Alternative credential retrieval - threadsafe

.changes/nextrelease/bugfix-fix-empty-getenv-in-credentials-provider.json

@@ -0,0 +1,7 @@
+[
+  {
+    "type": "bugfix",
+    "category": "",
+    "description": "Fix using credentials provider on multi-threaded servers"
+  }
+]

src/Credentials/CredentialProvider.php

@@ -295,10 +295,10 @@ public static function env()
     {
         return function () {
             // Use credentials from environment variables, if available
-            $key = getenv(self::ENV_KEY);
-            $secret = getenv(self::ENV_SECRET);
-            $accountId = getenv(self::ENV_ACCOUNT_ID) ?: null;
-            $token = getenv(self::ENV_SESSION) ?: null;
+            $key = getenv(self::ENV_KEY) ?: $_SERVER[self::ENV_KEY] ?? false;
+            $secret = getenv(self::ENV_SECRET) ?: $_SERVER[self::ENV_SECRET] ?? false;
+            $accountId = getenv(self::ENV_ACCOUNT_ID) ?: $_SERVER[self::ENV_ACCOUNT_ID] ?? null;
+            $token = getenv(self::ENV_SESSION) ?: $_SERVER[self::ENV_SESSION] ?? null;
 
             if ($key && $secret) {
                 return Promise\Create::promiseFor(

tests/Credentials/CredentialProviderTest.php

@@ -75,6 +75,38 @@ private function clearEnv()
         return $dir;
     }
 
+    private function clearEnvExceptServer()
+    {
+        putenv(CredentialProvider::ENV_KEY . '=');
+        putenv(CredentialProvider::ENV_SECRET . '=');
+        putenv(CredentialProvider::ENV_PROFILE . '=');
+        putenv('AWS_CONTAINER_CREDENTIALS_RELATIVE_URI');
+        putenv('AWS_CONTAINER_CREDENTIALS_FULL_URI');
+        putenv('AWS_CONTAINER_AUTHORIZATION_TOKEN');
+        putenv('AWS_SDK_LOAD_NONDEFAULT_CONFIG');
+        putenv('AWS_WEB_IDENTITY_TOKEN_FILE');
+        putenv('AWS_ROLE_ARN');
+        putenv('AWS_ROLE_SESSION_NAME');
+        putenv('AWS_SHARED_CREDENTIALS_FILE');
+
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_RELATIVE_URI']);
+        unset($_SERVER['AWS_CONTAINER_CREDENTIALS_FULL_URI']);
+        unset($_SERVER['AWS_CONTAINER_AUTHORIZATION_TOKEN']);
+        unset($_SERVER['AWS_SDK_LOAD_NONDEFAULT_CONFIG']);
+        unset($_SERVER['AWS_WEB_IDENTITY_TOKEN_FILE']);
+        unset($_SERVER['AWS_ROLE_ARN']);
+        unset($_SERVER['AWS_ROLE_SESSION_NAME']);
+        unset($_SERVER['AWS_SHARED_CREDENTIALS_FILE']);
+
+        $dir = sys_get_temp_dir() . '/.aws';
+
+        if (!is_dir($dir)) {
+            mkdir($dir, 0777, true);
+        }
+
+        return $dir;
+    }
+
     public function set_up()
     {
         $this->home = getenv('HOME');
@@ -187,6 +219,21 @@ public function testCreatesFromEnvironmentVariables()
         $this->assertSame($testAccountId, $creds->getAccountId());
     }
 
+   public function testCreatesFromServerVariables()
+    {
+        $this->clearEnvExceptServer();
+        $_SERVER[CredentialProvider::ENV_KEY] = 'abc';
+        $_SERVER[CredentialProvider::ENV_SECRET] = '123';
+        $_SERVER[CredentialProvider::ENV_SESSION] = '456';
+        $creds = call_user_func(CredentialProvider::env())->wait();
+        $this->assertSame('abc', $creds->getAccessKeyId());
+        $this->assertSame('123', $creds->getSecretKey());
+        $this->assertSame('456', $creds->getSecurityToken());
+        unset($_SERVER[CredentialProvider::ENV_KEY]);
+        unset($_SERVER[CredentialProvider::ENV_SECRET]);
+        unset($_SERVER[CredentialProvider::ENV_SESSION]);
+    }
+
     public function testCreatesFromEnvironmentVariablesNullToken()
     {
         $this->clearEnv();