singleton instance

Author: imabhichow

PerfTest/runtimes/python/DynamoDbEncryption/pytest.ini

@@ -14,10 +14,10 @@ addopts =
     --benchmark-sort=name
     --benchmark-autosave
     --benchmark-save-data
-    --benchmark-min-rounds=3
-    --benchmark-rounds=5
 markers =
     benchmark: mark test as a benchmark test
     v3: mark test as DDBEC v3 specific
     v4: mark test as DB-ESDK v4 specific
     slow: mark test as slow running
+    item: mark test as using item encryptor methods
+    client: mark test as using EncryptedClient methods

PerfTest/runtimes/python/DynamoDbEncryption/src/v3/test_base.py

@@ -41,13 +41,21 @@ def __init__(self):
         # Create materials provider
         self.materials_provider = self._create_materials_provider()
 
+        attribute_actions={
+                self.partition_key: CryptoAction.SIGN_ONLY,
+                self.sort_key: CryptoAction.SIGN_ONLY,
+            }
+
+        # Add all other attributes as ENCRYPT_AND_SIGN
+        for data_type, item in self.test_data.items():
+            for key in item:
+                if key not in attribute_actions:
+                    attribute_actions[key] = CryptoAction.ENCRYPT_AND_SIGN
+
         # Create attribute actions
         self.actions = AttributeActions(
             default_action=CryptoAction.ENCRYPT_AND_SIGN,
-            attribute_actions={
-                self.partition_key: CryptoAction.DO_NOTHING,
-                self.sort_key: CryptoAction.DO_NOTHING,
-            },
+            attribute_actions=attribute_actions,
         )
 
         # Create encryption context
@@ -75,20 +83,7 @@ def _load_test_data(self) -> Dict[str, Any]:
         # Load single attribute data
         with open(SINGLE_ATTRIBUTE_FILE, "r") as f:
             single_data = json.load(f)
-            # Convert to DynamoDB format
-            ddb_item = {}
-            for k, v in single_data.items():
-                if isinstance(v, str):
-                    ddb_item[k] = {"S": v}
-                elif isinstance(v, (int, float)):
-                    ddb_item[k] = {"N": str(v)}
-                elif isinstance(v, bool):
-                    ddb_item[k] = {"BOOL": v}
-                elif isinstance(v, list):
-                    ddb_item[k] = {"L": [self._convert_to_ddb_value(item) for item in v]}
-                elif isinstance(v, dict):
-                    ddb_item[k] = {"M": {sk: self._convert_to_ddb_value(sv) for sk, sv in v.items()}}
-            data["single_attribute"] = ddb_item
+            data["single_attribute"] = self._convert_to_ddb_format(single_data)
 
         # Load nested attributes data
         with open(NESTED_ATTRIBUTES_FILE, "r") as f:
@@ -183,7 +178,9 @@ def benchmark_encrypt(self, benchmark, data_type: str):
         def encrypt():
             return self.encrypt_item(item)
 
-        encrypted_item = benchmark(encrypt)
+        # Run the encryption benchmark in pedantic mode, which disables calibration
+        # and runs exactly 10 iterations per round for 5 rounds (50 total executions)
+        encrypted_item = benchmark.pedantic(encrypt, iterations=10, rounds=5)
 
         # Verify encryption actually worked
         self._verify_encryption(item, encrypted_item)
@@ -227,7 +224,9 @@ def benchmark_decrypt(self, benchmark, data_type: str):
         def decrypt():
             return self.decrypt_item(encrypted_item)
 
-        decrypted_item = benchmark(decrypt)
+        # Run the decryption benchmark in pedantic mode, which disables calibration
+        # and runs exactly 10 iterations per round for 5 rounds (50 total executions)
+        decrypted_item = benchmark.pedantic(decrypt, iterations=10, rounds=5)
 
         # Verify decryption worked correctly - comprehensive verification
         assert decrypted_item[self.partition_key] == item[self.partition_key]

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/aws_kms_keyring_test.py

@@ -1,5 +1,5 @@
 """Performance tests for DB-ESDK v4 with AWS KMS Keyring using EncryptedClient."""
-
+import boto3
 import pytest
 from aws_cryptographic_material_providers.mpl import AwsCryptographicMaterialProviders
 from aws_cryptographic_material_providers.mpl.config import MaterialProvidersConfig
@@ -11,7 +11,7 @@
 
 
 class V4AWSKMSKeyring(V4PerformanceTestBase):
-    """DB-ESDK v4 with AWS KMS Keyring using EncryptedClient."""
+    """DB-ESDK v4 with AWS KMS Keyring."""
 
     def _create_keyring(self) -> IKeyring:
         """Create the AWS KMS Keyring as shown in basic_put_get_example."""
@@ -31,7 +31,7 @@ def _create_keyring(self) -> IKeyring:
 
 # Create a singleton instance
 _test_instance = None
-
+_kms_client = boto3.client("kms")
 
 def get_test_instance():
     """Get or create the test instance."""

