chore: fix merge conflict, remove itsdangerous leftovers (#2)

* fix(parameters): make cache aware of single vs multiple calls

Signed-off-by: heitorlessa <[email protected]>

* chore: cleanup, add test for single and nested

Signed-off-by: heitorlessa <[email protected]>

* chore(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.9 (aws-powertools#2943)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump the boto-typing group with 1 update (aws-powertools#2944)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Leandro Damascena <[email protected]>

* chore(ci): changelog rebuild (aws-powertools#2945)

Co-authored-by: Powertools for AWS Lambda (Python) bot <[email protected]>

* chore(deps-dev): bump aws-cdk from 2.90.0 to 2.91.0 (aws-powertools#2947)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump gitpython from 3.1.31 to 3.1.32 in /docs (aws-powertools#2948)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump pypa/gh-action-pypi-publish from 1.8.9 to 1.8.10 (aws-powertools#2946)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Leandro Damascena <[email protected]>

* chore(ci): changelog rebuild (aws-powertools#2952)

Co-authored-by: Powertools for AWS Lambda (Python) bot <[email protected]>

* feat(event_handler): allow stripping route prefixes using regexes (aws-powertools#2521)

Co-authored-by: Roy Assis <[email protected]>
Co-authored-by: Ruben Fonseca <[email protected]>

* feat(metrics): add Datadog observability provider (aws-powertools#2906)

Co-authored-by: Leandro Damascena <[email protected]>
Co-authored-by: heitorlessa <[email protected]>

* chore(deps-dev): bump xenon from 0.9.0 to 0.9.1 (aws-powertools#2955)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump actions/setup-node from 3.7.0 to 3.8.0 (aws-powertools#2957)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump cfn-lint from 0.79.6 to 0.79.7 (aws-powertools#2956)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Leandro Damascena <[email protected]>

* chore(ci): changelog rebuild (aws-powertools#2958)

Co-authored-by: Powertools for AWS Lambda (Python) bot <[email protected]>

* docs(metrics): update Datadog integration diagram (aws-powertools#2954)

Co-authored-by: Leandro Damascena <[email protected]>

* docs(roadmap): add GovCloud and China region item (aws-powertools#2960)

* fix(parameters): make cache aware of single vs multiple calls

Signed-off-by: heitorlessa <[email protected]>

* chore: cleanup, add test for single and nested

Signed-off-by: heitorlessa <[email protected]>

* chore(test): remove itsdangerous from perf test

Signed-off-by: heitorlessa <[email protected]>

* chore(deps): remove itsdangerous dependencies

* chore: disable sockets in encryption sdk tests

Signed-off-by: heitorlessa <[email protected]>

* refactor(tests): use a test double

* chore: address make pr errors

Signed-off-by: heitorlessa <[email protected]>

---------

Signed-off-by: heitorlessa <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Leandro Damascena <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Powertools for AWS Lambda (Python) bot <[email protected]>
Co-authored-by: roy <[email protected]>
Co-authored-by: Roy Assis <[email protected]>
Co-authored-by: Ruben Fonseca <[email protected]>
Co-authored-by: Roger Zhang <[email protected]>
Co-authored-by: aal80 <[email protected]>
Co-authored-by: Seshu Brahma <[email protected]>

aws_lambda_powertools/utilities/data_masking/base.py

@@ -98,9 +98,12 @@ def _apply_action_to_fields(self, data: Union[dict, str], fields, action, **prov
             )
 
         for field in fields:
+            # prevent overriding loop variable
+            current_field = field
             if not isinstance(field, str):
-                field = json.dumps(field)
-            keys = field.split(".")
+                current_field = json.dumps(field)
+
+            keys = current_field.split(".")
 
             curr_dict = my_dict_parsed
             for key in keys[:-1]:

pyproject.toml

@@ -4,21 +4,31 @@ version = "2.23.1"
 description = "Powertools for AWS Lambda (Python) is a developer toolkit to implement Serverless best practices and increase developer velocity."
 authors = ["Amazon Web Services"]
 include = ["aws_lambda_powertools/py.typed", "THIRD-PARTY-LICENSES"]
-classifiers=[
-    "Development Status :: 5 - Production/Stable",
-    "Intended Audience :: Developers",
-    "License :: OSI Approved :: MIT No Attribution License (MIT-0)",
-    "Natural Language :: English",
-    "Programming Language :: Python :: 3.7",
-    "Programming Language :: Python :: 3.8",
-    "Programming Language :: Python :: 3.9",
-    "Programming Language :: Python :: 3.10",
-    "Programming Language :: Python :: 3.11",
+classifiers = [
+  "Development Status :: 5 - Production/Stable",
+  "Intended Audience :: Developers",
+  "License :: OSI Approved :: MIT No Attribution License (MIT-0)",
+  "Natural Language :: English",
+  "Programming Language :: Python :: 3.7",
+  "Programming Language :: Python :: 3.8",
+  "Programming Language :: Python :: 3.9",
+  "Programming Language :: Python :: 3.10",
+  "Programming Language :: Python :: 3.11",
 ]
 repository = "https://github.com/aws-powertools/powertools-lambda-python"
 documentation = "https://docs.powertools.aws.dev/lambda/python/"
 readme = "README.md"
-keywords = ["aws_lambda_powertools", "aws", "tracing", "logging", "lambda", "powertools", "feature_flags", "idempotency", "middleware"]
+keywords = [
+  "aws_lambda_powertools",
+  "aws",
+  "tracing",
+  "logging",
+  "lambda",
+  "powertools",
+  "feature_flags",
+  "idempotency",
+  "middleware",
+]
 # MIT-0 is not recognized as an existing license from poetry.
 # By using `MIT` as a license value, a `License :: OSI Approved :: MIT License` classifier is added to the classifiers list.
 license = "MIT"
@@ -38,7 +48,7 @@ datadog-lambda = { version = "^4.77.0", optional = true }
 aws-encryption-sdk = { version = "^3.1.1", optional = true }
 
