Make a new KeyManagementService in a new PlugIns library #1545
Conversation
…rary and obsolete the implementation that is in the main AppEncryption library
* main: Bump the minor-and-patch group across 1 directory with 19 updates Bump the minor-and-patch group across 1 directory with 24 updates Bump the minor-and-patch group across 1 directory with 10 updates Bump Microsoft.Extensions.Logging from 9.0.8 to 9.0.10 Bump Microsoft.Extensions.Configuration from 9.0.8 to 9.0.10 Bump the minor-and-patch group with 7 updates update go.work - bump go version to 1.24.0 Bump the minor-and-patch group across 2 directories with 8 updates Bump the minor-and-patch group across 2 directories with 5 updates
| ... | ||
| }; | ||
| "AsherahKmsOptions": { | ||
| "regionKeyArns": [ |
There was a problem hiding this comment.
Do we want to support something that uses your AWS Region more naturally or a primary region like before.
There was a problem hiding this comment.
Added a helper method on the AsherahKmsOptions that allows startup code to optimize the the options based on a given preferred region (example: use the running region).
| // pass keyManagementService to the SessionFactory builder | ||
| } | ||
| ``` | ||
|
|
There was a problem hiding this comment.
Section for migrating to plugins or a doc or something else?
There was a problem hiding this comment.
Added a migration doc linked from the csharp readme
| using var key = crypto.GenerateKey(keyCreationTime); | ||
|
|
||
| // Act | ||
| var result = await _keyManagementServiceEast.EncryptKeyAsync(key); |
There was a problem hiding this comment.
why is this the same as the other one?
There was a problem hiding this comment.
removed the duplicate test
| public async Task DecryptKeyAsync_ShouldFail_BetweenRegions_WhenNoRegionsMatch() | ||
| { | ||
| // Arrange | ||
| using var crypto = new BouncyAes256GcmCrypto(); |
There was a problem hiding this comment.
should we setup the options in each test
There was a problem hiding this comment.
Created a testsetup builder, and moved setup code into each test.
| var result = await _keyManagementServiceSomeBroken.EncryptKeyAsync(key); | ||
|
|
||
| // Assert | ||
| ValidateEncryptedKey(result); |
There was a problem hiding this comment.
We should also see the error logged here for the failed ERROR kms and check what region was encrypted.
…imal analysis mode for test projects
…ion to integration tests
2 participants
The future of the Asherah libaries includes an initiative to move specific implementations of the interfaces in AppEncryption into separate "PlugIn" libraries. This will allow us to provide more flexibility and better separations of various Asherah components.
For example:
Aws PlugIns will contain implementations that are using AWS SDK, While implementations using ADO may have their own PlugIns library.
We could have future plugin libraries that handle optimized implementations for specific framework versions (in case supporting netstandard2.0 and newer dotnet versions requires this).
This change introduces the following new items:
The new implementation in the PlugIns library allows for better integration with standard dotnet startup patterns like using configuration and IServicesCollection.
To help us get this pull request reviewed and merged quickly, please be sure to include the following items:
PR Type
What kind of change does this PR introduce?
Backward Compatibility
Is this change backward compatible with the most recently released version? Does it introduce changes which might change the user experience in any way? Does it alter the API in any way?
Issue Linking