From 64fc419a92e4ca43dd29d187694114d53b4ddc3d Mon Sep 17 00:00:00 2001 From: paullallier <42591123+paullallier@users.noreply.github.com> Date: Tue, 4 Jul 2023 11:24:07 +0100 Subject: [PATCH 1/7] Fallback to $_SERVER as source for credentials --- src/Credentials/CredentialProvider.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Credentials/CredentialProvider.php b/src/Credentials/CredentialProvider.php index 1647fe0da9..bb6f925650 100644 --- a/src/Credentials/CredentialProvider.php +++ b/src/Credentials/CredentialProvider.php @@ -289,11 +289,11 @@ public static function env() { return function () { // Use credentials from environment variables, if available - $key = getenv(self::ENV_KEY); - $secret = getenv(self::ENV_SECRET); + $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY]; + $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET]; if ($key && $secret) { return Promise\Create::promiseFor( - new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL) + new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?: NULL) ); } From c0edd18a0f8502d4869b667d7762b0d0a50d5ddb Mon Sep 17 00:00:00 2001 From: paullallier <42591123+paullallier@users.noreply.github.com> Date: Tue, 4 Jul 2023 11:24:07 +0100 Subject: [PATCH 2/7] Fallback to $_SERVER as source for credentials --- src/Credentials/CredentialProvider.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Credentials/CredentialProvider.php b/src/Credentials/CredentialProvider.php index 1647fe0da9..bb6f925650 100644 --- a/src/Credentials/CredentialProvider.php +++ b/src/Credentials/CredentialProvider.php @@ -289,11 +289,11 @@ public static function env() { return function () { // Use credentials from environment variables, if available - $key = getenv(self::ENV_KEY); - $secret = getenv(self::ENV_SECRET); + $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY]; + $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET]; if ($key && $secret) { return Promise\Create::promiseFor( - new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL) + new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?: NULL) ); } From 5c2fc0b5dd3dc08df0124f574e040f3b3eb33774 Mon Sep 17 00:00:00 2001 From: Paul L'Allier Date: Tue, 4 Jul 2023 11:53:29 +0100 Subject: [PATCH 3/7] Fallback to $_SERVER as source for credentials --- ...-empty-getenv-in-credentials-provider.json | 7 +++ tests/Credentials/CredentialProviderTest.php | 46 +++++++++++++++++++ 2 files changed, 53 insertions(+) create mode 100644 .changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json diff --git a/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json b/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json new file mode 100644 index 0000000000..5b567c0162 --- /dev/null +++ b/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json @@ -0,0 +1,7 @@ +[ + { + "type": "bugfix", + "category": "", + "description": "Fix using credentials provider on multi-threaded servers" + } +] \ No newline at end of file diff --git a/tests/Credentials/CredentialProviderTest.php b/tests/Credentials/CredentialProviderTest.php index 3cfeb8f716..b1ba8754f7 100644 --- a/tests/Credentials/CredentialProviderTest.php +++ b/tests/Credentials/CredentialProviderTest.php @@ -66,6 +66,38 @@ private function clearEnv() return $dir; } + private function clearEnvExceptServer() + { + putenv(CredentialProvider::ENV_KEY . '='); + putenv(CredentialProvider::ENV_SECRET . '='); + putenv(CredentialProvider::ENV_PROFILE . '='); + putenv('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI'); + putenv('AWS_CONTAINER_CREDENTIALS_FULL_URI'); + putenv('AWS_CONTAINER_AUTHORIZATION_TOKEN'); + putenv('AWS_SDK_LOAD_NONDEFAULT_CONFIG'); + putenv('AWS_WEB_IDENTITY_TOKEN_FILE'); + putenv('AWS_ROLE_ARN'); + putenv('AWS_ROLE_SESSION_NAME'); + putenv('AWS_SHARED_CREDENTIALS_FILE'); + + unset($_SERVER['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']); + unset($_SERVER['AWS_CONTAINER_CREDENTIALS_FULL_URI']); + unset($_SERVER['AWS_CONTAINER_AUTHORIZATION_TOKEN']); + unset($_SERVER['AWS_SDK_LOAD_NONDEFAULT_CONFIG']); + unset($_SERVER['AWS_WEB_IDENTITY_TOKEN_FILE']); + unset($_SERVER['AWS_ROLE_ARN']); + unset($_SERVER['AWS_ROLE_SESSION_NAME']); + unset($_SERVER['AWS_SHARED_CREDENTIALS_FILE']); + + $dir = sys_get_temp_dir() . '/.aws'; + + if (!is_dir($dir)) { + mkdir($dir, 0777, true); + } + + return $dir; + } + public function set_up() { $this->home = getenv('HOME'); @@ -173,6 +205,20 @@ public function testCreatesFromEnvironmentVariables() $this->assertSame('456', $creds->getSecurityToken()); } + /** + * @server ENV_KEY=abc + * @server ENV_SECRET=123 + * @server