 [tool.poetry.dev-dependencies]
-coverage = {extras = ["toml"], version = "^7.2"}
+coverage = { extras = ["toml"], version = "^7.2" }
 pytest = "^7.4.1"
 black = "^23.3"
 boto3 = "^1.18"
@@ -75,7 +85,7 @@ filelock = "^3.12.2"
 checksumdir = "^1.2.0"
 mypy-boto3-appconfigdata = "^1.28.36"
 ijson = "^3.2.2"
-typed-ast = { version = "^1.5.5", python = "< 3.8"}
+typed-ast = { version = "^1.5.5", python = "< 3.8" }
 hvac = "^1.1.1"
 aws-requests-auth = "^0.4.3"
 datadog-lambda = "^4.77.0"
@@ -89,7 +99,7 @@ tracer = ["aws-xray-sdk"]
 all = ["pydantic", "aws-xray-sdk", "fastjsonschema", "aws-encryption-sdk"]
 # allow customers to run code locally without emulators (SAM CLI, etc.)
 aws-sdk = ["boto3"]
-datadog=["datadog-lambda"]
+datadog = ["datadog-lambda"]
 
 [tool.poetry.group.dev.dependencies]
 cfn-lint = "0.79.9"
@@ -99,10 +109,16 @@ httpx = ">=0.23.3,<0.25.0"
 sentry-sdk = "^1.22.2"
 ruff = ">=0.0.272,<0.0.288"
 retry2 = "^0.9.5"
+pytest-socket = "^0.6.0"
 
 [tool.coverage.run]
 source = ["aws_lambda_powertools"]
-omit = ["tests/*", "aws_lambda_powertools/exceptions/*", "aws_lambda_powertools/utilities/parser/types.py", "aws_lambda_powertools/utilities/jmespath_utils/envelopes.py"]
+omit = [
+  "tests/*",
+  "aws_lambda_powertools/exceptions/*",
+  "aws_lambda_powertools/utilities/parser/types.py",
+  "aws_lambda_powertools/utilities/jmespath_utils/envelopes.py",
+]
 branch = true
 
 [tool.coverage.html]
@@ -112,26 +128,26 @@ title = "Powertools for AWS Lambda (Python) Test Coverage"
 [tool.coverage.report]
 fail_under = 90
 exclude_lines = [
-    # Have to re-enable the standard pragma
-    "pragma: no cover",
+  # Have to re-enable the standard pragma
+  "pragma: no cover",
 
-    # Don't complain about missing debug-only code:
-    "def __repr__",
-    "if self.debug",
+  # Don't complain about missing debug-only code:
+  "def __repr__",
+  "if self.debug",
 
-    # Don't complain if tests don't hit defensive assertion code:
-    "raise AssertionError",
-    "raise NotImplementedError",
+  # Don't complain if tests don't hit defensive assertion code:
+  "raise AssertionError",
+  "raise NotImplementedError",
 
-    # Don't complain if non-runnable code isn't run:
-    "if 0:",
-    "if __name__ == .__main__.:",
+  # Don't complain if non-runnable code isn't run:
+  "if 0:",
+  "if __name__ == .__main__.:",
 
-    # Ignore runtime type checking
-    "if TYPE_CHECKING:",
+  # Ignore runtime type checking
+  "if TYPE_CHECKING:",
 
-    # Ignore type function overload
-    "@overload",
+  # Ignore type function overload
+  "@overload",
 ]
 
 [tool.isort]
@@ -164,16 +180,16 @@ minversion = "6.0"
 addopts = "-ra -vv"
 testpaths = "./tests"
 markers = [
-    "perf: marks perf tests to be deselected (deselect with '-m \"not perf\"')",
+  "perf: marks perf tests to be deselected (deselect with '-m \"not perf\"')",
 ]
 
 # MAINTENANCE: Remove these lines when drop support to Pydantic v1
-filterwarnings=[
+filterwarnings = [
   "ignore:.*The `parse_obj` method is deprecated*:DeprecationWarning",
   "ignore:.*The `parse_raw` method is deprecated*:DeprecationWarning",
   "ignore:.*load_str_bytes is deprecated*:DeprecationWarning",
   "ignore:.*The `dict` method is deprecated; use `model_dump` instead*:DeprecationWarning",
-  "ignore:.*Pydantic V1 style `@validator` validators are deprecated*:DeprecationWarning"
+  "ignore:.*Pydantic V1 style `@validator` validators are deprecated*:DeprecationWarning",
 ]
 
