =
+    invalid-name,  # we prefer long, descriptive, names for tests
+    missing-docstring,  # we don't write docstrings for tests
+    wrong-import-position,  # similar to E0401, pylint does not appear to identify
+                            # unknown modules as non-standard-library. flake8 tests for this as well
+                            # and does treat them properly
+    duplicate-code,  # tests for similar things tend to be similar
+    consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation
+
+[VARIABLES]
+additional-builtins = raw_input
+
+[DESIGN]
+max-args = 10
+
+[FORMAT]
+max-line-length = 120
+
+[REPORTS]
+msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg}

examples/test/test_i_basic_encryption.py → examples/test/legacy/test_i_basic_encryption.py

@@ -14,10 +14,9 @@
 import botocore.session
 import pytest
 
-from ..src.basic_encryption import cycle_string
+from ...src.legacy.basic_encryption import cycle_string
 from .examples_test_utils import get_cmk_arn, static_plaintext
 
-
 pytestmark = [pytest.mark.examples]
 
 

examples/test/test_i_basic_file_encryption_with_multiple_providers.py → examples/test/legacy/test_i_basic_file_encryption_with_multiple_providers.py

@@ -17,10 +17,8 @@
 import botocore.session
 import pytest
 
-from ..src.basic_file_encryption_with_multiple_providers import cycle_file
-from .examples_test_utils import get_cmk_arn
-from .examples_test_utils import static_plaintext
-
+from ...src.legacy.basic_file_encryption_with_multiple_providers import cycle_file
+from .examples_test_utils import get_cmk_arn, static_plaintext
 
 pytestmark = [pytest.mark.examples]
 

examples/test/test_i_basic_file_encryption_with_raw_key_provider.py → examples/test/legacy/test_i_basic_file_encryption_with_raw_key_provider.py

@@ -16,10 +16,9 @@
 
 import pytest
 
-from ..src.basic_file_encryption_with_raw_key_provider import cycle_file
+from ...src.legacy.basic_file_encryption_with_raw_key_provider import cycle_file
 from .examples_test_utils import static_plaintext
 
-
 pytestmark = [pytest.mark.examples]
 
 

examples/test/test_i_data_key_caching_basic.py → examples/test/legacy/test_i_data_key_caching_basic.py

@@ -13,10 +13,9 @@
 """Unit test suite for the basic data key caching example in the AWS-hosted documentation."""
 import pytest
 
-from ..src.data_key_caching_basic import encrypt_with_caching
+from ...src.legacy.data_key_caching_basic import encrypt_with_caching
 from .examples_test_utils import get_cmk_arn
 
-
 pytestmark = [pytest.mark.examples]
 
 

examples/test/test_i_discovery_kms_provider.py → examples/test/legacy/test_i_discovery_kms_provider.py

@@ -15,10 +15,8 @@
 import botocore.session
 import pytest
 
-from ..src.discovery_kms_provider import encrypt_decrypt
-from .examples_test_utils import get_cmk_arn
-from .examples_test_utils import static_plaintext
-
+from ...src.legacy.discovery_kms_provider import encrypt_decrypt
+from .examples_test_utils import get_cmk_arn, static_plaintext
 
 pytestmark = [pytest.mark.examples]
 

examples/test/test_i_mrk_aware_kms_provider.py → examples/test/legacy/test_i_mrk_aware_kms_provider.py

@@ -14,10 +14,8 @@
 
 import pytest
 
-from ..src.mrk_aware_kms_provider import encrypt_decrypt
-from .examples_test_utils import get_mrk_arn, get_second_mrk_arn
-from .examples_test_utils import static_plaintext
-
+from ...src.legacy.mrk_aware_kms_provider import encrypt_decrypt
+from .examples_test_utils import get_mrk_arn, get_second_mrk_arn, static_plaintext
 
 pytestmark = [pytest.mark.examples]