gfwleak/pxz-hos-client-cpp-module
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
10b370e4869dae87c293aa58bcbbed7001a5d1c1
pxz-hos-client-cpp-module/support/aws-sdk-cpp-master/aws-cpp-sdk-identity-management/include/aws/identity-management/auth/STSProfileCredentialsProvider.h

81 lines
3.4 KiB
C++
Raw Blame History

/**
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0.
*/
#pragma once
#include <aws/identity-management/IdentityManagment_EXPORTS.h>
#include <aws/core/auth/AWSCredentialsProvider.h>
#include <functional>
#include <chrono>
namespace Aws
{
namespace STS
{
class STSClient;
}
namespace Auth
{
/**
* Credentials provider for STS Assume Role using the information in the shared config file.
* The shared configuration file is typically created using the AWS CLI and is located in: ~/.aws/config
* The location of the file can also be controlled via environment variables.
* For more information see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
*/
class AWS_IDENTITY_MANAGEMENT_API STSProfileCredentialsProvider : public AWSCredentialsProvider
{
public:
/**
* Use the default profile name.
* The default profile name can be set using environment variables; otherwise it is the literal "default".
*/
STSProfileCredentialsProvider();
/**
* Use the provided profile name from the shared configuration file.
*
* @param profileName The name of the profile in the shared configuration file.
* @param duration The duration, in minutes, of the role session, after which the credentials are expired.
* The value can range from 15 minutes up to the maximum session duration setting for the role. By default,
* the duration is set to 1 hour.
* Note: This credential provider refreshes the credentials 5 minutes before their expiration time. That
* ensures the credentials do not expire between the time they're checked and the time they're returned to
* the user.
* If the duration for the credentials is 5 minutes or less, the provider will refresh the credentials only
* when they expire.
*
*/
STSProfileCredentialsProvider(const Aws::String& profileName, std::chrono::minutes duration = std::chrono::minutes(60));
STSProfileCredentialsProvider(const Aws::String& profileName, std::chrono::minutes duration, const std::function<Aws::STS::STSClient*(const AWSCredentials&)> &stsClientFactory);
/**
* Fetches the credentials set from STS following the rules defined in the shared configuration file.
*/
AWSCredentials GetAWSCredentials() override;
protected:
void RefreshIfExpired();
void Reload() override;
/**
* Assumes a role given its ARN. Communication with STS is done through the provided credentials.
* Returns the assumed role credentials or empty credentials on error.
*/
AWSCredentials GetCredentialsFromSTS(const AWSCredentials& credentials, const Aws::String& roleARN);
private:
AWSCredentials GetCredentialsFromSTSInternal(const Aws::String& roleArn, Aws::STS::STSClient* client);
Aws::String m_profileName;
AWSCredentials m_credentials;
const std::chrono::minutes m_duration;
const std::chrono::milliseconds m_reloadFrequency;
std::function<Aws::STS::STSClient*(const AWSCredentials&)> m_stsClientFactory;
};
}
}
Reference in New Issue View Git Blame Copy Permalink