Skip to content

Commit d66ddcf

Browse files
author
Lucas McDonald
committed
m
1 parent fdda54b commit d66ddcf

File tree

2 files changed

+19
-35
lines changed

2 files changed

+19
-35
lines changed

DynamoDbEncryption/runtimes/python/test/integ/encrypted/test_table.py

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -34,12 +34,14 @@ def plaintext_table():
3434
table = boto3.resource("dynamodb").Table(INTEG_TEST_DEFAULT_DYNAMODB_TABLE_NAME)
3535
return table
3636

37-
37+
# Creates a matrix of tests for each value in param,
38+
# with a user-friendly string for test output:
39+
# encrypted = True -> "encrypted"
40+
# encrypted = False -> "plaintext"
3841
@pytest.fixture(params=[True, False], ids=["encrypted", "plaintext"])
3942
def encrypted(request):
4043
return request.param
4144

42-
4345
@pytest.fixture
4446
def table(encrypted):
4547
"""
@@ -52,6 +54,10 @@ def table(encrypted):
5254
return plaintext_table()
5355

5456

57+
# Creates a matrix of tests for each value in param,
58+
# with a user-friendly string for test output:
59+
# use_complex_item = True -> "complex_item"
60+
# use_complex_item = False -> "simple_item"
5561
@pytest.fixture(params=[simple_item_dict, complex_item_dict], ids=["simple_item", "complex_item"])
5662
def test_item(request):
5763
return request.param
@@ -135,24 +141,12 @@ def test_GIVEN_items_in_table_WHEN_query_THEN_items_are_decrypted_correctly(tabl
135141
assert len(query_response["Items"]) == 1
136142
assert query_response["Items"][0] == put_item_request_dict["Item"]
137143

138-
# Scans work, but the test items are not found because
139-
# DDB only returns the first 1MB of data, and the test items
140-
# are not in the first 1MB sometimes. We probably need a new table.
141-
# TODO: Add a new table for these tests, enable tests.
142-
# # When: Scanning with filter that matches only our test items
143-
# scan_response = encrypted_table.scan(**scan_request_dict)
144-
# # Then: Scan returns both test items
145-
# assert scan_response["ResponseMetadata"]["HTTPStatusCode"] == 200
146-
# assert len(scan_response["Items"]) == 2
147-
# # Check each test item is found in scan results
148-
# found_items = scan_response["Items"]
149-
# assert all(any(found_item == item for found_item in found_items) for item in items)
150-
151-
152144
@pytest.fixture
153145
def scan_request(encrypted, test_item):
154146
if encrypted:
155147
request = basic_scan_request_dict(test_item)
148+
# If the encrypted scan encounters a plaintext item, the scan will fail.
149+
# To avoid this, encrypted scans add a filter expression that matches only encrypted items.
156150
request["FilterExpression"] = request["FilterExpression"] + " AND attribute_exists (#sig)"
157151
request["ExpressionAttributeNames"] = {}
158152
request["ExpressionAttributeNames"]["#sig"] = "amzn-ddb-map-sig"

TestVectors/runtimes/python/src/aws_dbesdk_dynamodb_test_vectors/internaldafny/extern/CreateInterceptedDDBTable.py

Lines changed: 9 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -12,30 +12,22 @@
1212
from smithy_dafny_standard_library.internaldafny.generated import Wrappers
1313
from aws_dbesdk_dynamodb.smithygenerated.aws_cryptography_dbencryptionsdk_dynamodb.errors import _smithy_error_to_dafny_error
1414
from aws_dbesdk_dynamodb_test_vectors.waiting_boto3_ddb_client import WaitingLocalDynamoClient
15-
from aws_dbesdk_dynamodb.transform import (
16-
dict_to_ddb,
17-
ddb_to_dict,
18-
)
19-
from aws_dbesdk_dynamodb.internal import client_to_resource
20-
21-
from boto3.dynamodb.conditions import Key, Attr, And, Or, Not, Contains
22-
from boto3.dynamodb.types import TypeDeserializer
2315

