From 70ef913cd303b07e7cec78e83fce80007ebd9b0e Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 12:49:07 -0600 Subject: [PATCH 01/57] chore: Fix README file extension (#174) --- examples/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/setup.py b/examples/setup.py index 8f1fa53d..ceb22c19 100644 --- a/examples/setup.py +++ b/examples/setup.py @@ -36,7 +36,7 @@ def get_requirements(): author_email="aws-cryptools@amazon.com", maintainer="Amazon Web Services", description="DynamoDB Encryption Client for Python examples", - long_description=read("README.md"), + long_description=read("README.rst"), keywords="dynamodb-encryption-sdk aws kms encryption dynamodb", data_files=["requirements.txt"], license="Apache License 2.0", From 9a5ab6521092a54dd2e5222b3995c76c8c42d74a Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 14:03:22 -0600 Subject: [PATCH 02/57] chore: Add MRK key ids to codebuild specs (#175) --- codebuild/release/validate.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 9c242630..eacf49ae 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -5,6 +5,10 @@ env: BRANCH: "master" AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID: >- + arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- + arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME: ddbec-release-validation From 8d82ed78658bd4617d727cfdada37a00e1efa2f8 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 15 Jul 2021 16:36:52 -0600 Subject: [PATCH 03/57] chore: Remove support for python 2 (#173) --- .github/workflows/ci_tests.yaml | 59 ---------------------- CHANGELOG.rst | 12 +++++ README.rst | 7 +-- SUPPORT_POLICY.rst | 8 +-- buildspec.yml | 2 - codebuild/python2.7.yml | 18 ------- requirements.txt | 1 - setup.py | 3 -- src/dynamodb_encryption_sdk/identifiers.py | 2 +- tox.ini | 31 +----------- 10 files changed, 19 insertions(+), 124 deletions(-) delete mode 100644 codebuild/python2.7.yml diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index b8e72507..9cf5a738 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -9,46 +9,6 @@ on: - cron: '0 0 * * *' jobs: - # Hypothesis no longer supports Python 2 and - # there is a bug that appears with our slow tests - # only on Python 2. - # Until we also drop Python 2 support, - # the workaround is just that we don't run the slow tests - # on Python 2. - py2-tests: - runs-on: ${{ matrix.platform.os }} - strategy: - fail-fast: true - matrix: - platform: - - os: ubuntu-latest - architecture: x64 - - os: windows-latest - architecture: x64 - # x86 builds are only meaningful for Windows - - os: windows-latest - architecture: x86 - - os: macos-latest - architecture: x64 - category: - - local-fast - # These require credentials. - # Enable them once we sort how to provide them. - # - integ-fast - # - examples - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 - with: - python-version: 2.7 - architecture: ${{ matrix.platform.architecture }} - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv tests: runs-on: ${{ matrix.platform.os }} strategy: @@ -111,22 +71,3 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py2: - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - category: - - test-upstream-requirements-py27 - steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 - with: - python-version: 2.7 - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fd602e43..8a500867 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ Changelog ********* +3.0.0 -- 2021-07-15 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 2 or Python 3.4 +as of major version 3.x; only Python 3.5+ is supported. Customers using Python 2 +or Python 3.4 can still use the 2.x line of the DynamoDB Encryption Client, +which will continue to receive security updates for the next 12 months, in accordance +with our `Support Policy `__. + + 2.1.0 -- 2021-07-15 =================== diff --git a/README.rst b/README.rst index 42b8ce42..6881c2e1 100644 --- a/README.rst +++ b/README.rst @@ -47,12 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 2.7 or 3.4+ - - **NOTE: 2.x is the last major version of this library that will - support Python 2. Future major versions will begin to adopt changes - known to break Python 2. Python 3.4 support will also be removed - in future major versions; Python 3.5+ will be required.** +* Python 3.5+ Installation diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 26667e42..26b126fa 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -26,12 +26,12 @@ This table describes the current support status of each major version of the AWS - End of Support - 2022-07-08 * - 2.x - - Generally Available - Maintenance - - 2021-07-13 + - End of Support + - 2022-07-15 * - 3.x - - - Generally Available - - 2021-07-13 + - + - .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/buildspec.yml b/buildspec.yml index 82f32b41..b83ff440 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python2_7 - buildspec: codebuild/python2.7.yml - identifier: python3_5 buildspec: codebuild/python3.5.yml - identifier: python3_6 diff --git a/codebuild/python2.7.yml b/codebuild/python2.7.yml deleted file mode 100644 index fd688d77..00000000 --- a/codebuild/python2.7.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py27-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pip install tox - - tox diff --git a/requirements.txt b/requirements.txt index b10f60f4..a8a5c1a3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,3 @@ boto3>=1.4.4 cryptography>=1.8.1 attrs>=17.4.0 -enum34; python_version < '3.4' \ No newline at end of file diff --git a/setup.py b/setup.py index 8b50e8dc..5ae2a7ef 100644 --- a/setup.py +++ b/setup.py @@ -47,10 +47,7 @@ def get_requirements(): "Natural Language :: English", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", - "Programming Language :: Python :: 2", - "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index e7a0fcfd..c9b33016 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "2.1.0" +__version__ = "3.0.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) diff --git a/tox.ini b/tox.ini index 9f752505..d0aa06da 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{27,35,36,37,38,39}-{local,integ,ddb,examples}-fast, + py{35,36,37,38,39}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, @@ -117,15 +117,6 @@ recreate = True deps = commands = {toxinidir}/test/freeze-upstream-requirements.sh -# Freeze for Python 2.7 -[testenv:freeze-upstream-requirements-py27] -basepython = python2.7 -sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} -skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} -recreate = {[testenv:freeze-upstream-requirements-base]recreate} -deps = {[testenv:freeze-upstream-requirements-base]deps} -commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py27.txt - # Freeze for Python 3.7 [testenv:freeze-upstream-requirements-py37] basepython = python3.7 @@ -142,15 +133,6 @@ recreate = True passenv = commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples -# Test frozen upstream requirements for Python 2.7 -[testenv:test-upstream-requirements-py27] -basepython = python2.7 -passenv = -deps = -rtest/upstream-requirements-py27.txt -sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} -recreate = {[testenv:test-upstream-requirements-base]recreate} -commands = {[testenv:test-upstream-requirements-base]commands} - # Test frozen upstream requirements for Python 3.7 [testenv:test-upstream-requirements-py37] basepython = python3.7 @@ -201,17 +183,6 @@ commands = {posargs} {[testenv:mypy-coverage]commands} -[testenv:mypy-py2] -basepython = python2.7 -deps = {[testenv:mypy-common]deps} -commands = - python -m mypy \ - --py2 \ - --linecoverage-report build \ - src/dynamodb_encryption_sdk/ \ - {posargs} - {[testenv:mypy-coverage]commands} - # Linters [testenv:flake8] basepython = python3 From 421b551616ff80c0e4e9e20d904e54ab3e30b4c1 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 3 Aug 2021 13:18:00 -0600 Subject: [PATCH 04/57] chore: Update freeze-upstream-requirements (#178) Also get rid of some now-unused py2 configuration. --- test/README.rst | 14 ++-- test/upstream-requirements-py27.txt | 78 --------------------- test/upstream-requirements-py37.txt | 103 +++++++++++----------------- 3 files changed, 45 insertions(+), 150 deletions(-) delete mode 100644 test/upstream-requirements-py27.txt diff --git a/test/README.rst b/test/README.rst index ead71c42..747522bb 100644 --- a/test/README.rst +++ b/test/README.rst @@ -22,16 +22,12 @@ Updating Upstream Requirements The purpose of the upstream requirements files is to provide a stable list of packages for dependencies to run downstream tests of the DynamoDB Encryption -Client. In order to update the upstream requirements in `upstream-requirements-py37.txt` -and `upstream-requirements-py27.txt`, run these commands: +Client. In order to update the upstream requirements in `upstream-requirements-py37.txt`, +run these commands:: - .. code:: + $ tox -e freeze-upstream-requirements-py37 - $ tox -e freeze-upstream-requirements-py27 - $ tox -e freeze-upstream-requirements-py37 +Test them using:: -Test them using: + $ tox -e test-upstream-requirements-py37 - .. code:: - $ tox -e test-upstream-requirements-py27 - $ tox -e test-upstream-requirements-py37 diff --git a/test/upstream-requirements-py27.txt b/test/upstream-requirements-py27.txt deleted file mode 100644 index cb3364b1..00000000 --- a/test/upstream-requirements-py27.txt +++ /dev/null @@ -1,78 +0,0 @@ -apipkg==1.5 -asn1crypto==1.0.1 -atomicwrites==1.3.0 -attrs==19.2.0 -aws-sam-translator==1.15.0 -aws-xray-sdk==2.4.2 -backports.ssl-match-hostname==3.7.0.1 -backports.tempfile==1.0 -backports.weakref==1.0.post1 -boto==2.49.0 -boto3==1.9.246 -botocore==1.12.246 -certifi==2019.9.11 -cffi==1.12.3 -cfn-lint==0.24.4 -chardet==3.0.4 -configparser==4.0.2 -contextlib2==0.6.0.post1 -cookies==2.2.1 -coverage==4.5.4 -cryptography==3.3.2 -DateTime==4.3 -docker==4.1.0 -docutils==0.15.2 -ecdsa==0.13.3 -enum34==1.1.6 -execnet==1.7.1 -funcsigs==1.0.2 -functools32==3.2.3.post2 -future==0.18.0 -futures==3.3.0 -hypothesis==4.40.0 -idna==2.8 -importlib-metadata==0.23 -ipaddress==1.0.22 -Jinja2==2.11.3 -jmespath==0.9.4 -jsondiff==1.1.2 -jsonpatch==1.24 -jsonpickle==1.2 -jsonpointer==2.0 -jsonschema==3.1.1 -MarkupSafe==1.1.1 -mock==3.0.5 -more-itertools==5.0.0 -moto==1.3.13 -packaging==19.2 -pathlib2==2.3.5 -pluggy==0.13.0 -py==1.10.0 -pyasn1==0.4.7 -pycparser==2.19 -pyparsing==2.4.2 -pyrsistent==0.15.4 -pytest==4.6.5 -pytest-cov==2.8.1 -pytest-forked==1.0.2 -pytest-mock==1.11.1 -pytest-xdist==1.30.0 -python-dateutil==2.8.0 -python-jose==3.0.1 -pytz==2019.3 -PyYAML==5.4 -requests==2.22.0 -responses==0.10.6 -rsa==4.5 -s3transfer==0.2.1 -scandir==1.10.0 -six==1.12.0 -sshpubkeys==3.1.0 -urllib3==1.25.8 -wcwidth==0.1.7 -websocket-client==0.56.0 -Werkzeug==0.16.0 -wrapt==1.11.2 -xmltodict==0.12.0 -zipp==0.6.0 -zope.interface==4.6.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index fe00514f..76ee4525 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,65 +1,42 @@ -apipkg==1.5 -asn1crypto==1.0.1 -atomicwrites==1.3.0 -attrs==19.2.0 -aws-sam-translator==1.15.0 -aws-xray-sdk==2.4.2 -boto==2.49.0 -boto3==1.9.246 -botocore==1.12.246 -certifi==2019.9.11 -cffi==1.12.3 -cfn-lint==0.24.4 -chardet==3.0.4 -coverage==4.5.4 -cryptography==3.3.2 -DateTime==4.3 -docker==4.1.0 -docutils==0.15.2 -ecdsa==0.13.3 -execnet==1.7.1 -future==0.18.0 -hypothesis==4.40.0 -idna==2.8 -importlib-metadata==0.23 -Jinja2==2.11.3 -jmespath==0.9.4 -jsondiff==1.1.2 -jsonpatch==1.24 -jsonpickle==1.2 -jsonpointer==2.0 -jsonschema==3.1.1 -MarkupSafe==1.1.1 -mock==3.0.5 -more-itertools==7.2.0 -moto==1.3.13 -packaging==19.2 -pluggy==0.13.0 +attrs==21.2.0 +boto3==1.18.12 +botocore==1.21.12 +certifi==2021.5.30 +cffi==1.14.6 +charset-normalizer==2.0.4 +coverage==5.5 +cryptography==3.4.7 +execnet==1.9.0 +hypothesis==5.49.0 +idna==3.2 +importlib-metadata==4.6.3 +iniconfig==1.1.1 +Jinja2==3.0.1 +jmespath==0.10.0 +MarkupSafe==2.0.1 +mock==4.0.3 +more-itertools==8.8.0 +moto==2.2.1 +packaging==21.0 +pluggy==0.13.1 py==1.10.0 -pyasn1==0.4.7 -pycparser==2.19 -pyparsing==2.4.2 -pyrsistent==0.15.4 -pytest==5.2.1 -pytest-cov==2.8.1 -pytest-forked==1.0.2 -pytest-mock==1.11.1 -pytest-xdist==1.30.0 -python-dateutil==2.8.0 -python-jose==3.0.1 -pytz==2019.3 -PyYAML==5.4 -requests==2.22.0 -responses==0.10.6 -rsa==4.5 -s3transfer==0.2.1 -six==1.12.0 -sshpubkeys==3.1.0 -urllib3==1.25.8 -wcwidth==0.1.7 -websocket-client==0.56.0 -Werkzeug==0.16.0 -wrapt==1.11.2 +pycparser==2.20 +pyparsing==2.4.7 +pytest==6.2.4 +pytest-cov==2.12.1 +pytest-forked==1.3.0 +pytest-mock==3.6.1 +pytest-xdist==2.3.0 +python-dateutil==2.8.2 +pytz==2021.1 +requests==2.26.0 +responses==0.13.3 +s3transfer==0.5.0 +six==1.16.0 +sortedcontainers==2.4.0 +toml==0.10.2 +typing-extensions==3.10.0.0 +urllib3==1.26.6 +Werkzeug==2.0.1 xmltodict==0.12.0 -zipp==0.6.0 -zope.interface==4.6.0 +zipp==3.5.0 From b40745d24ef06fbd7467434558e8be563318e88b Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Thu, 26 Aug 2021 17:14:22 -0600 Subject: [PATCH 05/57] chore: Fix broken CI (#179) --- codebuild/python3.8.yml | 4 +++- doc/conf.py | 4 ++-- test/acceptance/acceptance_test_generators.py | 6 +++--- test/acceptance/acceptance_test_utils.py | 10 +++++----- test/functional/functional_test_vector_generators.py | 6 +++--- test/functional/internal/test_str_ops.py | 8 ++++---- test/unit/material_providers/test_aws_kms.py | 2 +- 7 files changed, 21 insertions(+), 19 deletions(-) diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index 1c1524c8..cbac65cf 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -14,5 +14,7 @@ phases: python: latest build: commands: - - pip install tox + - pyenv install 3.8.6 + - pyenv local 3.8.6 + - pip install tox tox-pyenv - tox diff --git a/doc/conf.py b/doc/conf.py index 9c0b817c..2bc924ac 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -29,7 +29,7 @@ def get_version(): return _release -project = u"dynamodb-encryption-sdk-python" +project = "dynamodb-encryption-sdk-python" version = get_version() release = get_release() @@ -53,7 +53,7 @@ def get_version(): source_suffix = ".rst" # The suffix of source filenames. master_doc = "index" # The master toctree document. -copyright = u"%s, Amazon" % datetime.now().year # pylint: disable=redefined-builtin +copyright = "%s, Amazon" % datetime.now().year # pylint: disable=redefined-builtin # List of directories, relative to source directory, that shouldn't be searched # for source files. diff --git a/test/acceptance/acceptance_test_generators.py b/test/acceptance/acceptance_test_generators.py index 9ba01174..1c513bd3 100644 --- a/test/acceptance/acceptance_test_generators.py +++ b/test/acceptance/acceptance_test_generators.py @@ -43,7 +43,7 @@ def load_scenarios(online): into a shared method. """ # pylint: disable=too-many-locals - with open(_SCENARIO_FILE) as f: + with open(_SCENARIO_FILE, encoding="utf-8") as f: scenarios = json.load(f) keys_file = _filename_from_uri(scenarios["keys"]) keys = _load_keys(keys_file) @@ -128,7 +128,7 @@ def _generate(materials_provider, table_data, ciphertext_file, metastore_info): if table: table.delete() - with open(ciphertext_file, "w") as outfile: + with open(ciphertext_file, "w", encoding="utf-8") as outfile: json.dump(data_table_output, outfile, indent=4) if metatable: @@ -137,7 +137,7 @@ def _generate(materials_provider, table_data, ciphertext_file, metastore_info): metastore_output[metastore_info["table_name"]].append(ddb_to_json(wrapping_key)) metastore_ciphertext_file = _filename_from_uri(metastore_info["ciphertext"]) - with open(metastore_ciphertext_file, "w") as outfile: + with open(metastore_ciphertext_file, "w", encoding="utf-8") as outfile: json.dump(metastore_output, outfile, indent=4) metatable.delete() diff --git a/test/acceptance/acceptance_test_utils.py b/test/acceptance/acceptance_test_utils.py index c4f06b46..a7fd4c03 100644 --- a/test/acceptance/acceptance_test_utils.py +++ b/test/acceptance/acceptance_test_utils.py @@ -61,7 +61,7 @@ def _decode_item(item): def _build_plaintext_items(plaintext_file, version): # pylint: disable=too-many-locals - with open(plaintext_file) as f: + with open(plaintext_file, encoding="utf-8") as f: plaintext_data = json.load(f) actions = {} @@ -92,7 +92,7 @@ def _build_plaintext_items(plaintext_file, version): def _load_ciphertext_items(ciphertext_file): - with open(ciphertext_file) as f: + with open(ciphertext_file, encoding="utf-8") as f: ciphertexts = json.load(f) for _table, items in ciphertexts.items(): @@ -103,7 +103,7 @@ def _load_ciphertext_items(ciphertext_file): def _load_keys(keys_file): - with open(keys_file) as f: + with open(keys_file, encoding="utf-8") as f: return json.load(f) @@ -165,7 +165,7 @@ def _meta_table_prep(table_name, items_filename): table = boto3.resource("dynamodb", region_name="us-west-2").Table(table_name) table.wait_until_exists() try: - with open(_filename_from_uri(items_filename)) as f: + with open(_filename_from_uri(items_filename), encoding="utf-8") as f: table_data = json.load(f) request_items = {} @@ -255,7 +255,7 @@ def _expand_items(ciphertext_items, plaintext_items): def load_scenarios(online): # pylint: disable=too-many-locals - with open(_SCENARIO_FILE) as f: + with open(_SCENARIO_FILE, encoding="utf-8") as f: scenarios = json.load(f) keys_file = _filename_from_uri(scenarios["keys"]) keys = _load_keys(keys_file) diff --git a/test/functional/functional_test_vector_generators.py b/test/functional/functional_test_vector_generators.py index 02906f35..9e711ad2 100644 --- a/test/functional/functional_test_vector_generators.py +++ b/test/functional/functional_test_vector_generators.py @@ -104,14 +104,14 @@ def _decode_complex_value(_value): def attribute_test_vectors(mode): filepath = _ATTRIBUTE_TEST_VECTOR_FILE_TEMPLATE.format(mode=mode) - with open(filepath) as f: + with open(filepath, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: yield (decode_value(vector["attribute"]), base64.b64decode(codecs.encode(vector["serialized"], "utf-8"))) def material_description_test_vectors(): - with open(_MATERIAL_DESCRIPTION_TEST_VECTORS_FILE) as f: + with open(_MATERIAL_DESCRIPTION_TEST_VECTORS_FILE, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: yield (vector["material_description"], decode_value({"B": codecs.encode(vector["serialized"], "utf-8")})) @@ -125,7 +125,7 @@ def material_description_test_vectors(): def string_to_sign_test_vectors(): - with open(_STRING_TO_SIGN_TEST_VECTORS_FILE) as f: + with open(_STRING_TO_SIGN_TEST_VECTORS_FILE, encoding="utf-8") as f: vectors = json.load(f) for vector in vectors: item = {key: decode_value(value["value"]) for key, value in vector["item"].items()} diff --git a/test/functional/internal/test_str_ops.py b/test/functional/internal/test_str_ops.py index 704e3e3f..1d9f7443 100644 --- a/test/functional/internal/test_str_ops.py +++ b/test/functional/internal/test_str_ops.py @@ -26,8 +26,8 @@ ( ("asdf", "asdf"), (b"asdf", "asdf"), - (codecs.encode(u"Предисловие", "utf-8"), u"Предисловие"), - (u"Предисловие", u"Предисловие"), + (codecs.encode("Предисловие", "utf-8"), "Предисловие"), + ("Предисловие", "Предисловие"), ), ) def test_to_str(data, expected_output): @@ -41,8 +41,8 @@ def test_to_str(data, expected_output): ("asdf", b"asdf"), (b"asdf", b"asdf"), (b"\x3a\x00\x99", b"\x3a\x00\x99"), - (u"Предисловие", codecs.encode(u"Предисловие", "utf-8")), - (codecs.encode(u"Предисловие", "utf-8"), codecs.encode(u"Предисловие", "utf-8")), + ("Предисловие", codecs.encode("Предисловие", "utf-8")), + (codecs.encode("Предисловие", "utf-8"), codecs.encode("Предисловие", "utf-8")), ), ) def test_to_bytes(data, expected_output): diff --git a/test/unit/material_providers/test_aws_kms.py b/test/unit/material_providers/test_aws_kms.py index edcd301d..2d14b8e4 100644 --- a/test/unit/material_providers/test_aws_kms.py +++ b/test/unit/material_providers/test_aws_kms.py @@ -225,7 +225,7 @@ def test_loaded_key_infos(): [ pytest.param(val, id=str(val)) for val in all_possible_combinations_kwargs( - dict(), + {}, dict(botocore_session=botocore.session.Session()), dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), dict(material_description={"asoiufeoia": "soajfijewi"}), From 94244332a77a1929ee4c1cebc366787ca57e206d Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Fri, 24 Sep 2021 13:41:28 -0700 Subject: [PATCH 06/57] chore: Fix CI (#180) --- examples/src/pylintrc | 1 + examples/test/pylintrc | 1 + src/pylintrc | 1 + test/pylintrc | 1 + 4 files changed, 4 insertions(+) diff --git a/examples/src/pylintrc b/examples/src/pylintrc index 5ea9fbcc..2a3a443a 100644 --- a/examples/src/pylintrc +++ b/examples/src/pylintrc @@ -3,6 +3,7 @@ disable = duplicate-code, # these examples often feature similar code too-many-locals, # for these examples, we prioritize keeping everything together for simple readability + consider-using-f-string, # Not supported in Python 3.5 [BASIC] # Allow function names up to 50 characters diff --git a/examples/test/pylintrc b/examples/test/pylintrc index f4dfcfe6..f9671d06 100644 --- a/examples/test/pylintrc +++ b/examples/test/pylintrc @@ -10,6 +10,7 @@ disable = # pylint does not recognize this duplicate-code, # tests for similar things tend to be similar redefined-outer-name, # raises false positives with fixtures + consider-using-f-string, # Not supported in Python 3.5 [DESIGN] max-args = 10 diff --git a/src/pylintrc b/src/pylintrc index bc0406f6..399920a7 100644 --- a/src/pylintrc +++ b/src/pylintrc @@ -8,6 +8,7 @@ disable = useless-object-inheritance, raise-missing-from, super-with-arguments, + consider-using-f-string, [BASIC] # Allow function names up to 50 characters diff --git a/test/pylintrc b/test/pylintrc index ce2bba60..24de7029 100644 --- a/test/pylintrc +++ b/test/pylintrc @@ -14,6 +14,7 @@ disable = useless-object-inheritance, raise-missing-from, super-with-arguments, + consider-using-f-string, [DESIGN] max-args = 10 From ff6aa151876b173103c17bd63c6039ce33cce3c3 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 10:32:00 -0700 Subject: [PATCH 07/57] ci: Update CI (#183) --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 2 +- codebuild/python3.5.yml | 4 ++-- codebuild/python3.6.yml | 4 +++- codebuild/python3.7.yml | 4 ++-- codebuild/python3.8.yml | 4 ++-- codebuild/python3.9.yml | 4 ++-- examples/test/examples_test_utils.py | 19 ++++++++++++++++++- .../test/test_aws_kms_encrypted_examples.py | 7 ++++++- .../material_providers/most_recent.py | 4 +--- 10 files changed, 38 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 746f015e..1c867540 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 9cf5a738..86e3e8df 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,7 +39,7 @@ jobs: # - examples steps: - uses: actions/checkout@v2 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml index f2b1dbcd..f0916074 100644 --- a/codebuild/python3.5.yml +++ b/codebuild/python3.5.yml @@ -26,7 +26,7 @@ phases: # Testing every minor version # is too extreme at this time. # The choice of versions should be reviewed. - - pyenv install 3.5.9 - - pyenv local 3.5.9 + - pyenv install 3.5.10 + - pyenv local 3.5.10 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml index 602dc113..864ea3b1 100644 --- a/codebuild/python3.6.yml +++ b/codebuild/python3.6.yml @@ -14,5 +14,7 @@ phases: python: latest build: commands: - - pip install tox + - pyenv install 3.6.15 + - pyenv local 3.6.15 + - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 1ac0daa6..93e8a312 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -26,7 +26,7 @@ phases: # Testing every minor version # is too extreme at this time. # The choice of versions should be reviewed. - - pyenv install 3.7.9 - - pyenv local 3.7.9 + - pyenv install 3.7.12 + - pyenv local 3.7.12 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index cbac65cf..c0170f2a 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -14,7 +14,7 @@ phases: python: latest build: commands: - - pyenv install 3.8.6 - - pyenv local 3.8.6 + - pyenv install 3.8.12 + - pyenv local 3.8.12 - pip install tox tox-pyenv - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index 62868c80..f4de17ef 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -14,7 +14,7 @@ phases: python: latest build: commands: - - pyenv install 3.9.0 - - pyenv local 3.9.0 + - pyenv install 3.9.7 + - pyenv local 3.9.7 - pip install tox tox-pyenv - tox diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 889b1290..89ba1bba 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -1,8 +1,25 @@ -"""Helper utilities for use while testing examples.""" +# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Helper utilities for use while testing examples. + +isort:skip_file +""" import os import sys os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) +# fmt: off from integration_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import +# fmt: on diff --git a/examples/test/test_aws_kms_encrypted_examples.py b/examples/test/test_aws_kms_encrypted_examples.py index 3c0e8a36..a815683a 100644 --- a/examples/test/test_aws_kms_encrypted_examples.py +++ b/examples/test/test_aws_kms_encrypted_examples.py @@ -20,7 +20,12 @@ aws_kms_multi_region_key, ) -from .examples_test_utils import cmk_arn, cmk_mrk_arn, ddb_table_name, second_cmk_mrk_arn # noqa pylint: disable=unused-import +from .examples_test_utils import ( # noqa pylint: disable=unused-import + cmk_arn, + cmk_mrk_arn, + ddb_table_name, + second_cmk_mrk_arn, +) pytestmark = [pytest.mark.examples] diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index 349163e0..1606f6c0 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -35,9 +35,7 @@ pass -__all__ = ( - "CachingMostRecentProvider", -) +__all__ = ("CachingMostRecentProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) #: Grace period during which we will return the latest local materials. This allows multiple #: threads to be using this same provider without risking lock contention or many threads From d7c8d37d2c9644f5a316a13b730055498b5bc589 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 12:11:26 -0700 Subject: [PATCH 08/57] feat(compatability): Check Python Runtime (#185) --- src/dynamodb_encryption_sdk/__init__.py | 3 ++ src/dynamodb_encryption_sdk/compatability.py | 39 ++++++++++++++++++++ test/pylintrc | 1 + test/unit/test_compatability.py | 38 +++++++++++++++++++ 4 files changed, 81 insertions(+) create mode 100644 src/dynamodb_encryption_sdk/compatability.py create mode 100644 test/unit/test_compatability.py diff --git a/src/dynamodb_encryption_sdk/__init__.py b/src/dynamodb_encryption_sdk/__init__.py index 7b5dba80..d1536792 100644 --- a/src/dynamodb_encryption_sdk/__init__.py +++ b/src/dynamodb_encryption_sdk/__init__.py @@ -11,6 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """DynamoDB Encryption Client.""" +from dynamodb_encryption_sdk.compatability import _warn_deprecated_python from dynamodb_encryption_sdk.encrypted.client import EncryptedClient from dynamodb_encryption_sdk.encrypted.item import ( decrypt_dynamodb_item, @@ -22,6 +23,8 @@ from dynamodb_encryption_sdk.encrypted.table import EncryptedTable from dynamodb_encryption_sdk.identifiers import __version__ +_warn_deprecated_python() + __all__ = ( "decrypt_dynamodb_item", "decrypt_python_item", diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py new file mode 100644 index 00000000..b63781d1 --- /dev/null +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -0,0 +1,39 @@ +# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Contains logic for checking the Python Version""" +import sys +import warnings + +DEPRECATION_DATE_MAP = {"1.x": "2022-07-08", "2.x": "2022-07-15"} + + +def _warn_deprecated_python(): + """Template for deprecation of Python warning.""" + deprecated_versions = { + (2, 7): {"date": DEPRECATION_DATE_MAP["2.x"]}, + (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, + (3, 5): {"date": "2021-11-10"}, + } + py_version = (sys.version_info.major, sys.version_info.minor) + minimum_version = (3, 6) + + if py_version in deprecated_versions: + params = deprecated_versions[py_version] + warning = ( + "aws-dynamodb-encryption will no longer support Python {}.{} " + "starting {}. To continue receiving service updates, " + "bug fixes, and security updates please upgrade to Python {}.{} or " + "later. For more information, see SUPPORT_POLICY.rst: " + "https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst" + ).format(py_version[0], py_version[1], minimum_version[0], minimum_version[1], params["date"]) + warnings.warn(warning, DeprecationWarning) diff --git a/test/pylintrc b/test/pylintrc index 24de7029..f63b3263 100644 --- a/test/pylintrc +++ b/test/pylintrc @@ -10,6 +10,7 @@ disable = protected-access, # raised when calling _ methods redefined-outer-name, # raised when using pytest-mock unused-argument, # raised when patches and fixtures are needed but not called + no-self-use, # raised on Classes in tests used for logically grouping tests # All below are disabled because we need to support Python 2 useless-object-inheritance, raise-missing-from, diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py new file mode 100644 index 00000000..a658d7b7 --- /dev/null +++ b/test/unit/test_compatability.py @@ -0,0 +1,38 @@ +# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Unit test suite for dynamodb_encryption_sdk.compatability.""" +import sys + +import mock +import pytest + +from dynamodb_encryption_sdk.compatability import _warn_deprecated_python + +pytestmark = [pytest.mark.unit, pytest.mark.local] + + +class TestWarnDeprecatedPython: + def test_happy_version(self): + with mock.patch.object(sys, "version_info") as v_info: + v_info.major = 3 + v_info.minor = 6 + with pytest.warns(None) as record: + _warn_deprecated_python() + assert len(record) == 0 + + def test_below_warn(self): + with mock.patch.object(sys, "version_info") as v_info: + v_info.major = 2 + v_info.minor = 7 + with pytest.warns(DeprecationWarning): + _warn_deprecated_python() From f8e258eee08f5230724b0917d50031f9391e2c30 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 13:13:47 -0700 Subject: [PATCH 09/57] ci(py310): test against Python 3.10.0 (#184) --- buildspec.yml | 2 ++ codebuild/python3.10.yml | 20 ++++++++++++++++++++ tox.ini | 2 +- 3 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 codebuild/python3.10.yml diff --git a/buildspec.yml b/buildspec.yml index b83ff440..b2a19641 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -13,6 +13,8 @@ batch: buildspec: codebuild/python3.8.yml - identifier: python3_9 buildspec: codebuild/python3.9.yml + - identifier: python3_10 + buildspec: codebuild/python3.10.yml - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml new file mode 100644 index 00000000..4fe79318 --- /dev/null +++ b/codebuild/python3.10.yml @@ -0,0 +1,20 @@ +version: 0.2 + +env: + variables: + TOXENV: "py310-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - pyenv install 3.10.0 + - pyenv local 3.10.0 + - pip install tox tox-pyenv + - tox diff --git a/tox.ini b/tox.ini index d0aa06da..3c4a9e4e 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{35,36,37,38,39}-{local,integ,ddb,examples}-fast, + py{35,36,37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 846e3b1f6b4aac46802dfb0942334ad3f4864b1f Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Nov 2021 14:58:32 -0700 Subject: [PATCH 10/57] chore: deprecate python 3.5 (#186) BREAKING CHANGE: Removes Testing against Python 3.5. Python 3.5 is no longer supported by the Python AWS DynamoDB Encryption Client. --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 2 -- codebuild/python3.5.yml | 32 -------------------------------- examples/tox.ini | 2 +- setup.py | 1 - tox.ini | 2 +- 7 files changed, 3 insertions(+), 39 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 86e3e8df..b1ccda1f 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.5 - 3.6 - 3.7 - 3.8 diff --git a/README.rst b/README.rst index 6881c2e1..b472e75e 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.5+ +* Python 3.6+ Installation diff --git a/buildspec.yml b/buildspec.yml index b2a19641..d6b651bd 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_5 - buildspec: codebuild/python3.5.yml - identifier: python3_6 buildspec: codebuild/python3.6.yml - identifier: python3_7 diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml index f0916074..e69de29b 100644 --- a/codebuild/python3.5.yml +++ b/codebuild/python3.5.yml @@ -1,32 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py35-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - # The specific versions are manually installed - # because they are not installed - # by default in CodeBuild containers. - # `pyenv` does not have - # a nice way to just install - # the latest patch version. - # I have selected the current latest patch - # rather than try - # and manage a one-liner or script. - # Testing every minor version - # is too extreme at this time. - # The choice of versions should be reviewed. - - pyenv install 3.5.10 - - pyenv local 3.5.10 - - pip install tox tox-pyenv - - tox diff --git a/examples/tox.ini b/examples/tox.ini index 67fa6318..ef7d4072 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{27,35,36,37,38,39}-examples + py{36,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} diff --git a/setup.py b/setup.py index 5ae2a7ef..c696bfd2 100644 --- a/setup.py +++ b/setup.py @@ -48,7 +48,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", diff --git a/tox.ini b/tox.ini index 3c4a9e4e..1a9d21cc 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{35,36,37,38,39,310}-{local,integ,ddb,examples}-fast, + py{36,37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From a1eddb56ac1e946c12d002b1ba6ceb2402ee4741 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Tue, 9 Nov 2021 17:13:41 -0700 Subject: [PATCH 11/57] chore: Add CODEOWNERS file (#187) --- .github/CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/CODEOWNERS diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..80689173 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,5 @@ +# Each line is a file pattern followed by one or more owners. +# https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# Default code owner for everything is our aws-crypto-tools group +* @aws/aws-crypto-tools From 186d939afa74403e9285854015826813751dc7e7 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 10 Nov 2021 11:25:14 -0700 Subject: [PATCH 12/57] chore: CHANGELOG and version bump for release 3.1.0 (#189) --- CHANGELOG.rst | 19 +++++++++++++++++++ src/dynamodb_encryption_sdk/identifiers.py | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8a500867..fed30700 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,25 @@ Changelog ********* +3.1.0 -- 2021-11-10 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 3.5 +as of version 3.1; only Python 3.6+ is supported. Customers using +Python 3.5 can still use the 2.x line of the AWS DynamoDB Encryption Client for Python, +which will continue to receive security updates, in accordance +with our `Support Policy `__. + +Feature +----------- +* Warn on Deprecated Python usage + `#368 `_ +* Add Python 3.10 to CI +* Remove Python 3.5 from testing + + 3.0.0 -- 2021-07-15 =================== diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index c9b33016..86741cd1 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.0.0" +__version__ = "3.1.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) From 84661add29c274facde5ef35f0d2dba83eae24af Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Wed, 10 Nov 2021 15:58:20 -0700 Subject: [PATCH 13/57] chore: Fix readthedocs builds (#190) --- .readthedocs.yaml | 22 ++++++++++++++++++++++ doc/requirements.txt | 4 ++-- 2 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 .readthedocs.yaml diff --git a/.readthedocs.yaml b/.readthedocs.yaml new file mode 100644 index 00000000..f2b0657b --- /dev/null +++ b/.readthedocs.yaml @@ -0,0 +1,22 @@ +# .readthedocs.yaml +# Read the Docs configuration file +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Build documentation in the doc/ directory with Sphinx +sphinx: + configuration: doc/conf.py + +# Don't need to build documentation for test vectors or any other +# sub modules +submodules: + exclude: all + +python: + version: 3.8 + install: + - requirements: doc/requirements.txt + - method: setuptools + path: . diff --git a/doc/requirements.txt b/doc/requirements.txt index 29e31945..69e61c10 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -1,2 +1,2 @@ -sphinx>=1.3.0 -sphinx_rtd_theme \ No newline at end of file +sphinx==4.2.0 +sphinx_rtd_theme==1.0.0 From b7aeaf735822fa1536b67cb3ad484f09f55deaa5 Mon Sep 17 00:00:00 2001 From: Ben Farley <47006790+farleyb-amazon@users.noreply.github.com> Date: Fri, 12 Nov 2021 08:45:49 -0700 Subject: [PATCH 14/57] chore: Fix release validation (#191) --- codebuild/release/validate.yml | 2 +- doc/conf.py | 2 +- examples/tox.ini | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index eacf49ae..7f0fda4b 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -28,7 +28,7 @@ phases: - | while [ $NUM_RETRIES -gt 0 ] do - tox -re py38-examples + tox -re py3-examples if [ $? -eq 0 ]; then break fi diff --git a/doc/conf.py b/doc/conf.py index 2bc924ac..4e87cadd 100644 --- a/doc/conf.py +++ b/doc/conf.py @@ -62,7 +62,7 @@ def get_version(): pygments_style = "sphinx" autoclass_content = "both" -autodoc_default_flags = ["show-inheritance", "members"] +autodoc_default_options = {"members": True, "show-inheritance": True} autodoc_member_order = "bysource" html_theme = "sphinx_rtd_theme" diff --git a/examples/tox.ini b/examples/tox.ini index ef7d4072..eb8b1aad 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{36,37,38,39}-examples + py{3,36,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} From f694bcd01b43f82e39482f750a1cdfbb0d50067e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Fri, 18 Feb 2022 14:38:40 -0800 Subject: [PATCH 15/57] chore: pin linter dependencies and enable dependabot (#192) --- .github/dependabot.yml | 13 ++++ .