feat(test_vector_handlers): TestVectors test with MPL constructs (#650)

Author: lucasmcdonald3

buildspec.yml

@@ -2,7 +2,9 @@ version: 0.2
 
 batch:
   fast-fail: false
-  build-list:
+  build-graph:
+
+    # 3.7
     - identifier: py37_integ
       buildspec: codebuild/py37/integ.yml
       env:
@@ -11,11 +13,36 @@ batch:
       buildspec: codebuild/py37/examples.yml
       env:
         image: aws/codebuild/standard:5.0
-    - identifier: py37_awses_local
-      buildspec: codebuild/py37/awses_local.yml
+    - identifier: py37_decrypt_dafny_esdk_vectors
+      buildspec: codebuild/py37/decrypt_dafny_esdk_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py37_decrypt_net_401_vectors
+      buildspec: codebuild/py37/decrypt_net_401_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py37_encrypt_masterkey
+      buildspec: codebuild/py37/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py37_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py37/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py37_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py37_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py37/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py37_decrypt_masterkey_with_js
+      depend-on: 
+       - py37_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py37/decrypt_masterkey_with_js.yml
       env:
         image: aws/codebuild/standard:5.0
 
+    # 3.8
     - identifier: py38_integ
       buildspec: codebuild/py38/integ.yml
       env:
@@ -24,11 +51,36 @@ batch:
       buildspec: codebuild/py38/examples.yml
       env:
         image: aws/codebuild/standard:5.0
-    - identifier: py38_awses_local
-      buildspec: codebuild/py38/awses_local.yml
+    - identifier: py38_decrypt_dafny_esdk_vectors
+      buildspec: codebuild/py38/decrypt_dafny_esdk_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py38_decrypt_net_401_vectors
+      buildspec: codebuild/py38/decrypt_net_401_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py38_encrypt_masterkey
+      buildspec: codebuild/py38/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py38_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py38/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py38_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py38_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py38/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py38_decrypt_masterkey_with_js
+      depend-on: 
+       - py38_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py38/decrypt_masterkey_with_js.yml
       env:
         image: aws/codebuild/standard:5.0
 
+    # 3.9
     - identifier: py39_integ
       buildspec: codebuild/py39/integ.yml
       env:
@@ -37,10 +89,36 @@ batch:
       buildspec: codebuild/py39/examples.yml
       env:
         image: aws/codebuild/standard:5.0
-    - identifier: py39_awses_latest
+    - identifier: py39_decrypt_dafny_esdk_vectors
+      buildspec: codebuild/py39/decrypt_dafny_esdk_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py39_decrypt_net_401_vectors
+      buildspec: codebuild/py39/decrypt_net_401_vectors.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py39_encrypt_masterkey
+      buildspec: codebuild/py39/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py39_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py39/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py39_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py39_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py39/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:5.0
+    - identifier: py39_decrypt_masterkey_with_js
+      depend-on: 
+       - py39_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py39/decrypt_masterkey_with_js.yml
       env:
         image: aws/codebuild/standard:5.0
 
+    # 3.10
     - identifier: py310_integ
       buildspec: codebuild/py310/integ.yml
       env:
@@ -49,8 +127,32 @@ batch:
       buildspec: codebuild/py310/examples.yml
       env:
         image: aws/codebuild/standard:6.0
-    - identifier: py310_awses_latest
-      buildspec: codebuild/py310/awses_local.yml
+    - identifier: py310_decrypt_dafny_esdk_vectors
+      buildspec: codebuild/py310/decrypt_dafny_esdk_vectors.yml
+      env:
+        image: aws/codebuild/standard:6.0
+    - identifier: py310_decrypt_net_401_vectors
+      buildspec: codebuild/py310/decrypt_net_401_vectors.yml
+      env:
+        image: aws/codebuild/standard:6.0
+    - identifier: py310_encrypt_masterkey
+      buildspec: codebuild/py310/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:6.0
+    - identifier: py310_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py310/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:6.0
+    - identifier: py310_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py310_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py310/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:6.0
+    - identifier: py310_decrypt_masterkey_with_js
+      depend-on: 
+       - py310_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py310/decrypt_masterkey_with_js.yml
       env:
         image: aws/codebuild/standard:6.0
 
