From 5a67fd8f789bf1019068e256d9363ff46f6a2303 Mon Sep 17 00:00:00 2001
From: mattsb42-aws <bullocm@amazon.com>
Date: Fri, 17 Apr 2020 16:34:26 -0700
Subject: [PATCH 1/3] chore: fix 'nocmk' test environment to block environment
variables again
---
tox.ini | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tox.ini b/tox.ini
index ccc5dc4fa..0785c62f7 100644
--- a/tox.ini
+++ b/tox.ini
@@ -61,6 +61,11 @@ commands =
[testenv:nocmk]
basepython = python3
sitepackages = False
+#########################################################
+# Do not pass through or set any environment variables! #
+passenv =
+setenv =
+#########################################################
deps = -rtest/requirements.txt
commands = {[testenv:base-command]commands} test/ -m local
From 4edf39c1bc5f44a161c4d07d7845993e141102f6 Mon Sep 17 00:00:00 2001
From: mattsb42-aws <bullocm@amazon.com>
Date: Fri, 17 Apr 2020 16:35:18 -0700
Subject: [PATCH 2/3] fix: move calls requiring integ test environment setup
from test parameterization setup to inside test body
---
test/integration/test_client.py | 46 +++++++++++++++++++++------------
1 file changed, 29 insertions(+), 17 deletions(-)
diff --git a/test/integration/test_client.py b/test/integration/test_client.py
index 7f5c1e983..d6ed0e082 100644
--- a/test/integration/test_client.py
+++ b/test/integration/test_client.py
@@ -27,20 +27,23 @@
}
+def _generate_mkp():
+ """Isolated inside a function to avoid calling get_cmk_arn during test discovery."""
+ return setup_kms_master_key_provider().master_key(get_cmk_arn())
+
+
@pytest.mark.parametrize(
- "kwargs",
+ "parameter_name, value_partial",
(
- pytest.param(dict(key_provider=setup_kms_master_key_provider()), id="AWS KMS master key provider"),
- pytest.param(
- dict(key_provider=setup_kms_master_key_provider().master_key(get_cmk_arn())), id="AWS KMS master key"
- ),
- pytest.param(dict(keyring=build_aws_kms_keyring()), id="AWS KMS keyring"),
+ pytest.param("key_provider", setup_kms_master_key_provider, id="AWS KMS master key provider"),
+ pytest.param("key_provider", _generate_mkp, id="AWS KMS master key"),
+ pytest.param("keyring", build_aws_kms_keyring, id="AWS KMS keyring"),
),
)
-def test_encrypt_verify_user_agent_in_logs(caplog, kwargs):
+def test_encrypt_verify_user_agent_in_logs(caplog, parameter_name, value_partial):
caplog.set_level(level=logging.DEBUG)
- aws_encryption_sdk.encrypt(source=VALUES["plaintext_128"], **kwargs)
+ aws_encryption_sdk.encrypt(source=VALUES["plaintext_128"], parameter_name=value_partial())
assert USER_AGENT_SUFFIX in caplog.text
@@ -48,17 +51,17 @@ def test_encrypt_verify_user_agent_in_logs(caplog, kwargs):
@pytest.mark.parametrize("frame_size", (pytest.param(0, id="unframed"), pytest.param(1024, id="1024 byte frame")))
@pytest.mark.parametrize("algorithm_suite", Algorithm)
@pytest.mark.parametrize(
- "encrypt_key_provider_kwargs",
+ "encrypt_key_provider_param, encrypt_key_provider_partial",
(
- pytest.param(dict(key_provider=setup_kms_master_key_provider()), id="encrypt with MKP"),
- pytest.param(dict(keyring=build_aws_kms_keyring()), id="encrypt with keyring"),
+ pytest.param("key_provider", setup_kms_master_key_provider, id="encrypt with MKP"),
+ pytest.param("keyring", build_aws_kms_keyring, id="encrypt with keyring"),
),
)
@pytest.mark.parametrize(
- "decrypt_key_provider_kwargs",
+ "decrypt_key_provider_param, decrypt_key_provider_partial",
(
- pytest.param(dict(key_provider=setup_kms_master_key_provider()), id="decrypt with MKP"),
- pytest.param(dict(keyring=build_aws_kms_keyring()), id="decrypt with keyring"),
+ pytest.param("key_provider", setup_kms_master_key_provider, id="decrypt with MKP"),
+ pytest.param("keyring", build_aws_kms_keyring, id="decrypt with keyring"),
),
)
@pytest.mark.parametrize(
@@ -76,16 +79,25 @@ def test_encrypt_verify_user_agent_in_logs(caplog, kwargs):
),
)
def test_encrypt_decrypt_cycle_aws_kms(
- frame_size, algorithm_suite, encrypt_key_provider_kwargs, decrypt_key_provider_kwargs, encryption_context, plaintext
+ frame_size,
+ algorithm_suite,
+ encrypt_key_provider_param,
+ encrypt_key_provider_partial,
+ decrypt_key_provider_param,
+ decrypt_key_provider_partial,
+ encryption_context,
+ plaintext,
):
ciphertext, _ = aws_encryption_sdk.encrypt(
source=plaintext,
encryption_context=encryption_context,
frame_length=frame_size,
algorithm=algorithm_suite,
- **encrypt_key_provider_kwargs
+ encrypt_key_provider_param=encrypt_key_provider_partial(),
+ )
+ decrypted, _ = aws_encryption_sdk.decrypt(
+ source=ciphertext, decrypt_key_provider_param=decrypt_key_provider_partial()
)
- decrypted, _ = aws_encryption_sdk.decrypt(source=ciphertext, **decrypt_key_provider_kwargs)
assert decrypted == plaintext
From 73fdd5076b718a560b7e0a36ce241ae634cc6c16 Mon Sep 17 00:00:00 2001
From: mattsb42-aws <bullocm@amazon.com>
Date: Fri, 17 Apr 2020 17:00:36 -0700
Subject: [PATCH 3/3] fix: fix broken parameter reconfiguration
---
test/integration/test_client.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/test/integration/test_client.py b/test/integration/test_client.py
index d6ed0e082..44f43a95c 100644
--- a/test/integration/test_client.py
+++ b/test/integration/test_client.py
@@ -43,7 +43,7 @@ def _generate_mkp():
def test_encrypt_verify_user_agent_in_logs(caplog, parameter_name, value_partial):
caplog.set_level(level=logging.DEBUG)
- aws_encryption_sdk.encrypt(source=VALUES["plaintext_128"], parameter_name=value_partial())
+ aws_encryption_sdk.encrypt(source=VALUES["plaintext_128"], **{parameter_name: value_partial()})
assert USER_AGENT_SUFFIX in caplog.text
@@ -93,10 +93,10 @@ def test_encrypt_decrypt_cycle_aws_kms(
encryption_context=encryption_context,
frame_length=frame_size,
algorithm=algorithm_suite,
- encrypt_key_provider_param=encrypt_key_provider_partial(),
+ **{encrypt_key_provider_param: encrypt_key_provider_partial()}
)
decrypted, _ = aws_encryption_sdk.decrypt(
- source=ciphertext, decrypt_key_provider_param=decrypt_key_provider_partial()
+ source=ciphertext, **{decrypt_key_provider_param: decrypt_key_provider_partial()}
)
assert decrypted == plaintext