From 63d40142debe88714a62cd8eb4319cf6bec8f46a Mon Sep 17 00:00:00 2001 From: Benjamin Farley Date: Wed, 20 Jan 2021 09:51:25 -0700 Subject: [PATCH 01/75] fix!: Remove the MostRecentProvider. BREAKING CHANGE: Removes the MostRecentProvider, which is replaced by the CachingMostRecentProvider. --- CHANGELOG.rst | 8 ++ src/dynamodb_encryption_sdk/identifiers.py | 2 +- .../material_providers/most_recent.py | 80 +++++------------ .../material_providers/test_most_recent.py | 90 ++++--------------- 4 files changed, 49 insertions(+), 131 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d10b71e9..8a037cd1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,14 @@ Changelog ********* +2.0.0 -- 2021-02-04 +=================== + +Breaking Changes +---------------- +Removes MostRecentProvider. MostRecentProvider is replaced by CachingMostRecentProvider as of 1.3.0. + + 1.3.0 -- 2021-02-04 =================== Adds the CachingMostRecentProvider and deprecates MostRecentProvider. diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index f4edd670..ab0b9b33 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "1.3.0" +__version__ = "2.0.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index 55b6376a..a1d493ba 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -13,7 +13,6 @@ """Cryptographic materials provider that uses a provider store to obtain cryptographic materials.""" import logging import time -import warnings from collections import OrderedDict from enum import Enum from threading import Lock, RLock @@ -37,7 +36,6 @@ __all__ = ( - "MostRecentProvider", "CachingMostRecentProvider", ) _LOGGER = logging.getLogger(LOGGER_NAME) @@ -135,10 +133,12 @@ def evict(self, name): @attr.s(init=False) -class MostRecentProvider(CryptographicMaterialsProvider): +@attr.s(init=False) +class CachingMostRecentProvider(CryptographicMaterialsProvider): # pylint: disable=too-many-instance-attributes """Cryptographic materials provider that uses a provider store to obtain cryptography - materials. + materials. Materials obtained from the store are cached for a user-defined amount of time, + then removed from the cache and re-retrieved from the store. When encrypting, the most recent provider that the provider store knows about will always be used. @@ -160,7 +160,6 @@ def __init__(self, provider_store, material_name, version_ttl, cache_size=1000): # Workaround pending resolution of attrs/mypy interaction. # https://github.com/python/mypy/issues/2088 # https://github.com/python-attrs/attrs/issues/215 - warnings.warn("MostRecentProvider is deprecated, use CachingMostRecentProvider instead.", DeprecationWarning) self._provider_store = provider_store self._material_name = material_name self._version_ttl = version_ttl @@ -185,15 +184,26 @@ def decryption_materials(self, encryption_context): :param EncryptionContext encryption_context: Encryption context for request :raises AttributeError: if no decryption materials are available """ + provider = None + version = self._provider_store.version_from_material_description(encryption_context.material_description) - try: - _LOGGER.debug("Looking in cache for decryption materials provider version %d", version) - _, provider = self._cache.get(version) - except KeyError: - _LOGGER.debug("Decryption materials provider not found in cache") + + ttl_action = self._ttl_action(version, _DECRYPT_ACTION) + + if ttl_action is TtlActions.EXPIRED: + self._cache.evict(self._version) + + _LOGGER.debug('TTL Action "%s" when getting decryption materials', ttl_action.name) + if ttl_action is TtlActions.LIVE: + try: + _LOGGER.debug("Looking in cache for encryption materials provider version %d", version) + _, provider = self._cache.get(version) + except KeyError: + _LOGGER.debug("Decryption materials provider not found in cache") + + if provider is None: try: - provider = self._provider_store.provider(self._material_name, version) - self._cache.put(version, (time.time(), provider)) + provider = self._get_provider_with_grace_period(version, ttl_action) except InvalidVersionError: _LOGGER.exception("Unable to get decryption materials from provider store.") raise AttributeError("No decryption materials available") @@ -385,52 +395,8 @@ def encryption_materials(self, encryption_context): def refresh(self): # type: () -> None """Clear all local caches for this provider.""" - _LOGGER.debug("Refreshing MostRecentProvider instance.") + _LOGGER.debug("Refreshing CachingMostRecentProvider instance.") with self._lock: self._cache.clear() self._version = None # type: int # pylint: disable=attribute-defined-outside-init self._last_updated = None # type: float # pylint: disable=attribute-defined-outside-init - - -@attr.s(init=False) -class CachingMostRecentProvider(MostRecentProvider): - """Cryptographic materials provider that uses a provider store to obtain cryptography - materials. Materials obtained from the store are cached for a user-defined amount of time, - then removed from the cache and re-retrieved from the store. - - When encrypting, the most recent provider that the provider store knows about will always - be used. - """ - - def decryption_materials(self, encryption_context): - # type: (EncryptionContext) -> CryptographicMaterials - """Return decryption materials. - - :param EncryptionContext encryption_context: Encryption context for request - :raises AttributeError: if no decryption materials are available - """ - provider = None - - version = self._provider_store.version_from_material_description(encryption_context.material_description) - - ttl_action = self._ttl_action(version, _DECRYPT_ACTION) - - if ttl_action is TtlActions.EXPIRED: - self._cache.evict(self._version) - - _LOGGER.debug('TTL Action "%s" when getting decryption materials', ttl_action.name) - if ttl_action is TtlActions.LIVE: - try: - _LOGGER.debug("Looking in cache for encryption materials provider version %d", version) - _, provider = self._cache.get(version) - except KeyError: - _LOGGER.debug("Decryption materials provider not found in cache") - - if provider is None: - try: - provider = self._get_provider_with_grace_period(version, ttl_action) - except InvalidVersionError: - _LOGGER.exception("Unable to get decryption materials from provider store.") - raise AttributeError("No decryption materials available") - - return provider.decryption_materials(encryption_context) diff --git a/test/functional/material_providers/test_most_recent.py b/test/functional/material_providers/test_most_recent.py index 3e46abe2..778e26af 100644 --- a/test/functional/material_providers/test_most_recent.py +++ b/test/functional/material_providers/test_most_recent.py @@ -12,7 +12,6 @@ # language governing permissions and limitations under the License. """Functional tests for ``dynamodb_encryption_sdk.material_providers.most_recent``.""" import time -import warnings from collections import defaultdict import pytest @@ -20,11 +19,7 @@ from dynamodb_encryption_sdk.exceptions import NoKnownVersionError from dynamodb_encryption_sdk.material_providers import CryptographicMaterialsProvider -from dynamodb_encryption_sdk.material_providers.most_recent import ( - CachingMostRecentProvider, - MostRecentProvider, - TtlActions, -) +from dynamodb_encryption_sdk.material_providers.most_recent import CachingMostRecentProvider, TtlActions from dynamodb_encryption_sdk.material_providers.store import ProviderStore from ..functional_test_utils import example_table # noqa=F401 pylint: disable=unused-import @@ -76,12 +71,11 @@ def version_from_material_description(self, material_description): return material_description -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_constructor(provider_class): +def test_constructor(): """Tests that when the cache is expired on encrypt, we evict the entry from the cache.""" store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=1.0, cache_size=42) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=1.0, cache_size=42) assert provider._provider_store == store assert provider._material_name == name @@ -277,10 +271,9 @@ def test_get_most_recent_version_grace_period_lock_not_acquired(): assert store.provider_calls == expected_calls -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_failed_lock_acquisition(provider_class): +def test_failed_lock_acquisition(): store = MagicMock(__class__=ProviderStore) - provider = provider_class(provider_store=store, material_name="my material", version_ttl=10.0) + provider = CachingMostRecentProvider(provider_store=store, material_name="my material", version_ttl=10.0) provider._version = 9 provider._cache.put(provider._version, (time.time(), sentinel.nine)) @@ -291,11 +284,10 @@ def test_failed_lock_acquisition(provider_class): assert not store.mock_calls -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_encryption_materials_cache_use(provider_class): +def test_encryption_materials_cache_use(): store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=10.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=10.0) test1 = provider.encryption_materials(sentinel.encryption_context_1) assert test1 is sentinel.material_0_encryption @@ -320,11 +312,10 @@ def test_encryption_materials_cache_use(provider_class): assert store.provider_calls == expected_calls -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_encryption_materials_cache_expired(provider_class): +def test_encryption_materials_cache_expired(): store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=0.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) test1 = provider.encryption_materials(sentinel.encryption_context_1) assert test1 is sentinel.material_0_encryption @@ -354,12 +345,11 @@ def test_encryption_materials_cache_expired(provider_class): assert store.provider_calls == expected_calls -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_encryption_materials_cache_expired_cache_removed(provider_class): +def test_encryption_materials_cache_expired_cache_removed(): """Tests that when the cache is expired on encrypt, we evict the entry from the cache.""" store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=0.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) provider._cache = MagicMock() provider._cache.get.return_value = (0.0, MagicMock()) @@ -379,8 +369,7 @@ def test_decryption_materials_cache_expired_cache_removed(): provider._cache.evict.assert_called_once() -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_encryption_materials_cache_in_grace_period_acquire_lock(provider_class): +def test_encryption_materials_cache_in_grace_period_acquire_lock(): """Test encryption grace period behavior. When the TTL is GRACE_PERIOD and we successfully acquire the lock for retrieving new materials, @@ -388,7 +377,7 @@ def test_encryption_materials_cache_in_grace_period_acquire_lock(provider_class) """ store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=0.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) provider._grace_period = 10.0 test1 = provider.encryption_materials(sentinel.encryption_context_1) @@ -422,8 +411,7 @@ def test_encryption_materials_cache_in_grace_period_acquire_lock(provider_class) assert store.provider_calls == expected_calls -@pytest.mark.parametrize("provider_class", (MostRecentProvider, CachingMostRecentProvider)) -def test_encryption_materials_cache_in_grace_period_fail_to_acquire_lock(provider_class): +def test_encryption_materials_cache_in_grace_period_fail_to_acquire_lock(): """Test encryption grace period behavior. When the TTL is GRACE_PERIOD and we fail to acquire the lock for retrieving new materials, @@ -431,7 +419,7 @@ def test_encryption_materials_cache_in_grace_period_fail_to_acquire_lock(provide """ store = MockProviderStore() name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=0.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) provider._grace_period = 10.0 test1 = provider.encryption_materials(sentinel.encryption_context_1) @@ -463,43 +451,10 @@ def test_encryption_materials_cache_in_grace_period_fail_to_acquire_lock(provide assert store.provider_calls == expected_calls -@pytest.mark.parametrize("provider_class", (CachingMostRecentProvider, CachingMostRecentProvider)) -def test_decryption_materials_cache_use(provider_class): - store = MockProviderStore() - name = "material" - provider = provider_class(provider_store=store, material_name=name, version_ttl=10.0) - - context = MagicMock(material_description=0) - - test1 = provider.decryption_materials(context) - assert test1 is sentinel.material_0_decryption - - assert len(provider._cache._cache) == 1 - - expected_calls = [("version_from_material_description", 0), ("get_or_create_provider", name, 0)] - - assert store.provider_calls == expected_calls - - test2 = provider.decryption_materials(context) - assert test2 is sentinel.material_0_decryption - - assert len(provider._cache._cache) == 1 - - expected_calls.append(("version_from_material_description", 0)) - - assert store.provider_calls == expected_calls - - -def test_most_recent_provider_decryption_materials_cache_expired(): - """Test decryption expiration behavior for MostRecentProvider. - - When using a MostRecentProvider and the cache is expired on decryption, we do not retrieve new - materials from the provider store. Note that this test only runs for MostRecentProvider, to ensure that our legacy - behavior has not changed. - """ +def test_decryption_materials_cache_use(): store = MockProviderStore() name = "material" - provider = MostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) + provider = CachingMostRecentProvider(provider_store=store, material_name=name, version_ttl=10.0) context = MagicMock(material_description=0) @@ -517,7 +472,6 @@ def test_most_recent_provider_decryption_materials_cache_expired(): assert len(provider._cache._cache) == 1 - # The MostRecentProvider does not use TTLs on decryption, so we should not see a new call to the provider store expected_calls.append(("version_from_material_description", 0)) assert store.provider_calls == expected_calls @@ -629,13 +583,3 @@ def test_caching_provider_decryption_materials_cache_in_grace_period_fail_to_acq def test_cache_use_encrypt(mock_metastore, example_table, caplog): check_metastore_cache_use_encrypt(mock_metastore, TEST_TABLE_NAME, caplog) - - -def test_most_recent_provider_deprecated(): - warnings.simplefilter("error") - - with pytest.raises(DeprecationWarning) as excinfo: - store = MockProviderStore() - name = "material" - MostRecentProvider(provider_store=store, material_name=name, version_ttl=0.0) - excinfo.match("MostRecentProvider is deprecated, use CachingMostRecentProvider instead") From 3ebe7ecc630560fd23873284a73b71b0e8116dfd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Feb 2021 13:15:19 -0800 Subject: [PATCH 02/75] Bump cryptography from 3.2 to 3.3.2 in /test (#150) Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index 21acbcd8..fc840ebb 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -18,7 +18,7 @@ configparser==4.0.2 contextlib2==0.6.0.post1 cookies==2.2.1 coverage==4.5.4 -cryptography==3.2 +cryptography==3.3.2 DateTime==4.3 docker==4.1.0 docutils==0.15.2 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 6b0de40c..2415fd90 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -12,7 +12,7 @@ cffi==1.12.3 cfn-lint==0.24.4 chardet==3.0.4 coverage==4.5.4 -cryptography==3.2 +cryptography==3.3.2 DateTime==4.3 docker==4.1.0 docutils==0.15.2 From 069de61dfcf52a4c33a9b8ebe64237e752c910b3 Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Thu, 25 Feb 2021 16:47:38 -0800 Subject: [PATCH 03/75] chore: Fix pylint R1729(use-a-generator) (#151) --- examples/src/aws_kms_encrypted_client.py | 4 ++-- examples/src/aws_kms_encrypted_resource.py | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/examples/src/aws_kms_encrypted_client.py b/examples/src/aws_kms_encrypted_client.py index 87af4f91..fcf4774d 100644 --- a/examples/src/aws_kms_encrypted_client.py +++ b/examples/src/aws_kms_encrypted_client.py @@ -124,7 +124,7 @@ def encrypt_batch_items(table_name, aws_cmk_id): def _select_index_from_item(item): """Find the index keys that match this item.""" for index in index_keys: - if all([item[key] == value for key, value in index.items()]): + if all(item[key] == value for key, value in index.items()): return index raise Exception("Index key not found in item.") @@ -132,7 +132,7 @@ def _select_index_from_item(item): def _select_item_from_index(index, all_items): """Find the item that matches these index keys.""" for item in all_items: - if all([item[key] == value for key, value in index.items()]): + if all(item[key] == value for key, value in index.items()): return item raise Exception("Index key not found in item.") diff --git a/examples/src/aws_kms_encrypted_resource.py b/examples/src/aws_kms_encrypted_resource.py index dabcf311..5a8d3907 100644 --- a/examples/src/aws_kms_encrypted_resource.py +++ b/examples/src/aws_kms_encrypted_resource.py @@ -76,7 +76,7 @@ def encrypt_batch_items(table_name, aws_cmk_id): def _select_index_from_item(item): """Find the index keys that match this item.""" for index in index_keys: - if all([item[key] == value for key, value in index.items()]): + if all(item[key] == value for key, value in index.items()): return index raise Exception("Index key not found in item.") @@ -84,7 +84,7 @@ def _select_index_from_item(item): def _select_item_from_index(index, all_items): """Find the item that matches these index keys.""" for item in all_items: - if all([item[key] == value for key, value in index.items()]): + if all(item[key] == value for key, value in index.items()): return item raise Exception("Index key not found in item.") From 25c7c3d80bfbe0deb661b4beb86f61b8b2f8545e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 20 Mar 2021 04:51:03 +0000 Subject: [PATCH 04/75] Bump jinja2 from 2.10.3 to 2.11.3 in /test Bumps [jinja2](https://github.com/pallets/jinja) from 2.10.3 to 2.11.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/2.10.3...2.11.3) Signed-off-by: dependabot[bot] --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index fc840ebb..efd5c108 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -33,7 +33,7 @@ hypothesis==4.40.0 idna==2.8 importlib-metadata==0.23 ipaddress==1.0.22 -Jinja2==2.10.3 +Jinja2==2.11.3 jmespath==0.9.4 jsondiff==1.1.2 jsonpatch==1.24 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 2415fd90..77b1367b 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -22,7 +22,7 @@ future==0.18.0 hypothesis==4.40.0 idna==2.8 importlib-metadata==0.23 -Jinja2==2.10.3 +Jinja2==2.11.3 jmespath==0.9.4 jsondiff==1.1.2 jsonpatch==1.24 From 21601561a6ff8d858a7c740b559df70b1483c739 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Fri, 26 Mar 2021 11:13:47 -0600 Subject: [PATCH 05/75] chore: Fail build if code coverage is too low (#153) --- buildspec.yml | 3 +++ codebuild/coverage/coverage.yml | 14 ++++++++++++++ setup.cfg | 1 + tox.ini | 10 +++++++++- 4 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 codebuild/coverage/coverage.yml diff --git a/buildspec.yml b/buildspec.yml index 7bef08e4..02307f95 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -13,3 +13,6 @@ batch: buildspec: codebuild/python3.7.yml - identifier: python3_8 buildspec: codebuild/python3.8.yml + + - identifier: code_coverage + buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml new file mode 100644 index 00000000..f82a3a98 --- /dev/null +++ b/codebuild/coverage/coverage.yml @@ -0,0 +1,14 @@ +version: 0.2 + +env: + variables: + TOXENV: "coverage" + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pip install tox + - tox diff --git a/setup.cfg b/setup.cfg index a4080d60..0b64cb5c 100644 --- a/setup.cfg +++ b/setup.cfg @@ -9,6 +9,7 @@ branch = True [coverage:report] show_missing = True +fail_under = 90 [mypy] ignore_missing_imports = True diff --git a/tox.ini b/tox.ini index 33f1aff9..fae478e3 100644 --- a/tox.ini +++ b/tox.ini @@ -35,8 +35,12 @@ envlist = # test-release :: Builds dist files and uploads to testpypi pypirc profile. # release :: Builds dist files and uploads to pypi pypirc profile. +# Reporting environments: +# +# coverage :: Runs code coverage, failing the build if coverage is below the configured threshold + [testenv:base-command] -commands = pytest --basetemp={envtmpdir} -l --cov dynamodb_encryption_sdk {posargs} +commands = pytest --basetemp={envtmpdir} -l {posargs} [testenv] passenv = @@ -86,6 +90,10 @@ commands = # Only run examples tests examples: {[testenv:base-command]commands} examples/test/ -m "examples" +# Run code coverage on the unit tests +[testenv:coverage] +commands = {[testenv:base-command]commands} --cov dynamodb_encryption_sdk test/ -m "local and not slow and not veryslow and not nope" + # Verify that local tests work without environment variables present [testenv:nocmk] basepython = python3 From d5043dcd31f3911e07c32ef0fd82edcb1e4cc7d6 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Mon, 29 Mar 2021 08:45:06 -0700 Subject: [PATCH 06/75] Manually updating rsa version in upstream requirements (#155) * Manually updating rsa version in upstream requirements * Update test/README.rst Co-authored-by: seebees --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index efd5c108..f6142b65 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -63,7 +63,7 @@ pytz==2019.3 PyYAML==5.1.2 requests==2.22.0 responses==0.10.6 -rsa==4.0 +rsa==4.5 s3transfer==0.2.1 scandir==1.10.0 six==1.12.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 77b1367b..08dd5839 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -51,7 +51,7 @@ pytz==2019.3 PyYAML==5.1.2 requests==2.22.0 responses==0.10.6 -rsa==4.0 +rsa==4.5 s3transfer==0.2.1 six==1.12.0 sshpubkeys==3.1.0 From 0eb1baf8a58032817303176ca22f1fe470d9b91a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Mar 2021 07:53:04 -0700 Subject: [PATCH 07/75] Bump pyyaml from 5.1.2 to 5.4 in /test (#156) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.1.2 to 5.4. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/5.1.2...5.4) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index f6142b65..e388456f 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -60,7 +60,7 @@ pytest-xdist==1.30.0 python-dateutil==2.8.0 python-jose==3.0.1 pytz==2019.3 -PyYAML==5.1.2 +PyYAML==5.4 requests==2.22.0 responses==0.10.6 rsa==4.5 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 08dd5839..71e0c975 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -48,7 +48,7 @@ pytest-xdist==1.30.0 python-dateutil==2.8.0 python-jose==3.0.1 pytz==2019.3 -PyYAML==5.1.2 +PyYAML==5.4 requests==2.22.0 responses==0.10.6 rsa==4.5 From c930f599216053539e7c18c33746b0338d9a5756 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Apr 2021 14:46:25 -0700 Subject: [PATCH 08/75] Bump py from 1.8.0 to 1.10.0 in /test (#157) Bumps [py](https://github.com/pytest-dev/py) from 1.8.0 to 1.10.0. - [Release notes](https://github.com/pytest-dev/py/releases) - [Changelog](https://github.com/pytest-dev/py/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/py/compare/1.8.0...1.10.0) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index e388456f..d63f8a0f 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -47,7 +47,7 @@ moto==1.3.13 packaging==19.2 pathlib2==2.3.5 pluggy==0.13.0 -py==1.8.0 +py==1.10.0 pyasn1==0.4.7 pycparser==2.19 pyparsing==2.4.2 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 71e0c975..adab88f3 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -35,7 +35,7 @@ more-itertools==7.2.0 moto==1.3.13 packaging==19.2 pluggy==0.13.0 -py==1.8.0 +py==1.10.0 pyasn1==0.4.7 pycparser==2.19 pyparsing==2.4.2 From 202c43e6ec04829c1ba4b8a9cc03c6d51831737e Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Fri, 23 Apr 2021 10:54:28 -0600 Subject: [PATCH 09/75] chore: Add explicit support for py38 and py39 (#158) --- .github/workflows/ci_tests.yaml | 1 + buildspec.yml | 2 ++ codebuild/python3.9.yml | 20 ++++++++++++++++++++ setup.py | 2 ++ tox.ini | 2 +- 5 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 codebuild/python3.9.yml diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index b94c4f9e..b8e72507 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -69,6 +69,7 @@ jobs: - 3.6 - 3.7 - 3.8 + - 3.9 - 3.x category: - local-slow diff --git a/buildspec.yml b/buildspec.yml index 02307f95..82f32b41 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -13,6 +13,8 @@ batch: buildspec: codebuild/python3.7.yml - identifier: python3_8 buildspec: codebuild/python3.8.yml + - identifier: python3_9 + buildspec: codebuild/python3.9.yml - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml new file mode 100644 index 00000000..62868c80 --- /dev/null +++ b/codebuild/python3.9.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py39-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.9.0 + - pyenv local 3.9.0 + - pip install tox tox-pyenv + - tox diff --git a/setup.py b/setup.py index 2dc604cd..fe8f6f07 100644 --- a/setup.py +++ b/setup.py @@ -54,6 +54,8 @@ def get_requirements(): "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/tox.ini b/tox.ini index fae478e3..0377291f 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{27,35,36,37,38}-{local,integ,ddb,examples}-fast, + py{27,35,36,37,38,39}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 35365b37523e5c18efa10ecaa3479452827bc021 Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Thu, 13 May 2021 11:19:00 -0700 Subject: [PATCH 10/75] chore: Fix static analysis (#162) --- src/dynamodb_encryption_sdk/material_providers/most_recent.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index a1d493ba..349163e0 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -282,7 +282,7 @@ def _get_provider_with_grace_period(self, version, ttl_action): :raises AttributeError: if provider could not locate version """ blocking_wait = bool(ttl_action is TtlActions.EXPIRED) - acquired = self._lock.acquire(blocking_wait) + acquired = self._lock.acquire(blocking_wait) # pylint: disable=consider-using-with if not acquired: # We failed to acquire the lock. # If blocking, we will never reach this point. @@ -320,7 +320,7 @@ def _get_most_recent_version(self, ttl_action): :rtype: CryptographicMaterialsProvider """ blocking_wait = bool(ttl_action is TtlActions.EXPIRED) - acquired = self._lock.acquire(blocking_wait) + acquired = self._lock.acquire(blocking_wait) # pylint: disable=consider-using-with if not acquired: # We failed to acquire the lock. From 42dc546982d77861a49e7867fa8b295d19f5a8eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 May 2021 13:03:11 -0700 Subject: [PATCH 11/75] Bump urllib3 from 1.25.6 to 1.25.8 in /test (#161) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.6 to 1.25.8. