Assert all values

Author: rishav-karanjit

Examples/runtimes/go/migration/PlaintextToAWSDBE/awsdbe/step1.go

@@ -10,6 +10,7 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
 
 	"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/dbesdkmiddleware"
+	plaintexttoawsdbe "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/migration/PlaintextToAWSDBE"
 	"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/utils"
 
 	dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes"
@@ -66,12 +67,14 @@ func MigrationStep1(kmsKeyID, ddbTableName, partitionKeyValue, sortKeyWriteValue
 	// 3. Put an item into your table.
 	//    This item will be stored in plaintext.
 	encryptedAndSignedValue := "this will be encrypted and signed"
+	signOnlyValue := "this will never be encrypted, but it will be signed"
+	doNothingValue := "this will never be encrypted nor signed"
 	item := map[string]types.AttributeValue{
 		"partition_key": &types.AttributeValueMemberS{Value: partitionKeyValue},
 		"sort_key":      &types.AttributeValueMemberN{Value: sortKeyWriteValue},
 		"attribute1":    &types.AttributeValueMemberS{Value: encryptedAndSignedValue},
-		"attribute2":    &types.AttributeValueMemberS{Value: "this will never be encrypted, but it will be signed"},
-		"attribute3":    &types.AttributeValueMemberS{Value: "this will never be encrypted nor signed"},
+		"attribute2":    &types.AttributeValueMemberS{Value: signOnlyValue},
+		"attribute3":    &types.AttributeValueMemberS{Value: doNothingValue},
 	}
 
 	putInput := dynamodb.PutItemInput{
@@ -112,11 +115,9 @@ func MigrationStep1(kmsKeyID, ddbTableName, partitionKeyValue, sortKeyWriteValue
 	}
 
 	// Verify we got the expected item back
-	if partitionKeyValue != result.Item["partition_key"].(*types.AttributeValueMemberS).Value {
-		panic("Decrypted item does not match original item")
-	}
-	if encryptedAndSignedValue != result.Item["attribute1"].(*types.AttributeValueMemberS).Value {
-		panic("Decrypted item does not match original item")
+	err = plaintexttoawsdbe.VerifyReturnedItem(result, partitionKeyValue, sortKeyReadValue, encryptedAndSignedValue, signOnlyValue, doNothingValue)
+	if err != nil {
+		return err
 	}
 	fmt.Println("MigrationStep1 completed successfully")
 	return nil

Examples/runtimes/go/migration/PlaintextToAWSDBE/awsdbe/step2.go

@@ -14,6 +14,7 @@ import (
 
 	dbesdkdynamodbencryptiontypes "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes"
 	"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/dbesdkmiddleware"
+	plaintexttoawsdbe "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/migration/PlaintextToAWSDBE"
 	"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/utils"
 )
 
@@ -64,12 +65,14 @@ func MigrationStep2(kmsKeyID, ddbTableName, partitionKeyValue, sortKeyWriteValue
 	// 3. Put an item into your table.
 	//    This item will be encrypted.
 	encryptedAndSignedValue := "this will be encrypted and signed"
+	signOnlyValue := "this will never be encrypted, but it will be signed"
+	doNothingValue := "this will never be encrypted nor signed"
 	item := map[string]types.AttributeValue{
 		"partition_key": &types.AttributeValueMemberS{Value: partitionKeyValue},
 		"sort_key":      &types.AttributeValueMemberN{Value: sortKeyWriteValue},
 		"attribute1":    &types.AttributeValueMemberS{Value: encryptedAndSignedValue},
-		"attribute2":    &types.AttributeValueMemberS{Value: "this will never be encrypted, but it will be signed"},
-		"attribute3":    &types.AttributeValueMemberS{Value: "this will never be encrypted nor signed"},
+		"attribute2":    &types.AttributeValueMemberS{Value: signOnlyValue},
+		"attribute3":    &types.AttributeValueMemberS{Value: doNothingValue},
 	}
 
 	putInput := dynamodb.PutItemInput{
@@ -110,11 +113,9 @@ func MigrationStep2(kmsKeyID, ddbTableName, partitionKeyValue, sortKeyWriteValue
 	}
 
