feat: support bearer type in credentials

aliyun · Apr 11, 2023 · 1d8383c · 1d8383c
1 parent e79d415
commit 1d8383c
Show file tree

Hide file tree

Showing 12 changed files with 124 additions and 43 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,47 @@
+name: PHP CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+defaults:
+  run:
+    shell: bash
+jobs:
+  build:
+
+    runs-on: ${{ matrix.operating-system }}
+    strategy:
+      matrix:
+        operating-system: [ubuntu-latest]
+        php-versions: ['5.6', '7.0', '7.1', '7.2', '7.3', '7.4']
+    name: PHP ${{ matrix.php-versions }} Test on ${{ matrix.operating-system }}
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Setup PHP
+      uses: shivammathur/setup-php@v2
+      with:
+        php-version: ${{ matrix.php-versions }}
+        extensions: mbstring, intl
+        ini-values: post_max_size=256M, max_execution_time=180
+        coverage: xdebug
+        tools: php-cs-fixer, phpunit
+
+    - name: Validate composer.json and composer.lock
+      run: composer validate
+
+    - name: Install dependencies
+      run: composer install --prefer-dist --no-progress --no-suggest
+
+    - name: Run test case
+      run: composer test
+      env:
+          ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
+          ACCESS_KEY_SECRET: ${{ secrets.ACCESS_KEY_SECRET }}
+          ROLE_ARN: ${{ secrets.ROLE_ARN }}
+          PUBLIC_KEY_ID: ${{ secrets.PUBLIC_KEY_ID }}
+          PRIVATE_KEY_LINE_1: ${{ secrets.PRIVATE_KEY_LINE_1 }}
diff --git a/README-zh-CN.md b/README-zh-CN.md
@@ -149,7 +149,7 @@ $rsaKeyPair->getPrivateKey();
 use AlibabaCloud\Credentials\Credential;
 
 $bearerToken = new Credential([
-    'type'         => 'bearer_token',
+    'type'         => 'bearer',
     'bearer_token' => '<bearer_token>',
 ]);
 $bearerToken->getBearerToken();

diff --git a/README.md b/README.md
@@ -150,7 +150,7 @@ If credential is required by the Cloud Call Centre (CCC), please apply for Beare
 use AlibabaCloud\Credentials\Credential;
 
 $bearerToken = new Credential([
-    'type'         => 'bearer_token',
+    'type'         => 'bearer',
     'bearer_token' => '<bearer_token>',
 ]);
 $bearerToken->getBearerToken();

diff --git a/composer.json b/composer.json
@@ -47,7 +47,7 @@
         "ext-sockets": "*",
         "drupal/coder": "^8.3",
         "symfony/dotenv": "^3.4",
-        "phpunit/phpunit": "^4.8.35|^5.4.3",
+        "phpunit/phpunit": "^5.7|^6.6|^7.5",
         "monolog/monolog": "^1.24",
         "composer/composer": "^1.8",
         "mikey179/vfsstream": "^1.6",
@@ -68,7 +68,10 @@
     },
     "config": {
         "preferred-install": "dist",
-        "optimize-autoloader": true
+        "optimize-autoloader": true,
+        "allow-plugins": {
+            "dealerdirect/phpcodesniffer-composer-installer": true
+        }
     },
     "minimum-stability": "dev",
     "prefer-stable": true,

diff --git a/src/BearerTokenCredential.php b/src/BearerTokenCredential.php
@@ -18,13 +18,13 @@ class BearerTokenCredential implements CredentialsInterface
     /**
      * BearerTokenCredential constructor.
      *
-     * @param $bearerToken
+     * @param $bearer_token
      */
-    public function __construct($bearerToken)
+    public function __construct($bearer_token)
     {
-        Filter::bearerToken($bearerToken);
+        Filter::bearerToken($bearer_token);
 
-        $this->bearerToken = $bearerToken;
+        $this->bearerToken = $bearer_token;
     }
 