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.25.6...1.25.8) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py27.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt index d63f8a0f..cb3364b1 100644 --- a/test/upstream-requirements-py27.txt +++ b/test/upstream-requirements-py27.txt @@ -68,7 +68,7 @@ s3transfer==0.2.1 scandir==1.10.0 six==1.12.0 sshpubkeys==3.1.0 -urllib3==1.25.6 +urllib3==1.25.8 wcwidth==0.1.7 websocket-client==0.56.0 Werkzeug==0.16.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index adab88f3..fe00514f 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -55,7 +55,7 @@ rsa==4.5 s3transfer==0.2.1 six==1.12.0 sshpubkeys==3.1.0 -urllib3==1.25.6 +urllib3==1.25.8 wcwidth==0.1.7 websocket-client==0.56.0 Werkzeug==0.16.0 From e740ba0ba4b7325a48eb432de27e313905f1c6c7 Mon Sep 17 00:00:00 2001 From: Robin Salkeld Date: Tue, 25 May 2021 12:28:28 -0700 Subject: [PATCH 12/75] chore: Add repo-sync actions (#165) See https://github.com/repo-sync/repo-sync --- .github/workflows/repo-sync.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/repo-sync.yml diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml new file mode 100644 index 00000000..b7605354 --- /dev/null +++ b/.github/workflows/repo-sync.yml @@ -0,0 +1,25 @@ +name: Repo Sync + +on: + workflow_dispatch: # allows triggering this manually through the Actions UI + +jobs: + repo-sync: + name: Repo Sync + environment: repo-sync + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: repo-sync/github-sync@v2 + name: Sync repo to branch + with: + source_repo: ${{ secrets.SOURCE_REPO }} + source_branch: master + destination_branch: ${{ secrets.INTERMEDIATE_BRANCH }} + github_token: ${{ secrets.GITHUB_TOKEN }} + - uses: repo-sync/pull-request@v2 + name: Create pull request + with: + source_branch: ${{ secrets.INTERMEDIATE_BRANCH }} + destination_branch: master + github_token: ${{ secrets.GITHUB_TOKEN }} From 87f9ccbe58c3365e86df63cf269d1ef6adae1485 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 1 Jun 2021 10:29:23 -0600 Subject: [PATCH 13/75] Refactor examples into sub-module (#163) This lets us use the examples during release validation -- simply update the dynamodb-encryption-sdk dependency to point to the specific version we want to validate. --- examples/README.md | 33 ++++++++++ examples/requirements.txt | 1 + examples/setup.py | 62 +++++++++++++++++++ .../__init__.py | 1 + .../aws_kms_encrypted_client.py | 0 .../aws_kms_encrypted_item.py | 0 .../aws_kms_encrypted_resource.py | 0 .../aws_kms_encrypted_table.py | 0 .../most_recent_provider_encrypted_table.py | 0 .../wrapped_rsa_encrypted_table.py | 0 .../wrapped_symmetric_encrypted_table.py | 0 examples/test/requirements.txt | 2 + .../test/test_aws_kms_encrypted_examples.py | 7 ++- ...most_recent_provider_encrypted_examples.py | 2 +- .../test/test_wrapped_encrypted_examples.py | 2 +- examples/tox.ini | 25 ++++++++ tox.ini | 14 +++-- 17 files changed, 140 insertions(+), 9 deletions(-) create mode 100644 examples/README.md create mode 100644 examples/requirements.txt create mode 100644 examples/setup.py rename examples/src/{ => dynamodb_encryption_sdk_examples}/__init__.py (96%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/aws_kms_encrypted_client.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/aws_kms_encrypted_item.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/aws_kms_encrypted_resource.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/aws_kms_encrypted_table.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/most_recent_provider_encrypted_table.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/wrapped_rsa_encrypted_table.py (100%) rename examples/src/{ => dynamodb_encryption_sdk_examples}/wrapped_symmetric_encrypted_table.py (100%) create mode 100644 examples/test/requirements.txt create mode 100644 examples/tox.ini diff --git a/examples/README.md b/examples/README.md new file mode 100644 index 00000000..31e684e4 --- /dev/null +++ b/examples/README.md @@ -0,0 +1,33 @@ +# AWS DynamoDB Encryption Client Examples + +This section features examples that show you +how to use the AWS DynamoDB Encryption Client. +We demonstrate how to use the encryption and decryption APIs +and how to set up some common configuration patterns. + +## APIs + +The AWS DynamoDB Encryption Client provides four high-level APIs: `EncryptedClient`, `EncryptedItem`, +`EncryptedResource`, and `EncryptedTable`. + +You can find examples that demonstrate these APIs +in the [`examples/src/dynamodb_encryption_sdk_examples`](./src/dynamodb_encryption_sdk_examples) directory. +Each of these examples uses AWS KMS as the materials provider. + +* [How to use the EncryptedClient API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py) +* [How to use the EncryptedItem API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_item.py) +* [How to use the EncryptedResource API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_resource.py) +* [How to use the EncryptedTable API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_table.py) + +## Material Providers + +To use the encryption and decryption APIs, you need to describe how you want the library to protect your data keys. +You can do this by configuring material providers. AWS KMS is the most common material provider used with the AWS DynamoDB Encryption +SDK, and each of the API examples above uses AWS KMS. This section describes the other providers that come bundled +with this library. + +* [How to use the CachingMostRecentProvider](./src/dynamodb_encryption_sdk_examples/most_recent_provider_encrypted_table.py) +* [How to use raw symmetric wrapping keys](./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py) +* [How to use raw asymmetric wrapping keys](./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py) + +For more details on the different type of material providers, see [How to choose a cryptographic materials provider](https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/crypto-materials-providers.html). diff --git a/examples/requirements.txt b/examples/requirements.txt new file mode 100644 index 00000000..138d8645 --- /dev/null +++ b/examples/requirements.txt @@ -0,0 +1 @@ +dynamodb-encryption-sdk diff --git a/examples/setup.py b/examples/setup.py new file mode 100644 index 00000000..ceb22c19 --- /dev/null +++ b/examples/setup.py @@ -0,0 +1,62 @@ +"""DynamoDB Encryption Client for Python examples.""" +import io +import os +import re + +from setuptools import find_packages, setup + +VERSION_RE = re.compile(r"""__version__ = ['"]([0-9.]+)['"]""") +HERE = os.path.abspath(os.path.dirname(__file__)) + + +def read(*args): + """Reads complete file contents.""" + return io.open(os.path.join(HERE, *args), encoding="utf-8").read() + + +def get_version(): + """Reads the version from this module.""" + init = read("src", "dynamodb_encryption_sdk_examples", "__init__.py") + return VERSION_RE.search(init).group(1) + + +def get_requirements(): + """Reads the requirements file.""" + requirements = read("requirements.txt") + return requirements.strip().splitlines() + + +setup( + name="dynamodb-encryption-sdk-examples", + version=get_version(), + packages=find_packages("src"), + package_dir={"": "src"}, + url="https://github.com/aws/aws-dynamodb-encryption-python", + author="Amazon Web Services", + author_email="aws-cryptools@amazon.com", + maintainer="Amazon Web Services", + description="DynamoDB Encryption Client for Python examples", + long_description=read("README.rst"), + keywords="dynamodb-encryption-sdk aws kms encryption dynamodb", + data_files=["requirements.txt"], + license="Apache License 2.0", + install_requires=get_requirements(), + classifiers=[ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Natural Language :: English", + "License :: OSI Approved :: Apache Software License", + "Programming Language :: Python", + "Programming Language :: Python :: 2", + "Programming Language :: Python :: 2.7", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.5", + "Programming Language :: Python :: 3.6", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: Implementation :: CPython", + "Topic :: Security", + "Topic :: Security :: Cryptography", + ], +) diff --git a/examples/src/__init__.py b/examples/src/dynamodb_encryption_sdk_examples/__init__.py similarity index 96% rename from examples/src/__init__.py rename to examples/src/dynamodb_encryption_sdk_examples/__init__.py index b08a227c..887f4840 100644 --- a/examples/src/__init__.py +++ b/examples/src/dynamodb_encryption_sdk_examples/__init__.py @@ -11,3 +11,4 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Stub module indicator to make linter configuration simpler.""" +__version__ = "1.0.0" diff --git a/examples/src/aws_kms_encrypted_client.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py similarity index 100% rename from examples/src/aws_kms_encrypted_client.py rename to examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py diff --git a/examples/src/aws_kms_encrypted_item.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_item.py similarity index 100% rename from examples/src/aws_kms_encrypted_item.py rename to examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_item.py diff --git a/examples/src/aws_kms_encrypted_resource.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_resource.py similarity index 100% rename from examples/src/aws_kms_encrypted_resource.py rename to examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_resource.py diff --git a/examples/src/aws_kms_encrypted_table.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_table.py similarity index 100% rename from examples/src/aws_kms_encrypted_table.py rename to examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_table.py diff --git a/examples/src/most_recent_provider_encrypted_table.py b/examples/src/dynamodb_encryption_sdk_examples/most_recent_provider_encrypted_table.py similarity index 100% rename from examples/src/most_recent_provider_encrypted_table.py rename to examples/src/dynamodb_encryption_sdk_examples/most_recent_provider_encrypted_table.py diff --git a/examples/src/wrapped_rsa_encrypted_table.py b/examples/src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py similarity index 100% rename from examples/src/wrapped_rsa_encrypted_table.py rename to examples/src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py diff --git a/examples/src/wrapped_symmetric_encrypted_table.py b/examples/src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py similarity index 100% rename from examples/src/wrapped_symmetric_encrypted_table.py rename to examples/src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py diff --git a/examples/test/requirements.txt b/examples/test/requirements.txt new file mode 100644 index 00000000..882624b6 --- /dev/null +++ b/examples/test/requirements.txt @@ -0,0 +1,2 @@ +dynamodb-encryption-sdk +pytest diff --git a/examples/test/test_aws_kms_encrypted_examples.py b/examples/test/test_aws_kms_encrypted_examples.py index f7df24b3..fabf0b16 100644 --- a/examples/test/test_aws_kms_encrypted_examples.py +++ b/examples/test/test_aws_kms_encrypted_examples.py @@ -12,8 +12,13 @@ # language governing permissions and limitations under the License. """Test ``aws_kms_encrypted_*`` examples.""" import pytest +from dynamodb_encryption_sdk_examples import ( + aws_kms_encrypted_client, + aws_kms_encrypted_item, + aws_kms_encrypted_resource, + aws_kms_encrypted_table, +) -from ..src import aws_kms_encrypted_client, aws_kms_encrypted_item, aws_kms_encrypted_resource, aws_kms_encrypted_table from .examples_test_utils import cmk_arn, ddb_table_name # noqa pylint: disable=unused-import pytestmark = [pytest.mark.examples] diff --git a/examples/test/test_most_recent_provider_encrypted_examples.py b/examples/test/test_most_recent_provider_encrypted_examples.py index 8894001c..1821bf32 100644 --- a/examples/test/test_most_recent_provider_encrypted_examples.py +++ b/examples/test/test_most_recent_provider_encrypted_examples.py @@ -15,10 +15,10 @@ import boto3 import pytest +from dynamodb_encryption_sdk_examples import most_recent_provider_encrypted_table from dynamodb_encryption_sdk.material_providers.store.meta import MetaStore -from ..src import most_recent_provider_encrypted_table from .examples_test_utils import cmk_arn, ddb_table_name # noqa pylint: disable=unused-import pytestmark = [pytest.mark.examples] diff --git a/examples/test/test_wrapped_encrypted_examples.py b/examples/test/test_wrapped_encrypted_examples.py index f6bb7aa2..1c06e813 100644 --- a/examples/test/test_wrapped_encrypted_examples.py +++ b/examples/test/test_wrapped_encrypted_examples.py @@ -12,10 +12,10 @@ # language governing permissions and limitations under the License. """Test ``wrapped_*_encrypted_*`` examples.""" import pytest +from dynamodb_encryption_sdk_examples import wrapped_rsa_encrypted_table, wrapped_symmetric_encrypted_table from dynamodb_encryption_sdk.delegated_keys.jce import JceNameLocalDelegatedKey -from ..src import wrapped_rsa_encrypted_table, wrapped_symmetric_encrypted_table from .examples_test_utils import ddb_table_name # noqa pylint: disable=unused-import pytestmark = [pytest.mark.examples] diff --git a/examples/tox.ini b/examples/tox.ini new file mode 100644 index 00000000..5f6ce4be --- /dev/null +++ b/examples/tox.ini @@ -0,0 +1,25 @@ +# Basic environments for running examples against various versions of Python + +[tox] +envlist = + py{27,35,36,37,38,39}-examples + +[testenv:base-command] +commands = python -m pytest --basetemp={envtmpdir} -l {posargs} + +[testenv] +passenv = + # Identifies AWS KMS key id to use in integration tests + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + # DynamoDB Table to use in integration tests + DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ + # Pass through AWS credentials + AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + # AWS Role access in CodeBuild is via the container URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI +sitepackages = False +deps = -rtest/requirements.txt +# 'download' forces tox to always upgrade pip to the latest +download = true +commands = + examples: {[testenv:base-command]commands} test/ -m "examples" diff --git a/tox.ini b/tox.ini index 0377291f..0d435d13 100644 --- a/tox.ini +++ b/tox.ini @@ -104,7 +104,7 @@ passenv = setenv = ######################################################### deps = -rtest/requirements.txt -commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" +commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples # Collect requirements for use in upstream tests [testenv:freeze-upstream-requirements-base] @@ -137,7 +137,7 @@ commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-r sitepackages = False recreate = True passenv = -commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" +commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples # Test frozen upstream requirements for Python 2.7 [testenv:test-upstream-requirements-py27] @@ -245,7 +245,7 @@ commands = flake8 \ # Ignore C901 complexity requirements (examples optimize for straightforward readability) --ignore C901 \ - examples/src/ + examples/src/dynamodb_encryption_sdk_examples/ flake8 \ # Ignore F811 redefinition errors in tests (breaks with fixture use) # Ignore D103 docstring requirements for tests @@ -282,7 +282,7 @@ commands = basepython = {[testenv:pylint]basepython} deps = {[testenv:pylint]deps} commands = - pylint --rcfile=examples/src/pylintrc examples/src/ + pylint --rcfile=examples/src/pylintrc examples/src/dynamodb_encryption_sdk_examples pylint --rcfile=examples/test/pylintrc examples/test/ [testenv:blacken-src] @@ -295,7 +295,8 @@ commands = setup.py \ doc/conf.py \ test/ \ - examples/ \ + examples/src \ + examples/test \ {posargs} @@ -326,7 +327,8 @@ deps = isort>=5.0.0 commands = isort \ src \ test \ - examples/ \ + examples/src \ + examples/test \ doc \ setup.py \ --skip examples/test/examples_test_utils.py \ From 671c58dde25de308ea731d09d8e333c8e2b4a17a Mon Sep 17 00:00:00 2001 From: Alex Chew Date: Tue, 1 Jun 2021 15:48:15 -0700 Subject: [PATCH 14/75] chore: add issue template (#164) Co-authored-by: Robin Salkeld Co-authored-by: seebees --- ...amazon-dynamodb-encryption-client-issue.md | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/amazon-dynamodb-encryption-client-issue.md diff --git a/.github/ISSUE_TEMPLATE/amazon-dynamodb-encryption-client-issue.md b/.github/ISSUE_TEMPLATE/amazon-dynamodb-encryption-client-issue.md new file mode 100644 index 00000000..d5b0433d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/amazon-dynamodb-encryption-client-issue.md @@ -0,0 +1,26 @@ +--- +name: Amazon DynamoDB Encryption Client Issue +about: Amazon DynamoDB Encryption Client Issue +title: '' +labels: '' +assignees: '' + +--- + +### Security issue notifications + +If you discover a potential security issue in the Amazon DynamoDB Encryption Client we ask that you notify AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. + +### Problem: + +A short description of what the problem is and why we need to fix it. Add reproduction steps if necessary. + +### Solution: + +A description of the possible solution in terms of DynamoDB Encryption Client architecture. + +### Out of scope: + +Is there anything the solution will intentionally NOT address? + +[//]: # (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ ) From b2b6370b29a4138b6dd6f9bba35c3cbea881746d Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Mon, 14 Jun 2021 17:30:51 -0600 Subject: [PATCH 15/75] chore: Release improvements (#167) --- codebuild/release/prod-release.yml | 41 ++++++++++++++++++++++++++++ codebuild/release/test-release.yml | 43 ++++++++++++++++++++++++++++++ codebuild/release/validate.yml | 39 +++++++++++++++++++++++++++ examples/setup.py | 2 +- examples/tox.ini | 5 +++- 5 files changed, 128 insertions(+), 2 deletions(-) create mode 100644 codebuild/release/prod-release.yml create mode 100644 codebuild/release/test-release.yml create mode 100644 codebuild/release/validate.yml diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml new file mode 100644 index 00000000..c729c96c --- /dev/null +++ b/codebuild/release/prod-release.yml @@ -0,0 +1,41 @@ +version: 0.2 + +env: + variables: + BRANCH: "master" + secrets-manager: + TWINE_USERNAME: PyPiAdmin:username + TWINE_PASSWORD: PyPiAdmin:password + +phases: + install: + commands: + - pip install tox + - pip install --upgrade pip + runtime-versions: + python: latest + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/dynamodb_encryption_sdk/identifiers.py) + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + build: + commands: + - tox -e park + - tox -e release + +batch: + fast-fail: true + build-graph: + - identifier: release_to_prod + - identifier: validate_prod_release + depend-on: + - release_to_prod + buildspec: codebuild/release/validate.yml + env: + variables: + PIP_INDEX_URL: https://pypi.python.org/simple/ diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml new file mode 100644 index 00000000..1dc9feae --- /dev/null +++ b/codebuild/release/test-release.yml @@ -0,0 +1,43 @@ +version: 0.2 + +env: + variables: + BRANCH: "master" + secrets-manager: + TWINE_USERNAME: TestPyPiCryptoTools:username + TWINE_PASSWORD: TestPyPiCryptoTools:password + +phases: + install: + commands: + - pip install tox + - pip install --upgrade pip + runtime-versions: + python: latest + pre_build: + commands: + - git checkout $COMMIT_ID + - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/dynamodb_encryption_sdk/identifiers.py) + - | + if expr ${FOUND_VERSION} != ${VERSION}; then + echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" + exit 1; + fi + build: + commands: + - tox -e park + - tox -e test-release + + +batch: + fast-fail: true + build-graph: + - identifier: release_to_staging + - identifier: validate_staging_release + depend-on: + - release_to_staging + buildspec: codebuild/release/validate.yml + env: + variables: + PIP_INDEX_URL: https://test.pypi.org/simple/ + PIP_EXTRA_INDEX_URL: https://pypi.python.org/simple/ diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml new file mode 100644 index 00000000..9c242630 --- /dev/null +++ b/codebuild/release/validate.yml @@ -0,0 +1,39 @@ +version: 0.2 + +env: + variables: + BRANCH: "master" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME: ddbec-release-validation + + +phases: + install: + commands: + - pip install tox + runtime-versions: + python: latest + pre_build: + commands: + - cd examples + - sed -i "s/dynamodb-encryption-sdk/dynamodb-encryption-sdk==$VERSION/" test/requirements.txt + build: + commands: + - NUM_RETRIES=3 + - | + while [ $NUM_RETRIES -gt 0 ] + do + tox -re py38-examples + if [ $? -eq 0 ]; then + break + fi + NUM_RETRIES=$((NUM_RETRIES-1)) + if [ $NUM_RETRIES -eq 0 ]; then + echo "All validation attempts failed, stopping" + exit 1; + else + echo "Validation failed, retrying in 60 seconds; will retry $NUM_RETRIES more times" && sleep 60 + fi + done + diff --git a/examples/setup.py b/examples/setup.py index ceb22c19..8f1fa53d 100644 --- a/examples/setup.py +++ b/examples/setup.py @@ -36,7 +36,7 @@ def get_requirements(): author_email="aws-cryptools@amazon.com", maintainer="Amazon Web Services", description="DynamoDB Encryption Client for Python examples", - long_description=read("README.rst"), + long_description=read("README.md"), keywords="dynamodb-encryption-sdk aws kms encryption dynamodb", data_files=["requirements.txt"], license="Apache License 2.0", diff --git a/examples/tox.ini b/examples/tox.ini index 5f6ce4be..261df1b9 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -16,7 +16,10 @@ passenv = # Pass through AWS credentials AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ # AWS Role access in CodeBuild is via the container URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + # Pass through the default AWS region + AWS_DEFAULT_REGION + sitepackages = False deps = -rtest/requirements.txt # 'download' forces tox to always upgrade pip to the latest From 3499d5d8dba83ad0ae1c24b848f6d515f7e1993a Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 17 Jun 2021 16:12:49 -0600 Subject: [PATCH 16/75] chore: Add an example illustrating MRKs (#169) --- examples/README.md | 33 -------- examples/README.rst | 54 +++++++++++++ .../aws_kms_encrypted_client.py | 2 +- .../aws_kms_multi_region_key.py | 78 +++++++++++++++++++ examples/test/examples_test_utils.py | 2 +- .../test/test_aws_kms_encrypted_examples.py | 7 +- examples/tox.ini | 3 + test/README.rst | 2 + test/integration/integration_test_utils.py | 22 +++++- tox.ini | 5 +- 10 files changed, 167 insertions(+), 41 deletions(-) delete mode 100644 examples/README.md create mode 100644 examples/README.rst create mode 100644 examples/src/dynamodb_encryption_sdk_examples/aws_kms_multi_region_key.py diff --git a/examples/README.md b/examples/README.md deleted file mode 100644 index 31e684e4..00000000 --- a/examples/README.md +++ /dev/null @@ -1,33 +0,0 @@ -# AWS DynamoDB Encryption Client Examples - -This section features examples that show you -how to use the AWS DynamoDB Encryption Client. -We demonstrate how to use the encryption and decryption APIs -and how to set up some common configuration patterns. - -## APIs - -The AWS DynamoDB Encryption Client provides four high-level APIs: `EncryptedClient`, `EncryptedItem`, -`EncryptedResource`, and `EncryptedTable`. - -You can find examples that demonstrate these APIs -in the [`examples/src/dynamodb_encryption_sdk_examples`](./src/dynamodb_encryption_sdk_examples) directory. -Each of these examples uses AWS KMS as the materials provider. - -* [How to use the EncryptedClient API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py) -* [How to use the EncryptedItem API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_item.py) -* [How to use the EncryptedResource API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_resource.py) -* [How to use the EncryptedTable API](./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_table.py) - -## Material Providers - -To use the encryption and decryption APIs, you need to describe how you want the library to protect your data keys. -You can do this by configuring material providers. AWS KMS is the most common material provider used with the AWS DynamoDB Encryption -SDK, and each of the API examples above uses AWS KMS. This section describes the other providers that come bundled -with this library. - -* [How to use the CachingMostRecentProvider](./src/dynamodb_encryption_sdk_examples/most_recent_provider_encrypted_table.py) -* [How to use raw symmetric wrapping keys](./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py) -* [How to use raw asymmetric wrapping keys](./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py) - -For more details on the different type of material providers, see [How to choose a cryptographic materials provider](https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/crypto-materials-providers.html). diff --git a/examples/README.rst b/examples/README.rst new file mode 100644 index 00000000..f636a8a0 --- /dev/null +++ b/examples/README.rst @@ -0,0 +1,54 @@ +######################################### +AWS DynamoDB Encryption Client Examples +######################################### + +This section features examples that show you +how to use the AWS DynamoDB Encryption Client. +We demonstrate how to use the encryption and decryption APIs +and how to set up some common configuration patterns. + +APIs +==== + +The AWS DynamoDB Encryption Client provides four high-level APIs: `EncryptedClient`, `EncryptedItem`, +`EncryptedResource`, and `EncryptedTable`. + +You can find examples that demonstrate these APIs +in the `examples/src/dynamodb_encryption_sdk_examples <./src/dynamodb_encryption_sdk_examples>`_ directory. +Each of these examples uses AWS KMS as the materials provider. + +* `How to use the EncryptedClient API <./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py>`_ +* `How to use the EncryptedItem API <./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_item.py>`_ +* `How to use the EncryptedResource API <./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_resource.py>`_ +* `How to use the EncryptedTable API <./src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_table.py>`_ + +Material Providers +================== + +To use the encryption and decryption APIs, you need to describe how you want the library to protect your data keys. +You can do this by configuring material providers. AWS KMS is the most common material provider used with the AWS DynamoDB Encryption +SDK, and each of the API examples above uses AWS KMS. This section describes the other providers