ENV_SESSION=456 + */ + public function testCreatesFromServerVariables() + { + $this->clearEnvExceptServer(); + $creds = call_user_func(CredentialProvider::env())->wait(); + $this->assertSame('abc', $creds->getAccessKeyId()); + $this->assertSame('123', $creds->getSecretKey()); + $this->assertSame('456', $creds->getSecurityToken()); + } + public function testCreatesFromEnvironmentVariablesNullToken() { $this->clearEnv(); From ecfa9d0997f8f012905ed48a794518b345f61cb3 Mon Sep 17 00:00:00 2001 From: paullallier <42591123+paullallier@users.noreply.github.com> Date: Fri, 25 Aug 2023 12:20:43 +0100 Subject: [PATCH 4/7] Revert change to ENV_SESSION since it's not working --- src/Credentials/CredentialProvider.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Credentials/CredentialProvider.php b/src/Credentials/CredentialProvider.php index bb6f925650..8edfdb57c3 100644 --- a/src/Credentials/CredentialProvider.php +++ b/src/Credentials/CredentialProvider.php @@ -293,7 +293,7 @@ public static function env() $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET]; if ($key && $secret) { return Promise\Create::promiseFor( - new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?: NULL) + new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL) ); } From 6ac8156b8f618a19a19675fbbbf7ba1160f1f4e1 Mon Sep 17 00:00:00 2001 From: paullallier <42591123+paullallier@users.noreply.github.com> Date: Mon, 1 Jul 2024 21:19:05 +0100 Subject: [PATCH 5/7] Update CredentialProvider.php Add a fall-through in case the $_SERVER variable isn't set (and re-introduce the equivalent change for ENV_SESSION) --- src/Credentials/CredentialProvider.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Credentials/CredentialProvider.php b/src/Credentials/CredentialProvider.php index 8edfdb57c3..f6c22f06f0 100644 --- a/src/Credentials/CredentialProvider.php +++ b/src/Credentials/CredentialProvider.php @@ -289,11 +289,11 @@ public static function env() { return function () { // Use credentials from environment variables, if available - $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY]; - $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET]; + $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY] ?? false; + $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET] ?? false; if ($key && $secret) { return Promise\Create::promiseFor( - new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL) + new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?? NULL) ); } From 6523dae81b19c2594304a5e4b4bde22dc73c8603 Mon Sep 17 00:00:00 2001 From: paullallier <42591123+paullallier@users.noreply.github.com> Date: Mon, 1 Jul 2024 22:04:39 +0100 Subject: [PATCH 6/7] Add missing LF --- .../bugfix-fix-empty-getenv-in-credentials-provider.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json b/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json index 5b567c0162..4714ff1cd6 100644 --- a/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json +++ b/.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json @@ -4,4 +4,4 @@ "category": "", "description": "Fix using credentials provider on multi-threaded servers" } -] \ No newline at end of file +] From 4356661cd8711822dfd52f305c73526098786e2c Mon Sep 17 00:00:00 2001 From: paullallier Date: Sat, 13 Jul 2024 00:32:01 +0100 Subject: [PATCH 7/7] Set the $_SERVER variables a different way --- tests/Credentials/CredentialProviderTest.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/Credentials/CredentialProviderTest.php b/tests/Credentials/CredentialProviderTest.php index efb28517d7..c91c006778 100644 --- a/tests/Credentials/CredentialProviderTest.php +++ b/tests/Credentials/CredentialProviderTest.php @@ -205,18 +205,19 @@ public function testCreatesFromEnvironmentVariables() $this->assertSame('456', $creds->getSecurityToken()); } - /** - * @server ENV_KEY=abc - * @server ENV_SECRET=123 - * @server ENV_SESSION=456 - */ - public function testCreatesFromServerVariables() + public function testCreatesFromServerVariables() { $this->clearEnvExceptServer(); + $_SERVER[CredentialProvider::ENV_KEY] = 'abc'; + $_SERVER[CredentialProvider::ENV_SECRET] = '123'; + $_SERVER[CredentialProvider::ENV_SESSION] = '456'; $creds = call_user_func(CredentialProvider::env())->wait(); $this->assertSame('abc', $creds->getAccessKeyId()); $this->assertSame('123', $creds->getSecretKey()); $this->assertSame('456', $creds->getSecurityToken()); + unset($_SERVER[CredentialProvider::ENV_KEY]); + unset($_SERVER[CredentialProvider::ENV_SECRET]); + unset($_SERVER[CredentialProvider::ENV_SESSION]); } public function testCreatesFromEnvironmentVariablesNullToken()