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 +- .readthedocs.yaml | 2 +- ci-requirements.txt | 1 - dev_requirements/ci-requirements.txt | 1 + .../doc-requirements.txt | 2 +- dev_requirements/linter-requirements.txt | 16 +++++ dev_requirements/release-requirements.txt | 4 ++ dev_requirements/test-requirements.txt | 9 +++ test/freeze-upstream-requirements.sh | 2 +- test/requirements.txt | 10 --- test/source-build-check.sh | 2 +- tox.ini | 64 +++++++------------ 14 files changed, 73 insertions(+), 59 deletions(-) create mode 100644 .github/dependabot.yml delete mode 100644 ci-requirements.txt create mode 100644 dev_requirements/ci-requirements.txt rename doc/requirements.txt => dev_requirements/doc-requirements.txt (63%) create mode 100644 dev_requirements/linter-requirements.txt create mode 100644 dev_requirements/release-requirements.txt create mode 100644 dev_requirements/test-requirements.txt delete mode 100644 test/requirements.txt diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5cd8ea5c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +updates: + # master + - package-ecosystem: "pip" + directory: "/dev_requirements" + schedule: + interval: "daily" + + # Github Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 1c867540..d1a112ec 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -37,7 +37,7 @@ jobs: python-version: 3.8 - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: check env: TOXENV: ${{ matrix.category }} diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index b1ccda1f..bf6e98b8 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -44,7 +44,7 @@ jobs: architecture: ${{ matrix.platform.architecture }} - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: run test env: TOXENV: ${{ matrix.category }} @@ -65,7 +65,7 @@ jobs: python-version: 3.7 - run: | python -m pip install --upgrade pip - pip install --upgrade -r ci-requirements.txt + pip install --upgrade -r dev_requirements/ci-requirements.txt - name: run test env: TOXENV: ${{ matrix.category }} diff --git a/.readthedocs.yaml b/.readthedocs.yaml index f2b0657b..a19ab508 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -17,6 +17,6 @@ submodules: python: version: 3.8 install: - - requirements: doc/requirements.txt + - requirements: dev_requirements/doc-requirements.txt - method: setuptools path: . diff --git a/ci-requirements.txt b/ci-requirements.txt deleted file mode 100644 index 053148f8..00000000 --- a/ci-requirements.txt +++ /dev/null @@ -1 +0,0 @@ -tox diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt new file mode 100644 index 00000000..9a41a70d --- /dev/null +++ b/dev_requirements/ci-requirements.txt @@ -0,0 +1 @@ +tox==3.24.5 diff --git a/doc/requirements.txt b/dev_requirements/doc-requirements.txt similarity index 63% rename from doc/requirements.txt rename to dev_requirements/doc-requirements.txt index 69e61c10..9364148e 100644 --- a/doc/requirements.txt +++ b/dev_requirements/doc-requirements.txt @@ -1,2 +1,2 @@ -sphinx==4.2.0 +sphinx==4.4.0 sphinx_rtd_theme==1.0.0 diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt new file mode 100644 index 00000000..835b7f0a --- /dev/null +++ b/dev_requirements/linter-requirements.txt @@ -0,0 +1,16 @@ +bandit==1.7.2 +black==22.1.0 +doc8==0.10.1 +flake8==4.0.1 +flake8-docstrings==1.6.0 +flake8-isort==4.1.1 +# https://github.com/JBKahn/flake8-print/pull/30 +flake8-print==4.0.0 +isort==5.10.1 +pylint==2.12.2 +pyflakes==2.4.0 +# https://github.com/PyCQA/pydocstyle/issues/375 +pydocstyle==3.0.0 +readme_renderer==32.0 +seed-isort-config==2.2.0 +vulture==2.3 diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt new file mode 100644 index 00000000..ba64ded2 --- /dev/null +++ b/dev_requirements/release-requirements.txt @@ -0,0 +1,4 @@ +pypi-parker==0.1.2 +setuptools==60.7.1 +twine==3.8.0 +wheel==0.37.1 diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt new file mode 100644 index 00000000..83d215f3 --- /dev/null +++ b/dev_requirements/test-requirements.txt @@ -0,0 +1,9 @@ +hypothesis==5.49.0 +mock==4.0.3 +moto==3.0.2 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-mock==3.6.1 +pytest-xdist==2.5.0 +boto3==1.20.51 +botocore==1.23.51 diff --git a/test/freeze-upstream-requirements.sh b/test/freeze-upstream-requirements.sh index 293ae16d..2be3824d 100755 --- a/test/freeze-upstream-requirements.sh +++ b/test/freeze-upstream-requirements.sh @@ -6,5 +6,5 @@ if [ -z ${1} ]; then fi pip install -r requirements.txt -pip install -r test/requirements.txt +pip install -r dev_requirements/test-requirements.txt pip freeze > ${1} diff --git a/test/requirements.txt b/test/requirements.txt deleted file mode 100644 index 24ace5ac..00000000 --- a/test/requirements.txt +++ /dev/null @@ -1,10 +0,0 @@ -hypothesis>=5.0.0,<6.0.0;python_version>='3' -hypothesis==4.57.1;python_version=='2.7' -mock -moto>=1.3.8 -pytest>=3.4.0 -pytest-cov -pytest-mock -pytest-xdist -boto3 -botocore diff --git a/test/source-build-check.sh b/test/source-build-check.sh index 22e31a83..1d6986a1 100755 --- a/test/source-build-check.sh +++ b/test/source-build-check.sh @@ -26,7 +26,7 @@ EXTRACTEDDIR=$(ls | tail -1) cd ${EXTRACTEDDIR} echo "Installing requirements from extracted source build." -pip install -r test/requirements.txt +pip install -r dev_requirements/test-requirements.txt pip install -e . echo "Running tests from extracted source build." diff --git a/tox.ini b/tox.ini index 1a9d21cc..188569bc 100644 --- a/tox.ini +++ b/tox.ini @@ -60,7 +60,7 @@ passenv = # Pass through the default AWS region (used for integration tests) AWS_DEFAULT_REGION sitepackages = False -deps = -rtest/requirements.txt +deps = -rdev_requirements/test-requirements.txt # 'download' forces tox to always upgrade pip to the latest download = true commands = @@ -91,7 +91,7 @@ commands = # Do not select any specific markers manual: {[testenv:base-command]commands} # Only run examples tests - examples: {[testenv:base-command]commands} examples/test/ -m "examples" + examples: {[testenv:base-command]commands} examples/test -m "examples" # Run code coverage on the unit tests [testenv:coverage] @@ -106,7 +106,7 @@ sitepackages = False passenv = setenv = ######################################################### -deps = -rtest/requirements.txt +deps = -rdev_requirements/test-requirements.txt commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples # Collect requirements for use in upstream tests @@ -149,6 +149,7 @@ sitepackages = False recreate = True deps = {[testenv:build]deps} + -rdev_requirements/test-requirements.txt commands = {[testenv:build]commands} {toxinidir}/test/source-build-check.sh {envtmpdir} {toxinidir}/dist @@ -186,14 +187,7 @@ commands = # Linters [testenv:flake8] basepython = python3 -deps = - flake8 - flake8-docstrings - flake8-isort - # https://github.com/PyCQA/pydocstyle/issues/375 - pydocstyle<4.0.0 - # https://github.com/JBKahn/flake8-print/pull/30 - flake8-print>=3.1.0 +deps = -rdev_requirements/linter-requirements.txt commands = flake8 \ src/dynamodb_encryption_sdk/ \ @@ -202,7 +196,7 @@ commands = [testenv:flake8-tests] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = -rdev_requirements/linter-requirements.txt commands = flake8 \ # Ignore F811 redefinition errors in tests (breaks with pytest-mock use) @@ -214,7 +208,7 @@ commands = [testenv:flake8-examples] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = {[testenv:flake8]deps} commands = flake8 \ # Ignore C901 complexity requirements (examples optimize for straightforward readability) @@ -232,8 +226,7 @@ commands = basepython = python3 deps = {[testenv]deps} - pyflakes - pylint + -rdev_requirements/linter-requirements.txt commands = pylint \ --rcfile=src/pylintrc \ @@ -261,8 +254,7 @@ commands = [testenv:blacken-src] basepython = python3 -deps = - black +deps = -rdev_requirements/linter-requirements.txt commands = black --line-length 120 \ src/dynamodb_encryption_sdk/ \ @@ -276,28 +268,24 @@ commands = [testenv:blacken] basepython = python3 -deps = - {[testenv:blacken-src]deps} +deps = {[testenv:blacken-src]deps} commands = {[testenv:blacken-src]commands} [testenv:black-check] basepython = python3 -deps = - {[testenv:blacken]deps} +deps = {[testenv:blacken]deps} commands = {[testenv:blacken-src]commands} --diff [testenv:isort-seed] basepython = python3 -deps = seed-isort-config +deps = -rdev_requirements/linter-requirements.txt commands = seed-isort-config [testenv:isort] basepython = python3 -# We need >=5.0.0 because -# several configuration settings changed with 5.0.0 -deps = isort>=5.0.0 +deps = -rdev_requirements/linter-requirements.txt commands = isort \ src \ test \ @@ -316,8 +304,8 @@ commands = {[testenv:isort]commands} -c [testenv:autoformat] basepython = python3 deps = - {[testenv:isort]deps} {[testenv:blacken]deps} + {[testenv:isort]deps} commands = {[testenv:isort]commands} {[testenv:blacken]commands} @@ -337,8 +325,8 @@ commands = basepython = python3 whitelist_externals = {[testenv:resetdocs]whitelist_externals} deps = - sphinx - doc8 + -rdev_requirements/doc-requirements.txt + -rdev_requirements/linter-requirements.txt commands = {[testenv:resetdocs]commands} doc8 doc/index.rst doc/lib/ README.rst CHANGELOG.rst @@ -346,18 +334,18 @@ commands = [testenv:readme] basepython = python3 -deps = readme_renderer +deps = -rdev_requirements/linter-requirements.txt commands = python setup.py check -r -s [testenv:bandit] basepython = python3 -deps = bandit +deps = -rdev_requirements/linter-requirements.txt commands = bandit -r src/dynamodb_encryption_sdk/ # Prone to false positives: only run independently [testenv:vulture] basepython = python3 -deps = vulture +deps = -rdev_requirements/linter-requirements.txt commands = vulture src/dynamodb_encryption_sdk/ [testenv:linters] @@ -387,7 +375,7 @@ commands = # Documentation [testenv:docs] basepython = python3 -deps = -rdoc/requirements.txt +deps = -rdev_requirements/doc-requirements.txt commands = sphinx-build -E -c doc/ -b html doc/ doc/build/html sphinx-build -E -c doc/ -b linkcheck doc/ doc/build/html @@ -404,27 +392,21 @@ commands = [testenv:park] basepython = python3 skip_install = true -deps = - pypi-parker - setuptools +deps = -rdev_requirements/release-requirements.txt commands = python setup.py park # Release tooling [testenv:build] basepython = python3 skip_install = true -deps = - wheel - setuptools +deps = -rdev_requirements/release-requirements.txt commands = python setup.py sdist bdist_wheel [testenv:release-base] basepython = python3 skip_install = true -deps = - {[testenv:build]deps} - twine +deps = -rdev_requirements/release-requirements.txt passenv = # Intentionally omit TWINE_REPOSITORY_URL from the passenv list, # as this overrides other ways of setting the repository and could From 51799f6f433cfc45801e83c94418e234dd1c976c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Tue, 29 Mar 2022 13:46:56 -0700 Subject: [PATCH 16/57] chore(deps): bump black from 22.1.0 to 22.3.0 (#237) --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 835b7f0a..a4333979 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -1,5 +1,5 @@ bandit==1.7.2 -black==22.1.0 +black==22.3.0 doc8==0.10.1 flake8==4.0.1 flake8-docstrings==1.6.0 From 3a999267ba1842f883cf0eba2aab6c2b9aa8ed63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Apr 2022 16:20:11 -0700 Subject: [PATCH 17/57] chore(deps): bump actions/checkout from 2 to 3 (#209) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 ++-- .github/workflows/repo-sync.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index d1a112ec..2ecd851e 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -31,7 +31,7 @@ jobs: - pylint-examples - black-check steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: python-version: 3.8 diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index bf6e98b8..0c091292 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -37,7 +37,7 @@ jobs: # - integ-slow # - examples steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v2 with: python-version: ${{ matrix.python }} @@ -59,7 +59,7 @@ jobs: - sourcebuildcheck - test-upstream-requirements-py37 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: actions/setup-python@v1 with: python-version: 3.7 diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index b7605354..6b1c6be3 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,7 +9,7 @@ jobs: environment: repo-sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: repo-sync/github-sync@v2 name: Sync repo to branch with: From 0e0d6639f835c02e0fd30cc0efc38d9c35d228e9 Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Fri, 8 Apr 2022 18:07:40 -0700 Subject: [PATCH 18/57] fix: Upgrade readme_renderer to 34.0 (#251) --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index a4333979..b9241de6 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -11,6 +11,6 @@ pylint==2.12.2 pyflakes==2.4.0 # https://github.com/PyCQA/pydocstyle/issues/375 pydocstyle==3.0.0 -readme_renderer==32.0 +readme_renderer==34.0 seed-isort-config==2.2.0 vulture==2.3 From 60f6a0d0839e11869a8d18cddadf72865049c5c3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Apr 2022 10:10:27 -0700 Subject: [PATCH 19/57] chore(deps): bump actions/setup-python from 2 to 3.1.1 (#247) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v3.1.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 2ecd851e..32b591ff 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v3 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 0c091292..c4f3f5c0 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -38,7 +38,7 @@ jobs: # - examples steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v3 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -60,7 +60,7 @@ jobs: - test-upstream-requirements-py37 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v1 + - uses: actions/setup-python@v3 with: python-version: 3.7 - run: | From c8a4796ecb41fe2329ab74cc6fe521369c03844f Mon Sep 17 00:00:00 2001 From: lavaleri <49660121+lavaleri@users.noreply.github.com> Date: Mon, 14 Nov 2022 12:56:13 -0800 Subject: [PATCH 20/57] chore: Upgrade hypothesis (#442) --- dev_requirements/test-requirements.txt | 2 +- test/functional/hypothesis_strategies.py | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 83d215f3..4396c348 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,4 +1,4 @@ -hypothesis==5.49.0 +hypothesis==6.31.6 mock==4.0.3 moto==3.0.2 pytest==7.0.0 diff --git a/test/functional/hypothesis_strategies.py b/test/functional/hypothesis_strategies.py index 6a39d4cf..059e14b6 100644 --- a/test/functional/hypothesis_strategies.py +++ b/test/functional/hypothesis_strategies.py @@ -23,6 +23,10 @@ hypothesis.HealthCheck.too_slow, hypothesis.HealthCheck.data_too_large, hypothesis.HealthCheck.large_base_example, + # Hypothesis requires that we acknowledge that the example_table fixure + # is not reset between examples generated by hypothesis.given. + # This is the desired behavior for example_table, so supress this check + hypothesis.HealthCheck.function_scoped_fixture, ), deadline=None, ) From 933c48b2a6b9c31cf2d2152366cbbb1b67294334 Mon Sep 17 00:00:00 2001 From: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Date: Fri, 2 Dec 2022 16:41:28 -0800 Subject: [PATCH 21/57] chore: drop py36 support (#464) --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 2 -- codebuild/python3.6.yml | 20 -------------------- examples/setup.py | 2 -- examples/tox.ini | 2 +- setup.py | 1 - tox.ini | 2 +- 8 files changed, 3 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index c4f3f5c0..dcb78974 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.6 - 3.7 - 3.8 - 3.9 diff --git a/README.rst b/README.rst index b472e75e..14d4e151 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.6+ +* Python 3.7+ Installation diff --git a/buildspec.yml b/buildspec.yml index d6b651bd..fb50c7b4 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,8 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_6 - buildspec: codebuild/python3.6.yml - identifier: python3_7 buildspec: codebuild/python3.7.yml - identifier: python3_8 diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml index 864ea3b1..e69de29b 100644 --- a/codebuild/python3.6.yml +++ b/codebuild/python3.6.yml @@ -1,20 +0,0 @@ -version: 0.2 - -env: - variables: - TOXENV: "py36-integ-slow" - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- - arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- - arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 - -phases: - install: - runtime-versions: - python: latest - build: - commands: - - pyenv install 3.6.15 - - pyenv local 3.6.15 - - pip install tox tox-pyenv - - tox diff --git a/examples/setup.py b/examples/setup.py index ceb22c19..b856ef53 100644 --- a/examples/setup.py +++ b/examples/setup.py @@ -50,8 +50,6 @@ def get_requirements(): "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.5", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/examples/tox.ini b/examples/tox.ini index eb8b1aad..e4b39b37 100644 --- a/examples/tox.ini +++ b/examples/tox.ini @@ -2,7 +2,7 @@ [tox] envlist = - py{3,36,37,38,39}-examples + py{3,37,38,39}-examples [testenv:base-command] commands = python -m pytest --basetemp={envtmpdir} -l {posargs} diff --git a/setup.py b/setup.py index c696bfd2..9115ff00 100644 --- a/setup.py +++ b/setup.py @@ -48,7 +48,6 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", diff --git a/tox.ini b/tox.ini index 188569bc..b756e32d 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{36,37,38,39,310}-{local,integ,ddb,examples}-fast, + py{37,38,39,310}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 390ec1700bea1764ddccb816d09d5c5aed673364 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Tue, 10 Jan 2023 09:35:35 -0800 Subject: [PATCH 22/57] fix: pin tox dependency < 4.0 (#506) Co-authored-by: Shubham Chaturvedi --- codebuild/coverage/coverage.yml | 2 +- codebuild/python3.10.yml | 2 +- codebuild/python3.5.yml | 0 codebuild/python3.6.yml | 0 codebuild/python3.7.yml | 2 +- codebuild/python3.8.yml | 2 +- codebuild/python3.9.yml | 2 +- codebuild/release/prod-release.yml | 2 +- codebuild/release/test-release.yml | 2 +- codebuild/release/validate.yml | 2 +- 10 files changed, 8 insertions(+), 8 deletions(-) delete mode 100644 codebuild/python3.5.yml delete mode 100644 codebuild/python3.6.yml diff --git a/codebuild/coverage/coverage.yml b/codebuild/coverage/coverage.yml index f82a3a98..51d8b0a6 100644 --- a/codebuild/coverage/coverage.yml +++ b/codebuild/coverage/coverage.yml @@ -10,5 +10,5 @@ phases: python: latest build: commands: - - pip install tox + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml index 4fe79318..a18185dc 100644 --- a/codebuild/python3.10.yml +++ b/codebuild/python3.10.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.10.0 - pyenv local 3.10.0 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.5.yml b/codebuild/python3.5.