Customer Credential provider (aws#221)

TingDaoK · web-flow · commit 2d7a1096bb17 · 2021-03-08T13:41:30.000-08:00
* Customer Credential provider
diff --git a/include/aws/crt/auth/Credentials.h b/include/aws/crt/auth/Credentials.h
@@ -92,6 +92,11 @@ namespace Aws
              */
             using OnCredentialsResolved = std::function<void(std::shared_ptr<Credentials>, int errorCode)>;
 
+            /**
+             * Invoked when the native delegate credentials provider needs to fetch a credential.
+             */
+            using GetCredentialsHandler = std::function<std::shared_ptr<Credentials>()>;
+
             /**
              * Base interface for all credentials providers.  Credentials providers are objects that
              * retrieve AWS credentials from some source.
@@ -281,6 +286,15 @@ namespace Aws
                 Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
             };
 
+            /**
+             * Configuration options for the delegate credentials provider
+             */
+            struct AWS_CRT_CPP_API CredentialsProviderDelegateConfig
+            {
+                /* handler to provider credentials */
+                GetCredentialsHandler Handler;
+            };
+
             /**
              * Simple credentials provider implementation that wraps one of the internal C-based implementations.
              *
@@ -381,6 +395,14 @@ namespace Aws
                     const CredentialsProviderX509Config &config,
                     Allocator *allocator = g_allocator);
 
+                /**
+                 * Creates a provider that sources credentials from the provided function.
+                 *
+                 */
+                static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderDelegate(
+                    const CredentialsProviderDelegateConfig &config,
+                    Allocator *allocator = g_allocator);
+
               private:
                 static void s_onCredentialsResolved(aws_credentials *credentials, int error_code, void *user_data);
 
diff --git a/source/auth/Credentials.cpp b/source/auth/Credentials.cpp
@@ -310,6 +310,52 @@ namespace Aws
                 return s_CreateWrappedProvider(aws_credentials_provider_new_x509(allocator, &raw_config), allocator);
             }
 
+            struct DelegateCredentialsProviderCallbackArgs
+            {
+                DelegateCredentialsProviderCallbackArgs() = default;
+
+                Allocator *allocator;
+                GetCredentialsHandler m_Handler;
+            };
+
+            static int s_onDelegateGetCredentials(
+                void *delegate_user_data,
+                aws_on_get_credentials_callback_fn callback,
+                void *callback_user_data)
+            {
+                auto args = static_cast<DelegateCredentialsProviderCallbackArgs *>(delegate_user_data);
+                auto creds = args->m_Handler();
+                struct aws_credentials *m_credentials = (struct aws_credentials *)(void *)creds->GetUnderlyingHandle();
+                callback(m_credentials, AWS_ERROR_SUCCESS, callback_user_data);
+                return AWS_OP_SUCCESS;
+            }
+
+            static void s_onDelegateShutdownComplete(void *user_data)
+            {
+                auto args = static_cast<DelegateCredentialsProviderCallbackArgs *>(user_data);
+                Aws::Crt::Delete(args, args->allocator);
+            }
+
+            std::shared_ptr<ICredentialsProvider> CredentialsProvider::CreateCredentialsProviderDelegate(
+                const CredentialsProviderDelegateConfig &config,
+                Allocator *allocator)
+            {
+                struct aws_credentials_provider_delegate_options raw_config;
+                AWS_ZERO_STRUCT(raw_config);
+
+                auto delegateCallbackArgs = Aws::Crt::New<DelegateCredentialsProviderCallbackArgs>(allocator);
+                delegateCallbackArgs->allocator = allocator;
+                delegateCallbackArgs->m_Handler = config.Handler;
+                raw_config.delegate_user_data = delegateCallbackArgs;
+                raw_config.get_credentials = s_onDelegateGetCredentials;
+                aws_credentials_provider_shutdown_options options;
+                options.shutdown_callback = s_onDelegateShutdownComplete;
+                options.shutdown_user_data = delegateCallbackArgs;
+                raw_config.shutdown_options = options;
+                return s_CreateWrappedProvider(
+                    aws_credentials_provider_new_delegate(allocator, &raw_config), allocator);
+            }
+
         } // namespace Auth
     }     // namespace Crt
 } // namespace Aws
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
@@ -46,6 +46,7 @@ add_test_case(TestProviderEnvironmentGet)
 add_test_case(TestProviderProfileGet)
 add_test_case(TestProviderImdsGet)
 add_test_case(TestProviderDefaultChainGet)
+add_test_case(TestProviderDelegateGet)
 add_test_case(HttpRequestTestCreateDestroy)
 add_test_case(Sigv4SigningTestCreateDestroy)
 add_test_case(Sigv4SigningTestSimple)
diff --git a/tests/CredentialsTest.cpp b/tests/CredentialsTest.cpp
@@ -232,3 +232,39 @@ static int s_TestProviderDefaultChainGet(struct aws_allocator *allocator, void *
 }
 
 AWS_TEST_CASE(TestProviderDefaultChainGet, s_TestProviderDefaultChainGet)
+
+static int s_TestProviderDelegateGet(struct aws_allocator *allocator, void *ctx)
+{
+    (void)ctx;
+    {
+        ApiHandle apiHandle(allocator);
+
+        auto delegateGetCredentials = [&allocator]() -> std::shared_ptr<Credentials> {
+            Credentials credentials(
+                aws_byte_cursor_from_c_str(s_access_key_id),
+                aws_byte_cursor_from_c_str(s_secret_access_key),
+                aws_byte_cursor_from_c_str(s_session_token),
+                UINT32_MAX,
+                allocator);
+            return Aws::Crt::MakeShared<Auth::Credentials>(allocator, credentials.GetUnderlyingHandle());
+        };
+
+        CredentialsProviderDelegateConfig config;
+        config.Handler = delegateGetCredentials;
+        auto provider = CredentialsProvider::CreateCredentialsProviderDelegate(config, allocator);
+        GetCredentialsWaiter waiter(provider);
+
+        auto creds = waiter.GetCredentials();
+        auto cursor = creds->GetAccessKeyId();
+        // Don't use ASSERT_STR_EQUALS(), which could log actual credentials if test fails.
+        ASSERT_TRUE(aws_byte_cursor_eq_c_str(&cursor, s_access_key_id));
+        cursor = creds->GetSecretAccessKey();
+        ASSERT_TRUE(aws_byte_cursor_eq_c_str(&cursor, s_secret_access_key));
+        cursor = creds->GetSessionToken();
+        ASSERT_TRUE(aws_byte_cursor_eq_c_str(&cursor, s_session_token));
+    }
+
+    return AWS_OP_SUCCESS;
+}
+
+AWS_TEST_CASE(TestProviderDelegateGet, s_TestProviderDelegateGet)
