m

Author: lucasmcdonald3

.gitignore

@@ -18,4 +18,9 @@ specification_compliance_report.html
 /.smithy.lsp.log
 
 # logs 
-*.log
+*.log
+
+# Performance testing artifacts
+*.png
+*.dot
+*.prof

DynamoDbEncryption/runtimes/python/src/aws_database_encryption_sdk/encryptor/table.py

@@ -165,9 +165,9 @@ def convert_conditions_to_client_expression(condition, expression_attribute_name
     """
 
     # from boto3.dynamodb.conditions import ConditionExpressionBuilder
-    from aws_database_encryption_sdk.internal.condition_expression_builder import ConditionExpressionBuilder
+    from aws_database_encryption_sdk.internal.condition_expression_builder import InternalDBESDKDynamoDBConditionExpressionBuilder
 
-    a = ConditionExpressionBuilder()
+    a = InternalDBESDKDynamoDBConditionExpressionBuilder()
     out = a.build_expression(condition, expression_attribute_names, expression_attribute_values)
     print(f'our {out=}')
     return out
@@ -313,45 +313,42 @@ def process_condition(condition):
 
 def convert_client_expression_to_conditions(expression):
     """
-    Converts a DynamoDB client-compatible expression into a Key or Attr condition.
+    Crypto Tools internal method to convert a DynamoDB filter/key expression to boto3 Resource tokens.
+    DO NOT USE FOR ANY OTHER PURPOSE.
+    This is a basic implementation for simple expressions that will fail with complex expressions.
     
-    :param expression: A string of the DynamoDB client expression (e.g., "AttrName = :val").
-    :param expression_values: A dictionary of attribute values (e.g., {":val": {"N": "0"}}).
-    :param expression_names: A dictionary of attribute names, if placeholders are used (e.g., {"#attr": "AttrName"}).
-    :return: A boto3.dynamodb.conditions object (Key, Attr, or a combination of them).
-    """
+    To extend this to support one or a few complex expressions, consider extending the existing logic.
+    To extend this to support all expressions, consider implementing and extending the code below:
 
+    ```
     from aws_database_encryption_sdk.internaldafny.generated.DynamoDBFilterExpr import default__ as filter_expr
     import _dafny
     from smithy_dafny_standard_library.internaldafny.generated import Wrappers
 
-
-
     dafny_expr_token = filter_expr.ParseExpr(
         _dafny.Seq(
             expression
         ),
     )
-
-
-
-    # print(f"{dafny_expr_token.Elements=}")
-    # print(f"{dafny_expr_token.Elements[0].__dict__=}")
-
-    # dafny_expr = filter_expr.ExtractAttributes(
-    #     _dafny.Seq(
-    #         expression
-    #     ),
-    #     Wrappers.Option_Some(_dafny.Map())
-    # )
-
-    # print(f"{dafny_expr.Elements=}")
-    # print(f"{dafny_expr.Elements[0].__dict__=}")
-
-    # def parse_dafny_tokens(dafny_tokens):
-    #     for 
-
-
+    ```
+
+    This library's generated internal Dafny code has a DynamoDB string parser.
+    This will parse a _dafny.Seq and produce Dafny tokens for the expression.
+    Implementing this will involve
+        1. Mapping Dafny tokens to boto3 Resource tokens.
+            (e.g. class Token_Between -> boto3.dynamodb.conditions.Between)
+        2. Converting Dafny token grammar to boto3 Resource token grammar.
+            (e.g.
+                Dafny: [Token_Between, Token_Open, Token_Attr, Token_And, Token_Attr, Token_Close]
+                ->
+                boto3: [Between(Attr, Attr)]
+            )
+    
+    :param expression: A string of the DynamoDB client expression (e.g., "AttrName = :val").
+    :param expression_values: A dictionary of attribute values (e.g., {":val": {"N": "0"}}).
+    :param expression_names: A dictionary of attribute names, if placeholders are used (e.g., {"#attr": "AttrName"}).
+    :return: A boto3.dynamodb.conditions object (Key, Attr, or a combination of them).
+    """
 
     # Recursive parser for complex expressions
     def parse_expression(expr_tokens):
@@ -380,7 +377,7 @@ def parse_expression(expr_tokens):
             value = expr_tokens[3]
             return Attr(attr_name).contains(value)
 
