Add STS assume role and web identity credential providers

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/CrtCredentialUtils.kt

@@ -26,3 +26,11 @@ internal fun Credentials.toCrt(): CredentialsCrt = CredentialsCrt(accessKeyId, s
  * Convert CRT credentials into SDK equivalent
  */
 internal fun CredentialsCrt.toSdk(): Credentials = Credentials(accessKeyId, secretAccessKey, sessionToken)
+
+/**
+ * Adapt or convert a SDK credentials provider into CRT equivalent
+ */
+internal fun asCrt(sdkProvider: CredentialsProvider): CredentialsProviderCrt = when (sdkProvider) {
+    is CrtCredentialsProvider -> sdkProvider.crtProvider
+    else -> CredentialsProviderCrtProxy(sdkProvider)
+}

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/StsAssumeRoleCredentialsProvider.kt

@@ -0,0 +1,34 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package aws.sdk.kotlin.runtime.auth.credentials
+
+import aws.sdk.kotlin.crt.auth.credentials.build
+import aws.sdk.kotlin.runtime.crt.SdkDefaultIO
+import aws.sdk.kotlin.crt.auth.credentials.StsAssumeRoleCredentialsProvider as StsAssumeRoleCredentialsProviderCrt
+
+/**
+ * A provider that gets credentials from the STS assume role credential provider.
+ *
+ * @param credentialsProvider The underlying Credentials Provider to use for source credentials
+ * @param roleArn The target role's ARN
+ * @param sessionName The name to associate with the session
+ * @param durationSeconds The number of seconds from authentication that the session is valid for
+ */
+public class StsAssumeRoleCredentialsProvider public constructor(
+    credentialsProvider: CredentialsProvider,
+    roleArn: String,
+    sessionName: String,
+    durationSeconds: Int? = null,
+) : CrtCredentialsProvider {
+    override val crtProvider: StsAssumeRoleCredentialsProviderCrt = StsAssumeRoleCredentialsProviderCrt.build {
+        clientBootstrap = SdkDefaultIO.ClientBootstrap
+        tlsContext = SdkDefaultIO.TlsContext
+        this.credentialsProvider = asCrt(credentialsProvider)
+        this.roleArn = roleArn
+        this.sessionName = sessionName
+        this.durationSeconds = durationSeconds
+    }
+}

aws-runtime/aws-config/common/src/aws/sdk/kotlin/runtime/auth/credentials/StsWebIdentityCredentialsProvider.kt

@@ -0,0 +1,20 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+package aws.sdk.kotlin.runtime.auth.credentials
+
+import aws.sdk.kotlin.crt.auth.credentials.build
+import aws.sdk.kotlin.runtime.crt.SdkDefaultIO
+import aws.sdk.kotlin.crt.auth.credentials.StsWebIdentityCredentialsProvider as StsWebIdentityCredentialsProviderCrt
+
+/**
+ * A provider that gets credentials from the STS web identity credential provider.
+ */
+public class StsWebIdentityCredentialsProvider : CrtCredentialsProvider {
+    override val crtProvider: StsWebIdentityCredentialsProviderCrt = StsWebIdentityCredentialsProviderCrt.build {
+        clientBootstrap = SdkDefaultIO.ClientBootstrap
+        tlsContext = SdkDefaultIO.TlsContext
+    }
+}