diff --git a/.github/workflows/ci_examples_java.yml b/.github/workflows/ci_examples_java.yml index 2499ac6ae..a8c221dc6 100644 --- a/.github/workflows/ci_examples_java.yml +++ b/.github/workflows/ci_examples_java.yml @@ -26,7 +26,6 @@ on: jobs: testJava: strategy: - max-parallel: 1 matrix: java-version: [8, 11, 16, 17] os: [macos-13] diff --git a/Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/BasicPutGetExample.java b/Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/BasicPutGetExample.java index 292fa5470..20e8ba466 100644 --- a/Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/BasicPutGetExample.java +++ b/Examples/runtimes/java/DynamoDbEncryption/src/main/java/software/amazon/cryptography/examples/BasicPutGetExample.java @@ -25,12 +25,19 @@ is provided in CLI arguments. This table must be configured with the following primary key configuration: - - Partition key is named "partition_key" with type (S) - - Sort key is named "sort_key" with type (N) + - Partition key is named `partitionKeyName` with type (S) + - Sort key is named `sortKeyName` with type (N) */ public class BasicPutGetExample { - public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { + public static void PutItemGetItem( + final String kmsKeyId, + final String ddbTableName, + final String partitionKeyName, + final String sortKeyName, + final String partitionKeyValue, + final String sortKeyValue + ) { // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data. // For this example, we will create a AWS KMS Keyring with the AWS KMS Key we want to use. // We will use the `CreateMrkMultiKeyring` method to create this keyring, @@ -52,8 +59,8 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { // - SIGN_ONLY: The attribute not encrypted, but is still included in the signature // - DO_NOTHING: The attribute is not encrypted and not included in the signature final Map attributeActionsOnEncrypt = new HashMap<>(); - attributeActionsOnEncrypt.put("partition_key", CryptoAction.SIGN_ONLY); // Our partition attribute must be SIGN_ONLY - attributeActionsOnEncrypt.put("sort_key", CryptoAction.SIGN_ONLY); // Our sort attribute must be SIGN_ONLY + attributeActionsOnEncrypt.put(partitionKeyName, CryptoAction.SIGN_ONLY); // Our partition attribute must be SIGN_ONLY + attributeActionsOnEncrypt.put(sortKeyName, CryptoAction.SIGN_ONLY); // Our sort attribute must be SIGN_ONLY attributeActionsOnEncrypt.put("attribute1", CryptoAction.ENCRYPT_AND_SIGN); attributeActionsOnEncrypt.put("attribute2", CryptoAction.SIGN_ONLY); attributeActionsOnEncrypt.put(":attribute3", CryptoAction.DO_NOTHING); @@ -94,8 +101,8 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { final DynamoDbTableEncryptionConfig config = DynamoDbTableEncryptionConfig .builder() .logicalTableName(ddbTableName) - .partitionKeyName("partition_key") - .sortKeyName("sort_key") + .partitionKeyName(partitionKeyName) + .sortKeyName(sortKeyName) .attributeActionsOnEncrypt(attributeActionsOnEncrypt) .keyring(kmsKeyring) .allowedUnsignedAttributePrefix(unsignAttrPrefix) @@ -141,10 +148,10 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { // client-side, according to our configuration. final HashMap item = new HashMap<>(); item.put( - "partition_key", - AttributeValue.builder().s("BasicPutGetExample").build() + partitionKeyName, + AttributeValue.builder().s(partitionKeyValue).build() ); - item.put("sort_key", AttributeValue.builder().n("0").build()); + item.put(sortKeyName, AttributeValue.builder().n(sortKeyValue).build()); item.put( "attribute1", AttributeValue.builder().s("encrypt and sign me!").build() @@ -168,10 +175,10 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { // back the original item. final HashMap keyToGet = new HashMap<>(); keyToGet.put( - "partition_key", - AttributeValue.builder().s("BasicPutGetExample").build() + partitionKeyName, + AttributeValue.builder().s(partitionKeyValue).build() ); - keyToGet.put("sort_key", AttributeValue.builder().n("0").build()); + keyToGet.put(sortKeyName, AttributeValue.builder().n(sortKeyValue).build()); final GetItemRequest getRequest = GetItemRequest .builder() @@ -194,13 +201,26 @@ public static void PutItemGetItem(String kmsKeyId, String ddbTableName) { } public static void main(final String[] args) { - if (args.length < 2) { + if (args.length < 6) { throw new IllegalArgumentException( - "To run this example, include the kmsKeyId as args[0] and ddbTableName as args[1]" + "To run this example, include the kmsKeyId as args[0], ddbTableName as args[1]," + + " partitionKeyName as args[2], sortKeyName as args[3], partitionKeyValue as args[4]" + + " sortKeyValue as args[5]" ); } final String kmsKeyId = args[0]; final String ddbTableName = args[1]; - PutItemGetItem(kmsKeyId, ddbTableName); + final String partitionKeyName = args[2]; + final String sortKeyName = args[3]; + final String partitionKeyValue = args[4]; + final String sortKeyValue = args[5]; + PutItemGetItem( + kmsKeyId, + ddbTableName, + partitionKeyName, + sortKeyName, + partitionKeyValue, + sortKeyValue + ); } } diff --git a/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestBasicPutGetExample.java b/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestBasicPutGetExample.java index b11942be1..deb0212e0 100644 --- a/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestBasicPutGetExample.java +++ b/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestBasicPutGetExample.java @@ -1,14 +1,27 @@ package software.amazon.cryptography.examples; +import java.util.UUID; import org.testng.annotations.Test; public class TestBasicPutGetExample { @Test public void TestPutGet() { + final String partitionKeyValue = "BasicPutGetExample" + UUID.randomUUID(); BasicPutGetExample.PutItemGetItem( TestUtils.TEST_KMS_KEY_ID, - TestUtils.TEST_DDB_TABLE_NAME + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + partitionKeyValue, + "0" + ); + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + partitionKeyValue, + "0" ); } } diff --git a/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestUtils.java b/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestUtils.java index 0e1c4f2b0..37bc5f3db 100644 --- a/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestUtils.java +++ b/Examples/runtimes/java/DynamoDbEncryption/src/test/java/software/amazon/cryptography/examples/TestUtils.java @@ -1,5 +1,10 @@ package software.amazon.cryptography.examples; +import java.util.HashMap; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.DeleteItemRequest; + public class TestUtils { public static final String TEST_KEYSTORE_NAME = "KeyStoreDdbTable"; @@ -30,4 +35,40 @@ public class TestUtils { // Our tests require access to DDB Table with this name public static final String TEST_DDB_TABLE_NAME = "DynamoDbEncryptionInterceptorTestTable"; + + /** + * Deletes an item from a DynamoDB table. + * + * @param tableName The name of the DynamoDB table + * @param partitionKeyName The name of partition key + * @param sortKeyName The name of sort key + * @param partitionKeyValue The value of the partition key + * @param sortKeyValue The value of the sort key (can be null if table doesn't have a sort key) + */ + public static void cleanUpDDBItem( + final String tableName, + final String partitionKeyName, + final String sortKeyName, + final String partitionKeyValue, + final String sortKeyValue + ) { + final DynamoDbClient ddb = DynamoDbClient.builder().build(); + final HashMap keyToDelete = new HashMap<>(); + keyToDelete.put( + partitionKeyName, + AttributeValue.builder().s(partitionKeyValue).build() + ); + if (sortKeyValue != null) { + keyToDelete.put( + sortKeyName, + AttributeValue.builder().n(sortKeyValue).build() + ); + } + final DeleteItemRequest deleteRequest = DeleteItemRequest + .builder() + .tableName(tableName) + .key(keyToDelete) + .build(); + ddb.deleteItem(deleteRequest); + } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep1.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep1.java index 9c2e7b785..5cb1bbe9f 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep1.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep1.java @@ -45,7 +45,8 @@ public class MigrationExampleStep1 { public static void MigrationStep1( String kmsKeyId, String ddbTableName, - int sortReadValue + int sortReadValue, + String partitionKey ) { // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data. // We will use the `CreateMrkMultiKeyring` method to create this keyring, @@ -143,7 +144,7 @@ public static void MigrationStep1( // 7. Put an item into your table using the DynamoDb Enhanced Client. // This item will be stored in plaintext. final SimpleClass item = new SimpleClass(); - item.setPartitionKey("PlaintextMigrationExample"); + item.setPartitionKey(partitionKey); item.setSortKey(1); item.setAttribute1("this will be encrypted and signed"); item.setAttribute3("this will never be encrypted nor signed"); @@ -158,13 +159,13 @@ public static void MigrationStep1( // during Step 2 or after), then the item will be decrypted client-side // and surfaced as a plaintext item. SimpleClass itemToGet = new SimpleClass(); - itemToGet.setPartitionKey("PlaintextMigrationExample"); + itemToGet.setPartitionKey(partitionKey); itemToGet.setSortKey(sortReadValue); SimpleClass returnedItem = table.getItem(itemToGet); // Demonstrate we get the expected item back - assert returnedItem.getPartitionKey().equals("PlaintextMigrationExample"); + assert returnedItem.getPartitionKey().equals(partitionKey); assert returnedItem .getAttribute1() .equals("this will be encrypted and signed"); @@ -180,6 +181,7 @@ public static void main(final String[] args) { final String ddbTableName = args[1]; // You can manipulate this value to demonstrate reading records written in other steps final int sortReadValue = Integer.parseInt(args[2]); - MigrationStep1(kmsKeyId, ddbTableName, sortReadValue); + final String partitionKey = args[3]; + MigrationStep1(kmsKeyId, ddbTableName, sortReadValue, partitionKey); } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep2.