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/codebuild/python3.6.yml b/codebuild/python3.6.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 93e8a312..19a97151 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -28,5 +28,5 @@ phases: # The choice of versions should be reviewed. - pyenv install 3.7.12 - pyenv local 3.7.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index c0170f2a..cc7a821d 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.8.12 - pyenv local 3.8.12 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index f4de17ef..8e5f609e 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -16,5 +16,5 @@ phases: commands: - pyenv install 3.9.7 - pyenv local 3.9.7 - - pip install tox tox-pyenv + - pip install "tox < 4.0" - tox diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index c729c96c..c8639c61 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 1dc9feae..9d8fbed2 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -10,7 +10,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" - pip install --upgrade pip runtime-versions: python: latest diff --git a/codebuild/release/validate.yml b/codebuild/release/validate.yml index 7f0fda4b..f710aa5a 100644 --- a/codebuild/release/validate.yml +++ b/codebuild/release/validate.yml @@ -15,7 +15,7 @@ env: phases: install: commands: - - pip install tox + - pip install "tox < 4.0" runtime-versions: python: latest pre_build: From f360734cffa8ae34d9d302e2bc9efd97944c886d Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 11 Jan 2023 10:37:47 -0800 Subject: [PATCH 23/57] chore: Adds python36 deprecation to changelog (#479) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement Co-authored-by: Shubham Chaturvedi --- CHANGELOG.rst | 12 ++++++++++++ dev_requirements/test-requirements.txt | 2 +- src/dynamodb_encryption_sdk/compatability.py | 3 ++- src/dynamodb_encryption_sdk/identifiers.py | 2 +- test/unit/test_compatability.py | 2 +- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index fed30700..d076d298 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,18 @@ Changelog ********* +3.2.0 -- 2021-12-19 +=================== + +Deprecation +----------- +The AWS DynamoDB Encryption Client for Python no longer supports Python 3.6 +as of version 3.2; only Python 3.7+ is supported. + +Feature +----------- +* Warn on Deprecated Python 3.6 usage + 3.1.0 -- 2021-11-10 =================== diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 4396c348..270b5a5b 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -3,7 +3,7 @@ mock==4.0.3 moto==3.0.2 pytest==7.0.0 pytest-cov==3.0.0 -pytest-mock==3.6.1 +pytest-mock==3.10.0 pytest-xdist==2.5.0 boto3==1.20.51 botocore==1.23.51 diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py index b63781d1..9819c825 100644 --- a/src/dynamodb_encryption_sdk/compatability.py +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -23,9 +23,10 @@ def _warn_deprecated_python(): (2, 7): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 5): {"date": "2021-11-10"}, + (3, 6): {"date": "2021-12-19"}, } py_version = (sys.version_info.major, sys.version_info.minor) - minimum_version = (3, 6) + minimum_version = (3, 7) if py_version in deprecated_versions: params = deprecated_versions[py_version] diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index 86741cd1..b8b1c118 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.1.0" +__version__ = "3.2.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index a658d7b7..37241aa9 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -25,7 +25,7 @@ class TestWarnDeprecatedPython: def test_happy_version(self): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 - v_info.minor = 6 + v_info.minor = 7 with pytest.warns(None) as record: _warn_deprecated_python() assert len(record) == 0 From 9b89cfc39097416169eefd9539a31ba144400abd Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Wed, 18 Jan 2023 17:04:48 -0800 Subject: [PATCH 24/57] chore: Update SUPPORT_POLICY.rst (#518) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement * chore: Update SUPPORT_POLICY.rst * fix: Add Maintenance Date in SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> Co-authored-by: Shubham Chaturvedi Co-authored-by: Shubham Chaturvedi Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- SUPPORT_POLICY.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 26b126fa..5af85cc5 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -22,16 +22,16 @@ This table describes the current support status of each major version of the AWS - Next status - Next status date * - 1.x - - Maintenance - End of Support - - 2022-07-08 + - + - * - 2.x - - Maintenance - End of Support - - 2022-07-15 + - + - * - 3.x - Generally Available - - - - + - Maintenance + - 2023-07-23 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle From 35ee30aea5a93b4446677fdf1f14edc3ca3c0452 Mon Sep 17 00:00:00 2001 From: Shubham Chaturvedi Date: Thu, 19 Jan 2023 13:33:44 -0800 Subject: [PATCH 25/57] fix: Add packaging dependency for twine < 4.0 (#522) * chore: Adds pyhton36 deprecation to changelog * fix: updates compatability test to 3.7 * fix: pin tox dependency < 4.0 * fix: reword the deprecation announcement * chore: Update SUPPORT_POLICY.rst * fix: Add Maintenance Date in SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: SUPPORT_POLICY.rst Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> * fix: Add packaging dependency for twine Co-authored-by: Shubham Chaturvedi Co-authored-by: Shubham Chaturvedi Co-authored-by: Tony Knapp <5892063+texastony@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index ba64ded2..beb32ea9 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -2,3 +2,5 @@ pypi-parker==0.1.2 setuptools==60.7.1 twine==3.8.0 wheel==0.37.1 +#This is required for twine < 4.0 +packaging \ No newline at end of file From a2e993f939415b85c11a3deb9aac3fa1a52e6e84 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 23 Jan 2023 16:32:27 -0800 Subject: [PATCH 26/57] test: Python 3.11 (#528) --- .github/workflows/ci_tests.yaml | 23 +++++++++ setup.py | 2 + test/upstream-requirements-py311.txt | 39 ++++++++++++++++ test/upstream-requirements-py37.txt | 70 ++++++++++++++-------------- tox.ini | 22 ++++++++- 5 files changed, 119 insertions(+), 37 deletions(-) create mode 100644 test/upstream-requirements-py311.txt diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index dcb78974..1d7c5377 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -28,6 +28,8 @@ jobs: - 3.7 - 3.8 - 3.9 + - "3.10" + - "3.11" - 3.x category: - local-slow @@ -69,3 +71,24 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py311: + runs-on: ubuntu-latest + strategy: + fail-fast: true + matrix: + category: + - nocmk + - sourcebuildcheck + - test-upstream-requirements-py311 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v3 + with: + python-version: "3.11" + - run: | + python -m pip install --upgrade pip + pip install --upgrade -r dev_requirements/ci-requirements.txt + - name: run test + env: + TOXENV: ${{ matrix.category }} + run: tox -- -vv diff --git a/setup.py b/setup.py index 9115ff00..55408c94 100644 --- a/setup.py +++ b/setup.py @@ -51,6 +51,8 @@ def get_requirements(): "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt new file mode 100644 index 00000000..5c696720 --- /dev/null +++ b/test/upstream-requirements-py311.txt @@ -0,0 +1,39 @@ +attrs==22.2.0 +boto3==1.20.51 +botocore==1.23.51 +certifi==2022.12.7 +cffi==1.15.1 +charset-normalizer==3.0.1 +coverage==7.0.5 +cryptography==39.0.0 +execnet==1.9.0 +hypothesis==6.31.6 +idna==3.4 +iniconfig==2.0.0 +Jinja2==3.1.2 +jmespath==0.10.0 +MarkupSafe==2.1.2 +mock==4.0.3 +moto==3.0.2 +packaging==23.0 +pluggy==1.0.0 +py==1.11.0 +pycparser==2.21 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-forked==1.4.0 +pytest-mock==3.10.0 +pytest-xdist==2.5.0 +python-dateutil==2.8.2 +pytz==2022.7.1 +requests==2.28.2 +responses==0.22.0 +s3transfer==0.5.2 +six==1.16.0 +sortedcontainers==2.4.0 +toml==0.10.2 +tomli==2.0.1 +types-toml==0.10.8.1 +urllib3==1.26.14 +Werkzeug==2.2.2 +xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 76ee4525..2048fe48 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,42 +1,42 @@ -attrs==21.2.0 -boto3==1.18.12 -botocore==1.21.12 -certifi==2021.5.30 -cffi==1.14.6 -charset-normalizer==2.0.4 -coverage==5.5 -cryptography==3.4.7 +attrs==22.2.0 +boto3==1.20.51 +botocore==1.23.51 +certifi==2022.12.7 +cffi==1.15.1 +charset-normalizer==3.0.1 +coverage==7.0.5 +cryptography==39.0.0 execnet==1.9.0 -hypothesis==5.49.0 -idna==3.2 -importlib-metadata==4.6.3 -iniconfig==1.1.1 -Jinja2==3.0.1 +hypothesis==6.31.6 +idna==3.4 +importlib-metadata==6.0.0 +iniconfig==2.0.0 +Jinja2==3.1.2 jmespath==0.10.0 -MarkupSafe==2.0.1 +MarkupSafe==2.1.2 mock==4.0.3 -more-itertools==8.8.0 -moto==2.2.1 -packaging==21.0 -pluggy==0.13.1 -py==1.10.0 -pycparser==2.20 -pyparsing==2.4.7 -pytest==6.2.4 -pytest-cov==2.12.1 -pytest-forked==1.3.0 -pytest-mock==3.6.1 -pytest-xdist==2.3.0 +moto==3.0.2 +packaging==23.0 +pluggy==1.0.0 +py==1.11.0 +pycparser==2.21 +pytest==7.0.0 +pytest-cov==3.0.0 +pytest-forked==1.4.0 +pytest-mock==3.10.0 +pytest-xdist==2.5.0 python-dateutil==2.8.2 -pytz==2021.1 -requests==2.26.0 -responses==0.13.3 -s3transfer==0.5.0 +pytz==2022.7.1 +requests==2.28.2 +responses==0.22.0 +s3transfer==0.5.2 six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 -typing-extensions==3.10.0.0 -urllib3==1.26.6 -Werkzeug==2.0.1 -xmltodict==0.12.0 -zipp==3.5.0 +tomli==2.0.1 +types-toml==0.10.8.1 +typing_extensions==4.4.0 +urllib3==1.26.14 +Werkzeug==2.2.2 +xmltodict==0.13.0 +zipp==3.11.0 diff --git a/tox.ini b/tox.ini index b756e32d..f2259323 100644 --- a/tox.ini +++ b/tox.ini @@ -1,11 +1,11 @@ [tox] envlist = - py{37,38,39,310}-{local,integ,ddb,examples}-fast, + py{37,38,39,310,311}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, vulture, - test-upstream-requirements-py{2,3}7 + test-upstream-requirements-py3{11,7} # Additional environments: # @@ -126,6 +126,15 @@ recreate = {[testenv:freeze-upstream-requirements-base]recreate} deps = {[testenv:freeze-upstream-requirements-base]deps} commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt +# Freeze for Python 3.11 +[testenv:freeze-upstream-requirements-py311] +basepython = python3.11 +sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} +skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} +recreate = {[testenv:freeze-upstream-requirements-base]recreate} +deps = {[testenv:freeze-upstream-requirements-base]deps} +commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py311.txt + # Test frozen upstream requirements [testenv:test-upstream-requirements-base] sitepackages = False @@ -142,6 +151,15 @@ sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} recreate = {[testenv:test-upstream-requirements-base]recreate} commands = {[testenv:test-upstream-requirements-base]commands} +# Test frozen upstream requirements for Python 3.11 +[testenv:test-upstream-requirements-py311] +basepython = python3.11 +passenv = +deps = -rtest/upstream-requirements-py311.txt +sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} +recreate = {[testenv:test-upstream-requirements-base]recreate} +commands = {[testenv:test-upstream-requirements-base]commands} + # Verify that tests can be successfully run from the source build. [testenv:sourcebuildcheck] basepython = python3 From decf303794fde0ebaed8ac6e512fcff81e082140 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 13:44:02 -0800 Subject: [PATCH 27/57] chore(deps): bump setuptools from 60.7.1 to 66.1.1 in /dev_requirements (#526) Bumps [setuptools](https://github.com/pypa/setuptools) from 60.7.1 to 66.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/CHANGES.rst) - [Commits](https://github.com/pypa/setuptools/compare/v60.7.1...v66.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index beb32ea9..e11a5014 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,5 +1,5 @@ pypi-parker==0.1.2 -setuptools==60.7.1 +setuptools==66.1.1 twine==3.8.0 wheel==0.37.1 #This is required for twine < 4.0 From 71b98568695b863d04fd31d168c3037dd2784bc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 14:49:30 -0800 Subject: [PATCH 28/57] chore(deps): bump wheel from 0.37.1 to 0.38.4 in /dev_requirements (#491) Bumps [wheel](https://github.com/pypa/wheel) from 0.37.1 to 0.38.4. - [Release notes](https://github.com/pypa/wheel/releases) - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](https://github.com/pypa/wheel/compare/0.37.1...0.38.4) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/release-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/release-requirements.txt b/dev_requirements/release-requirements.txt index e11a5014..fa2ef83b 100644 --- a/dev_requirements/release-requirements.txt +++ b/dev_requirements/release-requirements.txt @@ -1,6 +1,6 @@ pypi-parker==0.1.2 setuptools==66.1.1 twine==3.8.0 -wheel==0.37.1 +wheel==0.38.4 #This is required for twine < 4.0 packaging \ No newline at end of file From de31c5e4339bfdc0e237b4b53fb6e4958bed972f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Jan 2023 16:32:17 -0800 Subject: [PATCH 29/57] chore(deps): bump pytest from 7.0.0 to 7.2.1 in /dev_requirements (#513) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.0.0 to 7.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/7.0.0...7.2.1) --- updated-dependencies: - dependency-name: pytest dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dev_requirements/test-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 270b5a5b..bc692605 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -1,7 +1,7 @@ hypothesis==6.31.6 mock==4.0.3 moto==3.0.2 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 From ce8b779f628ccc150837cd768190f237f52a23e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:44:37 -0800 Subject: [PATCH 30/57] chore(deps): bump cryptography from 39.0.0 to 39.0.1 in /test (#547) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.0 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/39.0.0...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 5c696720..9a2922ab 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 2048fe48..94c561cc 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.0.5 -cryptography==39.0.0 +cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 From 5e963f38bf6a1f9885edd47b53863ab386a2b630 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Wed, 22 Feb 2023 16:45:08 -0800 Subject: [PATCH 31/57] chore: bump ci deps (#564) --- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/ci_tests.yaml | 6 +++--- test/upstream-requirements-py311.txt | 11 +++++------ test/upstream-requirements-py37.txt | 15 ++++++++------- 4 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 32b591ff..51c88f5d 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -32,7 +32,7 @@ jobs: - black-check steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 1d7c5377..1a58792d 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,7 +39,7 @@ jobs: # - examples steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -61,7 +61,7 @@ jobs: - test-upstream-requirements-py37 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: 3.7 - run: | @@ -82,7 +82,7 @@ jobs: - test-upstream-requirements-py311 steps: - uses: actions/checkout@v3 - - uses: actions/setup-python@v3 + - uses: actions/setup-python@v4 with: python-version: "3.11" - run: | diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 9a2922ab..83c891cb 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -4,7 +4,7 @@ botocore==1.23.51 certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 -coverage==7.0.5 +coverage==7.1.0 cryptography==39.0.1 execnet==1.9.0 hypothesis==6.31.6 @@ -19,9 +19,9 @@ packaging==23.0 pluggy==1.0.0 py==1.11.0 pycparser==2.21 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 -pytest-forked==1.4.0 +pytest-forked==1.6.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 python-dateutil==2.8.2 @@ -32,8 +32,7 @@ s3transfer==0.5.2 six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 -tomli==2.0.1 -types-toml==0.10.8.1 +types-toml==0.10.8.5 urllib3==1.26.14 -Werkzeug==2.2.2 +Werkzeug==2.2.3 xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 94c561cc..9c6a069d 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -4,8 +4,9 @@ botocore==1.23.51 certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 -coverage==7.0.5 +coverage==7.1.0 cryptography==39.0.1 +exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 @@ -20,9 +21,9 @@ packaging==23.0 pluggy==1.0.0 py==1.11.0 pycparser==2.21 -pytest==7.0.0 +pytest==7.2.1 pytest-cov==3.0.0 -pytest-forked==1.4.0 +pytest-forked==1.6.0 pytest-mock==3.10.0 pytest-xdist==2.5.0 python-dateutil==2.8.2 @@ -34,9 +35,9 @@ six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 tomli==2.0.1 -types-toml==0.10.8.1 -typing_extensions==4.4.0 +types-toml==0.10.8.5 +typing_extensions==4.5.0 urllib3==1.26.14 -Werkzeug==2.2.2 +Werkzeug==2.2.3 xmltodict==0.13.0 -zipp==3.11.0 +zipp==3.14.0 From 7db21140dba2ec1b722421e7468be22cc1b087d8 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Mon, 6 Mar 2023 11:41:17 -0800 Subject: [PATCH 32/57] fix(docs): update broken links (#572) --- src/dynamodb_encryption_sdk/encrypted/client.py | 2 +- src/dynamodb_encryption_sdk/encrypted/resource.py | 6 +++--- src/dynamodb_encryption_sdk/encrypted/table.py | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/dynamodb_encryption_sdk/encrypted/client.py b/src/dynamodb_encryption_sdk/encrypted/client.py index bd8f2c58..d3858a00 100644 --- a/src/dynamodb_encryption_sdk/encrypted/client.py +++ b/src/dynamodb_encryption_sdk/encrypted/client.py @@ -134,7 +134,7 @@ class EncryptedClient(object): This class provides a superset of the boto3 DynamoDB client API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#client + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb.html#client If you want to provide per-request cryptographic details, the ``put_item``, ``get_item``, ``query``, ``scan``, ``batch_write_item``, and ``batch_get_item`` methods will also diff --git a/src/dynamodb_encryption_sdk/encrypted/resource.py b/src/dynamodb_encryption_sdk/encrypted/resource.py index b5b71f8b..f5ecf6c6 100644 --- a/src/dynamodb_encryption_sdk/encrypted/resource.py +++ b/src/dynamodb_encryption_sdk/encrypted/resource.py @@ -44,7 +44,7 @@ class EncryptedTablesCollectionManager(object): # pylint: disable=too-few-public-methods,too-many-instance-attributes """Tables collection manager that provides :class:`EncryptedTable` objects. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.tables + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html :param collection: Pre-configured boto3 DynamoDB table collection manager :type collection: boto3.resources.collection.CollectionManager @@ -137,7 +137,7 @@ class EncryptedResource(object): This class provides a superset of the boto3 DynamoDB service resource API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#service-resource + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/index.html If you want to provide per-request cryptographic details, the ``batch_write_item`` and ``batch_get_item`` methods will also accept a ``crypto_config`` parameter, defining @@ -217,7 +217,7 @@ def Table(self, name, **kwargs): If any of the optional configuration values are not provided, the corresponding values for this ``EncryptedResource`` will be used. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.ServiceResource.Table + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/index.html#DynamoDB.Table :param name: The table name. :param CryptographicMaterialsProvider materials_provider: Cryptographic materials diff --git a/src/dynamodb_encryption_sdk/encrypted/table.py b/src/dynamodb_encryption_sdk/encrypted/table.py index 128cb896..1cef41a0 100644 --- a/src/dynamodb_encryption_sdk/encrypted/table.py +++ b/src/dynamodb_encryption_sdk/encrypted/table.py @@ -60,7 +60,7 @@ class EncryptedTable(object): This class provides a superset of the boto3 DynamoDB Table API, so should work as a drop-in replacement once configured. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#table + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/index.html#DynamoDB.Table If you want to provide per-request cryptographic details, the ``put_item``, ``get_item``, ``query``, and ``scan`` methods will also accept a ``crypto_config`` parameter, defining @@ -158,7 +158,7 @@ def update_item(self, **kwargs): def batch_writer(self, overwrite_by_pkeys=None): """Create a batch writer object. - https://boto3.readthedocs.io/en/latest/reference/services/dynamodb.html#DynamoDB.Table.batch_writer + https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/batch_writer.html :type overwrite_by_pkeys: list(string) :param overwrite_by_pkeys: De-duplicate request items in buffer if match new request From e4dd5bf9e5733e413aa557e72d9e2abc939e26fd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Tue, 7 Mar 2023 05:48:02 +0800 Subject: [PATCH 33/57] test: parallel test support and enable in CI (#571) --- dev_requirements/test-requirements.txt | 2 +- test/unit/material_providers/test_aws_kms.py | 50 +++++++++----------- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- tox.ini | 8 ++-- 5 files changed, 30 insertions(+), 34 deletions(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index bc692605..08f77669 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -4,6 +4,6 @@ moto==3.0.2 pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 boto3==1.20.51 botocore==1.23.51 diff --git a/test/unit/material_providers/test_aws_kms.py b/test/unit/material_providers/test_aws_kms.py index 2d14b8e4..7fdc9f83 100644 --- a/test/unit/material_providers/test_aws_kms.py +++ b/test/unit/material_providers/test_aws_kms.py @@ -220,36 +220,32 @@ def test_loaded_key_infos(): assert cmp._regional_clients == {} -@pytest.mark.parametrize( - "kwargs", - [ - pytest.param(val, id=str(val)) - for val in all_possible_combinations_kwargs( - {}, - dict(botocore_session=botocore.session.Session()), - dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), - dict(material_description={"asoiufeoia": "soajfijewi"}), - dict( - regional_clients={ - "my-region-1": boto3.session.Session().client( - "kms", region_name="not-a-real-region", endpoint_url="https://not-a-real-url" - ) - } - ), - ) - ], -) -def test_kms_cmp_values_set(kwargs): - cmp = AwsKmsCryptographicMaterialsProvider(key_id="example_key_id", **kwargs) +def test_kms_cmp_values_set(): + # These aren't parametrized to avoid issues with pytest-xdist test mismatches + # due to different session objects per process + for kwargs in all_possible_combinations_kwargs( + {}, + dict(botocore_session=botocore.session.Session()), + dict(grant_tokens=("sdvoaweih", "auwshefiouawh")), + dict(material_description={"asoiufeoia": "soajfijewi"}), + dict( + regional_clients={ + "my-region-1": boto3.session.Session().client( + "kms", region_name="not-a-real-region", endpoint_url="https://not-a-real-url" + ) + } + ), + ): + cmp = AwsKmsCryptographicMaterialsProvider(key_id="example_key_id", **kwargs) - assert cmp._key_id == "example_key_id" + assert cmp._key_id == "example_key_id" - if "botocore_session" in kwargs: - assert cmp._botocore_session == kwargs["botocore_session"] + if "botocore_session" in kwargs: + assert cmp._botocore_session == kwargs["botocore_session"] - assert cmp._grant_tokens == kwargs.get("grant_tokens", ()) - assert cmp._material_description == kwargs.get("material_description", {}) - assert cmp._regional_clients == kwargs.get("regional_clients", {}) + assert cmp._grant_tokens == kwargs.get("grant_tokens", ()) + assert cmp._material_description == kwargs.get("material_description", {}) + assert cmp._regional_clients == kwargs.get("regional_clients", {}) def test_add_regional_client_known_region(default_kms_cmp, patch_boto3_session): diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 83c891cb..ea5b80fc 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -23,7 +23,7 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 requests==2.28.2 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 9c6a069d..0611506e 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -25,7 +25,7 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 -pytest-xdist==2.5.0 +pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 requests==2.28.2 diff --git a/tox.ini b/tox.ini index f2259323..3e18b528 100644 --- a/tox.ini +++ b/tox.ini @@ -40,7 +40,7 @@ envlist = # coverage :: Runs code coverage, failing the build if coverage is below the configured threshold [testenv:base-command] -commands = pytest --basetemp={envtmpdir} -l {posargs} +commands = pytest -n auto --basetemp={envtmpdir} -l {posargs} [testenv] passenv = @@ -226,7 +226,7 @@ commands = [testenv:flake8-examples] basepython = {[testenv:flake8]basepython} -deps = {[testenv:flake8]deps} +deps = {[testenv:flake8]deps} commands = flake8 \ # Ignore C901 complexity requirements (examples optimize for straightforward readability) @@ -345,10 +345,10 @@ whitelist_externals = {[testenv:resetdocs]whitelist_externals} deps = -rdev_requirements/doc-requirements.txt -rdev_requirements/linter-requirements.txt -commands = +commands = {[testenv:resetdocs]commands} doc8 doc/index.rst doc/lib/ README.rst CHANGELOG.rst - + [testenv:readme] basepython = python3 From e6bb11e5a2aa43fdd04a018f6ecb9bed28eaeec5 Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Fri, 9 Jun 2023 16:38:35 -0700 Subject: [PATCH 34/57] fix(docs): Update AWS Doc URLs (#663) --- CHANGELOG.rst | 2 +- README.rst | 6 +++--- examples/README.rst | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d076d298..4b1e5cac 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -82,7 +82,7 @@ CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry TTL to reauthorize the key with the key provider. MostRecentProvider is now deprecated, and is removed in 2.0.0. See -https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html +https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/most-recent-provider.html#mrp-versions for more details. diff --git a/README.rst b/README.rst index 14d4e151..6d5baf9b 100644 --- a/README.rst +++ b/README.rst @@ -177,10 +177,10 @@ of the one that the client would normally construct for you. ... ) # this uses my_special_crypto_config -.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ +.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html .. _Amazon DynamoDB: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html -.. _primary documents: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ -.. _Concepts Guide: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/concepts.html +.. _primary documents: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html +.. _Concepts Guide: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/DDBEC-legacy-concepts.html .. _Amazon DynamoDB Encryption Client for Java: https://github.com/aws/aws-dynamodb-encryption-java/ .. _Amazon DynamoDB Encryption Client for Python: https://github.com/aws/aws-dynamodb-encryption-python/ .. _DynamoDB Stream: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html diff --git a/examples/README.rst b/examples/README.rst index f636a8a0..ea206ff0 100644 --- a/examples/README.rst +++ b/examples/README.rst @@ -34,7 +34,7 @@ with this library. * `How to use raw symmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py>`_ * `How to use raw asymmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py>`_ -For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. +For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. Running the examples ==================== From 65abd6ad2e3d406f4b7466a515f9e7bc4c006ade Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Thu, 31 Aug 2023 13:42:14 -0400 Subject: [PATCH 35/57] chore: address doc linter findings (#731) Address doc linter findings. --- CONTRIBUTING.md | 8 ++++---- README.rst | 2 +- doc/_static/.gitignore | 0 src/dynamodb_encryption_sdk/internal/utils.py | 10 +++++----- src/dynamodb_encryption_sdk/structures.py | 2 +- tox.ini | 16 +++++++++------- 6 files changed, 20 insertions(+), 18 deletions(-) create mode 100644 doc/_static/.gitignore diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7323620c..b6353e00 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,6 +7,10 @@ Please read through this document before submitting any issues or pull requests information to effectively respond to your bug report or contribution. +## Security issue notifications +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + + ## Reporting Bugs/Feature Requests We welcome you to use the GitHub issue tracker to report bugs or suggest features. @@ -50,10 +54,6 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of opensource-codeofconduct@amazon.com with any additional questions or comments. -## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. - - ## Licensing See the [LICENSE](https://github.com/aws/aws-dynamodb-encryption-python/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. diff --git a/README.rst b/README.rst index 6d5baf9b..d2e3647a 100644 --- a/README.rst +++ b/README.rst @@ -195,5 +195,5 @@ of the one that the client would normally construct for you. .. _CryptoConfig: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/config.html .. _decrypt_dynamodb_item: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/item.html#dynamodb_encryption_sdk.encrypted.item.decrypt_dynamodb_item .. _transformation functions: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/tools/transform.html -.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md#user-content-security-issue-notifications +.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md .. _Support Policy: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst diff --git a/doc/_static/.gitignore b/doc/_static/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/src/dynamodb_encryption_sdk/internal/utils.py b/src/dynamodb_encryption_sdk/internal/utils.py index 988576b2..27fe6b0a 100644 --- a/src/dynamodb_encryption_sdk/internal/utils.py +++ b/src/dynamodb_encryption_sdk/internal/utils.py @@ -198,7 +198,7 @@ def decrypt_multi_get(decrypt_method, crypto_config_method, read_method, **kwarg :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -220,7 +220,7 @@ def decrypt_get_item(decrypt_method, crypto_config_method, read_method, **kwargs :param callable decrypt_method: Method to use to decrypt item :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -244,7 +244,7 @@ def decrypt_batch_get_item(decrypt_method, crypto_config_method, read_method, ** :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -276,7 +276,7 @@ def encrypt_put_item(encrypt_method, crypto_config_method, write_method, **kwarg :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ @@ -297,7 +297,7 @@ def encrypt_batch_write_item(encrypt_method, crypto_config_method, write_method, :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts a table name string and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ diff --git a/src/dynamodb_encryption_sdk/structures.py b/src/dynamodb_encryption_sdk/structures.py index 61b329c6..522f1d14 100644 --- a/src/dynamodb_encryption_sdk/structures.py +++ b/src/dynamodb_encryption_sdk/structures.py @@ -176,7 +176,7 @@ def set_index_keys(self, *keys): SIGN_ONLY -> SIGN_ONLY ENCRYPT_AND_SIGN -> SIGN_ONLY - :param str *keys: Attribute names to treat as indexed + :param str ``*keys``: Attribute names to treat as indexed :raises InvalidArgumentError: if a custom action was previously set for any specified attributes """ diff --git a/tox.ini b/tox.ini index 3e18b528..14dbc1e2 100644 --- a/tox.ini +++ b/tox.ini @@ -45,18 +45,20 @@ commands = pytest -n auto --basetemp={envtmpdir} -l {posargs} [testenv] passenv = # Identifies AWS KMS key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID # Identifies AWS KMS MRK key ids to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \ - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 # DynamoDB Table to use in integration tests - DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ + DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) - AWS_PROFILE \ + AWS_PROFILE # Pass through the default AWS region (used for integration tests) AWS_DEFAULT_REGION sitepackages = False From a7b328ccebf4eb5497286d7ba0a4c3cd6e9a5176 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 14:13:07 -0400 Subject: [PATCH 36/57] chore(deps): bump cryptography from 39.0.1 to 41.0.3 in /test (#706) Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.3. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index ea5b80fc..cc6f61eb 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 0611506e..0ce21caf 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From ace5eec2d52d22d6135e30fe3708294361eb2e28 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Thu, 31 Aug 2023 15:12:26 -0400 Subject: [PATCH 37/57] chore: update boto (#732) * chore: update boto --- dev_requirements/test-requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev_requirements/test-requirements.txt b/dev_requirements/test-requirements.txt index 08f77669..c73de305 100644 --- a/dev_requirements/test-requirements.txt +++ b/dev_requirements/test-requirements.txt @@ -5,5 +5,5 @@ pytest==7.2.1 pytest-cov==3.0.0 pytest-mock==3.10.0 pytest-xdist==3.2.0 -boto3==1.20.51 -botocore==1.23.51 +boto3==1.28.38 +botocore==1.31.38 From c3609b6c5a20888cf5c1a0ae312489857f895d23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 15:40:23 -0400 Subject: [PATCH 38/57] chore(deps): bump isort from 5.10.1 to 5.12.0 in /dev_requirements (#708) Bumps [isort](https://github.com/pycqa/isort) from 5.10.1 to 5.12.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index b9241de6..ae811fda 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -6,7 +6,7 @@ flake8-docstrings==1.6.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 flake8-print==4.0.0 -isort==5.10.1 +isort==5.12.0 pylint==2.12.2 pyflakes==2.4.0 # https://github.com/PyCQA/pydocstyle/issues/375 From b69d747e5e3b17737a1f462c566604fb8b8f2271 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:15:20 -0400 Subject: [PATCH 39/57] chore(deps): bump requests from 2.28.2 to 2.31.0 in /test (#643) Bumps [requests](https://github.com/psf/requests) from 2.28.2 to 2.31.0. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index cc6f61eb..48981e42 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -26,7 +26,7 @@ pytest-mock==3.10.0 pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 -requests==2.28.2 +requests==2.31.0 responses==0.22.0 s3transfer==0.5.2 six==1.16.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 0ce21caf..bab80dd2 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -28,7 +28,7 @@ pytest-mock==3.10.0 pytest-xdist==3.2.0 python-dateutil==2.8.2 pytz==2022.7.1 -requests==2.28.2 +requests==2.31.0 responses==0.22.0 s3transfer==0.5.2 six==1.16.0 From 5be949efe3b147b052c681b582623c6c013f5ac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 16:44:37 -0400 Subject: [PATCH 40/57] chore(deps): bump certifi from 2022.12.7 to 2023.7.22 in /test (#703) Bumps [certifi](https://github.com/certifi/python-certifi) from 2022.12.7 to 2023.7.22. --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 48981e42..37546290 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -1,7 +1,7 @@ attrs==22.2.0 boto3==1.20.51 botocore==1.23.51 -certifi==2022.12.7 +certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index bab80dd2..1b13c337 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -1,7 +1,7 @@ attrs==22.2.0 boto3==1.20.51 botocore==1.23.51 -certifi==2022.12.7 +certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 From ca26b6862442135d407086bc4714633ac05a2834 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 31 Aug 2023 19:42:27 -0400 Subject: [PATCH 41/57] chore(deps): bump flake8-docstrings in /dev_requirements (#707) Bumps [flake8-docstrings](https://github.com/pycqa/flake8-docstrings) from 1.6.0 to 1.7.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index ae811fda..8efaca80 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -2,7 +2,7 @@ bandit==1.7.2 black==22.3.0 doc8==0.10.1 flake8==4.0.1 -flake8-docstrings==1.6.0 +flake8-docstrings==1.7.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 flake8-print==4.0.0 From 9b7b1af44943c49bc5a4e21644e291f354d75c93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Sep 2023 09:27:41 -0400 Subject: [PATCH 42/57] chore(deps): bump flake8-print from 4.0.0 to 5.0.0 in /dev_requirements (#711) Bumps [flake8-print](https://github.com/jbkahn/flake8-print) from 4.0.0 to 5.0.0. --- dev_requirements/linter-requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev_requirements/linter-requirements.txt b/dev_requirements/linter-requirements.txt index 8efaca80..1f8d8c16 100644 --- a/dev_requirements/linter-requirements.txt +++ b/dev_requirements/linter-requirements.txt @@ -5,7 +5,7 @@ flake8==4.0.1 flake8-docstrings==1.7.0 flake8-isort==4.1.1 # https://github.com/JBKahn/flake8-print/pull/30 -flake8-print==4.0.0 +flake8-print==5.0.0 isort==5.12.0 pylint==2.12.2 pyflakes==2.4.0 From 6e7a75ea266e65e0a18e89fe047e64ba183c0717 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Sep 2023 12:03:36 -0700 Subject: [PATCH 43/57] chore(deps): bump cryptography from 41.0.3 to 41.0.4 in /test (#743) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.4. