public function testBuildAlternate() { $client = ClientBuilder::factory('Aws\\DynamoDb')->setConfigDefaults(array('scheme' => 'https', 'region' => 'us-west-1', 'service' => 'dynamodb', 'service.description' => $this->dynamoDbDescription))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) { return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults()))); }))->addClientResolver(new BackoffOptionResolver(function () { return BackoffPlugin::getExponentialBackoff(); }))->build(); $this->assertInstanceOf('Aws\\DynamoDb\\DynamoDbClient', $client); }
/** * Default method to execute when credentials are not specified * * @param Collection $config Config options * * @return CredentialsInterface */ protected function defaultMissingFunction(Collection $config) { if ($config->get(Options::KEY) && $config->get(Options::SECRET)) { // Credentials were not provided, so create them using keys return Credentials::factory($config->getAll()); } // Attempt to get credentials from the EC2 instance profile server return new RefreshableInstanceProfileCredentials(new Credentials('', '', '', 1)); }
/** * Factory method to create a new Amazon STS client using an array of configuration options: * * Credential options (`key`, `secret`, and optional `token` OR `credentials` is required) * * - key: AWS Access Key ID * - secret: AWS secret access key * - credentials: You can optionally provide a custom `Aws\Common\Credentials\CredentialsInterface` object * - token: Custom AWS security token to use with request authentication * - token.ttd: UNIX timestamp for when the custom credentials expire * - credentials.cache: Used to cache credentials when using providers that require HTTP requests. Set the true * to use the default APC cache or provide a `Guzzle\Cache\CacheAdapterInterface` object. * - credentials.cache.key: Optional custom cache key to use with the credentials * - credentials.client: Pass this option to specify a custom `Guzzle\Http\ClientInterface` to use if your * credentials require a HTTP request (e.g. RefreshableInstanceProfileCredentials) * * Region and Endpoint options (a `region` and optional `scheme` OR a `base_url` is required) * * - region: Region name (e.g. 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', etc...) * - scheme: URI Scheme of the base URL (e.g. 'https', 'http'). * - base_url: Instead of using a `region` and `scheme`, you can specify a custom base URL for the client * - endpoint_provider: Optional `Aws\Common\Region\EndpointProviderInterface` used to provide region endpoints * * Generic client options * * - ssl.certificate_authority: Set to true to use the bundled CA cert (default), system to use the certificate * bundled with your system, or pass the full path to an SSL certificate bundle. This option should be used when * you encounter curl error code 60. * - curl.options: Array of cURL options to apply to every request. * See http://www.php.net/manual/en/function.curl-setopt.php for a list of available options * - signature: You can optionally provide a custom signature implementation used to sign requests * - signature.service: Set to explicitly override the service name used in signatures * - signature.region: Set to explicitly override the region name used in signatures * - client.backoff.logger: `Guzzle\Log\LogAdapterInterface` object used to log backoff retries. Use * 'debug' to emit PHP warnings when a retry is issued. * - client.backoff.logger.template: Optional template to use for exponential backoff log messages. See * `Guzzle\Plugin\Backoff\BackoffLogger` for formatting information. * * @param array|Collection $config Client configuration data * * @return self */ public static function factory($config = array()) { // Construct the STS client with the client builder return ClientBuilder::factory(__NAMESPACE__)->setConfig($config)->setConfigDefaults(array(Options::SERVICE_DESCRIPTION => __DIR__ . '/Resources/sts-2011-06-15.php'))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) { // Always need long term credentials if ($config->get(Options::KEY) && $config->get(Options::SECRET) && !$config->get(Options::TOKEN)) { return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults()))); } }))->build(); }
