feat: rename keyring trace flags to match names in specification

Author: mattsb42-aws

src/aws_encryption_sdk/identifiers.py

@@ -340,8 +340,8 @@ class KeyringTraceFlagValue(object):
 
         name = attr.ib()
 
-    WRAPPING_KEY_GENERATED_DATA_KEY = KeyringTraceFlagValue("WRAPPING_KEY_GENERATED_DATA_KEY")
-    WRAPPING_KEY_ENCRYPTED_DATA_KEY = KeyringTraceFlagValue("WRAPPING_KEY_ENCRYPTED_DATA_KEY")
-    WRAPPING_KEY_DECRYPTED_DATA_KEY = KeyringTraceFlagValue("WRAPPING_KEY_DECRYPTED_DATA_KEY")
-    WRAPPING_KEY_SIGNED_ENC_CTX = KeyringTraceFlagValue("WRAPPING_KEY_SIGNED_ENC_CTX")
-    WRAPPING_KEY_VERIFIED_ENC_CTX = KeyringTraceFlagValue("WRAPPING_KEY_VERIFIED_ENC_CTX")
+    GENERATED_DATA_KEY = KeyringTraceFlagValue("GENERATED_DATA_KEY")
+    ENCRYPTED_DATA_KEY = KeyringTraceFlagValue("ENCRYPTED_DATA_KEY")
+    DECRYPTED_DATA_KEY = KeyringTraceFlagValue("DECRYPTED_DATA_KEY")
+    SIGNED_ENCRYPTION_CONTEXT = KeyringTraceFlagValue("SIGNED_ENCRYPTION_CONTEXT")
+    VERIFIED_ENCRYPTION_CONTEXT = KeyringTraceFlagValue("VERIFIED_ENCRYPTION_CONTEXT")

src/aws_encryption_sdk/keyrings/aws_kms/__init__.py

@@ -34,9 +34,9 @@
 
 _LOGGER = logging.getLogger(__name__)
 _PROVIDER_ID = "aws-kms"
-_GENERATE_FLAGS = {KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY}
-_ENCRYPT_FLAGS = {KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY, KeyringTraceFlag.WRAPPING_KEY_SIGNED_ENC_CTX}
-_DECRYPT_FLAGS = {KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY, KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX}
+_GENERATE_FLAGS = {KeyringTraceFlag.GENERATED_DATA_KEY}
+_ENCRYPT_FLAGS = {KeyringTraceFlag.ENCRYPTED_DATA_KEY, KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT}
+_DECRYPT_FLAGS = {KeyringTraceFlag.DECRYPTED_DATA_KEY, KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT}
 
 
 @attr.s

src/aws_encryption_sdk/keyrings/raw.py

@@ -55,7 +55,7 @@ def _generate_data_key(
         raise GenerateKeyError("Unable to generate data encryption key.")
 
     # Create a keyring trace
-    keyring_trace = KeyringTrace(wrapping_key=key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY})
+    keyring_trace = KeyringTrace(wrapping_key=key_provider, flags={KeyringTraceFlag.GENERATED_DATA_KEY})
 
     # plaintext_data_key to RawDataKey
     data_encryption_key = RawDataKey(key_provider=key_provider, data_key=plaintext_data_key)
@@ -150,7 +150,7 @@ def on_encrypt(self, encryption_materials):
 
         # Update Keyring Trace
         keyring_trace = KeyringTrace(
-            wrapping_key=encrypted_data_key.key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY}
+            wrapping_key=encrypted_data_key.key_provider, flags={KeyringTraceFlag.ENCRYPTED_DATA_KEY}
         )
 
         # Add encrypted data key to encryption_materials
@@ -201,9 +201,7 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys):
                 return decryption_materials
 
             # Create a keyring trace
-            keyring_trace = KeyringTrace(
-                wrapping_key=self._key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY}
-            )
+            keyring_trace = KeyringTrace(wrapping_key=self._key_provider, flags={KeyringTraceFlag.DECRYPTED_DATA_KEY})
 
