docs(bindings): add example for kms pkey offload #4980
+614
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
maddeleine
approved these changes
Dec 17, 2024
| /// s2n-tls requires that future have 'static bounds, so this function can not | ||
| /// operation on `&self`. Instead we clone all of the necessary elements and | ||
| /// capture them in the closure. | ||
| async fn async_pkey_offload( |
There was a problem hiding this comment.
Err I guess I have no suggestions here, but this is really weird. I see what you mean about the ConnectionFuture not really being idiomatic.
bindings/rust-examples/async-pkey-offload/tests/client_server.rs
Outdated
Show resolved
Hide resolved
lrstewart
reviewed
Jan 10, 2025
Comment on lines
+103
to
+107
| // > The public key that AWS KMS returns is a DER-encoded X.509 public key, | ||
| // > also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. | ||
| // > When you use the HTTP API or the AWS CLI, the value is Base64-encoded. | ||
| // > Otherwise, it is not Base64-encoded. | ||
| // https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html |
There was a problem hiding this comment.
Nit: I prefer the link first so that I know what I'm reading
There was a problem hiding this comment.
Hmm, I feel like that's a bit non-standard w.r.t block quotes, e.g. apa.
* refactor to list-keys method
* make error message parameterized
lrstewart
reviewed
Feb 28, 2025
Comment on lines
+150
to
+151
| //> If this is an OperationType::Sign operation, then this input has | ||
| //> already been hashed and is the resultant digest. |
There was a problem hiding this comment.
If this is a quote from somewhere, it needs attribution. If it's not a quote, idk what the ">" are about.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
This example demonstrate the pkey offload feature in combination with KMS APIs.
Call-outs:
I structured this example as a test, because it was the only way to keep my sanity while I was writing it. Furthermore, I think this is an excellent item to add to our CI.
While there might be a slight readability hit by structuring it as a "test", I actually think that keeping everything in the same process is a bit of a readability win. There isn't an CLI parsing, etc. So very happy to make the tradeoff.
Testing:
Verified that the test passes locally.
I also opened #4979 to track this.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.