Add parameters for StsWebIdentity (#199)

awslabs · Sep 26, 2023 · d470acc · d470acc
1 parent b49aea3
commit d470acc
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 11 deletions.
diff --git a/Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift b/Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift
@@ -383,12 +383,20 @@ extension CredentialsProvider.Source {
     ///   - bootstrap: Connection bootstrap to use for any network connections made while sourcing credentials.
     ///   - tlsContext: Client TLS context to use when querying STS web identity provider.
     ///   - fileBasedConfiguration: The file based configuration to read the configuration from.
+    ///   - region: (Optional) region override
+    ///   - roleArn: (Optional) roleArn override
+    ///   - roleSessionName: (Optional) roleSessionName override
+    ///   - tokenFilePath: (Optional) tokenFilePath override
     ///   - shutdownCallback:  (Optional) shutdown callback
     /// - Returns: `CredentialsProvider`
     /// - Throws: CommonRuntimeError.crtError
     public static func `stsWebIdentity`(bootstrap: ClientBootstrap,
                                         tlsContext: TLSContext,
                                         fileBasedConfiguration: FileBasedConfiguration,
+                                        region: String? = nil,
+                                        roleArn: String? = nil,
+                                        roleSessionName: String? = nil,
+                                        tokenFilePath: String? = nil,
                                         shutdownCallback: ShutdownCallback? = nil) -> Self {
         Self {
             let shutdownCallbackCore = ShutdownCallbackCore(shutdownCallback)
@@ -397,9 +405,18 @@ extension CredentialsProvider.Source {
             stsOptions.tls_ctx = tlsContext.rawValue
             stsOptions.config_profile_collection_cached = fileBasedConfiguration.rawValue
             stsOptions.shutdown_options = shutdownCallbackCore.getRetainedCredentialProviderShutdownOptions()
-
-            guard let provider = aws_credentials_provider_new_sts_web_identity(allocator.rawValue,
-                                                                               &stsOptions)
+            guard let provider: UnsafeMutablePointer<aws_credentials_provider> = withByteCursorFromStrings(
+                        region,
+                        roleArn,
+                        roleSessionName,
+                        tokenFilePath, { regionCursor, roleArnCursor, roleSessionNameCursor, tokenFilePathCursor in
+                            stsOptions.region = regionCursor
+                            stsOptions.role_arn = roleArnCursor
+                            stsOptions.role_session_name = roleSessionNameCursor
+                            stsOptions.token_file_path = tokenFilePathCursor
+                            return aws_credentials_provider_new_sts_web_identity(allocator.rawValue,
+                                                                                 &stsOptions)
+                        })
             else {
                 shutdownCallbackCore.release()
                 throw CommonRunTimeError.crtError(CRTError.makeFromLastError())

diff --git a/Source/AwsCommonRuntimeKit/crt/Utilities.swift b/Source/AwsCommonRuntimeKit/crt/Utilities.swift
@@ -265,3 +265,25 @@ func withByteCursorFromStrings<Result>(
         }
     }
 }
+
+func withByteCursorFromStrings<Result>(
+    _ arg1: String?,
+    _ arg2: String?,
+    _ arg3: String?,
+    _ arg4: String?,
+    _ body: (aws_byte_cursor, aws_byte_cursor, aws_byte_cursor, aws_byte_cursor) -> Result
+) -> Result {
+    return withOptionalCString(to: arg1) { arg1C in
+        return withOptionalCString(to: arg2) { arg2C in
+            return withOptionalCString(to: arg3) {arg3c in
+                return withOptionalCString(to: arg4) {arg4c in
+                    return body(
+                        aws_byte_cursor_from_c_str(arg1C),
+                        aws_byte_cursor_from_c_str(arg2C),
+                        aws_byte_cursor_from_c_str(arg3c),
+                        aws_byte_cursor_from_c_str(arg4c))
+                }
+            }
+        }
+    }
+}
diff --git a/Test/AwsCommonRuntimeKitTests/auth/CredentialsProviderTests.swift b/Test/AwsCommonRuntimeKitTests/auth/CredentialsProviderTests.swift
@@ -207,7 +207,17 @@ class CredentialsProviderTests: XCBaseTestCase {
                 tlsContext: getTlsContext(),
                 fileBasedConfiguration: FileBasedConfiguration()))
         )
-
+    }
+
+    func testCreateDestroyStsWebIdentity() async throws {
+        _ = try! CredentialsProvider(source: .stsWebIdentity(
+                bootstrap: getClientBootstrap(),
+                tlsContext: getTlsContext(),
+                fileBasedConfiguration: FileBasedConfiguration(),
+                region: "region",
+                roleArn: "roleArn",
+                roleSessionName: "roleSessionName",
+                tokenFilePath: "tokenFilePath"))
     }
 
