main/
get_encrypted_data_key_description.rs

1// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4use crate::test_utils;
5use aws_db_esdk::dynamodb::client as dbesdk_client;
6use aws_db_esdk::dynamodb::types::dynamo_db_encryption_config::DynamoDbEncryptionConfig;
7use aws_db_esdk::dynamodb::types::GetEncryptedDataKeyDescriptionUnion;
8use aws_sdk_dynamodb::types::AttributeValue;
9use std::collections::HashMap;
10
11pub async fn get_encrypted_data_key_description() -> Result<(), crate::BoxError> {
12    let kms_key_id = test_utils::TEST_KMS_KEY_ID;
13    let ddb_table_name = test_utils::TEST_DDB_TABLE_NAME;
14    let config = DynamoDbEncryptionConfig::builder().build()?;
15    let ddb_enc = dbesdk_client::Client::from_conf(config)?;
16
17    // 1. Define keys that will be used to retrieve item from the DynamoDB table.
18    let key_to_get = HashMap::from([
19        (
20            "partition_key".to_string(),
21            AttributeValue::S("BasicPutGetExample".to_string()),
22        ),
23        ("sort_key".to_string(), AttributeValue::N("0".to_string())),
24    ]);
25
26    // 2. Create a Amazon DynamoDB Client and retrieve item from DynamoDB table
27    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
28    let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
29    let get_item_response = ddb
30        .get_item()
31        .set_key(Some(key_to_get))
32        .table_name(ddb_table_name)
33        .send()
34        .await?;
35
36    // 3. Extract the item from the dynamoDB table and prepare input for the GetEncryptedDataKeyDescription method.
37    // Here, we are sending dynamodb item but you can also input the header itself by extracting the header from
38    // "aws_dbe_head" attribute in the dynamoDB item. The part of the code where we send input as the header is commented.
39    let returned_item = get_item_response.item.unwrap();
40    let input_union = GetEncryptedDataKeyDescriptionUnion::Item(returned_item);
41    let output = ddb_enc
42        .get_encrypted_data_key_description()
43        .input(input_union)
44        .send()
45        .await?;
46
47    // The code below shows how we can send header as the input to the DynamoDB. This code is written to demo the
48    // alternative approach. So, it is commented.
49    // let input_union = GetEncryptedDataKeyDescriptionUnion::Header(returned_item["aws_dbe_head"].as_b().unwrap().clone());
50
51    // 4. Get encrypted DataKey Descriptions from GetEncryptedDataKeyDescription method output and assert if its true.
52    let encrypted_data_key_descriptions = output.encrypted_data_key_description_output.unwrap();
53    assert_eq!(
54        encrypted_data_key_descriptions[0].key_provider_id,
55        Some("aws-kms".to_string())
56    );
57    assert_eq!(
58        encrypted_data_key_descriptions[0].key_provider_info,
59        Some(kms_key_id.to_string())
60    );
61
62    println!("get_encrypted_data_key_description successful.");
63    Ok(())
64}