Grcov report - webidentity_credentials

1

#pragma once

2

#include "envoy/extensions/common/aws/v3/credential_provider.pb.h"

3

4

#include "source/common/config/datasource.h"

5

#include "source/extensions/common/aws/metadata_credentials_provider_base.h"

6

7

namespace Envoy {

8

namespace Extensions {

9

namespace Common {

10

namespace Aws {

11

12

constexpr char WEB_IDENTITY_RESPONSE_ELEMENT[] = "AssumeRoleWithWebIdentityResponse";

13

constexpr char WEB_IDENTITY_RESULT_ELEMENT[] = "AssumeRoleWithWebIdentityResult";

14

constexpr char AWS_WEB_IDENTITY_TOKEN_FILE[] = "AWS_WEB_IDENTITY_TOKEN_FILE";

15

constexpr char AWS_ROLE_ARN[] = "AWS_ROLE_ARN";

16

constexpr char STS_TOKEN_CLUSTER[] = "sts_token_service_internal";

17

constexpr char AWS_ROLE_SESSION_NAME[] = "AWS_ROLE_SESSION_NAME";

18

19

/**

20

 * Retrieve AWS credentials from Security Token Service using a web identity token (e.g. OAuth,

21

 * OpenID)

22

*/

23

class WebIdentityCredentialsProvider : public MetadataCredentialsProviderBase,

24

                                       public MetadataFetcher::MetadataReceiver {

25

public:

26

  // token and token_file_path are mutually exclusive. If token is not empty, token_file_path is

27

  // not used, and vice versa.

28

  WebIdentityCredentialsProvider(

29

      Server::Configuration::ServerFactoryContext& context,

30

      AwsClusterManagerPtr aws_cluster_manager, absl::string_view cluster_name,

31

      CreateMetadataFetcherCb create_metadata_fetcher_cb,

32

      MetadataFetcher::MetadataReceiver::RefreshState refresh_state,

33

      std::chrono::seconds initialization_timer,

34

      const envoy::extensions::common::aws::v3::AssumeRoleWithWebIdentityCredentialProvider&

35

          web_identity_config);

36

37

  // Following functions are for MetadataFetcher::MetadataReceiver interface

38

  void onMetadataSuccess(const std::string&& body) override;

39

  void onMetadataError(Failure reason) override;

40

16

  std::string providerName() override { return "WebIdentityCredentialsProvider"; };

41

42

private:

43

  const std::string sts_endpoint_;

44

  absl::optional<Config::DataSource::DataSourceProviderPtr<std::string>>

45

      web_identity_data_source_provider_;

46

  const std::string role_arn_;

47

  const std::string role_session_name_;

48

49

  void refresh() override;

50

  void extractCredentials(const std::string&& credential_document_value);

51

};

52

53

using WebIdentityCredentialsProviderPtr = std::shared_ptr<WebIdentityCredentialsProvider>;

54

55

} // namespace Aws

56

} // namespace Common

57

} // namespace Extensions

58

} // namespace Envoy