aws-crt-cpp
C++ wrapper around the aws-c-* libraries. Provides Cross-Platform Transport Protocols and SSL/TLS implementations for C++.
Credentials.h
Go to the documentation of this file.
1 #pragma once
2 
7 #include <aws/crt/Exports.h>
8 #include <aws/crt/Types.h>
10 #include <aws/crt/io/TlsOptions.h>
11 
12 #include <chrono>
13 #include <functional>
14 
15 struct aws_credentials;
16 struct aws_credentials_provider;
17 
18 namespace Aws
19 {
20  namespace Crt
21  {
22  namespace Io
23  {
24  class ClientBootstrap;
25  }
26 
27  namespace Http
28  {
30  }
31 
32  namespace Auth
33  {
38  {
39  public:
40  Credentials(const aws_credentials *credentials) noexcept;
42  ByteCursor access_key_id,
43  ByteCursor secret_access_key,
44  ByteCursor session_token,
45  uint64_t expiration_timepoint_in_seconds,
46  Allocator *allocator = ApiAllocator()) noexcept;
47 
53  Credentials(Allocator *allocator = ApiAllocator()) noexcept;
54 
55  ~Credentials();
56 
57  Credentials(const Credentials &) = delete;
58  Credentials(Credentials &&) = delete;
59  Credentials &operator=(const Credentials &) = delete;
60  Credentials &operator=(Credentials &&) = delete;
61 
65  ByteCursor GetAccessKeyId() const noexcept;
66 
70  ByteCursor GetSecretAccessKey() const noexcept;
71 
75  ByteCursor GetSessionToken() const noexcept;
76 
80  uint64_t GetExpirationTimepointInSeconds() const noexcept;
81 
85  explicit operator bool() const noexcept;
86 
90  const aws_credentials *GetUnderlyingHandle() const noexcept { return m_credentials; }
91 
92  private:
93  const aws_credentials *m_credentials;
94  };
95 
100  using OnCredentialsResolved = std::function<void(std::shared_ptr<Credentials>, int errorCode)>;
101 
105  using GetCredentialsHandler = std::function<std::shared_ptr<Credentials>()>;
106 
111  class AWS_CRT_CPP_API ICredentialsProvider : public std::enable_shared_from_this<ICredentialsProvider>
112  {
113  public:
114  virtual ~ICredentialsProvider() = default;
115 
119  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const = 0;
120 
127  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept = 0;
128 
132  virtual bool IsValid() const noexcept = 0;
133  };
134 
139  {
141  {
142  AWS_ZERO_STRUCT(AccessKeyId);
143  AWS_ZERO_STRUCT(SecretAccessKey);
144  AWS_ZERO_STRUCT(SessionToken);
145  }
146 
151 
156 
161  };
162 
167  {
168  CredentialsProviderProfileConfig() : Bootstrap(nullptr), TlsContext(nullptr)
169  {
170  AWS_ZERO_STRUCT(ProfileNameOverride);
171  AWS_ZERO_STRUCT(ConfigFileNameOverride);
172  AWS_ZERO_STRUCT(CredentialsFileNameOverride);
173  }
174 
179 
185 
191 
197 
207  };
208 
213  {
214  CredentialsProviderImdsConfig() : Bootstrap(nullptr) {}
215 
224  };
225 
232  {
234 
239  };
240 
245  {
246  CredentialsProviderCachedConfig() : Provider(), CachedCredentialTTL() {}
247 
251  std::shared_ptr<ICredentialsProvider> Provider;
252 
256  std::chrono::milliseconds CachedCredentialTTL;
257  };
258 
266  {
267  CredentialsProviderChainDefaultConfig() : Bootstrap(nullptr), TlsContext(nullptr) {}
268 
276 
285  };
286 
291  {
293  : Bootstrap(nullptr), TlsOptions(), ThingName(), RoleAlias(), Endpoint(), ProxyOptions()
294  {
295  }
296 
305 
306  /* TLS connection options that have been initialized with your x509 certificate and private key */
308 
309  /* IoT thing name you registered with AWS IOT for your device, it will be used in http request header */
311 
312  /* Iot role alias you created with AWS IoT for your IAM role, it will be used in http request path */
314 
322 
327  };
328 
333  {
334  /* handler to provider credentials */
336  };
337 
342  {
343 
348 
353  };
354 
359  {
361 
366 
371 
376 
382 
391 
396 
401  };
402 
407  {
409 
413  std::shared_ptr<ICredentialsProvider> Provider;
414 
419 
424 
428  uint16_t DurationSeconds;
429 
438 
443 
448  };
449 
457  {
458  public:
459  CredentialsProvider(aws_credentials_provider *provider, Allocator *allocator = ApiAllocator()) noexcept;
460 
461  virtual ~CredentialsProvider();
462 
463  CredentialsProvider(const CredentialsProvider &) = delete;
465  CredentialsProvider &operator=(const CredentialsProvider &) = delete;
466  CredentialsProvider &operator=(CredentialsProvider &&) = delete;
467 
471  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const override;
472 
476  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept override { return m_provider; }
477 
481  virtual bool IsValid() const noexcept override { return m_provider != nullptr; }
482 
483  /*
484  * Factory methods for all of the basic credentials provider types
485  */
486 
490  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderStatic(
491  const CredentialsProviderStaticConfig &config,
492  Allocator *allocator = ApiAllocator());
493 
498  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderAnonymous(
499  Allocator *allocator = ApiAllocator());
500 
504  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderEnvironment(
505  Allocator *allocator = ApiAllocator());
506 
510  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderProfile(
511  const CredentialsProviderProfileConfig &config,
512  Allocator *allocator = ApiAllocator());
513 
517  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderImds(
518  const CredentialsProviderImdsConfig &config,
519  Allocator *allocator = ApiAllocator());
520 
525  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChain(
526  const CredentialsProviderChainConfig &config,
527  Allocator *allocator = ApiAllocator());
528 
529  /*
530  * Creates a provider that puts a simple time-based cache in front of its queries
531  * to a subordinate provider.