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep2.java index 180bdef92..fda66dfc1 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep2.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep2.java @@ -45,7 +45,8 @@ public class MigrationExampleStep2 { public static void MigrationStep2( String kmsKeyId, String ddbTableName, - int sortReadValue + int sortReadValue, + String partitionKey ) { // 1. Continue to configure your Keyring, Table Schema, legacy attribute actions, // and allowedUnsignedAttributes, and old DynamoDBEncryptor as you did in Step 1. @@ -121,7 +122,7 @@ public static void MigrationStep2( // 5. Put an item into your table using the DynamoDb Enhanced Client. // This item will be encrypted. final SimpleClass item = new SimpleClass(); - item.setPartitionKey("PlaintextMigrationExample"); + item.setPartitionKey(partitionKey); item.setSortKey(2); item.setAttribute1("this will be encrypted and signed"); item.setAttribute3("this will never be encrypted nor signed"); @@ -136,13 +137,13 @@ public static void MigrationStep2( // during Step 2 or after), then the DDB enhanced client will decrypt the // item client-sid and surface it in our code as a plaintext item. SimpleClass itemToGet = new SimpleClass(); - itemToGet.setPartitionKey("PlaintextMigrationExample"); + itemToGet.setPartitionKey(partitionKey); itemToGet.setSortKey(sortReadValue); SimpleClass returnedItem = table.getItem(itemToGet); // Demonstrate we get the expected item back - assert returnedItem.getPartitionKey().equals("PlaintextMigrationExample"); + assert returnedItem.getPartitionKey().equals(partitionKey); assert returnedItem .getAttribute1() .equals("this will be encrypted and signed"); @@ -158,6 +159,7 @@ public static void main(final String[] args) { final String ddbTableName = args[1]; // You can manipulate this value to demonstrate reading records written in other steps final int sortReadValue = Integer.parseInt(args[2]); - MigrationStep2(kmsKeyId, ddbTableName, sortReadValue); + final String partitionKey = args[3]; + MigrationStep2(kmsKeyId, ddbTableName, sortReadValue, partitionKey); } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep3.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep3.java index c51e7b655..9b30f6aee 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep3.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/awsdbe/MigrationExampleStep3.java @@ -40,7 +40,8 @@ public class MigrationExampleStep3 { public static void MigrationStep3( String kmsKeyId, String ddbTableName, - int sortReadValue + int sortReadValue, + String partitionKey ) { // 1. Create a Keyring. This Keyring will be responsible for protecting the data keys that protect your data. // We will use the `CreateMrkMultiKeyring` method to create this keyring, @@ -115,7 +116,7 @@ public static void MigrationStep3( // 7. Put an item into your table using the DynamoDb Enhanced Client. // This item will be encrypted. final SimpleClass item = new SimpleClass(); - item.setPartitionKey("PlaintextMigrationExample"); + item.setPartitionKey(partitionKey); item.setSortKey(3); item.setAttribute1("this will be encrypted and signed"); item.setAttribute3("this will never be encrypted nor signed"); @@ -131,13 +132,13 @@ public static void MigrationStep3( // during Step 2 or after), then the item will be decrypted client-side // and surfaced as a plaintext item. SimpleClass itemToGet = new SimpleClass(); - itemToGet.setPartitionKey("PlaintextMigrationExample"); + itemToGet.setPartitionKey(partitionKey); itemToGet.setSortKey(sortReadValue); SimpleClass returnedItem = table.getItem(itemToGet); // Demonstrate we get the expected item back - assert returnedItem.getPartitionKey().equals("PlaintextMigrationExample"); + assert returnedItem.getPartitionKey().equals(partitionKey); assert returnedItem .getAttribute1() .equals("this will be encrypted and signed"); @@ -153,6 +154,7 @@ public static void main(final String[] args) { final String ddbTableName = args[1]; // You can manipulate this value to demonstrate reading records written in other steps final int sortReadValue = Integer.parseInt(args[2]); - MigrationStep3(kmsKeyId, ddbTableName, sortReadValue); + final String partitionKey = args[3]; + MigrationStep3(kmsKeyId, ddbTableName, sortReadValue, partitionKey); } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/plaintext/MigrationExampleStep0.