Added StaticAuthentication

Added StaticAuthentication

Author: ilyakharev

.github/workflows/tests.yml

@@ -57,6 +57,9 @@ jobs:
       - name: Install dependencies
         run: composer install --prefer-dist --no-progress
 
+      - name: Create YDB User
+        run: docker exec $(docker ps --latest --quiet) /ydb -e grpc://localhost:2136 -d /local scripting yql -s "CREATE USER testuser PASSWORD 'test_password'"
+
       - name: Run tests
         run: ./vendor/bin/phpunit \
           --coverage-text \

CHANGELOG.md

@@ -1,3 +1,4 @@
+* added StaticAuthentication
 * added query timeout and canceled params
 
 ## 1.11.0

README.md

@@ -417,6 +417,36 @@ The following algorithm that is the same for YDB-PHP-SDK applies:
 4. Otherwise, if the value of the `YDB_ACCESS_TOKEN_CREDENTIALS` environment variable is set, the **Access token** authentication mode is used, where the this variable value is passed.
 5. Otherwise, the **Metadata** authentication mode is used.
 
+## Static credentials
+
+```php
+<?php
+
+use YdbPlatform\Ydb\Ydb;
+use YdbPlatform\Ydb\Auth\Implement\StaticAuthentication;
+
+$config = [
+
+    // Database path
+    'database'    => '/local',
+
+    // Database endpoint
+    'endpoint'    => 'localhost:2136',
+
+    // Auto discovery (dedicated server only)
+    'discovery'   => false,
+
+    // IAM config
+    'iam_config'  => [
+        'insecure' => true,
+    ],
+    
+    'credentials' => new StaticAuthentication($user, $password)
+];
+
+$ydb = new Ydb($config);
+```
+
 ## Reading from text file
 
 ```php

src/Auth/Implement/StaticAuthentication.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace YdbPlatform\Ydb\Auth\Implement;
+
+use YdbPlatform\Ydb\Auth\IamAuth;
+use YdbPlatform\Ydb\Auth\TokenInfo;
+use YdbPlatform\Ydb\Auth\UseConfigInterface;
+use YdbPlatform\Ydb\Jwt\Jwt;
+use YdbPlatform\Ydb\Ydb;
+
+class StaticAuthentication extends IamAuth implements UseConfigInterface
+{
+    protected $user;
+    protected $password;
+    protected $token;
+    /**
+     * @var Ydb
+     */
+    protected $ydb;
+
+    public function __construct(string $user, string $password)
+    {
+        $this->user = $user;
+        $this->password = $password;
+    }
+
+    public function getTokenInfo(): TokenInfo
+    {
+        $this->token = $this->ydb->auth()->getToken($this->user, $this->password);
+        $jwtData = Jwt::decodeHeaderAndPayload($this->token);
+        $expiresIn = $this->convertExpiresAt($jwtData['payload']['exp']);
+        $ratio = $this->getRefreshTokenRatio();
+
+        return new TokenInfo($this->token, $expiresIn, $ratio);
+    }
+
+    public function getName(): string
+    {
+        return "Static";
+    }
+
+    public function setYdbConnectionConfig(array $config)
+    {
+        unset($config['credentials']);
+        $config['credentials'] = new AnonymousAuthentication();
+        $this->ydb = new Ydb($config, $this->logger);
+    }
+}

src/Auth/UseConfigInterface.php

@@ -0,0 +1,8 @@
+<?php
+
+namespace YdbPlatform\Ydb\Auth;
+
+interface UseConfigInterface
+{
+    public function setYdbConnectionConfig(array $config);
+}

src/AuthService.php

@@ -0,0 +1,48 @@
+<?php
+namespace YdbPlatform\Ydb;
+use Ydb\Auth\V1\AuthServiceClient as ServiceClient;
+class AuthService{
+
+    use Traits\RequestTrait;
+    use Traits\ParseResultTrait;
+    use Traits\LoggerTrait;
+
+    /**
+     * @var ServiceClient
+     */
+    protected $client;
+    /**
+     * @var
+     */
+    protected $logger;
+    /**
+     * @var array|mixed
+     */
+    protected $meta;
+    /**
+     * @var Iam
+     */
+    protected $credentials;
+
+    public function __construct(Ydb $ydb, $logger)
+    {
+        $this->ydb = $ydb;
+        $this->logger = $logger;
+        $this->client = new ServiceClient($ydb->endpoint(), [
+            'credentials' => $ydb->iam()->getCredentials(),
+        ]);
+        $this->credentials = $ydb->iam();
+        $this->meta = [
+            'x-ydb-database' => [$ydb->database()],
+            'x-ydb-sdk-build-info' => ['ydb-php-sdk/' . Ydb::VERSION],
+        ];;
+    }
+
+    public function getToken(string $user, string $password){
