| 1 | <?php
|
|---|
| 2 | /*
|
|---|
| 3 | * Copyright 2015 Google Inc.
|
|---|
| 4 | *
|
|---|
| 5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
|---|
| 6 | * you may not use this file except in compliance with the License.
|
|---|
| 7 | * You may obtain a copy of the License at
|
|---|
| 8 | *
|
|---|
| 9 | * http://www.apache.org/licenses/LICENSE-2.0
|
|---|
| 10 | *
|
|---|
| 11 | * Unless required by applicable law or agreed to in writing, software
|
|---|
| 12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
|---|
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|---|
| 14 | * See the License for the specific language governing permissions and
|
|---|
| 15 | * limitations under the License.
|
|---|
| 16 | */
|
|---|
| 17 |
|
|---|
| 18 | namespace Google\Auth\Credentials;
|
|---|
| 19 |
|
|---|
| 20 | /**
|
|---|
| 21 | * Authenticates requests using IAM credentials.
|
|---|
| 22 | */
|
|---|
| 23 | class IAMCredentials
|
|---|
| 24 | {
|
|---|
| 25 | const SELECTOR_KEY = 'x-goog-iam-authority-selector';
|
|---|
| 26 | const TOKEN_KEY = 'x-goog-iam-authorization-token';
|
|---|
| 27 |
|
|---|
| 28 | /**
|
|---|
| 29 | * @var string
|
|---|
| 30 | */
|
|---|
| 31 | private $selector;
|
|---|
| 32 |
|
|---|
| 33 | /**
|
|---|
| 34 | * @var string
|
|---|
| 35 | */
|
|---|
| 36 | private $token;
|
|---|
| 37 |
|
|---|
| 38 | /**
|
|---|
| 39 | * @param string $selector the IAM selector
|
|---|
| 40 | * @param string $token the IAM token
|
|---|
| 41 | */
|
|---|
| 42 | public function __construct($selector, $token)
|
|---|
| 43 | {
|
|---|
| 44 | if (!is_string($selector)) {
|
|---|
| 45 | throw new \InvalidArgumentException(
|
|---|
| 46 | 'selector must be a string'
|
|---|
| 47 | );
|
|---|
| 48 | }
|
|---|
| 49 | if (!is_string($token)) {
|
|---|
| 50 | throw new \InvalidArgumentException(
|
|---|
| 51 | 'token must be a string'
|
|---|
| 52 | );
|
|---|
| 53 | }
|
|---|
| 54 |
|
|---|
| 55 | $this->selector = $selector;
|
|---|
| 56 | $this->token = $token;
|
|---|
| 57 | }
|
|---|
| 58 |
|
|---|
| 59 | /**
|
|---|
| 60 | * export a callback function which updates runtime metadata.
|
|---|
| 61 | *
|
|---|
| 62 | * @return callable updateMetadata function
|
|---|
| 63 | */
|
|---|
| 64 | public function getUpdateMetadataFunc()
|
|---|
| 65 | {
|
|---|
| 66 | return [$this, 'updateMetadata'];
|
|---|
| 67 | }
|
|---|
| 68 |
|
|---|
| 69 | /**
|
|---|
| 70 | * Updates metadata with the appropriate header metadata.
|
|---|
| 71 | *
|
|---|
| 72 | * @param array<mixed> $metadata metadata hashmap
|
|---|
| 73 | * @param string $unusedAuthUri optional auth uri
|
|---|
| 74 | * @param callable|null $httpHandler callback which delivers psr7 request
|
|---|
| 75 | * Note: this param is unused here, only included here for
|
|---|
| 76 | * consistency with other credentials class
|
|---|
| 77 | *
|
|---|
| 78 | * @return array<mixed> updated metadata hashmap
|
|---|
| 79 | */
|
|---|
| 80 | public function updateMetadata(
|
|---|
| 81 | $metadata,
|
|---|
| 82 | $unusedAuthUri = null,
|
|---|
| 83 | ?callable $httpHandler = null
|
|---|
| 84 | ) {
|
|---|
| 85 | $metadata_copy = $metadata;
|
|---|
| 86 | $metadata_copy[self::SELECTOR_KEY] = $this->selector;
|
|---|
| 87 | $metadata_copy[self::TOKEN_KEY] = $this->token;
|
|---|
| 88 |
|
|---|
| 89 | return $metadata_copy;
|
|---|
| 90 | }
|
|---|
| 91 | }
|
|---|
