AWS Encryption SDK for C v2.4
Loading...
Searching...
No Matches
kms_keyring.h
Go to the documentation of this file.
1/*
2 * Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. A copy of the License is
6 * located at
7 *
8 * http://aws.amazon.com/apache2.0/
9 *
10 * or in the "license" file accompanying this file. This file is distributed on an
11 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
12 * implied. See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15#ifndef AWS_ENCRYPTION_SDK_KMS_KEYRING_H
16#define AWS_ENCRYPTION_SDK_KMS_KEYRING_H
17
18#include <aws/cryptosdk/cpp/exports.h>
19
20#include <aws/core/Aws.h>
21#include <aws/core/utils/Outcome.h>
22#include <aws/core/utils/memory/stl/AWSMap.h>
23#include <aws/core/utils/memory/stl/AWSSet.h>
24#include <aws/core/utils/memory/stl/AWSString.h>
25#include <aws/core/utils/memory/stl/AWSVector.h>
26#include <aws/cryptosdk/materials.h>
27#include <aws/kms/KMSClient.h>
28#include <functional>
29#include <mutex>
30
31namespace Aws {
32namespace Cryptosdk {
33namespace KmsKeyring {
34class ClientSupplier;
35class DiscoveryFilter;
36
50
64class AWS_CRYPTOSDK_CPP_API Builder {
65 public:
74 Builder &WithGrantToken(const Aws::String &grant_token);
75
84 Builder &WithGrantTokens(const Aws::Vector<Aws::String> &grant_tokens);
85
91 Builder &WithClientSupplier(const std::shared_ptr<ClientSupplier> &client_supplier);
92
97 Builder &WithKmsClient(const std::shared_ptr<KMS::KMSClient> &kms_client);
98
130 aws_cryptosdk_keyring *Build(
131 const Aws::String &generator_key_id, const Aws::Vector<Aws::String> &additional_key_ids = {}) const;
132
147 aws_cryptosdk_keyring *BuildDiscovery() const;
148
169 aws_cryptosdk_keyring *BuildDiscovery(std::shared_ptr<KmsKeyring::DiscoveryFilter> discovery_filter) const;
170
171 private:
172 std::shared_ptr<KMS::KMSClient> kms_client;
173 Aws::Vector<Aws::String> grant_tokens;
174 std::shared_ptr<ClientSupplier> client_supplier;
175};
176
181class AWS_CRYPTOSDK_CPP_API ClientSupplier {
182 public:
183 virtual ~ClientSupplier(){};
192 virtual std::shared_ptr<KMS::KMSClient> GetClient(
193 const Aws::String &region, std::function<void()> &report_success) = 0;
194};
195
196class AWS_CRYPTOSDK_CPP_API CachingClientSupplier : public ClientSupplier {
197 public:
201 static std::shared_ptr<CachingClientSupplier> Create();
202
209 std::shared_ptr<KMS::KMSClient> GetClient(const Aws::String &region, std::function<void()> &report_success);
210
211 protected:
212 mutable std::mutex cache_mutex;
216 Aws::Map<Aws::String, std::shared_ptr<Aws::KMS::KMSClient>> cache;
217};
218
223class AWS_CRYPTOSDK_CPP_API SingleClientSupplier : public ClientSupplier {
224 public:
228 static std::shared_ptr<SingleClientSupplier> Create(const std::shared_ptr<KMS::KMSClient> &kms_client);
229
233 std::shared_ptr<KMS::KMSClient> GetClient(const Aws::String &, std::function<void()> &report_success);
234
235 SingleClientSupplier(const std::shared_ptr<KMS::KMSClient> &kms_client) : kms_client(kms_client) {}
236
237 private:
238 std::shared_ptr<KMS::KMSClient> kms_client;
239};
240
244class AWS_CRYPTOSDK_CPP_API DiscoveryFilterBuilder {
245 public:
249 DiscoveryFilterBuilder(Aws::String partition) : partition(partition) {}
250
254 DiscoveryFilterBuilder &AddAccount(const Aws::String &account_id);
255
259 DiscoveryFilterBuilder &AddAccounts(const Aws::Vector<Aws::String> &account_ids);
260
264 DiscoveryFilterBuilder &WithAccounts(const Aws::Vector<Aws::String> &account_ids);
265
270 std::shared_ptr<DiscoveryFilter> Build() const;
271
272 private:
273 Aws::String partition;
274 Aws::Set<Aws::String> account_ids;
275};
276
281class AWS_CRYPTOSDK_CPP_API DiscoveryFilter {
