aws · lucasmcdonald3 · Aug 8, 2024 · May 20, 2024 · May 20, 2024 · May 20, 2024
diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml
@@ -25,11 +25,7 @@ jobs:
       matrix:
         os:
           - ubuntu-latest
-          # Windows fails due to "No module named 'Wrappers'"
-          # This SHOULD be fixed once Dafny generates fully-qualified import statements
-          # (i.e. doo files, per-package module names)
-          # Disable for now
-          # - windows-latest
+          - windows-latest
           - macos-12
         python:
           - 3.8

diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py
@@ -32,7 +32,6 @@
 For more information on how to use KMS Discovery keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -49,11 +48,6 @@
 from aws_encryption_sdk import CommitmentPolicy
 from aws_encryption_sdk.exceptions import AWSEncryptionSDKClientError
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py
@@ -29,7 +29,6 @@
 For more information on how to use KMS Discovery keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -45,11 +44,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_keyring_example.py b/examples/src/aws_kms_keyring_example.py
@@ -17,7 +17,6 @@
 For more information on how to use KMS keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -29,11 +28,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py
@@ -34,7 +34,6 @@
 For more information on how to use KMS Discovery keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -50,11 +49,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py
@@ -36,7 +36,6 @@
 For more information on how to use KMS Discovery keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html#kms-keyring-discovery
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -52,11 +51,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_mrk_keyring_example.py b/examples/src/aws_kms_mrk_keyring_example.py
@@ -21,7 +21,6 @@
 For more info on KMS MRK (multi-region keys), see the KMS documentation:
 https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -33,11 +32,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py
@@ -27,7 +27,6 @@
 For more info on KMS MRK (multi-region keys), see the KMS documentation:
 https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -39,11 +38,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_multi_keyring_example.py b/examples/src/aws_kms_multi_keyring_example.py
@@ -36,7 +36,6 @@
 For more information on how to use Multi keyrings, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-multi-keyring.html
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -48,11 +47,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py
@@ -14,7 +14,6 @@
 # For more information on how to use KMS keyrings, see
 # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-kms-keyring.html
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -27,11 +26,6 @@
 from aws_encryption_sdk import CommitmentPolicy
 from aws_encryption_sdk.identifiers import AlgorithmSuite
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/file_streaming_example.py b/examples/src/file_streaming_example.py
@@ -25,7 +25,6 @@
 """
 import filecmp
 import secrets
-import sys
 
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
 from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
@@ -36,11 +35,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 
 def encrypt_and_decrypt_with_keyring(
     plaintext_filename: str,

diff --git a/examples/src/hierarchical_keyring_example.py b/examples/src/hierarchical_keyring_example.py
@@ -31,7 +31,6 @@
 This example also requires using a KMS Key. You need the following access on this key: -
 GenerateDataKeyWithoutPlaintext - Decrypt
 """
-import sys
 
 import boto3
 # Ignore missing MPL for pylint, but the MPL is required for this example
@@ -55,11 +54,6 @@
 
 from .branch_key_id_supplier_example import ExampleBranchKeyIdSupplier
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-module_root_dir = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(module_root_dir)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/legacy/module_.py b/examples/src/legacy/module_.py
diff --git a/examples/src/migration_set_commitment_policy_example.py b/examples/src/migration_set_commitment_policy_example.py
@@ -20,7 +20,6 @@
 For more information on setting your commitment policy, see
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#commitment-policy
 """
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -32,11 +31,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/module_.py b/examples/src/module_.py
diff --git a/examples/src/multi_keyring_example.py b/examples/src/multi_keyring_example.py
@@ -37,7 +37,6 @@
 https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/use-multi-keyring.html
 """
 import secrets
-import sys
 
 import boto3
 from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
@@ -54,11 +53,6 @@
 import aws_encryption_sdk
 from aws_encryption_sdk import CommitmentPolicy
 
