feat: add isEnableIMDSv2 && update IMDSv2 doc for ecs ram role

aliyun · May 24, 2024 · 2415c81 · 2415c81
1 parent 22dc2e4
commit 2415c81
Show file tree

Hide file tree

Showing 54 changed files with 2,801 additions and 80 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -15,7 +15,8 @@ jobs:
     strategy:
       matrix:
         operating-system: [ubuntu-latest]
-        php-versions: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4']
+        php-versions: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
+      fail-fast: false
     name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
 
     steps:
@@ -38,7 +39,18 @@ jobs:
       run: composer install --prefer-dist --no-progress --no-suggest
 
     - name: Run test case
-      run: composer test
+      run: composer test4LowVersion
+      if: ${{ matrix.php-versions }} < '7.2'
+      env:
+          ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
+          ACCESS_KEY_SECRET: ${{ secrets.ACCESS_KEY_SECRET }}
+          ROLE_ARN: ${{ secrets.ROLE_ARN }}
+          PUBLIC_KEY_ID: ${{ secrets.PUBLIC_KEY_ID }}
+          PRIVATE_KEY_LINE_1: ${{ secrets.PRIVATE_KEY_LINE_1 }}
+
+    - name: Run test case
+      run: composer test4HighVersion
+      if: ${{ matrix.php-versions }} >= '7.2'
       env:
           ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
           ACCESS_KEY_SECRET: ${{ secrets.ACCESS_KEY_SECRET }}

diff --git a/README-zh-CN.md b/README-zh-CN.md
@@ -113,12 +113,15 @@ $ramRoleArn->getPolicy();
 
 use AlibabaCloud\Credentials\Credential;
 
-$ecsRamRole = new Credential([
-    'type'      => 'ecs_ram_role',
-    'role_name' => '<role_name>',
+$config = new Credential\Config([
+    'type'         => 'ecs_ram_role',
+    'roleName'     => '<role_name>',
+    'enableIMDSv2' => true,
 ]);
+$ecsRamRole = new Credential($config);
 $ecsRamRole->getRoleName();
-// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `roleName` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `enableIMDSv2` is optional and is recommended to be turned on. It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE
 ```
 
 #### RsaKeyPair

diff --git a/README.md b/README.md
@@ -113,12 +113,15 @@ By specifying the role name, the credential will be able to automatically reques
 
 use AlibabaCloud\Credentials\Credential;
 
-$ecsRamRole = new Credential([
-    'type'      => 'ecs_ram_role',
-    'role_name' => '<role_name>',
+$config = new Credential\Config([
+    'type'         => 'ecs_ram_role',
+    'roleName'     => '<role_name>',
+    'enableIMDSv2' => true,
 ]);
+$ecsRamRole = new Credential($config);
 $ecsRamRole->getRoleName();
-// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `roleName` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `enableIMDSv2` is optional and is recommended to be turned on. It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE
 ```
 
 #### RsaKeyPair

diff --git a/composer.json b/composer.json
@@ -47,7 +47,7 @@
         "ext-sockets": "*",
         "drupal/coder": "^8.3",
         "symfony/dotenv": "^3.4",
-        "phpunit/phpunit": "^5.7|^6.6|^7.5",
+        "phpunit/phpunit": "^5.7|^6.6|^7.5|^9.5",
         "monolog/monolog": "^1.24",
         "composer/composer": "^1.8",
         "mikey179/vfsstream": "^1.6",
@@ -93,6 +93,12 @@
         "test": [
             "phpunit --colors=always"
         ],
+        "test4HighVersion": [
+            "phpunit -c phpunit.xml.72 --colors=always"
+        ],
+        "test4LowVersion": [
+            "phpunit -c phpunit.xml.56 --colors=always"
+        ],
         "unit": [
             "@clearCache",
             "phpunit --testsuite=Unit --colors=always"

diff --git a/phpunit.xml → phpunit.xml.56 b/phpunit.xml → phpunit.xml.56
@@ -13,14 +13,14 @@
 
     <testsuites>
         <testsuite name="All">
-            <directory>tests</directory>
+            <directory>tests/LowerthanVersion7_2</directory>
         </testsuite>
         <testsuite name="Unit">
-            <directory suffix="Test.php">./tests/Unit</directory>
+            <directory suffix="Test.php">./tests/LowerthanVersion7_2/Unit</directory>
         </testsuite>
 
