Home Explore Help
Sign In
SMusatov
/
ydb
mirror of https://github.com/ydb-platform/ydb.git
1
0
Fork 0
Files
Tree: 40e45471c6
Branches Tags
ydb
/
contrib
/
libs
/
aws-sdk-cpp
/
aws-cpp-sdk-core
/
source
/
auth
/
AWSCredentialsProviderChain.cpp

AWSCredentialsProviderChain.cpp 4.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. /**
    2. 

  2.  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
    3. 

  3.  * SPDX-License-Identifier: Apache-2.0.
    4. 

  4.  */
    5. 

  5. 

  6. #include <aws/core/auth/AWSCredentialsProviderChain.h>
    7. 

  7. #include <aws/core/auth/STSCredentialsProvider.h>
    8. 

  8. #include <aws/core/auth/SSOCredentialsProvider.h>
    9. 

  9. #include <aws/core/platform/Environment.h>
    10. 

  10. #include <aws/core/utils/memory/AWSMemory.h>
    11. 

  11. #include <aws/core/utils/StringUtils.h>
    12. 

  12. #include <aws/core/utils/logging/LogMacros.h>
    13. 

  13. 

  14. using namespace Aws::Auth;
    15. 

  15. 

  16. static const char AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI[] = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI";
    17. 

  17. static const char AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI[] = "AWS_CONTAINER_CREDENTIALS_FULL_URI";
    18. 

  18. static const char AWS_ECS_CONTAINER_AUTHORIZATION_TOKEN[] = "AWS_CONTAINER_AUTHORIZATION_TOKEN";
    19. 

  19. static const char AWS_EC2_METADATA_DISABLED[] = "AWS_EC2_METADATA_DISABLED";
    20. 

  20. static const char DefaultCredentialsProviderChainTag[] = "DefaultAWSCredentialsProviderChain";
    21. 

  21. 

  22. AWSCredentials AWSCredentialsProviderChain::GetAWSCredentials()
    23. 

  23. {
    24. 

  24.     for (auto&& credentialsProvider : m_providerChain)
    25. 

  25.     {
    26. 

  26.         AWSCredentials credentials = credentialsProvider->GetAWSCredentials();
    27. 

  27.         if (!credentials.GetAWSAccessKeyId().empty() && !credentials.GetAWSSecretKey().empty())
    28. 

  28.         {
    29. 

  29.             return credentials;
    30. 

  30.         }
    31. 

  31.     }
    32. 

  32. 

  33.     return AWSCredentials();
    34. 

  34. }
    35. 

  35. 

  36. DefaultAWSCredentialsProviderChain::DefaultAWSCredentialsProviderChain() : AWSCredentialsProviderChain()
    37. 

  37. {
    38. 

  38.     AddProvider(Aws::MakeShared<EnvironmentAWSCredentialsProvider>(DefaultCredentialsProviderChainTag));
    39. 

  39.     AddProvider(Aws::MakeShared<ProfileConfigFileAWSCredentialsProvider>(DefaultCredentialsProviderChainTag));
    40. 

  40.     AddProvider(Aws::MakeShared<ProcessCredentialsProvider>(DefaultCredentialsProviderChainTag));
    41. 

  41.     AddProvider(Aws::MakeShared<STSAssumeRoleWebIdentityCredentialsProvider>(DefaultCredentialsProviderChainTag));
    42. 

  42.     AddProvider(Aws::MakeShared<SSOCredentialsProvider>(DefaultCredentialsProviderChainTag));
    43. 

  43.     
    44. 

  44.     //ECS TaskRole Credentials only available when ENVIRONMENT VARIABLE is set
    45. 

  45.     const auto relativeUri = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI);
    46. 

  46.     AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag, "The environment variable value " << AWS_ECS_CONTAINER_CREDENTIALS_RELATIVE_URI
    47. 

  47.             << " is " << relativeUri);
    48. 

  48. 

  49.     const auto absoluteUri = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI);
    50. 

  50.     AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag, "The environment variable value " << AWS_ECS_CONTAINER_CREDENTIALS_FULL_URI
    51. 

  51.             << " is " << absoluteUri);
    52. 

  52. 

  53.     const auto ec2MetadataDisabled = Aws::Environment::GetEnv(AWS_EC2_METADATA_DISABLED);
    54. 

  54.     AWS_LOGSTREAM_DEBUG(DefaultCredentialsProviderChainTag, "The environment variable value " << AWS_EC2_METADATA_DISABLED
    55. 

  55.             << " is " << ec2MetadataDisabled);
    56. 

  56. 

  57.     if (!relativeUri.empty())
    58. 

  58.     {
    59. 

  59.         AddProvider(Aws::MakeShared<TaskRoleCredentialsProvider>(DefaultCredentialsProviderChainTag, relativeUri.c_str()));
    60. 

  60.         AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag, "Added ECS metadata service credentials provider with relative path: ["
    61. 

  61.                 << relativeUri << "] to the provider chain.");
    62. 

  62.     }
    63. 

  63.     else if (!absoluteUri.empty())
    64. 

  64.     {
    65. 

  65.         const auto token = Aws::Environment::GetEnv(AWS_ECS_CONTAINER_AUTHORIZATION_TOKEN);
    66. 

  66.         AddProvider(Aws::MakeShared<TaskRoleCredentialsProvider>(DefaultCredentialsProviderChainTag,
    67. 

  67.                     absoluteUri.c_str(), token.c_str()));
    68. 

  68. 

  69.         //DO NOT log the value of the authorization token for security purposes.
    70. 

  70.         AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag, "Added ECS credentials provider with URI: ["
    71. 

  71.                 << absoluteUri << "] to the provider chain with a" << (token.empty() ? "n empty " : " non-empty ")
    72. 

  72.                 << "authorization token.");
    73. 

  73.     }
    74. 

  74.     else if (Aws::Utils::StringUtils::ToLower(ec2MetadataDisabled.c_str()) != "true")
    75. 

  75.     {
    76. 

  76.         AddProvider(Aws::MakeShared<InstanceProfileCredentialsProvider>(DefaultCredentialsProviderChainTag));
    77. 

  77.         AWS_LOGSTREAM_INFO(DefaultCredentialsProviderChainTag, "Added EC2 metadata service credentials provider to the provider chain.");
    78. 

  78.     }
    79. 

  79. }
    80. 

  80. 

  81. DefaultAWSCredentialsProviderChain::DefaultAWSCredentialsProviderChain(const DefaultAWSCredentialsProviderChain& chain) {
    82. 

  82.     for (const auto& provider: chain.GetProviders()) {
    83. 

  83.         AddProvider(provider);
    84. 

  84.     }
    85. 

  85. }
    86.