Move fn EncryptedTable::prepare_record to it's own trait Preparable which is blanke implement for R: Searchable + Identifiable

Author: Nicklas Warming Jacobsen

src/crypto/mod.rs

@@ -6,10 +6,7 @@ mod unsealed;
 use std::borrow::Cow;
 
 use crate::{
-    traits::{
-        Encryptable, PrimaryKeyError, PrimaryKeyParts, ReadConversionError, Searchable,
-        WriteConversionError,
-    },
+    traits::{PrimaryKeyError, PrimaryKeyParts, ReadConversionError, WriteConversionError},
     Identifiable, IndexType, PrimaryKey,
 };
 use cipherstash_client::{

src/crypto/sealer.rs

@@ -1,17 +1,16 @@
 use super::{
-    b64_encode, encrypt_primary_key, format_term_key, hmac, SealError, SealedTableEntry,
-    UnsealSpec, Unsealed, MAX_TERMS_PER_INDEX,
+    b64_encode, format_term_key, hmac, SealError, SealedTableEntry, Unsealed, MAX_TERMS_PER_INDEX,
 };
 use crate::{
     encrypted_table::{TableAttribute, TableEntry},
     traits::PrimaryKeyParts,
-    Identifiable, IndexType, Searchable,
+    IndexType,
 };
 use cipherstash_client::{
     credentials::{service_credentials::ServiceToken, Credentials},
     encryption::{
         compound_indexer::{ComposableIndex, ComposablePlaintext, CompoundIndex},
-        Encryption, IndexTerm, Plaintext,
+        Encryption, IndexTerm,
     },
 };
 use itertools::Itertools;

src/encrypted_table/mod.rs

@@ -8,8 +8,8 @@ pub use self::{
 use crate::{
     crypto::*,
     errors::*,
-    traits::{Decryptable, PrimaryKeyParts, Searchable},
-    Identifiable, IndexType, PrimaryKey,
+    traits::{Decryptable, Preparable, PrimaryKeyParts, Searchable},
+    Identifiable, IndexType,
 };
 use aws_sdk_dynamodb::types::{AttributeValue, Delete, Put, TransactWriteItem};
 use cipherstash_client::{
@@ -103,6 +103,20 @@ pub struct PreparedRecord {
     sealer: Sealer,
 }
 
+impl PreparedRecord {
+    pub(crate) fn new(
+        protected_indexes: Cow<'static, [(Cow<'static, str>, IndexType)]>,
+        protected_attributes: Cow<'static, [Cow<'static, str>]>,
+        sealer: Sealer,
+    ) -> Self {
+        Self {
+            protected_indexes,
+            protected_attributes,
+            sealer,
+        }
+    }
+}
+
 impl DynamoRecordPatch {
     /// Consume the [`DynamoRecordPatch`] and create a list of [`TransactWriteItem`] used to put
     /// and delete records from DynamoDB.
@@ -224,55 +238,6 @@ impl<D> EncryptedTable<D> {
         })
     }
 
-    pub fn prepare_record<E: Searchable + Identifiable>(
-        &self,
-        record: E,
-    ) -> Result<PreparedRecord, SealError> {
-        let type_name = E::type_name();
-
-        let PrimaryKeyParts { pk, sk } = record
-            .get_primary_key()
-            .into_parts(&type_name, E::sort_key_prefix().as_deref());
-
-        let protected_indexes = E::protected_indexes();
-        let protected_attributes = E::protected_attributes();
-
-        let unsealed_indexes = protected_indexes
-            .iter()
-            .map(|(index_name, index_type)| {
-                record
-                    .attribute_for_index(index_name, *index_type)
-                    .and_then(|attr| {
-                        E::index_by_name(index_name, *index_type)
-                            .map(|index| (attr, index, index_name.clone(), *index_type))
-                    })
-                    .ok_or(SealError::MissingAttribute(index_name.to_string()))
-            })
-            .collect::<Result<Vec<_>, _>>()?;
-
-        let unsealed = record.into_unsealed();
-
-        let sealer = Sealer {
-            pk,
-            sk,
-
-            is_sk_encrypted: E::is_sk_encrypted(),
-            is_pk_encrypted: E::is_pk_encrypted(),
-
-            type_name,
-
-            unsealed_indexes,
-
-            unsealed,
-        };
-
-        Ok(PreparedRecord {
-            protected_indexes,
-            protected_attributes,
-            sealer,
-        })
-    }
-
     /// Create a [`DynamoRecordPatch`] used to insert records into DynamoDB.
     ///
     /// This will create a root record with all attributes and index records that only include
@@ -401,7 +366,7 @@ impl EncryptedTable<Dynamo> {
     where
         T: Searchable + Identifiable,
     {
-        let record = self.prepare_record(record)?;
+        let record = record.prepare_record()?;
 