     /**

diff --git a/src/Credential.php b/src/Credential.php
@@ -35,6 +35,7 @@ class Credential
         'ecs_ram_role' => EcsRamRoleCredential::class,
         'ram_role_arn' => RamRoleArnCredential::class,
         'rsa_key_pair' => RsaKeyPairCredential::class,
+        'bearer' => BearerTokenCredential::class,
     ];
 
     /**

diff --git a/src/Filter.php b/src/Filter.php
@@ -35,11 +35,11 @@ public static function credentialName($name)
     public static function bearerToken($bearerToken)
     {
         if (!is_string($bearerToken)) {
-            throw new InvalidArgumentException('Bearer Token must be a string');
+            throw new InvalidArgumentException('bearer_token must be a string');
         }
 
         if ($bearerToken === '') {
-            throw new InvalidArgumentException('Bearer Token cannot be empty');
+            throw new InvalidArgumentException('bearer_token cannot be empty');
         }
 
         return $bearerToken;

diff --git a/tests/Feature/CredentialTest.php b/tests/Feature/CredentialTest.php
@@ -4,7 +4,7 @@
 
 use AlibabaCloud\Credentials\Credential;
 use AlibabaCloud\Credentials\Credentials;
-use AlibabaCloud\Credentials\Tests\Helper;
+use AlibabaCloud\Credentials\Helper;
 use AlibabaCloud\Credentials\Tests\Unit\Ini\VirtualRsaKeyPairCredential;
 use GuzzleHttp\Exception\GuzzleException;
 use PHPUnit\Framework\TestCase;
@@ -60,39 +60,37 @@ public function testEcsRamRoleCredential()
     /**
      * @throws GuzzleException
      * @throws ReflectionException
-     * @expectedException \RuntimeException
-     * @expectedExceptionMessage You are not authorized to do this action. You should be authorized by RAM.
      */
     public function testRamRoleArnCredential()
     {
         Credentials::cancelMock();
         $config = new Credential\Config([
             'type'            => 'ram_role_arn',
-            'accessKeyId'     => Helper::getEnvironment('ACCESS_KEY_ID'),
-            'accessKeySecret' => Helper::getEnvironment('ACCESS_KEY_SECRET'),
-            'roleArn'         => Helper::getEnvironment('ROLE_ARN'),
+            'accessKeyId'     => Helper::envNotEmpty('ACCESS_KEY_ID'),
+            'accessKeySecret' => Helper::envNotEmpty('ACCESS_KEY_SECRET'),
+            'roleArn'         => Helper::envNotEmpty('ROLE_ARN'),
             'roleSessionName' => 'role_session_name',
             'policy'          => '',
         ]);
 
         $credential = new Credential($config);
 
         // Assert
-        $this->assertEquals('access_key_id2', $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeySecret());
         $this->assertEquals('ram_role_arn', $credential->getType());
-        $credential->getAccessKeySecret();
     }
 
     /**
      * @throws GuzzleException
      * @throws ReflectionException
      * @expectedException \RuntimeException
-     * @expectedExceptionMessage Specified access key is not found.
+     * @expectedExceptionMessage Specified access key type is not match with signature type.
      */
     public function testRsaKeyPairCredential()
     {
         Credentials::cancelMock();
-        $publicKeyId    = Helper::getEnvironment('PUBLIC_KEY_ID');
+        $publicKeyId    = Helper::envNotEmpty('PUBLIC_KEY_ID');
         $privateKeyFile = VirtualRsaKeyPairCredential::privateKeyFileUrl();
         $config         = new Credential\Config([
             'type'           => 'rsa_key_pair',
@@ -102,8 +100,47 @@ public function testRsaKeyPairCredential()
         $credential     = new Credential($config);
 
