diff --git a/.github/workflows/ci_codegen.yml b/.github/workflows/ci_codegen.yml index ece6e8709..39ce72029 100644 --- a/.github/workflows/ci_codegen.yml +++ b/.github/workflows/ci_codegen.yml @@ -34,7 +34,9 @@ jobs: - uses: actions/checkout@v5 with: submodules: recursive - - run: git submodule update --init --recursive submodules/smithy-dafny + - run: | + git submodule update --init --recursive submodules/smithy-dafny + git submodule update --init --recursive submodules/MaterialProviders # Only used to format generated code # and to translate version strings such as "nightly-latest" diff --git a/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.2.0.patch b/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.2.0.patch deleted file mode 100644 index e777b5f4a..000000000 --- a/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.2.0.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff --git b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs -index 9a951767..5c0cee33 100644 ---- b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs -+++ a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs -@@ -7,6 +7,43 @@ namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb - { - public static class TypeConversion - { -+ // BEGIN MANUAL EDIT -+ public static AWS.Cryptography.KeyStore.KeyStore FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient value) -+ { -+ if (value is software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient dafnyValue) -+ { -+ return new AWS.Cryptography.KeyStore.KeyStore(dafnyValue); -+ } -+ throw new System.ArgumentException("Custom implementations of AWS.Cryptography.KeyStore.KeyStore are not supported yet"); -+ } -+ public static software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(AWS.Cryptography.KeyStore.KeyStore value) -+ { -+ if (value is AWS.Cryptography.KeyStore.KeyStore nativeValue) -+ { -+ return nativeValue.impl(); -+ } -+ throw new System.ArgumentException("Custom implementations of AWS.Cryptography.KeyStore.KeyStore are not supported yet"); -+ } -+ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.ILegacyDynamoDbEncryptor FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S32_LegacyDynamoDbEncryptorReference(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.ILegacyDynamoDbEncryptor value) -+ { -+ if (value is NativeWrapper_LegacyDynamoDbEncryptor nativeWrapper) return nativeWrapper._impl; -+ return new LegacyDynamoDbEncryptor(value); -+ -+ } -+ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.ILegacyDynamoDbEncryptor ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S32_LegacyDynamoDbEncryptorReference(AWS.Cryptography.DbEncryptionSDK.DynamoDb.ILegacyDynamoDbEncryptor value) -+ { -+ switch (value) -+ { -+ case LegacyDynamoDbEncryptor valueWithImpl: -+ return valueWithImpl._impl; -+ case LegacyDynamoDbEncryptorBase nativeImpl: -+ return new NativeWrapper_LegacyDynamoDbEncryptor(nativeImpl); -+ default: -+ throw new System.ArgumentException( -+ "Custom implementations of LegacyDynamoDbEncryptor must extend LegacyDynamoDbEncryptorBase."); -+ } -+ } -+ // END MANUAL EDIT - public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconKeySource FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_BeaconKeySource(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IBeaconKeySource value) - { - software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconKeySource concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconKeySource)value; diff --git a/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.8.0.patch b/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.8.0.patch index 4f80638b8..7751297af 100644 --- a/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.8.0.patch +++ b/DynamoDbEncryption/codegen-patches/DynamoDbEncryption/dotnet/dafny-4.8.0.patch @@ -1,51 +1,15 @@ diff --git b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs -index 9601968..a2a04f8 100644 +index 64de7ab2..63a975a6 100644 --- b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs +++ a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs -@@ -7,10 +7,43 @@ namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +@@ -7,10 +7,6 @@ namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb { public static class TypeConversion { - private const string ISO8601DateFormat = "yyyy-MM-dd\\THH:mm:ss.fff\\Z"; - - private const string ISO8601DateFormatNoMS = "yyyy-MM-dd\\THH:mm:ss\\Z"; -+ // BEGIN MANUAL EDIT -+ public static AWS.Cryptography.KeyStore.KeyStore FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient value) -+ { -+ if (value is software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient dafnyValue) -+ { -+ return new AWS.Cryptography.KeyStore.KeyStore(dafnyValue); -+ } -+ throw new System.ArgumentException("Custom implementations of AWS.Cryptography.KeyStore.KeyStore are not supported yet"); -+ } -+ public static software.amazon.cryptography.keystore.internaldafny.types.IKeyStoreClient ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(AWS.Cryptography.KeyStore.KeyStore value) -+ { -+ if (value is AWS.Cryptography.KeyStore.KeyStore nativeValue) -+ { -+ return nativeValue.impl(); -+ } -+ throw new System.ArgumentException("Custom implementations of AWS.Cryptography.KeyStore.KeyStore are not supported yet"); -+ } -+ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.ILegacyDynamoDbEncryptor FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S32_LegacyDynamoDbEncryptorReference(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.ILegacyDynamoDbEncryptor value) -+ { -+ if (value is NativeWrapper_LegacyDynamoDbEncryptor nativeWrapper) return nativeWrapper._impl; -+ return new LegacyDynamoDbEncryptor(value); - -+ } -+ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.ILegacyDynamoDbEncryptor ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S32_LegacyDynamoDbEncryptorReference(AWS.Cryptography.DbEncryptionSDK.DynamoDb.ILegacyDynamoDbEncryptor value) -+ { -+ switch (value) -+ { -+ case LegacyDynamoDbEncryptor valueWithImpl: -+ return valueWithImpl._impl; -+ case LegacyDynamoDbEncryptorBase nativeImpl: -+ return new NativeWrapper_LegacyDynamoDbEncryptor(nativeImpl); -+ default: -+ throw new System.ArgumentException( -+ "Custom implementations of LegacyDynamoDbEncryptor must extend LegacyDynamoDbEncryptorBase."); -+ } -+ } -+ // END MANUAL EDIT - public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconKeySource FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_BeaconKeySource(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IBeaconKeySource value) +- + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S5_AsSet(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IAsSet value) { - software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconKeySource concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconKeySource)value; + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.AsSet concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.AsSet)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet(); return converted; diff --git a/DynamoDbEncryption/codegen-patches/DynamoDbEncryptionTransforms/dotnet/dafny-4.8.0.patch b/DynamoDbEncryption/codegen-patches/DynamoDbEncryptionTransforms/dotnet/dafny-4.8.0.patch index e4f743fff..6d8621f70 100644 --- a/DynamoDbEncryption/codegen-patches/DynamoDbEncryptionTransforms/dotnet/dafny-4.8.0.patch +++ b/DynamoDbEncryption/codegen-patches/DynamoDbEncryptionTransforms/dotnet/dafny-4.8.0.patch @@ -1,5 +1,5 @@ diff --git b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs -index 2f95341..36226d3 100644 +index b7d2a823..0c973183 100644 --- b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs +++ a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs @@ -7,10 +7,6 @@ namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms @@ -10,6 +10,6 @@ index 2f95341..36226d3 100644 - - private const string ISO8601DateFormatNoMS = "yyyy-MM-dd\\THH:mm:ss\\Z"; - - public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.DynamoDbTablesEncryptionConfig FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S30_DynamoDbTablesEncryptionConfig(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IDynamoDbTablesEncryptionConfig value) + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S5_AsSet(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IAsSet value) { - software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.DynamoDbTablesEncryptionConfig concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.DynamoDbTablesEncryptionConfig)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.DynamoDbTablesEncryptionConfig converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.DynamoDbTablesEncryptionConfig(); converted.TableEncryptionConfigs = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S30_DynamoDbTablesEncryptionConfig__M22_tableEncryptionConfigs(concrete._tableEncryptionConfigs); return converted; + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.AsSet concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.AsSet)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.AsSet(); return converted; diff --git a/DynamoDbEncryption/codegen-patches/DynamoDbItemEncryptor/dotnet/dafny-4.8.0.patch b/DynamoDbEncryption/codegen-patches/DynamoDbItemEncryptor/dotnet/dafny-4.8.0.patch index 5631d0784..59da5f2af 100644 --- a/DynamoDbEncryption/codegen-patches/DynamoDbItemEncryptor/dotnet/dafny-4.8.0.patch +++ b/DynamoDbEncryption/codegen-patches/DynamoDbItemEncryptor/dotnet/dafny-4.8.0.patch @@ -1,5 +1,5 @@ diff --git b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbItemEncryptor/TypeConversion.cs a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbItemEncryptor/TypeConversion.cs -index da904fc..c5b0bed 100644 +index b4a90d1b..b5d5046a 100644 --- b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbItemEncryptor/TypeConversion.cs +++ a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbItemEncryptor/TypeConversion.cs @@ -7,10 +7,6 @@ namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb.ItemEncryptor @@ -10,6 +10,6 @@ index da904fc..c5b0bed 100644 - - private const string ISO8601DateFormatNoMS = "yyyy-MM-dd\\THH:mm:ss\\Z"; - - public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.ItemEncryptor.DecryptItemInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N13_itemEncryptor__S16_DecryptItemInput(software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types._IDecryptItemInput value) + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S16_AttributeActions(Dafny.IMap, software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._ICryptoAction> value) { - software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types.DecryptItemInput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.itemencryptor.internaldafny.types.DecryptItemInput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.ItemEncryptor.DecryptItemInput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.ItemEncryptor.DecryptItemInput(); converted.EncryptedItem = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N13_itemEncryptor__S16_DecryptItemInput__M13_encryptedItem(concrete._encryptedItem); return converted; + return value.ItemEnumerable.ToDictionary(pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S16_AttributeActions__M3_key(pair.Car), pair => FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S16_AttributeActions__M5_value(pair.Cdr)); diff --git a/DynamoDbEncryption/codegen-patches/StructuredEncryption/dotnet/dafny-4.8.0.patch b/DynamoDbEncryption/codegen-patches/StructuredEncryption/dotnet/dafny-4.8.0.patch index 4f5051d38..13d541deb 100644 --- a/DynamoDbEncryption/codegen-patches/StructuredEncryption/dotnet/dafny-4.8.0.patch +++ b/DynamoDbEncryption/codegen-patches/StructuredEncryption/dotnet/dafny-4.8.0.patch @@ -1,5 +1,5 @@ diff --git b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs -index d0a4e58..4e9890c 100644 +index df81f311..ac28fc2a 100644 --- b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs +++ a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/TypeConversion.cs @@ -7,10 +7,6 @@ namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption @@ -10,6 +10,6 @@ index d0a4e58..4e9890c 100644 - - private const string ISO8601DateFormatNoMS = "yyyy-MM-dd\\THH:mm:ss\\Z"; - - public static AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S18_AuthenticateAction(software.amazon.cryptography.dbencryptionsdk.structuredencryption.internaldafny.types._IAuthenticateAction value) + public static AWS.Cryptography.Primitives.AtomicPrimitives FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N20_structuredEncryption__S25_AtomicPrimitivesReference(software.amazon.cryptography.primitives.internaldafny.types.IAwsCryptographicPrimitivesClient value) { - if (value.is_SIGN) return AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction.SIGN; + if (value is software.amazon.cryptography.primitives.internaldafny.types.IAwsCryptographicPrimitivesClient dafnyValue) diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy index 2712ba605..2fdcff8a8 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/AwsCryptographyDbEncryptionSdkDynamoDbTypes.dfy @@ -46,7 +46,10 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald nameonly compoundBeacons: Option := Option.None , nameonly virtualFields: Option := Option.None , nameonly encryptedParts: Option := Option.None , - nameonly signedParts: Option := Option.None + nameonly signedParts: Option := Option.None , + nameonly maximumNumberOfPartitions: Option := Option.None , + nameonly defaultNumberOfPartitions: Option := Option.None , + nameonly partitionSelector: Option := Option.None ) type BeaconVersionList = x: seq | IsValid_BeaconVersionList(x) witness * predicate method IsValid_BeaconVersionList(x: seq) { @@ -281,6 +284,14 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald datatype GetEncryptedDataKeyDescriptionUnion = | header(header: seq) | item(item: ComAmazonawsDynamodbTypes.AttributeMap) + datatype GetPartitionNumberInput = | GetPartitionNumberInput ( + nameonly item: ComAmazonawsDynamodbTypes.AttributeMap , + nameonly numberOfPartitions: PartitionCount , + nameonly logicalTableName: string + ) + datatype GetPartitionNumberOutput = | GetPartitionNumberOutput ( + nameonly partitionNumber: PartitionNumber + ) datatype GetPrefix = | GetPrefix ( nameonly length: int32 ) @@ -357,6 +368,79 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald nameonly cache: Option := Option.None , nameonly partitionId: Option := Option.None ) + type PartitionCount = x: int32 | IsValid_PartitionCount(x) witness * + predicate method IsValid_PartitionCount(x: int32) { + ( 1 <= x <= 255 ) + } + type PartitionNumber = x: int32 | IsValid_PartitionNumber(x) witness * + predicate method IsValid_PartitionNumber(x: int32) { + ( 0 <= x <= 254 ) + } + class IPartitionSelectorCallHistory { + ghost constructor() { + GetPartitionNumber := []; + } + ghost var GetPartitionNumber: seq>> + } + trait {:termination false} IPartitionSelector + { + // Helper to define any additional modifies/reads clauses. + // If your operations need to mutate state, + // add it in your constructor function: + // Modifies := {your, fields, here, History}; + // If you do not need to mutate anything: + // Modifies := {History}; + + ghost const Modifies: set + // For an unassigned field defined in a trait, + // Dafny can only assign a value in the constructor. + // This means that for Dafny to reason about this value, + // it needs some way to know (an invariant), + // about the state of the object. + // This builds on the Valid/Repr paradigm + // To make this kind requires safe to add + // to methods called from unverified code, + // the predicate MUST NOT take any arguments. + // This means that the correctness of this requires + // MUST only be evaluated by the class itself. + // If you require any additional mutation, + // then you MUST ensure everything you need in ValidState. + // You MUST also ensure ValidState in your constructor. + predicate ValidState() + ensures ValidState() ==> History in Modifies + ghost const History: IPartitionSelectorCallHistory + predicate GetPartitionNumberEnsuresPublicly(input: GetPartitionNumberInput , output: Result) + // The public method to be called by library consumers + method GetPartitionNumber ( input: GetPartitionNumberInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} , + History`GetPartitionNumber + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures GetPartitionNumberEnsuresPublicly(input, output) + ensures History.GetPartitionNumber == old(History.GetPartitionNumber) + [DafnyCallEvent(input, output)] + { + output := GetPartitionNumber' (input); + History.GetPartitionNumber := History.GetPartitionNumber + [DafnyCallEvent(input, output)]; + } + // The method to implement in the concrete class. + method GetPartitionNumber' ( input: GetPartitionNumberInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures GetPartitionNumberEnsuresPublicly(input, output) + ensures unchanged(History) + + } datatype PartOnly = | PartOnly ( ) @@ -397,7 +481,8 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald nameonly name: string , nameonly length: BeaconBitLength , nameonly loc: Option := Option.None , - nameonly style: Option := Option.None + nameonly style: Option := Option.None , + nameonly numberOfPartitions: Option := Option.None ) type StandardBeaconList = x: seq | IsValid_StandardBeaconList(x) witness * predicate method IsValid_StandardBeaconList(x: seq) { diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy index 87716dcc5..d3945bf1f 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/Model/DynamoDbEncryption.smithy @@ -49,6 +49,46 @@ service DynamoDbEncryption { errors: [ DynamoDbEncryptionException ] } +resource PartitionSelector { + operations: [GetPartitionNumber] +} + +@reference(resource: PartitionSelector) +structure PartitionSelectorReference {} + +operation GetPartitionNumber { + input: GetPartitionNumberInput, + output: GetPartitionNumberOutput, +} + +//= specification/searchable-encryption/search-config.md#partition-selector +//= type=implication +//# GetPartitionNumber MUST take as input +//# +//# - A DynamoDB Item (i.e an AttributeMap) +//# - The [number of partitions](#max-partitions) defined in the associated [beacon version](#beacon-version-initialization). +//# - The logical table name for this defined in the associated [table config](../dynamodb-encryption-client/ddb-table-encryption-config.md#structure). + +structure GetPartitionNumberInput { + @required + item: AttributeMap, + @required + numberOfPartitions : PartitionCount, + @required + logicalTableName: String, +} + +//= specification/searchable-encryption/search-config.md#partition-selector +//= type=implication +//# GetPartitionNumber MUST return +//# +//# - The number of the partition to use for this item + +structure GetPartitionNumberOutput { + @required + partitionNumber: PartitionNumber +} + @javadoc("Returns encrypted data key description.") operation GetEncryptedDataKeyDescription { input: GetEncryptedDataKeyDescriptionInput, @@ -206,7 +246,7 @@ structure DynamoDbTableEncryptionConfig { @javadoc("A configuration that override encryption and/or decryption to instead perform legacy encryption and/or decryption. Used as part of migration from version 2.x to version 3.x.") legacyOverride: LegacyOverride, @javadoc("A configuration that override encryption and/or decryption to instead passthrough and write and/or read plaintext. Used to update plaintext tables to fully use client-side encryption.") - plaintextOverride: PlaintextOverride + plaintextOverride: PlaintextOverride, } map AttributeActions { @@ -247,7 +287,7 @@ structure LegacyDynamoDbEncryptorReference {} @javadoc("A configuration for overriding encryption and/or decryption to instead perform legacy encryption and decryption.") structure LegacyOverride { @required - @javadoc("A policy which configurates whether legacy behavior overrides encryption and/or decryption.") + @javadoc("A policy which configures whether legacy behavior overrides encryption and/or decryption.") policy: LegacyPolicy, @required @javadoc("A configuration for the legacy DynamoDB Encryption Client's Encryptor.") @@ -286,6 +326,12 @@ integer BeaconBitLength @range(min: 1) integer VersionNumber +@range(min: 1, max: 255) +integer PartitionCount + +@range(min: 0, max: 254) +integer PartitionNumber + @length(min: 1, max: 1) string Char @@ -476,7 +522,7 @@ structure GetSegment { @javadoc("The characters to split on.") split : Char, @required - @javadoc("The index of the split string result to return. 0 represents the segment before the first split character. -1 respresents the segment after the last split character.") + @javadoc("The index of the split string result to return. 0 represents the segment before the first split character. -1 represents the segment after the last split character.") index : Integer } @@ -636,7 +682,7 @@ structure Constructor { //# - A name -- a string //# - A required flag -- a boolean -@javadoc("A part of a Compound Becaon Construction.") +@javadoc("A part of a Compound Beacon Construction.") structure ConstructorPart { @required @javadoc("The name of the Encrypted Part or Signed Part for which this constructor part gets a value.") @@ -669,6 +715,8 @@ structure StandardBeacon { loc : TerminalLocation, @javadoc("Optional augmented behavior.") style : BeaconStyle, + @javadoc("The number of separate partitions across which this particular beacon should be divided. Ths must be no greater than the global numberOfPartitions, and can never be changed once an item containing this beacon has been written.") + numberOfPartitions : PartitionCount } //= specification/searchable-encryption/beacons.md#compound-beacon-initialization @@ -789,13 +837,22 @@ structure BeaconVersion { @javadoc("The Compound Beacons to be written with items.") compoundBeacons : CompoundBeaconList, - @javadoc("The Virtual Fields to be calculated, supporting other searchable enryption configurations.") + @javadoc("The Virtual Fields to be calculated, supporting other searchable encryption configurations.") virtualFields : VirtualFieldList, @javadoc("The list of Encrypted Parts that may be included in any compound beacon.") encryptedParts : EncryptedPartsList, @javadoc("The list of Signed Parts that may be included in any compound beacon.") signedParts : SignedPartsList, + + @javadoc("The number of separate partitions across which beacons should be divided.") + maximumNumberOfPartitions : PartitionCount, + + @javadoc("The number of partitions for any beacon that doesn't specify a numberOfPartitions") + defaultNumberOfPartitions : PartitionCount, + + @javadoc("How to choose the partition for an item. Default behavior is a random between 0 and maximumNumberOfPartitions.") + partitionSelector: PartitionSelectorReference, } //= specification/searchable-encryption/search-config.md#initialization diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy index a6b9b428d..d896e475b 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/AwsCryptographyDbEncryptionSdkDynamoDbOperations.dfy @@ -43,6 +43,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbOperations refines AbstractAwsCrypt ) ); } + predicate GetEncryptedDataKeyDescriptionEnsuresPublicly(input: GetEncryptedDataKeyDescriptionInput , output: Result) {true} diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Beacon.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Beacon.dfy index 6d423cc91..0a4b7b337 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Beacon.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Beacon.dfy @@ -15,6 +15,7 @@ module BaseBeacon { import opened DynamoDbEncryptionUtil import opened DdbVirtualFields import opened Seq + import opened StandardLibrary.MemoryMath import DynamoToStruct import DDB = ComAmazonawsDynamodbTypes @@ -42,7 +43,7 @@ module BaseBeacon { //= specification/searchable-encryption/beacons.md#basichash //= type=implication //# * basicHash MUST take an [hmac key](./search-config.md#hmac-key-generation), a [beacon length](#beacon-length) and a sequence of bytes as input. - function method {:opaque} hash(val : Bytes, key : Bytes, length : BeaconLength) + function method {:opaque} hash(val : Bytes, key : Bytes, length : BeaconLength, partition : PartitionBytes) : (ret : Result) ensures ret.Success? ==> //= specification/searchable-encryption/beacons.md#basichash @@ -50,8 +51,8 @@ module BaseBeacon { //# * basicHash MUST produce a non-empty string as output. && |ret.value| > 0 - && getHmac(val, key).Success? - && var hash := getHmac(val, key).value; + && getHmac(val+partition, key).Success? + && var hash := getHmac(val+partition, key).value; //= specification/searchable-encryption/beacons.md#basichash //= type=implication @@ -64,19 +65,19 @@ module BaseBeacon { && |ret.value| == (((length as uint8) + 3) / 4) as nat { - var hash :- getHmac(val, key); + var hash :- getHmac(val + partition, key); Success(BytesToHex(hash, length)) } // Get the standard hash for the UTF8 encoded representation of this string. - function method {:opaque} hashStr(val : string, key : Bytes, length : BeaconLength) : (res : Result) + function method {:opaque} hashStr(val : string, key : Bytes, length : BeaconLength, partition : PartitionBytes) : (res : Result) ensures res.Success? ==> |res.value| > 0 { var str := UTF8.Encode(val); if str.Failure? then Failure(E(str.error)) else - hash(str.value, key, length) + hash(str.value, key, length, partition) } // calculate the HMAC for some bytes @@ -111,7 +112,8 @@ module BaseBeacon { loc : string, partOnly : bool, asSet : bool, - share : Option + share : Option, + numberOfPartitions : PartitionCount ) : (ret : Result) ensures ret.Success? ==> @@ -131,7 +133,8 @@ module BaseBeacon { termLoc, partOnly, asSet, - share + share, + numberOfPartitions )) } datatype StandardBeacon = StandardBeacon ( @@ -140,18 +143,34 @@ module BaseBeacon { loc : TermLoc.TermLoc, partOnly : bool, asSet : bool, - share : Option + share : Option, + numberOfPartitions : PartitionCount ) { - function method {:opaque} hash(val : Bytes, key : Bytes) + + //= specification/searchable-encryption/beacons.md#beacon-constraint + //# If an item is being written or queried as partition `X`, but the [standard beacon](#standard-beacon-initialization) is constrained to only `N` partitions, + //# then the partition used to [encode](#beacon-partition-encoding) the beacon MUST be `X % N`, where `%` is the modulo or remainder operation. + function method constrained_partition(partition : PartitionNumber) : PartitionBytes + { + if numberOfPartitions == 0 || partition == 0 then + PartitionNumberToBytes(partition) + else + var newPartition : PartitionNumber := (partition as PartitionCount % numberOfPartitions) as PartitionNumber; + PartitionNumberToBytes(newPartition) + } + + function method {:opaque} hash(val : Bytes, key : Bytes, partition : PartitionNumber) : (ret : Result) ensures ret.Success? ==> && |ret.value| > 0 - && base.hash(val, key, length).Success? - && ret.value == base.hash(val, key, length).value + && base.hash(val, key, length, constrained_partition(partition)).Success? + && ret.value == base.hash(val, key, length, constrained_partition(partition)).value && |ret.value| == (((length as uint8) + 3) / 4) as nat { - base.hash(val, key, length) + //= specification/searchable-encryption/beacons.md#value-for-a-non-set-standard-beacon + //# - The serialized form MUST be augmented as per [beacon partition encoding](#beacon-partition-encoding). + base.hash(val, key, length, constrained_partition(partition)) } // return the name of the hmac key to use @@ -170,7 +189,7 @@ module BaseBeacon { //= type=implication //# * string hash MUST take a string and some [key materials](./search-config.md#get-beacon-key-materials) //# as input, and produce a string as output. - function method {:opaque} hashStr(val : string, keys : HmacKeyMap) : (res : Result) + function method {:opaque} hashStr(val : string, keys : HmacKeyMap, partition : PartitionNumber) : (res : Result) ensures res.Success? ==> |res.value| > 0 //= specification/searchable-encryption/beacons.md#string-hash @@ -182,18 +201,18 @@ module BaseBeacon { && keyName() in keys && UTF8.Encode(val).Success? && var str := UTF8.Encode(val).value; - && hash(str, keys[keyName()]).Success? - && res.value == hash(str, keys[keyName()]).value + && hash(str, keys[keyName()], partition).Success? + && res.value == hash(str, keys[keyName()], partition).value { :- Need(keyName() in keys, E("Internal Error, no key for " + keyName())); var str := UTF8.Encode(val); if str.Failure? then Failure(E(str.error)) else - hash(str.value, keys[keyName()]) + hash(str.value, keys[keyName()], partition) } - function method {:opaque} ValueToSet(value : DDB.AttributeValue, key : Bytes) : (ret : Result) + function method {:opaque} ValueToSet(value : DDB.AttributeValue, key : Bytes, partition : PartitionNumber) : (ret : Result) ensures ret.Success? ==> ret.value.SS? ensures !value.SS? && !value.NS? && !value.BS? ==> ret.Failure? ensures ret.Success? ==> HasNoDuplicates(ret.value.SS) @@ -201,9 +220,9 @@ module BaseBeacon { reveal HasNoDuplicates(); assert HasNoDuplicates([]); var beaconSeq :- match value { - case SS(n) => BeaconizeStringSet(n, key) - case NS(n) => BeaconizeNumberSet(n, key) - case BS(n) => BeaconizeBinarySet(n, key) + case SS(n) => BeaconizeStringSet(n, key, partition) + case NS(n) => BeaconizeNumberSet(n, key, partition) + case BS(n) => BeaconizeBinarySet(n, key, partition) case _ => Failure(E("Beacon " + base.name + " has style AsSet, but attribute has type " + AttrTypeToStr(value) + ".")) }; Success(DDB.AttributeValue.SS(beaconSeq)) @@ -212,22 +231,22 @@ module BaseBeacon { //= specification/searchable-encryption/beacons.md#value-for-a-standard-beacon //= type=implication //# * This operation MUST take an [hmac key](./search-config.md#hmac-key-generation), a record as input, and produce an optional [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html). - function method {:opaque} getHash(item : DDB.AttributeMap, vf : VirtualFieldMap, key : Bytes) : (ret : Result, Error>) + function method {:opaque} getHash(item : DDB.AttributeMap, vf : VirtualFieldMap, key : Bytes, partition : PartitionNumber) : (ret : Result, Error>) //= specification/searchable-encryption/beacons.md#value-for-a-standard-beacon //= type=implication //# * If this beacon is marked AsSet then this operation MUST return the //# [set value](#value-for-a-set-standard-beacon), //# otherwise it MUST return the [non-set value](#value-for-a-non-set-standard-beacon) - ensures asSet ==> ret == getHashSet(item, key) - ensures !asSet ==> ret == getHashNonSet(item, vf, key) + ensures asSet ==> ret == getHashSet(item, key, partition) + ensures !asSet ==> ret == getHashNonSet(item, vf, key, partition) { if asSet then - getHashSet(item, key) + getHashSet(item, key, partition) else - getHashNonSet(item, vf, key) + getHashNonSet(item, vf, key, partition) } - function method {:opaque} getHashSet(item : DDB.AttributeMap, key : Bytes) : (ret : Result, Error>) + function method {:opaque} getHashSet(item : DDB.AttributeMap, key : Bytes, partition : PartitionNumber) : (ret : Result, Error>) requires asSet ensures ret.Success? ==> //= specification/searchable-encryption/beacons.md#value-for-a-set-standard-beacon @@ -254,10 +273,10 @@ module BaseBeacon { //= specification/searchable-encryption/beacons.md#asset-initialization //# * The Standard Beacon MUST be stored in the item as a Set, //# comprised of the [beacon values](#beacon-value) of all the elements in the original Set. - var setValue :- ValueToSet(value.value, key); + var setValue :- ValueToSet(value.value, key, partition); Success(Some(setValue)) } - function method {:opaque} getHashNonSet(item : DDB.AttributeMap, vf : VirtualFieldMap, key : Bytes) : (ret : Result, Error>) + function method {:opaque} getHashNonSet(item : DDB.AttributeMap, vf : VirtualFieldMap, key : Bytes, partition : PartitionNumber) : (ret : Result, Error>) requires !asSet ensures ret.Success? ==> //= specification/searchable-encryption/beacons.md#value-for-a-non-set-standard-beacon @@ -276,17 +295,17 @@ module BaseBeacon { //= type=implication //# * This operation MUST convert the attribute value of the associated field to //# a sequence of bytes, as per [attribute serialization](../dynamodb-encryption-client/ddb-attribute-serialization.md). - && (bytes.Some? ==> ret.value.Some? && hash(bytes.value, key).Success? && ret.value.value == DDB.AttributeValue.S(hash(bytes.value, key).value)) + && (bytes.Some? ==> ret.value.Some? && hash(bytes.value, key, partition).Success? && ret.value.value == DDB.AttributeValue.S(hash(bytes.value, key, partition).value)) //= specification/searchable-encryption/beacons.md#value-for-a-non-set-standard-beacon //= type=implication //# * This operation MUST return the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). - && (bytes.Some? ==> ret.value.Some? && base.hash(bytes.value, key, length).Success? && ret.value.value == DDB.AttributeValue.S(base.hash(bytes.value, key, length).value)) + && (bytes.Some? ==> ret.value.Some? && base.hash(bytes.value, key, length, constrained_partition(partition)).Success? && ret.value.value == DDB.AttributeValue.S(base.hash(bytes.value, key, length, constrained_partition(partition)).value)) { var bytes :- VirtToBytes(loc, item, vf); if bytes.None? then Success(None) else - var res :- hash(bytes.value, key); + var res :- hash(bytes.value, key, partition); Success(Some(DDB.AttributeValue.S(res))) } @@ -303,7 +322,7 @@ module BaseBeacon { [loc[0].key] } - function method {:tailrecursion} BeaconizeStringSet(value : DDB.StringSetAttributeValue, key : Bytes, converted : seq := []) + function method {:tailrecursion} BeaconizeStringSet(value : DDB.StringSetAttributeValue, key : Bytes, partition : PartitionNumber, converted : seq := []) : (ret : Result, Error>) requires HasNoDuplicates(converted) ensures ret.Success? ==> HasNoDuplicates(ret.value) @@ -312,15 +331,15 @@ module BaseBeacon { Success(converted) else var bytes :- DynamoToStruct.TopLevelAttributeToBytes(DDB.AttributeValue.S(value[0])).MapFailure(e => E(e)); - var h :- hash(bytes, key); + var h :- hash(bytes, key, partition); if h in converted then - BeaconizeStringSet(value[1..], key, converted) + BeaconizeStringSet(value[1..], key, partition, converted) else reveal HasNoDuplicates(); - BeaconizeStringSet(value[1..], key, converted + [h]) + BeaconizeStringSet(value[1..], key, partition, converted + [h]) } - function method {:tailrecursion} BeaconizeNumberSet(value : DDB.NumberSetAttributeValue, key : Bytes, converted : seq := []) + function method {:tailrecursion} BeaconizeNumberSet(value : DDB.NumberSetAttributeValue, key : Bytes, partition : PartitionNumber, converted : seq := []) : (ret : Result, Error>) requires HasNoDuplicates(converted) ensures ret.Success? ==> HasNoDuplicates(ret.value) @@ -329,15 +348,15 @@ module BaseBeacon { Success(converted) else var bytes :- DynamoToStruct.TopLevelAttributeToBytes(DDB.AttributeValue.N(value[0])).MapFailure(e => E(e)); - var h :- hash(bytes, key); + var h :- hash(bytes, key, partition); if h in converted then - BeaconizeNumberSet(value[1..], key, converted) + BeaconizeNumberSet(value[1..], key, partition, converted) else reveal HasNoDuplicates(); - BeaconizeNumberSet(value[1..], key, converted + [h]) + BeaconizeNumberSet(value[1..], key, partition, converted + [h]) } - function method {:tailrecursion} BeaconizeBinarySet(value : DDB.BinarySetAttributeValue, key : Bytes, converted : seq := []) + function method {:tailrecursion} BeaconizeBinarySet(value : DDB.BinarySetAttributeValue, key : Bytes, partition : PartitionNumber, converted : seq := []) : (ret : Result, Error>) requires HasNoDuplicates(converted) ensures ret.Success? ==> HasNoDuplicates(ret.value) @@ -346,32 +365,32 @@ module BaseBeacon { Success(converted) else var bytes :- DynamoToStruct.TopLevelAttributeToBytes(DDB.AttributeValue.B(value[0])).MapFailure(e => E(e)); - var h :- hash(bytes, key); + var h :- hash(bytes, key, partition); if h in converted then - BeaconizeBinarySet(value[1..], key, converted) + BeaconizeBinarySet(value[1..], key, partition, converted) else reveal HasNoDuplicates(); - BeaconizeBinarySet(value[1..], key, converted + [h]) + BeaconizeBinarySet(value[1..], key, partition, converted + [h]) } - function method GetBeaconValue(value : DDB.AttributeValue, key : Bytes, forContains : bool) + function method GetBeaconValue(value : DDB.AttributeValue, key : Bytes, forContains : bool, partition : PartitionNumber) : (ret : Result) { // in query, allow beaconization of terminals if asSet && !value.S? && !value.N? && !value.B? then - ValueToSet(value, key) + ValueToSet(value, key, partition) else if forContains && (value.SS? || value.NS? || value.BS?) then - ValueToSet(value, key) + ValueToSet(value, key, partition) else var bytes :- DynamoToStruct.TopLevelAttributeToBytes(value).MapFailure(e => E(e)); - var h :- hash(bytes, key); + var h :- hash(bytes, key, partition); Success(DDB.AttributeValue.S(h)) } //= specification/searchable-encryption/beacons.md#getpart-for-a-standard-beacon //= type=implication //# * getPart MUST take an [hmac key](./search-config.md#hmac-key-generation), a sequence of bytes as input, and produce a string. - function method {:opaque} getPart(val : Bytes, key : Bytes) + function method {:opaque} getPart(val : Bytes, key : Bytes, partition : PartitionBytes) : (ret : Result) requires 0 < |val| @@ -382,10 +401,10 @@ module BaseBeacon { //= specification/searchable-encryption/beacons.md#getpart-for-a-standard-beacon //= type=implication //# * getPart MUST return the [basicHash](#basichash) of the input and the configured [beacon length](#beacon-length). - && base.hash(val, key, length).Success? - && ret.value == base.hash(val, key, length).value + && base.hash(val, key, length, partition).Success? + && ret.value == base.hash(val, key, length, partition).value { - base.hash(val, key, length) + base.hash(val, key, length, partition) } predicate ValidState() {true} } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/CompoundBeacon.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/CompoundBeacon.dfy index bb1dd0883..ce5dbf848 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/CompoundBeacon.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/CompoundBeacon.dfy @@ -132,6 +132,18 @@ module CompoundBeacon { && OrderedParts(parts, numSigned) } + method getNumQueries(globalMax : PartitionCount, value : string) returns (output : PartitionCount) + ensures output <= globalMax + { + var counts := GetPartitionCountsFromValue(DDB.AttributeValue.S(value)); + if counts.Failure? { + return 1; + } else { + output := lcmSeq(counts.value, globalMax); + return; + } + } + // no prefix is a prefix of another prefix // that is, no ambiguity when determining which prefix is used in a value predicate ValidPrefixSet() @@ -294,11 +306,11 @@ module CompoundBeacon { } // calculate value for a single piece of a compound beacon query string - function method FindAndCalcPart(value : string, keys : MaybeKeyMap) : Result + function method FindAndCalcPart(value : string, keys : MaybeKeyMap, partition : PartitionNumber) : Result requires !keys.DontUseKeys? { var part :- partFromPrefix(parts, value); - PartValueCalc(value[|part.prefix|..], keys, part) + PartValueCalc(value[|part.prefix|..], keys, part, partition) } // predicate : is the value simply the prefix, with no value @@ -309,7 +321,7 @@ module CompoundBeacon { } // for the given attribute value, return the beacon value - function method GetBeaconValue(value : DDB.AttributeValue, keys : MaybeKeyMap, forEquality : bool) : Result + function method GetBeaconValue(value : DDB.AttributeValue, keys : MaybeKeyMap, forEquality : bool, partition : PartitionNumber) : Result requires !keys.DontUseKeys? { if !value.S? then @@ -318,7 +330,7 @@ module CompoundBeacon { var parts := Split(value.S, split); var partsUsed :- Sequence.MapWithResult(s => getPartFromPrefix(s), parts); var _ :- ValidatePartOrder(partsUsed, value.S); - var beaconParts :- Sequence.MapWithResult(s => FindAndCalcPart(s, keys), parts); + var beaconParts :- Sequence.MapWithResult(s => FindAndCalcPart(s, keys, partition), parts); var lastIsPrefix :- justPrefix(Seq.Last(parts)); if !forEquality && lastIsPrefix then var result := Join(beaconParts[..|parts|-1] + [Seq.Last(parts)], [split]); @@ -328,12 +340,35 @@ module CompoundBeacon { Success(DDB.AttributeValue.S(result)) } + function method GetPartitionCountsFromParts(inParts : seq) : seq + { + if |inParts| == 0 then + [] + else if inParts[0].Encrypted? then + [inParts[0].beacon.numberOfPartitions] + GetPartitionCountsFromParts(inParts[1..]) + else + GetPartitionCountsFromParts(inParts[1..]) + } + + // for the given attribute value, return the beacon value + function method GetPartitionCountsFromValue(value : DDB.AttributeValue) : Result, Error> + { + if !value.S? then + Failure(E("CompoundBeacon " + base.name + " can only be queried as a string, not as " + AttrTypeToStr(value))) + else + var parts := Split(value.S, split); + var partsUsed :- Sequence.MapWithResult(s => getPartFromPrefix(s), parts); + var _ :- ValidatePartOrder(partsUsed, value.S); + Success(GetPartitionCountsFromParts(partsUsed)) + } + // return the beacon value for this constructor, if possible function method {:opaque} {:tailrecursion} TryConstructor( consFields : seq, item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap, + partition : PartitionNumber, acc : string := "") : (ret : Result, Error>) ensures ret.Success? && ret.value.Some? ==> |ret.value.value| > 0 @@ -356,15 +391,15 @@ module CompoundBeacon { if keys.DontUseKeys? then Success(part.prefix + strValue.value) else - PartValueCalc(strValue.value, keys, part); + PartValueCalc(strValue.value, keys, part, partition); if |acc| == 0 then - TryConstructor(consFields[1..], item, vf, keys, val) + TryConstructor(consFields[1..], item, vf, keys, partition, val) else - TryConstructor(consFields[1..], item, vf, keys, acc + [split] + val) + TryConstructor(consFields[1..], item, vf, keys, partition, acc + [split] + val) else if consFields[0].required then Success(None) else - TryConstructor(consFields[1..], item, vf, keys, acc) + TryConstructor(consFields[1..], item, vf, keys, partition, acc) } // attempt each constructor in turn, until one succeeds @@ -372,7 +407,8 @@ module CompoundBeacon { construct : seq, item : DDB.AttributeMap, vf : VirtualFieldMap, - keys : MaybeKeyMap + keys : MaybeKeyMap, + partition : PartitionNumber ) : (ret : Result, Error>) ensures ret.Success? && ret.value.Some? ==> |ret.value.value| > 0 @@ -382,17 +418,17 @@ module CompoundBeacon { //# * If no constructor succeeds, this operation MUST return no value. Success(None) else - var x :- TryConstructor(construct[0].parts, item, vf, keys); + var x :- TryConstructor(construct[0].parts, item, vf, keys, partition); if x.Some? then Success(x) else - TryConstructors(construct[1..], item, vf, keys) + TryConstructors(construct[1..], item, vf, keys, partition) } //= specification/searchable-encryption/beacons.md#value-for-a-compound-beacon //= type=implication //# * This operation MUST take a record as input, and produce an optional string. - function method {:opaque} hash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap) : (res : Result, Error>) + function method {:opaque} hash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap, partition : PartitionNumber) : (res : Result, Error>) ensures res.Success? && res.value.Some? ==> //= specification/searchable-encryption/beacons.md#value-for-a-compound-beacon //= type=implication @@ -401,17 +437,17 @@ module CompoundBeacon { //= specification/searchable-encryption/beacons.md#value-for-a-compound-beacon //= type=implication //# * This operation MUST iterate through all constructors, in order, using the first that succeeds. - && TryConstructors(construct, item, vf, keys).Success? + && TryConstructors(construct, item, vf, keys, partition).Success? { - TryConstructors(construct, item, vf, keys) + TryConstructors(construct, item, vf, keys, partition) } // return the unhashed beacon value, necessary for final client-side filtering - function method {:opaque} getNaked(item : DDB.AttributeMap, vf : VirtualFieldMap) : (res : Result, Error>) + function method {:opaque} getNaked(item : DDB.AttributeMap, vf : VirtualFieldMap, partition : PartitionNumber) : (res : Result, Error>) ensures res.Success? && res.value.Some? ==> && |res.value.value| > 0 { - TryConstructors(construct, item, vf, DontUseKeys) + TryConstructors(construct, item, vf, DontUseKeys, partition) } function method {:opaque} findPart(val : string) @@ -442,7 +478,7 @@ module CompoundBeacon { //= specification/searchable-encryption/beacons.md#getpart-for-a-compound-beacon //= type=implication //# * getPart MUST take a string as input and produce a string. - function method {:opaque} getPart(val : string, keys : HmacKeyMap) + function method {:opaque} getPart(val : string, keys : HmacKeyMap, partition : PartitionNumber) : (ret : Result) //= specification/searchable-encryption/beacons.md#getpart-for-a-compound-beacon //= type=implication @@ -456,14 +492,14 @@ module CompoundBeacon { //= type=implication //# * The string MUST be split on the `split character` into pieces. && var pieces := Split(val, split); - && calcParts(pieces, keys).Success? - && ret.value == calcParts(pieces, keys).value + && calcParts(pieces, keys, partition).Success? + && ret.value == calcParts(pieces, keys, partition).value { var pieces := Split(val, split); - calcParts(pieces, keys) + calcParts(pieces, keys, partition) } - function method calcPart(piece : string, keys : HmacKeyMap) + function method calcPart(piece : string, keys : HmacKeyMap, partition : PartitionNumber) : (ret : Result) ensures ret.Success? ==> @@ -475,16 +511,16 @@ module CompoundBeacon { //# * The [Part Value](#part-value-calculation) MUST be calculated for each piece, //# using the prefix and length from the discovered part. && var thePart := findPart(piece).value; - && PartValueCalc(piece, Keys(keys), thePart).Success? - && ret.value == PartValueCalc(piece, Keys(keys), thePart).value + && PartValueCalc(piece, Keys(keys), thePart, partition).Success? + && ret.value == PartValueCalc(piece, Keys(keys), thePart, partition).value ensures findPart(piece).Failure? ==> ret.Failure? { var thePart :- findPart(piece); - PartValueCalc(piece, Keys(keys), thePart) + PartValueCalc(piece, Keys(keys), thePart, partition) } - function method calcParts(pieces : seq, keys : HmacKeyMap, acc : string := []) + function method calcParts(pieces : seq, keys : HmacKeyMap, partition : PartitionNumber, acc : string := []) : (ret : Result) requires |pieces| > 0 || |acc| > 0 ensures ret.Success? ==> |ret.value| > 0 @@ -494,11 +530,11 @@ module CompoundBeacon { else //= specification/searchable-encryption/beacons.md#getpart-for-a-compound-beacon //# * The value returned MUST be these part values, joined with the `split character`. - var theBeacon :- calcPart(pieces[0], keys); + var theBeacon :- calcPart(pieces[0], keys, partition); if |acc| == 0 then - calcParts(pieces[1..], keys, theBeacon) + calcParts(pieces[1..], keys, partition, theBeacon) else - calcParts(pieces[1..], keys, acc + [split] + theBeacon) + calcParts(pieces[1..], keys, partition, acc + [split] + theBeacon) } // true if neither string is a prefix of the other @@ -568,7 +604,7 @@ module CompoundBeacon { //# Part Value Calculation MUST take some [key materials](./search-config.md#get-beacon-key-materials), //# a string (the value for which the beacon is being calculated) //# and a [Part](#part) as input, and return a string as output. - function method {:opaque} PartValueCalc(data : string, keys : MaybeKeyMap, part : BeaconPart) + function method {:opaque} PartValueCalc(data : string, keys : MaybeKeyMap, part : BeaconPart, partition : PartitionNumber) : (ret : Result) requires !keys.DontUseKeys? @@ -592,8 +628,8 @@ module CompoundBeacon { ensures part.Encrypted? && ret.Success? ==> && 0 < |ret.value| && keys.Keys? - && part.beacon.hashStr(data, keys.value).Success? - && ret.value == part.prefix + part.beacon.hashStr(data, keys.value).value + && part.beacon.hashStr(data, keys.value, partition).Success? + && ret.value == part.prefix + part.beacon.hashStr(data, keys.value, partition).value //= specification/searchable-encryption/beacons.md#value-for-a-compound-beacon //= type=implication //# * This operation MUST fail if any plaintext value used in the construction contains the split character. @@ -603,7 +639,7 @@ module CompoundBeacon { match part { case Encrypted(p, b) => :- Need(keys.Keys?, E("Need KeyId for beacon " + b.base.name + " but no KeyId found in query.")); - var hash :- b.hashStr(data, keys.value); + var hash :- b.hashStr(data, keys.value, partition); Success(part.prefix + hash) case Signed => Success(part.prefix + data) diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy index 77ed8b645..f1f2167fa 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/ConfigToInfo.dfy @@ -26,6 +26,7 @@ module SearchConfigToInfo { import opened StandardLibrary.MemoryMath import MaterialProviders import SortedSets + import Random import I = SearchableEncryptionInfo import V = DdbVirtualFields @@ -41,10 +42,12 @@ module SearchConfigToInfo { requires ValidSearchConfig(outer.search) requires outer.search.Some? ==> ValidSharedCache(outer.search.value.versions[0].keySource) modifies if outer.search.Some? then outer.search.value.versions[0].keyStore.Modifies else {} + modifies if outer.search.Some? && outer.search.value.versions[0].partitionSelector.Some? then outer.search.value.versions[0].partitionSelector.value.Modifies else {} ensures outer.search.Some? ==> ValidSharedCache(outer.search.value.versions[0].keySource) ensures output.Success? && output.value.Some? ==> && output.value.value.ValidState() && fresh(output.value.value.versions[0].keySource.client) + && fresh(output.value.value.versions[0].partitionSelector) //= specification/searchable-encryption/search-config.md#initialization //= type=implication //# Initialization MUST fail if the [version number](#version-number) is not `1`. @@ -141,7 +144,7 @@ module SearchConfigToInfo { && outer.attributeActionsOnEncrypt[config.multi.keyFieldName] == SE.ENCRYPT_AND_SIGN ==> output.Failure? { - // TODO-FutureCleanUp : https://github.com/aws/aws-database-encryption-sdk-dynamodb/issues/1510 + // FutureCleanUp : https://github.com/aws/aws-database-encryption-sdk-dynamodb/issues/1510 // It is not-good that the MPL is initialized here; // The MPL has a config object that could hold customer intent that affects behavior. // Today, it does not. But tomorrow? @@ -241,10 +244,13 @@ module SearchConfigToInfo { requires ValidBeaconVersion(config) requires ValidSharedCache(config.keySource) modifies config.keyStore.Modifies + modifies if config.partitionSelector.Some? then config.partitionSelector.value.Modifies else {} ensures ValidSharedCache(config.keySource) ensures output.Success? ==> && output.value.ValidState() && fresh(output.value.keySource.client) + && fresh(output.value.partitionSelector) + && fresh (output.value.partitionSelector.Modifies) //= specification/searchable-encryption/search-config.md#beacon-version-initialization //= type=implication @@ -263,7 +269,51 @@ module SearchConfigToInfo { var maybePrimitives := Primitives.AtomicPrimitives(); var primitives :- maybePrimitives.MapFailure(e => AwsCryptographyPrimitives(e)); var source :- MakeKeySource(outer, config.keyStore, config.keySource, primitives); - output := ConvertVersionWithSource(outer, config, source); + var version :- ConvertVersionWithSource(outer, config, source); + return Success(version); + } + + class DefaultPartitionSelector extends IPartitionSelector + { + predicate ValidState() + ensures ValidState() ==> History in Modifies + { History in Modifies } + + constructor () + ensures ValidState() && fresh(History) && fresh(Modifies) + { + History := new IPartitionSelectorCallHistory(); + Modifies := { History }; + } + + predicate GetPartitionNumberEnsuresPublicly ( + input: GetPartitionNumberInput , + output: Result ) + : (outcome: bool) + { + true + } + + //= specification/searchable-encryption/search-config.md#partition-selector + //# The default implementation of the Partition Selector MUST return a random number within the acceptable range, i.e. + method GetPartitionNumber'(input: GetPartitionNumberInput) + returns (output: Result ) + requires ValidState() + modifies Modifies - {History} + decreases Modifies - {History} + ensures ValidState() + ensures GetPartitionNumberEnsuresPublicly(input, output) + ensures unchanged(History) + { + if input.numberOfPartitions == 1 { + return Success(GetPartitionNumberOutput(partitionNumber := 0)); + } else { + var randR := Random.GenerateBytes(1); + var rand : seq :- randR.MapFailure(e => DynamoDbEncryptionException(message := "Failed to get random byte")); + var partition := (rand[0] % (input.numberOfPartitions as uint8)) as PartitionNumber; + return Success(GetPartitionNumberOutput(partitionNumber := partition)); + } + } } // convert configured BeaconVersion to internal BeaconVersion @@ -279,9 +329,38 @@ module SearchConfigToInfo { ensures output.Success? ==> && output.value.ValidState() && output.value.keySource == source + && fresh(output.value.partitionSelector) + && fresh(output.value.partitionSelector.Modifies) { + var maxPartitions : PartitionCount := config.maximumNumberOfPartitions.UnwrapOr(1); + :- Need(0 <= maxPartitions as nat < MAX_PARTITION_COUNT, E("Invalid maximumNumberOfPartitions specified, " + Base10Int2String(maxPartitions as int) + ", must be 0 < maximumNumberOfPartitions <= 255.")); + // Zero is invalid, but in Java we can't distinguish None from Some(0) + if maxPartitions == 0 { + maxPartitions := 1; + } + + var defaultPartitionsOpt : Option := config.defaultNumberOfPartitions; + var defaultPartitions; + + //= specification/searchable-encryption/search-config.md#default-partitions + //# If not set, Default Partitions MUST default to [Max Partitions](#max-partitions). + if defaultPartitionsOpt.None? || defaultPartitionsOpt.value == 0 { + defaultPartitions := maxPartitions; + + //= specification/searchable-encryption/search-config.md#beacon-version-initialization + //# Initialization MUST fail if [default number of partitions](#default-partitions) is greater than or equal to [maximum number of partitions](#max-partitions). + + // if maximumNumberOfPartitions is not set, then maxPartitions == 1, and so this is also covered + //= specification/searchable-encryption/search-config.md#beacon-version-initialization + //# Initialization MUST fail if [default number of partitions](#default-partitions) is supplied but [maximum number of partitions](#max-partitions) is not. + } else if maxPartitions <= defaultPartitionsOpt.value { + return(Failure(E("Invalid defaultNumberOfPartitions specified, " + Base10Int2String(defaultPartitionsOpt.value as int) + ", must be 0 < defaultNumberOfPartitions < maximumNumberOfPartitions."))); + } else { + defaultPartitions := defaultPartitionsOpt.value; + } + var virtualFields :- ConvertVirtualFields(outer, config.virtualFields); - var std :- AddStandardBeacons(config.standardBeacons, outer, source.client, virtualFields); + var std :- AddStandardBeacons(config.standardBeacons, outer, source.client, virtualFields, maxPartitions, defaultPartitions); var signed := if config.signedParts.Some? then config.signedParts.value else []; @@ -315,13 +394,25 @@ module SearchConfigToInfo { return Failure(E("A beacon key field name of " + name + " was configured, but there's also a virtual field of that name.")); } } - return I.MakeBeaconVersion( - config.version as I.VersionNumber, - source, - beacons, - virtualFields, - outer.attributeActionsOnEncrypt - ); + var partitionSelector; + if outer.search.Some? && outer.search.value.versions[0].partitionSelector.Some? { + partitionSelector := outer.search.value.versions[0].partitionSelector.value; + assume {:axiom} partitionSelector.ValidState(); + } else { + partitionSelector := new DefaultPartitionSelector(); + } + + var ret :- I.MakeBeaconVersion( + config.version as I.VersionNumber, + source, + beacons, + virtualFields, + outer.attributeActionsOnEncrypt, + partitionSelector, + maxPartitions + ); + assume {:axiom} fresh(ret.partitionSelector); + return Success(ret); } // convert configured VirtualFieldList to internal VirtualFieldMap @@ -518,12 +609,31 @@ module SearchConfigToInfo { Failure(E("Beacon " + name + " is shared to " + share + " which is not defined.")) } + function method GetPartitionCount(outer : DynamoDbTableEncryptionConfig, inner : Option, name : string, maxPartitions : PartitionCount, defaultPartitions : PartitionCount) : + Result + { + if outer.search.None? || |outer.search.value.versions| == 0 then + Success(1) + else + if PartitionCountNone(inner) then + Success(defaultPartitions) + else if inner.value < maxPartitions then + Success(inner.value) + else + //= specification/searchable-encryption/beacons.md#standard-beacon-initialization + //# Initialization MUST fail if [number of partitions](#beacon-constraint) is specified, and is greater than or equal to + //# the maximum number of partitions specified in the [beacon version](search-config.md#beacon-version-initialization). + Failure(E("Constrained numberOfPartitions for " + name + " is " + Base10Int2String(inner.value as int) + " but it must be less than the maximumNumberOfPartitions " + Base10Int2String(maxPartitions as int))) + } + // convert configured StandardBeacons to internal Beacons method {:tailrecursion} AddStandardBeacons( beacons : seq, outer : DynamoDbTableEncryptionConfig, client: Primitives.AtomicPrimitivesClient, virtualFields : V.VirtualFieldMap, + maxPartitions : PartitionCount, + defaultPartitions : PartitionCount, converted : I.BeaconMap := map[]) returns (output : Result) modifies client.Modifies @@ -580,10 +690,10 @@ module SearchConfigToInfo { //# A SharedSet Beacon MUST behave both as [Shared](#shared-initialization) and [AsSet](#asset-initialization). case sharedSet(t) => share := Some(t.other); isAsSet := true; } - } + var partitionCount :- GetPartitionCount(outer, beacons[0].numberOfPartitions, beacons[0].name, maxPartitions, defaultPartitions); var newBeacon :- B.MakeStandardBeacon(client, beacons[0].name, beacons[0].length as B.BeaconLength, locString, - isPartOnly, isAsSet, share); + isPartOnly, isAsSet, share, partitionCount); //= specification/searchable-encryption/search-config.md#beacon-version-initialization //# Initialization MUST fail if the [terminal location](virtual.md#terminal-location) @@ -601,7 +711,7 @@ module SearchConfigToInfo { + ", but virtual field " + badField.value + " is already defined on that single location.")); } - output := AddStandardBeacons(beacons[1..], outer, client, virtualFields, converted[beacons[0].name := I.Standard(newBeacon)]); + output := AddStandardBeacons(beacons[1..], outer, client, virtualFields, maxPartitions, defaultPartitions, converted[beacons[0].name := I.Standard(newBeacon)]); } // optional location, defaults to name diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy index c92befb02..53cf8184a 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/DDBSupport.dfy @@ -23,12 +23,26 @@ module DynamoDBSupport { import opened DynamoDbEncryptionUtil import opened DdbVirtualFields import opened SearchableEncryptionInfo + import StandardLibrary.String import UTF8 import SortedSets import Seq import Update = DynamoDbUpdateExpr import Filter = DynamoDBFilterExpr import SET = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes + import NN = DynamoDbNormalizeNumber + + method GetNumberOfQueries(search : SearchableEncryptionInfo.BeaconVersion, query : DDB.QueryInput) + returns (output : Result) + { + var numberOfQueries :- Filter.GetNumQueries( + search, + query.KeyConditionExpression, + query.ExpressionAttributeValues, + query.ExpressionAttributeNames + ); + return Success(numberOfQueries); + } // IsWritable examines an AttributeMap and fails if it is unsuitable for writing. // At the moment, this means that no attribute names starts with "aws_dbe_", @@ -141,14 +155,14 @@ module DynamoDBSupport { // AddBeacons examines an AttributeMap and modifies it to be appropriate for Searchable Encryption, // returning a replacement AttributeMap. - method GetEncryptedBeacons(search : Option, item : DDB.AttributeMap, keyId : MaybeKeyId) + method GetEncryptedBeacons(search : Option, item : DDB.AttributeMap, keyId : MaybeKeyId, partition : PartitionNumber) returns (output : Result) modifies if search.Some? then search.value.Modifies() else {} { if search.None? { return Success(map[]); } else { - output := search.value.GenerateEncryptedBeacons(item, keyId); + output := search.value.GenerateEncryptedBeacons(item, keyId, partition); } } @@ -156,7 +170,7 @@ module DynamoDBSupport { // AddBeacons examines an AttributeMap and modifies it to be appropriate for Searchable Encryption, // returning a replacement AttributeMap. - method AddSignedBeacons(search : Option, item : DDB.AttributeMap) + method AddSignedBeacons(search : Option, item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result) modifies if search.Some? then search.value.Modifies() else {} @@ -172,7 +186,7 @@ module DynamoDBSupport { if search.None? { return Success(item); } else { - var newAttrs :- search.value.GenerateSignedBeacons(item); + var newAttrs :- search.value.GenerateSignedBeacons(item, partition); //= specification/dynamodb-encryption-client/ddb-support.md#addsignedbeacons //# If the attribute NAME already exists, @@ -221,6 +235,74 @@ module DynamoDBSupport { { Success(DoRemoveBeacons(item)) } + const PartitionName : string := ":aws_dbe_partition" + + function method GetNumber(val : DDB.AttributeValue, name : string) : Result + { + if val.N? then + var val :- NN.StrToInt(val.N).MapFailure(e => E(e)); + :- Need(0 <= val < INT32_MAX_LIMIT, E("Value of " + name + " out of range.")); + Success(val as uint32) + else + Failure(E("Value of " + name + " is not numeric (i.e. 'N')")) + } + + // Unlike Query, Scan must not specify PartitionName + function method TestPartitionForScan(names : Option) + : Result + { + if names.None? then + Success(true) + else if PartitionName in names.value then + Failure(E("A value for " + PartitionName + " must not be specified for Scan operations.")) + else + Success(true) + } + + // If names[":aws_dbe_partition"] holds S(N)' return (Some(names - {":aws_dbe_partition"}), Some(N)) + // else return (None, None) + function method ExtractPartitionNumber(names : Option) + : Result<(Option, Option), Error> + { + if names.None? then + Success((None, None)) + else if PartitionName in names.value then + var val :- GetNumber(names.value[PartitionName], PartitionName); + if |names.value| == 1 then + Success((None, Some(val))) + else + Success((Some(names.value - {PartitionName}), Some(val))) + else + Success((None, None)) + } + + // Extract aws_dbe_partition = NN from filterExpr and return partition + method ExtractPartition(search : SearchableEncryptionInfo.BeaconVersion, keyExpr : Option, filterExpr : Option, names : Option, values : Option, actions : AttributeActions) + returns (output : Result<(Option, PartitionNumber), Error>) + ensures output.Success? ==> output.value.1 < search.numPartitions + { + if search.numPartitions <= 1 { + :- Need(values.None? || PartitionName !in values.value, E("If no partitions are configured, do not specify " + PartitionName)); + return Success((values, 0)); + } + + var foo :- ExtractPartitionNumber(values); + var (values2, partition) := foo; + if partition.Some? { + :- Need(partition.value < search.numPartitions as uint32, E(PartitionName + " specified in FilterExpression was " + String.Base10Int2String(partition.value as int) + " must be less than the number of partitions: " + String.Base10Int2String(search.numPartitions as int))); + var nPartition := (partition.value as nat) as PartitionNumber; + return Success((values2, nPartition)); + } + + // No partition specified is OK if no encrypted fields are searched + var filterHasEncField := Filter.UsesEncryptedField(Filter.ParseExprOpt(filterExpr), actions, names); + var keyHasEncField := Filter.UsesEncryptedField(Filter.ParseExprOpt(keyExpr), actions, names); + if keyHasEncField.Some? || filterHasEncField.Some? { + return Failure(E("When numberOfPartitions is greater than one, XXXValues must contain " + PartitionName)); + } else { + return Success((values, 0)); + } + } // Transform a QueryInput object for searchable encryption. method QueryInputForBeacons(search : Option, actions : AttributeActions, req : DDB.QueryInput) @@ -237,8 +319,14 @@ module DynamoDBSupport { return Success(req); } else { var keyId :- Filter.GetBeaconKeyId(search.value.curr(), req.KeyConditionExpression, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames); - var oldContext := Filter.ExprContext(req.KeyConditionExpression, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames); - var newContext :- Filter.Beaconize(search.value.curr(), oldContext, keyId); + var foo :- ExtractPartition(search.value.curr(), req.FilterExpression, req.KeyConditionExpression, req.ExpressionAttributeNames, req.ExpressionAttributeValues, actions); + var (newValues, partition) := foo; + var numQueries :- Filter.GetNumQueries(search.value.curr(), req.KeyConditionExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames); + if numQueries <= partition { + return Failure(E("Partition number was " + String.Base10Int2String(partition as int) + " but should have been less than number of queries : " + String.Base10Int2String(numQueries as int))); + } + var oldContext := Filter.ExprContext(req.KeyConditionExpression, req.FilterExpression, newValues, req.ExpressionAttributeNames); + var newContext :- Filter.DoBeaconize(search.value.curr(), oldContext, keyId, partition, numQueries); return Success(req.( KeyConditionExpression := newContext.keyExpr, FilterExpression := newContext.filterExpr, @@ -308,8 +396,9 @@ module DynamoDBSupport { return Success(req); } else { var keyId :- Filter.GetBeaconKeyId(search.value.curr(), None, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames); + var _ :- TestPartitionForScan(req.ExpressionAttributeValues); var context := Filter.ExprContext(None, req.FilterExpression, req.ExpressionAttributeValues, req.ExpressionAttributeNames); - var newContext :- Filter.Beaconize(search.value.curr(), context, keyId); + var newContext :- Filter.DoBeaconize(search.value.curr(), context, keyId, 0, 1); return Success(req.( FilterExpression := newContext.filterExpr, ExpressionAttributeNames := newContext.names, @@ -380,6 +469,7 @@ module DynamoDBSupport { fields : seq, bv : SearchableEncryptionInfo.BeaconVersion, item : DDB.AttributeMap, + partition : PartitionNumber, results : map := map[]) : (output : Result, Error>) requires forall x <- fields :: x in bv.beacons @@ -392,20 +482,20 @@ module DynamoDBSupport { else var beacon := bv.beacons[fields[0 as uint32]]; if beacon.Compound? then - var optValue :- beacon.cmp.getNaked(item, bv.virtualFields); + var optValue :- beacon.cmp.getNaked(item, bv.virtualFields, partition); if optValue.Some? then - GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, results[fields[0] := optValue.value]) + GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, partition, results[fields[0] := optValue.value]) else - GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, results) + GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, partition, results) else - GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, results) + GetCompoundBeaconsLoop(fields[1 as uint32..], bv, item, partition, results) } - method GetCompoundBeacons(beaconVersion : SearchableEncryptionInfo.BeaconVersion, item : DDB.AttributeMap) + method GetCompoundBeacons(beaconVersion : SearchableEncryptionInfo.BeaconVersion, item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result, Error>) { var beaconNames := SortedSets.ComputeSetToOrderedSequence2(beaconVersion.beacons.Keys, CharLess); - output := GetCompoundBeaconsLoop(beaconNames, beaconVersion, item); + output := GetCompoundBeaconsLoop(beaconNames, beaconVersion, item, partition); } } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy index 385935349..7c8fd5389 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/FilterExpr.dfy @@ -13,7 +13,8 @@ • e.g. transform plain expression "A = B" into beacon expression "aws_dbe_b_A = beacon(B)" datatype ExprContext = ExprContext ( - expr : Option, + keyExpr : Option, + filterExpr : Option, values: Option, names : Option ) @@ -43,6 +44,7 @@ module DynamoDBFilterExpr { import SE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes import Norm = DynamoDbNormalizeNumber import StandardLibrary.Sequence + import SortedSets // extract all the attributes from a filter expression // except for those which do not need the attribute's value @@ -539,6 +541,7 @@ module DynamoDBFilterExpr { names : Option, keys : MaybeKeyMap, newValues: DDB.ExpressionAttributeValueMap, + partition : PartitionNumber, acc : seq := [] ) : Result @@ -557,27 +560,27 @@ module DynamoDBFilterExpr { if OpNeedsBeacon(expr, pos) then var newName := b.beacons[oldName].getBeaconName(); if isIndirectName then - BeaconizeParsedExpr(b, expr, pos+1, oldValues, Some(names.value[expr[pos].s := newName]), keys, newValues, acc + [expr[pos]]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, Some(names.value[expr[pos].s := newName]), keys, newValues, partition, acc + [expr[pos]]) else - BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, acc + [Attr(newName, TermLocMap(newName))]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, partition, acc + [Attr(newName, TermLocMap(newName))]) else - BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, acc + [expr[pos]]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, partition, acc + [expr[pos]]) else - BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, acc + [expr[pos]]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, partition, acc + [expr[pos]]) else if expr[pos].Value? then var name := expr[pos].s; :- Need(name in oldValues, E(name + " not found in ExpressionAttributeValueMap")); var oldValue := oldValues[name]; var eb :- BeaconForValue(b, expr, pos, names, oldValues); - var newValue :- if eb.beacon.None? then Success(oldValue) else eb.beacon.value.GetBeaconValue(oldValue, keys, eb.forEquality, eb.forContains); + var newValue :- if eb.beacon.None? then Success(oldValue) else eb.beacon.value.GetBeaconValue(oldValue, keys, eb.forEquality, eb.forContains, partition); //= specification/dynamodb-encryption-client/ddb-support.md#queryinputforbeacons //# If a single value in ExpressionAttributeValues is used in more than one context, //# for example an expression of `this = :foo OR that = :foo` where `this` and `that` //# are both beacons, this operation MUST fail. :- Need(name !in newValues || newValues[name] == newValue, E(name + " used in two different contexts, which is not allowed.")); - BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues[name := newValue], acc + [expr[pos]]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues[name := newValue], partition, acc + [expr[pos]]) else - BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, acc + [expr[pos]]) + BeaconizeParsedExpr(b, expr, pos+1, oldValues, names, keys, newValues, partition, acc + [expr[pos]]) } // Convert the tokens back into an expression @@ -676,6 +679,15 @@ module DynamoDBFilterExpr { if 0 < tup.0 then [tup.1] + ParseExpr(s, Add(pos, tup.0)) else [] } + function method {:tailrecursion} ParseExprOpt(s: Option) : (res: seq) + ensures s.None? || s.value == [] ==> res == [] + { + if s.None? then + [] + else + ParseExpr(s.value) + } + // convert ch to lower case function method ByteLower(ch: uint8): uint8 { @@ -1517,7 +1529,8 @@ module DynamoDBFilterExpr { parsed : seq, ItemList : DDB.ItemList, names : Option, - values : DDB.ExpressionAttributeValueMap + values : DDB.ExpressionAttributeValueMap, + partition : PartitionNumber ) returns (output : Result) requires b.ValidState() @@ -1526,7 +1539,7 @@ module DynamoDBFilterExpr { { var acc : DDB.ItemList := []; for i := 0 to |ItemList| { - var newAttrs :- b.GeneratePlainBeacons(ItemList[i]); + var newAttrs :- b.GeneratePlainBeacons(ItemList[i], partition); var doesMatch :- EvalExpr(parsed, ItemList[i] + newAttrs, names, values); if doesMatch { acc := acc + [ItemList[i]]; @@ -1542,8 +1555,8 @@ module DynamoDBFilterExpr { KeyExpression : Option, FilterExpression : Option, names : Option, - values: Option) - returns (output : Result) + values: Option + ) returns (output : Result) requires b.ValidState() ensures b.ValidState() modifies b.Modifies() @@ -1551,22 +1564,24 @@ module DynamoDBFilterExpr { if |ItemList| == 0 || (KeyExpression.None? && FilterExpression.None?) { return Success(ItemList); } else { + // We don't actually need partition_bytes if we're just filtering + var partition : PartitionNumber := 0; var afterKeys; if KeyExpression.Some? { var parsed := ParseExpr(KeyExpression.value); - var expr :- BeaconizeParsedExpr(b, parsed, 0, values.UnwrapOr(map[]), names, DontUseKeys, map[]); + var expr :- BeaconizeParsedExpr(b, parsed, 0, values.UnwrapOr(map[]), names, DontUseKeys, map[], partition); var expr1 := ConvertToPrefix(expr.expr); var expr2 := ConvertToRpn(expr1); - afterKeys :- FilterItems(b, expr2, ItemList, expr.names, expr.values); + afterKeys :- FilterItems(b, expr2, ItemList, expr.names, expr.values, partition); } else { afterKeys := ItemList; } if FilterExpression.Some? { var parsed := ParseExpr(FilterExpression.value); - var expr :- BeaconizeParsedExpr(b, parsed, 0, values.UnwrapOr(map[]), names, DontUseKeys, map[]); + var expr :- BeaconizeParsedExpr(b, parsed, 0, values.UnwrapOr(map[]), names, DontUseKeys, map[], partition); var expr1 := ConvertToPrefix(expr.expr); var expr2 := ConvertToRpn(expr1); - output := FilterItems(b, expr2, afterKeys, expr.names, expr.values); + output := FilterItems(b, expr2, afterKeys, expr.names, expr.values, partition); } else { return Success(afterKeys); } @@ -1644,6 +1659,31 @@ module DynamoDBFilterExpr { GetBeaconKeyIds2(pos+1, bv, expr, values, names, soFar) } + method {:tailrecursion} GetValues( + bv : SI.BeaconVersion, + expr : seq, + values: DDB.ExpressionAttributeValueMap, + names : Option + ) + returns (ret : Result, Error>) + { + var result : seq<(SI.Beacon, string)> := []; + SequenceIsSafeBecauseItIsInMemory(expr); + for pos : uint64 := 0 to |expr| as uint64 { + if expr[pos].Value? { + :- Need(expr[pos].s in values, E(expr[pos].s + " not found in ExpressionAttributeValueMap")); + var oldValue := values[expr[pos].s]; + if oldValue.S? { + var attr := AttrForValue(expr, pos as nat); + if attr.Some? && attr.value.s in bv.beacons { + result := result + [(bv.beacons[attr.value.s], oldValue.S)]; + } + } + } + } + return Success(result); + } + // Search through the query expression to find any Multi-Tenant KeyIds function method GetBeaconKeyIds( bv : SI.BeaconVersion, @@ -1662,6 +1702,34 @@ module DynamoDBFilterExpr { GetBeaconKeyIds2(0, bv, parsed, values, names, soFar) } + method GetNumQueries( + bv : SI.BeaconVersion, + keyExpr : Option, + values: Option, + names : Option + ) + returns (ret : Result) + ensures ret.Success? ==> ret.value <= bv.numPartitions + { + if keyExpr.None? || values.None? { + return Success(1); + } + var parsed := ParseExpr(keyExpr.value); + var values :- GetValues(bv, parsed, values.value, names); + var result : PartitionCount := 1; + SequenceIsSafeBecauseItIsInMemory(values); + for i : uint64 := 0 to |values| as uint64 + invariant result <= bv.numPartitions + { + var partitions := values[i].0.getNumQueries(bv.numPartitions, values[0].1); + if partitions == 1 || partitions == result { + continue; + } + result := lcmPartition(result, partitions, bv.numPartitions); + } + return Success(result); + } + // Search through the query expressions to find the Multi-Tenant KeyId // if not multi-tenant, return None // if multi-tenant, and there's exactly one KeyId, return Some(keyId) @@ -1732,12 +1800,147 @@ module DynamoDBFilterExpr { names : Option ) + // transform index into character + function method AsChar(x : uint32) : (output : char) + requires x < 26 + ensures 'A' <= output <= 'Z' + { + 'A' + x as char + } + + // try different prefixes on `prev` until something is found that is not in `values` + method MakeNewName(prev : string, values : DDB.ExpressionAttributeValueMap, value : DDB.AttributeValue) returns (output : Result) + requires 0 < |prev| + ensures output.Success? ==> + && 0 < |output.value| + && prev < output.value + { + var ch : char := 'A'; + for i : uint32 := 0 to 26 { + for j : uint32 := 0 to 26 { + var new_str := prev + [AsChar(i), AsChar(j)]; + if new_str !in values || values[new_str] == value { + return Success(new_str); + } + } + } + return Failure(E("Could not find new name")); + } + + // Combine old_context and new_context, assuming that both came from Beaconize called with different partition numbers + // this updates values and filterExpr, e.g + // old_context : filterExpr = "(X = :x)" values = {":x" := "aaa"} + // new_context : filterExpr = "X = :x" values = {":x" := "bbb"} + // output : filterExpr = "(X = :x) OR (X = :xAA)" values = {":x" := "aaa", "xAA" := "bbb"} + method AddContext(old_values : DDB.ExpressionAttributeValueMap, new_filter : string, new_values : DDB.ExpressionAttributeValueMap) + returns (output : Result<(string, DDB.ExpressionAttributeValueMap), Error>) + { + var new_value_keys := SortedSets.ComputeSetToSequence(new_values.Keys); + SequenceIsSafeBecauseItIsInMemory(new_value_keys); + var allUnchanged := true; + for i : uint64 := 0 to |new_value_keys| as uint64 + { + if new_value_keys[i] !in old_values { + allUnchanged := false; + break; + } + if new_values[new_value_keys[i]] != old_values[new_value_keys[i]] { + allUnchanged := false; + break; + } + } + if allUnchanged { + return Success((new_filter, old_values)); + } + + var result_values := old_values; + var result_filter := new_filter; + for i : uint64 := 0 to |new_value_keys| as uint64 + { + var key := new_value_keys[i]; + if key in old_values && new_values[key] != old_values[key] { + if 0 == |key| { + return Failure(E("Unexpected zero length key in ExpressionAttributeValueMap")); + } + var new_key :- MakeNewName(key, result_values, new_values[key]); + result_values := result_values[new_key := new_values[key]]; + result_filter := String.SearchAndReplaceAllWhole(result_filter, key, new_key, String.AlphaNumericUnder); + } + } + return Success((result_filter, result_values)); + } + + // Call Beaconize, possibly multiple times if fewer queries than partitions + method DoBeaconize( + b : SI.BeaconVersion, + context : ExprContext, + keyId : MaybeKeyId, + partition : PartitionNumber, + queries : PartitionCount + ) + returns (output : Result) + requires b.ValidState() + requires partition < b.numPartitions + requires partition < queries <= b.numPartitions + ensures b.ValidState() + modifies b.Modifies() + { + if queries == b.numPartitions || (b.numPartitions - partition) <= queries || context.filterExpr.None? || context.values.None? { + output := Beaconize(b, context, keyId, partition); + } else { + var curr_partition : PartitionNumber := partition; + var exprs : seq := []; + var values : DDB.ExpressionAttributeValueMap := map[]; + var keyExpr : Option := None; + var names : Option := None; + + while curr_partition < b.numPartitions + invariant b.ValidState() + invariant curr_partition == partition || 0 < |exprs| + { + var localOut :- Beaconize(b, context, keyId, curr_partition); + if curr_partition == partition { + exprs := [localOut.filterExpr.UnwrapOr("")]; + values := localOut.values.UnwrapOr(map[]); + keyExpr := localOut.keyExpr; + names := localOut.names; + } else { + var tmpOutput :- AddContext(values, localOut.filterExpr.UnwrapOr(""), localOut.values.UnwrapOr(map[])); + var (expr, value) := tmpOutput; + if expr !in exprs { + exprs := exprs + [expr]; + } + values := value; + } + if (b.numPartitions - curr_partition) <= queries { + break; + } else { + curr_partition := curr_partition + queries; + } + } + var result_filter : string; + SequenceIsSafeBecauseItIsInMemory(exprs); + var exprs_size : uint64 := |exprs| as uint64; + assert 0 < exprs_size; + if exprs_size == 1 { + result_filter := exprs[0]; + } else { + result_filter := "(" + exprs[0] + ")"; + for i := 1 to exprs_size { + result_filter := result_filter + " OR (" + exprs[i] + ")"; + } + } + return Success(ExprContext(keyExpr, Some(result_filter), Some(values), names)); + } + } + // transform plain expression "A = B" into beacon expression "aws_dbe_b_A = beacon(B)" // if naked == true, it becomes "aws_dbe_b_A = B" method Beaconize( b : SI.BeaconVersion, context : ExprContext, keyId : MaybeKeyId, + partition : PartitionNumber, naked : bool := false ) returns (output : Result) @@ -1764,14 +1967,14 @@ module DynamoDBFilterExpr { if context.keyExpr.Some? { var parsed := ParseExpr(context.keyExpr.value); - var newContext :- BeaconizeParsedExpr(b, parsed, 0, values, newNames, keys, newValues); + var newContext :- BeaconizeParsedExpr(b, parsed, 0, values, newNames, keys, newValues, partition); newKeyExpr := Some(ParsedExprToString(newContext.expr)); newValues := newContext.values; newNames := newContext.names; } if context.filterExpr.Some? { var parsed := ParseExpr(context.filterExpr.value); - var newContext :- BeaconizeParsedExpr(b, parsed, 0, values, newNames, keys, newValues); + var newContext :- BeaconizeParsedExpr(b, parsed, 0, values, newNames, keys, newValues, partition); newFilterExpr := Some(ParsedExprToString(newContext.expr)); newValues := newContext.values; newNames := newContext.names; @@ -1790,21 +1993,35 @@ module DynamoDBFilterExpr { } // return an error if any encrypted field exists in the query - method TestParsedExpr( + method UsesEncryptedField( expr : seq, - encrypted : set, + actions : AttributeActions, names : Option ) - returns (output : Outcome) + returns (output : Option) { for i := 0 to |expr| { if expr[i].Attr? { var name := GetAttrName(expr[i], names); - if name in encrypted { - return Fail(E("Query is using encrypted field : " + name + ".")); + if name in actions && actions[name] == SE.ENCRYPT_AND_SIGN { + return Some(name); } } } + return None; + } + + method TestParsedExpr( + expr : seq, + actions : AttributeActions, + names : Option + ) + returns (output : Outcome) + { + var hasEncField := UsesEncryptedField(expr, actions, names); + if hasEncField.Some? { + return Fail(E("Query is using encrypted field : " + hasEncField.value + ".")); + } return Pass; } @@ -1817,14 +2034,12 @@ module DynamoDBFilterExpr { ) returns (output : Result) { - var encrypted := set k <- actions | actions[k] == SE.ENCRYPT_AND_SIGN :: k; if keyExpr.Some? { - :- TestParsedExpr(ParseExpr(keyExpr.value), encrypted, names); + :- TestParsedExpr(ParseExpr(keyExpr.value), actions, names); } if filterExpr.Some? { - :- TestParsedExpr(ParseExpr(filterExpr.value), encrypted, names); + :- TestParsedExpr(ParseExpr(filterExpr.value), actions, names); } return Success(true); } - } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy index 348535a56..f0fa58226 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy @@ -518,25 +518,25 @@ module SearchableEncryptionInfo { versions[currWrite].IsVirtualField(field) } - method GeneratePlainBeacons(item : DDB.AttributeMap) returns (output : Result) + method GeneratePlainBeacons(item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result) requires ValidState() { - output := versions[currWrite].GeneratePlainBeacons(item); + output := versions[currWrite].GeneratePlainBeacons(item, partition); } - method GenerateSignedBeacons(item : DDB.AttributeMap) returns (output : Result) + method GenerateSignedBeacons(item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result) requires ValidState() ensures ValidState() modifies Modifies() { - output := versions[currWrite].GenerateSignedBeacons(item); + output := versions[currWrite].GenerateSignedBeacons(item, partition); } - method GenerateEncryptedBeacons(item : DDB.AttributeMap, keyId : MaybeKeyId) returns (output : Result) + method GenerateEncryptedBeacons(item : DDB.AttributeMap, keyId : MaybeKeyId, partition : PartitionNumber) returns (output : Result) requires ValidState() ensures ValidState() modifies Modifies() { - output := versions[currWrite].GenerateEncryptedBeacons(item, keyId); + output := versions[currWrite].GenerateEncryptedBeacons(item, keyId, partition); } } @@ -544,6 +544,16 @@ module SearchableEncryptionInfo { | Standard(std : BaseBeacon.ValidStandardBeacon) | Compound(cmp : CompoundBeacon.ValidCompoundBeacon) { + method getNumQueries(globalMax : PartitionCount, value : string) returns (output : PartitionCount) + ensures 0 <= output <= globalMax + { + if Standard? { + return bmin(std.numberOfPartitions, globalMax); + } else { + output := cmp.getNumQueries(globalMax, value); + return; + } + } predicate method isEncrypted() { if Standard? then @@ -551,7 +561,7 @@ module SearchableEncryptionInfo { else cmp.isEncrypted() } - function method hash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap) + function method hash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap, partition : PartitionNumber) : (ret : Result, Error>) requires !keys.DontUseKeys? @@ -564,33 +574,33 @@ module SearchableEncryptionInfo { if Standard? then :- Need(keys.Keys?, E("Need key for beacon " + std.keyName() + " but no keyId found in query.")); if std.keyName() in keys.value then - std.getHash(item, vf, keys.value[std.keyName()]) + std.getHash(item, vf, keys.value[std.keyName()], partition) else Failure(E("Internal error. Beacon " + std.keyName() + " has no key!")) else - var strHash :- cmp.hash(item, vf, keys); + var strHash :- cmp.hash(item, vf, keys, partition); if strHash.None? then Success(None) else Success(Some(DDB.AttributeValue.S(strHash.value))) } - function method naked(item : DDB.AttributeMap, vf : VirtualFieldMap) : Result, Error> + function method naked(item : DDB.AttributeMap, vf : VirtualFieldMap, partition : PartitionNumber) : Result, Error> { if Standard? then std.getNaked(item, vf) else - var str :- cmp.getNaked(item, vf); + var str :- cmp.getNaked(item, vf, partition); if str.None? then Success(None) else Success(Some(DS(str.value))) } - function method attrHash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap) : Result, Error> + function method attrHash(item : DDB.AttributeMap, vf : VirtualFieldMap, keys : MaybeKeyMap, partition : PartitionNumber) : Result, Error> { if keys.DontUseKeys? then - naked(item, vf) + naked(item, vf, partition) else - hash(item, vf, keys) + hash(item, vf, keys, partition) } function method getName() : string { @@ -614,7 +624,7 @@ module SearchableEncryptionInfo { cmp.GetFields(virtualFields) } - function method GetBeaconValue(value : DDB.AttributeValue, keys : MaybeKeyMap, forEquality : bool, forContains : bool) + function method GetBeaconValue(value : DDB.AttributeValue, keys : MaybeKeyMap, forEquality : bool, forContains : bool, partition : PartitionNumber) : Result { if keys.DontUseKeys? then @@ -623,11 +633,11 @@ module SearchableEncryptionInfo { :- Need(!keys.ShouldHaveKeys?, E("Need KeyId because of beacon " + std.keyName() + " but no KeyId found in query")); var keys := keys.value; if std.keyName() in keys then - std.GetBeaconValue(value, keys[std.keyName()], forContains) + std.GetBeaconValue(value, keys[std.keyName()], forContains, partition) else Failure(E("Internal error. Beacon " + std.keyName() + " has no key.")) else - cmp.GetBeaconValue(value, keys, forEquality) + cmp.GetBeaconValue(value, keys, forEquality, partition) } predicate ValidState() @@ -721,18 +731,21 @@ module SearchableEncryptionInfo { keySource : KeySource, beacons : BeaconMap, virtualFields : VirtualFieldMap, - actions : AttributeActions + actions : AttributeActions, + partitionSelector: IPartitionSelector, + maxPartitions : PartitionCount ) : (ret : Result) requires version == 1 requires keySource.ValidState() + requires partitionSelector.ValidState() { // We happen to order these values, but this ordering MUST NOT be relied upon. var beaconNames := SortedSets.ComputeSetToOrderedSequence2(beacons.Keys, CharLess); var stdKeys := Seq.Filter((k : string) => k in beacons && beacons[k].Standard?, beaconNames); FilterPreservesHasNoDuplicates((k : string) => k in beacons && beacons[k].Standard?, beaconNames); var encrypted := set k <- actions | actions[k] == SE.ENCRYPT_AND_SIGN :: k; - var bv := BeaconVersion.BeaconVersion(version, keySource, virtualFields, beacons, beaconNames, stdKeys, encrypted); + var bv := BeaconVersion.BeaconVersion(version, keySource, virtualFields, beacons, beaconNames, stdKeys, encrypted, partitionSelector, maxPartitions); assert bv.ValidState(); Success(bv) } @@ -747,12 +760,14 @@ module SearchableEncryptionInfo { // The ordering of `beaconNames` MUST NOT be relied upon. beaconNames : seq, stdNames : seq, - encryptedFields : set + encryptedFields : set, + partitionSelector: IPartitionSelector, + numPartitions : PartitionCount ) { function Modifies() : set { - keySource.Modifies() + keySource.Modifies() + partitionSelector.Modifies } predicate ValidState() @@ -764,6 +779,8 @@ module SearchableEncryptionInfo { && |beaconNames| == |beacons| && (forall k <- stdNames :: k in beacons) && Seq.HasNoDuplicates(stdNames) + && 0 < numPartitions + && partitionSelector.ValidState() } predicate method IsBeacon(field : string) @@ -800,15 +817,15 @@ module SearchableEncryptionInfo { } // Get all beacons with plaintext values - method GeneratePlainBeacons(item : DDB.AttributeMap) + method GeneratePlainBeacons(item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result) requires ValidState() { - output := GenerateBeacons2(beaconNames, item, DontUseKeys, AnyBeacon); + output := GenerateBeacons2(beaconNames, item, DontUseKeys, AnyBeacon, partition); } // Get all beacons on fields that are signed, but not encrypted - method GenerateSignedBeacons(item : DDB.AttributeMap) + method GenerateSignedBeacons(item : DDB.AttributeMap, partition : PartitionNumber) returns (output : Result) requires ValidState() ensures ValidState() @@ -827,11 +844,11 @@ module SearchableEncryptionInfo { //= specification/dynamodb-encryption-client/ddb-support.md#addsignedbeacons //# The value of this attribute MUST be a string, //# and must have the value defined in [beacons](../searchable-encryption/beacons.md#beacon-value). - output := GenerateBeacons2(beaconNames, item, DontUseKeys, SignedBeacon); + output := GenerateBeacons2(beaconNames, item, DontUseKeys, SignedBeacon, partition); } // Get all beacons on encrypted fields - method GenerateEncryptedBeacons(item : DDB.AttributeMap, keyId : MaybeKeyId) + method GenerateEncryptedBeacons(item : DDB.AttributeMap, keyId : MaybeKeyId, partition : PartitionNumber) returns (output : Result) requires ValidState() ensures ValidState() @@ -865,13 +882,13 @@ module SearchableEncryptionInfo { //# The result of GetEncryptedBeacons MUST NOT contain any keys //# in the [Encrypt Item Output](./encrypt-item.md#output) AttributeMap. - output := GenerateBeacons2(beaconNames, item, hmacKeys, EncryptedBeacon); + output := GenerateBeacons2(beaconNames, item, hmacKeys, EncryptedBeacon, partition); } - function method GenerateBeacon(name : string, item : DDB.AttributeMap, keys : MaybeKeyMap) : Result, Error> + function method GenerateBeacon(name : string, item : DDB.AttributeMap, keys : MaybeKeyMap, partition : PartitionNumber) : Result, Error> requires name in beacons { - beacons[name].attrHash(item, virtualFields, keys) + beacons[name].attrHash(item, virtualFields, keys, partition) } function method GenerateBeacons2( @@ -879,6 +896,7 @@ module SearchableEncryptionInfo { item : DDB.AttributeMap, keys : MaybeKeyMap, bType : BeaconType, + partition : PartitionNumber, acc : DDB.AttributeMap := map[] ) : Result @@ -889,13 +907,13 @@ module SearchableEncryptionInfo { //= specification/searchable-encryption/beacons.md#partonly-initialization //# The Standard Beacon MUST NOT be stored in the item for a PartOnly beacon. else if IsBeaconOfType(beacons[names[0]], bType) && !IsPartOnly(beacons[names[0]]) then - var value :- GenerateBeacon(names[0], item, keys); + var value :- GenerateBeacon(names[0], item, keys, partition); if value.Some? then - GenerateBeacons2(names[1..], item, keys, bType, acc[beacons[names[0]].getBeaconName() := value.value]) + GenerateBeacons2(names[1..], item, keys, bType, partition, acc[beacons[names[0]].getBeaconName() := value.value]) else - GenerateBeacons2(names[1..], item, keys, bType, acc) + GenerateBeacons2(names[1..], item, keys, bType, partition, acc) else - GenerateBeacons2(names[1..], item, keys, bType, acc) + GenerateBeacons2(names[1..], item, keys, bType, partition, acc) } } } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Util.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Util.dfy index fbf85ff61..956e2a350 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Util.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/src/Util.dfy @@ -8,6 +8,7 @@ module DynamoDbEncryptionUtil { import opened Wrappers import opened StandardLibrary import opened StandardLibrary.UInt + import opened StandardLibrary.MemoryMath import DDB = ComAmazonawsDynamodbTypes const ReservedPrefix := "aws_dbe_" @@ -80,10 +81,122 @@ module DynamoDbEncryptionUtil { } } + const MAX_PARTITION_COUNT : nat := 255 + + type PartitionBytes = x: seq | Valid_PartitionBytes(x) witness [] + newtype OptPartitionCount = x: int | 0 <= x <= MAX_PARTITION_COUNT + + function method PartitionBytesToNumber(x : PartitionBytes) : PartitionNumber + { + if |x| == 0 then + 0 + else + x[0] as PartitionNumber + } + + function method PartitionNumberToBytes(x : PartitionNumber) : PartitionBytes + { + //= specification/searchable-encryption/beacons.md#beacon-partition-encoding + //# If this number is zero, then the input sequence of bytes MUST be returned unchanged. + if x == 0 then + [] + //= specification/searchable-encryption/beacons.md#beacon-partition-encoding + //# Otherwise, a single byte with a value equal to this calculated partition number, MUST be appended to the input sequence of bytes. + else + [x as uint8] + } + + // Java is broken, None becomes Some(0) + predicate method PartitionCountNone(x : Option) + { + x.None? || x.value == 0 + } + + predicate method Valid_PartitionBytes(x : seq) + { + && |x| <= 1 + && (|x| == 1 ==> (0 < x[0] < (MAX_PARTITION_COUNT as uint8))) + } + function printFromFunction(x: T): () { () } by method { print x,"\n"; return (); } + function printFromFunction2(x: T, y : U): () { + () + } by method { + print x, " ", y, "\n"; + return (); + } + function printFromFunction3(x: T, y : U, z : V): () { + () + } by method { + print x, " ", y, " ", z, "\n"; + return (); + } + + function method gcd(a : nat, b : nat) : nat + requires 0 < a || 0 < b + ensures 0 < gcd(a, b) + ensures 0 < b ==> gcd(a, b) <= b + decreases b + { + if b == 0 then + a + else + gcd(b, a % b) + } + + function method lcm(a : nat, b : nat) : nat + requires 0 < a && 0 < b + ensures 0 < lcm(a, b) + { + (a / gcd(a, b)) * b + } + + function method bmin(a : PartitionCount, b : PartitionCount) : (output : PartitionCount) + ensures output <= a + ensures output <= b + { + if a <= b then + a + else + b + } + + function method lcmPartition(a : PartitionCount, b : PartitionCount, max : PartitionCount) : PartitionCount + requires 0 < a && 0 < b + ensures 0 < lcmPartition(a, b, max) <= max + { + if a == 1 || b == max || a == b then + bmin(b, max) + else if b == 1 || a == max then + bmin(a, max) + else + var result := lcm(a as nat, b as nat); + if result < max as nat then + result as PartitionCount + else + max + } + + method lcmSeq(values : seq, max : PartitionCount) returns (output : PartitionCount) + // requires forall i <- values :: i <= max + ensures output <= max + { + var result : PartitionCount := 1; + SequenceIsSafeBecauseItIsInMemory(values); + for i : uint64 := 0 to |values| as uint64 + invariant result <= max + { + var partitions := values[i]; + if partitions == 1 || partitions == result { + continue; + } + result := lcmPartition(result, partitions, max); + } + return result; + } } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy index e0579c635..295dda3f2 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/Beacon.dfy @@ -27,14 +27,26 @@ module TestBaseBeacon { var primitives :- expect Primitives.AtomicPrimitives(); var bb := BeaconBase(client := primitives, name := "foo", beaconName := "aws_dbe_b_foo"); - var b := StandardBeacon(bb, 8, TermLocMap("foo"), false, false, None); + var b := StandardBeacon(bb, 8, TermLocMap("foo"), false, false, None, 5); + var bytes :- expect bb.getHmac([1,2,3], key := [1,2]); expect bytes == [0x27, 0x93, 0x93, 0x8b, 0x26, 0xe9, 0x52, 0x7e]; - var str :- expect b.hash([1,2,3], key := [1,2]); + var str :- expect b.hash([1,2,3], key := [1,2], partition := 0); expect str == "7e"; + + bytes :- expect bb.getHmac([1,2,3,1], key := [1,2]); + expect bytes == [42, 100, 242, 20, 188, 0, 33, 0x1d]; + str :- expect b.hash([1,2,3], key := [1,2], partition := 1); + expect str == "1d"; + + bytes :- expect bb.getHmac([1,2,3,2], key := [1,2]); + expect bytes == [53, 151, 144, 34, 49, 19, 169, 0xef]; + str :- expect b.hash([1,2,3], key := [1,2], partition := 2); + expect str == "ef"; + bytes :- expect bb.getHmac([], key := [1,2]); expect bytes[7] == 0x80; - str :- expect b.hash([], key := [1,2]); + str :- expect b.hash([], key := [1,2], partition := 0); expect str == "80"; bytes :- expect bb.getHmac(x123, key := [1,2]); expect bytes[7] == 0x61; @@ -65,9 +77,9 @@ module TestBaseBeacon { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); var badItem := SimpleItem["Name" := DDB.AttributeValue.S("A.B")]; - var badAttrs := bv.GenerateEncryptedBeacons(badItem, DontUseKeyId); + var badAttrs := bv.GenerateEncryptedBeacons(badItem, DontUseKeyId, 0); expect badAttrs.Failure?; expect_equal(badAttrs.error, E("Part Name for beacon Mixed has value 'A.B' which contains the split character .'