Page MenuHomePhabricator
Differential D9782

Add support for instance profile credentials
AbandonedPublic
Actions

Authored by joshuaspence on Jun 30 2014, 3:11 AM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 9, 1:57 PM
Unknown Object (File)
Sun, Feb 2, 7:25 PM
Unknown Object (File)
Tue, Jan 28, 7:09 AM
View All Files
Subscribers
epriestley
Korvin

Details

Reviewers
epriestley
Group Reviewers
Blessed Reviewers
Maniphest Tasks
T5155: Evaluate support for AWS IAM Roles in S3 Client
Summary

Ref T5155. Add support for instance profile credentials to PhutilAWSFuture. This should allow the use of instance profile credentials (provided by the EC2 role) instead of specifying an access key and corresponding private key. This was based on https://github.com/aws/aws-sdk-php/blob/master/src/Aws/Common/InstanceMetadata/InstanceMetadataClient.php.

Test Plan

This is not yet tested, and I'm not quite sure how to test this. I think we should probably write some unit tests here.

Diff Detail

Repository
rPHU libphutil
Branch
aws-token
Lint
Lint Warnings
SeverityLocationCodeMessage
Warningsrc/future/aws/PhutilAWSFuture.php:184TXT3Line Too Long
Unit
Tests Passed
Build Status
Buildable 2596
Build 2600: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

joshuaspence updated this revision to Diff 23483.Jun 30 2014, 3:11 AM
joshuaspence retitled this revision from to Add support for instance profile credentials.
joshuaspence updated this object.
joshuaspence edited the test plan for this revision. (Show Details)
joshuaspence added a reviewer: epriestley.
joshuaspence added a task: T5155: Evaluate support for AWS IAM Roles in S3 Client.
Herald added a reviewer: Blessed Reviewers. · View Herald TranscriptJun 30 2014, 3:11 AM
Herald added subscribers: Korvin, epriestley. · View Herald Transcript
Harbormaster completed remote builds in B1464: Diff 23483.Jun 30 2014, 3:12 AM
joshuaspence added a comment.Jun 30 2014, 3:14 AM

This is basically-but-not-quite ready. Specifically, I am not sure exactly how/when we should use the instance profile credentials. Some possibilities are:

  1. Add a useInstanceProfileCredentials method to turn this behavior on/off.
  2. Attempt to use instance profile credentials whenever a keypair hasn't been explicitly provided.
  3. Something else?
epriestley edited edge metadata.Jul 2 2014, 9:04 PM

Looks generally reasonable to me.

Offhand, I think we should probably make the API here explicit (e.g., an explicit method to activate instance credential use), and then maybe make higher layers do the little "use a certificate if it exists, or try instance credentials if it doesn't" dance, if that seems reasonable?

src/future/aws/PhutilAWSFuture.php
168–173

This should probably be implode?

joshuaspence updated this revision to Diff 25303.Sep 21 2014, 5:12 AM
joshuaspence edited edge metadata.

Minor fixes

Harbormaster completed remote builds in B2594: Diff 25303.Sep 21 2014, 5:13 AM
joshuaspence updated this revision to Diff 25304.Sep 21 2014, 5:20 AM

Further changes

Harbormaster completed remote builds in B2595: Diff 25304.Sep 21 2014, 5:21 AM
joshuaspence updated this revision to Diff 25305.Sep 21 2014, 5:22 AM

Fix multiple final modifiers

Harbormaster completed remote builds in B2596: Diff 25305.Sep 21 2014, 5:22 AM
joshuaspence abandoned this revision.Sep 21 2014, 9:05 AM
epriestley added a comment.Sep 24 2014, 8:52 PM

Not sure about the context for the abandon, I imagine I'll dig that up...

epriestley mentioned this in D10530: Add a native S3 client.Sep 24 2014, 8:56 PM
joshuaspence added a comment.Sep 24 2014, 9:04 PM

Oh sorry, I should've commented. See D10530 instead

Revision Contents
Changeset List

PathSize
src/
future/
aws/
160 lines

Diff 25305

View Options

src/future/aws/PhutilAWSFuture.php

Loading...
Phabricator · Built by Phacility