AWS IoT Device SDK C++ v2  1.39.0
AWS IoT Device SDK C++ v2
Credentials.h
Go to the documentation of this file.
1 #pragma once
2 
7 #include <aws/crt/Exports.h>
8 #include <aws/crt/Types.h>
9 #include <aws/crt/http/HttpConnection.h>
10 #include <aws/crt/io/TlsOptions.h>
11 
12 #include <chrono>
13 #include <functional>
14 
15 struct aws_credentials;
16 struct aws_credentials_provider;
17 
18 namespace Aws
19 {
20  namespace Crt
21  {
22  namespace Io
23  {
24  class ClientBootstrap;
25  }
26 
27  namespace Http
28  {
29  class HttpClientConnectionProxyOptions;
30  }
31 
32  namespace Auth
33  {
37  class AWS_CRT_CPP_API Credentials
38  {
39  public:
40  Credentials(const aws_credentials *credentials) noexcept;
41  Credentials(
42  ByteCursor access_key_id,
43  ByteCursor secret_access_key,
44  ByteCursor session_token,
45  uint64_t expiration_timepoint_in_seconds,
46  Allocator *allocator = ApiAllocator()) noexcept;
47 
53  Credentials(Allocator *allocator = ApiAllocator()) noexcept;
54 
55  ~Credentials();
56 
57  Credentials(const Credentials &) = delete;
58  Credentials(Credentials &&) = delete;
59  Credentials &operator=(const Credentials &) = delete;
60  Credentials &operator=(Credentials &&) = delete;
61 
65  ByteCursor GetAccessKeyId() const noexcept;
66 
70  ByteCursor GetSecretAccessKey() const noexcept;
71 
75  ByteCursor GetSessionToken() const noexcept;
76 
80  uint64_t GetExpirationTimepointInSeconds() const noexcept;
81 
85  ByteCursor GetAccountId() const noexcept;
86 
90  explicit operator bool() const noexcept;
91 
95  const aws_credentials *GetUnderlyingHandle() const noexcept { return m_credentials; }
96 
97  private:
98  const aws_credentials *m_credentials;
99  };
100 
105  using OnCredentialsResolved = std::function<void(std::shared_ptr<Credentials>, int errorCode)>;
106 
110  using GetCredentialsHandler = std::function<std::shared_ptr<Credentials>()>;
111 
116  class AWS_CRT_CPP_API ICredentialsProvider : public std::enable_shared_from_this<ICredentialsProvider>
117  {
118  public:
119  virtual ~ICredentialsProvider() = default;
120 
124  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const = 0;
125 
132  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept = 0;
133 
137  virtual bool IsValid() const noexcept = 0;
138  };
139 
143  struct AWS_CRT_CPP_API CredentialsProviderStaticConfig
144  {
145  CredentialsProviderStaticConfig()
146  {
147  AWS_ZERO_STRUCT(AccessKeyId);
148  AWS_ZERO_STRUCT(SecretAccessKey);
149  AWS_ZERO_STRUCT(SessionToken);
150  }
151 
155  ByteCursor AccessKeyId;
156 
160  ByteCursor SecretAccessKey;
161 
165  ByteCursor SessionToken;
166  };
167 
171  struct AWS_CRT_CPP_API CredentialsProviderProfileConfig
172  {
173  CredentialsProviderProfileConfig() : Bootstrap(nullptr), TlsContext(nullptr)
174  {
175  AWS_ZERO_STRUCT(ProfileNameOverride);
176  AWS_ZERO_STRUCT(ConfigFileNameOverride);
177  AWS_ZERO_STRUCT(CredentialsFileNameOverride);
178  }
179 
183  ByteCursor ProfileNameOverride;
184 
189  ByteCursor ConfigFileNameOverride;
190 
195  ByteCursor CredentialsFileNameOverride;
196 
201  Io::ClientBootstrap *Bootstrap;
202 
211  Io::TlsContext *TlsContext;
212  };
213 
217  struct AWS_CRT_CPP_API CredentialsProviderImdsConfig
218  {
219  CredentialsProviderImdsConfig() : Bootstrap(nullptr) {}
220 
228  Io::ClientBootstrap *Bootstrap;
229  };
230 
236  struct AWS_CRT_CPP_API CredentialsProviderChainConfig
237  {
238  CredentialsProviderChainConfig() : Providers() {}
239 
243  Vector<std::shared_ptr<ICredentialsProvider>> Providers;
244  };
245 
249  struct AWS_CRT_CPP_API CredentialsProviderCachedConfig
250  {
251  CredentialsProviderCachedConfig() : Provider(), CachedCredentialTTL() {}
252 
256  std::shared_ptr<ICredentialsProvider> Provider;
257 
261  std::chrono::milliseconds CachedCredentialTTL;
262  };
263 
270  struct AWS_CRT_CPP_API CredentialsProviderChainDefaultConfig
271  {
272  CredentialsProviderChainDefaultConfig() : Bootstrap(nullptr), TlsContext(nullptr) {}
273 
280  Io::ClientBootstrap *Bootstrap;
281 
289  Io::TlsContext *TlsContext;
290  };
291 
295  struct AWS_CRT_CPP_API CredentialsProviderX509Config
