diff --git a/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightConfig.php b/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightConfig.php index f82eec4..43dd519 100644 --- a/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightConfig.php +++ b/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightConfig.php @@ -7,8 +7,6 @@ namespace SprykerEco\Zed\AmazonQuicksight; -use Aws\Credentials\Credentials; -use Aws\Sts\StsClient; use Spryker\Zed\Kernel\AbstractBundleConfig; use SprykerEco\Shared\AmazonQuicksight\AmazonQuicksightConstants; use SprykerEco\Zed\AmazonQuicksight\Business\Exception\AssetBundleImportFilePathNotDefinedException; @@ -151,7 +149,7 @@ class AmazonQuicksightConfig extends AbstractBundleConfig /** * @var string */ - protected const STS_CLIENT_ROLE_SESSION_NAME = 'defaultRoleSessionName'; + protected const STS_CLIENT_ROLE_SESSION_NAME = 'QuicksightInteractionSession'; /** * @var string @@ -204,6 +202,19 @@ public function getAwsAccountId(): string return $this->get(AmazonQuicksightConstants::AWS_ACCOUNT_ID); } + /** + * Specification: + * - Returns the AWS region that is used for the Amazon QuickSight account. + * + * @api + * + * @return string + */ + public function getAwsRegion(): string + { + return $this->get(AmazonQuicksightConstants::AWS_REGION); + } + /** * Specification: * - Returns the name of the Quicksight namespace. @@ -219,57 +230,50 @@ public function getAwsQuicksightNamespace(): string /** * Specification: - * - Provides configuration for the Quicksight client. - * - * @link https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.AwsClient.html#method___construct + * - Returns the AWS credentials key if it exists in the configuration. + * - Returns `null` otherwise. * * @api * - * @return array + * @return string|null */ - public function getQuicksightClientConfiguration(): array + public function findAwsCredentialsKey(): ?string { - return [ - 'region' => $this->get(AmazonQuicksightConstants::AWS_REGION), - 'version' => static::QUICKSIGHT_API_VERSION, - 'credentials' => $this->getQuicksightClientCredentials(), - ]; + return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY) + ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY) + : null; } /** - * @return \Aws\Credentials\Credentials + * Specification: + * - Returns the AWS credentials secret if it exists in the configuration. + * - Returns `null` otherwise. + * + * @api + * + * @return string|null */ - protected function getQuicksightClientCredentials(): Credentials + public function findAwsCredentialsSecret(): ?string { - $awsCredentialsKey = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY) - ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_KEY) - : null; - $awsCredentialsSecret = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET) + return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET) ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_SECRET) : null; - $awsCredentialsToken = $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN) + } + + /** + * Specification: + * - Returns the AWS credentials token if it exists in the configuration. + * - Returns `null` otherwise. + * + * @api + * + * @return string|null + */ + public function findAwsCredentialsToken(): ?string + { + return $this->getConfig()->hasKey(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN) ? $this->get(AmazonQuicksightConstants::AWS_CREDENTIALS_TOKEN) : null; - - if ($awsCredentialsKey && $awsCredentialsSecret && $awsCredentialsToken) { - return new Credentials($awsCredentialsKey, $awsCredentialsSecret, $awsCredentialsToken); - } - - $stsClient = new StsClient([ - 'region' => $this->get(AmazonQuicksightConstants::AWS_REGION), - 'version' => static::STS_CLIENT_VERSION, - ]); - - $result = $stsClient->AssumeRole([ - 'RoleArn' => $this->get(AmazonQuicksightConstants::QUICKSIGHT_ASSUMED_ROLE_ARN), - 'RoleSessionName' => static::STS_CLIENT_ROLE_SESSION_NAME, - ]); - - return new Credentials( - $result['Credentials']['AccessKeyId'], - $result['Credentials']['SecretAccessKey'], - $result['Credentials']['SessionToken'], - ); } /** @@ -546,4 +550,56 @@ public function getGenerateEmbedUrlAllowedDomains(): array { return $this->get(AmazonQuicksightConstants::GENERATE_EMBED_URL_ALLOWED_DOMAINS, []); } + + /** + * Specification: + * - Returns the role ARN used by `Aws\Sts\StsClient` to assume a role. + * + * @api + * + * @return string + */ + public function getQuicksightAssumedRoleArn(): string + { + return $this->get(AmazonQuicksightConstants::QUICKSIGHT_ASSUMED_ROLE_ARN); + } + + /** + * Specification: + * - Returns the Quicksight API version. + * + * @api + * + * @return string + */ + public function getQuicksightApiVersion(): string + { + return static::QUICKSIGHT_API_VERSION; + } + + /** + * Specification: + * - Returns the STS client API version. + * + * @api + * + * @return string + */ + public function getStsClientVersion(): string + { + return static::STS_CLIENT_VERSION; + } + + /** + * Specification: + * - Returns the STS client role session name. + * + * @api + * + * @return string + */ + public function getStsClientRoleSessionName(): string + { + return static::STS_CLIENT_ROLE_SESSION_NAME; + } } diff --git a/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightDependencyProvider.php b/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightDependencyProvider.php index 1b7145f..ebc7c54 100644 --- a/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightDependencyProvider.php +++ b/src/SprykerEco/Zed/AmazonQuicksight/AmazonQuicksightDependencyProvider.php @@ -96,9 +96,7 @@ public function providePersistenceLayerDependencies(Container $container): Conta protected function addAwsQuicksightClient(Container $container): Container { $container->set(static::AWS_QUICKSIGHT_CLIENT, function () { - return new AmazonQuicksightToAwsQuicksightClientAdapter( - $this->getConfig()->getQuicksightClientConfiguration(), - ); + return new AmazonQuicksightToAwsQuicksightClientAdapter($this->getConfig()); }); return $container; diff --git a/src/SprykerEco/Zed/AmazonQuicksight/Dependency/External/AmazonQuicksightToAwsQuicksightClientAdapter.php b/src/SprykerEco/Zed/AmazonQuicksight/Dependency/External/AmazonQuicksightToAwsQuicksightClientAdapter.php index edda150..8f233a3 100644 --- a/src/SprykerEco/Zed/AmazonQuicksight/Dependency/External/AmazonQuicksightToAwsQuicksightClientAdapter.php +++ b/src/SprykerEco/Zed/AmazonQuicksight/Dependency/External/AmazonQuicksightToAwsQuicksightClientAdapter.php @@ -7,8 +7,11 @@ namespace SprykerEco\Zed\AmazonQuicksight\Dependency\External; +use Aws\Credentials\Credentials; use Aws\QuickSight\QuickSightClient; use Aws\ResultInterface; +use Aws\Sts\StsClient; +use SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig; class AmazonQuicksightToAwsQuicksightClientAdapter implements AmazonQuicksightToAwsQuicksightClientInterface { @@ -18,11 +21,11 @@ class AmazonQuicksightToAwsQuicksightClientAdapter implements AmazonQuicksightTo protected $quicksightClient; /** - * @param array $args + * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config */ - public function __construct(array $args) + public function __construct(AmazonQuicksightConfig $config) { - $this->quicksightClient = new QuickSightClient($args); + $this->quicksightClient = new QuickSightClient($this->getQuicksightClientConfiguration($config)); } /** @@ -104,4 +107,65 @@ public function describeAssetBundleImportJob(array $describeAssetBundleImportJob { return $this->quicksightClient->describeAssetBundleImportJob($describeAssetBundleImportJobRequestData); } + + /** + * @link https://docs.aws.amazon.com/aws-sdk-php/v3/api/class-Aws.AwsClient.html#method___construct + * + * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config + * + * @return array + */ + protected function getQuicksightClientConfiguration(AmazonQuicksightConfig $config): array + { + return [ + 'region' => $config->getAwsRegion(), + 'version' => $config->getQuicksightApiVersion(), + 'credentials' => $this->getQuicksightClientCredentials($config), + ]; + } + + /** + * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config + * + * @return \Aws\Credentials\Credentials + */ + protected function getQuicksightClientCredentials(AmazonQuicksightConfig $config): Credentials + { + $awsCredentialsKey = $config->findAwsCredentialsKey(); + $awsCredentialsSecret = $config->findAwsCredentialsSecret(); + $awsCredentialsToken = $config->findAwsCredentialsToken(); + + if ($awsCredentialsKey && $awsCredentialsSecret && $awsCredentialsToken) { + return new Credentials($awsCredentialsKey, $awsCredentialsSecret, $awsCredentialsToken); + } + + return $this->getStsClientCredentials($config); + } + + /** + * @param \SprykerEco\Zed\AmazonQuicksight\AmazonQuicksightConfig $config + * + * @return \Aws\Credentials\Credentials + */ + protected function getStsClientCredentials(AmazonQuicksightConfig $config): Credentials + { + $stsClient = new StsClient([ + 'region' => $config->getAwsRegion(), + 'version' => $config->getStsClientVersion(), + ]); + + /** + * @method \Aws\Result assumeRole(array $args = []) + */ + $result = $stsClient->AssumeRole([ + 'RoleArn' => $config->getQuicksightAssumedRoleArn(), + 'RoleSessionName' => $config->getStsClientRoleSessionName(), + ]); + + return new Credentials( + $result['Credentials']['AccessKeyId'], + $result['Credentials']['SecretAccessKey'], + $result['Credentials']['SessionToken'], + ); + } }