Skip to content

Commit b15b93f

Browse files
bretambrosebretambrose
authored
Credentials and credentials provider bindings (aws#42)
* Credentials and credentials provider bindings
1 parent 39dada6 commit b15b93f

File tree

5 files changed

+719
-1
lines changed

5 files changed

+719
-1
lines changed

include/aws/crt/auth/Credentials.h

Lines changed: 274 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,274 @@
1+
#pragma once
2+
/*
3+
* Copyright 2010-2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
4+
*
5+
* Licensed under the Apache License, Version 2.0 (the "License").
6+
* You may not use this file except in compliance with the License.
7+
* A copy of the License is located at
8+
*
9+
* http://aws.amazon.com/apache2.0
10+
*
11+
* or in the "license" file accompanying this file. This file is distributed
12+
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
13+
* express or implied. See the License for the specific language governing
14+
* permissions and limitations under the License.
15+
*/
16+
17+
#include <aws/crt/Exports.h>
18+
#include <aws/crt/Types.h>
19+
20+
#include <chrono>
21+
#include <functional>
22+
23+
struct aws_credentials;
24+
struct aws_credentials_provider;
25+
26+
namespace Aws
27+
{
28+
namespace Crt
29+
{
30+
namespace Io
31+
{
32+
class ClientBootstrap;
33+
}
34+
35+
namespace Auth
36+
{
37+
/*
38+
* A class to hold the basic components necessary for various AWS authentication protocols.
39+
*/
40+
class AWS_CRT_CPP_API Credentials
41+
{
42+
public:
43+
Credentials(aws_credentials *credentials, Allocator *allocator = DefaultAllocator()) noexcept;
44+
Credentials(
45+
ByteCursor access_key_id,
46+
ByteCursor secret_access_key,
47+
ByteCursor session_token,
48+
Allocator *allocator = DefaultAllocator()) noexcept;
49+
50+
~Credentials();
51+
52+
Credentials(const Credentials &) = delete;
53+
Credentials(Credentials &&) = delete;
54+
Credentials &operator=(const Credentials &) = delete;
55+
Credentials &operator=(Credentials &&) = delete;
56+
57+
ByteCursor GetAccessKeyId() const noexcept;
58+
59+
ByteCursor GetSecretAccessKey() const noexcept;
60+
61+
ByteCursor GetSessionToken() const noexcept;
62+
63+
operator bool() const noexcept;
64+
65+
aws_credentials *GetUnderlyingHandle() const noexcept;
66+
67+
private:
68+
aws_credentials *m_credentials;
69+
};
70+
71+
/*
72+
* Callback invoked by credentials providers when resolution succeeds (credentials will be non-null)
73+
* or fails (credentials will be null)
74+
*/
75+
using OnCredentialsResolved = std::function<void(std::shared_ptr<Credentials>)>;
76+
77+
/*
78+
* Base interface for all credentials providers. Credentials providers are objects that
79+
* retrieve (asynchronously) AWS credentials from some source.
80+
*/
81+
class AWS_CRT_CPP_API ICredentialsProvider : public std::enable_shared_from_this<ICredentialsProvider>
82+
{
83+
public:
84+
virtual ~ICredentialsProvider() = default;
85+
86+
/*
87+
* Asynchronous method to query for AWS credentials based on the internal provider implementation.
88+
*/
89+
virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const = 0;
90+
91+
/*
92+
* Returns the underlying credentials provider implementation. Support for credentials providers
93+
* not based on a C implementation is theoretically possible, but requires some re-implementation to
94+
* support provider chains and caching (whose implementations rely on links to C implementation
95+
* providers)
96+
*/
97+
virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept = 0;
98+
99+
/*
100+
* Validity check
101+
*/
102+
virtual operator bool() const noexcept = 0;
103+
};
104+
105+
/*
106+
* Configuration options for the static credentials provider
107+
*/
108+
struct AWS_CRT_CPP_API CredentialsProviderStaticConfig
109+
{
110+
CredentialsProviderStaticConfig() : m_accessKeyId(), m_secretAccessKey(), m_sessionToken() {}
111+
112+
ByteCursor m_accessKeyId;
113+
ByteCursor m_secretAccessKey;
114+
ByteCursor m_sessionToken;
115+
};
116+
117+
/*
118+
* Configuration options for the profile credentials provider
119+
*/
120+
struct AWS_CRT_CPP_API CredentialsProviderProfileConfig
121+
{
122+
CredentialsProviderProfileConfig()
123+
: m_profileNameOverride(), m_configFileNameOverride(), m_credentialsFileNameOverride()
124+
{
125+
}
126+
127+
ByteCursor m_profileNameOverride;
128+
ByteCursor m_configFileNameOverride;
129+
ByteCursor m_credentialsFileNameOverride;
130+
};
131+
132+
/*
133+
* Configuration options for the Ec2 instance metadata service credentials provider
134+
*/
135+
struct AWS_CRT_CPP_API CredentialsProviderImdsConfig
136+
{
137+
CredentialsProviderImdsConfig() : m_bootstrap(nullptr) {}
138+
139+
Io::ClientBootstrap *m_bootstrap;
140+
};
141+
142+
/*
143+
