diff options
Diffstat (limited to 'vendor/aws/aws-sdk-php/src/Credentials/EcsCredentialProvider.php')
| -rw-r--r-- | vendor/aws/aws-sdk-php/src/Credentials/EcsCredentialProvider.php | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/vendor/aws/aws-sdk-php/src/Credentials/EcsCredentialProvider.php b/vendor/aws/aws-sdk-php/src/Credentials/EcsCredentialProvider.php new file mode 100644 index 0000000..5c61a11 --- /dev/null +++ b/vendor/aws/aws-sdk-php/src/Credentials/EcsCredentialProvider.php @@ -0,0 +1,134 @@ +<?php +namespace Aws\Credentials; + +use Aws\Exception\CredentialsException; +use GuzzleHttp\Psr7\Request; +use GuzzleHttp\Promise\PromiseInterface; +use Psr\Http\Message\ResponseInterface; + +/** + * Credential provider that fetches credentials with GET request. + * ECS environment variable is used in constructing request URI. + */ +class EcsCredentialProvider +{ + const SERVER_URI = 'http://169.254.170.2'; + const ENV_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"; + const ENV_FULL_URI = "AWS_CONTAINER_CREDENTIALS_FULL_URI"; + const ENV_AUTH_TOKEN = "AWS_CONTAINER_AUTHORIZATION_TOKEN"; + const ENV_TIMEOUT = 'AWS_METADATA_SERVICE_TIMEOUT'; + + /** @var callable */ + private $client; + + /** @var float|mixed */ + private $timeout; + + /** + * The constructor accepts following options: + * - timeout: (optional) Connection timeout, in seconds, default 1.0 + * - client: An EcsClient to make request from + * + * @param array $config Configuration options + */ + public function __construct(array $config = []) + { + $timeout = getenv(self::ENV_TIMEOUT); + + if (!$timeout) { + $timeout = isset($_SERVER[self::ENV_TIMEOUT]) + ? $_SERVER[self::ENV_TIMEOUT] + : (isset($config['timeout']) ? $config['timeout'] : 1.0); + } + + $this->timeout = (float) $timeout; + $this->client = isset($config['client']) + ? $config['client'] + : \Aws\default_http_handler(); + } + + /** + * Load ECS credentials + * + * @return PromiseInterface + */ + public function __invoke() + { + $client = $this->client; + $request = new Request('GET', self::getEcsUri()); + + $headers = $this->setHeaderForAuthToken(); + return $client( + $request, + [ + 'timeout' => $this->timeout, + 'proxy' => '', + 'headers' => $headers + ] + )->then(function (ResponseInterface $response) { + $result = $this->decodeResult((string) $response->getBody()); + return new Credentials( + $result['AccessKeyId'], + $result['SecretAccessKey'], + $result['Token'], + strtotime($result['Expiration']) + ); + })->otherwise(function ($reason) { + $reason = is_array($reason) ? $reason['exception'] : $reason; + $msg = $reason->getMessage(); + throw new CredentialsException( + "Error retrieving credential from ECS ($msg)" + ); + }); + } + + private function getEcsAuthToken() + { + return getenv(self::ENV_AUTH_TOKEN); + } + + public function setHeaderForAuthToken(){ + $authToken = self::getEcsAuthToken(); + $headers = []; + if(!empty($authToken)) + $headers = ['Authorization' => $authToken]; + + return $headers; + } + + /** + * Fetch credential URI from ECS environment variable + * + * @return string Returns ECS URI + */ + private function getEcsUri() + { + $credsUri = getenv(self::ENV_URI); + + if ($credsUri === false) { + $credsUri = isset($_SERVER[self::ENV_URI]) ? $_SERVER[self::ENV_URI] : ''; + } + + if(empty($credsUri)){ + $credFullUri = getenv(self::ENV_FULL_URI); + if($credFullUri === false){ + $credFullUri = isset($_SERVER[self::ENV_FULL_URI]) ? $_SERVER[self::ENV_FULL_URI] : ''; + } + + if(!empty($credFullUri)) + return $credFullUri; + } + + return self::SERVER_URI . $credsUri; + } + + private function decodeResult($response) + { + $result = json_decode($response, true); + + if (!isset($result['AccessKeyId'])) { + throw new CredentialsException('Unexpected ECS credential value'); + } + return $result; + } +} |