From 475c8ea23eda98f6a340bedc427f7e619399fe27 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 13:26:52 +0200 Subject: [PATCH 01/68] [DEV-49774] Added iam access variables --- DependencyInjection/Kfz24QueueExtension.php | 42 +++++++++++++++------ README.md | 4 ++ Resources/config/services.yaml | 1 + 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index a97af09..b243027 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -33,20 +33,40 @@ public function load(array $configs, ContainerBuilder $container) foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); + $iAMApiVersion = $container->getParameter(sprintf('kfz24.queue.%s.iam_access.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'credentials' => [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ], - 'version' => $apiVersion - ] - ]); + if (empty($client['iam_access'])) { + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'endpoint' => $client['endpoint'], + 'credentials' => [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ], + 'version' => $apiVersion + ] + ]); + } else { + if (empty($client['iam_access']['web_identity_token_file']) || file_get_contents($client['iam_access']['web_identity_token_file'])) { + throw new \Exception('A valid web_identity_token_file should be specified for IAM Access!'); + } + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'endpoint' => $client['endpoint'], + 'sts_credentials' => [ + 'web_identity_token' => file_get_contents($client['iam_access']['web_identity_token_file']), + 'role_arn' => $client['iam_access']['role_arn'], + 'session_name' => $client['iam_access']['session_name'], + ], + 'version' => $iAMApiVersion + ] + ]); + } + $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); diff --git a/README.md b/README.md index bef5027..dae601b 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,10 @@ kfz24_queue: resource: "https://sqs.eu-central-1.amazonaws.com/123456789012/another-queue" access_key: "AKIAABCDEFGHIJKLMNOP" secret_access_key: "s3CR3t4Cc3S5K3y" + iam_access: + web_identity_token_file: "%AWS_WEB_IDENTITY_TOKEN_FILE%" + role_arn: "arn-role-XYZ" + session_name: "ABC-session-name" large_payload_client: region: "eu-central-1" endpoint: "http://s3-eu-central-1.amazonaws.com/consumer_bucket" diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml index 010b44b..d8a97be 100644 --- a/Resources/config/services.yaml +++ b/Resources/config/services.yaml @@ -2,6 +2,7 @@ parameters: kfz24.queue.sqs.client.class: Kfz24\QueueBundle\Client\Aws\SqsClient kfz24.queue.sqs.adapter.class: Aws\Sqs\SqsClient kfz24.queue.sqs.api_version: "2012-11-05" + kfz24.queue.sqs.iam_access.api_version: "latest" kfz24.queue.sns.client.class: Kfz24\QueueBundle\Client\Aws\SnsClient kfz24.queue.sns.adapter.class: Aws\Sns\SnsClient kfz24.queue.sns.api_version: "2010-03-31" From c38185514a5db24c91947f887f0920246695805a Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 13:28:08 +0200 Subject: [PATCH 02/68] [DEV-49774] Added iam access variables --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index b243027..ec9fac0 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -50,7 +50,7 @@ public function load(array $configs, ContainerBuilder $container) ] ]); } else { - if (empty($client['iam_access']['web_identity_token_file']) || file_get_contents($client['iam_access']['web_identity_token_file'])) { + if (empty($client['iam_access']['web_identity_token_file']) || !file_get_contents($client['iam_access']['web_identity_token_file'])) { throw new \Exception('A valid web_identity_token_file should be specified for IAM Access!'); } $adapterDefinition = new Definition($adapterClass, [ From 16ea821c0d9976bb5da99dbbe1c5954ffb8b021b Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 14:42:53 +0200 Subject: [PATCH 03/68] [DEV-49774] Added iam access variables --- DependencyInjection/Configuration.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 04c609d..77265ac 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -46,6 +46,18 @@ public function getConfigTreeBuilder() ->scalarNode('secret_access_key') ->isRequired() ->end() + ->arrayNode('iam_access') + ->canBeEnabled() + ->children() + ->scalarNode('web_identity_token_file') + ->isRequired() + ->end() + ->scalarNode('role_arn') + ->isRequired() + ->end() + ->scalarNode('session_name') + ->isRequired() + ->end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() From e0390b0d28988ca946a87492f3f58b59d0f1e6e9 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 15:53:43 +0200 Subject: [PATCH 04/68] [DEV-49774] Updated with stsclient --- DependencyInjection/Kfz24QueueExtension.php | 30 ++++++++++++++------- README.md | 2 +- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index ec9fac0..7536b59 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -10,6 +10,8 @@ use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; use Symfony\Component\DependencyInjection\Loader; +use Aws\Sts\StsClient; +use Aws\Credentials\CredentialProvider; /** * This is the class that loads and manages your bundle configuration. @@ -37,7 +39,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (empty($client['iam_access'])) { + if (empty($client['role_based'])) { $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], @@ -50,25 +52,33 @@ public function load(array $configs, ContainerBuilder $container) ] ]); } else { - if (empty($client['iam_access']['web_identity_token_file']) || !file_get_contents($client['iam_access']['web_identity_token_file'])) { + if (empty($client['role_based']['web_identity_token_file'])) { throw new \Exception('A valid web_identity_token_file should be specified for IAM Access!'); } + $stsClient = new StsClient([ + 'region' => $client['region'], + 'version' => $iAMApiVersion, + 'credentials' => [ + 'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'], + 'roleArn' => $client['role_based']['role_arn'], + 'roleSessionName' => $client['role_based']['session_name'], + ] + ]); + + $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); + // Cache the results in a memoize function to avoid loading and parsing + // the ini file on every API operation + $provider = CredentialProvider::memoize($provider); $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'sts_credentials' => [ - 'web_identity_token' => file_get_contents($client['iam_access']['web_identity_token_file']), - 'role_arn' => $client['iam_access']['role_arn'], - 'session_name' => $client['iam_access']['session_name'], - ], - 'version' => $iAMApiVersion + 'version' => $apiVersion, + 'credentials' => $provider ] ]); } $adapterDefinition->setPublic(false); - $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); diff --git a/README.md b/README.md index dae601b..da9150f 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ kfz24_queue: resource: "https://sqs.eu-central-1.amazonaws.com/123456789012/another-queue" access_key: "AKIAABCDEFGHIJKLMNOP" secret_access_key: "s3CR3t4Cc3S5K3y" - iam_access: + role_based: web_identity_token_file: "%AWS_WEB_IDENTITY_TOKEN_FILE%" role_arn: "arn-role-XYZ" session_name: "ABC-session-name" From 50366d8c600d8157494e34b8f848975b3d3b51b2 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 15:54:03 +0200 Subject: [PATCH 05/68] [DEV-49774] Updated with stsclient --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 7536b59..44057b2 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -53,7 +53,7 @@ public function load(array $configs, ContainerBuilder $container) ]); } else { if (empty($client['role_based']['web_identity_token_file'])) { - throw new \Exception('A valid web_identity_token_file should be specified for IAM Access!'); + throw new \Exception('A valid web_identity_token_file should be specified for Role Access!'); } $stsClient = new StsClient([ 'region' => $client['region'], From 5a0068a8a4507c02aaf3b952499df97895c8d0d7 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 15:54:37 +0200 Subject: [PATCH 06/68] [DEV-49774] Updated with stsclient --- DependencyInjection/Configuration.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 77265ac..9c06359 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -46,7 +46,7 @@ public function getConfigTreeBuilder() ->scalarNode('secret_access_key') ->isRequired() ->end() - ->arrayNode('iam_access') + ->arrayNode('role_based') ->canBeEnabled() ->children() ->scalarNode('web_identity_token_file') From a929e34bc5c231d314d3990b563643a9e26e992f Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 16:09:06 +0200 Subject: [PATCH 07/68] [DEV-49774] Updated config --- DependencyInjection/Configuration.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 9c06359..45fc930 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -50,14 +50,13 @@ public function getConfigTreeBuilder() ->canBeEnabled() ->children() ->scalarNode('web_identity_token_file') - ->isRequired() ->end() ->scalarNode('role_arn') - ->isRequired() ->end() ->scalarNode('session_name') - ->isRequired() ->end() + ->end() + >end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() From 3cac48ce7251946164fdf5afe713b3a76d41ee28 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 16:37:43 +0200 Subject: [PATCH 08/68] [DEV-49774] Updated config --- DependencyInjection/Configuration.php | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 45fc930..a67cacf 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -49,14 +49,11 @@ public function getConfigTreeBuilder() ->arrayNode('role_based') ->canBeEnabled() ->children() - ->scalarNode('web_identity_token_file') - ->end() - ->scalarNode('role_arn') - ->end() - ->scalarNode('session_name') - ->end() + ->scalarNode('web_identity_token_file')->end() + ->scalarNode('role_arn')->end() + ->scalarNode('session_name')->end() ->end() - >end() + ->end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() From 2113aa6e253874d2c3510e5102362cea57ba1f5f Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 16:43:37 +0200 Subject: [PATCH 09/68] [DEV-49774] Updated config --- DependencyInjection/Configuration.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index a67cacf..f845251 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -49,9 +49,15 @@ public function getConfigTreeBuilder() ->arrayNode('role_based') ->canBeEnabled() ->children() - ->scalarNode('web_identity_token_file')->end() - ->scalarNode('role_arn')->end() - ->scalarNode('session_name')->end() + ->scalarNode('web_identity_token_file') + ->isRequired() + ->end() + ->scalarNode('role_arn') + ->isRequired() + ->end() + ->scalarNode('session_name') + ->isRequired() + ->end() ->end() ->end() ->arrayNode('large_payload_client') From 50fa3ee709aaa8940d75a68a48b536b66af03876 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 16:54:45 +0200 Subject: [PATCH 10/68] [DEV-49774] Updated config --- DependencyInjection/Configuration.php | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index f845251..04c609d 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -46,20 +46,6 @@ public function getConfigTreeBuilder() ->scalarNode('secret_access_key') ->isRequired() ->end() - ->arrayNode('role_based') - ->canBeEnabled() - ->children() - ->scalarNode('web_identity_token_file') - ->isRequired() - ->end() - ->scalarNode('role_arn') - ->isRequired() - ->end() - ->scalarNode('session_name') - ->isRequired() - ->end() - ->end() - ->end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() From 6462c87c03673b9a4712b88c272958e0d2cc1921 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 21 May 2025 16:58:49 +0200 Subject: [PATCH 11/68] [DEV-49774] Updated config #1 --- DependencyInjection/Configuration.php | 14 ++++++++++++++ DependencyInjection/Kfz24QueueExtension.php | 3 +-- Resources/config/services.yaml | 1 - 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index 04c609d..f845251 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -46,6 +46,20 @@ public function getConfigTreeBuilder() ->scalarNode('secret_access_key') ->isRequired() ->end() + ->arrayNode('role_based') + ->canBeEnabled() + ->children() + ->scalarNode('web_identity_token_file') + ->isRequired() + ->end() + ->scalarNode('role_arn') + ->isRequired() + ->end() + ->scalarNode('session_name') + ->isRequired() + ->end() + ->end() + ->end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 44057b2..4858b5a 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -35,7 +35,6 @@ public function load(array $configs, ContainerBuilder $container) foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); - $iAMApiVersion = $container->getParameter(sprintf('kfz24.queue.