Skip to content

Commit cc82ec6

Browse files
committed
singleton instance
1 parent e7a028f commit cc82ec6

File tree

6 files changed

+49
-49
lines changed

6 files changed

+49
-49
lines changed

PerfTest/runtimes/python/DynamoDbEncryption/pytest.ini

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,10 +14,10 @@ addopts =
1414
--benchmark-sort=name
1515
--benchmark-autosave
1616
--benchmark-save-data
17-
--benchmark-min-rounds=3
18-
--benchmark-rounds=5
1917
markers =
2018
benchmark: mark test as a benchmark test
2119
v3: mark test as DDBEC v3 specific
2220
v4: mark test as DB-ESDK v4 specific
2321
slow: mark test as slow running
22+
item: mark test as using item encryptor methods
23+
client: mark test as using EncryptedClient methods

PerfTest/runtimes/python/DynamoDbEncryption/src/v3/test_base.py

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -41,13 +41,21 @@ def __init__(self):
4141
# Create materials provider
4242
self.materials_provider = self._create_materials_provider()
4343

44+
attribute_actions={
45+
self.partition_key: CryptoAction.SIGN_ONLY,
46+
self.sort_key: CryptoAction.SIGN_ONLY,
47+
}
48+
49+
# Add all other attributes as ENCRYPT_AND_SIGN
50+
for data_type, item in self.test_data.items():
51+
for key in item:
52+
if key not in attribute_actions:
53+
attribute_actions[key] = CryptoAction.ENCRYPT_AND_SIGN
54+
4455
# Create attribute actions
4556
self.actions = AttributeActions(
4657
default_action=CryptoAction.ENCRYPT_AND_SIGN,
47-
attribute_actions={
48-
self.partition_key: CryptoAction.DO_NOTHING,
49-
self.sort_key: CryptoAction.DO_NOTHING,
50-
},
58+
attribute_actions=attribute_actions,
5159
)
5260

5361
# Create encryption context
@@ -75,20 +83,7 @@ def _load_test_data(self) -> Dict[str, Any]:
7583
# Load single attribute data
7684
with open(SINGLE_ATTRIBUTE_FILE, "r") as f:
7785
single_data = json.load(f)
78-
# Convert to DynamoDB format
79-
ddb_item = {}
80-
for k, v in single_data.items():
81-
if isinstance(v, str):
82-
ddb_item[k] = {"S": v}
83-
elif isinstance(v, (int, float)):
84-
ddb_item[k] = {"N": str(v)}
85-
elif isinstance(v, bool):
86-
ddb_item[k] = {"BOOL": v}
87-
elif isinstance(v, list):
88-
ddb_item[k] = {"L": [self._convert_to_ddb_value(item) for item in v]}
89-
elif isinstance(v, dict):
90-
ddb_item[k] = {"M": {sk: self._convert_to_ddb_value(sv) for sk, sv in v.items()}}
91-
data["single_attribute"] = ddb_item
86+
data["single_attribute"] = self._convert_to_ddb_format(single_data)
9287

9388
# Load nested attributes data
9489
with open(NESTED_ATTRIBUTES_FILE, "r") as f:
@@ -183,7 +178,9 @@ def benchmark_encrypt(self, benchmark, data_type: str):
183178
def encrypt():
184179
return self.encrypt_item(item)
185180

186-
encrypted_item = benchmark(encrypt)
181+
# Run the encryption benchmark in pedantic mode, which disables calibration
182+
# and runs exactly 10 iterations per round for 5 rounds (50 total executions)
183+
encrypted_item = benchmark.pedantic(encrypt, iterations=10, rounds=5)
187184

188185
# Verify encryption actually worked
189186
self._verify_encryption(item, encrypted_item)
@@ -227,7 +224,9 @@ def benchmark_decrypt(self, benchmark, data_type: str):
227224
def decrypt():
228225
return self.decrypt_item(encrypted_item)
229226