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.4) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 37546290..2f497764 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.3 +cryptography==41.0.4 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 1b13c337..50809533 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.3 +cryptography==41.0.4 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From e260227fe281fff9279bd67ed9307df8d789f30e Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 31 Oct 2023 09:38:57 -0700 Subject: [PATCH 44/57] feat: test Python 3.12 (#747) --- .github/workflows/ci_tests.yaml | 3 +++ buildspec.yml | 17 ++++++++++++++++- codebuild/python3.10.yml | 4 +--- codebuild/python3.11.yml | 18 ++++++++++++++++++ codebuild/python3.12.yml | 23 +++++++++++++++++++++++ codebuild/python3.7.yml | 16 +--------------- codebuild/python3.8.yml | 4 +--- codebuild/python3.9.yml | 4 +--- dev_requirements/ci-requirements.txt | 1 + tox.ini | 2 +- 10 files changed, 66 insertions(+), 26 deletions(-) create mode 100644 codebuild/python3.11.yml create mode 100644 codebuild/python3.12.yml diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 1a58792d..f4fddb65 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -30,6 +30,7 @@ jobs: - 3.9 - "3.10" - "3.11" + - "3.12" - 3.x category: - local-slow @@ -50,6 +51,7 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py3: runs-on: ubuntu-latest strategy: @@ -71,6 +73,7 @@ jobs: env: TOXENV: ${{ matrix.category }} run: tox -- -vv + upstream-py311: runs-on: ubuntu-latest strategy: diff --git a/buildspec.yml b/buildspec.yml index fb50c7b4..b0005071 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -5,12 +5,27 @@ batch: build-list: - identifier: python3_7 buildspec: codebuild/python3.7.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_8 buildspec: codebuild/python3.8.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_9 buildspec: codebuild/python3.9.yml + env: + image: aws/codebuild/standard:5.0 - identifier: python3_10 buildspec: codebuild/python3.10.yml - + env: + image: aws/codebuild/standard:6.0 + - identifier: python3_11 + buildspec: codebuild/python3.11.yml + env: + image: aws/codebuild/standard:7.0 + - identifier: python3_12 + buildspec: codebuild/python3.12.yml + env: + image: aws/codebuild/standard:7.0 - identifier: code_coverage buildspec: codebuild/coverage/coverage.yml diff --git a/codebuild/python3.10.yml b/codebuild/python3.10.yml index a18185dc..ad76049f 100644 --- a/codebuild/python3.10.yml +++ b/codebuild/python3.10.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.10 build: commands: - - pyenv install 3.10.0 - - pyenv local 3.10.0 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.11.yml b/codebuild/python3.11.yml new file mode 100644 index 00000000..b21cf15a --- /dev/null +++ b/codebuild/python3.11.yml @@ -0,0 +1,18 @@ +version: 0.2 + +env: + variables: + TOXENV: "py311-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: 3.11 + build: + commands: + - pip install "tox < 4.0" + - tox diff --git a/codebuild/python3.12.yml b/codebuild/python3.12.yml new file mode 100644 index 00000000..46576292 --- /dev/null +++ b/codebuild/python3.12.yml @@ -0,0 +1,23 @@ +version: 0.2 + +env: + variables: + TOXENV: "py312-integ-slow" + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- + arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- + arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 + +phases: + install: + runtime-versions: + python: latest + build: + commands: + - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - + - pyenv install 3.12.0 + - pyenv local 3.12.0 + - pip install --upgrade pip + - pip install setuptools + - pip install "tox < 4.0" + - tox diff --git a/codebuild/python3.7.yml b/codebuild/python3.7.yml index 19a97151..6a51426a 100644 --- a/codebuild/python3.7.yml +++ b/codebuild/python3.7.yml @@ -11,22 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.7 build: commands: - # The specific versions are manually installed - # because they are not installed - # by default in CodeBuild containers. - # `pyenv` does not have - # a nice way to just install - # the latest patch version. - # I have selected the current latest patch - # rather than try - # and manage a one-liner or script. - # Testing every minor version - # is too extreme at this time. - # The choice of versions should be reviewed. - - pyenv install 3.7.12 - - pyenv local 3.7.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.8.yml b/codebuild/python3.8.yml index cc7a821d..478a3bfc 100644 --- a/codebuild/python3.8.yml +++ b/codebuild/python3.8.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.8 build: commands: - - pyenv install 3.8.12 - - pyenv local 3.8.12 - pip install "tox < 4.0" - tox diff --git a/codebuild/python3.9.yml b/codebuild/python3.9.yml index 8e5f609e..f572e2a9 100644 --- a/codebuild/python3.9.yml +++ b/codebuild/python3.9.yml @@ -11,10 +11,8 @@ env: phases: install: runtime-versions: - python: latest + python: 3.9 build: commands: - - pyenv install 3.9.7 - - pyenv local 3.9.7 - pip install "tox < 4.0" - tox diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt index 9a41a70d..b673eb36 100644 --- a/dev_requirements/ci-requirements.txt +++ b/dev_requirements/ci-requirements.txt @@ -1 +1,2 @@ +setuptools tox==3.24.5 diff --git a/tox.ini b/tox.ini index 14dbc1e2..3c8733a2 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310,311}-{local,integ,ddb,examples}-fast, + py{37,38,39,310,311,312}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From a579b040e9584426dd3edd6552c0242827506830 Mon Sep 17 00:00:00 2001 From: KhubaibAlam <74249716+khubaibalam2000@users.noreply.github.com> Date: Wed, 8 Nov 2023 06:52:46 +0500 Subject: [PATCH 45/57] refactor: typehints and imports compatible to Python3.7 (#740) --- .../delegated_keys/__init__.py | 8 +---- .../delegated_keys/jce.py | 8 +---- .../encrypted/__init__.py | 7 ---- .../encrypted/client.py | 8 +---- src/dynamodb_encryption_sdk/encrypted/item.py | 7 +--- .../encrypted/resource.py | 8 +---- .../encrypted/table.py | 8 +---- .../internal/crypto/authentication.py | 12 ++----- .../internal/crypto/encryption.py | 8 ++--- .../crypto/jce_bridge/authentication.py | 7 +--- .../internal/crypto/jce_bridge/primitives.py | 8 +---- .../internal/dynamodb_types.py | 36 +++++++++---------- .../formatting/deserialize/attribute.py | 11 ++---- .../formatting/material_description.py | 11 ++---- .../internal/formatting/serialize/__init__.py | 7 +--- .../formatting/serialize/attribute.py | 11 ++---- .../internal/identifiers.py | 7 +--- src/dynamodb_encryption_sdk/internal/utils.py | 11 ++---- .../material_providers/aws_kms.py | 11 ++---- .../material_providers/most_recent.py | 8 +---- .../material_providers/static.py | 9 ++--- .../material_providers/store/__init__.py | 8 +---- .../material_providers/store/meta.py | 8 +---- .../material_providers/wrapped.py | 15 ++------ .../materials/__init__.py | 14 +------- src/dynamodb_encryption_sdk/materials/raw.py | 8 +---- .../materials/wrapped.py | 8 +---- src/dynamodb_encryption_sdk/structures.py | 8 +---- src/dynamodb_encryption_sdk/transform.py | 6 +--- 29 files changed, 54 insertions(+), 232 deletions(-) diff --git a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py index d301543a..ac0aa734 100644 --- a/src/dynamodb_encryption_sdk/delegated_keys/__init__.py +++ b/src/dynamodb_encryption_sdk/delegated_keys/__init__.py @@ -12,18 +12,12 @@ # language governing permissions and limitations under the License. """Delegated keys.""" import abc +from typing import Dict, Optional, Text import six from dynamodb_encryption_sdk.identifiers import EncryptionKeyType # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("DelegatedKey",) diff --git a/src/dynamodb_encryption_sdk/delegated_keys/jce.py b/src/dynamodb_encryption_sdk/delegated_keys/jce.py index 4edc6b2c..c2be9b5c 100644 --- a/src/dynamodb_encryption_sdk/delegated_keys/jce.py +++ b/src/dynamodb_encryption_sdk/delegated_keys/jce.py @@ -15,6 +15,7 @@ import logging import os +from typing import Dict, Optional, Text import attr import six @@ -28,13 +29,6 @@ from . import DelegatedKey -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("JceNameLocalDelegatedKey",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/encrypted/__init__.py b/src/dynamodb_encryption_sdk/encrypted/__init__.py index e3e89ec1..d03f3f4a 100644 --- a/src/dynamodb_encryption_sdk/encrypted/__init__.py +++ b/src/dynamodb_encryption_sdk/encrypted/__init__.py @@ -21,13 +21,6 @@ from dynamodb_encryption_sdk.materials import CryptographicMaterials # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.structures import AttributeActions, EncryptionContext -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CryptoConfig",) diff --git a/src/dynamodb_encryption_sdk/encrypted/client.py b/src/dynamodb_encryption_sdk/encrypted/client.py index d3858a00..e13533f3 100644 --- a/src/dynamodb_encryption_sdk/encrypted/client.py +++ b/src/dynamodb_encryption_sdk/encrypted/client.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Any, Callable, Dict, Iterator, Optional import attr import botocore @@ -34,13 +35,6 @@ from .item import decrypt_dynamodb_item, decrypt_python_item, encrypt_dynamodb_item, encrypt_python_item -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Dict, Iterator, Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedClient", "EncryptedPaginator") diff --git a/src/dynamodb_encryption_sdk/encrypted/item.py b/src/dynamodb_encryption_sdk/encrypted/item.py index b491a34a..33c109cf 100644 --- a/src/dynamodb_encryption_sdk/encrypted/item.py +++ b/src/dynamodb_encryption_sdk/encrypted/item.py @@ -11,14 +11,9 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Top-level functions for encrypting and decrypting DynamoDB items.""" -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - from dynamodb_encryption_sdk.exceptions import DecryptionError, EncryptionError from dynamodb_encryption_sdk.identifiers import CryptoAction +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.crypto.authentication import sign_item, verify_item_signature from dynamodb_encryption_sdk.internal.crypto.encryption import decrypt_attribute, encrypt_attribute from dynamodb_encryption_sdk.internal.formatting.material_description import ( diff --git a/src/dynamodb_encryption_sdk/encrypted/resource.py b/src/dynamodb_encryption_sdk/encrypted/resource.py index f5ecf6c6..f040ea7a 100644 --- a/src/dynamodb_encryption_sdk/encrypted/resource.py +++ b/src/dynamodb_encryption_sdk/encrypted/resource.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Optional import attr from boto3.resources.base import ServiceResource @@ -29,13 +30,6 @@ from .item import decrypt_python_item, encrypt_python_item from .table import EncryptedTable -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedResource", "EncryptedTablesCollectionManager") diff --git a/src/dynamodb_encryption_sdk/encrypted/table.py b/src/dynamodb_encryption_sdk/encrypted/table.py index 1cef41a0..98386b81 100644 --- a/src/dynamodb_encryption_sdk/encrypted/table.py +++ b/src/dynamodb_encryption_sdk/encrypted/table.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """High-level helper class to provide a familiar interface to encrypted tables.""" from functools import partial +from typing import Optional import attr from boto3.dynamodb.table import BatchWriter @@ -30,13 +31,6 @@ from .client import EncryptedClient from .item import decrypt_python_item, encrypt_python_item -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptedTable",) diff --git a/src/dynamodb_encryption_sdk/internal/crypto/authentication.py b/src/dynamodb_encryption_sdk/internal/crypto/authentication.py index d5247688..622e03b5 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/authentication.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/authentication.py @@ -16,25 +16,19 @@ No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk. """ +from typing import Text + from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.encrypted import CryptoConfig # noqa pylint: disable=unused-import from dynamodb_encryption_sdk.identifiers import CryptoAction +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.serialize.attribute import serialize_attribute from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, SignatureValues, Tag from dynamodb_encryption_sdk.structures import AttributeActions # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Text # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("sign_item", "verify_item_signature") diff --git a/src/dynamodb_encryption_sdk/internal/crypto/encryption.py b/src/dynamodb_encryption_sdk/internal/crypto/encryption.py index 3737d520..e8b72749 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/encryption.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/encryption.py @@ -16,15 +16,11 @@ No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk. """ -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Text # noqa pylint: disable=unused-import - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Text from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.deserialize.attribute import deserialize_attribute from dynamodb_encryption_sdk.internal.formatting.serialize.attribute import serialize_attribute from dynamodb_encryption_sdk.internal.identifiers import Tag diff --git a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py index b2244ac7..0d1b08e8 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/authentication.py @@ -18,6 +18,7 @@ """ import abc import logging +from typing import Any, Callable, Text import attr import six @@ -32,12 +33,6 @@ from .primitives import load_rsa_key -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - __all__ = ("JavaAuthenticator", "JavaMac", "JavaSignature", "JAVA_AUTHENTICATOR") _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py index 564bed80..2d6f667c 100644 --- a/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py +++ b/src/dynamodb_encryption_sdk/internal/crypto/jce_bridge/primitives.py @@ -19,6 +19,7 @@ import abc import logging import os +from typing import Any, Callable, Text import attr import six @@ -38,13 +39,6 @@ from dynamodb_encryption_sdk.internal.identifiers import MinimumKeySizes from dynamodb_encryption_sdk.internal.validators import callable_validator -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Callable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ( "JavaPadding", "SimplePadding", diff --git a/src/dynamodb_encryption_sdk/internal/dynamodb_types.py b/src/dynamodb_encryption_sdk/internal/dynamodb_types.py index 0509a59b..01b4becb 100644 --- a/src/dynamodb_encryption_sdk/internal/dynamodb_types.py +++ b/src/dynamodb_encryption_sdk/internal/dynamodb_types.py @@ -5,24 +5,20 @@ namespace staying consistent. Directly reference at your own risk. """ # constant naming for types so pylint: disable=invalid-name -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, AnyStr, ByteString, Dict, List, Text +from typing import Any, AnyStr, ByteString, Dict, List, Text - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - ATTRIBUTE = Dict[Text, Any] # narrow this down - ITEM = Dict[Text, ATTRIBUTE] - RAW_ATTRIBUTE = ITEM - NULL = bool # DynamoDB TypeSerializer converts none to {'NULL': True} - BOOLEAN = bool - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - NUMBER = int # This misses long on Python 2...figure out something for this - # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 - STRING = AnyStr # can be unicode but should not be bytes - BINARY = ByteString - BINARY_ATTRIBUTE = Dict[Text, BINARY] - SET = List # DynamoDB TypeSerializer converts sets into lists - MAP = RAW_ATTRIBUTE - LIST = List[RAW_ATTRIBUTE] -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +ATTRIBUTE = Dict[Text, Any] # narrow this down +ITEM = Dict[Text, ATTRIBUTE] +RAW_ATTRIBUTE = ITEM +NULL = bool # DynamoDB TypeSerializer converts none to {'NULL': True} +BOOLEAN = bool +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +NUMBER = int # This misses long on Python 2...figure out something for this +# https://github.com/aws/aws-dynamodb-encryption-python/issues/66 +STRING = AnyStr # can be unicode but should not be bytes +BINARY = ByteString +BINARY_ATTRIBUTE = Dict[Text, BINARY] +SET = List # DynamoDB TypeSerializer converts sets into lists +MAP = RAW_ATTRIBUTE +LIST = List[RAW_ATTRIBUTE] diff --git a/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py b/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py index 41058916..164ad303 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/deserialize/attribute.py @@ -21,24 +21,17 @@ import logging import struct from decimal import Decimal +from typing import Callable, Dict, List, Text, Union from boto3.dynamodb.types import Binary from dynamodb_encryption_sdk.exceptions import DeserializationError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.deserialize import decode_byte, decode_length, decode_tag, decode_value from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, Tag, TagValues from dynamodb_encryption_sdk.internal.str_ops import to_str -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable, Dict, List, Text, Union # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import,ungrouped-imports -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("deserialize_attribute",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/internal/formatting/material_description.py b/src/dynamodb_encryption_sdk/internal/formatting/material_description.py index 1f6af4a2..4657a34c 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/material_description.