Improve patching of AWS credentials

Fixes #155 Fixes brefphp/bref#1846
brefphp · Jul 30, 2024 · 06b9665 · 06b9665
1 parent 75035b0
commit 06b9665
Showing 1 changed file with 46 additions and 4 deletions.
diff --git a/src/BrefServiceProvider.php b/src/BrefServiceProvider.php
@@ -47,10 +47,7 @@ public function register()
         Config::set('view.compiled', StorageDirectories::Path . '/framework/views');
         Config::set('cache.stores.file.path', StorageDirectories::Path . '/framework/cache');
 
-        Config::set('cache.stores.dynamodb.token', env('AWS_SESSION_TOKEN'));
-        Config::set('filesystems.disks.s3.token', env('AWS_SESSION_TOKEN'));
-        Config::set('queue.connections.sqs.token', env('AWS_SESSION_TOKEN'));
-        Config::set('services.ses.token', env('AWS_SESSION_TOKEN'));
+        $this->fixAwsCredentialsConfig();
 
         $this->app->when(QueueHandler::class)
             ->needs('$connection')
@@ -149,4 +146,49 @@ protected function fixDefaultConfiguration()
             Config::set('logging.default', 'stderr');
         }
     }
+
+    private function fixAwsCredentialsConfig(): void
+    {
+        $accessKeyId = $_SERVER['AWS_ACCESS_KEY_ID'] ?? null;
+        $sessionToken = $_SERVER['AWS_SESSION_TOKEN'] ?? null;
+        // If we are not in a Lambda environment, we don't need to do anything
+        if (!$accessKeyId || ! $sessionToken) {
+            return;
+        }
+
+        // Patch SQS config
+        foreach (Config::get('queue.connections') as $name => $connection) {
+            if ($connection['driver'] !== 'sqs') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($connection['key'] && $connection['key'] !== $accessKeyId) continue;
+
+            Config::set("queue.connections.$name.token", $sessionToken);
+        }
+
+        // Patch S3 config
+        foreach (Config::get('filesystems.disks') as $name => $disk) {
+            if ($disk['driver'] !== 's3') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($disk['key'] && $disk['key'] !== $accessKeyId) continue;
+
+            Config::set("filesystems.disks.$name.token", $sessionToken);
+        }
+
+        // Patch DynamoDB config
+        foreach (Config::get('cache.stores') as $name => $store) {
+            if ($store['driver'] !== 'dynamodb') continue;
+
+            // If a different key is in the config than in the environment variables
+            if ($store['key'] && $store['key'] !== $accessKeyId) continue;
+
+            Config::set("cache.stores.$name.token", $sessionToken);
+        }
+
+        // Patch SES config
+        if (Config::get('services.ses.key') === $accessKeyId) {
+            Config::set('services.ses.token', $sessionToken);
+        }
+    }
 }