Merge branch 'main' into rishav/constinExtern

Author: rishav-karanjit

.github/workflows/check-files.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   require-approvals:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
       pull-requests: write

.github/workflows/check_only_key_word.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   grep-only-verification-keyword:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
       pull-requests: write

.github/workflows/ci_codegen.yml

@@ -17,7 +17,7 @@ jobs:
         # Note dotnet is only used for formatting generated code
         # in this workflow
         dotnet-version: ["6.0.x"]
-        os: [ubuntu-latest]
+        os: [ubuntu-22.04]
     runs-on: ${{ matrix.os }}
     defaults:
       run:

.github/workflows/ci_duvet.yml

@@ -11,7 +11,7 @@ on:
 
 jobs:
   duvet:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v3
 

.github/workflows/ci_static_analysis.yml

@@ -9,7 +9,7 @@ on:
 
 jobs:
   not-grep:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
       - name: not-grep

.github/workflows/ci_test_net.yml

@@ -25,7 +25,7 @@ jobs:
       matrix:
         library: [DynamoDbEncryption]
         dotnet-version: ["6.0.x"]
-        os: [macos-13, ubuntu-latest, windows-latest]
+        os: [macos-13, ubuntu-22.04, windows-latest]
     runs-on: ${{ matrix.os }}
     permissions:
       id-token: write

.github/workflows/ci_test_vector_net.yml

@@ -27,7 +27,7 @@ jobs:
         dotnet-version: ["6.0.x"]
         os: [
             # Run on ubuntu image that comes pre-configured with docker
-            ubuntu-latest,
+            ubuntu-22.04,
           ]
     runs-on: ${{ matrix.os }}
     permissions:

.github/workflows/dafny_interop_examples_java.yml

@@ -56,7 +56,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_interop_examples_net.yml

@@ -56,7 +56,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_interop_java.yml

@@ -56,7 +56,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_interop_test_net.yml

@@ -24,7 +24,7 @@ jobs:
       matrix:
         library: [DynamoDbEncryption]
         dotnet-version: ["6.0.x"]
-        os: [macos-13, ubuntu-latest, windows-latest]
+        os: [macos-13, ubuntu-22.04, windows-latest]
     runs-on: ${{ matrix.os }}
     permissions:
       id-token: write
@@ -56,7 +56,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_interop_test_vector_java.yml

@@ -30,7 +30,7 @@ jobs:
         java-version: [8, 11, 16, 17]
         os: [
             # Run on ubuntu image that comes pre-configured with docker
-            ubuntu-latest,
+            ubuntu-22.04,
           ]
     runs-on: ${{ matrix.os }}
     permissions:
@@ -65,7 +65,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_interop_test_vector_net.yml

@@ -24,7 +24,7 @@ jobs:
       matrix:
         library: [TestVectors]
         dotnet-version: ["6.0.x"]
-        os: [ubuntu-latest]
+        os: [ubuntu-22.04]
     runs-on: ${{ matrix.os }}
     permissions:
       id-token: write
@@ -61,7 +61,6 @@ jobs:
         run: |
           git fetch
           git checkout ${{inputs.mpl-commit}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/dafny_verify_version.yml

@@ -12,7 +12,7 @@ on:
 
 jobs:
   getDafnyVerifyVersion:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       version: ${{ steps.read_property.outputs.dafnyVerifyVersion }}
     steps:

.github/workflows/dafny_version.yml

@@ -12,7 +12,7 @@ on:
 
 jobs:
   getDafnyVersion:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       version: ${{ steps.read_property.outputs.dafnyVersion }}
     steps:

.github/workflows/library_rust_tests.yml

@@ -26,7 +26,7 @@ jobs:
       matrix:
         library: [DynamoDbEncryption, TestVectors]
         # removed windows-latest because somehow it can't build aws-lc in CI
-        os: [ubuntu-latest, macos-13]
+        os: [ubuntu-22.04, macos-13]
     runs-on: ${{ matrix.os }}
     permissions:
       id-token: write