.")); } @@ -98,14 +110,14 @@ module TestBaseBeacon { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); assert "std2" in SimpleItem; assert SimpleItem["std2"] == Std2String; assert Std2String == DDB.AttributeValue.N("1.23"); expect "aws_dbe_b_std2" in goodAttrs; expect goodAttrs["aws_dbe_b_std2"] == DDB.AttributeValue.S(std2_beacon); var newItem := SimpleItem["std2" := DDB.AttributeValue.N("000001.23000000")]; - var newAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var newAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect "aws_dbe_b_std2" in newAttrs; expect goodAttrs["aws_dbe_b_std2"] == newAttrs["aws_dbe_b_std2"]; } @@ -132,18 +144,18 @@ module TestBaseBeacon { var badVersion := GetLotsaBeaconsSingleWithSharedCacheWithBadKeyStore(cache := sharedCache, partitionId := Some(partitionId)); var badSrc :- expect C.MakeKeySource(FullTableConfig, badVersion.keyStore, badVersion.keySource, primitives); var badBv :- expect C.ConvertVersionWithSource(FullTableConfig, badVersion, badSrc); - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore var version := GetLotsaBeaconsSingleWithSharedCache(cache := sharedCache, partitionId := Some(partitionId)); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); // This is expected to pass now because the cache already has cached material for this Branch Key ID. // This is a hack to test that the correct material is cached. - var badAttrsNowCached :- expect badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrsNowCached :- expect badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); } method {:test} TestSharedCacheBeaconsSingleKeyStoreWithDifferentPartitionId() @@ -168,7 +180,7 @@ module TestBaseBeacon { var badVersion := GetLotsaBeaconsSingleWithSharedCacheWithBadKeyStore(cache := sharedCache, partitionId := Some(partitionIdBadVersion)); var badSrc :- expect C.MakeKeySource(FullTableConfig, badVersion.keyStore, badVersion.keySource, primitives); var badBv :- expect C.ConvertVersionWithSource(FullTableConfig, badVersion, badSrc); - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore @@ -176,10 +188,10 @@ module TestBaseBeacon { var version := GetLotsaBeaconsSingleWithSharedCache(cache := sharedCache, partitionId := Some(partitionIdGoodVersion)); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); // This is still expected to fail because the partitionId for the cached material is different. - var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect badAttrsNowCached.Failure?; } @@ -204,18 +216,18 @@ module TestBaseBeacon { var badVersion := GetLotsaBeaconsSingleWithSharedCacheWithBadKeyStore(cache := sharedCache, partitionId := None); var badSrc :- expect C.MakeKeySource(FullTableConfig, badVersion.keyStore, badVersion.keySource, primitives); var badBv :- expect C.ConvertVersionWithSource(FullTableConfig, badVersion, badSrc); - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore var version := GetLotsaBeaconsSingleWithSharedCache(cache := sharedCache, partitionId := None); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); // This is still expected to fail because the partitionId for the cached material is different. // If the user does NOT specify the partitionId, it is set to a random UUID - var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect badAttrsNowCached.Failure?; } @@ -237,22 +249,22 @@ module TestBaseBeacon { // } assume{:axiom} false; - // This call is expected to fail because we are providing a Bad KeyStore which does NOT exist + // // This call is expected to fail because we are providing a Bad KeyStore which does NOT exist var badVersion := GetLotsaBeaconsMultiWithSharedCacheWithBadKeyStore(cache := sharedCache, partitionId := Some(partitionId)); var badSrc :- expect C.MakeKeySource(FullTableConfig, badVersion.keyStore, badVersion.keySource, primitives); var badBv :- expect C.ConvertVersionWithSource(FullTableConfig, badVersion, badSrc); - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore var version := GetLotsaBeaconsMultiWithSharedCache(cache := sharedCache, partitionId := Some(partitionId)); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); // This is expected to pass now because the cache already has cached material for this Branch Key ID. // This is a hack to test that the correct material is cached. - var badAttrsNowCached :- expect badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrsNowCached :- expect badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); } @@ -281,7 +293,7 @@ module TestBaseBeacon { // This KeyId is a valid branch_key_id present in the KeyStoreDdbTable. // Providing a valid branch_key_id is important in this method because unlike other tests in Beacon.dfy, // this is used in a test which actually fetches data from DynamoDb without using a Literal KeySource. - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore @@ -289,10 +301,10 @@ module TestBaseBeacon { var version := GetLotsaBeaconsMultiWithSharedCache(cache := sharedCache, partitionId := Some(partitionIdGoodVersion)); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); // This is still expected to fail because the partitionId for the cached material is different. - var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); expect badAttrsNowCached.Failure?; } @@ -320,18 +332,18 @@ module TestBaseBeacon { // This KeyId is a valid branch_key_id present in the KeyStoreDdbTable. // Providing a valid branch_key_id is important in this method because unlike other tests in Beacon.dfy, // this is used in a test which actually fetches data from DynamoDb without using a Literal KeySource. - var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrs := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); expect badAttrs.Failure?; // This is expected to pass because we pass a valid KeyStore var version := GetLotsaBeaconsMultiWithSharedCache(cache := sharedCache, partitionId := None); var src :- expect C.MakeKeySource(FullTableConfig, version.keyStore, version.keySource, primitives); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); // This is still expected to fail because the partitionId for the cached material is different. // If the user does NOT specify the partitionId, it is set to a random UUID - var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73")); + var badAttrsNowCached := badBv.GenerateEncryptedBeacons(SimpleItem, KeyId("040a32a8-3737-4f16-a3ba-bd4449556d73"), 0); expect badAttrsNowCached.Failure?; } @@ -340,9 +352,9 @@ module TestBaseBeacon { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var bv :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var attrs :- expect bv.GenerateSignedBeacons(SimpleItem); + var attrs :- expect bv.GenerateSignedBeacons(SimpleItem, 0); expect attrs == map["JustSigned" := DDB.AttributeValue.S("Y_1984.M_May")]; - attrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + attrs :- expect bv.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect attrs == map[ "aws_dbe_b_Mixed" := DDB.AttributeValue.S("N_" + Name_beacon + ".Y_1984"), "aws_dbe_b_Name" := DDB.AttributeValue.S(Name_beacon), @@ -365,7 +377,7 @@ module TestBaseBeacon { ]; } - method GetBeaconValue(name : string, key : Bytes, value : string, length : BeaconLength) returns (output : string) + method GetBeaconValue(name : string, key : Bytes, value : string, length : BeaconLength, partition : Bytes := []) returns (output : string) { var info :- expect UTF8.Encode("AWS_DBE_SCAN_BEACON" + name); var client :- expect Primitives.AtomicPrimitives(); @@ -379,6 +391,7 @@ module TestBaseBeacon { )); var data :- expect UTF8.Encode(value); + data := data + partition; var input := Prim.HMacInput ( digestAlgorithm := Prim.SHA_384, key := key, @@ -402,30 +415,30 @@ module TestBaseBeacon { var beaconVersion :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("N_MyName.Y_1984")])); - var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("N_MyName")])); - newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("Y_1984")])); - newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("T_foo")])); - newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("M_bar")])); - newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("T_foo.M_bar")])); - newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("N_MyName.N_MyName")])); - var badContext := Beaconize(beaconVersion, context, DontUseKeyId); + var badContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect badContext.Failure?; expect badContext.error == E("Compound Beacon value 'N_MyName.N_MyName' cannot be constructed from any available constructor for Mixed value parsed as N_N_ available constructors are N_Y_, T_[M_]."); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("Y_1984.N_MyName")])); - badContext := Beaconize(beaconVersion, context, DontUseKeyId); + badContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect badContext.Failure?; expect badContext.error == E("Compound Beacon value 'Y_1984.N_MyName' cannot be constructed from any available constructor for Mixed value parsed as Y_N_ available constructors are N_Y_, T_[M_]."); context := context.(values := Some(map[":mixed" := DDB.AttributeValue.S("M_bar.T_foo")])); - badContext := Beaconize(beaconVersion, context, DontUseKeyId); + badContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect badContext.Failure?; expect badContext.error == E("Compound Beacon value 'M_bar.T_foo' cannot be constructed from any available constructor for Mixed value parsed as M_T_ available constructors are N_Y_, T_[M_]."); } @@ -455,7 +468,7 @@ module TestBaseBeacon { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var beaconVersion :- expect C.ConvertVersionWithSource(FullTableConfig, version, src); - var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); expect newContext.values == Some(map[ ":Mixed" := DDB.AttributeValue.S("N_" + Name_beacon + ".Y_1984"), ":Name" := DDB.AttributeValue.S(Name_beacon), @@ -651,13 +664,13 @@ module TestBaseBeacon { var src := GetLiteralSource([1,2,3,4,5], newVersion); var bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); expect goodAttrs == map[ "aws_dbe_b_std2" := DDB.AttributeValue.S("51e1da"), "aws_dbe_b_partOnly" := DDB.AttributeValue.S("405a51"), "aws_dbe_b_compoundPart" := DDB.AttributeValue.S("S_405a51") ]; - var goodQuery := Beaconize(bv, context, DontUseKeyId); + var goodQuery := Beaconize(bv, context, DontUseKeyId, 0); expect goodQuery.Success?; @@ -670,7 +683,7 @@ module TestBaseBeacon { compoundBeacons := Some(version.compoundBeacons.value + [compoundPart]) ); bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); - goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); //= specification/searchable-encryption/beacons.md#partonly-initialization //= type=test @@ -683,7 +696,7 @@ module TestBaseBeacon { //= specification/searchable-encryption/beacons.md#partonly-initialization //= type=test //# A query MUST fail if it tries to search on a PartOnly beacon directly. - var badQuery := Beaconize(bv, context, DontUseKeyId); + var badQuery := Beaconize(bv, context, DontUseKeyId, 0); expect badQuery.Failure?; expect badQuery.error == E("Field partOnly is encrypted, and has a PartOnly beacon, and so can only be used as part of a compound beacon."); } @@ -706,7 +719,7 @@ module TestBaseBeacon { var src := GetLiteralSource([1,2,3,4,5], newVersion); var bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); - var goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + var goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); expect goodAttrs == map[ "aws_dbe_b_std2" := DDB.AttributeValue.S("51e1da"), "aws_dbe_b_partOnly" := DDB.AttributeValue.S("928d9b") @@ -721,7 +734,7 @@ module TestBaseBeacon { standardBeacons := version.standardBeacons + [partBeacon] ); bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); - goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + goodAttrs :- expect bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); //= specification/searchable-encryption/beacons.md#shared-initialization //= type=test @@ -738,7 +751,7 @@ module TestBaseBeacon { Some(map[":pVal" := DDB.AttributeValue.S("foo"), ":sVal" := DDB.AttributeValue.S("foo")]), None ); - var goodQuery :- expect Beaconize(bv, context, DontUseKeyId); + var goodQuery :- expect Beaconize(bv, context, DontUseKeyId, 0); expect goodQuery.values == Some(map[":pVal" := DDB.AttributeValue.S("4379a7"), ":sVal" := DDB.AttributeValue.S("4379a7")]); } @@ -765,7 +778,7 @@ module TestBaseBeacon { var bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); // also check matching beacon value in query - var goodQuery :- expect Beaconize(bv, context, DontUseKeyId); + var goodQuery :- expect Beaconize(bv, context, DontUseKeyId, 0); expect goodQuery.values == Some(map[":setVal" := DDB.AttributeValue.SS(["43c4d8", "2f3278", "f1972e"])]); context := ExprContext ( @@ -774,7 +787,7 @@ module TestBaseBeacon { Some(map[":setVal" := DDB.AttributeValue.S("abc")]), None ); - goodQuery :- expect Beaconize(bv, context, DontUseKeyId); + goodQuery :- expect Beaconize(bv, context, DontUseKeyId, 0); context := ExprContext ( None, @@ -782,7 +795,7 @@ module TestBaseBeacon { Some(map[":setVal" := DDB.AttributeValue.L([])]), None ); - var badQuery := Beaconize(bv, context, DontUseKeyId); + var badQuery := Beaconize(bv, context, DontUseKeyId, 0); expect badQuery.Failure?; expect badQuery.error == E("Beacon setAttr has style AsSet, but attribute has type L."); } @@ -809,7 +822,7 @@ module TestBaseBeacon { var bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); expect "partOnly" in bv.beacons; expect bv.beacons["partOnly"].Standard?; - var goodAttrs := bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + var goodAttrs := bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); if goodAttrs.Failure? { print "\n", goodAttrs.error, "\n"; } @@ -828,7 +841,7 @@ module TestBaseBeacon { //# * Writing an item MUST fail if the item contains this beacon's attribute, //# and that attribute is not of type Set. var BadItem := MyItem["partOnly" := DDB.AttributeValue.S("abc")]; - var badAttrs := bv.GenerateEncryptedBeacons(BadItem, DontUseKeyId); + var badAttrs := bv.GenerateEncryptedBeacons(BadItem, DontUseKeyId, 0); expect badAttrs.Failure?; expect badAttrs.error == E("Beacon partOnly has style AsSet, but attribute has type S."); } @@ -855,7 +868,7 @@ module TestBaseBeacon { var bv :- expect C.ConvertVersionWithSource(newConfig, newVersion, src); expect "partOnly" in bv.beacons; expect bv.beacons["partOnly"].Standard?; - var goodAttrs := bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId); + var goodAttrs := bv.GenerateEncryptedBeacons(MyItem, DontUseKeyId, 0); if goodAttrs.Failure? { print "\n", goodAttrs.error, "\n"; } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy index 2b16f9c8b..f7f57b73b 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/BeaconTestFixtures.dfy @@ -215,6 +215,7 @@ module BeaconTestFixtures { ensures && output.keySource.multi? && output.keySource.multi.cache.None? + && output.partitionSelector.None? { var store := GetKeyStore(); return BeaconVersion ( diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DDBSupport.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DDBSupport.dfy index 4cf5118cc..cd169ba24 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DDBSupport.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/DDBSupport.dfy @@ -22,7 +22,7 @@ module TestDDBSupport { var src := GetLiteralSource([1,2,3,4,5], version); var bv :- expect ConvertVersionWithSource(FullTableConfig, version, src); var search := SI.SearchInfo([bv], 0); - var newItem :- expect AddSignedBeacons(Some(search), SimpleItem); + var newItem :- expect AddSignedBeacons(Some(search), SimpleItem, 0); assert IsValid_AttributeName("aws_dbe_v_1"); assert IsValid_AttributeName("JustSigned"); var expectedNew : DDB.AttributeMap := map[ diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy index 9ad7e9004..5b702d131 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryption/test/FilterExpr.dfy @@ -117,7 +117,7 @@ module TestDynamoDBFilterExpr { var version := GetEmptyBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var beaconVersion :- expect ConvertVersionWithSource(FullTableConfig, version, src); - var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); expect newContext == context; } @@ -144,7 +144,7 @@ module TestDynamoDBFilterExpr { expect OpNeedsBeacon(parsed, 0); expect beaconVersion.beacons[parsed[0].s].getBeaconName() == "aws_dbe_b_std2"; - var newContext :- expect BeaconizeParsedExpr(beaconVersion, parsed, 0, context.values.value, context.names, DontUseKeys, map[]); + var newContext :- expect BeaconizeParsedExpr(beaconVersion, parsed, 0, context.values.value, context.names, DontUseKeys, map[], 0); var exprString := ParsedExprToString(newContext.expr); expect exprString == "aws_dbe_b_std2 = :A AND #Field_4 = :B"; } @@ -172,7 +172,7 @@ module TestDynamoDBFilterExpr { expect OpNeedsBeacon(parsed, 0); expect beaconVersion.beacons[parsed[0].s].getBeaconName() == "aws_dbe_b_std2"; - var newContext := BeaconizeParsedExpr(beaconVersion, parsed, 0, context.values.value, context.names, DontUseKeys, map[]); + var newContext := BeaconizeParsedExpr(beaconVersion, parsed, 0, context.values.value, context.names, DontUseKeys, map[], 0); expect newContext.Failure?; expect newContext.error == E("Field std4 is encrypted, and cannot be searched without a beacon."); @@ -199,13 +199,13 @@ module TestDynamoDBFilterExpr { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var beaconVersion :- expect ConvertVersionWithSource(FullTableConfig, version, src); - var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId); + var newContext :- expect Beaconize(beaconVersion, context, DontUseKeyId, 0); expect_equal(newContext.filterExpr, Some("aws_dbe_b_std2 = :A AND #Field4 = :B")); var newName := "aws_dbe_b_std4"; expect IsValid_AttributeName(newName); var expectedNames: DDB.ExpressionAttributeNameMap := map["#Field4" := newName]; expect_equal(newContext.names, Some(expectedNames)); - var itemBeacons :- expect beaconVersion.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId); + var itemBeacons :- expect beaconVersion.GenerateEncryptedBeacons(SimpleItem, DontUseKeyId, 0); expect "aws_dbe_b_std2" in itemBeacons; expect "aws_dbe_b_std4" in itemBeacons; expect_equal(newContext.values, Some(map[":A" := itemBeacons["aws_dbe_b_std2"], ":B" := itemBeacons["aws_dbe_b_std4"]])); @@ -228,7 +228,7 @@ module TestDynamoDBFilterExpr { var version := GetLotsaBeacons(); var src := GetLiteralSource([1,2,3,4,5], version); var beaconVersion :- expect ConvertVersionWithSource(FullTableConfig, version, src); - var newContext := Beaconize(beaconVersion, context, DontUseKeyId); + var newContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect newContext.Failure?; expect newContext.error == E(":A used in two different contexts, which is not allowed."); @@ -240,7 +240,7 @@ module TestDynamoDBFilterExpr { ]), None ); - newContext := Beaconize(beaconVersion, context, DontUseKeyId); + newContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect newContext.Failure?; expect newContext.error == E(":A used in two different contexts, which is not allowed."); @@ -252,7 +252,7 @@ module TestDynamoDBFilterExpr { ]), None ); - newContext := Beaconize(beaconVersion, context, DontUseKeyId); + newContext := Beaconize(beaconVersion, context, DontUseKeyId, 0); expect newContext.Failure?; expect newContext.error == E(":A used in two different contexts, which is not allowed."); } @@ -730,14 +730,13 @@ module TestDynamoDBFilterExpr { newItems := FilterResults(bv, [SimpleItem], None, Some("NameTitle = :val2"), None, Some(values)); expect newItems.Success?; - var newContext :- expect Beaconize(bv, ExprContext(None, Some("NameTitle = :val1"), Some(values), None), DontUseKeyId); + var newContext :- expect Beaconize(bv, ExprContext(None, Some("NameTitle = :val1"), Some(values), None), DontUseKeyId, 0); expect newContext.values.Some?; expect ":val1" in newContext.values.value; expect newContext.values.value[":val1"] == DS("N_" + EmptyName_beacon); - newContext :- expect Beaconize(bv, ExprContext(None, Some("NameTitle < :val1"), Some(values), None), DontUseKeyId); + newContext :- expect Beaconize(bv, ExprContext(None, Some("NameTitle < :val1"), Some(values), None), DontUseKeyId, 0); expect newContext.values.Some?; expect ":val1" in newContext.values.value; expect newContext.values.value[":val1"] == DS("N_"); } - } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy index de056cf74..e8f57035f 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy @@ -103,6 +103,7 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform ExecuteTransactionInputTransform := []; ExecuteTransactionOutputTransform := []; ResolveAttributes := []; + GetNumberOfQueries := []; } ghost var PutItemInputTransform: seq>> ghost var PutItemOutputTransform: seq>> @@ -131,6 +132,7 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform ghost var ExecuteTransactionInputTransform: seq>> ghost var ExecuteTransactionOutputTransform: seq>> ghost var ResolveAttributes: seq>> + ghost var GetNumberOfQueries: seq>> } trait {:termination false} IDynamoDbEncryptionTransformsClient { @@ -564,6 +566,21 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform ensures ResolveAttributesEnsuresPublicly(input, output) ensures History.ResolveAttributes == old(History.ResolveAttributes) + [DafnyCallEvent(input, output)] + predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result) + // The public method to be called by library consumers + method GetNumberOfQueries ( input: GetNumberOfQueriesInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} , + History`GetNumberOfQueries + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures GetNumberOfQueriesEnsuresPublicly(input, output) + ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)] + } datatype ExecuteStatementInputTransformInput = | ExecuteStatementInputTransformInput ( nameonly sdkInput: ComAmazonawsDynamodbTypes.ExecuteStatementInput @@ -604,6 +621,12 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform datatype GetItemOutputTransformOutput = | GetItemOutputTransformOutput ( nameonly transformedOutput: ComAmazonawsDynamodbTypes.GetItemOutput ) + datatype GetNumberOfQueriesInput = | GetNumberOfQueriesInput ( + nameonly input: ComAmazonawsDynamodbTypes.QueryInput + ) + datatype GetNumberOfQueriesOutput = | GetNumberOfQueriesOutput ( + nameonly numberOfQueries: AwsCryptographyDbEncryptionSdkDynamoDbTypes.PartitionCount + ) datatype PutItemInputTransformInput = | PutItemInputTransformInput ( nameonly sdkInput: ComAmazonawsDynamodbTypes.PutItemInput ) @@ -773,127 +796,153 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService tmp5.search.Some? ==> var tmps6 := set t6 | t6 in tmp5.search.value.versions; forall tmp6 :: tmp6 in tmps6 ==> - tmp6.keySource.single? ==> - tmp6.keySource.single.cache.Some? ==> - tmp6.keySource.single.cache.value.Shared? ==> - tmp6.keySource.single.cache.value.Shared.ValidState() + tmp6.partitionSelector.Some? ==> + tmp6.partitionSelector.value.ValidState() requires var tmps7 := set t7 | t7 in config.tableEncryptionConfigs.Values; forall tmp7 :: tmp7 in tmps7 ==> tmp7.search.Some? ==> var tmps8 := set t8 | t8 in tmp7.search.value.versions; forall tmp8 :: tmp8 in tmps8 ==> - tmp8.keySource.multi? ==> - tmp8.keySource.multi.cache.Some? ==> - tmp8.keySource.multi.cache.value.Shared? ==> - tmp8.keySource.multi.cache.value.Shared.ValidState() - modifies set tmps9 <- set t9 <- config.tableEncryptionConfigs.Values | true - && t9.keyring.Some? - :: t9.keyring.value, - obj <- tmps9.Modifies | obj in tmps9.Modifies :: obj - modifies set tmps10 <- set t10 <- config.tableEncryptionConfigs.Values | true - && t10.cmm.Some? - :: t10.cmm.value, - obj <- tmps10.Modifies | obj in tmps10.Modifies :: obj + tmp8.keySource.single? ==> + tmp8.keySource.single.cache.Some? ==> + tmp8.keySource.single.cache.value.Shared? ==> + tmp8.keySource.single.cache.value.Shared.ValidState() + requires var tmps9 := set t9 | t9 in config.tableEncryptionConfigs.Values; + forall tmp9 :: tmp9 in tmps9 ==> + tmp9.search.Some? ==> + var tmps10 := set t10 | t10 in tmp9.search.value.versions; + forall tmp10 :: tmp10 in tmps10 ==> + tmp10.keySource.multi? ==> + tmp10.keySource.multi.cache.Some? ==> + tmp10.keySource.multi.cache.value.Shared? ==> + tmp10.keySource.multi.cache.value.Shared.ValidState() modifies set tmps11 <- set t11 <- config.tableEncryptionConfigs.Values | true - && t11.legacyOverride.Some? - :: t11.legacyOverride.value.encryptor, + && t11.keyring.Some? + :: t11.keyring.value, obj <- tmps11.Modifies | obj in tmps11.Modifies :: obj modifies set tmps12 <- set t12 <- config.tableEncryptionConfigs.Values | true - && t12.search.Some? - , t13 <- t12.search.value.versions | true - :: t13.keyStore, + && t12.cmm.Some? + :: t12.cmm.value, obj <- tmps12.Modifies | obj in tmps12.Modifies :: obj + modifies set tmps13 <- set t13 <- config.tableEncryptionConfigs.Values | true + && t13.legacyOverride.Some? + :: t13.legacyOverride.value.encryptor, + obj <- tmps13.Modifies | obj in tmps13.Modifies :: obj modifies set tmps14 <- set t14 <- config.tableEncryptionConfigs.Values | true && t14.search.Some? , t15 <- t14.search.value.versions | true - && t15.keySource.single? - && t15.keySource.single.cache.Some? - && t15.keySource.single.cache.value.Shared? - :: t15.keySource.single.cache.value.Shared, + :: t15.keyStore, obj <- tmps14.Modifies | obj in tmps14.Modifies :: obj modifies set tmps16 <- set t16 <- config.tableEncryptionConfigs.Values | true && t16.search.Some? , t17 <- t16.search.value.versions | true - && t17.keySource.multi? - && t17.keySource.multi.cache.Some? - && t17.keySource.multi.cache.value.Shared? - :: t17.keySource.multi.cache.value.Shared, + && t17.partitionSelector.Some? + :: t17.partitionSelector.value, obj <- tmps16.Modifies | obj in tmps16.Modifies :: obj + modifies set tmps18 <- set t18 <- config.tableEncryptionConfigs.Values | true + && t18.search.Some? + , t19 <- t18.search.value.versions | true + && t19.keySource.single? + && t19.keySource.single.cache.Some? + && t19.keySource.single.cache.value.Shared? + :: t19.keySource.single.cache.value.Shared, + obj <- tmps18.Modifies | obj in tmps18.Modifies :: obj + modifies set tmps20 <- set t20 <- config.tableEncryptionConfigs.Values | true + && t20.search.Some? + , t21 <- t20.search.value.versions | true + && t21.keySource.multi? + && t21.keySource.multi.cache.Some? + && t21.keySource.multi.cache.value.Shared? + :: t21.keySource.multi.cache.value.Shared, + obj <- tmps20.Modifies | obj in tmps20.Modifies :: obj ensures res.Success? ==> && fresh(res.value) && fresh(res.value.Modifies - - ( set tmps18 <- set t18 <- config.tableEncryptionConfigs.Values | true - && t18.keyring.Some? - :: t18.keyring.value, - obj <- tmps18.Modifies | obj in tmps18.Modifies :: obj - ) - ( set tmps19 <- set t19 <- config.tableEncryptionConfigs.Values | true - && t19.cmm.Some? - :: t19.cmm.value, - obj <- tmps19.Modifies | obj in tmps19.Modifies :: obj - ) - ( set tmps20 <- set t20 <- config.tableEncryptionConfigs.Values | true - && t20.legacyOverride.Some? - :: t20.legacyOverride.value.encryptor, - obj <- tmps20.Modifies | obj in tmps20.Modifies :: obj - ) - ( set tmps21 <- set t21 <- config.tableEncryptionConfigs.Values | true - && t21.search.Some? - , t22 <- t21.search.value.versions | true - :: t22.keyStore, - obj <- tmps21.Modifies | obj in tmps21.Modifies :: obj + - ( set tmps22 <- set t22 <- config.tableEncryptionConfigs.Values | true + && t22.keyring.Some? + :: t22.keyring.value, + obj <- tmps22.Modifies | obj in tmps22.Modifies :: obj ) - ( set tmps23 <- set t23 <- config.tableEncryptionConfigs.Values | true - && t23.search.Some? - , t24 <- t23.search.value.versions | true - && t24.keySource.single? - && t24.keySource.single.cache.Some? - && t24.keySource.single.cache.value.Shared? - :: t24.keySource.single.cache.value.Shared, + && t23.cmm.Some? + :: t23.cmm.value, obj <- tmps23.Modifies | obj in tmps23.Modifies :: obj + ) - ( set tmps24 <- set t24 <- config.tableEncryptionConfigs.Values | true + && t24.legacyOverride.Some? + :: t24.legacyOverride.value.encryptor, + obj <- tmps24.Modifies | obj in tmps24.Modifies :: obj ) - ( set tmps25 <- set t25 <- config.tableEncryptionConfigs.Values | true && t25.search.Some? , t26 <- t25.search.value.versions | true - && t26.keySource.multi? - && t26.keySource.multi.cache.Some? - && t26.keySource.multi.cache.value.Shared? - :: t26.keySource.multi.cache.value.Shared, + :: t26.keyStore, obj <- tmps25.Modifies | obj in tmps25.Modifies :: obj + ) - ( set tmps27 <- set t27 <- config.tableEncryptionConfigs.Values | true + && t27.search.Some? + , t28 <- t27.search.value.versions | true + && t28.partitionSelector.Some? + :: t28.partitionSelector.value, + obj <- tmps27.Modifies | obj in tmps27.Modifies :: obj + ) - ( set tmps29 <- set t29 <- config.tableEncryptionConfigs.Values | true + && t29.search.Some? + , t30 <- t29.search.value.versions | true + && t30.keySource.single? + && t30.keySource.single.cache.Some? + && t30.keySource.single.cache.value.Shared? + :: t30.keySource.single.cache.value.Shared, + obj <- tmps29.Modifies | obj in tmps29.Modifies :: obj + ) - ( set tmps31 <- set t31 <- config.tableEncryptionConfigs.Values | true + && t31.search.Some? + , t32 <- t31.search.value.versions | true + && t32.keySource.multi? + && t32.keySource.multi.cache.Some? + && t32.keySource.multi.cache.value.Shared? + :: t32.keySource.multi.cache.value.Shared, + obj <- tmps31.Modifies | obj in tmps31.Modifies :: obj ) ) && fresh(res.value.History) && res.value.ValidState() - ensures var tmps27 := set t27 | t27 in config.tableEncryptionConfigs.Values; - forall tmp27 :: tmp27 in tmps27 ==> - tmp27.keyring.Some? ==> - tmp27.keyring.value.ValidState() - ensures var tmps28 := set t28 | t28 in config.tableEncryptionConfigs.Values; - forall tmp28 :: tmp28 in tmps28 ==> - tmp28.cmm.Some? ==> - tmp28.cmm.value.ValidState() - ensures var tmps29 := set t29 | t29 in config.tableEncryptionConfigs.Values; - forall tmp29 :: tmp29 in tmps29 ==> - tmp29.legacyOverride.Some? ==> - tmp29.legacyOverride.value.encryptor.ValidState() - ensures var tmps30 := set t30 | t30 in config.tableEncryptionConfigs.Values; - forall tmp30 :: tmp30 in tmps30 ==> - tmp30.search.Some? ==> - var tmps31 := set t31 | t31 in tmp30.search.value.versions; - forall tmp31 :: tmp31 in tmps31 ==> - tmp31.keyStore.ValidState() - ensures var tmps32 := set t32 | t32 in config.tableEncryptionConfigs.Values; - forall tmp32 :: tmp32 in tmps32 ==> - tmp32.search.Some? ==> - var tmps33 := set t33 | t33 in tmp32.search.value.versions; - forall tmp33 :: tmp33 in tmps33 ==> - tmp33.keySource.single? ==> - tmp33.keySource.single.cache.Some? ==> - tmp33.keySource.single.cache.value.Shared? ==> - tmp33.keySource.single.cache.value.Shared.ValidState() + ensures var tmps33 := set t33 | t33 in config.tableEncryptionConfigs.Values; + forall tmp33 :: tmp33 in tmps33 ==> + tmp33.keyring.Some? ==> + tmp33.keyring.value.ValidState() ensures var tmps34 := set t34 | t34 in config.tableEncryptionConfigs.Values; forall tmp34 :: tmp34 in tmps34 ==> - tmp34.search.Some? ==> - var tmps35 := set t35 | t35 in tmp34.search.value.versions; - forall tmp35 :: tmp35 in tmps35 ==> - tmp35.keySource.multi? ==> - tmp35.keySource.multi.cache.Some? ==> - tmp35.keySource.multi.cache.value.Shared? ==> - tmp35.keySource.multi.cache.value.Shared.ValidState() + tmp34.cmm.Some? ==> + tmp34.cmm.value.ValidState() + ensures var tmps35 := set t35 | t35 in config.tableEncryptionConfigs.Values; + forall tmp35 :: tmp35 in tmps35 ==> + tmp35.legacyOverride.Some? ==> + tmp35.legacyOverride.value.encryptor.ValidState() + ensures var tmps36 := set t36 | t36 in config.tableEncryptionConfigs.Values; + forall tmp36 :: tmp36 in tmps36 ==> + tmp36.search.Some? ==> + var tmps37 := set t37 | t37 in tmp36.search.value.versions; + forall tmp37 :: tmp37 in tmps37 ==> + tmp37.keyStore.ValidState() + ensures var tmps38 := set t38 | t38 in config.tableEncryptionConfigs.Values; + forall tmp38 :: tmp38 in tmps38 ==> + tmp38.search.Some? ==> + var tmps39 := set t39 | t39 in tmp38.search.value.versions; + forall tmp39 :: tmp39 in tmps39 ==> + tmp39.partitionSelector.Some? ==> + tmp39.partitionSelector.value.ValidState() + ensures var tmps40 := set t40 | t40 in config.tableEncryptionConfigs.Values; + forall tmp40 :: tmp40 in tmps40 ==> + tmp40.search.Some? ==> + var tmps41 := set t41 | t41 in tmp40.search.value.versions; + forall tmp41 :: tmp41 in tmps41 ==> + tmp41.keySource.single? ==> + tmp41.keySource.single.cache.Some? ==> + tmp41.keySource.single.cache.value.Shared? ==> + tmp41.keySource.single.cache.value.Shared.ValidState() + ensures var tmps42 := set t42 | t42 in config.tableEncryptionConfigs.Values; + forall tmp42 :: tmp42 in tmps42 ==> + tmp42.search.Some? ==> + var tmps43 := set t43 | t43 in tmp42.search.value.versions; + forall tmp43 :: tmp43 in tmps43 ==> + tmp43.keySource.multi? ==> + tmp43.keySource.multi.cache.Some? ==> + tmp43.keySource.multi.cache.value.Shared? ==> + tmp43.keySource.multi.cache.value.Shared.ValidState() // Helper functions for the benefit of native code to create a Success(client) without referring to Dafny internals function method CreateSuccessOfClient(client: IDynamoDbEncryptionTransformsClient): Result { @@ -1456,6 +1505,26 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService History.ResolveAttributes := History.ResolveAttributes + [DafnyCallEvent(input, output)]; } + predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result) + {Operations.GetNumberOfQueriesEnsuresPublicly(input, output)} + // The public method to be called by library consumers + method GetNumberOfQueries ( input: GetNumberOfQueriesInput ) + returns (output: Result) + requires + && ValidState() + modifies Modifies - {History} , + History`GetNumberOfQueries + // Dafny will skip type parameters when generating a default decreases clause. + decreases Modifies - {History} + ensures + && ValidState() + ensures GetNumberOfQueriesEnsuresPublicly(input, output) + ensures History.GetNumberOfQueries == old(History.GetNumberOfQueries) + [DafnyCallEvent(input, output)] + { + output := Operations.GetNumberOfQueries(config, input); + History.GetNumberOfQueries := History.GetNumberOfQueries + [DafnyCallEvent(input, output)]; + } + } } abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations { @@ -1896,4 +1965,20 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsOperatio ensures && ValidInternalConfig?(config) ensures ResolveAttributesEnsuresPublicly(input, output) + + + predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result) + // The private method to be refined by the library developer + + + method GetNumberOfQueries ( config: InternalConfig , input: GetNumberOfQueriesInput ) + returns (output: Result) + requires + && ValidInternalConfig?(config) + modifies ModifiesInternalConfig(config) + // Dafny will skip type parameters when generating a default decreases clause. + decreases ModifiesInternalConfig(config) + ensures + && ValidInternalConfig?(config) + ensures GetNumberOfQueriesEnsuresPublicly(input, output) } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/DynamoDbEncryptionTransforms.smithy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/DynamoDbEncryptionTransforms.smithy index 731cb9b00..36bc64a31 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/DynamoDbEncryptionTransforms.smithy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/Model/DynamoDbEncryptionTransforms.smithy @@ -7,12 +7,14 @@ use aws.cryptography.dbEncryptionSdk.dynamoDb#DynamoDbTablesEncryptionConfig use com.amazonaws.dynamodb#DynamoDB_20120810 use com.amazonaws.dynamodb#TableName use com.amazonaws.dynamodb#AttributeMap +use com.amazonaws.dynamodb#QueryInput use aws.cryptography.dbEncryptionSdk.dynamoDb#DynamoDbEncryption use aws.cryptography.dbEncryptionSdk.dynamoDb.itemEncryptor#DynamoDbItemEncryptor use aws.cryptography.dbEncryptionSdk.dynamoDb#VersionNumber use aws.cryptography.dbEncryptionSdk.structuredEncryption#StructuredEncryption use aws.cryptography.materialProviders#AwsCryptographicMaterialProviders +use aws.cryptography.dbEncryptionSdk.dynamoDb#PartitionCount use aws.polymorph#localService use aws.polymorph#javadoc @@ -58,6 +60,7 @@ service DynamoDbEncryptionTransforms { ExecuteTransactionInputTransform, ExecuteTransactionOutputTransform, ResolveAttributes, + GetNumberOfQueries, ], errors: [ DynamoDbEncryptionTransformsException ] } @@ -73,6 +76,29 @@ map StringMap { value : String } +@javadoc("Return the necessary number of query operations for this query, based on partition usage.") +operation GetNumberOfQueries { + input: GetNumberOfQueriesInput, + output: GetNumberOfQueriesOutput, +} + +//= specification/dynamodb-encryption-client/ddb-get-number-of-queries.md#input +//= type=implication +//# This operation MUST take as input the QueryInput structure under consideration. +structure GetNumberOfQueriesInput { + @required + input: QueryInput +} + +//= specification/dynamodb-encryption-client/ddb-get-number-of-queries.md#input +//= type=implication +//# This operation MUST return the number of queries necessary. +structure GetNumberOfQueriesOutput { + @required + numberOfQueries: PartitionCount +} + + structure ResolveAttributesInput { @required @javadoc("Use the config for this Table.") diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AttributeResolver.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AttributeResolver.dfy index 2dbaed02b..26ba2073f 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AttributeResolver.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AttributeResolver.dfy @@ -7,6 +7,7 @@ module AttributeResolver { import opened DdbMiddlewareConfig import opened DynamoDbMiddlewareSupport import opened Wrappers + import opened StandardLibrary.UInt import DDB = ComAmazonawsDynamodbTypes import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes @@ -31,8 +32,10 @@ module AttributeResolver { ); } else { var tableConfig := config.tableEncryptionConfigs[input.TableName]; + assume {:axiom} fresh(if tableConfig.search.Some? then tableConfig.search.value.curr().partitionSelector.Modifies else {}); + var partition :- GetRandomPartition(tableConfig, input.Item); var vf :- GetVirtualFields(tableConfig.search.value, input.Item, input.Version); - var cb :- GetCompoundBeacons(tableConfig.search.value, input.Item, input.Version); + var cb :- GetCompoundBeacons(tableConfig.search.value, input.Item, input.Version, partition); return Success( ResolveAttributesOutput( VirtualFields := vf, diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations.dfy index 806faac6b..d7d0cd1f0 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations.dfy @@ -17,6 +17,7 @@ include "ExecuteStatementTransform.dfy" include "BatchExecuteStatementTransform.dfy" include "ExecuteTransactionTransform.dfy" include "AttributeResolver.dfy" +include "GetNumberOfQueries.dfy" module AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations refines AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations { import opened DdbMiddlewareConfig @@ -43,6 +44,7 @@ module AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations refines Abstra import BatchExecuteStatementTransform import ExecuteTransactionTransform import AttributeResolver + import NumberOfQueries predicate ValidInternalConfig?(config: InternalConfig) { @@ -299,4 +301,13 @@ module AwsCryptographyDbEncryptionSdkDynamoDbTransformsOperations refines Abstra { output := AttributeResolver.Resolve(config, input); } + + predicate GetNumberOfQueriesEnsuresPublicly(input: GetNumberOfQueriesInput , output: Result) + {true} + + method GetNumberOfQueries(config: InternalConfig, input: GetNumberOfQueriesInput) + returns (output: Result) + { + output := NumberOfQueries.Get(config, input); + } } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchWriteItemTransform.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchWriteItemTransform.dfy index b0633c59d..3112c0a8d 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchWriteItemTransform.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/BatchWriteItemTransform.dfy @@ -7,6 +7,7 @@ module BatchWriteItemTransform { import opened DdbMiddlewareConfig import opened DynamoDbMiddlewareSupport import opened Wrappers + import opened StandardLibrary.UInt import DDB = ComAmazonawsDynamodbTypes import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes @@ -53,12 +54,14 @@ module BatchWriteItemTransform { //# The Item MUST be [writable](ddb-support.md#writable). var _ :- IsWriteable(tableConfig, req.PutRequest.value.Item); - var item :- AddSignedBeacons(tableConfig, req.PutRequest.value.Item); + assume {:axiom} fresh(if tableConfig.search.Some? then tableConfig.search.value.curr().partitionSelector.Modifies else {}); + var partition :- GetRandomPartition(tableConfig, req.PutRequest.value.Item); + var item :- AddSignedBeacons(tableConfig, req.PutRequest.value.Item, partition); var encryptRes := tableConfig.itemEncryptor.EncryptItem(EncTypes.EncryptItemInput(plaintextItem:=item)); var encrypted :- MapError(encryptRes); var keyId :- GetKeyIdFromHeader(tableConfig, encrypted); - var beaconAttrs :- GetEncryptedBeacons(tableConfig, req.PutRequest.value.Item, Util.MaybeFromOptionKeyId(keyId)); + var beaconAttrs :- GetEncryptedBeacons(tableConfig, req.PutRequest.value.Item, Util.MaybeFromOptionKeyId(keyId), partition); //= specification/dynamodb-encryption-client/ddb-sdk-integration.md#encrypt-before-batchwriteitem //# The PutRequest request's `Item` field MUST be replaced diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DdbMiddlewareConfig.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DdbMiddlewareConfig.dfy index e841deb98..4dbaae4b6 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DdbMiddlewareConfig.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DdbMiddlewareConfig.dfy @@ -5,15 +5,17 @@ include "../Model/AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.dfy" module DdbMiddlewareConfig { import opened Wrappers import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes + import opened StandardLibrary.UInt import DynamoDbItemEncryptor import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes import DDBE = AwsCryptographyDbEncryptionSdkDynamoDbTypes import SearchableEncryptionInfo import DDB = ComAmazonawsDynamodbTypes import HexStrings + import StandardLibrary.String datatype TableConfig = TableConfig( - physicalTableName: ComAmazonawsDynamodbTypes.TableName, + physicalTableName: DDB.TableName, logicalTableName: string, partitionKeyName: string, sortKeyName: Option, @@ -29,6 +31,33 @@ module DdbMiddlewareConfig { || config.tableEncryptionConfigs[tableName].plaintextOverride == AwsCryptographyDbEncryptionSdkDynamoDbTypes.PlaintextOverride.FORCE_PLAINTEXT_WRITE_ALLOW_PLAINTEXT_READ } + method GetRandomPartition(config : TableConfig, item : DDB.AttributeMap) returns (output : Result) + modifies if config.search.Some? then config.search.value.curr().partitionSelector.Modifies else {} + requires if config.search.Some? then config.search.value.curr().partitionSelector.ValidState() else true + ensures if config.search.Some? then config.search.value.curr().partitionSelector.ValidState() else true + { + if config.search.None? { + return Success(0); + } + var numPartitions := config.search.value.versions[0].numPartitions; + if numPartitions <= 1 { + return Success(0); + } + + var outR := config.search.value.curr().partitionSelector.GetPartitionNumber(DDBE.GetPartitionNumberInput( + item := item, numberOfPartitions := numPartitions, logicalTableName := config.logicalTableName)); + var out :- outR.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); + if out.partitionNumber == 0 { + return Success(0); + } else if numPartitions as DDBE.PartitionCount <= out.partitionNumber { + return Failure(E("Partition Selector returned " + String.Base10Int2String(out.partitionNumber as int) + " which should have been no more than " + String.Base10Int2String(numPartitions as int))); + } else if out.partitionNumber < 0 { + return Failure(E("Partition Selector returned " + String.Base10Int2String(out.partitionNumber as int) + " which should have been positive.")); + } else { + return Success(out.partitionNumber); + } + } + predicate ValidTableConfig?(config: TableConfig) { var encryptorConfig := config.itemEncryptor.config; && config.logicalTableName == encryptorConfig.logicalTableName diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DynamoDbMiddlewareSupport.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DynamoDbMiddlewareSupport.dfy index 4e9e956a8..9f070137c 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DynamoDbMiddlewareSupport.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/DynamoDbMiddlewareSupport.dfy @@ -25,6 +25,13 @@ module DynamoDbMiddlewareSupport { import SI = SearchableEncryptionInfo + method GetNumberOfQueries(config : ValidTableConfig, query : DDB.QueryInput) returns (output : Result) + requires config.search.Some? + { + var numQueries := BS.GetNumberOfQueries(config.search.value.versions[0], query); + return numQueries.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); + } + predicate method NoMap(m : Option>) { OptionalMapIsSafeBecauseItIsInMemory(m); @@ -87,27 +94,27 @@ module DynamoDbMiddlewareSupport { // AddSignedBeacons examines an AttributeMap and modifies it to be appropriate for Searchable Encryption, // returning a replacement AttributeMap. - method AddSignedBeacons(config : ValidTableConfig, item : DDB.AttributeMap) + method AddSignedBeacons(config : ValidTableConfig, item : DDB.AttributeMap, partition : ET.PartitionNumber) returns (output : Result) requires AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.ValidInternalConfig?(config.itemEncryptor.config) requires OneSearchValidState(config) ensures OneSearchValidState(config) modifies OneSearchModifies(config) { - var ret := BS.AddSignedBeacons(config.search, item); + var ret := BS.AddSignedBeacons(config.search, item, partition); return ret.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); } // GetEncryptedBeacons examines an AttributeMap and modifies it to be appropriate for Searchable Encryption, // returning just the new items. - method GetEncryptedBeacons(config : ValidTableConfig, item : DDB.AttributeMap, keyId : Util.MaybeKeyId) + method GetEncryptedBeacons(config : ValidTableConfig, item : DDB.AttributeMap, keyId : Util.MaybeKeyId, partition : ET.PartitionNumber) returns (output : Result) requires AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations.ValidInternalConfig?(config.itemEncryptor.config) requires OneSearchValidState(config) ensures OneSearchValidState(config) modifies OneSearchModifies(config) { - var ret := BS.GetEncryptedBeacons(config.search, item, keyId); + var ret := BS.GetEncryptedBeacons(config.search, item, keyId, partition); return ret.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); } @@ -242,13 +249,13 @@ module DynamoDbMiddlewareSupport { return ret.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); } - method GetCompoundBeacons(search : SearchableEncryptionInfo.ValidSearchInfo, item : DDB.AttributeMap, version : Option) + method GetCompoundBeacons(search : SearchableEncryptionInfo.ValidSearchInfo, item : DDB.AttributeMap, version : Option, partition : ET.PartitionNumber) returns (output : Result, Error>) { if version.Some? && version.value != 1 { return Failure(E("Beacon Version Number must be '1'")); } - var ret := BS.GetCompoundBeacons(search.curr(), item); + var ret := BS.GetCompoundBeacons(search.curr(), item, partition); return ret.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/GetNumberOfQueries.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/GetNumberOfQueries.dfy new file mode 100644 index 000000000..194ef8380 --- /dev/null +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/GetNumberOfQueries.dfy @@ -0,0 +1,32 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 + +include "DynamoDbMiddlewareSupport.dfy" + +module NumberOfQueries { + import opened DdbMiddlewareConfig + import DynamoDbMiddlewareSupport + import opened Wrappers + import opened StandardLibrary.UInt + import DDB = ComAmazonawsDynamodbTypes + import opened AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes + import EncTypes = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorTypes + import Seq + import DynamoDBSupport + + method Get(config: Config, input: GetNumberOfQueriesInput) + returns (output: Result) + requires ValidConfig?