Moved KMS code examples into KMS directory; added new KMS code examples (#480)

[package]

name = "kms-helloworld"

name = "kms-code-examples"

version = "0.1.0"

authors = ["Russell Cohen <rcoh@amazon.com>"]

authors = ["Russell Cohen <rcoh@amazon.com>", "Doug Schwartz <dougsch@amazon.com"]

edition = "2018"

description = "Example usage of the KMS service"

[dependencies]

kms = { package = "aws-sdk-kms", path = "../../build/aws-sdk/kms" }

aws-hyper = { path = "../../build/aws-sdk/aws-hyper" }

aws-types = { path = "../../build/aws-sdk/aws-types" }

tokio = { version = "1", features = ["full"]}

structopt = { version = "0.3", default-features = false }

base64 = "0.13.0"

# optional

env_logger = "0.8.2"

tracing-subscriber = { version = "0.2.16", features = ["fmt"] }

/*

 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

 * SPDX-License-Identifier: Apache-2.0.

 */

use std::process;

use kms::{Client, Config, Region};

use aws_types::region::ProvideRegion;

use structopt::StructOpt;

use tracing_subscriber::fmt::format::FmtSpan;

use tracing_subscriber::fmt::SubscriberBuilder;

#[derive(Debug, StructOpt)]

struct Opt {

    /// The region. Overrides environment variable AWS_DEFAULT_REGION.

    #[structopt(short, long)]

    default_region: Option<String>,

    /// Activate verbose mode    

    #[structopt(short, long)]

    verbose: bool,

}

/// Creates an AWS KMS key.

/// # Arguments

///

/// * `[-d DEFAULT-REGION]` - The region in which the client is created.

///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.

///    If the environment variable is not set, defaults to **us-west-2**.

/// * `[-v]` - Whether to display additional information.

#[tokio::main]

async fn main() {

    let Opt {

        default_region,

        verbose,

    } = Opt::from_args();

    let region = default_region

        .as_ref()

        .map(|region| Region::new(region.clone()))

        .or_else(|| aws_types::region::default_provider().region())

        .unwrap_or_else(|| Region::new("us-west-2"));

    if verbose {

        println!("KMS client version: {}\n", kms::PKG_VERSION);

        println!("Region:      {:?}", &region);

        SubscriberBuilder::default()

            .with_env_filter("info")

            .with_span_events(FmtSpan::CLOSE)

            .init();

    }

    let conf = Config::builder().region(region).build();

    let client = Client::from_conf(conf);

    match client.create_key().send().await {

        Ok(resp) => {

            let id = resp

                .key_metadata

                .unwrap()

                .key_id

                .unwrap_or_else(|| String::from("No ID!"));

            println!("Key: {}", id);

        }

        Err(e) => {

            println!("Got error creating key:");

            println!("{}", e);

            process::exit(1);

        }

    };

}

/*

 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

 * SPDX-License-Identifier: Apache-2.0.

 */

use std::fs;

use std::process;

use kms::{Blob, Client, Config, Region};

use aws_types::region::ProvideRegion;

use structopt::StructOpt;

use tracing_subscriber::fmt::format::FmtSpan;

use tracing_subscriber::fmt::SubscriberBuilder;

#[derive(Debug, StructOpt)]

struct Opt {

    /// The region. Overrides environment variable AWS_DEFAULT_REGION.

    #[structopt(short, long)]

    default_region: Option<String>,

    /// Specifies the encryption key

    #[structopt(short, long)]

    key: String,

    /// The name of the input file with encrypted text to decrypt

    #[structopt(short, long)]

    input: String,

    /// Specifies whether to display additonal runtime informmation

    #[structopt(short, long)]

    verbose: bool,

}

/// Decrypts a string encrypted by AWS KMS.

/// # Arguments

///

/// * `-k KEY` - The encryption key.

/// * `-i INPUT` - The encrypted string.

/// * `[-d DEFAULT-REGION]` - The region in which the client is created.

///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.

///    If the environment variable is not set, defaults to **us-west-2**.

/// * `[-v]` - Whether to display additional information.

#[tokio::main]

async fn main() {

    let Opt {

        key,

        input,

        default_region,

        verbose,

    } = Opt::from_args();

    let region = default_region

        .as_ref()

        .map(|region| Region::new(region.clone()))

        .or_else(|| aws_types::region::default_provider().region())

        .unwrap_or_else(|| Region::new("us-west-2"));

    if verbose {

        println!("KMS client version: {}\n", kms::PKG_VERSION);

        println!("Region: {:?}", &region);

        println!("Key:    {}", key);

        println!("Input:  {}", input);

        SubscriberBuilder::default()

            .with_env_filter("info")

            .with_span_events(FmtSpan::CLOSE)

            .init();

    }

    let conf = Config::builder().region(region).build();

    let client = Client::from_conf(conf);

    // Open input text file and get contents as a string

    // input is a base-64 encoded string, so decode it:

    let data = fs::read_to_string(input)

        .map(|input| {

            base64::decode(input).expect("Input file does not contain valid base 64 characters.")

        })

        .map(Blob::new);

    let resp = match client

        .decrypt()

        .key_id(key)

        .ciphertext_blob(data.unwrap())

        .send()

        .await

    {

        Ok(output) => output,

        Err(e) => {

            eprintln!("Encryption failure: {}", e);

            process::exit(1);

        }

    };

    let inner = resp.plaintext.unwrap();

    let bytes = inner.as_ref();

    let s = match String::from_utf8(bytes.to_vec()) {

        Ok(v) => v,

        Err(e) => panic!("Invalid UTF-8 sequence: {}", e),

    };

    println!();

    println!("Decoded string:");

    println!("{}", s);

}

/*

 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

 * SPDX-License-Identifier: Apache-2.0.