296  {
297  CredentialsProviderX509Config()
298  : Bootstrap(nullptr), TlsOptions(), ThingName(), RoleAlias(), Endpoint(), ProxyOptions()
299  {
300  }
301 
309  Io::ClientBootstrap *Bootstrap;
310 
311  /* TLS connection options that have been initialized with your x509 certificate and private key */
312  Io::TlsConnectionOptions TlsOptions;
313 
314  /* IoT thing name you registered with AWS IOT for your device, it will be used in http request header */
315  String ThingName;
316 
317  /* Iot role alias you created with AWS IoT for your IAM role, it will be used in http request path */
318  String RoleAlias;
319 
326  String Endpoint;
327 
331  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
332  };
333 
337  struct AWS_CRT_CPP_API CredentialsProviderDelegateConfig
338  {
339  /* handler to provider credentials */
340  GetCredentialsHandler Handler;
341  };
342 
346  struct AWS_CRT_CPP_API CognitoLoginPair
347  {
348 
352  String IdentityProviderName;
353 
357  String IdentityProviderToken;
358  };
359 
363  struct AWS_CRT_CPP_API CredentialsProviderCognitoConfig
364  {
365  CredentialsProviderCognitoConfig();
366 
370  String Endpoint;
371 
375  String Identity;
376 
380  Optional<Vector<CognitoLoginPair>> Logins;
381 
386  Optional<String> CustomRoleArn;
387 
395  Io::ClientBootstrap *Bootstrap;
396 
400  Io::TlsContext TlsCtx;
401 
405  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
406  };
407 
411  struct AWS_CRT_CPP_API CredentialsProviderSTSConfig
412  {
413  CredentialsProviderSTSConfig();
414 
418  std::shared_ptr<ICredentialsProvider> Provider;
419 
423  String RoleArn;
424 
428  String SessionName;
429 
433  uint16_t DurationSeconds;
434 
442  Io::ClientBootstrap *Bootstrap;
443 
447  Io::TlsContext TlsCtx;
448 
452  Optional<Http::HttpClientConnectionProxyOptions> ProxyOptions;
453  };
454 
458  struct AWS_CRT_CPP_API CredentialsProviderSTSWebIdentityConfig
459  {
460  CredentialsProviderSTSWebIdentityConfig();
461 
465  String RoleArn;
466 
470  String SessionName;
471 
475  String Region;
476 
480  String TokenFilePath;
481 
489  Io::ClientBootstrap *Bootstrap;
490 
494  Io::TlsConnectionOptions TlsConnectionOptions;
495  };
496 
503  class AWS_CRT_CPP_API CredentialsProvider : public ICredentialsProvider
504  {
505  public:
506  CredentialsProvider(aws_credentials_provider *provider, Allocator *allocator = ApiAllocator()) noexcept;
507 
508  virtual ~CredentialsProvider();
509 
510  CredentialsProvider(const CredentialsProvider &) = delete;
511  CredentialsProvider(CredentialsProvider &&) = delete;
512  CredentialsProvider &operator=(const CredentialsProvider &) = delete;
513  CredentialsProvider &operator=(CredentialsProvider &&) = delete;
514 
518  virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const override;
519 
523  virtual aws_credentials_provider *GetUnderlyingHandle() const noexcept override { return m_provider; }
524 
528  virtual bool IsValid() const noexcept override { return m_provider != nullptr; }
529 
530  /*
531  * Factory methods for all of the basic credentials provider types
532  */
533 
537  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderStatic(
538  const CredentialsProviderStaticConfig &config,
539  Allocator *allocator = ApiAllocator());
540 
545  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderAnonymous(
546  Allocator *allocator = ApiAllocator());
547 
551  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderEnvironment(
552  Allocator *allocator = ApiAllocator());
553 
557  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderProfile(
558  const CredentialsProviderProfileConfig &config,
559  Allocator *allocator = ApiAllocator());
560 
564  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderImds(
565  const CredentialsProviderImdsConfig &config,
566  Allocator *allocator = ApiAllocator());
567 
572  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChain(
573  const CredentialsProviderChainConfig &config,
574  Allocator *allocator = ApiAllocator());
575 
576  /*
577  * Creates a provider that puts a simple time-based cache in front of its queries
578  * to a subordinate provider.
