diff --git a/NOTICE b/NOTICE index 616fc588..3d299504 100644 --- a/NOTICE +++ b/NOTICE @@ -1 +1,2 @@ +Amazon S3 Encryption Client for Python Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/README.md b/README.md index edcfd4ff..70866688 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,38 @@ -# Amazon S3 Encryption Client Python +# Amazon S3 Encryption Client for Python -This library provides an S3 client that supports client-side encryption. +This library provides an S3 client that supports client-side encryption. For more information and detailed instructions for how to use this library, refer to the [Amazon S3 Encryption Client Developer Guide](https://docs.aws.amazon.com/amazon-s3-encryption-client/latest/developerguide/python.html). + +## Getting Started + +Requires Python 3.10 or greater. An AWS account is required; standard S3 and KMS charges apply. + +The S3 Encryption Client wraps a standard boto3 S3 client and uses a KMS keyring to manage data key encryption. Objects are encrypted before upload and decrypted after download transparently. By default, the client uses AES-GCM with key commitment for content encryption. + +```python +import boto3 +from s3_encryption import S3EncryptionClient, S3EncryptionClientConfig +from s3_encryption.materials.kms_keyring import KmsKeyring + +kms_client = boto3.client("kms", region_name="us-west-2") +keyring = KmsKeyring(kms_client, "arn:aws:kms:us-west-2:123456789012:alias/my-key") + +s3_client = boto3.client("s3") +config = S3EncryptionClientConfig(keyring=keyring) +s3ec = S3EncryptionClient(s3_client, config) + +# Encrypt and upload +s3ec.put_object(Bucket="my-bucket", Key="my-object", Body=b"secret data") + +# Download and decrypt +response = s3ec.get_object(Bucket="my-bucket", Key="my-object") +plaintext = response["Body"].read() +``` ## Development ### Prerequisites -- Python 3.11 or higher +- Python 3.10 or higher - [uv](https://github.com/astral-sh/uv) for package and project management ### Setup @@ -19,7 +45,7 @@ make install ### Testing -Run all tests: +Run all tests (unit + integration + examples): ```bash make test @@ -39,47 +65,38 @@ make test-integration ### Code Quality -This project uses [Black](https://black.readthedocs.io/) for code formatting, [isort](https://pycqa.github.io/isort/) for import sorting, and [Flake8](https://flake8.pycqa.org/) for linting. +This project uses [Ruff](https://docs.astral.sh/ruff/) for linting and formatting. -Check code quality: +Check formatting: ```bash -make lint +make format-check ``` -Format code with Black and isort: +Run linter: ```bash -make format +make lint ``` -Clean up cache files: +Format code and auto-fix lint issues: ```bash -make clean +make format ``` -#### Linting Standards - -The project is configured with Black, isort, and Flake8 to enforce consistent code style and quality. Currently, Flake8 is set to report issues but not fail the build, allowing for gradual adoption of linting standards. +### Integration Test Resources -Common Flake8 issues in the codebase include: +Integration tests require AWS credentials and the following resources. The tests use environment variables to override CI defaults: -- **Missing docstrings** (D100-D104): Add docstrings to modules, classes, and functions -- **Docstring formatting** (D200, D212, D415): Follow Google docstring style -- **Line length** (E501): Keep lines under 100 characters -- **Unused imports** (F401): Remove unused imports -- **Unused variables** (F841): Remove or use assigned variables -- **Code complexity** (C901): Refactor complex functions - -When contributing to this project, please try to fix linting issues in the files you modify. - -### Pull Request Command -While this project is in development, -it is useful to use `gh pr` to create the pull-requests, -so they can be associated with the GitHub project. - -```sh -gh pr create -B staging -p "S3EC-Python" -f -``` +| Variable | Description | Default | +|----------|-------------|---------| +| `CI_S3_BUCKET` | S3 bucket for read/write tests | `s3ec-python-github-test-bucket` | +| `CI_AWS_REGION` | Primary AWS region | `us-west-2` | +| `CI_KMS_KEY_ALIAS` | KMS key ARN or alias for encryption | `arn:aws:kms:us-west-2:370957321024:alias/S3EC-Python-Github-KMS-Key` | +| `CI_MRK_KEY_ID_PRIMARY` | Multi-region key ARN (primary region) | `arn:aws:kms:us-west-2:370957321024:key/mrk-cea4cf67c6a046ba829f61f69db5c191` | +| `CI_MRK_KEY_ID_REPLICA` | Multi-region key ARN (replica region) | `arn:aws:kms:us-east-1:370957321024:key/mrk-cea4cf67c6a046ba829f61f69db5c191` | +| `CI_S3_STATIC_TEST_BUCKET` | Bucket with pre-existing test objects for instruction file tests | `s3ec-static-test-objects` | +| `CI_KMS_KEY_STATIC_TESTS` | KMS key used for static test objects | `arn:aws:kms:us-west-2:370957321024:key/a3889cd9-99eb-4138-a93a-aea9d52ec2ef` | +To run integration tests locally, configure AWS credentials with access to these resources (or your own equivalents) and set the environment variables accordingly. diff --git a/SUPPORT_POLICY.rst b/SUPPORT_POLICY.rst index 3eafd39b..5920fb8b 100644 --- a/SUPPORT_POLICY.rst +++ b/SUPPORT_POLICY.rst @@ -21,9 +21,9 @@ This table describes the current support status of each major version of the Ama - Current status - Next status - Next status date - * - 3.x - - Pre-Release + * - 4.x - Generally Available - + - .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle diff --git a/test/test_exceptions.py b/test/test_exceptions.py index 4fe46bcc..84fec0d0 100644 --- a/test/test_exceptions.py +++ b/test/test_exceptions.py @@ -1,3 +1,5 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 import pytest from botocore.exceptions import BotoCoreError