that come bundled +with this library. + +* `How to use the CachingMostRecentProvider <./src/dynamodb_encryption_sdk_examples/most_recent_provider_encrypted_table.py>`_ +* `How to use raw symmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py>`_ +* `How to use raw asymmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py>`_ + +For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. + +Running the examples +==================== + +In order to run these examples, these things must be configured: + +#. Ensure that AWS credentials are available in one of the `automatically discoverable credential locations`_. +#. The ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID`` environment variable + must be set to a valid `AWS KMS CMK ARN`_ that can be used by the available credentials. +#. The ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID`` and ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2`` environment variables + must be set to two related AWS KMS Multi-Region key ids in different regions. +#. The ``DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME`` environment variable must be set to a valid + DynamoDB table name, in the default region, to which the discoverable credentials have + read, write, and describe permissions. + +.. _automatically discoverable credential locations: http://boto3.readthedocs.io/en/latest/guide/configuration.html +.. _AWS KMS CMK ARN: http://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html diff --git a/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py index fcf4774d..a190b09d 100644 --- a/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py +++ b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_encrypted_client.py @@ -54,7 +54,7 @@ def encrypt_item(table_name, aws_cmk_id): # Get the encrypted item using the standard client. encrypted_item = client.get_item(TableName=table_name, Key=index_key)["Item"] - # Get the item using the encrypted client, transparently decyrpting it. + # Get the item using the encrypted client, transparently decrypting it. decrypted_item = encrypted_client.get_item(TableName=table_name, Key=index_key)["Item"] # Verify that all of the attributes are different in the encrypted item diff --git a/examples/src/dynamodb_encryption_sdk_examples/aws_kms_multi_region_key.py b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_multi_region_key.py new file mode 100644 index 00000000..5c32b501 --- /dev/null +++ b/examples/src/dynamodb_encryption_sdk_examples/aws_kms_multi_region_key.py @@ -0,0 +1,78 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +"""Example showing use of AWS KMS CMP with a DynamoDB Global table and an AWS Multi-Region Key.""" + +import time + +import boto3 + +from dynamodb_encryption_sdk.encrypted.client import EncryptedClient +from dynamodb_encryption_sdk.identifiers import CryptoAction +from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider +from dynamodb_encryption_sdk.structures import AttributeActions + +SECOND_REGION = "eu-west-1" + + +def encrypt_item(table_name, cmk_mrk_arn_first_region, cmk_mrk_arn_second_region): + """Demonstrate use of Multi-Region Keys with DynamoDB Encryption Client. + + This example encrypts an item with a Multi-Region Key in one region and decrypts it in another region. It + assumes that you have a Dynamo DB Global table in two regions, as well as a KMS + Multi-Region Key replicated to these regions. + """ + index_key = {"partition_attribute": {"S": "is this"}, "sort_attribute": {"N": "55"}} + plaintext_item = { + "example": {"S": "data"}, + "some numbers": {"N": "99"}, + "and some binary": {"B": b"\x00\x01\x02"}, + "leave me": {"S": "alone"}, # We want to ignore this attribute + } + # Collect all of the attributes that will be encrypted (used later). + encrypted_attributes = set(plaintext_item.keys()) + encrypted_attributes.remove("leave me") + # Collect all of the attributes that will not be encrypted (used later). + unencrypted_attributes = set(index_key.keys()) + unencrypted_attributes.add("leave me") + # Add the index pairs to the item. + plaintext_item.update(index_key) + + # Create attribute actions that tells the encrypted client to encrypt all attributes except one. + actions = AttributeActions( + default_action=CryptoAction.ENCRYPT_AND_SIGN, attribute_actions={"leave me": CryptoAction.DO_NOTHING} + ) + + # Create a DDB client and KMS crypto materials provider in the first region using the specified AWS KMS key. + split_arn = cmk_mrk_arn_first_region.split(":") + encryption_region = split_arn[3] + ddb_client = boto3.client("dynamodb", region_name=encryption_region) + encryption_cmp = AwsKmsCryptographicMaterialsProvider(key_id=cmk_mrk_arn_first_region) + # Use these objects to create an encrypted client. + encryption_client = EncryptedClient(client=ddb_client, materials_provider=encryption_cmp, attribute_actions=actions) + + # Put the item to the table, using the encrypted client to transparently encrypt it. + encryption_client.put_item(TableName=table_name, Item=plaintext_item) + + # Create a DDB client and KMS crypto materials provider in the second region + split_arn = cmk_mrk_arn_second_region.split(":") + decryption_region = split_arn[3] + decryption_cmp = AwsKmsCryptographicMaterialsProvider(key_id=cmk_mrk_arn_second_region) + ddb_client = boto3.client("dynamodb", region_name=decryption_region) + # Use these objects to create an encrypted client. + decryption_client = EncryptedClient(client=ddb_client, materials_provider=decryption_cmp, attribute_actions=actions) + + # DDB Global Table replication takes some time. Sleep for a moment to give the item a chance to replicate to the + # second region + time.sleep(1) + + # Get the item from the second region, transparently decrypting it. This allows you to avoid a cross-region KMS + # call to the first region if your application is running in the second region + decrypted_item = decryption_client.get_item(TableName=table_name, Key=index_key)["Item"] + + # Verify that the decryption successfully retrieved the original plaintext + for name in encrypted_attributes: + assert plaintext_item[name] == decrypted_item[name] + + # Clean up the item + encryption_client.delete_item(TableName=table_name, Key=index_key) diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 252132e7..889b1290 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -5,4 +5,4 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) -from integration_test_utils import cmk_arn, ddb_table_name # noqa pylint: disable=unused-import +from integration_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import diff --git a/examples/test/test_aws_kms_encrypted_examples.py b/examples/test/test_aws_kms_encrypted_examples.py index fabf0b16..3c0e8a36 100644 --- a/examples/test/test_aws_kms_encrypted_examples.py +++ b/examples/test/test_aws_kms_encrypted_examples.py @@ -17,9 +17,10 @@ aws_kms_encrypted_item, aws_kms_encrypted_resource, aws_kms_encrypted_table, + aws_kms_multi_region_key, ) -from .examples_test_utils import cmk_arn, ddb_table_name # noqa pylint: disable=unused-import +from .examples_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import pytestmark = [pytest.mark.examples] @@ -42,3 +43,7 @@ def test_aws_kms_encrypted_item(ddb_table_name, cmk_arn): def test_aws_kms_encrypted_resource(ddb_table_name, cmk_arn): aws_kms_encrypted_resource.encrypt_batch_items(ddb_table_name, cmk_arn) + + +def test_aws_kms_mrk_client(ddb_table_name, cmk_mrk_arn, second_cmk_mrk_arn): + aws_kms_multi_region_key.encrypt_item(ddb_table_name, cmk_mrk_arn, second_cmk_mrk_arn) diff --git a/examples/tox.ini b/examples/tox.ini index 261df1b9..67fa6318 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -11,6 +11,9 @@ commands = python -m pytest --basetemp={envtmpdir} -l {posargs} passenv = # Identifies AWS KMS key id to use in integration tests AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + # Identifes AWS KMS Multi-Region key ids to use in examples \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ # DynamoDB Table to use in integration tests DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ # Pass through AWS credentials diff --git a/test/README.rst b/test/README.rst index 42cace9f..ead71c42 100644 --- a/test/README.rst +++ b/test/README.rst @@ -8,6 +8,8 @@ In order to run these integration tests successfully, these things which must be `automatically discoverable credential locations`_. #. The ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID`` environment variable must be set to a valid `AWS KMS CMK ARN`_ that can be used by the available credentials. +#. The ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID`` and ``AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2`` environment variables + must be set to two related AWS KMS Multi-Region key ids in different regions. #. The ``DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME`` environment variable must be set to a valid DynamoDB table name, in the default region, to which the discoverable credentials have read, write, and describe permissions. diff --git a/test/integration/integration_test_utils.py b/test/integration/integration_test_utils.py index 71106ef7..006d5319 100644 --- a/test/integration/integration_test_utils.py +++ b/test/integration/integration_test_utils.py @@ -27,16 +27,18 @@ raise AWS_KMS_KEY_ID = "AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID" +AWS_KMS_MRK_KEY_ID = "AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID" +AWS_KMS_MRK_KEY_ID_2 = "AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2" DDB_TABLE_NAME = "DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME" -def cmk_arn_value(): +def cmk_arn_value(env_variable=AWS_KMS_KEY_ID): """Retrieve the target CMK ARN from environment variable.""" - arn = os.environ.get(AWS_KMS_KEY_ID, None) + arn = os.environ.get(env_variable, None) if arn is None: raise ValueError( 'Environment variable "{}" must be set to a valid KMS CMK ARN for integration tests to run'.format( - AWS_KMS_KEY_ID + env_variable ) ) if arn.startswith("arn:") and ":alias/" not in arn: @@ -47,7 +49,19 @@ def cmk_arn_value(): @pytest.fixture def cmk_arn(): """As of Pytest 4.0.0, fixtures cannot be called directly.""" - return cmk_arn_value() + return cmk_arn_value(AWS_KMS_KEY_ID) + + +@pytest.fixture +def cmk_mrk_arn(): + """As of Pytest 4.0.0, fixtures cannot be called directly.""" + return cmk_arn_value(AWS_KMS_MRK_KEY_ID) + + +@pytest.fixture +def second_cmk_mrk_arn(): + """As of Pytest 4.0.0, fixtures cannot be called directly.""" + return cmk_arn_value(AWS_KMS_MRK_KEY_ID_2) def _build_kms_cmp(require_attributes): diff --git a/tox.ini b/tox.ini index 0d435d13..9f752505 100644 --- a/tox.ini +++ b/tox.ini @@ -46,6 +46,9 @@ commands = pytest --basetemp={envtmpdir} -l {posargs} passenv = # Identifies AWS KMS key id to use in integration tests AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + # Identifies AWS KMS MRK key ids to use in integration tests + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ # DynamoDB Table to use in integration tests DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ # Pass through AWS credentials @@ -251,7 +254,7 @@ commands = # Ignore D103 docstring requirements for tests --ignore F811,D103 \ # Our path munging confuses isort, so disable flake8-isort checks on that file - --per-file-ignores="examples/test/examples_test_utils.py:I003,I004" \ + --per-file-ignores="examples/test/examples_test_utils.py:I003,I004,I005,examples/test/test_aws_kms_encrypted_examples.py:I005" \ examples/test/ [testenv:pylint] From 828adb6ff3ba2e00da1eb0981d32031d8fb4fae3 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 8 Jul 2021 16:24:39 -0600 Subject: [PATCH 17/75] chore: Add support policy (#170) --- README.rst | 3 ++ SUPPORT_POLICY.rst | 33 +++++++++++++++++++ doc/conf.py | 2 +- setup.py | 2 +- .../delegated_keys/__init__.py | 3 +- .../materials/__init__.py | 15 ++++++--- 6 files changed, 50 insertions(+), 8 deletions(-) create mode 100644 SUPPORT_POLICY.rst diff --git a/README.rst b/README.rst index d78d3179..5ec8c295 100644 --- a/README.rst +++ b/README.rst @@ -38,6 +38,8 @@ You can find our source on `GitHub`_. `Security issue notifications`_ +See `Support Policy`_ for details on the current support status of all major versions of this library. + *************** Getting Started *************** @@ -193,3 +195,4 @@ of the one that the client would normally construct for you. .. _decrypt_dynamodb_item: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/item.html#dynamodb_encryption_sdk.encrypted.item.decrypt_dynamodb_item .. _transformation functions: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/tools/transform.html .. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md#user-content-security-issue-notifications +.. _Support Policy: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst new file mode 100644 index 00000000..a40e3d7a --- /dev/null +++ b/SUPPORT_POLICY.rst @@ -0,0 +1,33 @@ +Overview +======== +This page describes the support policy for the AWS DynamoDB Encryption Client. We regularly provide the AWS DynamoDB Encryption Client with updates that may contain support for new or updated APIs, new features, enhancements, bug fixes, security patches, or documentation updates. Updates may also address changes with dependencies, language runtimes, and operating systems. + +We recommend users to stay up-to-date with DynamoDB Encryption Client releases to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported SDK version is not recommended and is done at the user’s discretion. + + +Major Version Lifecycle +======================== +The AWS DynamoDB Encryption Client follows the same major version lifecycle as the AWS SDK. For details on this lifecycle, see `AWS SDKs and Tools Maintenance Policy`_. + +Version Support Matrix +====================== +This table describes the current support status of each major version of the AWS DynamoDB Encryption Client for Python. It also shows the next status each major version will transition to, and the date at which that transition will happen. + +.. list-table:: + :widths: 30 50 50 50 + :header-rows: 1 + + * - Major version + - Current status + - Next status + - Next status date + * - 1.x + - Maintenance + - End of Support + - 2022-07-08 + * - 2.x + - Generally Available + - + - + +.. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/doc/conf.py b/doc/conf.py index 576f77c5..9c0b817c 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -11,7 +11,7 @@ def read(*args): """Reads complete file contents.""" - return io.open(os.path.join(HERE, *args), encoding="utf-8").read() + return io.open(os.path.join(HERE, *args), encoding="utf-8").read() # pylint: disable=consider-using-with def get_release(): diff --git a/setup.py b/setup.py index fe8f6f07..8b50e8dc 100644 --- a/setup.py +++ b/setup.py @@ -11,7 +11,7 @@ def read(*args): """Reads complete file contents.""" - return io.open(os.path.join(HERE, *args), encoding="utf-8").read() + return io.open(os.path.join(HERE, *args), encoding="utf-8").read() # pylint: disable=consider-using-with def get_version(): diff --git a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py index b41caeee..d301543a 100644 --- a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py +++ b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py @@ -45,7 +45,8 @@ class DelegatedKey(object): a :class:`NotImplementedError` detailing this. """ - @abc.abstractproperty + @property + @abc.abstractmethod def algorithm(self): # type: () -> Text """Text description of algorithm used by this delegated key.""" diff --git a/src/dynamodb_encryption_sdk/materials/__init__.py b/src/dynamodb_encryption_sdk/materials/__init__.py index 66797ec6..09c4a470 100644 --- a/src/dynamodb_encryption_sdk/materials/__init__.py +++ b/src/dynamodb_encryption_sdk/materials/__init__.py @@ -33,7 +33,8 @@ class CryptographicMaterials(object): """Base class for all cryptographic materials.""" - @abc.abstractproperty + @property + @abc.abstractmethod def material_description(self): # type: () -> Dict[Text, Text] """Material description to use with these cryptographic materials. @@ -42,7 +43,8 @@ def material_description(self): :rtype: dict """ - @abc.abstractproperty + @property + @abc.abstractmethod def encryption_key(self): # type: () -> DelegatedKey """Delegated key used for encrypting attributes. @@ -51,7 +53,8 @@ def encryption_key(self): :rtype: DelegatedKey """ - @abc.abstractproperty + @property + @abc.abstractmethod def decryption_key(self): # type: () -> DelegatedKey """Delegated key used for decrypting attributes. @@ -60,7 +63,8 @@ def decryption_key(self): :rtype: DelegatedKey """ - @abc.abstractproperty + @property + @abc.abstractmethod def signing_key(self): # type: () -> DelegatedKey """Delegated key used for calculating digital signatures. @@ -69,7 +73,8 @@ def signing_key(self): :rtype: DelegatedKey """ - @abc.abstractproperty + @property + @abc.abstractmethod def verification_key(self): # type: () -> DelegatedKey """Delegated key used for verifying digital signatures. From 3418eae68bb8d0432c6d9069bdc47b2e0754fc76 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 13 Jul 2021 15:05:30 -0600 Subject: [PATCH 18/75] chore: Prep for release 2.1.0 (#172) --- CHANGELOG.rst | 16 ++++++++++++++++ README.rst | 6 ++++++ SUPPORT_POLICY.rst | 6 +++++- src/dynamodb_encryption_sdk/identifiers.py | 2 +- 4 files changed, 28 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8a037cd1..fd602e43 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,22 @@ Changelog ********* +2.1.0 -- 2021-07-15 +=================== + +Deprecation Announcement +------------------------ +The AWS DynamoDB Encryption Client for Python is discontinuing support for Python 2. +Future major versions of this library will drop support for Python 2 and begin to +adopt changes that are known to break Python 2. + +Support for Python 3.4 will be removed at the same time. Moving forward, we will +support Python 3.5+. + +Security updates will still be available for the DynamoDB Encryption Client 2.x +line for the next 12 months, in accordance with our `Support Policy `__. + + 2.0.0 -- 2021-02-04 =================== diff --git a/README.rst b/README.rst index 5ec8c295..42b8ce42 100644 --- a/README.rst +++ b/README.rst @@ -49,6 +49,12 @@ Required Prerequisites * Python 2.7 or 3.4+ + **NOTE: 2.x is the last major version of this library that will + support Python 2. Future major versions will begin to adopt changes + known to break Python 2. Python 3.4 support will also be removed + in future major versions; Python 3.5+ will be required.** + + Installation ============ diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index a40e3d7a..26667e42 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -27,7 +27,11 @@ This table describes the current support status of each major version of the AWS - 2022-07-08 * - 2.x - Generally Available + - Maintenance + - 2021-07-13 + * - 3.x - - - + - Generally Available + - 2021-07-13 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index ab0b9b33..e7a0fcfd 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "2.0.0" +__version__ = "2.1.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) From 70ef913cd303b07e7cec78e83fce80007ebd9b0e Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 12:49:07 -0600 Subject: [PATCH 19/75] chore: Fix README file extension (#174) --- examples/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/setup.py b/examples/setup.py index 8f1fa53d..ceb22c19 100644 --- a/examples/setup.py +++ b/examples/setup.py @@ -36,7 +36,7 @@ def get_requirements(): author_email="aws-cryptools@amazon.com", maintainer="Amazon Web Services", description="DynamoDB Encryption Client for Python examples", - long_description=read("README.md"), + long_description=read("README.rst"), keywords="dynamodb-encryption-sdk aws kms encryption dynamodb", data_files=["requirements.txt"], license="Apache License 2.0", From 9a5ab6521092a54dd2e5222b3995c76c8c42d74a Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 14:03:22 -0600 Subject: [PATCH 20/75] chore: Add MRK key ids to codebuild specs (#175) --- codebuild/release/validate.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 9c242630..eacf49ae 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -5,6 +5,10 @@ env: BRANCH: "master" AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME: ddbec-release-validation From 8d82ed78658bd4617d727cfdada37a00e1efa2f8 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:36:52 -0600 Subject: [PATCH 21/75] chore: Remove support for python 2 (#173) --- .github/workflows/ci_tests.yaml | 59 ---------------------- CHANGELOG.rst | 12 +++++ README.rst | 7 +-- SUPPORT_POLICY.rst | 8 +-- buildspec.yml | 2 - codebuild/python2.7.yml | 18 ------- requirements.txt | 1 - setup.py | 3 -- src/dynamodb_encryption_sdk/identifiers.py | 2 +- tox.ini | 31 +----------- 10 files changed, 19 insertions(+), 124 deletions(-) delete mode 100644 codebuild/python2.7.yml diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index b8e72507..9cf5a738 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -9,46 +9,6 @@ on: - cron: '0 0 * * *' jobs: - # Hypothesis no longer supports Python 2 and - # there is a bug that appears with our slow tests - # only on Python 2. - # Until we also drop Python 2 support, - # the workaround is just that we don't run the slow tests - # on Python 2. - py2-tests: - runs-on: ${{ matrix.platform.os }} - strategy: - fail-fast: true - matrix: - platform: - - os: ubuntu-latest - architecture: x64 - - os: windows-latest - architecture: x64 - # x86 builds are only meaningful for Windows - - os: windows-latest - architecture: x86 - - os: macos-latest - architecture: x64 - category: - - local-fast - # These require credentials. - # Enable them once we sort how to provide them. - # - integ-fast - # - examples - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 - with: - python-version: 2.7 - architecture: ${{ matrix.platform.architecture }} - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv tests: runs-on: ${{ matrix.platform.os }} strategy: @@ -111,22 +71,3 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py2: - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - category: - - test-upstream-requirements-py27 - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 - with: - python-version: 2.7 - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fd602e43..8a500867 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ Changelog ********* +3.0.0 -- 2021-07-15 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 2 or Python 3.4 +as of major version 3.x; only Python 3.5+ is supported. Customers using Python 2 +or Python 3.4 can still use the 2.x line of the DynamoDB Encryption Client, +which will continue to receive security updates for the next 12 months, in accordance +with our `Support Policy `__. + + 2.1.0 -- 2021-07-15 =================== diff --git a/README.rst b/README.rst index 42b8ce42..6881c2e1 100644 --- a/README.rst +++ b/README.rst @@ -47,12 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 2.7 or 3.4+ - - **NOTE: 2.x is the last major version of this library that will - support Python 2. Future major versions will begin to adopt changes - known to break Python 2. Python 3.4 support will also be removed - in future major versions; Python 3.5+ will be required.** +* Python 3.5+ Installation diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 26667e42..26b126fa 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -26,12 +26,12 @@ This table describes the current support status of each major version of the AWS - End of Support - 2022-07-08 * - 2.x - - Generally Available - Maintenance - - 2021-07-13 + - End of Support + - 2022-07-15 * - 3.x - - - Generally Available - - 2021-07-13 + - + - .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/buildspec.yml b/buildspec.yml index 82f32b41..b83ff440 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python2_7 - buildspec: codebuild/python2.7.yml - identifier: python3_5 buildspec: codebuild/python3.5.yml - identifier: python3_6 diff --git a/codebuild/python2.7.yml b/codebuild/python2.7.yml deleted file mode 100644 index fd688d77..00000000 --- a/codebuild/python2.7.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py27-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pip install tox - - tox diff --git a/requirements.txt b/requirements.txt index b10f60f4..a8a5c1a3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ boto3>=1.4.4 cryptography>=1.8.1 attrs>=17.4.0 -enum34; python_version < '3.4' \ No newline at end of file diff --git a/setup.py b/setup.py index 8b50e8dc..5ae2a7ef 100644 --- a/setup.py +++ b/setup.py @@ -47,10 +47,7 @@ def get_requirements(): "Natural Language :: English", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", - "Programming Language :: Python :: 2", - "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index e7a0fcfd..c9b33016 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "2.1.0" +__version__ = "3.0.