feat: support inner credentials client for RAM role arn

Author: yndu13

.phpunit.result.cache

@@ -0,0 +1 @@
+{"version":1,"defects":{"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testAccessKeyIdEmpty":3,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\RamRoleArnCredentialTest::testClient":3},"times":{"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testAccessKeyIdEmpty":0.009,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testAccessKeyIdFormat":0,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testAccessKeySecretEmpty":0,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testAccessKeySecretFormat":0,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testGet":0.077,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testGetInCache":0.001,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testNoCredentials":0.002,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\Providers\\RamRoleArnProviderTest::testOk":0,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\RamRoleArnCredentialTest::testConstruct":0.004,"AlibabaCloud\\Client\\Tests\\Unit\\Credentials\\RamRoleArnCredentialTest::testClient":0.005}}

src/Clients/Client.php

@@ -32,7 +32,7 @@ class Client
     /**
      * @var CredentialsInterface|AccessKeyCredential|BearerTokenCredential|StsCredential|EcsRamRoleCredential|RamRoleArnCredential|RsaKeyPairCredential
      */
-    private $credential;
+    protected $credential;
 
     /**
      * @var SignatureInterface

src/Clients/RamRoleArnClient.php

@@ -30,4 +30,17 @@ public function __construct($accessKeyId, $accessKeySecret, $roleArn, $roleSessi
             new ShaHmac1Signature()
         );
     }
+
+    /**
+     * @param string $clientName
+     *
+     * @return $this
+     * @throws ClientException
+     */
+    public function withCredentialClient($clientName)
+    {
+        $this->credential = $this->credential->withClient($clientName);
+
+        return $this;
+    }
 }

src/Credentials/Providers/RamRoleArnProvider.php

@@ -10,6 +10,7 @@
 use AlibabaCloud\Client\Exception\ClientException;
 use AlibabaCloud\Client\Exception\ServerException;
 use AlibabaCloud\Client\Credentials\Requests\AssumeRole;
+use AlibabaCloud\Client\Filter\CredentialFilter;
 
 /**
  * Class RamRoleArnProvider
@@ -68,11 +69,15 @@ private function request($timeout, $connectTimeout)
     {
         $clientName = __CLASS__ . \uniqid('ak', true);
         $credential = $this->client->getCredential();
-
-        AlibabaCloud::accessKeyClient(
-            $credential->getAccessKeyId(),
-            $credential->getAccessKeySecret()
-        )->name($clientName);
+        if (!is_null($credential->getClient())) {
+            $clientName = $credential->getClient();
+        } else {
+            CredentialFilter::AccessKey($credential->getAccessKeyId(), $credential->getAccessKeySecret());
+            AlibabaCloud::accessKeyClient(
+                $credential->getAccessKeyId(),
+                $credential->getAccessKeySecret()
+            )->name($clientName);
+        }
 
         return (new AssumeRole($credential))
             ->client($clientName)

src/Credentials/RamRoleArnCredential.php

@@ -2,7 +2,7 @@
 
 namespace AlibabaCloud\Client\Credentials;
 
-use AlibabaCloud\Client\Filter\CredentialFilter;
+use AlibabaCloud\Client\AlibabaCloud;
 use AlibabaCloud\Client\Exception\ClientException;
 
 /**
@@ -13,6 +13,11 @@
 class RamRoleArnCredential implements CredentialsInterface
 {
 
+    /**
+     * @var string
+     */
+    private $client;
+
     /**
      * @var string
      */
@@ -51,15 +56,26 @@ class RamRoleArnCredential implements CredentialsInterface
      */
     public function __construct($accessKeyId, $accessKeySecret, $roleArn, $roleSessionName, $policy = '')
     {
-        CredentialFilter::AccessKey($accessKeyId, $accessKeySecret);
-
         $this->accessKeyId     = $accessKeyId;
         $this->accessKeySecret = $accessKeySecret;
         $this->roleArn         = $roleArn;
         $this->roleSessionName = $roleSessionName;
         $this->policy          = $policy;
     }
 
