Authentication method: Anonymous, Insecure grpc connection

bashkarev · bashkarev · commit 10ce05a1ccfd · 2022-05-26T01:02:32.000+03:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+vendor/
+composer.lock
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # CHANGELOG
 
+## 1.4.0 (???)
+
+### Features
+
+- Authentication method: Anonymous
+- Insecure grpc connection
 
 ## 1.3.1 (2022-02-25)
 
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ Yandex Database supports the following authentication methods:
 - JWT + private key
 - JWT + JSON file
 - Metadata URL
+- Anonymous
 
 ## OAuth token
 
@@ -160,6 +161,35 @@ $ydb = new Ydb($config);
 
 ```
 
+## Anonymous
+
+```php
+<?php
+
+use YandexCloud\Ydb\Ydb;
+
+$config = [
+
+    // Database path
+    'database'    => '/local',
+
+    // Database endpoint
+    'endpoint'    => 'localhost:2135',
+
+    // Auto discovery (dedicated server only)
+    'discovery'   => false,
+
+    // IAM config
+    'iam_config'  => [
+        'anonymous' => true,
+        // Allow insecure grpc connection, default false
+        'insecure' => false,
+    ],
+];
+
+$ydb = new Ydb($config);
+
+```
 
 # Usage
 
diff --git a/composer.json b/composer.json
@@ -18,7 +18,7 @@
         "grpc/grpc": "^1.35",
         "lcobucci/jwt": "^4.1.5",
         "phpseclib/phpseclib": "^2.0|^3.0",
-        "psr/log": "~1.0"
+        "psr/log": "^1|^2|^3"
     },
     "autoload": {
         "psr-4": {
diff --git a/src/Iam.php b/src/Iam.php
@@ -10,6 +10,8 @@
 use YandexCloud\Ydb\Jwt\Signer\Sha256;
 use YandexCloud\Ydb\Contracts\IamTokenContract;
 
+use function filter_var;
+
 class Iam implements IamTokenContract
 {
     use Traits\LoggerTrait;
@@ -95,7 +97,6 @@ public function newToken()
         else if ($this->config('private_key'))
         {
             $token = $this->getJwtToken();
-
             $request_data = [
                 'jwt' => $token->toString(),
             ];
@@ -159,6 +160,10 @@ public function newToken()
      */
     public function getCredentials()
     {
+        if ($this->config('insecure')) {
+            return ChannelCredentials::createInsecure();
+        }
+
         $root_pem_file = $this->config('root_cert_file');
 
         if ($root_pem_file && is_file($root_pem_file))
@@ -180,7 +185,14 @@ protected function initConfig()
             $this->config['temp_dir'] = sys_get_temp_dir();
         }
 
-        if (!empty($this->config['use_metadata']))
+        $this->config['insecure'] = (isset($this->config['insecure']) && filter_var($this->config['insecure'], \FILTER_VALIDATE_BOOLEAN));
+        $this->config['anonymous'] = (isset($this->config['anonymous']) && filter_var($this->config['anonymous'], \FILTER_VALIDATE_BOOLEAN));
+
+        if ($this->config['anonymous'])
+        {
+            $this->logger()->info('YDB: Authentication method: Anonymous');
+        }
+        else if (!empty($this->config['use_metadata']))
         {
             $this->logger()->info('YDB: Authentication method: Metadata URL');
         }
diff --git a/src/Ydb.php b/src/Ydb.php
@@ -8,7 +8,7 @@ class Ydb
 {
     use Traits\LoggerTrait;
 
-    const VERSION = '1.3.1';
+    const VERSION = '1.4.0';
 
     /**
      * @var string
@@ -102,16 +102,18 @@ public function database()
         return $this->database;
     }
 
-    /**
-     * @return array
-     */
-    public function meta()
+    public function meta(): array
     {
-        return [
-            'x-ydb-auth-ticket' => [$this->iam()->token()],
+        $meta = [
             'x-ydb-database' => [$this->database],
             'x-ydb-sdk-build-info' => ['ydb-php-sdk/' . static::VERSION],
         ];
+
+        if (!$this->iam()->config('anonymous', false)) {
+            $meta['x-ydb-auth-ticket'] = [$this->iam()->token()];
+        }
+
+        return $meta;
     }
 
     /**