 */

use std::fs::File;

use std::io::Write;

use std::process;

use kms::{Blob, Client, Config, Region};

use aws_types::region::ProvideRegion;

use structopt::StructOpt;

use tracing_subscriber::fmt::format::FmtSpan;

use tracing_subscriber::fmt::SubscriberBuilder;

#[derive(Debug, StructOpt)]

struct Opt {

    /// The region. Overrides environment variable AWS_DEFAULT_REGION.

    #[structopt(short, long)]

    default_region: Option<String>,

    /// Specifies the encryption key

    #[structopt(short, long)]

    key: String,

    /// Specifies the text to encrypt

    #[structopt(short, long)]

    text: String,

    /// Specifies the name of the file to store the encrypted text in

    #[structopt(short, long)]

    out: String,

    /// Whether to display additional runtime information

    #[structopt(short, long)]

    verbose: bool,

}

/// Encrypts a string using an AWS KMS key.

/// # Arguments

///

/// * `-k KEY` - The KMS key.

/// * `-o OUT` - The name of the file to store the encryped key in.

/// * `-t TEXT` - The string to encrypt.

/// * `[-d DEFAULT-REGION]` - The region in which the client is created.

///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.

///    If the environment variable is not set, defaults to **us-west-2**.

/// * `[-v]` - Whether to display additional information.

#[tokio::main]

async fn main() {

    let Opt {

        key,

        out,

        default_region,

        text,

        verbose,

    } = Opt::from_args();

    let region = default_region

        .as_ref()

        .map(|region| Region::new(region.clone()))

        .or_else(|| aws_types::region::default_provider().region())

        .unwrap_or_else(|| Region::new("us-west-2"));

    if verbose {

        println!("KMS client version: {}\n", kms::PKG_VERSION);

        println!("Region: {:?}", &region);

        println!("Key:    {}", key);

        println!("Text:   {}", text);

        println!("Out:    {}", out);

        SubscriberBuilder::default()

            .with_env_filter("info")

            .with_span_events(FmtSpan::CLOSE)

            .init();

    }

    let conf = Config::builder().region(region).build();

    let client = Client::from_conf(conf);

    let blob = Blob::new(text.as_bytes());

    let resp = match client.encrypt().key_id(key).plaintext(blob).send().await {

        Ok(output) => output,

        Err(e) => {

            eprintln!("Encryption failure: {}", e);

            process::exit(1);

        }

    };

    // Did we get an encrypted blob?

    let blob = resp.ciphertext_blob.expect("Could not get encrypted text");

    let bytes = blob.as_ref();

    let s = base64::encode(&bytes);

    let mut ofile = File::create(&out).expect("unable to create file");

    ofile.write_all(s.as_bytes()).expect("unable to write");

    if verbose {

        println!("Wrote the following to {}", &out);

        println!("{}", s);

    }

}

/*

 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

 * SPDX-License-Identifier: Apache-2.0.

 */

use std::process;

use kms::model::DataKeySpec;

use kms::{Client, Config, Region};

use aws_types::region::ProvideRegion;

use structopt::StructOpt;

use tracing_subscriber::fmt::format::FmtSpan;

use tracing_subscriber::fmt::SubscriberBuilder;

#[derive(Debug, StructOpt)]

struct Opt {

    /// The region. Overrides environment variable AWS_DEFAULT_REGION.

    #[structopt(short, long)]

    default_region: Option<String>,

    /// Specifies the encryption key

    #[structopt(short, long)]

    key: String,

    /// Specifies whether to display additonal runtime information

    #[structopt(short, long)]

    verbose: bool,

}

/// Creates an AWS KMS data key without plaintext.

/// # Arguments

///

/// * `[-k KEY]` - The name of the data key.

/// * `[-d DEFAULT-REGION]` - The region in which the client is created.

///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.

///    If the environment variable is not set, defaults to **us-west-2**.

/// * `[-v]` - Whether to display additional information.

#[tokio::main]

async fn main() {

    let Opt {

        key,

        default_region,

        verbose,

    } = Opt::from_args();

    let region = default_region

        .as_ref()

        .map(|region| Region::new(region.clone()))

        .or_else(|| aws_types::region::default_provider().region())

        .unwrap_or_else(|| Region::new("us-west-2"));

    if verbose {

        println!("GenerateDataKeyWithoutPlaintext called with options:");

        println!("Region:  {:?}", &region);

        println!("KMS key: {}", key);

        SubscriberBuilder::default()

            .with_env_filter("info")

            .with_span_events(FmtSpan::CLOSE)

            .init();

    }

    let conf = Config::builder().region(region).build();

    let client = Client::from_conf(conf);

    let resp = match client

        .generate_data_key_without_plaintext()

        .key_id(key)

        .key_spec(DataKeySpec::Aes256)

        .send()

        .await

    {

        Ok(output) => output,

        Err(e) => {

            eprintln!("Encryption failure: {}", e);

            process::exit(1);

        }

    };

    // Did we get an encrypted blob?

    let blob = resp.ciphertext_blob.expect("Could not get encrypted text");

    let bytes = blob.as_ref();

    let s = base64::encode(&bytes);

    println!("\nData key:");

    println!("{}", s);

}