in src/Credentials/CredentialProvider.php [577:653]
public static function process($profile = null, $filename = null)
{
$filename = self::getFileName($filename);
$profile = $profile ?: (getenv(self::ENV_PROFILE) ?: 'default');
return function () use ($profile, $filename) {
if (!@is_readable($filename)) {
return self::reject("Cannot read process credentials from $filename");
}
$data = \Aws\parse_ini_file($filename, true, INI_SCANNER_RAW);
if ($data === false) {
return self::reject("Invalid credentials file: $filename");
}
if (!isset($data[$profile])) {
return self::reject("'$profile' not found in credentials file");
}
if (!isset($data[$profile]['credential_process'])) {
return self::reject("No credential_process present in INI profile "
. "'$profile' ($filename)");
}
$credentialProcess = $data[$profile]['credential_process'];
$json = shell_exec($credentialProcess);
$processData = json_decode($json, true);
// Only support version 1
if (isset($processData['Version'])) {
if ($processData['Version'] !== 1) {
return self::reject("credential_process does not return Version == 1");
}
}
if (!isset($processData['AccessKeyId'])
|| !isset($processData['SecretAccessKey']))
{
return self::reject("credential_process does not return valid credentials");
}
if (isset($processData['Expiration'])) {
try {
$expiration = new DateTimeResult($processData['Expiration']);
} catch (\Exception $e) {
return self::reject("credential_process returned invalid expiration");
}
$now = new DateTimeResult();
if ($expiration < $now) {
return self::reject("credential_process returned expired credentials");
}
$expires = $expiration->getTimestamp();
} else {
$expires = null;
}
if (empty($processData['SessionToken'])) {
$processData['SessionToken'] = null;
}
$accountId = null;
if (!empty($processData['AccountId'])) {
$accountId = $processData['AccountId'];
} elseif (!empty($data[$profile]['aws_account_id'])) {
$accountId = $data[$profile]['aws_account_id'];
}
return Promise\Create::promiseFor(
new Credentials(
$processData['AccessKeyId'],
$processData['SecretAccessKey'],
$processData['SessionToken'],
$expires,
$accountId,
CredentialSources::PROFILE_PROCESS
)
);
};
}