migration 4

Author: imabhichow

DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/internaldafny/extern/InternalLegacyOverride-NewCopy.py

@@ -63,10 +63,12 @@ def Build(config: DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig):
         legacy_instance.encryption_context = maybe_encryption_context.value
         # Access the value property, not calling it as a function
         legacy_instance.attribute_actions = maybe_actions.value
-        
+
         # Set the material description field name and signature field name
         # These values might be customized by the customer
-        if isinstance(legacy_override.encryptor, EncryptedClient) and hasattr(legacy_override.encryptor, "_crypto_config"):
+        if isinstance(legacy_override.encryptor, EncryptedClient) and hasattr(
+            legacy_override.encryptor, "_crypto_config"
+        ):
             # Get field names from the encryptor's crypto config
             crypto_config = legacy_override.encryptor._crypto_config
             if hasattr(crypto_config, "material_description_field_name"):
@@ -76,11 +78,9 @@ def Build(config: DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig):
             else:
                 # Use default value if not explicitly set
                 legacy_instance.materialDescriptionFieldName = _dafny.seq_of_chars("*amzn-ddb-map-desc*")
-                
+
             if hasattr(crypto_config, "signature_field_name"):
-                legacy_instance.signatureFieldName = _dafny.seq_of_chars(
-                    crypto_config.signature_field_name
-                )
+                legacy_instance.signatureFieldName = _dafny.seq_of_chars(crypto_config.signature_field_name)
             else:
                 # Use default value if not explicitly set
                 legacy_instance.signatureFieldName = _dafny.seq_of_chars("*amzn-ddb-map-sig*")
@@ -137,7 +137,7 @@ def legacyActions(attribute_actions_on_encrypt):
 
     @staticmethod
     def EncryptItem(input):
-        print(f'Encrypting {input}')
+        print(f"Encrypting {input}")
         try:
             # Extract components from the input
             item = input.plaintextItem
@@ -230,23 +230,27 @@ def IsLegacyInput(input):
                 return False
 
             # Check if we're dealing with DecryptItemInput
-            if not hasattr(input, 'encryptedItem'):
+            if not hasattr(input, "encryptedItem"):
                 return False
 
             # We need the instance with materialDescriptionFieldName and signatureFieldName
-            if not hasattr(input, 'legacyOverride') or not input.legacyOverride:
+            if not hasattr(input, "legacyOverride") or not input.legacyOverride:
                 return False
 
             legacy_override = input.legacyOverride
-            if not hasattr(legacy_override, 'materialDescriptionFieldName') or not legacy_override.materialDescriptionFieldName:
+            if (
+                not hasattr(legacy_override, "materialDescriptionFieldName")
+                or not legacy_override.materialDescriptionFieldName
+            ):
                 return False
-            if not hasattr(legacy_override, 'signatureFieldName') or not legacy_override.signatureFieldName:
+            if not hasattr(legacy_override, "signatureFieldName") or not legacy_override.signatureFieldName:
                 return False
 
             # Check if the item contains both required markers
-            return (input.encryptedItem.contains(legacy_override.materialDescriptionFieldName) and
-                    input.encryptedItem.contains(legacy_override.signatureFieldName))
-            
+            return input.encryptedItem.contains(
+                legacy_override.materialDescriptionFieldName
+            ) and input.encryptedItem.contains(legacy_override.signatureFieldName)
+
         except:
             # If we encounter any error during detection, default to not using legacy
             return False
@@ -257,5 +261,4 @@ def CreateError(message):
         return Error_DynamoDbItemEncryptorException(message)
 
 
-
 aws_dbesdk_dynamodb.internaldafny.generated.InternalLegacyOverride.InternalLegacyOverride = InternalLegacyOverride

DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/internaldafny/extern/InternalLegacyOverride.py

@@ -4,7 +4,7 @@
     DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig,
     Error_DynamoDbItemEncryptorException,
     EncryptItemOutput_EncryptItemOutput,
-    DecryptItemOutput_DecryptItemOutput
+    DecryptItemOutput_DecryptItemOutput,
 )
 from aws_dbesdk_dynamodb.internaldafny.generated.AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes import (
     CryptoAction_ENCRYPT__AND__SIGN,
@@ -65,10 +65,12 @@ def Build(config: DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig):
         legacy_instance.encryption_context = maybe_encryption_context.value
         # Access the value property, not calling it as a function
         legacy_instance.attribute_actions = maybe_actions.value
-        
+
         # Set the material description field name and signature field name
         # These values might be customized by the customer
-        if isinstance(legacy_override.encryptor, EncryptedClient) and hasattr(legacy_override.encryptor, "_crypto_config"):
+        if isinstance(legacy_override.encryptor, EncryptedClient) and hasattr(
+            legacy_override.encryptor, "_crypto_config"
+        ):
             # Get field names from the encryptor's crypto config
             crypto_config = legacy_override.encryptor._crypto_config
             if hasattr(crypto_config, "material_description_field_name"):
@@ -78,11 +80,9 @@ def Build(config: DynamoDbItemEncryptorConfig_DynamoDbItemEncryptorConfig):
             else:
                 # Use default value if not explicitly set
                 legacy_instance.materialDescriptionFieldName = _dafny.seq_of_chars("*amzn-ddb-map-desc*")
-                
+
             if hasattr(crypto_config, "signature_field_name"):
-                legacy_instance.signatureFieldName = _dafny.seq_of_chars(
-                    crypto_config.signature_field_name
-                )
+                legacy_instance.signatureFieldName = _dafny.seq_of_chars(crypto_config.signature_field_name)
             else:
                 # Use default value if not explicitly set
                 legacy_instance.signatureFieldName = _dafny.seq_of_chars("*amzn-ddb-map-sig*")
@@ -139,83 +139,79 @@ def legacyActions(attribute_actions_on_encrypt):
 
