def validate_commitment_policy_on

def validate_commitment_policy_on_encrypt()

in src/aws_encryption_sdk/internal/utils/commitment.py [0:0]

19 lines of code
7 McCabe index (conditional complexity)


def validate_commitment_policy_on_encrypt(commitment_policy, algorithm):
    """Validates that the provided algorithm does not violate the commitment policy for an encrypt request."""
    if commitment_policy == CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT and (
        algorithm is not None and algorithm.is_committing()
    ):
        error_message = (
            "Configuration conflict. Cannot encrypt due to {} requiring only non-committed messages. "
            "Algorithm ID was {}. See: " + TROUBLESHOOTING_URL
        )
        raise ActionNotAllowedError(error_message.format(commitment_policy, algorithm.algorithm_id))
    if commitment_policy in (
        CommitmentPolicy.REQUIRE_ENCRYPT_ALLOW_DECRYPT,
        CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT,
    ):
        if algorithm is not None and not algorithm.is_committing():
            error_message = (
                "Configuration conflict. Cannot encrypt due to {} requiring only committed messages. "
                "Algorithm ID was {}. See: " + TROUBLESHOOTING_URL
            )
            raise ActionNotAllowedError(error_message.format(commitment_policy, algorithm.algorithm_id))