diff --git a/package-lock.json b/package-lock.json index 352fe356..0815b1a8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "aws-lambda-stream", - "version": "1.1.3", + "version": "1.1.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "aws-lambda-stream", - "version": "1.1.3", + "version": "1.1.4", "license": "MIT", "dependencies": { "object-sizeof": "^2.6.0" diff --git a/package.json b/package.json index 53c74d87..3a40c76f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "aws-lambda-stream", - "version": "1.1.3", + "version": "1.1.4", "description": "Create stream processors with AWS Lambda functions.", "keywords": [ "aws", diff --git a/src/utils/encryption.js b/src/utils/encryption.js index 694423e3..b76f8ecd 100644 --- a/src/utils/encryption.js +++ b/src/utils/encryption.js @@ -166,10 +166,11 @@ export const encryptData = ({ regions = (process.env.KMS_REGIONS && process.env.KMS_REGIONS.split(',')), AES = true, } = {}) => async (data) => { + const eemMetadata = typeof eem === 'function' ? eem(data) : eem; const result = await encryptObject(data, { masterKeyAlias, regions, - ...eem, // fields and overrides + ...eemMetadata, // fields and overrides AES, }) // .tap(debug) diff --git a/test/unit/utils/encryption.test.js b/test/unit/utils/encryption.test.js index b2e17b74..fca92ee4 100644 --- a/test/unit/utils/encryption.test.js +++ b/test/unit/utils/encryption.test.js @@ -252,6 +252,99 @@ describe('utils/encryption.js', () => { .done(done); }); + it('should encrypt data - listener function w/ eem as function', (done) => { + const rule1 = { + id: 'e1', + flavor: materialize, + eventType: 'thing-created', + toUpdateRequest: async (uow, rule) => ({ + Key: { + pk: uow.event.thing.id, + sk: 'thing', + }, + ...updateExpression(await rule.encrypt({ + ...uow.event.thing, + discriminator: 'thing', + timestamp: uow.event.timestamp, + })), + }), + eem: (data) => { + if (data.discriminator === 'thing') { + return { + fields: [ + 'name', + 'description', + ], + }; + } else { + return { + fields: [], + }; + } + }, + masterKeyAlias: 'alias/aws-kms-ee', + AES: false, + }; + + const events = toKinesisRecords([{ + id: '0', + type: 'thing-created', + timestamp: 1572832690000, + thing: { + id: '1', + name: 'n1', + description: 'd1', + status: 's1', + }, + }]); + + initialize({ + ...initializeFrom([rule1]), + }) + .assemble(fromKinesis(events), false) + .collect() + .tap((collected) => { + // console.log(JSON.stringify(collected, null, 2)); + expect(collected.length).to.equal(1); + expect(collected[0].updateRequest).to.deep.equal({ + Key: { + pk: '1', + sk: 'thing', + }, + ExpressionAttributeNames: { + '#id': 'id', + '#name': 'name', + '#description': 'description', + '#status': 'status', + '#discriminator': 'discriminator', + '#timestamp': 'timestamp', + '#eem': 'eem', + }, + ExpressionAttributeValues: { + ':id': '1', + ':name': 'Im4xIg==', + ':description': 'ImQxIg==', + ':status': 's1', + ':discriminator': 'thing', + ':timestamp': 1572832690000, + ':eem': { + dataKeys: { + 'us-west-2': MOCK_GEN_DK_RESPONSE.CiphertextBlob.toString('base64'), + }, + masterKeyAlias: 'alias/aws-kms-ee', + fields: [ + 'name', + 'description', + ], + }, + }, + UpdateExpression: 'SET #id = :id, #name = :name, #description = :description, #status = :status, #discriminator = :discriminator, #timestamp = :timestamp, #eem = :eem', + ReturnValues: 'ALL_NEW', + }); + }) + .done(done); + }); + it('should decrypt data - query function', async () => { const encryptedQueryResults = [{ id: '1',