-
Notifications
You must be signed in to change notification settings - Fork 71
Update documentation and warnings related to SaveBehavior. #44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 1 commit
b988c8e
b5f7fe9
8a00b2a
c1f74d0
cd1ebb4
7530a1e
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,6 +52,7 @@ public static void encryptRecord(final String cmkArn, final String region) { | |
// Encryptor creation | ||
final DynamoDBEncryptor encryptor = DynamoDBEncryptor.getInstance(cmp); | ||
// Mapper Creation | ||
// Please note the use of SaveBehavior.CLOBBER. Omitting this may result in data-corruption. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/may/can/? |
||
DynamoDBMapperConfig mapperConfig = DynamoDBMapperConfig.builder().withSaveBehavior(SaveBehavior.CLOBBER).build(); | ||
DynamoDBMapper mapper = new DynamoDBMapper(ddb, mapperConfig, new AttributeEncryptor(encryptor)); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,13 +14,10 @@ | |
*/ | ||
package com.amazonaws.services.dynamodbv2.datamodeling; | ||
|
||
import java.util.Collections; | ||
import java.util.EnumSet; | ||
import java.util.HashMap; | ||
import java.util.Map; | ||
import java.util.Set; | ||
import java.util.*; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Bad IntelliJ setting injected an import-*. I'll fix this. |
||
import java.util.concurrent.ConcurrentHashMap; | ||
|
||
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMapperConfig.SaveBehavior; | ||
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMappingsRegistry.Mapping; | ||
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMappingsRegistry.Mappings; | ||
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DoNotEncrypt; | ||
|
@@ -32,13 +29,18 @@ | |
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.TableAadOverride; | ||
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.EncryptionMaterialsProvider; | ||
import com.amazonaws.services.dynamodbv2.model.AttributeValue; | ||
import org.apache.commons.logging.Log; | ||
import org.apache.commons.logging.LogFactory; | ||
|
||
/** | ||
* Encrypts all non-key fields prior to storing them in DynamoDB. | ||
* <em>It is critically important that this is only used with @{link SaveBehavior#CLOBBER}. Use of | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Brevity for grokability?:
Also, I think June would suggest using "can" rather than "may" for clarity, since it is a possibility, not a permission. |
||
* any other @{code SaveBehavior} may result in data-corruption.</em> | ||
* | ||
* @author Greg Rubin | ||
*/ | ||
public class AttributeEncryptor implements AttributeTransformer { | ||
private static final Log LOG = LogFactory.getLog(AttributeEncryptor.class); | ||
private final DynamoDBEncryptor encryptor; | ||
private final Map<Class<?>, ModelClassMetadata> metadataCache = new ConcurrentHashMap<>(); | ||
|
||
|
@@ -58,9 +60,20 @@ public DynamoDBEncryptor getEncryptor() { | |
public Map<String, AttributeValue> transform(final Parameters<?> parameters) { | ||
// one map of attributeFlags per model class | ||
final ModelClassMetadata metadata = getModelClassMetadata(parameters); | ||
|
||
final Map<String, AttributeValue> attributeValues = parameters.getAttributeValues(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you please add a short comment explaining the case being handled here / why this is set to behave this way, for clarity/maintainers? |
||
if (metadata.doNotTouch) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This looks like a behavior change, unless I am missing something. Can we cover it? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It isn't a behavior change. In a "DoNotTouch" case, we make no changes whatsoever to the underlying data. I'm just short-circuiting that logic. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OK. |
||
return attributeValues; | ||
} | ||
|
||
if (parameters.isPartialUpdate()) { | ||
LOG.error("Use of AttributeEncryptor without SaveBehavior.CLOBBER is an error and may result in data-corruption. " + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. s/may/can/? |
||
"This occured while trying to save " + parameters.getModelClass()); | ||
} | ||
|
||
try { | ||
return encryptor.encryptRecord( | ||
parameters.getAttributeValues(), | ||
attributeValues, | ||
metadata.getEncryptionFlags(), | ||
paramsToContext(parameters)); | ||
} catch (Exception ex) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we compact the wording of the warning for grokkability, and add an expanded explanation?
Perhaps:
Should https://github.com/aws/aws-dynamodb-encryption-java/blame/ded8364a9baee731f6f83ddddca8cec5bc614f9c/README.md#L77 be
DynamoDBMapperConfig.CLOBBER
as well? It looks to my quick read like it is affected, since it's using theAttributeEncryptor
.