         <testsuite name="Feature">
-            <directory suffix="Test.php">./tests/Feature</directory>
+            <directory suffix="Test.php">./tests/LowerthanVersion7_2/Feature</directory>
         </testsuite>
     </testsuites>
 
@@ -34,21 +34,4 @@
         <log type="coverage-html" target="cache/coverage" lowUpperBound="35" highLowerBound="70"/>
         <log type="coverage-clover" target="cache/coverage.clover"/>
     </logging>
-
-    <filter>
-        <whitelist processUncoveredFilesFromWhitelist="true">
-            <directory suffix=".php">./src</directory>
-            <exclude>
-                <file>./src/Profile/DefaultProfile.php</file>
-                <file>./src/DefaultAcsClient.php</file>
-                <file>./src/Release.php</file>
-                <file>./src/SDK.php</file>
-                <file>./src/Functions.php</file>
-                <file>./src/Constants/Business.php</file>
-                <file>./src/Constants/ErrorCode.php</file>
-                <file>./src/Signature/Signature.php</file>
-                <file>./src/Credentials/CredentialsInterface.php</file>
-            </exclude>
-        </whitelist>
-    </filter>
 </phpunit>
diff --git a/phpunit.xml.72 b/phpunit.xml.72
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit backupGlobals="false"
+         backupStaticAttributes="false"
+         bootstrap="tests/bootstrap.php"
+         colors="true"
+         convertErrorsToExceptions="true"
+         convertNoticesToExceptions="true"
+         convertWarningsToExceptions="true"
+         processIsolation="false"
+         stopOnFailure="false"
+         logIncompleteSkipped="true"
+         testSuiteLoaderFile="phpunit/src/Runner/StandardTestSuiteLoader.php">
+
+    <testsuites>
+        <testsuite name="All">
+            <directory>tests/HigherthanorEqualtoVersion7_2</directory>
+        </testsuite>
+        <testsuite name="Unit">
+            <directory suffix="Test.php">./tests/HigherthanorEqualtoVersion7_2/Unit</directory>
+        </testsuite>
+
+        <testsuite name="Feature">
+            <directory suffix="Test.php">./tests/HigherthanorEqualtoVersion7_2/Feature</directory>
+        </testsuite>
+    </testsuites>
+
+    <groups>
+        <exclude>
+            <group>integration</group>
+        </exclude>
+    </groups>
+
+    <logging>
+        <log type="coverage-html" target="cache/coverage" lowUpperBound="35" highLowerBound="70"/>
+        <log type="coverage-clover" target="cache/coverage.clover"/>
+    </logging>
+</phpunit>
diff --git a/src/EcsRamRoleCredential.php b/src/EcsRamRoleCredential.php
@@ -37,15 +37,15 @@ class EcsRamRoleCredential implements CredentialsInterface
      *
      * @param $role_name
      */
-    public function __construct($role_name = null, $enable_IMDS_v2 = false, $metadata_token_duration = 21600 )
+    public function __construct($role_name = null, $enable_imdsv2 = false, $metadata_token_duration = 21600 )
     {
         Filter::roleName($role_name);
 
         $this->roleName = $role_name;
 
-        Filter::enableIMDSv2($enable_IMDS_v2);
+        Filter::enableIMDSv2($enable_imdsv2);
 
-        $this->enableIMDSv2 = $enable_IMDS_v2;
+        $this->enableIMDSv2 = $enable_imdsv2;
 
         Filter::metadataTokenDuration($metadata_token_duration);
 
@@ -102,6 +102,16 @@ public function getRoleNameFromMeta()
         return $role_name;
     }
 
+    /**
+     * @return bool
+     * @throws GuzzleException
+     * @throws Exception
+     */
+    public function isEnableIMDSv2()
+    {
+        return $this->enableIMDSv2;
+    }
+
     /**
      * @return string
      */

diff --git a/src/Filter.php b/src/Filter.php
@@ -102,10 +102,10 @@ public static function roleName($role_name)
     /**
      * @param boolean|null $enable_IMDS_v2
      */
-    public static function enableIMDSv2($enable_IMDS_v2)
+    public static function enableIMDSv2($enable_imds_v2)
     {
-        if (!is_bool($enable_IMDS_v2)) {
-            throw new InvalidArgumentException('enable_IMDS_v2 must be a string');
+        if (!is_bool($enable_imds_v2)) {
+            throw new InvalidArgumentException('enable_imds_v2 must be a string');
         }
     }
 