             # Update decryption materials
             data_encryption_key = RawDataKey(key_provider=self._key_provider, data_key=plaintext_data_key)
@@ -367,7 +365,7 @@ def on_encrypt(self, encryption_materials):
 
         # Update Keyring Trace
         keyring_trace = KeyringTrace(
-            wrapping_key=encrypted_data_key.key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY}
+            wrapping_key=encrypted_data_key.key_provider, flags={KeyringTraceFlag.ENCRYPTED_DATA_KEY}
         )
 
         # Add encrypted data key to encryption_materials
@@ -408,9 +406,7 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys):
                 continue
 
             # Create a keyring trace
-            keyring_trace = KeyringTrace(
-                wrapping_key=self._key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY}
-            )
+            keyring_trace = KeyringTrace(wrapping_key=self._key_provider, flags={KeyringTraceFlag.DECRYPTED_DATA_KEY})
 
             # Update decryption materials
             data_encryption_key = RawDataKey(key_provider=self._key_provider, data_key=plaintext_data_key)

src/aws_encryption_sdk/materials_managers/__init__.py

@@ -280,7 +280,7 @@ def add_data_encryption_key(self, data_encryption_key, keyring_trace):
         self._add_data_encryption_key(
             data_encryption_key=data_encryption_key,
             keyring_trace=keyring_trace,
-            required_flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY},
+            required_flags={KeyringTraceFlag.GENERATED_DATA_KEY},
         )
 
     def add_encrypted_data_key(self, encrypted_data_key, keyring_trace):
@@ -299,7 +299,7 @@ def add_encrypted_data_key(self, encrypted_data_key, keyring_trace):
         if self.data_encryption_key is None:
             raise AttributeError("Data encryption key is not set.")
 
-        if KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY not in keyring_trace.flags:
+        if KeyringTraceFlag.ENCRYPTED_DATA_KEY not in keyring_trace.flags:
             raise InvalidKeyringTraceError("Keyring flags do not match action.")
 
         if keyring_trace.wrapping_key != encrypted_data_key.key_provider:
@@ -445,7 +445,7 @@ def add_data_encryption_key(self, data_encryption_key, keyring_trace):
         self._add_data_encryption_key(
             data_encryption_key=data_encryption_key,
             keyring_trace=keyring_trace,
-            required_flags={KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY},
+            required_flags={KeyringTraceFlag.DECRYPTED_DATA_KEY},
         )
 
     def add_verification_key(self, verification_key):

test/functional/keyrings/aws_kms/test_aws_kms.py

@@ -61,9 +61,9 @@ def test_aws_kms_single_cmk_keyring_on_encrypt_empty_materials(fake_generator):
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=fake_generator), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_SIGNED_ENC_CTX in generator_flags
+    assert KeyringTraceFlag.GENERATED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.ENCRYPTED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT in generator_flags
 
 
 def test_aws_kms_single_cmk_keyring_on_encrypt_existing_data_key(fake_generator):
@@ -86,9 +86,9 @@ def test_aws_kms_single_cmk_keyring_on_encrypt_existing_data_key(fake_generator)
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=fake_generator), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY not in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_SIGNED_ENC_CTX in generator_flags
+    assert KeyringTraceFlag.GENERATED_DATA_KEY not in generator_flags
+    assert KeyringTraceFlag.ENCRYPTED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.SIGNED_ENCRYPTION_CONTEXT in generator_flags
 
