github/Spaces-API
1
0
Fork 0
mirror of https://github.com/SociallyDev/Spaces-API.git synced 2025-08-14 02:27:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

spaces.php

Browse source
This commit is contained in:
Devang Srivastava 2017-12-07 21:23:18 +05:30
commit eefa32741e
845 changed files with 50409 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

69
aws/Aws/Credentials/AssumeRoleCredentialProvider.php Normal file
View file

@ -0,0 +1,69 @@
<?php
namespace Aws\Credentials;
use Aws\Exception\AwsException;
use Aws\Exception\CredentialsException;
use Aws\Result;
use Aws\Sts\StsClient;
use GuzzleHttp\Promise;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Promise\PromiseInterface;
use GuzzleHttp\Psr7\Response;
use Psr\Http\Message\ResponseInterface;
/**
* Credential provider that provides credentials via assuming a role
* More Information, see: http://docs.aws.amazon.com/aws-sdk-php/v3/api/api-sts-2011-06-15.html#assumerole
*/
class AssumeRoleCredentialProvider
{
const ERROR_MSG = "Missing required 'AssumeRoleCredentialProvider' configuration option: ";
/** @var callable */
private $client;
/** @var array */
private $assumeRoleParams;
/**
* The constructor requires following configure parameters:
* - client: a StsClient
* - assume_role_params: Parameters used to make assumeRole call
*
* @param array $config Configuration options
* @throws \InvalidArgumentException
*/
public function __construct(array $config = [])
{
if (!isset($config['assume_role_params'])) {
throw new \InvalidArgumentException(self::ERROR_MSG . "'assume_role_params'.");
}
if (!isset($config['client'])) {
throw new \InvalidArgumentException(self::ERROR_MSG . "'client'.");
}
$this->client = $config['client'];
$this->assumeRoleParams = $config['assume_role_params'];
}
/**
* Loads assume role credentials.
*
* @return PromiseInterface
*/
public function __invoke()
{
$client = $this->client;
return $client->assumeRoleAsync($this->assumeRoleParams)
->then(function (Result $result) {
return $this->client->createCredentials($result);
})->otherwise(function (\RuntimeException $exception) {
throw new CredentialsException(
"Error in retrieving assume role credentials.",
0,
$exception
);
});
}
}

