WIP

Author: netf

go.mod

@@ -27,6 +27,7 @@ require (
 	github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect
 	github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/klauspost/compress v1.17.7 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/stretchr/testify v1.9.0 // indirect

go.sum

@@ -49,6 +49,8 @@ github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
+github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg=
+github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=

pkg/encrypted/resource.go

@@ -0,0 +1,26 @@
+package encrypted
+
+import (
+	"github.com/cloudopsy/dynamodb-encryption-go/pkg/provider"
+)
+
+// EncryptedResource provides a high-level interface to work with encrypted DynamoDB resources.
+type EncryptedResource struct {
+	Client            *EncryptedClient
+	MaterialsProvider provider.CryptographicMaterialsProvider
+	AttributeActions  *AttributeActions
+}
+
+// NewEncryptedResource creates a new instance of EncryptedResource.
+func NewEncryptedResource(client *EncryptedClient, materialsProvider provider.CryptographicMaterialsProvider, attributeActions *AttributeActions) *EncryptedResource {
+	return &EncryptedResource{
+		Client:            client,
+		MaterialsProvider: materialsProvider,
+		AttributeActions:  attributeActions,
+	}
+}
+
+// Table returns an EncryptedTable instance for the specified table name.
+func (r *EncryptedResource) Table(name string) *EncryptedTable {
+	return NewEncryptedTable(r.Client)
+}

pkg/encrypted/table.go

@@ -0,0 +1,77 @@
+package encrypted
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb"
+	"github.com/aws/aws-sdk-go-v2/service/dynamodb/types"
+)
+
+// EncryptedTable provides a high-level interface to encrypted DynamoDB operations.
+type EncryptedTable struct {
+	client *EncryptedClient
+}
+
+// NewEncryptedTable creates a new EncryptedTable with the given EncryptedClient.
+func NewEncryptedTable(client *EncryptedClient) *EncryptedTable {
+	return &EncryptedTable{
+		client: client,
+	}
+}
+
+// PutItem encrypts and stores an item in the DynamoDB table.
+func (et *EncryptedTable) PutItem(ctx context.Context, tableName string, item map[string]types.AttributeValue) error {
+	putItemInput := &dynamodb.PutItemInput{
+		TableName: &tableName,
+		Item:      item,
+	}
+	_, err := et.client.PutItem(ctx, putItemInput)
+	if err != nil {
+		return fmt.Errorf("failed to put encrypted item: %w", err)
+	}
+	return nil
+}
+
+// GetItem retrieves and decrypts an item from the DynamoDB table.
+func (et *EncryptedTable) GetItem(ctx context.Context, tableName string, key map[string]types.AttributeValue) (map[string]types.AttributeValue, error) {
+	getItemInput := &dynamodb.GetItemInput{
+		TableName: &tableName,
+		Key:       key,
+	}
+	result, err := et.client.GetItem(ctx, getItemInput)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get and decrypt item: %w", err)
+	}
+	return result.Item, nil
+}
+
+// Query executes a Query operation on the DynamoDB table and decrypts the returned items.
+func (et *EncryptedTable) Query(ctx context.Context, tableName string, input *dynamodb.QueryInput) (*dynamodb.QueryOutput, error) {
+	// Set the table name for the query input
+	input.TableName = &tableName
+
+	// Execute the query through the EncryptedClient
+	encryptedOutput, err := et.client.Query(ctx, input)
+	if err != nil {
+		return nil, fmt.Errorf("error querying encrypted items: %w", err)
+	}
+
+	// The items are already decrypted by EncryptedClient.Query, return the result directly
+	return encryptedOutput, nil
+}
+
+// Scan executes a Scan operation on the DynamoDB table and decrypts the returned items.
+func (et *EncryptedTable) Scan(ctx context.Context, tableName string, input *dynamodb.ScanInput) (*dynamodb.ScanOutput, error) {
+	// Set the table name for the scan input
+	input.TableName = &tableName
+
+	// Execute the scan through the EncryptedClient
+	encryptedOutput, err := et.client.Scan(ctx, input)
+	if err != nil {
+		return nil, fmt.Errorf("error scanning encrypted items: %w", err)
+	}
+
+	// The items are already decrypted by EncryptedClient. Scan, return the result directly
+	return encryptedOutput, nil
+}

pkg/utils/compression.go

@@ -0,0 +1,102 @@
+package utils
+
+import (
+	"bytes"
+	"compress/gzip"
+	"fmt"
+	"io"
+
+	"github.com/klauspost/compress/zstd"
+)
+
+type Compressor interface {
+	Compress(data []byte) ([]byte, error)
+	Decompress(data []byte) ([]byte, error)
+}
+
+type GzipCompressor struct {
+	level int
+}
+
+func NewGzipCompressor(level int) *GzipCompressor {
+	return &GzipCompressor{level: level}
+}
+
+type ZstdCompressor struct {
+	level int
+}
+
+func NewZstdCompressor(level int) *ZstdCompressor {
+	return &ZstdCompressor{level: level}
+}
+
+func compress(data []byte, fn func(w io.Writer) (io.WriteCloser, error)) ([]byte, error) {
+	var buf bytes.Buffer
+	w, err := fn(&buf)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create compressor: %v", err)
+	}
+	defer w.Close()
+
+	_, err = w.Write(data)
+	if err != nil {
+		return nil, fmt.Errorf("failed to compress data: %v", err)
+	}
+
+	err = w.Close()
+	if err != nil {
+		return nil, fmt.Errorf("failed to close compressor: %v", err)
+	}
+
+	return buf.Bytes(), nil
+}
+
+func decompress(data []byte, fn func(r io.Reader) ([]byte, error)) ([]byte, error) {
+	return fn(bytes.NewReader(data))
+}
+
+func (c *GzipCompressor) Compress(data []byte) ([]byte, error) {
+	return compress(data, func(w io.Writer) (io.WriteCloser, error) {
+		return gzip.NewWriterLevel(w, c.level)
+	})
+}
+
+func (c *GzipCompressor) Decompress(data []byte) ([]byte, error) {
+	return decompress(data, func(r io.Reader) ([]byte, error) {
+		reader, err := gzip.NewReader(r)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create gzip reader: %v", err)
+		}
+		defer reader.Close()
+
+		decompressedData, err := io.ReadAll(reader)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decompress data: %v", err)
+		}
+
+		return decompressedData, nil
+	})
+}
+
+func (c *ZstdCompressor) Compress(data []byte) ([]byte, error) {
+	return compress(data, func(w io.Writer) (io.WriteCloser, error) {
+		return zstd.NewWriter(w, zstd.WithEncoderLevel(zstd.EncoderLevelFromZstd(c.level)))
+	})
+}
+
+func (c *ZstdCompressor) Decompress(data []byte) ([]byte, error) {
+	return decompress(data, func(r io.Reader) ([]byte, error) {
+		decoder, err := zstd.NewReader(r)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create zstd reader: %v", err)
+		}
+		defer decoder.Close()
+
+		decompressedData, err := io.ReadAll(decoder)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decompress data: %v", err)
+		}
+
+		return decompressedData, nil
+	})
+}