532  */
533  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCached(
534  const CredentialsProviderCachedConfig &config,
535  Allocator *allocator = ApiAllocator());
536 
543  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChainDefault(
545  Allocator *allocator = ApiAllocator());
546 
551  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderX509(
552  const CredentialsProviderX509Config &config,
553  Allocator *allocator = ApiAllocator());
554 
559  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderDelegate(
560  const CredentialsProviderDelegateConfig &config,
561  Allocator *allocator = ApiAllocator());
562 
566  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCognito(
567  const CredentialsProviderCognitoConfig &config,
568  Allocator *allocator = ApiAllocator());
569 
573  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderSTS(
574  const CredentialsProviderSTSConfig &config,
575  Allocator *allocator = ApiAllocator());
576 
577  private:
578  static void s_onCredentialsResolved(aws_credentials *credentials, int error_code, void *user_data);
579 
580  Allocator *m_allocator;
581  aws_credentials_provider *m_provider;
582  };
583  } // namespace Auth
584  } // namespace Crt
585 } // namespace Aws
Io::TlsContext TlsCtx
Definition: Credentials.h:395
Io::TlsConnectionOptions TlsOptions
Definition: Credentials.h:307
ByteCursor ConfigFileNameOverride
Definition: Credentials.h:184
Definition: TlsOptions.h:349
ByteCursor AccessKeyId
Definition: Credentials.h:150
CredentialsProviderProfileConfig()
Definition: Credentials.h:168
virtual aws_credentials_provider * GetUnderlyingHandle() const noexcept override
Definition: Credentials.h:476
String SessionName
Definition: Credentials.h:423
#define AWS_CRT_CPP_API
Definition: Exports.h:36
String ThingName
Definition: Credentials.h:310
String Endpoint
Definition: Credentials.h:365
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:390
ByteCursor CredentialsFileNameOverride
Definition: Credentials.h:190
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:447
CredentialsProviderChainConfig()
Definition: Credentials.h:233
ByteCursor SessionToken
Definition: Credentials.h:160
CredentialsProviderX509Config()
Definition: Credentials.h:292
const aws_credentials * GetUnderlyingHandle() const noexcept
Definition: Credentials.h:90
std::basic_string< char, std::char_traits< char >, StlAllocator< char >> String
Definition: Types.h:45
Io::TlsContext * TlsContext
Definition: Credentials.h:206
String IdentityProviderName
Definition: Credentials.h:347
aws_allocator Allocator
Definition: Allocator.h:14
aws_byte_cursor ByteCursor
Definition: Types.h:31
std::chrono::milliseconds CachedCredentialTTL
Definition: Credentials.h:256
Definition: HttpConnection.h:269
String Identity
Definition: Credentials.h:370
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:196
CredentialsProviderStaticConfig()
Definition: Credentials.h:140
ByteCursor ProfileNameOverride
Definition: Credentials.h:178
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:251
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition: Allocator.cpp:24
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:437
uint16_t DurationSeconds
Definition: Credentials.h:428
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:400
String IdentityProviderToken
Definition: Credentials.h:352
CredentialsProviderImdsConfig()
Definition: Credentials.h:214
String Endpoint
Definition: Credentials.h:321
String RoleArn
Definition: Credentials.h:418
String RoleAlias
Definition: Credentials.h:313
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:413
CredentialsProviderCachedConfig()
Definition: Credentials.h:246
Definition: Credentials.h:111
Definition: Credentials.h:456
Definition: Bootstrap.h:34
CredentialsProviderChainDefaultConfig()
Definition: Credentials.h:267
std::vector< T, StlAllocator< T >> Vector
Definition: Types.h:53
GetCredentialsHandler Handler
Definition: Credentials.h:335
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:223
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:275
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:326
Optional< Vector< CognitoLoginPair > > Logins
Definition: Credentials.h:375
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:304
ByteCursor SecretAccessKey
Definition: Credentials.h:155
Definition: Credentials.h:341
Definition: TlsOptions.h:292
virtual bool IsValid() const noexcept override
Definition: Credentials.h:481
std::function< void(std::shared_ptr< Credentials >, int errorCode)> OnCredentialsResolved
Definition: Credentials.h:100
Io::TlsContext TlsCtx
Definition: Credentials.h:442
Io::TlsContext * TlsContext
Definition: Credentials.h:284
Definition: Credentials.h:37
Vector< std::shared_ptr< ICredentialsProvider > > Providers
Definition: Credentials.h:238
Optional< String > CustomRoleArn
Definition: Credentials.h:381
Definition: Allocator.h:10
std::function< std::shared_ptr< Credentials >()> GetCredentialsHandler
Definition: Credentials.h:105