Skip to content

feat: rename to laravel-iam-auth and add AWS credential caching#2

Merged
dimoschi merged 15 commits intomainfrom
feat/rename-and-credential-caching
Mar 26, 2026
Merged

feat: rename to laravel-iam-auth and add AWS credential caching#2
dimoschi merged 15 commits intomainfrom
feat/rename-and-credential-caching

Conversation

@dimoschi
Copy link
Copy Markdown
Collaborator

@dimoschi dimoschi commented Mar 23, 2026

Summary

  • Rename package from hackthebox/laravel-rds-iam-auth to hackthebox/laravel-iam-auth
  • Add AWS credential caching across PHP-FPM requests (APCu-first, Laravel cache fallback)
  • Wire AwsCredentialCache into the AWS SDK via aws/aws-sdk-php-laravel extension, so all SDK calls (S3, SQS, SES, etc.) benefit from cached credentials
  • Unify credential_provider config to apply globally to all SDK operations
  • Simplify RdsTokenProvider to use injected credential provider from the SDK singleton

Breaking Changes (v2.0.0)

  • Package name: hackthebox/laravel-rds-iam-auth -> hackthebox/laravel-iam-auth
  • Namespace: Hackthebox\RdsIamAuth -> Hackthebox\IamAuth
  • Config file: rds-iam-auth.php -> iam-auth.php
  • Env vars: RDS_IAM_* -> IAM_AUTH_*
  • Class names updated (e.g. RdsIamMySqlConnector -> IamMySqlConnector)
  • New dependency: aws/aws-sdk-php-laravel (required)

Migration from v1.x

  1. Update composer.json: hackthebox/laravel-rds-iam-auth to hackthebox/laravel-iam-auth
  2. Rename published config: config/rds-iam-auth.php to config/iam-auth.php
  3. Update env vars: RDS_IAM_* to IAM_AUTH_*
  4. If referencing classes directly, update namespace from Hackthebox\RdsIamAuth to Hackthebox\IamAuth

Test plan

  • 48 tests pass, 78 assertions
  • PHPStan clean (level 6)
  • No stale references to old names/namespaces

dimoschi added 12 commits March 20, 2026 19:57
@dimoschi
refactor: rename package from laravel-rds-iam-auth to laravel-iam-auth
d2ac0c3
@dimoschi
feat: add credential_cache config option for AWS SDK credential caching
b6f848d
@dimoschi
feat: add AWS credential caching with APCu-first strategy
38587b5
@dimoschi
feat: register AwsCredentialCache in service provider
db91781
@dimoschi
docs: update README and CHANGELOG for v2.0.0
e8b0aa4
@dimoschi
refactor: consolidate credential_cache into cache_store
29a160d 
A single cache_store config now controls both RDS token caching and
AWS credential caching (with separate cache keys and TTLs). This
removes the redundant credential_cache option.
@dimoschi
feat: add aws/aws-sdk-php-laravel as dependency
fa98415
@dimoschi
feat: wire AwsCredentialCache into AWS SDK via credential provider si…
740ffdd 
…ngleton
@dimoschi
refactor: simplify RdsTokenProvider to use injected credential provider
0b3e89d
@dimoschi
feat: move credential provider selection to service provider, update …
9447149 
…config scope
@dimoschi
docs: document SDK credential wiring and client creation guidance
11e0000
@dimoschi
refactor: extract ValidatesCacheStore trait and tighten credential pr…
7e36694 
…ovider type

Extract duplicated assertSafeCacheStore logic from RdsTokenProvider and
AwsCredentialCache into a shared ValidatesCacheStore trait. Change
RdsTokenProvider constructor type from mixed to \Closure.
@dimoschi dimoschi requested a review from Copilot March 23, 2026 10:29

This comment was marked as outdated.

Sign in to view

@dimoschi
fix: namespace cache key, flush test cache, re-add direct aws-sdk-php…
5e0e14f 
… constraint

- Prefix credential cache key to iam_auth:aws_credentials to avoid collisions
- Flush file cache in test to prevent flakiness from prior runs
- Re-add explicit aws/aws-sdk-php ^3.249 constraint as a guard
- Update README requirements to reflect both dependencies
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dimoschi dimoschi requested a review from roinosj March 23, 2026 14:50
@dimoschi
fix: wrap cache store resolution with contextual error, clean up style
7cf5ba7 
Add resolveCacheStore() to ValidatesCacheStore trait so that
misconfigured store names produce an error pointing to iam-auth config.
Add tests for valid and nonexistent cache stores. Clean up unnecessary
curly braces and replace qualified class names with imports.
@dimoschi dimoschi requested a review from Copilot March 24, 2026 11:53
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

tests/RdsTokenProviderTest.php:69

  • test_caches_token_in_laravel_cache_store doesn’t clear the file cache store before asserting createToken() is called exactly once. If another test run (or a prior test in this suite) has already populated the same cache key, createToken() may be called 0 times and the test becomes order-dependent/flaky. Flush the configured store at the start of this test (or use a unique cache key per test).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/IamAuthServiceProvider.php Outdated
Comment thread src/AwsCredentialCache.php
@dimoschi
fix: return rejected promise on credential failure, resolve cache sto…
bf9bf4e 
…re once

Return a rejected promise instead of throwing when credential resolution
fails, preserving the AWS SDK credential provider contract. Also resolve
the Laravel cache store into a local variable to avoid redundant lookups.
@dimoschi dimoschi requested a review from Copilot March 24, 2026 12:39
Copilot AI reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

tests/RdsTokenProviderTest.php:68

  • test_caches_token_in_laravel_cache_store() doesn’t clear the file cache store before asserting createToken() is called exactly once. If that cache key exists from a prior test run (or if test order changes), this test can incorrectly skip token generation and fail. Flush/forget the relevant cache key (or flush the store) at the start of this test to make it order-independent.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

makelarisjr
makelarisjr approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown

@makelarisjr makelarisjr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dimoschi dimoschi merged commit c06b15c into main Mar 26, 2026
9 checks passed
@dimoschi dimoschi deleted the feat/rename-and-credential-caching branch March 26, 2026 17:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@makelarisjr makelarisjr makelarisjr approved these changes

@vlasopoulos vlasopoulos Awaiting requested review from vlasopoulos

@roinosj roinosj Awaiting requested review from roinosj

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dimoschi @makelarisjr