• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright 2020 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //     http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
18 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
19 
20 #include <grpc/support/port_platform.h>
21 
22 #include "src/core/lib/security/credentials/external/external_account_credentials.h"
23 
24 #include "src/core/lib/security/credentials/external/aws_request_signer.h"
25 
26 namespace grpc_core {
27 
28 class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
29  public:
30   static RefCountedPtr<AwsExternalAccountCredentials> Create(
31       Options options, std::vector<std::string> scopes,
32       grpc_error_handle* error);
33 
34   AwsExternalAccountCredentials(Options options,
35                                 std::vector<std::string> scopes,
36                                 grpc_error_handle* error);
37 
38  private:
39   void RetrieveSubjectToken(
40       HTTPRequestContext* ctx, const Options& options,
41       std::function<void(std::string, grpc_error_handle)> cb) override;
42 
43   void RetrieveRegion();
44   static void OnRetrieveRegion(void* arg, grpc_error_handle error);
45   void OnRetrieveRegionInternal(grpc_error_handle error);
46 
47   void RetrieveRoleName();
48   static void OnRetrieveRoleName(void* arg, grpc_error_handle error);
49   void OnRetrieveRoleNameInternal(grpc_error_handle error);
50 
51   void RetrieveSigningKeys();
52   static void OnRetrieveSigningKeys(void* arg, grpc_error_handle error);
53   void OnRetrieveSigningKeysInternal(grpc_error_handle error);
54 
55   void BuildSubjectToken();
56   void FinishRetrieveSubjectToken(std::string subject_token,
57                                   grpc_error_handle error);
58 
59   std::string audience_;
60 
61   // Fields of credential source
62   std::string region_url_;
63   std::string url_;
64   std::string regional_cred_verification_url_;
65 
66   // Information required by request signer
67   std::string region_;
68   std::string role_name_;
69   std::string access_key_id_;
70   std::string secret_access_key_;
71   std::string token_;
72 
73   std::unique_ptr<AwsRequestSigner> signer_;
74   std::string cred_verification_url_;
75 
76   HTTPRequestContext* ctx_ = nullptr;
77   std::function<void(std::string, grpc_error_handle)> cb_ = nullptr;
78 };
79 
80 }  // namespace grpc_core
81 
82 #endif  // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
83