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) diff --git a/tox.ini b/tox.ini index 9f752505..d0aa06da 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{27,35,36,37,38,39}-{local,integ,ddb,examples}-fast, + py{35,36,37,38,39}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, @@ -117,15 +117,6 @@ recreate = True deps = commands = {toxinidir}/test/freeze-upstream-requirements.sh -# Freeze for Python 2.7 -[testenv:freeze-upstream-requirements-py27] -basepython = python2.7 -sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} -skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} -recreate = {[testenv:freeze-upstream-requirements-base]recreate} -deps = {[testenv:freeze-upstream-requirements-base]deps} -commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py27.txt - # Freeze for Python 3.7 [testenv:freeze-upstream-requirements-py37] basepython = python3.7 @@ -142,15 +133,6 @@ recreate = True passenv = commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples -# Test frozen upstream requirements for Python 2.7 -[testenv:test-upstream-requirements-py27] -basepython = python2.7 -passenv = -deps = -rtest/upstream-requirements-py27.txt -sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} -recreate = {[testenv:test-upstream-requirements-base]recreate} -commands = {[testenv:test-upstream-requirements-base]commands} - # Test frozen upstream requirements for Python 3.7 [testenv:test-upstream-requirements-py37] basepython = python3.7 @@ -201,17 +183,6 @@ commands = {posargs} {[testenv:mypy-coverage]commands} -[testenv:mypy-py2] -basepython = python2.7 -deps = {[testenv:mypy-common]deps} -commands = - python -m mypy \ - --py2 \ - --linecoverage-report build \ - src/dynamodb_encryption_sdk/ \ - {posargs} - {[testenv:mypy-coverage]commands} - # Linters [testenv:flake8] basepython = python3 From 421b551616ff80c0e4e9e20d904e54ab3e30b4c1 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 3 Aug 2021 13:18:00 -0600 Subject: [PATCH 22/75] chore: Update freeze-upstream-requirements (#178) Also get rid of some now-unused py2 configuration. --- test/README.rst | 14 ++-- test/upstream-requirements-py27.txt | 78 --------------------- test/upstream-requirements-py37.txt | 103 +++++++++++----------------- 3 files changed, 45 insertions(+), 150 deletions(-) delete mode 100644 test/upstream-requirements-py27.txt diff --git a/test/README.rst b/test/README.rst index ead71c42..747522bb 100644 --- a/test/README.rst +++ b/test/README.rst @@ -22,16 +22,12 @@ Updating Upstream Requirements The purpose of the upstream requirements files is to provide a stable list of packages for dependencies to run downstream tests of the DynamoDB Encryption -Client. In order to update the upstream requirements in `upstream-requirements-py37.txt` -and `upstream-requirements-py27.txt`, run these commands: +Client. In order to update the upstream requirements in `upstream-requirements-py37.txt`, +run these commands:: - .. code:: + $ tox -e freeze-upstream-requirements-py37 - $ tox -e freeze-upstream-requirements-py27 - $ tox -e freeze-upstream-requirements-py37 +Test them using:: -Test them using: + $ tox -e test-upstream-requirements-py37 - .. code:: - $ tox -e test-upstream-requirements-py27 - $ tox -e test-upstream-requirements-py37 diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt deleted file mode 100644 index cb3364b1..00000000 --- a/test/upstream-requirements-py27.txt +++ /dev/null @@ -1,78 +0,0 @@ -apipkg==1.5 -asn1crypto==1.0.1 -atomicwrites==1.3.0 -attrs==19.2.0 -aws-sam-translator==1.15.0 -aws-xray-sdk==2.4.2 -backports.ssl-match-hostname==3.7.0.1 -backports.tempfile==1.0 -backports.weakref==1.0.post1 -boto==2.49.0 -boto3==1.9.246 -botocore==1.12.246 -certifi==2019.9.11 -cffi==1.12.3 -cfn-lint==0.24.4 -chardet==3.0.4 -configparser==4.0.2 -contextlib2==0.6.0.post1 -cookies==2.2.1 -coverage==4.5.4 -cryptography==3.3.2 -DateTime==4.3 -docker==4.1.0 -docutils==0.15.2 -ecdsa==0.13.3 -enum34==1.1.6 -execnet==1.7.1 -funcsigs==1.0.2 -functools32==3.2.3.post2 -future==0.18.0 -futures==3.3.0 -hypothesis==4.40.0 -idna==2.8 -importlib-metadata==0.23 -ipaddress==1.0.22 -Jinja2==2.11.3 -jmespath==0.9.4 -jsondiff==1.1.2 -jsonpatch==1.24 -jsonpickle==1.2 -jsonpointer==2.0 -jsonschema==3.1.1 -MarkupSafe==1.1.1 -mock==3.0.5 -more-itertools==5.0.0 -moto==1.3.13 -packaging==19.2 -pathlib2==2.3.5 -pluggy==0.13.0 -py==1.10.0 -pyasn1==0.4.7 -pycparser==2.19 -pyparsing==2.4.2 -pyrsistent==0.15.4 -pytest==4.6.5 -pytest-cov==2.8.1 -pytest-forked==1.0.2 -pytest-mock==1.11.1 -pytest-xdist==1.30.0 -python-dateutil==2.8.0 -python-jose==3.0.1 -pytz==2019.3 -PyYAML==5.4 -requests==2.22.0 -responses==0.10.6 -rsa==4.5 -s3transfer==0.2.1 -scandir==1.10.0 -six==1.12.0 -sshpubkeys==3.1.0 -urllib3==1.25.8 -wcwidth==0.1.7 -websocket-client==0.56.0 -Werkzeug==0.16.0 -wrapt==1.11.2 -xmltodict==0.12.0 -zipp==0.6.0 -zope.interface==4.6.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index fe00514f..76ee4525 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,65 +1,42 @@ -apipkg==1.5 -asn1crypto==1.0.1 -atomicwrites==1.3.0 -attrs==19.2.0 -aws-sam-translator==1.15.0 -aws-xray-sdk==2.4.2 -boto==2.49.0 -boto3==1.9.246 -botocore==1.12.246 -certifi==2019.9.11 -cffi==1.12.3 -cfn-lint==0.24.4 -chardet==3.0.4 -coverage==4.5.4 -cryptography==3.3.2 -DateTime==4.3 -docker==4.1.0 -docutils==0.15.2 -ecdsa==0.13.3 -execnet==1.7.1 -future==0.18.0 -hypothesis==4.40.0 -idna==2.8 -importlib-metadata==0.23 -Jinja2==2.11.3 -jmespath==0.9.4 -jsondiff==1.1.2 -jsonpatch==1.24 -jsonpickle==1.2 -jsonpointer==2.0 -jsonschema==3.1.1 -MarkupSafe==1.1.1 -mock==3.0.5 -more-itertools==7.2.0 -moto==1.3.13 -packaging==19.2 -pluggy==0.13.0 +attrs==21.2.0 +boto3==1.18.12 +botocore==1.21.12 +certifi==2021.5.30 +cffi==1.14.6 +charset-normalizer==2.0.4 +coverage==5.5 +cryptography==3.4.7 +execnet==1.9.0 +hypothesis==5.49.0 +idna==3.2 +importlib-metadata==4.6.3 +iniconfig==1.1.1 +Jinja2==3.0.1 +jmespath==0.10.0 +MarkupSafe==2.0.1 +mock==4.0.3 +more-itertools==8.8.0 +moto==2.2.1 +packaging==21.0 +pluggy==0.13.1 py==1.10.0 -pyasn1==0.4.7 -pycparser==2.19 -pyparsing==2.4.2 -pyrsistent==0.15.4 -pytest==5.2.1 -pytest-cov==2.8.1 -pytest-forked==1.0.2 -pytest-mock==1.11.1 -pytest-xdist==1.30.0 -python-dateutil==2.8.0 -python-jose==3.0.1 -pytz==2019.3 -PyYAML==5.4 -requests==2.22.0 -responses==0.10.6 -rsa==4.5 -s3transfer==0.2.1 -six==1.12.0 -sshpubkeys==3.1.0 -urllib3==1.25.8 -wcwidth==0.1.7 -websocket-client==0.56.0 -Werkzeug==0.16.0 -wrapt==1.11.2 +pycparser==2.20 +pyparsing==2.4.7 +pytest==6.2.4 +pytest-cov==2.12.1 +pytest-forked==1.3.0 +pytest-mock==3.6.1 +pytest-xdist==2.3.0 +python-dateutil==2.8.2 +pytz==2021.1 +requests==2.26.0 +responses==0.13.3 +s3transfer==0.5.0 +six==1.16.0 +sortedcontainers==2.4.0 +toml==0.10.2 +typing-extensions==3.10.0.0 +urllib3==1.26.6 +Werkzeug==2.0.1 xmltodict==0.12.0 -zipp==0.6.0 -zope.interface==4.6.0 +zipp==3.5.0 From b40745d24ef06fbd7467434558e8be563318e88b Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 26 Aug 2021 17:14:22 -0600 Subject: [PATCH 23/75] chore: Fix broken CI (#179) --- codebuild/python3.8.yml | 4 +++- doc/conf.py | 4 ++-- test/acceptance/acceptance_test_generators.py | 6 +++--- test/acceptance/acceptance_test_utils.py | 10 +++++----- test/functional/functional_test_vector_generators.py | 6 +++--- test/functional/internal/test_str_ops.py | 8 ++++---- test/unit/material_providers/test_aws_kms.py | 2 +- 7 files changed, 21 insertions(+), 19 deletions(-) diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index 1c1524c8..cbac65cf 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -14,5 +14,7 @@ phases: python: latest build: commands: - - pip install tox + - pyenv install 3.8.6 + - pyenv local 3.8.6 + - pip install tox tox-pyenv - tox diff --git a/doc/conf.py b/doc/conf.py index 9c0b817c..2bc924ac 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -29,7 +29,7 @@ def get_version(): return _release -project = u"dynamodb-encryption-sdk-python" +project = "dynamodb-encryption-sdk-python" version = get_version() release = get_release() @@ -53,7 +53,7 @@ def get_version(): source_suffix = ".rst" # The suffix of source filenames. master_doc = "index" # The master toctree document. -copyright = u"%s, Amazon" % datetime.now().year # pylint: disable=redefined-builtin +copyright = "%s, Amazon" % datetime.now().year # pylint: disable=redefined-builtin # List of directories, relative to source directory, that shouldn't be searched # for source files. diff --git a/test/acceptance/acceptance_test_generators.py b/test/acceptance/acceptance_test_generators.py index 9ba01174..1c513bd3 100644 --- a/test/acceptance/acceptance_test_generators.py +++ b/test/acceptance/acceptance_test_generators.py @@ -43,7 +43,7 @@ def load_scenarios(online): into a shared method. """ # pylint: disable=too-many-locals - with open(_SCENARIO_FILE) as f: + with open(_SCENARIO_FILE, encoding="utf-8") as f: scenarios = json.load(f) keys_file = _filename_from_uri(scenarios["keys"]) keys = _load_keys(keys_file) @@ -128,7 +128,7 @@ def _generate(materials_provider, table_data, ciphertext_file, metastore_info): if table: table.delete() - with open(ciphertext_file, "w") as outfile: + with open(ciphertext_file, "w", encoding="utf-8") as outfile: json.dump(data_table_output, outfile, indent=4) if metatable: @@ -137,7 +137,7 @@ def _generate(materials_provider, table_data, ciphertext_file, metastore_info): metastore_output[metastore_info["table_name"]].append(ddb_to_json(wrapping_key)) metastore_ciphertext_file = _filename_from_uri(metastore_info["ciphertext"]) - with open(metastore_ciphertext_file, "w") as outfile: + with open(metastore_ciphertext_file, "w", encoding="utf-8") as outfile: json.dump(metastore_output, outfile, indent=4) metatable.delete() diff --git a/test/acceptance/acceptance_test_utils.py b/test/acceptance/acceptance_test_utils.py index c4f06b46..a7fd4c03 100644 --- a/test/acceptance/acceptance_test_utils.py +++ b/test/acceptance/acceptance_test_utils.py @@ -61,7 +61,7 @@ def _decode_item(item): def _build_plaintext_items(plaintext_file, version): # pylint: disable=too-many-locals - with open(plaintext_file) as f: + with open(plaintext_file, encoding="utf-8") as f: plaintext_data = json.load(f) actions = {} @@ -92,7 +92,7 @@ def _build_plaintext_items(plaintext_file, version): def _load_ciphertext_items(ciphertext_file): - with open(ciphertext_file) as f: + with open(ciphertext_file, encoding="utf-8") as f: ciphertexts = json.load(f) for _table, items in ciphertexts.items(): @@ -103,7 +103,7 @@ def _load_ciphertext_items(ciphertext_file): def _load_keys(keys_file): - with open(keys_file) as f: + with open(keys_file, encoding="utf-8") as f: return json.load(f) @@ -165,7 +165,7 @@ def _meta_table_prep(table_name, items_filename): table = boto3.resource("dynamodb", region_name="us-west-2").Table(table_name) table.wait_until_exists() try: - with open(_filename_from_uri(items_filename)) as f: + with open(_filename_from_uri(items_filename), encoding="utf-8") as f: table_data = json.load(f) request_items = {} @@ -255,7 +255,7 @@ def _expand_items(ciphertext_items, plaintext_items): def load_scenarios(online): # pylint: disable=too-many-locals - with open(_SCENARIO_FILE) as f: + with open(_SCENARIO_FILE, encoding="utf-8") as f: scenarios = json.load(f) keys_file = _filename_from_uri(scenarios["keys"]) keys = _load_keys(keys_file) diff --git a/test/functional/functional_test_vector_generators.py b/test/functional/functional_test_vector_generators.py index 02906f35..9e711ad2 100644 --- a/test/functional/functional_test_vector_generators.py +++ b/test/functional/functional_test_vector_generators.py @@ -104,14 +104,14 @@ def _decode_complex_value(_value): def attribute_test_vectors(mode): filepath = _ATTRIBUTE_TEST_VECTOR_FILE_TEMPLATE.format(mode=mode) - with open(filepath) as f: + with open(filepath, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: yield (decode_value(vector["attribute"]), base64.b64decode(codecs.encode(vector["serialized"], "utf-8"))) def material_description_test_vectors(): - with open(_MATERIAL_DESCRIPTION_TEST_VECTORS_FILE) as f: + with open(_MATERIAL_DESCRIPTION_TEST_VECTORS_FILE, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: yield (vector["material_description"], decode_value({"B": codecs.encode(vector["serialized"], "utf-8")})) @@ -125,7 +125,7 @@ def material_description_test_vectors(): def string_to_sign_test_vectors(): - with open(_STRING_TO_SIGN_TEST_VECTORS_FILE) as f: + with open(_STRING_TO_SIGN_TEST_VECTORS_FILE, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: item = {key: decode_value(value["value"]) for key, value in vector["item"].items()} diff --git a/test/functional/internal/test_str_ops.py b/test/functional/internal/test_str_ops.py index 704e3e3f..1d9f7443 100644 --- a/test/functional/internal/test_str_ops.py +++ b/test/functional/internal/test_str_ops.py @@ -26,8 +26,8 @@ ( ("asdf", "asdf"), (b"asdf", "asdf"), - (codecs.encode(u"Предисловие", "utf-8"), u"Предисловие"), - (u"Предисловие", u"Предисловие"), + (codecs.encode("Предисловие", "utf-8"), "Предисловие"), + ("Предисловие", "Предисловие"), ), ) def test_to_str(data, expected_output): @@ -41,8 +41,8 @@ def test_to_str(data, expected_output): ("asdf", b"asdf"), (b"asdf", b"asdf"), (b"\x3a\x00\x99", b"\x3a\x00\x99"), - (u"Предисловие", codecs.encode(u"Предисловие", "utf-8")), - (codecs.encode(u"Предисловие", "utf-8"), codecs.encode(u"Предисловие", "utf-8")), + ("Предисловие", codecs.encode("Предисловие", "utf-8")), + (codecs.encode("Предисловие", "utf-8"), codecs.encode("Предисловие", "utf-8")), ), ) def test_to_bytes(data, expected_output): diff --git a/test/unit/material_providers/test_aws_kms.py b/test/unit/material_providers/test_aws_kms.py index edcd301d..2d14b8e4 100644 --- a/test/unit/material_providers/test_aws_kms.py +++ b/test/unit/material_providers/test_aws_kms.py @@ -225,7 +225,7 @@ def test_loaded_key_infos(): [ pytest.param(val, id=str(val)) for val in all_possible_combinations_kwargs( - dict(), + {}, dict(botocore_session=botocore.session.Session()), dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), dict(material_description={"asoiufeoia": "soajfijewi"}), From 94244332a77a1929ee4c1cebc366787ca57e206d Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Fri, 24 Sep 2021 13:41:28 -0700 Subject: [PATCH 24/75] chore: Fix CI (#180) --- examples/src/pylintrc | 1 + examples/test/pylintrc | 1 + src/pylintrc | 1 + test/pylintrc | 1 + 4 files changed, 4 insertions(+) diff --git a/examples/src/pylintrc b/examples/src/pylintrc index 5ea9fbcc..2a3a443a 100644 --- a/examples/src/pylintrc +++ b/examples/src/pylintrc @@ -3,6 +3,7 @@ disable = duplicate-code, # these examples often feature similar code too-many-locals, # for these examples, we prioritize keeping everything together for simple readability + consider-using-f-string, # Not supported in Python 3.5 [BASIC] # Allow function names up to 50 characters diff --git a/examples/test/pylintrc b/examples/test/pylintrc index f4dfcfe6..f9671d06 100644 --- a/examples/test/pylintrc +++ b/examples/test/pylintrc @@ -10,6 +10,7 @@ disable = # pylint does not recognize this duplicate-code, # tests for similar things tend to be similar redefined-outer-name, # raises false positives with fixtures + consider-using-f-string, # Not supported in Python 3.5 [DESIGN] max-args = 10 diff --git a/src/pylintrc b/src/pylintrc index bc0406f6..399920a7 100644 --- a/src/pylintrc +++ b/src/pylintrc @@ -8,6 +8,7 @@ disable = useless-object-inheritance, raise-missing-from, super-with-arguments, + consider-using-f-string, [BASIC] # Allow function names up to 50 characters diff --git a/test/pylintrc b/test/pylintrc index ce2bba60..24de7029 100644 --- a/test/pylintrc +++ b/test/pylintrc @@ -14,6 +14,7 @@ disable = useless-object-inheritance, raise-missing-from, super-with-arguments, + consider-using-f-string, [DESIGN] max-args = 10 From ff6aa151876b173103c17bd63c6039ce33cce3c3 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 10:32:00 -0700 Subject: [PATCH 25/75] ci: Update CI (#183) --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 2 +- codebuild/python3.5.yml | 4 ++-- codebuild/python3.6.yml | 4 +++- codebuild/python3.7.yml | 4 ++-- codebuild/python3.8.yml | 4 ++-- codebuild/python3.9.yml | 4 ++-- examples/test/examples_test_utils.py | 19 ++++++++++++++++++- .../test/test_aws_kms_encrypted_examples.py | 7 ++++++- .../material_providers/most_recent.py | 4 +--- 10 files changed, 38 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 746f015e..1c867540 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 9cf5a738..86e3e8df 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,7 +39,7 @@ jobs: # - examples steps: - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml index f2b1dbcd..f0916074 100644 --- a/codebuild/python3.5.yml +++ b/codebuild/python3.5.yml @@ -26,7 +26,7 @@ phases: # Testing every minor version # is too extreme at this time. # The choice of versions should be reviewed. - - pyenv install 3.5.9 - - pyenv local 3.5.9 + - pyenv install 3.5.10 + - pyenv local 3.5.10 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml index 602dc113..864ea3b1 100644 --- a/codebuild/python3.6.yml +++ b/codebuild/python3.6.yml @@ -14,5 +14,7 @@ phases: python: latest build: commands: - - pip install tox + - pyenv install 3.6.15 + - pyenv local 3.6.15 + - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 1ac0daa6..93e8a312 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -26,7 +26,7 @@ phases: # Testing every minor version # is too extreme at this time. # The choice of versions should be reviewed. - - pyenv install 3.7.9 - - pyenv local 3.7.9 + - pyenv install 3.7.12 + - pyenv local 3.7.12 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index cbac65cf..c0170f2a 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -14,7 +14,7 @@ phases: python: latest build: commands: - - pyenv install 3.8.6 - - pyenv local 3.8.6 + - pyenv install 3.8.12 + - pyenv local 3.8.12 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index 62868c80..f4de17ef 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -14,7 +14,7 @@ phases: python: latest build: commands: - - pyenv install 3.9.0 - - pyenv local 3.9.0 + - pyenv install 3.9.7 + - pyenv local 3.9.7 - pip install tox tox-pyenv - tox diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 889b1290..89ba1bba 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -1,8 +1,25 @@ -"""Helper utilities for use while testing examples.""" +# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Helper utilities for use while testing examples. + +isort:skip_file +""" import os import sys os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) +# fmt: off from integration_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import +# fmt: on diff --git a/examples/test/test_aws_kms_encrypted_examples.py b/examples/test/test_aws_kms_encrypted_examples.py index 3c0e8a36..a815683a 100644 --- a/examples/test/test_aws_kms_encrypted_examples.py +++ b/examples/test/test_aws_kms_encrypted_examples.py @@ -20,7 +20,12 @@ aws_kms_multi_region_key, ) -from .examples_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import +from .examples_test_utils import ( # noqa pylint: disable=unused-import + cmk_arn, + cmk_mrk_arn, + ddb_table_name, + second_cmk_mrk_arn, +) pytestmark = [pytest.mark.examples] diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index 349163e0..1606f6c0 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -35,9 +35,7 @@ pass -__all__ = ( - "CachingMostRecentProvider", -) +__all__ = ("CachingMostRecentProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) #: Grace period during which we will return the latest local materials. This allows multiple #: threads to be using this same provider without risking lock contention or many threads From d7c8d37d2c9644f5a316a13b730055498b5bc589 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 12:11:26 -0700 Subject: [PATCH 26/75] feat(compatability): Check Python Runtime (#185) --- src/dynamodb_encryption_sdk/__init__.py | 3 ++ src/dynamodb_encryption_sdk/compatability.py | 39 ++++++++++++++++++++ test/pylintrc | 1 + test/unit/test_compatability.py | 38 +++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 src/dynamodb_encryption_sdk/compatability.py create mode 100644 test/unit/test_compatability.py diff --git a/src/dynamodb_encryption_sdk/__init__.py b/src/dynamodb_encryption_sdk/__init__.py index 7b5dba80..d1536792 100644 --- a/src/dynamodb_encryption_sdk/__init__.py +++ b/src/dynamodb_encryption_sdk/__init__.py @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """DynamoDB Encryption Client.""" +from dynamodb_encryption_sdk.compatability import _warn_deprecated_python from dynamodb_encryption_sdk.encrypted.client import EncryptedClient from dynamodb_encryption_sdk.encrypted.item import ( decrypt_dynamodb_item, @@ -22,6 +23,8 @@ from dynamodb_encryption_sdk.encrypted.table import EncryptedTable from dynamodb_encryption_sdk.identifiers import __version__ +_warn_deprecated_python() + __all__ = ( "decrypt_dynamodb_item", "decrypt_python_item", diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py new file mode 100644 index 00000000..b63781d1 --- /dev/null +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -0,0 +1,39 @@ +# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Contains logic for checking the Python Version""" +import sys +import warnings + +DEPRECATION_DATE_MAP = {"1.x": "2022-07-08", "2.x": "2022-07-15"} + + +def _warn_deprecated_python(): + """Template for deprecation of Python warning.""" + deprecated_versions = { + (2, 7): {"date": DEPRECATION_DATE_MAP["2.x"]}, + (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, + (3, 5): {"date": "2021-11-10"}, + } + py_version = (sys.version_info.major, sys.version_info.minor) + minimum_version = (3, 6) + + if py_version in deprecated_versions: + params = deprecated_versions[py_version] + warning = ( + "aws-dynamodb-encryption will no longer support Python {}.{} " + "starting {}. To continue receiving service updates, " + "bug fixes, and security updates please upgrade to Python {}.{} or " + "later. For more information, see SUPPORT_POLICY.rst: " + "https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst" + ).format(py_version[0], py_version[1], minimum_version[0], minimum_version[1], params["date"]) + warnings.warn(warning, DeprecationWarning) diff --git a/test/pylintrc b/test/pylintrc index 24de7029..f63b3263 100644 --- a/test/pylintrc +++ b/test/pylintrc @@ -10,6 +10,7 @@ disable = protected-access, # raised when calling _ methods redefined-outer-name, # raised when using pytest-mock unused-argument, # raised when patches and fixtures are needed but not called + no-self-use, # raised on Classes in tests used for logically grouping tests # All below are disabled because we need to support Python 2 useless-object-inheritance, raise-missing-from, diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py new file mode 100644 index 00000000..a658d7b7 --- /dev/null +++ b/test/unit/test_compatability.py @@ -0,0 +1,38 @@ +# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Unit test suite for dynamodb_encryption_sdk.compatability.""" +import sys + +import mock +import pytest + +from dynamodb_encryption_sdk.compatability import _warn_deprecated_python + +pytestmark = [pytest.mark.unit, pytest.mark.local] + + +class TestWarnDeprecatedPython: + def test_happy_version(self): + with mock.patch.object(sys, "version_info") as v_info: + v_info.major = 3 + v_info.minor = 6 + with pytest.warns(None) as record: + _warn_deprecated_python() + assert len(record) == 0 + + def test_below_warn(self): + with mock.patch.object(sys, "version_info") as v_info: + v_info.major = 2 + v_info.minor = 7 + with pytest.warns(DeprecationWarning): + _warn_deprecated_python() From f8e258eee08f5230724b0917d50031f9391e2c30 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 13:13:47 -0700 Subject: [PATCH 27/75] ci(py310): test against Python 3.10.0 (#184) --- buildspec.yml | 2 ++ codebuild/python3.10.yml | 20 ++++++++++++++++++++ tox.ini | 2 +- 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 codebuild/python3.10.yml diff --git a/buildspec.yml b/buildspec.yml index b83ff440..b2a19641 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -13,6 +13,8 @@ batch: buildspec: codebuild/python3.8.yml - identifier: python3_9 buildspec: codebuild/python3.9.yml + - identifier: python3_10 + buildspec: codebuild/python3.10.yml - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml new file mode 100644 index 00000000..4fe79318 --- /dev/null +++ b/codebuild/python3.10.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py310-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.10.0 + - pyenv local 3.10.0 + - pip install tox tox-pyenv + - tox diff --git a/tox.ini b/tox.ini index d0aa06da..3c4a9e4e 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{35,36,37,38,39}-{local,integ,ddb,examples}-fast, + py{35,36,37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 846e3b1f6b4aac46802dfb0942334ad3f4864b1f Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 14:58:32 -0700 Subject: [PATCH 28/75] chore: deprecate python 3.5 (#186) BREAKING CHANGE: Removes Testing against Python 3.5. Python 3.5 is no longer supported by the Python AWS DynamoDB Encryption Client. --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 2 -- codebuild/python3.5.yml | 32 -------------------------------- examples/tox.ini | 2 +- setup.py | 1 - tox.ini | 2 +- 7 files changed, 3 insertions(+), 39 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 86e3e8df..b1ccda1f 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.5 - 3.6 - 3.7 - 3.8 diff --git a/README.rst b/README.rst index 6881c2e1..b472e75e 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.5+ +* Python 3.6+ Installation diff --git a/buildspec.yml b/buildspec.yml index b2a19641..d6b651bd 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_5 - buildspec: codebuild/python3.5.yml - identifier: python3_6 buildspec: codebuild/python3.6.yml - identifier: python3_7 diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml index f0916074..e69de29b 100644 --- a/codebuild/python3.5.yml +++ b/codebuild/python3.5.yml @@ -1,32 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py35-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - # The specific versions are manually installed - # because they are not installed - # by default in CodeBuild containers. - # `pyenv` does not have - # a nice way to just install - # the latest patch version. - # I have selected the current latest patch - # rather than try - # and manage a one-liner or script. - # Testing every minor version - # is too extreme at this time. - # The choice of versions should be reviewed. - - pyenv install 3.5.10 - - pyenv local 3.5.10 - - pip install tox tox-pyenv - - tox diff --git a/examples/tox.ini b/examples/tox.ini index 67fa6318..ef7d4072 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{27,35,36,37,38,39}-examples + py{36,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} diff --git a/setup.py b/setup.py index 5ae2a7ef..c696bfd2 100644 --- a/setup.py +++ b/setup.py @@ -48,7 +48,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", diff --git a/tox.ini b/tox.ini index 3c4a9e4e..1a9d21cc 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{35,36,37,38,39,310}-{local,integ,ddb,examples}-fast, + py{36,37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From a1eddb56ac1e946c12d002b1ba6ceb2402ee4741 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 9 Nov 2021 17:13:41 -0700 Subject: [PATCH 29/75] chore: Add CODEOWNERS file (#187) --- .github/CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..80689173 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# Each line is a file pattern followed by one or more owners. +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# Default code owner for everything is our aws-crypto-tools group +* @aws/aws-crypto-tools From 186d939afa74403e9285854015826813751dc7e7 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 10 Nov 2021 11:25:14 -0700 Subject: [PATCH 30/75] chore: CHANGELOG and version bump for release 3.1.0 (#189) --- CHANGELOG.rst | 19 +++++++++++++++++++ src/dynamodb_encryption_sdk/identifiers.py | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8a500867..fed30700 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,25 @@ Changelog ********* +3.1.0 -- 2021-11-10 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 3.5 +as of version 3.1; only Python 3.6+ is supported. Customers using +Python 3.5 can still use the 2.x line of the AWS DynamoDB Encryption Client for Python, +which will continue to receive security updates, in accordance +with our `Support Policy `__. + +Feature +----------- +* Warn on Deprecated Python usage + `#368 `_ +* Add Python 3.10 to CI +* Remove Python 3.5 from testing + + 3.0.0 -- 2021-07-15 =================== diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index c9b33016..86741cd1 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.0.0" +__version__ = "3.1.