Alternative credential retrieval - threadsafe

.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json

@@ -0,0 +1,7 @@
+[
+  {
+    "type": "bugfix",
+    "category": "",
+    "description": "Fix using credentials provider on multi-threaded servers"
+  }
+]

src/Credentials/CredentialProvider.php

@@ -289,11 +289,11 @@ public static function env()
     {
         return function () {
             // Use credentials from environment variables, if available
-            $key = getenv(self::ENV_KEY);
-            $secret = getenv(self::ENV_SECRET);
+            $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY] ?? false;
+            $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET] ?? false;
             if ($key && $secret) {
                 return Promise\Create::promiseFor(
-                    new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: NULL)
+                    new Credentials($key, $secret, getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?? NULL)
                 );
             }
 

tests/Credentials/CredentialProviderTest.php

@@ -66,6 +66,38 @@ private function clearEnv()
         return $dir;
     }
 
+    private function clearEnvExceptServer()
+    {
+        putenv(CredentialProvider::ENV_KEY . '=');
+        putenv(CredentialProvider::ENV_SECRET . '=');
+        putenv(CredentialProvider::ENV_PROFILE . '=');
+        putenv('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI');
+        putenv('AWS_CONTAINER_CREDENTIALS_FULL_URI');
+        putenv('AWS_CONTAINER_AUTHORIZATION_TOKEN');
+        putenv('AWS_SDK_LOAD_NONDEFAULT_CONFIG');
+        putenv('AWS_WEB_IDENTITY_TOKEN_FILE');
+        putenv('AWS_ROLE_ARN');
+        putenv('AWS_ROLE_SESSION_NAME');
+        putenv('AWS_SHARED_CREDENTIALS_FILE');
+
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']);
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_FULL_URI']);
+        unset($_SERVER['AWS_CONTAINER_AUTHORIZATION_TOKEN']);
+        unset($_SERVER['AWS_SDK_LOAD_NONDEFAULT_CONFIG']);
+        unset($_SERVER['AWS_WEB_IDENTITY_TOKEN_FILE']);
+        unset($_SERVER['AWS_ROLE_ARN']);
+        unset($_SERVER['AWS_ROLE_SESSION_NAME']);
+        unset($_SERVER['AWS_SHARED_CREDENTIALS_FILE']);
+
+        $dir = sys_get_temp_dir() . '/.aws';
+
+        if (!is_dir($dir)) {
+            mkdir($dir, 0777, true);
+        }
+
+        return $dir;
+    }
+
     public function set_up()
     {
         $this->home = getenv('HOME');
@@ -173,6 +205,21 @@ public function testCreatesFromEnvironmentVariables()
         $this->assertSame('456', $creds->getSecurityToken());
     }
 
+   public function testCreatesFromServerVariables()
+    {
+        $this->clearEnvExceptServer();
+        $_SERVER[CredentialProvider::ENV_KEY] = 'abc';
+        $_SERVER[CredentialProvider::ENV_SECRET] = '123';
+        $_SERVER[CredentialProvider::ENV_SESSION] = '456';
+        $creds = call_user_func(CredentialProvider::env())->wait();
+        $this->assertSame('abc', $creds->getAccessKeyId());
+        $this->assertSame('123', $creds->getSecretKey());
+        $this->assertSame('456', $creds->getSecurityToken());
+        unset($_SERVER[CredentialProvider::ENV_KEY]);
+        unset($_SERVER[CredentialProvider::ENV_SECRET]);
+        unset($_SERVER[CredentialProvider::ENV_SESSION]);
+    }
+
     public function testCreatesFromEnvironmentVariablesNullToken()
     {
         $this->clearEnv();