 
 @mock_kms
@@ -155,8 +155,8 @@ def test_aws_kms_single_cmk_keyring_on_decrypt_single_cmk(fake_generator):
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=fake_generator), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX in generator_flags
+    assert KeyringTraceFlag.DECRYPTED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT in generator_flags
 
 
 def test_aws_kms_single_cmk_keyring_on_decrypt_multiple_cmk(fake_generator_and_child):
@@ -186,8 +186,8 @@ def test_aws_kms_single_cmk_keyring_on_decrypt_multiple_cmk(fake_generator_and_c
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=child), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in child_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX in child_flags
+    assert KeyringTraceFlag.DECRYPTED_DATA_KEY in child_flags
+    assert KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT in child_flags
 
 
 def test_aws_kms_single_cmk_keyring_on_decrypt_no_match(fake_generator_and_child):
@@ -274,8 +274,8 @@ def test_aws_kms_discovery_keyring_on_decrypt(encryption_materials_for_discovery
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=generator_key_id), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX in generator_flags
+    assert KeyringTraceFlag.DECRYPTED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT in generator_flags
 
 
 @mock_kms
@@ -380,8 +380,8 @@ def test_try_aws_kms_decrypt_succeed(fake_generator):
         MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=fake_generator), result_materials.keyring_trace
     )
 
-    assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in generator_flags
-    assert KeyringTraceFlag.WRAPPING_KEY_VERIFIED_ENC_CTX in generator_flags
+    assert KeyringTraceFlag.DECRYPTED_DATA_KEY in generator_flags
+    assert KeyringTraceFlag.VERIFIED_ENCRYPTION_CONTEXT in generator_flags
 
 
 @mock_kms

test/functional/keyrings/raw/test_raw_aes.py

@@ -57,7 +57,7 @@ def sample_encryption_materials():
             keyring_trace=[
                 KeyringTrace(
                     wrapping_key=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID),
-                    flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY},
+                    flags={KeyringTraceFlag.GENERATED_DATA_KEY},
                 )
             ],
         ),

test/functional/keyrings/raw/test_raw_rsa.py

@@ -133,7 +133,7 @@ def sample_encryption_materials():
             keyring_trace=[
                 KeyringTrace(
                     wrapping_key=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID),
-                    flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY},
+                    flags={KeyringTraceFlag.GENERATED_DATA_KEY},
                 )
             ],
         ),

test/functional/keyrings/test_multi.py

@@ -44,7 +44,7 @@
     keyring_trace=[
         KeyringTrace(
             wrapping_key=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID),
-            flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY},
+            flags={KeyringTraceFlag.GENERATED_DATA_KEY},
         )
     ],
 )

test/unit/keyrings/raw/test_raw_aes.py

@@ -129,8 +129,8 @@ def test_keyring_trace_on_encrypt_when_data_encryption_key_given(raw_aes_keyring
 
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            # Check keyring trace does not contain KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY
-            assert KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY not in keyring_trace.flags
+            # Check keyring trace does not contain KeyringTraceFlag.GENERATED_DATA_KEY
+            assert KeyringTraceFlag.GENERATED_DATA_KEY not in keyring_trace.flags
 
 
 def test_on_encrypt_when_data_encryption_key_not_given(raw_aes_keyring):
@@ -152,11 +152,11 @@ def test_on_encrypt_when_data_encryption_key_not_given(raw_aes_keyring):
     for keyring_trace in test.keyring_trace:
         if (
             keyring_trace.wrapping_key.key_info == _KEY_ID
-            and KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY in keyring_trace.flags
+            and KeyringTraceFlag.GENERATED_DATA_KEY in keyring_trace.flags
         ):
-            # Check keyring trace contains KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY
+            # Check keyring trace contains KeyringTraceFlag.GENERATED_DATA_KEY
             generated_flag_count += 1
-        if KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY in keyring_trace.flags:
+        if KeyringTraceFlag.ENCRYPTED_DATA_KEY in keyring_trace.flags:
             encrypted_flag_count += 1
 
     assert generated_flag_count == 1
@@ -187,8 +187,8 @@ def test_keyring_trace_on_decrypt_when_data_key_given(raw_aes_keyring):
     )
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            # Check keyring trace does not contain KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
-            assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY not in keyring_trace.flags
+            # Check keyring trace does not contain KeyringTraceFlag.DECRYPTED_DATA_KEY
+            assert KeyringTraceFlag.DECRYPTED_DATA_KEY not in keyring_trace.flags
 