 [build-system]

tests/functional/data_masking/conftest.py

@@ -0,0 +1,23 @@
+from __future__ import annotations
+
+from typing import Tuple
+
+from pytest_socket import disable_socket
+
+
+def pytest_runtest_setup():
+    """Disable Unix and TCP sockets for Data masking tests"""
+    disable_socket()
+
+
+class FakeEncryptionClient:
+    ENCRYPTION_HEADER = "test"
+
+    def encrypt(self, source: bytes | str, **kwargs) -> Tuple[bytes, str]:
+        if isinstance(source, str):
+            return source.encode(), self.ENCRYPTION_HEADER
+
+        return source, self.ENCRYPTION_HEADER
+
+    def decrypt(self, source: bytes, **kwargs) -> Tuple[bytes, str]:
+        return source, "dummy_decryption_header"

tests/functional/data_masking/test_aws_encryption_sdk.py

@@ -1,15 +1,32 @@
+from __future__ import annotations
+
 import pytest
 
 from aws_lambda_powertools.utilities.data_masking.base import DataMasking
-from aws_lambda_powertools.utilities.data_masking.providers.aws_encryption_sdk import AwsEncryptionSdkProvider
-from tests.unit.data_masking.setup import *
-
-AWS_SDK_KEY = "arn:aws:kms:us-west-2:683517028648:key/269301eb-81eb-4067-ac72-98e8e49bf2b3"
+from aws_lambda_powertools.utilities.data_masking.providers.aws_encryption_sdk import (
+    AwsEncryptionSdkProvider,
+)
+from tests.functional.data_masking.conftest import FakeEncryptionClient
+from tests.unit.data_masking.setup import (
+    aws_encrypted_with_fields,
+    data_types,
+    data_types_and_masks,
+    dict_fields,
+    dictionaries,
+    fields_to_mask,
+    json_blob,
+    json_dict,
+    masked_with_fields,
+    python_dict,
+)
 
 
 @pytest.fixture
-def data_masker():
-    return DataMasking(provider=AwsEncryptionSdkProvider(keys=[AWS_SDK_KEY]))
+def data_masker() -> DataMasking:
+    """DataMasking using AWS Encryption SDK Provider with a fake client"""
+    fake_client = FakeEncryptionClient()
+    provider = AwsEncryptionSdkProvider(keys=["dummy"], client=fake_client)
+    return DataMasking(provider=provider)
 
 
 @pytest.mark.parametrize("value, value_masked", data_types_and_masks)
@@ -36,7 +53,7 @@ def test_mask_with_fields(data_masker):
 
 
 @pytest.mark.parametrize("value", data_types)
-def test_encrypt_decrypt(value, data_masker):
+def test_encrypt_decrypt(value, data_masker: DataMasking):
     # GIVEN an instantiation of DataMasking with the AWS encryption provider
 
     # WHEN encrypting and then decrypting the encrypted data
@@ -62,7 +79,4 @@ def test_encrypt_decrypt_with_fields(value, fields, data_masker):
         print("json blob!!!!")
         assert decrypted_data == value
     else:
-        print("json_blob_fields!!!!")
-        assert decrypted_data == str(value)
-        print("decrypted_data:", decrypted_data)
-        print("aws_encrypted_with_fields:", aws_encrypted_with_fields)
+        assert decrypted_data == aws_encrypted_with_fields

tests/performance/test_data_masking.py

@@ -4,9 +4,6 @@
 import pytest
 
 from aws_lambda_powertools.utilities.data_masking.base import DataMasking
-from aws_lambda_powertools.utilities.data_masking.providers.itsdangerous import (
-    ItsDangerousProvider,
-)
 
 DATA_MASKING_PACKAGE = "aws_lambda_powertools.utilities.data_masking"
 DATA_MASKING_INIT_SLA: float = 0.002
@@ -58,16 +55,15 @@ def test_data_masking_init(benchmark):
         pytest.fail(f"High level imports should be below {DATA_MASKING_INIT_SLA}s: {stat}")
 
 
-def encrypt_json_blob():
-    data_masker = DataMasking(provider=ItsDangerousProvider("mykey"))
-    encrypted = data_masker.encrypt(json_blob, json_blob_fields)
-    data_masker.decrypt(encrypted, json_blob_fields)
+def mask_json_blob():
+    data_masker = DataMasking()
+    data_masker.mask(json_blob, json_blob_fields)
 
 
 @pytest.mark.perf
 @pytest.mark.benchmark(group="core", disable_gc=True, warmup=False)
 def test_data_masking_encrypt_with_json_blob(benchmark):
-    benchmark.pedantic(encrypt_json_blob)
+    benchmark.pedantic(mask_json_blob)
     stat = benchmark.stats.stats.max
     if stat > DATA_MASKING_NESTED_ENCRYPT_SLA:
         pytest.fail(f"High level imports should be below {DATA_MASKING_NESTED_ENCRYPT_SLA}s: {stat}")