From 84a01ec2abd1083887809139e074d1c5ce3cbe27 Mon Sep 17 00:00:00 2001 From: cjkindel Date: Mon, 8 Aug 2022 09:36:57 -0700 Subject: [PATCH 01/43] refactor: reduce logging verbosity (#494) --- src/aws_encryption_sdk/streaming_client.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/aws_encryption_sdk/streaming_client.py b/src/aws_encryption_sdk/streaming_client.py index 54eb046d2..1119cb740 100644 --- a/src/aws_encryption_sdk/streaming_client.py +++ b/src/aws_encryption_sdk/streaming_client.py @@ -299,10 +299,10 @@ def seek(self, offset, whence=0): def readline(self): """Read a chunk of the output""" - _LOGGER.info("reading line") + _LOGGER.debug("reading line") line = self.read(self.line_length) if len(line) < self.line_length: - _LOGGER.info("all lines read") + _LOGGER.debug("all lines read") return line def readlines(self): From ca58e5e0ce373e9ae5132bb5ce95b6886a0a37d3 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Fri, 26 Aug 2022 09:34:41 -0700 Subject: [PATCH 02/43] docs(SupportPolicy): Mark 1.x & 2.x End-of-Support (#501) --- SUPPORT_POLICY.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 9020b6a11..76cd580d4 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -22,13 +22,13 @@ This table describes the current support status of each major version of the AWS - Next status - Next status date * - 1.x - - Maintenance - End of Support - - 2022-06-30 + - + - * - 2.x - - Maintenance - End of Support - - 2022-07-01 + - + - * - 3.x - General Availability - From 78e43b38a5b9df9a925084242a230fccf91476f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Fri, 26 Aug 2022 16:47:45 -0700 Subject: [PATCH 03/43] chore(release): add api token to staging release process (#502) adding ignore missing timeout to pylintrc --- codebuild/release/test-release.yml | 4 ++-- decrypt_oracle/test/pylintrc | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 6c0ce85c9..36452b76c 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: TestPyPiCryptoTools:username - TWINE_PASSWORD: TestPyPiCryptoTools:password + TWINE_USERNAME: TestPyPiAPIToken:username + TWINE_PASSWORD: TestPyPiAPIToken:password phases: install: diff --git a/decrypt_oracle/test/pylintrc b/decrypt_oracle/test/pylintrc index 3d4a895b2..7cbbfc2ff 100644 --- a/decrypt_oracle/test/pylintrc +++ b/decrypt_oracle/test/pylintrc @@ -5,7 +5,8 @@ disable = missing-docstring, # we don't write docstrings for tests bad-continuation, # we let black handle this ungrouped-imports, # we let isort handle this - consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation + consider-using-f-string, # disable until 2022-05-05; 6 months after 3.5 deprecation + missing-timeout # disabling until we come up with a reasonable number [FORMAT] max-line-length = 120 From 333c85b40b8ee20ed6303b9775e7fb9a6c6d2c63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Mon, 29 Aug 2022 13:06:41 -0700 Subject: [PATCH 04/43] chore(release): add api token to prod release process (#503) --- codebuild/release/prod-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index aa985e361..1ca777732 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: PyPiAdmin:username - TWINE_PASSWORD: PyPiAdmin:password + TWINE_USERNAME: PyPiAPIToken:username + TWINE_PASSWORD: PyPiAPIToken:password phases: install: From aced92c3d87dddf3e0920b9dfad4cedd2473604a Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 29 Aug 2022 19:02:26 -0700 Subject: [PATCH 05/43] fix: update pyca range (#507) --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fab293c05..2f4323845 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ boto3>=1.10.0 -cryptography>=2.5.0 +cryptography>=3.4.0 attrs>=17.4.0 wrapt>=1.10.11 From 93f01d655d6bce704bd8779cc9c4acb5f96b980c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Sep 2022 09:50:24 -0700 Subject: [PATCH 06/43] chore(deps): bump flake8-bugbear in /dev_requirements (#512) --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 1ce748cb4..6e69c7408 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -2,7 +2,7 @@ bandit==1.7.4 black==22.3.0 doc8==0.10.1 flake8==4.0.1 -flake8-bugbear==22.1.11 +flake8-bugbear==22.9.11 flake8-docstrings==1.6.0 flake8-print==4.0.0 isort==5.10.1 From d064bf8813d25e1ba4a8cce7269b8ee48acfd79a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Oct 2022 10:00:10 -0700 Subject: [PATCH 07/43] chore(deps): bump actions/setup-python from 2 to 4.2.0 (#491) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v4.2.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_decrypt-oracle.yaml | 4 ++-- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_test-vector-handler.yaml | 4 ++-- .github/workflows/ci_tests.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml index 2819ad646..149adea13 100644 --- a/.github/workflows/ci_decrypt-oracle.yaml +++ b/.github/workflows/ci_decrypt-oracle.yaml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: # The oracle runs in a Python 3.6 Lamba python-version: 3.6 @@ -39,7 +39,7 @@ jobs: - pylint-tests steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v4 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 3cdadf215..0093ae9a9 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -28,7 +28,7 @@ jobs: - isort-check steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml index f5b42cf86..8198ef2cd 100644 --- a/.github/workflows/ci_test-vector-handler.yaml +++ b/.github/workflows/ci_test-vector-handler.yaml @@ -46,7 +46,7 @@ jobs: aws-secret-access-key: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }} aws-region: us-west-2 - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.architecture }} @@ -73,7 +73,7 @@ jobs: - pylint-tests steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v4 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index f269246bc..81d6f7621 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -51,7 +51,7 @@ jobs: architecture: x86 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.architecture }} @@ -72,7 +72,7 @@ jobs: - test-upstream-requirements-py37 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v4 with: python-version: 3.7 - run: | From 8b6a49388c85785a22d59430007b7873ac8acf96 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 23 Nov 2022 16:54:41 -0800 Subject: [PATCH 08/43] chore: drop py3.6 from Oracle & Test Vectors (#529) --- .github/workflows/ci_decrypt-oracle.yaml | 6 +- .github/workflows/ci_test-vector-handler.yaml | 4 +- .github/workflows/ci_tests.yaml | 1 - buildspec.yml | 2 - codebuild/py36/awses_local.yml | 27 --- decrypt_oracle/setup.py | 1 - decrypt_oracle/tox.ini | 42 +--- test_vector_handlers/LICENSE | 201 ++++++++++++++++++ test_vector_handlers/MANIFEST.in | 4 - test_vector_handlers/README.rst | 4 +- test_vector_handlers/setup.py | 2 - .../aws-crypto-tools-test-vector-framework | 2 +- test_vector_handlers/tox.ini | 28 +-- 13 files changed, 217 insertions(+), 107 deletions(-) delete mode 100644 codebuild/py36/awses_local.yml create mode 100644 test_vector_handlers/LICENSE diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml index 149adea13..335bc8e98 100644 --- a/.github/workflows/ci_decrypt-oracle.yaml +++ b/.github/workflows/ci_decrypt-oracle.yaml @@ -14,8 +14,8 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - # The oracle runs in a Python 3.6 Lamba - python-version: 3.6 + # The oracle will run on a Python 3.9 Lamba + python-version: 3.9 - run: | python -m pip install --upgrade pip pip install --upgrade -r dev_requirements/ci-requirements.txt @@ -41,7 +41,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - python-version: 3.8 + python-version: 3.9 - run: | python -m pip install --upgrade pip pip install --upgrade -r dev_requirements/ci-requirements.txt diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml index 8198ef2cd..81ad1fa09 100644 --- a/.github/workflows/ci_test-vector-handler.yaml +++ b/.github/workflows/ci_test-vector-handler.yaml @@ -21,8 +21,6 @@ jobs: - windows-latest - macos-latest python: - - 2.7 - - 3.6 - 3.7 - 3.8 - 3.x @@ -75,7 +73,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/setup-python@v4 with: - python-version: 3.8 + python-version: 3.9 - run: | python -m pip install --upgrade pip pip install --upgrade -r dev_requirements/ci-requirements.txt diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 81d6f7621..3e4f51c93 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -28,7 +28,6 @@ jobs: - windows-latest - macos-latest python: - - 3.6 - 3.7 - 3.8 - 3.9 diff --git a/buildspec.yml b/buildspec.yml index bb1e0cd97..5d50f5675 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -7,8 +7,6 @@ batch: buildspec: codebuild/py36/integ.yml - identifier: py36_examples buildspec: codebuild/py36/examples.yml - - identifier: py36_awses_local - buildspec: codebuild/py36/awses_local.yml - identifier: py37_integ buildspec: codebuild/py37/integ.yml diff --git a/codebuild/py36/awses_local.yml b/codebuild/py36/awses_local.yml deleted file mode 100644 index b68a7e434..000000000 --- a/codebuild/py36/awses_local.yml +++ /dev/null @@ -1,27 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py36-awses_local" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- - arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- - arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" - AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pyenv install 3.6.15 - - pyenv local 3.6.15 - - pip install tox tox-pyenv - - cd test_vector_handlers - - tox diff --git a/decrypt_oracle/setup.py b/decrypt_oracle/setup.py index c56d64911..f68454392 100644 --- a/decrypt_oracle/setup.py +++ b/decrypt_oracle/setup.py @@ -45,7 +45,6 @@ def get_requirements(): "Natural Language :: English", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index b90d9f527..ce640bd32 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{36,37,38,39}-{local,integ}, + py{39}-{local,integ}, bandit, doc8, readme, docs, {flake8,pylint}{,-tests}, # prone to false positives @@ -35,7 +35,7 @@ envlist = [testenv:generate-pipeline] -basepython = python3 +basepython = python3.9 skip_install = true deps = troposphere[policy] @@ -44,7 +44,7 @@ commands = python .chalice/pipeline.py {posargs} [testenv:chalice-prep] -basepython = python3.6 +basepython = python3.9 skip_install = true recreate = true deps = {[testenv:build]deps} @@ -59,7 +59,7 @@ commands = python {toxinidir}/.chalice/build-requirements.py [testenv:chalice] -basepython = python3.6 +basepython = python3.9 recreate = true deps = {[testenv:chalice-prep]deps} @@ -69,7 +69,7 @@ commands = chalice {posargs} [testenv:chalice-deploy] -basepython = python3.6 +basepython = python3.9 recreate = true deps = {[testenv:chalice]deps} @@ -141,17 +141,6 @@ commands = {posargs} {[testenv:mypy-coverage]commands} -[testenv:mypy-py2] -basepython = {[testenv:mypy-common]basepython} -deps = {[testenv:mypy-common]deps} -commands = - python -m mypy \ - --py2 \ - --linecoverage-report build \ - src/aws_encryption_sdk_decrypt_oracle/ \ - {posargs} - {[testenv:mypy-coverage]commands} - # Linters [testenv:flake8] basepython = python3 @@ -167,7 +156,6 @@ commands = app.py \ setup.py \ .chalice/pipeline.py \ - #doc/conf.py \ {posargs} [testenv:flake8-tests] @@ -218,7 +206,6 @@ commands = src/aws_encryption_sdk_decrypt_oracle/ \ setup.py \ app.py \ - #doc/conf.py \ test/ \ .chalice/pipeline.py \ {posargs} @@ -276,7 +263,7 @@ basepython = python3 deps = sphinx doc8 -commands = doc8 doc/index.rst README.rst CHANGELOG.rst +commands = doc8 README.rst [testenv:readme] basepython = python3 @@ -319,21 +306,6 @@ commands = {[testenv:flake8-tests]commands} {[testenv:pylint-tests]commands} -# Documentation -[testenv:docs] -basepython = python3 -deps = -rdoc/requirements.txt -commands = - sphinx-build -E -c doc/ -b html doc/ doc/build/html - -[testenv:serve-docs] -basepython = python3 -skip_install = true -changedir = doc/build/html -deps = -commands = - python -m http.server {posargs} - # Release tooling [testenv:park] basepython = python3 @@ -347,11 +319,9 @@ commands = python setup.py park basepython = python3 skip_install = true deps = - #{[testenv:docs]deps} wheel setuptools commands = - #{[testenv:docs]commands} python setup.py sdist bdist_wheel [testenv:test-release] diff --git a/test_vector_handlers/LICENSE b/test_vector_handlers/LICENSE new file mode 100644 index 000000000..8dada3eda --- /dev/null +++ b/test_vector_handlers/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/test_vector_handlers/MANIFEST.in