Merge pull request #21 from cipherstash/chore/update-vendor-deps

Update vendored deps

Author: Bennett Hardwick

Cargo.lock

@@ -16,16 +16,8 @@ edition = "2021"
 # and it will keep the alphabetic ordering for you.
 
 [dependencies]
-aws-sdk-dynamodb = "0.29.0"
-lambda_http = "0.8.1"
-lambda_runtime = "0.8.1"
-aws-config = "0.56.0"
+aws-sdk-dynamodb = "1.3.0"
 tokio = { version = "1", features = ["full"] }
-tracing = { version = "0.1", features = ["log"] }
-tracing-subscriber = { version = "0.3", default-features = false, features = ["fmt"] }
-hmac = "0.12.1"
-sha2 = "0.10.7"
-aes = "0.8.3"
 hex = { version = "0.4.3", features = [ "serde" ] }
 cryptonamo-derive = { path = "cryptonamo-derive" }
 
@@ -34,14 +26,14 @@ cipherstash-client = { path = "./vendor/cipherstash-client/", features = [ "toki
 # cipherstash-client = { git = "ssh://[email protected]/cipherstash/cipherstash-suite.git", branch = "feat/compound-spike", package = "cipherstash-client", features = [ "tokio" ] }
 
 async-trait = "0.1.73"
-serde_with = "3.3.0"
 log = "0.4.20"
-env_logger = "0.10.0"
 itertools = "0.11.0"
 thiserror = "1.0.50"
-tokio-stream = "0.1.14"
-paste = "1.0.14"
 
 [dev-dependencies]
 serial_test = "2.0.0"
 trybuild = "1.0.85"
+tracing = { version = "0.1", features = ["log"] }
+tracing-subscriber = { version = "0.3", default-features = false, features = ["fmt"] }
+aws-config = { version = "1.0.1", features = [ "behavior-version-latest" ] }
+env_logger = "0.10.0"

Cargo.toml

@@ -13,7 +13,4 @@ proc-macro2 = "1.0.66"
 quote = "1.0.33"
 syn = {version = "2.0.31", features = [ "parsing" ]}
 itertools = "0.11.0"
-
-#cipherstash-client = { git = "ssh://[email protected]/cipherstash/cipherstash-suite.git", package = "cipherstash-client", features = [ "tokio" ] }
-cipherstash-client = { path = "../vendor/cipherstash-client/", features = [ "tokio" ] }
 indexmap = "2.1.0"

cryptonamo-derive/Cargo.lock

@@ -20,7 +20,7 @@ pub(crate) fn derive_decryptable(input: DeriveInput) -> Result<TokenStream, syn:
             let attr_ident = format_ident!("{attr}");
 
             quote! {
-                #attr_ident: unsealed.from_protected(#attr)?.try_into()?
+                #attr_ident: unsealed.from_protected(#attr)?.to_owned().try_into()?
             }
         })
         .chain(plaintext_attributes.iter().map(|attr| {

cryptonamo-derive/Cargo.toml

@@ -352,7 +352,7 @@ impl SettingsBuilder {
         let partition_key = partition_key.ok_or_else(|| {
             syn::Error::new(
                 proc_macro2::Span::call_site(),
-                "Missing required attribute: #[cryptonamo(partition_key = \"...\")]",
+                "Missing required attribute: #[partition_key]",
             )
         })?;
 

cryptonamo-derive/src/decryptable.rs

@@ -22,7 +22,6 @@ use cipherstash_client::{
     encryption::{Encryption, EncryptionError},
     vitur::{errors::LoadConfigError, DatasetConfigWithIndexRootKey, Vitur},
 };
-use itertools::Itertools;
 use log::info;
 use std::collections::HashSet;
 use thiserror::Error;
@@ -39,6 +38,8 @@ pub struct EncryptedTable {
 pub enum PutError {
     #[error("AwsError: {0}")]
     Aws(String),
+    #[error("AwsBuildError: {0}")]
+    AwsBuildError(#[from] aws_sdk_dynamodb::error::BuildError),
     #[error("Write Conversion Error: {0}")]
     WriteConversion(#[from] WriteConversionError),
     #[error("SealError: {0}")]
@@ -65,6 +66,8 @@ pub enum GetError {
 pub enum DeleteError {
     #[error("Encryption Error: {0}")]
     Encryption(#[from] EncryptionError),
+    #[error("AwsBuildError: {0}")]
+    AwsBuildError(#[from] aws_sdk_dynamodb::error::BuildError),
     #[error("AwsError: {0}")]
     Aws(String),
 }
@@ -166,29 +169,32 @@ impl EncryptedTable {
     ) -> Result<(), DeleteError> {
         let PrimaryKeyParts { pk, sk } = self.get_primary_key_parts::<E>(k)?;
 
