AWS IoT Device SDK C++ v2  1.33.0
AWS IoT Device SDK C++ v2
Credentials.h
Go to the documentation of this file.
1 #pragma once
2 
7 #include <aws/crt/Exports.h>
8 #include <aws/crt/Types.h>
9 #include <aws/crt/http/HttpConnection.h>
10 #include <aws/crt/io/TlsOptions.h>
11 
12 #include <chrono>
13 #include <functional>
14 
15 struct aws_credentials;
16 struct aws_credentials_provider;
17 
18 namespace Aws
19 {
20  namespace Crt
21  {
22  namespace Io
23  {
24  class ClientBootstrap;
25  }
26 
27  namespace Http
28  {
29  class HttpClientConnectionProxyOptions;
30  }
31 
32  namespace Auth
33  {
37  class AWS_CRT_CPP_API Credentials
38  {
39  public:
40  Credentials(const aws_credentials *credentials) noexcept;
41  Credentials(
42  ByteCursor access_key_id,
43  ByteCursor secret_access_key,
44  ByteCursor session_token,
45  uint64_t expiration_timepoint_in_seconds,
46  Allocator *allocator = ApiAllocator()) noexcept;
47 
53  Credentials(Allocator *allocator = ApiAllocator()) noexcept;
54 
55  ~Credentials();
56 
57  Credentials(const Credentials &) = delete;
58  Credentials(Credentials &&) = delete;
59  Credentials &operator=(const Credentials &) = delete;
60  Credentials &operator=(Credentials &&) = delete;
61 
65  ByteCursor GetAccessKeyId() const noexcept;
66 
70  ByteCursor GetSecretAccessKey() const noexcept;
71 
75  ByteCursor GetSessionToken() const noexcept;
76 
80  uint64_t GetExpirationTimepointInSeconds() const noexcept;
81 
85  explicit operator bool() const noexcept;
86 
90  const aws_credentials *GetUnderlyingHandle() const noexcept { return m_credentials; }
91 
92  private:
93  const aws_credentials *m_credentials;
94  };
95 
100  using OnCredentialsResolved = std::function<void(std::shared_ptr<Credentials>, int errorCode)>;
101 
105  using GetCredentialsHandler = std::function<std::shared_ptr<Credentials>()>;
106 
111  class AWS_CRT_CPP_API ICredentialsProvider : public std::enable_shared_from_this<ICredentialsProvider>
112  {
113  public:
114  virtual ~ICredentialsProvider() = default;
115 
119  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const = 0;
120 
127  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept = 0;
128 
132  virtual bool IsValid() const noexcept = 0;
133  };
134 
138  struct AWS_CRT_CPP_API CredentialsProviderStaticConfig
139  {
140  CredentialsProviderStaticConfig()
141  {
142  AWS_ZERO_STRUCT(AccessKeyId);
143  AWS_ZERO_STRUCT(SecretAccessKey);
144  AWS_ZERO_STRUCT(SessionToken);
145  }
146 
150  ByteCursor AccessKeyId;
151 
155  ByteCursor SecretAccessKey;
156 
160  ByteCursor SessionToken;
161  };
162 
166  struct AWS_CRT_CPP_API CredentialsProviderProfileConfig
167  {
168  CredentialsProviderProfileConfig() : Bootstrap(nullptr), TlsContext(nullptr)
169  {
170  AWS_ZERO_STRUCT(ProfileNameOverride);
171  AWS_ZERO_STRUCT(ConfigFileNameOverride);
172  AWS_ZERO_STRUCT(CredentialsFileNameOverride);
173  }
174 
178  ByteCursor ProfileNameOverride;
179 
184  ByteCursor ConfigFileNameOverride;
185 
190  ByteCursor CredentialsFileNameOverride;
191 
196  Io::ClientBootstrap *Bootstrap;
197 
206  Io::TlsContext *TlsContext;
207  };
208 
212  struct AWS_CRT_CPP_API CredentialsProviderImdsConfig
213  {
214  CredentialsProviderImdsConfig() : Bootstrap(nullptr) {}
215 
223  Io::ClientBootstrap *Bootstrap;
224  };
225 
231  struct AWS_CRT_CPP_API CredentialsProviderChainConfig
232  {
233  CredentialsProviderChainConfig() : Providers() {}
234 
238  Vector<std::shared_ptr<ICredentialsProvider>> Providers;
239  };
240 
244  struct AWS_CRT_CPP_API CredentialsProviderCachedConfig
245  {
246  CredentialsProviderCachedConfig() : Provider(), CachedCredentialTTL() {}
247 
251  std::shared_ptr<ICredentialsProvider> Provider;
252 
256  std::chrono::milliseconds CachedCredentialTTL;
257  };
258 
265  struct AWS_CRT_CPP_API CredentialsProviderChainDefaultConfig
266  {
267  CredentialsProviderChainDefaultConfig() : Bootstrap(nullptr), TlsContext(nullptr) {}
