m

Author: lucasmcdonald3

DynamoDbEncryption/runtimes/python/src/aws_database_encryption_sdk/encryptor/resource.py

@@ -11,7 +11,10 @@
 )
 from aws_database_encryption_sdk.internal.resource_to_client import ResourceShapeToClientShapeConverter
 from aws_database_encryption_sdk.internal.client_to_resource import ClientShapeToResourceShapeConverter
-
+from aws_database_encryption_sdk.smithygenerated.aws_cryptography_dbencryptionsdk_dynamodb_transforms.client import (
+    DynamoDbEncryptionTransforms
+)
+from aws_database_encryption_sdk.encryptor.table import EncryptedTable
 
 class EncryptedTablesCollectionManager:
 
@@ -33,18 +36,20 @@ def __init__(
     ):
         self._resource = resource
         self._encryption_config = encryption_config
+        self._transformer = DynamoDbEncryptionTransforms(
+            config = encryption_config
+        )
         self._client_shape_to_resource_shape_converter = ClientShapeToResourceShapeConverter()
         self._resource_shape_to_client_shape_converter = ResourceShapeToClientShapeConverter()
 
 
     def Table(self, name, **kwargs):
         print("EncryptedResource making EncryptedTable")
-        table_kwargs = dict(
+
+        return EncryptedTable(
             table=self._resource.Table(name),
             encryption_config=self._encryption_config
         )
-
-        return EncryptedTable(**table_kwargs)
 
     def __getattr__(self, name):
         print("calling EncryptedResource.__getattr__")
@@ -111,3 +116,9 @@ def batch_write_item(self, **kwargs):
         response = self._copy_missing_sdk_output_fields_to_response(sdk_output, response, output_transform_output)
 
         return response
+
+    def _copy_missing_sdk_output_fields_to_response(self, sdk_output, response, output_transform_output):
+        for sdk_output_key, sdk_output_value in sdk_output.items():
+            if sdk_output_key not in output_transform_output:
+                response[sdk_output_key] = sdk_output_value
+        return response

DynamoDbEncryption/runtimes/python/src/aws_database_encryption_sdk/encryptor/table.py

@@ -91,6 +91,7 @@ def get_item(self, **kwargs):
 
         return response
 
+    # TODO refactor across table/client/resource/more?
     def _copy_missing_sdk_output_fields_to_response(self, sdk_output, response, output_transform_output):
         for sdk_output_key, sdk_output_value in sdk_output.items():
             if sdk_output_key not in output_transform_output:
@@ -171,3 +172,16 @@ def query(self, **kwargs):
         response = self._copy_missing_sdk_output_fields_to_response(sdk_output, response, output_transform_output)
 
         return response
+
+    def __getattr__(self, name):
+        # Before calling __getattr__, the class will look at its own methods.
+        # Any methods defined on the class are called before getting to this point.
+
+        # __getattr__ doesn't find a class' protected methods by default.
+        # if name in self._get_protected_methods():
+        #     return getattr(self, name)
+        # If the class doesn't override a boto3 method, defer to boto3 now.
+        if hasattr(self._resource, name):
+            return getattr(self._resource, name)
+        else:
+            raise AttributeError(f"'{self.__class__.__name__}' object has no attribute '{name}'")

DynamoDbEncryption/runtimes/python/src/aws_database_encryption_sdk/internal/client_to_resource.py

@@ -11,20 +11,24 @@ def attribute_value(self, attribute_value):
         return list(ddb_to_dict({"throwaway_key": attribute_value}).values())[0]
 
     def put_item_request(self, put_item_request):
-        del put_item_request["TableName"]
-        return super().put_item_request(put_item_request)
+        out = super().put_item_request(put_item_request)
+        del out["TableName"]
+        return out
 
     def get_item_request(self, get_item_request):
-        del get_item_request["TableName"]
-        return super().get_item_request(get_item_request)
+        out = super().get_item_request(get_item_request)
+        del out["TableName"]
+        return out
 
     def query_request(self, query_request):
-        del query_request["TableName"]
-        return super().query_request(query_request)
+        out = super().query_request(query_request)
+        del out["TableName"]
+        return out
 
     def scan_request(self, scan_request):
-        del scan_request["TableName"]
-        return super().scan_request(scan_request)
+        out = super().scan_request(scan_request)
+        del out["TableName"]
+        return out
 
     def expression(self, condition_expression):
         # Tables accept the same format as the client (string).

