m

Lucas McDonald · Lucas McDonald · commit c20581f55ad9 · 2025-05-01T12:41:27.000-07:00
diff --git a/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/__init__.py b/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/__init__.py
@@ -1,14 +1,12 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 
+# Initialize generated Dafny, then initialize externs
 # Disable sorting imports; this order initializes code in the required order
 # (generated Dafny, then externs)
-# ruff: noqa: I
-# Initialize generated Dafny
-# Initialize externs
-# noqa: F401, F403
-from .internaldafny import extern
+# ruff: noqa: I001
 from .internaldafny.generated import module_
+from .internaldafny import extern
 
 """
 boto3 uses Python's decimal library to deserialize numbers retrieved by resources
diff --git a/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/resource.py b/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/resource.py
@@ -45,7 +45,7 @@ def __init__(
         self._encryption_config = encryption_config
 
     def all(self) -> Generator[EncryptedTable, None, None]:
-        """Creates an iterable of all EncryptedTable resources in the collection.
+        """Create an iterable of all EncryptedTable resources in the collection.
 
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#DynamoDB.ServiceResource.all
 
@@ -56,7 +56,7 @@ def all(self) -> Generator[EncryptedTable, None, None]:
         yield from self._transform_table(self._collection.all)
 
     def filter(self, **kwargs) -> Generator[EncryptedTable, None, None]:
-        """Creates an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.
+        """Create an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.
 
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#filter
 
@@ -67,7 +67,7 @@ def filter(self, **kwargs) -> Generator[EncryptedTable, None, None]:
         yield from self._transform_table(self._collection.filter, **kwargs)
 
     def limit(self, **kwargs) -> Generator[EncryptedTable, None, None]:
-        """Creates an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.
+        """Create an iterable of all EncryptedTable resources in the collection filtered by kwargs passed to method.
 
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#limit
 
@@ -78,8 +78,9 @@ def limit(self, **kwargs) -> Generator[EncryptedTable, None, None]:
         yield from self._transform_table(self._collection.limit, **kwargs)
 
     def page_size(self, **kwargs) -> Generator[EncryptedTable, None, None]:
-        """Creates an iterable of all EncryptedTable resources in the collection,
-        but limits the number of items returned by each service call by the specified amount.
+        """Create an iterable of all EncryptedTable resources in the collection.
+
+        This limits the number of items returned by each service call by the specified amount.
 
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/tables.html#page_size
 
@@ -109,12 +110,38 @@ def _boto_client_attr_name(self) -> str:
 
 
 class EncryptedResource(EncryptedBotoInterface):
+    """Wrapper for a boto3 DynamoDB resource.
+
+    This class implements the complete boto3 DynamoDB resource API, allowing it to serve as a
+    drop-in replacement that transparently handles encryption and decryption of items.
+
+    The API matches the standard boto3 DynamoDB resource interface:
+    https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/index.html
+
+    This class will encrypt/decrypt items for the following operations:
+        * batch_get_item
+        * batch_write_item
+
+    Calling Table() will return an EncryptedTable object.
+
+    Any other operations on this class will defer to the underlying boto3 DynamoDB resource's implementation
+        and will not be encrypted/decrypted.
+
+    """
+
     def __init__(
         self,
         *,
         resource: ServiceResource,
         encryption_config: DynamoDbTablesEncryptionConfig,
     ):
+        """Create an EncryptedResource object.
+
+        Args:
+            resource (ServiceResource): Initialized boto3 DynamoDB resource
+            encryption_config (DynamoDbTablesEncryptionConfig): Initialized DynamoDbTablesEncryptionConfig
+
+        """
         self._resource = resource
         self._encryption_config = encryption_config
         self._transformer = DynamoDbEncryptionTransforms(config=encryption_config)
@@ -125,12 +152,12 @@ def __init__(
         )
 
     def Table(self, name):
-        """Creates an EncryptedTable resource.
+        """Create an EncryptedTable resource.
 
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/Table.html
 
         Args:
-            name (str): The EncryptedTable's name. This must be set.
+            name (str): The EncryptedTable's name identifier. This must be set.
 
         Returns:
             EncryptedTable: An EncryptedTable resource
@@ -139,20 +166,16 @@ def Table(self, name):
         return EncryptedTable(table=self._resource.Table(name), encryption_config=self._encryption_config)
 
     def batch_get_item(self, **kwargs):
-        """Gets multiple items from one or more tables. Decrypts any returned items.
+        """Get multiple items from one or more tables. Decrypts any returned items.
 