268 
275  Io::ClientBootstrap *Bootstrap;
276 
284  Io::TlsContext *TlsContext;
285  };
286 
290  struct AWS_CRT_CPP_API CredentialsProviderX509Config
291  {
292  CredentialsProviderX509Config()
293  : Bootstrap(nullptr), TlsOptions(), ThingName(), RoleAlias(), Endpoint(), ProxyOptions()
294  {
295  }
296 
304  Io::ClientBootstrap *Bootstrap;
305 
306  /* TLS connection options that have been initialized with your x509 certificate and private key */
307  Io::TlsConnectionOptions TlsOptions;
308 
309  /* IoT thing name you registered with AWS IOT for your device, it will be used in http request header */
310  String ThingName;
311 
312  /* Iot role alias you created with AWS IoT for your IAM role, it will be used in http request path */
313  String RoleAlias;
314 
321  String Endpoint;
322 
326  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
327  };
328 
332  struct AWS_CRT_CPP_API CredentialsProviderDelegateConfig
333  {
334  /* handler to provider credentials */
335  GetCredentialsHandler Handler;
336  };
337 
341  struct AWS_CRT_CPP_API CognitoLoginPair
342  {
343 
347  String IdentityProviderName;
348 
352  String IdentityProviderToken;
353  };
354 
358  struct AWS_CRT_CPP_API CredentialsProviderCognitoConfig
359  {
360  CredentialsProviderCognitoConfig();
361 
365  String Endpoint;
366 
370  String Identity;
371 
375  Optional<Vector<CognitoLoginPair>> Logins;
376 
381  Optional<String> CustomRoleArn;
382 
390  Io::ClientBootstrap *Bootstrap;
391 
395  Io::TlsContext TlsCtx;
396 
400  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
401  };
402 
406  struct AWS_CRT_CPP_API CredentialsProviderSTSConfig
407  {
408  CredentialsProviderSTSConfig();
409 
413  std::shared_ptr<ICredentialsProvider> Provider;
414 
418  String RoleArn;
419 
423  String SessionName;
424 
428  uint16_t DurationSeconds;
429 
437  Io::ClientBootstrap *Bootstrap;
438 
442  Io::TlsContext TlsCtx;
443 
447  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
448  };
449 
456  class AWS_CRT_CPP_API CredentialsProvider : public ICredentialsProvider
457  {
458  public:
459  CredentialsProvider(aws_credentials_provider *provider, Allocator *allocator = ApiAllocator()) noexcept;
460 
461  virtual ~CredentialsProvider();
462 
463  CredentialsProvider(const CredentialsProvider &) = delete;
464  CredentialsProvider(CredentialsProvider &&) = delete;
465  CredentialsProvider &operator=(const CredentialsProvider &) = delete;
466  CredentialsProvider &operator=(CredentialsProvider &&) = delete;
467 
471  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const override;
472 
476  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept override { return m_provider; }
477 
481  virtual bool IsValid() const noexcept override { return m_provider != nullptr; }
482 
483  /*
484  * Factory methods for all of the basic credentials provider types
485  */
486 
490  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderStatic(
491  const CredentialsProviderStaticConfig &config,
492  Allocator *allocator = ApiAllocator());
493 
498  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderAnonymous(
499  Allocator *allocator = ApiAllocator());
500 
504  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderEnvironment(
505  Allocator *allocator = ApiAllocator());
506 
510  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderProfile(
511  const CredentialsProviderProfileConfig &config,
512  Allocator *allocator = ApiAllocator());
513 
517  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderImds(
518  const CredentialsProviderImdsConfig &config,
519  Allocator *allocator = ApiAllocator());
520 
525  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChain(
526  const CredentialsProviderChainConfig &config,
527  Allocator *allocator = ApiAllocator());
528 
529  /*
530  * Creates a provider that puts a simple time-based cache in front of its queries
531  * to a subordinate provider.
