/**
  * Fetches and caches EC2 instance profile credentials. This is meant to be used by the constructor, and is not to
  * be manually invoked.
  *
  * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching.
  * @param array $options (Required) The options that were passed into the constructor.
  * @return mixed The data to be cached, or NULL.
  */
 public function cache_instance_profile_credentials($cache, $options)
 {
     $instance_profile_url = 'http://169.254.169.254/latest/meta-data/iam/security-credentials/';
     $connect_timeout = isset($options['instance_profile_timeout']) ? $options['instance_profile_timeout'] : 2;
     try {
         // Make a call to the EC2 Metadata Service to find the available instance profile
         $request = new RequestCore($instance_profile_url);
         $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout));
         $response = $request->send_request(true);
         if ($response->isOK()) {
             // Get the instance profile name
             $profile = (string) $response->body;
             // Make a call to the EC2 Metadata Service to get the instance profile credentials
             $request = new RequestCore($instance_profile_url . $profile);
             $request->set_curlopts(array(CURLOPT_CONNECTTIMEOUT => $connect_timeout));
             $response = $request->send_request(true);
             if ($response->isOK()) {
                 // Get the credentials
                 $credentials = json_decode($response->body, true);
                 if ($credentials['Code'] === 'Success') {
                     // Determine the expiration time
                     $expiration_time = strtotime((string) $credentials['Expiration']);
                     $expiration_duration = round(($expiration_time - time()) * 0.85);
                     $cache->expire_in($expiration_duration);
                     // Return the credential information
                     return array('key' => $credentials['AccessKeyId'], 'secret' => $credentials['SecretAccessKey'], 'token' => $credentials['Token'], 'expires' => $credentials['Expiration']);
                 }
             }
         }
     } catch (cURL_Exception $e) {
         // The EC2 Metadata Service does not exist or had timed out.
         // An exception will be thrown on the next line.
     }
     // @codeCoverageIgnoreStart
     throw new CFCredentials_Exception('No credentials were provided. The SDK attempted to retrieve Instance ' . 'Profile credentials from the EC2 Instance Metadata Service, but failed to do so. Instance profile ' . 'credentials are only accessible on EC2 instances configured with a specific IAM role.');
     // @codeCoverageIgnoreEnd
 }
示例#2
0
 /**
  * Fetches and caches STS credentials. This is meant to be used by the constructor, and is not to be
  * manually invoked.
  *
  * @param CacheCore $cache (Required) The a reference to the cache object that is being used to handle the caching.
  * @param array $options (Required) The options that were passed into the constructor.
  * @return mixed The data to be cached, or NULL.
  */
 public function cache_sts_credentials($cache, $options)
 {
     $token = new AmazonSTS($options);
     $response = $token->get_session_token();
     if ($response->isOK()) {
         // Update the expiration
         $expiration_time = strtotime((string) $response->body->GetSessionTokenResult->Credentials->Expiration);
         $expiration_duration = round(($expiration_time - time()) * 0.85);
         $cache->expire_in($expiration_duration);
         // Return the important data
         return array('key' => (string) $response->body->GetSessionTokenResult->Credentials->AccessKeyId, 'secret' => (string) $response->body->GetSessionTokenResult->Credentials->SecretAccessKey, 'token' => (string) $response->body->GetSessionTokenResult->Credentials->SessionToken, 'expires' => (string) $response->body->GetSessionTokenResult->Credentials->Expiration);
     }
     return null;
 }