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/plaintext/MigrationExampleStep0.java index 940bff552..cb8be3a70 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/plaintext/MigrationExampleStep0.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/main/java/software/amazon/cryptography/examples/plaintext/MigrationExampleStep0.java @@ -28,7 +28,11 @@ write a plaintext record to a table and read that record. */ public class MigrationExampleStep0 { - public static void MigrationStep0(String ddbTableName, int sortReadValue) { + public static void MigrationStep0( + String ddbTableName, + int sortReadValue, + String partitionKey + ) { // 1. Create a Table Schema over your annotated class. // See SimpleClass.java in this directory for a sample annotated class // for a plaintext item. @@ -56,7 +60,7 @@ public static void MigrationStep0(String ddbTableName, int sortReadValue) { // 3. Put an example item into our DynamoDb table. // This item will be stored in plaintext. SimpleClass itemToPut = new SimpleClass(); - itemToPut.setPartitionKey("PlaintextMigrationExample"); + itemToPut.setPartitionKey(partitionKey); itemToPut.setSortKey(0); itemToPut.setAttribute1("this will be encrypted and signed"); itemToPut.setAttribute3("this will never be encrypted nor signed"); @@ -76,13 +80,13 @@ public static void MigrationStep0(String ddbTableName, int sortReadValue) { // client-side encrypted items, you will need to configure encrypted reads on // your enhanced client (this is configured from Step 1 onwards). SimpleClass itemToGet = new SimpleClass(); - itemToGet.setPartitionKey("PlaintextMigrationExample"); + itemToGet.setPartitionKey(partitionKey); itemToGet.setSortKey(sortReadValue); SimpleClass returnedItem = table.getItem(itemToGet); // Demonstrate we get the expected item back - assert returnedItem.getPartitionKey().equals("PlaintextMigrationExample"); + assert returnedItem.getPartitionKey().equals(partitionKey); assert returnedItem .getAttribute1() .equals("this will be encrypted and signed"); @@ -97,6 +101,7 @@ public static void main(final String[] args) { final String ddbTableName = args[0]; // You can manipulate this value to demonstrate reading records written in other steps final int sortReadValue = Integer.parseInt(args[1]); - MigrationStep0(ddbTableName, sortReadValue); + final String partitionKey = args[2]; + MigrationStep0(ddbTableName, sortReadValue, partitionKey); } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/TestUtils.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/TestUtils.java new file mode 100644 index 000000000..b45be0da7 --- /dev/null +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/TestUtils.java @@ -0,0 +1,57 @@ +package software.amazon.cryptography.examples.migration; + +import java.util.HashMap; +import java.util.UUID; +import software.amazon.awssdk.services.dynamodb.DynamoDbClient; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; +import software.amazon.awssdk.services.dynamodb.model.DeleteItemRequest; + +public class TestUtils { + + // This is a public KMS Key that MUST only be used for testing, and MUST NOT be used for any production data + public static String TEST_KMS_KEY_ID = + "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f"; + + // Our tests require access to DDB Table with this name + public static final String TEST_DDB_TABLE_NAME = + "DynamoDbEncryptionInterceptorTestTable"; + + public static final String PARTITION_KEY = + "PlaintextMigrationExample" + UUID.randomUUID(); + + /** + * Deletes an item from a DynamoDB table. + * + * @param tableName The name of the DynamoDB table + * @param partitionKeyName The name of partition key + * @param sortKeyName The name of sort key + * @param partitionKeyValue The value of the partition key + * @param sortKeyValue The value of the sort key (can be null if table doesn't have a sort key) + */ + public static void cleanUpDDBItem( + final String tableName, + final String partitionKeyName, + final String sortKeyName, + final String partitionKeyValue, + final String sortKeyValue + ) { + final DynamoDbClient ddb = DynamoDbClient.builder().build(); + final HashMap keyToDelete = new HashMap<>(); + keyToDelete.put( + partitionKeyName, + AttributeValue.builder().s(partitionKeyValue).build() + ); + if (sortKeyValue != null) { + keyToDelete.put( + sortKeyName, + AttributeValue.builder().n(sortKeyValue).build() + ); + } + final DeleteItemRequest deleteRequest = DeleteItemRequest + .builder() + .tableName(tableName) + .key(keyToDelete) + .build(); + ddb.deleteItem(deleteRequest); + } +} diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep1.