-# TODO-MPL: Remove this as part of removing PYTHONPATH hacks.
-MODULE_ROOT_DIR = '/'.join(__file__.split("/")[:-1])
-
-sys.path.append(MODULE_ROOT_DIR)
-
 EXAMPLE_DATA: bytes = b"Hello World"
 
 

diff --git a/examples/src/multithreading/__init__.py b/examples/src/multithreading/__init__.py
@@ -0,0 +1,63 @@
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+"""init file for multi-threading examples."""
+import time
+
+from aws_cryptographic_materialproviders.mpl.references import IKeyring
+from typing import Dict  # noqa pylint: disable=wrong-import-order
+
+import aws_encryption_sdk
+
+
+def encrypt_and_decrypt_with_keyring(
+    plaintext_data: bytes,
+    keyring: IKeyring,
+    client: aws_encryption_sdk.EncryptionSDKClient
+):
+    """Demonstrate how to encrypt and decrypt plaintext data using a keyring.
+
+    Usage: encrypt_and_decrypt_with_keyring(plaintext_data, keyring, client)
+    :param plaintext_data: plaintext data you want to encrypt
+    :type: bytes
+    :param keyring: Keyring to use for encryption.
+    :type keyring: IKeyring
+    :param client: The Encryption SDK client to use for encryption.
+    :type client: aws_encryption_sdk.EncryptionSDKClient
+    :return: encrypted and decrypted (cycled) plaintext data
+    :rtype: bytes
+    """
+    encryption_context: Dict[str, str] = {
+        "encryption": "context",
+        "is not": "secret",
+        "but adds": "useful metadata",
+        "that can help you": "be confident that",
+        "the data you are handling": "is what you think it is",
+    }
+
+    ciphertext_data, _ = client.encrypt(
+        source=plaintext_data,
+        keyring=keyring,
+        encryption_context=encryption_context
+    )
+
+    decrypted_plaintext_data, _ = client.decrypt(
+        source=ciphertext_data,
+        keyring=keyring
+    )
+
+    return decrypted_plaintext_data
+
+
+def run_encrypt_and_decrypt_with_keyring_for_duration_seconds(
+    plaintext_data: bytes,
+    keyring: IKeyring,
+    client: aws_encryption_sdk.EncryptionSDKClient,
+    duration: int = 2
+):
+    """Helper function to repeatedly run an encrypt and decrypt cycle for 'duration' seconds."""
+    time_end = time.time() + duration
+
+    while time.time() < time_end:
+        decrypted_plaintext_data = encrypt_and_decrypt_with_keyring(plaintext_data, keyring, client)
+        assert decrypted_plaintext_data == plaintext_data, \
+            "Decrypted plaintext should be identical to the original plaintext. Invalid decryption"
diff --git a/examples/src/multithreading/raw_aes_keyring.py b/examples/src/multithreading/raw_aes_keyring.py
@@ -0,0 +1,38 @@
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+"""This file contains methods to use for testing multi-threading for Raw AES keyring."""
+
+import secrets
+
+from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders
+from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig
+from aws_cryptographic_materialproviders.mpl.models import AesWrappingAlg, CreateRawAesKeyringInput
+from aws_cryptographic_materialproviders.mpl.references import IKeyring
+
+
+def create_keyring():
+    """Demonstrate how to create a Raw AES keyring.
+
+    Usage: create_keyring()
+    """
+    key_name_space = "Some managed raw keys"
+    key_name = "My 256-bit AES wrapping key"
+
+    static_key = secrets.token_bytes(32)
+
+    mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders(
+        config=MaterialProvidersConfig()
+    )
+
+    keyring_input: CreateRawAesKeyringInput = CreateRawAesKeyringInput(
+        key_namespace=key_name_space,
+        key_name=key_name,
+        wrapping_key=static_key,
+        wrapping_alg=AesWrappingAlg.ALG_AES256_GCM_IV12_TAG16
+    )
+
+    keyring: IKeyring = mat_prov.create_raw_aes_keyring(
+        input=keyring_input
+    )
+
+    return keyring