/** * Factory method to create a new Amazon STS client using an array of configuration options: * * Credential options (`key`, `secret`, and optional `token` OR `credentials` is required) * * - key: AWS Access Key ID * - secret: AWS secret access key * - credentials: You can optionally provide a custom `Aws\Common\Credentials\CredentialsInterface` object * - token: Custom AWS security token to use with request authentication * - token.ttd: UNIX timestamp for when the custom credentials expire * - credentials.cache: Used to cache credentials when using providers that require HTTP requests. Set the true * to use the default APC cache or provide a `Guzzle\Cache\CacheAdapterInterface` object. * - credentials.cache.key: Optional custom cache key to use with the credentials * - credentials.client: Pass this option to specify a custom `Guzzle\Http\ClientInterface` to use if your * credentials require a HTTP request (e.g. RefreshableInstanceProfileCredentials) * * Region and Endpoint options (a `region` and optional `scheme` OR a `base_url` is required) * * - region: Region name (e.g. 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', etc...) * - scheme: URI Scheme of the base URL (e.g. 'https', 'http'). * - base_url: Instead of using a `region` and `scheme`, you can specify a custom base URL for the client * - endpoint_provider: Optional `Aws\Common\Region\EndpointProviderInterface` used to provide region endpoints * * Generic client options * * - ssl.cert: Set to true to use the bundled CA cert or pass the full path to an SSL certificate bundle. This * option should be used when you encounter curl error code 60. * - curl.options: Array of cURL options to apply to every request. * See http://www.php.net/manual/en/function.curl-setopt.php for a list of available options * - signature: You can optionally provide a custom signature implementation used to sign requests * - signature.service: Set to explicitly override the service name used in signatures * - signature.region: Set to explicitly override the region name used in signatures * - client.backoff.logger: `Guzzle\Log\LogAdapterInterface` object used to log backoff retries. Use * 'debug' to emit PHP warnings when a retry is issued. * - client.backoff.logger.template: Optional template to use for exponential backoff log messages. See * `Guzzle\Plugin\Backoff\BackoffLogger` for formatting information. * * @param array|Collection $config Client configuration data * * @return self */ public static function factory($config = array()) { // Construct the STS client with the client builder return ClientBuilder::factory(__NAMESPACE__)->setConfig($config)->setConfigDefaults(array(Options::SERVICE => 'sts', Options::SCHEME => 'https', Options::REGION => 'us-east-1'))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) { // Always need long term credentials if ($config->get(Options::KEY) && $config->get(Options::SECRET) && !$config->get(Options::TOKEN)) { return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults()))); } }))->setSignature(new SignatureV4())->build(); }
protected function getCredentials(Collection $config) { $credentials = $config->get(Options::CREDENTIALS); if (is_array($credentials)) { $credentials = Credentials::factory($credentials); } elseif ($credentials === false) { $credentials = new NullCredentials(); } elseif (!$credentials instanceof CredentialsInterface) { $credentials = Credentials::factory($config); } return $credentials; }
/** * Performs the building logic using all of the parameters that have been * set and falling back to default values. Returns an instantiate service * client with credentials prepared and plugins attached. * * @return AwsClientInterface * @throws InvalidArgumentException */ public function build() { // Resolve configuration $config = Collection::fromConfig($this->config, array_merge(self::$commonConfigDefaults, $this->configDefaults), self::$commonConfigRequirements + $this->configRequirements); // Resolve endpoint and signature from the config and service description $description = $this->updateConfigFromDescription($config); $signature = $this->getSignature($description, $config); // Resolve credentials if (!($credentials = $config->get('credentials'))) { $credentials = Credentials::factory($config); } // Resolve exception parser if (!$this->exceptionParser) { $this->exceptionParser = new DefaultXmlExceptionParser(); } // Resolve backoff strategy $backoff = $config->get(Options::BACKOFF); if ($backoff === null) { $backoff = new BackoffPlugin(new TruncatedBackoffStrategy(3, new ThrottlingErrorChecker($this->exceptionParser, new HttpBackoffStrategy(array(500, 503, 509), new CurlBackoffStrategy(null, new ExpiredCredentialsChecker($this->exceptionParser, new ExponentialBackoffStrategy())))))); $config->set(Options::BACKOFF, $backoff); } if ($backoff) { $this->addBackoffLogger($backoff, $config); } // Determine service and class name $clientClass = 'Aws\\Common\\Client\\DefaultClient'; if ($this->clientNamespace) { $serviceName = substr($this->clientNamespace, strrpos($this->clientNamespace, '\\') + 1); $clientClass = $this->clientNamespace . '\\' . $serviceName . 