b/test_vector_handlers/MANIFEST.in index 132bd9406..71b01728a 100644 --- a/test_vector_handlers/MANIFEST.in +++ b/test_vector_handlers/MANIFEST.in @@ -1,9 +1,5 @@ include README.rst -include CHANGELOG.rst -include CONTRIBUTING.rst include LICENSE include requirements.txt -recursive-include doc * recursive-include test *.py -recursive-include examples *.py \ No newline at end of file diff --git a/test_vector_handlers/README.rst b/test_vector_handlers/README.rst index 382352736..846400127 100644 --- a/test_vector_handlers/README.rst +++ b/test_vector_handlers/README.rst @@ -12,7 +12,7 @@ Getting Started Required Prerequisites ====================== -* Python 2.7 or 3.4+ +* Python 3.7+ * aws-encryption-sdk Use @@ -75,4 +75,4 @@ decrypt and verify all referenced ciphertexts. -h, --help show this help message and exit --input INPUT Existing full message decrypt manifest -.. _shared test vectors repository: https://github.com/awslabs/aws-encryption-sdk-test-vectors \ No newline at end of file +.. _shared test vectors repository: https://github.com/awslabs/aws-encryption-sdk-test-vectors diff --git a/test_vector_handlers/setup.py b/test_vector_handlers/setup.py index 9a89fb698..54d857db0 100644 --- a/test_vector_handlers/setup.py +++ b/test_vector_handlers/setup.py @@ -46,8 +46,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/test_vector_handlers/test/aws-crypto-tools-test-vector-framework b/test_vector_handlers/test/aws-crypto-tools-test-vector-framework index 1779b438f..c3d73fae2 160000 --- a/test_vector_handlers/test/aws-crypto-tools-test-vector-framework +++ b/test_vector_handlers/test/aws-crypto-tools-test-vector-framework @@ -1 +1 @@ -Subproject commit 1779b438f23cb356d5cab7ca40068dcb827b4cb1 +Subproject commit c3d73fae260fd9e9cc9e746f09a7ffbab83576e2 diff --git a/test_vector_handlers/tox.ini b/test_vector_handlers/tox.ini index 10be9652d..643750cd2 100644 --- a/test_vector_handlers/tox.ini +++ b/test_vector_handlers/tox.ini @@ -2,9 +2,9 @@ envlist = # The test vectors depend on new features now, # so until release we can only effectively test the local version of the ESDK. - py{35,36,37,38,39,310}-awses_local, + py{37,38,39,310}-awses_local, # 1.2.0 and 1.2.max are being difficult because of attrs - bandit, doc8, readme, docs, + bandit, doc8, readme, {flake8,pylint}{,-tests}, # prone to false positives vulture @@ -30,8 +30,6 @@ envlist = # Operational helper environments: # -# docs :: Builds Sphinx documentation. -# serve-docs :: Starts local webserver to serve built documentation. # build :: Builds source and wheel dist files. # test-release :: Builds dist files and uploads to testpypi pypirc profile. # release :: Builds dist files and uploads to pypi pypirc profile. @@ -110,7 +108,6 @@ commands = flake8 \ src/awses_test_vectors/ \ setup.py \ - #doc/conf.py \ {posargs} [testenv:flake8-tests] @@ -152,7 +149,6 @@ commands = black --line-length 120 \ src/awses_test_vectors/ \ setup.py \ - #doc/conf.py \ test/ \ {posargs} @@ -182,7 +178,6 @@ deps = -r../dev_requirements/linter-requirements.txt commands = isort -rc \ src \ test \ - #doc \ setup.py \ {posargs} @@ -204,7 +199,7 @@ commands = [testenv:doc8] basepython = python3 deps = -r../dev_requirements/linter-requirements.txt -commands = doc8 doc/index.rst README.rst CHANGELOG.rst +commands = doc8 README.rst [testenv:readme] basepython = python3 @@ -246,21 +241,6 @@ commands = {[testenv:flake8-tests]commands} {[testenv:pylint-tests]commands} -# Documentation -[testenv:docs] -basepython = python3 -deps = -rdoc/requirements.txt -commands = - sphinx-build -E -c doc/ -b html doc/ doc/build/html - -[testenv:serve-docs] -basepython = python3 -skip_install = true -changedir = doc/build/html -deps = -commands = - python -m http.server {posargs} - # Release tooling [testenv:park] basepython = python3 @@ -272,10 +252,8 @@ commands = python setup.py park basepython = python3 skip_install = true deps = - {[testenv:docs]deps} -r../dev_requirements/release-requirements.txt commands = - {[testenv:docs]commands} python setup.py sdist bdist_wheel [testenv:test-release] From a753ff884fe3000881c7d3a2392a0b5d65cfa138 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Tue, 29 Nov 2022 11:34:35 -0800 Subject: [PATCH 09/43] chore: drop py36 support (#530) --- README.rst | 2 +- buildspec.yml | 5 ----- codebuild/py36/examples.yml | 24 ------------------------ codebuild/py36/integ.yml | 24 ------------------------ setup.py | 1 - tox.ini | 2 +- 6 files changed, 2 insertions(+), 56 deletions(-) delete mode 100644 codebuild/py36/examples.yml delete mode 100644 codebuild/py36/integ.yml diff --git a/README.rst b/README.rst index 7f1b22824..b9acc3edc 100644 --- a/README.rst +++ b/README.rst @@ -34,7 +34,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.6+ +* Python 3.7+ * cryptography >= 2.5.0 * boto3 >= 1.10.0 * attrs diff --git a/buildspec.yml b/buildspec.yml index 5d50f5675..2f2571f64 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,11 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: py36_integ - buildspec: codebuild/py36/integ.yml - - identifier: py36_examples - buildspec: codebuild/py36/examples.yml - - identifier: py37_integ buildspec: codebuild/py37/integ.yml - identifier: py37_examples diff --git a/codebuild/py36/examples.yml b/codebuild/py36/examples.yml deleted file mode 100644 index 46af14902..000000000 --- a/codebuild/py36/examples.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py36-examples" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- - arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- - arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pyenv install 3.6.15 - - pyenv local 3.6.15 - - pip install tox tox-pyenv - - tox diff --git a/codebuild/py36/integ.yml b/codebuild/py36/integ.yml deleted file mode 100644 index d55581c43..000000000 --- a/codebuild/py36/integ.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py36-integ" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- - arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- - arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pyenv install 3.6.15 - - pyenv local 3.6.15 - - pip install tox tox-pyenv - - tox diff --git a/setup.py b/setup.py index 2db856d89..7cc111bac 100644 --- a/setup.py +++ b/setup.py @@ -46,7 +46,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/tox.ini b/tox.ini index d234dcd1f..99a6dff73 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{36,37,38,39,310}-{local,integ,accept,examples}, nocmk, + py{37,38,39,310}-{local,integ,accept,examples}, nocmk, bandit, doc8, readme, docs, {flake8,pylint}{,-tests,-examples}, isort-check, black-check, From e2c834ac5c4a9ca65db2b225e794f7ddf4d89cc4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Nov 2022 14:26:14 -0800 Subject: [PATCH 10/43] chore(deps): bump tox from 3.24.5 to 3.27.1 in /dev_requirements (#528) Bumps [tox](https://github.com/tox-dev/tox) from 3.24.5 to 3.27.1. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/master/docs/changelog.rst) - [Commits](https://github.com/tox-dev/tox/compare/3.24.5...3.27.1) --- updated-dependencies: - dependency-name: tox dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/ci-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt index 9a41a70d3..57e3871e0 100644 --- a/dev_requirements/ci-requirements.txt +++ b/dev_requirements/ci-requirements.txt @@ -1 +1 @@ -tox==3.24.5 +tox==3.27.1 From af983024fdd800e6b2c4ae41cdf1617c982e4916 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Nov 2022 20:22:54 -0800 Subject: [PATCH 11/43] chore(deps): bump pytest from 7.0.1 to 7.2.0 in /dev_requirements (#524) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.1 to 7.2.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.0.1...7.2.0) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 0dbc5a42c..cac87955b 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,4 +1,4 @@ mock==4.0.3 -pytest==7.0.1 +pytest==7.2.0 pytest-cov==3.0.0 pytest-mock==3.6.1 From 51cb2ce148bc7e048587b013337f2440b53c1387 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 30 Nov 2022 09:47:54 -0800 Subject: [PATCH 12/43] chore(deps): bump sphinx from 4.4.0 to 5.3.0 in /dev_requirements (#523) Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.4.0 to 5.3.0. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v4.4.0...v5.3.0) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/doc-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/doc-requirements.txt b/dev_requirements/doc-requirements.txt index 9364148e5..c1be99e9c 100644 --- a/dev_requirements/doc-requirements.txt +++ b/dev_requirements/doc-requirements.txt @@ -1,2 +1,2 @@ -sphinx==4.4.0 +sphinx==5.3.0 sphinx_rtd_theme==1.0.0 From 38aa06309ad8ad709044c86ac6b4951739fbf996 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Dec 2022 14:31:52 -0800 Subject: [PATCH 13/43] chore(deps): bump readme-renderer from 34.0 to 37.3 in /dev_requirements (#526) Bumps [readme-renderer](https://github.com/pypa/readme_renderer) from 34.0 to 37.3. - [Release notes](https://github.com/pypa/readme_renderer/releases) - [Changelog](https://github.com/pypa/readme_renderer/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/readme_renderer/compare/34.0...37.3) --- updated-dependencies: - dependency-name: readme-renderer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 6e69c7408..4cd46c94e 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -8,6 +8,6 @@ flake8-print==4.0.0 isort==5.10.1 pyflakes==2.4.0 pylint==2.13.5 -readme_renderer==34.0 +readme_renderer==37.3 seed-isort-config==2.2.0 vulture==2.3 From 28223646b4c48b2508ca46e3084689988abd2d27 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 15 Dec 2022 09:19:49 -0800 Subject: [PATCH 14/43] chore(deps): bump vulture from 2.3 to 2.6 in /dev_requirements (#533) Bumps [vulture](https://github.com/jendrikseipp/vulture) from 2.3 to 2.6. - [Release notes](https://github.com/jendrikseipp/vulture/releases) - [Changelog](https://github.com/jendrikseipp/vulture/blob/main/CHANGELOG.md) - [Commits](https://github.com/jendrikseipp/vulture/compare/v2.3...v2.6) --- updated-dependencies: - dependency-name: vulture dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 4cd46c94e..a3f70a247 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -10,4 +10,4 @@ pyflakes==2.4.0 pylint==2.13.5 readme_renderer==37.3 seed-isort-config==2.2.0 -vulture==2.3 +vulture==2.6 From e91838f65705867fc95506a4323054bca24e9521 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Thu, 22 Dec 2022 00:31:54 -0800 Subject: [PATCH 15/43] fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle (#538) * fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle * fix: pin tox version < 4.0 * Update decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py Co-authored-by: seebees * fix: change forward-slashes to pound for comment * fix: linting issue - ran autoformatter Co-authored-by: Shubham Chaturvedi Co-authored-by: seebees --- codebuild/coverage/coverage.yml | 2 +- codebuild/py310/awses_local.yml | 2 +- codebuild/py310/examples.yml | 2 +- codebuild/py310/integ.yml | 2 +- codebuild/py37/awses_local.yml | 2 +- codebuild/py37/examples.yml | 2 +- codebuild/py37/integ.yml | 2 +- codebuild/py38/awses_local.yml | 2 +- codebuild/py38/examples.yml | 2 +- codebuild/py38/integ.yml | 2 +- codebuild/py39/awses_1.7.1.yml | 2 +- codebuild/py39/awses_2.0.0.yml | 2 +- codebuild/py39/awses_latest.yml | 2 +- codebuild/py39/examples.yml | 2 +- codebuild/py39/integ.yml | 2 +- codebuild/release/prod-release.yml | 2 +- codebuild/release/test-release.yml | 2 +- codebuild/release/validate.yml | 4 ++-- decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py | 5 ++++- 19 files changed, 23 insertions(+), 20 deletions(-) diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml index f82a3a982..51d8b0a6f 100644 --- a/codebuild/coverage/coverage.yml +++ b/codebuild/coverage/coverage.yml @@ -10,5 +10,5 @@ phases: python: latest build: commands: - - pip install tox + - pip install "tox < 4.0" - tox diff --git a/codebuild/py310/awses_local.yml b/codebuild/py310/awses_local.yml index a60eba6d2..beb967f47 100644 --- a/codebuild/py310/awses_local.yml +++ b/codebuild/py310/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py310/examples.yml b/codebuild/py310/examples.yml index 59bb42499..4d64f5c6c 100644 --- a/codebuild/py310/examples.yml +++ b/codebuild/py310/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py310/integ.yml b/codebuild/py310/integ.yml index 3346a06a2..1a2ca5022 100644 --- a/codebuild/py310/integ.yml +++ b/codebuild/py310/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py37/awses_local.yml b/codebuild/py37/awses_local.yml index 9e77d43f7..c4265fc71 100644 --- a/codebuild/py37/awses_local.yml +++ b/codebuild/py37/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py37/examples.yml b/codebuild/py37/examples.yml index 57d1626df..14b220524 100644 --- a/codebuild/py37/examples.yml +++ b/codebuild/py37/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py37/integ.yml b/codebuild/py37/integ.yml index 04d24c26d..6306c20e2 100644 --- a/codebuild/py37/integ.yml +++ b/codebuild/py37/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/awses_local.yml b/codebuild/py38/awses_local.yml index 4e20973d4..936a9ca6c 100644 --- a/codebuild/py38/awses_local.yml +++ b/codebuild/py38/awses_local.