Skip to content

Commit

Permalink
Merge pull request #157 from brefphp/improve-aws-credentials
Browse files Browse the repository at this point in the history
Improve patching of AWS credentials
  • Loading branch information
mnapoli authored Jul 31, 2024
2 parents 95745aa + 9424ffe commit 7727eb0
Showing 1 changed file with 55 additions and 4 deletions.
59 changes: 55 additions & 4 deletions src/BrefServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,7 @@ public function register()
Config::set('view.compiled', StorageDirectories::Path . '/framework/views');
Config::set('cache.stores.file.path', StorageDirectories::Path . '/framework/cache');

Config::set('cache.stores.dynamodb.token', env('AWS_SESSION_TOKEN'));
Config::set('filesystems.disks.s3.token', env('AWS_SESSION_TOKEN'));
Config::set('queue.connections.sqs.token', env('AWS_SESSION_TOKEN'));
Config::set('services.ses.token', env('AWS_SESSION_TOKEN'));
$this->fixAwsCredentialsConfig();

$this->app->when(QueueHandler::class)
->needs('$connection')
Expand Down Expand Up @@ -149,4 +146,58 @@ protected function fixDefaultConfiguration()
Config::set('logging.default', 'stderr');
}
}

private function fixAwsCredentialsConfig(): void
{
$accessKeyId = $_SERVER['AWS_ACCESS_KEY_ID'] ?? null;
$sessionToken = $_SERVER['AWS_SESSION_TOKEN'] ?? null;
// If we are not in a Lambda environment, we don't need to do anything
if (!$accessKeyId || ! $sessionToken) {
return;
}

// Patch SQS config
foreach (Config::get('queue.connections') as $name => $connection) {
if ($connection['driver'] !== 'sqs') {
continue;
}
// If a different key is in the config than in the environment variables
if ($connection['key'] && $connection['key'] !== $accessKeyId) {
continue;
}

Config::set("queue.connections.$name.token", $sessionToken);
}

// Patch S3 config
foreach (Config::get('filesystems.disks') as $name => $disk) {
if ($disk['driver'] !== 's3') {
continue;
}
// If a different key is in the config than in the environment variables
if ($disk['key'] && $disk['key'] !== $accessKeyId) {
continue;
}

Config::set("filesystems.disks.$name.token", $sessionToken);
}

// Patch DynamoDB config
foreach (Config::get('cache.stores') as $name => $store) {
if ($store['driver'] !== 'dynamodb') {
continue;
}
// If a different key is in the config than in the environment variables
if ($store['key'] && $store['key'] !== $accessKeyId) {
continue;
}

Config::set("cache.stores.$name.token", $sessionToken);
}

// Patch SES config
if (Config::get('services.ses.key') === $accessKeyId) {
Config::set('services.ses.token', $sessionToken);
}
}
}

0 comments on commit 7727eb0

Please sign in to comment.