GRPC Core  18.0.0
external_account_credentials.h
Go to the documentation of this file.
1 //
2 // Copyright 2020 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
18 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
19 
21 
22 #include <string>
23 #include <vector>
24 
25 #include "src/core/lib/json/json.h"
27 
28 namespace grpc_core {
29 
30 // Base external account credentials. The base class implements common logic for
31 // exchanging external account credentials for GCP access token to authorize
32 // requests to GCP APIs. The specific logic of retrieving subject token is
33 // implemented in subclasses.
36  public:
37  // External account credentials json interface.
38  struct Options {
39  std::string type;
40  std::string audience;
41  std::string subject_token_type;
43  std::string token_url;
44  std::string token_info_url;
46  std::string quota_project_id;
47  std::string client_id;
48  std::string client_secret;
49  };
50 
52  const Json& json, std::vector<std::string> scopes,
54 
55  ExternalAccountCredentials(Options options, std::vector<std::string> scopes);
56  ~ExternalAccountCredentials() override;
57  std::string debug_string() override;
58 
59  protected:
60  // This is a helper struct to pass information between multiple callback based
61  // asynchronous calls.
67  deadline(deadline) {}
69 
70  // Contextual parameters passed from
71  // grpc_oauth2_token_fetcher_credentials::fetch_oauth2().
75 
76  // Reusable token fetch http response and closure.
79  };
80 
81  // Subclasses of base external account credentials need to override this
82  // method to implement the specific subject token retrieval logic.
83  // Once the subject token is ready, subclasses need to invoke
84  // the callback function (cb) to pass the subject token (or error)
85  // back.
86  virtual void RetrieveSubjectToken(
87  HTTPRequestContext* ctx, const Options& options,
88  std::function<void(std::string, grpc_error_handle)> cb) = 0;
89 
90  private:
91  // This method implements the common token fetch logic and it will be called
92  // when grpc_oauth2_token_fetcher_credentials request a new access token.
93  void fetch_oauth2(grpc_credentials_metadata_request* req,
94  grpc_httpcli_context* httpcli_context,
96  grpc_millis deadline) override;
97 
98  void OnRetrieveSubjectTokenInternal(absl::string_view subject_token,
100 
101  void ExchangeToken(absl::string_view subject_token);
102  static void OnExchangeToken(void* arg, grpc_error_handle error);
103  void OnExchangeTokenInternal(grpc_error_handle error);
104 
105  void ImpersenateServiceAccount();
106  static void OnImpersenateServiceAccount(void* arg, grpc_error_handle error);
107  void OnImpersenateServiceAccountInternal(grpc_error_handle error);
108 
109  void FinishTokenFetch(grpc_error_handle error);
110 
111  Options options_;
112  std::vector<std::string> scopes_;
113 
114  HTTPRequestContext* ctx_ = nullptr;
115  grpc_credentials_metadata_request* metadata_req_ = nullptr;
116  grpc_iomgr_cb_func response_cb_ = nullptr;
117 };
118 
119 } // namespace grpc_core
120 
121 #endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
Definition: external_account_credentials.h:35
static RefCountedPtr< ExternalAccountCredentials > Create(const Json &json, std::vector< std::string > scopes, grpc_error_handle *error)
Definition: external_account_credentials.cc:65
ExternalAccountCredentials(Options options, std::vector< std::string > scopes)
Definition: external_account_credentials.cc:180
~ExternalAccountCredentials() override
Definition: external_account_credentials.cc:189
std::string debug_string() override
Definition: external_account_credentials.cc:191
virtual void RetrieveSubjectToken(HTTPRequestContext *ctx, const Options &options, std::function< void(std::string, grpc_error_handle)> cb)=0
Definition: json.h:38
Definition: ref_counted_ptr.h:35
Definition: oauth2_credentials.h:72
void(* grpc_iomgr_cb_func)(void *arg, grpc_error_handle error)
gRPC Callback definition.
Definition: closure.h:53
int64_t grpc_millis
Definition: exec_ctx.h:37
grpc_error_handle error
Definition: lame_client.cc:54
Round Robin Policy.
Definition: backend_metric.cc:26
void grpc_http_response_destroy(grpc_http_response *response)
Definition: parser.cc:364
A closure over a grpc_iomgr_cb_func.
Definition: closure.h:56
Definition: external_account_credentials.h:62
grpc_closure closure
Definition: external_account_credentials.h:77
grpc_http_response response
Definition: external_account_credentials.h:78
HTTPRequestContext(grpc_httpcli_context *httpcli_context, grpc_polling_entity *pollent, grpc_millis deadline)
Definition: external_account_credentials.h:63
grpc_millis deadline
Definition: external_account_credentials.h:74
grpc_polling_entity * pollent
Definition: external_account_credentials.h:73
grpc_httpcli_context * httpcli_context
Definition: external_account_credentials.h:72
~HTTPRequestContext()
Definition: external_account_credentials.h:68
Definition: external_account_credentials.h:38
std::string token_url
Definition: external_account_credentials.h:43
std::string quota_project_id
Definition: external_account_credentials.h:46
std::string service_account_impersonation_url
Definition: external_account_credentials.h:42
std::string type
Definition: external_account_credentials.h:39
std::string token_info_url
Definition: external_account_credentials.h:44
std::string client_secret
Definition: external_account_credentials.h:48
std::string client_id
Definition: external_account_credentials.h:47
std::string audience
Definition: external_account_credentials.h:40
Json credential_source
Definition: external_account_credentials.h:45
std::string subject_token_type
Definition: external_account_credentials.h:41
Definition: credentials.h:263
Definition: error_internal.h:41
Definition: parser.h:71
Definition: httpcli.h:40
Definition: polling_entity.h:37