Grcov report - instance_profile_credentials

1

#pragma once

2

3

#include "source/extensions/common/aws/metadata_credentials_provider_base.h"

4

5

namespace Envoy {

6

namespace Extensions {

7

namespace Common {

8

namespace Aws {

9

10

constexpr char EC2_METADATA_HOST[] = "169.254.169.254:80";

11

constexpr char EC2_IMDS_TOKEN_RESOURCE[] = "/latest/api/token";

12

constexpr char EC2_IMDS_TOKEN_HEADER[] = "X-aws-ec2-metadata-token";

13

constexpr char EC2_IMDS_TOKEN_TTL_HEADER[] = "X-aws-ec2-metadata-token-ttl-seconds";

14

constexpr char EC2_IMDS_TOKEN_TTL_DEFAULT_VALUE[] = "21600";

15

constexpr char SECURITY_CREDENTIALS_PATH[] = "/latest/meta-data/iam/security-credentials";

16

constexpr char AWS_EC2_METADATA_DISABLED[] = "AWS_EC2_METADATA_DISABLED";

17

constexpr char EC2_METADATA_CLUSTER[] = "ec2_instance_metadata_server_internal";

18

/**

19

 * Retrieve AWS credentials from the instance metadata.

20

21

 * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

22

*/

23

class InstanceProfileCredentialsProvider : public MetadataCredentialsProviderBase,

24

                                           public Envoy::Singleton::Instance,

25

                                           public MetadataFetcher::MetadataReceiver {

26

public:

27

  InstanceProfileCredentialsProvider(Server::Configuration::ServerFactoryContext& context,

28

                                     AwsClusterManagerPtr aws_cluster_manager,

29

                                     CreateMetadataFetcherCb create_metadata_fetcher_cb,

30

                                     MetadataFetcher::MetadataReceiver::RefreshState refresh_state,

31

                                     std::chrono::seconds initialization_timer,

32

                                     absl::string_view cluster_name);

33

34

  // Following functions are for MetadataFetcher::MetadataReceiver interface

35

  void onMetadataSuccess(const std::string&& body) override;

36

  void onMetadataError(Failure reason) override;

37

21

  std::string providerName() override { return "InstanceProfileCredentialsProvider"; };

38

39

private:

40

  void refresh() override;

41

  void fetchInstanceRoleAsync(const std::string&& token);

42

  void fetchCredentialFromInstanceRoleAsync(const std::string&& instance_role,

43

                                            const std::string&& token);

44

  void extractCredentialsAsync(const std::string&& credential_document_value);

45

};

46

47

using InstanceProfileCredentialsProviderPtr = std::shared_ptr<InstanceProfileCredentialsProvider>;

48

49

} // namespace Aws

50

} // namespace Common

51

} // namespace Extensions

52

} // namespace Envoy