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/material_description.py @@ -19,24 +19,17 @@ import io import logging import struct +from typing import Dict, Text from dynamodb_encryption_sdk.exceptions import InvalidMaterialDescriptionError, InvalidMaterialDescriptionVersionError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.identifiers import Tag from dynamodb_encryption_sdk.internal.str_ops import to_bytes, to_str from .deserialize import decode_value, unpack_value from .serialize import encode_value -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Text # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("serialize", "deserialize") _LOGGER = logging.getLogger(LOGGER_NAME) _MATERIAL_DESCRIPTION_VERSION = b"\00" * 4 diff --git a/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py b/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py index 1c7f7ee2..07caf22b 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/serialize/__init__.py @@ -17,12 +17,7 @@ namespace staying consistent. Directly reference at your own risk. """ import struct - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Sized # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Sized __all__ = ("encode_length", "encode_value") diff --git a/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py b/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py index 1ca416a1..49a0097c 100644 --- a/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py +++ b/src/dynamodb_encryption_sdk/internal/formatting/serialize/attribute.py @@ -18,24 +18,17 @@ """ import io import logging +from typing import Callable from boto3.dynamodb.types import DYNAMODB_CONTEXT, Binary from dynamodb_encryption_sdk.exceptions import SerializationError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.formatting.serialize import encode_length, encode_value from dynamodb_encryption_sdk.internal.identifiers import Tag, TagValues from dynamodb_encryption_sdk.internal.str_ops import to_bytes -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Callable # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import,ungrouped-imports -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("serialize_attribute",) _LOGGER = logging.getLogger(LOGGER_NAME) _RESERVED = b"\x00" diff --git a/src/dynamodb_encryption_sdk/internal/identifiers.py b/src/dynamodb_encryption_sdk/internal/identifiers.py index 94d7bd41..facc1266 100644 --- a/src/dynamodb_encryption_sdk/internal/identifiers.py +++ b/src/dynamodb_encryption_sdk/internal/identifiers.py @@ -17,12 +17,7 @@ namespace staying consistent. Directly reference at your own risk. """ from enum import Enum - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Optional, Text __all__ = ( "ReservedAttributes", diff --git a/src/dynamodb_encryption_sdk/internal/utils.py b/src/dynamodb_encryption_sdk/internal/utils.py index 27fe6b0a..cdb6266c 100644 --- a/src/dynamodb_encryption_sdk/internal/utils.py +++ b/src/dynamodb_encryption_sdk/internal/utils.py @@ -18,6 +18,7 @@ """ import copy from functools import partial +from typing import Any, Callable, Dict, Iterable, Text import attr import botocore.client @@ -28,12 +29,6 @@ from dynamodb_encryption_sdk.structures import CryptoAction, EncryptionContext, TableInfo from dynamodb_encryption_sdk.transform import dict_to_ddb -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Bool, Callable, Dict, Iterable, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - __all__ = ( "TableInfoCache", "crypto_config_from_kwargs", @@ -366,7 +361,7 @@ def _process_batch_write_response(request, response, table_crypto_config): def _item_keys_match(crypto_config, item1, item2): - # type: (CryptoConfig, Dict, Dict) -> Bool + # type: (CryptoConfig, Dict, Dict) -> bool """Determines whether the values in the primary and sort keys (if they exist) are the same :param CryptoConfig crypto_config: CryptoConfig used in encrypting the given items @@ -387,7 +382,7 @@ def _item_keys_match(crypto_config, item1, item2): def _item_attributes_match(crypto_config, plaintext_item, encrypted_item): - # type: (CryptoConfig, Dict, Dict) -> Bool + # type: (CryptoConfig, Dict, Dict) -> bool """Determines whether the unencrypted values in the plaintext items attributes are the same as those in the encrypted item. Essentially this uses brute force to cover when we don't know the primary and sort index attribute names, since they can't be encrypted. diff --git a/src/dynamodb_encryption_sdk/material_providers/aws_kms.py b/src/dynamodb_encryption_sdk/material_providers/aws_kms.py index ea7a55f2..73212999 100644 --- a/src/dynamodb_encryption_sdk/material_providers/aws_kms.py +++ b/src/dynamodb_encryption_sdk/material_providers/aws_kms.py @@ -16,6 +16,7 @@ import base64 import logging from enum import Enum +from typing import Dict, Optional, Text, Tuple import attr import boto3 @@ -28,6 +29,7 @@ from dynamodb_encryption_sdk.delegated_keys.jce import JceNameLocalDelegatedKey from dynamodb_encryption_sdk.exceptions import UnknownRegionError, UnwrappingError, WrappingError from dynamodb_encryption_sdk.identifiers import LOGGER_NAME, USER_AGENT_SUFFIX, EncryptionKeyType, KeyEncodingType +from dynamodb_encryption_sdk.internal import dynamodb_types from dynamodb_encryption_sdk.internal.identifiers import TEXT_ENCODING, MaterialDescriptionKeys from dynamodb_encryption_sdk.internal.str_ops import to_bytes, to_str from dynamodb_encryption_sdk.internal.validators import dictionary_validator, iterable_validator @@ -36,15 +38,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text, Tuple # noqa pylint: disable=unused-import - - from dynamodb_encryption_sdk.internal import dynamodb_types # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("AwsKmsCryptographicMaterialsProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/material_providers/most_recent.py b/src/dynamodb_encryption_sdk/material_providers/most_recent.py index 1606f6c0..8a003f17 100644 --- a/src/dynamodb_encryption_sdk/material_providers/most_recent.py +++ b/src/dynamodb_encryption_sdk/material_providers/most_recent.py @@ -16,6 +16,7 @@ from collections import OrderedDict from enum import Enum from threading import Lock, RLock +from typing import Any, Text import attr import six @@ -28,13 +29,6 @@ from . import CryptographicMaterialsProvider from .store import ProviderStore -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CachingMostRecentProvider",) _LOGGER = logging.getLogger(LOGGER_NAME) #: Grace period during which we will return the latest local materials. This allows multiple diff --git a/src/dynamodb_encryption_sdk/material_providers/static.py b/src/dynamodb_encryption_sdk/material_providers/static.py index 966002cb..77af8478 100644 --- a/src/dynamodb_encryption_sdk/material_providers/static.py +++ b/src/dynamodb_encryption_sdk/material_providers/static.py @@ -11,6 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Cryptographic materials provider for use with pre-configured encryption and decryption materials.""" +from typing import Optional + import attr from dynamodb_encryption_sdk.materials import CryptographicMaterials # noqa pylint: disable=unused-import @@ -19,13 +21,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("StaticCryptographicMaterialsProvider",) diff --git a/src/dynamodb_encryption_sdk/material_providers/store/__init__.py b/src/dynamodb_encryption_sdk/material_providers/store/__init__.py index e03b57b9..1948c388 100644 --- a/src/dynamodb_encryption_sdk/material_providers/store/__init__.py +++ b/src/dynamodb_encryption_sdk/material_providers/store/__init__.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """Cryptographic materials provider stores.""" import abc +from typing import Optional, Text import six @@ -20,13 +21,6 @@ CryptographicMaterialsProvider, ) -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("ProviderStore",) diff --git a/src/dynamodb_encryption_sdk/material_providers/store/meta.py b/src/dynamodb_encryption_sdk/material_providers/store/meta.py index 46d7410f..da545ba4 100644 --- a/src/dynamodb_encryption_sdk/material_providers/store/meta.py +++ b/src/dynamodb_encryption_sdk/material_providers/store/meta.py @@ -13,6 +13,7 @@ """Meta cryptographic provider store.""" import logging from enum import Enum +from typing import Dict, Optional, Text, Tuple import attr import botocore @@ -29,13 +30,6 @@ from . import ProviderStore -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text, Tuple # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("MetaStore",) _LOGGER = logging.getLogger(LOGGER_NAME) diff --git a/src/dynamodb_encryption_sdk/material_providers/wrapped.py b/src/dynamodb_encryption_sdk/material_providers/wrapped.py index 13f6a346..416156c7 100644 --- a/src/dynamodb_encryption_sdk/material_providers/wrapped.py +++ b/src/dynamodb_encryption_sdk/material_providers/wrapped.py @@ -11,6 +11,8 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Cryptographic materials provider to use ephemeral content encryption keys wrapped by delegated keys.""" +from typing import Dict, Optional, Text + import attr import six @@ -22,19 +24,6 @@ from . import CryptographicMaterialsProvider -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Optional # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("WrappedCryptographicMaterialsProvider",) diff --git a/src/dynamodb_encryption_sdk/materials/__init__.py b/src/dynamodb_encryption_sdk/materials/__init__.py index 09c4a470..3b9788d0 100644 --- a/src/dynamodb_encryption_sdk/materials/__init__.py +++ b/src/dynamodb_encryption_sdk/materials/__init__.py @@ -12,20 +12,12 @@ # language governing permissions and limitations under the License. """Cryptographic materials are containers that provide delegated keys for cryptographic operations.""" import abc +from typing import Dict, Text import six from dynamodb_encryption_sdk.delegated_keys import DelegatedKey # noqa pylint: disable=unused-import -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Text # noqa pylint: disable=unused-import - - from mypy_extensions import NoReturn # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("CryptographicMaterials", "EncryptionMaterials", "DecryptionMaterials") @@ -89,7 +81,6 @@ class EncryptionMaterials(CryptographicMaterials): @property def decryption_key(self): - # type: () -> NoReturn """Encryption materials do not provide decryption keys. :raises NotImplementedError: because encryption materials do not contain decryption keys @@ -98,7 +89,6 @@ def decryption_key(self): @property def verification_key(self): - # type: () -> NoReturn """Encryption materials do not provide verification keys. :raises NotImplementedError: because encryption materials do not contain verification keys @@ -111,7 +101,6 @@ class DecryptionMaterials(CryptographicMaterials): @property def encryption_key(self): - # type: () -> NoReturn """Decryption materials do not provide encryption keys. :raises NotImplementedError: because decryption materials do not contain encryption keys @@ -120,7 +109,6 @@ def encryption_key(self): @property def signing_key(self): - # type: () -> NoReturn """Decryption materials do not provide signing keys. :raises NotImplementedError: because decryption materials do not contain signing keys diff --git a/src/dynamodb_encryption_sdk/materials/raw.py b/src/dynamodb_encryption_sdk/materials/raw.py index 7c2e85e4..d2587339 100644 --- a/src/dynamodb_encryption_sdk/materials/raw.py +++ b/src/dynamodb_encryption_sdk/materials/raw.py @@ -23,6 +23,7 @@ that you use wrapped cryptographic materials instead. """ import copy +from typing import Dict, Optional, Text import attr import six @@ -31,13 +32,6 @@ from dynamodb_encryption_sdk.internal.validators import dictionary_validator from dynamodb_encryption_sdk.materials import DecryptionMaterials, EncryptionMaterials -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("RawEncryptionMaterials", "RawDecryptionMaterials") diff --git a/src/dynamodb_encryption_sdk/materials/wrapped.py b/src/dynamodb_encryption_sdk/materials/wrapped.py index f85924ea..74d2784c 100644 --- a/src/dynamodb_encryption_sdk/materials/wrapped.py +++ b/src/dynamodb_encryption_sdk/materials/wrapped.py @@ -13,6 +13,7 @@ """Cryptographic materials to use ephemeral content encryption keys wrapped by delegated keys.""" import base64 import copy +from typing import Dict, Optional, Text import attr import six @@ -25,13 +26,6 @@ from dynamodb_encryption_sdk.internal.validators import dictionary_validator from dynamodb_encryption_sdk.materials import CryptographicMaterials -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Optional, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("WrappedCryptographicMaterials",) _DEFAULT_CONTENT_ENCRYPTION_ALGORITHM = "AES/256" _WRAPPING_TRANSFORMATION = {"AES": "AESWrap", "RSA": "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"} diff --git a/src/dynamodb_encryption_sdk/structures.py b/src/dynamodb_encryption_sdk/structures.py index 522f1d14..16976b98 100644 --- a/src/dynamodb_encryption_sdk/structures.py +++ b/src/dynamodb_encryption_sdk/structures.py @@ -12,6 +12,7 @@ # language governing permissions and limitations under the License. """Common structures used by the DynamoDB Encryption Client.""" import copy +from typing import Dict, Iterable, List, Optional, Set, Text import attr import six @@ -22,13 +23,6 @@ from .identifiers import CryptoAction -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Dict, Iterable, List, Optional, Set, Text # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass - - __all__ = ("EncryptionContext", "AttributeActions", "TableIndex", "TableInfo") diff --git a/src/dynamodb_encryption_sdk/transform.py b/src/dynamodb_encryption_sdk/transform.py index 347024d3..d79b8504 100644 --- a/src/dynamodb_encryption_sdk/transform.py +++ b/src/dynamodb_encryption_sdk/transform.py @@ -11,11 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Helper tools for translating between native and DynamoDB items.""" -try: # Python 3.5.0 and 3.5.1 have incompatible typing modules - from typing import Any, Dict # noqa pylint: disable=unused-import -except ImportError: # pragma: no cover - # We only actually need these imports when running the mypy checks - pass +from typing import Any, Dict from boto3.dynamodb.types import TypeDeserializer, TypeSerializer From d1ec2cbccdf5d25870450d35ce24eb37f46ae422 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Jan 2024 10:39:06 -0800 Subject: [PATCH 46/57] chore(deps): bump cryptography from 41.0.4 to 41.0.6 in /test (#751) Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.4 to 41.0.6. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pyca/cryptography/compare/41.0.4...41.0.6) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- test/upstream-requirements-py37.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 2f497764..8fbdb995 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.4 +cryptography==41.0.6 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 50809533..9fe9ad6f 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.4 +cryptography==41.0.6 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 From 25a6be357d22770419f84fe3506e1f9a850ec07f Mon Sep 17 00:00:00 2001 From: Darwin Chowdary <39110935+imabhichow@users.noreply.github.com> Date: Thu, 1 Feb 2024 09:24:44 -0800 Subject: [PATCH 47/57] chore(ci): skip pyenv installation if already exists (#756) --- codebuild/python3.12.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/codebuild/python3.12.yml b/codebuild/python3.12.yml index 46576292..cf9e09ef 100644 --- a/codebuild/python3.12.yml +++ b/codebuild/python3.12.yml @@ -15,7 +15,7 @@ phases: build: commands: - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - - - pyenv install 3.12.0 + - pyenv install --skip-existing 3.12.0 - pyenv local 3.12.0 - pip install --upgrade pip - pip install setuptools From 197d7f8352da19e036fb21ccc9f816d2f9be9221 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Mon, 12 Feb 2024 11:34:35 -0500 Subject: [PATCH 48/57] feat: update requirements (#758) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: update requirements * note: we no longer support OpenSSL 1.0.1 or 1.0.2, see https://cryptography.io/en/3.4.6/installation.html#supported-platforms --- requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements.txt b/requirements.txt index a8a5c1a3..34c7e6a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -boto3>=1.4.4 -cryptography>=1.8.1 +boto3>=1.10.0 +cryptography>=3.4.6 attrs>=17.4.0 From 2a7fe129cbfdb982479f6192372f5f9d76a77d4d Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Fri, 1 Mar 2024 16:09:14 -0800 Subject: [PATCH 49/57] chore: bump dependencies (#763) --- .github/workflows/ci_static-analysis.yaml | 5 ++- .github/workflows/ci_tests.yaml | 30 +++------------- .github/workflows/repo-sync.yml | 2 +- test/upstream-requirements-py311.txt | 8 ++--- test/upstream-requirements-py37.txt | 43 ----------------------- test/upstream.md | 7 ++++ tox.ini | 20 +---------- 7 files changed, 19 insertions(+), 96 deletions(-) delete mode 100644 test/upstream-requirements-py37.txt create mode 100644 test/upstream.md diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index 51c88f5d..08cda289 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -17,7 +17,6 @@ jobs: category: # Disabled pending completion of integration # https://github.com/aws/aws-dynamodb-encryption-python/issues/66 -# - mypy-py2 # - mypy-py3 - bandit - doc8 @@ -31,8 +30,8 @@ jobs: - pylint-examples - black-check steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: 3.8 - run: | diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index f4fddb65..6ec74181 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -39,8 +39,8 @@ jobs: # - integ-slow # - examples steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: ${{ matrix.python }} architecture: ${{ matrix.platform.architecture }} @@ -52,28 +52,6 @@ jobs: TOXENV: ${{ matrix.category }} run: tox -- -vv - upstream-py3: - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - category: - - nocmk - - sourcebuildcheck - - test-upstream-requirements-py37 - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 - with: - python-version: 3.7 - - run: | - python -m pip install --upgrade pip - pip install --upgrade -r dev_requirements/ci-requirements.txt - - name: run test - env: - TOXENV: ${{ matrix.category }} - run: tox -- -vv - upstream-py311: runs-on: ubuntu-latest strategy: @@ -84,8 +62,8 @@ jobs: - sourcebuildcheck - test-upstream-requirements-py311 steps: - - uses: actions/checkout@v3 - - uses: actions/setup-python@v4 + - uses: actions/checkout@v4 + - uses: actions/setup-python@v5 with: python-version: "3.11" - run: | diff --git a/.github/workflows/repo-sync.yml b/.github/workflows/repo-sync.yml index 6b1c6be3..e3776d39 100644 --- a/.github/workflows/repo-sync.yml +++ b/.github/workflows/repo-sync.yml @@ -9,7 +9,7 @@ jobs: environment: repo-sync runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: repo-sync/github-sync@v2 name: Sync repo to branch with: diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index 8fbdb995..dce81673 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,12 +5,12 @@ certifi==2023.7.22 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==41.0.6 +cryptography==42.0.4 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 iniconfig==2.0.0 -Jinja2==3.1.2 +Jinja2==3.1.3 jmespath==0.10.0 MarkupSafe==2.1.2 mock==4.0.3 @@ -33,6 +33,6 @@ six==1.16.0 sortedcontainers==2.4.0 toml==0.10.2 types-toml==0.10.8.5 -urllib3==1.26.14 -Werkzeug==2.2.3 +urllib3==1.26.18 +Werkzeug==2.3.8 xmltodict==0.13.0 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt deleted file mode 100644 index 9fe9ad6f..00000000 --- a/test/upstream-requirements-py37.txt +++ /dev/null @@ -1,43 +0,0 @@ -attrs==22.2.0 -boto3==1.20.51 -botocore==1.23.51 -certifi==2023.7.22 -cffi==1.15.1 -charset-normalizer==3.0.1 -coverage==7.1.0 -cryptography==41.0.6 -exceptiongroup==1.1.0 -execnet==1.9.0 -hypothesis==6.31.6 -idna==3.4 -importlib-metadata==6.0.0 -iniconfig==2.0.0 -Jinja2==3.1.2 -jmespath==0.10.0 -MarkupSafe==2.1.2 -mock==4.0.3 -moto==3.0.2 -packaging==23.0 -pluggy==1.0.0 -py==1.11.0 -pycparser==2.21 -pytest==7.2.1 -pytest-cov==3.0.0 -pytest-forked==1.6.0 -pytest-mock==3.10.0 -pytest-xdist==3.2.0 -python-dateutil==2.8.2 -pytz==2022.7.1 -requests==2.31.0 -responses==0.22.0 -s3transfer==0.5.2 -six==1.16.0 -sortedcontainers==2.4.0 -toml==0.10.2 -tomli==2.0.1 -types-toml==0.10.8.5 -typing_extensions==4.5.0 -urllib3==1.26.14 -Werkzeug==2.2.3 -xmltodict==0.13.0 -zipp==3.14.0 diff --git a/test/upstream.md b/test/upstream.md new file mode 100644 index 00000000..aeb3ed63 --- /dev/null +++ b/test/upstream.md @@ -0,0 +1,7 @@ +AWS Crypto Tools maintains `test/upstream-requirements-py.txt` in our Python products such that +our Cryptographic Primitive Provider for Python ([pyca/cryptography](https://github.com/pyca/cryptography)) +may execute downstream tests against AWS Crypto Tools