282 public:
288 bool IsAuthorized(const Aws::String &key_arn) const;
289
290 DiscoveryFilter() = delete;
291
295 static DiscoveryFilterBuilder Builder(Aws::String partition);
296
297 protected:
298 DiscoveryFilter(Aws::String partition, Aws::Set<Aws::String> account_ids)
299 : partition(partition), account_ids(account_ids) {}
300
301 private:
302 Aws::String partition;
303 Aws::Set<Aws::String> account_ids;
304};
305 // doxygen group kms_keyring
307
308} // namespace KmsKeyring
309
310} // namespace Cryptosdk
311} // namespace Aws
312
313#endif // AWS_ENCRYPTION_SDK_KMS_KEYRING_H
Aws::Cryptosdk::KmsKeyring::Builder::BuildDiscovery
aws_cryptosdk_keyring * BuildDiscovery(std::shared_ptr< KmsKeyring::DiscoveryFilter > discovery_filter) const
Aws::Cryptosdk::KmsKeyring::Builder::Build
aws_cryptosdk_keyring * Build(const Aws::String &generator_key_id, const Aws::Vector< Aws::String > &additional_key_ids={}) const
Aws::Cryptosdk::KmsKeyring::Builder::WithClientSupplier
Builder & WithClientSupplier(const std::shared_ptr< ClientSupplier > &client_supplier)
Aws::Cryptosdk::KmsKeyring::Builder::WithKmsClient
Builder & WithKmsClient(const std::shared_ptr< KMS::KMSClient > &kms_client)
Aws::Cryptosdk::KmsKeyring::Builder::WithGrantToken
Builder & WithGrantToken(const Aws::String &grant_token)
Aws::Cryptosdk::KmsKeyring::Builder::BuildDiscovery
aws_cryptosdk_keyring * BuildDiscovery() const
Aws::Cryptosdk::KmsKeyring::Builder::WithGrantTokens
Builder & WithGrantTokens(const Aws::Vector< Aws::String > &grant_tokens)
Aws::Cryptosdk::KmsKeyring::CachingClientSupplier::Create
static std::shared_ptr< CachingClientSupplier > Create()
Aws::Cryptosdk::KmsKeyring::CachingClientSupplier::GetClient
std::shared_ptr< KMS::KMSClient > GetClient(const Aws::String &region, std::function< void()> &report_success)
Aws::Cryptosdk::KmsKeyring::CachingClientSupplier::cache
Aws::Map< Aws::String, std::shared_ptr< Aws::KMS::KMSClient > > cache
Definition kms_keyring.h:216
Aws::Cryptosdk::KmsKeyring::ClientSupplier::GetClient
virtual std::shared_ptr< KMS::KMSClient > GetClient(const Aws::String &region, std::function< void()> &report_success)=0
Aws::Cryptosdk::KmsKeyring::DiscoveryFilterBuilder::Build
std::shared_ptr< DiscoveryFilter > Build() const
Aws::Cryptosdk::KmsKeyring::DiscoveryFilterBuilder::AddAccount
DiscoveryFilterBuilder & AddAccount(const Aws::String &account_id)
Aws::Cryptosdk::KmsKeyring::DiscoveryFilterBuilder::WithAccounts
DiscoveryFilterBuilder & WithAccounts(const Aws::Vector< Aws::String > &account_ids)
Aws::Cryptosdk::KmsKeyring::DiscoveryFilterBuilder::AddAccounts
DiscoveryFilterBuilder & AddAccounts(const Aws::Vector< Aws::String > &account_ids)
Aws::Cryptosdk::KmsKeyring::DiscoveryFilter::IsAuthorized
bool IsAuthorized(const Aws::String &key_arn) const
Aws::Cryptosdk::KmsKeyring::DiscoveryFilter::DiscoveryFilter
DiscoveryFilter(Aws::String partition, Aws::Set< Aws::String > account_ids)
Definition kms_keyring.h:298
Aws::Cryptosdk::KmsKeyring::DiscoveryFilter::Builder
static DiscoveryFilterBuilder Builder(Aws::String partition)
Aws::Cryptosdk::KmsKeyring::SingleClientSupplier::SingleClientSupplier
SingleClientSupplier(const std::shared_ptr< KMS::KMSClient > &kms_client)
Definition kms_keyring.h:235
Aws::Cryptosdk::KmsKeyring::SingleClientSupplier::GetClient
std::shared_ptr< KMS::KMSClient > GetClient(const Aws::String &, std::function< void()> &report_success)
Aws::Cryptosdk::KmsKeyring::SingleClientSupplier::Create
static std::shared_ptr< SingleClientSupplier > Create(const std::shared_ptr< KMS::KMSClient > &kms_client)
aws_cryptosdk_keyring
Definition materials.h:96
Generated by doxygen 1.13.2