TestVectors/runtimes/python/WriteTests1.json

@@ -1 +1 @@
-[{"Ten":{"B":"Af8s6YdAFS4utVKOm4W2YVK6xib1n7TDtOY="},"Two":{"B":"AAKCSt2X5SOJ8zQqkTv9PnOrboo="},"Five":{"B":"AARwceKk16c6ZsWm9bflwhvExQ=="},"Four":{"B":"AAB3VgdPtr3dspOXnWQnSwH9"},"One":{"B":"AAHe3uxIVXy2N2LNs1frVSK2GfPyGn7AJgrE"},"Six":{"L":[{"S":"one"},{"S":"two"},{"S":"three"},{"L":[{"N":"1"},{"N":"2"},{"N":"3"},{"N":"4"}]}]},"Nine":{"NS":["1.2","5.6","3.4"]},"Seven":{"B":"AgBoRAjKSyXqGOpEb+3CcrYSTsTVwJ0DQQ7j7P5mfW07Efuy1c3uyyaZAbTunvJkFIemwX1b9ZLNU5ZrHOKkiV0CFvhdulpRTh/XIT8gb4J9JALC4GfiJqpKEB7oS68a6CuhhEpx7QetphSz+jnp/WjeHFBhWA=="},"Three":{"B":"//8LRASLaVduZ51FWhVvp60FffkOeByvehZrbFhXycPCaPdg"},"Eight":{"B":"AQHZRzJ46nbMoh327WCHP+xGPIxhwsu09VO5Xbq3AYhBZnCjNqcDi9z3iK3g"},"RecNum":{"N":"1"},"aws_dbe_head":{"B":"AQEEhrXqfrq0dNolzOmoh0EYWg2+TY0GIziF9chaDoHu4QALZXNlZWVlc2VlZXMAAQAVYXdzLWNyeXB0by1wdWJsaWMta2V5AERBNU9ZcjZQRExXNkVDM29lSEY1ZjFLSUZnd2RPY2ZMSWNCSXplRG0rMEFmbHQ5M0xGdzZqTjRvN2xnWVhsN2dnQ1E9PQEAEWF3cy1rbXMtaGllcmFyY2h5ACRiZDM4NDJmZi0zMDc2LTQwOTItOTkxOC00Mzk1NzMwMDUwYjgAjO2oPUgfwh2yXVHJoe8MyeiB8TrIIyY0DEJUgPJH8v+30yQTjYGDZY5DlsDB5f/cIZ/FDTEHpoqOlTG7RS0jiOwfAL8lMZ/duOjbvw/pzhij7bVCcp+GHKy3mX/2oVDnn4f1Db4J+yA4/DfrFspT/kY4pHKHgDoDXsa2SWMmmY3lIh6X6RtNvEOgy0U+8+Pu0wWfLpaKHas2+afpIBRYn8HHCu55wjrXLHg9uaM="},"aws_dbe_foot":{"B":"2dk32XzvUvDXvjC5Lxb4pHbGPKeMOO1r6O/xCpDho/6rlx+SKfU6B5h9xz4UeMQxMGUCMQDRBcftyiIcbmsIg31PoBOKgbNrmbsZSls7wlELnMuxT2yzCySoHJ3ruR4XE6kAxeICMHuoSL0XS6YHXqQgxU6Ep+3H35eqmos6XquZJV6tfxd1OTfc34+AgAi53/7mOhEAyw=="}}]
+[{"aws_dbe_foot":{"B":"gtTab9XdZyS1Kd0AQhWHXFsm9cgg91RW8ld63mxTzFY0ZAxmXOqbPdZoo6yL5pwFMGUCMQCJhqmWeNBfhK8l0mkU61jmeVXgUdN2wVkhmRCznlkmcMiWozGkJvhbWoAheGWZg98CMEJwv0c02PXl79jIKqFDHrZRpPSLU9y0NdjF6Jj0MX/jVAY99Zwy7KEkLzgBI8wMYQ=="},"Nine":{"NS":["1.2","5.6","3.4"]},"Two":{"B":"AAIsSl4KZCLJ7E0Vj1SQ1Mv/Fwg="},"RecNum":{"N":"1"},"aws_dbe_head":{"B":"AQFcl0of5rcj4IsSF9lhUGLRM2a06GWjxXE9lu8ffpS6bgALZXNlZWVlc2VlZXMAAQAVYXdzLWNyeXB0by1wdWJsaWMta2V5AERBMVowdkhUbExoNGNxZFRNUVE5VUVsWGdVWlh2NjBuTjVSbzZJeUNmUkdZVUVGeVJQZ0ZKTCtJTnhzSzhQdnFsYmc9PQEAEWF3cy1rbXMtaGllcmFyY2h5ACRiZDM4NDJmZi0zMDc2LTQwOTItOTkxOC00Mzk1NzMwMDUwYjgAjJl5CbZ1hVgH9PI06YY2pReku02bIlNoMbkNBmnOmC3SMrWIebUHR/S+qnRCC6Nyu82hbS5SCHdyDsKrCH26vS2tC3qzQEy9dn6w9g7pzhij7bVCcp+GHKy3mX/2T6UyppkAg+0bORfulYoZbR3dagPU7xcqEbv4CnTXYiEzshd5jjYgg94VW4J9E4xsIEzW+rs7dO2goPbzAitUgmAXvemEW3YZwU2igtdr5tg="},"Six":{"L":[{"S":"one"},{"S":"two"},{"S":"three"},{"L":[{"N":"1"},{"N":"2"},{"N":"3"},{"N":"4"}]}]},"Seven":{"B":"AgBRIBzYUjm2aX2XMI2hC3iOoTs0HvrpReBLOMYxxhTYoxZo82cHgoo9MJgAGEzW59ZP8GLgvM2SxsHh2GcwFlk4vYzwuB2UqkuI7VuipQskde8+cxc08+nRMmdh1gNauujm8Yp/zR0BMwfeJzthKgBT8K7ehw=="},"Eight":{"B":"AQGXvhziLvrbnFcEvcGoyURaVGPizJ7DOGt5tvEY3wbihoJN1D4YISTlZSlY"},"One":{"B":"AAFCkBUdc1t4JcvDMa8lSwUtOF7kJTCeXyGW"},"Three":{"B":"//+c/58Y0m6S653ePlqiFB2Wx4dLw7ys+NGoSOFkx3/dMJyV"},"Four":{"B":"AAA0FKipvCQdQ1I/mYcHnOiw"},"Five":{"B":"AARkzd9SiUHCOWke42PPWC6Y7g=="},"Ten":{"B":"Af/bd5gH2gIIlhiSDutakSxbzM1MueKUELM="}}]

