Revert "docs: add example to replicate AWS KMS MKP behavior with AWS KMS keyring (#255)"

This reverts commit 027b127.

Author: mattsb42-aws

examples/README.md

@@ -44,12 +44,6 @@ We start with AWS KMS examples, then show how to use other wrapping keys.
         * [with keyrings](./src/keyring/aws_kms/discovery_decrypt_in_region_only.py)
     * How to decrypt with a preferred region but failover to others
         * [with keyrings](./src/keyring/aws_kms/discovery_decrypt_with_preferred_regions.py)
-    * How to reproduce the behavior of an AWS KMS master key provider
-        * [with keyrings](./src/keyring/aws_kms/act_like_aws_kms_master_key_provider.py)
-    * How to use AWS KMS clients with custom configuration
-        * [with keyrings](./src/keyring/aws_kms/custom_kms_client_config.py)
-    * How to use different AWS KMS client for different regions
-        * [with keyrings](./src/keyring/aws_kms/custom_client_supplier.py)
 * Using raw wrapping keys
     * How to use a raw AES wrapping key
         * [with keyrings](./src/keyring/raw_aes/raw_aes.py)

examples/src/keyring/aws_kms/act_like_aws_kms_master_key_provider.py

@@ -6,13 +6,8 @@
 However, sometimes you need more flexibility on decrypt,
 especially when you don't know which CMKs were used to encrypt a message.
 To address this need, you can use an AWS KMS discovery keyring.
-The AWS KMS discovery keyring does nothing on encrypt.
-On decrypt it reviews each encrypted data key (EDK).
-If an EDK was encrypted under an AWS KMS CMK,
-the AWS KMS discovery keyring attempts to decrypt it.
-Whether decryption succeeds depends on permissions on the CMK.
-This continues until the AWS KMS discovery keyring either runs out of EDKs
-or succeeds in decrypting an EDK.
+The AWS KMS discovery keyring does nothing on encrypt,
+but attempts to decrypt *any* data keys that were encrypted under an AWS KMS CMK.
 
 This example shows how to configure and use an AWS KMS discovery keyring.
 

examples/src/keyring/aws_kms/discovery_decrypt.py

@@ -6,13 +6,8 @@
 However, sometimes you need more flexibility on decrypt,
 especially when you don't know which CMKs were used to encrypt a message.
 To address this need, you can use an AWS KMS discovery keyring.
-The AWS KMS discovery keyring does nothing on encrypt.
-On decrypt it reviews each encrypted data key (EDK).
-If an EDK was encrypted under an AWS KMS CMK,
-the AWS KMS discovery keyring attempts to decrypt it.
-Whether decryption succeeds depends on permissions on the CMK.
-This continues until the AWS KMS discovery keyring either runs out of EDKs
-or succeeds in decrypting an EDK.
+The AWS KMS discovery keyring does nothing on encrypt,
+but attempts to decrypt *any* data keys that were encrypted under an AWS KMS CMK.
 
 However, sometimes you need to be a *bit* more restrictive than that.
 To address this need, you can use a client supplier that restricts the regions an AWS KMS keyring can talk to.

examples/src/keyring/aws_kms/discovery_decrypt_in_region_only.py

@@ -6,13 +6,8 @@
 However, sometimes you need more flexibility on decrypt,
 especially when you don't know which CMKs were used to encrypt a message.
 To address this need, you can use an AWS KMS discovery keyring.
-The AWS KMS discovery keyring does nothing on encrypt.
-On decrypt it reviews each encrypted data key (EDK).
-If an EDK was encrypted under an AWS KMS CMK,
-the AWS KMS discovery keyring attempts to decrypt it.
-Whether decryption succeeds depends on permissions on the CMK.
-This continues until the AWS KMS discovery keyring either runs out of EDKs
-or succeeds in decrypting an EDK.
+The AWS KMS discovery keyring does nothing on encrypt,
+but attempts to decrypt *any* data keys that were encrypted under an AWS KMS CMK.
 
 However, sometimes you need to be a *bit* more restrictive than that.
 To address this need, you can use a client supplier to restrict what regions an AWS KMS keyring can talk to.