optional dependency

imabhichow · lucasmcdonald3 · imabhichow · commit 0142f15716d5 · 2025-06-16T14:32:25.000-07:00
Co-authored-by: Lucas McDonald &lt;lucasmcdonald3@gmail.com&gt;
diff --git a/DynamoDbEncryption/runtimes/python/pyproject.toml b/DynamoDbEncryption/runtimes/python/pyproject.toml
@@ -13,7 +13,11 @@ include = ["**/internaldafny/generated/*.py"]
 [tool.poetry.dependencies]
 python = "^3.11.0"
 aws-cryptographic-material-providers = { path = "../../../submodules/MaterialProviders/AwsCryptographicMaterialProviders/runtimes/python", develop = false}
-dynamodb_encryption_sdk = "^3.3.0"
+# Optional dependencies
+dynamodb_encryption_sdk = { version = "^3.3.0", optional = true }
+
+[tool.poetry.extras]
+legacy-ddbec = ["dynamodb_encryption_sdk"]
 
 # Package testing
 
diff --git a/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/internaldafny/extern/InternalLegacyOverride.py b/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/internaldafny/extern/InternalLegacyOverride.py
@@ -3,8 +3,6 @@
 from aws_dbesdk_dynamodb.internaldafny.generated.AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes import (
     DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig,
     Error_DynamoDbItemEncryptorException,
-    EncryptItemOutput_EncryptItemOutput,
-    DecryptItemOutput_DecryptItemOutput,
     DecryptItemInput_DecryptItemInput,
     EncryptItemInput_EncryptItemInput,
 )
@@ -72,10 +70,6 @@ def Build(config: DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig):
         legacy_instance = InternalLegacyOverride()
         legacy_instance.encryptor = legacy_override.encryptor
         legacy_instance.policy = legacy_override.policy
-        # # Access the value property, not calling it as a function
-        # legacy_instance.encryption_context = maybe_encryption_context.value
-        # # Access the value property, not calling it as a function
-        # legacy_instance.attribute_actions = maybe_actions.value
         legacy_instance.crypto_config = CryptoConfig(
             materials_provider=legacy_override.encryptor._materials_provider,
             encryption_context=maybe_encryption_context.value,
diff --git a/Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/common.py b/Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/common.py
@@ -157,7 +157,7 @@ def setup_awsdbe_client_with_legacy_override(kms_key_id: str, ddb_table_name: st
         policy=policy,
     )
 
-    # 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data.
+    # 3. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data.
     #    For this example, we will create a AWS KMS Keyring with the AWS KMS Key we want to use.
     #    We will use the `CreateMrkMultiKeyring` method to create this keyring,
     #    as it will correctly handle both single region and Multi-Region KMS Keys.
@@ -167,7 +167,7 @@ def setup_awsdbe_client_with_legacy_override(kms_key_id: str, ddb_table_name: st
     )
     kms_mrk_multi_keyring: IKeyring = mat_prov.create_aws_kms_mrk_multi_keyring(input=kms_mrk_multi_keyring_input)
 
-    # 2. Configure which attributes are encrypted and/or signed when writing new items.
+    # 4. Configure which attributes are encrypted and/or signed when writing new items.
     #    For each attribute that may exist on the items we plan to write to our DynamoDbTable,
     #    we must explicitly configure how they should be treated during item encryption:
     #      - ENCRYPT_AND_SIGN: The attribute is encrypted and included in the signature
@@ -181,7 +181,7 @@ def setup_awsdbe_client_with_legacy_override(kms_key_id: str, ddb_table_name: st
         ":attribute3": CryptoAction.DO_NOTHING,
     }
 
-    # 3. Configure which attributes we expect to be included in the signature
+    # 5. Configure which attributes we expect to be included in the signature
     #    when reading items. There are two options for configuring this:
     #
     #    - (Recommended) Configure `allowedUnsignedAttributesPrefix`:
@@ -211,7 +211,7 @@ def setup_awsdbe_client_with_legacy_override(kms_key_id: str, ddb_table_name: st
     #   the ":" prefix should be considered unauthenticated.
     unsignAttrPrefix: str = ":"
 
-    # 4. Create the DynamoDb Encryption configuration for the table we will be writing to.
+    # 6. Create the DynamoDb Encryption configuration for the table we will be writing to.
     #    without the legacy override
     table_configs = {}
     table_config = DynamoDbTableEncryptionConfig(
@@ -235,7 +235,7 @@ def setup_awsdbe_client_with_legacy_override(kms_key_id: str, ddb_table_name: st
     table_configs[ddb_table_name] = table_config
     tables_config = DynamoDbTablesEncryptionConfig(table_encryption_configs=table_configs)
 
-    # 5. Create the EncryptedClient
+    # 7. Create the EncryptedClient
     return EncryptedClient(
         client=boto3.client("dynamodb"),
         encryption_config=tables_config,
diff --git a/Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/migration_step_1.py b/Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/migration_step_1.py
@@ -24,8 +24,6 @@
 """
 from aws_dbesdk_dynamodb.structures.dynamodb import LegacyPolicy
 
-# Import from new AWS Database Encryption SDK
-# Import from legacy DynamoDB Encryption Client
 from .common import setup_awsdbe_client_with_legacy_override
 
 
diff --git a/Examples/runtimes/python/pyproject.toml b/Examples/runtimes/python/pyproject.toml
@@ -6,8 +6,7 @@ authors = ["AWS Crypto Tools <aws-crypto-tools@amazon.com>"]
 
 [tool.poetry.dependencies]
 python = "^3.11.0"
-aws-dbesdk-dynamodb = { path = "../../../DynamoDbEncryption/runtimes/python", develop = false}
-dynamodb_encryption_sdk = "^3.3.0"
+aws-dbesdk-dynamodb = { path = "../../../DynamoDbEncryption/runtimes/python", develop = false, extras = ["legacy-ddbec"]}
 
 [tool.poetry.group.test.dependencies]
 pytest = "^7.4.0"