         let transact_items = self
             .create_put_patch(

src/traits/mod.rs

@@ -1,5 +1,8 @@
-use crate::crypto::{SealError, Sealer, Unsealed};
 pub use crate::encrypted_table::{TableAttribute, TryFromTableAttr};
+use crate::{
+    crypto::{SealError, Sealer, Unsealed},
+    encrypted_table::PreparedRecord,
+};
 use cipherstash_client::encryption::EncryptionError;
 pub use cipherstash_client::{
     credentials::{service_credentials::ServiceToken, Credentials},
@@ -148,3 +151,57 @@ pub trait Decryptable: Sized {
     /// Must be equal to or a subset of protected_attributes on the [`Encryptable`] type.
     fn plaintext_attributes() -> Cow<'static, [Cow<'static, str>]>;
 }
+
+pub trait Preparable {
+    fn prepare_record(self) -> Result<PreparedRecord, SealError>;
+}
+
+impl<R> Preparable for R
+where
+    R: Searchable + Identifiable,
+{
+    fn prepare_record(self) -> Result<PreparedRecord, SealError> {
+        let type_name = Self::type_name();
+
+        let PrimaryKeyParts { pk, sk } = self
+            .get_primary_key()
+            .into_parts(&type_name, Self::sort_key_prefix().as_deref());
+
+        let protected_indexes = Self::protected_indexes();
+        let protected_attributes = Self::protected_attributes();
+
+        let unsealed_indexes = protected_indexes
+            .iter()
+            .map(|(index_name, index_type)| {
+                self.attribute_for_index(index_name, *index_type)
+                    .and_then(|attr| {
+                        Self::index_by_name(index_name, *index_type)
+                            .map(|index| (attr, index, index_name.clone(), *index_type))
+                    })
+                    .ok_or(SealError::MissingAttribute(index_name.to_string()))
+            })
+            .collect::<Result<Vec<_>, _>>()?;
+
+        let unsealed = self.into_unsealed();
+
+        let sealer = Sealer {
+            pk,
+            sk,
+
+            is_sk_encrypted: Self::is_sk_encrypted(),
+            is_pk_encrypted: Self::is_pk_encrypted(),
+
+            type_name,
+
+            unsealed_indexes,
+
+            unsealed,
+        };
+
+        Ok(PreparedRecord::new(
+            protected_indexes,
+            protected_attributes,
+            sealer,
+        ))
+    }
+}

tests/headless_tests.rs

@@ -1,5 +1,7 @@
 use aws_sdk_dynamodb::Client;
-use cipherstash_dynamodb::{Decryptable, Encryptable, EncryptedTable, Identifiable, Searchable};
+use cipherstash_dynamodb::{
+    traits::Preparable, Decryptable, Encryptable, EncryptedTable, Identifiable, Searchable,
+};
 use serial_test::serial;
 use std::future::Future;
 
@@ -58,8 +60,9 @@ async fn test_headless_roundtrip() {
             .await
             .expect("failed to init table");
 
-        let user_record = table
-            .prepare_record(user.clone())
+        let user_record = user
+            .clone()
+            .prepare_record()
             .expect("failed to prepare record");
 
         let patch = table