.github/workflows/mpl_head_version.yml

@@ -18,7 +18,7 @@ on:
 
 jobs:
   getMplHeadVersion:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       version: ${{ steps.read_property.outputs.mplVersion }}
     steps:
@@ -31,7 +31,6 @@ jobs:
         shell: bash
         run: |
           git checkout ${{inputs.mpl-head}}
-          git pull
           git submodule update --init --recursive
           git rev-parse HEAD
 

.github/workflows/nightly.yml

@@ -66,7 +66,7 @@ jobs:
       regenerate-code: true
 
   cut-issue-on-failure:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       id-token: write
       contents: read

.github/workflows/smithy-diff.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   require-approvals:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       issues: write
       pull-requests: write

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy

@@ -354,7 +354,8 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
   datatype MultiKeyStore = | MultiKeyStore (
     nameonly keyFieldName: string ,
     nameonly cacheTTL: int32 ,
-    nameonly cache: Option<AwsCryptographyMaterialProvidersTypes.CacheType> := Option.None
+    nameonly cache: Option<AwsCryptographyMaterialProvidersTypes.CacheType> := Option.None ,
+    nameonly partitionId: Option<string> := Option.None
   )
   datatype PartOnly = | PartOnly (
 
@@ -388,7 +389,9 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
   }
   datatype SingleKeyStore = | SingleKeyStore (
     nameonly keyId: string ,
-    nameonly cacheTTL: int32
+    nameonly cacheTTL: int32 ,
+    nameonly cache: Option<AwsCryptographyMaterialProvidersTypes.CacheType> := Option.None ,
+    nameonly partitionId: Option<string> := Option.None
   )
   datatype StandardBeacon = | StandardBeacon (
     nameonly name: string ,

DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy

@@ -708,6 +708,8 @@ structure KeyStoreReference {}
 //# On initialization of a Single Key Store, the caller MUST provide:
 //#  - [Beacon Key Id](#beacon-key-id)
 //#  - [cacheTTL](#cachettl)
+//#  - [cache](#key-store-cache)
+//#  - [partition-id](#partition-id)
 
 @javadoc("The configuration for using a single Beacon Key.")
 structure SingleKeyStore {
@@ -717,14 +719,19 @@ structure SingleKeyStore {
   @required
   @javadoc("How long (in seconds) the beacon key material is cached locally before it is re-retrieved from DynamoDB and re-authed with AWS KMS.")
   cacheTTL: Integer,
+  @documentation("Which type of local cache to use. Please see the [spec](https://github.com/aws/aws-database-encryption-sdk-dynamodb/blob/main/specification/searchable-encryption/search-config.md#key-store-cache) on how to provide a cache for a SingleKeyStore.")
+  cache : CacheType,
+  @documentation("Partition ID to distinguish Beacon Key Sources writing to a Shared cache. If the Partition ID is the same for two Beacon Key Sources, they can share the same cache entries in the Shared cache.")
+  partitionId: String
 }
 
 //= specification/searchable-encryption/search-config.md#multi-key-store-initialization
 //= type=implication
 //# On initialization of a Multi Key Store, the caller MUST provide:
 //#  - [Beacon Key Field Name](#beacon-key-field-name)
 //#  - [cacheTTL](#cachettl)
-//#  - [max cache size](#max-cache-size)
+//#  - [cache](#key-store-cache)
+//#  - [partition-id](#partition-id)
 
 @javadoc("The configuration for using multiple Beacon Keys.")
 structure MultiKeyStore {
@@ -735,7 +742,9 @@ structure MultiKeyStore {
   @javadoc("How long (in seconds) the beacon key material is cached locally before it is re-retrieved from DynamoDB and re-authed with AWS KMS.")
   cacheTTL: Integer,
   @javadoc("Which type of local cache to use.")
-  cache : CacheType
+  cache : CacheType,
+  @documentation("Partition ID to distinguish Beacon Key Sources writing to a Shared cache. If the Partition ID is the same for two Beacon Key Sources, they can share the same cache entries in the Shared cache.")
+  partitionId: String
 }
 
 //= specification/searchable-encryption/search-config.md#beacon-key-source