Implement KMS client (#1161)

* Implement KMS client

* Added `ListAliases`

* Fixed docs

* Added CreateKey / CreateAlias and functionnal tests

Co-authored-by: Jérémy Derussé <jeremy@derusse.com>

.gitattributes

@@ -0,0 +1,5 @@
+/.github export-ignore
+/tests export-ignore
+/.gitignore export-ignore
+/Makefile export-ignore
+/phpunit.xml.dist export-ignore

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [nyholm, jderusse]

.github/workflows/.editorconfig

@@ -0,0 +1,2 @@
+[*.yml]
+indent_size = 2

.github/workflows/branch_alias.yml

@@ -0,0 +1,76 @@
+name: Update branch alias
+
+on:
+  push:
+    tags: ['*']
+
+jobs:
+  branch-alias:
+    name: Update branch alias
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Set up PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.1
+          coverage: none
+
+      - name: Find branch alias
+        id: find_alias
+        run: |
+          TAG=$(echo $GITHUB_REF | cut -d'/' -f 3)
+          echo "Last tag was $TAG"
+          ARR=(${TAG//./ })
+          ARR[1]=$((${ARR[1]}+1))
+          echo ::set-output name=alias::${ARR[0]}.${ARR[1]}
+
+      - name: Checkout main repo
+        run: |
+          git clone --branch master https://${{ secrets.BOT_GITHUB_TOKEN }}:x-oauth-basic@github.com/async-aws/aws aws
+
+      - name: Update branch alias
+        run: |
+          cd aws/src/Service/Kms
+          CURRENT_ALIAS=$(composer config extra.branch-alias.dev-master | cut -d'-' -f 1)
+
+          # If there is a current value on the branch alias
+          if [ ! -z $CURRENT_ALIAS ]; then
+            NEW_ALIAS=${{ steps.find_alias.outputs.alias }}
+            CURRENT_ARR=(${CURRENT_ALIAS//./ })
+            NEW_ARR=(${NEW_ALIAS//./ })
+
+            if [ ${CURRENT_ARR[0]} -gt ${NEW_ARR[0]} ]; then
+                echo "The current value for major version is larger"
+                exit 1;
+            fi
+
+            if [ ${CURRENT_ARR[0]} -eq ${NEW_ARR[0]} ] && [ ${CURRENT_ARR[1]} -gt ${NEW_ARR[1]} ]; then
+                echo "The current value for minor version is larger"
+                exit 1;
+            fi
+          fi
+
+          composer config extra.branch-alias.dev-master ${{ steps.find_alias.outputs.alias }}-dev
+
+      - name: Commit & push the new files
+        run: |
+          echo "::group::git status"
+          cd aws
+          git status
+          echo "::endgroup::"
+
+          git add -N .
+          if [[ $(git diff --numstat | wc -l) -eq 0 ]]; then
+            echo "No changes found. Exiting."
+            exit 0;
+          fi
+
+          git config --local user.email "github@async-aws.com"
+          git config --local user.name "AsyncAws Bot"
+
+          echo "::group::git push"
+          git add .
+          git commit -m "Update branch alias"
+          git push
+          echo "::endgroup::"

.github/workflows/checks.yml

@@ -0,0 +1,27 @@
+name: BC Check
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  roave-bc-check:
+    name: Roave BC Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Modify composer.json
+        run: |
+          sed -i -re 's/"require": \{/"minimum-stability": "dev","prefer-stable": true,"require": \{/' composer.json
+          cat composer.json
+
+          git config --local user.email "github@async-aws.com"
+          git config --local user.name "AsyncAws Bot"
+          git commit -am "Allow unstable dependencies"
+
+      - name: Roave BC Check
+        uses: docker://nyholm/roave-bc-check-ga

.github/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: Tests
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      max-parallel: 10
+      matrix:
+        php: ['7.2', '7.3', '7.4', '8.0', '8.1']
+
+    steps:
+      - name: Set up PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php }}
+          coverage: none
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Initialize tests
+        run: make initialize
+
+      - name: Download dependencies
+        run: |
+          composer config minimum-stability dev
+          composer req symfony/phpunit-bridge --no-update
+          composer update --no-interaction --prefer-dist --optimize-autoloader --prefer-stable
+
+      - name: Run tests
+        run: ./vendor/bin/simple-phpunit

.gitignore

@@ -0,0 +1,3 @@
+/vendor/
+*.cache
+composer.lock

CHANGELOG.md

@@ -0,0 +1,7 @@
+# Change Log
+
+## NOT RELEASED
+
+## 0.1.0
+
+First version

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2021 Jérémy Derussé, Tobias Nyholm
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

Makefile

@@ -0,0 +1,16 @@
+.EXPORT_ALL_VARIABLES:
+
+initialize: start-docker
+start-docker:
+	docker start async_aws_localstack && exit 0 || \
+	docker start async_aws_localstack-kms && exit 0 || \
+	docker pull localstack/localstack && \
+	docker run -d -p 4579:8080 --name async_aws_localstack-kms nsmithuk/local-kms && \
+	docker run --rm --link async_aws_localstack-kms:localstack martin/wait -c localstack:8080
+
+test: initialize
+	./vendor/bin/simple-phpunit
+
+clean: stop-docker
+stop-docker:
+	docker stop async_aws_localstack-kms || true