532  */
533  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCached(
534  const CredentialsProviderCachedConfig &config,
535  Allocator *allocator = ApiAllocator());
536 
543  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChainDefault(
544  const CredentialsProviderChainDefaultConfig &config,
545  Allocator *allocator = ApiAllocator());
546 
551  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderX509(
552  const CredentialsProviderX509Config &config,
553  Allocator *allocator = ApiAllocator());
554 
559  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderDelegate(
560  const CredentialsProviderDelegateConfig &config,
561  Allocator *allocator = ApiAllocator());
562 
566  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCognito(
567  const CredentialsProviderCognitoConfig &config,
568  Allocator *allocator = ApiAllocator());
569 
573  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderSTS(
574  const CredentialsProviderSTSConfig &config,
575  Allocator *allocator = ApiAllocator());
576 
577  private:
578  static void s_onCredentialsResolved(aws_credentials *credentials, int error_code, void *user_data);
579 
580  Allocator *m_allocator;
581  aws_credentials_provider *m_provider;
582  };
583  } // namespace Auth
584  } // namespace Crt
585 } // namespace Aws
Aws::Crt::Auth::CredentialsProviderSTSConfig::TlsCtx
Io::TlsContext TlsCtx
Definition: Credentials.h:442
Aws::Crt::Auth::Credentials::Credentials
Credentials(const Credentials &)=delete
Aws::Crt::Auth::CredentialsProviderChainConfig::Providers
Vector< std::shared_ptr< ICredentialsProvider > > Providers
Definition: Credentials.h:238
Aws::Crt::Auth::CredentialsProviderX509Config
Definition: Credentials.h:291
Aws::Crt::Auth::CredentialsProviderStaticConfig::AccessKeyId
ByteCursor AccessKeyId
Definition: Credentials.h:150
Aws::Crt::Auth::CredentialsProviderProfileConfig::CredentialsFileNameOverride
ByteCursor CredentialsFileNameOverride
Definition: Credentials.h:190
Aws::Crt::Auth::CredentialsProviderX509Config::ThingName
String ThingName
Definition: Credentials.h:310
Aws::Crt::Auth::CredentialsProviderImdsConfig::CredentialsProviderImdsConfig
CredentialsProviderImdsConfig()
Definition: Credentials.h:214
Aws::Crt::ApiAllocator
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition: Allocator.cpp:24
Aws::Crt::Auth::ICredentialsProvider::GetCredentials
virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const =0
Aws::Crt::Auth::CredentialsProviderProfileConfig
Definition: Credentials.h:167
Aws::Crt::Auth::CredentialsProviderDelegateConfig::Handler
GetCredentialsHandler Handler
Definition: Credentials.h:335
TlsOptions.h
Aws::Crt::Auth::CredentialsProviderCognitoConfig::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:400
Aws::Crt::Auth::CredentialsProviderSTSConfig::RoleArn
String RoleArn
Definition: Credentials.h:418
Aws::Crt::Auth::CredentialsProviderCachedConfig::CachedCredentialTTL
std::chrono::milliseconds CachedCredentialTTL
Definition: Credentials.h:256
Aws::Crt::Auth::CredentialsProvider::CredentialsProvider
CredentialsProvider(CredentialsProvider &&)=delete
Aws::Crt::Auth::OnCredentialsResolved
std::function< void(std::shared_ptr< Credentials >, int errorCode)> OnCredentialsResolved
Definition: Credentials.h:100
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig
Definition: Credentials.h:266
