mirror of
https://gitee.com/hyperf/hyperf.git
synced 2024-12-03 04:08:01 +08:00
add ecs ram authorization support
This commit is contained in:
parent
397afbfa4f
commit
31e32529e0
@ -19,4 +19,5 @@ return [
|
||||
'group' => env('ALIYUN_ACM_GROUP', 'DEFAULT_GROUP'),
|
||||
'access_key' => env('ALIYUN_ACM_AK', ''),
|
||||
'secret_key' => env('ALIYUN_ACM_SK', ''),
|
||||
'ecs_ram_role' => env('ALIYUN_ACM_RAM_ROLE', ''),
|
||||
];
|
||||
|
@ -47,10 +47,12 @@ class Client implements ClientInterface
|
||||
*/
|
||||
private $servers;
|
||||
|
||||
private $cachedSecurityCredentials = [];
|
||||
|
||||
public function __construct(ContainerInterface $container)
|
||||
{
|
||||
/**
|
||||
* @var GuzzleClientFactory $clientFactory
|
||||
* @var GuzzleClientFactory
|
||||
*/
|
||||
$clientFactory = $container->get(GuzzleClientFactory::class);
|
||||
$this->client = $clientFactory->create();
|
||||
@ -72,6 +74,16 @@ class Client implements ClientInterface
|
||||
$group = $this->config->get('aliyun_acm.group', 'DEFAULT_GROUP');
|
||||
$accessKey = $this->config->get('aliyun_acm.access_key', '');
|
||||
$secretKey = $this->config->get('aliyun_acm.secret_key', '');
|
||||
$ecsRamRole = $this->config->get('aliyun_acm.ecs_ram_role', '');
|
||||
$securityToken = null;
|
||||
if (empty($accessKey) && ! empty($ecsRamRole)) {
|
||||
$securityCredentials = $this->getSecurityCredentialsWithEcsRamRole($ecsRamRole);
|
||||
if (! empty($securityCredentials)) {
|
||||
$accessKey = $securityCredentials['AccessKeyId'];
|
||||
$secretKey = $securityCredentials['AccessKeySecret'];
|
||||
$securityToken = $securityCredentials['SecurityToken'];
|
||||
}
|
||||
}
|
||||
|
||||
// Sign
|
||||
$timestamp = round(microtime(true) * 1000);
|
||||
@ -94,7 +106,8 @@ class Client implements ClientInterface
|
||||
'Spas-AccessKey' => $accessKey,
|
||||
'timeStamp' => $timestamp,
|
||||
'Spas-Signature' => $sign,
|
||||
'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8'
|
||||
'Spas-SecurityToken' => $securityToken ?? '',
|
||||
'Content-Type' => 'application/x-www-form-urlencoded; charset=utf-8',
|
||||
],
|
||||
'query' => [
|
||||
'tenant' => $namespace,
|
||||
@ -115,4 +128,27 @@ class Client implements ClientInterface
|
||||
return [];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* get ECS RAM authorization.
|
||||
* @see https://help.aliyun.com/document_detail/72013.html
|
||||
*/
|
||||
private function getSecurityCredentialsWithEcsRamRole(string $ecsRamRole): ?array
|
||||
{
|
||||
$securityCredentials = $this->cachedSecurityCredentials[$ecsRamRole] ?? null;
|
||||
if (! empty($securityCredentials) && time() > strtotime($securityCredentials['Expiration']) - 60) {
|
||||
$securityCredentials = null;
|
||||
}
|
||||
if (empty($securityCredentials)) {
|
||||
$response = $this->client->get('http://100.100.100.200/latest/meta-data/ram/security-credentials/' . $ecsRamRole);
|
||||
if ($response->getStatusCode() !== 200) {
|
||||
throw new RuntimeException('Get config failed from Aliyun ACM.');
|
||||
}
|
||||
$securityCredentials = Json::decode($response->getBody()->getContents());
|
||||
if (! empty($securityCredentials)) {
|
||||
$this->cachedSecurityCredentials[$ecsRamRole] = $securityCredentials;
|
||||
}
|
||||
}
|
||||
return $securityCredentials;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user