file_external_account_credentials.cc
Go to the documentation of this file.
1 //
2 // Copyright 2020 gRPC authors.
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 #include <grpc/support/port_platform.h>
17 
18 #include "src/core/lib/security/credentials/external/file_external_account_credentials.h"
19 
20 #include <map>
21 #include <utility>
22 
23 #include "absl/strings/string_view.h"
24 
25 #include <grpc/slice.h>
26 
27 #include "src/core/lib/iomgr/load_file.h"
28 #include "src/core/lib/json/json.h"
29 #include "src/core/lib/slice/slice_internal.h"
30 #include "src/core/lib/slice/slice_refcount.h"
31 
32 namespace grpc_core {
33 
34 RefCountedPtr<FileExternalAccountCredentials>
35 FileExternalAccountCredentials::Create(Options options,
36  std::vector<std::string> scopes,
37  grpc_error_handle* error) {
38  auto creds = MakeRefCounted<FileExternalAccountCredentials>(
39  std::move(options), std::move(scopes), error);
40  if (GRPC_ERROR_IS_NONE(*error)) {
41  return creds;
42  } else {
43  return nullptr;
44  }
45 }
46 
47 FileExternalAccountCredentials::FileExternalAccountCredentials(
48  Options options, std::vector<std::string> scopes, grpc_error_handle* error)
49  : ExternalAccountCredentials(options, std::move(scopes)) {
50  auto it = options.credential_source.object_value().find("file");
51  if (it == options.credential_source.object_value().end()) {
52  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("file field not present.");
53  return;
54  }
55  if (it->second.type() != Json::Type::STRING) {
56  *error =
57  GRPC_ERROR_CREATE_FROM_STATIC_STRING("file field must be a string.");
58  return;
59  }
60  file_ = it->second.string_value();
61  it = options.credential_source.object_value().find("format");
62  if (it != options.credential_source.object_value().end()) {
63  const Json& format_json = it->second;
64  if (format_json.type() != Json::Type::OBJECT) {
65  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
66  "The JSON value of credential source format is not an object.");
67  return;
68  }
69  auto format_it = format_json.object_value().find("type");
70  if (format_it == format_json.object_value().end()) {
71  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
72  "format.type field not present.");
73  return;
74  }
75  if (format_it->second.type() != Json::Type::STRING) {
76  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
77  "format.type field must be a string.");
78  return;
79  }
80  format_type_ = format_it->second.string_value();
81  if (format_type_ == "json") {
82  format_it = format_json.object_value().find("subject_token_field_name");
83  if (format_it == format_json.object_value().end()) {
84  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
85  "format.subject_token_field_name field must be present if the "
86  "format is in Json.");
87  return;
88  }
89  if (format_it->second.type() != Json::Type::STRING) {
90  *error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
91  "format.subject_token_field_name field must be a string.");
92  return;
93  }
94  format_subject_token_field_name_ = format_it->second.string_value();
95  }
96  }
97 }
98 
99 void FileExternalAccountCredentials::RetrieveSubjectToken(
100  HTTPRequestContext* /*ctx*/, const Options& /*options*/,
101  std::function<void(std::string, grpc_error_handle)> cb) {
102  struct SliceWrapper {
103  ~SliceWrapper() { grpc_slice_unref_internal(slice); }
104  grpc_slice slice = grpc_empty_slice();
105  };
106  SliceWrapper content_slice;
107  // To retrieve the subject token, we read the file every time we make a
108  // request because it may have changed since the last request.