%s.iam_access.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); @@ -57,7 +56,7 @@ public function load(array $configs, ContainerBuilder $container) } $stsClient = new StsClient([ 'region' => $client['region'], - 'version' => $iAMApiVersion, + 'version' => $apiVersion, 'credentials' => [ 'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'], 'roleArn' => $client['role_based']['role_arn'], diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml index d8a97be..010b44b 100644 --- a/Resources/config/services.yaml +++ b/Resources/config/services.yaml @@ -2,7 +2,6 @@ parameters: kfz24.queue.sqs.client.class: Kfz24\QueueBundle\Client\Aws\SqsClient kfz24.queue.sqs.adapter.class: Aws\Sqs\SqsClient kfz24.queue.sqs.api_version: "2012-11-05" - kfz24.queue.sqs.iam_access.api_version: "latest" kfz24.queue.sns.client.class: Kfz24\QueueBundle\Client\Aws\SnsClient kfz24.queue.sns.adapter.class: Aws\Sns\SnsClient kfz24.queue.sns.api_version: "2010-03-31" From f5dbc8d1fd25c170e80fc0834473e8a90f195209 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Fri, 23 May 2025 13:47:31 +0200 Subject: [PATCH 12/68] [DEV-49774] Updated config #1.1 --- DependencyInjection/Kfz24QueueExtension.php | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 4858b5a..c45795d 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,7 +38,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (empty($client['role_based'])) { + if (empty($client['role_based']) || empty($client['role_based']['web_identity_token_file'])) { $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], @@ -51,9 +51,6 @@ public function load(array $configs, ContainerBuilder $container) ] ]); } else { - if (empty($client['role_based']['web_identity_token_file'])) { - throw new \Exception('A valid web_identity_token_file should be specified for Role Access!'); - } $stsClient = new StsClient([ 'region' => $client['region'], 'version' => $apiVersion, From b6514a0f3517bcbe25e22d016acf31750b241ea5 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 11:54:25 +0200 Subject: [PATCH 13/68] [DEV-49774] Updated config #1.2 --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index c45795d..f5b5692 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,7 +38,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (empty($client['role_based']) || empty($client['role_based']['web_identity_token_file'])) { + if (!isset($client['role_based'])) { $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], From 598b757c9297ac5a294a4857fd40cece4e680aed Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 12:28:55 +0200 Subject: [PATCH 14/68] [DEV-49774] Updated config #1.3 --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index f5b5692..9d4881e 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,7 +38,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (!isset($client['role_based'])) { + if (isset($client['role_based']) && empty($client['role_based']['web_identity_token_file'])) { $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], From d16dcd948a07da76e054b947bc1d8d78cd7b113c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 12:34:27 +0200 Subject: [PATCH 15/68] [DEV-49774] Updated config #1.31 --- DependencyInjection/Configuration.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index f845251..c93a676 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -50,13 +50,13 @@ public function getConfigTreeBuilder() ->canBeEnabled() ->children() ->scalarNode('web_identity_token_file') - ->isRequired() + ->defaultNull() ->end() ->scalarNode('role_arn') - ->isRequired() + ->defaultNull() ->end() ->scalarNode('session_name') - ->isRequired() + ->defaultNull() ->end() ->end() ->end() From c140f450d675e178d611b4a800fa516b1b4e7732 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 17:07:10 +0200 Subject: [PATCH 16/68] [DEV-49774] Updated config #1.32 --- DependencyInjection/Kfz24QueueExtension.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 9d4881e..00951ff 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -39,6 +39,8 @@ public function load(array $configs, ContainerBuilder $container) $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); if (isset($client['role_based']) && empty($client['role_based']['web_identity_token_file'])) { + echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; + $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], @@ -51,6 +53,8 @@ public function load(array $configs, ContainerBuilder $container) ] ]); } else { + echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; + $stsClient = new StsClient([ 'region' => $client['region'], 'version' => $apiVersion, @@ -68,6 +72,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], + 'endpoint' => $client['endpoint'], 'version' => $apiVersion, 'credentials' => $provider ] From 9fcfad44de69fcaa7f687773964d1dcf84bf419a Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 17:29:43 +0200 Subject: [PATCH 17/68] [DEV-49774] Updated config #1.33 --- DependencyInjection/Kfz24QueueExtension.php | 1 + 1 file changed, 1 insertion(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 00951ff..38b7dea 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -54,6 +54,7 @@ public function load(array $configs, ContainerBuilder $container) ]); } else { echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; + echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; $stsClient = new StsClient([ 'region' => $client['region'], From 701a1167dbdf0420098f4c3c733e6af381893bb7 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 18:27:43 +0200 Subject: [PATCH 18/68] [DEV-49774] Updated config #1.34 --- DependencyInjection/Kfz24QueueExtension.php | 24 ++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 38b7dea..4c7898b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,7 +38,12 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (isset($client['role_based']) && empty($client['role_based']['web_identity_token_file'])) { + $validToken = false; + if (isset($client['role_based']) && $this->isTokenFileValid($client['role_based']['web_identity_token_file'])) { + $validToken = true; + } + + if ($validToken) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ @@ -177,4 +182,21 @@ private function buildS3ClientDefinition(string $definitionName, array $config, $container->setDefinition($definitionName, $s3ClientDefinition); } + + /** + * @param string|null $tokenFilePath + * @return bool + */ + private function isTokenFileValid(?string $tokenFilePath): bool + { + if (empty($tokenFilePath)) { + return false; + } + + if (!file_exists($tokenFilePath)) { + return false; + } + + return !((file_get_contents($tokenFilePath) === false)); + } } From 498ae4612e4b43f5398d779ea1a61cf2a2b2269d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 27 May 2025 18:28:00 +0200 Subject: [PATCH 19/68] [DEV-49774] Updated config #1.34 --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 4c7898b..2cdef36 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -43,7 +43,7 @@ public function load(array $configs, ContainerBuilder $container) $validToken = true; } - if ($validToken) { + if (!$validToken) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ From ebc6c608288661796449159ca8ece97714094762 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 28 May 2025 11:23:04 +0200 Subject: [PATCH 20/68] [DEV-49774] Optimized code and added s3 creds def --- DependencyInjection/Kfz24QueueExtension.php | 31 ++++++++++++++------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 2cdef36..3eba8fd 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -32,6 +32,7 @@ public function load(array $configs, ContainerBuilder $container) $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); $loader->load('services.yaml'); + $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); @@ -71,10 +72,13 @@ public function load(array $configs, ContainerBuilder $container) ] ]); - $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); - // Cache the results in a memoize function to avoid loading and parsing - // the ini file on every API operation - $provider = CredentialProvider::memoize($provider); + if (!$provider) { + $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); + // Cache the results in a memoize function to avoid loading and parsing + // the ini file on every API operation + $provider = CredentialProvider::memoize($provider); + } + $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], @@ -113,7 +117,8 @@ public function load(array $configs, ContainerBuilder $container) $this->buildS3ClientDefinition( $s3DefinitionName, $client['large_payload_client'], - $container + $container, + $provider ); $this->buildLargePayloadMessageExtensionDefinition( @@ -159,22 +164,28 @@ private function buildLargePayloadMessageExtensionDefinition( * @param string $definitionName * @param array $config * @param ContainerBuilder $container + * @param null|mixed $provider */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, $provider = null): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], true ); + $credentials = [ + 'key' => $config['access_key'], + 'secret' => $config['secret_access_key'], + ]; + if ($provider !== null) { + $credentials = $provider; + } + $s3ClientDefinition = new Definition(S3Client::class, [ [ 'region' => $config['region'], 'endpoint' => $config['endpoint'], - 'credentials' => [ - 'key' => $config['access_key'], - 'secret' => $config['secret_access_key'] - ], + 'credentials' => $credentials, 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), 'version' => '2006-03-01', ], From b22260fbf47018afe75f2180c7e5a7d0609cc05d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 28 May 2025 11:46:42 +0200 Subject: [PATCH 21/68] [DEV-49774] Optimized code and added s3 creds def #1 --- DependencyInjection/Kfz24QueueExtension.php | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 3eba8fd..9f02230 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -59,20 +59,20 @@ public function load(array $configs, ContainerBuilder $container) ] ]); } else { - echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; - echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; - - $stsClient = new StsClient([ - 'region' => $client['region'], - 'version' => $apiVersion, - 'credentials' => [ - 'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'], - 'roleArn' => $client['role_based']['role_arn'], - 'roleSessionName' => $client['role_based']['session_name'], - ] - ]); - if (!$provider) { + echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; + echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; + + $stsClient = new StsClient([ + 'region' => $client['region'], + 'version' => $apiVersion, + 'credentials' => [ + 'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'], + 'roleArn' => $client['role_based']['role_arn'], + 'roleSessionName' => $client['role_based']['session_name'], + ] + ]); + $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); // Cache the results in a memoize function to avoid loading and parsing // the ini file on every API operation From 594c5d92418137924a587f9ed1daa467338aea03 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Fri, 30 May 2025 13:10:39 +0200 Subject: [PATCH 22/68] [DEV-49774] Optimized code and added s3 creds def #1.1 --- DependencyInjection/Kfz24QueueExtension.