Merge pull request #45 Add IAM access authentication

rekby · web-flow · commit 8c88ee3bc98a · 2023-04-11T16:05:08.000+03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,4 @@
-# CHANGELOG
-
+* added access token authentication
 
 ## 1.5.0 (2023-02-22)
 
diff --git a/README.md b/README.md
@@ -34,6 +34,38 @@ YDB supports the following authentication methods:
 - Metadata URL
 - Anonymous
 
+## Access token
+
+Use your access token:
+
+```php
+<?php
+
+use YdbPlatform\Ydb\Ydb;
+
+$config = [
+
+    // Database path
+    'database'    => '/ru-central1/b1glxxxxxxxxxxxxxxxx/etn0xxxxxxxxxxxxxxxx',
+
+    // Database endpoint
+    'endpoint'    => 'ydb.serverless.yandexcloud.net:2135',
+
+    // Auto discovery (dedicated server only)
+    'discovery'   => false,
+
+    // IAM config
+    'iam_config'  => [
+        'root_cert_file' => './CA.pem', // Root CA file (dedicated server only!)
+
+        // Access token authentication
+        'access_token'    => 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA',
+    ],
+];
+
+$ydb = new Ydb($config);
+```
+
 ## OAuth token
 
 You should obtain [a new OAuth token](https://cloud.yandex.com/docs/iam/concepts/authorization/oauth-token).
@@ -67,7 +99,6 @@ $config = [
 ];
 
 $ydb = new Ydb($config);
-
 ```
 
 ## JWT + private key
diff --git a/src/Iam.php b/src/Iam.php
@@ -73,7 +73,10 @@ public function config($key, $default = null)
      */
     public function token($force = false)
     {
-        if ($force || !($token = $this->loadToken()))
+        if ($token = $this->config('access_token')){
+            return $token;
+        }
+        else if ($force || !($token = $this->loadToken()))
         {
             $token = $this->newToken();
         }
@@ -184,6 +187,7 @@ protected function parseConfig(array $config)
         $stringParams = [
             'temp_dir',
             'root_cert_file',
+            'access_token',
             'oauth_token',
             'key_id',
             'service_account_id',
@@ -272,6 +276,9 @@ protected function initConfig()
                 throw new Exception('Private key [' . $privateKeyFile . '] is missing.');
             }
         }
+        else if ($this->config('access_token')){
+            $this->logger()->info('YDB: Authentication method: Access token');
+        }
         else if ($this->config('oauth_token'))
         {
             $this->logger()->info('YDB: Authentication method: OAuth token');

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,10 @@ public function config($key, $default = null)`
`73`	`73`	`*/`
`74`	`74`	`public function token($force = false)`
`75`	`75`	`{`
`76`		`- if ($force \|\| !($token = $this->loadToken()))`
	`76`	`+ if ($token = $this->config('access_token')){`
	`77`	`+ return $token;`
	`78`	`+ }`
	`79`	`+ else if ($force \|\| !($token = $this->loadToken()))`
`77`	`80`	`{`
`78`	`81`	`$token = $this->newToken();`
`79`	`82`	`}`
`@@ -184,6 +187,7 @@ protected function parseConfig(array $config)`
`184`	`187`	`$stringParams = [`
`185`	`188`	`'temp_dir',`
`186`	`189`	`'root_cert_file',`
	`190`	`+ 'access_token',`
`187`	`191`	`'oauth_token',`
`188`	`192`	`'key_id',`
`189`	`193`	`'service_account_id',`
`@@ -272,6 +276,9 @@ protected function initConfig()`
`272`	`276`	`throw new Exception('Private key [' . $privateKeyFile . '] is missing.');`
`273`	`277`	`}`
`274`	`278`	`}`
	`279`	`+ else if ($this->config('access_token')){`
	`280`	`+ $this->logger()->info('YDB: Authentication method: Access token');`
	`281`	`+ }`
`275`	`282`	`else if ($this->config('oauth_token'))`
`276`	`283`	`{`
`277`	`284`	`$this->logger()->info('YDB: Authentication method: OAuth token');`