+        $data = [];
+        $data["user"] = $user;
+        $data["password"] = $password;
+        $data["skip_get_token"] = true;
+        return $this->doRequest('Auth', 'Login', $data)->getToken();
+    }
+}

src/Jwt/Jwt.php

@@ -136,4 +136,12 @@ public function urlEncode($value)
     	}
         return str_replace('=', '', strtr(base64_encode($value), '+/', '-_'));
     }
+
+    public static function decodeHeaderAndPayload(string $jwtToken) : array {
+        $paths = explode(".", $jwtToken);
+        $result = [];
+        $result["header"] = json_decode(base64_decode($paths[0]), true);
+        $result["payload"] = json_decode(base64_decode($paths[1]), true);
+        return $result;
+    }
 }

src/Traits/RequestTrait.php

@@ -57,7 +57,11 @@ protected function doRequest($service, $method, array $data = [])
 
         $this->checkDiscovery();
 
-        $this->meta['x-ydb-auth-ticket'] = [$this->credentials->token()];
+        if(!empty($data["skip_get_token"])){
+            unset($data["skip_get_token"]);
+        } else {
+            $this->meta['x-ydb-auth-ticket'] = [$this->credentials->token()];
+        }
 
         $this->saveLastRequest($service, $method, $data);
 
@@ -119,7 +123,11 @@ protected function doStreamRequest($service, $method, $data = [])
     {
         $this->checkDiscovery();
 
-        $this->meta['x-ydb-auth-ticket'] = [$this->credentials->token()];
+        if(!empty($data["skip_get_token"])){
+            unset($data["skip_get_token"]);
+        } else {
+            $this->meta['x-ydb-auth-ticket'] = [$this->credentials->token()];
+        }
 
         if (method_exists($this, 'take')) {
             $this->take();

src/Ydb.php

@@ -4,6 +4,7 @@
 
 use Closure;
 use Psr\Log\LoggerInterface;
+use YdbPlatform\Ydb\Auth\UseConfigInterface;
 use YdbPlatform\Ydb\Exceptions\NonRetryableException;
 use YdbPlatform\Ydb\Exceptions\RetryableException;
 use YdbPlatform\Ydb\Exceptions\Ydb\BadSessionException;
@@ -41,6 +42,11 @@ class Ydb
      */
     protected $iam;
 
+    /**
+     * @var AuthService
+     */
+    protected $auth;
+
     /**
      * @var Discovery
      */
@@ -111,7 +117,10 @@ public function __construct($config = [], LoggerInterface $logger = null)
 
         if(isset($config['credentials'])){
             $this->iam_config['credentials'] = $config['credentials'];
-            $config['credentials']->setLogger($this->logger());
+            $this->iam_config['credentials']->setLogger($this->logger());
+            if ($this->iam_config['credentials'] instanceof UseConfigInterface){
+                $this->iam_config['credentials']->setYdbConnectionConfig($config);
+            }
         }
 
         if (!empty($config['discovery']))
@@ -236,6 +245,19 @@ public function discovery()
         return $this->discovery;
     }
 
+    /**
+     * @return AuthService
+     */
+    public function auth()
+    {
+        if (!isset($this->auth))
+        {
+            $this->auth = new AuthService($this, $this->logger);
+        }
+
+        return $this->auth;
+    }
+
     /**
      * @return Table
      */

tests/StaticCredentialsTest.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace YdbPlatform\Ydb\Test;
+
+use PHPUnit\Framework\TestCase;
+use YdbPlatform\Ydb\Auth\Implement\AccessTokenAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\StaticAuthentication;
+use YdbPlatform\Ydb\Logger\SimpleStdLogger;
+use YdbPlatform\Ydb\Ydb;
+
+class StaticCredentialsTest extends TestCase
+{
+    public function testGetAuthToken()
+    {
+        $config = [
+
+            // Database path
+            'database' => '/local',
+
+            // Database endpoint
+            'endpoint' => 'localhost:2136',
+
+            // Auto discovery (dedicated server only)
+            'discovery' => false,
+
+            // IAM config
+            'iam_config' => [
+                'insecure' => true,
+            ],
+            'credentials' => new StaticAuthentication('testuser', 'test_password')
+        ];
+        $ydb = new Ydb($config, new SimpleStdLogger(7));
+        $ydb->table()->query("SELECT 1;");
+        self::assertNotEquals("", $ydb->token());
+    }
+}