(config) + ensures ValidConfig?(config) + modifies ModifiesConfig(config) + { + if || input.input.TableName !in config.tableEncryptionConfigs + || config.tableEncryptionConfigs[input.input.TableName].search.None? + { + return Success(GetNumberOfQueriesOutput(numberOfQueries := 1)); + } + var conf := config.tableEncryptionConfigs[input.input.TableName]; + var numQueries :- DynamoDbMiddlewareSupport.GetNumberOfQueries(conf, input.input); + return Success(GetNumberOfQueriesOutput(numberOfQueries := numQueries)); + } +} diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy index b82f33140..793da1425 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/Index.dfy @@ -161,6 +161,7 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform assert SearchConfigToInfo.ValidSearchConfig(inputConfig.search); SearchInModifies(config, tableName); reveal SearchConfigToInfo.ValidSharedCache(); + assume {:axiom} if inputConfig.search.Some? && inputConfig.search.value.versions[0].partitionSelector.Some? then fresh(inputConfig.search.value.versions[0].partitionSelector.value.Modifies) else true; var searchR := SearchConfigToInfo.Convert(inputConfig); var search :- searchR.MapFailure(e => AwsCryptographyDbEncryptionSdkDynamoDb(e)); assert search.None? || search.value.ValidState(); @@ -288,13 +289,9 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform return Success(client); } - // lemma ConstructionOK(config : DdbMiddlewareConfig.Config) - // requires Operations.ValidInternalConfig?(config) - // ensures new DynamoDbEncryptionTransformsClient(newConfig).ValidState() - class DynamoDbEncryptionTransformsClient... { - predicate ValidState() + predicate {:vcs_split_on_every_assert} ValidState() { && Operations.ValidInternalConfig?(config) && History !in Operations.ModifiesInternalConfig(config) @@ -306,7 +303,8 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.transform this.config := config; History := new IDynamoDbEncryptionTransformsClientCallHistory(); Modifies := Operations.ModifiesInternalConfig(config) + {History}; + new; + assume {:axiom} History !in Operations.ModifiesInternalConfig(this.config); } - } } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/PutItemTransform.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/PutItemTransform.dfy index dca21dff9..3fb9b83b9 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/PutItemTransform.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/PutItemTransform.dfy @@ -58,13 +58,15 @@ module PutItemTransform { input.sdkInput.ConditionExpression, input.sdkInput.ExpressionAttributeNames, input.sdkInput.ExpressionAttributeValues); - var item :- AddSignedBeacons(tableConfig, input.sdkInput.Item); + assume {:axiom} fresh(if tableConfig.search.Some? then tableConfig.search.value.curr().partitionSelector.Modifies else {}); + var partition :- GetRandomPartition(tableConfig, input.sdkInput.Item); + var item :- AddSignedBeacons(tableConfig, input.sdkInput.Item, partition); var encryptRes := tableConfig.itemEncryptor.EncryptItem( EncTypes.EncryptItemInput(plaintextItem:=item) ); var encrypted :- MapError(encryptRes); var keyId :- GetKeyIdFromHeader(tableConfig, encrypted); - var beacons :- GetEncryptedBeacons(tableConfig, input.sdkInput.Item, Util.MaybeFromOptionKeyId(keyId)); + var beacons :- GetEncryptedBeacons(tableConfig, input.sdkInput.Item, Util.MaybeFromOptionKeyId(keyId), partition); return Success(PutItemInputTransformOutput(transformedInput := input.sdkInput.(Item := encrypted.encryptedItem + beacons))); } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/QueryTransform.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/QueryTransform.dfy index e9d601f94..e1b0434a6 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/QueryTransform.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/QueryTransform.dfy @@ -44,7 +44,6 @@ module QueryTransform { :- Need(NoMap(input.sdkInput.QueryFilter), E("Legacy parameter 'QueryFilter' not supported in Query with Encryption")); :- Need(input.sdkInput.ConditionalOperator.None?, E("Legacy parameter 'ConditionalOperator' not supported in Query with Encryption")); var tableConfig := config.tableEncryptionConfigs[input.sdkInput.TableName]; - var finalResult :- QueryInputForBeacons(tableConfig, input.sdkInput); return Success(QueryInputTransformOutput(transformedInput := finalResult)); } diff --git a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/TransactWriteItemsTransform.dfy b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/TransactWriteItemsTransform.dfy index 4e6ce42b4..147fa36b0 100644 --- a/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/TransactWriteItemsTransform.dfy +++ b/DynamoDbEncryption/dafny/DynamoDbEncryptionTransforms/src/TransactWriteItemsTransform.dfy @@ -89,14 +89,16 @@ module TransactWriteItemsTransform { item.Put.value.ExpressionAttributeNames, item.Put.value.ExpressionAttributeValues); - var beaconItem :- AddSignedBeacons(tableConfig, item.Put.value.Item); + assume {:axiom} fresh(if tableConfig.search.Some? then tableConfig.search.value.curr().partitionSelector.Modifies else {}); + var partition :- GetRandomPartition(tableConfig, item.Put.value.Item); + var beaconItem :- AddSignedBeacons(tableConfig, item.Put.value.Item, partition); var encryptRes := tableConfig.itemEncryptor.EncryptItem( EncTypes.EncryptItemInput(plaintextItem:=beaconItem) ); var encrypted :- MapError(encryptRes); var keyId :- GetKeyIdFromHeader(tableConfig, encrypted); - var beaconAttrs :- GetEncryptedBeacons(tableConfig, item.Put.value.Item, Util.MaybeFromOptionKeyId(keyId)); + var beaconAttrs :- GetEncryptedBeacons(tableConfig, item.Put.value.Item, Util.MaybeFromOptionKeyId(keyId), partition); //= specification/dynamodb-encryption-client/ddb-sdk-integration.md#encrypt-before-transactwriteitems //# - The PutItem request's `Item` field MUST be replaced diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go index f8d6de5be..83ed5de4c 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go @@ -267,3 +267,12 @@ func (shim *Shim) ResolveAttributes(input AwsCryptographyDbEncryptionSdkDynamoDb } return Wrappers.Companion_Result_.Create_Success_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.ResolveAttributesOutput_ToDafny(*native_response)) } + +func (shim *Shim) GetNumberOfQueries(input AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput) Wrappers.Result { + var native_request = awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.GetNumberOfQueriesInput_FromDafny(input) + var native_response, native_error = shim.client.GetNumberOfQueries(context.Background(), native_request) + if native_error != nil { + return Wrappers.Companion_Result_.Create_Failure_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.Error_ToDafny(native_error)) + } + return Wrappers.Companion_Result_.Create_Success_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.GetNumberOfQueriesOutput_ToDafny(*native_response)) +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go new file mode 100644 index 000000000..d33e31b98 --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go @@ -0,0 +1,25 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographydbencryptionsdkdynamodbsmithygenerated + +import ( + "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/AwsCryptographyDbEncryptionSdkDynamoDbTypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes" +) + +type PartitionSelector struct { + Impl AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector +} + +func (this *PartitionSelector) GetPartitionNumber(params awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput) (*awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput, error) { + var dafny_request AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput = GetPartitionNumberInput_ToDafny(params) + var dafny_response = this.Impl.GetPartitionNumber(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = GetPartitionNumberOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput)) + return &native_response, nil + +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go index 0d502826c..bc3c29512 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go @@ -96,6 +96,29 @@ func LegacyDynamoDbEncryptor_ToDafny(nativeResource awscryptographydbencryptions } +func GetPartitionNumberInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput) AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_GetPartitionNumberInput_.Create_GetPartitionNumberInput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_ToDafny(nativeInput.Item), Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_ToDafny(nativeInput.NumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_ToDafny(nativeInput.LogicalTableName)) + }() + +} + +func GetPartitionNumberOutput_ToDafny(nativeOutput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput) AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_GetPartitionNumberOutput_.Create_GetPartitionNumberOutput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_ToDafny(nativeOutput.PartitionNumber)) + }() + +} + +func PartitionSelector_ToDafny(nativeResource awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector) AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector { + return nativeResource.(*PartitionSelector).Impl + +} + func DynamoDbEncryptionException_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException) AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error { @@ -308,7 +331,7 @@ func CompoundBeacon_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsm func StandardBeacon_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon) AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(nativeInput.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(nativeInput.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(nativeInput.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(nativeInput.Style)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(nativeInput.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(nativeInput.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(nativeInput.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(nativeInput.Style), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(nativeInput.NumberOfPartitions)) }() } @@ -432,7 +455,12 @@ func VirtualField_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmit func BeaconVersion_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion) AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(nativeInput.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(nativeInput.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(nativeInput.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(nativeInput.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(nativeInput.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(nativeInput.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(nativeInput.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(nativeInput.SignedParts)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(nativeInput.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(nativeInput.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(nativeInput.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(nativeInput.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(nativeInput.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(nativeInput.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(nativeInput.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(nativeInput.SignedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(nativeInput.MaximumNumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(nativeInput.DefaultNumberOfPartitions), func() Wrappers.Option { + if (nativeInput.PartitionSelector) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(PartitionSelector_ToDafny(nativeInput.PartitionSelector)) + }()) }() } @@ -669,6 +697,43 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetBranchKeyIdFromDdbKeyOutput_br }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_ToDafny(input map[string]dynamodbtypes.AttributeValue) dafny.Map { + return func() dafny.Map { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_key_ToDafny(key), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_value_ToDafny(val)) + } + return fieldValue.ToMap() + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_ToDafny(input string) dafny.Sequence { + return func() dafny.Sequence { + + return func() dafny.Sequence { + res, err := UTF8.DecodeFromNativeGoByteArray([]byte(input)) + if err != nil { + panic("invalid utf8 input provided") + } + return res + }() + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_ToDafny(input string) dafny.Sequence { return func() dafny.Sequence { @@ -1147,6 +1212,15 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(inpu }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_Insert_literal_ToDafny(input string) dafny.Sequence { return func() dafny.Sequence { @@ -1428,7 +1502,7 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToD func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeaconList_member_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon) AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(input.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(input.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(input.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(input.Style)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(input.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(input.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(input.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(input.Style), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(input.NumberOfPartitions)) }() } @@ -1502,6 +1576,24 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_LegacyOverride_policy_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy) AwsCryptographyDbEncryptionSdkDynamoDbTypes.LegacyPolicy { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.LegacyPolicy { @@ -1617,7 +1709,12 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_versions_ToDafny(inp func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersionList_member_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion) AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(input.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(input.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(input.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(input.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(input.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(input.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(input.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(input.SignedParts)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(input.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(input.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(input.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(input.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(input.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(input.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(input.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(input.SignedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(input.MaximumNumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(input.DefaultNumberOfPartitions), func() Wrappers.Option { + if (input.PartitionSelector) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(PartitionSelector_ToDafny(input.PartitionSelector)) + }()) }() } diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go index edd510e8a..0cf6888cb 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go @@ -75,6 +75,26 @@ func LegacyDynamoDbEncryptor_FromDafny(dafnyResource AwsCryptographyDbEncryption return &LegacyDynamoDbEncryptor{dafnyResource} } +func GetPartitionNumberInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput { + + return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput{Item: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_FromDafny(dafnyInput.Dtor_item()), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_FromDafny(dafnyInput.Dtor_numberOfPartitions()), + LogicalTableName: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_FromDafny(dafnyInput.Dtor_logicalTableName()), + } + +} + +func GetPartitionNumberOutput_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput { + + return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput{PartitionNumber: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_FromDafny(dafnyOutput.Dtor_partitionNumber())} + +} + +func PartitionSelector_FromDafny(dafnyResource AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + + return &PartitionSelector{dafnyResource} +} + func DynamoDbEncryptionException_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException{Message: Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_FromDafny(dafnyOutput.Dtor_message())} @@ -275,9 +295,10 @@ func CompoundBeacon_FromDafny(input interface{}) awscryptographydbencryptionsdkd func StandardBeacon_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon{Name: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_name()), - Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), - Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), - Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), + Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), + Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_numberOfPartitions().UnwrapOr(nil)), } } @@ -401,13 +422,21 @@ func VirtualField_FromDafny(input interface{}) awscryptographydbencryptionsdkdyn func BeaconVersion_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion{Version: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_version()), - KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), - KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), - StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), - CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), - VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), - EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), - SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), + KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), + StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), + CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), + VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), + EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), + SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + MaximumNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_maximumNumberOfPartitions().UnwrapOr(nil)), + DefaultNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_defaultNumberOfPartitions().UnwrapOr(nil)), + PartitionSelector: func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + if input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil) == nil { + return nil + } + return PartitionSelector_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil).(AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector)) + }(), } } @@ -634,6 +663,42 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetBranchKeyIdFromDdbKeyOutput_br return s }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_FromDafny(input interface{}) map[string]dynamodbtypes.AttributeValue { + var m map[string]dynamodbtypes.AttributeValue = make(map[string]dynamodbtypes.AttributeValue) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_FromDafny(input interface{}) string { + return func() string { + + a := UTF8.Encode(input.(dafny.Sequence)).Dtor_value() + s := string(dafny.ToByteArray(a.(dafny.Sequence))) + + return s + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_FromDafny(input interface{}) string { return func() string { @@ -1044,6 +1109,16 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(in return union } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_Insert_literal_FromDafny(input interface{}) string { return func() string { @@ -1293,9 +1368,10 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_Fro } func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeaconList_member_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon{Name: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_name()), - Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), - Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), - Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), + Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), + Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_numberOfPartitions().UnwrapOr(nil)), } } func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input interface{}) []awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.CompoundBeacon { @@ -1367,6 +1443,26 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDaf } return fieldValue } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_LegacyOverride_policy_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy { return func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy { var u awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy @@ -1461,13 +1557,21 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_versions_FromDafny(i } func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersionList_member_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion{Version: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_version()), - KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), - KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), - StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), - CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), - VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), - EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), - SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), + KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), + StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), + CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), + VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), + EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), + SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + MaximumNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_maximumNumberOfPartitions().UnwrapOr(nil)), + DefaultNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_defaultNumberOfPartitions().UnwrapOr(nil)), + PartitionSelector: func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + if input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil) == nil { + return nil + } + return PartitionSelector_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil).(AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector)) + }(), } } func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_writeVersion_FromDafny(input interface{}) int32 { diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go index a6de330ac..f08ef263a 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go @@ -518,6 +518,14 @@ func (input KeyStoreReference) Validate() error { return nil } +type PartitionSelectorReference struct { +} + +func (input PartitionSelectorReference) Validate() error { + + return nil +} + type StandardBeacon struct { Length int32 @@ -525,6 +533,8 @@ type StandardBeacon struct { Loc *string + NumberOfPartitions *int32 + Style BeaconStyle } @@ -540,6 +550,14 @@ func (input StandardBeacon) Validate() error { return fmt.Errorf("TerminalLocation has a minimum length of 1 but has the length of %d.", len(*input.Loc)) } } + if input.NumberOfPartitions != nil { + if *input.NumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.NumberOfPartitions) + } + if *input.NumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.NumberOfPartitions) + } + } if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_Validate() } @@ -781,8 +799,14 @@ type BeaconVersion struct { CompoundBeacons []CompoundBeacon + DefaultNumberOfPartitions *int32 + EncryptedParts []EncryptedPart + MaximumNumberOfPartitions *int32 + + PartitionSelector IPartitionSelector + SignedParts []SignedPart VirtualFields []VirtualField @@ -813,12 +837,28 @@ func (input BeaconVersion) Validate() error { if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_Validate() } + if input.DefaultNumberOfPartitions != nil { + if *input.DefaultNumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.DefaultNumberOfPartitions) + } + if *input.DefaultNumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.DefaultNumberOfPartitions) + } + } if len(input.EncryptedParts) < 1 { return fmt.Errorf("EncryptedPartsList has a minimum length of 1 but has the length of %d.", len(input.EncryptedParts)) } if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_Validate() } + if input.MaximumNumberOfPartitions != nil { + if *input.MaximumNumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.MaximumNumberOfPartitions) + } + if *input.MaximumNumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.MaximumNumberOfPartitions) + } + } if len(input.SignedParts) < 1 { return fmt.Errorf("SignedPartsList has a minimum length of 1 but has the length of %d.", len(input.SignedParts)) } @@ -1121,6 +1161,21 @@ func (input DynamoDbTablesEncryptionConfig) Aws_cryptography_dbEncryptionSdk_dyn return nil } +type GetPartitionNumberOutput struct { + PartitionNumber int32 +} + +func (input GetPartitionNumberOutput) Validate() error { + if input.PartitionNumber < 0 { + return fmt.Errorf("PartitionNumber has a minimum of 0 but has the value of %d.", input.PartitionNumber) + } + if input.PartitionNumber > 254 { + return fmt.Errorf("PartitionNumber has a maximum of 254 but has the value of %d.", input.PartitionNumber) + } + + return nil +} + type GetBranchKeyIdFromDdbKeyInput struct { DdbKey map[string]dynamodbtypes.AttributeValue } @@ -1248,6 +1303,143 @@ func (input GetBranchKeyIdFromDdbKeyInput) Aws_cryptography_dbEncryptionSdk_dyna return nil } +type GetPartitionNumberInput struct { + Item map[string]dynamodbtypes.AttributeValue + + LogicalTableName string + + NumberOfPartitions int32 +} + +func (input GetPartitionNumberInput) Validate() error { + if input.Item == nil { + return fmt.Errorf("input.Item is required but has a nil value.") + } + if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() != nil { + return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() + } + if input.NumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", input.NumberOfPartitions) + } + if input.NumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", input.NumberOfPartitions) + } + + return nil +} + +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeMap_value_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + case *dynamodbtypes.AttributeValueMemberL: + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + if input.Com_amazonaws_dynamodb_AttributeValue_M_Validate(unionType.Value) != nil { + return input.Com_amazonaws_dynamodb_AttributeValue_M_Validate(unionType.Value) + } + case *dynamodbtypes.AttributeValueMemberL: + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeValue_M_Validate(Value map[string]dynamodbtypes.AttributeValue) error { + for key, value := range Value { + if len(key) < 0 { + return fmt.Errorf("AttributeName has a minimum length of 0 but has the length of %d.", len(key)) + } + if len(key) > 65535 { + return fmt.Errorf("AttributeName has a maximum length of 65535 but has the length of %d.", len(key)) + } + if input.Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(value) != nil { + return input.Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(value) + } + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + case *dynamodbtypes.AttributeValueMemberL: + if input.Com_amazonaws_dynamodb_AttributeValue_L_Validate(unionType.Value) != nil { + return input.Com_amazonaws_dynamodb_AttributeValue_L_Validate(unionType.Value) + } + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeValue_L_Validate(Value []dynamodbtypes.AttributeValue) error { + for _, item := range Value { + if input.Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(item) != nil { + return input.Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(item) + } + } + + return nil +} +func (input GetPartitionNumberInput) Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() error { + for key, value := range input.Item { + if len(key) < 0 { + return fmt.Errorf("AttributeName has a minimum length of 0 but has the length of %d.", len(key)) + } + if len(key) > 65535 { + return fmt.Errorf("AttributeName has a maximum length of 65535 but has the length of %d.", len(key)) + } + if input.Com_amazonaws_dynamodb_AttributeMap_value_Validate(value) != nil { + return input.Com_amazonaws_dynamodb_AttributeMap_value_Validate(value) + } + } + + return nil +} + // BeaconKeySourceMembermulti // BeaconKeySourceMembersingle type BeaconKeySource interface { @@ -1389,3 +1581,7 @@ type IDynamoDbKeyBranchKeyIdSupplier interface { type ILegacyDynamoDbEncryptor interface { } + +type IPartitionSelector interface { + GetPartitionNumber(GetPartitionNumberInput) (*GetPartitionNumberOutput, error) +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go index 26e17d0bf..91e570554 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go @@ -593,3 +593,24 @@ func (client *Client) ResolveAttributes(ctx context.Context, params awscryptogra return &native_response, nil } + +func (client *Client) GetNumberOfQueries(ctx context.Context, params awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput) (*awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput, error) { + err := params.Validate() + if err != nil { + opaqueErr := awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.OpaqueError{ + ErrObject: err, + } + return nil, opaqueErr + } + + var dafny_request AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput = GetNumberOfQueriesInput_ToDafny(params) + var dafny_response = client.DafnyClient.GetNumberOfQueries(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = GetNumberOfQueriesOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput)) + return &native_response, nil + +} diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go index d1ef9532b..70b5c66fc 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go @@ -275,6 +275,24 @@ func GetItemOutputTransformOutput_ToDafny(nativeOutput awscryptographydbencrypti } +func GetNumberOfQueriesInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Companion_GetNumberOfQueriesInput_.Create_GetNumberOfQueriesInput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_ToDafny(nativeInput.Input)) + }() + +} + +func GetNumberOfQueriesOutput_ToDafny(nativeOutput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Companion_GetNumberOfQueriesOutput_.Create_GetNumberOfQueriesOutput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_ToDafny(nativeOutput.NumberOfQueries)) + }() + +} + func PutItemInputTransformInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput { return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput { @@ -825,6 +843,20 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetItemOutputTransform }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_ToDafny(input dynamodb.QueryInput) ComAmazonawsDynamodbTypes.QueryInput { + return func() ComAmazonawsDynamodbTypes.QueryInput { + + return ComAmazonawsDynamodbTypes.Companion_QueryInput_.Create_QueryInput_(comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_TableName_ToDafny(input.TableName), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_IndexName_ToDafny(input.IndexName), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Select_ToDafny(input.Select), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_AttributesToGet_ToDafny(input.AttributesToGet), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Limit_ToDafny(input.Limit), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConsistentRead_ToDafny(input.ConsistentRead), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditions_ToDafny(input.KeyConditions), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_QueryFilter_ToDafny(input.QueryFilter), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConditionalOperator_ToDafny(input.ConditionalOperator), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ScanIndexForward_ToDafny(input.ScanIndexForward), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExclusiveStartKey_ToDafny(input.ExclusiveStartKey), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ReturnConsumedCapacity_ToDafny(input.ReturnConsumedCapacity), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ProjectionExpression_ToDafny(input.ProjectionExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_FilterExpression_ToDafny(input.FilterExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditionExpression_ToDafny(input.KeyConditionExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeNames_ToDafny(input.ExpressionAttributeNames), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeValues_ToDafny(input.ExpressionAttributeValues)) + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_ToDafny(input dynamodb.PutItemInput) ComAmazonawsDynamodbTypes.PutItemInput { return func() ComAmazonawsDynamodbTypes.PutItemInput { diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go index 07f78db78..0682e386d 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go @@ -199,6 +199,18 @@ func GetItemOutputTransformOutput_FromDafny(dafnyOutput AwsCryptographyDbEncrypt } +func GetNumberOfQueriesInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput { + + return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput{Input: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_FromDafny(dafnyInput.Dtor_input())} + +} + +func GetNumberOfQueriesOutput_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput { + + return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput{NumberOfQueries: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_FromDafny(dafnyOutput.Dtor_numberOfQueries())} + +} + func PutItemInputTransformInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput { return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput{SdkInput: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_FromDafny(dafnyInput.Dtor_sdkInput())} @@ -686,6 +698,32 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetItemOutputTransform ConsumedCapacity: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_GetItemOutput_ConsumedCapacity_FromDafny(input.(ComAmazonawsDynamodbTypes.GetItemOutput).Dtor_ConsumedCapacity().UnwrapOr(nil)), } } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_FromDafny(input interface{}) dynamodb.QueryInput { + return dynamodb.QueryInput{TableName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_TableName_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_TableName()), + IndexName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_IndexName_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_IndexName().UnwrapOr(nil)), + Select: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Select_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_Select().UnwrapOr(nil)), + AttributesToGet: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_AttributesToGet_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_AttributesToGet().UnwrapOr(nil)), + Limit: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Limit_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_Limit().UnwrapOr(nil)), + ConsistentRead: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConsistentRead_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ConsistentRead().UnwrapOr(nil)), + KeyConditions: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditions_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_KeyConditions().UnwrapOr(nil)), + QueryFilter: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_QueryFilter_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_QueryFilter().UnwrapOr(nil)), + ConditionalOperator: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConditionalOperator_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ConditionalOperator().UnwrapOr(nil)), + ScanIndexForward: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ScanIndexForward_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ScanIndexForward().UnwrapOr(nil)), + ExclusiveStartKey: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExclusiveStartKey_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExclusiveStartKey().UnwrapOr(nil)), + ReturnConsumedCapacity: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ReturnConsumedCapacity_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ReturnConsumedCapacity().UnwrapOr(nil)), + ProjectionExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ProjectionExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ProjectionExpression().UnwrapOr(nil)), + FilterExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_FilterExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_FilterExpression().UnwrapOr(nil)), + KeyConditionExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditionExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_KeyConditionExpression().UnwrapOr(nil)), + ExpressionAttributeNames: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeNames_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExpressionAttributeNames().UnwrapOr(nil)), + ExpressionAttributeValues: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeValues_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExpressionAttributeValues().UnwrapOr(nil)), + } +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_FromDafny(input interface{}) dynamodb.PutItemInput { return dynamodb.PutItemInput{TableName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_PutItemInput_TableName_FromDafny(input.(ComAmazonawsDynamodbTypes.PutItemInput).Dtor_TableName()), Item: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_PutItemInput_Item_FromDafny(input.(ComAmazonawsDynamodbTypes.PutItemInput).Dtor_Item()), diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go index 55c7f111b..300fcd526 100644 --- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go +++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go @@ -9,6 +9,21 @@ import ( dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" ) +type GetNumberOfQueriesOutput struct { + NumberOfQueries int32 +} + +func (input GetNumberOfQueriesOutput) Validate() error { + if input.NumberOfQueries < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", input.NumberOfQueries) + } + if input.NumberOfQueries > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", input.NumberOfQueries) + } + + return nil +} + type ResolveAttributesOutput struct { CompoundBeacons map[string]string @@ -522,6 +537,15 @@ func (input PutItemInputTransformOutput) Validate() error { return nil } +type GetNumberOfQueriesInput struct { + Input dynamodb.QueryInput +} + +func (input GetNumberOfQueriesInput) Validate() error { + + return nil +} + type QueryInputTransformInput struct { SdkInput dynamodb.QueryInput } diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go index f8d6de5be..83ed5de4c 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/WrappedAwsCryptographyDbEncryptionSdkDynamoDbTransformsService/shim.go @@ -267,3 +267,12 @@ func (shim *Shim) ResolveAttributes(input AwsCryptographyDbEncryptionSdkDynamoDb } return Wrappers.Companion_Result_.Create_Success_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.ResolveAttributesOutput_ToDafny(*native_response)) } + +func (shim *Shim) GetNumberOfQueries(input AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput) Wrappers.Result { + var native_request = awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.GetNumberOfQueriesInput_FromDafny(input) + var native_response, native_error = shim.client.GetNumberOfQueries(context.Background(), native_request) + if native_error != nil { + return Wrappers.Companion_Result_.Create_Failure_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.Error_ToDafny(native_error)) + } + return Wrappers.Companion_Result_.Create_Success_(awscryptographydbencryptionsdkdynamodbtransformssmithygenerated.GetNumberOfQueriesOutput_ToDafny(*native_response)) +} diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go new file mode 100644 index 000000000..d33e31b98 --- /dev/null +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/PartitionSelector.go @@ -0,0 +1,25 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package awscryptographydbencryptionsdkdynamodbsmithygenerated + +import ( + "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/AwsCryptographyDbEncryptionSdkDynamoDbTypes" + "github.com/aws/aws-database-encryption-sdk-dynamodb/releases/go/dynamodb-esdk/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes" +) + +type PartitionSelector struct { + Impl AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector +} + +func (this *PartitionSelector) GetPartitionNumber(params awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput) (*awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput, error) { + var dafny_request AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput = GetPartitionNumberInput_ToDafny(params) + var dafny_response = this.Impl.GetPartitionNumber(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = GetPartitionNumberOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput)) + return &native_response, nil + +} diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go index 0d502826c..bc3c29512 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_dafny.go @@ -96,6 +96,29 @@ func LegacyDynamoDbEncryptor_ToDafny(nativeResource awscryptographydbencryptions } +func GetPartitionNumberInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput) AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_GetPartitionNumberInput_.Create_GetPartitionNumberInput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_ToDafny(nativeInput.Item), Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_ToDafny(nativeInput.NumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_ToDafny(nativeInput.LogicalTableName)) + }() + +} + +func GetPartitionNumberOutput_ToDafny(nativeOutput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput) AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_GetPartitionNumberOutput_.Create_GetPartitionNumberOutput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_ToDafny(nativeOutput.PartitionNumber)) + }() + +} + +func PartitionSelector_ToDafny(nativeResource awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector) AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector { + return nativeResource.(*PartitionSelector).Impl + +} + func DynamoDbEncryptionException_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException) AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error { @@ -308,7 +331,7 @@ func CompoundBeacon_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsm func StandardBeacon_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon) AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(nativeInput.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(nativeInput.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(nativeInput.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(nativeInput.Style)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(nativeInput.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(nativeInput.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(nativeInput.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(nativeInput.Style), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(nativeInput.NumberOfPartitions)) }() } @@ -432,7 +455,12 @@ func VirtualField_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmit func BeaconVersion_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion) AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(nativeInput.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(nativeInput.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(nativeInput.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(nativeInput.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(nativeInput.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(nativeInput.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(nativeInput.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(nativeInput.SignedParts)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(nativeInput.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(nativeInput.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(nativeInput.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(nativeInput.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(nativeInput.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(nativeInput.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(nativeInput.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(nativeInput.SignedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(nativeInput.MaximumNumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(nativeInput.DefaultNumberOfPartitions), func() Wrappers.Option { + if (nativeInput.PartitionSelector) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(PartitionSelector_ToDafny(nativeInput.PartitionSelector)) + }()) }() } @@ -669,6 +697,43 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetBranchKeyIdFromDdbKeyOutput_br }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_ToDafny(input map[string]dynamodbtypes.AttributeValue) dafny.Map { + return func() dafny.Map { + fieldValue := dafny.NewMapBuilder() + for key, val := range input { + fieldValue.Add(comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_key_ToDafny(key), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_value_ToDafny(val)) + } + return fieldValue.ToMap() + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_ToDafny(input string) dafny.Sequence { + return func() dafny.Sequence { + + return func() dafny.Sequence { + res, err := UTF8.DecodeFromNativeGoByteArray([]byte(input)) + if err != nil { + panic("invalid utf8 input provided") + } + return res + }() + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_ToDafny(input string) dafny.Sequence { return func() dafny.Sequence { @@ -1147,6 +1212,15 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(inpu }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_Insert_literal_ToDafny(input string) dafny.Sequence { return func() dafny.Sequence { @@ -1428,7 +1502,7 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToD func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeaconList_member_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon) AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(input.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(input.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(input.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(input.Style)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_StandardBeacon_.Create_StandardBeacon_(Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_ToDafny(input.Name), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_ToDafny(input.Length), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_ToDafny(input.Loc), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_ToDafny(input.Style), Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_ToDafny(input.NumberOfPartitions)) }() } @@ -1502,6 +1576,24 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(input *int32) Wrappers.Option { + return func() Wrappers.Option { + if input == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(*input) + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_LegacyOverride_policy_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy) AwsCryptographyDbEncryptionSdkDynamoDbTypes.LegacyPolicy { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.LegacyPolicy { @@ -1617,7 +1709,12 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_versions_ToDafny(inp func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersionList_member_ToDafny(input awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion) AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { return func() AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion { - return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(input.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(input.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(input.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(input.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(input.