Merge pull request #51 from SalusaSecondus/issue-32

Force use of SaveBehavior.PUT or SaveBehavior.CLOBBER. Issue #32

Author: SalusaSecondus

src/main/java/com/amazonaws/services/dynamodbv2/datamodeling/AttributeEncryptor.java

@@ -38,8 +38,7 @@
 
 /**
  * Encrypts all non-key fields prior to storing them in DynamoDB.
- * <em>This must be used with @{link SaveBehavior#PUT} or @{link SaveBehavior#CLOBBER}. Use of
- * any other @{code SaveBehavior} can result in data-corruption.</em>
+ * <em>This must be used with @{link SaveBehavior#PUT} or @{link SaveBehavior#CLOBBER}.</em>
  * 
  * @author Greg Rubin 
  */
@@ -77,7 +76,8 @@ public Map<String, AttributeValue> transform(final Parameters<?> parameters) {
         // unmodified fields. Thus, upon untransform, the signature verification will fail as it won't cover all
         // expected fields.
         if (parameters.isPartialUpdate()) {
-            LOG.error("Use of AttributeEncryptor without SaveBehavior.PUT or SaveBehavior.CLOBBER is an error " +
+            throw new DynamoDBMappingException(
+                "Use of AttributeEncryptor without SaveBehavior.PUT or SaveBehavior.CLOBBER is an error " +
 	        "and can result in data-corruption. This occured while trying to save " +
 	        parameters.getModelClass());
         }

src/test/java/com/amazonaws/services/dynamodbv2/datamodeling/AttributeEncryptorTest.java

@@ -129,6 +129,13 @@ public void fullEncryption() {
         assertNotNull(encryptedAttributes.get("stringValue").getB());
     }
 
+    @Test(expected = DynamoDBMappingException.class)
+    public void rejectsPartialUpdate() {
+        Parameters<BaseClass> params = FakeParameters.getInstance(BaseClass.class, attribs, null,
+            TABLE_NAME, HASH_KEY, RANGE_KEY, true);
+        encryptor.transform(params);
+    }
+
     @Test(expected = DynamoDBMappingException.class)
     public void fullEncryptionBadSignature() {
         Parameters<BaseClass> params = FakeParameters.getInstance(BaseClass.class, attribs, null,