 
 @pytest.mark.parametrize(
@@ -208,7 +208,7 @@ def test_on_decrypt_when_data_key_and_edk_not_provided(
 
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY not in keyring_trace.flags
+            assert KeyringTraceFlag.DECRYPTED_DATA_KEY not in keyring_trace.flags
 
     assert test.data_encryption_key is None
 
@@ -235,7 +235,7 @@ def test_keyring_trace_when_data_key_not_provided_and_edk_provided(raw_aes_keyri
     decrypted_flag_count = 0
 
     for keyring_trace in test.keyring_trace:
-        if KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in keyring_trace.flags:
+        if KeyringTraceFlag.DECRYPTED_DATA_KEY in keyring_trace.flags:
             decrypted_flag_count += 1
 
     assert decrypted_flag_count == 1
@@ -277,6 +277,6 @@ def test_generate_data_key_keyring_trace():
     generate_flag_count = 0
 
     for keyring_trace in encryption_materials_without_data_key.keyring_trace:
-        if KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY in keyring_trace.flags:
+        if KeyringTraceFlag.GENERATED_DATA_KEY in keyring_trace.flags:
             generate_flag_count += 1
     assert generate_flag_count == 1

test/unit/keyrings/raw/test_raw_rsa.py

@@ -130,8 +130,8 @@ def test_keyring_trace_on_encrypt_when_data_encryption_key_given(raw_rsa_keyring
 
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            # Check keyring trace does not contain KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY
-            assert KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY not in keyring_trace.flags
+            # Check keyring trace does not contain KeyringTraceFlag.GENERATED_DATA_KEY
+            assert KeyringTraceFlag.GENERATED_DATA_KEY not in keyring_trace.flags
 
 
 def test_on_encrypt_when_data_encryption_key_not_given(raw_rsa_keyring):
@@ -152,11 +152,11 @@ def test_on_encrypt_when_data_encryption_key_not_given(raw_rsa_keyring):
     for keyring_trace in test.keyring_trace:
         if (
             keyring_trace.wrapping_key.key_info == _KEY_ID
-            and KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY in keyring_trace.flags
+            and KeyringTraceFlag.GENERATED_DATA_KEY in keyring_trace.flags
         ):
-            # Check keyring trace contains KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY
+            # Check keyring trace contains KeyringTraceFlag.GENERATED_DATA_KEY
             generated_flag_count += 1
-        if KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY in keyring_trace.flags:
+        if KeyringTraceFlag.ENCRYPTED_DATA_KEY in keyring_trace.flags:
             encrypted_flag_count += 1
 
     assert generated_flag_count == 1
@@ -183,8 +183,8 @@ def test_keyring_trace_on_decrypt_when_data_key_given(raw_rsa_keyring):
     )
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            # Check keyring trace does not contain KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY
-            assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY not in keyring_trace.flags
+            # Check keyring trace does not contain KeyringTraceFlag.DECRYPTED_DATA_KEY
+            assert KeyringTraceFlag.DECRYPTED_DATA_KEY not in keyring_trace.flags
 
 
 def test_on_decrypt_when_data_key_and_edk_not_provided(raw_rsa_keyring, patch_decrypt_on_wrapping_key):
@@ -196,7 +196,7 @@ def test_on_decrypt_when_data_key_and_edk_not_provided(raw_rsa_keyring, patch_de
     assert not patch_decrypt_on_wrapping_key.called
 
     for keyring_trace in test.keyring_trace:
-        assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY not in keyring_trace.flags
+        assert KeyringTraceFlag.DECRYPTED_DATA_KEY not in keyring_trace.flags
 
     assert test.data_encryption_key is None
 
@@ -212,7 +212,7 @@ def test_on_decrypt_when_data_key_not_provided_and_edk_not_in_keyring(raw_rsa_ke
 
