aws
diff --git a/‎Examples/runtimes/net/src/migration/PlaintextToAWSDBE/awsdbe/MigrationStep1Test.cs‎
Lines changed: 24 additions & 29 deletions b/‎Examples/runtimes/net/src/migration/PlaintextToAWSDBE/awsdbe/MigrationStep1Test.cs‎
Lines changed: 24 additions & 29 deletions
diff --git a/‎Examples/runtimes/net/src/migration/PlaintextToAWSDBE/awsdbe/MigrationStep2.cs‎
Lines changed: 100 additions & 108 deletions b/‎Examples/runtimes/net/src/migration/PlaintextToAWSDBE/awsdbe/MigrationStep2.cs‎
Lines changed: 100 additions & 108 deletions
@@ -38,41 +38,36 @@ public async Task TestMigrationStep1()
             string partitionKey = Guid.NewGuid().ToString();
             string[] sortKeys = { "0", "1", "2", "3" };
 
-            try
-            {
-                // Given: Step 0 has succeeded
-                bool success = await MigrationStep0.MigrationStep0Example(tableName, partitionKey, sortKeys[0], sortKeys[0]);
-                Assert.True(success, "MigrationStep0 should complete successfully");
+            // Given: Step 0 has succeeded
+            bool success = await MigrationStep0.MigrationStep0Example(tableName, partitionKey, sortKeys[0], sortKeys[0]);
+            Assert.True(success, "MigrationStep0 should complete successfully");
 
-                // Successfully executes step 1
-                success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[1]);
-                Assert.True(success, "MigrationStep1 should complete successfully");
+            // Successfully executes step 1
+            success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[1]);
+            Assert.True(success, "MigrationStep1 should complete successfully");
 
-                // When: Execute Step 1 with sortReadValue=0, Then: Success (i.e. can read plaintext values from Step 0)
-                success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[0]);
-                Assert.True(success, "MigrationStep1 should be able to read items written by Step 0");
+            // When: Execute Step 1 with sortReadValue=0, Then: Success (i.e. can read plaintext values from Step 0)
+            success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[0]);
+            Assert.True(success, "MigrationStep1 should be able to read items written by Step 0");
 
-                // Given: Step 2 has succeeded
-                success = await MigrationStep2.MigrationStep2Example(kmsKeyID, tableName, partitionKey, sortKeys[2], sortKeys[2]);
-                Assert.True(success, "MigrationStep2 should complete successfully");
+            // Given: Step 2 has succeeded
+            success = await MigrationStep2.MigrationStep2Example(kmsKeyID, tableName, partitionKey, sortKeys[2], sortKeys[2]);
+            Assert.True(success, "MigrationStep2 should complete successfully");
 
-                // When: Execute Step 1 with sortReadValue=2, Then: Success (i.e. can read encrypted values from Step 2)
-                success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[2]);
-                Assert.True(success, "MigrationStep1 should be able to read items written by Step 2");
+            // When: Execute Step 1 with sortReadValue=2, Then: Success (i.e. can read encrypted values from Step 2)
+            success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[2]);
+            Assert.True(success, "MigrationStep1 should be able to read items written by Step 2");
 
-                // Given: Step 3 has succeeded
-                success = await MigrationStep3.MigrationStep3Example(kmsKeyID, tableName, partitionKey, sortKeys[3], sortKeys[3]);
-                Assert.True(success, "MigrationStep3 should complete successfully");
+            // Given: Step 3 has succeeded
+            success = await MigrationStep3.MigrationStep3Example(kmsKeyID, tableName, partitionKey, sortKeys[3], sortKeys[3]);
+            Assert.True(success, "MigrationStep3 should complete successfully");
 