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 9f02230..ec95647 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -66,11 +66,7 @@ public function load(array $configs, ContainerBuilder $container) $stsClient = new StsClient([ 'region' => $client['region'], 'version' => $apiVersion, - 'credentials' => [ - 'webIdentityTokenFile' => $client['role_based']['web_identity_token_file'], - 'roleArn' => $client['role_based']['role_arn'], - 'roleSessionName' => $client['role_based']['session_name'], - ] + 'credentials' => false, ]); $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); From 27627339e6c26ef2d7b2df8ccfda10de653a2144 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 09:53:28 +0200 Subject: [PATCH 23/68] [DEV-49774] Optimized code and added s3 creds def #1.2 --- DependencyInjection/Kfz24QueueExtension.php | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index ec95647..5442e78 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -63,13 +63,7 @@ public function load(array $configs, ContainerBuilder $container) echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; - $stsClient = new StsClient([ - 'region' => $client['region'], - 'version' => $apiVersion, - 'credentials' => false, - ]); - - $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['stsClient' => $stsClient]); + $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['region' => $client['region']]); // Cache the results in a memoize function to avoid loading and parsing // the ini file on every API operation $provider = CredentialProvider::memoize($provider); From c33e162ea9557fca5e589cf1661e4991bb8e66a7 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 11:31:19 +0200 Subject: [PATCH 24/68] [DEV-49774] Optimized code and added s3 creds def #1.3 --- DependencyInjection/Kfz24QueueExtension.php | 25 +++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 5442e78..f0001ab 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,6 +2,7 @@ namespace Kfz24\QueueBundle\DependencyInjection; +use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; use Aws\S3\S3Client; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -32,6 +33,9 @@ public function load(array $configs, ContainerBuilder $container) $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); $loader->load('services.yaml'); + $arnFromEnv = getenv(CredentialProvider::ENV_ARN); + $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; @@ -39,12 +43,8 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - $validToken = false; - if (isset($client['role_based']) && $this->isTokenFileValid($client['role_based']['web_identity_token_file'])) { - $validToken = true; - } - if (!$validToken) { + if (empty($arnFromEnv) && empty($tokenFromEnv)) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ @@ -63,10 +63,21 @@ public function load(array $configs, ContainerBuilder $container) echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; - $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(['region' => $client['region']]); + $provider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'client' => new StsClient([ + 'region' => $client['region'], + 'version' => $apiVersion, + 'credentials' => false + ]), + 'region' => $client['region'], + 'source' => null + ]); // Cache the results in a memoize function to avoid loading and parsing // the ini file on every API operation - $provider = CredentialProvider::memoize($provider); + //$provider = CredentialProvider::memoize($provider); } $adapterDefinition = new Definition($adapterClass, [ From 87be75a5f19720d4e608bfb2f741fe00e1ec7656 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 13:08:59 +0200 Subject: [PATCH 25/68] [DEV-49774] Optimized code and added s3 creds def #1.4 --- DependencyInjection/Kfz24QueueExtension.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index f0001ab..3c64c1b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -43,8 +43,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - - if (empty($arnFromEnv) && empty($tokenFromEnv)) { + if (!$this->isTokenFileValid($tokenFromEnv)) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ From 30e77948f120a8b0983f0063138d86c6395b349e Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 15:14:44 +0200 Subject: [PATCH 26/68] [DEV-49774] Optimized code and added s3 creds def #1.5 --- DependencyInjection/Kfz24QueueExtension.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 3c64c1b..5d110f8 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -35,6 +35,7 @@ public function load(array $configs, ContainerBuilder $container) $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { @@ -43,7 +44,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (!$this->isTokenFileValid($tokenFromEnv)) { + if (!$isTokenValidOption) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ @@ -60,7 +61,7 @@ public function load(array $configs, ContainerBuilder $container) } else { if (!$provider) { echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; - echo '[SQS-Bundle] File is: ' . $client['role_based']['web_identity_token_file'] . PHP_EOL; + echo '[SQS-Bundle] File is: ' . $tokenFromEnv . PHP_EOL; $provider = new AssumeRoleWithWebIdentityCredentialProvider([ 'RoleArn' => $arnFromEnv, @@ -208,6 +209,10 @@ private function isTokenFileValid(?string $tokenFilePath): bool return false; } + if (strpos($tokenFilePath, 'eks.amazonaws.com') === false) { + return false; + } + return !((file_get_contents($tokenFilePath) === false)); } } From 5ef75df98c41fd960a9ea1aac7b011649ec5fefd Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 16:06:21 +0200 Subject: [PATCH 27/68] [DEV-49774] Optimized code and added s3 creds def #1.6 --- DependencyInjection/Kfz24QueueExtension.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 5d110f8..063afa8 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -21,6 +21,8 @@ */ class Kfz24QueueExtension extends Extension { + private const USE_WEB_TOKEN = 'USE_WEB_TOKEN'; + /** * {@inheritdoc} * @throws \Exception @@ -35,6 +37,8 @@ public function load(array $configs, ContainerBuilder $container) $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + $shouldUseToken = !empty(getenv(self::USE_WEB_TOKEN)); + $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; @@ -44,7 +48,7 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (!$isTokenValidOption) { + if (!$shouldUseToken && !$isTokenValidOption) { echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; $adapterDefinition = new Definition($adapterClass, [ @@ -60,6 +64,7 @@ public function load(array $configs, ContainerBuilder $container) ]); } else { if (!$provider) { + echo '[SQS-Bundle] Web token option selected : ' . getenv(self::USE_WEB_TOKEN) . PHP_EOL; echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; echo '[SQS-Bundle] File is: ' . $tokenFromEnv . PHP_EOL; From 9d28367af61c51b88d96ef83de1a28fe5f2eaf1d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 16:50:07 +0200 Subject: [PATCH 28/68] [DEV-49774] Optimized code and added s3 creds def #1.7 --- DependencyInjection/Kfz24QueueExtension.php | 87 ++++++++++----------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 063afa8..840730c 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,7 +38,6 @@ public function load(array $configs, ContainerBuilder $container) $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); $shouldUseToken = !empty(getenv(self::USE_WEB_TOKEN)); - $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; @@ -48,51 +47,51 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - if (!$shouldUseToken && !$isTokenValidOption) { - echo '[SQS-Bundle] Role-based access denied due to no token file. Accessing via keys...' . PHP_EOL; - - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'credentials' => [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ], - 'version' => $apiVersion - ] - ]); - } else { - if (!$provider) { - echo '[SQS-Bundle] Web token option selected : ' . getenv(self::USE_WEB_TOKEN) . PHP_EOL; - echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; - echo '[SQS-Bundle] File is: ' . $tokenFromEnv . PHP_EOL; - - $provider = new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'client' => new StsClient([ - 'region' => $client['region'], - 'version' => $apiVersion, - 'credentials' => false - ]), - 'region' => $client['region'], - 'source' => null + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'endpoint' => $client['endpoint'], + 'credentials' => [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ], + 'version' => $apiVersion + ] + ]); + + if ($shouldUseToken) { + if ($isTokenValidOption) { + if (!$provider) { + echo '[SQS-Bundle] Web token option selected : ' . getenv(self::USE_WEB_TOKEN) . PHP_EOL; + echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; + echo '[SQS-Bundle] File is: ' . $tokenFromEnv . PHP_EOL; + + $provider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'client' => new StsClient([ + 'region' => $client['region'], + 'version' => $apiVersion, + 'credentials' => false + ]), + 'region' => $client['region'], + 'source' => null + ]); + // Cache the results in a memoize function to avoid loading and parsing + // the ini file on every API operation + //$provider = CredentialProvider::memoize($provider); + } + + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'endpoint' => $client['endpoint'], + 'version' => $apiVersion, + 'credentials' => $provider + ] ]); - // Cache the results in a memoize function to avoid loading and parsing - // the ini file on every API operation - //$provider = CredentialProvider::memoize($provider); } - - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'version' => $apiVersion, - 'credentials' => $provider - ] - ]); } $adapterDefinition->setPublic(false); From 52ea94cafebc5da30060bee8d01c5a8183c972d7 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 17:00:06 +0200 Subject: [PATCH 29/68] [DEV-49774] Optimized code and added s3 creds def #1.8 --- DependencyInjection/Kfz24QueueExtension.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 840730c..2d03081 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -37,7 +37,15 @@ public function load(array $configs, ContainerBuilder $container) $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); - $shouldUseToken = !empty(getenv(self::USE_WEB_TOKEN)); + + $shouldUseToken = true; + if (is_array(getenv(self::USE_WEB_TOKEN)) || !getenv(self::USE_WEB_TOKEN)) { + $shouldUseToken = false; + } + if (getenv(self::USE_WEB_TOKEN) !