     for keyring_trace in test.keyring_trace:
         if keyring_trace.wrapping_key.key_info == _KEY_ID:
-            assert KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY not in keyring_trace.flags
+            assert KeyringTraceFlag.DECRYPTED_DATA_KEY not in keyring_trace.flags
 
     assert test.data_encryption_key is None
 
@@ -242,7 +242,7 @@ def test_keyring_trace_when_data_key_not_provided_and_edk_provided(raw_rsa_keyri
     decrypted_flag_count = 0
 
     for keyring_trace in test.keyring_trace:
-        if KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY in keyring_trace.flags:
+        if KeyringTraceFlag.DECRYPTED_DATA_KEY in keyring_trace.flags:
             decrypted_flag_count += 1
 
     assert decrypted_flag_count == 1

test/unit/materials_managers/test_material_managers.py

@@ -54,7 +54,7 @@
         keyring_trace=[
             KeyringTrace(
                 wrapping_key=MasterKeyInfo(provider_id="Provider", key_info=b"Info"),
-                flags={KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY},
+                flags={KeyringTraceFlag.GENERATED_DATA_KEY},
             )
         ],
     ),
@@ -244,8 +244,8 @@ def test_empty_encrypted_data_keys():
 @pytest.mark.parametrize(
     "material_class, flag",
     (
-        (EncryptionMaterials, KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY),
-        (DecryptionMaterials, KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY),
+        (EncryptionMaterials, KeyringTraceFlag.GENERATED_DATA_KEY),
+        (DecryptionMaterials, KeyringTraceFlag.DECRYPTED_DATA_KEY),
     ),
 )
 def test_add_data_encryption_key_success(material_class, flag):
@@ -264,8 +264,8 @@ def test_add_data_encryption_key_success(material_class, flag):
 
 def _add_data_encryption_key_test_cases():
     for material_class, required_flags in (
-        (EncryptionMaterials, KeyringTraceFlag.WRAPPING_KEY_GENERATED_DATA_KEY),
-        (DecryptionMaterials, KeyringTraceFlag.WRAPPING_KEY_DECRYPTED_DATA_KEY),
+        (EncryptionMaterials, KeyringTraceFlag.GENERATED_DATA_KEY),
+        (DecryptionMaterials, KeyringTraceFlag.DECRYPTED_DATA_KEY),
     ):
         yield (
             material_class,
@@ -332,7 +332,7 @@ def test_add_encrypted_data_key_success():
     materials.add_encrypted_data_key(
         _ENCRYPTED_DATA_KEY,
         keyring_trace=KeyringTrace(
-            wrapping_key=_ENCRYPTED_DATA_KEY.key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY}
+            wrapping_key=_ENCRYPTED_DATA_KEY.key_provider, flags={KeyringTraceFlag.ENCRYPTED_DATA_KEY}
         ),
     )
 
@@ -352,17 +352,15 @@ def test_add_encrypted_data_key_success():
             EncryptedDataKey(key_provider=MasterKeyInfo(provider_id="a", key_info=b"b"), encrypted_data_key=b"asdf"),
             KeyringTrace(
                 wrapping_key=MasterKeyInfo(provider_id="not a match", key_info=b"really not a match"),
-                flags={KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY},
+                flags={KeyringTraceFlag.ENCRYPTED_DATA_KEY},
             ),
             InvalidKeyringTraceError,
             "Keyring trace does not match data key encryptor.",
         ),
         (
             dict(data_encryption_key=_REMOVE, encrypted_data_keys=_REMOVE),
             _ENCRYPTED_DATA_KEY,
-            KeyringTrace(
-                wrapping_key=_ENCRYPTED_DATA_KEY.key_provider, flags={KeyringTraceFlag.WRAPPING_KEY_ENCRYPTED_DATA_KEY}
-            ),
+            KeyringTrace(wrapping_key=_ENCRYPTED_DATA_KEY.key_provider, flags={KeyringTraceFlag.ENCRYPTED_DATA_KEY}),
             AttributeError,
             "Data encryption key is not set.",
         ),