579  */
580  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCached(
581  const CredentialsProviderCachedConfig &config,
582  Allocator *allocator = ApiAllocator());
583 
590  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderChainDefault(
591  const CredentialsProviderChainDefaultConfig &config,
592  Allocator *allocator = ApiAllocator());
593 
598  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderX509(
599  const CredentialsProviderX509Config &config,
600  Allocator *allocator = ApiAllocator());
601 
606  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderDelegate(
607  const CredentialsProviderDelegateConfig &config,
608  Allocator *allocator = ApiAllocator());
609 
613  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderCognito(
614  const CredentialsProviderCognitoConfig &config,
615  Allocator *allocator = ApiAllocator());
616 
620  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderSTS(
621  const CredentialsProviderSTSConfig &config,
622  Allocator *allocator = ApiAllocator());
623 
624  static std::shared_ptr<ICredentialsProvider> CreateCredentialsProviderSTSWebIdentity(
625  const CredentialsProviderSTSWebIdentityConfig &config,
626  Allocator *allocator = ApiAllocator());
627 
628  private:
629  static void s_onCredentialsResolved(aws_credentials *credentials, int error_code, void *user_data);
630 
631  Allocator *m_allocator;
632  aws_credentials_provider *m_provider;
633  };
634  } // namespace Auth
635  } // namespace Crt
636 } // namespace Aws
Aws::Crt::Auth::CredentialsProviderSTSConfig::TlsCtx
Io::TlsContext TlsCtx
Definition: Credentials.h:447
Aws::Crt::Auth::Credentials::Credentials
Credentials(const Credentials &)=delete
Aws::Crt::Auth::CredentialsProviderChainConfig::Providers
Vector< std::shared_ptr< ICredentialsProvider > > Providers
Definition: Credentials.h:243
Aws::Crt::Auth::CredentialsProviderX509Config
Definition: Credentials.h:296
Aws::Crt::Auth::CredentialsProviderStaticConfig::AccessKeyId
ByteCursor AccessKeyId
Definition: Credentials.h:155
Aws::Crt::Auth::CredentialsProviderProfileConfig::CredentialsFileNameOverride
ByteCursor CredentialsFileNameOverride
Definition: Credentials.h:195
Aws::Crt::Auth::CredentialsProviderX509Config::ThingName
String ThingName
Definition: Credentials.h:315
Aws::Crt::Auth::CredentialsProviderImdsConfig::CredentialsProviderImdsConfig
CredentialsProviderImdsConfig()
Definition: Credentials.h:219
Aws::Crt::ApiAllocator
AWS_CRT_CPP_API Allocator * ApiAllocator() noexcept
Definition: Allocator.cpp:24
Aws::Crt::Auth::ICredentialsProvider::GetCredentials
virtual bool GetCredentials(const OnCredentialsResolved &onCredentialsResolved) const =0
Aws::Crt::Auth::CredentialsProviderProfileConfig
Definition: Credentials.h:172
Aws::Crt::Auth::CredentialsProviderDelegateConfig::Handler
GetCredentialsHandler Handler
Definition: Credentials.h:340
TlsOptions.h
Aws::Crt::Auth::CredentialsProviderCognitoConfig::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:405
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::RoleArn
String RoleArn
Definition: Credentials.h:465
Aws::Crt::Auth::CredentialsProviderSTSConfig::RoleArn
String RoleArn
Definition: Credentials.h:423
Aws::Crt::Auth::CredentialsProviderCachedConfig::CachedCredentialTTL
std::chrono::milliseconds CachedCredentialTTL
Definition: Credentials.h:261
Aws::Crt::Auth::CredentialsProvider::CredentialsProvider
CredentialsProvider(CredentialsProvider &&)=delete
Aws::Crt::Auth::OnCredentialsResolved
std::function< void(std::shared_ptr< Credentials >, int errorCode)> OnCredentialsResolved
Definition: Credentials.h:105
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig
Definition: Credentials.h:271
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:489
