Updates to wrapper and specification.

Author: rlhagerm

dotnetv4/Redshift/Actions/RedshiftWrapper.cs

@@ -61,9 +61,14 @@ public async Task<Cluster> CreateClusterAsync(string clusterIdentifier, string d
             Console.WriteLine($"Created cluster {clusterIdentifier}");
             return response.Cluster;
         }
+        catch (ClusterAlreadyExistsException ex)
+        {
+            Console.WriteLine($"Cluster already exists: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error creating cluster: {ex.Message}");
+            Console.WriteLine($"Couldn't create cluster. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -88,9 +93,14 @@ public async Task<List<Cluster>> DescribeClustersAsync(string? clusterIdentifier
             var response = await _redshiftClient.DescribeClustersAsync(request);
             return response.Clusters;
         }
+        catch (ClusterNotFoundException ex)
+        {
+            Console.WriteLine($"Cluster not found: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error describing clusters: {ex.Message}");
+            Console.WriteLine($"Couldn't describe clusters. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -117,9 +127,14 @@ public async Task<Cluster> ModifyClusterAsync(string clusterIdentifier, string p
             Console.WriteLine($"The modified cluster was successfully modified and has {preferredMaintenanceWindow} as the maintenance window");
             return response.Cluster;
         }
+        catch (ClusterNotFoundException ex)
+        {
+            Console.WriteLine($"Cluster not found: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error modifying cluster: {ex.Message}");
+            Console.WriteLine($"Couldn't modify cluster. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -145,9 +160,14 @@ public async Task<Cluster> DeleteClusterAsync(string clusterIdentifier)
             Console.WriteLine($"The {clusterIdentifier} was deleted");
             return response.Cluster;
         }
+        catch (ClusterNotFoundException ex)
+        {
+            Console.WriteLine($"Cluster not found: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error deleting cluster: {ex.Message}");
+            Console.WriteLine($"Couldn't delete cluster. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -183,9 +203,14 @@ public async Task<List<string>> ListDatabasesAsync(string clusterIdentifier, str
 
             return databases;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ValidationException ex)
+        {
+            Console.WriteLine($"Validation error: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error listing databases: {ex.Message}");
+            Console.WriteLine($"Couldn't list databases. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -223,9 +248,14 @@ year INTEGER NOT NULL
             Console.WriteLine("Table created: Movies");
             return response.Id;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ValidationException ex)
+        {
+            Console.WriteLine($"Validation error: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error creating table: {ex.Message}");
+            Console.WriteLine($"Couldn't create table. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -268,9 +298,14 @@ public async Task<string> InsertMovieAsync(string clusterIdentifier, string data
             Console.WriteLine($"Inserted: {title} ({year})");
             return response.Id;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ValidationException ex)
+        {
+            Console.WriteLine($"Validation error: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error inserting movie: {ex.Message}");
+            Console.WriteLine($"Couldn't insert movie. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -324,9 +359,14 @@ public async Task<List<string>> QueryMoviesByYearAsync(string clusterIdentifier,
 
             return movieTitles;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ValidationException ex)
+        {
+            Console.WriteLine($"Validation error: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error querying movies: {ex.Message}");
+            Console.WriteLine($"Couldn't query movies. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -350,9 +390,14 @@ public async Task<DescribeStatementResponse> DescribeStatementAsync(string state
             var response = await _redshiftDataClient.DescribeStatementAsync(request);
             return response;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ResourceNotFoundException ex)
+        {
+            Console.WriteLine($"Statement not found: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error describing statement: {ex.Message}");
+            Console.WriteLine($"Couldn't describe statement. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -376,9 +421,14 @@ public async Task<List<List<Field>>> GetStatementResultAsync(string statementId)
             var response = await _redshiftDataClient.GetStatementResultAsync(request);
             return response.Records;
         }
+        catch (Amazon.RedshiftDataAPIService.Model.ResourceNotFoundException ex)
+        {
+            Console.WriteLine($"Statement not found: {ex.Message}");
+            throw;
+        }
         catch (Exception ex)
         {
-            Console.WriteLine($"Error getting statement result: {ex.Message}");
+            Console.WriteLine($"Couldn't get statement result. Here's why: {ex.Message}");
             throw;
         }
     }
@@ -411,7 +461,6 @@ private async Task WaitForStatementToCompleteAsync(string statementId)
             var errorMessage = response?.Error ?? "Unknown error";
             Console.WriteLine($"The statement failed with status: {status}");
             Console.WriteLine($"Error message: {errorMessage}");
-            throw new Exception($"Statement execution failed with status: {status}. Error: {errorMessage}");
         }
     }
 

scenarios/basics/redshift/SPECIFICATION.md

@@ -13,6 +13,20 @@ The following user input is required for this SDK getting started scenario:
 - The year to use to query records from the database.
 - Whether or not to delete the Amazon Redshift cluster.
 
+## SQL Statement Requirements
+
+All SQL statements that include user input or variable data MUST use parameterized queries to prevent SQL injection vulnerabilities. This applies to:
+
+- INSERT statements when adding movie records (use parameters for id, title, and year values)
+- SELECT statements when querying by year (use parameters for the year value)
+- Any other SQL operations that incorporate dynamic values
+
+Example of parameterized query usage:
+- Instead of: `SELECT * FROM Movies WHERE year = 2013`
+- Use: `SELECT * FROM Movies WHERE year = :year` with a parameter binding for `:year`
+
+This security best practice ensures that user input is properly escaped and prevents malicious SQL code injection.
+
 ## Hello Redshift
 This program is intended for users not familiar with the Redshift SDK to easily get up an running. The logic is to show use of `redshiftClient.describeClustersPaginator()`.
 
@@ -148,6 +162,21 @@ This concludes the Amazon Redshift SDK Getting Started scenario.
 
 ```
 
+## Exception Handling
+
+The following table lists the exceptions that should be caught and handled for each action in the scenario:
+
+| Action                    | Exception                      | Handling                                                                                    |
+|---------------------------|--------------------------------|---------------------------------------------------------------------------------------------|
+| `createCluster`           | ClusterAlreadyExistsFault      | Notify the user that a cluster with this identifier already exists and exit.                |
+| `describeClusters`        | ClusterNotFoundFault           | Notify the user that the specified cluster was not found.                                   |
+| `listDatabases`           | ValidationException            | Notify the user that the cluster is not available or parameters are invalid.                |
+| `executeStatement`        | ValidationException            | Notify the user of SQL syntax errors or invalid query parameters.                           |
+| `describeStatement`       | ResourceNotFoundException      | Notify the user that the statement ID was not found.                                        |
+| `getStatementResult`      | ResourceNotFoundException      | Notify the user that results are not available for the statement ID.                        |
+| `modifyCluster`           | ClusterNotFoundFault           | Notify the user that the cluster to modify was not found.                                   |
+| `deleteCluster`           | ClusterNotFoundFault           | Notify the user that the cluster to delete was not found.                                   |
+
 ## SOS Tags
 
 The following table describes the metadata used in this SDK Getting Started Scenario.