-        let sk_to_delete = all_index_keys::<E>(&sk)
+        let transact_items = all_index_keys::<E>(&sk)
             .into_iter()
-            .map(|x| hmac("sk", &x, Some(pk.as_str()), &self.cipher))
+            .map(|x| Ok::<_, DeleteError>(hmac("sk", &x, Some(pk.as_str()), &self.cipher)?))
             .chain([Ok(sk)])
+            .map(|sk| {
+                sk.and_then(|sk| {
+                    Ok::<_, DeleteError>(
+                        TransactWriteItem::builder()
+                            .delete(
+                                Delete::builder()
+                                    .table_name(&self.table_name)
+                                    .key("pk", AttributeValue::S(pk.clone()))
+                                    .key("sk", AttributeValue::S(sk))
+                                    .build()?,
+                            )
+                            .build(),
+                    )
+                })
+            })
             .collect::<Result<Vec<_>, _>>()?;
 
-        let transact_items = sk_to_delete.into_iter().map(|sk| {
-            TransactWriteItem::builder()
-                .delete(
-                    Delete::builder()
-                        .table_name(&self.table_name)
-                        .key("pk", AttributeValue::S(pk.clone()))
-                        .key("sk", AttributeValue::S(sk))
-                        .build(),
-                )
-                .build()
-        });
-
         // Dynamo has a limit of 100 items per transaction
         for items in transact_items.chunks(100).into_iter() {
             self.db
                 .transact_write_items()
-                .set_transact_items(Some(items.collect()))
+                .set_transact_items(Some(items.to_vec()))
                 .send()
                 .await
                 .map_err(|e| DeleteError::Aws(format!("{e:?}")))?;
@@ -219,7 +225,7 @@ impl EncryptedTable {
                         Put::builder()
                             .table_name(&self.table_name)
                             .set_item(Some(entry.try_into()?))
-                            .build(),
+                            .build()?,
                     )
                     .build(),
             );
@@ -239,7 +245,7 @@ impl EncryptedTable {
                             .table_name(&self.table_name)
                             .key("pk", AttributeValue::S(pk.clone()))
                             .key("sk", AttributeValue::S(index_sk))
-                            .build(),
+                            .build()?,
                     )
                     .build(),
             );

cryptonamo-derive/src/settings/builder.rs

@@ -217,7 +217,8 @@ impl_simple_conversions! {
     String => String,
     Bytes => Vec<u8>,
     StringVec => Vec<String>,
-    ByteVec => Vec<Vec<u8>>
+    ByteVec => Vec<Vec<u8>>,
+    Bool => bool
 }
 
 impl From<TableAttribute> for AttributeValue {

src/encrypted_table/mod.rs

@@ -16,37 +16,43 @@ pub async fn create_table(client: &Client, table_name: &str) {
             AttributeDefinition::builder()
                 .attribute_name("pk")
                 .attribute_type(ScalarAttributeType::S)
-                .build(),
+                .build()
+                .expect("Failed to build attribute definition"),
         )
         .attribute_definitions(
             AttributeDefinition::builder()
                 .attribute_name("sk")
                 .attribute_type(ScalarAttributeType::S)
-                .build(),
+                .build()
+                .expect("Failed to build attribute definition"),
         )
         .attribute_definitions(
             AttributeDefinition::builder()
                 .attribute_name("term")
                 .attribute_type(ScalarAttributeType::S)
-                .build(),
+                .build()
+                .expect("Failed to build attribute definition"),
         )
         .key_schema(
             KeySchemaElement::builder()
                 .attribute_name("pk")
                 .key_type(KeyType::Hash)
-                .build(),
+                .build()
+                .expect("Failed to build key schema element"),
         )
         .key_schema(
             KeySchemaElement::builder()
                 .attribute_name("sk")
                 .key_type(KeyType::Range)
-                .build(),
+                .build()
+                .expect("Failed to build key schema element"),
         )
         .provisioned_throughput(
             ProvisionedThroughput::builder()
                 .read_capacity_units(5)
                 .write_capacity_units(5)
-                .build(),
+                .build()
+                .expect("Failed to build provisioned throughput"),
         )
         .global_secondary_indexes(
             GlobalSecondaryIndex::builder()
@@ -55,7 +61,8 @@ pub async fn create_table(client: &Client, table_name: &str) {
                     KeySchemaElement::builder()
                         .attribute_name("term")
                         .key_type(KeyType::Hash)
-                        .build(),
+                        .build()
+                        .expect("Failed to build key schema element"),
                 )
                 .projection(
                     Projection::builder()
@@ -66,9 +73,11 @@ pub async fn create_table(client: &Client, table_name: &str) {
                     ProvisionedThroughput::builder()
                         .read_capacity_units(5)
                         .write_capacity_units(5)
-                        .build(),
+                        .build()
+                        .expect("Failed to build provisioned throughput"),
                 )
-                .build(),
+                .build()
+                .expect("Failed to build index"),
         )
         .send()
         .await

src/encrypted_table/table_entry.rs

@@ -35,6 +35,7 @@ run_tests! {
 
     pass => {
         "./ui/pass.rs",
-        "./ui/pk-field-on-struct.rs"
+        "./ui/pk-field-on-struct.rs",
+        "./ui/various-fields.rs"
     }
 }