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::TlsContext
Io::TlsContext * TlsContext
Definition: Credentials.h:289
Aws::Crt::Auth::CredentialsProviderSTSConfig::Provider
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:418
Aws::Crt::Io::TlsConnectionOptions
Definition: TlsOptions.h:293
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Identity
String Identity
Definition: Credentials.h:375
Aws::Crt::Auth::CredentialsProvider::operator=
CredentialsProvider & operator=(CredentialsProvider &&)=delete
Aws::Crt::Auth::Credentials::operator=
Credentials & operator=(const Credentials &)=delete
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::TokenFilePath
String TokenFilePath
Definition: Credentials.h:480
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig
Definition: Credentials.h:459
Aws::Crt::Auth::CredentialsProviderProfileConfig::TlsContext
Io::TlsContext * TlsContext
Definition: Credentials.h:211
Aws::Crt::Auth::CredentialsProviderSTSConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:442
Aws::Crt::Auth::CredentialsProviderStaticConfig::SecretAccessKey
ByteCursor SecretAccessKey
Definition: Credentials.h:160
Aws::Crt::Auth::CredentialsProviderProfileConfig::ConfigFileNameOverride
ByteCursor ConfigFileNameOverride
Definition: Credentials.h:189
Aws::Crt::Auth::CredentialsProviderSTSConfig
Definition: Credentials.h:412
HttpConnection.h
Aws::Crt::Auth::GetCredentialsHandler
std::function< std::shared_ptr< Credentials >()> GetCredentialsHandler
Definition: Credentials.h:110
Aws::Crt::Auth::Credentials::Credentials
Credentials(Credentials &&)=delete
Aws::Crt::Auth::CredentialsProviderProfileConfig::CredentialsProviderProfileConfig
CredentialsProviderProfileConfig()
Definition: Credentials.h:173
Aws::Crt::Auth::Credentials::operator=
Credentials & operator=(Credentials &&)=delete
Aws::Crt::Auth::CredentialsProviderCognitoConfig::TlsCtx
Io::TlsContext TlsCtx
Definition: Credentials.h:400
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:280
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::SessionName
String SessionName
Definition: Credentials.h:470
Aws::Crt::Auth::CredentialsProviderSTSConfig::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:452
Aws::Crt::Auth::CredentialsProviderSTSConfig::SessionName
String SessionName
Definition: Credentials.h:428
Aws::Crt::Auth::CredentialsProvider
Definition: Credentials.h:504
Aws::Crt::Auth::CredentialsProviderX509Config::TlsOptions
Io::TlsConnectionOptions TlsOptions
Definition: Credentials.h:312
Aws::Crt::Auth::CredentialsProviderCachedConfig::Provider
std::shared_ptr< ICredentialsProvider > Provider
Definition: Credentials.h:256
Aws::Crt::Auth::CredentialsProviderX509Config::Endpoint
String Endpoint
Definition: Credentials.h:326
Aws::Crt::Auth::CredentialsProviderCachedConfig
Definition: Credentials.h:250
Aws::Crt::Optional
Definition: Optional.h:19
Aws::Crt::Auth::CredentialsProviderChainDefaultConfig::CredentialsProviderChainDefaultConfig
CredentialsProviderChainDefaultConfig()
Definition: Credentials.h:272
Aws::Crt::Io::TlsContext
Definition: TlsOptions.h:350
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Logins
Optional< Vector< CognitoLoginPair > > Logins
Definition: Credentials.h:380
Aws::Crt::Auth::ICredentialsProvider::~ICredentialsProvider
virtual ~ICredentialsProvider()=default
Aws::Crt::Auth::CredentialsProvider::GetUnderlyingHandle
virtual aws_credentials_provider * GetUnderlyingHandle() const noexcept override
Definition: Credentials.h:523
Aws::Crt::Auth::CredentialsProvider::operator=
CredentialsProvider & operator=(const CredentialsProvider &)=delete
Aws::Crt::Auth::CredentialsProviderChainConfig::CredentialsProviderChainConfig
CredentialsProviderChainConfig()