TestVectors/runtimes/python/src/dbesdk_ddb_test_vectors/internaldafny/extern/CreateInterceptedDDBResource.py

@@ -12,6 +12,8 @@
     dict_to_ddb,
     ddb_to_dict,
 )
+from aws_database_encryption_sdk.internal.resource_to_client import ResourceShapeToClientShapeConverter
+from aws_database_encryption_sdk.internal.client_to_resource import ClientShapeToResourceShapeConverter
 
 # TestVectors-only override of ._flush method:
 # persist response in self._response for TestVectors output processing.
@@ -49,123 +51,87 @@ class DynamoDBClientWrapperForDynamoDBResource:
     def __init__(self, resource, client):
         self._resource = resource
         self._client = client
-
-    def put_item(self, **kwargs):
-        pass
-
-    def get_item(self, **kwargs):
-        key_dynamodb_format = kwargs["Key"]
-        key_dict_format = ddb_to_dict(key_dynamodb_format)
-        kwargs["Key"] = key_dict_format
-        dict_format_output = self._resource.get_item(**kwargs)
-        dynamodb_format_item = dict_format_output
-        if "Item" in dict_format_output:
-            dynamodb_format_item["Item"] = dict_to_ddb(dict_format_output["Item"])
-        return dynamodb_format_item
-
-    def _convert_batch_write_item_request_from_dynamo_to_dict(self, **kwargs):
-        for table, requests in kwargs["RequestItems"].items():
-            dict_requests = []
-            for request in requests:
-                request_name_list = list(request.keys())
-                if len(request_name_list) > 1:
-                    raise ValueError("Cannot send more than one request in a single request")
-                request_name = request_name_list[0]
-                if request_name == "PutRequest":
-                    dict_request = ddb_to_dict(request[request_name]["Item"])
-                    dict_requests.append({request_name: {"Item": dict_request}})
-                elif request_name == "DeleteRequest":
-                    dict_request = ddb_to_dict(request[request_name]["Key"])
-                    dict_requests.append({request_name: {"Key": dict_request}})
-                else:
-                    raise ValueError(f"Unknown batch_write_items method key: {request_name}")
-            kwargs["RequestItems"][table] = dict_requests
-        return kwargs
+        self._client_shape_to_resource_shape_converter = ClientShapeToResourceShapeConverter()
+        self._resource_shape_to_client_shape_converter = ResourceShapeToClientShapeConverter()
 
