Refactored AmazonQuicksightToAwsQuicksightClientAdapter

src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightConfig.php

@@ -7,8 +7,6 @@
 
 namespace SprykerEco\Zed\AmazonQuicksight;
 
-use Aws\Credentials\Credentials;
-use Aws\Sts\StsClient;
 use Spryker\Zed\Kernel\AbstractBundleConfig;
 use SprykerEco\Shared\AmazonQuicksight\AmazonQuicksightConstants;
 use SprykerEco\Zed\AmazonQuicksight\Business\Exception\AssetBundleImportFilePathNotDefinedException;
@@ -151,7 +149,7 @@ class AmazonQuicksightConfig extends AbstractBundleConfig
     /**
      * @var string
      */
-    protected const STS_CLIENT_ROLE_SESSION_NAME = 'defaultRoleSessionName';
+    protected const STS_CLIENT_ROLE_SESSION_NAME = 'QuicksightInteractionSession';
 
     /**
      * @var string
@@ -204,6 +202,19 @@ public function getAwsAccountId(): string
         return $this->get(AmazonQuicksightConstants::AWS_ACCOUNT_ID);
     }
 
+    /**
+     * Specification:
+     * - Returns the AWS region that is used for the Amazon QuickSight account.
+     *
+     * @api
+     *
+     * @return string
+     */
+    public function getAwsRegion(): string
+    {
+        return $this->get(AmazonQuicksightConstants::AWS_REGION);
+    }
+
     /**
      * Specification:
      * - Returns the name of the Quicksight namespace.
@@ -219,57 +230,50 @@ public function getAwsQuicksightNamespace(): string
 
     /**
      * Specification:
-     * - Provides configuration for the Quicksight client.
-     *
-     * @link https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.AwsClient.html#method___construct
+     * - Returns the AWS credentials key if it exists in the configuration.
+     * - Returns `null` otherwise.
      *
      * @api
      *
-     * @return array<string, mixed>
+     * @return string|null
      */
-    public function getQuicksightClientConfiguration(): array
+    public function findAwsCredentialsKey(): ?string
     {
-        return [
-            'region' => $this->get(AmazonQuicksightConstants::AWS_REGION),
-            'version' => static::QUICKSIGHT_API_VERSION,
-            'credentials' => $this->getQuicksightClientCredentials(),
-        ];
+        return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY)
+            ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY)
+            : null;
     }
 
     /**
-     * @return \Aws\Credentials\Credentials
+     * Specification:
+     * - Returns the AWS credentials secret if it exists in the configuration.
+     * - Returns `null` otherwise.
+     *
+     * @api
+     *
+     * @return string|null
      */
-    protected function getQuicksightClientCredentials(): Credentials
+    public function findAwsCredentialsSecret(): ?string
     {
-        $awsCredentialsKey = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY)
-            ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY)
-            : null;
-        $awsCredentialsSecret = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET)
+        return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET)
             ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET)
             : null;
-        $awsCredentialsToken = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN)
+    }
+
+    /**
+     * Specification:
+     * - Returns the AWS credentials token if it exists in the configuration.
+     * - Returns `null` otherwise.
+     *
+     * @api
+     *
+     * @return string|null
+     */
+    public function findAwsCredentialsToken(): ?string
+    {
+        return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN)
             ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN)
             : null;
-
-        if ($awsCredentialsKey && $awsCredentialsSecret && $awsCredentialsToken) {
-            return new Credentials($awsCredentialsKey, $awsCredentialsSecret, $awsCredentialsToken);
-        }
-
-        $stsClient = new StsClient([
-            'region' => $this->get(AmazonQuicksightConstants::AWS_REGION),
-            'version' => static::STS_CLIENT_VERSION,
-        ]);
-
-        $result = $stsClient->AssumeRole([
-            'RoleArn' => $this->get(AmazonQuicksightConstants::QUICKSIGHT_ASSUMED_ROLE_ARN),
-            'RoleSessionName' => static::STS_CLIENT_ROLE_SESSION_NAME,
-        ]);
-
-        return new Credentials(
-            $result['Credentials']['AccessKeyId'],
-            $result['Credentials']['SecretAccessKey'],
-            $result['Credentials']['SessionToken'],
-        );
     }
 