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py38/examples.yml b/codebuild/py38/examples.yml index 1a8f4f826..221ad4f80 100644 --- a/codebuild/py38/examples.yml +++ b/codebuild/py38/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/integ.yml b/codebuild/py38/integ.yml index 28eae25fc..088a2c7ba 100644 --- a/codebuild/py38/integ.yml +++ b/codebuild/py38/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/awses_1.7.1.yml b/codebuild/py39/awses_1.7.1.yml index e261b5e4d..c61024409 100644 --- a/codebuild/py39/awses_1.7.1.yml +++ b/codebuild/py39/awses_1.7.1.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_2.0.0.yml b/codebuild/py39/awses_2.0.0.yml index b4a6654d5..df6cd489c 100644 --- a/codebuild/py39/awses_2.0.0.yml +++ b/codebuild/py39/awses_2.0.0.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_latest.yml b/codebuild/py39/awses_latest.yml index ac70cede8..0675cbb0a 100644 --- a/codebuild/py39/awses_latest.yml +++ b/codebuild/py39/awses_latest.yml @@ -22,6 +22,6 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/examples.yml b/codebuild/py39/examples.yml index 9b1911024..6f07efcea 100644 --- a/codebuild/py39/examples.yml +++ b/codebuild/py39/examples.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/integ.yml b/codebuild/py39/integ.yml index c7452e37e..1e9743e39 100644 --- a/codebuild/py39/integ.yml +++ b/codebuild/py39/integ.yml @@ -20,5 +20,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index 1ca777732..df5afb2fc 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 36452b76c..cab56a9fd 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 95dfd5cb2..1043745ee 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -3,7 +3,7 @@ version: 0.2 phases: install: commands: - - pip install tox + - pip install "tox < 4.0" runtime-versions: python: latest pre_build: @@ -13,7 +13,7 @@ phases: - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" build: commands: - NUM_RETRIES=3 diff --git a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py index b0d8a8d48..820b9e015 100644 --- a/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py +++ b/decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py @@ -16,6 +16,7 @@ import os import aws_encryption_sdk +from aws_encryption_sdk.identifiers import CommitmentPolicy from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider from chalice import Chalice, Response @@ -59,7 +60,9 @@ def basic_decrypt() -> Response: APP.log.debug(APP.current_request.raw_body) try: - client = aws_encryption_sdk.EncryptionSDKClient() + # The decrypt oracle needs to be able to decrypt any message + # it does not encrypt messages for anyone. + client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) ciphertext = APP.current_request.raw_body plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider()) APP.log.debug("Plaintext:") From f8aa29fe98d419dac916846d7ff207685ea95307 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Mon, 9 Jan 2023 14:25:18 -0800 Subject: [PATCH 16/43] fix: deprecate python36 from chalice (#539) * fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle * fix: pin tox version < 4.0 * Update decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py Co-authored-by: seebees * fix: change forward-slashes to pound for comment * fix: linting issue - ran autoformatter * fix: deprecate python36 from chalice * Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * Update decrypt_oracle/tox.ini Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> Co-authored-by: Shubham Chaturvedi Co-authored-by: seebees Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- decrypt_oracle/.chalice/buildspec.yaml | 2 +- decrypt_oracle/.chalice/pipeline.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/decrypt_oracle/.chalice/buildspec.yaml b/decrypt_oracle/.chalice/buildspec.yaml index 657c5a4be..d7c256698 100644 --- a/decrypt_oracle/.chalice/buildspec.yaml +++ b/decrypt_oracle/.chalice/buildspec.yaml @@ -2,7 +2,7 @@ version: 0.2 phases: install: commands: - - pip install tox + - pip install "tox < 4.0" build: commands: - cd decrypt_oracle diff --git a/decrypt_oracle/.chalice/pipeline.py b/decrypt_oracle/.chalice/pipeline.py index 45e050a2d..39eb7865c 100644 --- a/decrypt_oracle/.chalice/pipeline.py +++ b/decrypt_oracle/.chalice/pipeline.py @@ -23,7 +23,7 @@ APPLICATION_NAME = "AwsEncryptionSdkDecryptOraclePython" PIPELINE_STACK_NAME = "{}DeployPipeline".format(APPLICATION_NAME) -CODEBUILD_IMAGE = "aws/codebuild/python:3.6.5" +CODEBUILD_IMAGE = "aws/codebuild/standard:5.0" BUILDSPEC = "decrypt_oracle/.chalice/buildspec.yaml" GITHUB_REPO = "aws-encryption-sdk-python" WAITER_CONFIG = dict(Delay=10) From 40a1df1a7844444a6d1a05f0d4919e87729f02d8 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 23 Jan 2023 14:43:32 -0800 Subject: [PATCH 17/43] test: Test Python3.11 in CI (#548) --- .github/workflows/ci_tests.yaml | 26 ++++++++++++++-- test/upstream-requirements-py311.txt | 20 +++++++++++++ test/upstream-requirements-py37.txt | 45 ++++++++++++++-------------- tox.ini | 19 +++++++++++- 4 files changed, 84 insertions(+), 26 deletions(-) create mode 100644 test/upstream-requirements-py311.txt diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 3e4f51c93..f537491fc 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -31,7 +31,9 @@ jobs: - 3.7 - 3.8 - 3.9 - - 3.x + - "3.10" + - "3.11" + - 3.x # Ideally, we would skip if 3.x is 3.11 architecture: - x64 - x86 @@ -61,7 +63,7 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py3: + upstream-py37: runs-on: ubuntu-latest strategy: fail-fast: true @@ -81,3 +83,23 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py311: + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + category: + - nocmk + - test-upstream-requirements-py311 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + with: + python-version: "3.11" + - run: | + python -m pip install --upgrade pip + pip install --upgrade -r dev_requirements/ci-requirements.txt + - name: run test + env: + TOXENV: ${{ matrix.category }} + run: tox -- -vv diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt new file mode 100644 index 000000000..e5e24f492 --- /dev/null +++ b/test/upstream-requirements-py311.txt @@ -0,0 +1,20 @@ +attrs==22.2.0 +boto3==1.26.54 +botocore==1.29.54 +cffi==1.15.1 +coverage==7.0.5 +cryptography==39.0.0 +iniconfig==2.0.0 +jmespath==1.0.1 +mock==4.0.3 +packaging==23.0 +pluggy==1.0.0 +pycparser==2.21 +pytest==7.2.0 +pytest-cov==3.0.0 +pytest-mock==3.6.1 +python-dateutil==2.8.2 +s3transfer==0.6.0 +six==1.16.0 +urllib3==1.26.14 +wrapt==1.14.1 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index a4603ddf8..ecb05c22c 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,26 +1,25 @@ -attrs==21.2.0 -boto3==1.17.92 -botocore==1.20.92 -cffi==1.14.5 -coverage==5.5 -cryptography==3.4.7 -importlib-metadata==4.5.0 -iniconfig==1.1.1 -jmespath==0.10.0 +attrs==22.2.0 +boto3==1.26.54 +botocore==1.29.54 +cffi==1.15.1 +coverage==7.0.5 +cryptography==39.0.0 +exceptiongroup==1.1.0 +importlib-metadata==6.0.0 +iniconfig==2.0.0 +jmespath==1.0.1 mock==4.0.3 -packaging==20.9 -pluggy==0.13.1 -py==1.10.0 -pycparser==2.20 -pyparsing==2.4.7 -pytest==6.2.4 -pytest-cov==2.12.1 +packaging==23.0 +pluggy==1.0.0 +pycparser==2.21 +pytest==7.2.0 +pytest-cov==3.0.0 pytest-mock==3.6.1 -python-dateutil==2.8.1 -s3transfer==0.4.2 +python-dateutil==2.8.2 +s3transfer==0.6.0 six==1.16.0 -toml==0.10.2 -typing-extensions==3.10.0.0 -urllib3==1.26.5 -wrapt==1.12.1 -zipp==3.4.1 +tomli==2.0.1 +typing_extensions==4.4.0 +urllib3==1.26.14 +wrapt==1.14.1 +zipp==3.11.0 diff --git a/tox.ini b/tox.ini index 99a6dff73..48421de50 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310}-{local,integ,accept,examples}, nocmk, + py{37,38,39,310,311}-{local,integ,accept,examples}, nocmk, bandit, doc8, readme, docs, {flake8,pylint}{,-tests,-examples}, isort-check, black-check, @@ -103,6 +103,15 @@ recreate = {[testenv:freeze-upstream-requirements-base]recreate} deps = {[testenv:freeze-upstream-requirements-base]deps} commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt +# Freeze for Python 3.11 +[testenv:freeze-upstream-requirements-py311] +basepython = python3.11 +sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} +skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} +recreate = {[testenv:freeze-upstream-requirements-base]recreate} +deps = {[testenv:freeze-upstream-requirements-base]deps} +commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py311.txt + # Test frozen upstream requirements [testenv:test-upstream-requirements-base] sitepackages = False @@ -117,6 +126,14 @@ sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} recreate = {[testenv:test-upstream-requirements-base]recreate} commands = {[testenv:test-upstream-requirements-base]commands} +# Test frozen upstream requirements for Python 3.11 +[testenv:test-upstream-requirements-py311] +basepython = python3.11 +deps = -rtest/upstream-requirements-py311.txt +sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} +recreate = {[testenv:test-upstream-requirements-base]recreate} +commands = {[testenv:test-upstream-requirements-base]commands} + # Linters [testenv:flake8] basepython = python3 From 2a6bd9d70c779655077985c544df3db6a3518443 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 11:16:25 -0800 Subject: [PATCH 18/43] chore(deps): bump dependabot/fetch-metadata from 1.3.0 to 1.3.6 (#549) Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.3.0 to 1.3.6. - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.6) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dependabot-auto-merge.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml index f0e8190e4..308bfbda2 100644 --- a/.github/workflows/dependabot-auto-merge.yml +++ b/.github/workflows/dependabot-auto-merge.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Dependabot metadata id: metadata - uses: dependabot/fetch-metadata@v1.3.0 + uses: dependabot/fetch-metadata@v1.3.6 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Enable auto-merge for Dependabot PRs From 04e8c167273357a9548ff474c527805d8764a661 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 13:36:06 -0800 Subject: [PATCH 19/43] chore(deps): bump setuptools from 62.0.0 to 66.1.1 in /dev_requirements (#547) Bumps [setuptools](https://github.com/pypa/setuptools) from 62.0.0 to 66.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v62.0.0...v66.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index 347169a9e..1967c0c3b 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,4 +1,4 @@ pypi-parker==0.1.2 -setuptools==62.0.0 +setuptools==66.1.1 twine==4.0.1 wheel==0.37.1 \ No newline at end of file From 9b618d3a5e517435304a891393fefcbbd89faf65 Mon Sep 17 00:00:00 2001 From: Nitin Tejuja <40491064+nitinNT@users.noreply.github.com> Date: Wed, 25 Jan 2023 04:16:14 +0530 Subject: [PATCH 20/43] fix: wrong formatting python warning (#546) --- src/aws_encryption_sdk/compatability.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/compatability.py b/src/aws_encryption_sdk/compatability.py index 4dbc022d0..eeac41a46 100644 --- a/src/aws_encryption_sdk/compatability.py +++ b/src/aws_encryption_sdk/compatability.py @@ -35,5 +35,5 @@ def _warn_deprecated_python(): "bug fixes, and security updates please upgrade to Python {}.