396
aws/Aws/Credentials/CredentialProvider.php Normal file
View file

@ -0,0 +1,396 @@
<?php
namespace Aws\Credentials;
use Aws;
use Aws\CacheInterface;
use Aws\Exception\CredentialsException;
use GuzzleHttp\Promise;
/**
* Credential providers are functions that accept no arguments and return a
* promise that is fulfilled with an {@see \Aws\Credentials\CredentialsInterface}
* or rejected with an {@see \Aws\Exception\CredentialsException}.
*
* <code>
* use Aws\Credentials\CredentialProvider;
* $provider = CredentialProvider::defaultProvider();
* // Returns a CredentialsInterface or throws.
* $creds = $provider()->wait();
* </code>
*
* Credential providers can be composed to create credentials using conditional
* logic that can create different credentials in different environments. You
* can compose multiple providers into a single provider using
* {@see Aws\Credentials\CredentialProvider::chain}. This function accepts
* providers as variadic arguments and returns a new function that will invoke
* each provider until a successful set of credentials is returned.
*
* <code>
* // First try an INI file at this location.
* $a = CredentialProvider::ini(null, '/path/to/file.ini');
* // Then try an INI file at this location.
* $b = CredentialProvider::ini(null, '/path/to/other-file.ini');
* // Then try loading from environment variables.
* $c = CredentialProvider::env();
* // Combine the three providers together.
* $composed = CredentialProvider::chain($a, $b, $c);
* // Returns a promise that is fulfilled with credentials or throws.
* $promise = $composed();
* // Wait on the credentials to resolve.
* $creds = $promise->wait();
* </code>
*/
class CredentialProvider
{
const ENV_KEY = 'AWS_ACCESS_KEY_ID';
const ENV_SECRET = 'AWS_SECRET_ACCESS_KEY';
const ENV_SESSION = 'AWS_SESSION_TOKEN';
const ENV_PROFILE = 'AWS_PROFILE';
/**
* Create a default credential provider that first checks for environment
* variables, then checks for the "default" profile in ~/.aws/credentials,
* then checks for "profile default" profile in ~/.aws/config (which is
* the default profile of AWS CLI), then tries to make a GET Request to
* fetch credentials if Ecs environment variable is presented, and finally
* checks for EC2 instance profile credentials.
*
* This provider is automatically wrapped in a memoize function that caches
* previously provided credentials.
*
* @param array $config Optional array of ecs/instance profile credentials
* provider options.
*
* @return callable
*/
public static function defaultProvider(array $config = [])
{
$localCredentialProviders = self::localCredentialProviders();
$remoteCredentialProviders = self::remoteCredentialProviders($config);
return self::memoize(
call_user_func_array(
'self::chain',
array_merge($localCredentialProviders, $remoteCredentialProviders)
)
);
}
/**
* Create a credential provider function from a set of static credentials.
*
* @param CredentialsInterface $creds
*
* @return callable
*/
public static function fromCredentials(CredentialsInterface $creds)
{
$promise = Promise\promise_for($creds);
return function () use ($promise) {
return $promise;
};
}
/**
* Creates an aggregate credentials provider that invokes the provided
* variadic providers one after the other until a provider returns
* credentials.
*
* @return callable
*/
public static function chain()
{
$links = func_get_args();
if (empty($links)) {
throw new \InvalidArgumentException('No providers in chain');
}
return function () use ($links) {
/** @var callable $parent */
$parent = array_shift($links);
$promise = $parent();
while ($next = array_shift($links)) {
$promise = $promise->otherwise($next);
}
return $promise;
};
}
/**
* Wraps a credential provider and caches previously provided credentials.
*
* Ensures that cached credentials are refreshed when they expire.
*
* @param callable $provider Credentials provider function to wrap.
*
* @return callable
*/
public static function memoize(callable $provider)
{
return function () use ($provider) {
static $result;
static $isConstant;
// Constant credentials will be returned constantly.
if ($isConstant) {
return $result;
}
// Create the initial promise that will be used as the cached value
// until it expires.
if (null === $result) {
$result = $provider();
}
// Return credentials that could expire and refresh when needed.
return $result
->then(function (CredentialsInterface $creds) use ($provider, &$isConstant, &$result) {
// Determine if these are constant credentials.
if (!$creds->getExpiration()) {
$isConstant = true;
return $creds;
}
// Refresh expired credentials.
if (!$creds->isExpired()) {
return $creds;
}
// Refresh the result and forward the promise.
return $result = $provider();
});
};
}
/**
* Wraps a credential provider and saves provided credentials in an
* instance of Aws\CacheInterface. Forwards calls when no credentials found
* in cache and updates cache with the results.
*
* Defaults to using a simple file-based cache when none provided.
*
* @param callable $provider Credentials provider function to wrap
* @param CacheInterface $cache Cache to store credentials
* @param string|null $cacheKey (optional) Cache key to use
*
* @return callable
*/
public static function cache(
callable $provider,
CacheInterface $cache,
$cacheKey = null
) {
$cacheKey = $cacheKey ?: 'aws_cached_credentials';
return function () use ($provider, $cache, $cacheKey) {