-                // When: Execute Step 1 with sortReadValue=3, Then: Success (i.e. can read encrypted values from Step 3)
-                success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[3]);
-                Assert.True(success, "MigrationStep1 should be able to read items written by Step 3");
-            }
-            finally
-            {
-                // Cleanup
-                await MigrationUtils.CleanupItems(tableName, partitionKey, sortKeys);
-            }
+            // When: Execute Step 1 with sortReadValue=3, Then: Success (i.e. can read encrypted values from Step 3)
+            success = await MigrationStep1.MigrationStep1Example(kmsKeyID, tableName, partitionKey, sortKeys[1], sortKeys[3]);
+            Assert.True(success, "MigrationStep1 should be able to read items written by Step 3");
+
+            // Cleanup
+            await MigrationUtils.CleanupItems(tableName, partitionKey, sortKeys);
         }
     }
 }
@@ -39,129 +39,121 @@ public class MigrationStep2
     {
         public static async Task<bool> MigrationStep2Example(string kmsKeyId, string ddbTableName, string partitionKeyValue, string sortKeyWriteValue, string sortKeyReadValue)
         {
-            try
-            {
-                // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data.
-                //    For this example, we will create a AWS KMS Keyring with the AWS KMS Key we want to use.
-                //    We will use the `CreateMrkMultiKeyring` method to create this keyring,
-                //    as it will correctly handle both single region and Multi-Region KMS Keys.
-                var matProv = new MaterialProviders(new MaterialProvidersConfig());
-                var keyringInput = new CreateAwsKmsMrkMultiKeyringInput { Generator = kmsKeyId };
-                var kmsKeyring = matProv.CreateAwsKmsMrkMultiKeyring(keyringInput);
-
-                // 2. Configure which attributes are encrypted and/or signed when writing new items.
-                //    For each attribute that may exist on the items we plan to write to our DynamoDbTable,
-                //    we must explicitly configure how they should be treated during item encryption:
-                //      - ENCRYPT_AND_SIGN: The attribute is encrypted and included in the signature
-                //      - SIGN_ONLY: The attribute not encrypted, but is still included in the signature
-                //      - DO_NOTHING: The attribute is not encrypted and not included in the signature
-                var attributeActionsOnEncrypt = new Dictionary<string, CryptoAction>
-                {
-                    ["partition_key"] = CryptoAction.SIGN_ONLY, // Our partition attribute must be SIGN_ONLY
-                    ["sort_key"] = CryptoAction.SIGN_ONLY, // Our sort attribute must be SIGN_ONLY
-                    ["attribute1"] = CryptoAction.ENCRYPT_AND_SIGN,
-                    ["attribute2"] = CryptoAction.SIGN_ONLY,
-                    ["attribute3"] = CryptoAction.DO_NOTHING
-                };
+            // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data.
+            //    For this example, we will create a AWS KMS Keyring with the AWS KMS Key we want to use.
+            //    We will use the `CreateMrkMultiKeyring` method to create this keyring,
+            //    as it will correctly handle both single region and Multi-Region KMS Keys.
+            var matProv = new MaterialProviders(new MaterialProvidersConfig());
+            var keyringInput = new CreateAwsKmsMrkMultiKeyringInput { Generator = kmsKeyId };
+            var kmsKeyring = matProv.CreateAwsKmsMrkMultiKeyring(keyringInput);
 
-                // 3. Configure which attributes we expect to be excluded in the signature
-                //    when reading items.
-                //    For this example, we will explicitly list the attributes that are not signed.
-                var unsignedAttributes = new List<string> { "attribute3" };
+            // 2. Configure which attributes are encrypted and/or signed when writing new items.
+            //    For each attribute that may exist on the items we plan to write to our DynamoDbTable,
+            //    we must explicitly configure how they should be treated during item encryption:
+            //      - ENCRYPT_AND_SIGN: The attribute is encrypted and included in the signature
+            //      - SIGN_ONLY: The attribute not encrypted, but is still included in the signature
+            //      - DO_NOTHING: The attribute is not encrypted and not included in the signature
+            var attributeActionsOnEncrypt = new Dictionary<string, CryptoAction>
+            {
+                ["partition_key"] = CryptoAction.SIGN_ONLY, // Our partition attribute must be SIGN_ONLY
+                ["sort_key"] = CryptoAction.SIGN_ONLY, // Our sort attribute must be SIGN_ONLY
+                ["attribute1"] = CryptoAction.ENCRYPT_AND_SIGN,
+                ["attribute2"] = CryptoAction.SIGN_ONLY,
+                ["attribute3"] = CryptoAction.DO_NOTHING
+            };
 
