Merge pull request #85 from ydb-platform/added-evn-cred

Added environment credentials

Author: ilyakharev

CHANGELOG.md

@@ -1,3 +1,5 @@
+* added environment credentials
+
 ## 1.6.0
 
 * added retry function

README.md

@@ -71,7 +71,7 @@ or:
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\AccessTokenAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\AccessTokenAuthentication;
 
 $config = [
 
@@ -134,7 +134,7 @@ or
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\OAuthTokenAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\OAuthTokenAuthentication;
 
 $config = [
 
@@ -192,7 +192,7 @@ or
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\JwtWithPrivateKeyAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\JwtWithPrivateKeyAuthentication;
 
 $config = [
     'database'    => '/ru-central1/b1glxxxxxxxxxxxxxxxx/etn0xxxxxxxxxxxxxxxx',
@@ -249,7 +249,7 @@ or:
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\JwtWithJsonAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\JwtWithJsonAuthentication;
 
 $config = [
     'database'    => '/ru-central1/b1glxxxxxxxxxxxxxxxx/etn0xxxxxxxxxxxxxxxx',
@@ -299,7 +299,7 @@ or
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\MetadataAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\MetadataAuthentication;
 
 $config = [
 
@@ -355,7 +355,7 @@ or:
 <?php
 
 use YdbPlatform\Ydb\Ydb;
-use YdbPlatform\Ydb\Auth\AnonymousAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\AnonymousAuthentication;
 
 $config = [
 
@@ -379,6 +379,44 @@ $config = [
 $ydb = new Ydb($config);
 ```
 
+## Determined by environment variables
+
+```php
+<?php
+
+use YdbPlatform\Ydb\Ydb;
+use YdbPlatform\Ydb\Auth\Implement\EnvironCredentials;
+
+$config = [
+
+    // Database path
+    'database'    => '/local',
+
+    // Database endpoint
+    'endpoint'    => 'localhost:2136',
+
+    // Auto discovery (dedicated server only)
+    'discovery'   => false,
+
+    // IAM config
+    'iam_config'  => [
+        'insecure' => true,
+    ],
+    
+    'credentials' => new EnvironCredentials()
+];
+
+$ydb = new Ydb($config);
+```
+
+The following algorithm that is the same for YDB-PHP-SDK applies:
+
+1. If the value of the `YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS` environment variable is set, the **System Account Key** authentication mode is used and the key is taken from the file whose name is specified in this variable.
+2. Otherwise, if the value of the `YDB_ANONYMOUS_CREDENTIALS` environment variable is set to 1, the anonymous authentication mode is used.
+3. Otherwise, if the value of the `YDB_METADATA_CREDENTIALS` environment variable is set to 1, the **Metadata** authentication mode is used.
+4. Otherwise, if the value of the `YDB_ACCESS_TOKEN_CREDENTIALS` environment variable is set, the **Access token** authentication mode is used, where the this variable value is passed.
+5. Otherwise, the **Metadata** authentication mode is used.
+
 # Usage
 
 You should initialize a session from the Table service to start querying.

src/Auth/EnvironCredentials.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace YdbPlatform\Ydb\Auth;
+
+use YdbPlatform\Ydb\Auth\Implement\AccessTokenAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\AnonymousAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\JwtWithJsonAuthentication;
+use YdbPlatform\Ydb\Auth\Implement\MetadataAuthentication;
+
+class EnvironCredentials extends \YdbPlatform\Ydb\Auth\Auth
+{
+    /**
+     * @var Auth
+     */
+    protected $auth;
+    public function __construct()
+    {
+        if ($jsonfile = getenv("YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS")){
+            $this->auth = new JwtWithJsonAuthentication($jsonfile);
+        } elseif (getenv("YDB_ANONYMOUS_CREDENTIALS") == 1){
+            $this->auth = new AnonymousAuthentication();
+        } elseif (getenv("YDB_METADATA_CREDENTIALS") == 1){
+            $this->auth = new MetadataAuthentication();
+        } elseif ($token = getenv("YDB_ACCESS_TOKEN_CREDENTIALS")){
+            $this->auth = new AccessTokenAuthentication($token);
+        } else {
+            $this->auth = new MetadataAuthentication();
+        }
+    }
+
+    public function getTokenInfo(): TokenInfo
+    {
+        return $this->auth->getTokenInfo();
+    }
+
+    public function getName(): string
+    {
+        return $this->auth->getName();
+    }
+}

tests/TestEnvTypes.php

@@ -0,0 +1,67 @@
+<?php
+namespace YdbPlatform\Ydb\Test;
+
+use PHPUnit\Framework\TestCase;
+use YdbPlatform\Ydb\Auth\EnvironCredentials;
+use YdbPlatform\Ydb\Ydb;
+use YdbPlatform\Ydb\YdbTable;
+
+class TestEnvTypes extends TestCase{
+
+    public function testEnvTypes(){
+
+        $dataset = [
+            [
+                "env"   => [
+                    "name"  => "YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS",
+                    "value" => "./some.json"
+                ],
+                "wait"  => "SA JSON key"
+            ],
+            [
+                "env"   => [
+                    "name"  => "YDB_ACCESS_TOKEN_CREDENTIALS",
+                    "value" => "76254876234"
+                ],
+                "wait"  => "Access token"
+            ],
+            [
+                "env"   => [
+                    "name"  => "YDB_ANONYMOUS_CREDENTIALS",
+                    "value" => "1"
+                ],
+                "wait"  => "Anonymous"
+            ],
+            [
+                "env"   => [
+                    "name"  => "YDB_METADATA_CREDENTIALS",
+                    "value" => "1"
+                ],
+                "wait"  => "Metadata URL"
+            ],
+            [
+                "env"   => [
+                    "name"  => "YDB_ANONYMOUS_CREDENTIALS",
+                    "value" => "0"
+                ],
+                "wait"  => "Metadata URL"
+            ],
+            [
+                "env"   => [
+                    "name"  => "none",
+                    "value" => "none"
+                ],
+                "wait"  => "Metadata URL"
+            ],
+        ];
+        foreach ($dataset as $data){
+            putenv($data["env"]["name"]."=".$data["env"]["value"]);
+            self::assertEquals(
+                $data["wait"],
+                (new EnvironCredentials())->getName()
+            );
+            putenv($data["env"]["name"]);
+        }
+
+    }
+}

tests/some.json

@@ -0,0 +1,8 @@
+{
+  "id": "",
+  "service_account_id": "",
+  "created_at": "",
+  "key_algorithm": "",
+  "public_key": "",
+  "private_key": ""
+}