-        # simple contains
+        # simple begins_with
         elif "BEGINS_WITH" == expr_tokens[0].upper():
             attr_name = expr_tokens[2]
             if attr_name[-1] == ",":
@@ -390,14 +387,8 @@ def parse_expression(expr_tokens):
 
         # Base case: Single comparison or condition
         if "AND" not in [t.upper() for t in expr_tokens] and "OR" not in [t.upper() for t in expr_tokens]:
-            # # BETWEEN operator
-            # if "BETWEEN" in [t.upper() for t in expr_tokens]:
-            #     attr_name = expr_tokens[0]
-            #     value1 = expr_tokens[2]
-            #     value2 = expr_tokens[4]
-            #     return Key(attr_name).between(value1, value2)
-
-            # Simple comparison
+
+            # simple comparison
             attr_name = expr_tokens[0]
             operator = expr_tokens[1].upper()
             value = expr_tokens[2]
@@ -415,12 +406,6 @@ def parse_expression(expr_tokens):
                 return Key(attr_name).gte(value)
             elif operator in ("!=", "<>"):
                 return Attr(attr_name).ne(value)
-            elif operator == "CONTAINS":
-                return Attr(attr_name).contains(value)
-            elif operator == "BEGINS_WITH":
-                return Key(attr_name).begins_with(value)
-            elif operator == "BEGINS_WITH":
-                return Key(attr_name).begins_with(value)
             else:
                 raise ValueError(f"Unsupported operator: {operator}")
 

DynamoDbEncryption/runtimes/python/src/aws_database_encryption_sdk/internal/condition_expression_builder.py

@@ -1,214 +1,98 @@
-# Copyright 2015 Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"). You
-# may not use this file except in compliance with the License. A copy of
-# the License is located at
-#
-# https://aws.amazon.com/apache2.0/
-#
-# or in the "license" file accompanying this file. This file is
-# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
-# ANY KIND, either express or implied. See the License for the specific
-# language governing permissions and limitations under the License.
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
 import re
 from collections import namedtuple
 
 from boto3.exceptions import (
     DynamoDBNeedsConditionError,
-    DynamoDBNeedsKeyConditionError,
-    DynamoDBOperationNotSupportedError,
 )
 from boto3.dynamodb.conditions import (
     ConditionBase,
     BuiltConditionExpression,
     AttributeBase,
-    Key,
-    Contains,
-    BeginsWith,
 )
-from aws_database_encryption_sdk.transform import dict_to_ddb
 
-ATTR_NAME_REGEX = re.compile(r'[^.\[\]]+(?![^\[]*\])')
 
-class ConditionExpressionBuilder:
-    """This class is used to build condition expressions with placeholders"""
+class InternalDBESDKDynamoDBConditionExpressionBuilder:
+    """
+    This internal class is used to transform boto3 DyamoDB conditions from
+        Python classes to DynamoDB ConditionExpressions
+        for use by internal DBESDK DyanmoDB operation transformers.
 
-    def __init__(self):
-        self._name_count = 0
-        self._value_count = 0
-        self._name_placeholder = 'n'
-        self._value_placeholder = 'v'
-
-    def _get_name_placeholder(self):
-        return '#' + self._name_placeholder + str(self._name_count)
-
-    def _get_value_placeholder(self):
-        return ':' + self._value_placeholder + str(self._value_count)
-
-    def reset(self):
-        """Resets the placeholder name and values"""
-        self._name_count = 0
-        self._value_count = 0
+    This class is a modified version of boto3's ConditionExpressionBuilder:
+    https://github.com/boto/boto3/blob/c5c634b53be589d6e913e6dca51ad8d6480f58c7/boto3/dynamodb/conditions.py#L304
+    The original class is intended to interface from boto3 Table resources to boto3 clients,
+        and has logic to replace attribute names and values with placeholders.
+    This class is intended to interface from boto3 Table resources to internal DBESDK DyanmoDB operation transformers,
+        which does not expect inserted placeholders.
+    The placeholder insertion logic has been removed from this class along with its supporting logic,
+        but this class maintains boto3's recursive ConditionExpression traversal logic.
+    """
 
     def build_expression(
         self,
         condition,
         expression_attribute_names,
         expression_attribute_values,
-        is_key_condition=False
     ):
-        """Builds the condition expression and the dictionary of placeholders.
+        """Builds the condition expression.
 
         :type condition: ConditionBase
-        :param condition: A condition to be built into a condition expression
-            string with any necessary placeholders.
-
-        :type is_key_condition: Boolean
-        :param is_key_condition: True if the expression is for a
-            KeyConditionExpression. False otherwise.
+        :param condition: A condition to be built into a condition expression string.
 
