search

aws / aws-sdk-js-v3

Modularized AWS SDK for JavaScript.
Apache License 2.0
3.05k stars 574 forks source link

KeyName parameter with CreateKeyCommand does not work #6216

Open Bilboramix opened 3 months ago

Bilboramix commented 3 months ago

Describe the issue

Hello there, in the doc there's an option "KeyName" that should be given to CreateKeyCommand constructor. Unfortunatly i've got this typescript error :

No overload matches this call.
  Overload 1 of 2, '(input: CreateKeyCommandInput): CreateKeyCommand', gave the following error.
    Object literal may only specify known properties, and 'KeyName' does not exist in type 'CreateKeyCommandInput'.
  Argument of type '[{ KeyName: string; KeyUsage: "ENCRYPT_DECRYPT"; Origin: "AWS_KMS"; BypassPolicyLockoutSafetyCheck: true; Description: string; KeySpec: "SYMMETRIC_DEFAULT"; MultiRegion: false; }]' is not assignable to parameter of type '[] | [CreateKeyCommandInput]'.
    Type '[{ KeyName: string; KeyUsage: "ENCRYPT_DECRYPT"; Origin: "AWS_KMS"; BypassPolicyLockoutSafetyCheck: true; Description: string; KeySpec: "SYMMETRIC_DEFAULT"; MultiRegion: false; }]' is not assignable to type '[CreateKeyCommandInput]'.
      Object literal may only specify known properties, and 'KeyName' does not exist in type 'CreateKeyCommandInput'.

For this code snippet :

  const createCommand = new CreateKeyCommand({
    KeyName: "myKeyName", // Error pops here
    KeyUsage: "ENCRYPT_DECRYPT",
    Origin: "AWS_KMS",
    KeySpec: "SYMMETRIC_DEFAULT",
    MultiRegion: false
  });

Running the script anyway I can see on the KMS dashboard that the parameter is not consumed by the api as well (Name value at first column is undefined and displayed with "-") : image

Maybe the doc is not up to date and this parameter changed ? I cannot see this parameter anywhere into the example provided in types declarations files but it's there in the doc.

If someone has any workaround to address this issue i'll take it as well.

Thanks for investigating, regards, Bill.

Links

https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/location/command/CreateKeyCommand/

aBurmeseDev commented 3 months ago

HI @Bilboramix - thank you for reaching out and sorry to hear you're seeing the error.

It looks like you're following documentation from different client @aws-sdk/client-location. Here's KMS docs you need for your use case. I understand that it's because some AWS services have operation commands in common and sometimes you might have to double check you're looking at the client you need.

Screenshot 2024-06-25 at 11 36 28 AM

This's also a good feedback for us to improve our documentations to be more user-friendly. Here's code example to create key with KMS:

import { KMSClient, CreateKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
const client = new KMSClient(config);
const input = { // CreateKeyRequest
  Policy: "STRING_VALUE",
  Description: "STRING_VALUE",
  KeyUsage: "SIGN_VERIFY",
  CustomerMasterKeySpec: "RSA_2048",
  KeySpec: "RSA_2048",
  Origin: "AWS_KMS",
  CustomKeyStoreId: "STRING_VALUE",
  BypassPolicyLockoutSafetyCheck: true || false,
  Tags: [ // TagList
    { // Tag
      TagKey: "STRING_VALUE", // required
      TagValue: "STRING_VALUE", // required
    },
  ],
  MultiRegion: true,
  XksKeyId: "STRING_VALUE",
};
const command = new CreateKeyCommand(input);
const response = await client.send(command);

You can also refer to the documentation from KMS service itself.

Hope it helps, John

Bilboramix commented 3 months ago

Oh okay, AWS tools are new to me and i obviously did not noticed i was not reading the right documentation... When i did my research i just typed "CreateKeyCommand" in google then i found this doc on the first link. The good one was just below.. Sorry for that !

Still, i can see that there's no property to explictly name the CMK so it will stay unnamed for now. It's not blocking me at all. Just that if we could put some value in this field trough the API as we can do it trough user interface, it would be great.

Essentialy for testing purposes : While i'm making my system i can more easily differenciate my keys if it's named instead of looking to the guids. But that's fine too.

Thanks a lot for your help !

aBurmeseDev commented 3 months ago

No worries, happy to help. As I mentioned, we'll use this feedback to improve our docs to be more user-friendly to first-time users like you.

Still, i can see that there's no property to explictly name the CMK so it will stay unnamed for now. It's not blocking me at all. Just that if we could put some value in this field trough the API as we can do it trough user interface, it would be great.

I didn't quite understand this line here, can you please elaborate more on "there's no property to explictly name the CMK so it will stay unnamed for now"? I understand it's not a blocker for you but I'd be happy to clarify that for you if you'd like.

Bilboramix commented 3 months ago

On the kms web form we got a field named "Alias" (my bad, it was not "Key name") to explictly name the CMK right here : image

But we do not have this field mentionned in the 2 docs that describe the CreateKey api : image Taken from here : https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html

And this one : image Taken from here : https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/CreateKeyCommand/

Here you can see that i created the "testrotate" key trough the web form, the others are created trough the api : image

I guess this is a wanted behavior as we're not supposed to rely on the name to make any action (right now, i'm using key's ARN). Not sure if adding an "Alias" field to CreateCommand keys would be worth it but this would unify the web form and the api (this is the only field we cannot set by code). Also, I tried to force the "KeyName" field despite the typescript error (and it did not worked as i said above). But i did not tried to force with an "Alias" field. Maybe it's just not documented and actually working.