blob: 5f22d9452d64f9f74c21c8a4bae563e7d29e6f5b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
<?php
namespace Aws\Sts;
use Aws\AwsClient;
use Aws\CacheInterface;
use Aws\Credentials\Credentials;
use Aws\Result;
use Aws\Sts\RegionalEndpoints\ConfigurationProvider;
/**
* This client is used to interact with the **AWS Security Token Service (AWS STS)**.
*
* @method \Aws\Result assumeRole(array $args = [])
* @method \GuzzleHttp\Promise\Promise assumeRoleAsync(array $args = [])
* @method \Aws\Result assumeRoleWithSAML(array $args = [])
* @method \GuzzleHttp\Promise\Promise assumeRoleWithSAMLAsync(array $args = [])
* @method \Aws\Result assumeRoleWithWebIdentity(array $args = [])
* @method \GuzzleHttp\Promise\Promise assumeRoleWithWebIdentityAsync(array $args = [])
* @method \Aws\Result decodeAuthorizationMessage(array $args = [])
* @method \GuzzleHttp\Promise\Promise decodeAuthorizationMessageAsync(array $args = [])
* @method \Aws\Result getAccessKeyInfo(array $args = [])
* @method \GuzzleHttp\Promise\Promise getAccessKeyInfoAsync(array $args = [])
* @method \Aws\Result getCallerIdentity(array $args = [])
* @method \GuzzleHttp\Promise\Promise getCallerIdentityAsync(array $args = [])
* @method \Aws\Result getFederationToken(array $args = [])
* @method \GuzzleHttp\Promise\Promise getFederationTokenAsync(array $args = [])
* @method \Aws\Result getSessionToken(array $args = [])
* @method \GuzzleHttp\Promise\Promise getSessionTokenAsync(array $args = [])
*/
class StsClient extends AwsClient
{
/**
* {@inheritdoc}
*
* In addition to the options available to
* {@see \Aws\AwsClient::__construct}, StsClient accepts the following
* options:
*
* - sts_regional_endpoints:
* (Aws\Sts\RegionalEndpoints\ConfigurationInterface|Aws\CacheInterface\|callable|string|array)
* Specifies whether to use regional or legacy endpoints for legacy regions.
* Provide an Aws\Sts\RegionalEndpoints\ConfigurationInterface object, an
* instance of Aws\CacheInterface, a callable configuration provider used
* to create endpoint configuration, a string value of `legacy` or
* `regional`, or an associative array with the following keys:
* endpoint_types (string) Set to `legacy` or `regional`, defaults to
* `legacy`
*
* @param array $args
*/
public function __construct(array $args)
{
if (
!isset($args['sts_regional_endpoints'])
|| $args['sts_regional_endpoints'] instanceof CacheInterface
) {
$args['sts_regional_endpoints'] = ConfigurationProvider::defaultProvider($args);
}
$this->addBuiltIns($args);
parent::__construct($args);
}
/**
* Creates credentials from the result of an STS operations
*
* @param Result $result Result of an STS operation
*
* @return Credentials
* @throws \InvalidArgumentException if the result contains no credentials
*/
public function createCredentials(Result $result)
{
if (!$result->hasKey('Credentials')) {
throw new \InvalidArgumentException('Result contains no credentials');
}
$c = $result['Credentials'];
return new Credentials(
$c['AccessKeyId'],
$c['SecretAccessKey'],
isset($c['SessionToken']) ? $c['SessionToken'] : null,
isset($c['Expiration']) && $c['Expiration'] instanceof \DateTimeInterface
? (int) $c['Expiration']->format('U')
: null
);
}
/**
* Adds service-specific client built-in value
*
* @return void
*/
private function addBuiltIns($args)
{
$key = 'AWS::STS::UseGlobalEndpoint';
$result = $args['sts_regional_endpoints'] instanceof \Closure ?
$args['sts_regional_endpoints']()->wait() : $args['sts_regional_endpoints'];
if (is_string($result)) {
if ($result === 'regional') {
$value = false;
} else if ($result === 'legacy') {
$value = true;
} else {
return;
}
} else {
if ($result->getEndpointsType() === 'regional') {
$value = false;
} else {
$value = true;
}
}
$this->clientBuiltIns[$key] = $value;
}
}
|
