ホーム エクスプローラ ヘルプ
登録 サインイン
moonsflyer
/
yunjing_master
1
0
フォーク 0
ファイル 課題 0 プルリクエスト 0 Wiki
ブランチ: master
ブランチ タグ
yunjing_master
/
sdk
/
aws
/
Aws
/
Credentials
/
EcsCredentialProvider.php

EcsCredentialProvider.php 2.6 KB
パーマリンク 履歴 Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. <?php
    2. 

  2. namespace Aws\Credentials;
    3. 

  3. 

  4. use Aws\Exception\CredentialsException;
    5. 

  5. use GuzzleHttp\Psr7\Request;
    6. 

  6. use GuzzleHttp\Promise\PromiseInterface;
    7. 

  7. use Psr\Http\Message\ResponseInterface;
    8. 

  8. 

  9. /**
    10. 

  10.  * Credential provider that fetches credentials with GET request.
    11. 

  11.  * ECS environment variable is used in constructing request URI.
    12. 

  12.  */
    13. 

  13. class EcsCredentialProvider
    14. 

  14. {
    15. 

  15.     const SERVER_URI = 'http://169.254.170.2';
    16. 

  16.     const ENV_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
    17. 

  17.     const ENV_TIMEOUT = 'AWS_METADATA_SERVICE_TIMEOUT';
    18. 

  18. 

  19.     /** @var callable */
    20. 

  20.     private $client;
    21. 

  21. 

  22.     /** @var float|mixed */
    23. 

  23.     private $timeout;
    24. 

  24. 

  25.     /**
    26. 

  26.      *  The constructor accepts following options:
    27. 

  27.      *  - timeout: (optional) Connection timeout, in seconds, default 1.0
    28. 

  28.      *  - client: An EcsClient to make request from
    29. 

  29.      *
    30. 

  30.      * @param array $config Configuration options
    31. 

  31.      */
    32. 

  32.     public function __construct(array $config = [])
    33. 

  33.     {
    34. 

  34.         $this->timeout = (float) getenv(self::ENV_TIMEOUT) ?: (isset($config['timeout']) ? $config['timeout'] : 1.0);
    35. 

  35.         $this->client = isset($config['client'])
    36. 

  36.             ? $config['client']
    37. 

  37.             : \Aws\default_http_handler();
    38. 

  38.     }
    39. 

  39. 

  40.     /**
    41. 

  41.      * Load ECS credentials
    42. 

  42.      *
    43. 

  43.      * @return PromiseInterface
    44. 

  44.      */
    45. 

  45.     public function __invoke()
    46. 

  46.     {
    47. 

  47.         $client = $this->client;
    48. 

  48.         $request = new Request('GET', self::getEcsUri());
    49. 

  49.         return $client(
    50. 

  50.             $request,
    51. 

  51.             [
    52. 

  52.                 'timeout' => $this->timeout,
    53. 

  53.                 'proxy' => '',
    54. 

  54.             ]
    55. 

  55.         )->then(function (ResponseInterface $response) {
    56. 

  56.             $result = $this->decodeResult((string) $response->getBody());
    57. 

  57.             return new Credentials(
    58. 

  58.                 $result['AccessKeyId'],
    59. 

  59.                 $result['SecretAccessKey'],
    60. 

  60.                 $result['Token'],
    61. 

  61.                 strtotime($result['Expiration'])
    62. 

  62.             );
    63. 

  63.         })->otherwise(function ($reason) {
    64. 

  64.             $reason = is_array($reason) ? $reason['exception'] : $reason;
    65. 

  65.             $msg = $reason->getMessage();
    66. 

  66.             throw new CredentialsException(
    67. 

  67.                 "Error retrieving credential from ECS ($msg)"
    68. 

  68.             );
    69. 

  69.         });
    70. 

  70.     }
    71. 

  71. 

  72.     /**
    73. 

  73.      * Fetch credential URI from ECS environment variable
    74. 

  74.      *
    75. 

  75.      * @return string Returns ECS URI
    76. 

  76.      */
    77. 

  77.     private function getEcsUri()
    78. 

  78.     {
    79. 

  79.         $creds_uri = getenv(self::ENV_URI);
    80. 

  80.         return self::SERVER_URI . $creds_uri;
    81. 

  81.     }
    82. 

  82. 

  83.     private function decodeResult($response)
    84. 

  84.     {
    85. 

  85.         $result = json_decode($response, true);
    86. 

  86. 

  87.         if (!isset($result['AccessKeyId'])) {
    88. 

  88.             throw new CredentialsException('Unexpected ECS credential value');
    89. 

  89.         }
    90. 

  90.         return $result;
    91. 

  91.     }
    92. 

  92. }
    93.