@@ -70,14 +172,75 @@ batch:
       buildspec: codebuild/py311/examples_mpl.yml
       env:
         image: aws/codebuild/standard:7.0
-    - identifier: py311_awses_latest
-      buildspec: codebuild/py311/awses_local.yml
+    - identifier: py311_decrypt_dafny_esdk_vectors_masterkey
+      buildspec: codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_dafny_esdk_vectors_keyrings
+      buildspec: codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_net_401_vectors_masterkey
+      buildspec: codebuild/py311/decrypt_net_401_vectors_masterkey.yml
       env:
         image: aws/codebuild/standard:7.0
-    - identifier: py311_awses_latest_mpl
-      buildspec: codebuild/py311/awses_local_mpl.yml
+    - identifier: py311_decrypt_net_401_vectors_keyrings
+      buildspec: codebuild/py311/decrypt_net_401_vectors_keyrings.yml
       env:
         image: aws/codebuild/standard:7.0
+    - identifier: py311_encrypt_masterkey
+      buildspec: codebuild/py311/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_encrypt_keyrings
+      buildspec: codebuild/py311/encrypt_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py311/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py311_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py311/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_masterkey_with_keyrings
+      depend-on: 
+       - py311_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py311/decrypt_masterkey_with_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_masterkey_with_js
+      depend-on: 
+       - py311_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py311/decrypt_masterkey_with_js.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py311/generate_decrypt_vectors_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_keyrings_with_masterkey
+      depend-on: 
+       - py311_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py311/decrypt_keyrings_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_keyrings_with_keyrings
+      depend-on: 
+       - py311_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py311/decrypt_keyrings_with_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py311_decrypt_keyrings_with_js
+      depend-on: 
+       - py311_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py311/decrypt_keyrings_with_js.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    
 
     - identifier: py312_integ
       buildspec: codebuild/py312/integ.yml
@@ -95,15 +258,76 @@ batch:
       buildspec: codebuild/py312/examples_mpl.yml
       env:
         image: aws/codebuild/standard:7.0
-    - identifier: py312_awses_latest
-      buildspec: codebuild/py312/awses_local.yml
+    - identifier: py312_decrypt_dafny_esdk_vectors_masterkey
+      buildspec: codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml
       env:
         image: aws/codebuild/standard:7.0
-    - identifier: py312_awses_latest_mpl
-      buildspec: codebuild/py312/awses_local_mpl.yml
+    - identifier: py312_decrypt_dafny_esdk_vectors_keyrings
+      buildspec: codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml
       env:
         image: aws/codebuild/standard:7.0
-      
+    - identifier: py312_decrypt_net_401_vectors_masterkey
+      buildspec: codebuild/py312/decrypt_net_401_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_net_401_vectors_keyrings
+      buildspec: codebuild/py312/decrypt_net_401_vectors_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_encrypt_masterkey
+      buildspec: codebuild/py312/encrypt_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_encrypt_keyrings
+      buildspec: codebuild/py312/encrypt_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py312/generate_decrypt_vectors_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_masterkey_with_masterkey
+      depend-on: 
+       - py312_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py312/decrypt_masterkey_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_masterkey_with_keyrings
+      depend-on: 
+       - py312_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py312/decrypt_masterkey_with_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_masterkey_with_js
+      depend-on: 
+       - py312_generate_decrypt_vectors_masterkey
+      buildspec: codebuild/py312/decrypt_masterkey_with_js.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py312/generate_decrypt_vectors_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_keyrings_with_masterkey
+      depend-on: 
+       - py312_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py312/decrypt_keyrings_with_masterkey.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_keyrings_with_keyrings
+      depend-on: 
+       - py312_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py312/decrypt_keyrings_with_keyrings.yml
+      env:
+        image: aws/codebuild/standard:7.0
+    - identifier: py312_decrypt_keyrings_with_js
+      depend-on: 
+       - py312_generate_decrypt_vectors_keyrings
+      buildspec: codebuild/py312/decrypt_keyrings_with_js.yml
+      env:
+        image: aws/codebuild/standard:7.0
+
+    
     - identifier: code_coverage
       buildspec: codebuild/coverage/coverage.yml
     - identifier: code_coverage_mpl

codebuild/py310/decrypt_dafny_esdk_vectors.yml

@@ -0,0 +1,58 @@
+version: 0.2
+# Runs Only the ESDK-NET v4.0.1 Decryption Vectors, testing Required EC CMM
+
+env:
+  variables:
+    TOXENV: "py310-full_decrypt"
+    AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
+      arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
+    AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >-
+      arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2
+    AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >-
+      arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
+    AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >-
+      arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
+  git-credential-helper: yes
+  secrets-manager:
+    GITHUB_TOKEN: Github/lucasmcdonald3-fgpat:actions read
+
+phases:
+  install:
+    runtime-versions:
+      python: 3.10
+  pre_build:
+    commands:
+      # Fetch test vectors from Dafny ESDK's most recent run
+      # (Assuming the first result is most recent; seems to be correct...)
+      - |
+        MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \
+          -H "Authorization: token ${GITHUB_TOKEN}" \
+           -H "X-GitHub-Api-Version: 2022-11-28" \
+           "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \
+           | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)')
+      - |
+        echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID"
+      - |
+        MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \
+          | jq '.artifacts[0].archive_download_url')
+      - |
+        echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL"
+      - |
+        curl -L -H "Accept: application/vnd.github+json" \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip
+      # This unzips to `net41.zip`.
+      - unzip ubuntu-latest_test_vector_artifact
+      # This unzips to `net41/`.
+      - unzip net41.zip -d net41
+  build:
+    commands:
+      - pip install "tox < 4.0"
+      - cd test_vector_handlers
+      - |
+        tox -- \
+          --input ../net41/manifest.json