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep1.java index 1d1983874..0fdf8337b 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep1.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep1.java @@ -1,9 +1,12 @@ package software.amazon.cryptography.examples.migration.awsdbe; +import java.util.Arrays; +import java.util.List; import org.testng.annotations.Test; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep1; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep2; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep3; +import software.amazon.cryptography.examples.migration.TestUtils; import software.amazon.cryptography.examples.plaintext.MigrationExampleStep0; public class TestMigrationExampleStep1 { @@ -14,42 +17,62 @@ public void TestMigrationStep1() { MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 1 + 1, + TestUtils.PARTITION_KEY ); // Given: Step 0 has succeeded - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 0); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY + ); // When: Execute Step 1 with sortReadValue=0, Then: Success (i.e. can read plaintext values) MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 0 + 0, + TestUtils.PARTITION_KEY ); // Given: Step 2 has succeeded MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); // When: Execute Step 1 with sortReadValue=2, Then: Success (i.e. can read encrypted values) MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); // Given: Step 3 has succeeded MigrationExampleStep3.MigrationStep3( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 3 + 3, + TestUtils.PARTITION_KEY ); // When: Execute Step 1 with sortReadValue=3, Then: Success (i.e. can read encrypted values) MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 3 + 3, + TestUtils.PARTITION_KEY ); + List sortkeys = Arrays.asList("0", "1", "2", "3"); + for (String sortkey : sortkeys) { + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + TestUtils.PARTITION_KEY, + sortkey + ); + } } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep2.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep2.java index 4f96af6db..f7ea5f65d 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep2.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep2.java @@ -1,9 +1,12 @@ package software.amazon.cryptography.examples.migration.awsdbe; +import java.util.Arrays; +import java.util.List; import org.testng.annotations.Test; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep1; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep2; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep3; +import software.amazon.cryptography.examples.migration.TestUtils; import software.amazon.cryptography.examples.plaintext.MigrationExampleStep0; public class TestMigrationExampleStep2 { @@ -14,42 +17,62 @@ public void TestMigrationStep2() { MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); // Given: Step 0 has succeeded - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 0); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY + ); // When: Execute Step 2 with sortReadValue=0, Then: Success (i.e. can read plaintext values) MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 0 + 0, + TestUtils.PARTITION_KEY ); // Given: Step 1 has succeeded MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 1 + 1, + TestUtils.PARTITION_KEY ); // When: Execute Step 2 with sortReadValue=1, Then: Success (i.e. can read encrypted values) MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 1 + 1, + TestUtils.PARTITION_KEY ); // Given: Step 3 has succeeded MigrationExampleStep3.MigrationStep3( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 3 + 3, + TestUtils.PARTITION_KEY ); // When: Execute Step 2 with sortReadValue=3, Then: Success (i.e. can read encrypted values) MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 3 + 3, + TestUtils.PARTITION_KEY ); + List sortkeys = Arrays.asList("0", "1", "2", "3"); + for (String sortkey : sortkeys) { + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + TestUtils.PARTITION_KEY, + sortkey + ); + } } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep3.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep3.java index 051cce5bd..dda4d6aa9 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep3.