@@ -81,7 +81,7 @@ module TestAwsKmsHierarchicalKeyring {
8181 return encryptionMaterialsIn;
8282 }
8383
84- method {:test} TestHierarchyClientESDKSuite ()
84+ method {:test} {:vcs_split_on_every_assert} TestHierarchyClientESDKSuite ()
8585 {
8686 var branchKeyId := BRANCH_KEY_ID;
8787 // TTL = 166.67 hours
@@ -96,10 +96,17 @@ module TestAwsKmsHierarchicalKeyring {
9696 id := None,
9797 kmsConfiguration := kmsConfig,
9898 logicalKeyStoreName := logicalKeyStoreName,
99- grantTokens := None,
100- ddbTableName := branchKeyStoreName,
101- ddbClient := Some(ddbClient),
102- kmsClient := Some (kmsClient)
99+ storage := Some(
100+ KeyStoreTypes.ddb(
101+ KeyStoreTypes.DynamoDBTable(
102+ ddbTableName := branchKeyStoreName,
103+ ddbClient := Some(ddbClient)
104+ ))),
105+ keyManagement := Some (
106+ KeyStoreTypes.kms(
107+ KeyStoreTypes.AwsKms(
108+ kmsClient := Some(kmsClient)
109+ )))
103110 );
104111
105112 var keyStore :- expect KeyStore. KeyStore (keyStoreConfig);
@@ -125,7 +132,7 @@ module TestAwsKmsHierarchicalKeyring {
125132 TestRoundtrip (hierarchyKeyring, materials, TEST_ESDK_ALG_SUITE_ID, branchKeyId);
126133 }
127134
128- method {:test} TestHierarchyClientDBESuite () {
135+ method {:test} {:vcs_split_on_every_assert} TestHierarchyClientDBESuite () {
129136 var branchKeyId := BRANCH_KEY_ID;
130137 // TTL = 166.67 hours
131138 var ttl : Types. PositiveLong := (1 * 60000) * 10;
@@ -139,10 +146,17 @@ module TestAwsKmsHierarchicalKeyring {
139146 id := None,
140147 kmsConfiguration := kmsConfig,
141148 logicalKeyStoreName := logicalKeyStoreName,
142- grantTokens := None,
143- ddbTableName := branchKeyStoreName,
144- ddbClient := Some(ddbClient),
145- kmsClient := Some (kmsClient)
149+ storage := Some(
150+ KeyStoreTypes.ddb(
151+ KeyStoreTypes.DynamoDBTable(
152+ ddbTableName := branchKeyStoreName,
153+ ddbClient := Some(ddbClient)
154+ ))),
155+ keyManagement := Some (
156+ KeyStoreTypes.kms(
157+ KeyStoreTypes.AwsKms(
158+ kmsClient := Some(kmsClient)
159+ )))
146160 );
147161
148162 var keyStore :- expect KeyStore. KeyStore (keyStoreConfig);
@@ -168,7 +182,7 @@ module TestAwsKmsHierarchicalKeyring {
168182 TestRoundtrip (hierarchyKeyring, materials, TEST_DBE_ALG_SUITE_ID, branchKeyId);
169183 }
170184
171- method {:test} TestBranchKeyIdSupplier ()
185+ method {:test} {:vcs_split_on_every_assert} TestBranchKeyIdSupplier ()
172186 {
173187 var branchKeyIdSupplier: Types. IBranchKeyIdSupplier := new DummyBranchKeyIdSupplier ();
174188 // TTL = 166.67 hours
@@ -183,10 +197,17 @@ module TestAwsKmsHierarchicalKeyring {
183197 id := None,
184198 kmsConfiguration := kmsConfig,
185199 logicalKeyStoreName := logicalKeyStoreName,
186- grantTokens := None,
187- ddbTableName := branchKeyStoreName,
188- ddbClient := Some(ddbClient),
189- kmsClient := Some (kmsClient)
200+ storage := Some(
201+ KeyStoreTypes.ddb(
202+ KeyStoreTypes.DynamoDBTable(
203+ ddbTableName := branchKeyStoreName,
204+ ddbClient := Some(ddbClient)
205+ ))),
206+ keyManagement := Some (
207+ KeyStoreTypes.kms(
208+ KeyStoreTypes.AwsKms(
209+ kmsClient := Some(kmsClient)
210+ )))
190211 );
191212
192213 var keyStore :- expect KeyStore. KeyStore (keyStoreConfig);
@@ -214,7 +235,7 @@ module TestAwsKmsHierarchicalKeyring {
214235 TestRoundtrip (hierarchyKeyring, materials, TEST_DBE_ALG_SUITE_ID, BRANCH_KEY_ID_B);
215236 }
216237
