public function refreshCredentials()

in src/Providers/RamRoleArnCredentialsProvider.php [212:267]

• 48 lines of code
• 10 McCabe index (conditional complexity)

    public function refreshCredentials()
    {
        $options = Request::commonOptions();
        $options['read_timeout'] = $this->readTimeout;
        $options['connect_timeout'] = $this->connectTimeout;

        $options['query']['Action'] = 'AssumeRole';
        $options['query']['Version'] = '2015-04-01';
        $options['query']['Format'] = 'JSON';
        $options['query']['Timestamp'] = gmdate('Y-m-d\TH:i:s\Z');
        $options['query']['SignatureMethod'] = 'HMAC-SHA1';
        $options['query']['SignatureVersion'] = '1.0';
        $options['query']['SignatureNonce'] = Request::uuid(json_encode($options['query']));
        $options['query']['RoleArn'] = $this->roleArn;
        $options['query']['RoleSessionName'] = $this->roleSessionName;
        $options['query']['DurationSeconds'] = (string) $this->durationSeconds;
        if (!is_null($this->policy) && $this->policy !== '') {
            $options['query']['Policy'] = $this->policy;
        }
        if (!is_null($this->externalId) && $this->externalId !== '') {
            $options['query']['ExternalId'] = $this->externalId;
        }

        $sessionCredentials = $this->credentialsProvider->getCredentials();
        $options['query']['AccessKeyId'] = $sessionCredentials->getAccessKeyId();
        if (!is_null($sessionCredentials->getSecurityToken())) {
            $options['query']['SecurityToken'] = $sessionCredentials->getSecurityToken();
        }
        $options['query']['Signature'] = Request::shaHmac1sign(
            Request::signString('GET', $options['query']),
            $sessionCredentials->getAccessKeySecret() . '&'
        );

        $url = (new Uri())->withScheme('https')->withHost($this->stsEndpoint);

        $result = Request::createClient()->request('GET', $url, $options);

        if ($result->getStatusCode() !== 200) {
            throw new RuntimeException('Error refreshing credentials from RamRoleArn, statusCode: ' . $result->getStatusCode() . ', result: ' . (string) $result);
        }

        $json = $result->toArray();
        $credentials = $json['Credentials'];

        if (!isset($credentials['AccessKeyId']) || !isset($credentials['AccessKeySecret']) || !isset($credentials['SecurityToken'])) {
            throw new RuntimeException('Error retrieving credentials from RamRoleArn result:' . $result->toJson());
        }

        return new RefreshResult(new Credentials([
            'accessKeyId' => $credentials['AccessKeyId'],
            'accessKeySecret' => $credentials['AccessKeySecret'],
            'securityToken' => $credentials['SecurityToken'],
            'expiration' => \strtotime($credentials['Expiration']),
            'providerName' => $this->getProviderName(),
        ]), $this->getStaleTime(strtotime($credentials['Expiration'])));
    }