     def EncryptItem(self, input):
         """Encrypt an item using the legacy DynamoDB encryptor.
-        
+
         Args:
             input: EncryptItemInput containing the plaintext item to encrypt
-            
+
         Returns:
             Result containing the encrypted item or an error
         """
         try:
             # Get the plaintext item from the input
             plaintext_item = input.plaintextItem
-            
+
             # Check policy
             if not self.policy.is_FORCE__LEGACY__ENCRYPT__ALLOW__LEGACY__DECRYPT:
                 return Wrappers.Result_Failure(
                     InternalLegacyOverride.CreateError("Legacy policy does not support encrypt")
                 )
-            
+
             # Use the encryptor to encrypt the item using the instance attributes
             encrypted_item = self.encryptor.encrypt_item(
-                plaintext_item,
-                actions=self.attribute_actions,
-                encryption_context=self.encryption_context
+                plaintext_item, actions=self.attribute_actions, encryption_context=self.encryption_context
             )
-            
+
             # Create the output with the encrypted item
             output = EncryptItemOutput_EncryptItemOutput(encrypted_item, Wrappers.Option_None())
             return Wrappers.Result_Success(output)
-            
+
         except Exception as e:
             # Return an appropriate error result with the exception details
-            return Wrappers.Result_Failure(
-                InternalLegacyOverride.CreateError(f"Error during encryption: {str(e)}")
-            )
+            return Wrappers.Result_Failure(InternalLegacyOverride.CreateError(f"Error during encryption: {str(e)}"))
 
     def DecryptItem(self, input):
         """Decrypt an item using the legacy DynamoDB encryptor.
 
         Args:
             input: DecryptItemInput containing the encrypted item to decrypt
-            
+
         Returns:
             Result containing the decrypted item or an error
         """
         try:
             # Get the encrypted item from the input
             encrypted_item = input.encryptedItem
-            
+
             # Check policy
-            if not (self.policy.is_FORCE__LEGACY__ENCRYPT__ALLOW__LEGACY__DECRYPT or 
-                    self.policy.is_FORBID__LEGACY__ENCRYPT__ALLOW__LEGACY__DECRYPT):
+            if not (
+                self.policy.is_FORCE__LEGACY__ENCRYPT__ALLOW__LEGACY__DECRYPT
+                or self.policy.is_FORBID__LEGACY__ENCRYPT__ALLOW__LEGACY__DECRYPT
+            ):
                 return Wrappers.Result_Failure(
                     InternalLegacyOverride.CreateError("Legacy policy does not support decrypt")
                 )
-            
+
             # Validate that this is indeed a legacy item with the required fields
-            if not (encrypted_item.contains(self.materialDescriptionFieldName) and 
-                    encrypted_item.contains(self.signatureFieldName)):
+            if not (
+                encrypted_item.contains(self.materialDescriptionFieldName)
+                and encrypted_item.contains(self.signatureFieldName)
+            ):
                 return Wrappers.Result_Failure(
                     InternalLegacyOverride.CreateError("Item does not contain required legacy fields")
                 )
-            
+
             # Use the encryptor to decrypt the item using the instance attributes
             decrypted_item = self.encryptor.decrypt_item(
-                encrypted_item,
-                actions=self.attribute_actions,
-                encryption_context=self.encryption_context
+                encrypted_item, actions=self.attribute_actions, encryption_context=self.encryption_context
             )
-            
+
             # Create the output with the decrypted item
             output = DecryptItemOutput_DecryptItemOutput(decrypted_item, Wrappers.Option_None())
             return Wrappers.Result_Success(output)
-            
+
         except Exception as e:
             # Return an appropriate error result with the exception details
-            return Wrappers.Result_Failure(
-                InternalLegacyOverride.CreateError(f"Error during decryption: {str(e)}")
-            )
+            return Wrappers.Result_Failure(InternalLegacyOverride.CreateError(f"Error during decryption: {str(e)}"))
 
     def __init__(self):
         super().__init__()
@@ -240,23 +236,27 @@ def IsLegacyInput(input):
                 return False
 