         // Assert
-        $this->assertEquals('access_key_id2', $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeyId());
+        $this->assertTrue(null !== $credential->getAccessKeySecret());
         $this->assertEquals('rsa_key_pair', $credential->getType());
         $credential->getAccessKeySecret();
     }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testSTS()
+    {
+        $config     = new Credential\Config([
+            'type'            => 'sts',
+            'accessKeyId'     => 'foo',
+            'accessKeySecret' => 'bar',
+            'securityToken'   => 'token',
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('foo', $credential->getAccessKeyId());
+        $this->assertEquals('bar', $credential->getAccessKeySecret());
+        $this->assertEquals('token', $credential->getSecurityToken());
+        $this->assertEquals('sts', $credential->getType());
+    }
+
+    /**
+     * @throws GuzzleException
+     * @throws ReflectionException
+     */
+    public function testBearerToken()
+    {
+        $config     = new Credential\Config([
+            'type'            => 'bearer',
+            'bearerToken'     => 'token',
+        ]);
+        $credential = new Credential($config);
+
+        // Assert
+        $this->assertEquals('token', $credential->getBearerToken());
+        $this->assertEquals('bearer', $credential->getType());
+    }
 }
diff --git a/tests/Unit/BearerTokenCredentialTest.php b/tests/Unit/BearerTokenCredentialTest.php
@@ -17,7 +17,7 @@ class BearerTokenCredentialTest extends TestCase
 
     /**
      * @expectedException \InvalidArgumentException
-     * @expectedExceptionMessage Bearer Token cannot be empty
+     * @expectedExceptionMessage bearer_token cannot be empty
      */
     public static function testBearerTokenEmpty()
     {
@@ -30,7 +30,7 @@ public static function testBearerTokenEmpty()
 
     /**
      * @expectedException \InvalidArgumentException
-     * @expectedExceptionMessage Bearer Token must be a string
+     * @expectedExceptionMessage bearer_token must be a string
      */
     public static function testBearerTokenFormat()
     {

diff --git a/tests/Unit/CredentialTest.php b/tests/Unit/CredentialTest.php
@@ -58,7 +58,7 @@ public function exceptionCases()
                 [
                     'type' => 'none',
                 ],
-                'Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair',
+                'Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair, bearer',
             ],
 
             [

diff --git a/tests/Unit/RsaKeyPairCredentialTest.php b/tests/Unit/RsaKeyPairCredentialTest.php
@@ -91,6 +91,8 @@ public function testConstruct()
      */
     public function testSts()
     {
+        $publicKeyId    = 'public_key_id';
+        $privateKeyFile = VirtualRsaKeyPairCredential::privateKeyFileUrl();
         $result = '{
     "RequestId": "F702286E-F231-4F40-BB86-XXXXXX",
     "SessionAccessKey": {
@@ -100,11 +102,17 @@ public function testSts()
     }
 }';
         Credentials::mockResponse(200, [], $result);
+        Credentials::mockResponse(200, [], $result);
+        Credentials::mockResponse(200, [], $result);
+        Credentials::mockResponse(200, [], $result);
 
-        self::assertEquals('TMPSK.**************', $this->credential->getAccessKeyId());
-        self::assertEquals('**************', $this->credential->getAccessKeySecret());
-        self::assertEquals('', $this->credential->getSecurityToken());
-        self::assertEquals(strtotime('2023-02-19T07:02:36.225Z'), $this->credential->getExpiration());
+        // Test
+        $credential = new RsaKeyPairCredential($publicKeyId, $privateKeyFile);
+
+        self::assertEquals('TMPSK.**************', $credential->getAccessKeyId());
+        self::assertEquals('**************', $credential->getAccessKeySecret());
+        self::assertEquals('', $credential->getSecurityToken());
+        self::assertEquals(strtotime('2023-02-19T07:02:36.225Z'), $credential->getExpiration());
     }
 
     /**

diff --git a/tests/helper.php b/tests/helper.php
-Original file line number
+Diff line change
@@ Expand Up / @@ -58,7 +58,7 @@ public function exceptionCases() @@
                     [
                         'type' => 'none',
                     ],
-                    'Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair',
+                    'Invalid type option, support: access_key, sts, ecs_ram_role, ram_role_arn, rsa_key_pair, bearer',
                 ],
                 [
@@ Expand Down @@