/
table.go
89 lines (74 loc) · 2.82 KB
/
table.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
package encrypted
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go-v2/service/dynamodb"
"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
"github.com/aws/aws-sdk-go/aws"
)
// EncryptedTable provides a high-level interface to encrypted DynamoDB operations.
type EncryptedTable struct {
client *EncryptedClient
}
// NewEncryptedTable creates a new EncryptedTable with the given EncryptedClient.
func NewEncryptedTable(client *EncryptedClient) *EncryptedTable {
return &EncryptedTable{
client: client,
}
}
// PutItem encrypts and stores an item in the DynamoDB table.
func (et *EncryptedTable) PutItem(ctx context.Context, tableName string, item map[string]types.AttributeValue) error {
putItemInput := &dynamodb.PutItemInput{
TableName: &tableName,
Item: item,
}
_, err := et.client.PutItem(ctx, putItemInput)
if err != nil {
return fmt.Errorf("failed to put encrypted item: %w", err)
}
return nil
}
// GetItem retrieves and decrypts an item from the DynamoDB table.
func (et *EncryptedTable) GetItem(ctx context.Context, tableName string, key map[string]types.AttributeValue) (map[string]types.AttributeValue, error) {
getItemInput := &dynamodb.GetItemInput{
TableName: &tableName,
Key: key,
}
result, err := et.client.GetItem(ctx, getItemInput)
if err != nil {
return nil, fmt.Errorf("failed to get and decrypt item: %w", err)
}
return result.Item, nil
}
// Query executes a Query operation on the DynamoDB table and decrypts the returned items.
func (et *EncryptedTable) Query(ctx context.Context, tableName string, input *dynamodb.QueryInput) (*dynamodb.QueryOutput, error) {
input.TableName = &tableName
encryptedOutput, err := et.client.Query(ctx, input)
if err != nil {
return nil, fmt.Errorf("error querying encrypted items: %w", err)
}
return encryptedOutput, nil
}
// Scan executes a Scan operation on the DynamoDB table and decrypts the returned items.
func (et *EncryptedTable) Scan(ctx context.Context, tableName string, input *dynamodb.ScanInput) (*dynamodb.ScanOutput, error) {
input.TableName = &tableName
encryptedOutput, err := et.client.Scan(ctx, input)
if err != nil {
return nil, fmt.Errorf("error scanning encrypted items: %w", err)
}
return encryptedOutput, nil
}
// CreateTable creates a new DynamoDB table with the specified name, attribute definitions, and key schema.
func (et *EncryptedTable) CreateTable(ctx context.Context, tableName string, attributes []types.AttributeDefinition, keySchema []types.KeySchemaElement) error {
input := &dynamodb.CreateTableInput{
AttributeDefinitions: attributes,
KeySchema: keySchema,
BillingMode: types.BillingModePayPerRequest,
TableName: aws.String(tableName),
}
_, err := et.client.CreateTable(ctx, input)
if err != nil {
return fmt.Errorf("failed to create table: %w", err)
}
return nil
}