== "1") { + $shouldUseToken = false; + } + $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; From 8bd457fd37a38f8496789956e9fbf4c508dfff2c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Mon, 2 Jun 2025 17:01:48 +0200 Subject: [PATCH 30/68] [DEV-49774] Optimized code and added s3 creds def #1.9 --- DependencyInjection/Configuration.php | 14 -------------- README.md | 4 ---- 2 files changed, 18 deletions(-) diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php index c93a676..04c609d 100644 --- a/DependencyInjection/Configuration.php +++ b/DependencyInjection/Configuration.php @@ -46,20 +46,6 @@ public function getConfigTreeBuilder() ->scalarNode('secret_access_key') ->isRequired() ->end() - ->arrayNode('role_based') - ->canBeEnabled() - ->children() - ->scalarNode('web_identity_token_file') - ->defaultNull() - ->end() - ->scalarNode('role_arn') - ->defaultNull() - ->end() - ->scalarNode('session_name') - ->defaultNull() - ->end() - ->end() - ->end() ->arrayNode('large_payload_client') ->canBeEnabled() ->children() diff --git a/README.md b/README.md index da9150f..bef5027 100644 --- a/README.md +++ b/README.md @@ -36,10 +36,6 @@ kfz24_queue: resource: "https://sqs.eu-central-1.amazonaws.com/123456789012/another-queue" access_key: "AKIAABCDEFGHIJKLMNOP" secret_access_key: "s3CR3t4Cc3S5K3y" - role_based: - web_identity_token_file: "%AWS_WEB_IDENTITY_TOKEN_FILE%" - role_arn: "arn-role-XYZ" - session_name: "ABC-session-name" large_payload_client: region: "eu-central-1" endpoint: "http://s3-eu-central-1.amazonaws.com/consumer_bucket" From 48c46ccb45ac1a4a40d20559137f7b51f0a09941 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 10:41:12 +0200 Subject: [PATCH 31/68] [DEV-49774] Optimized code and added s3 creds def #2 --- DependencyInjection/Kfz24QueueExtension.php | 74 ++++++--------------- 1 file changed, 20 insertions(+), 54 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 2d03081..690621a 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,7 +2,6 @@ namespace Kfz24\QueueBundle\DependencyInjection; -use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; use Aws\S3\S3Client; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -11,7 +10,6 @@ use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; use Symfony\Component\DependencyInjection\Loader; -use Aws\Sts\StsClient; use Aws\Credentials\CredentialProvider; /** @@ -47,61 +45,37 @@ public function load(array $configs, ContainerBuilder $container) } $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); - - $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); + $credentials = [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ]; + + if ($shouldUseToken) { + if ($isTokenValidOption) { + $credentials = [ + 'web_identity_token_file' => $tokenFromEnv, // Default path in EKS + 'role_arn' => $arnFromEnv, + ]; + + $apiVersion = 'latest'; + } + } + $adapterDefinition = new Definition($adapterClass, [ [ 'region' => $client['region'], 'endpoint' => $client['endpoint'], - 'credentials' => [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ], + 'credentials' => $credentials, 'version' => $apiVersion ] ]); - if ($shouldUseToken) { - if ($isTokenValidOption) { - if (!$provider) { - echo '[SQS-Bundle] Web token option selected : ' . getenv(self::USE_WEB_TOKEN) . PHP_EOL; - echo '[SQS-Bundle] Role-based access approved. Accessing via identity token...' . PHP_EOL; - echo '[SQS-Bundle] File is: ' . $tokenFromEnv . PHP_EOL; - - $provider = new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'client' => new StsClient([ - 'region' => $client['region'], - 'version' => $apiVersion, - 'credentials' => false - ]), - 'region' => $client['region'], - 'source' => null - ]); - // Cache the results in a memoize function to avoid loading and parsing - // the ini file on every API operation - //$provider = CredentialProvider::memoize($provider); - } - - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'version' => $apiVersion, - 'credentials' => $provider - ] - ]); - } - } - $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); @@ -131,7 +105,7 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $provider + $credentials ); $this->buildLargePayloadMessageExtensionDefinition( @@ -177,23 +151,15 @@ private function buildLargePayloadMessageExtensionDefinition( * @param string $definitionName * @param array $config * @param ContainerBuilder $container - * @param null|mixed $provider + * @param array $credentials */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, $provider = null): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], true ); - $credentials = [ - 'key' => $config['access_key'], - 'secret' => $config['secret_access_key'], - ]; - if ($provider !== null) { - $credentials = $provider; - } - $s3ClientDefinition = new Definition(S3Client::class, [ [ 'region' => $config['region'], From 605c15f7de891090d5f23f5c7e0e6e0b6d9311ec Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 10:43:20 +0200 Subject: [PATCH 32/68] [DEV-49774] Optimized code and added s3 creds def #2 --- DependencyInjection/Kfz24QueueExtension.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 690621a..17fca50 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -105,7 +105,8 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $credentials + $credentials, + $apiVersion ); $this->buildLargePayloadMessageExtensionDefinition( @@ -152,8 +153,9 @@ private function buildLargePayloadMessageExtensionDefinition( * @param array $config * @param ContainerBuilder $container * @param array $credentials + * @param string $apiVersion */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials, string $apiVersion): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], @@ -166,7 +168,7 @@ private function buildS3ClientDefinition(string $definitionName, array $config, 'endpoint' => $config['endpoint'], 'credentials' => $credentials, 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), - 'version' => '2006-03-01', + 'version' => $apiVersion, ], ]); From 7540fb7ac1f5b21961df43e218faa30846cec021 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 10:59:54 +0200 Subject: [PATCH 33/68] [DEV-49774] Optimized code and added s3 creds def #2.1 --- DependencyInjection/Kfz24QueueExtension.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 17fca50..9f7969e 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -62,8 +62,6 @@ public function load(array $configs, ContainerBuilder $container) 'web_identity_token_file' => $tokenFromEnv, // Default path in EKS 'role_arn' => $arnFromEnv, ]; - - $apiVersion = 'latest'; } } @@ -105,8 +103,7 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $credentials, - $apiVersion + $credentials ); $this->buildLargePayloadMessageExtensionDefinition( @@ -153,9 +150,8 @@ private function buildLargePayloadMessageExtensionDefinition( * @param array $config * @param ContainerBuilder $container * @param array $credentials - * @param string $apiVersion */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials, string $apiVersion): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], @@ -168,7 +164,7 @@ private function buildS3ClientDefinition(string $definitionName, array $config, 'endpoint' => $config['endpoint'], 'credentials' => $credentials, 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), - 'version' => $apiVersion, + 'version' => '2006-03-01', ], ]); From 8224ddd785a90934e9e34ab9f5415d3222c9e644 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 12:29:04 +0200 Subject: [PATCH 34/68] [DEV-49774] Optimized code and added s3 creds def #2.2 --- DependencyInjection/Kfz24QueueExtension.php | 28 +++++++++++++-------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 9f7969e..dc90515 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -33,10 +33,9 @@ public function load(array $configs, ContainerBuilder $container) $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); $loader->load('services.yaml'); - $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); - $shouldUseToken = true; + if (is_array(getenv(self::USE_WEB_TOKEN)) || !getenv(self::USE_WEB_TOKEN)) { $shouldUseToken = false; } @@ -45,12 +44,12 @@ public function load(array $configs, ContainerBuilder $container) } $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); + $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - $credentials = [ 'key' => $client['access_key'], 'secret' => $client['secret_access_key'] @@ -58,10 +57,11 @@ public function load(array $configs, ContainerBuilder $container) if ($shouldUseToken) { if ($isTokenValidOption) { - $credentials = [ - 'web_identity_token_file' => $tokenFromEnv, // Default path in EKS - 'role_arn' => $arnFromEnv, - ]; + if (!$provider) { + $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(); + } + + $credentials = $provider; } } @@ -103,7 +103,7 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $credentials + $provider ); $this->buildLargePayloadMessageExtensionDefinition( @@ -149,15 +149,23 @@ private function buildLargePayloadMessageExtensionDefinition( * @param string $definitionName * @param array $config * @param ContainerBuilder $container - * @param array $credentials + * @param null|mixed $provider */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $credentials): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, $provider = null): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], true ); + $credentials = [ + 'key' => $config['access_key'], + 'secret' => $config['secret_access_key'] + ]; + if ($provider !== null) { + $credentials = $provider; + } + $s3ClientDefinition = new Definition(S3Client::class, [ [ 'region' => $config['region'], From b58186a622bd3c26f359b1fc7806b3a337315a3d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 13:50:08 +0200 Subject: [PATCH 35/68] [DEV-49774] Optimized code and added s3 creds def #2.3 --- DependencyInjection/Kfz24QueueExtension.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index dc90515..969d445 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,7 +2,10 @@ namespace Kfz24\QueueBundle\DependencyInjection; +use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; +use Aws\Credentials\CredentialSources; use Aws\S3\S3Client; +use Aws\Sts\StsClient; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\Config\FileLocator; @@ -34,6 +37,7 @@ public function load(array $configs, ContainerBuilder $container) $loader->load('services.yaml'); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $shouldUseToken = true; if (is_array(getenv(self::USE_WEB_TOKEN)) || !getenv(self::USE_WEB_TOKEN)) { @@ -58,7 +62,18 @@ public function load(array $configs, ContainerBuilder $container) if ($shouldUseToken) { if ($isTokenValidOption) { if (!$provider) { - $provider = CredentialProvider::assumeRoleWithWebIdentityCredentialProvider(); + $provider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'client' => new StsClient([ + 'credentials' => false, + 'region' => $client['region'], + 'version' => $apiVersion + ]), + 'region' => $client['region'], + 'source' => CredentialSources::ENVIRONMENT_STS_WEB_ID_TOKEN + ]); } $credentials = $provider; From 9e1c6456b97fa64cc81c6ce64210042138fdad96 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 17:53:50 +0200 Subject: [PATCH 36/68] [DEV-49774] Optimized code and added s3 creds def #2.4 --- DependencyInjection/Kfz24QueueExtension.php | 23 ++++++++++++++------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 969d445..a63bb88 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,6 +47,8 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } + echo "[SQS-Bundle] Token env is: $tokenFromEnv --- Arn role is: $arnFromEnv --- " . PHP_EOL; + $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { @@ -58,6 +60,7 @@ public function load(array $configs, ContainerBuilder $container) 'key' => $client['access_key'], 'secret' => $client['secret_access_key'] ]; + $endpoint = $client['endpoint']; if ($shouldUseToken) { if ($isTokenValidOption) { @@ -76,19 +79,23 @@ public function load(array $configs, ContainerBuilder $container) ]); } + $endpoint = null; $credentials = $provider; + echo "[SQS-Bundle] Provider is: " . PHP_EOL; + var_dump($credentials); } } - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'endpoint' => $client['endpoint'], - 'credentials' => $credentials, - 'version' => $apiVersion - ] - ]); + $configs = [ + 'region' => $client['region'], + 'credentials' => $credentials, + 'version' => $apiVersion + ]; + if ($endpoint) { + $configs['endpoint'] = $endpoint; + } + $adapterDefinition = new Definition($adapterClass, [$configs]); $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); From f8cded75d199eff24130fb1d789f33c90fbcf73d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 18:22:47 +0200 Subject: [PATCH 37/68] [DEV-49774] Optimized code and added s3 creds def #2.5 --- DependencyInjection/Kfz24QueueExtension.