Skip to content

AWS SDK v2 support #516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 22 commits into from
Mar 2, 2022
Merged

AWS SDK v2 support #516

merged 22 commits into from
Mar 2, 2022

Conversation

smswz
Copy link
Contributor

@smswz smswz commented Feb 7, 2022
edited
Loading

Description of changes:
Adding support for the new version of the AWS SDK for Java. The changes will be merged into the aws-sdk-v2 branch to make it easier to compare changes. Once the source and tests are merged in to that branch, I will open a PR to merge aws-sdk-v2 into master

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

  • Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files. No files were moved

@smswz smswz changed the base branch from master to aws-sdk-v2 February 8, 2022 16:18
@smswz smswz force-pushed the sdk-v2-review branch 5 times, most recently from a3e3367 to 6820da3 Compare February 8, 2022 17:02
@smswz smswz changed the title AWS SDK v2 support AWS SDK v2 support (src only) Feb 8, 2022
@smswz smswz marked this pull request as ready for review February 8, 2022 18:18
@smswz smswz requested a review from a team as a code owner February 8, 2022 18:18
josecorella
josecorella requested changes Feb 8, 2022
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if we are leaking information when we store certain variables.
For example, on this line:

final String decryptResponseKeyId = decryptResponse.keyId();

I understand that for readability this makes more sense but I'm not sure if adding this reference leaks information?

@smswz
Copy link
Contributor Author

smswz commented Feb 8, 2022

Hmmm, I wouldn't think a variable would cause information to be leaked. Maybe @lavaleri or @farleyb-amazon can provide more information?

@lavaleri
Copy link
Contributor

lavaleri commented Feb 8, 2022

The KMS Key Id is not secret. Even if it were, we would just want to be sure to minimize the time it needs to exist in memory as much as is feasible. This extra reference won't hurt since with or without this extra reference no more references to this data will exist after this method completes, and it will be ready to be GC'd by Java as appropriate.

In terms of data leakage in Java, we mainly just want to be sure that we aren't storing secret values in such that they never get GC'd, or we potentially log that information.

josecorella
josecorella reviewed Feb 8, 2022
View reviewed changes
lavaleri
lavaleri reviewed Feb 8, 2022
View reviewed changes
src/main/java/com/amazonaws/encryptionsdk/kmsv2/AwsKmsMrkAwareMasterKeyProvider.java
private DiscoveryFilter discoveryFilter_ = null;
private String discoveryMrkRegion_ = this.defaultRegion_;
private Region discoveryMrkRegion_ = this.defaultRegion_;

Builder() {
// Default access: Don't allow outside classes to extend this class
}

public Builder clone() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't blocking, but this is a good opportunity to move from Cloneable to a copy constructor pattern, i.e. implement a toBuilder() instead of this clone. The Cloneable pattern is confusing and easy to get wrong, and I believe the SDK already has customers familiar with the toBuilder() pattern.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great idea, especially since the SDKv2 clients no longer support the Cloneable pattern either. I will probably push this change to a later CR though since its more of a functional change.

@smswz
Copy link
Contributor Author

smswz commented Feb 11, 2022

Dependent on aws/aws-sdk-java-v2#3024

@smswz smswz changed the title AWS SDK v2 support (src only) AWS SDK v2 support Feb 23, 2022
@smswz
Copy link
Contributor Author

smswz commented Mar 1, 2022

After getting some eyes, I'll rename the package to kmssdkv2

1 similar comment
@smswz
Copy link
Contributor Author

smswz commented Mar 1, 2022

After getting some eyes, I'll rename the package to kmssdkv2

josecorella
josecorella reviewed Mar 1, 2022
View reviewed changes
Copy link
Contributor

@josecorella josecorella left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@smswz smswz merged commit a033c52 into aws:aws-sdk-v2 Mar 2, 2022
@smswz smswz deleted the sdk-v2-review branch March 2, 2022 16:21
smswz added a commit that referenced this pull request Mar 2, 2022
@smswz
feat: AWS SDK v2 support (#516)
1488f40 
Now supports using either v1 or v2 (or both) of the AWS SDK for Java with the encryption SDK. The new classes to support AWS SDK for Java v2 can be found in the `com.amazonaws.encryptionsdk.kmssdkv2` package.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josecorella josecorella josecorella approved these changes

@lavaleri lavaleri lavaleri approved these changes

Assignees

@josecorella josecorella

@lavaleri lavaleri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smswz @lavaleri @josecorella