     /**
@@ -546,4 +550,56 @@ public function getGenerateEmbedUrlAllowedDomains(): array
     {
         return $this->get(AmazonQuicksightConstants::GENERATE_EMBED_URL_ALLOWED_DOMAINS, []);
     }
+
+    /**
+     * Specification:
+     * - Returns the role ARN used by `Aws\Sts\StsClient` to assume a role.
+     *
+     * @api
+     *
+     * @return string
+     */
+    public function getQuicksightAssumedRoleArn(): string
+    {
+        return $this->get(AmazonQuicksightConstants::QUICKSIGHT_ASSUMED_ROLE_ARN);
+    }
+
+    /**
+     * Specification:
+     * - Returns the Quicksight API version.
+     *
+     * @api
+     *
+     * @return string
+     */
+    public function getQuicksightApiVersion(): string
+    {
+        return static::QUICKSIGHT_API_VERSION;
+    }
+
+    /**
+     * Specification:
+     * - Returns the STS client API version.
+     *
+     * @api
+     *
+     * @return string
+     */
+    public function getStsClientVersion(): string
+    {
+        return static::STS_CLIENT_VERSION;
+    }
+
+    /**
+     * Specification:
+     * - Returns the STS client role session name.
+     *
+     * @api
+     *
+     * @return string
+     */
+    public function getStsClientRoleSessionName(): string
+    {
+        return static::STS_CLIENT_ROLE_SESSION_NAME;
+    }
 }

src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightDependencyProvider.php

@@ -96,9 +96,7 @@ public function providePersistenceLayerDependencies(Container $container): Conta
     protected function addAwsQuicksightClient(Container $container): Container
     {
         $container->set(static::AWS_QUICKSIGHT_CLIENT, function () {
-            return new AmazonQuicksightToAwsQuicksightClientAdapter(
-                $this->getConfig()->getQuicksightClientConfiguration(),
-            );
+            return new AmazonQuicksightToAwsQuicksightClientAdapter($this->getConfig());
         });
 
         return $container;

src/SprykerEco/Zed/AmazonQuicksight/Dependency/External/AmazonQuicksightToAwsQuicksightClientAdapter.php

@@ -7,8 +7,11 @@
 
 namespace SprykerEco\Zed\AmazonQuicksight\Dependency\External;
 
+use Aws\Credentials\Credentials;
 use Aws\QuickSight\QuickSightClient;
 use Aws\ResultInterface;
+use Aws\Sts\StsClient;
+use SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig;
 
 class AmazonQuicksightToAwsQuicksightClientAdapter implements AmazonQuicksightToAwsQuicksightClientInterface
 {
@@ -18,11 +21,11 @@ class AmazonQuicksightToAwsQuicksightClientAdapter implements AmazonQuicksightTo
     protected $quicksightClient;
 
     /**
-     * @param array<string, mixed> $args
+     * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config
      */
-    public function __construct(array $args)
+    public function __construct(AmazonQuicksightConfig $config)
     {
-        $this->quicksightClient = new QuickSightClient($args);
+        $this->quicksightClient = new QuickSightClient($this->getQuicksightClientConfiguration($config));
     }
 
     /**
@@ -104,4 +107,65 @@ public function describeAssetBundleImportJob(array $describeAssetBundleImportJob
     {
         return $this->quicksightClient->describeAssetBundleImportJob($describeAssetBundleImportJobRequestData);
     }
+
+    /**
+     * @link https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.AwsClient.html#method___construct
+     *
+     * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config
+     *
+     * @return array<string, mixed>
+     */
+    protected function getQuicksightClientConfiguration(AmazonQuicksightConfig $config): array
+    {
+        return [
+            'region' => $config->getAwsRegion(),
+            'version' => $config->getQuicksightApiVersion(),
+            'credentials' => $this->getQuicksightClientCredentials($config),
+        ];
+    }
+
+    /**
+     * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config
+     *
+     * @return \Aws\Credentials\Credentials
+     */
+    protected function getQuicksightClientCredentials(AmazonQuicksightConfig $config): Credentials
+    {
+        $awsCredentialsKey = $config->findAwsCredentialsKey();
+        $awsCredentialsSecret = $config->findAwsCredentialsSecret();
+        $awsCredentialsToken = $config->findAwsCredentialsToken();
+
+        if ($awsCredentialsKey && $awsCredentialsSecret && $awsCredentialsToken) {
+            return new Credentials($awsCredentialsKey, $awsCredentialsSecret, $awsCredentialsToken);
+        }
+
+        return $this->getStsClientCredentials($config);
+    }
+
+    /**
+     * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config
+     *
+     * @return \Aws\Credentials\Credentials
+     */
+    protected function getStsClientCredentials(AmazonQuicksightConfig $config): Credentials
+    {
+        $stsClient = new StsClient([
+            'region' => $config->getAwsRegion(),
+            'version' => $config->getStsClientVersion(),
+        ]);
+
+        /**
+         * @method \Aws\Result assumeRole(array $args = [])
+         */
+        $result = $stsClient->AssumeRole([
+            'RoleArn' => $config->getQuicksightAssumedRoleArn(),
+            'RoleSessionName' => $config->getStsClientRoleSessionName(),
+        ]);
+
+        return new Credentials(
+            $result['Credentials']['AccessKeyId'],
+            $result['Credentials']['SecretAccessKey'],
+            $result['Credentials']['SessionToken'],
+        );
+    }
 }