         :rtype: (string, dict, dict)
-        :returns: Will return a string representing the condition with
-            placeholders inserted where necessary, a dictionary of
-            placeholders for attribute names, and a dictionary of
-            placeholders for attribute values. Here is a sample return value:
-
-            ('#n0 = :v0', {'#n0': 'myattribute'}, {':v1': 'myvalue'})
+        :returns: Will return a string representing the condition expression,
+            the original dictionary of attribute names,
+            and the original dictionary of attribute values.
         """
         if not isinstance(condition, ConditionBase):
             raise DynamoDBNeedsConditionError(condition)
-        attribute_name_placeholders = expression_attribute_names
-        attribute_value_placeholders = expression_attribute_values
-        condition_expression = self._build_expression(
-            condition,
-            attribute_name_placeholders,
-            attribute_value_placeholders,
-            is_key_condition=is_key_condition,
-        )
+        condition_expression = self._build_expression(condition)
         return BuiltConditionExpression(
             condition_expression=condition_expression,
-            attribute_name_placeholders=attribute_name_placeholders,
-            attribute_value_placeholders=attribute_value_placeholders,
+            # BuiltConditionExpression uses "placeholders" nomenclature;
+            # this is an artifact of the original boto3 ConditionExpressionBuilder.
+            # This class neither creates placeholders, nor even uses the provided name/values dicts.
+            # They are only here as required arguments for the BuiltConditionExpression class.
+            attribute_name_placeholders=expression_attribute_names,
+            attribute_value_placeholders=expression_attribute_values,
         )
 
     def _build_expression(
         self,
         condition,
-        attribute_name_placeholders,
-        attribute_value_placeholders,
-        is_key_condition,
     ):
         expression_dict = condition.get_expression()
         replaced_values = []
         for value in expression_dict['values']:
-            # Build the necessary placeholders for that value.
-            # Placeholders are built for both attribute names and values.
-            replaced_value = self._build_expression_component(
-                value,
-                attribute_name_placeholders,
-                attribute_value_placeholders,
-                condition,
-                is_key_condition,
-            )
+            # Recurse for each value in the expression.
+            replaced_value = self._build_expression_component(condition, value)
             replaced_values.append(replaced_value)
-        # Fill out the expression using the operator and the
-        # values that have been replaced with placeholders.
+        # Fill out the expression using the operator and its recursive expressions.
         return expression_dict['format'].format(
             *replaced_values, operator=expression_dict['operator']
         )
 