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index a63bb88..6ea864a 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,7 +47,8 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } - echo "[SQS-Bundle] Token env is: $tokenFromEnv --- Arn role is: $arnFromEnv --- " . PHP_EOL; + $message = "[SQS-Bundle] Token env is: $tokenFromEnv --- Arn role is: $arnFromEnv --- " . PHP_EOL; + file_put_contents('/www/data/db-dump/logs12.txt', $message, FILE_APPEND); $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; @@ -81,8 +82,6 @@ public function load(array $configs, ContainerBuilder $container) $endpoint = null; $credentials = $provider; - echo "[SQS-Bundle] Provider is: " . PHP_EOL; - var_dump($credentials); } } From bf513089f506e0ec28060b27d4d6d4be211eaf42 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Tue, 3 Jun 2025 18:58:21 +0200 Subject: [PATCH 38/68] [DEV-49774] Optimized code and added s3 creds def #2.6 --- DependencyInjection/Kfz24QueueExtension.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 6ea864a..9b06f41 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,9 +47,6 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } - $message = "[SQS-Bundle] Token env is: $tokenFromEnv --- Arn role is: $arnFromEnv --- " . PHP_EOL; - file_put_contents('/www/data/db-dump/logs12.txt', $message, FILE_APPEND); - $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { @@ -71,7 +68,6 @@ public function load(array $configs, ContainerBuilder $container) 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), 'client' => new StsClient([ - 'credentials' => false, 'region' => $client['region'], 'version' => $apiVersion ]), @@ -88,7 +84,8 @@ public function load(array $configs, ContainerBuilder $container) $configs = [ 'region' => $client['region'], 'credentials' => $credentials, - 'version' => $apiVersion + 'version' => $apiVersion, + 'debug' => true, ]; if ($endpoint) { @@ -194,6 +191,7 @@ private function buildS3ClientDefinition(string $definitionName, array $config, 'credentials' => $credentials, 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), 'version' => '2006-03-01', + 'debug' => true, ], ]); From 7921a45fdae38b628b64faec2ba06022d19c20e1 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 11:40:00 +0200 Subject: [PATCH 39/68] [DEV-49774] Set debug messages on fail --- Client/Aws/SqsClient.php | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/Client/Aws/SqsClient.php b/Client/Aws/SqsClient.php index 2dd9cc7..d78244a 100644 --- a/Client/Aws/SqsClient.php +++ b/Client/Aws/SqsClient.php @@ -159,10 +159,32 @@ public function getQueueAttributes(array $options = []) { $options[self::RESOURCE_NAME] = $this->resource; - /** @var Result $result */ - $result = parent::getQueueAttributes($options); + try { + /** @var Result $result */ + $result = parent::getQueueAttributes($options); + + return $result->get(self::ATTRIBUTES); + } catch (\Throwable $exception) { + $this->logger->critical("[SQSBundle] Error: " . $exception->getMessage()); + $this->logger->critical("[SQSBundle] Resource: " . $this->resource); + $this->logger->critical( + "[SQSBundle] Endpoint: " . $this->client->getEndpoint()->getPath() . " // " . + $this->client->getEndpoint()->getHost() . " // " . $this->client->getEndpoint()->getPort() . " // " . $this->client->getEndpoint()->getScheme() + . " // " . $this->client->getEndpoint()->getUserInfo() . " // " . $this->client->getEndpoint()->getAuthority() + ); + $this->logger->critical("[SQSBundle] Creds: " . $this->client->getCredentials()->getState()); + $this->logger->critical("[SQSBundle] Config: " . $this->client->getConfig()); + $this->logger->critical( + "[SQSBundle] API: " . $this->client->getApi()->getApiVersion() . " // " . $this->client->getApi()->getSignatureVersion() + . " // " . $this->client->getApi()->getProtocol() . $this->client->getApi()->getServiceFullName() . " // " . $this->client->getApi()->getServiceName() + . " // " . $this->client->getApi()->getEndpointPrefix() . " // " . $this->client->getApi()->getServiceId() + ); - return $result->get(self::ATTRIBUTES); + echo "Provider: " . PHP_EOL; + var_dump($this->client->getApi()->getProvider()); + echo "Creds: " . PHP_EOL; + var_dump($this->client->getCredentials()); + } } /** From 67c6230df6b4369a1555237dff137731c77acb45 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 15:00:21 +0200 Subject: [PATCH 40/68] [DEV-49774] Set debug messages on fail --- Client/Aws/SqsClient.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Client/Aws/SqsClient.php b/Client/Aws/SqsClient.php index d78244a..eb9fd49 100644 --- a/Client/Aws/SqsClient.php +++ b/Client/Aws/SqsClient.php @@ -159,13 +159,15 @@ public function getQueueAttributes(array $options = []) { $options[self::RESOURCE_NAME] = $this->resource; + echo "[SQS] OPTIONS: " . PHP_EOL; + var_dump($options); + try { /** @var Result $result */ $result = parent::getQueueAttributes($options); return $result->get(self::ATTRIBUTES); } catch (\Throwable $exception) { - $this->logger->critical("[SQSBundle] Error: " . $exception->getMessage()); $this->logger->critical("[SQSBundle] Resource: " . $this->resource); $this->logger->critical( "[SQSBundle] Endpoint: " . $this->client->getEndpoint()->getPath() . " // " . From 2ef224ad2ae9eedd73f019d02edb8dc0a45ff220 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 15:14:28 +0200 Subject: [PATCH 41/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 9b06f41..d870d74 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -63,7 +63,7 @@ public function load(array $configs, ContainerBuilder $container) if ($shouldUseToken) { if ($isTokenValidOption) { if (!$provider) { - $provider = new AssumeRoleWithWebIdentityCredentialProvider([ + $provider = (new AssumeRoleWithWebIdentityCredentialProvider([ 'RoleArn' => $arnFromEnv, 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), @@ -71,9 +71,7 @@ public function load(array $configs, ContainerBuilder $container) 'region' => $client['region'], 'version' => $apiVersion ]), - 'region' => $client['region'], - 'source' => CredentialSources::ENVIRONMENT_STS_WEB_ID_TOKEN - ]); + ]))->__invoke(); } $endpoint = null; From c268577f8c4b15be0ada160f95cd18946c217a84 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 15:19:10 +0200 Subject: [PATCH 42/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 1 + 1 file changed, 1 insertion(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index d870d74..bd4ed6f 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -67,6 +67,7 @@ public function load(array $configs, ContainerBuilder $container) 'RoleArn' => $arnFromEnv, 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], 'client' => new StsClient([ 'region' => $client['region'], 'version' => $apiVersion From 35927da993be8a09997a6a39ddfcee566f2d38ef Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 15:42:06 +0200 Subject: [PATCH 43/68] [DEV-49774] Set debug messages on fail --- Client/Aws/SqsClient.php | 14 -------------- DependencyInjection/Kfz24QueueExtension.php | 9 +-------- 2 files changed, 1 insertion(+), 22 deletions(-) diff --git a/Client/Aws/SqsClient.php b/Client/Aws/SqsClient.php index eb9fd49..31ad86a 100644 --- a/Client/Aws/SqsClient.php +++ b/Client/Aws/SqsClient.php @@ -168,20 +168,6 @@ public function getQueueAttributes(array $options = []) return $result->get(self::ATTRIBUTES); } catch (\Throwable $exception) { - $this->logger->critical("[SQSBundle] Resource: " . $this->resource); - $this->logger->critical( - "[SQSBundle] Endpoint: " . $this->client->getEndpoint()->getPath() . " // " . - $this->client->getEndpoint()->getHost() . " // " . $this->client->getEndpoint()->getPort() . " // " . $this->client->getEndpoint()->getScheme() - . " // " . $this->client->getEndpoint()->getUserInfo() . " // " . $this->client->getEndpoint()->getAuthority() - ); - $this->logger->critical("[SQSBundle] Creds: " . $this->client->getCredentials()->getState()); - $this->logger->critical("[SQSBundle] Config: " . $this->client->getConfig()); - $this->logger->critical( - "[SQSBundle] API: " . $this->client->getApi()->getApiVersion() . " // " . $this->client->getApi()->getSignatureVersion() - . " // " . $this->client->getApi()->getProtocol() . $this->client->getApi()->getServiceFullName() . " // " . $this->client->getApi()->getServiceName() - . " // " . $this->client->getApi()->getEndpointPrefix() . " // " . $this->client->getApi()->getServiceId() - ); - echo "Provider: " . PHP_EOL; var_dump($this->client->getApi()->getProvider()); echo "Creds: " . PHP_EOL; diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index bd4ed6f..ca79496 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -68,14 +68,9 @@ public function load(array $configs, ContainerBuilder $container) 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), 'region' => $client['region'], - 'client' => new StsClient([ - 'region' => $client['region'], - 'version' => $apiVersion - ]), ]))->__invoke(); } - $endpoint = null; $credentials = $provider; } } @@ -84,12 +79,10 @@ public function load(array $configs, ContainerBuilder $container) 'region' => $client['region'], 'credentials' => $credentials, 'version' => $apiVersion, + 'endpoint' => $endpoint, 'debug' => true, ]; - if ($endpoint) { - $configs['endpoint'] = $endpoint; - } $adapterDefinition = new Definition($adapterClass, [$configs]); $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); From e87caf39d96bb5e60b17e3e19f1fe382dafbc93d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 16:06:49 +0200 Subject: [PATCH 44/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index ca79496..bb877f7 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -63,12 +63,18 @@ public function load(array $configs, ContainerBuilder $container) if ($shouldUseToken) { if ($isTokenValidOption) { if (!$provider) { - $provider = (new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'region' => $client['region'], - ]))->__invoke(); + $provider = CredentialProvider::memoize( + new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'client' => new StsClient([ + 'credentials' => false, + 'region' => $client['region'], + 'version' => $apiVersion, + ]), + ]) + ); } $credentials = $provider; From 1a37f605dcc408085debe12affbb2c024851f944 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 16:32:19 +0200 Subject: [PATCH 45/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index bb877f7..fd9fa79 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -68,22 +68,21 @@ public function load(array $configs, ContainerBuilder $container) 'RoleArn' => $arnFromEnv, 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], 'client' => new StsClient([ 'credentials' => false, 'region' => $client['region'], - 'version' => $apiVersion, + 'version' => 'latest', ]), ]) ); } - - $credentials = $provider; } } $configs = [ 'region' => $client['region'], - 'credentials' => $credentials, + 'credentials' => $provider ?? $credentials, 'version' => $apiVersion, 'endpoint' => $endpoint, 'debug' => true, From be58e9f74c3e88aa959a3823dc297459c7209f82 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 16:47:14 +0200 Subject: [PATCH 46/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index fd9fa79..d109e19 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -61,6 +61,10 @@ public function load(array $configs, ContainerBuilder $container) $endpoint = $client['endpoint']; if ($shouldUseToken) { + + echo "[SQS] Token is: $tokenFromEnv" . PHP_EOL; + echo "[SQS] ARN is: $arnFromEnv" . PHP_EOL; + if ($isTokenValidOption) { if (!