Improve CF client creation and move it to Deployer::cloudfront_client.

john-shaffer · john-shaffer · commit 11f2aaed4ef9 · 2020-05-13T15:06:07.000-05:00
The improvements allow for the use of IAM roles rather than specifying
access keys.
diff --git a/src/Deployer.php b/src/Deployer.php
@@ -114,18 +114,10 @@ public function upload_files( string $processed_site_path ) : void {
         }
     }
 
-
-    public function cloudfront_invalidate_all_items() : void {
-        if ( ! Controller::getValue( 'cfDistributionID' ) ) {
-            return;
-        }
-
-        \WP2Static\WsLog::l( 'Invalidating all CloudFront items' );
-
+    public function cloudfront_client() : \Aws\CloudFront\CloudFrontClient {
         /*
             If no credentials option, SDK attempts to load credentials from
             your environment in the following order:
-
                  - environment variables.
                  - a credentials .ini file.
                  - an IAM role.
@@ -134,24 +126,51 @@ public function cloudfront_invalidate_all_items() : void {
             Controller::getValue( 'cfAccessKeyID' ) &&
             Controller::getValue( 'cfSecretAccessKey' )
         ) {
-
+            // Use the supplied access keys.
             $credentials = new \Aws\Credentials\Credentials(
                 Controller::getValue( 'cfAccessKeyID' ),
                 \WP2Static\CoreOptions::encrypt_decrypt(
                     'decrypt',
                     Controller::getValue( 'cfSecretAccessKey' )
                 )
             );
+            $client = \Aws\CloudFront\CloudFrontClient::factory(
+                [
+                    'region' => Controller::getValue( 'cfRegion' ),
+                    'version' => 'latest',
+                    'credentials' => $credentials,
+                ]
+            );
+        } else if ( Controller::getValue( 'cfProfile' ) ) {
+            // Use the specified profile.
+            $client = \Aws\CloudFront\CloudFrontClient::factory(
+                [
+                    'profile' => Controller::getValue( 'cfProfile' ),
+                    'region' => Controller::getValue( 'cfRegion' ),
+                    'version' => 'latest',
+                ]
+            );
+        } else {
+            // Use the IAM role.
+            $client = \Aws\CloudFront\CloudFrontClient::factory(
+                [
+                    'region' => Controller::getValue( 'cfRegion' ),
+                    'version' => 'latest',
+                ]
+            );
         }
 
-        $client = \Aws\CloudFront\CloudFrontClient::factory(
-            [
-                'profile' => Controller::getValue( 'cfProfile' ),
-                'region' => Controller::getValue( 'cfRegion' ),
-                'version' => 'latest',
-                'credentials' => isset( $credentials ) ? $credentials : '',
-            ]
-        );
+        return $client;
+    }
+
+    public function cloudfront_invalidate_all_items() : void {
+        if ( ! Controller::getValue( 'cfDistributionID' ) ) {
+            return;
+        }
+
+        \WP2Static\WsLog::l( 'Invalidating all CloudFront items' );
+
+        $client = self::cloudfront_client();
 
         try {
             $result = $client->createInvalidation(
