1 //
2 // Copyright 2020 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //     http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
18 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
19 
20 #include <grpc/support/port_platform.h>
21 
22 #include "src/core/lib/security/credentials/external/external_account_credentials.h"
23 
24 #include "src/core/lib/security/credentials/external/aws_request_signer.h"
25 
26 namespace grpc_core {
27 
28 class AwsExternalAccountCredentials final : public ExternalAccountCredentials {
29  public:
30   static RefCountedPtr<AwsExternalAccountCredentials> Create(
31       Options options, std::vector<std::string> scopes, grpc_error** error);
32 
33   AwsExternalAccountCredentials(Options options,
34                                 std::vector<std::string> scopes,
35                                 grpc_error** error);
36 
37  private:
38   void RetrieveSubjectToken(
39       HTTPRequestContext* ctx, const Options& options,
40       std::function<void(std::string, grpc_error*)> cb) override;
41 
42   void RetrieveRegion();
43   static void OnRetrieveRegion(void* arg, grpc_error* error);
44   void OnRetrieveRegionInternal(grpc_error* error);
45 
46   void RetrieveRoleName();
47   static void OnRetrieveRoleName(void* arg, grpc_error* error);
48   void OnRetrieveRoleNameInternal(grpc_error* error);
49 
50   void RetrieveSigningKeys();
51   static void OnRetrieveSigningKeys(void* arg, grpc_error* error);
52   void OnRetrieveSigningKeysInternal(grpc_error* error);
53 
54   void BuildSubjectToken();
55   void FinishRetrieveSubjectToken(std::string subject_token, grpc_error* error);
56 
57   std::string audience_;
58 
59   // Fields of credential source
60   std::string region_url_;
61   std::string url_;
62   std::string regional_cred_verification_url_;
63 
64   // Information required by request signer
65   std::string region_;
66   std::string role_name_;
67   std::string access_key_id_;
68   std::string secret_access_key_;
69   std::string token_;
70 
71   std::unique_ptr<AwsRequestSigner> signer_;
72   std::string cred_verification_url_;
73 
74   HTTPRequestContext* ctx_ = nullptr;
75   std::function<void(std::string, grpc_error*)> cb_ = nullptr;
76 };
77 
78 }  // namespace grpc_core
79 
80 #endif  // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_AWS_EXTERNAL_ACCOUNT_CREDENTIALS_H
81