chore: update example wording (#387)

Clarify that key ARNs are required when trying to decrypt using a StrictKMSMasterKeyProvider
aws · Dec 10, 2021 · bca0289 · bca0289
1 parent dedb0b8
commit bca0289
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/examples/src/basic_encryption.py b/examples/src/basic_encryption.py
@@ -27,7 +27,8 @@ def cycle_string(key_arn, source_plaintext, botocore_session=None):
     # commitment policy, REQUIRE_ENCRYPT_REQUIRE_DECRYPT is used by default.
     client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT)
 
-    # Create a KMS master key provider
+    # Create a KMS master key provider. Note that because we are planning on decrypting using this same provider,
+    # we MUST provide the ARN of the KMS Key. If we provide a raw key id or a key alias, decryption will fail.
     kms_kwargs = dict(key_ids=[key_arn])
     if botocore_session is not None:
         kms_kwargs["botocore_session"] = botocore_session

diff --git a/test/unit/test_encryption_context.py b/test/unit/test_encryption_context.py
@@ -189,4 +189,4 @@ def test_deserialize_encryption_context_empty(self):
         test = aws_encryption_sdk.internal.formatting.encryption_context.deserialize_encryption_context(
             serialized_encryption_context=b""
         )
-        assert test == {}
+        assert not test