smithy-lang · rcoh · Jun 15, 2021 · Jun 10, 2021 · Jun 10, 2021 · Jun 11, 2021
@@ -1,14 +1,17 @@
 [package]
-name = "kms-helloworld"
+name = "kms-code-examples"
 version = "0.1.0"
-authors = ["Russell Cohen <rcoh@amazon.com>"]
+authors = ["Russell Cohen <rcoh@amazon.com>", "Doug Schwartz <dougsch@amazon.com"]
 edition = "2018"
 description = "Example usage of the KMS service"
 
 [dependencies]
 kms = { package = "aws-sdk-kms", path = "../../build/aws-sdk/kms" }
 aws-hyper = { path = "../../build/aws-sdk/aws-hyper" }
+aws-types = { path = "../../build/aws-sdk/aws-types" }
 tokio = { version = "1", features = ["full"]}
+structopt = { version = "0.3", default-features = false }
+base64 = "0.13.0"
 # optional
 env_logger = "0.8.2"
 tracing-subscriber = { version = "0.2.16", features = ["fmt"] }
@@ -0,0 +1,73 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+use std::process;
+
+use kms::{Client, Config, Region};
+
+use aws_types::region::ProvideRegion;
+
+use structopt::StructOpt;
+use tracing_subscriber::fmt::format::FmtSpan;
+use tracing_subscriber::fmt::SubscriberBuilder;
+
+#[derive(Debug, StructOpt)]
+struct Opt {
+    /// The region. Overrides environment variable AWS_DEFAULT_REGION.
+    #[structopt(short, long)]
+    default_region: Option<String>,
+
+    /// Activate verbose mode    
+    #[structopt(short, long)]
+    verbose: bool,
+}
+/// Creates an AWS KMS key.
+/// # Arguments
+///
+/// * `[-d DEFAULT-REGION]` - The region in which the client is created.
+///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.
+///    If the environment variable is not set, defaults to **us-west-2**.
+/// * `[-v]` - Whether to display additional information.
+#[tokio::main]
+async fn main() {
+    let Opt {
+        default_region,
+        verbose,
+    } = Opt::from_args();
+
+    let region = default_region
+        .as_ref()
+        .map(|region| Region::new(region.clone()))
+        .or_else(|| aws_types::region::default_provider().region())
+        .unwrap_or_else(|| Region::new("us-west-2"));
+
+    if verbose {
+        println!("KMS client version: {}\n", kms::PKG_VERSION);
+        println!("Region:      {:?}", &region);
+
+        SubscriberBuilder::default()
+            .with_env_filter("info")
+            .with_span_events(FmtSpan::CLOSE)
+            .init();
+    }
+
+    let conf = Config::builder().region(region).build();
+    let client = Client::from_conf(conf);
+
+    match client.create_key().send().await {
+        Ok(resp) => {
+            let id = resp
+                .key_metadata
+                .unwrap()
+                .key_id
+                .unwrap_or_else(|| String::from("No ID!"));
+            println!("Key: {}", id);
+        }
+        Err(e) => {
+            println!("Got error creating key:");
+            println!("{}", e);
+            process::exit(1);
+        }
+    };
+}
@@ -0,0 +1,108 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+use std::fs;
+use std::process;
+
+use kms::{Blob, Client, Config, Region};
+
+use aws_types::region::ProvideRegion;
+
+use structopt::StructOpt;
+use tracing_subscriber::fmt::format::FmtSpan;
+use tracing_subscriber::fmt::SubscriberBuilder;
+
+#[derive(Debug, StructOpt)]
+struct Opt {
+    /// The region. Overrides environment variable AWS_DEFAULT_REGION.
+    #[structopt(short, long)]
+    default_region: Option<String>,
+
+    /// Specifies the encryption key
+    #[structopt(short, long)]
+    key: String,
+
+    /// The name of the input file with encrypted text to decrypt
+    #[structopt(short, long)]
+    input: String,
+
+    /// Specifies whether to display additonal runtime informmation
+    #[structopt(short, long)]
+    verbose: bool,
+}
+
+/// Decrypts a string encrypted by AWS KMS.
+/// # Arguments
+///
+/// * `-k KEY` - The encryption key.
+/// * `-i INPUT` - The encrypted string.
+/// * `[-d DEFAULT-REGION]` - The region in which the client is created.
+///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.
+///    If the environment variable is not set, defaults to **us-west-2**.
+/// * `[-v]` - Whether to display additional information.