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::TlsContext
Io::TlsContext * TlsContext
Definition: Credentials.h:284
Aws::Crt::Auth::CredentialsProviderSTSConfig::Provider
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:413
Aws::Crt::Io::TlsConnectionOptions
Definition: TlsOptions.h:293
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Identity
String Identity
Definition: Credentials.h:370
Aws::Crt::Auth::CredentialsProvider::operator=
CredentialsProvider & operator=(CredentialsProvider &&)=delete
Aws::Crt::Auth::Credentials::operator=
Credentials & operator=(const Credentials &)=delete
Aws::Crt::Auth::CredentialsProviderProfileConfig::TlsContext
Io::TlsContext * TlsContext
Definition: Credentials.h:206
Aws::Crt::Auth::CredentialsProviderSTSConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:437
Aws::Crt::Auth::CredentialsProviderStaticConfig::SecretAccessKey
ByteCursor SecretAccessKey
Definition: Credentials.h:155
Aws::Crt::Auth::CredentialsProviderProfileConfig::ConfigFileNameOverride
ByteCursor ConfigFileNameOverride
Definition: Credentials.h:184
Aws::Crt::Auth::CredentialsProviderSTSConfig
Definition: Credentials.h:407
HttpConnection.h
Aws::Crt::Auth::GetCredentialsHandler
std::function< std::shared_ptr< Credentials >()> GetCredentialsHandler
Definition: Credentials.h:105
Aws::Crt::Auth::Credentials::Credentials
Credentials(Credentials &&)=delete
Aws::Crt::Auth::CredentialsProviderProfileConfig::CredentialsProviderProfileConfig
CredentialsProviderProfileConfig()
Definition: Credentials.h:168
Aws::Crt::Auth::Credentials::operator=
Credentials & operator=(Credentials &&)=delete
Aws::Crt::Auth::CredentialsProviderCognitoConfig::TlsCtx
Io::TlsContext TlsCtx
Definition: Credentials.h:395
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:275
Aws::Crt::Auth::CredentialsProviderSTSConfig::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:447
Aws::Crt::Auth::CredentialsProviderSTSConfig::SessionName
String SessionName
Definition: Credentials.h:423
Aws::Crt::Auth::CredentialsProvider
Definition: Credentials.h:457
Aws::Crt::Auth::CredentialsProviderX509Config::TlsOptions
Io::TlsConnectionOptions TlsOptions
Definition: Credentials.h:307
Aws::Crt::Auth::CredentialsProviderCachedConfig::Provider
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:251
Aws::Crt::Auth::CredentialsProviderX509Config::Endpoint
String Endpoint
Definition: Credentials.h:321
Aws::Crt::Auth::CredentialsProviderCachedConfig
Definition: Credentials.h:245
Aws::Crt::Optional
Definition: Optional.h:18
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::CredentialsProviderChainDefaultConfig
CredentialsProviderChainDefaultConfig()
Definition: Credentials.h:267
Aws::Crt::Io::TlsContext
Definition: TlsOptions.h:350
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Logins
Optional< Vector< CognitoLoginPair > > Logins
Definition: Credentials.h:375
Aws::Crt::Auth::ICredentialsProvider::~ICredentialsProvider
virtual ~ICredentialsProvider()=default
Aws::Crt::Auth::CredentialsProvider::GetUnderlyingHandle
virtual aws_credentials_provider * GetUnderlyingHandle() const noexcept override
Definition: Credentials.h:476
Aws::Crt::Auth::CredentialsProvider::operator=
CredentialsProvider & operator=(const CredentialsProvider &)=delete
Aws::Crt::Auth::CredentialsProviderChainConfig::CredentialsProviderChainConfig
CredentialsProviderChainConfig()