README.md

@@ -0,0 +1,20 @@
+# AsyncAws Kms Client
+
+![](https://github.com/async-aws/kms/workflows/Tests/badge.svg?branch=master)
+![](https://github.com/async-aws/kms/workflows/BC%20Check/badge.svg?branch=master)
+
+An API client for Kms.
+
+## Install
+
+```cli
+composer require async-aws/kms
+```
+
+## Documentation
+
+See https://async-aws.com/clients/kms.html for documentation.
+
+## Contribute
+
+Contributions are welcome and appreciated. Please read https://async-aws.com/contribute/

composer.json

@@ -0,0 +1,34 @@
+{
+    "name": "async-aws/kms",
+    "description": "Kms client, part of the AWS SDK provided by AsyncAws.",
+    "license": "MIT",
+    "type": "library",
+    "keywords": [
+        "aws",
+        "amazon",
+        "sdk",
+        "async-aws",
+        "kms"
+    ],
+    "require": {
+        "php": "^7.2.5 || ^8.0",
+        "ext-filter": "*",
+        "ext-json": "*",
+        "async-aws/core": "^1.9"
+    },
+    "autoload": {
+        "psr-4": {
+            "AsyncAws\\Kms\\": "src"
+        }
+    },
+    "autoload-dev": {
+        "psr-4": {
+            "AsyncAws\\Kms\\Tests\\": "tests/"
+        }
+    },
+    "extra": {
+        "branch-alias": {
+            "dev-master": "0.1-dev"
+        }
+    }
+}

phpunit.xml.dist

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+         backupGlobals="false"
+         colors="true"
+         bootstrap="vendor/autoload.php"
+         failOnRisky="true"
+         failOnWarning="true"
+>
+  <coverage>
+    <include>
+      <directory>./src</directory>
+    </include>
+  </coverage>
+  <php>
+    <ini name="error_reporting" value="-1"/>
+  </php>
+  <testsuites>
+    <testsuite name="Test Suite">
+      <directory>./tests/</directory>
+    </testsuite>
+  </testsuites>
+</phpunit>

src/Enum/CustomerMasterKeySpec.php

@@ -0,0 +1,34 @@
+<?php
+
+namespace AsyncAws\Kms\Enum;
+
+/**
+ * Instead, use the `KeySpec` parameter.
+ * The `KeySpec` and `CustomerMasterKeySpec` parameters work the same way. Only the names differ. We recommend that you
+ * use `KeySpec` parameter in your code. However, to avoid breaking changes, KMS will support both parameters.
+ */
+final class CustomerMasterKeySpec
+{
+    public const ECC_NIST_P256 = 'ECC_NIST_P256';
+    public const ECC_NIST_P384 = 'ECC_NIST_P384';
+    public const ECC_NIST_P521 = 'ECC_NIST_P521';
+    public const ECC_SECG_P256K1 = 'ECC_SECG_P256K1';
+    public const RSA_2048 = 'RSA_2048';
+    public const RSA_3072 = 'RSA_3072';
+    public const RSA_4096 = 'RSA_4096';
+    public const SYMMETRIC_DEFAULT = 'SYMMETRIC_DEFAULT';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::ECC_NIST_P256 => true,
+            self::ECC_NIST_P384 => true,
+            self::ECC_NIST_P521 => true,
+            self::ECC_SECG_P256K1 => true,
+            self::RSA_2048 => true,
+            self::RSA_3072 => true,
+            self::RSA_4096 => true,
+            self::SYMMETRIC_DEFAULT => true,
+        ][$value]);
+    }
+}

src/Enum/DataKeySpec.php

@@ -0,0 +1,23 @@
+<?php
+
+namespace AsyncAws\Kms\Enum;
+
+/**
+ * Specifies the length of the data key. Use `AES_128` to generate a 128-bit symmetric key, or `AES_256` to generate a
+ * 256-bit symmetric key.
+ * You must specify either the `KeySpec` or the `NumberOfBytes` parameter (but not both) in every `GenerateDataKey`
+ * request.
+ */
+final class DataKeySpec
+{
+    public const AES_128 = 'AES_128';
+    public const AES_256 = 'AES_256';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::AES_128 => true,
+            self::AES_256 => true,
+        ][$value]);
+    }
+}

src/Enum/EncryptionAlgorithmSpec.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace AsyncAws\Kms\Enum;
+
+final class EncryptionAlgorithmSpec
+{
+    public const RSAES_OAEP_SHA_1 = 'RSAES_OAEP_SHA_1';
+    public const RSAES_OAEP_SHA_256 = 'RSAES_OAEP_SHA_256';
+    public const SYMMETRIC_DEFAULT = 'SYMMETRIC_DEFAULT';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::RSAES_OAEP_SHA_1 => true,
+            self::RSAES_OAEP_SHA_256 => true,
+            self::SYMMETRIC_DEFAULT => true,
+        ][$value]);
+    }
+}

src/Enum/ExpirationModelType.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace AsyncAws\Kms\Enum;
+
+/**
+ * Specifies whether the KMS key's key material expires. This value is present only when `Origin` is `EXTERNAL`,
+ * otherwise this value is omitted.
+ */
+final class ExpirationModelType
+{
+    public const KEY_MATERIAL_DOES_NOT_EXPIRE = 'KEY_MATERIAL_DOES_NOT_EXPIRE';
+    public const KEY_MATERIAL_EXPIRES = 'KEY_MATERIAL_EXPIRES';
+
+    public static function exists(string $value): bool
+    {
+        return isset([
+            self::KEY_MATERIAL_DOES_NOT_EXPIRE => true,
+            self::KEY_MATERIAL_EXPIRES => true,
+        ][$value]);
+    }
+}