     def _build_expression_component(
         self,
-        value,
-        attribute_name_placeholders,
-        attribute_value_placeholders,
         condition,
-        is_key_condition,
+        value,
     ):
-        has_grouped_values = condition.has_grouped_values
         # Continue to recurse if the value is a ConditionBase in order
         # to extract out all parts of the expression.
         if isinstance(value, ConditionBase):
             return self._build_expression(
                 value,
-                attribute_name_placeholders,
-                attribute_value_placeholders,
-                is_key_condition,
             )
         # If it is not a ConditionBase, we can recurse no further.
-        # So we check if it is an attribute and add placeholders for
-        # its name
+        # If it's an attribute, insert its name.
         elif isinstance(value, AttributeBase):
-            if is_key_condition and not isinstance(value, Key):
-                raise DynamoDBNeedsKeyConditionError(
-                    f'Attribute object {value.name} is of type {type(value)}. '
-                    f'KeyConditionExpression only supports Attribute objects '
-                    f'of type Key'
-                )
-            # contains expressions can have attribute values where the rest of this class expects an attribute name
-            if isinstance(condition, Contains) or isinstance(condition, BeginsWith):
-                return value.name
-            return self._build_name_placeholder(
-                value, attribute_name_placeholders
-            )
-        # If it is anything else, we treat it as a value and thus placeholders
-        # are needed for the value.
-        else:
-            if isinstance(condition, Contains) or isinstance(condition, BeginsWith):
-                return value
-            return self._build_value_placeholder(
-                value, attribute_value_placeholders, has_grouped_values
-            )
-
-    def _build_name_placeholder(self, value, attribute_name_placeholders):
-        return value.name
-        attribute_name = value.name
-        # Figure out which parts of the attribute name that needs replacement.
-        attribute_name_parts = ATTR_NAME_REGEX.findall(attribute_name)
-
-        # Add a temporary placeholder for each of these parts.
-        placeholder_format = ATTR_NAME_REGEX.sub('%s', attribute_name)
-        str_format_args = []
-        for part in attribute_name_parts:
-            if part[0] == "#":
-                str_format_args.append(part)
-            else:
-                name_placeholder = self._get_name_placeholder()
-                self._name_count += 1
-                str_format_args.append(name_placeholder)
-                # Add the placeholder and value to dictionary of name placeholders.
-                attribute_name_placeholders[name_placeholder] = part
-        # Replace the temporary placeholders with the designated placeholders.
-        return placeholder_format % tuple(str_format_args)
-
-    def _build_value_placeholder(
-        self, value, attribute_value_placeholders, has_grouped_values=False
-    ):
-        return value
-        # If the values are grouped, we need to add a placeholder for
-        # each element inside of the actual value.
-        if has_grouped_values:
-            placeholder_list = []
-            for v in value:
-                if v[0] != ":":
-                    value_placeholder = self._get_value_placeholder()
-                    self._value_count += 1
-                    placeholder_list.append(value_placeholder)
-                    attribute_value_placeholders[value_placeholder] = list(dict_to_ddb({value_placeholder: v}).values())[0]
-                else:
-                    placeholder_list.append(v)
-            # Assuming the values are grouped by parenthesis.
-            # IN is the currently the only one that uses this so it maybe
-            # needed to be changed in future.
-            return '(' + ', '.join(placeholder_list) + ')'
-        # Otherwise, treat the value as a single value that needs only
-        # one placeholder.
+            return value.name
+        # If it is anything else, we treat it as a value.
         else:
-            if value[0] != ":":
-                value_placeholder = self._get_value_placeholder()
-                self._value_count += 1
-                # Store DDB JSON
-                attribute_value_placeholders[value_placeholder] = list(dict_to_ddb({value_placeholder: value}).values())[0]
-                return value_placeholder
-            else:
-                return value
+            if condition.has_grouped_values:
+                # Assuming the values are grouped by parenthesis.
+                # IN is the currently the only one that uses this so it maybe
+                # needed to be changed in future.
+                return '(' + ', '.join(value) + ')'
+            return value

