sync

Lucas McDonald · Lucas McDonald · commit 381538b1a5e8 · 2025-05-16T10:51:10.000-07:00
diff --git a/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/client.py b/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/client.py
@@ -17,10 +17,18 @@
     DynamoDbEncryptionTransforms,
 )
 from aws_dbesdk_dynamodb.smithygenerated.aws_cryptography_dbencryptionsdk_dynamodb_transforms.models import (
+    BatchExecuteStatementInputTransformInput,
+    BatchExecuteStatementOutputTransformInput,
     BatchGetItemInputTransformInput,
     BatchGetItemOutputTransformInput,
     BatchWriteItemInputTransformInput,
     BatchWriteItemOutputTransformInput,
+    DeleteItemInputTransformInput,
+    DeleteItemOutputTransformInput,
+    ExecuteStatementInputTransformInput,
+    ExecuteStatementOutputTransformInput,
+    ExecuteTransactionInputTransformInput,
+    ExecuteTransactionOutputTransformInput,
     GetItemInputTransformInput,
     GetItemOutputTransformInput,
     PutItemInputTransformInput,
@@ -33,6 +41,8 @@
     TransactGetItemsOutputTransformInput,
     TransactWriteItemsInputTransformInput,
     TransactWriteItemsOutputTransformInput,
+    UpdateItemInputTransformInput,
+    UpdateItemOutputTransformInput,
 )
 
 
@@ -57,8 +67,14 @@ class EncryptedClient(EncryptedBotoInterface):
         * ``batch_get_item``
         * ``transact_get_items``
         * ``transact_write_items``
+        * ``delete_item``
 
-    The ``update_item`` operation is not currently supported. Calling this operation will raise ``NotImplementedError``.
+    The following operations are not supported and will raise DynamoDbEncryptionTransformsException:
+
+        * ``execute_statement``
+        * ``execute_transaction``
+        * ``batch_execute_statement``
+        * ``update_item``
 
     Any other operations on this class will defer to the underlying boto3 DynamoDB client's implementation.
 
@@ -337,18 +353,131 @@ def transact_write_items(self, **kwargs) -> dict[str, Any]:
             output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.transact_write_items_response,
         )
 
+    def delete_item(self, **kwargs):
+        """
+        Delete an item from a table by the specified key.
+
+        The input and output syntaxes match those for the boto3 DynamoDB client ``delete_item`` API:
+
+        https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/client/delete_item.html
+
+        Args:
+            **kwargs: Keyword arguments to pass to the operation. This matches the boto3 client ``delete_item``
+                request syntax.
+
+        Returns:
+            dict: The response from DynamoDB. This matches the boto3 client ``delete_item`` response syntax.
+            Any values in the ``"Attributes"`` field will be decrypted locally after being read from DynamoDB.
+
+        """
+        return self._client_operation_logic(
+            operation_input=kwargs,
+            input_item_to_ddb_transform_method=self._resource_to_client_shape_converter.delete_item_request,
+            input_item_to_dict_transform_method=self._client_to_resource_shape_converter.delete_item_request,
+            input_transform_method=self._transformer.delete_item_input_transform,
+            input_transform_shape=DeleteItemInputTransformInput,
+            output_transform_method=self._transformer.delete_item_output_transform,
+            output_transform_shape=DeleteItemOutputTransformInput,
+            client_method=self._client.delete_item,
+            output_item_to_dict_transform_method=self._client_to_resource_shape_converter.delete_item_response,
+            output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.delete_item_response,
+        )
+
+    def execute_statement(self, **kwargs):
+        """
+        Not implemented. Raises DynamoDbEncryptionTransformsException.
+
+        Args:
+            **kwargs: Any arguments passed to this method
+
+        Raises:
+            DynamoDbEncryptionTransformsException: This operation is not supported on encrypted tables.
+
+        """
+        return self._client_operation_logic(
+            operation_input=kwargs,
+            input_item_to_ddb_transform_method=self._resource_to_client_shape_converter.execute_statement_request,
+            input_item_to_dict_transform_method=self._client_to_resource_shape_converter.execute_statement_request,
+            input_transform_method=self._transformer.execute_statement_input_transform,
+            input_transform_shape=ExecuteStatementInputTransformInput,
+            output_transform_method=self._transformer.execute_statement_output_transform,
+            output_transform_shape=ExecuteStatementOutputTransformInput,
+            client_method=self._client.execute_statement,
+            output_item_to_dict_transform_method=self._client_to_resource_shape_converter.execute_statement_response,
+            output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.execute_statement_response,
+        )
+
+    def execute_transaction(self, **kwargs):
+        """
+        Not implemented. Raises DynamoDbEncryptionTransformsException.
+
+        Args:
+            **kwargs: Any arguments passed to this method
+
+        Raises:
+            DynamoDbEncryptionTransformsException: This operation is not supported on encrypted tables.
+
+        """
+        return self._client_operation_logic(
+            operation_input=kwargs,
+            input_item_to_ddb_transform_method=self._resource_to_client_shape_converter.execute_transaction_request,
+            input_item_to_dict_transform_method=self._client_to_resource_shape_converter.execute_transaction_request,
+            input_transform_method=self._transformer.execute_transaction_input_transform,
+            input_transform_shape=ExecuteTransactionInputTransformInput,
+            output_transform_method=self._transformer.execute_transaction_output_transform,
+            output_transform_shape=ExecuteTransactionOutputTransformInput,
+            client_method=self._client.execute_transaction,
+            output_item_to_dict_transform_method=self._client_to_resource_shape_converter.execute_transaction_response,
+            output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.execute_transaction_response,
+        )
+
     def update_item(self, **kwargs):
         """
-        Not implemented. Raises NotImplementedError.
+        Not implemented. Raises DynamoDbEncryptionTransformsException.
 
