GromNaN · March 18, 2021 00:34
diff --git a/vault-iam-async-aws.php b/vault-iam-async-aws.php
 <?php

 namespace Testing;

 /**
 * Authentication on a Vault server using AWS IAM
 * https://www.vaultproject.io/api-docs/auth/aws#login
 */

 use AsyncAws\Core\AwsClientFactory;
 use AsyncAws\Core\Credentials\ChainProvider;
 use AsyncAws\Core\Request;
 use AsyncAws\Core\RequestContext;
 use AsyncAws\Core\Signer\SignerV4;
 use AsyncAws\Core\Stream\StreamFactory;
 use Symfony\Component\HttpClient\HttpClient

 $awsClient = new AwsClientFactory();

 // Copied from AsyncAws\Core\Sts\Input\GetCallerIdentityRequest because request() method is internal.
 $request = new Request(
    'POST',
    '/',
    [],
    ['content-type' => 'application/x-www-form-urlencoded'],
    StreamFactory::create('Action=GetCallerIdentity&Version=2011-06-15')
 );

 // STS Endpoint and region are configured inside the Vault server
 $request->setEndpoint('https://sts.amazonaws.com/');
 $signer = new SignerV4('sts', 'us-east-1');

 $signer->sign(
    $request,
    ChainProvider::createDefaultChain()->getCredentials($awsClient->sts()->getConfiguration()),
    new RequestContext()
 );

 $client = HttpClient::createForBaseUri('https://vault.example.com/', []);
 $response = $client->request('POST', '/v1/auth/aws/login', [
    'json' => [
        'role' => 'dev',
        'iam_http_request_method' => $request->getMethod(),
        'iam_request_url' => base64_encode($request->getEndpoint()),
        'iam_request_headers' => base64_encode(json_encode($request->getHeaders())),
        'iam_request_body' => base64_encode($request->getBody()->stringify()),
    ],
 ]);

 $token = $response->toArray()['auth']['client_token'];
	<?php

	namespace Testing;

	/**
	* Authentication on a Vault server using AWS IAM
	* https://www.vaultproject.io/api-docs/auth/aws#login
	*/

	use AsyncAws\Core\AwsClientFactory;
	use AsyncAws\Core\Credentials\ChainProvider;
	use AsyncAws\Core\Request;
	use AsyncAws\Core\RequestContext;
	use AsyncAws\Core\Signer\SignerV4;
	use AsyncAws\Core\Stream\StreamFactory;
	use Symfony\Component\HttpClient\HttpClient

	$awsClient = new AwsClientFactory();

	// Copied from AsyncAws\Core\Sts\Input\GetCallerIdentityRequest because request() method is internal.
	$request = new Request(
	'POST',
	'/',
	[],
	['content-type' => 'application/x-www-form-urlencoded'],
	StreamFactory::create('Action=GetCallerIdentity&Version=2011-06-15')
	);

	// STS Endpoint and region are configured inside the Vault server
	$request->setEndpoint('https://sts.amazonaws.com/');
	$signer = new SignerV4('sts', 'us-east-1');

	$signer->sign(
	$request,
	ChainProvider::createDefaultChain()->getCredentials($awsClient->sts()->getConfiguration()),
	new RequestContext()
	);

	$client = HttpClient::createForBaseUri('https://vault.example.com/', []);
	$response = $client->request('POST', '/v1/auth/aws/login', [
	'json' => [
	'role' => 'dev',
	'iam_http_request_method' => $request->getMethod(),
	'iam_request_url' => base64_encode($request->getEndpoint()),
	'iam_request_headers' => base64_encode(json_encode($request->getHeaders())),
	'iam_request_body' => base64_encode($request->getBody()->stringify()),
	],
	]);

	$token = $response->toArray()['auth']['client_token'];