$found = $cache->get($cacheKey);
if ($found instanceof CredentialsInterface && !$found->isExpired()) {
return Promise\promise_for($found);
}
return $provider()
->then(function (CredentialsInterface $creds) use (
$cache,
$cacheKey
) {
$cache->set(
$cacheKey,
$creds,
null === $creds->getExpiration() ?
0 : $creds->getExpiration() - time()
);
return $creds;
});
};
}
/**
* Provider that creates credentials from environment variables
* AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN.
*
* @return callable
*/
public static function env()
{
return function () {
// Use credentials from environment variables, if available
$key = getenv(self::ENV_KEY);
$secret = getenv(self::ENV_SECRET);
if ($key && $secret) {
return Promise\promise_for(
new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL)
);
}
return self::reject('Could not find environment variable '
. 'credentials in ' . self::ENV_KEY . '/' . self::ENV_SECRET);
};
}
/**
* Credential provider that creates credentials using instance profile
* credentials.
*
* @param array $config Array of configuration data.
*
* @return InstanceProfileProvider
* @see Aws\Credentials\InstanceProfileProvider for $config details.
*/
public static function instanceProfile(array $config = [])
{
return new InstanceProfileProvider($config);
}
/**
* Credential provider that creates credentials using
* ecs credentials by a GET request, whose uri is specified
* by environment variable
*
* @param array $config Array of configuration data.
*
* @return EcsCredentialProvider
* @see Aws\Credentials\EcsCredentialProvider for $config details.
*/
public static function ecsCredentials(array $config = [])
{
return new EcsCredentialProvider($config);
}
/**
* Credential provider that creates credentials using assume role
*
* @param array $config Array of configuration data
* @return callable
* @see Aws\Credentials\AssumeRoleCredentialProvider for $config details.
*/
public static function assumeRole(array $config=[])
{
return new AssumeRoleCredentialProvider($config);
}
/**
* Credentials provider that creates credentials using an ini file stored
* in the current user's home directory.
*
* @param string|null $profile Profile to use. If not specified will use
* the "default" profile in "~/.aws/credentials".
* @param string|null $filename If provided, uses a custom filename rather
* than looking in the home directory.
*
* @return callable
*/
public static function ini($profile = null, $filename = null)
{
$filename = $filename ?: (self::getHomeDir() . '/.aws/credentials');
$profile = $profile ?: (getenv(self::ENV_PROFILE) ?: 'default');
return function () use ($profile, $filename) {
if (!is_readable($filename)) {
return self::reject("Cannot read credentials from $filename");
}
$data = parse_ini_file($filename, true);
if ($data === false) {
return self::reject("Invalid credentials file: $filename");
}
if (!isset($data[$profile])) {
return self::reject("'$profile' not found in credentials file");
}
if (!isset($data[$profile]['aws_access_key_id'])
|| !isset($data[$profile]['aws_secret_access_key'])
) {
return self::reject("No credentials present in INI profile "
. "'$profile' ($filename)");
}
if (empty($data[$profile]['aws_session_token'])) {
$data[$profile]['aws_session_token']
= isset($data[$profile]['aws_security_token'])
? $data[$profile]['aws_security_token']
: null;
}
return Promise\promise_for(
new Credentials(
$data[$profile]['aws_access_key_id'],
$data[$profile]['aws_secret_access_key'],
$data[$profile]['aws_session_token']
)
);
};
}
/**
* Local credential providers returns a list of local credential providers
* in following order:
* - credentials from environment variables
* - 'default' profile in '.aws/credentials' file
* - 'profile default' profile in '.aws/config' file
*
* @return array
*/
private static function localCredentialProviders()
{
return [
self::env(),
self::ini(),
self::ini('profile default', self::getHomeDir() . '/.aws/config')
];
}
/**
* Remote credential providers returns a list of credentials providers
* for the remote endpoints such as EC2 or ECS Roles.
*
* @param array $config Array of configuration data.
*
* @return array
* @see Aws\Credentials\InstanceProfileProvider for $config details.
* @see Aws\Credentials\EcsCredentialProvider for $config details.
*/
private static function remoteCredentialProviders(array $config = [])
{
if (!empty(getenv(EcsCredentialProvider::ENV_URI))) {
$providers['ecs'] = self::ecsCredentials($config);
}
$providers['instance'] = self::instanceProfile($config);
if (isset($config['credentials'])
&& $config['credentials'] instanceof CacheInterface
) {
foreach ($providers as $key => $provider) {
$providers[$key] = self::cache(
$provider,
$config['credentials'],
'aws_cached_' . $key . '_credentials'
);
}
}
return $providers;
}
/**
* Gets the environment's HOME directory if available.
*
* @return null|string
*/
private static function getHomeDir()
{
// On Linux/Unix-like systems, use the HOME environment variable
if ($homeDir = getenv('HOME')) {
return $homeDir;
}
// Get the HOMEDRIVE and HOMEPATH values for Windows hosts
$homeDrive = getenv('HOMEDRIVE');
$homePath = getenv('HOMEPATH');
return ($homeDrive && $homePath) ? $homeDrive . $homePath : null;
}
private static function reject($msg)
{
return new Promise\RejectedPromise(new CredentialsException($msg));
}
}

