-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement SSOCredentialsProvider (#189)
- Loading branch information
Showing
18 changed files
with
4,026 additions
and
49 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
#ifndef AWS_AUTH_TOKEN_PROVIDERS_PRIVATE_H | ||
#define AWS_AUTH_TOKEN_PROVIDERS_PRIVATE_H | ||
|
||
/** | ||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* SPDX-License-Identifier: Apache-2.0. | ||
*/ | ||
|
||
#include <aws/auth/auth.h> | ||
#include <aws/auth/credentials.h> | ||
|
||
/** | ||
* Configuration options for a provider that sources sso token information from the aws profile (by default | ||
* ~/.aws/config) and token from ~/.aws/sso/cache/<sha1 of start url>.json. | ||
*/ | ||
struct aws_token_provider_sso_profile_options { | ||
struct aws_credentials_provider_shutdown_options shutdown_options; | ||
|
||
/* | ||
* Override of what profile to use to source credentials from ('default' by default) | ||
*/ | ||
struct aws_byte_cursor profile_name_override; | ||
|
||
/* | ||
* Override path to the profile config file (~/.aws/config by default) | ||
*/ | ||
struct aws_byte_cursor config_file_name_override; | ||
|
||
/** | ||
* (Optional) | ||
* Use a cached config profile collection. You can also pass a merged collection. | ||
* config_file_name_override will be ignored if this option is provided. | ||
*/ | ||
struct aws_profile_collection *config_file_cached; | ||
|
||
/* For mocking, leave NULL otherwise */ | ||
aws_io_clock_fn *system_clock_fn; | ||
}; | ||
|
||
/** | ||
* Configuration options for a provider that sources sso token information from the aws profile (by default | ||
* ~/.aws/config) and token from ~/.aws/sso/cache/<sha1 of session name>.json. | ||
*/ | ||
struct aws_token_provider_sso_session_options { | ||
struct aws_credentials_provider_shutdown_options shutdown_options; | ||
|
||
/* | ||
* Override of what profile to use to source credentials from ('default' by default) | ||
*/ | ||
struct aws_byte_cursor profile_name_override; | ||
|
||
/* | ||
* Override path to the profile config file (~/.aws/config by default) | ||
*/ | ||
struct aws_byte_cursor config_file_name_override; | ||
|
||
/** | ||
* (Optional) | ||
* Use a cached config profile collection. You can also pass a merged collection. | ||
* config_file_name_override will be ignored if this option is provided. | ||
*/ | ||
struct aws_profile_collection *config_file_cached; | ||
|
||
/* | ||
* Connection bootstrap to use for any network connections made | ||
*/ | ||
struct aws_client_bootstrap *bootstrap; | ||
|
||
/* | ||
* Client TLS context to use for any network connections made. | ||
*/ | ||
struct aws_tls_ctx *tls_ctx; | ||
|
||
/* For mocking, leave NULL otherwise */ | ||
aws_io_clock_fn *system_clock_fn; | ||
}; | ||
|
||
AWS_EXTERN_C_BEGIN | ||
|
||
/** | ||
* Creates a provider that sources sso token based credentials from key-value profiles loaded from the aws | ||
* config("~/.aws/config" by default) and ~/.aws/sso/cache/<sha1 of start url>.json | ||
* This is the legacy way which doesn't support refreshing credentials. | ||
* | ||
* @param allocator memory allocator to use for all memory allocation | ||
* @param options provider-specific configuration options | ||
* | ||
* @return the newly-constructed credentials provider, or NULL if an error occurred. | ||
*/ | ||
AWS_AUTH_API | ||
struct aws_credentials_provider *aws_token_provider_new_sso_profile( | ||
struct aws_allocator *allocator, | ||
const struct aws_token_provider_sso_profile_options *options); | ||
|
||
/** | ||
* Creates a provider that sources sso token based credentials from key-value profiles loaded from the aws | ||
* config("~/.aws/config" by default) and ~/.aws/sso/cache/<sha1 of session name>.json | ||
* Note: Token refresh is not currently supported | ||
* | ||
* @param allocator memory allocator to use for all memory allocation | ||
* @param options provider-specific configuration options | ||
* | ||
* @return the newly-constructed credentials provider, or NULL if an error occurred. | ||
*/ | ||
AWS_AUTH_API | ||
struct aws_credentials_provider *aws_token_provider_new_sso_session( | ||
struct aws_allocator *allocator, | ||
const struct aws_token_provider_sso_session_options *options); | ||
|
||
AWS_EXTERN_C_END | ||
|
||
#endif /* AWS_AUTH_TOKEN_PROVIDERS_PRIVATE_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
#ifndef AWS_AUTH_TOKEN_PRIVATE_H | ||
#define AWS_AUTH_TOKEN_PRIVATE_H | ||
|
||
/** | ||
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
* SPDX-License-Identifier: Apache-2.0. | ||
*/ | ||
|
||
#include <aws/auth/auth.h> | ||
#include <aws/common/date_time.h> | ||
|
||
/* structure to represent a parsed sso token */ | ||
struct aws_sso_token { | ||
struct aws_allocator *allocator; | ||
|
||
struct aws_string *access_token; | ||
struct aws_date_time expiration; | ||
}; | ||
|
||
AWS_EXTERN_C_BEGIN | ||
|
||
/* Construct token path which is ~/.aws/sso/cache/<hex encoded sha1 of input>.json */ | ||
AWS_AUTH_API | ||
struct aws_string *aws_construct_sso_token_path(struct aws_allocator *allocator, const struct aws_string *input); | ||
|
||
AWS_AUTH_API | ||
void aws_sso_token_destroy(struct aws_sso_token *token); | ||
|
||
/* Parse `aws_sso_token` from the give file path */ | ||
AWS_AUTH_API | ||
struct aws_sso_token *aws_sso_token_new_from_file(struct aws_allocator *allocator, const struct aws_string *file_path); | ||
|
||
/** | ||
* Creates a set of AWS credentials based on a token with expiration. | ||
* | ||
* @param allocator memory allocator to use for all memory allocation | ||
* @param token token for the credentials | ||
* @param expiration_timepoint_in_seconds time at which these credentials expire | ||
* @return a new pair of AWS credentials, or NULL | ||
*/ | ||
AWS_AUTH_API | ||
struct aws_credentials *aws_credentials_new_token( | ||
struct aws_allocator *allocator, | ||
struct aws_byte_cursor token, | ||
uint64_t expiration_timepoint_in_seconds); | ||
|
||
/** | ||
* Get the token from a set of AWS credentials | ||
* | ||
* @param credentials credentials to get the token from | ||
* @return a byte cursor to the token or an empty byte cursor if there is no token | ||
*/ | ||
AWS_AUTH_API | ||
struct aws_byte_cursor aws_credentials_get_token(const struct aws_credentials *credentials); | ||
|
||
AWS_EXTERN_C_END | ||
|
||
#endif /* AWS_AUTH_TOKEN_PRIVATE_H */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.