+    /**
+     * @param string $clientName
+     *
+     * @return $this
+     * @throws ClientException
+     */
+    public function withClient($clientName)
+    {
+        $this->client = $clientName;
+
+        return $this;
+    }
+
     /**
      * @return string
      */
@@ -76,6 +92,14 @@ public function getAccessKeySecret()
         return $this->accessKeySecret;
     }
 
+    /**
+     * @return string
+     */
+    public function getClient()
+    {
+        return $this->client;
+    }
+
     /**
      * @return string
      */
@@ -105,6 +129,12 @@ public function getPolicy()
      */
     public function __toString()
     {
-        return "$this->accessKeyId#$this->accessKeySecret#$this->roleArn#$this->roleSessionName";
+        $accessKeyId = $this->accessKeyId;
+        $accessKeySecret = $this->accessKeySecret;
+        if (!is_null($this->client)) {
+            $accessKeyId = AlibabaCloud::get($this->client)->getCredential()->getAccessKeyId();
+            $accessKeySecret = AlibabaCloud::get($this->client)->getCredential()->getAccessKeySecret();
+        }
+        return "$accessKeyId#$accessKeySecret#$this->client#$this->roleArn#$this->roleSessionName";
     }
 }

tests/Unit/Credentials/Providers/ProviderTest.php

@@ -78,7 +78,7 @@ public function key()
             ],
             [
                 new RamRoleArnClient('foo', 'bar', 'arn', 'name'),
-                'foo#bar#arn#name',
+                'foo#bar##arn#name',
             ],
             [
                 new RsaKeyPairClient('foo', VirtualRsaKeyPairCredential::ok()),

tests/Unit/Credentials/Providers/RamRoleArnProviderTest.php

@@ -31,6 +31,78 @@ protected function finalize()
         AlibabaCloud::cancelMock();
     }
 
+    /**
+     * @throws ClientException
+     */
+    public function testAccessKeyIdEmpty()
+    {
+        $this->expectException(ClientException::class);
+        $this->expectExceptionMessage('AccessKey ID cannot be empty');
+        // Setup
+        $client = new RamRoleArnClient(
+            '',
+            'access_key_secret',
+            'role_arn',
+            'role_session_name'
+        );
+        $provider = new RamRoleArnProvider($client);
+        $provider->get();
+    }
+
+    /**
+     * @throws ClientException
+     */
+    public function testAccessKeyIdFormat()
+    {
+        $this->expectException(ClientException::class);
+        $this->expectExceptionMessage('AccessKey ID must be a string');
+        // Setup
+        $client = new RamRoleArnClient(
+            null,
+            'access_key_secret',
+            'role_arn',
+            'role_session_name'
+        );
+        $provider = new RamRoleArnProvider($client);
+        $provider->get();
+    }
+
+    /**
+     * @throws ClientException
+     */
+    public function testAccessKeySecretEmpty()
+    {
+        $this->expectException(ClientException::class);
+        $this->expectExceptionMessage('AccessKey Secret cannot be empty');
+        // Setup
+        $client = new RamRoleArnClient(
+            'access_key_id',
+            '',
+            'role_arn',
+            'role_session_name'
+        );
+        $provider = new RamRoleArnProvider($client);
+        $provider->get();
+    }
+
+    /**
+     * @throws ClientException
+     */
+    public function testAccessKeySecretFormat()
+    {
+        $this->expectException(ClientException::class);
+        $this->expectExceptionMessage('AccessKey Secret must be a string');
+        // Setup
+        $client = new RamRoleArnClient(
+            'access_key_id',
+            null,
+            'role_arn',
+            'role_session_name'
+        );
+        $provider = new RamRoleArnProvider($client);
+        $provider->get();
+    }
+
     /**
      * @throws ClientException
      */
@@ -54,7 +126,6 @@ public function testGet()
         } catch (ServerException $e) {
             self::assertEquals('InvalidAccessKeyId.NotFound', $e->getErrorCode());
         }
-        
     }
 
     /**
@@ -91,7 +162,6 @@ public function testGetInCache()
 
         // Assert
         self::assertInstanceOf(StsCredential::class, $actual);
-        
     }
 
     /**
@@ -108,7 +178,6 @@ public function testNoCredentials()
 
         $provider = new RamRoleArnProvider($client);
         $provider->get();
-        
     }
 