109  grpc_error_handle error =
110  grpc_load_file(file_.c_str(), 0, &content_slice.slice);
111  if (!GRPC_ERROR_IS_NONE(error)) {
112  cb("", error);
113  return;
114  }
115  absl::string_view content = StringViewFromSlice(content_slice.slice);
116  if (format_type_ == "json") {
117  Json content_json = Json::Parse(content, &error);
118  if (!GRPC_ERROR_IS_NONE(error) ||
119  content_json.type() != Json::Type::OBJECT) {
120  cb("", GRPC_ERROR_CREATE_FROM_STATIC_STRING(
121  "The content of the file is not a valid json object."));
122  GRPC_ERROR_UNREF(error);
123  return;
124  }
125  auto content_it =
126  content_json.object_value().find(format_subject_token_field_name_);
127  if (content_it == content_json.object_value().end()) {
128  cb("", GRPC_ERROR_CREATE_FROM_STATIC_STRING(
129  "Subject token field not present."));
130  return;
131  }
132  if (content_it->second.type() != Json::Type::STRING) {
133  cb("", GRPC_ERROR_CREATE_FROM_STATIC_STRING(
134  "Subject token field must be a string."));
135  return;
136  }
137  cb(content_it->second.string_value(), GRPC_ERROR_NONE);
138  return;
139  }
140  cb(std::string(content), GRPC_ERROR_NONE);
141 }
142 
143 } // namespace grpc_core
check_grpcio_tools.content
content
Definition: check_grpcio_tools.py:26
regen-readme.it
it
Definition: regen-readme.py:15
GRPC_ERROR_NONE
#define GRPC_ERROR_NONE
Definition: error.h:234
grpc_load_file
grpc_error_handle grpc_load_file(const char *filename, int add_null_terminator, grpc_slice *output)
Definition: load_file.cc:33
grpc_core::Json::type
Type type() const
Definition: src/core/lib/json/json.h:174
load_file.h
grpc_core::Json::Type::OBJECT
@ OBJECT
slice.h
file_external_account_credentials.h
grpc_core
Definition: call_metric_recorder.h:31
options
double_dict options[]
Definition: capstone_test.c:55
absl::string_view
Definition: abseil-cpp/absl/strings/string_view.h:167
grpc_core::StringViewFromSlice
absl::string_view StringViewFromSlice(const grpc_slice &slice)
Definition: slice_internal.h:93
grpc_core::ExternalAccountCredentials::HTTPRequestContext
Definition: external_account_credentials.h:74
testing::internal::string
::std::string string
Definition: bloaty/third_party/protobuf/third_party/googletest/googletest/include/gtest/internal/gtest-port.h:881
error
grpc_error_handle error
Definition: retry_filter.cc:499
grpc_core::ExternalAccountCredentials
Definition: external_account_credentials.h:45
grpc_core::Json::object_value
const Object & object_value() const
Definition: src/core/lib/json/json.h:177
grpc_core::FileExternalAccountCredentials::Create
static RefCountedPtr< FileExternalAccountCredentials > Create(Options options, std::vector< std::string > scopes, grpc_error_handle *error)
Definition: file_external_account_credentials.cc:35
grpc_core::FileExternalAccountCredentials::format_subject_token_field_name_
std::string format_subject_token_field_name_
Definition: file_external_account_credentials.h:50
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
Json
JSON (JavaScript Object Notation).
Definition: third_party/bloaty/third_party/protobuf/conformance/third_party/jsoncpp/json.h:227
slice
grpc_slice slice
Definition: src/core/lib/surface/server.cc:467
grpc_core::FileExternalAccountCredentials::RetrieveSubjectToken
void RetrieveSubjectToken(HTTPRequestContext *ctx, const Options &options, std::function< void(std::string, grpc_error_handle)> cb) override
Definition: file_external_account_credentials.cc:99
grpc_empty_slice
GPRAPI grpc_slice grpc_empty_slice(void)
Definition: slice/slice.cc:42
grpc_slice
Definition: include/grpc/impl/codegen/slice.h:65
json.h
slice_internal.h
grpc_core::FileExternalAccountCredentials::format_type_
std::string format_type_
Definition: file_external_account_credentials.h:49
GRPC_ERROR_CREATE_FROM_STATIC_STRING
#define GRPC_ERROR_CREATE_FROM_STATIC_STRING(desc)
Definition: error.h:291
grpc_core::Json::Parse
static Json Parse(absl::string_view json_str, grpc_error_handle *error)
Definition: json_reader.cc:899
std
Definition: grpcpp/impl/codegen/async_unary_call.h:407
grpc_core::FileExternalAccountCredentials::FileExternalAccountCredentials
FileExternalAccountCredentials(Options options, std::vector< std::string > scopes, grpc_error_handle *error)
Definition: file_external_account_credentials.cc:47
grpc_core::FileExternalAccountCredentials::file_
std::string file_
Definition: file_external_account_credentials.h:48
slice_refcount.h
GRPC_ERROR_UNREF
#define GRPC_ERROR_UNREF(err)
Definition: error.h:262
grpc_error
Definition: error_internal.h:42
function
std::function< bool(GrpcTool *, int, const char **, const CliCredentials &, GrpcToolOutputCallback)> function
Definition: grpc_tool.cc:250
cb
OPENSSL_EXPORT pem_password_cb * cb
Definition: pem.h:351
grpc_core::Json::Type::STRING
@ STRING
grpc_slice_unref_internal
void grpc_slice_unref_internal(const grpc_slice &slice)
Definition: slice_refcount.h:39
grpc_core::ExternalAccountCredentials::Options
Definition: external_account_credentials.h:49
GRPC_ERROR_IS_NONE
#define GRPC_ERROR_IS_NONE(err)
Definition: error.h:241
port_platform.h

grpc
Author(s):
autogenerated on Fri May 16 2025 02:58:23