feat: add isEnableIMDSv2 && update IMDSv2 doc for ecs ram role

aliyun · May 24, 2024 · e345fbe · e345fbe
1 parent 22dc2e4
commit e345fbe
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 17 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -16,6 +16,7 @@ jobs:
       matrix:
         operating-system: [ubuntu-latest]
         php-versions: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4']
+      fail-fast: false
     name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
 
     steps:

diff --git a/README-zh-CN.md b/README-zh-CN.md
@@ -113,12 +113,15 @@ $ramRoleArn->getPolicy();
 
 use AlibabaCloud\Credentials\Credential;
 
-$ecsRamRole = new Credential([
-    'type'      => 'ecs_ram_role',
-    'role_name' => '<role_name>',
+$config = new Credential\Config([
+    'type'         => 'ecs_ram_role',
+    'roleName'     => '<role_name>',
+    'enableIMDSv2' => true,
 ]);
+$ecsRamRole = new Credential($config);
 $ecsRamRole->getRoleName();
-// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `roleName` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `enableIMDSv2` is optional and is recommended to be turned on. It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE
 ```
 
 #### RsaKeyPair

diff --git a/README.md b/README.md
@@ -113,12 +113,15 @@ By specifying the role name, the credential will be able to automatically reques
 
 use AlibabaCloud\Credentials\Credential;
 
-$ecsRamRole = new Credential([
-    'type'      => 'ecs_ram_role',
-    'role_name' => '<role_name>',
+$config = new Credential\Config([
+    'type'         => 'ecs_ram_role',
+    'roleName'     => '<role_name>',
+    'enableIMDSv2' => true,
 ]);
+$ecsRamRole = new Credential($config);
 $ecsRamRole->getRoleName();
-// Note: `role_name` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `roleName` is optional. It will be retrieved automatically if not set. It is highly recommended to set it up to reduce requests.
+// Note: `enableIMDSv2` is optional and is recommended to be turned on. It can be replaced by setting environment variable: ALIBABA_CLOUD_ECS_IMDSV2_ENABLE
 ```
 
 #### RsaKeyPair

diff --git a/src/EcsRamRoleCredential.php b/src/EcsRamRoleCredential.php
@@ -37,15 +37,15 @@ class EcsRamRoleCredential implements CredentialsInterface
      *
      * @param $role_name
      */
-    public function __construct($role_name = null, $enable_IMDS_v2 = false, $metadata_token_duration = 21600 )
+    public function __construct($role_name = null, $enable_imdsv2 = false, $metadata_token_duration = 21600 )
     {
         Filter::roleName($role_name);
 
         $this->roleName = $role_name;
 
-        Filter::enableIMDSv2($enable_IMDS_v2);
+        Filter::enableIMDSv2($enable_imdsv2);
 
-        $this->enableIMDSv2 = $enable_IMDS_v2;
+        $this->enableIMDSv2 = $enable_imdsv2;
 
         Filter::metadataTokenDuration($metadata_token_duration);
 
@@ -102,6 +102,16 @@ public function getRoleNameFromMeta()
         return $role_name;
     }
 
+    /**
+     * @return bool
+     * @throws GuzzleException
+     * @throws Exception
+     */
+    public function isEnableIMDSv2()
+    {
+        return $this->enableIMDSv2;
+    }
+
     /**
      * @return string
      */

diff --git a/src/Filter.php b/src/Filter.php
@@ -102,10 +102,10 @@ public static function roleName($role_name)
     /**
      * @param boolean|null $enable_IMDS_v2
      */
-    public static function enableIMDSv2($enable_IMDS_v2)
+    public static function enableIMDSv2($enable_imds_v2)
     {
-        if (!is_bool($enable_IMDS_v2)) {
-            throw new InvalidArgumentException('enable_IMDS_v2 must be a string');
+        if (!is_bool($enable_imds_v2)) {
+            throw new InvalidArgumentException('enable_imds_v2 must be a string');
         }
     }
 

diff --git a/tests/Feature/CredentialTest.php b/tests/Feature/CredentialTest.php
@@ -46,14 +46,16 @@ public function testAccessKey()
     public function testEcsRamRoleCredential()
     {
         $config     = new Credential\Config([
-            'type'     => 'ecs_ram_role',
-            'roleName' => 'foo',
+            'type'         => 'ecs_ram_role',
+            'roleName'     => 'foo',
+            'enableIMDSv2' => true,
         ]);
         $credential = new Credential($config);
 
         // Assert
         $this->assertEquals('foo', $credential->getRoleName());
         $this->assertEquals('ecs_ram_role', $credential->getType());
+        $this->assertTrue($credential->isEnableIMDSv2());
         $credential->getAccessKeySecret();
     }
 

diff --git a/tests/Unit/CredentialTest.php b/tests/Unit/CredentialTest.php
@@ -177,7 +177,7 @@ public function exceptionCases()
                     'role_name' => 'test',
                     'enableIMDSv2' => 'false',
                 ],
-                'enable_IMDS_v2 must be a string',
+                'enable_imds_v2 must be a string',
             ],
 
             [