             # Check if we're dealing with DecryptItemInput
-            if not hasattr(input, 'encryptedItem'):
+            if not hasattr(input, "encryptedItem"):
                 return False
 
             # We need the instance with materialDescriptionFieldName and signatureFieldName
-            if not hasattr(input, 'legacyOverride') or not input.legacyOverride:
+            if not hasattr(input, "legacyOverride") or not input.legacyOverride:
                 return False
 
             legacy_override = input.legacyOverride
-            if not hasattr(legacy_override, 'materialDescriptionFieldName') or not legacy_override.materialDescriptionFieldName:
+            if (
+                not hasattr(legacy_override, "materialDescriptionFieldName")
+                or not legacy_override.materialDescriptionFieldName
+            ):
                 return False
-            if not hasattr(legacy_override, 'signatureFieldName') or not legacy_override.signatureFieldName:
+            if not hasattr(legacy_override, "signatureFieldName") or not legacy_override.signatureFieldName:
                 return False
 
             # Check if the item contains both required markers
-            return (input.encryptedItem.contains(legacy_override.materialDescriptionFieldName) and
-                    input.encryptedItem.contains(legacy_override.signatureFieldName))
-            
+            return input.encryptedItem.contains(
+                legacy_override.materialDescriptionFieldName
+            ) and input.encryptedItem.contains(legacy_override.signatureFieldName)
+
         except:
             # If we encounter any error during detection, default to not using legacy
             return False
@@ -267,5 +267,4 @@ def CreateError(message):
         return Error_DynamoDbItemEncryptorException(message)
 
 
-
 aws_dbesdk_dynamodb.internaldafny.generated.InternalLegacyOverride.InternalLegacyOverride = InternalLegacyOverride

Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/migration_step_1.py

@@ -26,17 +26,8 @@
 import boto3
 
 # Import from new AWS Database Encryption SDK
-from aws_dbesdk_dynamodb.structures.dynamodb import (
-    LegacyOverride,
-    LegacyPolicy,
-)
-
 # Import from legacy DynamoDB Encryption Client
-from dynamodb_encryption_sdk.encrypted.client import EncryptedClient as LegacyEncryptedClient
-from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
-from dynamodb_encryption_sdk.structures import AttributeActions, CryptoAction
-
-from .common import ATTRIBUTE_ACTIONS_ON_ENCRYPT, setup_awsdbe_client_with_legacy_override
+from .common import setup_awsdbe_client_with_legacy_override
 
 
 def migration_step_1(kms_key_id, ddb_table_name, sort_read_value=0):
@@ -53,9 +44,7 @@ def migration_step_1(kms_key_id, ddb_table_name, sort_read_value=0):
     ddb_client = boto3.client("dynamodb")
 
     # 2. Create a DynamoDB Encryption SDK client with legacy override
-    encrypted_client = setup_awsdbe_client_with_legacy_override(
-        kms_key_id=kms_key_id, ddb_table_name=ddb_table_name
-    )
+    encrypted_client = setup_awsdbe_client_with_legacy_override(kms_key_id=kms_key_id, ddb_table_name=ddb_table_name)
 
     # 3. Put an item in the old format since we are using a legacy override
     #    with FORCE_LEGACY_ENCRYPT_ALLOW_DECRYPT policy

Examples/runtimes/python/Migration/src/ddbec_to_awsdbe/awsdbe/migration_step_2.py

@@ -27,8 +27,7 @@
 import boto3
 
 # Import from new AWS Database Encryption SDK
-from . import migration_step_1
-from .common import setup_pure_awsdbe_client, setup_awsdbe_client_with_legacy_override
+from .common import setup_awsdbe_client_with_legacy_override, setup_pure_awsdbe_client
 
 
 def migration_step_2(kms_key_id, ddb_table_name):

Examples/runtimes/python/Migration/test/ddbec_to_awsdbe/awsdbe/test_migration_step_3.py

@@ -9,16 +9,17 @@
 import pytest
 
 from ....src.ddbec_to_awsdbe.awsdbe import (
+    common,
     migration_step_1,
     migration_step_2,
     migration_step_3,
-    common,
 )
 from ....src.ddbec_to_awsdbe.ddbec import migration_step_0
 from ..test_utils import TEST_DDB_TABLE_NAME, TEST_KMS_KEY_ID
 
 pytestmark = [pytest.mark.examples]
 
+
 def test_setup():
     common.setup_awsdbe_client_with_legacy_override(TEST_KMS_KEY_ID, TEST_DDB_TABLE_NAME)
 
@@ -56,4 +57,4 @@ def test_run_migration_example():
         print("Migration path completed successfully!")
         print("======================================================")
     finally:
-        pass
+        pass