{} or " "later. For more information, see SUPPORT_POLICY.rst: " "https://github.com/aws/aws-encryption-sdk-python/blob/master/SUPPORT_POLICY.rst" - ).format(py_version[0], py_version[1], minimum_version[0], minimum_version[1], params["date"]) + ).format(py_version[0], py_version[1], params["date"], minimum_version[0], minimum_version[1]) warnings.warn(warning, DeprecationWarning) From 19226506ad33f5b964fe6632604425923f6ba8c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 16:52:26 -0800 Subject: [PATCH 21/43] chore(deps): bump wheel from 0.37.1 to 0.38.4 in /dev_requirements (#536) Bumps [wheel](https://github.com/pypa/wheel) from 0.37.1 to 0.38.4. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](https://github.com/pypa/wheel/compare/0.37.1...0.38.4) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index 1967c0c3b..21fdc1520 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,4 +1,4 @@ pypi-parker==0.1.2 setuptools==66.1.1 twine==4.0.1 -wheel==0.37.1 \ No newline at end of file +wheel==0.38.4 \ No newline at end of file From 6e436e13ce250759a499c3d9c820384cfc26283c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Jan 2023 13:17:45 -0800 Subject: [PATCH 22/43] chore(deps): bump pytest-cov from 3.0.0 to 4.0.0 in /dev_requirements (#550) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 3.0.0 to 4.0.0. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v3.0.0...v4.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index cac87955b..26663517d 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,4 +1,4 @@ mock==4.0.3 pytest==7.2.0 -pytest-cov==3.0.0 +pytest-cov==4.0.0 pytest-mock==3.6.1 From 36a0ea2199872d6590691b53fbea7aee2236a99e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Jan 2023 11:51:54 -0800 Subject: [PATCH 23/43] chore(deps): bump isort from 5.10.1 to 5.11.4 in /dev_requirements (#551) Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.11.4. - [Release notes](https://github.com/pycqa/isort/releases) - [Changelog](https://github.com/PyCQA/isort/blob/main/CHANGELOG.md) - [Commits](https://github.com/pycqa/isort/compare/5.10.1...5.11.4) --- updated-dependencies: - dependency-name: isort dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index a3f70a247..7c9a28299 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -5,7 +5,7 @@ flake8==4.0.1 flake8-bugbear==22.9.11 flake8-docstrings==1.6.0 flake8-print==4.0.0 -isort==5.10.1 +isort==5.11.4 pyflakes==2.4.0 pylint==2.13.5 readme_renderer==37.3 From 48f96d58eeb712a5faa631ce4f4930d5d23bb649 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Jan 2023 09:08:55 -0800 Subject: [PATCH 24/43] chore(deps): bump pytest from 7.2.0 to 7.2.1 in /dev_requirements (#553) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.2.0 to 7.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.2.0...7.2.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 26663517d..01d7a2e2b 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,4 +1,4 @@ mock==4.0.3 -pytest==7.2.0 +pytest==7.2.1 pytest-cov==4.0.0 pytest-mock==3.6.1 From 232653188558379bceeb884b3f74b56b07560f62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Jan 2023 12:31:19 -0800 Subject: [PATCH 25/43] chore(deps): bump flake8-print from 4.0.0 to 5.0.0 in /dev_requirements (#554) Bumps [flake8-print](https://github.com/jbkahn/flake8-print) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/jbkahn/flake8-print/releases) - [Commits](https://github.com/jbkahn/flake8-print/compare/4.0.0...5.0.0) --- updated-dependencies: - dependency-name: flake8-print dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 7c9a28299..21e6fede5 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -4,7 +4,7 @@ doc8==0.10.1 flake8==4.0.1 flake8-bugbear==22.9.11 flake8-docstrings==1.6.0 -flake8-print==4.0.0 +flake8-print==5.0.0 isort==5.11.4 pyflakes==2.4.0 pylint==2.13.5 From 6c6b732379197e91d2137af9f018f670a1ce500a Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Tue, 7 Feb 2023 17:12:48 -0800 Subject: [PATCH 26/43] fix: CI for Decrypt Oracle (#558) --- decrypt_oracle/.chalice/pipeline.py | 55 ++++++++++++++--------------- decrypt_oracle/src/pylintrc | 1 - 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/decrypt_oracle/.chalice/pipeline.py b/decrypt_oracle/.chalice/pipeline.py index 39eb7865c..9d5573646 100644 --- a/decrypt_oracle/.chalice/pipeline.py +++ b/decrypt_oracle/.chalice/pipeline.py @@ -26,7 +26,7 @@ CODEBUILD_IMAGE = "aws/codebuild/standard:5.0" BUILDSPEC = "decrypt_oracle/.chalice/buildspec.yaml" GITHUB_REPO = "aws-encryption-sdk-python" -WAITER_CONFIG = dict(Delay=10) +WAITER_CONFIG = {"Delay": 10} _LOGGER = logging.getLogger("Decrypt Oracle Build Pipeline Deployer") @@ -35,7 +35,7 @@ class AllowEverywhere(AWS.Statement): def __init__(self, *args, **kwargs): """Set up override values.""" - my_kwargs = dict(Effect=AWS.Allow, Resource=["*"]) + my_kwargs = {"Effect": AWS.Allow, "Resource": ["*"]} my_kwargs.update(kwargs) super().__init__(*args, **my_kwargs) @@ -167,13 +167,13 @@ def _pipeline( ActionTypeId=codepipeline.ActionTypeId( Category="Source", Owner="ThirdParty", Version="1", Provider="GitHub" ), - Configuration=dict( - Owner=github_owner, - Repo=GITHUB_REPO, - OAuthToken=Ref(github_access_token), - Branch=github_branch, - PollForSourceChanges=True, - ), + Configuration={ + "Owner": github_owner, + "Repo": GITHUB_REPO, + "OAuthToken": Ref(github_access_token), + "Branch": github_branch, + "PollForSourceChanges": True, + }, ) ], ) @@ -191,7 +191,7 @@ def _pipeline( ActionTypeId=codepipeline.ActionTypeId( Category="Build", Owner="AWS", Version="1", Provider="CodeBuild" ), - Configuration=dict(ProjectName=Ref(codebuild_builder)), + Configuration={"ProjectName": Ref(codebuild_builder)}, ) ], ) @@ -200,25 +200,25 @@ def _pipeline( RunOrder="1", ActionTypeId=codepipeline.ActionTypeId(Category="Deploy", Owner="AWS", Version="1", Provider="CloudFormation"), InputArtifacts=[codepipeline.InputArtifacts(Name=_compiled_cfn_template)], - Configuration=dict( - ActionMode="CHANGE_SET_REPLACE", - ChangeSetName=_changeset_name, - RoleArn=GetAtt(cfn_role, "Arn"), - Capabilities="CAPABILITY_IAM", - StackName=_stack_name, - TemplatePath="{}::decrypt_oracle/transformed.yaml".format(_compiled_cfn_template), - ), + Configuration={ + "ActionMode": "CHANGE_SET_REPLACE", + "ChangeSetName": _changeset_name, + "RoleArn": GetAtt(cfn_role, "Arn"), + "Capabilities": "CAPABILITY_IAM", + "StackName": _stack_name, + "TemplatePath": "{}::decrypt_oracle/transformed.yaml".format(_compiled_cfn_template), + }, ) deploy_changeset = codepipeline.Actions( Name="Deploy", RunOrder="2", ActionTypeId=codepipeline.ActionTypeId(Category="Deploy", Owner="AWS", Version="1", Provider="CloudFormation"), - Configuration=dict( - ActionMode="CHANGE_SET_EXECUTE", - ChangeSetName=_changeset_name, - StackName=_stack_name, - OutputFileName="StackOutputs.json", - ), + Configuration={ + "ActionMode": "CHANGE_SET_EXECUTE", + "ChangeSetName": _changeset_name, + "StackName": _stack_name, + "OutputFileName": "StackOutputs.json", + }, OutputArtifacts=[codepipeline.OutputArtifacts(Name="AppDeploymentValues")], ) deploy = codepipeline.Stages(Name="Deploy", Actions=[stage_changeset, deploy_changeset]) @@ -272,8 +272,7 @@ def _stack_exists(cloudformation) -> bool: return False raise - else: - return True + return True def _update_existing_stack(cloudformation, template: Template, github_token: str) -> None: @@ -284,7 +283,7 @@ def _update_existing_stack(cloudformation, template: Template, github_token: str cloudformation.update_stack( StackName=PIPELINE_STACK_NAME, TemplateBody=template.to_json(), - Parameters=[dict(ParameterKey="GithubPersonalToken", ParameterValue=github_token)], + Parameters=[{"ParameterKey": "GithubPersonalToken", "ParameterValue": github_token}], Capabilities=["CAPABILITY_IAM"], ) _LOGGER.info("Waiting for stack update to complete...") @@ -301,7 +300,7 @@ def _deploy_new_stack(cloudformation, template: Template, github_token: str) -> cloudformation.create_stack( StackName=PIPELINE_STACK_NAME, TemplateBody=template.to_json(), - Parameters=[dict(ParameterKey="GithubPersonalToken", ParameterValue=github_token)], + Parameters=[{"ParameterKey": "GithubPersonalToken", "ParameterValue": github_token}], Capabilities=["CAPABILITY_IAM"], ) _LOGGER.info("Waiting for stack to deploy...") diff --git a/decrypt_oracle/src/pylintrc b/decrypt_oracle/src/pylintrc index 2e1e6336e..888ae1355 100644 --- a/decrypt_oracle/src/pylintrc +++ b/decrypt_oracle/src/pylintrc @@ -1,7 +1,6 @@ [MESSAGES CONTROL] # Disabling messages that we either don't care about for tests or are necessary to break for tests. disable = - bad-continuation, # we let black handle this ungrouped-imports, # we let isort handle this consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation From 08f305a9b7b5fc897d9cafac55fb98f3f2a6fe13 Mon Sep 17 00:00:00 2001 From: seebees Date: Thu, 9 Feb 2023 09:27:15 -0800 Subject: [PATCH 27/43] chore: Add example for custom KMS client config (#440) * doc: Add example for custom KMS client config Occasionally custom configuration for the AWS KMS client is needed. This is especially important in Discovery mode, But anytime you are dealing with more than one AWS KMS Key, the master key providers are simpler to work with then individual master keys. --------- Co-authored-by: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> Co-authored-by: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Co-authored-by: Justin Plasmeier <76071473+justplaz@users.noreply.github.com> --- .../src/custom_kms_client_for_kms_provider.py | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 examples/src/custom_kms_client_for_kms_provider.py diff --git a/examples/src/custom_kms_client_for_kms_provider.py b/examples/src/custom_kms_client_for_kms_provider.py new file mode 100644 index 000000000..d7658ffaa --- /dev/null +++ b/examples/src/custom_kms_client_for_kms_provider.py @@ -0,0 +1,77 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Example showing how to customize the AWS KMS Client.""" +import boto3 +from botocore.config import Config + +import aws_encryption_sdk +from aws_encryption_sdk import CommitmentPolicy + + +# Create a new class that extends the AWS KMS Provider you need to use +class CustomKMSClientMasterKeyProvider(aws_encryption_sdk.StrictAwsKmsMasterKeyProvider): + """Custom region-specific client which extends the StrictAwsKmsMasterKeyProvider""" + + # Override `add_regional_client` to use whatever configuration you need + def add_regional_client(self, region_name): + """Adds a regional client for the specified region if it does not already exist. + :param str region_name: AWS Region ID (ex: us-east-1) + """ + if region_name not in self._regional_clients: + session = boto3.session.Session(botocore_session=self.config.botocore_session) + client = session.client( + 'kms', + region_name=region_name, + # Add additional custom client configuration here + config=Config(connection_timeout=10).merge(self._user_agent_adding_config) + ) + self._register_client(client, region_name) + self._regional_clients[region_name] = client + + +# This is just an example of using the above master key provider +def encrypt_decrypt(key_arn, source_plaintext, botocore_session=None): + """Encrypts and then decrypts a string under one KMS customer master key (CMK). + + :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK + :param bytes source_plaintext: Data to encrypt + :param botocore_session: existing botocore session instance + :type botocore_session: botocore.session.Session + """ + kwargs = dict(key_ids=[key_arn]) + + if botocore_session is not None: + kwargs["botocore_session"] = botocore_session + + # Set up an encryption client with an explicit commitment policy. Note that if you do not explicitly choose a + # commitment policy, REQUIRE_ENCRYPT_REQUIRE_DECRYPT is used by default. + client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT) + + # Create the custom master key provider using the ARN of the key and the session (botocore_session) + kms_key_provider = CustomKMSClientMasterKeyProvider(**kwargs) + + # Encrypt the plaintext using the AWS Encryption SDK. It returns the encrypted message and the header. Note: in + # order for decrypt to succeed, the key_ids value must be the key ARN of the CMK. + ciphertext, encrypted_message_header = client.encrypt(source=source_plaintext, key_provider=kms_key_provider) + + # Decrypt the encrypted message using the AWS Encryption SDK. It returns the decrypted message and the header + plaintext, decrypted_message_header = client.decrypt(source=ciphertext, key_provider=kms_key_provider) + + # Check if the original message and the decrypted message are the same + assert source_plaintext == plaintext + + # Check if the headers of the encrypted message and decrypted message match + assert all( + pair in encrypted_message_header.encryption_context.items() + for pair in decrypted_message_header.encryption_context.items() + ) From 646813786c6250a525afb67bebc486eda206edd8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:36:00 -0800 Subject: [PATCH 28/43] chore(deps): bump cryptography from 39.0.0 to 39.0.1 in /test (#559) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.0 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.0...