TestVectors/runtimes/python/WriteTests1.json

@@ -1 +1 @@
-[{"Four":{"B":"AAD7KnQVcxeoznB8Uajn1/ci"},"Eight":{"B":"AQFyJkK+IlXwCh5HjKgcxD4IrU/5LrgoEHGlPHEW+FoOUy2itIvoz3sWHQ6P"},"aws_dbe_foot":{"B":"FP0wSCe43V/IQSF1QnjoKb7BZ+1mtMMgjw9WU8Mr85Cvci1ILlmE+0M9W1uTYlKaMGUCMQCOOxPNukDxJOrEmVTc+A8LS6VwgeuHs6j1G40av6Da6yhZp537pJ7szQDJT2Qwm2sCMALSYxpS0DelfE+EcIKHYC1u1IAP39jpm0Gpdg27xA9VVrNI3wMEGeNBpsHT9Sc0cw=="},"Five":{"B":"AARZvtbqCnxPCuSprYQAkvEc2w=="},"Nine":{"NS":["1.2","5.6","3.4"]},"aws_dbe_head":{"B":"AQGkiu+2MSydagmI8ev7R/TB4pQelSyJqkfeaj+NWNSDZgALZXNlZWVlc2VlZXMAAQAVYXdzLWNyeXB0by1wdWJsaWMta2V5AERBOUdxSmVKcFVGYkIwZFFNdTBia21va2hOYVFpZDZHNHE3d0JJVmkzREtuQWhHcUdpSHhiekw0eGNSWlE0dng0SEE9PQEAEWF3cy1rbXMtaGllcmFyY2h5ACRiZDM4NDJmZi0zMDc2LTQwOTItOTkxOC00Mzk1NzMwMDUwYjgAjGp4FJg4vlOWI56XAVh1dBUD15kNku5p2hi9vUfyuKaoIS1Dsjp4FNBopOWUgzQUmnEtudRJ1sITyMTE5hvM+C563lmLhlElIry0Gjvpzhij7bVCcp+GHKy3mX/2DDjRtTsoSUj12cHjX6L0AGByYna0mi+r/Oaqplsnqwwa9GAOVGDfbYwQknuDGQVDFV0MPRjq+xQSaTy5dk3kTKE4nsBju/2I6fmr0WWICdo="},"One":{"B":"AAEDqol3IBdhozgzrIwL21DGO2KhfNNOYPlB"},"Two":{"B":"AAKoVoKAsb1K/szCoYnh9C8ymAc="},"Three":{"B":"//8T1YauYR83OvCff6vkgz4vp+oqREBHgdgZGSHfjmjQWAKT"},"Ten":{"B":"Af+Pt42+cJvN2mV57lSYA1aY0WeaaLswO3k="},"Six":{"L":[{"S":"one"},{"S":"two"},{"S":"three"},{"L":[{"N":"1"},{"N":"2"},{"N":"3"},{"N":"4"}]}]},"Seven":{"B":"AgD+307HeS+GON5z56zJY/d5CAkn28Jb8Y6aYKK3tCkfpIQGMH1CKqLMeuQx5s+EhZtQxrxkcxSs5hi/TrLORaeqnE9sQ9tYStzY7mUVAm3CC7XdEI9XQl42RdXnuPm6PV6Tyui5lYz4Wl7OrmGouCfDbb3Rxg=="},"RecNum":{"N":"1"}}]
+[{"Seven":{"B":"AgDuPox5uciWu4KcxjOWH70WuPi1LmfrjDbRvB4JBltWNlQ+ZMwZNFFuygTKKFJcvJKzf8xkYwmyL4KB9t66k0t9/b4oIueKwWt4S3cJp7n0j9J7Ex151mzVORORHfZccrp1VE2wqekmx6wNGoKWbpAfsNKdog=="},"Nine":{"NS":["1.2","5.6","3.4"]},"Two":{"B":"AALTo//JqYFGzpXZjLi9/boI/Iw="},"aws_dbe_foot":{"B":"Ky6G1rZTgPqEm5G+KvQ7ASphPT9qDkeX0v3joJ8XNXDwoIqJ86PAO/NbxMzIiiAgMGUCMQDIJFHG/axnN9AvP6PKDWOabV6DAyToFo+iEMy0eCzGG9J72CdC4EfFP1cRl1785xgCMEsNFyTZTaxa/sjiVhIvmZV5Uhupk2/isaJen2RAbWW/ZETmVitchMQaxmTYogCsiQ=="},"Eight":{"B":"AQHUy33vIXcZCyGkrTRCUiwpMUaKaAPu0TGtTJ5mxTNyovy+emH3Df2r53N3"},"Five":{"B":"AASj4Votzqpoab3+8JBwzAnq4Q=="},"Ten":{"B":"Af8O9PgVy7IDD3EHbOSFVrnJNW+ynXqVUrE="},"Four":{"B":"AAC7GjM4xcx8rJnuNmF6L5lJ"},"RecNum":{"N":"1"},"aws_dbe_head":{"B":"AQEOAkZTb1Zn17gyi9iADAhIIUEhb210InRhHgFqKd4tXwALZXNlZWVlc2VlZXMAAQAVYXdzLWNyeXB0by1wdWJsaWMta2V5AERBNXpsSmJxRlE5NExMTlJIbWVJSjNJZGtlVTZrQlg0S3BWRS9JcHg4UDdVK01aMTMyTlA1ZGdkSWFEN1p3djVJRFE9PQEAEWF3cy1rbXMtaGllcmFyY2h5ACRiZDM4NDJmZi0zMDc2LTQwOTItOTkxOC00Mzk1NzMwMDUwYjgAjI8A2kl2IAJaI9dcE9W4vXkEmhrs/WDnLQEmZSw02vW7F6TdRFPPYNZb9Ks63Qlxpmtpv/LDjoRTKs3BhqbuOlSHnrTzvbJbeVK2lJDpzhij7bVCcp+GHKy3mX/2WsVWKfS8KjN11RkGbggimnxHSPt9mqOCNN35646sNkQRlSH8eWaFsFSuFcKhtk0jewuo5Q7QaLshZdZ1o1cBFWblFvEDjz9CFrEgwFS/u5c="},"One":{"B":"AAFBaG04EadjwvMrd3MnQG2d0zWAZyN52OrV"},"Six":{"L":[{"S":"one"},{"S":"two"},{"S":"three"},{"L":[{"N":"1"},{"N":"2"},{"N":"3"},{"N":"4"}]}]},"Three":{"B":"//+HOWAVE8dd3spet/L8LQIKOyxbaA3pxGyV5yzBS+RXzEhg"}}]