m

Author: ajewellamz

DynamoDbEncryption/runtimes/rust/Cargo.toml

@@ -2,19 +2,25 @@
 name = "aws-db-esdk"
 version = "0.1.0"
 edition = "2021"
+rust-version = "1.80.0"
+keywords = ["crypto", "cryptography", "security", "dynamodb", "ddb", "encryption", "client-side", "clientside"]
+license = "ISC AND (Apache-2.0 OR ISC)"
+description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
+homepage = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
+repository = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
+authors = ["AWS-CryptoTools"]
+documentation = "https://docs.rs/crate/aws-db-esdk"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
 aws-config = "1.5.6"
 aws-lc-rs = "1.9.0"
-aws-lc-sys = "0.21.1"
-aws-sdk-dynamodb = "1.45.0"
-aws-sdk-kms = "1.43.0"
-aws-smithy-runtime = {version = "1.7.1", features = ["client"] }
+aws-lc-sys = "0.21.2"
+aws-sdk-dynamodb = "1.47.0"
+aws-sdk-kms = "1.44.0"
 aws-smithy-runtime-api = {version = "1.7.2", features = ["client"] }
 aws-smithy-types = "1.2.6"
-aws-types = "1.3.3"
 chrono = "0.4.38"
 dafny_runtime = { path = "dafny_runtime_rust"}
 dashmap = "6.1.0"
@@ -24,6 +30,3 @@ uuid = { version = "1.10.0", features = ["v4"] }
 
 [lib]
 path = "src/implementation_from_dafny.rs"
-
-[dev-dependencies]
-aws-sdk-sts = "1.43.0"

DynamoDbEncryption/runtimes/rust/dafny_runtime_rust/Cargo.toml

@@ -5,7 +5,5 @@ edition = "2021"
 
 [dependencies]
 once_cell = "1.18.0"
-paste = "1.0"
 num = "0.4"
 itertools = "0.11.0"
-as-any = "0.3.1"

DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs

@@ -55,7 +55,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // Note: RegionalRoleClientSupplier will internally use the key_arn's region
     // to retrieve the correct IAM role.
     let supplier_ref = ClientSupplierRef {
-        inner: std::rc::Rc::new(std::cell::RefCell::new(RegionalRoleClientSupplier::new())),
+        inner: std::rc::Rc::new(std::cell::RefCell::new(RegionalRoleClientSupplier {})),
     };
 
     let mrk_keyring_with_client_supplier = mpl

DynamoDbEncryption/runtimes/rust/examples/clientsupplier/regional_role_client_supplier.rs

@@ -3,69 +3,40 @@ use aws_db_esdk::aws_cryptography_materialProviders::types::ClientSupplier;
 use aws_db_esdk::deps::aws_cryptography_materialProviders::operation::get_client::GetClientInput;
 use aws_db_esdk::deps::aws_cryptography_materialProviders::types::error::Error;
 use aws_db_esdk::deps::com_amazonaws_kms::client::Client as kms_client;
-use aws_sdk_sts::Client as sts_client;
 
 /*
  Example class demonstrating an implementation of a custom client supplier.
  This particular implementation will create KMS clients with different IAM roles,
  depending on the region passed.
 */
 
-pub struct RegionalRoleClientSupplier {
-    sts_client: sts_client, // private readonly AmazonSecurityTokenServiceClient _stsClient = new AmazonSecurityTokenServiceClient();
-}
-
-impl RegionalRoleClientSupplier {
-    pub fn new() -> Self {
-        let sdk_config = tokio::task::block_in_place(|| {
-            tokio::runtime::Handle::current().block_on(async {
-                aws_config::load_defaults(aws_config::BehaviorVersion::v2024_03_28()).await
-            })
-        });
-        Self {
-            sts_client: sts_client::new(&sdk_config),
-        }
-    }
-}
+pub struct RegionalRoleClientSupplier {}
 
 impl ClientSupplier for RegionalRoleClientSupplier {
     fn get_client(&mut self, input: GetClientInput) -> Result<kms_client, Error> {
         let region = input.region.unwrap();
         let arn =
             super::regional_role_client_supplier_config::region_iam_role_map()[&region].clone();
-        let creds = tokio::task::block_in_place(|| {
+
+        use aws_config::sts::AssumeRoleProvider;
+
+        let provider = tokio::task::block_in_place(|| {
             tokio::runtime::Handle::current().block_on(async {
-                self.sts_client
-                    .assume_role()
-                    .role_arn(arn)
-                    .duration_seconds(900)
-                    .role_session_name("Rust-Client-Supplier-Example-Session")
-                    .send()
+                AssumeRoleProvider::builder(arn)
+                    .region(Region::new(region.clone()))
+                    .session_name("Rust-Client-Supplier-Example-Session")
+                    .build()
                     .await
             })
-        })
-        .unwrap();
-
-        let types_cred = creds.credentials.unwrap();
-        let config_creds = aws_sdk_sts::config::Credentials::new(
-            types_cred.access_key_id(),
-            types_cred.secret_access_key(),
-            Some(types_cred.session_token().to_string()),
-            Some(
-                std::time::SystemTime::UNIX_EPOCH
-                    + std::time::Duration::from_secs(types_cred.expiration().secs() as u64),
-            ),
-            "SomeProvider",
-        );
-        let cred_prov = aws_sdk_kms::config::SharedCredentialsProvider::new(config_creds);
+        });
 
         let sdk_config = tokio::task::block_in_place(|| {
             tokio::runtime::Handle::current().block_on(async {
                 aws_config::load_defaults(aws_config::BehaviorVersion::v2024_03_28()).await
             })
         });
         let kms_config = aws_sdk_kms::config::Builder::from(&sdk_config)
-            .credentials_provider(cred_prov)
+            .credentials_provider(provider)
             .region(Region::new(region))
             .build();