Structures

Common structures used by the DynamoDB Encryption Client.

class dynamodb_encryption_sdk.structures.EncryptionContext(table_name: Optional[str] = None, partition_key_name: Optional[str] = None, sort_key_name: Optional[str] = None, attributes: Optional[Dict[str, Dict]] = None, material_description: Optional[Dict[str, str]] = None)[source]

Bases: object

Additional information about an encryption request.

Parameters
  • table_name (str) – Table name

  • partition_key_name (str) – Name of primary index partition attribute

  • sort_key_name (str) – Name of primary index sort attribute

  • attributes (dict) – Plaintext item attributes as a DynamoDB JSON dictionary

  • material_description (dict) – Material description to use with this request

class dynamodb_encryption_sdk.structures.AttributeActions(default_action: Optional[dynamodb_encryption_sdk.identifiers.CryptoAction] = CryptoAction.ENCRYPT_AND_SIGN, attribute_actions: Optional[Dict[str, dynamodb_encryption_sdk.identifiers.CryptoAction]] = None)[source]

Bases: object

Configuration resource used to determine what action should be taken for a specific attribute.

Parameters
  • default_action (CryptoAction) – Action to take if no specific action is defined in attribute_actions

  • attribute_actions (dict) – Dictionary mapping attribute names to specific actions

action(attribute_name)[source]

Determine the correct CryptoAction to apply to a supplied attribute based on this config.

Parameters

attribute_name (str) – Attribute for which to determine action

copy()[source]

Return a new copy of this object.

set_index_keys(*keys)[source]

Set the appropriate action for the specified indexed attribute names.

Warning

If you have already set a custom action for any of these attributes, this will raise an error.

Default Action   -> Index Key Action
DO_NOTHING       -> DO_NOTHING
SIGN_ONLY        -> SIGN_ONLY
ENCRYPT_AND_SIGN -> SIGN_ONLY
Parameters

*keys (str) – Attribute names to treat as indexed

Raises

InvalidArgumentError – if a custom action was previously set for any specified attributes

contains_action(action)[source]

Determine if the specified action is a possible action from this configuration.

Parameters

action (CryptoAction) – Action to look for

class dynamodb_encryption_sdk.structures.TableIndex(partition: str, sort: Optional[str] = None)[source]

Bases: object

Describes a table index.

Parameters
  • partition (str) – Name of the partition attribute

  • sort (str) – Name of the sort attribute (optional)

classmethod from_key_schema(key_schema: Iterable[Dict[str, str]]) dynamodb_encryption_sdk.structures.TableIndex[source]

Build a TableIndex from the key schema returned by DescribeTable.

[
    {
        "KeyType": "HASH"|"RANGE",
        "AttributeName": ""
    },
]
Parameters

key_schema (list) – KeySchema from DescribeTable response

Returns

New TableIndex that describes the provided schema

Return type

TableIndex

class dynamodb_encryption_sdk.structures.TableInfo(name: str, primary_index: Optional[dynamodb_encryption_sdk.structures.TableIndex] = None, secondary_indexes: Optional[List[dynamodb_encryption_sdk.structures.TableIndex]] = None)[source]

Bases: object

Describes a DynamoDB table.

Parameters
  • name (str) – Table name

  • all_encrypting_secondary_indexes (bool) – Should we allow secondary index attributes to be encrypted?

  • primary_index (TableIndex) – Description of primary index

  • secondary_indexes (list(TableIndex)) – Set of TableIndex objects describing any secondary indexes

property primary_index

Return the primary TableIndex.

Returns

primary index description

Return type

TableIndex

Raises

AttributeError – if primary index is unknown

property secondary_indexes

Return the primary TableIndex.

Returns

secondary index descriptions

Return type

TableIndex

Raises

AttributeError – if secondary indexes are unknown

protected_index_keys() Set[str][source]

Provide a set containing the names of all indexed attributes that must not be encrypted.

property encryption_context_values

Build parameters needed to inform an EncryptionContext constructor about this table.

Return type

dict

refresh_indexed_attributes(client)[source]

Use the provided boto3 DynamoDB client to determine all indexes for this table.

Parameters

client (botocore.client.BaseClient) – Pre-configured boto3 DynamoDB client