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) From 84661add29c274facde5ef35f0d2dba83eae24af Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Wed, 10 Nov 2021 15:58:20 -0700 Subject: [PATCH 31/75] chore: Fix readthedocs builds (#190) --- .readthedocs.yaml | 22 ++++++++++++++++++++++ doc/requirements.txt | 4 ++-- 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 .readthedocs.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 00000000..f2b0657b --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,22 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Build documentation in the doc/ directory with Sphinx +sphinx: + configuration: doc/conf.py + +# Don't need to build documentation for test vectors or any other +# sub modules +submodules: + exclude: all + +python: + version: 3.8 + install: + - requirements: doc/requirements.txt + - method: setuptools + path: . diff --git a/doc/requirements.txt b/doc/requirements.txt index 29e31945..69e61c10 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -1,2 +1,2 @@ -sphinx>=1.3.0 -sphinx_rtd_theme \ No newline at end of file +sphinx==4.2.0 +sphinx_rtd_theme==1.0.0 From b7aeaf735822fa1536b67cb3ad484f09f55deaa5 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Fri, 12 Nov 2021 08:45:49 -0700 Subject: [PATCH 32/75] chore: Fix release validation (#191) --- codebuild/release/validate.yml | 2 +- doc/conf.py | 2 +- examples/tox.ini | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index eacf49ae..7f0fda4b 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -28,7 +28,7 @@ phases: - | while [ $NUM_RETRIES -gt 0 ] do - tox -re py38-examples + tox -re py3-examples if [ $? -eq 0 ]; then break fi diff --git a/doc/conf.py b/doc/conf.py index 2bc924ac..4e87cadd 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -62,7 +62,7 @@ def get_version(): pygments_style = "sphinx" autoclass_content = "both" -autodoc_default_flags = ["show-inheritance", "members"] +autodoc_default_options = {"members": True, "show-inheritance": True} autodoc_member_order = "bysource" html_theme = "sphinx_rtd_theme" diff --git a/examples/tox.ini b/examples/tox.ini index ef7d4072..eb8b1aad 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{36,37,38,39}-examples + py{3,36,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} From f694bcd01b43f82e39482f750a1cdfbb0d50067e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Fri, 18 Feb 2022 14:38:40 -0800 Subject: [PATCH 33/75] chore: pin linter dependencies and enable dependabot (#192) --- .github/dependabot.yml | 13 ++++ .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 +- .readthedocs.yaml | 2 +- ci-requirements.txt | 1 - dev_requirements/ci-requirements.txt | 1 + .../doc-requirements.txt | 2 +- dev_requirements/linter-requirements.txt | 16 +++++ dev_requirements/release-requirements.txt | 4 ++ dev_requirements/test-requirements.txt | 9 +++ test/freeze-upstream-requirements.sh | 2 +- test/requirements.txt | 10 --- test/source-build-check.sh | 2 +- tox.ini | 64 +++++++------------ 14 files changed, 73 insertions(+), 59 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 ci-requirements.txt create mode 100644 dev_requirements/ci-requirements.txt rename doc/requirements.txt => dev_requirements/doc-requirements.txt (63%) create mode 100644 dev_requirements/linter-requirements.txt create mode 100644 dev_requirements/release-requirements.txt create mode 100644 dev_requirements/test-requirements.txt delete mode 100644 test/requirements.txt diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5cd8ea5c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + # master + - package-ecosystem: "pip" + directory: "/dev_requirements" + schedule: + interval: "daily" + + # Github Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 1c867540..d1a112ec 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -37,7 +37,7 @@ jobs: python-version: 3.8 - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: check env: TOXENV: ${{ matrix.category }} diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index b1ccda1f..bf6e98b8 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -44,7 +44,7 @@ jobs: architecture: ${{ matrix.platform.architecture }} - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: run test env: TOXENV: ${{ matrix.category }} @@ -65,7 +65,7 @@ jobs: python-version: 3.7 - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: run test env: TOXENV: ${{ matrix.category }} diff --git a/.readthedocs.yaml b/.readthedocs.yaml index f2b0657b..a19ab508 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -17,6 +17,6 @@ submodules: python: version: 3.8 install: - - requirements: doc/requirements.txt + - requirements: dev_requirements/doc-requirements.txt - method: setuptools path: . diff --git a/ci-requirements.txt b/ci-requirements.txt deleted file mode 100644 index 053148f8..00000000 --- a/ci-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -tox diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt new file mode 100644 index 00000000..9a41a70d --- /dev/null +++ b/dev_requirements/ci-requirements.txt @@ -0,0 +1 @@ +tox==3.24.5 diff --git a/doc/requirements.txt b/dev_requirements/doc-requirements.txt similarity index 63% rename from doc/requirements.txt rename to dev_requirements/doc-requirements.txt index 69e61c10..9364148e 100644 --- a/doc/requirements.txt +++ b/dev_requirements/doc-requirements.txt @@ -1,2 +1,2 @@ -sphinx==4.2.0 +sphinx==4.4.0 sphinx_rtd_theme==1.0.0 diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt new file mode 100644 index 00000000..835b7f0a --- /dev/null +++ b/dev_requirements/linter-requirements.txt @@ -0,0 +1,16 @@ +bandit==1.7.2 +black==22.1.0 +doc8==0.10.1 +flake8==4.0.1 +flake8-docstrings==1.6.0 +flake8-isort==4.1.1 +# https://github.com/JBKahn/flake8-print/pull/30 +flake8-print==4.0.0 +isort==5.10.1 +pylint==2.12.2 +pyflakes==2.4.0 +# https://github.com/PyCQA/pydocstyle/issues/375 +pydocstyle==3.0.0 +readme_renderer==32.0 +seed-isort-config==2.2.0 +vulture==2.3 diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt new file mode 100644 index 00000000..ba64ded2 --- /dev/null +++ b/dev_requirements/release-requirements.txt @@ -0,0 +1,4 @@ +pypi-parker==0.1.2 +setuptools==60.7.1 +twine==3.8.0 +wheel==0.37.1 diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt new file mode 100644 index 00000000..83d215f3 --- /dev/null +++ b/dev_requirements/test-requirements.txt @@ -0,0 +1,9 @@ +hypothesis==5.49.0 +mock==4.0.3 +moto==3.0.2 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-mock==3.6.1 +pytest-xdist==2.5.0 +boto3==1.20.51 +botocore==1.23.51 diff --git a/test/freeze-upstream-requirements.sh b/test/freeze-upstream-requirements.sh index 293ae16d..2be3824d 100755 --- a/test/freeze-upstream-requirements.sh +++ b/test/freeze-upstream-requirements.sh @@ -6,5 +6,5 @@ if [ -z ${1} ]; then fi pip install -r requirements.txt -pip install -r test/requirements.txt +pip install -r dev_requirements/test-requirements.txt pip freeze > ${1} diff --git a/test/requirements.txt b/test/requirements.txt deleted file mode 100644 index 24ace5ac..00000000 --- a/test/requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -hypothesis>=5.0.0,<6.0.0;python_version>='3' -hypothesis==4.57.1;python_version=='2.7' -mock -moto>=1.3.8 -pytest>=3.4.0 -pytest-cov -pytest-mock -pytest-xdist -boto3 -botocore diff --git a/test/source-build-check.sh b/test/source-build-check.sh index 22e31a83..1d6986a1 100755 --- a/test/source-build-check.sh +++ b/test/source-build-check.sh @@ -26,7 +26,7 @@ EXTRACTEDDIR=$(ls | tail -1) cd ${EXTRACTEDDIR} echo "Installing requirements from extracted source build." -pip install -r test/requirements.txt +pip install -r dev_requirements/test-requirements.txt pip install -e . echo "Running tests from extracted source build." diff --git a/tox.ini b/tox.ini index 1a9d21cc..188569bc 100644 --- a/tox.ini +++ b/tox.ini @@ -60,7 +60,7 @@ passenv = # Pass through the default AWS region (used for integration tests) AWS_DEFAULT_REGION sitepackages = False -deps = -rtest/requirements.txt +deps = -rdev_requirements/test-requirements.txt # 'download' forces tox to always upgrade pip to the latest download = true commands = @@ -91,7 +91,7 @@ commands = # Do not select any specific markers manual: {[testenv:base-command]commands} # Only run examples tests - examples: {[testenv:base-command]commands} examples/test/ -m "examples" + examples: {[testenv:base-command]commands} examples/test -m "examples" # Run code coverage on the unit tests [testenv:coverage] @@ -106,7 +106,7 @@ sitepackages = False passenv = setenv = ######################################################### -deps = -rtest/requirements.txt +deps = -rdev_requirements/test-requirements.txt commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples # Collect requirements for use in upstream tests @@ -149,6 +149,7 @@ sitepackages = False recreate = True deps = {[testenv:build]deps} + -rdev_requirements/test-requirements.txt commands = {[testenv:build]commands} {toxinidir}/test/source-build-check.sh {envtmpdir} {toxinidir}/dist @@ -186,14 +187,7 @@ commands = # Linters [testenv:flake8] basepython = python3 -deps = - flake8 - flake8-docstrings - flake8-isort - # https://github.com/PyCQA/pydocstyle/issues/375 - pydocstyle<4.0.0 - # https://github.com/JBKahn/flake8-print/pull/30 - flake8-print>=3.1.0 +deps = -rdev_requirements/linter-requirements.txt commands = flake8 \ src/dynamodb_encryption_sdk/ \ @@ -202,7 +196,7 @@ commands = [testenv:flake8-tests] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = -rdev_requirements/linter-requirements.txt commands = flake8 \ # Ignore F811 redefinition errors in tests (breaks with pytest-mock use) @@ -214,7 +208,7 @@ commands = [testenv:flake8-examples] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = {[testenv:flake8]deps} commands = flake8 \ # Ignore C901 complexity requirements (examples optimize for straightforward readability) @@ -232,8 +226,7 @@ commands = basepython = python3 deps = {[testenv]deps} - pyflakes - pylint + -rdev_requirements/linter-requirements.txt commands = pylint \ --rcfile=src/pylintrc \ @@ -261,8 +254,7 @@ commands = [testenv:blacken-src] basepython = python3 -deps = - black +deps = -rdev_requirements/linter-requirements.txt commands = black --line-length 120 \ src/dynamodb_encryption_sdk/ \ @@ -276,28 +268,24 @@ commands = [testenv:blacken] basepython = python3 -deps = - {[testenv:blacken-src]deps} +deps = {[testenv:blacken-src]deps} commands = {[testenv:blacken-src]commands} [testenv:black-check] basepython = python3 -deps = - {[testenv:blacken]deps} +deps = {[testenv:blacken]deps} commands = {[testenv:blacken-src]commands} --diff [testenv:isort-seed] basepython = python3 -deps = seed-isort-config +deps = -rdev_requirements/linter-requirements.txt commands = seed-isort-config [testenv:isort] basepython = python3 -# We need >=5.0.0 because -# several configuration settings changed with 5.0.0 -deps = isort>=5.0.0 +deps = -rdev_requirements/linter-requirements.txt commands = isort \ src \ test \ @@ -316,8 +304,8 @@ commands = {[testenv:isort]commands} -c [testenv:autoformat] basepython = python3 deps = - {[testenv:isort]deps} {[testenv:blacken]deps} + {[testenv:isort]deps} commands = {[testenv:isort]commands} {[testenv:blacken]commands} @@ -337,8 +325,8 @@ commands = basepython = python3 whitelist_externals = {[testenv:resetdocs]whitelist_externals} deps = - sphinx - doc8 + -rdev_requirements/doc-requirements.txt + -rdev_requirements/linter-requirements.txt commands = {[testenv:resetdocs]commands} doc8 doc/index.rst doc/lib/ README.rst CHANGELOG.rst @@ -346,18 +334,18 @@ commands = [testenv:readme] basepython = python3 -deps = readme_renderer +deps = -rdev_requirements/linter-requirements.txt commands = python setup.py check -r -s [testenv:bandit] basepython = python3 -deps = bandit +deps = -rdev_requirements/linter-requirements.txt commands = bandit -r src/dynamodb_encryption_sdk/ # Prone to false positives: only run independently [testenv:vulture] basepython = python3 -deps = vulture +deps = -rdev_requirements/linter-requirements.txt commands = vulture src/dynamodb_encryption_sdk/ [testenv:linters] @@ -387,7 +375,7 @@ commands = # Documentation [testenv:docs] basepython = python3 -deps = -rdoc/requirements.txt +deps = -rdev_requirements/doc-requirements.txt commands = sphinx-build -E -c doc/ -b html doc/ doc/build/html sphinx-build -E -c doc/ -b linkcheck doc/ doc/build/html @@ -404,27 +392,21 @@ commands = [testenv:park] basepython = python3 skip_install = true -deps = - pypi-parker - setuptools +deps = -rdev_requirements/release-requirements.txt commands = python setup.py park # Release tooling [testenv:build] basepython = python3 skip_install = true -deps = - wheel - setuptools +deps = -rdev_requirements/release-requirements.txt commands = python setup.py sdist bdist_wheel [testenv:release-base] basepython = python3 skip_install = true -deps = - {[testenv:build]deps} - twine +deps = -rdev_requirements/release-requirements.txt passenv = # Intentionally omit TWINE_REPOSITORY_URL from the passenv list, # as this overrides other ways of setting the repository and could From 51799f6f433cfc45801e83c94418e234dd1c976c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Tue, 29 Mar 2022 13:46:56 -0700 Subject: [PATCH 34/75] chore(deps): bump black from 22.1.0 to 22.3.0 (#237) --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 835b7f0a..a4333979 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.2 -black==22.1.0 +black==22.3.0 doc8==0.10.1 flake8==4.0.1 flake8-docstrings==1.6.0 From 3a999267ba1842f883cf0eba2aab6c2b9aa8ed63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Apr 2022 16:20:11 -0700 Subject: [PATCH 35/75] chore(deps): bump actions/checkout from 2 to 3 (#209) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 ++-- .github/workflows/repo-sync.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index d1a112ec..2ecd851e 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -31,7 +31,7 @@ jobs: - pylint-examples - black-check steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: python-version: 3.8 diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index bf6e98b8..0c091292 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -37,7 +37,7 @@ jobs: # - integ-slow # - examples steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} @@ -59,7 +59,7 @@ jobs: - sourcebuildcheck - test-upstream-requirements-py37 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v1 with: python-version: 3.7 diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index b7605354..6b1c6be3 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,7 +9,7 @@ jobs: environment: repo-sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: repo-sync/github-sync@v2 name: Sync repo to branch with: From 0e0d6639f835c02e0fd30cc0efc38d9c35d228e9 Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:07:40 -0700 Subject: [PATCH 36/75] fix: Upgrade readme_renderer to 34.0 (#251) --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index a4333979..b9241de6 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -11,6 +11,6 @@ pylint==2.12.2 pyflakes==2.4.0 # https://github.com/PyCQA/pydocstyle/issues/375 pydocstyle==3.0.0 -readme_renderer==32.0 +readme_renderer==34.0 seed-isort-config==2.2.0 vulture==2.3 From 60f6a0d0839e11869a8d18cddadf72865049c5c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Apr 2022 10:10:27 -0700 Subject: [PATCH 37/75] chore(deps): bump actions/setup-python from 2 to 3.1.1 (#247) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v3.1.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 2ecd851e..32b591ff 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v3 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 0c091292..c4f3f5c0 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -38,7 +38,7 @@ jobs: # - examples steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v3 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -60,7 +60,7 @@ jobs: - test-upstream-requirements-py37 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v3 with: python-version: 3.7 - run: | From c8a4796ecb41fe2329ab74cc6fe521369c03844f Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Mon, 14 Nov 2022 12:56:13 -0800 Subject: [PATCH 38/75] chore: Upgrade hypothesis (#442) --- dev_requirements/test-requirements.txt | 2 +- test/functional/hypothesis_strategies.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 83d215f3..4396c348 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,4 +1,4 @@ -hypothesis==5.49.0 +hypothesis==6.31.6 mock==4.0.3 moto==3.0.2 pytest==7.0.0 diff --git a/test/functional/hypothesis_strategies.py b/test/functional/hypothesis_strategies.py index 6a39d4cf..059e14b6 100644 --- a/test/functional/hypothesis_strategies.py +++ b/test/functional/hypothesis_strategies.py @@ -23,6 +23,10 @@ hypothesis.HealthCheck.too_slow, hypothesis.HealthCheck.data_too_large, hypothesis.HealthCheck.large_base_example, + # Hypothesis requires that we acknowledge that the example_table fixure + # is not reset between examples generated by hypothesis.given. + # This is the desired behavior for example_table, so supress this check + hypothesis.HealthCheck.function_scoped_fixture, ), deadline=None, ) From 933c48b2a6b9c31cf2d2152366cbbb1b67294334 Mon Sep 17 00:00:00 2001 From: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Date: Fri, 2 Dec 2022 16:41:28 -0800 Subject: [PATCH 39/75] chore: drop py36 support (#464) --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 2 -- codebuild/python3.6.yml | 20 -------------------- examples/setup.py | 2 -- examples/tox.ini | 2 +- setup.py | 1 - tox.ini | 2 +- 8 files changed, 3 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index c4f3f5c0..dcb78974 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.6 - 3.7 - 3.8 - 3.9 diff --git a/README.rst b/README.rst index b472e75e..14d4e151 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.6+ +* Python 3.7+ Installation diff --git a/buildspec.yml b/buildspec.yml index d6b651bd..fb50c7b4 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_6 - buildspec: codebuild/python3.6.yml - identifier: python3_7 buildspec: codebuild/python3.7.yml - identifier: python3_8 diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml index 864ea3b1..e69de29b 100644 --- a/codebuild/python3.6.yml +++ b/codebuild/python3.6.yml @@ -1,20 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py36-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pyenv install 3.6.15 - - pyenv local 3.6.15 - - pip install tox tox-pyenv - - tox diff --git a/examples/setup.py b/examples/setup.py index ceb22c19..b856ef53 100644 --- a/examples/setup.py +++ b/examples/setup.py @@ -50,8 +50,6 @@ def get_requirements(): "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/examples/tox.ini b/examples/tox.ini index eb8b1aad..e4b39b37 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{3,36,37,38,39}-examples + py{3,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} diff --git a/setup.py b/setup.py index c696bfd2..9115ff00 100644 --- a/setup.py +++ b/setup.py @@ -48,7 +48,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/tox.ini b/tox.ini index 188569bc..b756e32d 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{36,37,38,39,310}-{local,integ,ddb,examples}-fast, + py{37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 390ec1700bea1764ddccb816d09d5c5aed673364 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Tue, 10 Jan 2023 09:35:35 -0800 Subject: [PATCH 40/75] fix: pin tox dependency < 4.0 (#506) Co-authored-by: Shubham Chaturvedi --- codebuild/coverage/coverage.yml | 2 +- codebuild/python3.10.yml | 2 +- codebuild/python3.5.yml | 0 codebuild/python3.6.yml | 0 codebuild/python3.7.yml | 2 +- codebuild/python3.8.yml | 2 +- codebuild/python3.9.yml | 2 +- codebuild/release/prod-release.yml | 2 +- codebuild/release/test-release.yml | 2 +- codebuild/release/validate.yml | 2 +- 10 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 codebuild/python3.5.yml delete mode 100644 codebuild/python3.6.yml diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml index f82a3a98..51d8b0a6 100644 --- a/codebuild/coverage/coverage.yml +++ b/codebuild/coverage/coverage.yml @@ -10,5 +10,5 @@ phases: python: latest build: commands: - - pip install tox + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml index 4fe79318..a18185dc 100644 --- a/codebuild/python3.10.yml +++ b/codebuild/python3.10.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 93e8a312..19a97151 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -28,5 +28,5 @@ phases: # The choice of versions should be reviewed. - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index c0170f2a..cc7a821d 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index f4de17ef..8e5f609e 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index c729c96c..c8639c61 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 1dc9feae..9d8fbed2 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 7f0fda4b..f710aa5a 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -15,7 +15,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" runtime-versions: python: latest pre_build: From f360734cffa8ae34d9d302e2bc9efd97944c886d Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 11 Jan 2023 10:37:47 -0800 Subject: [PATCH 41/75] chore: Adds python36 deprecation to changelog (#479) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement Co-authored-by: Shubham Chaturvedi --- CHANGELOG.rst | 12 ++++++++++++ dev_requirements/test-requirements.txt | 2 +- src/dynamodb_encryption_sdk/compatability.py | 3 ++- src/dynamodb_encryption_sdk/identifiers.py | 2 +- test/unit/test_compatability.py | 2 +- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fed30700..d076d298 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ Changelog ********* +3.2.0 -- 2021-12-19 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 3.6 +as of version 3.2; only Python 3.7+ is supported. + +Feature +----------- +* Warn on Deprecated Python 3.6 usage + 3.1.0 -- 2021-11-10 =================== diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 4396c348..270b5a5b 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -3,7 +3,7 @@ mock==4.0.3 moto==3.0.2 pytest==7.0.0 pytest-cov==3.0.0 -pytest-mock==3.6.1 +pytest-mock==3.10.0 pytest-xdist==2.5.0 boto3==1.20.51 botocore==1.23.51 diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py index b63781d1..9819c825 100644 --- a/src/dynamodb_encryption_sdk/compatability.py +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -23,9 +23,10 @@ def _warn_deprecated_python(): (2, 7): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 5): {"date": "2021-11-10"}, + (3, 6): {"date": "2021-12-19"}, } py_version = (sys.version_info.major, sys.version_info.minor) - minimum_version = (3, 6) + minimum_version = (3, 7) if py_version in deprecated_versions: params = deprecated_versions[py_version] diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index 86741cd1..b8b1c118 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.1.0" +__version__ = "3.2.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index a658d7b7..37241aa9 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -25,7 +25,7 @@ class TestWarnDeprecatedPython: def test_happy_version(self): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 - v_info.minor = 6 + v_info.minor = 7 with pytest.warns(None) as record: _warn_deprecated_python() assert len(record) == 0 From 9b89cfc39097416169eefd9539a31ba144400abd Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 18 Jan 2023 17:04:48 -0800 Subject: [PATCH 42/75] chore: Update SUPPORT_POLICY.rst (#518) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement * chore: Update SUPPORT_POLICY.rst * fix: Add Maintenance Date in SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> Co-authored-by: Shubham Chaturvedi Co-authored-by: Shubham Chaturvedi Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- SUPPORT_POLICY.