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(input.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(input.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(input.SignedParts)) + return AwsCryptographyDbEncryptionSdkDynamoDbTypes.Companion_BeaconVersion_.Create_BeaconVersion_(Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_ToDafny(input.Version), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_ToDafny(input.KeyStore), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_ToDafny(input.KeySource), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_ToDafny(input.StandardBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_ToDafny(input.CompoundBeacons), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_ToDafny(input.VirtualFields), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_ToDafny(input.EncryptedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_ToDafny(input.SignedParts), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_ToDafny(input.MaximumNumberOfPartitions), Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_ToDafny(input.DefaultNumberOfPartitions), func() Wrappers.Option { + if (input.PartitionSelector) == nil { + return Wrappers.Companion_Option_.Create_None_() + } + return Wrappers.Companion_Option_.Create_Some_(PartitionSelector_ToDafny(input.PartitionSelector)) + }()) }() } diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go index edd510e8a..0cf6888cb 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go @@ -75,6 +75,26 @@ func LegacyDynamoDbEncryptor_FromDafny(dafnyResource AwsCryptographyDbEncryption return &LegacyDynamoDbEncryptor{dafnyResource} } +func GetPartitionNumberInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberInput) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput { + + return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberInput{Item: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_FromDafny(dafnyInput.Dtor_item()), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_FromDafny(dafnyInput.Dtor_numberOfPartitions()), + LogicalTableName: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_FromDafny(dafnyInput.Dtor_logicalTableName()), + } + +} + +func GetPartitionNumberOutput_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTypes.GetPartitionNumberOutput) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput { + + return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.GetPartitionNumberOutput{PartitionNumber: Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_FromDafny(dafnyOutput.Dtor_partitionNumber())} + +} + +func PartitionSelector_FromDafny(dafnyResource AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + + return &PartitionSelector{dafnyResource} +} + func DynamoDbEncryptionException_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTypes.Error) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.DynamoDbEncryptionException{Message: Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_FromDafny(dafnyOutput.Dtor_message())} @@ -275,9 +295,10 @@ func CompoundBeacon_FromDafny(input interface{}) awscryptographydbencryptionsdkd func StandardBeacon_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon{Name: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_name()), - Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), - Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), - Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), + Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), + Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_numberOfPartitions().UnwrapOr(nil)), } } @@ -401,13 +422,21 @@ func VirtualField_FromDafny(input interface{}) awscryptographydbencryptionsdkdyn func BeaconVersion_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion{Version: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_version()), - KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), - KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), - StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), - CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), - VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), - EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), - SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), + KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), + StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), + CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), + VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), + EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), + SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + MaximumNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_maximumNumberOfPartitions().UnwrapOr(nil)), + DefaultNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_defaultNumberOfPartitions().UnwrapOr(nil)), + PartitionSelector: func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + if input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil) == nil { + return nil + } + return PartitionSelector_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil).(AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector)) + }(), } } @@ -634,6 +663,42 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetBranchKeyIdFromDdbKeyOutput_br return s }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_FromDafny(input interface{}) map[string]dynamodbtypes.AttributeValue { + var m map[string]dynamodbtypes.AttributeValue = make(map[string]dynamodbtypes.AttributeValue) + if input == nil { + return nil + } + for i := dafny.Iterate(input.(dafny.Map).Items()); ; { + val, ok := i() + if !ok { + break + } + m[comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_key_FromDafny((*val.(dafny.Tuple).IndexInt(0)))] = comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_AttributeMap_value_FromDafny((*val.(dafny.Tuple).IndexInt(1))) + } + return m + +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_numberOfPartitions_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_logicalTableName_FromDafny(input interface{}) string { + return func() string { + + a := UTF8.Encode(input.(dafny.Sequence)).Dtor_value() + s := string(dafny.ToByteArray(a.(dafny.Sequence))) + + return s + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberOutput_partitionNumber_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_DynamoDbEncryptionException_message_FromDafny(input interface{}) string { return func() string { @@ -1044,6 +1109,16 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(in return union } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_Insert_literal_FromDafny(input interface{}) string { return func() string { @@ -1293,9 +1368,10 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_Fro } func Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeaconList_member_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.StandardBeacon{Name: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_name_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_name()), - Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), - Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), - Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + Length: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_length_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_length()), + Loc: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_loc_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_loc().UnwrapOr(nil)), + Style: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_style().UnwrapOr(nil)), + NumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_numberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.StandardBeacon).Dtor_numberOfPartitions().UnwrapOr(nil)), } } func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input interface{}) []awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.CompoundBeacon { @@ -1367,6 +1443,26 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDaf } return fieldValue } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input interface{}) *int32 { + return func() *int32 { + var b int32 + if input == nil { + return nil + } + b = input.(int32) + return &b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_LegacyOverride_policy_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy { return func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy { var u awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.LegacyPolicy @@ -1461,13 +1557,21 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_versions_FromDafny(i } func Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersionList_member_FromDafny(input interface{}) awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion { return awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.BeaconVersion{Version: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_version_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_version()), - KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), - KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), - StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), - CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), - VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), - EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), - SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + KeyStore: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keyStore_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keyStore()), + KeySource: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_keySource_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_keySource()), + StandardBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_standardBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_standardBeacons()), + CompoundBeacons: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_compoundBeacons().UnwrapOr(nil)), + VirtualFields: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_virtualFields_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_virtualFields().UnwrapOr(nil)), + EncryptedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_encryptedParts().UnwrapOr(nil)), + SignedParts: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_signedParts_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_signedParts().UnwrapOr(nil)), + MaximumNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_maximumNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_maximumNumberOfPartitions().UnwrapOr(nil)), + DefaultNumberOfPartitions: Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_defaultNumberOfPartitions_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_defaultNumberOfPartitions().UnwrapOr(nil)), + PartitionSelector: func() awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes.IPartitionSelector { + if input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil) == nil { + return nil + } + return PartitionSelector_FromDafny(input.(AwsCryptographyDbEncryptionSdkDynamoDbTypes.BeaconVersion).Dtor_partitionSelector().UnwrapOr(nil).(AwsCryptographyDbEncryptionSdkDynamoDbTypes.IPartitionSelector)) + }(), } } func Aws_cryptography_dbEncryptionSdk_dynamoDb_SearchConfig_writeVersion_FromDafny(input interface{}) int32 { diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go index 9ddc029af..4afc5d5b2 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygeneratedtypes/types.go @@ -518,6 +518,14 @@ func (input KeyStoreReference) Validate() error { return nil } +type PartitionSelectorReference struct { +} + +func (input PartitionSelectorReference) Validate() error { + + return nil +} + type StandardBeacon struct { Length int32 @@ -525,6 +533,8 @@ type StandardBeacon struct { Loc *string + NumberOfPartitions *int32 + Style BeaconStyle } @@ -540,6 +550,14 @@ func (input StandardBeacon) Validate() error { return fmt.Errorf("TerminalLocation has a minimum length of 1 but has the length of %d.", len(*input.Loc)) } } + if input.NumberOfPartitions != nil { + if *input.NumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.NumberOfPartitions) + } + if *input.NumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.NumberOfPartitions) + } + } if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_StandardBeacon_style_Validate() } @@ -781,8 +799,14 @@ type BeaconVersion struct { CompoundBeacons []CompoundBeacon + DefaultNumberOfPartitions *int32 + EncryptedParts []EncryptedPart + MaximumNumberOfPartitions *int32 + + PartitionSelector IPartitionSelector + SignedParts []SignedPart VirtualFields []VirtualField @@ -813,12 +837,28 @@ func (input BeaconVersion) Validate() error { if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_compoundBeacons_Validate() } + if input.DefaultNumberOfPartitions != nil { + if *input.DefaultNumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.DefaultNumberOfPartitions) + } + if *input.DefaultNumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.DefaultNumberOfPartitions) + } + } if len(input.EncryptedParts) < 1 { return fmt.Errorf("EncryptedPartsList has a minimum length of 1 but has the length of %d.", len(input.EncryptedParts)) } if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_Validate() != nil { return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_BeaconVersion_encryptedParts_Validate() } + if input.MaximumNumberOfPartitions != nil { + if *input.MaximumNumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", *input.MaximumNumberOfPartitions) + } + if *input.MaximumNumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", *input.MaximumNumberOfPartitions) + } + } if len(input.SignedParts) < 1 { return fmt.Errorf("SignedPartsList has a minimum length of 1 but has the length of %d.", len(input.SignedParts)) } @@ -1121,6 +1161,21 @@ func (input DynamoDbTablesEncryptionConfig) Aws_cryptography_dbEncryptionSdk_dyn return nil } +type GetPartitionNumberOutput struct { + PartitionNumber int32 +} + +func (input GetPartitionNumberOutput) Validate() error { + if input.PartitionNumber < 0 { + return fmt.Errorf("PartitionNumber has a minimum of 0 but has the value of %d.", input.PartitionNumber) + } + if input.PartitionNumber > 254 { + return fmt.Errorf("PartitionNumber has a maximum of 254 but has the value of %d.", input.PartitionNumber) + } + + return nil +} + type GetBranchKeyIdFromDdbKeyInput struct { DdbKey map[string]dynamodbtypes.AttributeValue } @@ -1248,6 +1303,143 @@ func (input GetBranchKeyIdFromDdbKeyInput) Aws_cryptography_dbEncryptionSdk_dyna return nil } +type GetPartitionNumberInput struct { + Item map[string]dynamodbtypes.AttributeValue + + LogicalTableName string + + NumberOfPartitions int32 +} + +func (input GetPartitionNumberInput) Validate() error { + if input.Item == nil { + return fmt.Errorf("input.Item is required but has a nil value.") + } + if input.Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() != nil { + return input.Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() + } + if input.NumberOfPartitions < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", input.NumberOfPartitions) + } + if input.NumberOfPartitions > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", input.NumberOfPartitions) + } + + return nil +} + +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeMap_value_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + case *dynamodbtypes.AttributeValueMemberL: + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + if input.Com_amazonaws_dynamodb_AttributeValue_M_Validate(unionType.Value) != nil { + return input.Com_amazonaws_dynamodb_AttributeValue_M_Validate(unionType.Value) + } + case *dynamodbtypes.AttributeValueMemberL: + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeValue_M_Validate(Value map[string]dynamodbtypes.AttributeValue) error { + for key, value := range Value { + if len(key) < 0 { + return fmt.Errorf("AttributeName has a minimum length of 0 but has the length of %d.", len(key)) + } + if len(key) > 65535 { + return fmt.Errorf("AttributeName has a maximum length of 65535 but has the length of %d.", len(key)) + } + if input.Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(value) != nil { + return input.Com_amazonaws_dynamodb_MapAttributeValue_value_Validate(value) + } + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(Value dynamodbtypes.AttributeValue) error { + if Value == nil { + return nil + } + switch unionType := Value.(type) { + case *dynamodbtypes.AttributeValueMemberS: + case *dynamodbtypes.AttributeValueMemberN: + case *dynamodbtypes.AttributeValueMemberB: + case *dynamodbtypes.AttributeValueMemberSS: + case *dynamodbtypes.AttributeValueMemberNS: + case *dynamodbtypes.AttributeValueMemberBS: + case *dynamodbtypes.AttributeValueMemberM: + case *dynamodbtypes.AttributeValueMemberL: + if input.Com_amazonaws_dynamodb_AttributeValue_L_Validate(unionType.Value) != nil { + return input.Com_amazonaws_dynamodb_AttributeValue_L_Validate(unionType.Value) + } + case *dynamodbtypes.AttributeValueMemberNULL: + case *dynamodbtypes.AttributeValueMemberBOOL: + // Default case should not be reached. + default: + panic(fmt.Sprintf("Unhandled union type: %T ", unionType)) + } + + return nil +} +func (input GetPartitionNumberInput) Com_amazonaws_dynamodb_AttributeValue_L_Validate(Value []dynamodbtypes.AttributeValue) error { + for _, item := range Value { + if input.Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(item) != nil { + return input.Com_amazonaws_dynamodb_ListAttributeValue_member_Validate(item) + } + } + + return nil +} +func (input GetPartitionNumberInput) Aws_cryptography_dbEncryptionSdk_dynamoDb_GetPartitionNumberInput_item_Validate() error { + for key, value := range input.Item { + if len(key) < 0 { + return fmt.Errorf("AttributeName has a minimum length of 0 but has the length of %d.", len(key)) + } + if len(key) > 65535 { + return fmt.Errorf("AttributeName has a maximum length of 65535 but has the length of %d.", len(key)) + } + if input.Com_amazonaws_dynamodb_AttributeMap_value_Validate(value) != nil { + return input.Com_amazonaws_dynamodb_AttributeMap_value_Validate(value) + } + } + + return nil +} + // BeaconKeySourceMembermulti // BeaconKeySourceMembersingle type BeaconKeySource interface { @@ -1389,3 +1581,7 @@ type IDynamoDbKeyBranchKeyIdSupplier interface { type ILegacyDynamoDbEncryptor interface { } + +type IPartitionSelector interface { + GetPartitionNumber(GetPartitionNumberInput) (*GetPartitionNumberOutput, error) +} diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go index 26e17d0bf..91e570554 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/api_client.go @@ -593,3 +593,24 @@ func (client *Client) ResolveAttributes(ctx context.Context, params awscryptogra return &native_response, nil } + +func (client *Client) GetNumberOfQueries(ctx context.Context, params awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput) (*awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput, error) { + err := params.Validate() + if err != nil { + opaqueErr := awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.OpaqueError{ + ErrObject: err, + } + return nil, opaqueErr + } + + var dafny_request AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput = GetNumberOfQueriesInput_ToDafny(params) + var dafny_response = client.DafnyClient.GetNumberOfQueries(dafny_request) + + if dafny_response.Is_Failure() { + err := dafny_response.Dtor_error().(AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Error) + return nil, Error_FromDafny(err) + } + var native_response = GetNumberOfQueriesOutput_FromDafny(dafny_response.Dtor_value().(AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput)) + return &native_response, nil + +} diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go index d1ef9532b..70b5c66fc 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_dafny.go @@ -275,6 +275,24 @@ func GetItemOutputTransformOutput_ToDafny(nativeOutput awscryptographydbencrypti } +func GetNumberOfQueriesInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Companion_GetNumberOfQueriesInput_.Create_GetNumberOfQueriesInput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_ToDafny(nativeInput.Input)) + }() + +} + +func GetNumberOfQueriesOutput_ToDafny(nativeOutput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput { + + return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput { + + return AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.Companion_GetNumberOfQueriesOutput_.Create_GetNumberOfQueriesOutput_(Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_ToDafny(nativeOutput.NumberOfQueries)) + }() + +} + func PutItemInputTransformInput_ToDafny(nativeInput awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput) AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput { return func() AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput { @@ -825,6 +843,20 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetItemOutputTransform }() } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_ToDafny(input dynamodb.QueryInput) ComAmazonawsDynamodbTypes.QueryInput { + return func() ComAmazonawsDynamodbTypes.QueryInput { + + return ComAmazonawsDynamodbTypes.Companion_QueryInput_.Create_QueryInput_(comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_TableName_ToDafny(input.TableName), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_IndexName_ToDafny(input.IndexName), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Select_ToDafny(input.Select), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_AttributesToGet_ToDafny(input.AttributesToGet), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Limit_ToDafny(input.Limit), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConsistentRead_ToDafny(input.ConsistentRead), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditions_ToDafny(input.KeyConditions), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_QueryFilter_ToDafny(input.QueryFilter), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConditionalOperator_ToDafny(input.ConditionalOperator), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ScanIndexForward_ToDafny(input.ScanIndexForward), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExclusiveStartKey_ToDafny(input.ExclusiveStartKey), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ReturnConsumedCapacity_ToDafny(input.ReturnConsumedCapacity), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ProjectionExpression_ToDafny(input.ProjectionExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_FilterExpression_ToDafny(input.FilterExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditionExpression_ToDafny(input.KeyConditionExpression), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeNames_ToDafny(input.ExpressionAttributeNames), comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeValues_ToDafny(input.ExpressionAttributeValues)) + }() +} + +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_ToDafny(input int32) int32 { + return func() int32 { + + return input + }() +} + func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_ToDafny(input dynamodb.PutItemInput) ComAmazonawsDynamodbTypes.PutItemInput { return func() ComAmazonawsDynamodbTypes.PutItemInput { diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go index 07f78db78..0682e386d 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygenerated/to_native.go @@ -199,6 +199,18 @@ func GetItemOutputTransformOutput_FromDafny(dafnyOutput AwsCryptographyDbEncrypt } +func GetNumberOfQueriesInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesInput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput { + + return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesInput{Input: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_FromDafny(dafnyInput.Dtor_input())} + +} + +func GetNumberOfQueriesOutput_FromDafny(dafnyOutput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.GetNumberOfQueriesOutput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput { + + return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.GetNumberOfQueriesOutput{NumberOfQueries: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_FromDafny(dafnyOutput.Dtor_numberOfQueries())} + +} + func PutItemInputTransformInput_FromDafny(dafnyInput AwsCryptographyDbEncryptionSdkDynamoDbTransformsTypes.PutItemInputTransformInput) awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput { return awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes.PutItemInputTransformInput{SdkInput: Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_FromDafny(dafnyInput.Dtor_sdkInput())} @@ -686,6 +698,32 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetItemOutputTransform ConsumedCapacity: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_GetItemOutput_ConsumedCapacity_FromDafny(input.(ComAmazonawsDynamodbTypes.GetItemOutput).Dtor_ConsumedCapacity().UnwrapOr(nil)), } } +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesInput_input_FromDafny(input interface{}) dynamodb.QueryInput { + return dynamodb.QueryInput{TableName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_TableName_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_TableName()), + IndexName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_IndexName_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_IndexName().UnwrapOr(nil)), + Select: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Select_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_Select().UnwrapOr(nil)), + AttributesToGet: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_AttributesToGet_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_AttributesToGet().UnwrapOr(nil)), + Limit: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_Limit_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_Limit().UnwrapOr(nil)), + ConsistentRead: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConsistentRead_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ConsistentRead().UnwrapOr(nil)), + KeyConditions: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditions_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_KeyConditions().UnwrapOr(nil)), + QueryFilter: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_QueryFilter_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_QueryFilter().UnwrapOr(nil)), + ConditionalOperator: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ConditionalOperator_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ConditionalOperator().UnwrapOr(nil)), + ScanIndexForward: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ScanIndexForward_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ScanIndexForward().UnwrapOr(nil)), + ExclusiveStartKey: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExclusiveStartKey_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExclusiveStartKey().UnwrapOr(nil)), + ReturnConsumedCapacity: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ReturnConsumedCapacity_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ReturnConsumedCapacity().UnwrapOr(nil)), + ProjectionExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ProjectionExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ProjectionExpression().UnwrapOr(nil)), + FilterExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_FilterExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_FilterExpression().UnwrapOr(nil)), + KeyConditionExpression: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_KeyConditionExpression_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_KeyConditionExpression().UnwrapOr(nil)), + ExpressionAttributeNames: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeNames_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExpressionAttributeNames().UnwrapOr(nil)), + ExpressionAttributeValues: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_QueryInput_ExpressionAttributeValues_FromDafny(input.(ComAmazonawsDynamodbTypes.QueryInput).Dtor_ExpressionAttributeValues().UnwrapOr(nil)), + } +} +func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_GetNumberOfQueriesOutput_numberOfQueries_FromDafny(input interface{}) int32 { + return func() int32 { + var b = input.(int32) + return b + }() +} func Aws_cryptography_dbEncryptionSdk_dynamoDb_transforms_PutItemInputTransformInput_sdkInput_FromDafny(input interface{}) dynamodb.PutItemInput { return dynamodb.PutItemInput{TableName: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_PutItemInput_TableName_FromDafny(input.(ComAmazonawsDynamodbTypes.PutItemInput).Dtor_TableName()), Item: comamazonawsdynamodbsmithygenerated.Com_amazonaws_dynamodb_PutItemInput_Item_FromDafny(input.(ComAmazonawsDynamodbTypes.PutItemInput).Dtor_Item()), diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go index 55c7f111b..300fcd526 100644 --- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go +++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbtransformssmithygeneratedtypes/types.go @@ -9,6 +9,21 @@ import ( dynamodbtypes "github.com/aws/aws-sdk-go-v2/service/dynamodb/types" ) +type GetNumberOfQueriesOutput struct { + NumberOfQueries int32 +} + +func (input GetNumberOfQueriesOutput) Validate() error { + if input.NumberOfQueries < 1 { + return fmt.Errorf("PartitionCount has a minimum of 1 but has the value of %d.", input.NumberOfQueries) + } + if input.NumberOfQueries > 255 { + return fmt.Errorf("PartitionCount has a maximum of 255 but has the value of %d.", input.NumberOfQueries) + } + + return nil +} + type ResolveAttributesOutput struct { CompoundBeacons map[string]string @@ -522,6 +537,15 @@ func (input PutItemInputTransformOutput) Validate() error { return nil } +type GetNumberOfQueriesInput struct { + Input dynamodb.QueryInput +} + +func (input GetNumberOfQueriesInput) Validate() error { + + return nil +} + type QueryInputTransformInput struct { SdkInput dynamodb.QueryInput } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/IPartitionSelector.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/IPartitionSelector.java new file mode 100644 index 000000000..278c1f5d2 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/IPartitionSelector.java @@ -0,0 +1,11 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb; + +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberOutput; + +public interface IPartitionSelector { + GetPartitionNumberOutput GetPartitionNumber(GetPartitionNumberInput input); +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/PartitionSelector.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/PartitionSelector.java new file mode 100644 index 000000000..7f043b704 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/PartitionSelector.java @@ -0,0 +1,69 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb; + +import Wrappers_Compile.Result; +import java.lang.IllegalArgumentException; +import java.util.Objects; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.Error; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberOutput; + +public final class PartitionSelector implements IPartitionSelector { + + private final software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector _impl; + + private PartitionSelector( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector iPartitionSelector + ) { + Objects.requireNonNull( + iPartitionSelector, + "Missing value for required argument `iPartitionSelector`" + ); + this._impl = iPartitionSelector; + } + + public static PartitionSelector wrap( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector iPartitionSelector + ) { + return new PartitionSelector(iPartitionSelector); + } + + public static PartitionSelector wrap( + I iPartitionSelector + ) { + Objects.requireNonNull( + iPartitionSelector, + "Missing value for required argument `iPartitionSelector`" + ); + if ( + iPartitionSelector instanceof + software.amazon.cryptography.dbencryptionsdk.dynamodb.PartitionSelector + ) { + return ((PartitionSelector) iPartitionSelector); + } + throw new IllegalArgumentException( + "Custom implementations of software.amazon.cryptography.dbencryptionsdk.dynamodb.IPartitionSelector are NOT supported at this time." + ); + } + + public software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector impl() { + return this._impl; + } + + public GetPartitionNumberOutput GetPartitionNumber( + GetPartitionNumberInput input + ) { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput dafnyValue = + ToDafny.GetPartitionNumberInput(input); + Result< + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput, + Error + > result = this._impl.GetPartitionNumber(dafnyValue); + if (result.is_Failure()) { + throw ToNative.Error(result.dtor_error()); + } + return ToNative.GetPartitionNumberOutput(result.dtor_value()); + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToDafny.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToDafny.java index def56ee72..1e1d7bc6e 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToDafny.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToDafny.java @@ -37,6 +37,8 @@ import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetEncryptedDataKeyDescriptionUnion; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetSegment; import software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetSegments; @@ -180,6 +182,38 @@ public static BeaconVersion BeaconVersion( : Option.create_None( DafnySequence._typeDescriptor(SignedPart._typeDescriptor()) ); + Option maximumNumberOfPartitions; + maximumNumberOfPartitions = + Objects.nonNull(nativeValue.maximumNumberOfPartitions()) + ? Option.create_Some( + TypeDescriptor.INT, + (nativeValue.maximumNumberOfPartitions()) + ) + : Option.create_None(TypeDescriptor.INT); + Option defaultNumberOfPartitions; + defaultNumberOfPartitions = + Objects.nonNull(nativeValue.defaultNumberOfPartitions()) + ? Option.create_Some( + TypeDescriptor.INT, + (nativeValue.defaultNumberOfPartitions()) + ) + : Option.create_None(TypeDescriptor.INT); + Option< + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector + > partitionSelector; + partitionSelector = + Objects.nonNull(nativeValue.partitionSelector()) + ? Option.create_Some( + TypeDescriptor.reference( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector.class + ), + ToDafny.PartitionSelector(nativeValue.partitionSelector()) + ) + : Option.create_None( + TypeDescriptor.reference( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector.class + ) + ); return new BeaconVersion( version, keyStore, @@ -188,7 +222,10 @@ public static BeaconVersion BeaconVersion( compoundBeacons, virtualFields, encryptedParts, - signedParts + signedParts, + maximumNumberOfPartitions, + defaultNumberOfPartitions, + partitionSelector ); } @@ -557,6 +594,39 @@ public static GetEncryptedDataKeyDescriptionOutput GetEncryptedDataKeyDescriptio ); } + public static GetPartitionNumberInput GetPartitionNumberInput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberInput nativeValue + ) { + DafnyMap< + ? extends DafnySequence, + ? extends AttributeValue + > item; + item = + software.amazon.cryptography.services.dynamodb.internaldafny.ToDafny.AttributeMap( + nativeValue.item() + ); + Integer numberOfPartitions; + numberOfPartitions = (nativeValue.numberOfPartitions()); + DafnySequence logicalTableName; + logicalTableName = + software.amazon.smithy.dafny.conversion.ToDafny.Simple.CharacterSequence( + nativeValue.logicalTableName() + ); + return new GetPartitionNumberInput( + item, + numberOfPartitions, + logicalTableName + ); + } + + public static GetPartitionNumberOutput GetPartitionNumberOutput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberOutput nativeValue + ) { + Integer partitionNumber; + partitionNumber = (nativeValue.partitionNumber()); + return new GetPartitionNumberOutput(partitionNumber); + } + public static GetPrefix GetPrefix( software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPrefix nativeValue ) { @@ -825,7 +895,15 @@ public static StandardBeacon StandardBeacon( ToDafny.BeaconStyle(nativeValue.style()) ) : Option.create_None(BeaconStyle._typeDescriptor()); - return new StandardBeacon(name, length, loc, style); + Option numberOfPartitions; + numberOfPartitions = + Objects.nonNull(nativeValue.numberOfPartitions()) + ? Option.create_Some( + TypeDescriptor.INT, + (nativeValue.numberOfPartitions()) + ) + : Option.create_None(TypeDescriptor.INT); + return new StandardBeacon(name, length, loc, style, numberOfPartitions); } public static Upper Upper( @@ -1225,6 +1303,12 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn return LegacyDynamoDbEncryptor.wrap(nativeValue).impl(); } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector PartitionSelector( + IPartitionSelector nativeValue + ) { + return PartitionSelector.wrap(nativeValue).impl(); + } + public static IDynamoDbEncryptionClient DynamoDbEncryption( DynamoDbEncryption nativeValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToNative.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToNative.java index c953e7bf9..907d2ac03 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToNative.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/ToNative.java @@ -38,6 +38,8 @@ import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetEncryptedDataKeyDescriptionUnion; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPartitionNumberOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetPrefix; import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetSegment; import software.amazon.cryptography.dbencryptionsdk.dynamodb.model.GetSegments; @@ -202,6 +204,23 @@ public static BeaconVersion BeaconVersion( ToNative.SignedPartsList(dafnyValue.dtor_signedParts().dtor_value()) ); } + if (dafnyValue.dtor_maximumNumberOfPartitions().is_Some()) { + nativeBuilder.maximumNumberOfPartitions( + (dafnyValue.dtor_maximumNumberOfPartitions().dtor_value()) + ); + } + if (dafnyValue.dtor_defaultNumberOfPartitions().is_Some()) { + nativeBuilder.defaultNumberOfPartitions( + (dafnyValue.dtor_defaultNumberOfPartitions().dtor_value()) + ); + } + if (dafnyValue.dtor_partitionSelector().is_Some()) { + nativeBuilder.partitionSelector( + ToNative.PartitionSelector( + dafnyValue.dtor_partitionSelector().dtor_value() + ) + ); + } return nativeBuilder.build(); } @@ -486,6 +505,34 @@ public static GetEncryptedDataKeyDescriptionOutput GetEncryptedDataKeyDescriptio return nativeBuilder.build(); } + public static GetPartitionNumberInput GetPartitionNumberInput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput dafnyValue + ) { + GetPartitionNumberInput.Builder nativeBuilder = + GetPartitionNumberInput.builder(); + nativeBuilder.item( + software.amazon.cryptography.services.dynamodb.internaldafny.ToNative.AttributeMap( + dafnyValue.dtor_item() + ) + ); + nativeBuilder.numberOfPartitions((dafnyValue.dtor_numberOfPartitions())); + nativeBuilder.logicalTableName( + software.amazon.smithy.dafny.conversion.ToNative.Simple.String( + dafnyValue.dtor_logicalTableName() + ) + ); + return nativeBuilder.build(); + } + + public static GetPartitionNumberOutput GetPartitionNumberOutput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput dafnyValue + ) { + GetPartitionNumberOutput.Builder nativeBuilder = + GetPartitionNumberOutput.builder(); + nativeBuilder.partitionNumber((dafnyValue.dtor_partitionNumber())); + return nativeBuilder.build(); + } + public static GetPrefix GetPrefix( software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix dafnyValue ) { @@ -720,6 +767,11 @@ public static StandardBeacon StandardBeacon( ToNative.BeaconStyle(dafnyValue.dtor_style().dtor_value()) ); } + if (dafnyValue.dtor_numberOfPartitions().is_Some()) { + nativeBuilder.numberOfPartitions( + (dafnyValue.dtor_numberOfPartitions().dtor_value()) + ); + } return nativeBuilder.build(); } @@ -1053,6 +1105,12 @@ public static ILegacyDynamoDbEncryptor LegacyDynamoDbEncryptor( return LegacyDynamoDbEncryptor.wrap(dafnyValue); } + public static IPartitionSelector PartitionSelector( + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector dafnyValue + ) { + return PartitionSelector.wrap(dafnyValue); + } + public static DynamoDbEncryption DynamoDbEncryption( IDynamoDbEncryptionClient dafnyValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/BeaconVersion.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/BeaconVersion.java index d3cc346c4..c9d98b8a0 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/BeaconVersion.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/BeaconVersion.java @@ -5,6 +5,8 @@ import java.util.List; import java.util.Objects; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.IPartitionSelector; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.PartitionSelector; import software.amazon.cryptography.keystore.KeyStore; /** @@ -38,7 +40,7 @@ public class BeaconVersion { private final List compoundBeacons; /** - * The Virtual Fields to be calculated, supporting other searchable enryption configurations. + * The Virtual Fields to be calculated, supporting other searchable encryption configurations. */ private final List virtualFields; @@ -52,6 +54,21 @@ public class BeaconVersion { */ private final List signedParts; + /** + * The number of separate partitions across which beacons should be divided. + */ + private final int maximumNumberOfPartitions; + + /** + * The number of partitions for any beacon that doesn't specify a numberOfPartitions + */ + private final int defaultNumberOfPartitions; + + /** + * How to choose the partition for an item. Default behavior is a random between 0 and maximumNumberOfPartitions. + */ + private final IPartitionSelector partitionSelector; + protected BeaconVersion(BuilderImpl builder) { this.version = builder.version(); this.keyStore = builder.keyStore(); @@ -61,6 +78,9 @@ protected BeaconVersion(BuilderImpl builder) { this.virtualFields = builder.virtualFields(); this.encryptedParts = builder.encryptedParts(); this.signedParts = builder.signedParts(); + this.maximumNumberOfPartitions = builder.maximumNumberOfPartitions(); + this.defaultNumberOfPartitions = builder.defaultNumberOfPartitions(); + this.partitionSelector = builder.partitionSelector(); } /** @@ -99,7 +119,7 @@ public List compoundBeacons() { } /** - * @return The Virtual Fields to be calculated, supporting other searchable enryption configurations. + * @return The Virtual Fields to be calculated, supporting other searchable encryption configurations. */ public List virtualFields() { return this.virtualFields; @@ -119,6 +139,27 @@ public List signedParts() { return this.signedParts; } + /** + * @return The number of separate partitions across which beacons should be divided. + */ + public int maximumNumberOfPartitions() { + return this.maximumNumberOfPartitions; + } + + /** + * @return The number of partitions for any beacon that doesn't specify a numberOfPartitions + */ + public int defaultNumberOfPartitions() { + return this.defaultNumberOfPartitions; + } + + /** + * @return How to choose the partition for an item. Default behavior is a random between 0 and maximumNumberOfPartitions. + */ + public IPartitionSelector partitionSelector() { + return this.partitionSelector; + } + public Builder toBuilder() { return new BuilderImpl(this); } @@ -179,12 +220,12 @@ public interface Builder { List compoundBeacons(); /** - * @param virtualFields The Virtual Fields to be calculated, supporting other searchable enryption configurations. + * @param virtualFields The Virtual Fields to be calculated, supporting other searchable encryption configurations. */ Builder virtualFields(List virtualFields); /** - * @return The Virtual Fields to be calculated, supporting other searchable enryption configurations. + * @return The Virtual Fields to be calculated, supporting other searchable encryption configurations. */ List virtualFields(); @@ -208,6 +249,36 @@ public interface Builder { */ List signedParts(); + /** + * @param maximumNumberOfPartitions The number of separate partitions across which beacons should be divided. + */ + Builder maximumNumberOfPartitions(int maximumNumberOfPartitions); + + /** + * @return The number of separate partitions across which beacons should be divided. + */ + int maximumNumberOfPartitions(); + + /** + * @param defaultNumberOfPartitions The number of partitions for any beacon that doesn't specify a numberOfPartitions + */ + Builder defaultNumberOfPartitions(int defaultNumberOfPartitions); + + /** + * @return The number of partitions for any beacon that doesn't specify a numberOfPartitions + */ + int defaultNumberOfPartitions(); + + /** + * @param partitionSelector How to choose the partition for an item. Default behavior is a random between 0 and maximumNumberOfPartitions. + */ + Builder partitionSelector(IPartitionSelector partitionSelector); + + /** + * @return How to choose the partition for an item. Default behavior is a random between 0 and maximumNumberOfPartitions. + */ + IPartitionSelector partitionSelector(); + BeaconVersion build(); } @@ -231,6 +302,16 @@ static class BuilderImpl implements Builder { protected List signedParts; + protected int maximumNumberOfPartitions; + + private boolean _maximumNumberOfPartitionsSet = false; + + protected int defaultNumberOfPartitions; + + private boolean _defaultNumberOfPartitionsSet = false; + + protected IPartitionSelector partitionSelector; + protected BuilderImpl() {} protected BuilderImpl(BeaconVersion model) { @@ -243,6 +324,11 @@ protected BuilderImpl(BeaconVersion model) { this.virtualFields = model.virtualFields(); this.encryptedParts = model.encryptedParts(); this.signedParts = model.signedParts(); + this.maximumNumberOfPartitions = model.maximumNumberOfPartitions(); + this._maximumNumberOfPartitionsSet = true; + this.defaultNumberOfPartitions = model.defaultNumberOfPartitions(); + this._defaultNumberOfPartitionsSet = true; + this.partitionSelector = model.partitionSelector(); } public Builder version(int version) { @@ -318,6 +404,35 @@ public List signedParts() { return this.signedParts; } + public Builder maximumNumberOfPartitions(int maximumNumberOfPartitions) { + this.maximumNumberOfPartitions = maximumNumberOfPartitions; + this._maximumNumberOfPartitionsSet = true; + return this; + } + + public int maximumNumberOfPartitions() { + return this.maximumNumberOfPartitions; + } + + public Builder defaultNumberOfPartitions(int defaultNumberOfPartitions) { + this.defaultNumberOfPartitions = defaultNumberOfPartitions; + this._defaultNumberOfPartitionsSet = true; + return this; + } + + public int defaultNumberOfPartitions() { + return this.defaultNumberOfPartitions; + } + + public Builder partitionSelector(IPartitionSelector partitionSelector) { + this.partitionSelector = PartitionSelector.wrap(partitionSelector); + return this; + } + + public IPartitionSelector partitionSelector() { + return this.partitionSelector; + } + public BeaconVersion build() { if (!this._versionSet) { throw new IllegalArgumentException( @@ -382,6 +497,38 @@ public BeaconVersion build() { "The size of `signedParts` must be greater than or equal to 1" ); } + if ( + this._maximumNumberOfPartitionsSet && + this.maximumNumberOfPartitions() < 1 + ) { + throw new IllegalArgumentException( + "`maximumNumberOfPartitions` must be greater than or equal to 1" + ); + } + if ( + this._maximumNumberOfPartitionsSet && + this.maximumNumberOfPartitions() > 255 + ) { + throw new IllegalArgumentException( + "`maximumNumberOfPartitions` must be less than or equal to 255." + ); + } + if ( + this._defaultNumberOfPartitionsSet && + this.defaultNumberOfPartitions() < 1 + ) { + throw new IllegalArgumentException( + "`defaultNumberOfPartitions` must be greater than or equal to 1" + ); + } + if ( + this._defaultNumberOfPartitionsSet && + this.defaultNumberOfPartitions() > 255 + ) { + throw new IllegalArgumentException( + "`defaultNumberOfPartitions` must be less than or equal to 255." + ); + } return new BeaconVersion(this); } } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/ConstructorPart.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/ConstructorPart.java index a44a28a64..9174af92f 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/ConstructorPart.