/**
* @dataProvider dataForRetryableErrorTest
*/
public function testReturnsTrueForRetryableErrors(Response $response, $retry)
{
$client = $this->getServiceBuilder()->get('s3', true);
$lines = array();
$log = new LogPlugin(new ClosureLogAdapter(function ($message) use(&$lines) {
$lines[] = $message;
}), "{request}");
$client->addSubscriber($log);
$imc = InstanceMetadataClient::factory(array());
$imc->setBaseUrl('http://localhost:123');
$credentials = new RefreshableInstanceProfileCredentials(new Credentials('foo', 'baz', 'bar', time() + 10000), $imc);
$mock = $this->setMockResponse($imc, array('metadata/iam_security_credentials', 'metadata/iam_security_credentials_webapp'));
$client->setCredentials($credentials);
$this->setMockResponse($client, array($response, new Response(200)));
$request = $client->get('/');
try {
$request->send();
if (!$retry) {
$this->fail('Should have thrown an exception');
}
// Ensure that the instance profile client sent two requests
$this->assertEquals(2, count($mock->getReceivedRequests()));
$this->assertEquals(2, count($lines));
$this->assertContains('x-amz-security-token: bar', $lines[0]);
$this->assertContains('x-amz-security-token: AxCusEXAMPLEFooBarBaz', $lines[1]);
} catch (\Exception $e) {
if ($retry) {
$this->fail('Threw exception when not expected: ' . $e->getMessage());
}
$this->assertCount(0, $mock->getReceivedRequests());
}
}
/**
* @expectedException \Aws\Common\Exception\InstanceProfileCredentialsException
* @expectedExceptionMessage Unexpected response code: InstanceProfileNotFound
*/
public function testEnsuresResponseCodeIsSuccess()
{
$client = InstanceMetadataClient::factory();
$mock = new MockPlugin(array($this->getMockResponse('metadata/iam_security_credentials'), new Response(200, null, '{ "Code": "InstanceProfileNotFound" }')));
$client->getEventDispatcher()->addSubscriber($mock);
$client->getInstanceProfileCredentials();
}
public function testCreatesDefaultPluginForConfig()
{
list($config, $plugin, $resolver) = $this->getMocks();
// Ensure that an backoff plugin is on the client
$config->set('resolvers', array($resolver));
$client = Client::factory();
$resolver->resolve($config, $client);
$this->assertTrue($this->hasSubscriber($client, $plugin));
}
/**
* Attempt to get new credentials from the instance profile
*
* @throws InstanceProfileCredentialsException On error
*/
protected function refresh()
{
try {
$request = $this->client->get('meta-data/iam/security-credentials/');
$request->getCurlOptions()->set(CURLOPT_TIMEOUT, 1)->set(CURLOPT_CONNECTTIMEOUT, 1);
$credentials = trim($request->send()->getBody(true));
$json = $this->client->get("meta-data/iam/security-credentials/{$credentials}")->send()->getBody(true);
$result = json_decode($json, true);
} catch (\Exception $e) {
$message = 'Error retrieving credentials from the instance profile metadata server. When you are not' . ' running inside of Amazon EC2, you must provide your AWS access key ID and secret access key in' . ' the "key" and "secret" options when creating a client or provide an instantiated' . ' Aws\\Common\\Credentials\\CredentialsInterface object.';
throw new InstanceProfileCredentialsException($message, $e->getCode(), $e);
}
// Ensure that the status code was successful
if ($result['Code'] !== 'Success') {
$e = new InstanceProfileCredentialsException('Unexpected response code: ' . $result['Code']);
$e->setStatusCode($result['Code']);
throw $e;
}
$this->credentials->setAccessKeyId($result['AccessKeyId'])->setSecretKey($result['SecretAccessKey'])->setSecurityToken($result['Token'])->setExpiration(strtotime($result['Expiration']));
}
public function testCanWait()
{
$waiter = $this->getMockBuilder('Aws\\Common\\Waiter\\AbstractResourceWaiter')->setMethods(array('wait'))->getMockForAbstractClass();
$client = InstanceMetadataClient::factory();
$waiter->setClient($client);
$this->assertSame($client, $this->readAttribute($waiter, 'client'));
$config = array('baz' => 'bar');
$waiter->setConfig($config);
$this->assertSame($config, $this->readAttribute($waiter, 'config'));
$resourceId = 'foo';
$waiter->setResourceId($resourceId);
$this->assertSame($resourceId, $this->readAttribute($waiter, 'resourceId'));
try {
$waiter->wait();
} catch (\Exception $e) {
}
}
/**
* Create Policy for S3 Upload.
