blob: e58b7359d0e633c399f96474023fd6e3068e5099 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
<?php
namespace Aws\Rds;
use Aws\Credentials\CredentialsInterface;
use Aws\Credentials\Credentials;
use Aws\Signature\SignatureV4;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Psr7\Uri;
use GuzzleHttp\Promise;
use Aws;
/**
* Generates RDS auth tokens for use with IAM authentication.
*/
class AuthTokenGenerator
{
private $credentialProvider;
/**
* The constructor takes an instance of Credentials or a CredentialProvider
*
* @param callable|Credentials $creds
*/
public function __construct($creds)
{
if ($creds instanceof CredentialsInterface) {
$promise = new Promise\FulfilledPromise($creds);
$this->credentialProvider = Aws\constantly($promise);
} else {
$this->credentialProvider = $creds;
}
}
/**
* Create the token for database login
*
* @param string $endpoint The database hostname with port number specified
* (e.g., host:port)
* @param string $region The region where the database is located
* @param string $username The username to login as
* @param int $lifetime The lifetime of the token in minutes
*
* @return string Token generated
*/
public function createToken($endpoint, $region, $username, $lifetime = 15)
{
if (!is_numeric($lifetime) || $lifetime > 15 || $lifetime <= 0) {
throw new \InvalidArgumentException(
"Lifetime must be a positive number less than or equal to 15, was {$lifetime}",
null
);
}
$uri = new Uri($endpoint);
$uri = $uri->withPath('/');
$uri = $uri->withQuery('Action=connect&DBUser=' . $username);
$request = new Request('GET', $uri);
$signer = new SignatureV4('rds-db', $region);
$provider = $this->credentialProvider;
$url = (string) $signer->presign(
$request,
$provider()->wait(),
'+' . $lifetime . ' minutes'
)->getUri();
// Remove 2 extra slash from the presigned url result
return substr($url, 2);
}
}
|
