public function testBuildAlternate()
{
$client = ClientBuilder::factory('Aws\\DynamoDb')->setConfigDefaults(array('scheme' => 'https', 'region' => 'us-west-1', 'service' => 'dynamodb', 'service.description' => $this->dynamoDbDescription))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) {
return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults())));
}))->addClientResolver(new BackoffOptionResolver(function () {
return BackoffPlugin::getExponentialBackoff();
}))->build();
$this->assertInstanceOf('Aws\\DynamoDb\\DynamoDbClient', $client);
}
/**
* Default method to execute when credentials are not specified
*
* @param Collection $config Config options
*
* @return CredentialsInterface
*/
protected function defaultMissingFunction(Collection $config)
{
if ($config->get(Options::KEY) && $config->get(Options::SECRET)) {
// Credentials were not provided, so create them using keys
return Credentials::factory($config->getAll());
}
// Attempt to get credentials from the EC2 instance profile server
return new RefreshableInstanceProfileCredentials(new Credentials('', '', '', 1));
}
/**
* Factory method to create a new Amazon STS client using an array of configuration options:
*
* Credential options (`key`, `secret`, and optional `token` OR `credentials` is required)
*
* - key: AWS Access Key ID
* - secret: AWS secret access key
* - credentials: You can optionally provide a custom `Aws\Common\Credentials\CredentialsInterface` object
* - token: Custom AWS security token to use with request authentication
* - token.ttd: UNIX timestamp for when the custom credentials expire
* - credentials.cache: Used to cache credentials when using providers that require HTTP requests. Set the true
* to use the default APC cache or provide a `Guzzle\Cache\CacheAdapterInterface` object.
* - credentials.cache.key: Optional custom cache key to use with the credentials
* - credentials.client: Pass this option to specify a custom `Guzzle\Http\ClientInterface` to use if your
* credentials require a HTTP request (e.g. RefreshableInstanceProfileCredentials)
*
* Region and Endpoint options (a `region` and optional `scheme` OR a `base_url` is required)
*
* - region: Region name (e.g. 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', etc...)
* - scheme: URI Scheme of the base URL (e.g. 'https', 'http').
* - base_url: Instead of using a `region` and `scheme`, you can specify a custom base URL for the client
* - endpoint_provider: Optional `Aws\Common\Region\EndpointProviderInterface` used to provide region endpoints
*
* Generic client options
*
* - ssl.certificate_authority: Set to true to use the bundled CA cert (default), system to use the certificate
* bundled with your system, or pass the full path to an SSL certificate bundle. This option should be used when
* you encounter curl error code 60.
* - curl.options: Array of cURL options to apply to every request.
* See http://www.php.net/manual/en/function.curl-setopt.php for a list of available options
* - signature: You can optionally provide a custom signature implementation used to sign requests
* - signature.service: Set to explicitly override the service name used in signatures
* - signature.region: Set to explicitly override the region name used in signatures
* - client.backoff.logger: `Guzzle\Log\LogAdapterInterface` object used to log backoff retries. Use
* 'debug' to emit PHP warnings when a retry is issued.
* - client.backoff.logger.template: Optional template to use for exponential backoff log messages. See
* `Guzzle\Plugin\Backoff\BackoffLogger` for formatting information.
*
* @param array|Collection $config Client configuration data
*
* @return self
*/
public static function factory($config = array())
{
// Construct the STS client with the client builder
return ClientBuilder::factory(__NAMESPACE__)->setConfig($config)->setConfigDefaults(array(Options::SERVICE_DESCRIPTION => __DIR__ . '/Resources/sts-2011-06-15.php'))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) {
// Always need long term credentials
if ($config->get(Options::KEY) && $config->get(Options::SECRET) && !$config->get(Options::TOKEN)) {
return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults())));
}
}))->build();
}
/**
* Factory method to create a new Amazon STS client using an array of configuration options:
*
* Credential options (`key`, `secret`, and optional `token` OR `credentials` is required)
*
* - key: AWS Access Key ID
* - secret: AWS secret access key
* - credentials: You can optionally provide a custom `Aws\Common\Credentials\CredentialsInterface` object
* - token: Custom AWS security token to use with request authentication
* - token.ttd: UNIX timestamp for when the custom credentials expire
* - credentials.cache: Used to cache credentials when using providers that require HTTP requests. Set the true
* to use the default APC cache or provide a `Guzzle\Cache\CacheAdapterInterface` object.
