예제 #1
0
파일: Client.php 프로젝트: m6web/aws-bundle
 /**
  * Returns a set of temporary security credentials for users who have been authenticated in a mobile
  * or web application with a web identity provider, such as Login with Amazon, Facebook, or Google.
  *
  * @param string  $roleArn          The Amazon Resource Name (ARN) of the role that the caller is assuming.
  * @param string  $roleSessionName  An identifier for the assumed role session.
  * @param string  $webIdentityToken The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.
  * @param string  $providerId       The fully-qualified host component of the domain name of the identity provider.
  * @param string  $policy           An IAM policy in JSON format.
  * @param integer $durationSeconds  The duration, in seconds, of the role session.
  *
  * @return Guzzle\Service\Resource\Model
  *
  * @see http://docs.aws.amazon.com/aws-sdk-php/latest/class-Aws.Sts.StsClient.html#_assumeRoleWithWebIdentity
  */
 public function assumeRoleWithWebIdentity($roleArn, $roleSessionName, $webIdentityToken, $providerId = null, $policy = null, $durationSeconds = 3600)
 {
     $args = ['RoleArn' => $roleArn, 'RoleSessionName' => $roleSessionName, 'WebIdentityToken' => $webIdentityToken, 'DurationSeconds' => $durationSeconds];
     if ($providerId !== null) {
         $args['ProviderId'] = $providerId;
     }
     if ($policy !== null) {
         $args['Policy'] = $policy;
     }
     return $this->client->assumeRoleWithWebIdentity($args);
 }
예제 #2
0
 /**
  * @expectedException \Aws\Sts\Exception\StsException
  * @expectedExceptionMessage Not authorized to perform sts:AssumeRoleWithWebIdentity
  */
 public function testFailsOnBadWebIdentity()
 {
     $this->client->assumeRoleWithWebIdentity(array('RoleArn' => 'arn:aws:iam::123123123123:role/DummyRole.', 'RoleSessionName' => 'dummy-session-name', 'WebIdentityToken' => 'dummy-oauth-token', 'ProviderId' => 'dummy-provider-name', 'Policy' => json_encode(array('Statement' => array(array('Effect' => 'Deny', 'Action' => 's3:GetObject', 'Resource' => 'arn:aws:s3:::mybucket/dummy/*'))))));
 }