     def batch_write_item(self, **kwargs):
-        print(f"batch_write_item {kwargs=}")
-        dict_formatted = self._convert_batch_write_item_request_from_dynamo_to_dict(**kwargs)
-        return self._resource.batch_write_item(**dict_formatted)
-
-        # # print(f"batch_write_item {kwargs=}")
-        # # Parse boto3 client.batch_write_item input into table.batch_writer() calls
-        # # client.batch_write_item: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/client/batch_write_item.html
-        # # table.batch_writer(): https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/batch_writer.html
-        # tables = kwargs["RequestItems"]
-        # table_names = list(tables.keys())
-        # if len(tables.keys()) > 1:
-        #     raise ValueError("Table batch_write_item only supports 1 table in a request.")
-        # requests = tables[table_names[0]]
-        # with self._table.batch_writer() as batch:
-
-        #     batch._flush=types.MethodType(_flush_and_persist_response, batch)
-
-        #     for request in requests:
-        #         request_name_list = list(request.keys())
-        #         if len(request_name_list) > 1:
-        #             raise ValueError("Cannot send more than one request in a single request")
-        #         request_name = request_name_list[0]
-        #         if request_name == "PutRequest":
-        #             dict_request = ddb_to_dict(request[request_name]["Item"])
-        #             boto3_request = {"Item": dict_request}
-        #             batch.put_item(**boto3_request)
-        #             # dynamodb_request = request[request_name]
-        #             # print(f"{dynamodb_request}")
-        #             # batch.put_item(**dynamodb_request)
-        #         elif request_name == "DeleteRequest":
-        #             batch.delete_item(Key=ddb_to_dict(request["Key"]))
-        #         else:
-        #             raise ValueError(f"Unknown batch_write_items method key: {request_name}")
-        # return batch._response
-
+        # The input here is from the DBESDK TestVectors, which is in the shape of a client request.
+        # Convert the client request to a resource request to be passed to the table.
+        table_input = self._client_shape_to_resource_shape_converter.batch_write_item_request(kwargs)
+        # ClientShapeToResourceShapeConverters don't convert DynamoDB expressions from strings to Condition objects,
+        #   because resource shapes can accept strings.
+        # For TestVectors coverage, use a TestVectors-internal string-to-Condition converter.
+        # TODO: Use a shared Condition converter.
+        table_output = self._resource.batch_write_item(**table_input)
+        client_output = self._resource_shape_to_client_shape_converter.batch_write_item_response(table_output)
+        return client_output
+    
     def batch_get_item(self, **kwargs):
-        # batch_get_item doesn't exist on boto3 tables.
-        # For TestVector compatibility, just make a series of get_item calls,
-        # and massage inputs/outputs into expected formats.
-        tables = kwargs["RequestItems"]
-        table_names = list(tables.keys())
-        if len(tables.keys()) > 1:
-            raise ValueError("Table batch_get_item only supports 1 table in a request.")
-        requests = tables[table_names[0]]
-        with self._table.batch_writer() as batch:
-
-            batch._flush=types.MethodType(_flush_and_persist_response, batch)
-
-            for request in requests:
-                request_name_list = list(request.keys())
-                if len(request_name_list) > 1:
-                    raise ValueError("Cannot send more than one request in a single request")
-                request_name = request_name_list[0]
-                if request_name == "PutRequest":
-                    dict_request = ddb_to_dict(request[request_name]["Item"])
-                    boto3_request = {"Item": dict_request}
-                    batch.put_item(**boto3_request)
-                    # dynamodb_request = request[request_name]
-                    # print(f"{dynamodb_request}")
-                    # batch.put_item(**dynamodb_request)
-                elif request_name == "DeleteRequest":
-                    batch.delete_item(Key=ddb_to_dict(request["Key"]))
-                else:
-                    raise ValueError(f"Unknown batch_write_items method key: {request_name}")
-        return batch._response
-
-
+        table_input = self._client_shape_to_resource_shape_converter.batch_get_item_request(kwargs)
+        table_output = self._resource.batch_get_item(**table_input)
+        client_output = self._resource_shape_to_client_shape_converter.batch_get_item_response(table_output)
+        return client_output
+    
     def scan(self, **kwargs):
-        pass
+        # Resources don't have scan, but our EncryptedResources can provide EncryptedTables that do support scan.
+        # This path tests that the EncryptedTables provided by EncryptedResources can used for scan.
+        table_name = kwargs["TableName"]
+        table_input = self._client_shape_to_resource_shape_converter.scan_request(kwargs)
+        encrypted_table = self._resource.Table(table_name)
+        table_output = encrypted_table.scan(**table_input)
+        table_shape_converter = ResourceShapeToClientShapeConverter(table_name=table_name)
+        client_output = table_shape_converter.scan_response(table_output)
+        return client_output
+    
+    def put_item(self, **kwargs):
+        # Resources don't have put_item, but our EncryptedResources can provide EncryptedTables that do support put_item.
+        # This path tests that the EncryptedTables provided by EncryptedResources can used for put_item.
+        table_name = kwargs["TableName"]
+        table_input = self._client_shape_to_resource_shape_converter.put_item_request(kwargs)
+        encrypted_table = self._resource.Table(table_name)
+        table_output = encrypted_table.put_item(**table_input)
+        table_shape_converter = ResourceShapeToClientShapeConverter(table_name=table_name)
+        client_output = table_shape_converter.put_item_response(table_output)
+        return client_output
+    
+    def get_item(self, **kwargs):
+        # Resources don't have get_item, but our EncryptedResources can provide EncryptedTables that do support get_item.
+        # This path tests that the EncryptedTables provided by EncryptedResources can used for get_item.
+        table_name = kwargs["TableName"]
+        table_input = self._client_shape_to_resource_shape_converter.get_item_request(kwargs)
+        encrypted_table = self._resource.Table(table_name)
+        table_output = encrypted_table.get_item(**table_input)
+        table_shape_converter = ResourceShapeToClientShapeConverter(table_name=table_name)
+        client_output = table_shape_converter.get_item_response(table_output)
+        return client_output
+    
+    def query(self, **kwargs):
+        # Resources don't have query, but our EncryptedResources can provide EncryptedTables that do support query.
+        # This path tests that the EncryptedTables provided by EncryptedResources can used for query.
+        table_name = kwargs["TableName"]
+        table_input = self._client_shape_to_resource_shape_converter.put_item_request(kwargs)
+        encrypted_table = self._resource.Table(table_name)
+        table_output = encrypted_table.query(**table_input)
+        table_shape_converter = ResourceShapeToClientShapeConverter(table_name=table_name)
+        client_output = table_shape_converter.put_item_response(table_output)
+        return client_output
 
     def transact_get_items(self, **kwargs):
-        pass
+        raise NotImplementedError("transact_get_items not supported on resources")
 
     def transact_write_items(self, **kwargs):
-        pass
-
-    def query(self, **kwargs):
-        pass
+        raise NotImplementedError("transact_get_items not supported on resources")
 
     def delete_table(self, **kwargs):
+        # Resources don't have delete_table. Plus, DBESDK doesn't intercept DeleteTable calls.
+        # TestVectors only use this to ensure a new, clean table is created for each test.
+        # Defer to the underlying boto3 client to delete the table.
         return self._client.delete_table(**kwargs)
 
     def create_table(self, **kwargs):
+        # Resources don't have create_table. Plus, DBESDK doesn't intercept CreateTable calls.
+        # TestVectors only use this to ensure a new, clean table is created for each test.
+        # Defer to the underlying boto3 client to create a table.
         return self._client.create_table(**kwargs)