* - credentials.cache.key: Optional custom cache key to use with the credentials
* - credentials.client: Pass this option to specify a custom `Guzzle\Http\ClientInterface` to use if your
* credentials require a HTTP request (e.g. RefreshableInstanceProfileCredentials)
*
* Region and Endpoint options (a `region` and optional `scheme` OR a `base_url` is required)
*
* - region: Region name (e.g. 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', etc...)
* - scheme: URI Scheme of the base URL (e.g. 'https', 'http').
* - base_url: Instead of using a `region` and `scheme`, you can specify a custom base URL for the client
* - endpoint_provider: Optional `Aws\Common\Region\EndpointProviderInterface` used to provide region endpoints
*
* Generic client options
*
* - ssl.cert: Set to true to use the bundled CA cert or pass the full path to an SSL certificate bundle. This
* option should be used when you encounter curl error code 60.
* - curl.options: Array of cURL options to apply to every request.
* See http://www.php.net/manual/en/function.curl-setopt.php for a list of available options
* - signature: You can optionally provide a custom signature implementation used to sign requests
* - signature.service: Set to explicitly override the service name used in signatures
* - signature.region: Set to explicitly override the region name used in signatures
* - client.backoff.logger: `Guzzle\Log\LogAdapterInterface` object used to log backoff retries. Use
* 'debug' to emit PHP warnings when a retry is issued.
* - client.backoff.logger.template: Optional template to use for exponential backoff log messages. See
* `Guzzle\Plugin\Backoff\BackoffLogger` for formatting information.
*
* @param array|Collection $config Client configuration data
*
* @return self
*/
public static function factory($config = array())
{
// Construct the STS client with the client builder
return ClientBuilder::factory(__NAMESPACE__)->setConfig($config)->setConfigDefaults(array(Options::SERVICE => 'sts', Options::SCHEME => 'https', Options::REGION => 'us-east-1'))->setCredentialsResolver(new CredentialsOptionResolver(function (Collection $config) {
// Always need long term credentials
if ($config->get(Options::KEY) && $config->get(Options::SECRET) && !$config->get(Options::TOKEN)) {
return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults())));
}
}))->setSignature(new SignatureV4())->build();
}
public function testProxiesToWrappedObject()
{
$credentials = new Credentials('a', 'b', 'c', 1000);
$c = new AbstractCredentialsDecorator($credentials);
$this->assertEquals('a', $c->getAccessKeyId());
$this->assertEquals('b', $c->getSecretKey());
$this->assertEquals('c', $c->getSecurityToken());
$this->assertEquals(1000, $c->getExpiration());
$this->assertSame($c, $c->setAccessKeyId('foo'));
$this->assertSame($c, $c->setSecretKey('baz'));
$this->assertSame($c, $c->setSecurityToken('bar'));
$this->assertSame($c, $c->setExpiration(500));
$this->assertEquals('foo', $c->getAccessKeyId());
$this->assertEquals('baz', $c->getSecretKey());
$this->assertEquals('bar', $c->getSecurityToken());
$this->assertEquals(500, $c->getExpiration());
$this->assertTrue($c->isExpired());
$this->assertSame($c->serialize(), $credentials->serialize());
$this->assertEquals(unserialize(serialize($c)), $c);
}
protected function getCredentials(Collection $config)
{
$credentials = $config->get(Options::CREDENTIALS);
if (is_array($credentials)) {
$credentials = Credentials::factory($credentials);
} elseif ($credentials === false) {
$credentials = new NullCredentials();
} elseif (!$credentials instanceof CredentialsInterface) {
$credentials = Credentials::factory($config);
}
return $credentials;
}
/**
* Performs the building logic using all of the parameters that have been
* set and falling back to default values. Returns an instantiate service
* client with credentials prepared and plugins attached.