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/hierarchy_keyring_test.py

@@ -62,7 +62,7 @@ def get_branch_key_id_from_ddb_key(self, param: GetBranchKeyIdFromDdbKeyInput) -
 
 
 class V4HierarchyKeyring(V4PerformanceTestBase):
-    """DB-ESDK v4 with Hierarchy Keyring using EncryptedClient ."""
+    """DB-ESDK v4 with Hierarchy Keyring."""
 
     def __init__(self):
         """Initialize with keystore setup."""
@@ -73,10 +73,10 @@ def _create_keyring(self) -> IKeyring:
         # 1. Create KeyStore configuration
         keystore = KeyStore(
             config=KeyStoreConfig(
-                ddb_client=boto3.client("dynamodb", region_name="us-west-2"),
+                ddb_client=_ddb_client,
                 ddb_table_name="KeyStoreTestTable",
                 logical_key_store_name="KeyStoreTestTable",
-                kms_client=boto3.client("kms", region_name="us-west-2"),
+                kms_client=_kms_client,
                 kms_configuration=KMSConfigurationKmsKeyArn(KMS_KEY_ARN),
             )
         )
@@ -119,7 +119,8 @@ def _create_keyring(self) -> IKeyring:
 
 # Create a singleton instance
 _test_instance = None
-
+_kms_client = boto3.client("kms", region_name="us-west-2")
+_ddb_client = boto3.client("dynamodb", region_name="us-west-2")
 
 def get_test_instance():
     """Get or create the test instance."""

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/test_base.py

@@ -8,10 +8,10 @@
 
 import boto3
 from aws_cryptographic_material_providers.mpl.references import IKeyring
+from aws_cryptographic_material_providers.mpl.models import DBEAlgorithmSuiteId
 from aws_dbesdk_dynamodb.encrypted.item import ItemEncryptor
 from aws_dbesdk_dynamodb.structures.item_encryptor import DynamoDbItemEncryptorConfig
 from aws_dbesdk_dynamodb.structures.structured_encryption import CryptoAction
-from aws_dbesdk_dynamodb.transform import ddb_to_dict
 
 # Add parent directory to path for imports
 sys.path.insert(0, str(Path(__file__).parent.parent))
@@ -38,9 +38,6 @@ def __init__(self):
         # Load test data
         self.test_data = self._load_test_data()
 
-        # Create a real DynamoDB client (not used for actual AWS calls in performance tests)
-        self.dynamodb_client = boto3.client("dynamodb", region_name="us-west-2")
-
         # Create keyring
         self.keyring = self._create_keyring()
 
@@ -63,6 +60,15 @@ def __init__(self):
             attribute_actions_on_encrypt=self.attribute_actions,
             keyring=self.keyring,
             allowed_unsigned_attribute_prefix=":",
+            # Specifying an algorithm suite is not required,
+            # but is done here to demonstrate how to do so.
+            # We suggest using the
+            # `ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384` suite,
+            # which includes AES-GCM with key derivation, signing, and key commitment.
+            # This is also the default algorithm suite if one is not specified in this config.
+            # For more information on supported algorithm suites, see:
+            #   https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/supported-algorithms.html
+            algorithm_suite_id=DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384,
         )
 
         # Create the DynamoDb Item Encryptor
@@ -80,20 +86,7 @@ def _load_test_data(self) -> Dict[str, Any]:
         # Load single attribute data
         with open(SINGLE_ATTRIBUTE_FILE, "r") as f:
             single_data = json.load(f)
-            # Convert to DynamoDB format
-            ddb_item = {}
-            for k, v in single_data.items():
-                if isinstance(v, str):
-                    ddb_item[k] = {"S": v}
-                elif isinstance(v, (int, float)):
-                    ddb_item[k] = {"N": str(v)}
-                elif isinstance(v, bool):
-                    ddb_item[k] = {"BOOL": v}
-                elif isinstance(v, list):
-                    ddb_item[k] = {"L": [self._convert_to_ddb_value(item) for item in v]}
-                elif isinstance(v, dict):
-                    ddb_item[k] = {"M": {sk: self._convert_to_ddb_value(sv) for sk, sv in v.items()}}
-            data["single_attribute"] = ddb_item
+            data["single_attribute"] = self._convert_to_ddb_format(single_data)
 
         # Load nested attributes data
         with open(NESTED_ATTRIBUTES_FILE, "r") as f:
@@ -186,7 +179,7 @@ def benchmark_encrypt(self, benchmark, data_type: str):
         def encrypt():
             return self.encrypt_item(item)
 
-        encrypted_item = benchmark(encrypt)
+        encrypted_item = benchmark.pedantic(encrypt, iterations=10, rounds=5)
         self._verify_encryption(item, encrypted_item)
 
         # For encrypt: only report original (plaintext) size
@@ -214,7 +207,7 @@ def benchmark_decrypt(self, benchmark, data_type: str):
         def decrypt():
             return self.decrypt_item(encrypted_item)
 
-        decrypted_item = benchmark(decrypt)
+        decrypted_item = benchmark.pedantic(decrypt, iterations=10, rounds=5)
 
         # Verify decryption worked correctly - comprehensive verification
         assert decrypted_item[self.partition_key] == item[self.partition_key]

PerfTest/runtimes/python/DynamoDbEncryption/tox.ini

@@ -2,6 +2,7 @@
 isolated_build = True
 envlist =
   py{311,312,313}-{v3,v4,all}
+  benchmark
 
 [testenv:base-command]
 commands = poetry run pytest -s -v -l {posargs}
@@ -18,6 +19,12 @@ commands =
     v4: {[testenv:base-command]commands} src/v4/ --benchmark-only -m v4
     all: {[testenv:base-command]commands} src/ --benchmark-only
 
+[testenv:benchmark]
+commands_pre =
+    poetry lock
+    poetry install --with test --no-root
+commands = poetry run pytest src/ --benchmark-only -m "{posargs:item}"
+
 [testenv:run-benchmarks]
 commands_pre =
     poetry lock