         Args:
             **kwargs: Any arguments passed to this method
 
         Raises:
-            NotImplementedError: This operation is not yet implemented
+            DynamoDbEncryptionTransformsException: This operation is not supported on encrypted tables.
 
         """
-        raise NotImplementedError('"update_item" is not yet implemented')
+        return self._client_operation_logic(
+            operation_input=kwargs,
+            input_item_to_ddb_transform_method=self._resource_to_client_shape_converter.update_item_request,
+            input_item_to_dict_transform_method=self._client_to_resource_shape_converter.update_item_request,
+            input_transform_method=self._transformer.update_item_input_transform,
+            input_transform_shape=UpdateItemInputTransformInput,
+            output_transform_method=self._transformer.update_item_output_transform,
+            output_transform_shape=UpdateItemOutputTransformInput,
+            client_method=self._client.update_item,
+            output_item_to_dict_transform_method=self._client_to_resource_shape_converter.update_item_response,
+            output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.update_item_response,
+        )
+
+    def batch_execute_statement(self, **kwargs):
+        """
+        Not implemented. Raises DynamoDbEncryptionTransformsException.
+
+        Args:
+            **kwargs: Any arguments passed to this method
+
+        Raises:
+            DynamoDbEncryptionTransformsException: This operation is not supported on encrypted tables.
+
+        """
+        return self._client_operation_logic(
+            operation_input=kwargs,
+            input_item_to_ddb_transform_method=self._resource_to_client_shape_converter.batch_execute_statement_request,
+            input_item_to_dict_transform_method=self._client_to_resource_shape_converter.batch_execute_statement_request,
+            input_transform_method=self._transformer.batch_execute_statement_input_transform,
+            input_transform_shape=BatchExecuteStatementInputTransformInput,
+            output_transform_method=self._transformer.batch_execute_statement_output_transform,
+            output_transform_shape=BatchExecuteStatementOutputTransformInput,
+            client_method=self._client.batch_execute_statement,
+            output_item_to_dict_transform_method=self._client_to_resource_shape_converter.batch_execute_statement_response,
+            output_item_to_ddb_transform_method=self._resource_to_client_shape_converter.batch_execute_statement_response,
+        )
 
     def get_paginator(self, operation_name: str) -> EncryptedPaginator | botocore.client.Paginator:
         """
diff --git a/DynamoDbEncryption/runtimes/python/test/integ/encrypted/test_client.py b/DynamoDbEncryption/runtimes/python/test/integ/encrypted/test_client.py
@@ -5,6 +5,9 @@
 
 from aws_dbesdk_dynamodb.encrypted.client import EncryptedClient
 from aws_dbesdk_dynamodb.encrypted.paginator import EncryptedPaginator
+from aws_dbesdk_dynamodb.smithygenerated.aws_cryptography_dbencryptionsdk_dynamodb_transforms.errors import (
+    DynamoDbEncryptionTransformsException,
+)
 
