Skip to content

Commit 6df2337

Browse files
Update generated code (#2039)
update generated code
1 parent 2cbfa08 commit 6df2337

6 files changed

Lines changed: 92 additions & 16 deletions

File tree

manifest.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"variables": {
3-
"${LATEST}": "3.369.28"
3+
"${LATEST}": "3.369.35"
44
},
55
"endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json",
66
"services": {

src/Service/Kms/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,10 @@
22

33
## NOT RELEASED
44

5+
### Added
6+
7+
- AWS api-change: Added support for Decrypt and ReEncrypt API's to use dry run feature without ciphertext for authorization validation
8+
59
## 1.11.1
610

711
### Changed

src/Service/Kms/composer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
},
3333
"extra": {
3434
"branch-alias": {
35-
"dev-master": "1.11-dev"
35+
"dev-master": "1.12-dev"
3636
}
3737
}
3838
}
Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?php
2+
3+
namespace AsyncAws\Kms\Enum;
4+
5+
final class DryRunModifierType
6+
{
7+
public const IGNORE_CIPHERTEXT = 'IGNORE_CIPHERTEXT';
8+
9+
/**
10+
* @psalm-assert-if-true self::* $value
11+
*/
12+
public static function exists(string $value): bool
13+
{
14+
return isset([
15+
self::IGNORE_CIPHERTEXT => true,
16+
][$value]);
17+
}
18+
}

src/Service/Kms/src/Input/DecryptRequest.php

Lines changed: 60 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
use AsyncAws\Core\Input;
77
use AsyncAws\Core\Request;
88
use AsyncAws\Core\Stream\StreamFactory;
9+
use AsyncAws\Kms\Enum\DryRunModifierType;
910
use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
1011
use AsyncAws\Kms\ValueObject\RecipientInfo;
1112

@@ -14,7 +15,8 @@ final class DecryptRequest extends Input
1415
/**
1516
* Ciphertext to be decrypted. The blob includes metadata.
1617
*
17-
* @required
18+
* This parameter is required in all cases except when `DryRun` is `true` and `DryRunModifiers` is set to
19+
* `IGNORE_CIPHERTEXT`.
1820
*
1921
* @var string|null
2022
*/
@@ -60,9 +62,10 @@ final class DecryptRequest extends Input
6062
* Enter a key ID of the KMS key that was used to encrypt the ciphertext. If you identify a different KMS key, the
6163
* `Decrypt` operation throws an `IncorrectKeyException`.
6264
*
63-
* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. If you used a
64-
* symmetric encryption KMS key, KMS can get the KMS key from metadata that it adds to the symmetric ciphertext blob.
65-
* However, it is always recommended as a best practice. This practice ensures that you use the KMS key that you intend.
65+
* This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key or when `DryRun` is
66+
* `true` and `DryRunModifiers` is set to `IGNORE_CIPHERTEXT`. If you used a symmetric encryption KMS key, KMS can get
67+
* the KMS key from metadata that it adds to the symmetric ciphertext blob. However, it is always recommended as a best
68+
* practice. This practice ensures that you use the KMS key that you intend.
6669
*
6770
* To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with
6871
* `"alias/"`. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
@@ -128,15 +131,32 @@ final class DecryptRequest extends Input
128131
*/
129132
private $dryRun;
130133

134+
/**
135+
* Specifies the modifiers to apply to the dry run operation. `DryRunModifiers` is an optional parameter that only
136+
* applies when `DryRun` is set to `true`.
137+
*
138+
* When set to `IGNORE_CIPHERTEXT`, KMS performs only authorization validation without ciphertext validation. This
139+
* allows you to test permissions without requiring a valid ciphertext blob.
140+
*
141+
* To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
142+
* Developer Guide*.
143+
*
144+
* [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
145+
*
146+
* @var list<DryRunModifierType::*>|null
147+
*/
148+
private $dryRunModifiers;
149+
131150
/**
132151
* @param array{
133-
* CiphertextBlob?: string,
152+
* CiphertextBlob?: string|null,
134153
* EncryptionContext?: array<string, string>|null,
135154
* GrantTokens?: string[]|null,
136155
* KeyId?: string|null,
137156
* EncryptionAlgorithm?: EncryptionAlgorithmSpec::*|null,
138157
* Recipient?: RecipientInfo|array|null,
139158
* DryRun?: bool|null,
159+
* DryRunModifiers?: array<DryRunModifierType::*>|null,
140160
* '@region'?: string|null,
141161
* } $input
142162
*/
@@ -149,18 +169,20 @@ public function __construct(array $input = [])
149169
$this->encryptionAlgorithm = $input['EncryptionAlgorithm'] ?? null;
150170
$this->recipient = isset($input['Recipient']) ? RecipientInfo::create($input['Recipient']) : null;
151171
$this->dryRun = $input['DryRun'] ?? null;
172+
$this->dryRunModifiers = $input['DryRunModifiers'] ?? null;
152173
parent::__construct($input);
153174
}
154175

155176
/**
156177
* @param array{
157-
* CiphertextBlob?: string,
178+
* CiphertextBlob?: string|null,
158179
* EncryptionContext?: array<string, string>|null,
159180
* GrantTokens?: string[]|null,
160181
* KeyId?: string|null,
161182
* EncryptionAlgorithm?: EncryptionAlgorithmSpec::*|null,
162183
* Recipient?: RecipientInfo|array|null,
163184
* DryRun?: bool|null,
185+
* DryRunModifiers?: array<DryRunModifierType::*>|null,
164186
* '@region'?: string|null,
165187
* }|DecryptRequest $input
166188
*/
@@ -179,6 +201,14 @@ public function getDryRun(): ?bool
179201
return $this->dryRun;
180202
}
181203