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestMigrationExampleStep3.java @@ -2,12 +2,14 @@ import static org.testng.Assert.assertThrows; +import java.util.Arrays; +import java.util.List; import org.testng.annotations.Test; import software.amazon.awssdk.core.exception.SdkClientException; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep1; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep2; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep3; -import software.amazon.cryptography.examples.migration.plaintext.TestUtils; +import software.amazon.cryptography.examples.migration.TestUtils; import software.amazon.cryptography.examples.plaintext.MigrationExampleStep0; public class TestMigrationExampleStep3 { @@ -16,57 +18,74 @@ public class TestMigrationExampleStep3 { public void TestMigrationStep0() { // Successfully executes step 3 MigrationExampleStep3.MigrationStep3( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 3 + TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_DDB_TABLE_NAME, + 3, + TestUtils.PARTITION_KEY ); // Given: Step 0 has succeeded MigrationExampleStep0.MigrationStep0( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 0 + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY ); // When: Execute Step 3 with sortReadValue=0, Then: throws SdkClientException (i.e. cannot read plaintext values) assertThrows( SdkClientException.class, () -> { MigrationExampleStep3.MigrationStep3( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 0 + TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY ); } ); // Given: Step 1 has succeeded MigrationExampleStep1.MigrationStep1( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 1 + TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_DDB_TABLE_NAME, + 1, + TestUtils.PARTITION_KEY ); // When: Execute Step 3 with sortReadValue=1, Then: throws SdkClientException (i.e. cannot read plaintext values) assertThrows( SdkClientException.class, () -> { MigrationExampleStep3.MigrationStep3( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 1 + TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_DDB_TABLE_NAME, + 1, + TestUtils.PARTITION_KEY ); } ); // Given: Step 2 has succeeded MigrationExampleStep2.MigrationStep2( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_DDB_TABLE_NAME, - 2 + TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_DDB_TABLE_NAME, + 2, + TestUtils.PARTITION_KEY ); // When: Execute Step 3 with sortReadValue=2, Then: Success (i.e. can read encrypted values) MigrationExampleStep3.MigrationStep3( - software.amazon.cryptography.examples.migration.plaintext.TestUtils.TEST_KMS_KEY_ID, + TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); + List sortkeys = Arrays.asList("0", "1", "2", "3"); + for (String sortkey : sortkeys) { + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + TestUtils.PARTITION_KEY, + sortkey + ); + } } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestUtils.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestUtils.java deleted file mode 100644 index 53c987bfc..000000000 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/TestUtils.java +++ /dev/null @@ -1,12 +0,0 @@ -package software.amazon.cryptography.examples.migration.awsdbe; - -public class TestUtils { - - // This is a public KMS Key that MUST only be used for testing, and MUST NOT be used for any production data - public static String TEST_KMS_KEY_ID = - "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f"; - - // Our tests require access to DDB Table with this name - public static final String TEST_DDB_TABLE_NAME = - "DynamoDbEncryptionInterceptorTestTable"; -} diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/encrypttable/TestEncryptExistingTable.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/encrypttable/TestEncryptExistingTable.java index 39bc62e08..57d01028e 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/encrypttable/TestEncryptExistingTable.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/awsdbe/encrypttable/TestEncryptExistingTable.java @@ -23,7 +23,7 @@ import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep1; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep2; import software.amazon.cryptography.examples.awsdbe.SimpleClass; -import software.amazon.cryptography.examples.migration.awsdbe.TestUtils; +import software.amazon.cryptography.examples.migration.TestUtils; import software.amazon.cryptography.examples.plaintext.MigrationExampleStep0; import software.amazon.cryptography.materialproviders.IKeyring; import software.amazon.cryptography.materialproviders.MaterialProviders; @@ -55,7 +55,8 @@ public class TestEncryptExistingTable { public static void EncryptExistingTable( String kmsKeyId, - String ddbTableName + String ddbTableName, + String partitionKey ) { // 1. Continue to configure your Keyring, Table Schema, // and allowedUnsignedAttributes as you did in Step 1. @@ -139,7 +140,7 @@ public static void EncryptExistingTable( Map expressionAttributesValues = new