refactor: move aws session token resolution to configuration and inject into aws clients

Author: carlalexander

src/CloudProvider/Aws/AbstractClient.php

@@ -58,13 +58,13 @@ abstract class AbstractClient
     /**
      * Constructor.
      */
-    public function __construct(ClientInterface $client, string $key, string $region, string $secret)
+    public function __construct(ClientInterface $client, string $key, string $region, string $secret, string $securityToken = '')
     {
         $this->client = $client;
         $this->key = $key;
         $this->region = $region;
         $this->secret = $secret;
-        $this->securityToken = getenv('AWS_SESSION_TOKEN') ?: '';
+        $this->securityToken = $securityToken;
     }
 
     /**

src/CloudProvider/Aws/CloudFrontClient.php

@@ -39,9 +39,9 @@ class CloudFrontClient extends AbstractClient implements ContentDeliveryNetworkP
     /**
      * {@inheritdoc}
      */
-    public function __construct(ClientInterface $client, string $distributionId, string $key, string $secret)
+    public function __construct(ClientInterface $client, string $distributionId, string $key, string $secret, string $securityToken = '')
     {
-        parent::__construct($client, $key, 'us-east-1', $secret);
+        parent::__construct($client, $key, 'us-east-1', $secret, $securityToken);
 
         $this->distributionId = $distributionId;
         $this->invalidationPaths = [];

src/CloudProvider/Aws/LambdaClient.php

@@ -39,9 +39,9 @@ class LambdaClient extends AbstractClient implements ConsoleClientInterface
     /**
      * {@inheritdoc}
      */
-    public function __construct(ClientInterface $client, string $functionName, string $key, string $region, string $secret, string $siteUrl)
+    public function __construct(ClientInterface $client, string $functionName, string $key, string $region, string $secret, string $siteUrl, string $securityToken = '')
     {
-        parent::__construct($client, $key, $region, $secret);
+        parent::__construct($client, $key, $region, $secret, $securityToken);
 
         $this->functionName = $functionName;
         $this->siteUrl = $siteUrl;

src/CloudProvider/Aws/S3Client.php

@@ -31,9 +31,9 @@ class S3Client extends AbstractClient implements CloudStorageClientInterface
     /**
      * Constructor.
      */
-    public function __construct(ClientInterface $client, string $bucket, string $key, string $region, string $secret)
+    public function __construct(ClientInterface $client, string $bucket, string $key, string $region, string $secret, string $securityToken = '')
     {
-        parent::__construct($client, $key, $region, $secret);
+        parent::__construct($client, $key, $region, $secret, $securityToken);
 
         $this->bucket = $bucket;
     }

src/Configuration/CloudProviderConfiguration.php

@@ -46,6 +46,9 @@ public function modify(Container $container)
         $container['cloud_provider_secret'] = $container->service(function () {
             return getenv('AWS_SECRET_ACCESS_KEY') ?: (defined('YMIR_CLOUD_PROVIDER_SECRET') ? YMIR_CLOUD_PROVIDER_SECRET : '');
         });
+        $container['cloud_provider_security_token'] = $container->service(function () {
+            return getenv('AWS_SESSION_TOKEN') ?: '';
+        });
         $container['cloud_provider_private_store'] = $container->service(function () {
             return getenv('YMIR_PRIVATE_STORE') ?: (defined('YMIR_CLOUD_PROVIDER_PRIVATE_STORE') ? YMIR_CLOUD_PROVIDER_PRIVATE_STORE : '');
         });

src/Configuration/CloudStorageConfiguration.php

@@ -30,11 +30,11 @@ class CloudStorageConfiguration implements ContainerConfigurationInterface
     public function modify(Container $container)
     {
         $container['private_cloud_storage_client'] = $container->service(function (Container $container) {
-            return new S3Client($container['ymir_http_client'], $container['cloud_provider_private_store'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret']);
+            return new S3Client($container['ymir_http_client'], $container['cloud_provider_private_store'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret'], $container['cloud_provider_security_token']);
         });
         $container['private_cloud_storage_protocol'] = PrivateCloudStorageStreamWrapper::getProtocol().'://';
         $container['public_cloud_storage_client'] = $container->service(function (Container $container) {
-            return new S3Client($container['ymir_http_client'], $container['cloud_provider_public_store'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret']);
+            return new S3Client($container['ymir_http_client'], $container['cloud_provider_public_store'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret'], $container['cloud_provider_security_token']);
         });
         $container['public_cloud_storage_protocol'] = PublicCloudStorageStreamWrapper::getProtocol().'://';
     }

src/Configuration/ConsoleConfiguration.php

@@ -39,7 +39,7 @@ public function modify(Container $container)
             ];
         });
         $container['console_client'] = $container->service(function (Container $container) {
-            return new LambdaClient($container['ymir_http_client'], $container['cloud_provider_function_name'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret'], $container['site_url']);
+            return new LambdaClient($container['ymir_http_client'], $container['cloud_provider_function_name'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret'], $container['site_url'], $container['cloud_provider_security_token']);
         });
         $container['wp_cli'] = $container->service(function () {
             return new Console\WpCli();

src/Configuration/EmailConfiguration.php

@@ -29,7 +29,7 @@ class EmailConfiguration implements ContainerConfigurationInterface
     public function modify(Container $container)
     {
         $container['email_client'] = $container->service(function (Container $container) {
-            return new SesClient($container['ymir_http_client'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret']);
+            return new SesClient($container['ymir_http_client'], $container['cloud_provider_key'], $container['cloud_provider_region'], $container['cloud_provider_secret'], $container['cloud_provider_security_token']);
         });
         $container['email'] = function (Container $container) {
             return new Email($container['event_manager'], $container['default_email_from'], $container['file_manager'], $container['phpmailer'], $container['blog_charset']);

src/Configuration/PageCacheConfiguration.php

@@ -28,7 +28,7 @@ class PageCacheConfiguration implements ContainerConfigurationInterface
     public function modify(Container $container)
     {
         $container['cloudfront_client'] = $container->service(function (Container $container) {
-            return new CloudFrontClient($container['ymir_http_client'], getenv('YMIR_DISTRIBUTION_ID'), $container['cloud_provider_key'], $container['cloud_provider_secret']);
+            return new CloudFrontClient($container['ymir_http_client'], getenv('YMIR_DISTRIBUTION_ID'), $container['cloud_provider_key'], $container['cloud_provider_secret'], $container['cloud_provider_security_token']);
         });
         $container['page_caching_invalidation_disabled'] = $container->service(function (Container $container) {
             if (false !== getenv('YMIR_DISABLE_PAGE_CACHING')) {