m

Author: ajewellamz

DynamoDbEncryption/runtimes/rust/src/bin/example/basic_get_put_example.rs

@@ -2,51 +2,50 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::test_utils;
+use db_esdk::aws_cryptography_keyStore::client as keystore_client;
 use db_esdk::aws_cryptography_keyStore::types::key_store_config::KeyStoreConfig;
 use db_esdk::aws_cryptography_keyStore::types::KmsConfiguration;
-use db_esdk::aws_cryptography_keyStore::client as keystore_client;
 
 /*
-  The Hierarchical Keyring Example and Searchable Encryption Examples
-  rely on the existence of a DDB-backed key store with pre-existing
-  branch key material or beacon key material.
-
-  See the "Create KeyStore Table Example" for how to first set up
-  the DDB Table that will back this KeyStore.
-
-  This example demonstrates configuring a KeyStore and then
-  using a helper method to create a branch key and beacon key
-  that share the same Id, then return that Id.
-  We will always create a new beacon key alongside a new branch key,
-  even if you are not using searchable encryption.
-
-  This key creation should occur within your control plane.
- */
-    pub async fn keystore_create_key() -> String
-    {
-      let key_store_table_name = test_utils::TEST_KEYSTORE_NAME;
-      let logical_key_store_name = test_utils::TEST_LOGICAL_KEYSTORE_NAME;
-      let kms_key_arn = test_utils::TEST_KEYSTORE_KMS_KEY_ID;
-
-      // 1. Configure your KeyStore resource.
-      //    This SHOULD be the same configuration that was used to create the DDB table
-      //    in the "Create KeyStore Table Example".
-      let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
-      let key_store_config = KeyStoreConfig::builder()
-          .kms_client(aws_sdk_kms::Client::new(&sdk_config))
-          .ddb_client(aws_sdk_dynamodb::Client::new(&sdk_config))
-          .ddb_table_name(key_store_table_name)
-          .logical_key_store_name(logical_key_store_name)
-          .kms_configuration(KmsConfiguration::KmsKeyArn(kms_key_arn.to_string()))
-          .build()
-          .unwrap();
-        
-        let keystore = keystore_client::Client::from_conf(key_store_config).unwrap();
-
-      // 2. Create a new branch key and beacon key in our KeyStore.
-      //    Both the branch key and the beacon key will share an Id.
-      //    This creation is eventually consistent.
-
-      let new_key = keystore.create_key().send().await.unwrap();
-      return new_key.branch_key_identifier.unwrap();
-  }
+ The Hierarchical Keyring Example and Searchable Encryption Examples
+ rely on the existence of a DDB-backed key store with pre-existing
+ branch key material or beacon key material.
+
+ See the "Create KeyStore Table Example" for how to first set up
+ the DDB Table that will back this KeyStore.
+
+ This example demonstrates configuring a KeyStore and then
+ using a helper method to create a branch key and beacon key
+ that share the same Id, then return that Id.
+ We will always create a new beacon key alongside a new branch key,
+ even if you are not using searchable encryption.
+
+ This key creation should occur within your control plane.
+*/
+pub async fn keystore_create_key() -> String {
+    let key_store_table_name = test_utils::TEST_KEYSTORE_NAME;
+    let logical_key_store_name = test_utils::TEST_LOGICAL_KEYSTORE_NAME;
+    let kms_key_arn = test_utils::TEST_KEYSTORE_KMS_KEY_ID;
+
+    // 1. Configure your KeyStore resource.
+    //    This SHOULD be the same configuration that was used to create the DDB table
+    //    in the "Create KeyStore Table Example".
+    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
+    let key_store_config = KeyStoreConfig::builder()
+        .kms_client(aws_sdk_kms::Client::new(&sdk_config))
+        .ddb_client(aws_sdk_dynamodb::Client::new(&sdk_config))
+        .ddb_table_name(key_store_table_name)
+        .logical_key_store_name(logical_key_store_name)
+        .kms_configuration(KmsConfiguration::KmsKeyArn(kms_key_arn.to_string()))
+        .build()
+        .unwrap();
+
+    let keystore = keystore_client::Client::from_conf(key_store_config).unwrap();
+
+    // 2. Create a new branch key and beacon key in our KeyStore.
+    //    Both the branch key and the beacon key will share an Id.
+    //    This creation is eventually consistent.
+
+    let new_key = keystore.create_key().send().await.unwrap();
+    new_key.branch_key_identifier.unwrap()
+}