HashMap<>(); expressionAttributesValues.put( ":plaintexttest", - AttributeValue.builder().s("PlaintextMigrationExample").build() + AttributeValue.builder().s(partitionKey).build() ); ScanEnhancedRequest scanEnhancedRequest = ScanEnhancedRequest @@ -182,21 +183,39 @@ public static void EncryptExistingTable( @Test public void TestEncryptExistingTable() { // Given: All the previous migration steps have been run. - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 0); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY + ); MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 1 + 1, + TestUtils.PARTITION_KEY ); MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); // When: Execute migration, Then: Success (i.e. encrypts 2 plaintext values) EncryptExistingTable( TestUtils.TEST_KMS_KEY_ID, - TestUtils.TEST_DDB_TABLE_NAME + TestUtils.TEST_DDB_TABLE_NAME, + TestUtils.PARTITION_KEY ); + + List sortkeys = Arrays.asList("0", "1", "2"); + for (String sortkey : sortkeys) { + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + TestUtils.PARTITION_KEY, + sortkey + ); + } } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestMigrationExampleStep0.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestMigrationExampleStep0.java index 24db7f096..3c5548906 100644 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestMigrationExampleStep0.java +++ b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestMigrationExampleStep0.java @@ -2,10 +2,13 @@ import static org.testng.Assert.assertThrows; +import java.util.Arrays; +import java.util.List; import org.testng.annotations.Test; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep1; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep2; import software.amazon.cryptography.examples.awsdbe.MigrationExampleStep3; +import software.amazon.cryptography.examples.migration.TestUtils; import software.amazon.cryptography.examples.plaintext.MigrationExampleStep0; public class TestMigrationExampleStep0 { @@ -13,28 +16,42 @@ public class TestMigrationExampleStep0 { @Test public void TestMigrationStep0() { // Successfully executes step 0 - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 0); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 0, + TestUtils.PARTITION_KEY + ); // Given: Step 1 has succeeded MigrationExampleStep1.MigrationStep1( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 1 + 1, + TestUtils.PARTITION_KEY ); // When: Execute Step 0 with sortReadValue=1, Then: Success (i.e. can read plaintext values) - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 1); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 1, + TestUtils.PARTITION_KEY + ); // Given: Step 2 has succeeded MigrationExampleStep2.MigrationStep2( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 2 + 2, + TestUtils.PARTITION_KEY ); // When: Execute Step 0 with sortReadValue=2, Then: throws AssertionError (i.e. cannot read encrypted values) assertThrows( AssertionError.class, () -> { - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 2); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 2, + TestUtils.PARTITION_KEY + ); } ); @@ -42,14 +59,29 @@ public void TestMigrationStep0() { MigrationExampleStep3.MigrationStep3( TestUtils.TEST_KMS_KEY_ID, TestUtils.TEST_DDB_TABLE_NAME, - 3 + 3, + TestUtils.PARTITION_KEY ); // When: Execute Step 0 with sortReadValue=3, Then: throws AssertionError (i.e. cannot read encrypted values) assertThrows( AssertionError.class, () -> { - MigrationExampleStep0.MigrationStep0(TestUtils.TEST_DDB_TABLE_NAME, 3); + MigrationExampleStep0.MigrationStep0( + TestUtils.TEST_DDB_TABLE_NAME, + 3, + TestUtils.PARTITION_KEY + ); } ); + List sortkeys = Arrays.asList("0", "1", "2", "3"); + for (String sortkey : sortkeys) { + TestUtils.cleanUpDDBItem( + TestUtils.TEST_DDB_TABLE_NAME, + "partition_key", + "sort_key", + TestUtils.PARTITION_KEY, + sortkey + ); + } } } diff --git a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestUtils.java b/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestUtils.java deleted file mode 100644 index 1ba655da7..000000000 --- a/Examples/runtimes/java/Migration/PlaintextToAWSDBE/src/test/java/software/amazon/cryptography/examples/migration/plaintext/TestUtils.java +++ /dev/null @@ -1,12 +0,0 @@ -package software.amazon.cryptography.examples.migration.plaintext; - -public class TestUtils { - - // This is a public KMS Key that MUST only be used for testing, and MUST NOT be used for any production data - public static String TEST_KMS_KEY_ID = - "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f"; - - // Our tests require access to DDB Table with this name - public static final String TEST_DDB_TABLE_NAME = - "DynamoDbEncryptionInterceptorTestTable"; -}