AWSCredentialsProvider that obtains credentials using the AWS IoT Core service. More...

#include <service_credentials_provider.h>

Inheritance diagram for Aws::Auth::IotRoleCredentialsProvider:

Public Member Functions
AWSCredentials	GetAWSCredentials () override

	IotRoleCredentialsProvider (const IotRoleConfig &config)

	IotRoleCredentialsProvider (const IotRoleCredentialsProvider &other)=delete

IotRoleCredentialsProvider &	operator= (const IotRoleCredentialsProvider &other)=delete

	~IotRoleCredentialsProvider () override

Protected Member Functions
bool	IsTimeExpired ()
	Returns true if the credentials have expired. More...

void	Refresh ()
	Refreshes the cached AWS credentials. More...

void	SetCredentials (AWSCredentials &creds_obj)
	Sets the cached credentials. More...

bool	ValidateResponse (Aws::Utils::Json::JsonValue &value)
	Validates the json response from the AWS IoT service. More...

Protected Attributes
Aws::Auth::AWSCredentials	cached_
	Current cached credentials. More...

Private Attributes
IotRoleConfig	config_
	Configuration for connecting to IoT. More...

std::mutex	creds_mutex_
	Mutex to ensure only a single request is outstanding at any given time. More...

std::atomic< double >	expiry_
	Future epoch when the cached credentials will expire. More...

Detailed Description

AWSCredentialsProvider that obtains credentials using the AWS IoT Core service.

Implements the Aws::Auth::AWSCredentialsProvider interface to retrieve credentials from the AWS IoT Core service. In order to be able to retrieve credentials, the provider makes an HTTP request to the iot:CredentialProvider endpoint. Please refer to https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html for more information.

Definition at line 129 of file service_credentials_provider.h.

Constructor & Destructor Documentation

Aws::Auth::IotRoleCredentialsProvider::IotRoleCredentialsProvider ( const IotRoleConfig & config )

Parameters

config Configuration for connecting to the AWS IoT endpoint

Definition at line 317 of file service_credentials_provider.cpp.

Aws::Auth::IotRoleCredentialsProvider::IotRoleCredentialsProvider ( const IotRoleCredentialsProvider & other )

delete

Aws::Auth::IotRoleCredentialsProvider::~IotRoleCredentialsProvider ( )

overridedefault

Member Function Documentation

AWSCredentials Aws::Auth::IotRoleCredentialsProvider::GetAWSCredentials ( )

override

Definition at line 326 of file service_credentials_provider.cpp.

bool Aws::Auth::IotRoleCredentialsProvider::IsTimeExpired ( )

protected

Returns true if the credentials have expired.

Simple helper to check against the system clock if the epoch time has past.

Returns: True if the expiration time has passed

Definition at line 340 of file service_credentials_provider.cpp.

IotRoleCredentialsProvider& Aws::Auth::IotRoleCredentialsProvider::operator= ( const IotRoleCredentialsProvider & other )

delete

void Aws::Auth::IotRoleCredentialsProvider::Refresh ( )

protected

Refreshes the cached AWS credentials.

Refreshes the cached credentials for the provider. The function uses curl to make an HTTP request from the IoT credentials provider endpoint, using client authentication via the cert/key pair. This function acquires the mutex in order to make sure only a single request is outstanding at any given time.

If the timer has not expired, this function will not update the cached creds.

Definition at line 412 of file service_credentials_provider.cpp.

void Aws::Auth::IotRoleCredentialsProvider::SetCredentials ( AWSCredentials & creds_obj )

protected

Sets the cached credentials.

Definition at line 346 of file service_credentials_provider.cpp.

bool Aws::Auth::IotRoleCredentialsProvider::ValidateResponse ( Aws::Utils::Json::JsonValue & value )

protected

Validates the json response from the AWS IoT service.

Validates a JsonValue response from an IoT credentials endpoint. Ensuring that it contains a full set of credentials and logs any problems encountered.