91
aws/Aws/Credentials/Credentials.php Normal file
View file

@ -0,0 +1,91 @@
<?php
namespace Aws\Credentials;
/**
* Basic implementation of the AWS Credentials interface that allows callers to
* pass in the AWS Access Key and AWS Secret Access Key in the constructor.
*/
class Credentials implements CredentialsInterface, \Serializable
{
private $key;
private $secret;
private $token;
private $expires;
/**
* Constructs a new BasicAWSCredentials object, with the specified AWS
* access key and AWS secret key
*
* @param string $key AWS access key ID
* @param string $secret AWS secret access key
* @param string $token Security token to use
* @param int $expires UNIX timestamp for when credentials expire
*/
public function __construct($key, $secret, $token = null, $expires = null)
{
$this->key = trim($key);
$this->secret = trim($secret);
$this->token = $token;
$this->expires = $expires;
}
public static function __set_state(array $state)
{
return new self(
$state['key'],
$state['secret'],
$state['token'],
$state['expires']
);
}
public function getAccessKeyId()
{
return $this->key;
}
public function getSecretKey()
{
return $this->secret;
}
public function getSecurityToken()
{
return $this->token;
}
public function getExpiration()
{
return $this->expires;
}
public function isExpired()
{
return $this->expires !== null && time() >= $this->expires;
}
public function toArray()
{
return [
'key' => $this->key,
'secret' => $this->secret,
'token' => $this->token,
'expires' => $this->expires
];
}
public function serialize()
{
return json_encode($this->toArray());
}
public function unserialize($serialized)
{
$data = json_decode($serialized, true);
$this->key = $data['key'];
$this->secret = $data['secret'];
$this->token = $data['token'];
$this->expires = $data['expires'];
}
}

52
aws/Aws/Credentials/CredentialsInterface.php Normal file
View file

@ -0,0 +1,52 @@
<?php
namespace Aws\Credentials;
/**
* Provides access to the AWS credentials used for accessing AWS services: AWS
* access key ID, secret access key, and security token. These credentials are
* used to securely sign requests to AWS services.
*/
interface CredentialsInterface
{
/**
* Returns the AWS access key ID for this credentials object.
*
* @return string
*/
public function getAccessKeyId();
/**
* Returns the AWS secret access key for this credentials object.
*
* @return string
*/
public function getSecretKey();
/**
* Get the associated security token if available
*
* @return string|null
*/
public function getSecurityToken();
/**
* Get the UNIX timestamp in which the credentials will expire
*
* @return int|null
*/
public function getExpiration();
/**
* Check if the credentials are expired
*
* @return bool
*/
public function isExpired();
/**
* Converts the credentials to an associative array.
*
* @return array
*/
public function toArray();
}

