Cast KMS provider to object to support AWS empty config

doctrine/mongodb-odm#2801

Author: GromNaN

src/DependencyInjection/DoctrineMongoDBExtension.php

@@ -528,10 +528,16 @@ private function normalizeAutoEncryption(array $autoEncryption, string $defaultD
             throw new InvalidArgumentException('The "kmsProvider" option must contain a "type" key.');
         }
 
-        $provider                       = $autoEncryption['kmsProvider']['type'];
-        $autoEncryption['kmsProviders'] = [
-            $provider => array_diff_key($autoEncryption['kmsProvider'], ['type' => true]),
-        ];
+        $provider     = $autoEncryption['kmsProvider']['type'];
+        $providerOpts = array_diff_key($autoEncryption['kmsProvider'], ['type' => true]);
+        // To use "Automatic Credentials", the provider options must be an empty document.
+        // Fix the empty array to an empty stdClass object, as the driver expects it.
+        if ($providerOpts === []) {
+            $providerOpts = new Definition('stdClass');
+        }
+
+        $autoEncryption['kmsProviders'] = [$provider => $providerOpts];
+
         if (isset($autoEncryption['tlsOptions'])) {
             $autoEncryption['tlsOptions'] = [$provider => $autoEncryption['tlsOptions']];
         }

tests/DependencyInjection/DoctrineMongoDBExtensionTest.php

@@ -16,6 +16,7 @@
 use MongoDB\Client;
 use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
+use stdClass;
 use Symfony\Bridge\Doctrine\Messenger\DoctrineClearEntityManagerWorkerSubscriber;
 use Symfony\Component\DependencyInjection\Alias;
 use Symfony\Component\DependencyInjection\ChildDefinition;
@@ -635,4 +636,31 @@ public function testAutoEncryptionWithExtraOptions(): void
         // Ensure the driver option set in the client matches the ODM configuration
         self::assertEquals($driverOptions['autoEncryption'], $odmConfiguration->getDriverOptions()['autoEncryption']);
     }
+
+    public function testAutoEncryptionWithEmptyKmsProvider(): void
+    {
+        $container = $this->buildMinimalContainer();
+        $loader    = new DoctrineMongoDBExtension();
+
+        $config = [
+            'connections' => [
+                'default' => [
+                    'autoEncryption' => [
+                        'keyVaultNamespace' => 'db.vault',
+                        'kmsProvider' => ['type' => 'aws'],
+                    ],
+                ],
+            ],
+            'document_managers' => ['default' => []],
+        ];
+
+        $loader->load([$config], $container);
+        (new ServiceRepositoryCompilerPass())->process($container);
+
+        $clientDef     = $container->getDefinition('doctrine_mongodb.odm.default_connection');
+        $driverOptions = $clientDef->getArgument(2);
+
+        self::assertArrayHasKey('autoEncryption', $driverOptions);
+        self::assertEquals(['aws' => new Definition(stdClass::class)], $driverOptions['autoEncryption']['kmsProviders']);
+    }
 }