*
* @return AwsClientInterface
* @throws InvalidArgumentException
*/
public function build()
{
// Resolve configuration
$config = Collection::fromConfig($this->config, array_merge(self::$commonConfigDefaults, $this->configDefaults), self::$commonConfigRequirements + $this->configRequirements);
// Resolve endpoint and signature from the config and service description
$description = $this->updateConfigFromDescription($config);
$signature = $this->getSignature($description, $config);
// Resolve credentials
if (!($credentials = $config->get('credentials'))) {
$credentials = Credentials::factory($config);
}
// Resolve exception parser
if (!$this->exceptionParser) {
$this->exceptionParser = new DefaultXmlExceptionParser();
}
// Resolve backoff strategy
$backoff = $config->get(Options::BACKOFF);
if ($backoff === null) {
$backoff = new BackoffPlugin(new TruncatedBackoffStrategy(3, new ThrottlingErrorChecker($this->exceptionParser, new HttpBackoffStrategy(array(500, 503, 509), new CurlBackoffStrategy(null, new ExpiredCredentialsChecker($this->exceptionParser, new ExponentialBackoffStrategy()))))));
$config->set(Options::BACKOFF, $backoff);
}
if ($backoff) {
$this->addBackoffLogger($backoff, $config);
}
// Determine service and class name
$clientClass = 'Aws\\Common\\Client\\DefaultClient';
if ($this->clientNamespace) {
$serviceName = substr($this->clientNamespace, strrpos($this->clientNamespace, '\\') + 1);
$clientClass = $this->clientNamespace . '\\' . $serviceName . 'Client';
}
/** @var $client AwsClientInterface */
$client = new $clientClass($credentials, $signature, $config);
$client->setDescription($description);
// Add exception marshaling so that more descriptive exception are thrown
if ($this->clientNamespace) {
$exceptionFactory = new NamespaceExceptionFactory($this->exceptionParser, "{$this->clientNamespace}\\Exception", "{$this->clientNamespace}\\Exception\\{$serviceName}Exception");
$client->addSubscriber(new ExceptionListener($exceptionFactory));
}
// Add the UserAgentPlugin to append to the User-Agent header of requests
$client->addSubscriber(new UserAgentListener());
// Filters used for the cache plugin
$client->getConfig()->set('params.cache.key_filter', 'header=date,x-amz-date,x-amz-security-token,x-amzn-authorization');
// Set the iterator resource factory based on the provided iterators config
$client->setResourceIteratorFactory(new AwsResourceIteratorFactory($this->iteratorsConfig, new ResourceIteratorClassFactory($this->clientNamespace . '\\Iterator')));
// Disable parameter validation if needed
if ($config->get(Options::VALIDATION) === false) {
$params = $config->get('command.params') ?: array();
$params['command.disable_validation'] = true;
$config->set('command.params', $params);
}
return $client;
}
public function testCredentialsCanInjectCacheAndUsesHostnameBasedKey()
{
$cache = new DoctrineCacheAdapter(new ArrayCache());
$cache->save('credentials_' . crc32(gethostname()), new Credentials('ABC', '123', 'Listen to me', time() + 10000));
$credentials = Credentials::factory(array('credentials.cache' => $cache));
$this->assertInstanceOf('Aws\\Common\\Credentials\\CacheableCredentials', $credentials);
$this->assertSame($cache, $this->readAttribute($credentials, 'cache'));
$this->assertEquals('ABC', $credentials->getAccessKeyId());
}
public function testAddsDefaultCredentials()
{
$_SERVER['HOME'] = '/tmp';
$creds = Credentials::factory(array('key' => 'foo', 'secret' => 'bar'));
$config = array('service' => 'dynamodb', 'region' => 'us-east-1', 'credentials' => $creds, 'service.description' => array('signatureVersion' => 'v2', 'regions' => array('us-east-1' => array('https' => true, 'hostname' => 'foo.com'))));