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index a5a48c9ab..90db6c0e0 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -7,7 +7,7 @@ cffi==1.14.5 configparser==4.0.2 contextlib2==0.6.0.post1 coverage==5.5 -cryptography==3.3.2 +cryptography==39.0.1 enum34==1.1.10 funcsigs==1.0.2 futures==3.3.0 diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index e5e24f492..078d256ff 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 iniconfig==2.0.0 jmespath==1.0.1 mock==4.0.3 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index ecb05c22c..45101bcd5 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 exceptiongroup==1.1.0 importlib-metadata==6.0.0 iniconfig==2.0.0 From b3785085b7c00fef27a250abf78549d6e7928802 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 22 Feb 2023 16:36:57 -0800 Subject: [PATCH 29/43] chore: rm upstream-py27 (#564) --- test/upstream-requirements-py27.txt | 36 ----------------------------- 1 file changed, 36 deletions(-) delete mode 100644 test/upstream-requirements-py27.txt diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt deleted file mode 100644 index 90db6c0e0..000000000 --- a/test/upstream-requirements-py27.txt +++ /dev/null @@ -1,36 +0,0 @@ -atomicwrites==1.4.0 -attrs==21.2.0 -backports.functools-lru-cache==1.6.4 -boto3==1.17.92 -botocore==1.20.92 -cffi==1.14.5 -configparser==4.0.2 -contextlib2==0.6.0.post1 -coverage==5.5 -cryptography==39.0.1 -enum34==1.1.10 -funcsigs==1.0.2 -futures==3.3.0 -importlib-metadata==2.1.1 -ipaddress==1.0.23 -jmespath==0.10.0 -mock==3.0.5 -more-itertools==5.0.0 -packaging==20.9 -pathlib2==2.3.5 -pluggy==0.13.1 -py==1.10.0 -pycparser==2.20 -pyparsing==2.4.7 -pytest==4.6.11 -pytest-cov==2.12.1 -pytest-mock==2.0.0 -python-dateutil==2.8.1 -s3transfer==0.4.2 -scandir==1.10.0 -six==1.16.0 -toml==0.10.2 -urllib3==1.26.5 -wcwidth==0.2.5 -wrapt==1.12.1 -zipp==1.2.0 From 7a07b161d51900066c131627f9f7330acb926d3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor=20Lipt=C3=A1k?= Date: Fri, 24 Feb 2023 13:15:31 -0500 Subject: [PATCH 30/43] docs: Add Thread safety section to README (#562) --- README.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.rst b/README.rst index b9acc3edc..f526f2727 100644 --- a/README.rst +++ b/README.rst @@ -307,6 +307,21 @@ Processing each frame in a framed message involves a certain amount of overhead. increasing the frame size can offer potentially significant performance gains. We recommend that you tune these values to your use-case in order to obtain peak performance. +Thread safety +========================== +The ``EncryptionSDKClient`` and all provided ``CryptoMaterialsManager`` are thread safe. +But instances of ``BaseKMSMasterKeyProvider`` MUST not be shared between threads, +for the reasons outlined in `the boto3 docs `_. + +Because the ``BaseKMSMaterKeyProvider`` creates a `new boto3 sessions `_ per region, +users do not need to create a client for every region in every thread; +a new ``BaseKMSMasterKeyProvider`` per thread is sufficient. + +(The ``BaseKMSMasterKeyProvider`` is the internal parent class of all the KMS Providers.) + +Finally, while the ``CryptoMaterialsCache`` is thread safe, +sharing entries in that cache across threads needs to be done carefully +(see the !Note about partition name `in the API Docs `_). .. _AWS Encryption SDK: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html .. _cryptography: https://cryptography.io/en/latest/ From bd8f270c8717e5d4a787d33bcfda8b53bbe7751e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 May 2023 17:04:10 -0700 Subject: [PATCH 31/43] chore(deps): bump flake8-docstrings in /dev_requirements (#555) Bumps [flake8-docstrings](https://github.com/pycqa/flake8-docstrings) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/pycqa/flake8-docstrings/releases) - [Changelog](https://github.com/PyCQA/flake8-docstrings/blob/main/HISTORY.rst) - [Commits](https://github.com/pycqa/flake8-docstrings/compare/1.6.0...1.7.0) --- updated-dependencies: - dependency-name: flake8-docstrings dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 21e6fede5..9d10c38e0 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -3,7 +3,7 @@ black==22.3.0 doc8==0.10.1 flake8==4.0.1 flake8-bugbear==22.9.11 -flake8-docstrings==1.6.0 +flake8-docstrings==1.7.0 flake8-print==5.0.0 isort==5.11.4 pyflakes==2.4.0 From 560e7143ac7caf98e190b17ce2af97b7eea6be16 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 6 Jun 2023 00:59:38 -0400 Subject: [PATCH 32/43] fix(test): correctly invoke ec.generate_private_key (#585) --- test/functional/test_f_crypto.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/functional/test_f_crypto.py b/test/functional/test_f_crypto.py index 9242deedd..e0deb04f0 100644 --- a/test/functional/test_f_crypto.py +++ b/test/functional/test_f_crypto.py @@ -43,7 +43,7 @@ def test_ecc_static_length_signature(algorithm): def test_signer_key_bytes_cycle(): - key = ec.generate_private_key(curve=ec.SECP384R1, backend=default_backend()) + key = ec.generate_private_key(curve=ec.SECP384R1(), backend=default_backend()) signer = Signer(algorithm=aws_encryption_sdk.Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, key=key) key_bytes = signer.key_bytes() new_signer = Signer.from_key_bytes( From 3ba8019681ed95c41bb9448f0c3897d1aecc7559 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jul 2023 16:40:19 -0700 Subject: [PATCH 33/43] chore(deps): bump cryptography from 39.0.1 to 41.0.2 in /test (#592) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.2. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.2) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 078d256ff..f43f7bf42 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==39.0.1 +cryptography==41.0.2 iniconfig==2.0.0 jmespath==1.0.1 mock==4.0.3 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 45101bcd5..651f6daf9 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==39.0.1 +cryptography==41.0.2 exceptiongroup==1.1.0 importlib-metadata==6.0.0 iniconfig==2.0.0 From 93a67d8a3806f560ead950e6d8898e53c4c4f9df Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 30 Oct 2023 18:44:26 -0700 Subject: [PATCH 34/43] feat: test Python 3.12 in CI (#623) --- .github/workflows/ci_test-vector-handler.yaml | 1 - .github/workflows/ci_tests.yaml | 3 +- buildspec.yml | 49 +++++++++++++++++++ codebuild/py310/awses_local.yml | 4 +- codebuild/py310/examples.yml | 4 +- codebuild/py310/integ.yml | 4 +- codebuild/py311/awses_local.yml | 25 ++++++++++ codebuild/py311/examples.yml | 22 +++++++++ codebuild/py311/integ.yml | 22 +++++++++ codebuild/py312/awses_local.yml | 30 ++++++++++++ codebuild/py312/examples.yml | 27 ++++++++++ codebuild/py312/integ.yml | 27 ++++++++++ codebuild/py37/awses_local.yml | 4 +- codebuild/py37/examples.yml | 4 +- codebuild/py37/integ.yml | 4 +- codebuild/py38/awses_local.yml | 4 +- codebuild/py38/examples.yml | 4 +- codebuild/py38/integ.yml | 4 +- codebuild/py39/awses_1.7.1.yml | 4 +- codebuild/py39/awses_2.0.0.yml | 4 +- codebuild/py39/awses_latest.yml | 4 +- codebuild/py39/examples.yml | 4 +- codebuild/py39/integ.yml | 4 +- dev_requirements/ci-requirements.txt | 1 + test/unit/test_caches_base.py | 24 +++++---- test/unit/test_material_managers_base.py | 13 +++-- tox.ini | 2 +- 27 files changed, 237 insertions(+), 65 deletions(-) create mode 100644 codebuild/py311/awses_local.yml create mode 100644 codebuild/py311/examples.yml create mode 100644 codebuild/py311/integ.yml create mode 100644 codebuild/py312/awses_local.yml create mode 100644 codebuild/py312/examples.yml create mode 100644 codebuild/py312/integ.yml diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml index 81ad1fa09..12ecf8f93 100644 --- a/.github/workflows/ci_test-vector-handler.yaml +++ b/.github/workflows/ci_test-vector-handler.yaml @@ -21,7 +21,6 @@ jobs: - windows-latest - macos-latest python: - - 3.7 - 3.8 - 3.x architecture: diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index f537491fc..9d491203c 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -33,7 +33,8 @@ jobs: - 3.9 - "3.10" - "3.11" - - 3.x # Ideally, we would skip if 3.x is 3.11 + - "3.12" + - 3.x architecture: - x64 - x86 diff --git a/buildspec.yml b/buildspec.yml index 2f2571f64..f92d203a0 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -5,32 +5,81 @@ batch: build-list: - identifier: py37_integ buildspec: codebuild/py37/integ.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py37_examples buildspec: codebuild/py37/examples.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py37_awses_local buildspec: codebuild/py37/awses_local.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py38_integ buildspec: codebuild/py38/integ.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py38_examples buildspec: codebuild/py38/examples.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py38_awses_local buildspec: codebuild/py38/awses_local.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py39_integ buildspec: codebuild/py39/integ.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py39_examples buildspec: codebuild/py39/examples.yml + env: + image: aws/codebuild/standard:5.0 - identifier: py39_awses_latest + env: + image: aws/codebuild/standard:5.0 - identifier: py310_integ buildspec: codebuild/py310/integ.yml + env: + image: aws/codebuild/standard:6.0 - identifier: py310_examples buildspec: codebuild/py310/examples.yml + env: + image: aws/codebuild/standard:6.0 - identifier: py310_awses_latest buildspec: codebuild/py310/awses_local.yml + env: + image: aws/codebuild/standard:6.0 + - identifier: py311_integ + buildspec: codebuild/py311/integ.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: py311_examples + buildspec: codebuild/py311/examples.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: py311_awses_latest + buildspec: codebuild/py311/awses_local.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: py312_integ + buildspec: codebuild/py312/integ.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: py312_examples + buildspec: codebuild/py312/examples.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: py312_awses_latest + buildspec: codebuild/py312/awses_local.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/py310/awses_local.yml b/codebuild/py310/awses_local.yml index beb967f47..df2fcf318 100644 --- a/codebuild/py310/awses_local.yml +++ b/codebuild/py310/awses_local.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.10 build: commands: - - pyenv install 3.10.0 - - pyenv local 3.10.0 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py310/examples.yml b/codebuild/py310/examples.yml index 4d64f5c6c..b495a327c 100644 --- a/codebuild/py310/examples.yml +++ b/codebuild/py310/examples.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.10 build: commands: - - pyenv install 3.10.0 - - pyenv local 3.10.0 - pip install "tox < 4.0" - tox diff --git a/codebuild/py310/integ.yml b/codebuild/py310/integ.yml index 1a2ca5022..6b557e709 100644 --- a/codebuild/py310/integ.yml +++ b/codebuild/py310/integ.