 from ...constants import (
     INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME,
@@ -21,12 +24,20 @@
     simple_key_dict,
 )
 from ...requests import (
+    basic_batch_execute_statement_request_ddb,
+    basic_batch_execute_statement_request_dict,
     basic_batch_get_item_request_ddb,
     basic_batch_get_item_request_dict,
     basic_batch_write_item_delete_request_ddb,
     basic_batch_write_item_delete_request_dict,
     basic_batch_write_item_put_request_ddb,
     basic_batch_write_item_put_request_dict,
+    basic_delete_item_request_ddb,
+    basic_delete_item_request_dict,
+    basic_execute_statement_request_ddb,
+    basic_execute_statement_request_dict,
+    basic_execute_transaction_request_ddb,
+    basic_execute_transaction_request_dict,
     basic_get_item_request_ddb,
     basic_get_item_request_dict,
     basic_put_item_request_ddb,
@@ -41,6 +52,8 @@
     basic_transact_write_item_delete_request_dict,
     basic_transact_write_item_put_request_ddb,
     basic_transact_write_item_put_request_dict,
+    basic_update_item_request_ddb,
+    basic_update_item_request_dict,
 )
 from . import sort_dynamodb_json_lists
 
@@ -154,8 +167,15 @@ def get_item_request(expect_standard_dictionaries, test_item):
     return basic_get_item_request_ddb(test_item)
 
 
-def test_GIVEN_valid_put_and_get_requests_WHEN_put_and_get_THEN_round_trip_passes(
-    client, put_item_request, get_item_request
+@pytest.fixture
+def delete_item_request(expect_standard_dictionaries, test_item):
+    if expect_standard_dictionaries:
+        return {**basic_delete_item_request_dict(test_item), "TableName": INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME}
+    return basic_delete_item_request_ddb(test_item)
+
+
+def test_GIVEN_valid_put_and_get_and_delete_requests_WHEN_put_and_get_and_delete_THEN_round_trip_passes(
+    client, put_item_request, get_item_request, delete_item_request
 ):
     # Given: Valid put_item request
     # When: put_item
@@ -174,6 +194,23 @@ def test_GIVEN_valid_put_and_get_requests_WHEN_put_and_get_THEN_round_trip_passe
     actual_item = sort_dynamodb_json_lists(get_response["Item"])
     assert expected_item == actual_item
 
+    # Given: Valid delete_item request for the same item
+    # When: delete_item
+    delete_response = client.delete_item(**{**delete_item_request, "ReturnValues": "ALL_OLD"})
+    # Then: delete_item succeeds and contains the expected response
+    assert delete_response["ResponseMetadata"]["HTTPStatusCode"] == 200
+    # DynamoDB JSON uses lists to represent sets, so strict equality can fail.
+    # Sort lists to ensure consistent ordering when comparing expected and actual items.
+    expected_item = sort_dynamodb_json_lists(put_item_request["Item"])
+    actual_item = sort_dynamodb_json_lists(delete_response["Attributes"])
+    assert expected_item == actual_item
+
+    # Given: Valid get_item request for the same item
+    # When: get_item
+    get_response = client.get_item(**get_item_request)
+    # Then: get_item is empty (i.e. the item was deleted)
+    assert "Item" not in get_response
+
 
 @pytest.fixture
 def batch_write_item_put_request(expect_standard_dictionaries, multiple_test_items):
@@ -346,18 +383,89 @@ def test_GIVEN_valid_transact_write_and_get_requests_WHEN_transact_write_and_get
     assert transact_write_delete_response["ResponseMetadata"]["HTTPStatusCode"] == 200
 
