private static Map getActionsFromSchema()

in DynamoDbEncryption/runtimes/java/src/main/java/software/amazon/cryptography/dbencryptionsdk/dynamodb/enhancedclient/DynamoDbEnhancedClientEncryption.java [154:251]

• 94 lines of code
• 8 McCabe index (conditional complexity)

  private static Map<String, CryptoAction> getActionsFromSchema(
    String tableName,
    TableSchema<?> topTableSchema
  ) {
    Set<String> signOnlyAttributes = getSignOnlyAttributes(topTableSchema);
    Set<String> signAndIncludeAttributes =
      getSignAndIncludeInEncryptionContextAttributes(topTableSchema);
    Set<String> doNothingAttributes = getDoNothingAttributes(topTableSchema);
    Set<String> keyAttributes = attributeNamesUsedInIndices(
      topTableSchema.tableMetadata()
    );
    Set<String> tableKeys = attributeNamesUsedInPrimaryKey(
      topTableSchema.tableMetadata()
    );
    List<String> attributeNames = topTableSchema.attributeNames();

    Map<String, CryptoAction> actions = new HashMap<>();
    StringBuilder path = new StringBuilder();
    path.append(tableName).append(".");
    for (String attributeName : attributeNames) {
      if (tableKeys.contains(attributeName)) {
        if (signAndIncludeAttributes.isEmpty()) {
          validateAttributeUsage(
            tableName,
            attributeName,
            "a primary key",
            Optional.empty(),
            Optional.of(signAndIncludeAttributes),
            Optional.of(doNothingAttributes)
          );
          actions.put(attributeName, CryptoAction.SIGN_ONLY);
        } else {
          validateAttributeUsage(
            tableName,
            attributeName,
            "a primary key",
            Optional.of(signOnlyAttributes),
            Optional.empty(),
            Optional.of(doNothingAttributes)
          );
          actions.put(
            attributeName,
            CryptoAction.SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT
          );
        }
      } else if (signOnlyAttributes.contains(attributeName)) {
        validateAttributeUsage(
          tableName,
          attributeName,
          "@DynamoDbEncryptionSignOnly",
          Optional.empty(),
          Optional.of(signAndIncludeAttributes),
          Optional.of(doNothingAttributes)
        );
        actions.put(attributeName, CryptoAction.SIGN_ONLY);
      } else if (signAndIncludeAttributes.contains(attributeName)) {
        validateAttributeUsage(
          tableName,
          attributeName,
          "@DynamoDbEncryptionSignAndIncludeInEncryptionContext",
          Optional.of(signOnlyAttributes),
          Optional.empty(),
          Optional.of(doNothingAttributes)
        );
        actions.put(
          attributeName,
          CryptoAction.SIGN_AND_INCLUDE_IN_ENCRYPTION_CONTEXT
        );
      } else if (keyAttributes.contains(attributeName)) {
        validateAttributeUsage(
          tableName,
          attributeName,
          "an index key",
          Optional.empty(),
          Optional.of(signAndIncludeAttributes),
          Optional.of(doNothingAttributes)
        );
        actions.put(attributeName, CryptoAction.SIGN_ONLY);
      } else if (doNothingAttributes.contains(attributeName)) {
        validateAttributeUsage(
          tableName,
          attributeName,
          "@DynamoDbEncryptionDoNothing",
          Optional.of(signOnlyAttributes),
          Optional.of(signAndIncludeAttributes),
          Optional.empty()
        );
        actions.put(attributeName, CryptoAction.DO_NOTHING);
      } else {
        // non-key attributes are ENCRYPT_AND_SIGN unless otherwise annotated
        actions.put(attributeName, CryptoAction.ENCRYPT_AND_SIGN);
      }

      // Detect Encryption Flags that are Ignored b/c they are in a Nested Class
      scanForIgnoredEncryptionTags(topTableSchema, attributeName, path);
    }
    return actions;
  }