You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to report an issue regarding the regional client injection into the AwsKmsCryptographicMaterialsProvider.
Package version used: v1.1.1
Anything unusual about your environment or deployment: The environment is a local development environment, docker-compose is used with two services: a python:3.7.4-buster container for running the Python code, and a nsmithuk/local-kms container for a local KMS mock.
Bug reproduction steps:
Set up a local KMS mock container. You can use it either as a docker-compose service or as a standalone container. REGION is to be set to us-west-2.
Set up a key in the local mock container as per the usage notes using the following YAML:
Please feel free to replace http://kms-service:8080 with the appropriate URL based on your local environment.
After the above a call to the EncryptedTable helper should use the client which was created in step 3, but that's not the case, the AwsKmsCryptographicMaterialsProvider's _regional_clients attribute is empty, and it falls back to the base KMS client and tries to reach out to AWS.
I was able to mitigate the issue by deleting lines 218-220 from material_providers/aws_kms.py's __attrs_post_init__ function:
The text was updated successfully, but these errors were encountered:
Szasza
changed the title
Regional client injection not working
Regional client injection doesn't work
Sep 16, 2019
Szasza
changed the title
Regional client injection doesn't work
AwsKmsCryptographicMaterialsProvider - Regional client injection doesn't work
Sep 16, 2019
mattsb42-aws
changed the title
AwsKmsCryptographicMaterialsProvider - Regional client injection doesn't work
AwsKmsCryptographicMaterialsProvider - __attrs_post_init__ overrides custom regional clients
Sep 16, 2019
You are correct; it looks like those lines are overriding any values provided. I'll have to add some tests to verify, but I think that simply deleting that assignment is the correct fix here.
Hi Team,
I would like to report an issue regarding the regional client injection into the
AwsKmsCryptographicMaterialsProvider
.Package version used: v1.1.1
Anything unusual about your environment or deployment: The environment is a local development environment, docker-compose is used with two services: a
python:3.7.4-buster
container for running the Python code, and a nsmithuk/local-kms container for a local KMS mock.Bug reproduction steps:
Set up a local KMS mock container. You can use it either as a docker-compose service or as a standalone container. REGION is to be set to
us-west-2
.Set up a key in the local mock container as per the usage notes using the following YAML:
Please feel free to replace
http://kms-service:8080
with the appropriate URL based on your local environment.AwsKmsCryptographicMaterialsProvider
's_regional_clients
attribute is empty, and it falls back to the base KMS client and tries to reach out to AWS.I was able to mitigate the issue by deleting lines 218-220 from
material_providers/aws_kms.py
's__attrs_post_init__
function:but I am unsure if this is the correct solution.
Any help regarding the above is much appreciated.
The text was updated successfully, but these errors were encountered: