GromNaN/vault-iam-async-aws.php

## vault-iam-async-aws.php
<?php

namespace Testing;

/**
 * Authentication on a Vault server using AWS IAM
 * https://www.vaultproject.io/api-docs/auth/aws#login
 */

use AsyncAws\Core\AwsClientFactory;
use AsyncAws\Core\Credentials\ChainProvider;
use AsyncAws\Core\Request;
use AsyncAws\Core\RequestContext;
use AsyncAws\Core\Signer\SignerV4;
use AsyncAws\Core\Stream\StreamFactory;
use Symfony\Component\HttpClient\HttpClient

$awsClient = new AwsClientFactory();

// Copied from AsyncAws\Core\Sts\Input\GetCallerIdentityRequest because request() method is internal.
$request = new Request(
    'POST',
    '/',
    [],
    ['content-type' => 'application/x-www-form-urlencoded'],
    StreamFactory::create('Action=GetCallerIdentity&Version=2011-06-15')
);

// STS Endpoint and region are configured inside the Vault server
$request->setEndpoint('https://sts.amazonaws.com/');
$signer = new SignerV4('sts', 'us-east-1');

$signer->sign(
    $request,
    ChainProvider::createDefaultChain()->getCredentials($awsClient->sts()->getConfiguration()),
    new RequestContext()
);

$client = HttpClient::createForBaseUri('https://vault.example.com/', []);
$response = $client->request('POST', '/v1/auth/aws/login', [
    'json' => [
        'role' => 'dev',
        'iam_http_request_method' => $request->getMethod(),
        'iam_request_url' => base64_encode($request->getEndpoint()),
        'iam_request_headers' => base64_encode(json_encode($request->getHeaders())),
        'iam_request_body' => base64_encode($request->getBody()->stringify()),
    ],
]);

$token = $response->toArray()['auth']['client_token'];
	<?php

	namespace Testing;

	/**
	* Authentication on a Vault server using AWS IAM
	* https://www.vaultproject.io/api-docs/auth/aws#login
	*/

	use AsyncAws\Core\AwsClientFactory;
	use AsyncAws\Core\Credentials\ChainProvider;
	use AsyncAws\Core\Request;
	use AsyncAws\Core\RequestContext;
	use AsyncAws\Core\Signer\SignerV4;
	use AsyncAws\Core\Stream\StreamFactory;
	use Symfony\Component\HttpClient\HttpClient

	$awsClient = new AwsClientFactory();

	// Copied from AsyncAws\Core\Sts\Input\GetCallerIdentityRequest because request() method is internal.
	$request = new Request(
	'POST',
	'/',
	[],
	['content-type' => 'application/x-www-form-urlencoded'],
	StreamFactory::create('Action=GetCallerIdentity&Version=2011-06-15')
	);

	// STS Endpoint and region are configured inside the Vault server
	$request->setEndpoint('https://sts.amazonaws.com/');
	$signer = new SignerV4('sts', 'us-east-1');

	$signer->sign(
	$request,
	ChainProvider::createDefaultChain()->getCredentials($awsClient->sts()->getConfiguration()),
	new RequestContext()
	);

	$client = HttpClient::createForBaseUri('https://vault.example.com/', []);
	$response = $client->request('POST', '/v1/auth/aws/login', [
	'json' => [
	'role' => 'dev',
	'iam_http_request_method' => $request->getMethod(),
	'iam_request_url' => base64_encode($request->getEndpoint()),
	'iam_request_headers' => base64_encode(json_encode($request->getHeaders())),
	'iam_request_body' => base64_encode($request->getBody()->stringify()),
	],
	]);

	$token = $response->toArray()['auth']['client_token'];