86
aws/Aws/Credentials/EcsCredentialProvider.php Normal file
View file

@ -0,0 +1,86 @@
<?php
namespace Aws\Credentials;
use Aws\Exception\CredentialsException;
use GuzzleHttp\Promise;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Promise\PromiseInterface;
use Psr\Http\Message\ResponseInterface;
/**
* Credential provider that fetches credentials with GET request.
* ECS environment variable is used in constructing request URI.
*/
class EcsCredentialProvider
{
const SERVER_URI = 'http://169.254.170.2';
const ENV_URI = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
/** @var callable */
private $client;
/**
* The constructor accepts following options:
* - timeout: (optional) Connection timeout, in seconds, default 1.0
* - client: An EcsClient to make request from
*
* @param array $config Configuration options
*/
public function __construct(array $config = [])
{
$this->timeout = isset($config['timeout']) ? $config['timeout'] : 1.0;
$this->client = isset($config['client'])
? $config['client']
: \Aws\default_http_handler();
}
/**
* Load ECS credentials
*
* @return PromiseInterface
*/
public function __invoke()
{
$client = $this->client;
$request = new Request('GET', self::getEcsUri());
return $client(
$request,
['timeout' => $this->timeout]
)->then(function (ResponseInterface $response) {
$result = $this->decodeResult((string) $response->getBody());
return new Credentials(
$result['AccessKeyId'],
$result['SecretAccessKey'],
$result['Token'],
strtotime($result['Expiration'])
);
})->otherwise(function ($reason) {
$reason = is_array($reason) ? $reason['exception'] : $reason;
$msg = $reason->getMessage();
throw new CredentialsException(
"Error retrieving credential from ECS ($msg)"
);
});
}
/**
* Fetch credential URI from ECS environment variable
*
* @return string Returns ECS URI
*/
private function getEcsUri()
{
$creds_uri = getenv(self::ENV_URI);
return self::SERVER_URI . $creds_uri;
}
private function decodeResult($response)
{
$result = json_decode($response, true);
if (!isset($result['AccessKeyId'])) {
throw new CredentialsException('Unexpected ECS credential value');
}
return $result;
}
}

102
aws/Aws/Credentials/InstanceProfileProvider.php Normal file
View file

@ -0,0 +1,102 @@
<?php
namespace Aws\Credentials;
use Aws\Exception\CredentialsException;
use GuzzleHttp\Promise;
use GuzzleHttp\Psr7\Request;
use GuzzleHttp\Promise\PromiseInterface;
use Psr\Http\Message\ResponseInterface;
/**
* Credential provider that provides credentials from the EC2 metadata server.
*/
class InstanceProfileProvider
{
const SERVER_URI = 'http://169.254.169.254/latest/';
const CRED_PATH = 'meta-data/iam/security-credentials/';
/** @var string */
private $profile;
/** @var callable */
private $client;
/**
* The constructor accepts the following options:
*
* - timeout: Connection timeout, in seconds.
* - profile: Optional EC2 profile name, if known.
*
* @param array $config Configuration options.
*/
public function __construct(array $config = [])
{
$this->timeout = isset($config['timeout']) ? $config['timeout'] : 1.0;
$this->profile = isset($config['profile']) ? $config['profile'] : null;
$this->client = isset($config['client'])
? $config['client'] // internal use only
: \Aws\default_http_handler();
}
/**
* Loads instance profile credentials.
*
* @return PromiseInterface
*/
public function __invoke()
{
return Promise\coroutine(function () {
if (!$this->profile) {
$this->profile = (yield $this->request(self::CRED_PATH));
}
$json = (yield $this->request(self::CRED_PATH . $this->profile));
$result = $this->decodeResult($json);
yield new Credentials(
$result['AccessKeyId'],
$result['SecretAccessKey'],
$result['Token'],
strtotime($result['Expiration'])
);
});
}
/**
* @param string $url
* @return PromiseInterface Returns a promise that is fulfilled with the
* body of the response as a string.
*/
private function request($url)
{
$fn = $this->client;
$request = new Request('GET', self::SERVER_URI . $url);
return $fn($request, ['timeout' => $this->timeout])
->then(function (ResponseInterface $response) {
return (string) $response->getBody();
})->otherwise(function (array $reason) {
$reason = $reason['exception'];
$msg = $reason->getMessage();
throw new CredentialsException(
$this->createErrorMessage($msg, 0, $reason)
);
});
}
private function createErrorMessage($previous)
{
return "Error retrieving credentials from the instance profile "
. "metadata server. ({$previous})";
}
private function decodeResult($response)
{
$result = json_decode($response, true);
if ($result['Code'] !== 'Success') {
throw new CredentialsException('Unexpected instance profile '
. 'response code: ' . $result['Code']);
}
return $result;
}
}