217- method {:test} TestInvalidDataKeyError ()
238+ method {:test} {:vcs_split_on_every_assert} TestInvalidDataKeyError ()
218239 {
219240 var branchKeyIdSupplier: Types. IBranchKeyIdSupplier := new DummyBranchKeyIdSupplier ();
220241 // TTL = 166.67 hours
@@ -227,10 +248,17 @@ module TestAwsKmsHierarchicalKeyring {
227248 id := None,
228249 kmsConfiguration := kmsConfig,
229250 logicalKeyStoreName := logicalKeyStoreName,
230- grantTokens := None,
231- ddbTableName := branchKeyStoreName,
232- ddbClient := Some(ddbClient),
233- kmsClient := Some (kmsClient)
251+ storage := Some(
252+ KeyStoreTypes.ddb(
253+ KeyStoreTypes.DynamoDBTable(
254+ ddbTableName := branchKeyStoreName,
255+ ddbClient := Some(ddbClient)
256+ ))),
257+ keyManagement := Some (
258+ KeyStoreTypes.kms(
259+ KeyStoreTypes.AwsKms(
260+ kmsClient := Some(kmsClient)
261+ )))
234262 );
235263 var keyStore :- expect KeyStore. KeyStore (keyStoreConfig);
236264 var hierarchyKeyring :- expect mpl. CreateAwsKmsHierarchicalKeyring (
@@ -353,6 +381,13 @@ module TestAwsKmsHierarchicalKeyring {
353381 var kmsClientWest :- expect KMS. KMSClientForRegion (regionWest);
354382 var kmsClientEast :- expect KMS. KMSClientForRegion (regionEast);
355383 var ddbClient :- expect DDB. DynamoDBClient ();
384+ // Recommend commenting the assume out while developing this method,
385+ // and just ignore the modifies exeptions,
386+ // and then re-enabling it once everything is safe
387+ assume {:axiom} && kmsClientWest. Modifies == {}
388+ && kmsClientEast. Modifies == {}
389+ && ddbClient. Modifies == {};
390+
356391 var kmsConfig := KeyStoreTypes. KMSConfiguration. kmsKeyArn (keyArn);
357392
358393 // Create a Key Store with the a KMS configuration and
@@ -363,7 +398,7 @@ module TestAwsKmsHierarchicalKeyring {
363398 kmsConfiguration := kmsConfig,
364399 logicalKeyStoreName := logicalKeyStoreName,
365400 grantTokens := None,
366- ddbTableName := branchKeyStoreName,
401+ ddbTableName := Some( branchKeyStoreName) ,
367402 ddbClient := Some (ddbClient),
368403 kmsClient := Some (kmsClientWest)
369404 );
@@ -379,7 +414,7 @@ module TestAwsKmsHierarchicalKeyring {
379414 kmsConfiguration := kmsConfig,
380415 logicalKeyStoreName := logicalKeyStoreName,
381416 grantTokens := None,
382- ddbTableName := branchKeyStoreName,
417+ ddbTableName := Some( branchKeyStoreName) ,
383418 ddbClient := Some (ddbClient),
384419 kmsClient := Some (kmsClientEast)
385420 );
@@ -493,6 +528,13 @@ module TestAwsKmsHierarchicalKeyring {
493528 var kmsClientWest :- expect KMS. KMSClientForRegion (regionWest);
494529 var kmsClientEast :- expect KMS. KMSClientForRegion (regionEast);
495530 var ddbClient :- expect DDB. DynamoDBClient ();
531+ // Recommend commenting the assume out while developing this method,
532+ // and just ignore the modifies exeptions,
533+ // and then re-enabling it once everything is safe
534+ assume {:axiom} && kmsClientWest. Modifies == {}
535+ && kmsClientEast. Modifies == {}
536+ && ddbClient. Modifies == {};
537+
496538 var kmsConfig := KeyStoreTypes. KMSConfiguration. kmsKeyArn (keyArn);
497539
498540 // Create a Key Store with the a KMS configuration and
@@ -503,7 +545,7 @@ module TestAwsKmsHierarchicalKeyring {
503545 kmsConfiguration := kmsConfig,
504546 logicalKeyStoreName := logicalKeyStoreName,
505547 grantTokens := None,
506- ddbTableName := branchKeyStoreName,