     func testCreateDestroyStsInvalidRole() async throws {

diff --git a/aws-common-runtime/aws-c-auth b/aws-common-runtime/aws-c-auth
diff --git a/aws-common-runtime/aws-c-cal b/aws-common-runtime/aws-c-cal
diff --git a/aws-common-runtime/aws-c-common b/aws-common-runtime/aws-c-common
diff --git a/aws-common-runtime/aws-c-event-stream b/aws-common-runtime/aws-c-event-stream
diff --git a/aws-common-runtime/aws-c-http b/aws-common-runtime/aws-c-http
diff --git a/aws-common-runtime/aws-c-io b/aws-common-runtime/aws-c-io
diff --git a/aws-common-runtime/s2n b/aws-common-runtime/s2n
+2 −3		.github/workflows/ci.yml
+18 −0		.github/workflows/handle-stale-discussions.yml
+4 −1		.github/workflows/stale_issue.yml
+1 −8		CMakeLists.txt
+26 −1		include/aws/auth/credentials.h
+31 −18		source/credentials_provider_sts_web_identity.c
+1 −0		tests/CMakeLists.txt
+43 −0		tests/credentials_provider_sts_web_identity_tests.c
+0 −9		CMakeLists.txt
+1 −1		bin/produce_x_platform_fuzz_corpus/CMakeLists.txt
+1 −1		bin/run_x_platform_fuzz_corpus/CMakeLists.txt
+1 −1		bin/sha256_profile/CMakeLists.txt
+1 −1		.clang-tidy
+1 −1		.github/workflows/clang-tidy.yml
+18 −0		.github/workflows/handle-stale-discussions.yml
+3 −0		.github/workflows/stale_issue.yml
+4 −2		CMakeLists.txt
+4 −4		README.md
+36 −0		THIRD-PARTY-LICENSES.txt
+35 −27		cmake/AwsCFlags.cmake
+3 −10		cmake/AwsTestHarness.cmake
+1 −1		include/aws/common/allocator.h
+1 −1		include/aws/common/array_list.h
+4 −2		include/aws/common/date_time.h
+68 −61		include/aws/common/external/cJSON.h
+4,668 −0		include/aws/common/external/ittnotify.h
+5 −3		include/aws/common/hash_table.h
+3 −1		include/aws/common/logging.h
+1 −1		include/aws/common/macros.h
+4 −1		include/aws/common/statistics.h
+1 −1		include/aws/common/uuid.h
+5 −3		include/aws/testing/aws_test_harness.h
+4 −4		source/allocator.c
+2 −2		source/allocator_sba.c
+3 −3		source/date_time.c
+1 −1		source/encoding.c
+2,381 −2,371		source/external/cJSON.c
+1 −1		source/hash_table.c
+9 −7		source/log_formatter.c
+1 −1		source/logging.c
+1 −1		source/memtrace.c
+2 −2		source/posix/clock.c
+2 −4		source/posix/condition_variable.c
+2 −1		source/posix/device_random.c
+5 −3		source/posix/mutex.c
+2 −2		source/posix/system_info.c
+1 −1		source/posix/thread.c
+1 −1		source/process_common.c
+3 −3		source/thread_scheduler.c
+1 −1		source/thread_shared.c
+1 −1		source/windows/system_info.c
+8 −8		tests/math_test.c
+18 −18		tests/uri_test.c
+3 −0		.github/workflows/stale_issue.yml
+2 −0		include/aws/io/io.h
+2 −3		source/darwin/secure_transport_tls_channel_handler.c
+4 −0		source/io.c
+17 −2		source/s2n/s2n_tls_channel_handler.c
+3 −3		source/windows/secure_channel_tls_handler.c