 	// Verify we got the expected item back
-	if partitionKeyValue != result.Item["partition_key"].(*types.AttributeValueMemberS).Value {
-		panic("Decrypted item does not match original item")
-	}
-	if encryptedAndSignedValue != result.Item["attribute1"].(*types.AttributeValueMemberS).Value {
-		panic("Decrypted item does not match original item")
+	err = plaintexttoawsdbe.VerifyReturnedItem(result, partitionKeyValue, sortKeyReadValue, encryptedAndSignedValue, signOnlyValue, doNothingValue)
+	if err != nil {
+		return err
 	}
 	fmt.Println("MigrationStep2 completed successfully")
 	return nil

Examples/runtimes/go/migration/PlaintextToAWSDBE/migrationutils.go

@@ -0,0 +1,59 @@
+package plaintexttoawsdbe
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+)
+
+func VerifyReturnedItem(result *dynamodb.GetItemOutput, partitionKeyValue, sortKeyValue, encryptedAndSignedValue, signOnlyValue, doNothingValue string) error {
+	returnedPartitionKey, ok := result.Item["partition_key"].(*types.AttributeValueMemberS)
+	fmt.Println(returnedPartitionKey.Value)
+	if !ok {
+		// We return this error because we run test against the error.
+		// When used in production code, you can decide how you want to handle errors.
+		return fmt.Errorf("partition_key is not a string attribute")
+	}
+	returnedsortKey, ok := result.Item["sort_key"].(*types.AttributeValueMemberN)
+	if !ok {
+		// We return this error because we run test against the error.
+		// When used in production code, you can decide how you want to handle errors.
+		return fmt.Errorf("sort_key is not a number attribute")
+	}
+	returnedAttribute1, ok := result.Item["attribute1"].(*types.AttributeValueMemberS)
+	if !ok {
+		// We return this error because we run test against the error.
+		// When used in production code, you can decide how you want to handle errors.
+		return fmt.Errorf("attribute1 is not a string attribute")
+	}
+	returnedAttribute2, ok := result.Item["attribute2"].(*types.AttributeValueMemberS)
+	if !ok {
+		// We return this error because we run test against the error.
+		// When used in production code, you can decide how you want to handle errors.
+		return fmt.Errorf("attribute2 is not a string attribute")
+	}
+	returnedAttribute3, ok := result.Item["attribute3"].(*types.AttributeValueMemberS)
+	if !ok {
+		// We return this error because we run test against the error.
+		// When used in production code, you can decide how you want to handle errors.
+		return fmt.Errorf("attribute3 is not a string attribute")
+	}
+
+	if returnedPartitionKey.Value != partitionKeyValue {
+		panic(fmt.Sprintf("Expected partition key %s, got %s", partitionKeyValue, returnedPartitionKey))
+	}
+	if returnedsortKey.Value != sortKeyValue {
+		panic(fmt.Sprintf("Expected partition key %s, got %s", sortKeyValue, returnedsortKey))
+	}
+	if returnedAttribute1.Value != encryptedAndSignedValue {
+		panic(fmt.Sprintf("Expected attribute1 value %s, got %s", encryptedAndSignedValue, returnedAttribute1.Value))
+	}
+	if returnedAttribute2.Value != signOnlyValue {
+		panic(fmt.Sprintf("Expected attribute2 value %s, got %s", signOnlyValue, returnedAttribute2.Value))
+	}
+	if returnedAttribute3.Value != doNothingValue {
+		panic(fmt.Sprintf("Expected attribute3 value %s, got %s", doNothingValue, returnedAttribute3.Value))
+	}
+	return nil
+}

Examples/runtimes/go/migration/PlaintextToAWSDBE/plaintext/step0.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 
+	plaintexttoawsdbe "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/migration/PlaintextToAWSDBE"
 	"github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/examples/utils"
 	"github.com/aws/aws-sdk-go-v2/config"
 	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
@@ -38,12 +39,15 @@ func MigrationStep0(ddbTableName, partitionKeyValue, sortKeyWriteValue, sortKeyR
 
