Skip to content

Commit

Permalink
Add encrypt_invoke_data arg to encryption middleware
Browse files Browse the repository at this point in the history
  • Loading branch information
amh4r committed Dec 10, 2024
1 parent 9a91065 commit 50b682b
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
9 changes: 8 additions & 1 deletion inngest/experimental/encryption_middleware.py
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ def __init__(
secret_key: typing.Union[bytes, str],
*,
decrypt_only: bool = False,
encrypt_invoke_data: bool = False,
event_encryption_field: str = _default_event_encryption_field,
fallback_decryption_keys: typing.Optional[
list[typing.Union[bytes, str]]
Expand All @@ -66,6 +67,7 @@ def __init__(
raw_request: Framework/platform specific request object.
secret_key: Secret key used for encryption and decryption.
decrypt_only: Only decrypt data (do not encrypt).
encrypt_invoke_data: Encrypt the data sent to invoked functions. Deprecated: Will be removed in a future release, where invoke data will always be encrypted (equivalent to encrypt_invoke_data=True).
event_encryption_field: Automatically encrypt and decrypt this field in event data.
fallback_decryption_keys: Fallback secret keys used for decryption.
"""
Expand All @@ -78,6 +80,7 @@ def __init__(
)

self._decrypt_only = decrypt_only
self._encrypt_invoke_data = encrypt_invoke_data
self._event_encryption_field = event_encryption_field

self._fallback_decryption_boxes = [
Expand All @@ -94,6 +97,7 @@ def factory(
secret_key: typing.Union[bytes, str],
*,
decrypt_only: bool = False,
encrypt_invoke_data: bool = False,
event_encryption_field: str = _default_event_encryption_field,
fallback_decryption_keys: typing.Optional[
list[typing.Union[bytes, str]]
Expand All @@ -107,6 +111,7 @@ def factory(
----
secret_key: Fernet secret key used for encryption and decryption.
decrypt_only: Only decrypt data (do not encrypt).
encrypt_invoke_data: Encrypt the data sent to invoked functions. Deprecated: Will be removed in a future release, where invoke data will always be encrypted (equivalent to encrypt_invoke_data=True).
event_encryption_field: Automatically encrypt and decrypt this field in event data.
fallback_decryption_keys: Fallback secret keys used for decryption.
"""
Expand All @@ -120,6 +125,7 @@ def _factory(
raw_request,
secret_key,
decrypt_only=decrypt_only,
encrypt_invoke_data=encrypt_invoke_data,
event_encryption_field=event_encryption_field,
fallback_decryption_keys=fallback_decryption_keys,
)
Expand Down Expand Up @@ -264,7 +270,8 @@ def transform_output(self, result: inngest.TransformOutputResult) -> None:

# Encrypt invoke data if present.
if (
result.step is not None
self._encrypt_invoke_data
and result.step is not None
and result.step.op is server_lib.Opcode.INVOKE
and result.step.opts is not None
):
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,14 @@ def create(
event_name = base.create_event_name(framework, test_name)
fn_id = base.create_fn_id(test_name)
state = _State()
mw = EncryptionMiddleware.factory(
_secret_key,
encrypt_invoke_data=True,
)

@client.create_function(
fn_id=f"{fn_id}/child",
middleware=[EncryptionMiddleware.factory(_secret_key)],
middleware=[mw],
retries=0,
trigger=inngest.TriggerEvent(event="never"),
)
Expand All @@ -61,7 +65,7 @@ def child_fn_sync(

@client.create_function(
fn_id=fn_id,
middleware=[EncryptionMiddleware.factory(_secret_key)],
middleware=[mw],
retries=0,
trigger=inngest.TriggerEvent(event=event_name),
)
Expand All @@ -81,7 +85,7 @@ def fn_sync(

@client.create_function(
fn_id=f"{fn_id}/child",
middleware=[EncryptionMiddleware.factory(_secret_key)],
middleware=[mw],
retries=0,
trigger=inngest.TriggerEvent(event="never"),
)
Expand All @@ -98,7 +102,7 @@ async def child_fn_async(

@client.create_function(
fn_id=fn_id,
middleware=[EncryptionMiddleware.factory(_secret_key)],
middleware=[mw],
retries=0,
trigger=inngest.TriggerEvent(event=event_name),
)
Expand Down

0 comments on commit 50b682b

Please sign in to comment.