1<?php
2/*
3 * Copyright 2015 Google Inc.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18namespace Google\Auth\Credentials;
19
20/**
21 * Authenticates requests using IAM credentials.
22 */
23class IAMCredentials
24{
25    const SELECTOR_KEY = 'x-goog-iam-authority-selector';
26    const TOKEN_KEY = 'x-goog-iam-authorization-token';
27
28    /**
29     * @var string
30     */
31    private $selector;
32
33    /**
34     * @var string
35     */
36    private $token;
37
38    /**
39     * @param string $selector the IAM selector
40     * @param string $token the IAM token
41     */
42    public function __construct($selector, $token)
43    {
44        if (!is_string($selector)) {
45            throw new \InvalidArgumentException(
46                'selector must be a string'
47            );
48        }
49        if (!is_string($token)) {
50            throw new \InvalidArgumentException(
51                'token must be a string'
52            );
53        }
54
55        $this->selector = $selector;
56        $this->token = $token;
57    }
58
59    /**
60     * export a callback function which updates runtime metadata.
61     *
62     * @return callable updateMetadata function
63     */
64    public function getUpdateMetadataFunc()
65    {
66        return array($this, 'updateMetadata');
67    }
68
69    /**
70     * Updates metadata with the appropriate header metadata.
71     *
72     * @param array<mixed> $metadata metadata hashmap
73     * @param string $unusedAuthUri optional auth uri
74     * @param callable $httpHandler callback which delivers psr7 request
75     *        Note: this param is unused here, only included here for
76     *        consistency with other credentials class
77     *
78     * @return array<mixed> updated metadata hashmap
79     */
80    public function updateMetadata(
81        $metadata,
82        $unusedAuthUri = null,
83        callable $httpHandler = null
84    ) {
85        $metadata_copy = $metadata;
86        $metadata_copy[self::SELECTOR_KEY] = $this->selector;
87        $metadata_copy[self::TOKEN_KEY] = $this->token;
88
89        return $metadata_copy;
90    }
91}
92