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/ConstructorPart.java @@ -6,7 +6,7 @@ import java.util.Objects; /** - * A part of a Compound Becaon Construction. + * A part of a Compound Beacon Construction. */ public class ConstructorPart { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/EncryptedDataKeyDescriptionOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/EncryptedDataKeyDescriptionOutput.java deleted file mode 100644 index f9f99732c..000000000 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/EncryptedDataKeyDescriptionOutput.java +++ /dev/null @@ -1,133 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -package software.amazon.cryptography.dbencryptionsdk.dynamodb.model; - -import java.util.Objects; - -public class EncryptedDataKeyDescriptionOutput { - - private final String keyProviderId; - - private final String keyProviderInfo; - - private final String branchKeyId; - - private final String branchKeyVersion; - - protected EncryptedDataKeyDescriptionOutput(BuilderImpl builder) { - this.keyProviderId = builder.keyProviderId(); - this.keyProviderInfo = builder.keyProviderInfo(); - this.branchKeyId = builder.branchKeyId(); - this.branchKeyVersion = builder.branchKeyVersion(); - } - - public String keyProviderId() { - return this.keyProviderId; - } - - public String keyProviderInfo() { - return this.keyProviderInfo; - } - - public String branchKeyId() { - return this.branchKeyId; - } - - public String branchKeyVersion() { - return this.branchKeyVersion; - } - - public Builder toBuilder() { - return new BuilderImpl(this); - } - - public static Builder builder() { - return new BuilderImpl(); - } - - public interface Builder { - Builder keyProviderId(String keyProviderId); - - String keyProviderId(); - - Builder keyProviderInfo(String keyProviderInfo); - - String keyProviderInfo(); - - Builder branchKeyId(String branchKeyId); - - String branchKeyId(); - - Builder branchKeyVersion(String branchKeyVersion); - - String branchKeyVersion(); - - EncryptedDataKeyDescriptionOutput build(); - } - - static class BuilderImpl implements Builder { - - protected String keyProviderId; - - protected String keyProviderInfo; - - protected String branchKeyId; - - protected String branchKeyVersion; - - protected BuilderImpl() {} - - protected BuilderImpl(EncryptedDataKeyDescriptionOutput model) { - this.keyProviderId = model.keyProviderId(); - this.keyProviderInfo = model.keyProviderInfo(); - this.branchKeyId = model.branchKeyId(); - this.branchKeyVersion = model.branchKeyVersion(); - } - - public Builder keyProviderId(String keyProviderId) { - this.keyProviderId = keyProviderId; - return this; - } - - public String keyProviderId() { - return this.keyProviderId; - } - - public Builder keyProviderInfo(String keyProviderInfo) { - this.keyProviderInfo = keyProviderInfo; - return this; - } - - public String keyProviderInfo() { - return this.keyProviderInfo; - } - - public Builder branchKeyId(String branchKeyId) { - this.branchKeyId = branchKeyId; - return this; - } - - public String branchKeyId() { - return this.branchKeyId; - } - - public Builder branchKeyVersion(String branchKeyVersion) { - this.branchKeyVersion = branchKeyVersion; - return this; - } - - public String branchKeyVersion() { - return this.branchKeyVersion; - } - - public EncryptedDataKeyDescriptionOutput build() { - if (Objects.isNull(this.keyProviderId())) { - throw new IllegalArgumentException( - "Missing value for required field `keyProviderId`" - ); - } - return new EncryptedDataKeyDescriptionOutput(this); - } - } -} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberInput.java new file mode 100644 index 000000000..8eb9fb9b7 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberInput.java @@ -0,0 +1,136 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb.model; + +import java.util.Map; +import java.util.Objects; +import software.amazon.awssdk.services.dynamodb.model.AttributeValue; + +public class GetPartitionNumberInput { + + private final Map item; + + private final int numberOfPartitions; + + private final String logicalTableName; + + protected GetPartitionNumberInput(BuilderImpl builder) { + this.item = builder.item(); + this.numberOfPartitions = builder.numberOfPartitions(); + this.logicalTableName = builder.logicalTableName(); + } + + public Map item() { + return this.item; + } + + public int numberOfPartitions() { + return this.numberOfPartitions; + } + + public String logicalTableName() { + return this.logicalTableName; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder item(Map item); + + Map item(); + + Builder numberOfPartitions(int numberOfPartitions); + + int numberOfPartitions(); + + Builder logicalTableName(String logicalTableName); + + String logicalTableName(); + + GetPartitionNumberInput build(); + } + + static class BuilderImpl implements Builder { + + protected Map item; + + protected int numberOfPartitions; + + private boolean _numberOfPartitionsSet = false; + + protected String logicalTableName; + + protected BuilderImpl() {} + + protected BuilderImpl(GetPartitionNumberInput model) { + this.item = model.item(); + this.numberOfPartitions = model.numberOfPartitions(); + this._numberOfPartitionsSet = true; + this.logicalTableName = model.logicalTableName(); + } + + public Builder item(Map item) { + this.item = item; + return this; + } + + public Map item() { + return this.item; + } + + public Builder numberOfPartitions(int numberOfPartitions) { + this.numberOfPartitions = numberOfPartitions; + this._numberOfPartitionsSet = true; + return this; + } + + public int numberOfPartitions() { + return this.numberOfPartitions; + } + + public Builder logicalTableName(String logicalTableName) { + this.logicalTableName = logicalTableName; + return this; + } + + public String logicalTableName() { + return this.logicalTableName; + } + + public GetPartitionNumberInput build() { + if (Objects.isNull(this.item())) { + throw new IllegalArgumentException( + "Missing value for required field `item`" + ); + } + if (!this._numberOfPartitionsSet) { + throw new IllegalArgumentException( + "Missing value for required field `numberOfPartitions`" + ); + } + if (this._numberOfPartitionsSet && this.numberOfPartitions() < 1) { + throw new IllegalArgumentException( + "`numberOfPartitions` must be greater than or equal to 1" + ); + } + if (this._numberOfPartitionsSet && this.numberOfPartitions() > 255) { + throw new IllegalArgumentException( + "`numberOfPartitions` must be less than or equal to 255." + ); + } + if (Objects.isNull(this.logicalTableName())) { + throw new IllegalArgumentException( + "Missing value for required field `logicalTableName`" + ); + } + return new GetPartitionNumberInput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberOutput.java new file mode 100644 index 000000000..979042db5 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetPartitionNumberOutput.java @@ -0,0 +1,76 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb.model; + +public class GetPartitionNumberOutput { + + private final int partitionNumber; + + protected GetPartitionNumberOutput(BuilderImpl builder) { + this.partitionNumber = builder.partitionNumber(); + } + + public int partitionNumber() { + return this.partitionNumber; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder partitionNumber(int partitionNumber); + + int partitionNumber(); + + GetPartitionNumberOutput build(); + } + + static class BuilderImpl implements Builder { + + protected int partitionNumber; + + private boolean _partitionNumberSet = false; + + protected BuilderImpl() {} + + protected BuilderImpl(GetPartitionNumberOutput model) { + this.partitionNumber = model.partitionNumber(); + this._partitionNumberSet = true; + } + + public Builder partitionNumber(int partitionNumber) { + this.partitionNumber = partitionNumber; + this._partitionNumberSet = true; + return this; + } + + public int partitionNumber() { + return this.partitionNumber; + } + + public GetPartitionNumberOutput build() { + if (!this._partitionNumberSet) { + throw new IllegalArgumentException( + "Missing value for required field `partitionNumber`" + ); + } + if (this._partitionNumberSet && this.partitionNumber() < 0) { + throw new IllegalArgumentException( + "`partitionNumber` must be greater than or equal to 0" + ); + } + if (this._partitionNumberSet && this.partitionNumber() > 254) { + throw new IllegalArgumentException( + "`partitionNumber` must be less than or equal to 254." + ); + } + return new GetPartitionNumberOutput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetSegment.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetSegment.java index 42b9f61b8..f2b8939ef 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetSegment.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/GetSegment.java @@ -16,7 +16,7 @@ public class GetSegment { private final String split; /** - * The index of the split string result to return. 0 represents the segment before the first split character. -1 respresents the segment after the last split character. + * The index of the split string result to return. 0 represents the segment before the first split character. -1 represents the segment after the last split character. */ private final Integer index; @@ -33,7 +33,7 @@ public String split() { } /** - * @return The index of the split string result to return. 0 represents the segment before the first split character. -1 respresents the segment after the last split character. + * @return The index of the split string result to return. 0 represents the segment before the first split character. -1 represents the segment after the last split character. */ public Integer index() { return this.index; @@ -59,12 +59,12 @@ public interface Builder { String split(); /** - * @param index The index of the split string result to return. 0 represents the segment before the first split character. -1 respresents the segment after the last split character. + * @param index The index of the split string result to return. 0 represents the segment before the first split character. -1 represents the segment after the last split character. */ Builder index(Integer index); /** - * @return The index of the split string result to return. 0 represents the segment before the first split character. -1 respresents the segment after the last split character. + * @return The index of the split string result to return. 0 represents the segment before the first split character. -1 represents the segment after the last split character. */ Integer index(); diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/LegacyOverride.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/LegacyOverride.java index d4e5b0f1d..f7f6e490b 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/LegacyOverride.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/LegacyOverride.java @@ -15,7 +15,7 @@ public class LegacyOverride { /** - * A policy which configurates whether legacy behavior overrides encryption and/or decryption. + * A policy which configures whether legacy behavior overrides encryption and/or decryption. */ private final LegacyPolicy policy; @@ -42,7 +42,7 @@ protected LegacyOverride(BuilderImpl builder) { } /** - * @return A policy which configurates whether legacy behavior overrides encryption and/or decryption. + * @return A policy which configures whether legacy behavior overrides encryption and/or decryption. */ public LegacyPolicy policy() { return this.policy; @@ -79,12 +79,12 @@ public static Builder builder() { public interface Builder { /** - * @param policy A policy which configurates whether legacy behavior overrides encryption and/or decryption. + * @param policy A policy which configures whether legacy behavior overrides encryption and/or decryption. */ Builder policy(LegacyPolicy policy); /** - * @return A policy which configurates whether legacy behavior overrides encryption and/or decryption. + * @return A policy which configures whether legacy behavior overrides encryption and/or decryption. */ LegacyPolicy policy(); diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/StandardBeacon.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/StandardBeacon.java index 88bcbc1ef..247203c21 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/StandardBeacon.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/model/StandardBeacon.java @@ -30,11 +30,17 @@ public class StandardBeacon { */ private final BeaconStyle style; + /** + * The number of separate partitions across which this particular beacon should be divided. Ths must be no greater than the global numberOfPartitions, and can never be changed once an item containing this beacon has been written. + */ + private final int numberOfPartitions; + protected StandardBeacon(BuilderImpl builder) { this.name = builder.name(); this.length = builder.length(); this.loc = builder.loc(); this.style = builder.style(); + this.numberOfPartitions = builder.numberOfPartitions(); } /** @@ -65,6 +71,13 @@ public BeaconStyle style() { return this.style; } + /** + * @return The number of separate partitions across which this particular beacon should be divided. Ths must be no greater than the global numberOfPartitions, and can never be changed once an item containing this beacon has been written. + */ + public int numberOfPartitions() { + return this.numberOfPartitions; + } + public Builder toBuilder() { return new BuilderImpl(this); } @@ -114,6 +127,16 @@ public interface Builder { */ BeaconStyle style(); + /** + * @param numberOfPartitions The number of separate partitions across which this particular beacon should be divided. Ths must be no greater than the global numberOfPartitions, and can never be changed once an item containing this beacon has been written. + */ + Builder numberOfPartitions(int numberOfPartitions); + + /** + * @return The number of separate partitions across which this particular beacon should be divided. Ths must be no greater than the global numberOfPartitions, and can never be changed once an item containing this beacon has been written. + */ + int numberOfPartitions(); + StandardBeacon build(); } @@ -129,6 +152,10 @@ static class BuilderImpl implements Builder { protected BeaconStyle style; + protected int numberOfPartitions; + + private boolean _numberOfPartitionsSet = false; + protected BuilderImpl() {} protected BuilderImpl(StandardBeacon model) { @@ -137,6 +164,8 @@ protected BuilderImpl(StandardBeacon model) { this._lengthSet = true; this.loc = model.loc(); this.style = model.style(); + this.numberOfPartitions = model.numberOfPartitions(); + this._numberOfPartitionsSet = true; } public Builder name(String name) { @@ -176,6 +205,16 @@ public BeaconStyle style() { return this.style; } + public Builder numberOfPartitions(int numberOfPartitions) { + this.numberOfPartitions = numberOfPartitions; + this._numberOfPartitionsSet = true; + return this; + } + + public int numberOfPartitions() { + return this.numberOfPartitions; + } + public StandardBeacon build() { if (Objects.isNull(this.name())) { throw new IllegalArgumentException( @@ -202,6 +241,16 @@ public StandardBeacon build() { "The size of `loc` must be greater than or equal to 1" ); } + if (this._numberOfPartitionsSet && this.numberOfPartitions() < 1) { + throw new IllegalArgumentException( + "`numberOfPartitions` must be greater than or equal to 1" + ); + } + if (this._numberOfPartitionsSet && this.numberOfPartitions() > 255) { + throw new IllegalArgumentException( + "`numberOfPartitions` must be less than or equal to 255." + ); + } return new StandardBeacon(this); } } diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/DynamoDbEncryptionTransforms.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/DynamoDbEncryptionTransforms.java index a37c90cfe..7f9975f58 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/DynamoDbEncryptionTransforms.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/DynamoDbEncryptionTransforms.java @@ -39,6 +39,8 @@ import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemInputTransformOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemOutputTransformInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemOutputTransformOutput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.PutItemInputTransformInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.PutItemInputTransformOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.PutItemOutputTransformInput; @@ -309,6 +311,25 @@ public GetItemOutputTransformOutput GetItemOutputTransform( return ToNative.GetItemOutputTransformOutput(result.dtor_value()); } + /** + * Return the necessary number of query operations for this query, based on partition usage. + * + */ + public GetNumberOfQueriesOutput GetNumberOfQueries( + GetNumberOfQueriesInput input + ) { + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput dafnyValue = + ToDafny.GetNumberOfQueriesInput(input); + Result< + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput, + Error + > result = this._impl.GetNumberOfQueries(dafnyValue); + if (result.is_Failure()) { + throw ToNative.Error(result.dtor_error()); + } + return ToNative.GetNumberOfQueriesOutput(result.dtor_value()); + } + public PutItemInputTransformOutput PutItemInputTransform( PutItemInputTransformInput input ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToDafny.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToDafny.java index 80eac1c70..d88249076 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToDafny.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToDafny.java @@ -43,6 +43,8 @@ import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetItemInputTransformOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetItemOutputTransformInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetItemOutputTransformOutput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.IDynamoDbEncryptionTransformsClient; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.PutItemInputTransformInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.PutItemInputTransformOutput; @@ -491,6 +493,25 @@ public static GetItemOutputTransformOutput GetItemOutputTransformOutput( return new GetItemOutputTransformOutput(transformedOutput); } + public static GetNumberOfQueriesInput GetNumberOfQueriesInput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesInput nativeValue + ) { + QueryInput input; + input = + software.amazon.cryptography.services.dynamodb.internaldafny.ToDafny.QueryInput( + nativeValue.input() + ); + return new GetNumberOfQueriesInput(input); + } + + public static GetNumberOfQueriesOutput GetNumberOfQueriesOutput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesOutput nativeValue + ) { + Integer numberOfQueries; + numberOfQueries = (nativeValue.numberOfQueries()); + return new GetNumberOfQueriesOutput(numberOfQueries); + } + public static PutItemInputTransformInput PutItemInputTransformInput( software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.PutItemInputTransformInput nativeValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToNative.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToNative.java index c63a6cff2..c9e6df7f9 100644 --- a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToNative.java +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/ToNative.java @@ -45,6 +45,8 @@ import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemInputTransformOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemOutputTransformInput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetItemOutputTransformOutput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesInput; +import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.GetNumberOfQueriesOutput; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.OpaqueError; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.OpaqueWithTextError; import software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model.PutItemInputTransformInput; @@ -566,6 +568,28 @@ public static GetItemOutputTransformOutput GetItemOutputTransformOutput( return nativeBuilder.build(); } + public static GetNumberOfQueriesInput GetNumberOfQueriesInput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput dafnyValue + ) { + GetNumberOfQueriesInput.Builder nativeBuilder = + GetNumberOfQueriesInput.builder(); + nativeBuilder.input( + software.amazon.cryptography.services.dynamodb.internaldafny.ToNative.QueryInput( + dafnyValue.dtor_input() + ) + ); + return nativeBuilder.build(); + } + + public static GetNumberOfQueriesOutput GetNumberOfQueriesOutput( + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput dafnyValue + ) { + GetNumberOfQueriesOutput.Builder nativeBuilder = + GetNumberOfQueriesOutput.builder(); + nativeBuilder.numberOfQueries((dafnyValue.dtor_numberOfQueries())); + return nativeBuilder.build(); + } + public static PutItemInputTransformInput PutItemInputTransformInput( software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.PutItemInputTransformInput dafnyValue ) { diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesInput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesInput.java new file mode 100644 index 000000000..6c2fbb016 --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesInput.java @@ -0,0 +1,77 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model; + +import java.util.Objects; +import software.amazon.awssdk.services.dynamodb.model.QueryRequest; + +public class GetNumberOfQueriesInput { + + /** + *

Represents the input of a Query operation.

+ */ + private final QueryRequest input; + + protected GetNumberOfQueriesInput(BuilderImpl builder) { + this.input = builder.input(); + } + + /** + * @return

Represents the input of a Query operation.

+ */ + public QueryRequest input() { + return this.input; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + /** + * @param input

Represents the input of a Query operation.

+ */ + Builder input(QueryRequest input); + + /** + * @return

Represents the input of a Query operation.

+ */ + QueryRequest input(); + + GetNumberOfQueriesInput build(); + } + + static class BuilderImpl implements Builder { + + protected QueryRequest input; + + protected BuilderImpl() {} + + protected BuilderImpl(GetNumberOfQueriesInput model) { + this.input = model.input(); + } + + public Builder input(QueryRequest input) { + this.input = input; + return this; + } + + public QueryRequest input() { + return this.input; + } + + public GetNumberOfQueriesInput build() { + if (Objects.isNull(this.input())) { + throw new IllegalArgumentException( + "Missing value for required field `input`" + ); + } + return new GetNumberOfQueriesInput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesOutput.java b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesOutput.java new file mode 100644 index 000000000..dd7b7fbee --- /dev/null +++ b/DynamoDbEncryption/runtimes/java/src/main/smithy-generated/software/amazon/cryptography/dbencryptionsdk/dynamodb/transforms/model/GetNumberOfQueriesOutput.java @@ -0,0 +1,76 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +package software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.model; + +public class GetNumberOfQueriesOutput { + + private final int numberOfQueries; + + protected GetNumberOfQueriesOutput(BuilderImpl builder) { + this.numberOfQueries = builder.numberOfQueries(); + } + + public int numberOfQueries() { + return this.numberOfQueries; + } + + public Builder toBuilder() { + return new BuilderImpl(this); + } + + public static Builder builder() { + return new BuilderImpl(); + } + + public interface Builder { + Builder numberOfQueries(int numberOfQueries); + + int numberOfQueries(); + + GetNumberOfQueriesOutput build(); + } + + static class BuilderImpl implements Builder { + + protected int numberOfQueries; + + private boolean _numberOfQueriesSet = false; + + protected BuilderImpl() {} + + protected BuilderImpl(GetNumberOfQueriesOutput model) { + this.numberOfQueries = model.numberOfQueries(); + this._numberOfQueriesSet = true; + } + + public Builder numberOfQueries(int numberOfQueries) { + this.numberOfQueries = numberOfQueries; + this._numberOfQueriesSet = true; + return this; + } + + public int numberOfQueries() { + return this.numberOfQueries; + } + + public GetNumberOfQueriesOutput build() { + if (!this._numberOfQueriesSet) { + throw new IllegalArgumentException( + "Missing value for required field `numberOfQueries`" + ); + } + if (this._numberOfQueriesSet && this.numberOfQueries() < 1) { + throw new IllegalArgumentException( + "`numberOfQueries` must be greater than or equal to 1" + ); + } + if (this._numberOfQueriesSet && this.numberOfQueries() > 255) { + throw new IllegalArgumentException( + "`numberOfQueries` must be less than or equal to 255." + ); + } + return new GetNumberOfQueriesOutput(this); + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/BeaconVersion.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/BeaconVersion.cs index d278e508a..7a164a393 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/BeaconVersion.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/BeaconVersion.cs @@ -15,6 +15,9 @@ public class BeaconVersion private System.Collections.Generic.List _virtualFields; private System.Collections.Generic.List _encryptedParts; private System.Collections.Generic.List _signedParts; + private int? _maximumNumberOfPartitions; + private int? _defaultNumberOfPartitions; + private AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector _partitionSelector; public int Version { get { return this._version.GetValueOrDefault(); } @@ -87,6 +90,33 @@ public bool IsSetSignedParts() { return this._signedParts != null; } + public int MaximumNumberOfPartitions + { + get { return this._maximumNumberOfPartitions.GetValueOrDefault(); } + set { this._maximumNumberOfPartitions = value; } + } + public bool IsSetMaximumNumberOfPartitions() + { + return this._maximumNumberOfPartitions.HasValue; + } + public int DefaultNumberOfPartitions + { + get { return this._defaultNumberOfPartitions.GetValueOrDefault(); } + set { this._defaultNumberOfPartitions = value; } + } + public bool IsSetDefaultNumberOfPartitions() + { + return this._defaultNumberOfPartitions.HasValue; + } + public AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector PartitionSelector + { + get { return this._partitionSelector; } + set { this._partitionSelector = value; } + } + public bool IsSetPartitionSelector() + { + return this._partitionSelector != null; + } public void Validate() { if (!IsSetVersion()) throw new System.ArgumentException("Missing value for required property 'Version'"); @@ -125,6 +155,32 @@ public void Validate() String.Format("Member SignedParts of structure BeaconVersion has List type SignedPartsList which has a minimum length of 1 but was given a value with length {0}.", SignedParts.Count)); } } + if (IsSetMaximumNumberOfPartitions()) + { + if (MaximumNumberOfPartitions < 1) + { + throw new System.ArgumentException( + String.Format("Member MaximumNumberOfPartitions of structure BeaconVersion has type PartitionCount which has a minimum of 1 but was given the value {0}.", MaximumNumberOfPartitions)); + } + if (MaximumNumberOfPartitions > 255) + { + throw new System.ArgumentException( + String.Format("Member MaximumNumberOfPartitions of structure BeaconVersion has type PartitionCount which has a maximum of 255 but was given the value {0}.", MaximumNumberOfPartitions)); + } + } + if (IsSetDefaultNumberOfPartitions()) + { + if (DefaultNumberOfPartitions < 1) + { + throw new System.ArgumentException( + String.Format("Member DefaultNumberOfPartitions of structure BeaconVersion has type PartitionCount which has a minimum of 1 but was given the value {0}.", DefaultNumberOfPartitions)); + } + if (DefaultNumberOfPartitions > 255) + { + throw new System.ArgumentException( + String.Format("Member DefaultNumberOfPartitions of structure BeaconVersion has type PartitionCount which has a maximum of 255 but was given the value {0}.", DefaultNumberOfPartitions)); + } + } } } } diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/EncryptedDataKeyDescriptionOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/EncryptedDataKeyDescriptionOutput.cs deleted file mode 100644 index b7b9d3897..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/EncryptedDataKeyDescriptionOutput.cs +++ /dev/null @@ -1,56 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.DynamoDb; -namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb -{ - public class EncryptedDataKeyDescriptionOutput - { - private string _keyProviderId; - private string _keyProviderInfo; - private string _branchKeyId; - private string _branchKeyVersion; - public string KeyProviderId - { - get { return this._keyProviderId; } - set { this._keyProviderId = value; } - } - public bool IsSetKeyProviderId() - { - return this._keyProviderId != null; - } - public string KeyProviderInfo - { - get { return this._keyProviderInfo; } - set { this._keyProviderInfo = value; } - } - public bool IsSetKeyProviderInfo() - { - return this._keyProviderInfo != null; - } - public string BranchKeyId - { - get { return this._branchKeyId; } - set { this._branchKeyId = value; } - } - public bool IsSetBranchKeyId() - { - return this._branchKeyId != null; - } - public string BranchKeyVersion - { - get { return this._branchKeyVersion; } - set { this._branchKeyVersion = value; } - } - public bool IsSetBranchKeyVersion() - { - return this._branchKeyVersion != null; - } - public void Validate() - { - if (!IsSetKeyProviderId()) throw new System.ArgumentException("Missing value for required property 'KeyProviderId'"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberInput.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberInput.cs new file mode 100644 index 000000000..c7f498c5c --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberInput.cs @@ -0,0 +1,48 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +{ + public class GetPartitionNumberInput + { + private System.Collections.Generic.Dictionary _item; + private int? _numberOfPartitions; + private string _logicalTableName; + public System.Collections.Generic.Dictionary Item + { + get { return this._item; } + set { this._item = value; } + } + public bool IsSetItem() + { + return this._item != null; + } + public int NumberOfPartitions + { + get { return this._numberOfPartitions.GetValueOrDefault(); } + set { this._numberOfPartitions = value; } + } + public bool IsSetNumberOfPartitions() + { + return this._numberOfPartitions.HasValue; + } + public string LogicalTableName + { + get { return this._logicalTableName; } + set { this._logicalTableName = value; } + } + public bool IsSetLogicalTableName() + { + return this._logicalTableName != null; + } + public void Validate() + { + if (!IsSetItem()) throw new System.ArgumentException("Missing value for required property 'Item'"); + if (!IsSetNumberOfPartitions()) throw new System.ArgumentException("Missing value for required property 'NumberOfPartitions'"); + if (!IsSetLogicalTableName()) throw new System.ArgumentException("Missing value for required property 'LogicalTableName'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberOutput.cs new file mode 100644 index 000000000..74749c467 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/GetPartitionNumberOutput.cs @@ -0,0 +1,26 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +{ + public class GetPartitionNumberOutput + { + private int? _partitionNumber; + public int PartitionNumber + { + get { return this._partitionNumber.GetValueOrDefault(); } + set { this._partitionNumber = value; } + } + public bool IsSetPartitionNumber() + { + return this._partitionNumber.HasValue; + } + public void Validate() + { + if (!IsSetPartitionNumber()) throw new System.ArgumentException("Missing value for required property 'PartitionNumber'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/IPartitionSelector.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/IPartitionSelector.cs new file mode 100644 index 000000000..91fea60e2 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/IPartitionSelector.cs @@ -0,0 +1,12 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +{ + public interface IPartitionSelector + { + AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput GetPartitionNumber(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput input); + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelector.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelector.cs new file mode 100644 index 000000000..24494a0bb --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelector.cs @@ -0,0 +1,23 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using System.IO; +using System.Collections.Generic; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb; +using software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +{ + internal class PartitionSelector : PartitionSelectorBase + { + internal readonly software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector _impl; + internal PartitionSelector(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector impl) { this._impl = impl; } + protected override AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput _GetPartitionNumber(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput input) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberInput internalInput = TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput(input); + Wrappers_Compile._IResult result = this._impl.GetPartitionNumber(internalInput); + if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); + return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput(result.dtor_value); + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelectorBase.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelectorBase.cs new file mode 100644 index 000000000..187468007 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/PartitionSelectorBase.cs @@ -0,0 +1,16 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb +{ + public abstract class PartitionSelectorBase : IPartitionSelector + { + public AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput GetPartitionNumber(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput input) + { + input.Validate(); return _GetPartitionNumber(input); + } + protected abstract AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput _GetPartitionNumber(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput input); + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/StandardBeacon.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/StandardBeacon.cs index b6a8b9c1c..9cf46400b 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/StandardBeacon.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/StandardBeacon.cs @@ -11,6 +11,7 @@ public class StandardBeacon private int? _length; private string _loc; private AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle _style; + private int? _numberOfPartitions; public string Name { get { return this._name; } @@ -47,6 +48,15 @@ public bool IsSetStyle() { return this._style != null; } + public int NumberOfPartitions + { + get { return this._numberOfPartitions.GetValueOrDefault(); } + set { this._numberOfPartitions = value; } + } + public bool IsSetNumberOfPartitions() + { + return this._numberOfPartitions.HasValue; + } public void Validate() { if (!IsSetName()) throw new System.ArgumentException("Missing value for required property 'Name'"); @@ -59,6 +69,19 @@ public void Validate() String.Format("Member Loc of structure StandardBeacon has type TerminalLocation which has a minimum length of 1 but was given the value '{0}' which has length {1}.", Loc, Loc.Length)); } } + if (IsSetNumberOfPartitions()) + { + if (NumberOfPartitions < 1) + { + throw new System.ArgumentException( + String.Format("Member NumberOfPartitions of structure StandardBeacon has type PartitionCount which has a minimum of 1 but was given the value {0}.", NumberOfPartitions)); + } + if (NumberOfPartitions > 255) + { + throw new System.ArgumentException( + String.Format("Member NumberOfPartitions of structure StandardBeacon has type PartitionCount which has a maximum of 255 but was given the value {0}.", NumberOfPartitions)); + } + } } } } diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs index 87ae5c0e9..d42fb1a77 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryption/TypeConversion.cs @@ -196,7 +196,10 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion FromDafny_ if (concrete._compoundBeacons.is_Some) converted.CompoundBeacons = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(concrete._compoundBeacons); if (concrete._virtualFields.is_Some) converted.VirtualFields = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(concrete._virtualFields); if (concrete._encryptedParts.is_Some) converted.EncryptedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(concrete._encryptedParts); - if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); return converted; + if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); + if (concrete._maximumNumberOfPartitions.is_Some) converted.MaximumNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(concrete._maximumNumberOfPartitions); + if (concrete._defaultNumberOfPartitions.is_Some) converted.DefaultNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(concrete._defaultNumberOfPartitions); + if (concrete._partitionSelector.is_Some) converted.PartitionSelector = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(concrete._partitionSelector); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IBeaconVersion ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion(AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion value) { @@ -205,7 +208,10 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn System.Collections.Generic.List var_virtualFields = value.IsSetVirtualFields() ? value.VirtualFields : (System.Collections.Generic.List)null; System.Collections.Generic.List var_encryptedParts = value.IsSetEncryptedParts() ? value.EncryptedParts : (System.Collections.Generic.List)null; System.Collections.Generic.List var_signedParts = value.IsSetSignedParts() ? value.SignedParts : (System.Collections.Generic.List)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts)); + int? var_maximumNumberOfPartitions = value.IsSetMaximumNumberOfPartitions() ? value.MaximumNumberOfPartitions : (int?)null; + int? var_defaultNumberOfPartitions = value.IsSetDefaultNumberOfPartitions() ? value.DefaultNumberOfPartitions : (int?)null; + AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector var_partitionSelector = value.IsSetPartitionSelector() ? value.PartitionSelector : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(var_maximumNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(var_defaultNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(var_partitionSelector)); } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(Wrappers_Compile._IOption> value) { @@ -215,6 +221,14 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_CompoundBeaconList((System.Collections.Generic.List)value)); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_EncryptedPartsList(value.Extract()); @@ -239,6 +253,22 @@ public static software.amazon.cryptography.keystore.internaldafny.types.IKeyStor { return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(Wrappers_Compile._IOption value) + { + return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference((AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_SignedPartsList(value.Extract()); @@ -920,6 +950,60 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberInput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput(); converted.Item = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(concrete._item); + converted.NumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(concrete._numberOfPartitions); + converted.LogicalTableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(concrete._logicalTableName); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(value.Item), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(value.NumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(value.LogicalTableName)); + } + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(Dafny.IMap, software.amazon.cryptography.services.dynamodb.internaldafny.types._IAttributeValue> value) + { + return FromDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); + } + public static Dafny.IMap, software.amazon.cryptography.services.dynamodb.internaldafny.types._IAttributeValue> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(System.Collections.Generic.Dictionary value) + { + return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); + } + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S6_String(value); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(string value) + { + return ToDafny_N6_smithy__N3_api__S6_String(value); + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(int value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(int value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberOutput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput(); converted.PartitionNumber = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(concrete._partitionNumber); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(value.PartitionNumber)); + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(int value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(value); + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(int value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(value); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S9_GetPrefix(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPrefix value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix(); converted.Length = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S9_GetPrefix__M6_length(concrete._length); return converted; @@ -1214,6 +1298,35 @@ public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8 { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N6_smithy__N3_api__S6_String((string)value)); } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(int value) + { + return value; + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(int value) + { + return value; + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector value) + { + return new PartitionSelector(value); + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + if (value is PartitionSelector valueWithImpl) + { + return valueWithImpl._impl; + } + throw new System.ArgumentException("Custom implementations of AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector are not supported"); + + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S8_PartOnly(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IPartOnly value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly(); return converted; @@ -1412,14 +1525,16 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon FromDafny software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon(); converted.Name = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(concrete._name); converted.Length = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(concrete._length); if (concrete._loc.is_Some) converted.Loc = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(concrete._loc); - if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); return converted; + if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); + if (concrete._numberOfPartitions.is_Some) converted.NumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(concrete._numberOfPartitions); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IStandardBeacon ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon(AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon value) { value.Validate(); string var_loc = value.IsSetLoc() ? value.Loc : (string)null; AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle var_style = value.IsSetStyle() ? value.Style : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style)); + int? var_numberOfPartitions = value.IsSetNumberOfPartitions() ? value.NumberOfPartitions : (int?)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(var_numberOfPartitions)); } public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(int value) { @@ -1445,6 +1560,14 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N6_smithy__N3_api__S6_String(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(Wrappers_Compile._IOption value) { return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S11_BeaconStyle(value.Extract()); diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/DynamoDbEncryptionTransforms.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/DynamoDbEncryptionTransforms.cs index ce63086df..be9638f44 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/DynamoDbEncryptionTransforms.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/DynamoDbEncryptionTransforms.cs @@ -215,5 +215,12 @@ public AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.ResolveAttributesOut if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_ResolveAttributesOutput(result.dtor_value); } + public AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesOutput GetNumberOfQueries(AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesInput input) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IGetNumberOfQueriesInput internalInput = TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput(input); + Wrappers_Compile._IResult result = _impl.GetNumberOfQueries(internalInput); + if (result.is_Failure) throw TypeConversion.FromDafny_CommonError(result.dtor_error); + return TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput(result.dtor_value); + } } } diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesInput.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesInput.cs new file mode 100644 index 000000000..21840ff4a --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesInput.cs @@ -0,0 +1,26 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms +{ + public class GetNumberOfQueriesInput + { + private Amazon.DynamoDBv2.Model.QueryRequest _input; + public Amazon.DynamoDBv2.Model.QueryRequest Input + { + get { return this._input; } + set { this._input = value; } + } + public bool IsSetInput() + { + return this._input != null; + } + public void Validate() + { + if (!IsSetInput()) throw new System.ArgumentException("Missing value for required property 'Input'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesOutput.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesOutput.cs new file mode 100644 index 000000000..d2a16ff23 --- /dev/null +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/GetNumberOfQueriesOutput.cs @@ -0,0 +1,26 @@ +// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 +// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. +using System; +using AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms; +namespace AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms +{ + public class GetNumberOfQueriesOutput + { + private int? _numberOfQueries; + public int NumberOfQueries + { + get { return this._numberOfQueries.GetValueOrDefault(); } + set { this._numberOfQueries = value; } + } + public bool IsSetNumberOfQueries() + { + return this._numberOfQueries.HasValue; + } + public void Validate() + { + if (!IsSetNumberOfQueries()) throw new System.ArgumentException("Missing value for required property 'NumberOfQueries'"); + + } + } +} diff --git a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs index fa42225e6..799a0f678 100644 --- a/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs +++ b/DynamoDbEncryption/runtimes/net/Generated/DynamoDbEncryptionTransforms/TypeConversion.cs @@ -180,7 +180,10 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion FromDafny_ if (concrete._compoundBeacons.is_Some) converted.CompoundBeacons = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(concrete._compoundBeacons); if (concrete._virtualFields.is_Some) converted.VirtualFields = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(concrete._virtualFields); if (concrete._encryptedParts.is_Some) converted.EncryptedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(concrete._encryptedParts); - if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); return converted; + if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); + if (concrete._maximumNumberOfPartitions.is_Some) converted.MaximumNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(concrete._maximumNumberOfPartitions); + if (concrete._defaultNumberOfPartitions.is_Some) converted.DefaultNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(concrete._defaultNumberOfPartitions); + if (concrete._partitionSelector.is_Some) converted.PartitionSelector = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(concrete._partitionSelector); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IBeaconVersion ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion(AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion value) { @@ -189,7 +192,10 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn System.Collections.Generic.List var_virtualFields = value.IsSetVirtualFields() ? value.VirtualFields : (System.Collections.Generic.List)null; System.Collections.Generic.List var_encryptedParts = value.IsSetEncryptedParts() ? value.EncryptedParts : (System.Collections.Generic.List)null; System.Collections.Generic.List var_signedParts = value.IsSetSignedParts() ? value.SignedParts : (System.Collections.Generic.List)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts)); + int? var_maximumNumberOfPartitions = value.IsSetMaximumNumberOfPartitions() ? value.MaximumNumberOfPartitions : (int?)null; + int? var_defaultNumberOfPartitions = value.IsSetDefaultNumberOfPartitions() ? value.DefaultNumberOfPartitions : (int?)null; + AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector var_partitionSelector = value.IsSetPartitionSelector() ? value.PartitionSelector : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(var_maximumNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(var_defaultNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(var_partitionSelector)); } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(Wrappers_Compile._IOption> value) { @@ -199,6 +205,14 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_CompoundBeaconList((System.Collections.Generic.List)value)); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_EncryptedPartsList(value.Extract()); @@ -223,6 +237,22 @@ public static software.amazon.cryptography.keystore.internaldafny.types.IKeyStor { return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(Wrappers_Compile._IOption value) + { + return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference((AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_SignedPartsList(value.Extract()); @@ -923,6 +953,26 @@ public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8 { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N6_smithy__N3_api__S6_String((string)value)); } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.DbEncryptionSDK.DynamoDb.TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value); + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.DbEncryptionSDK.DynamoDb.TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S8_PartOnly(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IPartOnly value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly(); return converted; @@ -1121,14 +1171,16 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon FromDafny software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon(); converted.Name = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(concrete._name); converted.Length = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(concrete._length); if (concrete._loc.is_Some) converted.Loc = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(concrete._loc); - if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); return converted; + if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); + if (concrete._numberOfPartitions.is_Some) converted.NumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(concrete._numberOfPartitions); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IStandardBeacon ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon(AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon value) { value.Validate(); string var_loc = value.IsSetLoc() ? value.Loc : (string)null; AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle var_style = value.IsSetStyle() ? value.Style : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style)); + int? var_numberOfPartitions = value.IsSetNumberOfPartitions() ? value.NumberOfPartitions : (int?)