204+
/**
205+
* @return list<DryRunModifierType::*>
206+
*/
207+
public function getDryRunModifiers(): array
208+
{
209+
return $this->dryRunModifiers ?? [];
210+
}
211+
182212
/**
183213
* @return EncryptionAlgorithmSpec::*|null
184214
*/
@@ -253,6 +283,16 @@ public function setDryRun(?bool $value): self
253283
return $this;
254284
}
255285

286+
/**
287+
* @param list<DryRunModifierType::*> $value
288+
*/
289+
public function setDryRunModifiers(array $value): self
290+
{
291+
$this->dryRunModifiers = $value;
292+
293+
return $this;
294+
}
295+
256296
/**
257297
* @param EncryptionAlgorithmSpec::*|null $value
258298
*/
@@ -300,10 +340,9 @@ public function setRecipient(?RecipientInfo $value): self
300340
private function requestBody(): array
301341
{
302342
$payload = [];
303-
if (null === $v = $this->ciphertextBlob) {
304-
throw new InvalidArgument(\sprintf('Missing parameter "CiphertextBlob" for "%s". The value cannot be null.', __CLASS__));
343+
if (null !== $v = $this->ciphertextBlob) {
344+
$payload['CiphertextBlob'] = base64_encode($v);
305345
}
306-
$payload['CiphertextBlob'] = base64_encode($v);
307346
if (null !== $v = $this->encryptionContext) {
308347
if (empty($v)) {
309348
$payload['EncryptionContext'] = new \stdClass();
@@ -338,6 +377,18 @@ private function requestBody(): array
338377
if (null !== $v = $this->dryRun) {
339378
$payload['DryRun'] = (bool) $v;
340379
}
380+
if (null !== $v = $this->dryRunModifiers) {
381+
$index = -1;
382+
$payload['DryRunModifiers'] = [];
383+
foreach ($v as $listValue) {
384+
++$index;
385+
if (!DryRunModifierType::exists($listValue)) {
386+
/** @psalm-suppress NoValue */
387+
throw new InvalidArgument(\sprintf('Invalid parameter "DryRunModifiers" for "%s". The value "%s" is not a valid "DryRunModifierType".', __CLASS__, $listValue));
388+
}
389+
$payload['DryRunModifiers'][$index] = $listValue;
390+
}
391+
}
341392

342393
return $payload;
343394
}

src/Service/Kms/src/KmsClient.php

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
use AsyncAws\Core\Result;
1111
use AsyncAws\Kms\Enum\CustomerMasterKeySpec;
1212
use AsyncAws\Kms\Enum\DataKeySpec;
13+
use AsyncAws\Kms\Enum\DryRunModifierType;
1314
use AsyncAws\Kms\Enum\EncryptionAlgorithmSpec;
1415
use AsyncAws\Kms\Enum\KeySpec;
1516
use AsyncAws\Kms\Enum\KeyUsageType;
@@ -204,8 +205,7 @@ public function createAlias($input): Result
204205
* HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac)
205206
* and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
206207
*
207-
* - `Multi-Region primary keys`
208-
* - `Imported key material`:
208+
* - `Multi-Region primary keys`:
209209
*
210210
* To create a multi-Region *primary key* in the local Amazon Web Services Region, use the `MultiRegion` parameter
211211
* with a value of `True`. To create a multi-Region *replica key*, that is, a KMS key with the same key ID and key
@@ -223,7 +223,9 @@ public function createAlias($input): Result
223223
* information about multi-Region keys, see Multi-Region keys in KMS [^3] in the *Key Management Service Developer
224224
* Guide*.
225225
*
226-
* - To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use
226+
* - `Imported key material`:
227+
*
228+
* To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use
227229
* the `Origin` parameter of `CreateKey` with a value of `EXTERNAL`. Next, use GetParametersForImport operation to get
228230
* a public key and import token. Use the wrapping public key to encrypt your key material. Then, use
229231
* ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing
@@ -433,13 +435,14 @@ public function createKey($input = []): CreateKeyResponse
433435
* @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-kms-2014-11-01.html#decrypt
434436
*
435437
* @param array{
436-
* CiphertextBlob: string,
438+
* CiphertextBlob?: string|null,
437439
* EncryptionContext?: array<string, string>|null,
438440
* GrantTokens?: string[]|null,
439441
* KeyId?: string|null,
440442
* EncryptionAlgorithm?: EncryptionAlgorithmSpec::*|null,
441443
* Recipient?: RecipientInfo|array|null,
442444
* DryRun?: bool|null,
445+
* DryRunModifiers?: array<DryRunModifierType::*>|null,
443446
* '@region'?: string|null,
444447
* }|DecryptRequest $input
445448
*
@@ -455,7 +458,7 @@ public function createKey($input = []): CreateKeyResponse
455458
* @throws KeyUnavailableException
456459
* @throws NotFoundException
457460
*/
458-
public function decrypt($input): DecryptResponse
461+
public function decrypt($input = []): DecryptResponse
459462
{
460463
$input = DecryptRequest::create($input);
461464
$response = $this->getResponse($input->request(), new RequestContext(['operation' => 'Decrypt', 'region' => $input->getRegion(), 'exceptionMapping' => [

0 commit comments

Comments
 (0)