DynamoDbEncryption/runtimes/rust/src/bin/example/create_keystore_key.rs

@@ -2,52 +2,64 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use crate::test_utils;
+use aws_sdk_dynamodb::types::AttributeValue;
 use db_esdk::aws_cryptography_dbEncryptionSdk_dynamoDb::client as dbesdk_client;
 use db_esdk::aws_cryptography_dbEncryptionSdk_dynamoDb::types::dynamo_db_encryption_config::DynamoDbEncryptionConfig;
-use std::collections::HashMap;
-use aws_sdk_dynamodb::types::AttributeValue;
 use db_esdk::aws_cryptography_dbEncryptionSdk_dynamoDb::types::GetEncryptedDataKeyDescriptionUnion;
+use std::collections::HashMap;
+
+pub async fn get_encrypted_data_key_description() {
+    let kms_key_id = test_utils::TEST_KMS_KEY_ID;
+    let ddb_table_name = test_utils::TEST_DDB_TABLE_NAME;
+    let config = DynamoDbEncryptionConfig::builder().build().unwrap();
+    let ddb_enc = dbesdk_client::Client::from_conf(config).unwrap();
+
+    // 1. Define keys that will be used to retrieve item from the DynamoDB table.
+    let key_to_get = HashMap::from([
+        (
+            "partition_key".to_string(),
+            AttributeValue::S("BasicPutGetExample".to_string()),
+        ),
+        ("sort_key".to_string(), AttributeValue::N("0".to_string())),
+    ]);
+
+    // 2. Create a Amazon DynamoDB Client and retrieve item from DynamoDB table
+    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
+    let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
+    let get_item_response = ddb
+        .get_item()
+        .set_key(Some(key_to_get))
+        .table_name(ddb_table_name)
+        .send()
+        .await
+        .unwrap();
 
-pub async fn  get_encrypted_data_key_description()
-    {
-        let kms_key_id = test_utils::TEST_KMS_KEY_ID;
-        let ddb_table_name = test_utils::TEST_DDB_TABLE_NAME;
-        let config = DynamoDbEncryptionConfig::builder().build().unwrap();
-        let ddb_enc = dbesdk_client::Client::from_conf(config).unwrap();
-
-        // 1. Define keys that will be used to retrieve item from the DynamoDB table.
-        let key_to_get = HashMap::from([
-          ("partition_key".to_string(), AttributeValue::S("BasicPutGetExample".to_string())),
-          ("sort_key".to_string(), AttributeValue::N("0".to_string())),
-        ]);
-
-
-        // 2. Create a Amazon DynamoDB Client and retrieve item from DynamoDB table
-        let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
-        let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
-        let get_item_response = ddb.get_item()
-          .set_key(Some(key_to_get))
-          .table_name(ddb_table_name)
-          .send().await.unwrap();
-
-
-        // 3. Extract the item from the dynamoDB table and prepare input for the GetEncryptedDataKeyDescription method.
-        // Here, we are sending dynamodb item but you can also input the header itself by extracting the header from 
-        // "aws_dbe_head" attribute in the dynamoDB item. The part of the code where we send input as the header is commented.
-        let returned_item = get_item_response.item.unwrap();
-        let input_union = GetEncryptedDataKeyDescriptionUnion::Item(returned_item);
-        let output = ddb_enc.get_encrypted_data_key_description()
+    // 3. Extract the item from the dynamoDB table and prepare input for the GetEncryptedDataKeyDescription method.
+    // Here, we are sending dynamodb item but you can also input the header itself by extracting the header from
+    // "aws_dbe_head" attribute in the dynamoDB item. The part of the code where we send input as the header is commented.
+    let returned_item = get_item_response.item.unwrap();
+    let input_union = GetEncryptedDataKeyDescriptionUnion::Item(returned_item);
+    let output = ddb_enc
+        .get_encrypted_data_key_description()
         .input(input_union)
-        .send().await.unwrap();
+        .send()
+        .await
+        .unwrap();
 
-        // The code below shows how we can send header as the input to the DynamoDB. This code is written to demo the 
-        // alternative approach. So, it is commented.
-        // let input_union = GetEncryptedDataKeyDescriptionUnion::Header(returned_item["aws_dbe_head"].as_b().unwrap().clone());
+    // The code below shows how we can send header as the input to the DynamoDB. This code is written to demo the
+    // alternative approach. So, it is commented.
+    // let input_union = GetEncryptedDataKeyDescriptionUnion::Header(returned_item["aws_dbe_head"].as_b().unwrap().clone());
 
-        // 4. Get encrypted DataKey Descriptions from GetEncryptedDataKeyDescription method output and assert if its true.
-        let encrypted_data_key_descriptions = output.encrypted_data_key_description_output.unwrap();
-        assert_eq!(encrypted_data_key_descriptions[0].key_provider_id, Some("aws-kms".to_string()));
-        assert_eq!(encrypted_data_key_descriptions[0].key_provider_info, Some(kms_key_id.to_string()));
+    // 4. Get encrypted DataKey Descriptions from GetEncryptedDataKeyDescription method output and assert if its true.
+    let encrypted_data_key_descriptions = output.encrypted_data_key_description_output.unwrap();
+    assert_eq!(
+        encrypted_data_key_descriptions[0].key_provider_id,
+        Some("aws-kms".to_string())
+    );
+    assert_eq!(
+        encrypted_data_key_descriptions[0].key_provider_info,
+        Some(kms_key_id.to_string())
+    );
 
-        println!("get_encrypted_data_key_description successful.");
-      }
+    println!("get_encrypted_data_key_description successful.");
+}