 	// 2. Put an example item into DynamoDB table
 	//    This item will be stored in plaintext.
+	encryptedAndSignedValue := "this will be encrypted and signed"
+	signOnlyValue := "this will never be encrypted, but it will be signed"
+	doNothingValue := "this will never be encrypted nor signed"
 	item := map[string]types.AttributeValue{
 		"partition_key": &types.AttributeValueMemberS{Value: partitionKeyValue},
 		"sort_key":      &types.AttributeValueMemberN{Value: sortKeyWriteValue},
-		"attribute1":    &types.AttributeValueMemberS{Value: "this will be encrypted and signed"},
-		"attribute2":    &types.AttributeValueMemberS{Value: "this will never be encrypted, but it will be signed"},
-		"attribute3":    &types.AttributeValueMemberS{Value: "this will never be encrypted nor signed"},
+		"attribute1":    &types.AttributeValueMemberS{Value: encryptedAndSignedValue},
+		"attribute2":    &types.AttributeValueMemberS{Value: signOnlyValue},
+		"attribute3":    &types.AttributeValueMemberS{Value: doNothingValue},
 	}
 
 	putInput := &dynamodb.PutItemInput{
@@ -79,24 +83,9 @@ func MigrationStep0(ddbTableName, partitionKeyValue, sortKeyWriteValue, sortKeyR
 		panic("No item found")
 	}
 
-	returnedPartitionKey, ok := result.Item["partition_key"].(*types.AttributeValueMemberS)
-	if !ok {
-		// We return this error because we run test against the error.
-		// When used in production code, you can decide how you want to handle errors.
-		return fmt.Errorf("partition_key is not a string attribute")
-	}
-	returnedAttribute1, ok := result.Item["attribute1"].(*types.AttributeValueMemberS)
-	if !ok {
-		// We return this error because we run test against the error.
-		// When used in production code, you can decide how you want to handle errors.
-		return fmt.Errorf("partition_key is not a string attribute")
-	}
-
-	if returnedPartitionKey.Value != partitionKeyValue {
-		panic(fmt.Sprintf("Expected partition key %s, got %s", partitionKeyValue, returnedPartitionKey))
-	}
-	if returnedAttribute1.Value != "this will be encrypted and signed" {
-		panic(fmt.Sprintf("Expected attribute1 value, got %s", returnedAttribute1))
+	err = plaintexttoawsdbe.VerifyReturnedItem(result, partitionKeyValue, sortKeyReadValue, encryptedAndSignedValue, signOnlyValue, doNothingValue)
+	if err != nil {
+		return err
 	}
 
 	fmt.Println("MigrationStep0 completed successfully")

Examples/runtimes/go/migration/PlaintextToAWSDBE/plaintext/step0_test.go

@@ -32,13 +32,13 @@ func TestMigrationStep0(t *testing.T) {
 
 	// When: Execute Step 0 with sortReadValue=2, Then: should error out when reading encrypted items.
 	err = MigrationStep0(tableName, partitionKey, sortKeys[0], sortKeys[2])
-	utils.AssertErrorMessage(err, "partition_key is not a string attribute")
+	utils.AssertErrorMessage(err, "attribute1 is not a string attribute")
 
 	// Given: Step 3 has succeeded (if it exists)
 	awsdbe.MigrationStep3(kmsKeyID, tableName, partitionKey, sortKeys[3], sortKeys[3])
 	// When: Execute Step 0 with sortReadValue=3, Then: should error out
 	err = MigrationStep0(tableName, partitionKey, sortKeys[0], sortKeys[3])
-	utils.AssertErrorMessage(err, "partition_key is not a string attribute")
+	utils.AssertErrorMessage(err, "attribute1 is not a string attribute")
 
 	// Cleanup
 	for _, sortKey := range sortKeys { // Only clean up items we created