'Client'; } /** @var $client AwsClientInterface */ $client = new $clientClass($credentials, $signature, $config); $client->setDescription($description); // Add exception marshaling so that more descriptive exception are thrown if ($this->clientNamespace) { $exceptionFactory = new NamespaceExceptionFactory($this->exceptionParser, "{$this->clientNamespace}\\Exception", "{$this->clientNamespace}\\Exception\\{$serviceName}Exception"); $client->addSubscriber(new ExceptionListener($exceptionFactory)); } // Add the UserAgentPlugin to append to the User-Agent header of requests $client->addSubscriber(new UserAgentListener()); // Filters used for the cache plugin $client->getConfig()->set('params.cache.key_filter', 'header=date,x-amz-date,x-amz-security-token,x-amzn-authorization'); // Set the iterator resource factory based on the provided iterators config $client->setResourceIteratorFactory(new AwsResourceIteratorFactory($this->iteratorsConfig, new ResourceIteratorClassFactory($this->clientNamespace . '\\Iterator'))); // Disable parameter validation if needed if ($config->get(Options::VALIDATION) === false) { $params = $config->get('command.params') ?: array(); $params['command.disable_validation'] = true; $config->set('command.params', $params); } return $client; }
public function testCredentialsCanInjectCacheAndUsesHostnameBasedKey() { $cache = new DoctrineCacheAdapter(new ArrayCache()); $cache->save('credentials_' . crc32(gethostname()), new Credentials('ABC', '123', 'Listen to me', time() + 10000)); $credentials = Credentials::factory(array('credentials.cache' => $cache)); $this->assertInstanceOf('Aws\\Common\\Credentials\\CacheableCredentials', $credentials); $this->assertSame($cache, $this->readAttribute($credentials, 'cache')); $this->assertEquals('ABC', $credentials->getAccessKeyId()); }
public function testAddsDefaultCredentials() { $_SERVER['HOME'] = '/tmp'; $creds = Credentials::factory(array('key' => 'foo', 'secret' => 'bar')); $config = array('service' => 'dynamodb', 'region' => 'us-east-1', 'credentials' => $creds, 'service.description' => array('signatureVersion' => 'v2', 'regions' => array('us-east-1' => array('https' => true, 'hostname' => 'foo.com')))); // Ensure that specific credentials can be used $client1 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build(); $this->assertSame($creds, $client1->getCredentials()); unset($config['credentials']); // Ensure that the instance metadata service is called when no credentials are supplied $client2 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build(); try { $client2->getCredentials()->getAccessKeyId(); $this->fail('An InstanceProfileCredentialsException should have been thrown.'); } catch (\Exception $e) { $this->assertInstanceOf('Aws\\Common\\Exception\\InstanceProfileCredentialsException', $e); } // Ensure that environment credentials are picked up if supplied via $_SERVER $_SERVER[Credentials::ENV_KEY] = 'server-key'; $_SERVER[Credentials::ENV_SECRET] = 'server-secret'; $client3 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build(); $this->assertEquals('server-key', $client3->getCredentials()->getAccessKeyId()); $this->assertEquals('server-secret', $client3->getCredentials()->getSecretKey()); unset($_SERVER[Credentials::ENV_KEY], $_SERVER[Credentials::ENV_SECRET]); // Ensure that environment credentials are picked up if supplied via AWS_SECRET_ACCESS_KEY $_SERVER[Credentials::ENV_KEY] = 'server-key'; // Remove the old key name unset($_SERVER[Credentials::ENV_SECRET]); putenv(Credentials::ENV_SECRET); $_SERVER[Credentials::ENV_SECRET_ACCESS_KEY] = 'server-secret'; $client4 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build(); $this->assertEquals('server-key', $client4->getCredentials()->getAccessKeyId()); $this->assertEquals('server-secret', $client4->getCredentials()->getSecretKey()); unset($_SERVER[Credentials::ENV_KEY], $_SERVER[Credentials::ENV_SECRET]); putenv(Credentials::ENV_SECRET_ACCESS_KEY); // Ensure that environment credentials are picked up if supplied via putenv putenv(Credentials::ENV_KEY . '=env-key'); putenv(Credentials::ENV_SECRET . '=env-secret'); $client5 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build(); $this->assertEquals('env-key', $client5->getCredentials()->getAccessKeyId()); $this->assertEquals('env-secret', $client5->getCredentials()->getSecretKey()); putenv(Credentials::ENV_KEY); putenv(Credentials::ENV_SECRET); }
/** * @covers Aws\Common\Credentials\Credentials::factory * @covers Aws\Common\Credentials\Credentials::createCache * @expectedException \Aws\Common\Exception\InvalidArgumentException * @expectedExceptionMessage Unable to utilize caching with the specified options */ public function testFactoryBailsWhenCacheCannotBeDetermined() { Credentials::factory(array('credentials.cache' => 'foo')); }
/** * Returns the default credential resolver for a client * * @return CredentialsOptionResolver */ protected function getDefaultCredentialsResolver() { return new CredentialsOptionResolver(function (Collection $config) { return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults()))); }); }