230-
decrypted_item = benchmark(decrypt)
227+
# Run the decryption benchmark in pedantic mode, which disables calibration
228+
# and runs exactly 10 iterations per round for 5 rounds (50 total executions)
229+
decrypted_item = benchmark.pedantic(decrypt, iterations=10, rounds=5)
231230

232231
# Verify decryption worked correctly - comprehensive verification
233232
assert decrypted_item[self.partition_key] == item[self.partition_key]

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/aws_kms_keyring_test.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
"""Performance tests for DB-ESDK v4 with AWS KMS Keyring using EncryptedClient."""
2-
2+
import boto3
33
import pytest
44
from aws_cryptographic_material_providers.mpl import AwsCryptographicMaterialProviders
55
from aws_cryptographic_material_providers.mpl.config import MaterialProvidersConfig
@@ -11,7 +11,7 @@
1111

1212

1313
class V4AWSKMSKeyring(V4PerformanceTestBase):
14-
"""DB-ESDK v4 with AWS KMS Keyring using EncryptedClient."""
14+
"""DB-ESDK v4 with AWS KMS Keyring."""
1515

1616
def _create_keyring(self) -> IKeyring:
1717
"""Create the AWS KMS Keyring as shown in basic_put_get_example."""
@@ -31,7 +31,7 @@ def _create_keyring(self) -> IKeyring:
3131

3232
# Create a singleton instance
3333
_test_instance = None
34-
34+
_kms_client = boto3.client("kms")
3535

3636
def get_test_instance():
3737
"""Get or create the test instance."""

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/hierarchy_keyring_test.py

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ def get_branch_key_id_from_ddb_key(self, param: GetBranchKeyIdFromDdbKeyInput) -
6262

6363

6464
class V4HierarchyKeyring(V4PerformanceTestBase):
65-
"""DB-ESDK v4 with Hierarchy Keyring using EncryptedClient ."""
65+
"""DB-ESDK v4 with Hierarchy Keyring."""
6666

6767
def __init__(self):
6868
"""Initialize with keystore setup."""
@@ -73,10 +73,10 @@ def _create_keyring(self) -> IKeyring:
7373
# 1. Create KeyStore configuration
7474
keystore = KeyStore(
7575
config=KeyStoreConfig(
76-
ddb_client=boto3.client("dynamodb", region_name="us-west-2"),
76+
ddb_client=_ddb_client,
7777
ddb_table_name="KeyStoreTestTable",
7878
logical_key_store_name="KeyStoreTestTable",
79-
kms_client=boto3.client("kms", region_name="us-west-2"),
79+
kms_client=_kms_client,
8080
kms_configuration=KMSConfigurationKmsKeyArn(KMS_KEY_ARN),
8181
)
8282
)
@@ -119,7 +119,8 @@ def _create_keyring(self) -> IKeyring:
119119

120120
# Create a singleton instance
121121
_test_instance = None
122-
122+
_kms_client = boto3.client("kms", region_name="us-west-2")
123+
_ddb_client = boto3.client("dynamodb", region_name="us-west-2")
123124

124125
def get_test_instance():
125126
"""Get or create the test instance."""

PerfTest/runtimes/python/DynamoDbEncryption/src/v4/test_base.py

Lines changed: 13 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -8,10 +8,10 @@
88

99
import boto3
1010
from aws_cryptographic_material_providers.mpl.references import IKeyring
11+
from aws_cryptographic_material_providers.mpl.models import DBEAlgorithmSuiteId
1112
from aws_dbesdk_dynamodb.encrypted.item import ItemEncryptor
1213
from aws_dbesdk_dynamodb.structures.item_encryptor import DynamoDbItemEncryptorConfig
1314
from aws_dbesdk_dynamodb.structures.structured_encryption import CryptoAction
14-
from aws_dbesdk_dynamodb.transform import ddb_to_dict
1515

1616
# Add parent directory to path for imports
1717
sys.path.insert(0, str(Path(__file__).parent.parent))
@@ -38,9 +38,6 @@ def __init__(self):
3838
# Load test data
3939
self.test_data = self._load_test_data()
4040