+#[tokio::main]
+async fn main() {
+    let Opt {
+        key,
+        input,
+        default_region,
+        verbose,
+    } = Opt::from_args();
+
+    let region = default_region
+        .as_ref()
+        .map(|region| Region::new(region.clone()))
+        .or_else(|| aws_types::region::default_provider().region())
+        .unwrap_or_else(|| Region::new("us-west-2"));
+
+    if verbose {
+        println!("KMS client version: {}\n", kms::PKG_VERSION);
+        println!("Region: {:?}", &region);
+        println!("Key:    {}", key);
+        println!("Input:  {}", input);
+
+        SubscriberBuilder::default()
+            .with_env_filter("info")
+            .with_span_events(FmtSpan::CLOSE)
+            .init();
+    }
+
+    let conf = Config::builder().region(region).build();
+    let client = Client::from_conf(conf);
+
+    // Open input text file and get contents as a string
+    // input is a base-64 encoded string, so decode it:
+    let data = fs::read_to_string(input)
+        .map(|input| {
+            base64::decode(input).expect("Input file does not contain valid base 64 characters.")
+        })
+        .map(Blob::new);
+
+    let resp = match client
+        .decrypt()
+        .key_id(key)
+        .ciphertext_blob(data.unwrap())
+        .send()
+        .await
+    {
+        Ok(output) => output,
+        Err(e) => {
+            eprintln!("Encryption failure: {}", e);
+            process::exit(1);
+        }
+    };
+
+    let inner = resp.plaintext.unwrap();
+    let bytes = inner.as_ref();
+
+    let s = match String::from_utf8(bytes.to_vec()) {
+        Ok(v) => v,
+        Err(e) => panic!("Invalid UTF-8 sequence: {}", e),
+    };
+
+    println!();
+    println!("Decoded string:");
+    println!("{}", s);
+}
@@ -0,0 +1,106 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+use std::fs::File;
+use std::io::Write;
+use std::process;
+
+use kms::{Blob, Client, Config, Region};
+
+use aws_types::region::ProvideRegion;
+
+use structopt::StructOpt;
+use tracing_subscriber::fmt::format::FmtSpan;
+use tracing_subscriber::fmt::SubscriberBuilder;
+
+#[derive(Debug, StructOpt)]
+struct Opt {
+    /// The region. Overrides environment variable AWS_DEFAULT_REGION.
+    #[structopt(short, long)]
+    default_region: Option<String>,
+
+    /// Specifies the encryption key
+    #[structopt(short, long)]
+    key: String,
+
+    /// Specifies the text to encrypt
+    #[structopt(short, long)]
+    text: String,
+
+    /// Specifies the name of the file to store the encrypted text in
+    #[structopt(short, long)]
+    out: String,
+
+    /// Whether to display additional runtime information
+    #[structopt(short, long)]
+    verbose: bool,
+}
+
+/// Encrypts a string using an AWS KMS key.
+/// # Arguments
+///
+/// * `-k KEY` - The KMS key.
+/// * `-o OUT` - The name of the file to store the encryped key in.
+/// * `-t TEXT` - The string to encrypt.
+/// * `[-d DEFAULT-REGION]` - The region in which the client is created.
+///    If not supplied, uses the value of the **AWS_DEFAULT_REGION** environment variable.
+///    If the environment variable is not set, defaults to **us-west-2**.
+/// * `[-v]` - Whether to display additional information.
+#[tokio::main]
+async fn main() {
+    let Opt {
+        key,
+        out,
+        default_region,
+        text,
+        verbose,
+    } = Opt::from_args();
+
+    let region = default_region
+        .as_ref()
+        .map(|region| Region::new(region.clone()))
+        .or_else(|| aws_types::region::default_provider().region())
+        .unwrap_or_else(|| Region::new("us-west-2"));
+
+    if verbose {
+        println!("KMS client version: {}\n", kms::PKG_VERSION);
+        println!("Region: {:?}", &region);
+        println!("Key:    {}", key);
+        println!("Text:   {}", text);
+        println!("Out:    {}", out);
+
+        SubscriberBuilder::default()
+            .with_env_filter("info")
+            .with_span_events(FmtSpan::CLOSE)
+            .init();
+    }
+
+    let conf = Config::builder().region(region).build();
+    let client = Client::from_conf(conf);
+
+    let blob = Blob::new(text.as_bytes());
+
+    let resp = match client.encrypt().key_id(key).plaintext(blob).send().await {
+        Ok(output) => output,
+        Err(e) => {
+            eprintln!("Encryption failure: {}", e);
+            process::exit(1);
+        }
+    };
+
+    // Did we get an encrypted blob?
+    let blob = resp.ciphertext_blob.expect("Could not get encrypted text");
+    let bytes = blob.as_ref();
+
+    let s = base64::encode(&bytes);
+
+    let mut ofile = File::create(&out).expect("unable to create file");
+    ofile.write_all(s.as_bytes()).expect("unable to write");
+
+    if verbose {
+        println!("Wrote the following to {}", &out);
+        println!("{}", s);
+    }
+}