Definition: Credentials.h:233
Aws::Crt::Auth::CredentialsProviderProfileConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:196
Aws::Crt::Auth::CredentialsProviderSTSConfig::DurationSeconds
uint16_t DurationSeconds
Definition: Credentials.h:428
Aws::Crt::Auth::ICredentialsProvider
Definition: Credentials.h:112
Aws::Crt::Auth::CredentialsProviderChainConfig
Definition: Credentials.h:232
Types.h
Aws::Crt::Auth::CredentialsProviderImdsConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:223
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:390
Aws::Crt::Auth::CredentialsProviderX509Config::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:326
Aws::Crt::Auth::CredentialsProviderCachedConfig::CredentialsProviderCachedConfig
CredentialsProviderCachedConfig()
Definition: Credentials.h:246
Aws::Crt::Auth::ICredentialsProvider::GetUnderlyingHandle
virtual aws_credentials_provider * GetUnderlyingHandle() const noexcept=0
Aws::Crt::Http::HttpClientConnectionProxyOptions
Definition: HttpConnection.h:270
Aws::Crt::Auth::CredentialsProviderCognitoConfig::CustomRoleArn
Optional< String > CustomRoleArn
Definition: Credentials.h:381
Aws::Crt::Vector
std::vector< T, StlAllocator< T > > Vector
Definition: Types.h:53
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Endpoint
String Endpoint
Definition: Credentials.h:365
Aws::Crt::Auth::CredentialsProviderCognitoConfig
Definition: Credentials.h:359
Aws::Crt::Auth::CredentialsProviderStaticConfig::SessionToken
ByteCursor SessionToken
Definition: Credentials.h:160
Aws::Crt::Auth::Credentials
Definition: Credentials.h:38
AWS_CRT_CPP_API
#define AWS_CRT_CPP_API
Definition: Exports.h:37
Aws::Crt::Auth::CredentialsProviderImdsConfig
Definition: Credentials.h:213
Aws
Definition: Allocator.h:11
Aws::Crt::Auth::CredentialsProviderStaticConfig
Definition: Credentials.h:139
Aws::Crt::Auth::CognitoLoginPair
Definition: Credentials.h:342
Aws::Crt::ByteCursor
aws_byte_cursor ByteCursor
Definition: Types.h:31
Aws::Crt::Allocator
aws_allocator Allocator
Definition: Allocator.h:14
Exports.h
Aws::Crt::Auth::CredentialsProviderX509Config::RoleAlias
String RoleAlias
Definition: Credentials.h:313
Aws::Crt::Auth::CognitoLoginPair::IdentityProviderToken
String IdentityProviderToken
Definition: Credentials.h:352
Aws::Crt::Io::ClientBootstrap
Definition: Bootstrap.h:35
Aws::Crt::Auth::CognitoLoginPair::IdentityProviderName
String IdentityProviderName
Definition: Credentials.h:347
Aws::Crt::Auth::CredentialsProviderX509Config::CredentialsProviderX509Config
CredentialsProviderX509Config()
Definition: Credentials.h:292
Aws::Crt::Auth::CredentialsProviderStaticConfig::CredentialsProviderStaticConfig
CredentialsProviderStaticConfig()
Definition: Credentials.h:140
Aws::Crt::Auth::CredentialsProvider::CredentialsProvider
CredentialsProvider(const CredentialsProvider &)=delete
Aws::Crt::Auth::CredentialsProviderX509Config::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:304
Aws::Crt::String
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:45
Aws::Crt::Auth::CredentialsProviderProfileConfig::ProfileNameOverride
ByteCursor ProfileNameOverride
Definition: Credentials.h:178
Aws::Crt::Auth::CredentialsProviderDelegateConfig
Definition: Credentials.h:333
Aws::Crt::Auth::CredentialsProvider::IsValid
virtual bool IsValid() const noexcept override
Definition: Credentials.h:481
Generated by doxygen 1.8.20