Python products. +These files allow pyca to install and test the Crypto Tools products. +Additionally, Crypto Tools should maintain a test configuration that can be completed without using any AWS resources. +If Crypto Tools needs to contact pyca about this expectation, +they should cut a issue to the pyca/cryptography repo. diff --git a/tox.ini b/tox.ini index 3c8733a2..07a0aed6 100644 --- a/tox.ini +++ b/tox.ini @@ -5,7 +5,7 @@ envlist = docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, vulture, - test-upstream-requirements-py3{11,7} + test-upstream-requirements-py3{11} # Additional environments: # @@ -119,15 +119,6 @@ recreate = True deps = commands = {toxinidir}/test/freeze-upstream-requirements.sh -# Freeze for Python 3.7 -[testenv:freeze-upstream-requirements-py37] -basepython = python3.7 -sitepackages = {[testenv:freeze-upstream-requirements-base]sitepackages} -skip_install = {[testenv:freeze-upstream-requirements-base]skip_install} -recreate = {[testenv:freeze-upstream-requirements-base]recreate} -deps = {[testenv:freeze-upstream-requirements-base]deps} -commands = {[testenv:freeze-upstream-requirements-base]commands} test/upstream-requirements-py37.txt - # Freeze for Python 3.11 [testenv:freeze-upstream-requirements-py311] basepython = python3.11 @@ -144,15 +135,6 @@ recreate = True passenv = commands = {[testenv:base-command]commands} -m "local and not slow and not veryslow and not nope" --ignore=examples -# Test frozen upstream requirements for Python 3.7 -[testenv:test-upstream-requirements-py37] -basepython = python3.7 -passenv = -deps = -rtest/upstream-requirements-py37.txt -sitepackages = {[testenv:test-upstream-requirements-base]sitepackages} -recreate = {[testenv:test-upstream-requirements-base]recreate} -commands = {[testenv:test-upstream-requirements-base]commands} - # Test frozen upstream requirements for Python 3.11 [testenv:test-upstream-requirements-py311] basepython = python3.11 From 4604a85658244c9449cce056b1b43648d28e288d Mon Sep 17 00:00:00 2001 From: Tony Knapp <5892063+texastony@users.noreply.github.com> Date: Tue, 9 Apr 2024 12:22:00 -0700 Subject: [PATCH 50/57] feat: remove Python3.7 support (#764) --- .github/workflows/ci_tests.yaml | 1 - README.rst | 2 +- buildspec.yml | 4 ---- setup.py | 2 +- src/dynamodb_encryption_sdk/compatability.py | 5 +++-- test/unit/test_compatability.py | 2 +- tox.ini | 2 +- 7 files changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 6ec74181..d856f4ae 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -25,7 +25,6 @@ jobs: - os: macos-latest architecture: x64 python: - - 3.7 - 3.8 - 3.9 - "3.10" diff --git a/README.rst b/README.rst index d2e3647a..438a10ee 100644 --- a/README.rst +++ b/README.rst @@ -47,7 +47,7 @@ Getting Started Required Prerequisites ====================== -* Python 3.7+ +* Python 3.8+ Installation diff --git a/buildspec.yml b/buildspec.yml index b0005071..b53801b5 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -3,10 +3,6 @@ version: 0.2 batch: fast-fail: false build-list: - - identifier: python3_7 - buildspec: codebuild/python3.7.yml - env: - image: aws/codebuild/standard:5.0 - identifier: python3_8 buildspec: codebuild/python3.8.yml env: diff --git a/setup.py b/setup.py index 55408c94..e64e7d4e 100644 --- a/setup.py +++ b/setup.py @@ -48,11 +48,11 @@ def get_requirements(): "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", diff --git a/src/dynamodb_encryption_sdk/compatability.py b/src/dynamodb_encryption_sdk/compatability.py index 9819c825..ccd7be9f 100644 --- a/src/dynamodb_encryption_sdk/compatability.py +++ b/src/dynamodb_encryption_sdk/compatability.py @@ -24,9 +24,10 @@ def _warn_deprecated_python(): (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, (3, 5): {"date": "2021-11-10"}, (3, 6): {"date": "2021-12-19"}, + (3, 7): {"date": "2024-03-04"}, } py_version = (sys.version_info.major, sys.version_info.minor) - minimum_version = (3, 7) + minimum_version = (3, 8) if py_version in deprecated_versions: params = deprecated_versions[py_version] @@ -36,5 +37,5 @@ def _warn_deprecated_python(): "bug fixes, and security updates please upgrade to Python {}.{} or " "later. For more information, see SUPPORT_POLICY.rst: " "https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst" - ).format(py_version[0], py_version[1], minimum_version[0], minimum_version[1], params["date"]) + ).format(py_version[0], py_version[1], params["date"], minimum_version[0], minimum_version[1]) warnings.warn(warning, DeprecationWarning) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index 37241aa9..51510952 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -25,7 +25,7 @@ class TestWarnDeprecatedPython: def test_happy_version(self): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 - v_info.minor = 7 + v_info.minor = 8 with pytest.warns(None) as record: _warn_deprecated_python() assert len(record) == 0 diff --git a/tox.ini b/tox.ini index 07a0aed6..9024f22b 100644 --- a/tox.ini +++ b/tox.ini @@ -1,6 +1,6 @@ [tox] envlist = - py{37,38,39,310,311,312}-{local,integ,ddb,examples}-fast, + py{38,39,310,311,312}-{local,integ,ddb,examples}-fast, nocmk, sourcebuildcheck, docs, bandit, doc8, readme, flake8{,-tests,-examples}, pylint{,-tests,-examples}, From 4a00eedf5667609018a8b24a8c77fd2bba2088b6 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Fri, 21 Jun 2024 16:19:23 -0700 Subject: [PATCH 51/57] fix(docs; gha): updated .readthedocs.yaml; macos-latest to macos-12 (#777) --- .github/workflows/ci_tests.yaml | 2 +- .readthedocs.yaml | 9 +++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index d856f4ae..938c8fb8 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -22,7 +22,7 @@ jobs: # x86 builds are only meaningful for Windows - os: windows-latest architecture: x86 - - os: macos-latest + - os: macos-12 architecture: x64 python: - 3.8 diff --git a/.readthedocs.yaml b/.readthedocs.yaml index a19ab508..82c9c983 100644 --- a/.readthedocs.yaml +++ b/.readthedocs.yaml @@ -5,6 +5,12 @@ # Required version: 2 +# Set the OS, Python version and other tools you might need +build: + os: ubuntu-22.04 + tools: + python: "3.8" + # Build documentation in the doc/ directory with Sphinx sphinx: configuration: doc/conf.py @@ -15,8 +21,7 @@ submodules: exclude: all python: - version: 3.8 install: - requirements: dev_requirements/doc-requirements.txt - - method: setuptools + - method: pip path: . From 4dd6e0bb96f5f579bcdeae08bfc8aeed367b7e05 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 9 Jul 2024 18:36:50 -0400 Subject: [PATCH 52/57] chore(deps): Update pytest version in upstream-requirements-py311.txt (#776) --- test/unit/test_compatability.py | 7 +++---- test/upstream-requirements-py311.txt | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/test/unit/test_compatability.py b/test/unit/test_compatability.py index 51510952..314017e9 100644 --- a/test/unit/test_compatability.py +++ b/test/unit/test_compatability.py @@ -22,13 +22,12 @@ class TestWarnDeprecatedPython: - def test_happy_version(self): + def test_happy_version(self, recwarn): with mock.patch.object(sys, "version_info") as v_info: v_info.major = 3 v_info.minor = 8 - with pytest.warns(None) as record: - _warn_deprecated_python() - assert len(record) == 0 + _warn_deprecated_python() + assert len(recwarn) == 0 def test_below_warn(self): with mock.patch.object(sys, "version_info") as v_info: diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index dce81673..a0e9cbf7 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -16,10 +16,10 @@ MarkupSafe==2.1.2 mock==4.0.3 moto==3.0.2 packaging==23.0 -pluggy==1.0.0 +pluggy==1.5.0 py==1.11.0 pycparser==2.21 -pytest==7.2.1 +pytest==8.2.0 pytest-cov==3.0.0 pytest-forked==1.6.0 pytest-mock==3.10.0 From c4e65242e41ba2e7c0b6e20318a417873a7bf089 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Mon, 5 Aug 2024 13:44:03 -0700 Subject: [PATCH 53/57] chore(CHANGELOG): 3.3.0 (#778) --- CHANGELOG.rst | 19 +++++++++++++++++++ SUPPORT_POLICY.rst | 2 +- src/dynamodb_encryption_sdk/identifiers.py | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4b1e5cac..921613e8 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,25 @@ Changelog ********* +3.3.0 -- 2024-08-05 +=================== + +Deprecation +----------- +- The AWS DynamoDB Encryption Client for Python no longer supports Python 3.7 as of version 3.3 + - Only Python 3.8+ is supported. +- We no longer support OpenSSL 1.0.1 or 1.0.2, as per `cryptography documentation `_. + +Feature +----------- +* Warn on Deprecated Python 3.7 usage +* Add Python 3.11 to CI +* Add Python 3.12 to CI + +Maintenance +----------- +* Update requirements for boto3 (>=1.10.0) and cryptography (>=3.4.6) + 3.2.0 -- 2021-12-19 =================== diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 5af85cc5..3fe938f3 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -32,6 +32,6 @@ This table describes the current support status of each major version of the AWS * - 3.x - Generally Available - Maintenance - - 2023-07-23 + - 2024-08-05 .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/src/dynamodb_encryption_sdk/identifiers.py b/src/dynamodb_encryption_sdk/identifiers.py index b8b1c118..5c63f095 100644 --- a/src/dynamodb_encryption_sdk/identifiers.py +++ b/src/dynamodb_encryption_sdk/identifiers.py @@ -14,7 +14,7 @@ from enum import Enum __all__ = ("LOGGER_NAME", "CryptoAction", "EncryptionKeyType", "KeyEncodingType") -__version__ = "3.2.0" +__version__ = "3.3.0" LOGGER_NAME = "dynamodb_encryption_sdk" USER_AGENT_SUFFIX = "DynamodbEncryptionSdkPython/{}".format(__version__) From 921aedaf020346fe571b8b800758f430eda810b1 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Tue, 6 Aug 2024 13:28:57 -0700 Subject: [PATCH 54/57] chore(release): Updated API Token username password for Test PyPI and prod PyPI (#779) --- codebuild/release/prod-release.yml | 4 ++-- codebuild/release/test-release.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/codebuild/release/prod-release.yml b/codebuild/release/prod-release.yml index c8639c61..7f55b526 100644 --- a/codebuild/release/prod-release.yml +++ b/codebuild/release/prod-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: PyPiAdmin:username - TWINE_PASSWORD: PyPiAdmin:password + TWINE_USERNAME: PyPiAPIToken:username + TWINE_PASSWORD: PyPiAPIToken:password phases: install: diff --git a/codebuild/release/test-release.yml b/codebuild/release/test-release.yml index 9d8fbed2..03dc4d95 100644 --- a/codebuild/release/test-release.yml +++ b/codebuild/release/test-release.yml @@ -4,8 +4,8 @@ env: variables: BRANCH: "master" secrets-manager: - TWINE_USERNAME: TestPyPiCryptoTools:username - TWINE_PASSWORD: TestPyPiCryptoTools:password + TWINE_USERNAME: TestPyPiAPIToken:username + TWINE_PASSWORD: TestPyPiAPIToken:password phases: install: From e6ed4bf0f8fb96364907a135cb453b1fc78e39d1 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila <61410899+RitvikKapila@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:03:34 -0700 Subject: [PATCH 55/57] chore(CFN): Adding cfn template (#780) --- cfn/CB.yml | 364 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 364 insertions(+) create mode 100644 cfn/CB.yml diff --git a/cfn/CB.yml b/cfn/CB.yml new file mode 100644 index 00000000..30d5966b --- /dev/null +++ b/cfn/CB.yml @@ -0,0 +1,364 @@ +AWSTemplateFormatVersion: "2010-09-09" +Description: "Template to build a CodeBuild Project, assumes that GitHub credentials are already set up." +Parameters: + ProjectName: + Type: String + Description: The name of the CodeBuild Project + ProjectDescription: + Type: String + Description: The description for the CodeBuild Project + SourceLocation: + Type: String + Description: The https GitHub URL for the project + NumberOfBuildsInBatch: + Type: Number + MaxValue: 100 + MinValue: 1 + Default: 4 + Description: The number of builds you expect to run in a batch + +Metadata: + AWS::CloudFormation::Interface: + ParameterGroups: + - + Label: + default: "Crypto Tools CodeBuild Project Template" + Parameters: + - ProjectName + - ProjectDescription + - SourceLocation + +Resources: + CodeBuildProject: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Ref ProjectName + Description: !Ref ProjectDescription + Source: + Location: !Ref SourceLocation + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Triggers: + BuildType: BUILD_BATCH + Webhook: True + FilterGroups: + - - Type: EVENT + Pattern: PULL_REQUEST_CREATED,PULL_REQUEST_UPDATED,PUSH,PULL_REQUEST_REOPENED + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildCIServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectTestRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-test-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to test PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/test-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildProjectProdRelease: + Type: "AWS::CodeBuild::Project" + Properties: + Name: !Sub "${ProjectName}-prod-release" + Description: !Sub "CodeBuild project for ${ProjectName} to release to prod PyPi." + Source: + Location: !Ref SourceLocation + BuildSpec: "codebuild/release/prod-release.yml" + GitCloneDepth: 1 + GitSubmodulesConfig: + FetchSubmodules: false + InsecureSsl: false + ReportBuildStatus: false + Type: "GITHUB" + Artifacts: + Type: "NO_ARTIFACTS" + Cache: + Type: "NO_CACHE" + Environment: + ComputeType: "BUILD_GENERAL1_SMALL" + Image: "aws/codebuild/standard:3.0" + ImagePullCredentialsType: "CODEBUILD" + PrivilegedMode: false + Type: "LINUX_CONTAINER" + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + TimeoutInMinutes: 60 + QueuedTimeoutInMinutes: 480 + EncryptionKey: !Sub "arn:aws:kms:${AWS::Region}:${AWS::AccountId}:alias/aws/s3" + BadgeEnabled: false + BuildBatchConfig: + ServiceRole: !GetAtt CodeBuildServiceRole.Arn + Restrictions: + MaximumBuildsAllowed: !Ref NumberOfBuildsInBatch + ComputeTypesAllowed: + - BUILD_GENERAL1_SMALL + - BUILD_GENERAL1_MEDIUM + TimeoutInMins: 480 + LogsConfig: + CloudWatchLogs: + Status: "ENABLED" + S3Logs: + Status: "DISABLED" + EncryptionDisabled: false + + CodeBuildServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildBatchPolicy + - !Ref CodeBuildBasePolicy + - !Ref SecretsManagerPolicy + - !Ref DDBPolicy + - "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" + + CodeBuildCIServiceRole: + Type: "AWS::IAM::Role" + Properties: + Path: "/service-role/" + RoleName: !Sub "codebuild-${ProjectName}-CI-service-role" + AssumeRolePolicyDocument: "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"codebuild.amazonaws.com\"},\"Action\":\"sts:AssumeRole\"}]}" + MaxSessionDuration: 3600 + ManagedPolicyArns: + - !Ref CryptoToolsKMS + - !Ref CodeBuildCIBatchPolicy + - !Ref CodeBuildBasePolicy + - !Ref DDBPolicy + - "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" + + CodeBuildBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-test-release", + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}-prod-release" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildCIBatchPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBuildBatchPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-CI-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:project/${ProjectName}" + ], + "Action": [ + "codebuild:StartBuild", + "codebuild:StopBuild", + "codebuild:RetryBuild" + ] + } + ] + } + + CodeBuildBasePolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CodeBuildBasePolicy-${ProjectName}-${AWS::Region}" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-test-release:*", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release", + "arn:aws:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${ProjectName}-prod-release:*" + ], + "Action": [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents" + ] + }, + { + "Effect": "Allow", + "Resource": [ + "arn:aws:s3:::codepipeline-${AWS::Region}-*" + ], + "Action": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectVersion", + "s3:GetBucketAcl", + "s3:GetBucketLocation" + ] + }, + { + "Effect": "Allow", + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages" + ], + "Resource": [ + "arn:aws:codebuild:${AWS::Region}:${AWS::AccountId}:report-group/${ProjectName}-*" + ] + } + ] + } + + SecretsManagerPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CryptoTools-SecretsManager-${ProjectName}-release" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:secretsmanager:us-west-2:587316601012:secret:TestPyPiAPIToken-uERFjs", + "arn:aws:secretsmanager:us-west-2:587316601012:secret:PyPiAPIToken-nu1Gu6" + ], + "Action": "secretsmanager:GetSecretValue" + } + ] + } + + DDBPolicy: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CryptoTools-DynamoDB-${ProjectName}-CI" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:dynamodb:us-east-1:587316601012:table/ddbec-mrk-testing", + "arn:aws:dynamodb:us-west-2:587316601012:table/ddbec-mrk-testing" + ], + "Action": "*" + } + ] + } + + # There exist public AWS KMS CMKs that are used for testing + # Take care with these CMKs they are **ONLY** for testing!!! + CryptoToolsKMS: + Type: "AWS::IAM::ManagedPolicy" + Properties: + ManagedPolicyName: !Sub "CrypotToolsKMSPolicy-${ProjectName}-${AWS::Region}-codebuild-${ProjectName}-service-role" + Path: "/service-role/" + PolicyDocument: !Sub | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": [ + "arn:aws:kms:*:658956600833:key/*", + "arn:aws:kms:*:658956600833:alias/*" + ], + "Action": [ + "kms:Encrypt", + "kms:Decrypt", + "kms:GenerateDataKey" + ] + } + ] + } From 2ae188138cd34adef73eda4905991ebc9b3644e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 16:09:18 -0700 Subject: [PATCH 56/57] chore(deps): bump werkzeug from 2.3.8 to 3.0.3 in /test (#782) Bumps [werkzeug](https://github.com/pallets/werkzeug) from 2.3.8 to 3.0.3. - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/werkzeug/compare/2.3.8...3.0.3) --- updated-dependencies: - dependency-name: werkzeug dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/upstream-requirements-py311.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index a0e9cbf7..1c3051be 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -34,5 +34,5 @@ sortedcontainers==2.4.0 toml==0.10.2 types-toml==0.10.8.5 urllib3==1.26.18 -Werkzeug==2.3.8 +Werkzeug==3.0.3 xmltodict==0.13.0 From 2e630389836434b5cda63e0e5ade00ea638173f8 Mon Sep 17 00:00:00 2001 From: Andrew Jewell <107044381+ajewellamz@users.noreply.github.com> Date: Wed, 12 Feb 2025 10:59:12 -0500 Subject: [PATCH 57/57] chore: bump macos version in CI (#820) --- .github/workflows/ci_tests.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 938c8fb8..fb308d0b 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -22,7 +22,7 @@ jobs: # x86 builds are only meaningful for Windows - os: windows-latest architecture: x86 - - os: macos-12 + - os: macos-13 architecture: x64 python: - 3.8 @@ -30,7 +30,7 @@ jobs: - "3.10" - "3.11" - "3.12" - - 3.x +# - 3.x 3.13 does not have 'pipes' and maybe other necessary things category: - local-slow # These require credentials.