         The parameters and return value match the boto3 DynamoDB batch_get_item API:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/batch_get_item.html
 
         Args:
-            RequestItems (dict): A map of table names to lists of keys to retrieve
-
-        These are only a list of required args; see boto3 docs for complete request structure.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 batch_get_item API parameters.
 
         Returns:
-            dict: The response from DynamoDB containing the requested items.
-
-        See boto3 docs for complete response structure.
+            dict: The response from DynamoDB. This matches the boto3 batch_get_item API response.
 
         """
         return self._resource_operation_logic(
@@ -170,20 +193,17 @@ def batch_get_item(self, **kwargs):
 
     def batch_write_item(self, **kwargs):
         """Put or delete multiple items in one or more tables.
+
         For put operations, encrypts items before writing.
 
         The parameters and return value match the boto3 DynamoDB batch_write_item API:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/service-resource/batch_write_item.html
 
         Args:
-            RequestItems (dict): A map of table names to lists of write operations
-
-        These are only a list of required args; see boto3 docs for complete request structure.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 batch_write_item API parameters.
 
         Returns:
-            dict: The response from DynamoDB.
-
-        See boto3 docs for complete response structure.
+            dict: The response from DynamoDB. This matches the boto3 batch_write_item API response.
 
         """
         return self._resource_operation_logic(
diff --git a/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/table.py b/DynamoDbEncryption/runtimes/python/src/aws_dbesdk_dynamodb/encrypted/table.py
@@ -44,11 +44,12 @@ class EncryptedTable(EncryptedBotoInterface):
         * query
         * scan
 
-    Any other operations on this class will defer to the underlying boto3 DynamoDB Table's implementation.
+    Calling batch_writer() will return a BatchWriter that transparently encrypts batch write requests.
 
-    Note: The update_item operation is not currently supported. Calling this operation will raise NotImplementedError.
+    Any other operations on this class will defer to the underlying boto3 DynamoDB Table's implementation
+        and will not be encrypted/decrypted.
 
-    EncryptedTable can also return a BatchWriter for transparent encryption of batch write requests.
+    Note: The update_item operation is not currently supported. Calling this operation will raise NotImplementedError.
     """
 
     def __init__(
@@ -61,7 +62,8 @@ def __init__(
 
         Args:
             table (ServiceResource): Initialized boto3 DynamoDB table
-            encryption_config (DynamoDbTablesEncryptionConfig): Initialized DynamoDbTablesEncryptionConfig
+            encryption_config (DynamoDbTablesEncryptionConfig): Initialized
+                ~aws_dbesdk_dynamodb.smithygenerated.aws_cryptography_dbencryptionsdk_dynamodb.models.DynamoDbTablesEncryptionConfig~
 
         """
         self._table = table
@@ -79,10 +81,10 @@ def put_item(self, **kwargs) -> dict[str, Any]:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/put_item.html
 
         Args:
-            **kwargs: Keyword arguments to pass to the scan operation. These match the boto3 scan API parameters.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 put_item API parameters.
 
         Returns:
-            dict: The response from DynamoDB containing the scanned items. This matches the boto3 scan API response.
+            dict: The response from DynamoDB. This matches the boto3 put_item API response.
 
         """
         return self._table_operation_logic(
@@ -105,10 +107,10 @@ def get_item(self, **kwargs) -> dict[str, Any]:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/get_item.html
 
         Args:
-            **kwargs: Keyword arguments to pass to the scan operation. These match the boto3 scan API parameters.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 get_item API parameters.
 
         Returns:
-            dict: The response from DynamoDB containing the scanned items. This matches the boto3 scan API response.
+            dict: The response from DynamoDB. This matches the boto3 get_item API response.
 
         """
         return self._table_operation_logic(
@@ -131,10 +133,10 @@ def query(self, **kwargs) -> dict[str, Any]:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/query.html
 
         Args:
-            **kwargs: Keyword arguments to pass to the scan operation. These match the boto3 scan API parameters.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 query API parameters.
 
         Returns:
-            dict: The response from DynamoDB containing the scanned items. This matches the boto3 scan API response.
+            dict: The response from DynamoDB. This matches the boto3 query API response.
 
         """
         return self._table_operation_logic(
@@ -157,10 +159,10 @@ def scan(self, **kwargs) -> dict[str, Any]:
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/dynamodb/table/scan.html
 
         Args:
-            **kwargs: Keyword arguments to pass to the scan operation. These match the boto3 scan API parameters.
+            **kwargs: Keyword arguments to pass to the operation. These match the boto3 scan API parameters.
 
         Returns:
-            dict: The response from DynamoDB containing the scanned items. This matches the boto3 scan API response.
+            dict: The response from DynamoDB. This matches the boto3 scan API response.
 
         """
         return self._table_operation_logic(