// Ensure that specific credentials can be used
$client1 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build();
$this->assertSame($creds, $client1->getCredentials());
unset($config['credentials']);
// Ensure that the instance metadata service is called when no credentials are supplied
$client2 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build();
try {
$client2->getCredentials()->getAccessKeyId();
$this->fail('An InstanceProfileCredentialsException should have been thrown.');
} catch (\Exception $e) {
$this->assertInstanceOf('Aws\\Common\\Exception\\InstanceProfileCredentialsException', $e);
}
// Ensure that environment credentials are picked up if supplied via $_SERVER
$_SERVER[Credentials::ENV_KEY] = 'server-key';
$_SERVER[Credentials::ENV_SECRET] = 'server-secret';
$client3 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build();
$this->assertEquals('server-key', $client3->getCredentials()->getAccessKeyId());
$this->assertEquals('server-secret', $client3->getCredentials()->getSecretKey());
unset($_SERVER[Credentials::ENV_KEY], $_SERVER[Credentials::ENV_SECRET]);
// Ensure that environment credentials are picked up if supplied via AWS_SECRET_ACCESS_KEY
$_SERVER[Credentials::ENV_KEY] = 'server-key';
// Remove the old key name
unset($_SERVER[Credentials::ENV_SECRET]);
putenv(Credentials::ENV_SECRET);
$_SERVER[Credentials::ENV_SECRET_ACCESS_KEY] = 'server-secret';
$client4 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build();
$this->assertEquals('server-key', $client4->getCredentials()->getAccessKeyId());
$this->assertEquals('server-secret', $client4->getCredentials()->getSecretKey());
unset($_SERVER[Credentials::ENV_KEY], $_SERVER[Credentials::ENV_SECRET]);
putenv(Credentials::ENV_SECRET_ACCESS_KEY);
// Ensure that environment credentials are picked up if supplied via putenv
putenv(Credentials::ENV_KEY . '=env-key');
putenv(Credentials::ENV_SECRET . '=env-secret');
$client5 = ClientBuilder::factory('Aws\\DynamoDb')->setConfig($config)->build();
$this->assertEquals('env-key', $client5->getCredentials()->getAccessKeyId());
$this->assertEquals('env-secret', $client5->getCredentials()->getSecretKey());
putenv(Credentials::ENV_KEY);
putenv(Credentials::ENV_SECRET);
}
/**
* @covers Aws\Common\Credentials\Credentials::fromIni
* @covers Aws\Common\Credentials\Credentials::getHomeDir
* @dataProvider getDataForCredentialFileTest
*/
public function testFactoryCreatesCredentialsFromCredentialFile(array $envVars = array(), $expKey = null, $expSecret = null, $profile = null)
{
foreach ($envVars as $key => $value) {
$_SERVER[$key] = $value;
}
if (!$expKey && !$expSecret) {
$this->setExpectedException('RuntimeException');
}
$credentials = Credentials::fromIni($profile);
$this->assertEquals($expKey, $credentials->getAccessKeyId());
$this->assertEquals($expSecret, $credentials->getSecretKey());
}
/**
* Returns the default credential resolver for a client
*
* @return CredentialsOptionResolver
*/
protected function getDefaultCredentialsResolver()
{
return new CredentialsOptionResolver(function (Collection $config) {
return Credentials::factory($config->getAll(array_keys(Credentials::getConfigDefaults())));
});
}
/**
* @covers Aws\Common\Credentials\Credentials::factory
* @expectedException Aws\Common\Exception\InvalidArgumentException
* @expectedExceptionMessage Unable to utilize caching with the specified options
*/
public function testFactoryBailsWhenCacheCannotBeDetermined()
{
Credentials::factory(array('credentials.cache' => 'foo'));
}