*/
public function createPolicy()
{
date_default_timezone_set('UTC');
$base_time = time();
// will be replaced from Env var or IAM Role
if (isset($_SERVER['OSS_AWS_ACCESS_ID']) && isset($_SERVER['OSS_AWS_SECRET_KEY'])) {
$access_id = $_SERVER['OSS_AWS_ACCESS_ID'];
$secret_key = $_SERVER['OSS_AWS_SECRET_KEY'];
$security_token = '';
} else {
$meta_client = InstanceMetadataClient::factory();
$credentials = $meta_client->getInstanceProfileCredentials();
$access_id = $credentials->getAccessKeyId();
$secret_key = $credentials->getSecretKey();
$security_token = $credentials->getSecurityToken();
}
$region = Configure::read('region');
$bucket_name = Configure::read('bucket_name');
return $this->populatePolicy($base_time, $access_id, $secret_key, $security_token, $region, $bucket_name);
}
public function testCredentialsUsesApcCacheWhenCacheIsTrue()
{
if (!extension_loaded('apc')) {
$this->markTestSkipped('APC is not installed');
}
$client = InstanceMetadataClient::factory();
$credentials = Credentials::factory(array('credentials.client' => $client, 'credentials.cache' => true));
$this->assertInstanceOf('Aws\\Common\\Credentials\\CacheableCredentials', $credentials);
$this->assertInstanceOf('Guzzle\\Cache\\DoctrineCacheAdapter', $this->readAttribute($credentials, 'cache'));
}
/**
* Attempt to get new credentials from the instance profile
*
* @throws InstanceProfileCredentialsException On error
*/
protected function refresh()
{
$credentials = $this->client->getInstanceProfileCredentials();
// Expire the token 1 minute before it actually expires to pre-fetch before expiring
$this->credentials->setAccessKeyId($credentials->getAccessKeyId())->setSecretKey($credentials->getSecretKey())->setSecurityToken($credentials->getSecurityToken())->setExpiration($credentials->getExpiration());
}
protected function getMetadataCredentials()
{
$client = InstanceMetadataClient::factory(array());
$credentials = new RefreshableInstanceProfileCredentials(new Credentials('foo', 'baz', 'bar', 1), $client);
return array($client, $credentials);
}
public function testCredentialsUsesApcCacheWhenCacheIsTrue()
{
$client = InstanceMetadataClient::factory();
$credentials = Credentials::factory(array('credentials.client' => $client, 'credentials.cache' => true));
$this->assertInstanceOf('Aws\\Common\\Credentials\\CacheableCredentials', $credentials);
$this->assertInstanceOf('Guzzle\\Cache\\DoctrineCacheAdapter', $this->readAttribute($credentials, 'cache'));
}
/**
* @covers Aws\Common\InstanceMetadata\InstanceMetadataClient::getCredentials
*/
public function testCredentialsAreNull()
{
$client = InstanceMetadataClient::factory();
$this->assertNull($client->getCredentials());
}
/**
* Attempt to get new credentials from the instance profile
*
* @throws InstanceProfileCredentialsException On error
*/
protected function refresh()
{
$credentials = $this->client->getInstanceProfileCredentials();
// Expire the token 30 minutes early to pre-fetch before expiring.
$this->credentials->setAccessKeyId($credentials->getAccessKeyId())->setSecretKey($credentials->getSecretKey())->setSecurityToken($credentials->getSecurityToken())->setExpiration($credentials->getExpiration() - 1800);
}
/**
* Attempt to get new credentials from the instance profile
*
* @throws InstanceProfileCredentialsException On error
*/
protected function refresh()
{
$credentials = $this->client->getInstanceProfileCredentials();
$this->credentials->setAccessKeyId($credentials->getAccessKeyId())->setSecretKey($credentials->getSecretKey())->setSecurityToken($credentials->getSecurityToken())->setExpiration($credentials->getExpiration());
}