 
-def test_WHEN_update_item_THEN_raises_not_implemented_error():
-    """Test that update_item raises NotImplementedError."""
+@pytest.fixture
+def update_item_request(expect_standard_dictionaries, test_item):
+    if expect_standard_dictionaries:
+        return basic_update_item_request_dict(test_item)
+    return basic_update_item_request_ddb(test_item)
+
+
+def test_WHEN_update_item_THEN_raises_DynamoDbEncryptionTransformsException():
+    """Test that update_item raises DynamoDbEncryptionTransformsException."""
     # Given: Encrypted client and update item parameters
-    # When: Calling update_item
-    with pytest.raises(NotImplementedError):
+    # Then: DynamoDbEncryptionTransformsException is raised
+    with pytest.raises(DynamoDbEncryptionTransformsException):
+        # When: Calling update_item
         encrypted_client(expect_standard_dictionaries=False).update_item(
             TableName=INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME,
-            Key={"partition_key": "test-key", "sort_key": 1},
+            Key={"partition_key": {"S": "test-key"}, "sort_key": {"N": "1"}},
             UpdateExpression="SET attribute1 = :val",
             ExpressionAttributeValues={":val": {"S": "new value"}},
         )
-    # Then: NotImplementedError is raised
+
+
+@pytest.fixture
+def execute_statement_request(expect_standard_dictionaries, test_item):
+    if expect_standard_dictionaries:
+        return basic_execute_statement_request_dict(test_item)
+    return basic_execute_statement_request_ddb(test_item)
+
+
+def test_WHEN_execute_statement_THEN_raises_DynamoDbEncryptionTransformsException():
+    """Test that execute_statement raises DynamoDbEncryptionTransformsException."""
+    # Given: Encrypted client and update item parameters
+    # Then: DynamoDbEncryptionTransformsException is raised
+    with pytest.raises(DynamoDbEncryptionTransformsException):
+        # When: Calling update_item
+        encrypted_client(expect_standard_dictionaries=False).execute_statement(
+            Statement="SELECT * FROM " + INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME,
+        )
+
+
+@pytest.fixture
+def execute_transaction_request(expect_standard_dictionaries, test_item):
+    if expect_standard_dictionaries:
+        return basic_execute_transaction_request_dict(test_item)
+    return basic_execute_transaction_request_ddb(test_item)
+
+
+def test_WHEN_execute_transaction_THEN_raises_DynamoDbEncryptionTransformsException():
+    """Test that execute_transaction raises DynamoDbEncryptionTransformsException."""
+    # Given: Encrypted client and update item parameters
+    # Then: DynamoDbEncryptionTransformsException is raised
+    with pytest.raises(DynamoDbEncryptionTransformsException):
+        # When: Calling update_item
+        encrypted_client(expect_standard_dictionaries=False).execute_transaction(
+            TransactStatements=[
+                {
+                    "Statement": "SELECT * FROM " + INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME,
+                    "Parameters": [],
+                }
+            ],
+        )
+
+
+@pytest.fixture
+def batch_execute_statement_request(expect_standard_dictionaries, test_item):
+    if expect_standard_dictionaries:
+        return basic_batch_execute_statement_request_dict(test_item)
+    return basic_batch_execute_statement_request_ddb(test_item)
+
+
+def test_WHEN_batch_execute_statement_THEN_raises_DynamoDbEncryptionTransformsException():
+    """Test that batch_execute_statement raises DynamoDbEncryptionTransformsException."""
+    # Given: Encrypted client and update item parameters
+    # Then: DynamoDbEncryptionTransformsException is raised
+    with pytest.raises(DynamoDbEncryptionTransformsException):
+        # When: Calling update_item
+        encrypted_client(expect_standard_dictionaries=False).batch_execute_statement(
+            Statements=[
+                {
+                    "Statement": "SELECT * FROM " + INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME,
+                    "Parameters": [],
+                }
+            ],
+        )
 
 
 def test_WHEN_get_paginator_THEN_correct_paginator_is_returned():
diff --git a/Examples/runtimes/python/DynamoDBEncryption/src/basic_put_get_example/with_encrypted_client.py b/Examples/runtimes/python/DynamoDBEncryption/src/basic_put_get_example/with_encrypted_client.py
@@ -149,3 +149,12 @@ def encrypted_client_put_get_example(
     # Demonstrate that GetItem succeeded and returned the decrypted item
     assert get_item_response["ResponseMetadata"]["HTTPStatusCode"] == 200
     assert get_item_response["Item"] == item_to_encrypt
+
+    # 8. Clean up the item we put into the table by deleting it.
+    delete_item_request = {"TableName": dynamodb_table_name, "Key": key_to_get}
+    delete_item_response = encrypted_client.delete_item(**delete_item_request)
+
+    # Demonstrate that DeleteItem succeeded
+    assert delete_item_response["ResponseMetadata"]["HTTPStatusCode"] == 200
+    get_item_response = encrypted_client.get_item(**get_item_request)
+    assert "Item" not in get_item_response