* Configuration options for a chain-of-responsibility-based credentials provider.
144+
* This provider works by traversing the chain and returning the first positive
145+
* result.
146+
*/
147+
struct AWS_CRT_CPP_API CredentialsProviderChainConfig
148+
{
149+
CredentialsProviderChainConfig() : m_providers() {}
150+
151+
Vector<std::shared_ptr<ICredentialsProvider>> m_providers;
152+
};
153+
154+
/*
155+
* Configuration options for a provider that caches the results of another provider
156+
*/
157+
struct AWS_CRT_CPP_API CredentialsProviderCachedConfig
158+
{
159+
CredentialsProviderCachedConfig() : m_provider(nullptr), m_refreshTime() {}
160+
161+
std::shared_ptr<ICredentialsProvider> m_provider;
162+
std::chrono::milliseconds m_refreshTime;
163+
};
164+
165+
/*
166+
* Configuration options for a provider that implements a cached provider chain
167+
* based on the AWS SDK defaults:
168+
*
169+
* Cache-Of(Environment -> Profile -> IMDS)
170+
*/
171+
struct AWS_CRT_CPP_API CredentialsProviderChainDefaultConfig
172+
{
173+
CredentialsProviderChainDefaultConfig() : m_bootstrap(nullptr) {}
174+
175+
Io::ClientBootstrap *m_bootstrap;
176+
};
177+
178+
/*
179+
* Simple credentials provider implementation that wraps one of the internal C-based implementations.
180+
*
181+
* Contains a set of static factory methods for building each supported provider, as well as one for the
182+
* default provider chain.
183+
*/
184+
class AWS_CRT_CPP_API CredentialsProvider : public ICredentialsProvider
185+
{
186+
public:
187+
CredentialsProvider(
188+
aws_credentials_provider *provider,
189+
Allocator *allocator = DefaultAllocator()) noexcept;
190+
191+
virtual ~CredentialsProvider();
192+
193+
CredentialsProvider(const CredentialsProvider &) = delete;
194+
CredentialsProvider(CredentialsProvider &&) = delete;
195+
CredentialsProvider &operator=(const CredentialsProvider &) = delete;
196+
CredentialsProvider &operator=(CredentialsProvider &&) = delete;
197+
198+
/*
199+
* Asynchronous method to query for AWS credentials based on the internal provider implementation.
200+
*/
201+
virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const override;
202+
203+
virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept override { return m_provider; }
204+
205+
virtual operator bool() const noexcept override { return m_provider != nullptr; }
206+
207+
/*
208+
* Factory methods for all of the basic credentials provider types
209+
*
210+
* NYI: X509, ECS
211+
*/
212+
213+
/**
214+
* A provider that returns a fixed set of credentials
215+
*/
216+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderStatic(
217+
const CredentialsProviderStaticConfig &config,
218+
Allocator *allocator = DefaultAllocator());
219+
220+
/*
221+
* A provider that returns credentials sourced from environment variables
222+
*/
223+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderEnvironment(
224+
Allocator *allocator = DefaultAllocator());
225+
226+
/*
227+
* A provider that returns credentials sourced from config files
228+
*/
229+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderProfile(
230+
const CredentialsProviderProfileConfig &config,
231+
Allocator *allocator = DefaultAllocator());
232+
233+
/*
234+
* A provider that returns credentials sourced from Ec2 instance metadata service
235+
*/
236+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderImds(
237+
const CredentialsProviderImdsConfig &config,
238+
Allocator *allocator = DefaultAllocator());
239+
240+
/*
241+
* A provider that sources credentials by querying a series of providers and
242+
* returning the first valid credential set encountered
243+
*/
244+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChain(
245+
const CredentialsProviderChainConfig &config,
246+
Allocator *allocator = DefaultAllocator());
247+
248+
/*
249+
* A provider that puts a simple time-based cache in front of its queries
250+
* to a subordinate provider.
251+
*/
252+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCached(
253+
const CredentialsProviderCachedConfig &config,
254+
Allocator *allocator = DefaultAllocator());
255+
256+
/*
257+
* The SDK-standard default credentials provider which is a cache-fronted chain of:
258+
*
259+
* Environment -> Profile -> IMDS
260+
*
261+
*/
262+
static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChainDefault(
263+
const CredentialsProviderChainDefaultConfig &config,
264+
Allocator *allocator = DefaultAllocator());
265+
266+
private:
267+
static void s_onCredentialsResolved(aws_credentials *credentials, void *user_data);
268+
269+
Allocator *m_allocator;
270+
aws_credentials_provider *m_provider;
271+
};
272+
} // namespace Auth
273+
} // namespace Crt
274+
} // namespace Aws

0 commit comments

Comments
 (0)