     /**
@@ -140,7 +209,5 @@ public function testOk()
         $provider = new RamRoleArnProvider($client);
         $credential = $provider->get();
         self::assertInstanceOf(StsCredential::class, $credential);
-        
     }
-
 }

tests/Unit/Credentials/RamRoleArnCredentialTest.php

@@ -3,6 +3,7 @@
 namespace AlibabaCloud\Client\Tests\Unit\Credentials;
 
 use PHPUnit\Framework\TestCase;
+use AlibabaCloud\Client\AlibabaCloud;
 use AlibabaCloud\Client\Exception\ClientException;
 use AlibabaCloud\Client\Credentials\RamRoleArnCredential;
 
@@ -38,76 +39,41 @@ public function testConstruct()
         $this->assertEquals($sessionName, $credential->getRoleSessionName());
         $this->assertEquals($policy, $credential->getPolicy());
         $this->assertEquals(
-            "$accessKeyId#$accessKeySecret#$arn#$sessionName",
+            "$accessKeyId#$accessKeySecret##$arn#$sessionName",
             (string)$credential
         );
     }
 
     /**
      * @throws ClientException
      */
-    public function testAccessKeyIdEmpty()
+    public function testClient()
     {
-        $this->expectException(ClientException::class);
-        $this->expectExceptionMessage('AccessKey ID cannot be empty');
         // Setup
-        $accessKeyId     = '';
+        $accessKeyId     = 'access_key_id';
         $accessKeySecret = 'access_key_secret';
         $arn             = 'role_arn';
         $sessionName     = 'role_session_name';
+        $policy          = '';
 
-        // Test
-        new RamRoleArnCredential($accessKeyId, $accessKeySecret, $arn, $sessionName);
-    }
-
-    /**
-     * @throws ClientException
-     */
-    public function testAccessKeyIdFormat()
-    {
-        $this->expectException(ClientException::class);
-        $this->expectExceptionMessage('AccessKey ID must be a string');
-        // Setup
-        $accessKeyId     = null;
-        $accessKeySecret = 'access_key_secret';
-        $arn             = 'role_arn';
-        $sessionName     = 'role_session_name';
+        AlibabaCloud::accessKeyClient(
+            $accessKeyId,
+            $accessKeySecret
+        )->name('clientName');
 
         // Test
-        new RamRoleArnCredential($accessKeyId, $accessKeySecret, $arn, $sessionName);
-    }
-
-    /**
-     * @throws ClientException
-     */
-    public function testAccessKeySecretEmpty()
-    {
-        $this->expectException(ClientException::class);
-        $this->expectExceptionMessage('AccessKey Secret cannot be empty');
-        // Setup
-        $accessKeyId     = 'access_key_id';
-        $accessKeySecret = '';
-        $arn             = 'role_arn';
-        $sessionName     = 'role_session_name';
+        $credential = (new RamRoleArnCredential(null, null, $arn, $sessionName))->withClient('clientName');
 
-        // Test
-        new RamRoleArnCredential($accessKeyId, $accessKeySecret, $arn, $sessionName);
+        // Assert
+        $this->assertNull($credential->getAccessKeyId());
+        $this->assertNull($credential->getAccessKeySecret());
+        $this->assertEquals($arn, $credential->getRoleArn());
+        $this->assertEquals($sessionName, $credential->getRoleSessionName());
+        $this->assertEquals($policy, $credential->getPolicy());
+        $this->assertEquals(
+            "$accessKeyId#$accessKeySecret#clientName#$arn#$sessionName",
+            (string)$credential
+        );
     }
 
-    /**
-     * @throws ClientException
-     */
-    public function testAccessKeySecretFormat()
-    {
-        $this->expectException(ClientException::class);
-        $this->expectExceptionMessage('AccessKey Secret must be a string');
-        // Setup
-        $accessKeyId     = 'access_key_id';
-        $accessKeySecret = null;
-        $arn             = 'role_arn';
-        $sessionName     = 'role_session_name';
-
-        // Test
-        new RamRoleArnCredential($accessKeyId, $accessKeySecret, $arn, $sessionName);
-    }
 }