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.10 build: commands: - - pyenv install 3.10.0 - - pyenv local 3.10.0 - pip install "tox < 4.0" - tox diff --git a/codebuild/py311/awses_local.yml b/codebuild/py311/awses_local.yml new file mode 100644 index 000000000..1b00712d5 --- /dev/null +++ b/codebuild/py311/awses_local.yml @@ -0,0 +1,25 @@ +version: 0.2 + +env: + variables: + TOXENV: "py311-awses_local" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: 3.11 + build: + commands: + - pip install "tox < 4.0" + - cd test_vector_handlers + - tox diff --git a/codebuild/py311/examples.yml b/codebuild/py311/examples.yml new file mode 100644 index 000000000..6efcd26d2 --- /dev/null +++ b/codebuild/py311/examples.yml @@ -0,0 +1,22 @@ +version: 0.2 + +env: + variables: + TOXENV: "py311-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + +phases: + install: + runtime-versions: + python: 3.11 + build: + commands: + - pip install "tox < 4.0" + - tox diff --git a/codebuild/py311/integ.yml b/codebuild/py311/integ.yml new file mode 100644 index 000000000..9606bee12 --- /dev/null +++ b/codebuild/py311/integ.yml @@ -0,0 +1,22 @@ +version: 0.2 + +env: + variables: + TOXENV: "py311-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + +phases: + install: + runtime-versions: + python: 3.11 + build: + commands: + - pip install "tox < 4.0" + - tox diff --git a/codebuild/py312/awses_local.yml b/codebuild/py312/awses_local.yml new file mode 100644 index 000000000..50638c6e9 --- /dev/null +++ b/codebuild/py312/awses_local.yml @@ -0,0 +1,30 @@ +version: 0.2 + +env: + variables: + TOXENV: "py312-awses_local" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - + - pyenv install 3.12.0 + - pyenv local 3.12.0 + - pip install --upgrade pip + - pip install setuptools + - pip install "tox < 4.0" + - cd test_vector_handlers + - tox diff --git a/codebuild/py312/examples.yml b/codebuild/py312/examples.yml new file mode 100644 index 000000000..aee933e00 --- /dev/null +++ b/codebuild/py312/examples.yml @@ -0,0 +1,27 @@ +version: 0.2 + +env: + variables: + TOXENV: "py312-examples" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - + - pyenv install 3.12.0 + - pyenv local 3.12.0 + - pip install --upgrade pip + - pip install setuptools + - pip install "tox < 4.0" + - tox diff --git a/codebuild/py312/integ.yml b/codebuild/py312/integ.yml new file mode 100644 index 000000000..156c185d9 --- /dev/null +++ b/codebuild/py312/integ.yml @@ -0,0 +1,27 @@ +version: 0.2 + +env: + variables: + TOXENV: "py312-integ" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- + arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - + - pyenv install 3.12.0 + - pyenv local 3.12.0 + - pip install --upgrade pip + - pip install setuptools + - pip install "tox < 4.0" + - tox diff --git a/codebuild/py37/awses_local.yml b/codebuild/py37/awses_local.yml index c4265fc71..02dfe5d0b 100644 --- a/codebuild/py37/awses_local.yml +++ b/codebuild/py37/awses_local.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.7 build: commands: - - pyenv install 3.7.12 - - pyenv local 3.7.12 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py37/examples.yml b/codebuild/py37/examples.yml index 14b220524..0b240c768 100644 --- a/codebuild/py37/examples.yml +++ b/codebuild/py37/examples.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.7 build: commands: - - pyenv install 3.7.12 - - pyenv local 3.7.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/py37/integ.yml b/codebuild/py37/integ.yml index 6306c20e2..b702d45cb 100644 --- a/codebuild/py37/integ.yml +++ b/codebuild/py37/integ.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.7 build: commands: - - pyenv install 3.7.12 - - pyenv local 3.7.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/awses_local.yml b/codebuild/py38/awses_local.yml index 936a9ca6c..9876de247 100644 --- a/codebuild/py38/awses_local.yml +++ b/codebuild/py38/awses_local.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.8 build: commands: - - pyenv install 3.8.12 - - pyenv local 3.8.12 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py38/examples.yml b/codebuild/py38/examples.yml index 221ad4f80..4dff71d65 100644 --- a/codebuild/py38/examples.yml +++ b/codebuild/py38/examples.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.8 build: commands: - - pyenv install 3.8.12 - - pyenv local 3.8.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/py38/integ.yml b/codebuild/py38/integ.yml index 088a2c7ba..8b7acafe1 100644 --- a/codebuild/py38/integ.yml +++ b/codebuild/py38/integ.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.8 build: commands: - - pyenv install 3.8.12 - - pyenv local 3.8.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/awses_1.7.1.yml b/codebuild/py39/awses_1.7.1.yml index c61024409..22267ad8f 100644 --- a/codebuild/py39/awses_1.7.1.yml +++ b/codebuild/py39/awses_1.7.1.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_2.0.0.yml b/codebuild/py39/awses_2.0.0.yml index df6cd489c..d35e7e98c 100644 --- a/codebuild/py39/awses_2.0.0.yml +++ b/codebuild/py39/awses_2.0.0.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/awses_latest.yml b/codebuild/py39/awses_latest.yml index 0675cbb0a..719ab2238 100644 --- a/codebuild/py39/awses_latest.yml +++ b/codebuild/py39/awses_latest.yml @@ -17,11 +17,9 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - cd test_vector_handlers - tox diff --git a/codebuild/py39/examples.yml b/codebuild/py39/examples.yml index 6f07efcea..3d1399251 100644 --- a/codebuild/py39/examples.yml +++ b/codebuild/py39/examples.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - tox diff --git a/codebuild/py39/integ.yml b/codebuild/py39/integ.yml index 1e9743e39..6dec85b07 100644 --- a/codebuild/py39/integ.yml +++ b/codebuild/py39/integ.yml @@ -15,10 +15,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - tox diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt index 57e3871e0..4335988fd 100644 --- a/dev_requirements/ci-requirements.txt +++ b/dev_requirements/ci-requirements.txt @@ -1 +1,2 @@ +setuptools tox==3.27.1 diff --git a/test/unit/test_caches_base.py b/test/unit/test_caches_base.py index c3aa2369b..c24b1b04c 100644 --- a/test/unit/test_caches_base.py +++ b/test/unit/test_caches_base.py @@ -19,18 +19,16 @@ def test_abstracts(): - with pytest.raises(TypeError) as excinfo: + with pytest.raises(TypeError, match='instantiate abstract class CryptoMaterialsCache') as excinfo: CryptoMaterialsCache() - excinfo.match( - r"Can't instantiate abstract class CryptoMaterialsCache with abstract methods {}".format( - ", ".join( - [ - "get_decryption_materials", - "get_encryption_materials", - "put_decryption_materials", - "put_encryption_materials", - ] - ) - ) - ) + exception = str(excinfo.value) + method_names = [ + "get_decryption_materials", + "get_encryption_materials", + "put_decryption_materials", + "put_encryption_materials" + ] + for name in method_names: + if exception.rfind(name) == -1: + raise AssertionError("{} missing from Exception Message".format(name)) diff --git a/test/unit/test_material_managers_base.py b/test/unit/test_material_managers_base.py index 792118979..34501e59a 100644 --- a/test/unit/test_material_managers_base.py +++ b/test/unit/test_material_managers_base.py @@ -19,11 +19,10 @@ def test_abstracts(): - with pytest.raises(TypeError) as excinfo: + with pytest.raises(TypeError, match='instantiate abstract class CryptoMaterialsManager') as excinfo: CryptoMaterialsManager() - - excinfo.match( - r"Can't instantiate abstract class CryptoMaterialsManager with abstract methods {}".format( - ", ".join(["decrypt_materials", "get_encryption_materials"]) - ) - ) + method_names = ["decrypt_materials", "get_encryption_materials"] + exception = str(excinfo.value) + for name in method_names: + if exception.rfind(name) == -1: + raise AssertionError("{} missing from Exception Message".format(name)) diff --git a/tox.ini b/tox.ini index 48421de50..9ca7a0cd6 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310,311}-{local,integ,accept,examples}, nocmk, + py{37,38,39,310,311,312}-{local,integ,accept,examples}, nocmk, bandit, doc8, readme, docs, {flake8,pylint}{,-tests,-examples}, isort-check, black-check, From 10067581cd3316fbb379929806db6867e4cb0feb Mon Sep 17 00:00:00 2001 From: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Date: Tue, 30 Jan 2024 09:02:56 -0800 Subject: [PATCH 35/43] chore(ci): skip pyenv installation if already exists (#627) --- codebuild/py312/awses_local.yml | 2 +- codebuild/py312/examples.yml | 2 +- codebuild/py312/integ.yml | 2 +- codebuild/release/validate.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codebuild/py312/awses_local.yml b/codebuild/py312/awses_local.yml index 50638c6e9..0a81984ee 100644 --- a/codebuild/py312/awses_local.yml +++ b/codebuild/py312/awses_local.yml @@ -21,7 +21,7 @@ phases: build: commands: - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - - - pyenv install 3.12.0 + - pyenv install --skip-existing 3.12.0 - pyenv local 3.12.0 - pip install --upgrade pip - pip install setuptools diff --git a/codebuild/py312/examples.yml b/codebuild/py312/examples.yml index aee933e00..691ea0e60 100644 --- a/codebuild/py312/examples.yml +++ b/codebuild/py312/examples.yml @@ -19,7 +19,7 @@ phases: build: commands: - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - - - pyenv install 3.12.0 + - pyenv install --skip-existing 3.12.0 - pyenv local 3.12.0 - pip install --upgrade pip - pip install setuptools diff --git a/codebuild/py312/integ.yml b/codebuild/py312/integ.yml index 156c185d9..10899f1df 100644 --- a/codebuild/py312/integ.yml +++ b/codebuild/py312/integ.yml @@ -19,7 +19,7 @@ phases: build: commands: - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - - - pyenv install 3.12.0 + - pyenv install --skip-existing 3.12.0 - pyenv local 3.12.0 - pip install --upgrade pip - pip install setuptools diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 1043745ee..a929e9154 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -11,7 +11,7 @@ phases: - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt - - pyenv install 3.8.12 + - pyenv install --skip-existing 3.8.12 - pyenv local 3.8.12 - pip install "tox < 4.0" build: From c67e6bd471b30e13cc7f1b724ce7d19df2380c22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 10:41:18 -0800 Subject: [PATCH 36/43] chore(deps): bump cryptography from 41.0.2 to 41.0.6 in /test (#626) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index f43f7bf42..12d8a0730 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==41.0.2 +cryptography==41.0.6 iniconfig==2.0.0 jmespath==1.0.1 mock==4.0.3 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 651f6daf9..1bc3a3ecd 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==41.0.2 +cryptography==41.0.6 exceptiongroup==1.1.0 importlib-metadata==6.0.0 iniconfig==2.0.0 From bbb2281ed61f8fc8700e31d9828753531c8e586f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 31 Jan 2024 03:40:16 -0800 Subject: [PATCH 37/43] chore(deps): bump urllib3 from 1.26.14 to 1.26.18 in /test (#618) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 1.26.18. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.14...1.26.18) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 12d8a0730..f15b300fc 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -16,5 +16,5 @@ pytest-mock==3.6.1 python-dateutil==2.8.2 s3transfer==0.6.0 six==1.16.0 -urllib3==1.26.14 +urllib3==1.26.18 wrapt==1.14.1 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 1bc3a3ecd..e4943172e 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -20,6 +20,6 @@ s3transfer==0.6.0 six==1.16.0 tomli==2.0.1 typing_extensions==4.4.0 -urllib3==1.26.14 +urllib3==1.26.18 wrapt==1.14.1 zipp==3.11.0 From c12207621d295b335fdfb500c2b02694cc6786d8 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Thu, 8 Feb 2024 11:10:53 -0800 Subject: [PATCH 38/43] chore(CFN): Commit existing CFN (#636) --- cfn/ESDK-Python.yml | 341 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 341 insertions(+) create mode 100644 cfn/ESDK-Python.yml diff --git a/cfn/ESDK-Python.yml b/cfn/ESDK-Python.yml new file mode 100644 index 000000000..47965bfb3 --- /dev/null +++ b/cfn/ESDK-Python.yml @@ -0,0 +1,341 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Template to build a CodeBuild Project, assumes that GitHub credentials are already set up." +Parameters: + ProjectName: + Type: String + Description: The name of the CodeBuild Project + ProjectDescription: + Type: String + Description: The description for the CodeBuild Project + SourceLocation: + Type: String + Description: The https GitHub URL for the project + NumberOfBuildsInBatch: + Type: Number + MaxValue: 100 + MinValue: 1 + Default: 4 + Description: The number of builds you expect to run in a batch + +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - + Label: + default: "Crypto Tools CodeBuild Project Template" + Parameters: + - ProjectName + - ProjectDescription + - SourceLocation + +Resources: + CodeBuildProject: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Ref ProjectName + Description: !Ref ProjectDescription + Source: + Location: !Ref SourceLocation + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: true + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_MEDIUM" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectTestRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-test-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to test PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/test-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectProdRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-prod-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to prod PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/prod-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + + + CodeBuildServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildBatchPolicy + - !Ref CodeBuildBasePolicy + - !Ref SecretsManagerPolicy + + CodeBuildCIServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-CI-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildCIBatchPolicy + - !Ref CodeBuildBasePolicy + + CodeBuildBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-test-release", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-prod-release" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildCIBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-CI-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildBasePolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBasePolicy-${ProjectName}-${AWS::Region}" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release:*" + ], + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + }, + { + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::codepipeline-${AWS::Region}-*" + ], + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ] + }, + { + "Effect": "Allow", + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages" + ], + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:report-group/${ProjectName}-*" + ] + } + ] + } + + SecretsManagerPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CryptoTools-SecretsManager-${ProjectName}-release" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:us-west-2:587316601012:secret:TestPyPiCryptoTools-SxeLBh", + "arn:aws:secretsmanager:us-west-2:587316601012:secret:PyPiAdmin-ZWyd1T" + ], + "Action": "secretsmanager:GetSecretValue" + } + ] + } + + # There exist public AWS KMS CMKs that are used for testing + # Take care with these CMKs they are **ONLY** for testing!!! + CryptoToolsKMS: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CrypotToolsKMSPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:kms:*:658956600833:key/*", + "arn:aws:kms:*:658956600833:alias/*", + "arn:aws:kms:*:370957321024:key/*", + "arn:aws:kms:*:370957321024:alias/*" + ], + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:Generate*", + "kms:GetPublicKey", + "kms:DescribeKey" + ] + } + ] + } From bcead776b022566ad8211a08e1a458375b23a356 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Mon, 12 Feb 2024 13:04:38 -0500 Subject: [PATCH 39/43] feat: update requirements and README (#638) --- README.rst | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.rst b/README.rst index f526f2727..c21b7a0b3 100644 --- a/README.rst +++ b/README.rst @@ -35,7 +35,7 @@ Required Prerequisites ====================== * Python 3.7+ -* cryptography >= 2.5.0 +* cryptography >= 3.4.6 * boto3 >= 1.10.0 * attrs diff --git a/requirements.txt b/requirements.txt index 2f4323845..506801993 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ boto3>=1.10.0 -cryptography>=3.4.0 +cryptography>=3.4.6 attrs>=17.4.0 wrapt>=1.10.11 From e5c331b68590825b55b5300ffab6dc80fbd20818 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 15:35:36 -0800 Subject: [PATCH 40/43] chore(deps): bump actions/checkout from 3 to 4 (#607) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_decrypt-oracle.yaml | 4 ++-- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_test-vector-handler.yaml | 4 ++-- .github/workflows/ci_tests.yaml | 6 +++--- .github/workflows/repo-sync.yml | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci_decrypt-oracle.yaml b/.github/workflows/ci_decrypt-oracle.yaml index 335bc8e98..baf01c571 100644 --- a/.github/workflows/ci_decrypt-oracle.yaml +++ b/.github/workflows/ci_decrypt-oracle.yaml @@ -11,7 +11,7 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: # The oracle will run on a Python 3.9 Lamba @@ -38,7 +38,7 @@ jobs: - flake8-tests - pylint-tests steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 3.9 diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 0093ae9a9..7f74e8fc3 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -27,7 +27,7 @@ jobs: - black-check - isort-check steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 3.8 diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml index 12ecf8f93..9c676de4e 100644 --- a/.github/workflows/ci_test-vector-handler.yaml +++ b/.github/workflows/ci_test-vector-handler.yaml @@ -42,7 +42,7 @@ jobs: aws-access-key-id: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }} aws-region: us-west-2 - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} @@ -69,7 +69,7 @@ jobs: - flake8-tests - pylint-tests steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 3.9 diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 9d491203c..8ebbefd67 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -52,7 +52,7 @@ jobs: - os: macos-latest architecture: x86 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} @@ -73,7 +73,7 @@ jobs: - nocmk - test-upstream-requirements-py37 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: 3.7 @@ -93,7 +93,7 @@ jobs: - nocmk - test-upstream-requirements-py311 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/setup-python@v4 with: python-version: "3.11" diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index 6b1c6be3e..e3776d399 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,7 +9,7 @@ jobs: environment: repo-sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: repo-sync/github-sync@v2 name: Sync repo to branch with: From a93ffe7a98f8913040f6a693701ba287dd1570fb Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Thu, 29 Feb 2024 16:31:33 -0800 Subject: [PATCH 41/43] chore: bump deps & document upstream test (#646) * chore: bump deps & document upstream test * chore: remove upstream py37 from GHW --- .github/workflows/ci_test-vector-handler.yaml | 2 +- .github/workflows/ci_tests.yaml | 20 --------------- dev_requirements/linter-requirements.txt | 4 +-- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 25 ------------------- test/upstream.md | 7 ++++++ tox.ini | 17 ------------- 7 files changed, 11 insertions(+), 66 deletions(-) delete mode 100644 test/upstream-requirements-py37.txt create mode 100644 test/upstream.md diff --git a/.github/workflows/ci_test-vector-handler.yaml b/.github/workflows/ci_test-vector-handler.yaml index 9c676de4e..2fcd22fc9 100644 --- a/.github/workflows/ci_test-vector-handler.yaml +++ b/.github/workflows/ci_test-vector-handler.yaml @@ -37,7 +37,7 @@ jobs: - os: macos-latest architecture: x86 steps: - - uses: aws-actions/configure-aws-credentials@v1 + - uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 8ebbefd67..cc5da2c09 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -64,26 +64,6 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py37: - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - category: - - nocmk - - test-upstream-requirements-py37 - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 - with: - python-version: 3.7 - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r dev_requirements/ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv upstream-py311: runs-on: ubuntu-latest strategy: diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 9d10c38e0..1295e522d 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.4 -black==22.3.0 +black==24.2.0 doc8==0.10.1 flake8==4.0.1 flake8-bugbear==22.9.11 @@ -10,4 +10,4 @@ pyflakes==2.4.0 pylint==2.13.5 readme_renderer==37.3 seed-isort-config==2.2.0 -vulture==2.6 +vulture==2.9.1 diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index f15b300fc..16ae4654a 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -3,7 +3,7 @@ boto3==1.26.54 botocore==1.29.54 cffi==1.15.1 coverage==7.0.5 -cryptography==41.0.6 +cryptography==42.0.4 iniconfig==2.0.0 jmespath==1.0.1 mock==4.0.3 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt deleted file mode 100644 index e4943172e..000000000 --- a/test/upstream-requirements-py37.txt +++ /dev/null @@ -1,25 +0,0 @@ -attrs==22.2.0 -boto3==1.26.54 -botocore==1.29.54 -cffi==1.15.1 -coverage==7.0.5 -cryptography==41.0.6 -exceptiongroup==1.1.0 -importlib-metadata==6.0.0 -iniconfig==2.0.0 -jmespath==1.0.1 -mock==4.0.3 -packaging==23.0 -pluggy==1.0.0 -pycparser==2.21 -pytest==7.2.0 -pytest-cov==3.0.0 -pytest-mock==3.6.1 -python-dateutil==2.8.2 -s3transfer==0.6.0 -six==1.16.0 -tomli==2.0.1 -typing_extensions==4.4.0 -urllib3==1.26.18 -wrapt==1.14.1 -zipp==3.11.0 diff --git a/test/upstream.md b/test/upstream.md new file mode 100644 index 000000000..aeb3ed638 --- /dev/null +++ b/test/upstream.md @@ -0,0 +1,7 @@ +AWS Crypto Tools maintains `test/upstream-requirements-py.txt` in our Python products such that +our Cryptographic Primitive Provider for Python ([pyca/cryptography](https://github.com/pyca/cryptography)) +may execute downstream tests against AWS Crypto Tools Python products. +These files allow pyca to install and test the Crypto Tools products. +Additionally, Crypto Tools should maintain a test configuration that can be completed without using any AWS resources. +If Crypto Tools needs to contact pyca about this expectation, +they should cut a issue to the pyca/cryptography repo. diff --git a/tox.ini b/tox.ini index 9ca7a0cd6..aa1ea5325 100644 --- a/tox.ini +++ b/tox.ini @@ -94,15 +94,6 @@ recreate = True deps = commands = {toxinidir}/test/freeze-upstream-requirements.sh -# Freeze for Python 3.7 -[testenv:freeze-upstream-requirements-py37] -basepython = python3.7 -sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} -skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} -recreate = {[testenv:freeze-upstream-requirements-base]recreate} -deps = {[testenv:freeze-upstream-requirements-base]deps} -commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt - # Freeze for Python 3.11 [testenv:freeze-upstream-requirements-py311] basepython = python3.11 @@ -118,14 +109,6 @@ sitepackages = False recreate = True commands = {[testenv:base-command]commands} test/ -m local -# Test frozen upstream requirements for Python 3.7 -[testenv:test-upstream-requirements-py37] -basepython = python3.7 -deps = -rtest/upstream-requirements-py37.txt -sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} -recreate = {[testenv:test-upstream-requirements-base]recreate} -commands = {[testenv:test-upstream-requirements-base]commands} - # Test frozen upstream requirements for Python 3.11 [testenv:test-upstream-requirements-py311] basepython = python3.11 From 64fb6a8dd1a6dd135ba9ea7b12b3aed7dca2f631 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 18 Mar 2024 10:15:43 -0700 Subject: [PATCH 42/43] chore(CFN): Allow access to CI keystore resources from CI and release roles (#637) --- cfn/ESDK-Python.yml | 19 +++++++++++ cfn/Public-ESDK-Python-CI.yml | 59 +++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 cfn/Public-ESDK-Python-CI.yml diff --git a/cfn/ESDK-Python.yml b/cfn/ESDK-Python.yml index 47965bfb3..7a605f8c8 100644 --- a/cfn/ESDK-Python.yml +++ b/cfn/ESDK-Python.yml @@ -174,6 +174,7 @@ Resources: - !Ref CodeBuildBatchPolicy - !Ref CodeBuildBasePolicy - !Ref SecretsManagerPolicy + - !Ref CodeBuildCISTSAllow CodeBuildCIServiceRole: Type: "AWS::IAM::Role" @@ -186,6 +187,7 @@ Resources: - !Ref CryptoToolsKMS - !Ref CodeBuildCIBatchPolicy - !Ref CodeBuildBasePolicy + - !Ref CodeBuildCISTSAllow CodeBuildBatchPolicy: Type: "AWS::IAM::ManagedPolicy" @@ -339,3 +341,20 @@ Resources: } ] } + + CodeBuildCISTSAllow: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub CodeBuildCISTSAllow-${ProjectName} + Path: /service-role/ + PolicyDocument: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": "sts:AssumeRole", + "Resource": "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Python-Role-us-west-2" + } + ] + } diff --git