INT-12420: Allow the key/secret to be optional for S3 file system

Author: polothy

classes/aws_apcu_cache.php

@@ -0,0 +1,95 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * An APCu cache for AWS.
+ *
+ * @package   local_aws_sdk
+ * @copyright Copyright (c) 2017 Blackboard Inc. (http://www.blackboard.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+namespace local_aws_sdk;
+
+use Aws\CacheInterface;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * An APCu cache for AWS.
+ *
+ * @package   local_aws_sdk
+ * @copyright Copyright (c) 2017 Blackboard Inc. (http://www.blackboard.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class aws_apcu_cache implements CacheInterface {
+    /**
+     * Determine if this cache is usable.
+     *
+     * @return bool
+     */
+    public static function are_requirements_met() {
+        // APCu on the CLI does not persist cached values between CLI runs.
+        // So, rather pointless to use on the CLI.
+        if (CLI_SCRIPT && !PHPUNIT_TEST) {
+            return false;
+        }
+        if (!extension_loaded('apcu') || !ini_get('apc.enabled')) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Get a cache item by key.
+     *
+     * @param string $key Key to retrieve.
+     *
+     * @return mixed|null Returns the value or null if not found.
+     */
+    public function get($key) {
+        $success = false;
+        $value   = apcu_fetch($key, $success);
+
+        return $success ? $value : null;
+    }
+
+    /**
+     * Set a cache key value.
+     *
+     * @param string $key Key to set
+     * @param mixed $value Value to set.
+     * @param int $ttl Number of seconds the item is allowed to live. Set
+     *                      to 0 to allow an unlimited lifetime.
+     */
+    public function set($key, $value, $ttl = 0) {
+        $success = apcu_store($key, $value, $ttl);
+
+        if (!$success) {
+            debugging('Failed to store cached value in APCu');
+        }
+    }
+
+    /**
+     * Remove a cache key.
+     *
+     * @param string $key Key to remove.
+     */
+    public function remove($key) {
+        apcu_delete($key);
+    }
+}

classes/aws_sdk.php

@@ -37,7 +37,7 @@ class aws_sdk {
     /**
      * Required AWS config names.
      */
-    const REQUIRED_CONFIGS = ['key', 'secret', 'region'];
+    const REQUIRED_CONFIGS = ['region'];
 
     /**
      * Autoload the AWS SDK classes.
@@ -69,12 +69,51 @@ public static function config_from_cfg($name) {
             }
         }
 
-        return [
-            'region'      => $cfg['region'],
-            'credentials' => [
+        $config = ['region' => $cfg['region']];
+
+        $credentials = self::resolve_credentials($name, $cfg);
+        if (!empty($credentials)) {
+            $config['credentials'] = $credentials;
+        }
+
+        return $config;
+    }
+
+    /**
+     * Extract AWS credentials from CFG value.
+     *
+     * @param string $name The CFG name.
+     * @param array $cfg The Moodle config value.
+     * @return mixed
+     */
+    private static function resolve_credentials($name, array $cfg) {
+        // First check for key/secret credentials.
+        if (array_key_exists('key', $cfg) && array_key_exists('secret', $cfg)) {
+            return [
                 'key'    => $cfg['key'],
                 'secret' => $cfg['secret']
-            ],
-        ];
+            ];
+        }
+
+        // With no credentials set, then the AWS SDK will fallback to various means for acquiring credentials.
+        // See http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/configuration.html#credentials for details.
+
+        // When using IAM roles, we can set credentials to a cache so the SDK doesn't have to ping the metadata service every time.
+        // See http://docs.aws.amazon.com/aws-sdk-php/v3/guide/guide/credentials.html#instance-profile-credentials for details.
+        if (array_key_exists('credentials_cache', $cfg)) {
+            // Ensure we are loading as caches require this.
+            self::autoload();
+
+            $type = $cfg['credentials_cache'];
+            if ($type === 'apcu') {
+                if (aws_apcu_cache::are_requirements_met()) {
+                    return new aws_apcu_cache();
+                }
+            } else {
+                throw new \coding_exception('The $CFG->'.$name.'[\'credentials_cache\'] value is unknown: '.$type);
+            }
+        }
+
+        return [];
     }
 }

tests/aws_apcu_cache_test.php

@@ -0,0 +1,92 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Tests for APCu cache.
+ *
+ * @package   local_aws_sdk
+ * @copyright Copyright (c) 2017 Blackboard Inc. (http://www.blackboard.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+use Aws\Credentials\Credentials;
+use local_aws_sdk\aws_apcu_cache;
+use local_aws_sdk\aws_sdk;
+
+defined('MOODLE_INTERNAL') || die();
+
+/**
+ * Tests for APCu cache.
+ *
+ * @package   local_aws_sdk
+ * @copyright Copyright (c) 2017 Blackboard Inc. (http://www.blackboard.com)
+ * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class local_aws_sdk_aws_apcu_cache_testcase extends advanced_testcase {
+
+    const TEST_KEY = 'phpunit_local_aws_sdk_test';
+
+    protected function setUp() {
+        if (!extension_loaded('apcu')) {
+            $this->markTestSkipped('The APCu extension is not loaded');
+        }
+        if (!ini_get('apc.enabled')) {
+            $this->markTestSkipped('The APCu extension is not enabled');
+        }
+        if (!ini_get('apc.enable_cli')) {
+            $this->markTestSkipped('The APCu extension is not enabled for CLI');
+        }
+    }
+
+    protected function tearDown() {
+        apcu_delete(self::TEST_KEY);
+    }
+
+    /**
+     * @param mixed $value
+     * @dataProvider value_provider
+     */
+    public function test_cache($value) {
+        $cache = new aws_apcu_cache();
+        $cache->set(self::TEST_KEY, $value);
+        $this->assertDebuggingNotCalled();
+
+        $result = $cache->get(self::TEST_KEY);
+        $this->assertNotNull($result);
+
+        if ($value instanceof Credentials) {
+            $this->assertInstanceOf(Credentials::class, $result);
+            $this->assertSame($value->toArray(), $result->toArray());
+        } else {
+            $this->assertSame($value, $result);
+        }
+
+        $cache->remove(self::TEST_KEY);
+        $this->assertNull($cache->get(self::TEST_KEY));
+    }
+
+    public function value_provider() {
+        aws_sdk::autoload();
+
+        return [
+            ['Hodor value'],
+            [100],
+            [['Foo', 'Bar', 100]],
+            [100.01],
+            [new Credentials('key', 'secret', 'token', 100)],
+        ];
+    }
+}