$provider) { $provider = CredentialProvider::memoize( @@ -78,6 +82,11 @@ public function load(array $configs, ContainerBuilder $container) ); } } + + echo "[SQS] Provider is: " . PHP_EOL; + var_dump($provider); + + die(); } $configs = [ From f9e2159d7c0cae581d53eee285ff5150469781d8 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 17:05:14 +0200 Subject: [PATCH 47/68] [DEV-49774] Set debug messages on fail --- Client/Aws/SqsClient.php | 16 +++------------- DependencyInjection/Kfz24QueueExtension.php | 12 +++--------- 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/Client/Aws/SqsClient.php b/Client/Aws/SqsClient.php index 31ad86a..2dd9cc7 100644 --- a/Client/Aws/SqsClient.php +++ b/Client/Aws/SqsClient.php @@ -159,20 +159,10 @@ public function getQueueAttributes(array $options = []) { $options[self::RESOURCE_NAME] = $this->resource; - echo "[SQS] OPTIONS: " . PHP_EOL; - var_dump($options); + /** @var Result $result */ + $result = parent::getQueueAttributes($options); - try { - /** @var Result $result */ - $result = parent::getQueueAttributes($options); - - return $result->get(self::ATTRIBUTES); - } catch (\Throwable $exception) { - echo "Provider: " . PHP_EOL; - var_dump($this->client->getApi()->getProvider()); - echo "Creds: " . PHP_EOL; - var_dump($this->client->getCredentials()); - } + return $result->get(self::ATTRIBUTES); } /** diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index d109e19..f38d474 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,6 +47,9 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } + $tokenFromEnv = '/var/run/secrets/eks.amazonaws.com/serviceaccount/token'; + $arnFromEnv = 'arn:aws:iam::726569450381:role/k24-integration-2-default-search-service'; + $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { @@ -61,10 +64,6 @@ public function load(array $configs, ContainerBuilder $container) $endpoint = $client['endpoint']; if ($shouldUseToken) { - - echo "[SQS] Token is: $tokenFromEnv" . PHP_EOL; - echo "[SQS] ARN is: $arnFromEnv" . PHP_EOL; - if ($isTokenValidOption) { if (!$provider) { $provider = CredentialProvider::memoize( @@ -82,11 +81,6 @@ public function load(array $configs, ContainerBuilder $container) ); } } - - echo "[SQS] Provider is: " . PHP_EOL; - var_dump($provider); - - die(); } $configs = [ From d0dda7d84e1bf6c082729c6e19e0be4d57d31537 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 4 Jun 2025 17:46:38 +0200 Subject: [PATCH 48/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 31 +++++++++------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index f38d474..6ab65f9 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,9 +47,6 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } - $tokenFromEnv = '/var/run/secrets/eks.amazonaws.com/serviceaccount/token'; - $arnFromEnv = 'arn:aws:iam::726569450381:role/k24-integration-2-default-search-service'; - $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { @@ -64,22 +61,20 @@ public function load(array $configs, ContainerBuilder $container) $endpoint = $client['endpoint']; if ($shouldUseToken) { - if ($isTokenValidOption) { - if (!$provider) { - $provider = CredentialProvider::memoize( - new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), + if (!$provider) { + $provider = CredentialProvider::memoize( + new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], + 'client' => new StsClient([ + 'credentials' => false, 'region' => $client['region'], - 'client' => new StsClient([ - 'credentials' => false, - 'region' => $client['region'], - 'version' => 'latest', - ]), - ]) - ); - } + 'version' => 'latest', + ]), + ]) + ); } } From 9f0d5891101a75ca3a43e574e7f9161ffef18e52 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 14:50:57 +0200 Subject: [PATCH 49/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 6ab65f9..d479424 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -62,8 +62,10 @@ public function load(array $configs, ContainerBuilder $container) if ($shouldUseToken) { if (!$provider) { - $provider = CredentialProvider::memoize( - new AssumeRoleWithWebIdentityCredentialProvider([ + try { + $contents = file_get_contents($tokenFromEnv); + + $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ 'RoleArn' => $arnFromEnv, 'WebIdentityTokenFile' => $tokenFromEnv, 'SessionName' => 'aws-sdk-' . time(), @@ -73,8 +75,12 @@ public function load(array $configs, ContainerBuilder $container) 'region' => $client['region'], 'version' => 'latest', ]), - ]) - ); + ]); + + $provider = CredentialProvider::memoize($assumeRoleProvider); + } catch (\Throwable $exception) { + throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); + } } } From 643e6f79568a1a7cff81d49af495610fd0e36d6b Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 16:06:22 +0200 Subject: [PATCH 50/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 38 ++++++++++----------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index d479424..eea341b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -60,27 +60,25 @@ public function load(array $configs, ContainerBuilder $container) ]; $endpoint = $client['endpoint']; - if ($shouldUseToken) { - if (!$provider) { - try { - $contents = file_get_contents($tokenFromEnv); - - $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), + if (!$provider) { + try { + $contents = file_get_contents($tokenFromEnv); + + $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], + 'client' => new StsClient([ + 'credentials' => false, 'region' => $client['region'], - 'client' => new StsClient([ - 'credentials' => false, - 'region' => $client['region'], - 'version' => 'latest', - ]), - ]); - - $provider = CredentialProvider::memoize($assumeRoleProvider); - } catch (\Throwable $exception) { - throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); - } + 'version' => 'latest', + ]), + ]); + + $provider = CredentialProvider::memoize($assumeRoleProvider); + } catch (\Throwable $exception) { + throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } } From 3519a827fc0689c076fb42ba0e62f3edee32e39a Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 16:22:30 +0200 Subject: [PATCH 51/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index eea341b..061f8ee 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -55,8 +55,8 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); $credentials = [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] + 'key' => '', + 'secret' => '' ]; $endpoint = $client['endpoint']; @@ -82,6 +82,11 @@ public function load(array $configs, ContainerBuilder $container) } } + if (!$provider) { + $contents = file_get_contents($tokenFromEnv); + throw new \Exception("[SQS-Bundle] Token is:" . $tokenFromEnv); + } + $configs = [ 'region' => $client['region'], 'credentials' => $provider ?? $credentials, From f64c0670fbe08f89e277ca8e9e2b79fd84af3b68 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 16:26:08 +0200 Subject: [PATCH 52/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 39 +++++++++++---------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 061f8ee..f497d3a 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -47,7 +47,6 @@ public function load(array $configs, ContainerBuilder $container) $shouldUseToken = false; } - $isTokenValidOption = $this->isTokenFileValid($tokenFromEnv); $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; @@ -60,25 +59,27 @@ public function load(array $configs, ContainerBuilder $container) ]; $endpoint = $client['endpoint']; - if (!$provider) { - try { - $contents = file_get_contents($tokenFromEnv); - - $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ - 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'region' => $client['region'], - 'client' => new StsClient([ - 'credentials' => false, - 'region' => $client['region'], - 'version' => 'latest', - ]), - ]); + if ($shouldUseToken) { + if (!$provider) { + try { + $contents = file_get_contents($tokenFromEnv); - $provider = CredentialProvider::memoize($assumeRoleProvider); - } catch (\Throwable $exception) { - throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); + $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], + 'client' => new StsClient([ + 'credentials' => false, + 'region' => $client['region'], + 'version' => 'latest', + ]), + ]); + + $provider = CredentialProvider::memoize($assumeRoleProvider); + } catch (\Throwable $exception) { + throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); + } } } From aa6857ef61e534d279908d85e4889b715c2ec01d Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 16:29:46 +0200 Subject: [PATCH 53/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index f497d3a..5a8348c 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -53,9 +53,10 @@ public function load(array $configs, ContainerBuilder $container) $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); + $credentials = [ - 'key' => '', - 'secret' => '' + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] ]; $endpoint = $client['endpoint']; @@ -83,7 +84,8 @@ public function load(array $configs, ContainerBuilder $container) } } - if (!$provider) { + + if ($shouldUseToken && !$provider) { $contents = file_get_contents($tokenFromEnv); throw new \Exception("[SQS-Bundle] Token is:" . $tokenFromEnv); } From e25ffa77008eabf17bbeadde3efe0f7e5d69fec5 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 16:43:15 +0200 Subject: [PATCH 54/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 1 - 1 file changed, 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 5a8348c..24e95e9 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -95,7 +95,6 @@ public function load(array $configs, ContainerBuilder $container) 'credentials' => $provider ?? $credentials, 'version' => $apiVersion, 'endpoint' => $endpoint, - 'debug' => true, ]; $adapterDefinition = new Definition($adapterClass, [$configs]); From 3bc3b97b86546ded755c00be46b2885def5ebe28 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 17:03:17 +0200 Subject: [PATCH 55/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 59 ++++++++++----------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 24e95e9..5ab6f10 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,14 +38,6 @@ public function load(array $configs, ContainerBuilder $container) $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); $arnFromEnv = getenv(CredentialProvider::ENV_ARN); - $shouldUseToken = true; - - if (is_array(getenv(self::USE_WEB_TOKEN)) || !getenv(self::USE_WEB_TOKEN)) { - $shouldUseToken = false; - } - if (getenv(self::USE_WEB_TOKEN) !== "1") { - $shouldUseToken = false; - } $provider = null; foreach ($config['clients'] as $name => $client) { @@ -54,13 +46,13 @@ public function load(array $configs, ContainerBuilder $container) $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - $credentials = [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ]; - $endpoint = $client['endpoint']; - - if ($shouldUseToken) { + $credentials = []; + if ($this->containsKeys($client)) { + $credentials = [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ]; + } else { if (!$provider) { try { $contents = file_get_contents($tokenFromEnv); @@ -77,24 +69,18 @@ public function load(array $configs, ContainerBuilder $container) ]), ]); - $provider = CredentialProvider::memoize($assumeRoleProvider); + $credentials = CredentialProvider::memoize($assumeRoleProvider); } catch (\Throwable $exception) { throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } } } - - if ($shouldUseToken && !$provider) { - $contents = file_get_contents($tokenFromEnv); - throw new \Exception("[SQS-Bundle] Token is:" . $tokenFromEnv); - } - $configs = [ 'region' => $client['region'], - 'credentials' => $provider ?? $credentials, + 'credentials' => $credentials, 'version' => $apiVersion, - 'endpoint' => $endpoint, + 'endpoint' => $client['endpoint'], ]; $adapterDefinition = new Definition($adapterClass, [$configs]); @@ -127,7 +113,7 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $provider + $credentials ); $this->buildLargePayloadMessageExtensionDefinition( @@ -182,12 +168,13 @@ private function buildS3ClientDefinition(string $definitionName, array $config, true ); - $credentials = [ - 'key' => $config['access_key'], - 'secret' => $config['secret_access_key'] - ]; if ($provider !== null) { $credentials = $provider; + } else { + $credentials = [ + 'key' => $config['access_key'], + 'secret' => $config['secret_access_key'] + ]; } $s3ClientDefinition = new Definition(S3Client::class, [ @@ -197,7 +184,6 @@ private function buildS3ClientDefinition(string $definitionName, array $config, 'credentials' => $credentials, 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), 'version' => '2006-03-01', - 'debug' => true, ], ]); @@ -224,4 +210,17 @@ private function isTokenFileValid(?string $tokenFilePath): bool return !