chore: add integration test and unit test #2139
Merged
rishav-karanjit merged 67 commits intoddbec-with-sdk-v2from Mar 19, 2026
Merged
chore: add integration test and unit test #2139rishav-karanjit merged 67 commits intoddbec-with-sdk-v2from
rishav-karanjit merged 67 commits intoddbec-with-sdk-v2from
Conversation
This reverts commit 24a064f.
Add optional Map<String, String> materialDescription field with @JsonProperty("material_description") to the Scenario inner class in both sdkv1 and sdkv2 ScenarioManifest. This allows test scenarios to specify a custom material description (e.g. AES/128) that gets passed through to the KMS materials provider constructor. Existing scenarios without this field will deserialize as null thanks to @JsonIgnoreProperties(ignoreUnknown = true) on Scenario.
Add materialDescription parameter to createProvider() and use the 3-arg DirectKmsMaterialsProvider constructor when a non-empty materialDescription is present. This enables scenarios that specify a custom encryption algorithm (e.g. AES/128) via the scenario manifest. Metastore provider calls pass null since metastores don't use custom material descriptions. Main provider calls pass scenario.materialDescription.
…olisticIT Add materialDescription parameter to createProvider() and use the 3-arg DirectKmsMaterialProvider constructor when a non-empty materialDescription is present. All 8 call sites updated: metastore provider calls pass null, main provider calls pass scenario.materialDescription. Mirrors the equivalent change in sdkv2 HolisticIT.
Add a new v1 scenario that uses the awskms provider with
material_description {"amzn-ddb-env-alg": "AES/128"} to test
encryption with a 128-bit content encryption key instead of the
default 256-bit. Points to a new ciphertext vector file
aws-kms-aes128-1.json (to be generated separately).
Add generateKmsAes128Vector() to sdkv2 HolisticIT as a disabled (@test(enabled = false)) one-off test. When temporarily enabled, it: 1. Creates a DirectKmsMaterialsProvider with {amzn-ddb-env-alg: AES/128} 2. Encrypts standard test data (all 4 record types + HashKeyOnly + KeysOnly) 3. Prints the DynamoDB tables as JSON in the test vector format To generate the vector file: 1. Set enabled = true 2. Run the test and capture stdout 3. Save as ciphertext/java/aws-kms-aes128-1.json 4. Set enabled = false again
Add aws-kms-aes128-1.json containing 13 TableName items (4 standard
record types + 9 KeysOnly) and 3 HashKeyOnly items, all encrypted
using DirectKmsMaterialsProvider with {amzn-ddb-env-alg: AES/128}.
Update the generator test to also write HashKeyOnly and KeysOnly
items (which generateStandardData does not produce), then disable
the generator (@test(enabled = false)) now that the vector is committed.
This reverts commit a374774.
When a scenario specifies material_description, verify that each value (e.g. AES/128) appears in the *amzn-ddb-map-desc* blob of every encrypted record in the ciphertext vector file. This proves the ciphertext was actually encrypted with the claimed algorithm, not just that the SDK can decrypt it. Also restores scenarios.json to AES/128 (was temporarily changed to AES/256 for manual verification).
This reverts commit f660950.
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
rishav-karanjit
changed the title
texastony
approved these changes
Mar 18, 2026
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
|
Detected changes to the release files or to the check-files action |
|
Changes to the release files or the check-files action requires 2 approvals from CODEOWNERS |
texastony
approved these changes
Mar 19, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.