Definition: Credentials.h:238
Aws::Crt::Auth::CredentialsProviderProfileConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:201
Aws::Crt::Auth::CredentialsProviderSTSConfig::DurationSeconds
uint16_t DurationSeconds
Definition: Credentials.h:433
Aws::Crt::Auth::ICredentialsProvider
Definition: Credentials.h:117
Aws::Crt::Auth::CredentialsProviderChainConfig
Definition: Credentials.h:237
Types.h
Aws::Crt::Auth::CredentialsProviderImdsConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:228
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::Region
String Region
Definition: Credentials.h:475
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:395
Aws::Crt::Auth::CredentialsProviderX509Config::ProxyOptions
Optional< Http::HttpClientConnectionProxyOptions > ProxyOptions
Definition: Credentials.h:331
Aws::Crt::Auth::CredentialsProviderCachedConfig::CredentialsProviderCachedConfig
CredentialsProviderCachedConfig()
Definition: Credentials.h:251
Aws::Crt::Auth::ICredentialsProvider::GetUnderlyingHandle
virtual aws_credentials_provider * GetUnderlyingHandle() const noexcept=0
Aws::Crt::Http::HttpClientConnectionProxyOptions
Definition: HttpConnection.h:270
Aws::Crt::Auth::CredentialsProviderCognitoConfig::CustomRoleArn
Optional< String > CustomRoleArn
Definition: Credentials.h:386
Aws::Crt::Vector
std::vector< T, StlAllocator< T > > Vector
Definition: Types.h:53
Aws::Crt::Auth::CredentialsProviderCognitoConfig::Endpoint
String Endpoint
Definition: Credentials.h:370
Aws::Crt::Auth::CredentialsProviderCognitoConfig
Definition: Credentials.h:364
Aws::Crt::Auth::CredentialsProviderStaticConfig::SessionToken
ByteCursor SessionToken
Definition: Credentials.h:165
Aws::Crt::Auth::Credentials
Definition: Credentials.h:38
AWS_CRT_CPP_API
#define AWS_CRT_CPP_API
Definition: Exports.h:36
Aws::Crt::Auth::CredentialsProviderImdsConfig
Definition: Credentials.h:218
Aws
Definition: Allocator.h:11
Aws::Crt::Auth::CredentialsProviderStaticConfig
Definition: Credentials.h:144
Aws::Crt::Auth::CognitoLoginPair
Definition: Credentials.h:347
Aws::Crt::ByteCursor
aws_byte_cursor ByteCursor
Definition: Types.h:31
Aws::Crt::Allocator
aws_allocator Allocator
Definition: Allocator.h:14
Exports.h
Aws::Crt::Auth::CredentialsProviderX509Config::RoleAlias
String RoleAlias
Definition: Credentials.h:318
Aws::Crt::Auth::CognitoLoginPair::IdentityProviderToken
String IdentityProviderToken
Definition: Credentials.h:357
Aws::Crt::Io::ClientBootstrap
Definition: Bootstrap.h:35
Aws::Crt::Auth::CognitoLoginPair::IdentityProviderName
String IdentityProviderName
Definition: Credentials.h:352
Aws::Crt::Auth::CredentialsProviderX509Config::CredentialsProviderX509Config
CredentialsProviderX509Config()
Definition: Credentials.h:297
Aws::Crt::Auth::CredentialsProviderStaticConfig::CredentialsProviderStaticConfig
CredentialsProviderStaticConfig()
Definition: Credentials.h:145
Aws::Crt::Auth::CredentialsProviderSTSWebIdentityConfig::TlsConnectionOptions
Io::TlsConnectionOptions TlsConnectionOptions
Definition: Credentials.h:494
Aws::Crt::Auth::CredentialsProvider::CredentialsProvider
CredentialsProvider(const CredentialsProvider &)=delete
Aws::Crt::Auth::CredentialsProviderX509Config::Bootstrap
Io::ClientBootstrap * Bootstrap
Definition: Credentials.h:309
Aws::Crt::String
std::basic_string< char, std::char_traits< char >, StlAllocator< char > > String
Definition: Types.h:45
Aws::Crt::Auth::CredentialsProviderProfileConfig::ProfileNameOverride
ByteCursor ProfileNameOverride
Definition: Credentials.h:183
Aws::Crt::Auth::CredentialsProviderDelegateConfig
Definition: Credentials.h:338
Aws::Crt::Auth::CredentialsProvider::IsValid
virtual bool IsValid() const noexcept override
Definition: Credentials.h:528
Generated by doxygen 1.8.20