Improve S3 client creation and move it to Deployer::s3_client.

john-shaffer · john-shaffer · commit b8f1e0cf6c94 · 2020-05-13T15:22:56.000-05:00
The improvements allow for the use of IAM roles rather than specifying
access keys.
diff --git a/src/Deployer.php b/src/Deployer.php
@@ -24,36 +24,8 @@ public function upload_files( string $processed_site_path ) : void {
             return;
         }
 
-        $client_options = [
-            'profile' => Controller::getValue( 's3Profile' ),
-            'version' => 'latest',
-            'region' => Controller::getValue( 's3Region' ),
-        ];
-
-        /*
-            If no credentials option, SDK attempts to load credentials from
-            your environment in the following order:
-
-                 - environment variables.
-                 - a credentials .ini file.
-                 - an IAM role.
-        */
-        if (
-            Controller::getValue( 's3AccessKeyID' ) &&
-            Controller::getValue( 's3SecretAccessKey' )
-        ) {
-            $client_options['credentials'] = [
-                'key' => Controller::getValue( 's3AccessKeyID' ),
-                'secret' => \WP2Static\CoreOptions::encrypt_decrypt(
-                    'decrypt',
-                    Controller::getValue( 's3SecretAccessKey' )
-                ),
-            ];
-            unset( $client_options['profile'] );
-        }
-
         // instantiate S3 client
-        $s3 = new \Aws\S3\S3Client( $client_options );
+        $s3 = self::s3_client();
 
         // iterate each file in ProcessedSite
         $iterator = new RecursiveIteratorIterator(
@@ -114,6 +86,38 @@ public function upload_files( string $processed_site_path ) : void {
         }
     }
 
+    public function s3_client() : \Aws\S3\S3Client {
+        $client_options = [
+            'version' => 'latest',
+            'region' => Controller::getValue( 's3Region' ),
+        ];
+
+        /*
+           If no credentials option, SDK attempts to load credentials from
+           your environment in the following order:
+
+           - environment variables.
+           - a credentials .ini file.
+           - an IAM role.
+         */
+        if (
+            Controller::getValue( 's3AccessKeyID' ) &&
+            Controller::getValue( 's3SecretAccessKey' )
+        ) {
+            $client_options['credentials'] = [
+                'key' => Controller::getValue( 's3AccessKeyID' ),
+                'secret' => \WP2Static\CoreOptions::encrypt_decrypt(
+                    'decrypt',
+                    Controller::getValue( 's3SecretAccessKey' )
+                ),
+            ];
+        } else if ( Controller::getValue( 's3Profile' ) ) {
+            $client_options['profile'] = Controller::getValue( 's3Profile' );
+        }
+
+        return new \Aws\S3\S3Client( $client_options );
+    }
+
     public function cloudfront_client() : \Aws\CloudFront\CloudFrontClient {
         /*
             If no credentials option, SDK attempts to load credentials from