((file_get_contents($tokenFilePath) === false)); } + + /** + * @param array $clientConfigs + * @return bool + */ + private function containsKeys(array $clientConfigs): bool + { + if (empty($clientConfigs['access_key']) && empty($clientConfigs['secret_access_key'])) { + return false; + } + + return true; + } } From 674aa9404f41fb65a15e64487e654e836cb5084c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 17:29:27 +0200 Subject: [PATCH 56/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 5ab6f10..aa04dc4 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -168,9 +168,12 @@ private function buildS3ClientDefinition(string $definitionName, array $config, true ); + $credentials = []; if ($provider !== null) { $credentials = $provider; - } else { + } + + if ($this->containsKeys($config)) { $credentials = [ 'key' => $config['access_key'], 'secret' => $config['secret_access_key'] From d068a2c6e0ac10d25edb123a3146137644d7085c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 17:51:17 +0200 Subject: [PATCH 57/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 35 ++++++++++----------- 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index aa04dc4..b9a37e7 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -3,8 +3,10 @@ namespace Kfz24\QueueBundle\DependencyInjection; use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; +use Aws\Credentials\Credentials; use Aws\Credentials\CredentialSources; use Aws\S3\S3Client; +use Aws\Sqs\SqsClient; use Aws\Sts\StsClient; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -57,33 +59,30 @@ public function load(array $configs, ContainerBuilder $container) try { $contents = file_get_contents($tokenFromEnv); - $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ + $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); + $provider = $stsClient->assumeRoleWithWebIdentity([ 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'region' => $client['region'], - 'client' => new StsClient([ - 'credentials' => false, - 'region' => $client['region'], - 'version' => 'latest', - ]), + 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), + 'WebIdentityToken' => $tokenFromEnv, ]); - $credentials = CredentialProvider::memoize($assumeRoleProvider); + if (!isset($provider['Credentials'])) { + throw new \Exception("Failed to assume role and retrieve credentials."); + } } catch (\Throwable $exception) { throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } } } - $configs = [ - 'region' => $client['region'], - 'credentials' => $credentials, - 'version' => $apiVersion, - 'endpoint' => $client['endpoint'], - ]; - - $adapterDefinition = new Definition($adapterClass, [$configs]); + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'credentials' => new Credentials($provider['Credentials']['AccessKeyId'], $provider['Credentials']['SecretAccessKey'], $provider['Credentials']['SessionToken']), + 'version' => $apiVersion, + 'endpoint' => $client['endpoint'], + ] + ]); $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); From 4af198f8c319945090db00c8f65efcd21589b9bb Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 17:53:29 +0200 Subject: [PATCH 58/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index b9a37e7..e4af81f 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,11 +2,8 @@ namespace Kfz24\QueueBundle\DependencyInjection; -use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; use Aws\Credentials\Credentials; -use Aws\Credentials\CredentialSources; use Aws\S3\S3Client; -use Aws\Sqs\SqsClient; use Aws\Sts\StsClient; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; From 8062754375eb80b3e82c2ae33e44a1e4e9e1660c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 22:34:36 +0200 Subject: [PATCH 59/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index e4af81f..a98a3b2 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -54,7 +54,10 @@ public function load(array $configs, ContainerBuilder $container) } else { if (!$provider) { try { + var_dump($tokenFromEnv); $contents = file_get_contents($tokenFromEnv); + var_dump($contents); + die(); $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); $provider = $stsClient->assumeRoleWithWebIdentity([ From 10782904d8ff413023211667f505920fd6fcfdb8 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 22:58:41 +0200 Subject: [PATCH 60/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 30 ++++++++++++--------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index a98a3b2..194a03b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -4,6 +4,7 @@ use Aws\Credentials\Credentials; use Aws\S3\S3Client; +use Aws\Sqs\SqsClient; use Aws\Sts\StsClient; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; @@ -54,16 +55,11 @@ public function load(array $configs, ContainerBuilder $container) } else { if (!$provider) { try { - var_dump($tokenFromEnv); - $contents = file_get_contents($tokenFromEnv); - var_dump($contents); - die(); - $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); $provider = $stsClient->assumeRoleWithWebIdentity([ - 'RoleArn' => $arnFromEnv, + 'RoleArn' => 'arn:aws:iam::726569450381:role/k24-integration-2-default-search-service', 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), - 'WebIdentityToken' => $tokenFromEnv, + 'WebIdentityToken' => '/var/run/secrets/eks.amazonaws.com/serviceaccount/token', ]); if (!isset($provider['Credentials'])) { @@ -75,14 +71,24 @@ public function load(array $configs, ContainerBuilder $container) } } - $adapterDefinition = new Definition($adapterClass, [ - [ + if ($client['type'] === 'sqs') { + $adapterDefinition = new SqsClient([ 'region' => $client['region'], + 'version' => 'latest', 'credentials' => new Credentials($provider['Credentials']['AccessKeyId'], $provider['Credentials']['SecretAccessKey'], $provider['Credentials']['SessionToken']), - 'version' => $apiVersion, 'endpoint' => $client['endpoint'], - ] - ]); + ]); + } else { + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'credentials' => new Credentials($provider['Credentials']['AccessKeyId'], $provider['Credentials']['SecretAccessKey'], $provider['Credentials']['SessionToken']), + 'version' => $apiVersion, + 'endpoint' => $client['endpoint'], + ] + ]); + } + $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); From 1f363c108d4529a2048ca8813b844a234eabc7da Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Wed, 11 Jun 2025 23:33:30 +0200 Subject: [PATCH 61/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 194a03b..efd543b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -41,6 +41,8 @@ public function load(array $configs, ContainerBuilder $container) $provider = null; foreach ($config['clients'] as $name => $client) { + var_dump($client); + $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); From 995b787513a5680f97003ea579cd0691dfc3327e Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 09:05:47 +0200 Subject: [PATCH 62/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index efd543b..d8b93e9 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -61,7 +61,7 @@ public function load(array $configs, ContainerBuilder $container) $provider = $stsClient->assumeRoleWithWebIdentity([ 'RoleArn' => 'arn:aws:iam::726569450381:role/k24-integration-2-default-search-service', 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), - 'WebIdentityToken' => '/var/run/secrets/eks.amazonaws.com/serviceaccount/token', + 'WebIdentityToken' => file_get_contents('/var/run/secrets/eks.amazonaws.com/serviceaccount/token'), ]); if (!isset($provider['Credentials'])) { From 3fbf55e25674d3b4af1ebc5cdf94d29bc3420cb6 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 09:08:00 +0200 Subject: [PATCH 63/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index d8b93e9..ba3c5a3 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -37,12 +37,11 @@ public function load(array $configs, ContainerBuilder $container) $loader->load('services.yaml'); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + var_dump(file_get_contents($tokenFromEnv)); $arnFromEnv = getenv(CredentialProvider::ENV_ARN); $provider = null; foreach ($config['clients'] as $name => $client) { - var_dump($client); - $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); From 6c5a9ca7eb4b1229500abf89ab3620c1420f2c72 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 09:08:26 +0200 Subject: [PATCH 64/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 1 + 1 file changed, 1 insertion(+) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index ba3c5a3..c89ff39 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -37,6 +37,7 @@ public function load(array $configs, ContainerBuilder $container) $loader->load('services.yaml'); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); + echo "CONTENTS: " . PHP_EOL; var_dump(file_get_contents($tokenFromEnv)); $arnFromEnv = getenv(CredentialProvider::ENV_ARN); From 932672a9139f7023cd1b41f994508cb0221682df Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 10:51:55 +0200 Subject: [PATCH 65/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 43 ++++++++++----------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index c89ff39..ace8d8b 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,6 +2,7 @@ namespace Kfz24\QueueBundle\DependencyInjection; +use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; use Aws\Credentials\Credentials; use Aws\S3\S3Client; use Aws\Sqs\SqsClient; @@ -57,39 +58,35 @@ public function load(array $configs, ContainerBuilder $container) } else { if (!$provider) { try { - $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); - $provider = $stsClient->assumeRoleWithWebIdentity([ - 'RoleArn' => 'arn:aws:iam::726569450381:role/k24-integration-2-default-search-service', - 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), - 'WebIdentityToken' => file_get_contents('/var/run/secrets/eks.amazonaws.com/serviceaccount/token'), + $contents = file_get_contents($tokenFromEnv); + + $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ + 'RoleArn' => $arnFromEnv, + 'WebIdentityTokenFile' => $tokenFromEnv, + 'SessionName' => 'aws-sdk-' . time(), + 'region' => $client['region'], + 'client' => new StsClient([ + 'credentials' => false, + 'region' => $client['region'], + 'version' => 'latest', + ]), ]); - if (!isset($provider['Credentials'])) { - throw new \Exception("Failed to assume role and retrieve credentials."); - } + $credentials = CredentialProvider::memoize($assumeRoleProvider); } catch (\Throwable $exception) { throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } } } - if ($client['type'] === 'sqs') { - $adapterDefinition = new SqsClient([ + $adapterDefinition = new Definition($adapterClass, [ + [ 'region' => $client['region'], - 'version' => 'latest', - 'credentials' => new Credentials($provider['Credentials']['AccessKeyId'], $provider['Credentials']['SecretAccessKey'], $provider['Credentials']['SessionToken']), + 'credentials' => $credentials, + 'version' => $apiVersion, 'endpoint' => $client['endpoint'], - ]); - } else { - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'credentials' => new Credentials($provider['Credentials']['AccessKeyId'], $provider['Credentials']['SecretAccessKey'], $provider['Credentials']['SessionToken']), - 'version' => $apiVersion, - 'endpoint' => $client['endpoint'], - ] - ]); - } + ] + ]); $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); From 602cebf52e7b7ac595d1d68e4f3af4b90fefcb13 Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 15:45:31 +0200 Subject: [PATCH 66/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 79 ++++++++++----------- Resources/config/services.yaml | 1 + 2 files changed, 39 insertions(+), 41 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index ace8d8b..4620f24 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -38,11 +38,9 @@ public function load(array $configs, ContainerBuilder $container) $loader->load('services.yaml'); $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); - echo "CONTENTS: " . PHP_EOL; - var_dump(file_get_contents($tokenFromEnv)); $arnFromEnv = getenv(CredentialProvider::ENV_ARN); + $webIdentityToken = file_get_contents($tokenFromEnv); - $provider = null; foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); @@ -56,37 +54,46 @@ public function load(array $configs, ContainerBuilder $container) 'secret' => $client['secret_access_key'] ]; } else { - if (!