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 26b126fa..5af85cc5 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -22,16 +22,16 @@ This table describes the current support status of each major version of the AWS - Next status - Next status date * - 1.x - - Maintenance - End of Support - - 2022-07-08 + - + - * - 2.x - - Maintenance - End of Support - - 2022-07-15 + - + - * - 3.x - Generally Available - - - - + - Maintenance + - 2023-07-23 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle From 35ee30aea5a93b4446677fdf1f14edc3ca3c0452 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Thu, 19 Jan 2023 13:33:44 -0800 Subject: [PATCH 43/75] fix: Add packaging dependency for twine < 4.0 (#522) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement * chore: Update SUPPORT_POLICY.rst * fix: Add Maintenance Date in SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: Add packaging dependency for twine Co-authored-by: Shubham Chaturvedi Co-authored-by: Shubham Chaturvedi Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index ba64ded2..beb32ea9 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -2,3 +2,5 @@ pypi-parker==0.1.2 setuptools==60.7.1 twine==3.8.0 wheel==0.37.1 +#This is required for twine < 4.0 +packaging \ No newline at end of file From a2e993f939415b85c11a3deb9aac3fa1a52e6e84 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 23 Jan 2023 16:32:27 -0800 Subject: [PATCH 44/75] test: Python 3.11 (#528) --- .github/workflows/ci_tests.yaml | 23 +++++++++ setup.py | 2 + test/upstream-requirements-py311.txt | 39 ++++++++++++++++ test/upstream-requirements-py37.txt | 70 ++++++++++++++-------------- tox.ini | 22 ++++++++- 5 files changed, 119 insertions(+), 37 deletions(-) create mode 100644 test/upstream-requirements-py311.txt diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index dcb78974..1d7c5377 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -28,6 +28,8 @@ jobs: - 3.7 - 3.8 - 3.9 + - "3.10" + - "3.11" - 3.x category: - local-slow @@ -69,3 +71,24 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py311: + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + category: + - nocmk + - sourcebuildcheck + - test-upstream-requirements-py311 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v3 + with: + python-version: "3.11" + - run: | + python -m pip install --upgrade pip + pip install --upgrade -r dev_requirements/ci-requirements.txt + - name: run test + env: + TOXENV: ${{ matrix.category }} + run: tox -- -vv diff --git a/setup.py b/setup.py index 9115ff00..55408c94 100644 --- a/setup.py +++ b/setup.py @@ -51,6 +51,8 @@ def get_requirements(): "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt new file mode 100644 index 00000000..5c696720 --- /dev/null +++ b/test/upstream-requirements-py311.txt @@ -0,0 +1,39 @@ +attrs==22.2.0 +boto3==1.20.51 +botocore==1.23.51 +certifi==2022.12.7 +cffi==1.15.1 +charset-normalizer==3.0.1 +coverage==7.0.5 +cryptography==39.0.0 +execnet==1.9.0 +hypothesis==6.31.6 +idna==3.4 +iniconfig==2.0.0 +Jinja2==3.1.2 +jmespath==0.10.0 +MarkupSafe==2.1.2 +mock==4.0.3 +moto==3.0.2 +packaging==23.0 +pluggy==1.0.0 +py==1.11.0 +pycparser==2.21 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-forked==1.4.0 +pytest-mock==3.10.0 +pytest-xdist==2.5.0 +python-dateutil==2.8.2 +pytz==2022.7.1 +requests==2.28.2 +responses==0.22.0 +s3transfer==0.5.2 +six==1.16.0 +sortedcontainers==2.4.0 +toml==0.10.2 +tomli==2.0.1 +types-toml==0.10.8.1 +urllib3==1.26.14 +Werkzeug==2.2.2 +xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 76ee4525..2048fe48 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,42 +1,42 @@ -attrs==21.2.0 -boto3==1.18.12 -botocore==1.21.12 -certifi==2021.5.30 -cffi==1.14.6 -charset-normalizer==2.0.4 -coverage==5.5 -cryptography==3.4.7 +attrs==22.2.0 +boto3==1.20.51 +botocore==1.23.51 +certifi==2022.12.7 +cffi==1.15.1 +charset-normalizer==3.0.1 +coverage==7.0.5 +cryptography==39.0.0 execnet==1.9.0 -hypothesis==5.49.0 -idna==3.2 -importlib-metadata==4.6.3 -iniconfig==1.1.1 -Jinja2==3.0.1 +hypothesis==6.31.6 +idna==3.4 +importlib-metadata==6.0.0 +iniconfig==2.0.0 +Jinja2==3.1.2 jmespath==0.10.0 -MarkupSafe==2.0.1 +MarkupSafe==2.1.2 mock==4.0.3 -more-itertools==8.8.0 -moto==2.2.1 -packaging==21.0 -pluggy==0.13.1 -py==1.10.0 -pycparser==2.20 -pyparsing==2.4.7 -pytest==6.2.4 -pytest-cov==2.12.1 -pytest-forked==1.3.0 -pytest-mock==3.6.1 -pytest-xdist==2.3.0 +moto==3.0.2 +packaging==23.0 +pluggy==1.0.0 +py==1.11.0 +pycparser==2.21 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-forked==1.4.0 +pytest-mock==3.10.0 +pytest-xdist==2.5.0 python-dateutil==2.8.2 -pytz==2021.1 -requests==2.26.0 -responses==0.13.3 -s3transfer==0.5.0 +pytz==2022.7.1 +requests==2.28.2 +responses==0.22.0 +s3transfer==0.5.2 six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 -typing-extensions==3.10.0.0 -urllib3==1.26.6 -Werkzeug==2.0.1 -xmltodict==0.12.0 -zipp==3.5.0 +tomli==2.0.1 +types-toml==0.10.8.1 +typing_extensions==4.4.0 +urllib3==1.26.14 +Werkzeug==2.2.2 +xmltodict==0.13.0 +zipp==3.11.0 diff --git a/tox.ini b/tox.ini index b756e32d..f2259323 100644 --- a/tox.ini +++ b/tox.ini @@ -1,11 +1,11 @@ [tox] envlist = - py{37,38,39,310}-{local,integ,ddb,examples}-fast, + py{37,38,39,310,311}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, vulture, - test-upstream-requirements-py{2,3}7 + test-upstream-requirements-py3{11,7} # Additional environments: # @@ -126,6 +126,15 @@ recreate = {[testenv:freeze-upstream-requirements-base]recreate} deps = {[testenv:freeze-upstream-requirements-base]deps} commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt +# Freeze for Python 3.11 +[testenv:freeze-upstream-requirements-py311] +basepython = python3.11 +sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} +skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} +recreate = {[testenv:freeze-upstream-requirements-base]recreate} +deps = {[testenv:freeze-upstream-requirements-base]deps} +commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py311.txt + # Test frozen upstream requirements [testenv:test-upstream-requirements-base] sitepackages = False @@ -142,6 +151,15 @@ sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} recreate = {[testenv:test-upstream-requirements-base]recreate} commands = {[testenv:test-upstream-requirements-base]commands} +# Test frozen upstream requirements for Python 3.11 +[testenv:test-upstream-requirements-py311] +basepython = python3.11 +passenv = +deps = -rtest/upstream-requirements-py311.txt +sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} +recreate = {[testenv:test-upstream-requirements-base]recreate} +commands = {[testenv:test-upstream-requirements-base]commands} + # Verify that tests can be successfully run from the source build. [testenv:sourcebuildcheck] basepython = python3 From decf303794fde0ebaed8ac6e512fcff81e082140 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 13:44:02 -0800 Subject: [PATCH 45/75] chore(deps): bump setuptools from 60.7.1 to 66.1.1 in /dev_requirements (#526) Bumps [setuptools](https://github.com/pypa/setuptools) from 60.7.1 to 66.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v60.7.1...v66.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index beb32ea9..e11a5014 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,5 +1,5 @@ pypi-parker==0.1.2 -setuptools==60.7.1 +setuptools==66.1.1 twine==3.8.0 wheel==0.37.1 #This is required for twine < 4.0 From 71b98568695b863d04fd31d168c3037dd2784bc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 14:49:30 -0800 Subject: [PATCH 46/75] chore(deps): bump wheel from 0.37.1 to 0.38.4 in /dev_requirements (#491) Bumps [wheel](https://github.com/pypa/wheel) from 0.37.1 to 0.38.4. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](https://github.com/pypa/wheel/compare/0.37.1...0.38.4) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index e11a5014..fa2ef83b 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,6 +1,6 @@ pypi-parker==0.1.2 setuptools==66.1.1 twine==3.8.0 -wheel==0.37.1 +wheel==0.38.4 #This is required for twine < 4.0 packaging \ No newline at end of file From de31c5e4339bfdc0e237b4b53fb6e4958bed972f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 16:32:17 -0800 Subject: [PATCH 47/75] chore(deps): bump pytest from 7.0.0 to 7.2.1 in /dev_requirements (#513) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.0 to 7.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.0.0...7.2.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 270b5a5b..bc692605 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,7 +1,7 @@ hypothesis==6.31.6 mock==4.0.3 moto==3.0.2 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 From ce8b779f628ccc150837cd768190f237f52a23e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:44:37 -0800 Subject: [PATCH 48/75] chore(deps): bump cryptography from 39.0.0 to 39.0.1 in /test (#547) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.0 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.0...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 5c696720..9a2922ab 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 2048fe48..94c561cc 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 From 5e963f38bf6a1f9885edd47b53863ab386a2b630 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 22 Feb 2023 16:45:08 -0800 Subject: [PATCH 49/75] chore: bump ci deps (#564) --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 6 +++--- test/upstream-requirements-py311.txt | 11 +++++------ test/upstream-requirements-py37.txt | 15 ++++++++------- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 32b591ff..51c88f5d 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 1d7c5377..1a58792d 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,7 +39,7 @@ jobs: # - examples steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -61,7 +61,7 @@ jobs: - test-upstream-requirements-py37 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: 3.7 - run: | @@ -82,7 +82,7 @@ jobs: - test-upstream-requirements-py311 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: "3.11" - run: | diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 9a2922ab..83c891cb 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -4,7 +4,7 @@ botocore==1.23.51 certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 -coverage==7.0.5 +coverage==7.1.0 cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 @@ -19,9 +19,9 @@ packaging==23.0 pluggy==1.0.0 py==1.11.0 pycparser==2.21 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 -pytest-forked==1.4.0 +pytest-forked==1.6.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 python-dateutil==2.8.2 @@ -32,8 +32,7 @@ s3transfer==0.5.2 six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 -tomli==2.0.1 -types-toml==0.10.8.1 +types-toml==0.10.8.5 urllib3==1.26.14 -Werkzeug==2.2.2 +Werkzeug==2.2.3 xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 94c561cc..9c6a069d 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -4,8 +4,9 @@ botocore==1.23.51 certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 -coverage==7.0.5 +coverage==7.1.0 cryptography==39.0.1 +exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 @@ -20,9 +21,9 @@ packaging==23.0 pluggy==1.0.0 py==1.11.0 pycparser==2.21 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 -pytest-forked==1.4.0 +pytest-forked==1.6.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 python-dateutil==2.8.2 @@ -34,9 +35,9 @@ six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 tomli==2.0.1 -types-toml==0.10.8.1 -typing_extensions==4.4.0 +types-toml==0.10.8.5 +typing_extensions==4.5.0 urllib3==1.26.14 -Werkzeug==2.2.2 +Werkzeug==2.2.3 xmltodict==0.13.0 -zipp==3.11.0 +zipp==3.14.0 From 7db21140dba2ec1b722421e7468be22cc1b087d8 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 6 Mar 2023 11:41:17 -0800 Subject: [PATCH 50/75] fix(docs): update broken links (#572) --- src/dynamodb_encryption_sdk/encrypted/client.py | 2 +- src/dynamodb_encryption_sdk/encrypted/resource.py | 6 +++--- src/dynamodb_encryption_sdk/encrypted/table.py | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/dynamodb_encryption_sdk/encrypted/client.py b/src/dynamodb_encryption_sdk/encrypted/client.py index bd8f2c58..d3858a00 100644 --- a/src/dynamodb_encryption_sdk/encrypted/client.py +++ b/src/dynamodb_encryption_sdk/encrypted/client.py @@ -134,7 +134,7 @@ class EncryptedClient(object): This class provides a superset of the boto3 DynamoDB client API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#client + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html#client If you want to provide per-request cryptographic details, the ``put_item``, ``get_item``, ``query``, ``scan``, ``batch_write_item``, and ``batch_get_item`` methods will also diff --git a/src/dynamodb_encryption_sdk/encrypted/resource.py b/src/dynamodb_encryption_sdk/encrypted/resource.py index b5b71f8b..f5ecf6c6 100644 --- a/src/dynamodb_encryption_sdk/encrypted/resource.py +++ b/src/dynamodb_encryption_sdk/encrypted/resource.py @@ -44,7 +44,7 @@ class EncryptedTablesCollectionManager(object): # pylint: disable=too-few-public-methods,too-many-instance-attributes """Tables collection manager that provides :class:`EncryptedTable` objects. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.tables + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html :param collection: Pre-configured boto3 DynamoDB table collection manager :type collection: boto3.resources.collection.CollectionManager @@ -137,7 +137,7 @@ class EncryptedResource(object): This class provides a superset of the boto3 DynamoDB service resource API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#service-resource + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/index.html If you want to provide per-request cryptographic details, the ``batch_write_item`` and ``batch_get_item`` methods will also accept a ``crypto_config`` parameter, defining @@ -217,7 +217,7 @@ def Table(self, name, **kwargs): If any of the optional configuration values are not provided, the corresponding values for this ``EncryptedResource`` will be used. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.Table + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/index.html#DynamoDB.Table :param name: The table name. :param CryptographicMaterialsProvider materials_provider: Cryptographic materials diff --git a/src/dynamodb_encryption_sdk/encrypted/table.py b/src/dynamodb_encryption_sdk/encrypted/table.py index 128cb896..1cef41a0 100644 --- a/src/dynamodb_encryption_sdk/encrypted/table.py +++ b/src/dynamodb_encryption_sdk/encrypted/table.py @@ -60,7 +60,7 @@ class EncryptedTable(object): This class provides a superset of the boto3 DynamoDB Table API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#table + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/index.html#DynamoDB.Table If you want to provide per-request cryptographic details, the ``put_item``, ``get_item``, ``query``, and ``scan`` methods will also accept a ``crypto_config`` parameter, defining @@ -158,7 +158,7 @@ def update_item(self, **kwargs): def batch_writer(self, overwrite_by_pkeys=None): """Create a batch writer object. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.Table.batch_writer + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/batch_writer.html :type overwrite_by_pkeys: list(string) :param overwrite_by_pkeys: De-duplicate request items in buffer if match new request From e4dd5bf9e5733e413aa557e72d9e2abc939e26fd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 7 Mar 2023 05:48:02 +0800 Subject: [PATCH 51/75] test: parallel test support and enable in CI (#571) --- dev_requirements/test-requirements.txt | 2 +- test/unit/material_providers/test_aws_kms.py | 50 +++++++++----------- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- tox.ini | 8 ++-- 5 files changed, 30 insertions(+), 34 deletions(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index bc692605..08f77669 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -4,6 +4,6 @@ moto==3.0.2 pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 boto3==1.20.51 botocore==1.23.51 diff --git a/test/unit/material_providers/test_aws_kms.py b/test/unit/material_providers/test_aws_kms.py index 2d14b8e4..7fdc9f83 100644 --- a/test/unit/material_providers/test_aws_kms.py +++ b/test/unit/material_providers/test_aws_kms.py @@ -220,36 +220,32 @@ def test_loaded_key_infos(): assert cmp._regional_clients == {} -@pytest.mark.parametrize( - "kwargs", - [ - pytest.param(val, id=str(val)) - for val in all_possible_combinations_kwargs( - {}, - dict(botocore_session=botocore.session.Session()), - dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), - dict(material_description={"asoiufeoia": "soajfijewi"}), - dict( - regional_clients={ - "my-region-1": boto3.session.Session().client( - "kms", region_name="not-a-real-region", endpoint_url="https://not-a-real-url" - ) - } - ), - ) - ], -) -def test_kms_cmp_values_set(kwargs): - cmp = AwsKmsCryptographicMaterialsProvider(key_id="example_key_id", **kwargs) +def test_kms_cmp_values_set(): + # These aren't parametrized to avoid issues with pytest-xdist test mismatches + # due to different session objects per process + for kwargs in all_possible_combinations_kwargs( + {}, + dict(botocore_session=botocore.session.Session()), + dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), + dict(material_description={"asoiufeoia": "soajfijewi"}), + dict( + regional_clients={ + "my-region-1": boto3.session.Session().client( + "kms", region_name="not-a-real-region", endpoint_url="https://not-a-real-url" + ) + } + ), + ): + cmp = AwsKmsCryptographicMaterialsProvider(key_id="example_key_id", **kwargs) - assert cmp._key_id == "example_key_id" + assert cmp._key_id == "example_key_id" - if "botocore_session" in kwargs: - assert cmp._botocore_session == kwargs["botocore_session"] + if "botocore_session" in kwargs: + assert cmp._botocore_session == kwargs["botocore_session"] - assert cmp._grant_tokens == kwargs.get("grant_tokens", ()) - assert cmp._material_description == kwargs.get("material_description", {}) - assert cmp._regional_clients == kwargs.get("regional_clients", {}) + assert cmp._grant_tokens == kwargs.get("grant_tokens", ()) + assert cmp._material_description == kwargs.get("material_description", {}) + assert cmp._regional_clients == kwargs.get("regional_clients", {}) def test_add_regional_client_known_region(default_kms_cmp, patch_boto3_session): diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 83c891cb..ea5b80fc 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -23,7 +23,7 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 requests==2.28.2 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 9c6a069d..0611506e 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -25,7 +25,7 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 requests==2.28.2 diff --git a/tox.ini b/tox.ini index f2259323..3e18b528 100644 --- a/tox.ini +++ b/tox.ini @@ -40,7 +40,7 @@ envlist = # coverage :: Runs code coverage, failing the build if coverage is below the configured threshold [testenv:base-command] -commands = pytest --basetemp={envtmpdir} -l {posargs} +commands = pytest -n auto --basetemp={envtmpdir} -l {posargs} [testenv] passenv = @@ -226,7 +226,7 @@ commands = [testenv:flake8-examples] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = {[testenv:flake8]deps} commands = flake8 \ # Ignore C901 complexity requirements (examples optimize for straightforward readability) @@ -345,10 +345,10 @@ whitelist_externals = {[testenv:resetdocs]whitelist_externals} deps = -rdev_requirements/doc-requirements.txt -rdev_requirements/linter-requirements.txt -commands = +commands = {[testenv:resetdocs]commands} doc8 doc/index.rst doc/lib/ README.rst CHANGELOG.rst - + [testenv:readme] basepython = python3 From e6bb11e5a2aa43fdd04a018f6ecb9bed28eaeec5 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Fri, 9 Jun 2023 16:38:35 -0700 Subject: [PATCH 52/75] fix(docs): Update AWS Doc URLs (#663) --- CHANGELOG.rst | 2 +- README.rst | 6 +++--- examples/README.rst | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d076d298..4b1e5cac 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -82,7 +82,7 @@ CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry TTL to reauthorize the key with the key provider. MostRecentProvider is now deprecated, and is removed in 2.0.0. See -https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html +https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/most-recent-provider.html#mrp-versions for more details. diff --git a/README.rst b/README.rst index 14d4e151..6d5baf9b 100644 --- a/README.rst +++ b/README.rst @@ -177,10 +177,10 @@ of the one that the client would normally construct for you. ... ) # this uses my_special_crypto_config -.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ +.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html .. _Amazon DynamoDB: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html -.. _primary documents: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ -.. _Concepts Guide: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/concepts.html +.. _primary documents: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html +.. _Concepts Guide: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/DDBEC-legacy-concepts.html .. _Amazon DynamoDB Encryption Client for Java: https://github.com/aws/aws-dynamodb-encryption-java/ .. _Amazon DynamoDB Encryption Client for Python: https://github.com/aws/aws-dynamodb-encryption-python/ .. _DynamoDB Stream: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html diff --git a/examples/README.rst b/examples/README.rst index f636a8a0..ea206ff0 100644 --- a/examples/README.rst +++ b/examples/README.rst @@ -34,7 +34,7 @@ with this library. * `How to use raw symmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py>`_ * `How to use raw asymmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py>`_ -For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. +For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. Running the examples ==================== From 65abd6ad2e3d406f4b7466a515f9e7bc4c006ade Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Thu, 31 Aug 2023 13:42:14 -0400 Subject: [PATCH 53/75] chore: address doc linter findings (#731) Address doc linter findings. --- CONTRIBUTING.md | 8 ++++---- README.rst | 2 +- doc/_static/.gitignore | 0 src/dynamodb_encryption_sdk/internal/utils.py | 10 +++++----- src/dynamodb_encryption_sdk/structures.py | 2 +- tox.ini | 16 +++++++++------- 6 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 doc/_static/.gitignore diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7323620c..b6353e00 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,6 +7,10 @@ Please read through this document before submitting any issues or pull requests information to effectively respond to your bug report or contribution. +## Security issue notifications +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + + ## Reporting Bugs/Feature Requests We welcome you to use the GitHub issue tracker to report bugs or suggest features. @@ -50,10 +54,6 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of opensource-codeofconduct@amazon.com with any additional questions or comments. -## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. - - ## Licensing See the [LICENSE](https://github.com/aws/aws-dynamodb-encryption-python/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. diff --git a/README.rst b/README.rst index 6d5baf9b..d2e3647a 100644 --- a/README.rst +++ b/README.rst @@ -195,5 +195,5 @@ of the one that the client would normally construct for you. .. _CryptoConfig: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/config.html .. _decrypt_dynamodb_item: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/item.html#dynamodb_encryption_sdk.encrypted.item.decrypt_dynamodb_item .. _transformation functions: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/tools/transform.html -.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md#user-content-security-issue-notifications +.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md .. _Support Policy: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst diff --git a/doc/_static/.gitignore b/doc/_static/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/src/dynamodb_encryption_sdk/internal/utils.py b/src/dynamodb_encryption_sdk/internal/utils.py index 988576b2..27fe6b0a 100644 --- a/src/dynamodb_encryption_sdk/internal/utils.py +++ b/src/dynamodb_encryption_sdk/internal/utils.py @@ -198,7 +198,7 @@ def decrypt_multi_get(decrypt_method, crypto_config_method, read_method, **kwarg :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -220,7 +220,7 @@ def decrypt_get_item(decrypt_method, crypto_config_method, read_method, **kwargs :param callable decrypt_method: Method to use to decrypt item :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -244,7 +244,7 @@ def decrypt_batch_get_item(decrypt_method, crypto_config_method, read_method, ** :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -276,7 +276,7 @@ def encrypt_put_item(encrypt_method, crypto_config_method, write_method, **kwarg :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ @@ -297,7 +297,7 @@ def encrypt_batch_write_item(encrypt_method, crypto_config_method, write_method, :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts a table name string and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ diff --git a/src/dynamodb_encryption_sdk/structures.py b/src/dynamodb_encryption_sdk/structures.py index 61b329c6..522f1d14 100644 --- a/src/dynamodb_encryption_sdk/structures.py +++ b/src/dynamodb_encryption_sdk/structures.py @@ -176,7 +176,7 @@ def set_index_keys(self, *keys): SIGN_ONLY -> SIGN_ONLY ENCRYPT_AND_SIGN -> SIGN_ONLY - :param str *keys: Attribute names to treat as indexed + :param str ``*keys``: Attribute names to treat as indexed :raises InvalidArgumentError: if a custom action was previously set for any specified attributes """ diff --git a/tox.ini b/tox.ini index 3e18b528..14dbc1e2 100644 --- a/tox.ini +++ b/tox.ini @@ -45,18 +45,20 @@ commands = pytest -n auto --basetemp={envtmpdir} -l {posargs} [testenv] passenv = # Identifies AWS KMS key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID # Identifies AWS KMS MRK key ids to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \ - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 # DynamoDB Table to use in integration tests - DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ + DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) - AWS_PROFILE \ + AWS_PROFILE # Pass through the default AWS region (used for integration tests) AWS_DEFAULT_REGION sitepackages = False From a7b328ccebf4eb5497286d7ba0a4c3cd6e9a5176 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 14:13:07 -0400 Subject: [PATCH 54/75] chore(deps): bump cryptography from 39.0.1 to 41.0.3 in /test (#706) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.3. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index ea5b80fc..cc6f61eb 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 0611506e..0ce21caf 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From ace5eec2d52d22d6135e30fe3708294361eb2e28 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Thu, 31 Aug 2023 15:12:26 -0400 Subject: [PATCH 55/75] chore: update boto (#732) * chore: update boto --- dev_requirements/test-requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 08f77669..c73de305 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -5,5 +5,5 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 pytest-xdist==3.2.0 -boto3==1.20.51 -botocore==1.23.51 +boto3==1.28.38 +botocore==1.31.38 From c3609b6c5a20888cf5c1a0ae312489857f895d23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 15:40:23 -0400 Subject: [PATCH 56/75] chore(deps): bump isort from 5.10.1 to 5.12.0 in /dev_requirements (#708) Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.12.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index b9241de6..ae811fda 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -6,7 +6,7 @@ flake8-docstrings==1.6.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 flake8-print==4.0.0 -isort==5.10.1 +isort==5.12.0 pylint==2.12.2 pyflakes==2.4.0 # https://github.com/PyCQA/pydocstyle/issues/375 From b69d747e5e3b17737a1f462c566604fb8b8f2271 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:15:20 -0400 Subject: [PATCH 57/75] chore(deps): bump requests from 2.28.2 to 2.31.0 in /test (#643) Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.31.0. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index cc6f61eb..48981e42 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -26,7 +26,7 @@ pytest-mock==3.10.0 pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 -requests==2.28.2 +requests==2.31.0 responses==0.22.0 s3transfer==0.5.2 six==1.16.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 0ce21caf..bab80dd2 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -28,7 +28,7 @@ pytest-mock==3.10.0 pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 -requests==2.28.2 +requests==2.31.0 responses==0.22.0 s3transfer==0.5.2 six==1.16.0 From 5be949efe3b147b052c681b582623c6c013f5ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:44:37 -0400 Subject: [PATCH 58/75] chore(deps): bump certifi from 2022.12.7 to 2023.7.22 in /test (#703) Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 48981e42..37546290 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -1,7 +1,7 @@ attrs==22.2.0 boto3==1.20.51 botocore==1.23.51 -certifi==2022.12.7 +certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index bab80dd2..1b13c337 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,7 +1,7 @@ attrs==22.2.0 boto3==1.20.51 botocore==1.23.51 -certifi==2022.12.7 +certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 From ca26b6862442135d407086bc4714633ac05a2834 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 19:42:27 -0400 Subject: [PATCH 59/75] chore(deps): bump flake8-docstrings in /dev_requirements (#707) Bumps [flake8-docstrings](https://github.com/pycqa/flake8-docstrings) from 1.6.0 to 1.7.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index ae811fda..8efaca80 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -2,7 +2,7 @@ bandit==1.7.2 black==22.3.0 doc8==0.10.1 flake8==4.0.1 -flake8-docstrings==1.6.0 +flake8-docstrings==1.7.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 flake8-print==4.0.0 From 9b7b1af44943c49bc5a4e21644e291f354d75c93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 09:27:41 -0400 Subject: [PATCH 60/75] chore(deps): bump flake8-print from 4.0.0 to 5.0.0 in /dev_requirements (#711) Bumps [flake8-print](https://github.com/jbkahn/flake8-print) from 4.0.0 to 5.0.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 8efaca80..1f8d8c16 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -5,7 +5,7 @@ flake8==4.0.1 flake8-docstrings==1.7.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 -flake8-print==4.0.0 +flake8-print==5.0.0 isort==5.12.0 pylint==2.12.2 pyflakes==2.4.0 From 6e7a75ea266e65e0a18e89fe047e64ba183c0717 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Sep 2023 12:03:36 -0700 Subject: [PATCH 61/75] chore(deps): bump cryptography from 41.0.3 to 41.0.4 in /test (#743) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 37546290..2f497764 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.3 +cryptography==41.0.4 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 1b13c337..50809533 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.3 +cryptography==41.0.4 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From e260227fe281fff9279bd67ed9307df8d789f30e Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 31 Oct 2023 09:38:57 -0700 Subject: [PATCH 62/75] feat: test Python 3.12 (#747) --- .github/workflows/ci_tests.yaml | 3 +++ buildspec.yml | 17 ++++++++++++++++- codebuild/python3.10.yml | 4 +--- codebuild/python3.11.yml | 18 ++++++++++++++++++ codebuild/python3.12.yml | 23 +++++++++++++++++++++++ codebuild/python3.7.yml | 16 +--------------- codebuild/python3.8.yml | 4 +--- codebuild/python3.9.yml | 4 +--- dev_requirements/ci-requirements.txt | 1 + tox.ini | 2 +- 10 files changed, 66 insertions(+), 26 deletions(-) create mode 100644 codebuild/python3.11.yml create mode 100644 codebuild/python3.12.yml diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 1a58792d..f4fddb65 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -30,6 +30,7 @@ jobs: - 3.9 - "3.10" - "3.11" + - "3.12" - 3.x category: - local-slow @@ -50,6 +51,7 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py3: runs-on: ubuntu-latest strategy: @@ -71,6 +73,7 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py311: runs-on: ubuntu-latest strategy: diff --git a/buildspec.yml b/buildspec.yml index fb50c7b4..b0005071 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -5,12 +5,27 @@ batch: build-list: - identifier: python3_7 buildspec: codebuild/python3.7.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_8 buildspec: codebuild/python3.8.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_9 buildspec: codebuild/python3.9.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_10 buildspec: codebuild/python3.10.yml - + env: + image: aws/codebuild/standard:6.0 + - identifier: python3_11 + buildspec: codebuild/python3.11.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: python3_12 + buildspec: codebuild/python3.12.yml + env: + image: aws/codebuild/standard:7.0 - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml index a18185dc..ad76049f 100644 --- a/codebuild/python3.10.yml +++ b/codebuild/python3.10.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.10 build: commands: - - pyenv install 3.10.0 - - pyenv local 3.10.0 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.11.yml b/codebuild/python3.11.yml new file mode 100644 index 00000000..b21cf15a --- /dev/null +++ b/codebuild/python3.11.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py311-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: 3.11 + build: + commands: + - pip install "tox < 4.0" + - tox diff --git a/codebuild/python3.12.yml b/codebuild/python3.12.yml new file mode 100644 index 00000000..46576292 --- /dev/null +++ b/codebuild/python3.12.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py312-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - + - pyenv install 3.12.0 + - pyenv local 3.12.0 + - pip install --upgrade pip + - pip install setuptools + - pip install "tox < 4.0" + - tox diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 19a97151..6a51426a 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -11,22 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.7 build: commands: - # The specific versions are manually installed - # because they are not installed - # by default in CodeBuild containers. - # `pyenv` does not have - # a nice way to just install - # the latest patch version. - # I have selected the current latest patch - # rather than try - # and manage a one-liner or script. - # Testing every minor version - # is too extreme at this time. - # The choice of versions should be reviewed. - - pyenv install 3.7.12 - - pyenv local 3.7.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index cc7a821d..478a3bfc 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.8 build: commands: - - pyenv install 3.8.12 - - pyenv local 3.8.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index 8e5f609e..f572e2a9 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - tox diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt index 9a41a70d..b673eb36 100644 --- a/dev_requirements/ci-requirements.txt +++ b/dev_requirements/ci-requirements.txt @@ -1 +1,2 @@ +setuptools tox==3.24.5 diff --git a/tox.ini b/tox.ini index 14dbc1e2..3c8733a2 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310,311}-{local,integ,ddb,examples}-fast, + py{37,38,39,310,311,312}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From a579b040e9584426dd3edd6552c0242827506830 Mon Sep 17 00:00:00 2001 From: KhubaibAlam <74249716+khubaibalam2000@users.noreply.github.com> Date: Wed, 8 Nov 2023 06:52:46 +0500 Subject: [PATCH 63/75] refactor: typehints and imports compatible to Python3.7 (#740) --- .../delegated_keys/__init__.py | 8 +---- .../delegated_keys/jce.py | 8 +---- .../encrypted/__init__.py | 7 ---- .../encrypted/client.py | 8 +---- src/dynamodb_encryption_sdk/encrypted/item.py | 7 +--- .../encrypted/resource.py | 8 +---- .../encrypted/table.py | 8 +---- .../internal/crypto/authentication.py | 12 ++----- .../internal/crypto/encryption.py | 8 ++--- .../crypto/jce_bridge/authentication.py | 7 +--- .../internal/crypto/jce_bridge/primitives.py | 8 +---- .../internal/dynamodb_types.py | 36 +++++++++---------- .../formatting/deserialize/attribute.py | 11 ++---- .../formatting/material_description.py | 11 ++---- .../internal/formatting/serialize/__init__.py | 7 +--- .../formatting/serialize/attribute.py | 11 ++---- .../internal/identifiers.py | 7 +--- src/dynamodb_encryption_sdk/internal/utils.py | 11 ++---- .../material_providers/aws_kms.py | 11 ++---- .../material_providers/most_recent.py | 8 +---- .../material_providers/static.py | 9 ++--- .../material_providers/store/__init__.py | 8 +---- .../material_providers/store/meta.py | 8 +---- .../material_providers/wrapped.py | 15 ++------ .../materials/__init__.py | 14 +------- src/dynamodb_encryption_sdk/materials/raw.py | 8 +---- .../materials/wrapped.py | 8 +---- src/dynamodb_encryption_sdk/structures.py | 8 +---- src/dynamodb_encryption_sdk/transform.py | 6 +--- 29 files changed, 54 insertions(+), 232 deletions(-) diff --git a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py index d301543a..ac0aa734 100644 --- a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py +++ b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py @@ -12,18 +12,12 @@ # language governing permissions and limitations under the License. """Delegated keys.""" import abc +from typing import Dict, Optional, Text import six from dynamodb_encryption_sdk.identifiers import EncryptionKeyType # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("DelegatedKey",) diff --git a/src/dynamodb_encryption_sdk/delegated_keys/jce.py b/src/dynamodb_encryption_sdk/delegated_keys/jce.py index 4edc6b2c..c2be9b5c 100644 --- a/src/dynamodb_encryption_sdk/delegated_keys/jce.py +++ b/src/dynamodb_encryption_sdk/delegated_keys/jce.py @@ -15,6 +15,7 @@ import logging import os +from typing import Dict, Optional, Text import attr import six @@ -28,13 +29,6 @@ from . import DelegatedKey -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("JceNameLocalDelegatedKey",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/encrypted/__init__.py b/src/dynamodb_encryption_sdk/encrypted/__init__.py index e3e89ec1..d03f3f4a 100644 --- a/src/dynamodb_encryption_sdk/encrypted/__init__.py +++ b/src/dynamodb_encryption_sdk/encrypted/__init__.py @@ -21,13 +21,6 @@ from dynamodb_encryption_sdk.materials import CryptographicMaterials # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.structures import AttributeActions, EncryptionContext -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CryptoConfig",) diff --git a/src/dynamodb_encryption_sdk/encrypted/client.py b/src/dynamodb_encryption_sdk/encrypted/client.py index d3858a00..e13533f3 100644 --- a/src/dynamodb_encryption_sdk/encrypted/client.py +++ b/src/dynamodb_encryption_sdk/encrypted/client.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Any, Callable, Dict, Iterator, Optional import attr import botocore @@ -34,13 +35,6 @@ from .item import decrypt_dynamodb_item, decrypt_python_item, encrypt_dynamodb_item, encrypt_python_item -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Dict, Iterator, Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedClient", "EncryptedPaginator") diff --git a/src/dynamodb_encryption_sdk/encrypted/item.py b/src/dynamodb_encryption_sdk/encrypted/item.py index b491a34a..33c109cf 100644 --- a/src/dynamodb_encryption_sdk/encrypted/item.py +++ b/src/dynamodb_encryption_sdk/encrypted/item.py @@ -11,14 +11,9 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Top-level functions for encrypting and decrypting DynamoDB items.""" -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - from dynamodb_encryption_sdk.exceptions import DecryptionError, EncryptionError from dynamodb_encryption_sdk.identifiers import CryptoAction +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.crypto.authentication import sign_item, verify_item_signature from dynamodb_encryption_sdk.internal.crypto.encryption import decrypt_attribute, encrypt_attribute from dynamodb_encryption_sdk.internal.formatting.material_description import ( diff --git a/src/dynamodb_encryption_sdk/encrypted/resource.py b/src/dynamodb_encryption_sdk/encrypted/resource.py index f5ecf6c6..f040ea7a 100644 --- a/src/dynamodb_encryption_sdk/encrypted/resource.py +++ b/src/dynamodb_encryption_sdk/encrypted/resource.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Optional import attr from boto3.resources.base import ServiceResource @@ -29,13 +30,6 @@ from .item import decrypt_python_item, encrypt_python_item from .table import EncryptedTable -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedResource", "EncryptedTablesCollectionManager") diff --git a/src/dynamodb_encryption_sdk/encrypted/table.py b/src/dynamodb_encryption_sdk/encrypted/table.py index 1cef41a0..98386b81 100644 --- a/src/dynamodb_encryption_sdk/encrypted/table.py +++ b/src/dynamodb_encryption_sdk/encrypted/table.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Optional import attr from boto3.dynamodb.table import BatchWriter @@ -30,13 +31,6 @@ from .client import EncryptedClient from .item import decrypt_python_item, encrypt_python_item -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedTable",) diff --git a/src/dynamodb_encryption_sdk/internal/crypto/authentication.py b/src/dynamodb_encryption_sdk/internal/crypto/authentication.py index d5247688..622e03b5 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/authentication.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/authentication.py @@ -16,25 +16,19 @@ No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk. """ +from typing import Text + from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.encrypted import CryptoConfig # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.identifiers import CryptoAction +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.serialize.attribute import serialize_attribute from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, SignatureValues, Tag from dynamodb_encryption_sdk.structures import AttributeActions # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Text # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("sign_item", "verify_item_signature") diff --git a/src/dynamodb_encryption_sdk/internal/crypto/encryption.py b/src/dynamodb_encryption_sdk/internal/crypto/encryption.py index 3737d520..e8b72749 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/encryption.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/encryption.py @@ -16,15 +16,11 @@ No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk. """ -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Text # noqa pylint: disable=unused-import - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Text from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.deserialize.attribute import deserialize_attribute from dynamodb_encryption_sdk.internal.formatting.serialize.attribute import serialize_attribute from dynamodb_encryption_sdk.internal.identifiers import Tag diff --git a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py index b2244ac7..0d1b08e8 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py @@ -18,6 +18,7 @@ """ import abc import logging +from typing import Any, Callable, Text import attr import six @@ -32,12 +33,6 @@ from .primitives import load_rsa_key -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - __all__ = ("JavaAuthenticator", "JavaMac", "JavaSignature", "JAVA_AUTHENTICATOR") _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py index 564bed80..2d6f667c 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py @@ -19,6 +19,7 @@ import abc import logging import os +from typing import Any, Callable, Text import attr import six @@ -38,13 +39,6 @@ from dynamodb_encryption_sdk.internal.identifiers import MinimumKeySizes from dynamodb_encryption_sdk.internal.validators import callable_validator -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ( "JavaPadding", "SimplePadding", diff --git a/src/dynamodb_encryption_sdk/internal/dynamodb_types.py b/src/dynamodb_encryption_sdk/internal/dynamodb_types.py index 0509a59b..01b4becb 100644 --- a/src/dynamodb_encryption_sdk/internal/dynamodb_types.py +++ b/src/dynamodb_encryption_sdk/internal/dynamodb_types.py @@ -5,24 +5,20 @@ namespace staying consistent. Directly reference at your own risk. """ # constant naming for types so pylint: disable=invalid-name -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, AnyStr, ByteString, Dict, List, Text +from typing import Any, AnyStr, ByteString, Dict, List, Text - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - ATTRIBUTE = Dict[Text, Any] # narrow this down - ITEM = Dict[Text, ATTRIBUTE] - RAW_ATTRIBUTE = ITEM - NULL = bool # DynamoDB TypeSerializer converts none to {'NULL': True} - BOOLEAN = bool - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - NUMBER = int # This misses long on Python 2...figure out something for this - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - STRING = AnyStr # can be unicode but should not be bytes - BINARY = ByteString - BINARY_ATTRIBUTE = Dict[Text, BINARY] - SET = List # DynamoDB TypeSerializer converts sets into lists - MAP = RAW_ATTRIBUTE - LIST = List[RAW_ATTRIBUTE] -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +ATTRIBUTE = Dict[Text, Any] # narrow this down +ITEM = Dict[Text, ATTRIBUTE] +RAW_ATTRIBUTE = ITEM +NULL = bool # DynamoDB TypeSerializer converts none to {'NULL': True} +BOOLEAN = bool +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +NUMBER = int # This misses long on Python 2...figure out something for this +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +STRING = AnyStr # can be unicode but should not be bytes +BINARY = ByteString +BINARY_ATTRIBUTE = Dict[Text, BINARY] +SET = List # DynamoDB TypeSerializer converts sets into lists +MAP = RAW_ATTRIBUTE +LIST = List[RAW_ATTRIBUTE] diff --git a/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py b/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py index 41058916..164ad303 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py @@ -21,24 +21,17 @@ import logging import struct from decimal import Decimal +from typing import Callable, Dict, List, Text, Union from boto3.dynamodb.types import Binary from dynamodb_encryption_sdk.exceptions import DeserializationError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.deserialize import decode_byte, decode_length, decode_tag, decode_value from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, Tag, TagValues from dynamodb_encryption_sdk.internal.str_ops import to_str -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable, Dict, List, Text, Union # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import,ungrouped-imports -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("deserialize_attribute",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/internal/formatting/material_description.py b/src/dynamodb_encryption_sdk/internal/formatting/material_description.py index 1f6af4a2..4657a34c 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/material_description.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/material_description.py @@ -19,24 +19,17 @@ import io import logging import struct +from typing import Dict, Text from dynamodb_encryption_sdk.exceptions import InvalidMaterialDescriptionError, InvalidMaterialDescriptionVersionError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.identifiers import Tag from dynamodb_encryption_sdk.internal.str_ops import to_bytes, to_str from .deserialize import decode_value, unpack_value from .serialize import encode_value -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Text # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("serialize", "deserialize") _LOGGER = logging.getLogger(LOGGER_NAME) _MATERIAL_DESCRIPTION_VERSION = b"\00" * 4 diff --git a/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py b/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py index 1c7f7ee2..07caf22b 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py @@ -17,12 +17,7 @@ namespace staying consistent. Directly reference at your own risk. """ import struct - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Sized # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Sized __all__ = ("encode_length", "encode_value") diff --git a/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py b/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py index 1ca416a1..49a0097c 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py @@ -18,24 +18,17 @@ """ import io import logging +from typing import Callable from boto3.dynamodb.types import DYNAMODB_CONTEXT, Binary from dynamodb_encryption_sdk.exceptions import SerializationError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.serialize import encode_length, encode_value from dynamodb_encryption_sdk.internal.identifiers import Tag, TagValues from dynamodb_encryption_sdk.internal.str_ops import to_bytes -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import,ungrouped-imports -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("serialize_attribute",) _LOGGER = logging.getLogger(LOGGER_NAME) _RESERVED = b"\x00" diff --git a/src/dynamodb_encryption_sdk/internal/identifiers.py b/src/dynamodb_encryption_sdk/internal/identifiers.py index 94d7bd41..facc1266 100644 --- a/src/dynamodb_encryption_sdk/internal/identifiers.py +++ b/src/dynamodb_encryption_sdk/internal/identifiers.py @@ -17,12 +17,7 @@ namespace staying consistent. Directly reference at your own risk. """ from enum import Enum - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Optional, Text __all__ = ( "ReservedAttributes", diff --git a/src/dynamodb_encryption_sdk/internal/utils.py b/src/dynamodb_encryption_sdk/internal/utils.py index 27fe6b0a..cdb6266c 100644 --- a/src/dynamodb_encryption_sdk/internal/utils.py +++ b/src/dynamodb_encryption_sdk/internal/utils.py @@ -18,6 +18,7 @@ """ import copy from functools import partial +from typing import Any, Callable, Dict, Iterable, Text import attr import botocore.client @@ -28,12 +29,6 @@ from dynamodb_encryption_sdk.structures import CryptoAction, EncryptionContext, TableInfo from dynamodb_encryption_sdk.transform import dict_to_ddb -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Bool, Callable, Dict, Iterable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - __all__ = ( "TableInfoCache", "crypto_config_from_kwargs", @@ -366,7 +361,7 @@ def _process_batch_write_response(request, response, table_crypto_config): def _item_keys_match(crypto_config, item1, item2): - # type: (CryptoConfig, Dict, Dict) -> Bool + # type: (CryptoConfig, Dict, Dict) -> bool """Determines whether the values in the primary and sort keys (if they exist) are the same :param CryptoConfig crypto_config: CryptoConfig used in encrypting the given items @@ -387,7 +382,7 @@ def _item_keys_match(crypto_config, item1, item2): def _item_attributes_match(crypto_config, plaintext_item, encrypted_item): - # type: (CryptoConfig, Dict, Dict) -> Bool + # type: (CryptoConfig, Dict, Dict) -> bool """Determines whether the unencrypted values in the plaintext items attributes are the same as those in the encrypted item. Essentially this uses brute force to cover when we don't know the primary and sort index attribute names, since they can't be encrypted. diff --git a/src/dynamodb_encryption_sdk/material_providers/aws_kms.py b/src/dynamodb_encryption_sdk/material_providers/aws_kms.py index ea7a55f2..73212999 100644 --- a/src/dynamodb_encryption_sdk/material_providers/aws_kms.py +++ b/src/dynamodb_encryption_sdk/material_providers/aws_kms.py @@ -16,6 +16,7 @@ import base64 import logging from enum import Enum +from typing import Dict, Optional, Text, Tuple import attr import boto3 @@ -28,6 +29,7 @@ from dynamodb_encryption_sdk.delegated_keys.jce import JceNameLocalDelegatedKey from dynamodb_encryption_sdk.exceptions import UnknownRegionError, UnwrappingError, WrappingError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME, USER_AGENT_SUFFIX, EncryptionKeyType, KeyEncodingType +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, MaterialDescriptionKeys from dynamodb_encryption_sdk.internal.str_ops import to_bytes, to_str from dynamodb_encryption_sdk.internal.validators import dictionary_validator, iterable_validator @@ -36,15 +38,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text, Tuple # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("AwsKmsCryptographicMaterialsProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index 1606f6c0..8a003f17 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -16,6 +16,7 @@ from collections import OrderedDict from enum import Enum from threading import Lock, RLock +from typing import Any, Text import attr import six @@ -28,13 +29,6 @@ from . import CryptographicMaterialsProvider from .store import ProviderStore -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CachingMostRecentProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) #: Grace period during which we will return the latest local materials. This allows multiple diff --git a/src/dynamodb_encryption_sdk/material_providers/static.py b/src/dynamodb_encryption_sdk/material_providers/static.py index 966002cb..77af8478 100644 --- a/src/dynamodb_encryption_sdk/material_providers/static.py +++ b/src/dynamodb_encryption_sdk/material_providers/static.py @@ -11,6 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Cryptographic materials provider for use with pre-configured encryption and decryption materials.""" +from typing import Optional + import attr from dynamodb_encryption_sdk.materials import CryptographicMaterials # noqa pylint: disable=unused-import @@ -19,13 +21,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("StaticCryptographicMaterialsProvider",) diff --git a/src/dynamodb_encryption_sdk/material_providers/store/__init__.py b/src/dynamodb_encryption_sdk/material_providers/store/__init__.py index e03b57b9..1948c388 100644 --- a/src/dynamodb_encryption_sdk/material_providers/store/__init__.py +++ b/src/dynamodb_encryption_sdk/material_providers/store/__init__.