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(var_numberOfPartitions)); } public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(int value) { @@ -1154,6 +1206,14 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N6_smithy__N3_api__S6_String(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(Wrappers_Compile._IOption value) { return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S11_BeaconStyle(value.Extract()); @@ -2087,6 +2147,42 @@ public static software.amazon.cryptography.services.dynamodb.internaldafny.types { return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S13_GetItemOutput(value); } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput(software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IGetNumberOfQueriesInput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesInput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesInput(); converted.Input = (Amazon.DynamoDBv2.Model.QueryRequest)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput__M5_input(concrete._input); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IGetNumberOfQueriesInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesInput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput__M5_input(value.Input)); + } + public static Amazon.DynamoDBv2.Model.QueryRequest FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput__M5_input(software.amazon.cryptography.services.dynamodb.internaldafny.types._IQueryInput value) + { + return FromDafny_N3_com__N9_amazonaws__N8_dynamodb__S10_QueryInput(value); + } + public static software.amazon.cryptography.services.dynamodb.internaldafny.types._IQueryInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S23_GetNumberOfQueriesInput__M5_input(Amazon.DynamoDBv2.Model.QueryRequest value) + { + return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S10_QueryInput(value); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput(software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IGetNumberOfQueriesOutput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesOutput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesOutput(); converted.NumberOfQueries = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput__M15_numberOfQueries(concrete._numberOfQueries); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IGetNumberOfQueriesOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.GetNumberOfQueriesOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.GetNumberOfQueriesOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput__M15_numberOfQueries(value.NumberOfQueries)); + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput__M15_numberOfQueries(int value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S24_GetNumberOfQueriesOutput__M15_numberOfQueries(int value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.PutItemInputTransformInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S26_PutItemInputTransformInput(software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types._IPutItemInputTransformInput value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.PutItemInputTransformInput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.transforms.internaldafny.types.PutItemInputTransformInput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.PutItemInputTransformInput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.Transforms.PutItemInputTransformInput(); converted.SdkInput = (Amazon.DynamoDBv2.Model.PutItemRequest)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__N10_transforms__S26_PutItemInputTransformInput__M8_sdkInput(concrete._sdkInput); return converted; diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs deleted file mode 100644 index c95f3b73b..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/AuthenticateItem.cs +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class AuthenticateItem - { - private System.Collections.Generic.List _key; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction _action; - public System.Collections.Generic.List Key - { - get { return this._key; } - set { this._key = value; } - } - public bool IsSetKey() - { - return this._key != null; - } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data - { - get { return this._data; } - set { this._data = value; } - } - public bool IsSetData() - { - return this._data != null; - } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.AuthenticateAction Action - { - get { return this._action; } - set { this._action = value; } - } - public bool IsSetAction() - { - return this._action != null; - } - public void Validate() - { - if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); - if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); - if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); - - } - } -} diff --git a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs b/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs deleted file mode 100644 index 62d045ad4..000000000 --- a/DynamoDbEncryption/runtimes/net/Generated/StructuredEncryption/CryptoSchemaItem.cs +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. -// SPDX-License-Identifier: Apache-2.0 -// Do not modify this file. This file is machine generated, and any changes to it will be overwritten. -using System; -using AWS.Cryptography.DbEncryptionSDK.StructuredEncryption; -namespace AWS.Cryptography.DbEncryptionSDK.StructuredEncryption -{ - public class CryptoSchemaItem - { - private System.Collections.Generic.List _key; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal _data; - private AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction _action; - public System.Collections.Generic.List Key - { - get { return this._key; } - set { this._key = value; } - } - public bool IsSetKey() - { - return this._key != null; - } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.StructuredDataTerminal Data - { - get { return this._data; } - set { this._data = value; } - } - public bool IsSetData() - { - return this._data != null; - } - public AWS.Cryptography.DbEncryptionSDK.StructuredEncryption.CryptoAction Action - { - get { return this._action; } - set { this._action = value; } - } - public bool IsSetAction() - { - return this._action != null; - } - public void Validate() - { - if (!IsSetKey()) throw new System.ArgumentException("Missing value for required property 'Key'"); - if (!IsSetData()) throw new System.ArgumentException("Missing value for required property 'Data'"); - if (!IsSetAction()) throw new System.ArgumentException("Missing value for required property 'Action'"); - - } - } -} diff --git a/Makefile b/Makefile index 7bede0e44..dbb5e5e2e 100644 --- a/Makefile +++ b/Makefile @@ -47,6 +47,12 @@ format_net-check: format_java_misc: setup_prettier npx prettier --plugin=prettier-plugin-java . --write +format_spec: setup_prettier + npx prettier --plugin=prettier-plugin-java specification --write + +format_workflow: setup_prettier + npx prettier --plugin=prettier-plugin-java .github --write + format_java_misc-check: setup_prettier npx prettier --plugin=prettier-plugin-java . --check diff --git a/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy b/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy index 7eaf1ebc8..d2dacec04 100644 --- a/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy +++ b/TestVectors/dafny/DDBEncryption/src/JsonConfig.dfy @@ -33,6 +33,7 @@ module {:options "-functionSyntax:4"} JsonConfig { import CreateInterceptedDDBClient import DynamoDbItemEncryptor import CreateWrappedItemEncryptor + import SearchConfigToInfo import Operations = AwsCryptographyDbEncryptionSdkDynamoDbItemEncryptorOperations @@ -499,6 +500,8 @@ module {:options "-functionSyntax:4"} JsonConfig { var compoundBeacons : seq := []; var virtualFields : seq := []; var keySource : Option := None; + var maximumNumberOfPartitions: Option := None; + var defaultNumberOfPartitions: Option := None; for i := 0 to |data.obj| { var obj := data.obj[i]; @@ -507,6 +510,20 @@ module {:options "-functionSyntax:4"} JsonConfig { case "standardBeacons" => standardBeacons :- GetStandardBeacons(obj.1); case "compoundBeacons" => compoundBeacons :- GetCompoundBeacons(obj.1); case "virtualFields" => virtualFields :- GetVirtualFields(obj.1); + case "maximumNumberOfPartitions" => + :- Need(obj.1.Number?, "maximumNumberOfPartitions must be of type Number."); + var num :- DecimalToNat(obj.1.num); + expect 0 < num < INT32_MAX_LIMIT; + var num2 := num as int32; + expect Types.IsValid_PartitionCount(num2); + maximumNumberOfPartitions := Some(num as Types.PartitionCount); + case "defaultNumberOfPartitions" => + :- Need(obj.1.Number?, "defaultNumberOfPartitions must be of type Number."); + var num :- DecimalToNat(obj.1.num); + expect 0 < num < INT32_MAX_LIMIT; + var num2 := num as int32; + expect Types.IsValid_PartitionCount(num2); + defaultNumberOfPartitions := Some(num as Types.PartitionCount); case _ => return Failure("Unexpected part of a beacon version : '" + obj.0 + "'"); } } @@ -529,7 +546,9 @@ module {:options "-functionSyntax:4"} JsonConfig { compoundBeacons := OptSeq(compoundBeacons), virtualFields := OptSeq(virtualFields), encryptedParts := None, - signedParts := None + signedParts := None, + maximumNumberOfPartitions := maximumNumberOfPartitions, + defaultNumberOfPartitions := defaultNumberOfPartitions ) ); } @@ -571,7 +590,8 @@ module {:options "-functionSyntax:4"} JsonConfig { var src := SI.KeySource(client, store, SI.SingleLoc("foo"), cache, 100 as uint32, partitionIdBytes, logicalKeyStoreNameBytes); - var bv :- expect SI.MakeBeaconVersion(1, src, map[], map[], map[]); + var sel := new SearchConfigToInfo.DefaultPartitionSelector(); + var bv :- expect SI.MakeBeaconVersion(1, src, map[], map[], map[], sel, 1); return Success(bv); } @@ -628,7 +648,7 @@ module {:options "-functionSyntax:4"} JsonConfig { var results := prev; for i := 0 to |gsi| { for j := 0 to |gsi[i].KeySchema| { - if forall k <- prev :: k.AttributeName != gsi[i].KeySchema[j].AttributeName { + if forall k <- results :: k.AttributeName != gsi[i].KeySchema[j].AttributeName { results := results + [DDB.AttributeDefinition(AttributeName := gsi[i].KeySchema[j].AttributeName, AttributeType := DDB.ScalarAttributeType.S)]; } } @@ -965,7 +985,7 @@ module {:options "-functionSyntax:4"} JsonConfig { case "Signed" => Signed :- GetSignedParts(obj.1); case "Encrypted" => Encrypted :- GetEncryptedParts(obj.1); case "Constructors" => constructors :- GetConstructors(obj.1); - case _ => return Failure("Unexpected part of a standard beacon : '" + data.obj[i].0 + "'"); + case _ => return Failure("Unexpected part of a compound beacon : '" + data.obj[i].0 + "'"); } } :- Need(0 < |name|, "Each Compound Beacon needs a name."); @@ -1096,6 +1116,8 @@ module {:options "-functionSyntax:4"} JsonConfig { var name : string := ""; var length : int := -1; var loc : Option := None; + var numberOfPartitions: Option := None; + for i := 0 to |data.obj| { var obj := data.obj[i]; match obj.0 { @@ -1107,14 +1129,21 @@ module {:options "-functionSyntax:4"} JsonConfig { length :- DecimalToNat(obj.1.num); case "Loc" => :- Need(obj.1.String?, "Standard Beacon Location must be a string"); - :- Need(0 < |obj.1.str|, "Standard Beacon Location must nt be an empty string."); + :- Need(0 < |obj.1.str|, "Standard Beacon Location must not be an empty string."); loc := Some(obj.1.str); + case "numberOfPartitions" => + :- Need(obj.1.Number?, "numberOfPartitions must be of type Number."); + var num :- DecimalToNat(obj.1.num); + expect 0 < num < INT32_MAX_LIMIT; + var num2 := num as int32; + expect Types.IsValid_PartitionCount(num2); + numberOfPartitions := Some(num as Types.PartitionCount); case _ => return Failure("Unexpected part of a standard beacon : '" + data.obj[i].0 + "'"); } } :- Need(0 < |name|, "Each Standard Beacon needs a name."); :- Need(0 < length < 100 && Types.IsValid_BeaconBitLength(length as int32), "Each Standard Beacon needs a length between 1 and 63."); - return Success(Types.StandardBeacon(name := name, length := length as Types.BeaconBitLength, loc := loc, style := None)); + return Success(Types.StandardBeacon(name := name, length := length as Types.BeaconBitLength, loc := loc, style := None, numberOfPartitions := numberOfPartitions)); } method GetGSIs(data : JSON) returns (output : Result , string>) @@ -1152,10 +1181,15 @@ module {:options "-functionSyntax:4"} JsonConfig { IndexName := data.arr[0].str, KeySchema := schema, Projection := DDB.Projection( - ProjectionType := None, + ProjectionType := Some(DDB.ProjectionType.ALL), NonKeyAttributes := None ), - ProvisionedThroughput := None + ProvisionedThroughput := Some( + DDB.ProvisionedThroughput ( + ReadCapacityUnits:= 5, + WriteCapacityUnits:= 5 + ) + ) )); } diff --git a/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy b/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy index 86f42525c..289a22ca3 100644 --- a/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy +++ b/TestVectors/dafny/DDBEncryption/src/TestVectors.dfy @@ -50,6 +50,45 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors { const PerfIterations : uint32 := 1000 + class TestPartitionSelector extends Types.IPartitionSelector + { + ghost predicate ValidState() + ensures ValidState() ==> History in Modifies + { History in Modifies } + + constructor () + ensures ValidState() && fresh(History) && fresh(Modifies) + { + History := new Types.IPartitionSelectorCallHistory(); + Modifies := { History }; + } + + ghost predicate GetPartitionNumberEnsuresPublicly ( + input: Types.GetPartitionNumberInput , + output: Result ) + : (outcome: bool) + { + true + } + + method GetPartitionNumber'(input: Types.GetPartitionNumberInput) + returns (output: Result ) + requires ValidState() + modifies Modifies - {History} + decreases Modifies - {History} + ensures ValidState() + ensures GetPartitionNumberEnsuresPublicly(input, output) + ensures unchanged(History) + { + expect "PreferredPartition" in input.item; + expect input.item["PreferredPartition"].N?; + var partition :- expect StrToInt(input.item["PreferredPartition"].N); + expect 0 <= partition < INT32_MAX_LIMIT; + expect Types.IsValid_PartitionNumber(partition as int32); + return Success(Types.GetPartitionNumberOutput(partitionNumber := partition as Types.PartitionNumber)); + } + } + datatype TestVectorConfig = TestVectorConfig ( schemaOnEncrypt : DDB.CreateTableInput, globalRecords : seq, @@ -114,6 +153,7 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors { } Validate(); StringOrdering(); + PartitionTests(); LargeTests(); PerfQueryTests(); BasicIoTest(); @@ -128,6 +168,704 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors { DeleteTable(client); } + function MakePartitionRecord(x : nat) : DDB.AttributeMap + { + var num := String.Base10Int2String(x); + var num2 := String.Base10Int2String(x%5); + + map[ + HashName := DDB.AttributeValue.N(num), + AttrNames[0] := AttrValues[0], + AttrNames[1] := AttrValues[1], + AttrNames[2] := AttrValues[2], + AttrNames[3] := AttrValues[3], + AttrNames[4] := AttrValues[4], + AttrNames[5] := AttrValues[5], + AttrNames[6] := AttrValues[6], + "PreferredPartition" := DDB.AttributeValue.N(num2) + ] + } + + method DoPartitionQuery(client : DDB.IDynamoDBClient, partition : Types.PartitionNumber, query : DDB.QueryInput, counts : array, queryName : string, custom : bool, numQueries : Types.PartitionCount) + requires counts.Length == 100 + requires client.ValidState() + requires client.Modifies !! {counts} + ensures client.ValidState() + modifies client.Modifies + modifies counts + { + var lastKey : Option := None; + var numReturned : nat := 0; + for i := 0 to 100 + invariant client.ValidState() + invariant client.Modifies !! {counts} + { + var partitionNumber := DDB.AttributeValue.N(String.Base10Int2String(partition as int)); + var values : DDB.ExpressionAttributeValueMap := query.ExpressionAttributeValues.UnwrapOr(map[]); + values := values[":aws_dbe_partition" := partitionNumber]; + var q := query.(ExclusiveStartKey := lastKey, ExpressionAttributeValues := Some(values)); + var result :- expect client.Query(q); + if result.Items.Some? { + numReturned := numReturned + |result.Items.value|; + for j := 0 to |result.Items.value| + invariant client.ValidState() + invariant client.Modifies !! {counts} + { + var item := result.Items.value[j]; + expect HashName in item; + expect item[HashName].N?; + var pkStr := item[HashName].N; + var pkNum :- expect StrToInt(pkStr); + expect 0 <= pkNum < 100; + counts[pkNum] := counts[pkNum] + 1; + if custom { + expect "PreferredPartition" in item; + expect item["PreferredPartition"].N?; + var stored_partition : int :- expect StrToInt(item["PreferredPartition"].N); + expect partition as int == stored_partition % numQueries as int; + } + } + } + if result.LastEvaluatedKey.Some? && 0 < |result.LastEvaluatedKey.value| { + lastKey := result.LastEvaluatedKey; + } else { + break; + } + } + if numReturned == 0 { + print "Query ", queryName, " for partition ", partition, " returned no values", "\n"; + expect false; + } + } + + method DoPartitionScan(client : DDB.IDynamoDBClient, query : DDB.ScanInput, counts : array, queryName : string) + requires counts.Length == 100 + requires client.ValidState() + requires client.Modifies !! {counts} + ensures client.ValidState() + modifies client.Modifies + modifies counts + { + var lastKey : Option := None; + for i := 0 to 100 + invariant client.ValidState() + invariant client.Modifies !! {counts} + { + var result :- expect client.Scan(query); + if result.Items.Some? { + for j := 0 to |result.Items.value| + invariant client.ValidState() + invariant client.Modifies !! {counts} + { + var item := result.Items.value[j]; + expect HashName in item; + expect item[HashName].N?; + var pkStr := item[HashName].N; + var pkNum :- expect StrToInt(pkStr); + expect 0 <= pkNum < 100; + counts[pkNum] := counts[pkNum] + 1; + } + } + if result.LastEvaluatedKey.Some? && 0 < |result.LastEvaluatedKey.value| { + lastKey := result.LastEvaluatedKey; + } else { + break; + } + } + } + + + method TestPartitionQueryFailure(client : DDB.IDynamoDBClient, partition : Types.PartitionCount, query : DDB.QueryInput, counts : array, queryName : string, custom : bool, numQueries : Types.PartitionCount) + requires counts.Length == 100 + requires client.ValidState() + requires client.Modifies !! {counts} + requires 0 < numQueries + ensures client.ValidState() + modifies client.Modifies + modifies counts + { + var partitionNumber := DDB.AttributeValue.N(String.Base10Int2String(partition as int)); + var values : DDB.ExpressionAttributeValueMap := query.ExpressionAttributeValues.UnwrapOr(map[]); + values := values[":aws_dbe_partition" := partitionNumber]; + var q := query.(ExpressionAttributeValues := Some(values)); + var result := client.Query(q); + expect result.Failure?; + } + + method TestPartitionQueries(client : DDB.IDynamoDBClient, numQueries : Types.PartitionCount, q : DDB.QueryInput, trans : DynamoDbEncryptionTransforms.DynamoDbEncryptionTransformsClient, queryName : string, custom : bool := false) + requires 0 < numQueries <= 5 + requires client.ValidState() + requires trans.ValidState() + ensures client.ValidState() + ensures trans.ValidState() + modifies client.Modifies + modifies trans.Modifies + { + var input := Trans.GetNumberOfQueriesInput(input := q); + var res :- expect trans.GetNumberOfQueries(input); + if res.numberOfQueries != numQueries { + print "numberOfQueries should have been\n", numQueries, " but was ", res.numberOfQueries, " for ", queryName,"\n"; + } + expect res.numberOfQueries == numQueries; + + var counts: array := new int[100](i => 0); + for i : Types.PartitionNumber := 0 to numQueries + invariant client.ValidState() + invariant trans.ValidState() + { + DoPartitionQuery(client, i, q, counts, queryName, custom, numQueries); + } + + for i : Types.PartitionNumber := numQueries to 5 + invariant client.ValidState() + invariant trans.ValidState() + { + TestPartitionQueryFailure(client, i, q, counts, queryName, custom, numQueries); + } + + var wasBad : bool := false; + for i := 0 to 100 { + if counts[i] == 0 { + print "Partition Query ", queryName, " did not find record ", i, "\n"; + wasBad := true; + } else if counts[i] != 1 { + print "Partition Query ", queryName, " returned record ", i, " ", counts[i], " times\n"; + wasBad := true; + } + } + expect !wasBad; + } + + method TestPartitionScan(client : DDB.IDynamoDBClient, q : DDB.ScanInput) + requires client.ValidState() + requires q.FilterExpression.Some? + ensures client.ValidState() + modifies client.Modifies + { + var queryName : string := q.FilterExpression.value; + var counts: array := new int[100](i => 0); + DoPartitionScan(client, q, counts, queryName); + + var wasBad : bool := false; + for i := 0 to 100 { + if counts[i] == 0 { + print "Partition Scan ", queryName, " did not find record ", i, "\n"; + wasBad := true; + } else if counts[i] != 1 { + print "Partition Scab ", queryName, " returned record ", i, " ", counts[i], " times\n"; + wasBad := true; + } + } + if wasBad { + print "FAILED : ", queryName, "\n"; + } + expect !wasBad; + } + + const ValueNames : seq := + [ + ":attr1", + ":attr2", + ":attr3", + ":attr4", + ":attr5", + ":attr6", + ":attr7" + ] + + const AttrNames : seq := + [ + "Attr1", + "Attr2", + "Attr3", + "Attr4", + "Attr5", + "Attr6", + "Attr7" + ] + + const AttrValues : seq := + [ + DDB.AttributeValue.S("AAAA"), + DDB.AttributeValue.S("BBBB"), + DDB.AttributeValue.S("CCCC"), + DDB.AttributeValue.S("DDDD"), + DDB.AttributeValue.S("EEEE"), + DDB.AttributeValue.S("FFFF"), + DDB.AttributeValue.S("GGGG") + ] + + function GetPartitionScan1(attr : nat) : (out : DDB.ScanInput) + requires 0 <= attr < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some(AttrNames[attr] + " = " + ValueNames[attr]), + ExpressionAttributeValues := Some(map[ValueNames[attr] := AttrValues[attr]]) + ) + } + + function GetPartitionScan2(attr1 : nat, attr2 : nat) : (out : DDB.ScanInput) + requires 0 <= attr1 < 6 + requires 0 <= attr2 < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some( + AttrNames[attr1] + " = " + ValueNames[attr1] + " and " + + AttrNames[attr2] + " = " + ValueNames[attr2]), + ExpressionAttributeValues := Some( + map[ + ValueNames[attr1] := AttrValues[attr1], + ValueNames[attr2] := AttrValues[attr2] + ]) + ) + } + + function GetPartitionScan3(attr1 : nat, attr2 : nat, attr3 : nat) : (out : DDB.ScanInput) + requires 0 <= attr1 < 6 + requires 0 <= attr2 < 6 + requires 0 <= attr3 < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some( + AttrNames[attr1] + " = " + ValueNames[attr1] + " and " + + AttrNames[attr2] + " = " + ValueNames[attr2] + " and " + + AttrNames[attr3] + " = " + ValueNames[attr3]), + ExpressionAttributeValues := Some( + map[ + ValueNames[attr1] := AttrValues[attr1], + ValueNames[attr2] := AttrValues[attr2], + ValueNames[attr3] := AttrValues[attr3] + ]) + ) + } + + function GetPartitionScan4(attr1 : nat, attr2 : nat, attr3 : nat, attr4 : nat) : (out : DDB.ScanInput) + requires 0 <= attr1 < 6 + requires 0 <= attr2 < 6 + requires 0 <= attr3 < 6 + requires 0 <= attr4 < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some( + AttrNames[attr1] + " = " + ValueNames[attr1] + " and " + + AttrNames[attr2] + " = " + ValueNames[attr2] + " and " + + AttrNames[attr3] + " = " + ValueNames[attr3] + " and " + + AttrNames[attr4] + " = " + ValueNames[attr4]), + ExpressionAttributeValues := Some( + map[ + ValueNames[attr1] := AttrValues[attr1], + ValueNames[attr2] := AttrValues[attr2], + ValueNames[attr3] := AttrValues[attr3], + ValueNames[attr4] := AttrValues[attr4] + ]) + ) + } + + function GetPartitionScan5(attr1 : nat, attr2 : nat, attr3 : nat, attr4 : nat, attr5 : nat) : (out : DDB.ScanInput) + requires 0 <= attr1 < 6 + requires 0 <= attr2 < 6 + requires 0 <= attr3 < 6 + requires 0 <= attr4 < 6 + requires 0 <= attr5 < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some( + AttrNames[attr1] + " = " + ValueNames[attr1] + " and " + + AttrNames[attr2] + " = " + ValueNames[attr2] + " and " + + AttrNames[attr3] + " = " + ValueNames[attr3] + " and " + + AttrNames[attr4] + " = " + ValueNames[attr4] + " and " + + AttrNames[attr5] + " = " + ValueNames[attr5]), + ExpressionAttributeValues := Some( + map[ + ValueNames[attr1] := AttrValues[attr1], + ValueNames[attr2] := AttrValues[attr2], + ValueNames[attr3] := AttrValues[attr3], + ValueNames[attr4] := AttrValues[attr4], + ValueNames[attr5] := AttrValues[attr5] + ]) + ) + } + + function GetPartitionScan6(attr1 : nat, attr2 : nat, attr3 : nat, attr4 : nat, attr5 : nat, attr6 : nat) : (out : DDB.ScanInput) + requires 0 <= attr1 < 6 + requires 0 <= attr2 < 6 + requires 0 <= attr3 < 6 + requires 0 <= attr4 < 6 + requires 0 <= attr5 < 6 + requires 0 <= attr6 < 6 + ensures out.FilterExpression.Some? + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some( + AttrNames[attr1] + " = " + ValueNames[attr1] + " and " + + AttrNames[attr2] + " = " + ValueNames[attr2] + " and " + + AttrNames[attr3] + " = " + ValueNames[attr3] + " and " + + AttrNames[attr4] + " = " + ValueNames[attr4] + " and " + + AttrNames[attr5] + " = " + ValueNames[attr5] + " and " + + AttrNames[attr6] + " = " + ValueNames[attr6]), + ExpressionAttributeValues := Some( + map[ + ValueNames[attr1] := AttrValues[attr1], + ValueNames[attr2] := AttrValues[attr2], + ValueNames[attr3] := AttrValues[attr3], + ValueNames[attr4] := AttrValues[attr4], + ValueNames[attr5] := AttrValues[attr5], + ValueNames[attr6] := AttrValues[attr6] + ]) + ) + } + + + function GetCompQuery2671() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX2671"), + FilterExpression := None, + KeyConditionExpression := Some("Comp2671 = :attr2671"), + ExpressionAttributeValues := Some(map[":attr2671" := DDB.AttributeValue.S("2_BBBB.6_FFFF.7_GGGG.1_AAAA")]) + ) + } + function GetCompScan2671() : DDB.ScanInput + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some("Comp2671 = :attr2671"), + ExpressionAttributeValues := Some(map[":attr2671" := DDB.AttributeValue.S("2_BBBB.6_FFFF.7_GGGG.1_AAAA")]) + ) + } + function GetCompQuery1472() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX1472"), + FilterExpression := None, + KeyConditionExpression := Some("Comp1472 = :attr1472"), + ExpressionAttributeValues := Some(map[":attr1472" := DDB.AttributeValue.S("1_AAAA.4_DDDD.7_GGGG.2_BBBB")]) + ) + } + function GetCompScan1472() : DDB.ScanInput + { + DDB.ScanInput( + TableName := TableName, + FilterExpression := Some("Comp1472 = :attr1472"), + ExpressionAttributeValues := Some(map[":attr1472" := DDB.AttributeValue.S("1_AAAA.4_DDDD.7_GGGG.2_BBBB")]) + ) + } + + function GetPartitionQuery1() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX1"), + FilterExpression := None, + KeyConditionExpression := Some("Attr1 = :attr1"), + ExpressionAttributeValues := Some(map[":attr1" := DDB.AttributeValue.S("AAAA")]) + ) + } + function GetPartitionQuery15() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX15"), + FilterExpression := None, + KeyConditionExpression := Some("Attr1 = :attr1 and Attr5 = :attr5"), + ExpressionAttributeValues := Some(map[":attr1" := DDB.AttributeValue.S("AAAA"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery15F() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX1"), + FilterExpression := Some("Attr5 = :attr5"), + KeyConditionExpression := Some("Attr1 = :attr1"), + ExpressionAttributeValues := Some(map[":attr1" := DDB.AttributeValue.S("AAAA"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery25F() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX2"), + FilterExpression := Some("Attr5 = :attr5"), + KeyConditionExpression := Some("Attr2 = :attr2"), + ExpressionAttributeValues := Some(map[":attr2" := DDB.AttributeValue.S("BBBB"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery35F() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX3"), + FilterExpression := Some("Attr5 = :attr5"), + KeyConditionExpression := Some("Attr3 = :attr3"), + ExpressionAttributeValues := Some(map[":attr3" := DDB.AttributeValue.S("CCCC"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery45F() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX4"), + FilterExpression := Some("Attr5 = :attr5"), + KeyConditionExpression := Some("Attr4 = :attr4"), + ExpressionAttributeValues := Some(map[":attr4" := DDB.AttributeValue.S("DDDD"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery23() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX23"), + FilterExpression := None, + KeyConditionExpression := Some("Attr2 = :attr2 and Attr3 = :attr3"), + ExpressionAttributeValues := Some(map[":attr2" := DDB.AttributeValue.S("BBBB"), ":attr3" := DDB.AttributeValue.S("CCCC")]) + ) + } + function GetPartitionQuery51() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX51"), + FilterExpression := None, + KeyConditionExpression := Some("Attr1 = :attr1 and Attr5 = :attr5"), + ExpressionAttributeValues := Some(map[":attr1" := DDB.AttributeValue.S("AAAA"), ":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + function GetPartitionQuery2() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX2"), + FilterExpression := None, + KeyConditionExpression := Some("Attr2 = :attr2"), + ExpressionAttributeValues := Some(map[":attr2" := DDB.AttributeValue.S("BBBB")]) + ) + } + function GetPartitionQuery3() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX3"), + FilterExpression := None, + KeyConditionExpression := Some("Attr3 = :attr3"), + ExpressionAttributeValues := Some(map[":attr3" := DDB.AttributeValue.S("CCCC")]) + ) + } + function GetPartitionQuery4() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX4"), + FilterExpression := None, + KeyConditionExpression := Some("Attr4 = :attr4"), + ExpressionAttributeValues := Some(map[":attr4" := DDB.AttributeValue.S("DDDD")]) + ) + } + function GetPartitionQuery5() : DDB.QueryInput + { + DDB.QueryInput( + TableName := TableName, + IndexName := Some("ATTR_INDEX5"), + FilterExpression := None, + KeyConditionExpression := Some("Attr5 = :attr5"), + ExpressionAttributeValues := Some(map[":attr5" := DDB.AttributeValue.S("EEEE")]) + ) + } + + method PartitionTests() + { + print "PartitionTests\n"; + PartitionTest4(); + PartitionTest3(); + PartitionTest1(); + PartitionTest2(); + } + + method TestScanTrans(trans : DynamoDbEncryptionTransforms.DynamoDbEncryptionTransformsClient, q : DDB.ScanInput, expected : string) + requires trans.ValidState() + ensures trans.ValidState() + modifies trans.Modifies + { + var input := Trans.ScanInputTransformInput(sdkInput := q); + var res :- expect trans.ScanInputTransform(input); + if res.transformedInput.FilterExpression != Some(expected) { + print "Transform should have been\n", expected, "\nbut was\n", res.transformedInput.FilterExpression, "\n"; + } + } + + method MakeTrans(config : TableConfig) returns (output : DynamoDbEncryptionTransforms.DynamoDbEncryptionTransformsClient) + ensures fresh(output) + ensures fresh(output.Modifies) + ensures output.ValidState() + { + var configs := Types.DynamoDbTablesEncryptionConfig (tableEncryptionConfigs := map[TableName := config.config]); + assume {:axiom} false; // because there are a million requires's for configs + var trans :- expect DynamoDbEncryptionTransforms.DynamoDbEncryptionTransforms(configs); + return trans; + } + + method {:isolate_assertions} PartitionTest3() + { + expect "partition_encrypt" in largeEncryptionConfigs; + var config := largeEncryptionConfigs["partition_encrypt"]; + var trans := MakeTrans(config); + TestScanTrans(trans, GetPartitionScan1(5), "Attr6 = :attr6"); + TestScanTrans(trans, GetPartitionScan1(1), "(aws_dbe_b_Attr2 = :attr2) OR (aws_dbe_b_Attr2 = :attr2AA)"); + TestScanTrans(trans, GetPartitionScan2(5, 1), "(Attr6 = :attr6 AND aws_dbe_b_Attr2 = :attr2) OR (Attr6 = :attr6 AND aws_dbe_b_Attr2 = :attr2AA)"); + TestScanTrans(trans, GetPartitionScan2(2, 3), "(aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4) OR (aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4AA) OR (aws_dbe_b_Attr3 = :attr3AB AND aws_dbe_b_Attr4 = :attr4AB) OR (aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4AC) OR (aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4)"); + TestScanTrans(trans, GetPartitionScan3(1, 2, 3), "(aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4) OR (aws_dbe_b_Attr2 = :attr2AA AND aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4AA) OR (aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3AB AND aws_dbe_b_Attr4 = :attr4AB) OR (aws_dbe_b_Attr2 = :attr2AA AND aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4AC) OR (aws_dbe_b_Attr2 = :attr2 AND aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4)"); + } + + // Fill table with 100 records. Different RecNum, same data otherwise + // Make a variety of partitioned queries. Ensure that + // 1) Every item is returned exactly once + // 2) Every partition holds at least one item + method PartitionTest1() + { + print "PartitionTest1\n"; + expect "partition_encrypt" in largeEncryptionConfigs; + var config := largeEncryptionConfigs["partition_encrypt"]; + var wClient, rClient := SetupTestTable(config, config); + var trans := MakeTrans(config); + + for i : nat := 0 to 100 { + var putInput := DDB.PutItemInput( + TableName := TableName, + Item := MakePartitionRecord(i) + ); + var _ :- expect wClient.PutItem(putInput); + } + var q1 := DDB.QueryInput( + TableName := TableName + ); + TestPartitionQueries(rClient, 5, GetPartitionQuery5(), trans, "partition query 5"); + TestPartitionQueries(rClient, 4, GetPartitionQuery4(), trans, "partition query 4"); + TestPartitionQueries(rClient, 3, GetPartitionQuery3(), trans, "partition query 3"); + TestPartitionQueries(rClient, 2, GetPartitionQuery2(), trans, "partition query 2"); + TestPartitionQueries(rClient, 1, GetPartitionQuery1(), trans, "partition query 1"); + + TestPartitionQueries(rClient, 5, GetPartitionQuery15(), trans, "partition query 15"); + TestPartitionQueries(rClient, 5, GetPartitionQuery51(), trans, "partition query 51"); + TestPartitionQueries(rClient, 5, GetPartitionQuery23(), trans, "partition query 23"); + + TestPartitionQueries(rClient, 1, GetPartitionQuery15F(), trans, "partition query 15F"); + TestPartitionQueries(rClient, 2, GetPartitionQuery25F(), trans, "partition query 25F"); + TestPartitionQueries(rClient, 3, GetPartitionQuery35F(), trans, "partition query 35F"); + TestPartitionQueries(rClient, 4, GetPartitionQuery45F(), trans, "partition query 45F"); + + var scanCount4 := 0; + var scanCount5 := 0; + TestPartitionScan(rClient, GetPartitionScan6(0,1,2,3,4,5)); + TestPartitionScan(rClient, GetPartitionScan6(5,4,3,2,1,0)); + for i := 0 to 6 { + TestPartitionScan(rClient, GetPartitionScan1(i)); + for j := 0 to 6 { + if i != j { + TestPartitionScan(rClient, GetPartitionScan2(i, j)); + for k := 0 to 6 { + if i != k && j != k { + TestPartitionScan(rClient, GetPartitionScan3(i, j, k)); + } + for l := 0 to 6 { + if i != l && j != l && k != l { + scanCount4 := scanCount4 + 1; + if scanCount4 % 10 == 0 { + TestPartitionScan(rClient, GetPartitionScan4(i, j, k, l)); + } + for m := 0 to 6 { + if i != m && j != m && k != m && l != m { + scanCount5 := scanCount5 + 1; + if scanCount5 % 100 == 0 { + TestPartitionScan(rClient, GetPartitionScan5(i, j, k, l, m)); + } + } + } + } + } + } + } + } + } + } + + // Similar to PartitionTest1, but with complex config + method PartitionTest4() + { + print "PartitionTest4\n"; + expect "complex_partition_encrypt" in largeEncryptionConfigs; + var config := largeEncryptionConfigs["complex_partition_encrypt"]; + var wClient, rClient := SetupTestTable(config, config); + var trans := MakeTrans(config); + + for i : nat := 0 to 100 { + var putInput := DDB.PutItemInput( + TableName := TableName, + Item := MakePartitionRecord(i) + ); + var _ :- expect wClient.PutItem(putInput); + } + TestPartitionQueries(rClient, 2, GetCompQuery2671(), trans, "comp query 2671"); + TestPartitionScan(rClient, GetCompScan2671()); + TestPartitionQueries(rClient, 4, GetCompQuery1472(), trans, "comp query 1472"); + TestPartitionScan(rClient, GetCompScan1472()); + } + + // As PartitionTest1, but with custom partition selector + method PartitionTest2() + { + print "PartitionTest2\n"; + expect "partition_encrypt" in largeEncryptionConfigs; + var config := largeEncryptionConfigs["partition_encrypt"]; + var testSelector := new TestPartitionSelector(); + expect config.config.search.Some?; + var version := config.config.search.value.versions[0].(partitionSelector := Some(testSelector)); + var nSearch := config.config.search.value.(versions := [version]); + var nConfig := config.config.(search := Some(nSearch)); + config := config.(config := nConfig); + var wClient, rClient := SetupTestTable(config, config); + var trans := MakeTrans(config); + + for i : nat := 0 to 100 { + var putInput := DDB.PutItemInput( + TableName := TableName, + Item := MakePartitionRecord(i) + ); + var _ :- expect wClient.PutItem(putInput); + } + var q1 := DDB.QueryInput( + TableName := TableName + ); + TestPartitionQueries(rClient, 5, GetPartitionQuery5(), trans, "partition query 5a", true); + TestPartitionQueries(rClient, 4, GetPartitionQuery4(), trans, "partition query 4a", true); + TestPartitionQueries(rClient, 3, GetPartitionQuery3(), trans, "partition query 3a", true); + TestPartitionQueries(rClient, 2, GetPartitionQuery2(), trans, "partition query 2a", true); + TestPartitionQueries(rClient, 1, GetPartitionQuery1(), trans, "partition query 1a", true); + + TestPartitionQueries(rClient, 5, GetPartitionQuery15(), trans, "partition query 15a", true); + TestPartitionQueries(rClient, 5, GetPartitionQuery51(), trans, "partition query 51a", true); + TestPartitionQueries(rClient, 5, GetPartitionQuery23(), trans, "partition query 23a", true); + + TestPartitionQueries(rClient, 1, GetPartitionQuery15F(), trans, "partition query 15Fa", true); + TestPartitionQueries(rClient, 2, GetPartitionQuery25F(), trans, "partition query 25Fa", true); + TestPartitionQueries(rClient, 3, GetPartitionQuery35F(), trans, "partition query 35Fa", true); + TestPartitionQueries(rClient, 4, GetPartitionQuery45F(), trans, "partition query 45Fa", true); + + // we don't test scan here, because scan doesn't use ":aws_dbe_partition" + } + function NewOrderRecord(i : nat, str : string) : Record { var n := String.Base10Int2String(i); @@ -545,13 +1283,8 @@ module {:options "-functionSyntax:4"} DdbEncryptionTestVectors { } expect config in largeEncryptionConfigs; var tconfig := largeEncryptionConfigs[config]; - var configs := Types.DynamoDbTablesEncryptionConfig ( - tableEncryptionConfigs := map[TableName := tconfig.config] - ); - // because there are lots of pre-conditions on configs - assume {:axiom} false; - var client :- expect DynamoDbEncryptionTransforms.DynamoDbEncryptionTransforms(configs); - LargeTestsClient(client, config); + var trans := MakeTrans(tconfig); + LargeTestsClient(trans, config); } method LargeTestsClient(client : Trans.IDynamoDbEncryptionTransformsClient, config : string) diff --git a/TestVectors/runtimes/java/large_records.json b/TestVectors/runtimes/java/large_records.json index 0f55f68a5..353718498 100644 --- a/TestVectors/runtimes/java/large_records.json +++ b/TestVectors/runtimes/java/large_records.json @@ -1,5 +1,198 @@ { + "GSI": [ + ["ATTR_INDEX1", "aws_dbe_b_Attr1"], + ["ATTR_INDEX2", "aws_dbe_b_Attr2"], + ["ATTR_INDEX3", "aws_dbe_b_Attr3"], + ["ATTR_INDEX4", "aws_dbe_b_Attr4"], + ["ATTR_INDEX5", "aws_dbe_b_Attr5"], + ["ATTR_INDEX2671", "aws_dbe_b_Comp2671"], + ["ATTR_INDEX1472", "aws_dbe_b_Comp1472"], + ["ATTR_INDEX15", "aws_dbe_b_Attr1", "aws_dbe_b_Attr5"], + ["ATTR_INDEX21", "aws_dbe_b_Attr2", "aws_dbe_b_Attr1"], + ["ATTR_INDEX23", "aws_dbe_b_Attr2", "aws_dbe_b_Attr3"], + ["ATTR_INDEX24", "aws_dbe_b_Attr2", "aws_dbe_b_Attr4"], + ["ATTR_INDEX25", "aws_dbe_b_Attr2", "aws_dbe_b_Attr5"], + ["ATTR_INDEX51", "aws_dbe_b_Attr5", "aws_dbe_b_Attr1"] + ], "largeEncryptionConfigs": { + "partition_encrypt": { + "partitionKeyName": "RecNum", + "attributeActionsOnEncrypt": { + "RecNum": "SIGN_ONLY", + "Attr1": "ENCRYPT_AND_SIGN", + "Attr2": "ENCRYPT_AND_SIGN", + "Attr3": "ENCRYPT_AND_SIGN", + "Attr4": "ENCRYPT_AND_SIGN", + "Attr5": "ENCRYPT_AND_SIGN", + "Attr6": "SIGN_ONLY", + "Attr7": "SIGN_ONLY", + "Attr8": "SIGN_ONLY", + "PreferredPartition": "SIGN_ONLY" + }, + "search": { + "versions": [ + { + "maximumNumberOfPartitions": 5, + "standardBeacons": [ + { + "Name": "Attr1", + "Length": 32, + "numberOfPartitions": 1 + }, + { + "Name": "Attr2", + "Length": 32, + "numberOfPartitions": 2 + }, + { + "Name": "Attr3", + "Length": 32, + "numberOfPartitions": 3 + }, + { + "Name": "Attr4", + "Length": 32, + "numberOfPartitions": 4 + }, + { + "Name": "Attr5", + "Length": 32 + } + ] + } + ] + } + }, + "complex_partition_encrypt": { + "partitionKeyName": "RecNum", + "attributeActionsOnEncrypt": { + "RecNum": "SIGN_ONLY", + "Attr1": "ENCRYPT_AND_SIGN", + "Attr2": "ENCRYPT_AND_SIGN", + "Attr3": "ENCRYPT_AND_SIGN", + "Attr4": "ENCRYPT_AND_SIGN", + "Attr5": "ENCRYPT_AND_SIGN", + "Attr6": "SIGN_ONLY", + "Attr7": "SIGN_ONLY", + "Attr8": "SIGN_ONLY", + "PreferredPartition": "SIGN_ONLY" + }, + "search": { + "versions": [ + { + "maximumNumberOfPartitions": 5, + "compoundBeacons": [ + { + "Name": "Comp2671", + "Split": ".", + "Encrypted": [ + { + "Name": "Attr1", + "Prefix": "1_" + }, + { + "Name": "Attr2", + "Prefix": "2_" + } + ], + "Signed": [ + { + "Name": "Attr6", + "Prefix": "6_" + }, + { + "Name": "Attr7", + "Prefix": "7_" + } + ], + "Constructors": [ + [ + { + "Name": "Attr2" + }, + { + "Name": "Attr6" + }, + { + "Name": "Attr7" + }, + { + "Name": "Attr1" + } + ] + ] + }, + { + "Name": "Comp1472", + "Split": ".", + "Encrypted": [ + { + "Name": "Attr1", + "Prefix": "1_" + }, + { + "Name": "Attr2", + "Prefix": "2_" + }, + { + "Name": "Attr4", + "Prefix": "4_" + } + ], + "Signed": [ + { + "Name": "Attr7", + "Prefix": "7_" + } + ], + "Constructors": [ + [ + { + "Name": "Attr1" + }, + { + "Name": "Attr4" + }, + { + "Name": "Attr7" + }, + { + "Name": "Attr2" + } + ] + ] + } + ], + "standardBeacons": [ + { + "Name": "Attr1", + "Length": 32, + "numberOfPartitions": 1 + }, + { + "Name": "Attr2", + "Length": 32, + "numberOfPartitions": 2 + }, + { + "Name": "Attr3", + "Length": 32, + "numberOfPartitions": 3 + }, + { + "Name": "Attr4", + "Length": 32, + "numberOfPartitions": 4 + }, + { + "Name": "Attr5", + "Length": 32 + } + ] + } + ] + } + }, "full_encrypt": { "partitionKeyName": "PK", "attributeActionsOnEncrypt": { diff --git a/TestVectors/runtimes/net/Generated/DDBEncryption/TypeConversion.cs b/TestVectors/runtimes/net/Generated/DDBEncryption/TypeConversion.cs index 1ff2d1b40..b03336c50 100644 --- a/TestVectors/runtimes/net/Generated/DDBEncryption/TypeConversion.cs +++ b/TestVectors/runtimes/net/Generated/DDBEncryption/TypeConversion.cs @@ -196,7 +196,10 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion FromDafny_ if (concrete._compoundBeacons.is_Some) converted.CompoundBeacons = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(concrete._compoundBeacons); if (concrete._virtualFields.is_Some) converted.VirtualFields = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(concrete._virtualFields); if (concrete._encryptedParts.is_Some) converted.EncryptedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(concrete._encryptedParts); - if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); return converted; + if (concrete._signedParts.is_Some) converted.SignedParts = (System.Collections.Generic.List)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(concrete._signedParts); + if (concrete._maximumNumberOfPartitions.is_Some) converted.MaximumNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(concrete._maximumNumberOfPartitions); + if (concrete._defaultNumberOfPartitions.is_Some) converted.DefaultNumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(concrete._defaultNumberOfPartitions); + if (concrete._partitionSelector.is_Some) converted.PartitionSelector = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(concrete._partitionSelector); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IBeaconVersion ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion(AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconVersion value) { @@ -205,7 +208,10 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn System.Collections.Generic.List var_virtualFields = value.IsSetVirtualFields() ? value.VirtualFields : (System.Collections.Generic.List)null; System.Collections.Generic.List var_encryptedParts = value.IsSetEncryptedParts() ? value.EncryptedParts : (System.Collections.Generic.List)null; System.Collections.Generic.List var_signedParts = value.IsSetSignedParts() ? value.SignedParts : (System.Collections.Generic.List)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts)); + int? var_maximumNumberOfPartitions = value.IsSetMaximumNumberOfPartitions() ? value.MaximumNumberOfPartitions : (int?)null; + int? var_defaultNumberOfPartitions = value.IsSetDefaultNumberOfPartitions() ? value.DefaultNumberOfPartitions : (int?)null; + AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector var_partitionSelector = value.IsSetPartitionSelector() ? value.PartitionSelector : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.BeaconVersion(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M7_version(value.Version), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M8_keyStore(value.KeyStore), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M9_keySource(value.KeySource), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_standardBeacons(value.StandardBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(var_compoundBeacons), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M13_virtualFields(var_virtualFields), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(var_encryptedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(var_signedParts), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(var_maximumNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(var_defaultNumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(var_partitionSelector)); } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M15_compoundBeacons(Wrappers_Compile._IOption> value) { @@ -215,6 +221,14 @@ public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafn { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_CompoundBeaconList((System.Collections.Generic.List)value)); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_defaultNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M14_encryptedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S18_EncryptedPartsList(value.Extract()); @@ -239,6 +253,22 @@ public static software.amazon.cryptography.keystore.internaldafny.types.IKeyStor { return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S17_KeyStoreReference(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M25_maximumNumberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(Wrappers_Compile._IOption value) + { + return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M17_partitionSelector(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference((AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector)value)); + } public static System.Collections.Generic.List FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S13_BeaconVersion__M11_signedParts(Wrappers_Compile._IOption> value) { return value.is_None ? (System.Collections.Generic.List)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_SignedPartsList(value.Extract()); @@ -913,6 +943,60 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberInput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput(); converted.Item = (System.Collections.Generic.Dictionary)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(concrete._item); + converted.NumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(concrete._numberOfPartitions); + converted.LogicalTableName = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(concrete._logicalTableName); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberInput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberInput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberInput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(value.Item), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(value.NumberOfPartitions), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(value.LogicalTableName)); + } + public static System.Collections.Generic.Dictionary FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(Dafny.IMap, software.amazon.cryptography.services.dynamodb.internaldafny.types._IAttributeValue> value) + { + return FromDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); + } + public static Dafny.IMap, software.amazon.cryptography.services.dynamodb.internaldafny.types._IAttributeValue> ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M4_item(System.Collections.Generic.Dictionary value) + { + return ToDafny_N3_com__N9_amazonaws__N8_dynamodb__S12_AttributeMap(value); + } + public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(Dafny.ISequence value) + { + return FromDafny_N6_smithy__N3_api__S6_String(value); + } + public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M16_logicalTableName(string value) + { + return ToDafny_N6_smithy__N3_api__S6_String(value); + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(int value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S23_GetPartitionNumberInput__M18_numberOfPartitions(int value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value); + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberOutput value) + { + software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput(); converted.PartitionNumber = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(concrete._partitionNumber); return converted; + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPartitionNumberOutput ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput(AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPartitionNumberOutput value) + { + value.Validate(); + + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPartitionNumberOutput(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(value.PartitionNumber)); + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(int value) + { + return FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(value); + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S24_GetPartitionNumberOutput__M15_partitionNumber(int value) + { + return ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(value); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S9_GetPrefix(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IGetPrefix value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.GetPrefix)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.GetPrefix(); converted.Length = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S9_GetPrefix__M6_length(concrete._length); return converted; @@ -1196,6 +1280,34 @@ public static string FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8 { return value == null ? Wrappers_Compile.Option>.create_None() : Wrappers_Compile.Option>.create_Some(ToDafny_N6_smithy__N3_api__S6_String((string)value)); } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(int value) + { + return value; + } + public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(int value) + { + return value; + } + public static int ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S15_PartitionNumber(int value) + { + return value; + } + public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.DbEncryptionSDK.DynamoDb.TypeConversion.FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value); + } + public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.IPartitionSelector ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(AWS.Cryptography.DbEncryptionSDK.DynamoDb.IPartitionSelector value) + { + // This is converting a reference type in a dependant module. + // Therefore it defers to the dependant module for conversion + return AWS.Cryptography.DbEncryptionSDK.DynamoDb.TypeConversion.ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S26_PartitionSelectorReference(value); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S8_PartOnly(software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IPartOnly value) { software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.PartOnly)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.PartOnly(); return converted; @@ -1394,14 +1506,16 @@ public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon FromDafny software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon concrete = (software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon)value; AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon converted = new AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon(); converted.Name = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(concrete._name); converted.Length = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(concrete._length); if (concrete._loc.is_Some) converted.Loc = (string)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(concrete._loc); - if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); return converted; + if (concrete._style.is_Some) converted.Style = (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(concrete._style); + if (concrete._numberOfPartitions.is_Some) converted.NumberOfPartitions = (int)FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(concrete._numberOfPartitions); return converted; } public static software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types._IStandardBeacon ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon(AWS.Cryptography.DbEncryptionSDK.DynamoDb.StandardBeacon value) { value.Validate(); string var_loc = value.IsSetLoc() ? value.Loc : (string)null; AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle var_style = value.IsSetStyle() ? value.Style : (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null; - return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style)); + int? var_numberOfPartitions = value.IsSetNumberOfPartitions() ? value.NumberOfPartitions : (int?)null; + return new software.amazon.cryptography.dbencryptionsdk.dynamodb.internaldafny.types.StandardBeacon(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M4_name(value.Name), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(value.Length), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M3_loc(var_loc), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(var_style), ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(var_numberOfPartitions)); } public static int FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M6_length(int value) { @@ -1427,6 +1541,14 @@ public static Dafny.ISequence ToDafny_N3_aws__N12_cryptography__N15_dbEncr { return ToDafny_N6_smithy__N3_api__S6_String(value); } + public static int? FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(Wrappers_Compile._IOption value) + { + return value.is_None ? (int?)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount(value.Extract()); + } + public static Wrappers_Compile._IOption ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M18_numberOfPartitions(int? value) + { + return value == null ? Wrappers_Compile.Option.create_None() : Wrappers_Compile.Option.create_Some(ToDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_PartitionCount((int)value)); + } public static AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S14_StandardBeacon__M5_style(Wrappers_Compile._IOption value) { return value.is_None ? (AWS.Cryptography.DbEncryptionSDK.DynamoDb.BeaconStyle)null : FromDafny_N3_aws__N12_cryptography__N15_dbEncryptionSdk__N8_dynamoDb__S11_BeaconStyle(value.Extract()); diff --git a/specification/changes/2025-08-25-beacon-partitions/background.md b/specification/changes/2025-08-25-beacon-partitions/background.md new file mode 100644 index 000000000..f6a5224a9 --- /dev/null +++ b/specification/changes/2025-08-25-beacon-partitions/background.md @@ -0,0 +1,321 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Beacon Partitions + +`Beacon Partitions` refers to a way to add a little bit more randomness to your [beacons](../../searchable-encryption/beacons.md), +to add anonymity when your data distribution is uneven + +Probably read [changes](./change.md) first, as it gives a brief overview of the interface. + +## A shortcoming of Beacons + +[Beacons](../../searchable-encryption/beacons.md) are great if your data is evenly distributed. +There are ten of each value for an attribute, +and so in the table there are 10 or 20 or 30 occurrences of any given hash, +and an external observer can't deduce anything useful. + +But what if the data is not evenly distributed? + +What if you're storing last names, and your customers are primarily from the US? + +In this case, some hashes will have many many occurrences, and some will have only one. + +An external observer can look at census data and make an educated guess that the hashes with many occurrences are probably "Jones" or "Smith". Pretty soon, you've leaked real information. + +## Introducing Beacon Partitions + +One strategy to combat this is to further divide each item's beacons into separate `partitions`, +so that the same value in different records might produce different hashes. + +Specifically, assigning an item to a `partition` alters the hash generated for a [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon), +so that within a partition, the hash for any given value for a given attribute is the same, +but the hash is different for different partitions. + +This doesn't entirely solve the problem, but it flattens out the histogram quite a bit, +making things much more difficult to deduce. +To do the job properly, you'd need to deeply understand your data, and use a [Partition Selector](#partition-selector). + +All existing databases are retroactively configured with one partition. +The hash for a value in partition number zero is the same as the hash in an unpartitioned system; +therefore, there is no difference between "one partition" and "not using partitions". + +Unfortunately, when items are distributed across N partitions, retrieving all of them requires N separate queries. + +- Only the `Query` operation is affected. +- `Scan` and `Get` operations continue to work as usual. + +The reason Query behaves differently is that it searches against an index, which requires an exact match. This leaves no opportunity to optimize the query with a “this OR that OR other” approach, unlike a Scan which examines all items. + +Note: There is no way to determine an item’s partition just by looking at its encrypted value. + +### Performance Penalties + +Multiple queries will always take longer than one query, however; +if the number of "pages" of results returned by DynamoDB for a query is large compared to the number of partitions, +then the overall query performance is not impacted very much. + +If the query is only expected to return one result, then of course, making five queries will take five time as long, +with four of the queries returning nothing. + +### Performance Advantages + +On the other hand, beacon partitions can provide performance enhancements as well. + +Sometimes a common value can share the same hash as a rare one. +In this case, a search for the rare one pays the penalty of retrieving and discarding all the +matches for the common one. +Beacon partitions reduce the maximum number occurrences of a single hash, reducing this penalty. + +Increasing the number of partitions can allow you to increase the length of a standard beacon, +further decreasing the number of results that must be retrieved and discarded. + +### Constrained Beacons + +Maybe you need a different number of partitions for different standard beacons. + +For example, maybe + +- `LastName` has a terribly uneven distribution, and so needs 5 partitions. +- `Phone` is pretty much unique in each item, and so only needs on partition. +- `Precinct` is just a little bit uneven, and so needs two beacons. + +To accomplish this, you set the number of partitions for the whole table to `5`, +and then constrain the number of partitions for the other two beacons. + +The partition used to calculate the hash for a constrained beacon is +`ItemsPartition % BeaconConstraint` where `%` is the `modulo` or `remainder` operation. +The ensures that the values are reasonably well distributed among the constrained partitions, +while still guaranteeing that, given the partition for the item, +we can uniquely identify the partition for the constrained beacon. + +**_WARNING_** Adding or changing the constraint on a beacon is difficult, sometimes impossible; +once any items have been written. + +The only situation in which you might consider adding a constraint to a beacon is if **all** of the following apply + +- You're going to use that beacon in an index (GSI) +- The queries you make against that index are expected to return a very small number of results +- Your security people have agreed that reducing the number of partitions for this beacon is acceptable. + +### Behind the scenes + +The KeyConditionExpression is an exact match, and therefore can only refer to one partition. +However, FilterExpression is much more flexible, and can refer to multiple partitions. + +So when doing a Scan operation, only one Scan is needed. +Internally, where you had a FilterExpression of `foo`, we change it to +`(foo[0]) OR (foo[1]) OR (foo[2])` +where `foo[n]` refers to to "foo, as calculated for partition `n`" + +Similarly, when you do a query where the KeyConditionExpression refers to constrained beacons, +and FilterExpression refers to some unconstrained beacons, +then we do a similar transformation on the FilterExpression of the query, +so that the total number of queries necessary is limited by the constrained beacons. + +If the table has `maximumNumberOfPartitions` of `5`, then the query on partition zero will have +`(foo[0]) OR (foo[2]) OR (foo[4])` and the query on partition 1 will have `(foo[1]) OR (foo[3])` + +## Usage + +### GetNumberOfQueries + +A new operation, GetNumberOfQueries, tells you how many queries are necessary for a given QueryInput. + +One often knows this number ahead of time, as discussed in [changes](./change.md). + +If you use a [Partition Selector](#partition-selector) you can sometimes do fewer queries than this. + +### Query Loop + +If you're using partitions, then wherever you do a query, you need code like this. + +```text + for i = 0 to transformClient.GetNumberOfQueries(query) + query.ExpressionAttributeValues.Add(":aws_dbe_partition", N(i.to_string()) + dynamoClient.query(query) +``` + +It is an error to set `:aws_dbe_partition` to a value greater than or equal to the value returned by `GetNumberOfQueries`. + +## Configuring Partitions + +### Maximum Partitions + +The [BeaconVersion](../../searchable-encryption/search-config.md#beacon-version-initialization) structure +has a new optional field maximumNumberOfPartitions. +This indicates the number of partitions into which your data is to be divided. +If you set `maximumNumberOfPartitions` to `5`, +then each item written will be assigned to one of five partitions, +and every [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon) value +will now have five different values in the table. +This means that you will have to make five different queries to get all of your data. + +Setting only `maximumNumberOfPartitions` will provide the easiest forward compatibility story, +as going forward, `maximumNumberOfPartitions` can be increased at any time. +Increasing `maximumNumberOfPartitions` will not, of course, +change the partition assignment of any existing item; but only newly written items. +If you change `maximumNumberOfPartitions` from `5` to `7`, +then you will immediately need to start making 7 queries, +but the sixth and seventh queries will return a comparatively small number of items. + +### Beacon Constraints + +The configuration for each [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon) +can now take a `numberOfPartitions`, which constrains that beacon accordingly. +Be very careful with this, as per [Constrained Beacons](#constrained-beacons) above. + +### Default Constraints + +The [BeaconVersion](../../searchable-encryption/search-config.md#beacon-version-initialization) structure +also has a new optional field `defaultNumberOfPartitions`. + +If this is set (to something less than `maximumNumberOfPartitions`) then any beacon that does not +specify an explicit `numberOfPartitions` will be constrained to this number of partitions. +For example, if LastName was the only attribute that warranted partition use, then you might have +`maximumNumberOfPartitions = 5` and `defaultNumberOfPartitions = 1` in the BeaconVersion, +and then `numberOfPartitions = 5` on the LastName beacon. + +### Partition Selector + +For fine grained control, one can implement a PartitionSelector, which is an object with a single method +GetPartitionNumber(item: [AttributeMap](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html), numberOfPartitions : [PartitionCount](./change.md#partitioncount), logicalTableName : string) -> [PartitionNumber](./change.md#partitionnumber). + +This would allow one to set `numberOfPartitions = 5` on the LastName beacon as above, +and then choose the partition for each item explicitly, based on the LastName value. +Perhaps "Smith" would be divided among all 5 partitions, while "Svaboda" was always placed in partition zero. +This has two benefits + +- This can do a much better job of overcoming the [shortcoming of Beacons](#a-shortcoming-of-beacons), + by only splitting the popular names, making the distribution of hashes even more regular. +- When querying on the LastName "Svaboda", only one query is needed, rather than five. + +## Changing Beacon Constraints + +You shouldn't do this. Both Query and Scan may stop being able to find some items. + +### Short answer + +You can't. Once you've set `numberOfPartitions` on a beacon, +or `defaultNumberOfPartitions` on a table, +you can never change that configuration. + +Why not? Because when we write, the item has a partition, and each beacon calculates its partition from the item's partition. +When we Query, the query has a partition and each beacon calculates its partition from the query's partition. +If you change a constraint, then the beacon partition calculation at query time will not produce the same results as were used when the item was written. For example: + +- `maximumNumberOfPartitions` for a table is 5 +- Beacon A has no constraint +- Beacon B is constrained to 2 partitions. +- We write an item. Its partition is 4. +- Beacon A is put in partition 4, beacon B is put in partition `4 % 2` or 0. +- We search with ":aws_dbe_partition = 4". We look for beacon A in partition 4 and beacon B in partition 0 +- We find the item. +- Now we change the constraint to `3`. +- We search with ":aws_dbe_partition = 4". We look for beacon A in partition 4 and beacon B in partition `4 % 3` or 1 +- We do not find the item. + +### Long answer + +Maybe sometimes, if you're careful. + +As the example above shows, the problem is that a search with ":aws_dbe_partition = N" must calculate +hashes (i.e. partitions) for all the beacons in the same way as when then item was written. + +However, if you're only using a few beacons, then as long as those beacons have compatible changes, +then all of the items can still be found. + +`Using` in this context include both KeyConditionExpression and FilterExpression, +and include both plain standard beacons and standard beacons used as part of a compound beacon. + +Compatible in this context means that, for any ":aws_dbe_partition = N", + +- before the change, all involved beacons were put in the same partition +- after the change, all involved beacons are put in the same partition + +but the partition before might be different than the partition after. + +To be compatible, all involved beacons must have always had the same number of partitions as each other, +whether through `numberOfPartitions` or by inheriting from `defaultNumberOfPartitions`, +and that number has only increased over time. + +The easiest compatible change : no involved beacons specified `numberOfPartitions`, and `defaultNumberOfPartitions` was increased. + +### Possible Future Answer 1 + +Hypothetically, if the beacons in the KeyConditionExpression are compatible, +and the beacons in the FilterExpression are compatible, +but the two sets are not compatible with each other, +then we could flesh out the filter expression as discussed in [Behind the scenes](#behind-the-scenes) +to cover all the partitions, and not just the subset necessitated by the current partition. +This would require an extra value to be passed, possibly `[":aws_dbe_full_filter = true]` or some such. + +### Possible Future Answer 2 + +Hypothetically, instead of `:aws_dbe_partition = 4` one could set `:aws_dbe_partition_map = ['A" = 4, 'B' = 0]` +which tells the interceptor to calculate beacon A for partition 4 and beacon B for partition 0. + +If you know exactly what data has been written, a long enough list of these would find all of the items. + +We don't want to implement this until we're sure someone would actually use it. + +## Migration + +A non-partitioned table is the same as a table with `maximumNumberOfPartitions == 1`. + +Further, each individual beacon can either be considered to be unconstrained, +or constrained to one partition. + +Given that, migration from non-partitioned to partitioned follows the same rules as any other change in partition settings. + +You can always increase maximumNumberOfPartitions. +It won't magically improve the anonymity of you existing data, +but new data will be properly anonymized and both old and new data will be found when doing partitioned searches. + +The individual beacon constraints must remain unchanged. +This when you first move to multiple partition, +each beacon must either be constrained to one partition, or be unconstrained. + +## Test Strategy + +### Normal Operation + +Create a table with a maximum of 5 partitions, a variety of beacons with different numbers of partitions, +and with GSIs built on a variety of combinations of those indexes. + +Put 100 items in that table, with different PK attributes, +but the exact same values for all the other attributes. +We expect around 20 items per partition, and are pretty guaranteed that no partition is empty. + +Perform a variety of queries against the table. +For each, assert that + +- GetNumberOfQueries returns the expected value +- When performing `GetNumberOfQueries` queries, + - each partition returns at least one value + - every item is returned exactly one +- When performing queries with the partition number set to `GetNumberOfQueries` or greater, an error is returned. + +Perform a very large number of Scans against the table. +These are easier to test, as they do not require a different index for each one, as the Query ones do. +Test that a single Scan returns every item exactly once. + +### Test Partition Selector + +Repeat [Normal Operation](#normal-operation), but + +- add an attribute to hold a partition number +- include a [Partition Selector](../../searchable-encryption/search-config.md#partition-selector) + that puts each item in the indicated partition. +- when searching on a partition, assert that the item was in the correct partition. + +### Test Filter Expressions + +The functionality of the [Filter Expressions for Query](../../dynamodb-encryption-client/ddb-support.md#filter-expressions-for-query) is well tested by the above. + +For a few scan operations, assert that the text of the calculated filter expressions are as expected. + +### Test Compound Beacons + +Create some complex compound beacons, create indexes with them, +and repeat the same test as in [Normal Operation](#normal-operation). diff --git a/specification/changes/2025-08-25-beacon-partitions/change.md b/specification/changes/2025-08-25-beacon-partitions/change.md new file mode 100644 index 000000000..48ddf6d03 --- /dev/null +++ b/specification/changes/2025-08-25-beacon-partitions/change.md @@ -0,0 +1,92 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Beacon Partitions + +## New Types + +### PartitionCount + +- An integer in the range 1..255 +- The number of possible partitions in some context +- For customers not using PartitionBeacons, this is always `1` + +### PartitionNumber + +- An integer in the range 0..254 +- The number of the partition currently under consideration in some context +- For customers not using PartitionBeacons, this is always `1` +- Range can also be considered : `0 <= PartitionNumber < PartitionCount` + +### PartitionSelector + +A customer supplied callback to select the [PartitionNumber](#partitionnumber) for a particular DynamoDB Item. + +It has a single Entry Point +GetPartitionNumber(item: [AttributeMap](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/WorkingWithItems.html), numberOfPartitions : [PartitionCount](#partitioncount), logicalTableName : string) -> [PartitionNumber](#partitionnumber) + +The default behavior ignores the Item, and picks a random partition in the range `0 <= PartitionNumber < PartitionCount` + +The intent is to allow customers who know their data to take specific action. +For example, if LastName="Smith" then pick a random partition, but if LastName="Svaboda" then pick partition zero. + +## New Options + +### BeaconVersion + +BeaconVersion has three new optional fields + +#### partitionSelector : [PartitionSelector](#partitionselector) + +The [PartitionSelector](#partitionselector) to be used for items in this table. + +#### maximumNumberOfPartitions : [PartitionCount](#partitioncount) + +The total number of partitions in the table. This may be increased over time. + +#### defaultNumberOfPartitions : [PartitionCount](#partitioncount) + +The number of partitions for any [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon) that does not explicitly specify a `numberOfPartitions`. + +Under most circumstances, this may be increased over time. + +Defaults to `maximumNumberOfPartitions`. If specified, must be less than `maximumNumberOfPartitions`. + +### StandardBeacon + +#### numberOfPartitions : [PartitionCount](#partitioncount) + +The number of partitions to use for this particular beacon. + +Defaults to `defaultNumberOfPartitions`. If specified, must be less than `maximumNumberOfPartitions`. + +Under most circumstances, this may never be altered. + +## New Entry Points + +### TransformsClient::GetNumberOfQueries(QueryInput) -> PartitionCount + +Examines the [query](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Query.html), and the number of partitions associated with each [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon) used in the `KeyConditionExpression`, to determine the number of separate queries necessary to retrieve all of the items. In the general case, customer code would look like this. + + for i = 0 to transformClient.GetNumberOfQueries(query) + query.ExpressionAttributeValues.Add(":aws_dbe_partition", N(i.to_string()) + dynamoClient.query(query) + +In many situations, one already knows the number of queries, + +- `1` if partitions are not being used, +- `maximumNumberOfPartitions` if partitions are being used, and nothing else is overridden +- `numberOfPartitions` if a single partitioned beacon is involved. + +The actual value of GetNumberOfQueries is the minimum of + +- maximumNumberOfPartitions +- The Least Common Multiple of the numbers of partitions in each + [Standard Beacon](../../searchable-encryption/beacons.md#standard-beacon) involved, + including those that are part of a [Compound Beacon](../../searchable-encryption/beacons.md#compound-beacon). + +It is an error to set `:aws_dbe_partition` to a number greater than or equal to the value of `GetNumberOfQueries`. + +If you did clever things with your [PartitionSelector](#partitionselector), then you might be able to perform fewer queries. + +In the example above, if the query is indexed on `LastName="Svaboda"` then only one query is necessary. diff --git a/specification/dynamodb-encryption-client/ddb-get-number-of-queries.md b/specification/dynamodb-encryption-client/ddb-get-number-of-queries.md new file mode 100644 index 000000000..aee3b77ae --- /dev/null +++ b/specification/dynamodb-encryption-client/ddb-get-number-of-queries.md @@ -0,0 +1,39 @@ +[//]: # "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved." +[//]: # "SPDX-License-Identifier: CC-BY-SA-4.0" + +# Get Number of Queries + +## Overview + +When using [Beacon Partitions](../changes/2025-08-25-partition-beacons/background.md), +more than one [query](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Query.html) +can be necessary to retrieve all of the desired results, +leading to code something like this: + +```text + for i = 0 to transformClient.GetNumberOfQueries(query) + query.ExpressionAttributeValues.Add(":aws_dbe_partition", N(i.to_string()) + dynamoClient.query(query) +``` + +## Operation + +### Input + +This operation MUST take as input the QueryInput structure under consideration. + +This operation MUST return the number of queries necessary. + +### Behavior + +Based on the [standard beacons](../searchable-encryption/beacons.md#standard-beacon) +used in the [KeyConditionExpression](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.KeyConditionExpressions.html) of the query, calculate the required number of queries. + +This value is the minimum of the calculated value, +and the [maximum number of partitions](../searchable-encryption/search-config.md#max-partitions) +configured for the table. + +The calculated value is the least common multiple of the number of partitions for each of the beacons involved. + +This is not needed for a [scan](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_Scan.html) +operation. Only one Scan is needed, regardless of partition settings. diff --git a/specification/dynamodb-encryption-client/ddb-support.md b/specification/dynamodb-encryption-client/ddb-support.md index e1373c593..b9908d4e0 100644 --- a/specification/dynamodb-encryption-client/ddb-support.md +++ b/specification/dynamodb-encryption-client/ddb-support.md @@ -78,6 +78,10 @@ and [Encrypt Item Output](./encrypt-item.md#output). To obtain [Beacon Key Materials] GetEncryptedBeacons MUST call [Get beacon key after encrypt](../searchable-encryption/search-config.md#get-beacon-key-after-encrypt). +A [partition number](search-config.md#partitionnumber) MUST be generated +by calling the [partition selector](search-config.md#partition-selector). +This [partition number](search-config.md#partitionnumber) is to be used for all [standard beacons](./searchable-encryption/beacons.md#standard-beacon) in the item. + GetEncryptedBeacons MUST NOT operate on [compound beacons](../searchable-encryption/beacons.md#compound-beacon) that only have [signed parts](../searchable-encryption/beacons.md#compound-beacon-initialization). @@ -154,6 +158,18 @@ from [Get beacon key for query](../searchable-encryption/search-config.md#get-be If the [QueryObject does not have encrypted values](#queryobject-has-encrypted-values) then QueryInputForBeacons MUST NOT attempt to obtain [Beacon Key Materials](../searchable-encryption/search-config.md#beacon-key-materials). +When querying, a [partition number](search-config.md#partitionnumber) MUST be determined by examining +the `:aws_dbe_partition` value in the `ExpressionAttributeValues`. + +If this value is absent, a partition number of `0` MUST be used. + +If this value is not of type `N` or fails to hold an integer value +greater than or equal to zero and less than the [max partitions](search-config.md#max-partitions), +an error MUST be returned. + +If this value is valid, then this value is used and the `:aws_dbe_partition` field MUST +be removed from the `ExpressionAttributeValues`. + For any operand in the KeyConditionExpression or FilterExpression which is a beacon name, the name MUST be replaced by the internal beacon name (i.e. NAME replaced by aws_dbe_b_NAME). @@ -174,6 +190,9 @@ MUST be obtained from the [Beacon Key Materials](../searchable-encryption/search [HMAC Keys map](../searchable-encryption/search-config.md#hmac-keys) using the beacon name as the key. +If [Beacon Partitions](../changes/2025-08-25-partition-beacons/background.md) are being used, +then the [FilterExpression](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Query.FilterExpression.html) must be augmented as described in [Filter Expressions for Query](#filter-expressions-for-query). + For example if the query is "MyBeacon = :value" and ExpressionAttributeValues holds (:value = banana), then the ExpressionAttributeValues must be changed to (:value = 13fd), @@ -192,6 +211,31 @@ in this situation, but that risks leaking the connection between the two beacons Similarly, if one of the two was not a beacon, then we would be leaking the fact that this beacon came from that text. +### Filter Expressions for Query + +if [GetNumberOfQueries](./ddb-get-number-of-queries.md) returns a number less than the configured +[maximum number of partitions](../searchable-encryption/search-config.md#max-partitions) +then the FilterExpression MUST be augmented to match against partitions greater than +the limit returned from GetNumberOfQueries. + +For each partition number that would map to the current partition, +calculate the Filter Expression as for that partition. +The FilterExpression sent to DynamoDB MUST be the `OR` combination of all of these expressions. + +The text of the FilterExpression is unlikely to change between partitions. +What will change is the values in the ExpressionAttributeValues, +which will be different if they involve standard beacons calculated with different partitions. +This implies that additional unique values will need to be added to ExpressionAttributeValues. + +As an example, if a table is configured with five partitions, +and GetNumberOfQueries returns two, and `foo[n]` represents the expression as calculated for partition `n`, +then when `:aws_dbe_partition = 0` the filter expression must be `(foo[0]) OR (foo[2]) OR (foo[4])` +ands when `:aws_dbe_partition = 1` the filter expression must be `(foo[1]) OR (foo[3])`. + +The resulting FilterExpression might look something like this: + +`(aws_dbe_b_Attr3 = :attr3 AND aws_dbe_b_Attr4 = :attr4) OR (aws_dbe_b_Attr3 = :attr3AA AND aws_dbe_b_Attr4 = :attr4AA) OR (aws_dbe_b_Attr3 = :attr3AB AND aws_dbe_b_Attr4 = :attr4AB)` + ### QueryObject has encrypted values Determines if a Query Object has encrypted values (ENCRYPT_AND_SIGN fields) @@ -260,7 +304,9 @@ any error encountered during filtering MUST result in a failure of the query ope Transform an unencrypted ScanInput object for searchable encryption. -The ScanInput is transformed in the same way as [QueryInputForBeacons](#queryinputforbeacons). +The ScanInput is transformed in the same way as [QueryInputForBeacons](#queryinputforbeacons), +except that [Filter Expressions for Query](#filter-expressions-for-query) is calculated +as if GetNumberOfQueries returned `1`. ## ScanOutputForBeacons diff --git a/specification/searchable-encryption/beacons.md b/specification/searchable-encryption/beacons.md index 458b0e5cc..4670c9778 100644 --- a/specification/searchable-encryption/beacons.md +++ b/specification/searchable-encryption/beacons.md @@ -5,10 +5,18 @@ ## Version -1.0.0 +1.1.0 ### Changelog +- 1.1.0 + - add beacon partitions + +## Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + ## Overview Beacons use stable hashes of plaintext values of encrypted fields @@ -84,7 +92,7 @@ The beacon string will be 1/4 this length. ### Terminal Location -A terminal location designates a portion of a structured value. Defined [here](virtual.md#terminal-location). +A [terminal location](virtual.md#terminal-location) designates a portion of a structured value. ### Standard Beacon @@ -92,9 +100,9 @@ The simplest form of beacon is a standard beacon. To configure a single standard beacon, you need to provide -1. A name -1. A [terminal location](virtual.md#terminal-location) -1. A [beacon length](#beacon-length) +1. A name +1. A [terminal location](virtual.md#terminal-location) +1. A [beacon length](#beacon-length) A hash is made from the value at the terminal location, and stored at at the top level of the structure with the name `aws_dbe_b_` followed by the configured name. @@ -123,11 +131,11 @@ into a complex string, suitable for complex database operations. To configure a single compound beacon, you need to provide -1. A name -1. A split character -1. A list of encrypted parts -1. A list of signed parts -1. A list of constructors +1. A name +1. A split character +1. A list of encrypted parts +1. A list of signed parts +1. A list of constructors The `name` is used in queries and index creation as if it were a regular field. "MyField" in examples below. It is an error if this name is the same as a configured @@ -276,11 +284,6 @@ If `NAME` appears in an record to be written, and `NAME` can also be constructed from other parts of the record, then the write must fail if the constructed and supplied values are not equal. -### Conventions used in this document - -The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" -in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). - ### Standard Beacon Initialization On initialization of a Standard Beacon, the caller MUST provide: @@ -291,13 +294,17 @@ On initialization of a Standard Beacon, the caller MUST provide: On initialization of a Standard Beacon, the caller MAY provide: - a [terminal location](virtual.md#terminal-location) -- a string -- a [beacon style](beacon-style-initialization) +- a [beacon style](#beacon-style-initialization) +- a [number of partitions](#beacon-constraint) If no [terminal location](virtual.md#terminal-location) is provided, the `name` MUST be used as the [terminal location](virtual.md#terminal-location). Initialization MUST fail if two standard beacons are configured with the same location. +Initialization MUST fail if [number of partitions](#beacon-constraint) is specified, and is greater than or equal to +the maximum number of partitions specified in the [beacon version](search-config.md#beacon-version-initialization). + ### Beacon Style Initialization On initialization of a Beacon Style, the caller MUST provide exactly one of @@ -401,6 +408,19 @@ This name MUST match the name of one of the [encrypted](#encrypted-part-initiali These parts may come from these locally defined parts lists, or from the [Global Parts List](search-config.md#global-parts-list), in any combination. +#### Beacon Constraint + +A beacon may be constrained to fewer partitions than is specified in the [beacon version](search-config.md#beacon-version-initialization). + +If an item is being written or queried as partition `X`, but the [standard beacon](#standard-beacon-initialization) is constrained to only `N` partitions, +then the partition used to [encode](#beacon-partition-encoding) the beacon MUST be `X % N`, where `%` is the modulo or remainder operation. + +Examples: + +- If a beacon is constrained to one partition, then it is always encoded as partition `0`. +- If a beacon is constrained to three partitions, then the beacon is always encoded as partition `0`, `1` or `2`. + If the current partition is `7`, then the beacon is encoded as for partition `1`. + ### Default Construction - If no constructors are configured, a default constructor MUST be generated. @@ -471,11 +491,23 @@ Both standard and compound beacons define two operations - This operation MUST convert the attribute value of the associated field to a sequence of bytes, as per [attribute serialization](../dynamodb-encryption-client/ddb-attribute-serialization.md). +- The serialized form MUST be augmented as per [beacon partition encoding](#beacon-partition-encoding). - This operation MUST return the [basicHash](#basichash) of the resulting bytes and the configured [beacon length](#beacon-length). - The returned [AttributeValue](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_AttributeValue.html) MUST be type "S" String. +#### Beacon Partition Encoding + +Beacon Partition Encoding converts a sequence of bytes into a possibly different sequence of bytes. + +To calculate the [partition number](search-config.md#partitionnumber) for this beacon by calculating `X % N` +where `X` is the partition specified and `N` is the [number of partitions](#beacon-constraint) specified for the beacon. + +If this number is zero, then the input sequence of bytes MUST be returned unchanged. + +Otherwise, a single byte with a value equal to this calculated partition number, MUST be appended to the input sequence of bytes. + ### value for a set standard beacon - This operation MUST convert the value of each item in the set to diff --git a/specification/searchable-encryption/search-config.md b/specification/searchable-encryption/search-config.md index e12aefea4..5807519de 100644 --- a/specification/searchable-encryption/search-config.md +++ b/specification/searchable-encryption/search-config.md @@ -5,6 +5,8 @@ ## Version +- 1.2.0 + - Add beacon partitions - 1.1.0 - [Update Cache Entry Identifier Formulas to shared cache across multiple Beacon Key Sources](../../changes/2024-09-13_cache-across-hierarchical-keyrings/change.md) - New optional parameter `Partition ID` used to distinguish Cryptographic Material Providers (i.e: Beacon Key Sources) writing to a cache @@ -14,6 +16,13 @@ ### Changelog +## Definitions + +### Conventions used in this document + +The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" +in this document are to be interpreted as described in [RFC 2119](https://tools.ietf.org/html/rfc2119). + ## Overview The search config holds the configuration for all of the searchable configuration functionality. @@ -46,7 +55,7 @@ or begins with the [unauthenticated attribute prefix](../dynamodb-encryption-cli On initialization of a Beacon Version, the caller MUST provide: -- A [version number](#version number) +- A [version number](#version-number) - A [Beacon Key Source](#beacon-key-source) - A [Keystore](#keystore) - A list of [standard beacons](beacons.md#standard-beacon-initialization) @@ -57,8 +66,11 @@ On initialization of the Beacon Version, the caller MAY provide: - A list of [virtual fields](virtual.md#virtual-field-initialization) - A list of [signed parts](beacons.md#signed-part-initialization) - A list of [encrypted parts](beacons.md#encrypted-part-initialization) +- A [maximum number of partitions](#max-partitions) +- A [default number of partitions](#default-partitions) +- A [partition selector](#partition-selector) -Initialization MUST fail if the [version number](#version number) is not `1`. +Initialization MUST fail if the [version number](#version-number) is not `1`. Initialization MUST fail if at least one [standard beacon](beacons.md#standard-beacon) is not provided. @@ -95,6 +107,10 @@ Initialization MUST fail if the name of a matches the name of a [standard beacons](beacons.md#standard-beacon) +Initialization MUST fail if [default number of partitions](#default-partitions) is supplied but [maximum number of partitions](#max-partitions) is not. + +Initialization MUST fail if [default number of partitions](#default-partitions) is greater than or equal to [maximum number of partitions](#max-partitions). + A [terminal location](virtual.md#terminal-location) is considered `signed` if the field that contains it is [SIGN_ONLY](../structured-encryption/structures.md#sign_only) or [ENCRYPT_AND_SIGN](../structured-encryption/structures.md#encrypt_and_sign). @@ -405,7 +421,7 @@ while providing a Shared Cache to the [Beacon Key Source](#beacon-key-source). The resource suffixes for the Searchable Encryption is as follows: -``` +```text logicalKeyStoreName + NULL_BYTE + UTF8Encode(branchKeyId) ``` @@ -441,7 +457,7 @@ All the above fields must be separated by a single NULL_BYTE `0x00`. As a formula: -``` +```text resource-id = [0x02] scope-id = [0x03] logical-key-store-name = UTF8Encode(beaconVersion.keystore.LogicalKeyStoreName) @@ -513,3 +529,51 @@ Now, two [beacon versions](#beacon-version-initialization) (BV1 and BV2) are cre and BV2 (which uses Key Store client K2) will NOT be able to share cache entries. Notice that both K1 and K2 are clients for the same physical Key Store (K). + +## Beacon Partitions + +`Beacon Partitions` refers to a way to add a little bit more randomness to your [beacons](../../searchable-encryption/beacons.md), +to add anonymity when your data distribution is uneven. See [beacon partition background](../changes/2025-08-25-partition-beacons/background.md). + +### PartitionCount + +A PartitionCount is an integer between 1 and 255 inclusive. +It refers to the total number of partitions in play. + +### PartitionNumber + +A PartitionNumber is an integer between 0 and 254 inclusive. +It refers to a specific partition, typically the partition to which a DynamoDB item has been assigned. + +A PartitionNumber only has meaning in the context of a PartitionCount, where the PartitionNumber must be less than the PartitionCount. + +### Max Partitions + +The Max Partitions setting in a [beacon version](#beacon-version-initialization) configures the total number of partitions being used in a table. + +If not set, Max Partitions MUST default to `1`, which is synonymous with "no partitions are being used". + +### Default Partitions + +The Default Partitions setting a [beacon version](#beacon-version-initialization) configures the number of partitions used by all +[standard beacons](beacons.md#standard-beacon-initialization) that do not directly specify a number of partitions. + +If not set, Default Partitions MUST default to [Max Partitions](#max-partitions). + +### Partition Selector + +A Partition Selector is an object that implements GetPartitionNumber. + +GetPartitionNumber MUST take as input + +- A DynamoDB Item (i.e an AttributeMap) +- The [number of partitions](#max-partitions) defined in the associated [beacon version](#beacon-version-initialization). +- The logical table name for this defined in the associated [table config](../dynamodb-encryption-client/ddb-table-encryption-config.md#structure). + +GetPartitionNumber MUST return + +- The number of the partition to use for this item + +It is an error for the Partition Selector to return a number greater than or equal to the input [number of partitions](#max-partitions). + +The default implementation of the Partition Selector MUST return a random number within the acceptable range, i.e. 0..[number of partitions](#max-partitions).