diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d076d298..4b1e5cac 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -82,7 +82,7 @@ CachingMostRecentProvider replaces MostRecentProvider and provides a cache entry TTL to reauthorize the key with the key provider. MostRecentProvider is now deprecated, and is removed in 2.0.0. See -https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/most-recent-provider.html +https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/most-recent-provider.html#mrp-versions for more details. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7323620c..b6353e00 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,6 +7,10 @@ Please read through this document before submitting any issues or pull requests information to effectively respond to your bug report or contribution. +## Security issue notifications +If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. + + ## Reporting Bugs/Feature Requests We welcome you to use the GitHub issue tracker to report bugs or suggest features. @@ -50,10 +54,6 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of opensource-codeofconduct@amazon.com with any additional questions or comments. -## Security issue notifications -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue. - - ## Licensing See the [LICENSE](https://github.com/aws/aws-dynamodb-encryption-python/blob/master/LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution. diff --git a/README.rst b/README.rst index 14d4e151..d2e3647a 100644 --- a/README.rst +++ b/README.rst @@ -177,10 +177,10 @@ of the one that the client would normally construct for you. ... ) # this uses my_special_crypto_config -.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ +.. _Amazon DynamoDB Encryption Client: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html .. _Amazon DynamoDB: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Introduction.html -.. _primary documents: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ -.. _Concepts Guide: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/concepts.html +.. _primary documents: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/legacy-dynamodb-encryption-client.html +.. _Concepts Guide: https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/DDBEC-legacy-concepts.html .. _Amazon DynamoDB Encryption Client for Java: https://github.com/aws/aws-dynamodb-encryption-java/ .. _Amazon DynamoDB Encryption Client for Python: https://github.com/aws/aws-dynamodb-encryption-python/ .. _DynamoDB Stream: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.html @@ -195,5 +195,5 @@ of the one that the client would normally construct for you. .. _CryptoConfig: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/config.html .. _decrypt_dynamodb_item: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/encrypted/item.html#dynamodb_encryption_sdk.encrypted.item.decrypt_dynamodb_item .. _transformation functions: https://aws-dynamodb-encryption-python.readthedocs.io/en/latest/lib/tools/transform.html -.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md#user-content-security-issue-notifications +.. _Security issue notifications: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/CONTRIBUTING.md .. _Support Policy: https://github.com/aws/aws-dynamodb-encryption-python/blob/master/SUPPORT_POLICY.rst diff --git a/doc/_static/.gitignore b/doc/_static/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/examples/README.rst b/examples/README.rst index f636a8a0..ea206ff0 100644 --- a/examples/README.rst +++ b/examples/README.rst @@ -34,7 +34,7 @@ with this library. * `How to use raw symmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_symmetric_encrypted_table.py>`_ * `How to use raw asymmetric wrapping keys <./src/dynamodb_encryption_sdk_examples/wrapped_rsa_encrypted_table.py>`_ -For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. +For more details on the different type of material providers, see `How to choose a cryptographic materials provider `_. Running the examples ==================== diff --git a/src/dynamodb_encryption_sdk/internal/utils.py b/src/dynamodb_encryption_sdk/internal/utils.py index 988576b2..27fe6b0a 100644 --- a/src/dynamodb_encryption_sdk/internal/utils.py +++ b/src/dynamodb_encryption_sdk/internal/utils.py @@ -198,7 +198,7 @@ def decrypt_multi_get(decrypt_method, crypto_config_method, read_method, **kwarg :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -220,7 +220,7 @@ def decrypt_get_item(decrypt_method, crypto_config_method, read_method, **kwargs :param callable decrypt_method: Method to use to decrypt item :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -244,7 +244,7 @@ def decrypt_batch_get_item(decrypt_method, crypto_config_method, read_method, ** :param callable decrypt_method: Method to use to decrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable read_method: Method that reads from the table - :param **kwargs: Keyword arguments to pass to ``read_method`` + :param ``**kwargs``: Keyword arguments to pass to ``read_method`` :return: DynamoDB response :rtype: dict """ @@ -276,7 +276,7 @@ def encrypt_put_item(encrypt_method, crypto_config_method, write_method, **kwarg :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts ``kwargs`` and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ @@ -297,7 +297,7 @@ def encrypt_batch_write_item(encrypt_method, crypto_config_method, write_method, :param callable encrypt_method: Method to use to encrypt items :param callable crypto_config_method: Method that accepts a table name string and provides a :class:`CryptoConfig` :param callable write_method: Method that writes to the table - :param **kwargs: Keyword arguments to pass to ``write_method`` + :param ``**kwargs``: Keyword arguments to pass to ``write_method`` :return: DynamoDB response :rtype: dict """ diff --git a/src/dynamodb_encryption_sdk/structures.py b/src/dynamodb_encryption_sdk/structures.py index 61b329c6..522f1d14 100644 --- a/src/dynamodb_encryption_sdk/structures.py +++ b/src/dynamodb_encryption_sdk/structures.py @@ -176,7 +176,7 @@ def set_index_keys(self, *keys): SIGN_ONLY -> SIGN_ONLY ENCRYPT_AND_SIGN -> SIGN_ONLY - :param str *keys: Attribute names to treat as indexed + :param str ``*keys``: Attribute names to treat as indexed :raises InvalidArgumentError: if a custom action was previously set for any specified attributes """ diff --git a/test/upstream-requirements-py311.txt b/test/upstream-requirements-py311.txt index ea5b80fc..cc6f61eb 100644 --- a/test/upstream-requirements-py311.txt +++ b/test/upstream-requirements-py311.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 execnet==1.9.0 hypothesis==6.31.6 idna==3.4 diff --git a/test/upstream-requirements-py37.txt b/test/upstream-requirements-py37.txt index 0611506e..0ce21caf 100644 --- a/test/upstream-requirements-py37.txt +++ b/test/upstream-requirements-py37.txt @@ -5,7 +5,7 @@ certifi==2022.12.7 cffi==1.15.1 charset-normalizer==3.0.1 coverage==7.1.0 -cryptography==39.0.1 +cryptography==41.0.3 exceptiongroup==1.1.0 execnet==1.9.0 hypothesis==6.31.6 diff --git a/tox.ini b/tox.ini index 3e18b528..14dbc1e2 100644 --- a/tox.ini +++ b/tox.ini @@ -45,18 +45,20 @@ commands = pytest -n auto --basetemp={envtmpdir} -l {posargs} [testenv] passenv = # Identifies AWS KMS key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID # Identifies AWS KMS MRK key ids to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID \ - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 # DynamoDB Table to use in integration tests - DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME \ + DDB_ENCRYPTION_CLIENT_TEST_TABLE_NAME # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) - AWS_PROFILE \ + AWS_PROFILE # Pass through the default AWS region (used for integration tests) AWS_DEFAULT_REGION sitepackages = False