Structures

Common structures used by the DynamoDB Encryption Client.

class dynamodb_encryption_sdk.structures.EncryptionContext(table_name=None, partition_key_name=None, sort_key_name=None, attributes=None, material_description=None)[source]

Bases: object

Additional information about an encryption request.

Parameters:
  • table_name (str) – Table name
  • partition_key_name (str) – Name of primary index partition attribute
  • sort_key_name (str) – Name of primary index sort attribute
  • attributes (dict) – Plaintext item attributes as a DynamoDB JSON dictionary
  • material_description (dict) – Material description to use with this request
class dynamodb_encryption_sdk.structures.AttributeActions(default_action=<CryptoAction.ENCRYPT_AND_SIGN: 2>, attribute_actions=None)[source]

Bases: object

Configuration resource used to determine what action should be taken for a specific attribute.

Parameters:
  • default_action (CryptoAction) – Action to take if no specific action is defined in attribute_actions
  • attribute_actions (dict) – Dictionary mapping attribute names to specific actions
action(attribute_name)[source]

Determine the correct CryptoAction to apply to a supplied attribute based on this config.

Parameters:attribute_name (str) – Attribute for which to determine action
copy()[source]

Return a new copy of this object.

set_index_keys(*keys)[source]

Set the appropriate action for the specified indexed attribute names.

Warning

If you have already set a custom action for any of these attributes, this will raise an error.

Default Action   -> Index Key Action
DO_NOTHING       -> DO_NOTHING
SIGN_ONLY        -> SIGN_ONLY
ENCRYPT_AND_SIGN -> SIGN_ONLY
Parameters:*keys (str) –

Attribute names to treat as indexed

Raises:InvalidArgumentError – if a custom action was previously set for any specified attributes
contains_action(action)[source]

Determine if the specified action is a possible action from this configuration.

Parameters:action (CryptoAction) – Action to look for
class dynamodb_encryption_sdk.structures.TableIndex(partition, sort=None)[source]

Bases: object

Describes a table index.

Parameters:
  • partition (str) – Name of the partition attribute
  • sort (str) – Name of the sort attribute (optional)
classmethod from_key_schema(key_schema)[source]

Build a TableIndex from the key schema returned by DescribeTable.

[
    {
        "KeyType": "HASH"|"RANGE",
        "AttributeName": ""
    },
]
Parameters:key_schema (list) – KeySchema from DescribeTable response
Returns:New TableIndex that describes the provided schema
Return type:TableIndex
class dynamodb_encryption_sdk.structures.TableInfo(name, primary_index=None, secondary_indexes=None)[source]

Bases: object

Describes a DynamoDB table.

Parameters:
  • name (str) – Table name
  • all_encrypting_secondary_indexes (bool) – Should we allow secondary index attributes to be encrypted?
  • primary_index (TableIndex) – Description of primary index
  • secondary_indexes (list(TableIndex)) – Set of TableIndex objects describing any secondary indexes
primary_index

Return the primary TableIndex.

Returns:primary index description
Return type:TableIndex
Raises:AttributeError – if primary index is unknown
secondary_indexes

Return the primary TableIndex.

Returns:secondary index descriptions
Return type:TableIndex
Raises:AttributeError – if secondary indexes are unknown
protected_index_keys()[source]

Provide a set containing the names of all indexed attributes that must not be encrypted.

encryption_context_values

Build parameters needed to inform an EncryptionContext constructor about this table.

Return type:dict
refresh_indexed_attributes(client)[source]

Use the provided boto3 DynamoDB client to determine all indexes for this table.

Parameters:client (botocore.client.BaseClient) – Pre-configured boto3 DynamoDB client