a/cfn/Public-ESDK-Python-CI.yml b/cfn/Public-ESDK-Python-CI.yml new file mode 100644 index 000000000..6d40b8274 --- /dev/null +++ b/cfn/Public-ESDK-Python-CI.yml @@ -0,0 +1,59 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "IAM Managed Policies/Role for AWS KMS Hierarchical Keyring Testing" + +Parameters: + ProjectName: + Type: String + Description: A prefix that will be applied to any resource names + Default: Public-ESDK-Python + GitHubRepo: + Type: String + Description: GitHub Repo that invokes CI + Default: aws/aws-encryption-sdk-python + +Resources: + GitHubCIRole: + Type: 'AWS::IAM::Role' + Properties: + RoleName: !Sub "GitHub-CI-${ProjectName}-Role-${AWS::Region}" + Description: "Access DDB, KMS, Resources for CI from GitHub" + ManagedPolicyArns: + - "arn:aws:iam::370957321024:policy/ESDK-Dafny-DDB-ReadWriteDelete-us-west-2" + - "arn:aws:iam::370957321024:policy/Hierarchical-GitHub-KMS-Key-Policy" + - "arn:aws:iam::370957321024:policy/KMS-Public-CMK-EncryptDecrypt-Key-Access" + - "arn:aws:iam::370957321024:policy/RSA-GitHub-KMS-Key-Policy" + AssumeRolePolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { "Federated": "arn:aws:iam::${AWS::AccountId}:oidc-provider/token.actions.githubusercontent.com" }, + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "token.actions.githubusercontent.com:aud": "sts.amazonaws.com" + }, + "StringLike": { + "token.actions.githubusercontent.com:sub": "repo:${GitHubRepo}:*" + } + } + }, + { + "Effect": "Allow", + "Principal": { + "AWS": "*" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "aws:PrincipalArn": [ + "arn:aws:iam::587316601012:role/service-role/codebuild-python-esdk-CI-service-role", + "arn:aws:iam::587316601012:role/service-role/codebuild-python-esdk-service-role", + "arn:aws:iam::${AWS::AccountId}:role/ToolsDevelopment" + ] + } + } + } + ] + } \ No newline at end of file From 9f6d7e4e89125241d6df545d374b9b6f912e8bcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Mon, 18 Mar 2024 12:27:25 -0700 Subject: [PATCH 43/43] chore: update changelog and identifiers.py (#654) --- CHANGELOG.rst | 52 +++++++++++++++++++++++++++ src/aws_encryption_sdk/identifiers.py | 2 +- 2 files changed, 53 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f53472963..b8b3d5992 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,58 @@ Changelog ********* +3.2.0 -- 2024-03-18 +=================== + +Features +----------- +* test Python 3.12 in CI (#623 (https://github.com/josecorella/aws-encryption-sdk-python/issues/623)) (93a67d8 (https://github.com/josecorella/aws-encryption-sdk-python/commit/93a67d8a3806f560ead950e6d8898e53c4c4f9df)) +* update requirements and README (#638 (https://github.com/josecorella/aws-encryption-sdk-python/issues/638)) (bcead77 (https://github.com/josecorella/aws-encryption-sdk-python/commit/bcead776b022566ad8211a08e1a458375b23a356)) + +Fixes +----------- +* CI for Decrypt Oracle (#558 (https://github.com/josecorella/aws-encryption-sdk-python/issues/558)) (6c6b732 (https://github.com/josecorella/aws-encryption-sdk-python/commit/6c6b732379197e91d2137af9f018f670a1ce500a)) +* deprecate python36 from chalice (#539 (https://github.com/josecorella/aws-encryption-sdk-python/issues/539)) (f8aa29f (https://github.com/josecorella/aws-encryption-sdk-python/commit/f8aa29fe98d419dac916846d7ff207685ea95307)) +* test: correctly invoke ec.generate_private_key (#585 (https://github.com/josecorella/aws-encryption-sdk-python/issues/585)) (560e714 (https://github.com/josecorella/aws-encryption-sdk-python/commit/560e7143ac7caf98e190b17ce2af97b7eea6be16)) +* update pyca range (#507 (https://github.com/josecorella/aws-encryption-sdk-python/issues/507)) (aced92c (https://github.com/josecorella/aws-encryption-sdk-python/commit/aced92c3d87dddf3e0920b9dfad4cedd2473604a)) +* Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle (#538 (https://github.com/josecorella/aws-encryption-sdk-python/issues/538)) (e91838f (https://github.com/josecorella/aws-encryption-sdk-python/commit/e91838f65705867fc95506a4323054bca24e9521)) +* wrong formatting python warning (#546 (https://github.com/josecorella/aws-encryption-sdk-python/issues/546)) (9b618d3 (https://github.com/josecorella/aws-encryption-sdk-python/commit/9b618d3a5e517435304a891393fefcbbd89faf65)) + +Maintenance +----------- +* Add example for custom KMS client config (#440 (https://github.com/josecorella/aws-encryption-sdk-python/issues/440)) (08f305a (https://github.com/josecorella/aws-encryption-sdk-python/commit/08f305a9b7b5fc897d9cafac55fb98f3f2a6fe13)) +* Add Thread safety section to README (#562 (https://github.com/josecorella/aws-encryption-sdk-python/issues/562)) (7a07b16 (https://github.com/josecorella/aws-encryption-sdk-python/commit/7a07b161d51900066c131627f9f7330acb926d3b)) +* bump deps & document upstream test (#646 (https://github.com/josecorella/aws-encryption-sdk-python/issues/646)) (a93ffe7 (https://github.com/josecorella/aws-encryption-sdk-python/commit/a93ffe7a98f8913040f6a693701ba287dd1570fb)) +* CFN: Commit existing CFN (#636 (https://github.com/josecorella/aws-encryption-sdk-python/issues/636)) (c122076 (https://github.com/josecorella/aws-encryption-sdk-python/commit/c12207621d295b335fdfb500c2b02694cc6786d8)) +* ci: skip pyenv installation if already exists (#627 (https://github.com/josecorella/aws-encryption-sdk-python/issues/627)) (1006758 (https://github.com/josecorella/aws-encryption-sdk-python/commit/10067581cd3316fbb379929806db6867e4cb0feb)) +* deps: bump actions/checkout from 3 to 4 (#607 (https://github.com/josecorella/aws-encryption-sdk-python/issues/607)) (e5c331b (https://github.com/josecorella/aws-encryption-sdk-python/commit/e5c331b68590825b55b5300ffab6dc80fbd20818)) +* deps: bump actions/setup-python from 2 to 4.2.0 (#491 (https://github.com/josecorella/aws-encryption-sdk-python/issues/491)) (d064bf8 (https://github.com/josecorella/aws-encryption-sdk-python/commit/d064bf8813d25e1ba4a8cce7269b8ee48acfd79a)) +* deps: bump cryptography from 39.0.0 to 39.0.1 in /test (#559 (https://github.com/josecorella/aws-encryption-sdk-python/issues/559)) (6468137 (https://github.com/josecorella/aws-encryption-sdk-python/commit/646813786c6250a525afb67bebc486eda206edd8)) +* deps: bump cryptography from 39.0.1 to 41.0.2 in /test (#592 (https://github.com/josecorella/aws-encryption-sdk-python/issues/592)) (3ba8019 (https://github.com/josecorella/aws-encryption-sdk-python/commit/3ba8019681ed95c41bb9448f0c3897d1aecc7559)) +* deps: bump cryptography from 41.0.2 to 41.0.6 in /test (#626 (https://github.com/josecorella/aws-encryption-sdk-python/issues/626)) (c67e6bd (https://github.com/josecorella/aws-encryption-sdk-python/commit/c67e6bd471b30e13cc7f1b724ce7d19df2380c22)) +* deps: bump dependabot/fetch-metadata from 1.3.0 to 1.3.6 (#549 (https://github.com/josecorella/aws-encryption-sdk-python/issues/549)) (2a6bd9d (https://github.com/josecorella/aws-encryption-sdk-python/commit/2a6bd9d70c779655077985c544df3db6a3518443)) +* deps: bump flake8-bugbear in /dev_requirements (#512 (https://github.com/josecorella/aws-encryption-sdk-python/issues/512)) (93f01d6 (https://github.com/josecorella/aws-encryption-sdk-python/commit/93f01d655d6bce704bd8779cc9c4acb5f96b980c)) +* deps: bump flake8-docstrings in /dev_requirements (#555 (https://github.com/josecorella/aws-encryption-sdk-python/issues/555)) (bd8f270 (https://github.com/josecorella/aws-encryption-sdk-python/commit/bd8f270c8717e5d4a787d33bcfda8b53bbe7751e)) +* deps: bump flake8-print from 4.0.0 to 5.0.0 in /dev_requirements (#554 (https://github.com/josecorella/aws-encryption-sdk-python/issues/554)) (2326531 (https://github.com/josecorella/aws-encryption-sdk-python/commit/232653188558379bceeb884b3f74b56b07560f62)) +* deps: bump isort from 5.10.1 to 5.11.4 in /dev_requirements (#551 (https://github.com/josecorella/aws-encryption-sdk-python/issues/551)) (36a0ea2 (https://github.com/josecorella/aws-encryption-sdk-python/commit/36a0ea2199872d6590691b53fbea7aee2236a99e)) +* deps: bump pytest from 7.0.1 to 7.2.0 in /dev_requirements (#524 (https://github.com/josecorella/aws-encryption-sdk-python/issues/524)) (af98302 (https://github.com/josecorella/aws-encryption-sdk-python/commit/af983024fdd800e6b2c4ae41cdf1617c982e4916)) +* deps: bump pytest from 7.2.0 to 7.2.1 in /dev_requirements (#553 (https://github.com/josecorella/aws-encryption-sdk-python/issues/553)) (48f96d5 (https://github.com/josecorella/aws-encryption-sdk-python/commit/48f96d58eeb712a5faa631ce4f4930d5d23bb649)) +* deps: bump pytest-cov from 3.0.0 to 4.0.0 in /dev_requirements (#550 (https://github.com/josecorella/aws-encryption-sdk-python/issues/550)) (6e436e1 (https://github.com/josecorella/aws-encryption-sdk-python/commit/6e436e13ce250759a499c3d9c820384cfc26283c)) +* deps: bump readme-renderer from 34.0 to 37.3 in /dev_requirements (#526 (https://github.com/josecorella/aws-encryption-sdk-python/issues/526)) (38aa063 (https://github.com/josecorella/aws-encryption-sdk-python/commit/38aa06309ad8ad709044c86ac6b4951739fbf996)) +* deps: bump setuptools from 62.0.0 to 66.1.1 in /dev_requirements (#547 (https://github.com/josecorella/aws-encryption-sdk-python/issues/547)) (04e8c16 (https://github.com/josecorella/aws-encryption-sdk-python/commit/04e8c167273357a9548ff474c527805d8764a661)) +* deps: bump sphinx from 4.4.0 to 5.3.0 in /dev_requirements (#523 (https://github.com/josecorella/aws-encryption-sdk-python/issues/523)) (51cb2ce (https://github.com/josecorella/aws-encryption-sdk-python/commit/51cb2ce148bc7e048587b013337f2440b53c1387)) +* deps: bump tox from 3.24.5 to 3.27.1 in /dev_requirements (#528 (https://github.com/josecorella/aws-encryption-sdk-python/issues/528)) (e2c834a (https://github.com/josecorella/aws-encryption-sdk-python/commit/e2c834ac5c4a9ca65db2b225e794f7ddf4d89cc4)) +* deps: bump urllib3 from 1.26.14 to 1.26.18 in /test (#618 (https://github.com/josecorella/aws-encryption-sdk-python/issues/618)) (bbb2281 (https://github.com/josecorella/aws-encryption-sdk-python/commit/bbb2281ed61f8fc8700e31d9828753531c8e586f)) +* deps: bump vulture from 2.3 to 2.6 in /dev_requirements (#533 (https://github.com/josecorella/aws-encryption-sdk-python/issues/533)) (2822364 (https://github.com/josecorella/aws-encryption-sdk-python/commit/28223646b4c48b2508ca46e3084689988abd2d27)) +* deps: bump wheel from 0.37.1 to 0.38.4 in /dev_requirements (#536 (https://github.com/josecorella/aws-encryption-sdk-python/issues/536)) (1922650 (https://github.com/josecorella/aws-encryption-sdk-python/commit/19226506ad33f5b964fe6632604425923f6ba8c1)) +* drop py3.6 from Oracle & Test Vectors (#529 (https://github.com/josecorella/aws-encryption-sdk-python/issues/529)) (8b6a493 (https://github.com/josecorella/aws-encryption-sdk-python/commit/8b6a49388c85785a22d59430007b7873ac8acf96)) +* drop py36 support (#530 (https://github.com/josecorella/aws-encryption-sdk-python/issues/530)) (a753ff8 (https://github.com/josecorella/aws-encryption-sdk-python/commit/a753ff884fe3000881c7d3a2392a0b5d65cfa138)) +* release: add api token to prod release process (#503 (https://github.com/josecorella/aws-encryption-sdk-python/issues/503)) (333c85b (https://github.com/josecorella/aws-encryption-sdk-python/commit/333c85b40b8ee20ed6303b9775e7fb9a6c6d2c63)) +* release: add api token to staging release process (#502 (https://github.com/josecorella/aws-encryption-sdk-python/issues/502)) (78e43b3 (https://github.com/josecorella/aws-encryption-sdk-python/commit/78e43b38a5b9df9a925084242a230fccf91476f2)) +* rm upstream-py27 (#564 (https://github.com/josecorella/aws-encryption-sdk-python/issues/564)) (b378508 (https://github.com/josecorella/aws-encryption-sdk-python/commit/b3785085b7c00fef27a250abf78549d6e7928802)) +* SupportPolicy: Mark 1.x & 2.x End-of-Support (#501 (https://github.com/josecorella/aws-encryption-sdk-python/issues/501)) (ca58e5e (https://github.com/josecorella/aws-encryption-sdk-python/commit/ca58e5e0ce373e9ae5132bb5ce95b6886a0a37d3)) + + 3.1.1 -- 2022-06-20 =================== diff --git a/src/aws_encryption_sdk/identifiers.py b/src/aws_encryption_sdk/identifiers.py index d4397335c..42cf45d82 100644 --- a/src/aws_encryption_sdk/identifiers.py +++ b/src/aws_encryption_sdk/identifiers.py @@ -27,7 +27,7 @@ # We only actually need these imports when running the mypy checks pass -__version__ = "3.1.1" +__version__ = "3.2.0" USER_AGENT_SUFFIX = "AwsEncryptionSdkPython/{}".format(__version__)