-                // 4. Create the DynamoDb Encryption configuration for the table we will be writing to.
-                //    This configuration uses PlaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
-                //    which means:
-                //    - Write: Items are forbidden to be written as plaintext.
-                //             Items will be written as encrypted items.
-                //    - Read: Items are allowed to be read as plaintext.
-                //            Items are allowed to be read as encrypted items.
-                var tableConfig = new DynamoDbTableEncryptionConfig
-                {
-                    LogicalTableName = ddbTableName,
-                    PartitionKeyName = "partition_key",
-                    SortKeyName = "sort_key",
-                    AttributeActionsOnEncrypt = attributeActionsOnEncrypt,
-                    Keyring = kmsKeyring,
-                    AllowedUnsignedAttributes = unsignedAttributes,
-                    PlaintextOverride = PlaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
-                };
+            // 3. Configure which attributes we expect to be excluded in the signature
+            //    when reading items.
+            //    For this example, we will explicitly list the attributes that are not signed.
+            var unsignedAttributes = new List<string> { "attribute3" };
 
-                var tableConfigs = new Dictionary<string, DynamoDbTableEncryptionConfig>
-                {
-                    [ddbTableName] = tableConfig
-                };
+            // 4. Create the DynamoDb Encryption configuration for the table we will be writing to.
+            //    This configuration uses PlaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
+            //    which means:
+            //    - Write: Items are forbidden to be written as plaintext.
+            //             Items will be written as encrypted items.
+            //    - Read: Items are allowed to be read as plaintext.
+            //            Items are allowed to be read as encrypted items.
+            var tableConfig = new DynamoDbTableEncryptionConfig
+            {
+                LogicalTableName = ddbTableName,
+                PartitionKeyName = "partition_key",
+                SortKeyName = "sort_key",
+                AttributeActionsOnEncrypt = attributeActionsOnEncrypt,
+                Keyring = kmsKeyring,
+                AllowedUnsignedAttributes = unsignedAttributes,
+                PlaintextOverride = PlaintextOverride.FORBID_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ
+            };
 
-                // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
-                var ddb = new Client.DynamoDbClient(
-                    new DynamoDbTablesEncryptionConfig { TableEncryptionConfigs = tableConfigs });
+            var tableConfigs = new Dictionary<string, DynamoDbTableEncryptionConfig>
+            {
+                [ddbTableName] = tableConfig
+            };
 
-                // 6. Put an item into our table using the above client.
-                //    This item will be encrypted due to our PlaintextOverride configuration.
-                string encryptedAndSignedValue = MigrationUtils.ENCRYPTED_AND_SIGNED_VALUE;
-                string signOnlyValue = MigrationUtils.SIGN_ONLY_VALUE;
-                string doNothingValue = MigrationUtils.DO_NOTHING_VALUE;
-                var item = new Dictionary<string, AttributeValue>
-                {
-                    ["partition_key"] = new AttributeValue { S = partitionKeyValue },
-                    ["sort_key"] = new AttributeValue { N = sortKeyWriteValue },
-                    ["attribute1"] = new AttributeValue { S = encryptedAndSignedValue },
-                    ["attribute2"] = new AttributeValue { S = signOnlyValue },
-                    ["attribute3"] = new AttributeValue { S = doNothingValue }
-                };
+            // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
+            var ddb = new Client.DynamoDbClient(
+                new DynamoDbTablesEncryptionConfig { TableEncryptionConfigs = tableConfigs });
 