41-
# Create a real DynamoDB client (not used for actual AWS calls in performance tests)
42-
self.dynamodb_client = boto3.client("dynamodb", region_name="us-west-2")
43-
4441
# Create keyring
4542
self.keyring = self._create_keyring()
4643

@@ -63,6 +60,15 @@ def __init__(self):
6360
attribute_actions_on_encrypt=self.attribute_actions,
6461
keyring=self.keyring,
6562
allowed_unsigned_attribute_prefix=":",
63+
# Specifying an algorithm suite is not required,
64+
# but is done here to demonstrate how to do so.
65+
# We suggest using the
66+
# `ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384_SYMSIG_HMAC_SHA384` suite,
67+
# which includes AES-GCM with key derivation, signing, and key commitment.
68+
# This is also the default algorithm suite if one is not specified in this config.
69+
# For more information on supported algorithm suites, see:
70+
# https://docs.aws.amazon.com/database-encryption-sdk/latest/devguide/supported-algorithms.html
71+
algorithm_suite_id=DBEAlgorithmSuiteId.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_SYMSIG_HMAC_SHA384,
6672
)
6773

6874
# Create the DynamoDb Item Encryptor
@@ -80,20 +86,7 @@ def _load_test_data(self) -> Dict[str, Any]:
8086
# Load single attribute data
8187
with open(SINGLE_ATTRIBUTE_FILE, "r") as f:
8288
single_data = json.load(f)
83-
# Convert to DynamoDB format
84-
ddb_item = {}
85-
for k, v in single_data.items():
86-
if isinstance(v, str):
87-
ddb_item[k] = {"S": v}
88-
elif isinstance(v, (int, float)):
89-
ddb_item[k] = {"N": str(v)}
90-
elif isinstance(v, bool):
91-
ddb_item[k] = {"BOOL": v}
92-
elif isinstance(v, list):
93-
ddb_item[k] = {"L": [self._convert_to_ddb_value(item) for item in v]}
94-
elif isinstance(v, dict):
95-
ddb_item[k] = {"M": {sk: self._convert_to_ddb_value(sv) for sk, sv in v.items()}}
96-
data["single_attribute"] = ddb_item
89+
data["single_attribute"] = self._convert_to_ddb_format(single_data)
9790

9891
# Load nested attributes data
9992
with open(NESTED_ATTRIBUTES_FILE, "r") as f:
@@ -186,7 +179,7 @@ def benchmark_encrypt(self, benchmark, data_type: str):
186179
def encrypt():
187180
return self.encrypt_item(item)
188181

189-
encrypted_item = benchmark(encrypt)
182+
encrypted_item = benchmark.pedantic(encrypt, iterations=10, rounds=5)
190183
self._verify_encryption(item, encrypted_item)
191184

192185
# For encrypt: only report original (plaintext) size
@@ -214,7 +207,7 @@ def benchmark_decrypt(self, benchmark, data_type: str):
214207
def decrypt():
215208
return self.decrypt_item(encrypted_item)
216209

217-
decrypted_item = benchmark(decrypt)
210+
decrypted_item = benchmark.pedantic(decrypt, iterations=10, rounds=5)
218211

219212
# Verify decryption worked correctly - comprehensive verification
220213
assert decrypted_item[self.partition_key] == item[self.partition_key]

PerfTest/runtimes/python/DynamoDbEncryption/tox.ini

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
isolated_build = True
33
envlist =
44
py{311,312,313}-{v3,v4,all}
5+
benchmark
56

67
[testenv:base-command]
78
commands = poetry run pytest -s -v -l {posargs}
@@ -18,6 +19,12 @@ commands =
1819
v4: {[testenv:base-command]commands} src/v4/ --benchmark-only -m v4
1920
all: {[testenv:base-command]commands} src/ --benchmark-only
2021

22+
[testenv:benchmark]
23+
commands_pre =
24+
poetry lock
25+
poetry install --with test --no-root
26+
commands = poetry run pytest src/ --benchmark-only -m "{posargs:item}"
27+
2128
[testenv:run-benchmarks]
2229
commands_pre =
2330
poetry lock

0 commit comments

Comments
 (0)