548+ ddbTableName := Some( branchKeyStoreName) ,
507549 ddbClient := Some (ddbClient),
508550 kmsClient := Some (kmsClientWest)
509551 );
@@ -519,7 +561,7 @@ module TestAwsKmsHierarchicalKeyring {
519561 kmsConfiguration := kmsConfig,
520562 logicalKeyStoreName := logicalKeyStoreName,
521563 grantTokens := None,
522- ddbTableName := branchKeyStoreName,
564+ ddbTableName := Some( branchKeyStoreName) ,
523565 ddbClient := Some (ddbClient),
524566 kmsClient := Some (kmsClientEast)
525567 );
@@ -613,6 +655,13 @@ module TestAwsKmsHierarchicalKeyring {
613655 var kmsClientWest :- expect KMS. KMSClientForRegion (regionWest);
614656 var kmsClientEast :- expect KMS. KMSClientForRegion (regionEast);
615657 var ddbClient :- expect DDB. DynamoDBClient ();
658+ // Recommend commenting the assume out while developing this method,
659+ // and just ignore the modifies exeptions,
660+ // and then re-enabling it once everything is safe
661+ assume {:axiom} && kmsClientWest. Modifies == {}
662+ && kmsClientEast. Modifies == {}
663+ && ddbClient. Modifies == {};
664+
616665 var kmsConfig := KeyStoreTypes. KMSConfiguration. kmsKeyArn (keyArn);
617666
618667 // Create a Key Store with the a KMS configuration and
@@ -623,7 +672,7 @@ module TestAwsKmsHierarchicalKeyring {
623672 kmsConfiguration := kmsConfig,
624673 logicalKeyStoreName := logicalKeyStoreName,
625674 grantTokens := None,
626- ddbTableName := branchKeyStoreName,
675+ ddbTableName := Some( branchKeyStoreName) ,
627676 ddbClient := Some (ddbClient),
628677 kmsClient := Some (kmsClientWest)
629678 );
@@ -639,7 +688,7 @@ module TestAwsKmsHierarchicalKeyring {
639688 kmsConfiguration := kmsConfig,
640689 logicalKeyStoreName := logicalKeyStoreName,
641690 grantTokens := None,
642- ddbTableName := branchKeyStoreName,
691+ ddbTableName := Some( branchKeyStoreName) ,
643692 ddbClient := Some (ddbClient),
644693 kmsClient := Some (kmsClientEast)
645694 );
@@ -731,6 +780,13 @@ module TestAwsKmsHierarchicalKeyring {
731780 var kmsClientWest :- expect KMS. KMSClientForRegion (regionWest);
732781 var kmsClientEast :- expect KMS. KMSClientForRegion (regionEast);
733782 var ddbClient :- expect DDB. DynamoDBClient ();
783+
784+ // Recommend commenting the assume out while developing this method,
785+ // and just ignore the modifies exeptions,
786+ // and then re-enabling it once everything is safe
787+ assume {:axiom} && kmsClientWest. Modifies == {}
788+ && kmsClientEast. Modifies == {}
789+ && ddbClient. Modifies == {};
734790 var kmsConfig := KeyStoreTypes. KMSConfiguration. kmsKeyArn (keyArn);
735791
736792 // Different logical key store names for both Key Stores
@@ -745,7 +801,7 @@ module TestAwsKmsHierarchicalKeyring {
745801 kmsConfiguration := kmsConfig,
746802 logicalKeyStoreName := logicalKeyStoreName,
747803 grantTokens := None,
748- ddbTableName := branchKeyStoreName,
804+ ddbTableName := Some( branchKeyStoreName) ,
749805 ddbClient := Some (ddbClient),
750806 kmsClient := Some (kmsClientWest)
751807 );
@@ -762,7 +818,7 @@ module TestAwsKmsHierarchicalKeyring {
762818 kmsConfiguration := kmsConfig,
763819 logicalKeyStoreName := logicalKeyStoreNameNew,
764820 grantTokens := None,
765- ddbTableName := branchKeyStoreName,
821+ ddbTableName := Some( branchKeyStoreName) ,
766822 ddbClient := Some (ddbClient),
767823 kmsClient := Some (kmsClientEast)
768824 );
0 commit comments