-                var putRequest = new PutItemRequest
-                {
-                    TableName = ddbTableName,
-                    Item = item
-                };
+            // 6. Put an item into our table using the above client.
+            //    This item will be encrypted due to our PlaintextOverride configuration.
+            string encryptedAndSignedValue = MigrationUtils.ENCRYPTED_AND_SIGNED_VALUE;
+            string signOnlyValue = MigrationUtils.SIGN_ONLY_VALUE;
+            string doNothingValue = MigrationUtils.DO_NOTHING_VALUE;
+            var item = new Dictionary<string, AttributeValue>
+            {
+                ["partition_key"] = new AttributeValue { S = partitionKeyValue },
+                ["sort_key"] = new AttributeValue { N = sortKeyWriteValue },
+                ["attribute1"] = new AttributeValue { S = encryptedAndSignedValue },
+                ["attribute2"] = new AttributeValue { S = signOnlyValue },
+                ["attribute3"] = new AttributeValue { S = doNothingValue }
+            };
 
-                var putResponse = await ddb.PutItemAsync(putRequest);
-                Debug.Assert(putResponse.HttpStatusCode == HttpStatusCode.OK);
+            var putRequest = new PutItemRequest
+            {
+                TableName = ddbTableName,
+                Item = item
+            };
 
-                // 7. Get an item back from the table using the same client.
-                //    If this is an item written in plaintext (i.e. any item written
-                //    during Step 0 or 1), then the item will still be in plaintext.
-                //    If this is an item that was encrypted client-side (i.e. any item written
-                //    during Step 2 or after), then the item will be decrypted client-side
-                //    and surfaced as a plaintext item.
-                var key = new Dictionary<string, AttributeValue>
-                {
-                    ["partition_key"] = new AttributeValue { S = partitionKeyValue },
-                    ["sort_key"] = new AttributeValue { N = sortKeyReadValue }
-                };
+            var putResponse = await ddb.PutItemAsync(putRequest);
+            Debug.Assert(putResponse.HttpStatusCode == HttpStatusCode.OK);
 
-                var getRequest = new GetItemRequest
-                {
-                    TableName = ddbTableName,
-                    Key = key,
-                    // In this example we configure a strongly consistent read
-                    // because we perform a read immediately after a write (for demonstrative purposes).
-                    // By default, reads are only eventually consistent.
-                    ConsistentRead = true
-                };
+            // 7. Get an item back from the table using the same client.
+            //    If this is an item written in plaintext (i.e. any item written
+            //    during Step 0 or 1), then the item will still be in plaintext.
+            //    If this is an item that was encrypted client-side (i.e. any item written
+            //    during Step 2 or after), then the item will be decrypted client-side
+            //    and surfaced as a plaintext item.
+            var key = new Dictionary<string, AttributeValue>
+            {
+                ["partition_key"] = new AttributeValue { S = partitionKeyValue },
+                ["sort_key"] = new AttributeValue { N = sortKeyReadValue }
+            };
 
-                var getResponse = await ddb.GetItemAsync(getRequest);
-                Debug.Assert(getResponse.HttpStatusCode == HttpStatusCode.OK);
+            var getRequest = new GetItemRequest
+            {
+                TableName = ddbTableName,
+                Key = key,
+                // In this example we configure a strongly consistent read
+                // because we perform a read immediately after a write (for demonstrative purposes).
+                // By default, reads are only eventually consistent.
+                ConsistentRead = true
+            };
 
-                // 8. Verify we get the expected item back
-                if (getResponse.Item == null)
-                {
-                    throw new Exception("No item found");
-                }
+            var getResponse = await ddb.GetItemAsync(getRequest);
+            Debug.Assert(getResponse.HttpStatusCode == HttpStatusCode.OK);
 
-                bool success = MigrationUtils.VerifyReturnedItem(getResponse, partitionKeyValue, sortKeyReadValue);
-                if (success)
-                {
-                    Console.WriteLine("MigrationStep2 completed successfully");
-                }
-                return success;
+            // 8. Verify we get the expected item back
+            if (getResponse.Item == null)
+            {
+                throw new Exception("No item found");
             }
-            catch (Exception e)
+
+            bool success = MigrationUtils.VerifyReturnedItem(getResponse, partitionKeyValue, sortKeyReadValue);
+            if (success)
             {
-                Console.WriteLine($"Error in MigrationStep2: {e.Message}");
-                throw;
+                Console.WriteLine("MigrationStep2 completed successfully");
             }
+            return success;
         }
     }
 }