// // Copyright 2020 gRPC authors. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // #include <grpc/support/port_platform.h> #include "src/core/lib/security/credentials/external/external_account_credentials.h" #include <stdint.h> #include <string.h> #include <algorithm> #include <initializer_list> #include <map> #include <memory> #include <utility> #include "absl/status/status.h" #include "absl/status/statusor.h" #include "absl/strings/match.h" #include "absl/strings/str_cat.h" #include "absl/strings/str_format.h" #include "absl/strings/str_join.h" #include "absl/strings/str_split.h" #include "absl/strings/strip.h" #include "absl/time/clock.h" #include "absl/time/time.h" #include <grpc/grpc.h> #include <grpc/grpc_security.h> #include <grpc/support/alloc.h> #include <grpc/support/log.h> #include <grpc/support/string_util.h> #include "src/core/lib/gprpp/status_helper.h" #include "src/core/lib/http/httpcli_ssl_credentials.h" #include "src/core/lib/http/parser.h" #include "src/core/lib/security/credentials/credentials.h" #include "src/core/lib/security/credentials/external/aws_external_account_credentials.h" #include "src/core/lib/security/credentials/external/file_external_account_credentials.h" #include "src/core/lib/security/credentials/external/url_external_account_credentials.h" #include "src/core/lib/security/util/json_util.h" #include "src/core/lib/slice/b64.h" #include "src/core/lib/uri/uri_parser.h" #define EXTERNAL_ACCOUNT_CREDENTIALS_GRANT_TYPE … #define EXTERNAL_ACCOUNT_CREDENTIALS_REQUESTED_TOKEN_TYPE … #define GOOGLE_CLOUD_PLATFORM_DEFAULT_SCOPE … namespace grpc_core { namespace { std::string UrlEncode(const absl::string_view& s) { … } // Expression to match: // //iam.googleapis.com/locations/[^/]+/workforcePools/[^/]+/providers/.+ bool MatchWorkforcePoolAudience(absl::string_view audience) { … } } // namespace RefCountedPtr<ExternalAccountCredentials> ExternalAccountCredentials::Create( const Json& json, std::vector<std::string> scopes, grpc_error_handle* error) { … } ExternalAccountCredentials::ExternalAccountCredentials( Options options, std::vector<std::string> scopes) : … { … } ExternalAccountCredentials::~ExternalAccountCredentials() { … } std::string ExternalAccountCredentials::debug_string() { … } // The token fetching flow: // 1. Retrieve subject token - Subclass's RetrieveSubjectToken() gets called // and the subject token is received in OnRetrieveSubjectTokenInternal(). // 2. Exchange token - ExchangeToken() gets called with the // subject token from #1. Receive the response in OnExchangeTokenInternal(). // 3. (Optional) Impersonate service account - ImpersenateServiceAccount() gets // called with the access token of the response from #2. Get an impersonated // access token in OnImpersenateServiceAccountInternal(). // 4. Finish token fetch - Return back the response that contains an access // token in FinishTokenFetch(). // TODO(chuanr): Avoid starting the remaining requests if the channel gets shut // down. void ExternalAccountCredentials::fetch_oauth2( grpc_credentials_metadata_request* metadata_req, grpc_polling_entity* pollent, grpc_iomgr_cb_func response_cb, Timestamp deadline) { … } void ExternalAccountCredentials::OnRetrieveSubjectTokenInternal( absl::string_view subject_token, grpc_error_handle error) { … } void ExternalAccountCredentials::ExchangeToken( absl::string_view subject_token) { … } void ExternalAccountCredentials::OnExchangeToken(void* arg, grpc_error_handle error) { … } void ExternalAccountCredentials::OnExchangeTokenInternal( grpc_error_handle error) { … } void ExternalAccountCredentials::ImpersenateServiceAccount() { … } void ExternalAccountCredentials::OnImpersenateServiceAccount( void* arg, grpc_error_handle error) { … } void ExternalAccountCredentials::OnImpersenateServiceAccountInternal( grpc_error_handle error) { … } void ExternalAccountCredentials::FinishTokenFetch(grpc_error_handle error) { … } } // namespace grpc_core grpc_call_credentials* grpc_external_account_credentials_create( const char* json_string, const char* scopes_string) { … }
Codebase Browser
chromium