WebSVN – Moodle – Diff – /lib/aws-sdk/src/Credentials/CredentialProvider.php

     const ENV_ARN = 'AWS_ROLE_ARN';
     const ENV_KEY = 'AWS_ACCESS_KEY_ID';
     const ENV_PROFILE = 'AWS_PROFILE';
     const ENV_ROLE_SESSION_NAME = 'AWS_ROLE_SESSION_NAME';
     const ENV_SECRET = 'AWS_SECRET_ACCESS_KEY';
+    const ENV_ACCOUNT_ID = 'AWS_ACCOUNT_ID';
     const ENV_SESSION = 'AWS_SESSION_TOKEN';
     const ENV_TOKEN_FILE = 'AWS_WEB_IDENTITY_TOKEN_FILE';
     const ENV_SHARED_CREDENTIALS_FILE = 'AWS_SHARED_CREDENTIALS_FILE';
+    {
         return function () {
             // Use credentials from environment variables, if available
             $key = getenv(self::ENV_KEY);
             $secret = getenv(self::ENV_SECRET);
+            $accountId = getenv(self::ENV_ACCOUNT_ID) ?: null;
+            $token = getenv(self::ENV_SESSION) ?: null;
             if ($key && $secret) {
                 return Promise\Create::promiseFor(
+                    new Credentials(
+                        $key,
+                        $secret,
+                        $token,
+                        null,
+                        $accountId,
-                    new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL)
+                        CredentialSources::ENVIRONMENT
+                    )
                 );
+            }
             return self::reject('Could not find environment variable '
                 $provider = new AssumeRoleWithWebIdentityCredentialProvider([
                     'RoleArn' => $arnFromEnv,
                     'WebIdentityTokenFile' => $tokenFromEnv,
                     'SessionName' => $sessionName,
                     'client' => $stsClient,
-                    'region' => $region
+                    'region' => $region,
+                    'source' => CredentialSources::ENVIRONMENT_STS_WEB_ID_TOKEN
                 ]);
                 return $provider();
                     $provider = new AssumeRoleWithWebIdentityCredentialProvider([
                         'RoleArn' => $profile['role_arn'],
                         'WebIdentityTokenFile' => $profile['web_identity_token_file'],
                         'SessionName' => $sessionName,
                         'client' => $stsClient,
-                        'region' => $region
+                        'region' => $region,
+                        'source' => CredentialSources::PROFILE_STS_WEB_ID_TOKEN
                     ]);
                     return $provider();
+                }
             return Promise\Create::promiseFor(
                 new Credentials(
                     $data[$profile]['aws_access_key_id'],
                     $data[$profile]['aws_secret_access_key'],
+                    $data[$profile]['aws_session_token'],
+                    null,
+                    $data[$profile]['aws_account_id'] ?? null,
-                    $data[$profile]['aws_session_token']
+                    CredentialSources::PROFILE
+                )
             );
         };
             if (empty($processData['SessionToken'])) {
                 $processData['SessionToken'] = null;
+            }
+            $accountId = null;
+            if (!empty($processData['AccountId'])) {
+                $accountId = $processData['AccountId'];
+            } elseif (!empty($data[$profile]['aws_account_id'])) {
+                $accountId = $data[$profile]['aws_account_id'];
+            }
             return Promise\Create::promiseFor(
                 new Credentials(
                     $processData['AccessKeyId'],
                     $processData['SecretAccessKey'],
+                    $processData['SessionToken'],
+                    $expires,
-                    $processData['SessionToken'],
+                    $accountId,
-                    $expires
+                    CredentialSources::PROFILE_PROCESS
+                )
             );
         $result = $stsClient->assumeRole([
             'RoleArn' => $roleArn,
             'RoleSessionName' => $roleSessionName
+        ]);
+        $credentials = $stsClient->createCredentials(
+            $result,
+            CredentialSources::STS_ASSUME_ROLE
-        ]);
         );
         $credentials = $stsClient->createCredentials($result);
         return Promise\Create::promiseFor($credentials);
+    }
             $ssoProfile,
             $ssoSession['sso_region'],
             $token->getToken(),
             $config
         );
+        //Expiration value is returned in epoch milliseconds. Conversion to seconds
-        $expiration = $ssoCredentials['expiration'];
+        $expiration = intdiv($ssoCredentials['expiration'], 1000);
         return Promise\Create::promiseFor(
             new Credentials(
                 $ssoCredentials['accessKeyId'],
                 $ssoCredentials['secretAccessKey'],
                 $ssoCredentials['sessionToken'],
-                $expiration
+                $expiration,
+                $ssoProfile['sso_account_id'],
+                CredentialSources::PROFILE_SSO
+            )
         );
+    }
         return Promise\Create::promiseFor(
             new Credentials(
                 $ssoCredentials['accessKeyId'],
                 $ssoCredentials['secretAccessKey'],
                 $ssoCredentials['sessionToken'],
-                $expiration
+                $expiration,
+                $ssoProfile['sso_account_id'],
+                CredentialSources::PROFILE_SSO_LEGACY
+            )
         );
+    }
     /**
      * @param array $ssoProfile

Proyectos de Subversion Moodle

(root)/lib/aws-sdk/src/Credentials/CredentialProvider.php – Rev 1 → 1441