diff --git a/tests/HigherthanorEqualtoVersion7_2/Feature/CredentialTest.php b/tests/HigherthanorEqualtoVersion7_2/Feature/CredentialTest.php
@@ -0,0 +1,148 @@
+<?php
+
+namespace AlibabaCloud\Credentials\Tests\HigherthanorEqualtoVersion7_2\Feature;
+
+use AlibabaCloud\Credentials\Credential;
+use AlibabaCloud\Credentials\Credentials;
+use AlibabaCloud\Credentials\Helper;
+use AlibabaCloud\Credentials\Tests\HigherthanorEqualtoVersion7_2\Unit\Ini\VirtualRsaKeyPairCredential;
+use GuzzleHttp\Exception\GuzzleException;
+use PHPUnit\Framework\TestCase;
+use ReflectionException;
+
+/**
+ * Class CredentialTest
+ *
+ * @package AlibabaCloud\Credentials\Tests\HigherthanorEqualtoVersion7_2\Feature
+ */
+class CredentialTest extends TestCase
+{
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testAccessKey()
+    {
+        $config     = new Credential\Config([
+            'type'            => 'access_key',
+            'accessKeyId'     => 'foo',
+            'accessKeySecret' => 'bar',
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('foo', $credential->getAccessKeyId());
+        $this->assertEquals('bar', $credential->getAccessKeySecret());
+        $this->assertEquals('access_key', $credential->getType());
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     * @expectedException \GuzzleHttp\Exception\ConnectException
+     * @expectedExceptionMessageRegExp /timed/
+     */
+    public function testEcsRamRoleCredential()
+    {
+        $config     = new Credential\Config([
+            'type'         => 'ecs_ram_role',
+            'roleName'     => 'foo',
+            'enableIMDSv2' => true,
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('foo', $credential->getRoleName());
+        $this->assertEquals('ecs_ram_role', $credential->getType());
+        $this->assertTrue($credential->isEnableIMDSv2());
+        $credential->getAccessKeySecret();
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testRamRoleArnCredential()
+    {
+        Credentials::cancelMock();
+        $config = new Credential\Config([
+            'type'            => 'ram_role_arn',
+            'accessKeyId'     => Helper::envNotEmpty('ACCESS_KEY_ID'),
+            'accessKeySecret' => Helper::envNotEmpty('ACCESS_KEY_SECRET'),
+            'roleArn'         => Helper::envNotEmpty('ROLE_ARN'),
+            'roleSessionName' => 'role_session_name',
+            'policy'          => '',
+        ]);
+
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertTrue(null !== $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeySecret());
+        $this->assertEquals('ram_role_arn', $credential->getType());
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     * @expectedException \RuntimeException
+     * @expectedExceptionMessage Specified access key type is not match with signature type.
+     */
+    public function testRsaKeyPairCredential()
+    {
+        Credentials::cancelMock();
+        $publicKeyId    = Helper::envNotEmpty('PUBLIC_KEY_ID');
+        $privateKeyFile = VirtualRsaKeyPairCredential::privateKeyFileUrl();
+        $config         = new Credential\Config([
+            'type'           => 'rsa_key_pair',
+            'publicKeyId'    => $publicKeyId,
+            'privateKeyFile' => $privateKeyFile,
+        ]);
+        $credential     = new Credential($config);
+
+        // Assert
+        $this->assertTrue(null !== $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeySecret());
+        $this->assertEquals('rsa_key_pair', $credential->getType());
+        $credential->getAccessKeySecret();
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testSTS()
+    {
+        $config     = new Credential\Config([
+            'type'            => 'sts',
+            'accessKeyId'     => 'foo',
+            'accessKeySecret' => 'bar',
+            'securityToken'   => 'token',
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('foo', $credential->getAccessKeyId());
+        $this->assertEquals('bar', $credential->getAccessKeySecret());
+        $this->assertEquals('token', $credential->getSecurityToken());
+        $this->assertEquals('sts', $credential->getType());
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testBearerToken()
+    {
+        $config     = new Credential\Config([
+            'type'            => 'bearer',
+            'bearerToken'     => 'token',
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('token', $credential->getBearerToken());
+        $this->assertEquals('bearer', $credential->getType());
+    }
+}