AWS SDK Dynamodb对带有加密数据的二级索引的查询操作

时间:2017-11-01 04:16:34

标签: amazon-dynamodb

我正在尝试使用DynamodbMapper使用gsi查询数据。

    HashMap<String, AttributeValue> eav = new HashMap<>();
    eav.put(":v1", new AttributeValue().withS(employee.getDepartment()));
    eav.put(":v2", new AttributeValue().withS(employee.getContactId()));

    DynamoDBQueryExpression<Employee> queryExpression =
            new DynamoDBQueryExpression()
                    .withIndexName("DepartmentContactId-index")
                    .withKeyConditionExpression("Department = :v1 and contactId = :v2")
                    .withExpressionAttributeValues(eav)
                    .withConsistentRead(false);

     List<Employee> items =
                dynamoDBMapper.query(Employee.class, queryExpression);

我的签名异常不好。 PS:dynamodb中Employee表中的一个字段(列)使用AWSKMS加密。我在dynamodb映射器中配置了相同的KMS密钥,但仍然遇到了同样的问题。有什么指针吗?

Mapper类 - &gt;

package com.test.model;

import com.amazonaws.services.dynamodbv2.datamodeling.*;
importcom.amazonaws.services.dynamodbv2.datamodeling.encryption.DoNotEncrypt;

import static com.test.util.Constants.*;

@DynamoDBTable(tableName = "Employee")
public class Employee {
private String id;
private String department;
private String contactId;
private RulesData rulesData;

// Partition Key
@DynamoDBHashKey(attributeName = ID)
@DynamoDBAutoGeneratedKey
public String getId() {
    return id;
}

public void setId(String id) {
    this.id = id;
}

@DoNotEncrypt
@DynamoDBRangeKey(attributeName = DEPARTMENT)
public String getDepartment() {
    return department;
}

public void setDepartment(String department) {
    this.department = department;
}

@DoNotEncrypt
@DynamoDBAttribute(attributeName = CONTACT_ID)
public String getContactId() {
    return contactId;
}

public void setContactId(String contactId) {
    this.contactId = contactId;
}



@DynamoDBAttribute(attributeName = DATA)
public RulesData getRulesData() {
    return rulesData;
}

public void setRulesData(RulesData rulesData) {
    this.rulesData = rulesData;
}

}

1 个答案:

答案 0 :(得分:0)

如果将全局二级索引(GSI)的投影类型设置为ALL以外的值,则签名属性将不在GSI中。

因此,如果您只需要在GSI上查询中未加密的字段,请使用不带AttributeEncryptor的新DynamoDBMapper。

如果您也需要加密字段,请将GSI的投影类型设置为ALL。