$provider) { - try { - $contents = file_get_contents($tokenFromEnv); + if (!$webIdentityToken) { + throw new \Exception('Missing web identity token!'); + } - $assumeRoleProvider = new AssumeRoleWithWebIdentityCredentialProvider([ + try { + if (empty($credentials)) { + $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); + $result = $stsClient->assumeRoleWithWebIdentity([ 'RoleArn' => $arnFromEnv, - 'WebIdentityTokenFile' => $tokenFromEnv, - 'SessionName' => 'aws-sdk-' . time(), - 'region' => $client['region'], - 'client' => new StsClient([ - 'credentials' => false, - 'region' => $client['region'], - 'version' => 'latest', - ]), + 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), + 'WebIdentityToken' => $webIdentityToken, ]); - $credentials = CredentialProvider::memoize($assumeRoleProvider); - } catch (\Throwable $exception) { - throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); + if (!isset($result['Credentials'])) { + throw new \Exception("Failed to assume role and retrieve credentials."); + } + + $credentials = new Credentials($result['Credentials']['AccessKeyId'], $result['Credentials']['SecretAccessKey'], $result['Credentials']['SessionToken']); } + } catch (\Throwable $exception) { + throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } + } - $adapterDefinition = new Definition($adapterClass, [ - [ - 'region' => $client['region'], - 'credentials' => $credentials, - 'version' => $apiVersion, - 'endpoint' => $client['endpoint'], - ] - ]); + $providerCreds = [ + 'credentials' => $credentials + ]; + + $configurations = [ + 'region' => $client['region'], + 'credentials' => $credentials, + 'version' => 'latest', + ]; + + if ($this->containsKeys($client)) { + $configurations['endpoint'] = $client['endpoint']; + $configurations['version'] = $apiVersion; + } + $adapterDefinition = new Definition($adapterClass, [$configurations]); $adapterDefinition->setPublic(false); $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); @@ -117,7 +124,7 @@ public function load(array $configs, ContainerBuilder $container) $s3DefinitionName, $client['large_payload_client'], $container, - $credentials + $providerCreds ); $this->buildLargePayloadMessageExtensionDefinition( @@ -163,32 +170,22 @@ private function buildLargePayloadMessageExtensionDefinition( * @param string $definitionName * @param array $config * @param ContainerBuilder $container - * @param null|mixed $provider + * @param array $creds + * @return void */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, $provider = null): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $creds): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], true ); - $credentials = []; - if ($provider !== null) { - $credentials = $provider; - } - - if ($this->containsKeys($config)) { - $credentials = [ - 'key' => $config['access_key'], - 'secret' => $config['secret_access_key'] - ]; - } $s3ClientDefinition = new Definition(S3Client::class, [ [ 'region' => $config['region'], 'endpoint' => $config['endpoint'], - 'credentials' => $credentials, + 'credentials' => $creds['credentials'], 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), 'version' => '2006-03-01', ], diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml index 010b44b..5fbf753 100644 --- a/Resources/config/services.yaml +++ b/Resources/config/services.yaml @@ -12,6 +12,7 @@ parameters: services: kfz24.queue.message_validator: class: Aws\Sns\MessageValidator + public: true arguments: $certClient: "@kfz24.aws.cached_cert_client" kfz24.aws.cached_cert_client: From f5b150c27f3a99f4f7afcd9493dcd4449203750f Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 16:12:52 +0200 Subject: [PATCH 67/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 4620f24..68df0bb 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -39,21 +39,20 @@ public function load(array $configs, ContainerBuilder $container) $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); $arnFromEnv = getenv(CredentialProvider::ENV_ARN); - $webIdentityToken = file_get_contents($tokenFromEnv); + $useWebToken = getenv(self::USE_WEB_TOKEN); foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); + $credentials = [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ]; - $credentials = []; - if ($this->containsKeys($client)) { - $credentials = [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ]; - } else { + if ($useWebToken === '1') { + $webIdentityToken = file_get_contents($tokenFromEnv); if (!$webIdentityToken) { throw new \Exception('Missing web identity token!'); } @@ -76,7 +75,6 @@ public function load(array $configs, ContainerBuilder $container) } catch (\Throwable $exception) { throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); } - } $providerCreds = [ From 21b77244f28e01e3c26fa2694c23a50b004c886c Mon Sep 17 00:00:00 2001 From: "florin.rusu" Date: Thu, 12 Jun 2025 16:54:11 +0200 Subject: [PATCH 68/68] [DEV-49774] Set debug messages on fail --- DependencyInjection/Kfz24QueueExtension.php | 118 ++++---------------- Resources/config/services.yaml | 1 + 2 files changed, 20 insertions(+), 99 deletions(-) diff --git a/DependencyInjection/Kfz24QueueExtension.php b/DependencyInjection/Kfz24QueueExtension.php index 68df0bb..4217247 100644 --- a/DependencyInjection/Kfz24QueueExtension.php +++ b/DependencyInjection/Kfz24QueueExtension.php @@ -2,11 +2,7 @@ namespace Kfz24\QueueBundle\DependencyInjection; -use Aws\Credentials\AssumeRoleWithWebIdentityCredentialProvider; -use Aws\Credentials\Credentials; use Aws\S3\S3Client; -use Aws\Sqs\SqsClient; -use Aws\Sts\StsClient; use Kfz24\QueueBundle\Client\Aws\LargePayloadMessageExtension; use Symfony\Component\DependencyInjection\ContainerBuilder; use Symfony\Component\Config\FileLocator; @@ -14,7 +10,6 @@ use Symfony\Component\DependencyInjection\Reference; use Symfony\Component\HttpKernel\DependencyInjection\Extension; use Symfony\Component\DependencyInjection\Loader; -use Aws\Credentials\CredentialProvider; /** * This is the class that loads and manages your bundle configuration. @@ -23,8 +18,6 @@ */ class Kfz24QueueExtension extends Extension { - private const USE_WEB_TOKEN = 'USE_WEB_TOKEN'; - /** * {@inheritdoc} * @throws \Exception @@ -37,63 +30,25 @@ public function load(array $configs, ContainerBuilder $container) $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); $loader->load('services.yaml'); - $tokenFromEnv = getenv(CredentialProvider::ENV_TOKEN_FILE); - $arnFromEnv = getenv(CredentialProvider::ENV_ARN); - $useWebToken = getenv(self::USE_WEB_TOKEN); - foreach ($config['clients'] as $name => $client) { $clientType = $client['type']; $apiVersion = $container->getParameter(sprintf('kfz24.queue.%s.api_version', $clientType)); $adapterClass = $container->getParameter(sprintf('kfz24.queue.%s.adapter.class', $clientType)); $clientClass = $container->getParameter(sprintf('kfz24.queue.%s.client.class', $clientType)); - $credentials = [ - 'key' => $client['access_key'], - 'secret' => $client['secret_access_key'] - ]; - - if ($useWebToken === '1') { - $webIdentityToken = file_get_contents($tokenFromEnv); - if (!$webIdentityToken) { - throw new \Exception('Missing web identity token!'); - } - - try { - if (empty($credentials)) { - $stsClient = new StsClient(['region' => $client['region'], 'version' => 'latest']); - $result = $stsClient->assumeRoleWithWebIdentity([ - 'RoleArn' => $arnFromEnv, - 'RoleSessionName' => sprintf("%s-%s", 'aws-sdk', time()), - 'WebIdentityToken' => $webIdentityToken, - ]); - - if (!isset($result['Credentials'])) { - throw new \Exception("Failed to assume role and retrieve credentials."); - } - - $credentials = new Credentials($result['Credentials']['AccessKeyId'], $result['Credentials']['SecretAccessKey'], $result['Credentials']['SessionToken']); - } - } catch (\Throwable $exception) { - throw new \Exception("[SQS-Bundle] Message: " . $exception->getMessage(). " Token is:" . $tokenFromEnv); - } - } - - $providerCreds = [ - 'credentials' => $credentials - ]; - - $configurations = [ - 'region' => $client['region'], - 'credentials' => $credentials, - 'version' => 'latest', - ]; - - if ($this->containsKeys($client)) { - $configurations['endpoint'] = $client['endpoint']; - $configurations['version'] = $apiVersion; - } - $adapterDefinition = new Definition($adapterClass, [$configurations]); + $adapterDefinition = new Definition($adapterClass, [ + [ + 'region' => $client['region'], + 'endpoint' => $client['endpoint'], + 'credentials' => [ + 'key' => $client['access_key'], + 'secret' => $client['secret_access_key'] + ], + 'version' => $apiVersion + ] + ]); $adapterDefinition->setPublic(false); + $adapterDefinitionName = sprintf('kfz24.queue.adapter.%s', $name); $container->setDefinition($adapterDefinitionName, $adapterDefinition); @@ -121,8 +76,7 @@ public function load(array $configs, ContainerBuilder $container) $this->buildS3ClientDefinition( $s3DefinitionName, $client['large_payload_client'], - $container, - $providerCreds + $container ); $this->buildLargePayloadMessageExtensionDefinition( @@ -168,22 +122,22 @@ private function buildLargePayloadMessageExtensionDefinition( * @param string $definitionName * @param array $config * @param ContainerBuilder $container - * @param array $creds - * @return void */ - private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container, array $creds): void + private function buildS3ClientDefinition(string $definitionName, array $config, ContainerBuilder $container): void { $usePathStyleEndpointEnvVar = $container->resolveEnvPlaceholders( $config['use_path_style_endpoint'], true ); - $s3ClientDefinition = new Definition(S3Client::class, [ [ 'region' => $config['region'], 'endpoint' => $config['endpoint'], - 'credentials' => $creds['credentials'], + 'credentials' => [ + 'key' => $config['access_key'], + 'secret' => $config['secret_access_key'] + ], 'use_path_style_endpoint' => ($usePathStyleEndpointEnvVar === 'true'), 'version' => '2006-03-01', ], @@ -191,38 +145,4 @@ private function buildS3ClientDefinition(string $definitionName, array $config, $container->setDefinition($definitionName, $s3ClientDefinition); } - - /** - * @param string|null $tokenFilePath - * @return bool - */ - private function isTokenFileValid(?string $tokenFilePath): bool - { - if (empty($tokenFilePath)) { - return false; - } - - if (!file_exists($tokenFilePath)) { - return false; - } - - if (strpos($tokenFilePath, 'eks.amazonaws.com') === false) { - return false; - } - - return !((file_get_contents($tokenFilePath) === false)); - } - - /** - * @param array $clientConfigs - * @return bool - */ - private function containsKeys(array $clientConfigs): bool - { - if (empty($clientConfigs['access_key']) && empty($clientConfigs['secret_access_key'])) { - return false; - } - - return true; - } -} +} \ No newline at end of file diff --git a/Resources/config/services.yaml b/Resources/config/services.yaml index 5fbf753..3eba721 100644 --- a/Resources/config/services.yaml +++ b/Resources/config/services.yaml @@ -16,4 +16,5 @@ services: arguments: $certClient: "@kfz24.aws.cached_cert_client" kfz24.aws.cached_cert_client: + public: true class: Kfz24\QueueBundle\Client\Aws\CachedCertClient