Skip to content

Incorporate Keyrings into AwsCrypto and deprecate MasterKeyProviders. #151

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Feb 12, 2020
Merged

Incorporate Keyrings into AwsCrypto and deprecate MasterKeyProviders. #151

merged 28 commits into from
Feb 12, 2020

Conversation

WesleyRosenblum
Copy link
Contributor

@WesleyRosenblum WesleyRosenblum commented Jan 17, 2020
edited
Loading

Description of changes:

This change incorporates Keyrings into AwsCrypto and deprecates MasterKeys and MasterKeyProviders.

See #150 for a discussion on the evolution of the API as we transition to Keyrings
See #153 for a discussion on the ergonomics of Keyrings

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

@mattsb42-aws mattsb42-aws mentioned this pull request Jan 20, 2020
Open
15 tasks
SalusaSecondus
SalusaSecondus suggested changes Jan 23, 2020
View reviewed changes
SalusaSecondus
SalusaSecondus previously approved these changes Jan 23, 2020
View reviewed changes
SalusaSecondus
SalusaSecondus previously approved these changes Jan 24, 2020
View reviewed changes
@mattsb42-aws
Copy link
Member

Not entirely relevant to this PR, but since we don't have a better place and this is where you said you'll be doing the change:

As mentioned here[1], can we make sure that we call the AWS KMS keyring the "AWS KMS" keyring, not just the "KMS" keyring?

[1] awslabs/aws-encryption-sdk-specification#67

mattsb42-aws
mattsb42-aws requested changes Feb 4, 2020
View reviewed changes
Copy link
Member

@mattsb42-aws mattsb42-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the minor naming issue, I like it.

Obviously this needs review from one of our resident Java folks, but as far as the overall design of the keyrings and how they're being integrated into the existing system, I like it.

mattsb42-aws
mattsb42-aws previously approved these changes Feb 4, 2020
View reviewed changes
Copy link
Member

@mattsb42-aws mattsb42-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependent on the review of one of our Java experts, LGTM.

robin-aws
robin-aws reviewed Feb 5, 2020
View reviewed changes
Copy link
Contributor

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some initial thoughts on the API changes based on reviewing the examples. More to come! :)

robin-aws
robin-aws reviewed Feb 6, 2020
View reviewed changes
Copy link
Contributor

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another batch of comments - I've looked at about half of the non-test file changes now.

WesleyRosenblum and others added 3 commits February 6, 2020 11:28
@WesleyRosenblum
Updating wording and adding more Deprecated annotations
876dd5e
@WesleyRosenblum
Enable AwsKms Client Caching by default to match KmsMasterKeyProvider
214fabd
@WesleyRosenblum
Making tests opt-out instead of opt-in and update TestVectorRunner (#154
cffe776 
)

* Making tests opt-out instead of opt-in and update TestVectorRunner

JUnit5 doesn't support test suites yet
(see junit-team/junit5#744) and the existing
test suites do not support the new JUnit5 tests that are being used for
keyrings. This change removes the test suites, and configures Maven to
include all tests except those marked with certain JUnit tags.

Additionally, this change updates the TestVectorRunner to also test
Keyrings and removes the redundant XCompat tests.

* Client caching is now enabled by default in AwsKmsClientSupplier

* Rename slow tag to ad_hoc and fix TestVectorRunner
robin-aws
robin-aws reviewed Feb 10, 2020
View reviewed changes
Copy link
Contributor

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finished reviewing all source file, will do one more quick batch that looks at the test files.

robin-aws
robin-aws reviewed Feb 11, 2020
View reviewed changes
Copy link
Contributor

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just minor stuff in the tests.

robin-aws
robin-aws previously approved these changes Feb 11, 2020
View reviewed changes
Copy link
Contributor

@robin-aws robin-aws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for addressing all the feedback!

@ttjsu-aws ttjsu-aws mentioned this pull request Feb 11, 2020
Closed
15 tasks
@WesleyRosenblum
Additional example code for Keyrings (#155)
12f0c42 
* Additional example code for Keyrings

* Updating wording

* Remove AWS from AWS KMS keyring and make keyring lowercase
@WesleyRosenblum WesleyRosenblum merged commit 8bdb1d4 into keyring Feb 12, 2020
@WesleyRosenblum WesleyRosenblum deleted the materialsmanager branch February 12, 2020 02:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@praus praus praus left review comments

@juneb juneb juneb left review comments

@robin-aws robin-aws robin-aws approved these changes

@SalusaSecondus SalusaSecondus SalusaSecondus left review comments

@mattsb42-aws mattsb42-aws mattsb42-aws left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@WesleyRosenblum @mattsb42-aws @praus @SalusaSecondus @juneb @robin-aws