24-
# from .....test.resource_formatted_queries import (queries, complex_queries)
16+
from boto3.dynamodb.conditions import Key, Attr
2517

2618
# When querying, DBESDK DDB TestVectors will pass the Table the query as a string.
2719
# The Table could accept this string as-is and process it correctly.
2820
# However, EncryptedTables have extra logic to process boto3 Conditions.
29-
# I want to test this extra logic as much as possible.
21+
# This extra logic should be tested as much as possible.
3022
# This map converts some known query strings to equivalent Conditions.
3123
# TestVectors will pass the query string (map key) to the Table;
3224
# the Table's internal logic will look up the query string in this map:
3325
# - Entry found: Query with replaced Condition
3426
# - Not found: Query with original string. Table accepts strings.
3527
# This map contains all query strings in the TestVectors' data.json as of commit
3628
# 4f18689f79243c9a5ab0f3a23108671defddeac4
37-
# If any query strings are added to TestVectors, they COULD be added here,
38-
# but do not need to be added.
29+
# If any query strings are added to TestVectors, they COULD be added here;
30+
# if they are not added, the Table will accept the string as-is.
3931
known_query_string_to_condition_map = {
4032
# "Basic" queries
4133
"RecNum = :zero": Key("RecNum").eq(":zero"),
@@ -130,9 +122,9 @@ def get_item(self, **kwargs):
130122
return client_output
131123

132124
def batch_write_item(self, **kwargs):
133-
# There isn't a resource shape for this;
125+
# The table doesn't support batch_write_item, but supports batch_writer.
126+
# Translate the batch_write_item request to batch_writer requests.
134127
table_input = self._client_shape_to_resource_shape_converter.batch_write_item_request(kwargs)
135-
# table_output = self._table.batch_write_item(**table_input)
136128
with self._table.batch_writer() as batch_writer:
137129
for _, items in table_input["RequestItems"].items():
138130
for item in items:
@@ -142,7 +134,7 @@ def batch_write_item(self, **kwargs):
142134
batch_writer.delete_item(item["DeleteRequest"]["Key"])
143135
else:
144136
raise ValueError(f"Unknown request type: {item}")
145-
# There isn't a shape for the output, but luckily the output can be an empty dict:
137+
# An empty dict is valid output:
146138
# https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/client/batch_write_item.html
147139
client_output = {}
148140
return client_output
@@ -158,8 +150,7 @@ def scan(self, **kwargs):
158150
if "KeyConditionExpression" in table_input:
159151
if table_input["KeyConditionExpression"] in known_query_string_to_condition_map:
160152
# Turn the query into the resource-formatted query
161-
query = known_query_string_to_condition_map[table_input["KeyConditionExpression"]]
162-
table_input["KeyConditionExpression"] = query
153+
table_input["KeyConditionExpression"] = known_query_string_to_condition_map[table_input["KeyConditionExpression"]]
163154
if "FilterExpression" in table_input:
164155
if table_input["FilterExpression"] in known_query_string_to_condition_map:
165156
# Turn the query into the resource-formatted query
@@ -182,8 +173,7 @@ def query(self, **kwargs):
182173
if "KeyConditionExpression" in table_input:
183174
if table_input["KeyConditionExpression"] in known_query_string_to_condition_map:
184175
# Turn the query into the resource-formatted query
185-
query = known_query_string_to_condition_map[table_input["KeyConditionExpression"]]
186-
table_input["KeyConditionExpression"] = query
176+
table_input["KeyConditionExpression"] = known_query_string_to_condition_map[table_input["KeyConditionExpression"]]
187177
if "FilterExpression" in table_input:
188178
if table_input["FilterExpression"] in known_query_string_to_condition_map:
189179
# Turn the query into the resource-formatted query

0 commit comments

Comments
 (0)