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """Cryptographic materials provider stores.""" import abc +from typing import Optional, Text import six @@ -20,13 +21,6 @@ CryptographicMaterialsProvider, ) -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("ProviderStore",) diff --git a/src/dynamodb_encryption_sdk/material_providers/store/meta.py b/src/dynamodb_encryption_sdk/material_providers/store/meta.py index 46d7410f..da545ba4 100644 --- a/src/dynamodb_encryption_sdk/material_providers/store/meta.py +++ b/src/dynamodb_encryption_sdk/material_providers/store/meta.py @@ -13,6 +13,7 @@ """Meta cryptographic provider store.""" import logging from enum import Enum +from typing import Dict, Optional, Text, Tuple import attr import botocore @@ -29,13 +30,6 @@ from . import ProviderStore -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text, Tuple # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("MetaStore",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/material_providers/wrapped.py b/src/dynamodb_encryption_sdk/material_providers/wrapped.py index 13f6a346..416156c7 100644 --- a/src/dynamodb_encryption_sdk/material_providers/wrapped.py +++ b/src/dynamodb_encryption_sdk/material_providers/wrapped.py @@ -11,6 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Cryptographic materials provider to use ephemeral content encryption keys wrapped by delegated keys.""" +from typing import Dict, Optional, Text + import attr import six @@ -22,19 +24,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("WrappedCryptographicMaterialsProvider",) diff --git a/src/dynamodb_encryption_sdk/materials/__init__.py b/src/dynamodb_encryption_sdk/materials/__init__.py index 09c4a470..3b9788d0 100644 --- a/src/dynamodb_encryption_sdk/materials/__init__.py +++ b/src/dynamodb_encryption_sdk/materials/__init__.py @@ -12,20 +12,12 @@ # language governing permissions and limitations under the License. """Cryptographic materials are containers that provide delegated keys for cryptographic operations.""" import abc +from typing import Dict, Text import six from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Text # noqa pylint: disable=unused-import - - from mypy_extensions import NoReturn # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CryptographicMaterials", "EncryptionMaterials", "DecryptionMaterials") @@ -89,7 +81,6 @@ class EncryptionMaterials(CryptographicMaterials): @property def decryption_key(self): - # type: () -> NoReturn """Encryption materials do not provide decryption keys. :raises NotImplementedError: because encryption materials do not contain decryption keys @@ -98,7 +89,6 @@ def decryption_key(self): @property def verification_key(self): - # type: () -> NoReturn """Encryption materials do not provide verification keys. :raises NotImplementedError: because encryption materials do not contain verification keys @@ -111,7 +101,6 @@ class DecryptionMaterials(CryptographicMaterials): @property def encryption_key(self): - # type: () -> NoReturn """Decryption materials do not provide encryption keys. :raises NotImplementedError: because decryption materials do not contain encryption keys @@ -120,7 +109,6 @@ def encryption_key(self): @property def signing_key(self): - # type: () -> NoReturn """Decryption materials do not provide signing keys. :raises NotImplementedError: because decryption materials do not contain signing keys diff --git a/src/dynamodb_encryption_sdk/materials/raw.py b/src/dynamodb_encryption_sdk/materials/raw.py index 7c2e85e4..d2587339 100644 --- a/src/dynamodb_encryption_sdk/materials/raw.py +++ b/src/dynamodb_encryption_sdk/materials/raw.py @@ -23,6 +23,7 @@ that you use wrapped cryptographic materials instead. """ import copy +from typing import Dict, Optional, Text import attr import six @@ -31,13 +32,6 @@ from dynamodb_encryption_sdk.internal.validators import dictionary_validator from dynamodb_encryption_sdk.materials import DecryptionMaterials, EncryptionMaterials -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("RawEncryptionMaterials", "RawDecryptionMaterials") diff --git a/src/dynamodb_encryption_sdk/materials/wrapped.py b/src/dynamodb_encryption_sdk/materials/wrapped.py index f85924ea..74d2784c 100644 --- a/src/dynamodb_encryption_sdk/materials/wrapped.py +++ b/src/dynamodb_encryption_sdk/materials/wrapped.py @@ -13,6 +13,7 @@ """Cryptographic materials to use ephemeral content encryption keys wrapped by delegated keys.""" import base64 import copy +from typing import Dict, Optional, Text import attr import six @@ -25,13 +26,6 @@ from dynamodb_encryption_sdk.internal.validators import dictionary_validator from dynamodb_encryption_sdk.materials import CryptographicMaterials -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("WrappedCryptographicMaterials",) _DEFAULT_CONTENT_ENCRYPTION_ALGORITHM = "AES/256" _WRAPPING_TRANSFORMATION = {"AES": "AESWrap", "RSA": "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"} diff --git a/src/dynamodb_encryption_sdk/structures.py b/src/dynamodb_encryption_sdk/structures.py index 522f1d14..16976b98 100644 --- a/src/dynamodb_encryption_sdk/structures.py +++ b/src/dynamodb_encryption_sdk/structures.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """Common structures used by the DynamoDB Encryption Client.""" import copy +from typing import Dict, Iterable, List, Optional, Set, Text import attr import six @@ -22,13 +23,6 @@ from .identifiers import CryptoAction -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Iterable, List, Optional, Set, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptionContext", "AttributeActions", "TableIndex", "TableInfo") diff --git a/src/dynamodb_encryption_sdk/transform.py b/src/dynamodb_encryption_sdk/transform.py index 347024d3..d79b8504 100644 --- a/src/dynamodb_encryption_sdk/transform.py +++ b/src/dynamodb_encryption_sdk/transform.py @@ -11,11 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Helper tools for translating between native and DynamoDB items.""" -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Dict # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Any, Dict from boto3.dynamodb.types import TypeDeserializer, TypeSerializer From d1ec2cbccdf5d25870450d35ce24eb37f46ae422 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 10:39:06 -0800 Subject: [PATCH 64/75] chore(deps): bump cryptography from 41.0.4 to 41.0.6 in /test (#751) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 2f497764..8fbdb995 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.4 +cryptography==41.0.6 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 50809533..9fe9ad6f 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.4 +cryptography==41.0.6 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From 25a6be357d22770419f84fe3506e1f9a850ec07f Mon Sep 17 00:00:00 2001 From: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:24:44 -0800 Subject: [PATCH 65/75] chore(ci): skip pyenv installation if already exists (#756) --- codebuild/python3.12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/python3.12.yml b/codebuild/python3.12.yml index 46576292..cf9e09ef 100644 --- a/codebuild/python3.12.yml +++ b/codebuild/python3.12.yml @@ -15,7 +15,7 @@ phases: build: commands: - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - - - pyenv install 3.12.0 + - pyenv install --skip-existing 3.12.0 - pyenv local 3.12.0 - pip install --upgrade pip - pip install setuptools From 197d7f8352da19e036fb21ccc9f816d2f9be9221 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Mon, 12 Feb 2024 11:34:35 -0500 Subject: [PATCH 66/75] feat: update requirements (#758) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: update requirements * note: we no longer support OpenSSL 1.0.1 or 1.0.2, see https://cryptography.io/en/3.4.6/installation.html#supported-platforms --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index a8a5c1a3..34c7e6a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -boto3>=1.4.4 -cryptography>=1.8.1 +boto3>=1.10.0 +cryptography>=3.4.6 attrs>=17.4.0 From 2a7fe129cbfdb982479f6192372f5f9d76a77d4d Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Fri, 1 Mar 2024 16:09:14 -0800 Subject: [PATCH 67/75] chore: bump dependencies (#763) --- .github/workflows/ci_static-analysis.yaml | 5 ++- .github/workflows/ci_tests.yaml | 30 +++------------- .github/workflows/repo-sync.yml | 2 +- test/upstream-requirements-py311.txt | 8 ++--- test/upstream-requirements-py37.txt | 43 ----------------------- test/upstream.md | 7 ++++ tox.ini | 20 +---------- 7 files changed, 19 insertions(+), 96 deletions(-) delete mode 100644 test/upstream-requirements-py37.txt create mode 100644 test/upstream.md diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 51c88f5d..08cda289 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -17,7 +17,6 @@ jobs: category: # Disabled pending completion of integration # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 -# - mypy-py2 # - mypy-py3 - bandit - doc8 @@ -31,8 +30,8 @@ jobs: - pylint-examples - black-check steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index f4fddb65..6ec74181 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,8 +39,8 @@ jobs: # - integ-slow # - examples steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -52,28 +52,6 @@ jobs: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py3: - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - category: - - nocmk - - sourcebuildcheck - - test-upstream-requirements-py37 - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: 3.7 - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r dev_requirements/ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv - upstream-py311: runs-on: ubuntu-latest strategy: @@ -84,8 +62,8 @@ jobs: - sourcebuildcheck - test-upstream-requirements-py311 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" - run: | diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index 6b1c6be3..e3776d39 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,7 +9,7 @@ jobs: environment: repo-sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: repo-sync/github-sync@v2 name: Sync repo to branch with: diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 8fbdb995..dce81673 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,12 +5,12 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.6 +cryptography==42.0.4 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 iniconfig==2.0.0 -Jinja2==3.1.2 +Jinja2==3.1.3 jmespath==0.10.0 MarkupSafe==2.1.2 mock==4.0.3 @@ -33,6 +33,6 @@ six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 types-toml==0.10.8.5 -urllib3==1.26.14 -Werkzeug==2.2.3 +urllib3==1.26.18 +Werkzeug==2.3.8 xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt deleted file mode 100644 index 9fe9ad6f..00000000 --- a/test/upstream-requirements-py37.txt +++ /dev/null @@ -1,43 +0,0 @@ -attrs==22.2.0 -boto3==1.20.51 -botocore==1.23.51 -certifi==2023.7.22 -cffi==1.15.1 -charset-normalizer==3.0.1 -coverage==7.1.0 -cryptography==41.0.6 -exceptiongroup==1.1.0 -execnet==1.9.0 -hypothesis==6.31.6 -idna==3.4 -importlib-metadata==6.0.0 -iniconfig==2.0.0 -Jinja2==3.1.2 -jmespath==0.10.0 -MarkupSafe==2.1.2 -mock==4.0.3 -moto==3.0.2 -packaging==23.0 -pluggy==1.0.0 -py==1.11.0 -pycparser==2.21 -pytest==7.2.1 -pytest-cov==3.0.0 -pytest-forked==1.6.0 -pytest-mock==3.10.0 -pytest-xdist==3.2.0 -python-dateutil==2.8.2 -pytz==2022.7.1 -requests==2.31.0 -responses==0.22.0 -s3transfer==0.5.2 -six==1.16.0 -sortedcontainers==2.4.0 -toml==0.10.2 -tomli==2.0.1 -types-toml==0.10.8.5 -typing_extensions==4.5.0 -urllib3==1.26.14 -Werkzeug==2.2.3 -xmltodict==0.13.0 -zipp==3.14.0 diff --git a/test/upstream.md b/test/upstream.md new file mode 100644 index 00000000..aeb3ed63 --- /dev/null +++ b/test/upstream.md @@ -0,0 +1,7 @@ +AWS Crypto Tools maintains `test/upstream-requirements-py.txt` in our Python products such that +our Cryptographic Primitive Provider for Python ([pyca/cryptography](https://github.com/pyca/cryptography)) +may execute downstream tests against AWS Crypto Tools Python products. +These files allow pyca to install and test the Crypto Tools products. +Additionally, Crypto Tools should maintain a test configuration that can be completed without using any AWS resources. +If Crypto Tools needs to contact pyca about this expectation, +they should cut a issue to the pyca/cryptography repo. diff --git a/tox.ini b/tox.ini index 3c8733a2..07a0aed6 100644 --- a/tox.ini +++ b/tox.ini @@ -5,7 +5,7 @@ envlist = docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, vulture, - test-upstream-requirements-py3{11,7} + test-upstream-requirements-py3{11} # Additional environments: # @@ -119,15 +119,6 @@ recreate = True deps = commands = {toxinidir}/test/freeze-upstream-requirements.sh -# Freeze for Python 3.7 -[testenv:freeze-upstream-requirements-py37] -basepython = python3.7 -sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} -skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} -recreate = {[testenv:freeze-upstream-requirements-base]recreate} -deps = {[testenv:freeze-upstream-requirements-base]deps} -commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt - # Freeze for Python 3.11 [testenv:freeze-upstream-requirements-py311] basepython = python3.11 @@ -144,15 +135,6 @@ recreate = True passenv = commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples -# Test frozen upstream requirements for Python 3.7 -[testenv:test-upstream-requirements-py37] -basepython = python3.7 -passenv = -deps = -rtest/upstream-requirements-py37.txt -sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} -recreate = {[testenv:test-upstream-requirements-base]recreate} -commands = {[testenv:test-upstream-requirements-base]commands} - # Test frozen upstream requirements for Python 3.11 [testenv:test-upstream-requirements-py311] basepython = python3.11 From 4604a85658244c9449cce056b1b43648d28e288d Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Apr 2024 12:22:00 -0700 Subject: [PATCH 68/75] feat: remove Python3.7 support (#764) --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 4 ---- setup.py | 2 +- src/dynamodb_encryption_sdk/compatability.py | 5 +++-- test/unit/test_compatability.py | 2 +- tox.ini | 2 +- 7 files changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 6ec74181..d856f4ae 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.7 - 3.8 - 3.9 - "3.10" diff --git a/README.rst b/README.rst index d2e3647a..438a10ee 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.7+ +* Python 3.8+ Installation diff --git a/buildspec.yml b/buildspec.yml index b0005071..b53801b5 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,10 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_7 - buildspec: codebuild/python3.7.yml - env: - image: aws/codebuild/standard:5.0 - identifier: python3_8 buildspec: codebuild/python3.8.yml env: diff --git a/setup.py b/setup.py index 55408c94..e64e7d4e 100644 --- a/setup.py +++ b/setup.py @@ -48,11 +48,11 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py index 9819c825..ccd7be9f 100644 --- a/src/dynamodb_encryption_sdk/compatability.py +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -24,9 +24,10 @@ def _warn_deprecated_python(): (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 5): {"date": "2021-11-10"}, (3, 6): {"date": "2021-12-19"}, + (3, 7): {"date": "2024-03-04"}, } py_version = (sys.version_info.major, sys.version_info.minor) - minimum_version = (3, 7) + minimum_version = (3, 8) if py_version in deprecated_versions: params = deprecated_versions[py_version] @@ -36,5 +37,5 @@ def _warn_deprecated_python(): "bug fixes, and security updates please upgrade to Python {}.{} or " "later. For more information, see SUPPORT_POLICY.rst: " "https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst" - ).format(py_version[0], py_version[1], minimum_version[0], minimum_version[1], params["date"]) + ).format(py_version[0], py_version[1], params["date"], minimum_version[0], minimum_version[1]) warnings.warn(warning, DeprecationWarning) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index 37241aa9..51510952 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -25,7 +25,7 @@ class TestWarnDeprecatedPython: def test_happy_version(self): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 - v_info.minor = 7 + v_info.minor = 8 with pytest.warns(None) as record: _warn_deprecated_python() assert len(record) == 0 diff --git a/tox.ini b/tox.ini index 07a0aed6..9024f22b 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310,311,312}-{local,integ,ddb,examples}-fast, + py{38,39,310,311,312}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 4a00eedf5667609018a8b24a8c77fd2bba2088b6 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Fri, 21 Jun 2024 16:19:23 -0700 Subject: [PATCH 69/75] fix(docs; gha): updated .readthedocs.yaml; macos-latest to macos-12 (#777) --- .github/workflows/ci_tests.yaml | 2 +- .readthedocs.yaml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index d856f4ae..938c8fb8 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -22,7 +22,7 @@ jobs: # x86 builds are only meaningful for Windows - os: windows-latest architecture: x86 - - os: macos-latest + - os: macos-12 architecture: x64 python: - 3.8 diff --git a/.readthedocs.yaml b/.readthedocs.yaml index a19ab508..82c9c983 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -5,6 +5,12 @@ # Required version: 2 +# Set the OS, Python version and other tools you might need +build: + os: ubuntu-22.04 + tools: + python: "3.8" + # Build documentation in the doc/ directory with Sphinx sphinx: configuration: doc/conf.py @@ -15,8 +21,7 @@ submodules: exclude: all python: - version: 3.8 install: - requirements: dev_requirements/doc-requirements.txt - - method: setuptools + - method: pip path: . From 4dd6e0bb96f5f579bcdeae08bfc8aeed367b7e05 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 9 Jul 2024 18:36:50 -0400 Subject: [PATCH 70/75] chore(deps): Update pytest version in upstream-requirements-py311.txt (#776) --- test/unit/test_compatability.py | 7 +++---- test/upstream-requirements-py311.txt | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index 51510952..314017e9 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -22,13 +22,12 @@ class TestWarnDeprecatedPython: - def test_happy_version(self): + def test_happy_version(self, recwarn): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 v_info.minor = 8 - with pytest.warns(None) as record: - _warn_deprecated_python() - assert len(record) == 0 + _warn_deprecated_python() + assert len(recwarn) == 0 def test_below_warn(self): with mock.patch.object(sys, "version_info") as v_info: diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index dce81673..a0e9cbf7 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -16,10 +16,10 @@ MarkupSafe==2.1.2 mock==4.0.3 moto==3.0.2 packaging==23.0 -pluggy==1.0.0 +pluggy==1.5.0 py==1.11.0 pycparser==2.21 -pytest==7.2.1 +pytest==8.2.0 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 From c4e65242e41ba2e7c0b6e20318a417873a7bf089 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Mon, 5 Aug 2024 13:44:03 -0700 Subject: [PATCH 71/75] chore(CHANGELOG): 3.3.0 (#778) --- CHANGELOG.rst | 19 +++++++++++++++++++ SUPPORT_POLICY.rst | 2 +- src/dynamodb_encryption_sdk/identifiers.py | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4b1e5cac..921613e8 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,25 @@ Changelog ********* +3.3.0 -- 2024-08-05 +=================== + +Deprecation +----------- +- The AWS DynamoDB Encryption Client for Python no longer supports Python 3.7 as of version 3.3 + - Only Python 3.8+ is supported. +- We no longer support OpenSSL 1.0.1 or 1.0.2, as per `cryptography documentation `_. + +Feature +----------- +* Warn on Deprecated Python 3.7 usage +* Add Python 3.11 to CI +* Add Python 3.12 to CI + +Maintenance +----------- +* Update requirements for boto3 (>=1.10.0) and cryptography (>=3.4.6) + 3.2.0 -- 2021-12-19 =================== diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 5af85cc5..3fe938f3 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -32,6 +32,6 @@ This table describes the current support status of each major version of the AWS * - 3.x - Generally Available - Maintenance - - 2023-07-23 + - 2024-08-05 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index b8b1c118..5c63f095 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.2.0" +__version__ = "3.3.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) From 921aedaf020346fe571b8b800758f430eda810b1 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:28:57 -0700 Subject: [PATCH 72/75] chore(release): Updated API Token username password for Test PyPI and prod PyPI (#779) --- codebuild/release/prod-release.yml | 4 ++-- codebuild/release/test-release.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index c8639c61..7f55b526 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: PyPiAdmin:username - TWINE_PASSWORD: PyPiAdmin:password + TWINE_USERNAME: PyPiAPIToken:username + TWINE_PASSWORD: PyPiAPIToken:password phases: install: diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 9d8fbed2..03dc4d95 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: TestPyPiCryptoTools:username - TWINE_PASSWORD: TestPyPiCryptoTools:password + TWINE_USERNAME: TestPyPiAPIToken:username + TWINE_PASSWORD: TestPyPiAPIToken:password phases: install: From e6ed4bf0f8fb96364907a135cb453b1fc78e39d1 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:03:34 -0700 Subject: [PATCH 73/75] chore(CFN): Adding cfn template (#780) --- cfn/CB.yml | 364 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 364 insertions(+) create mode 100644 cfn/CB.yml diff --git a/cfn/CB.yml b/cfn/CB.yml new file mode 100644 index 00000000..30d5966b --- /dev/null +++ b/cfn/CB.yml @@ -0,0 +1,364 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Template to build a CodeBuild Project, assumes that GitHub credentials are already set up." +Parameters: + ProjectName: + Type: String + Description: The name of the CodeBuild Project + ProjectDescription: + Type: String + Description: The description for the CodeBuild Project + SourceLocation: + Type: String + Description: The https GitHub URL for the project + NumberOfBuildsInBatch: + Type: Number + MaxValue: 100 + MinValue: 1 + Default: 4 + Description: The number of builds you expect to run in a batch + +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - + Label: + default: "Crypto Tools CodeBuild Project Template" + Parameters: + - ProjectName + - ProjectDescription + - SourceLocation + +Resources: + CodeBuildProject: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Ref ProjectName + Description: !Ref ProjectDescription + Source: + Location: !Ref SourceLocation + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Triggers: + BuildType: BUILD_BATCH + Webhook: True + FilterGroups: + - - Type: EVENT + Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED,PUSH,PULL_REQUEST_REOPENED + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectTestRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-test-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to test PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/test-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectProdRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-prod-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to prod PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/prod-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildBatchPolicy + - !Ref CodeBuildBasePolicy + - !Ref SecretsManagerPolicy + - !Ref DDBPolicy + - "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" + + CodeBuildCIServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-CI-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildCIBatchPolicy + - !Ref CodeBuildBasePolicy + - !Ref DDBPolicy + - "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" + + CodeBuildBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-test-release", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-prod-release" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildCIBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-CI-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildBasePolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBasePolicy-${ProjectName}-${AWS::Region}" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release:*" + ], + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + }, + { + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::codepipeline-${AWS::Region}-*" + ], + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ] + }, + { + "Effect": "Allow", + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages" + ], + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:report-group/${ProjectName}-*" + ] + } + ] + } + + SecretsManagerPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CryptoTools-SecretsManager-${ProjectName}-release" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:us-west-2:587316601012:secret:TestPyPiAPIToken-uERFjs", + "arn:aws:secretsmanager:us-west-2:587316601012:secret:PyPiAPIToken-nu1Gu6" + ], + "Action": "secretsmanager:GetSecretValue" + } + ] + } + + DDBPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CryptoTools-DynamoDB-${ProjectName}-CI" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:us-east-1:587316601012:table/ddbec-mrk-testing", + "arn:aws:dynamodb:us-west-2:587316601012:table/ddbec-mrk-testing" + ], + "Action": "*" + } + ] + } + + # There exist public AWS KMS CMKs that are used for testing + # Take care with these CMKs they are **ONLY** for testing!!! + CryptoToolsKMS: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CrypotToolsKMSPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:kms:*:658956600833:key/*", + "arn:aws:kms:*:658956600833:alias/*" + ], + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + } + ] + } From 2ae188138cd34adef73eda4905991ebc9b3644e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 16:09:18 -0700 Subject: [PATCH 74/75] chore(deps): bump werkzeug from 2.3.8 to 3.0.3 in /test (#782) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.8 to 3.0.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.3.8...3.0.3) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index a0e9cbf7..1c3051be 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -34,5 +34,5 @@ sortedcontainers==2.4.0 toml==0.10.2 types-toml==0.10.8.5 urllib3==1.26.18 -Werkzeug==2.3.8 +Werkzeug==3.0.3 xmltodict==0.13.0 From 2e630389836434b5cda63e0e5ade00ea638173f8 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Wed, 12 Feb 2025 10:59:12 -0500 Subject: [PATCH 75/75] chore: bump macos version in CI (#820) --- .github/workflows/ci_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 938c8fb8..fb308d0b 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -22,7 +22,7 @@ jobs: # x86 builds are only meaningful for Windows - os: windows-latest architecture: x86 - - os: macos-12 + - os: macos-13 architecture: x64 python: - 3.8 @@ -30,7 +30,7 @@ jobs: - "3.10" - "3.11" - "3.12" - - 3.x +# - 3.x 3.13 does not have 'pipes' and maybe other necessary things category: - local-slow # These require credentials.