src/core/lib/security/credentials/external/external_account_credentials.h - platform/external/grpc-grpc - Git at Google

 //
 // Copyright 2020 gRPC authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //

 #ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
 #define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H

 #include <grpc/support/port_platform.h>

 #include <string>
 #include <vector>

 #include "src/core/lib/json/json.h"
 #include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"

 namespace grpc_core {

 // Base external account credentials. The base class implements common logic for
 // exchanging external account credentials for GCP access token to authorize
 // requests to GCP APIs. The specific logic of retrieving subject token is
 // implemented in subclasses.
 class ExternalAccountCredentials
     : public grpc_oauth2_token_fetcher_credentials {
  public:
   // External account credentials json interface.
   struct Options {
     std::string type;
     std::string audience;
     std::string subject_token_type;
     std::string service_account_impersonation_url;
     std::string token_url;
     std::string token_info_url;
     Json credential_source;
     std::string quota_project_id;
     std::string client_id;
     std::string client_secret;
     std::string workforce_pool_user_project;
   };

   static RefCountedPtr<ExternalAccountCredentials> Create(
       const Json& json, std::vector<std::string> scopes,
       grpc_error_handle* error);

   ExternalAccountCredentials(Options options, std::vector<std::string> scopes);
   ~ExternalAccountCredentials() override;
   std::string debug_string() override;

  protected:
   // This is a helper struct to pass information between multiple callback based
   // asynchronous calls.
   struct HTTPRequestContext {
     HTTPRequestContext(grpc_polling_entity* pollent, Timestamp deadline)
         : pollent(pollent), deadline(deadline) {}
     ~HTTPRequestContext() { grpc_http_response_destroy(&response); }

     // Contextual parameters passed from
     // grpc_oauth2_token_fetcher_credentials::fetch_oauth2().
     grpc_polling_entity* pollent;
     Timestamp deadline;

     // Reusable token fetch http response and closure.
     grpc_closure closure;
     grpc_http_response response;
   };

   // Subclasses of base external account credentials need to override this
   // method to implement the specific subject token retrieval logic.
   // Once the subject token is ready, subclasses need to invoke
   // the callback function (cb) to pass the subject token (or error)
   // back.
   virtual void RetrieveSubjectToken(
       HTTPRequestContext* ctx, const Options& options,
       std::function<void(std::string, grpc_error_handle)> cb) = 0;

  private:
   // This method implements the common token fetch logic and it will be called
   // when grpc_oauth2_token_fetcher_credentials request a new access token.
   void fetch_oauth2(grpc_credentials_metadata_request* req,
                     grpc_polling_entity* pollent, grpc_iomgr_cb_func cb,
                     Timestamp deadline) override;

   void OnRetrieveSubjectTokenInternal(absl::string_view subject_token,
                                       grpc_error_handle error);

   void ExchangeToken(absl::string_view subject_token);
   static void OnExchangeToken(void* arg, grpc_error_handle error);
   void OnExchangeTokenInternal(grpc_error_handle error);

   void ImpersenateServiceAccount();
   static void OnImpersenateServiceAccount(void* arg, grpc_error_handle error);
   void OnImpersenateServiceAccountInternal(grpc_error_handle error);

   void FinishTokenFetch(grpc_error_handle error);

   Options options_;
   std::vector<std::string> scopes_;

   OrphanablePtr<HttpRequest> http_request_;
   HTTPRequestContext* ctx_ = nullptr;
   grpc_credentials_metadata_request* metadata_req_ = nullptr;
   grpc_iomgr_cb_func response_cb_ = nullptr;
 };

 }  // namespace grpc_core

 #endif  // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
	//
	// Copyright 2020 gRPC authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//

	#ifndef GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H
	#define GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H

	#include <grpc/support/port_platform.h>

	#include <string>
	#include <vector>

	#include "src/core/lib/json/json.h"
	#include "src/core/lib/security/credentials/oauth2/oauth2_credentials.h"

	namespace grpc_core {

	// Base external account credentials. The base class implements common logic for
	// exchanging external account credentials for GCP access token to authorize
	// requests to GCP APIs. The specific logic of retrieving subject token is
	// implemented in subclasses.
	class ExternalAccountCredentials
	: public grpc_oauth2_token_fetcher_credentials {
	public:
	// External account credentials json interface.
	struct Options {
	std::string type;
	std::string audience;
	std::string subject_token_type;
	std::string service_account_impersonation_url;
	std::string token_url;
	std::string token_info_url;
	Json credential_source;
	std::string quota_project_id;
	std::string client_id;
	std::string client_secret;
	std::string workforce_pool_user_project;
	};

	static RefCountedPtr<ExternalAccountCredentials> Create(
	const Json& json, std::vector<std::string> scopes,
	grpc_error_handle* error);

	ExternalAccountCredentials(Options options, std::vector<std::string> scopes);
	~ExternalAccountCredentials() override;
	std::string debug_string() override;

	protected:
	// This is a helper struct to pass information between multiple callback based
	// asynchronous calls.
	struct HTTPRequestContext {
	HTTPRequestContext(grpc_polling_entity* pollent, Timestamp deadline)
	: pollent(pollent), deadline(deadline) {}
	~HTTPRequestContext() { grpc_http_response_destroy(&response); }

	// Contextual parameters passed from
	// grpc_oauth2_token_fetcher_credentials::fetch_oauth2().
	grpc_polling_entity* pollent;
	Timestamp deadline;

	// Reusable token fetch http response and closure.
	grpc_closure closure;
	grpc_http_response response;
	};

	// Subclasses of base external account credentials need to override this
	// method to implement the specific subject token retrieval logic.
	// Once the subject token is ready, subclasses need to invoke
	// the callback function (cb) to pass the subject token (or error)
	// back.
	virtual void RetrieveSubjectToken(
	HTTPRequestContext* ctx, const Options& options,
	std::function<void(std::string, grpc_error_handle)> cb) = 0;

	private:
	// This method implements the common token fetch logic and it will be called
	// when grpc_oauth2_token_fetcher_credentials request a new access token.
	void fetch_oauth2(grpc_credentials_metadata_request* req,
	grpc_polling_entity* pollent, grpc_iomgr_cb_func cb,
	Timestamp deadline) override;

	void OnRetrieveSubjectTokenInternal(absl::string_view subject_token,
	grpc_error_handle error);

	void ExchangeToken(absl::string_view subject_token);
	static void OnExchangeToken(void* arg, grpc_error_handle error);
	void OnExchangeTokenInternal(grpc_error_handle error);

	void ImpersenateServiceAccount();
	static void OnImpersenateServiceAccount(void* arg, grpc_error_handle error);
	void OnImpersenateServiceAccountInternal(grpc_error_handle error);

	void FinishTokenFetch(grpc_error_handle error);

	Options options_;
	std::vector<std::string> scopes_;

	OrphanablePtr<HttpRequest> http_request_;
	HTTPRequestContext* ctx_ = nullptr;
	grpc_credentials_metadata_request* metadata_req_ = nullptr;
	grpc_iomgr_cb_func response_cb_ = nullptr;
	};

	} // namespace grpc_core

	#endif // GRPC_CORE_LIB_SECURITY_CREDENTIALS_EXTERNAL_EXTERNAL_ACCOUNT_CREDENTIALS_H