GRPC C++  1.26.0
credentials_impl.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2015 gRPC authors.
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef GRPCPP_SECURITY_CREDENTIALS_IMPL_H
20 #define GRPCPP_SECURITY_CREDENTIALS_IMPL_H
21 
22 #include <map>
23 #include <memory>
24 #include <vector>
25 
27 #include <grpcpp/channel_impl.h>
33 #include <grpcpp/support/status.h>
35 
36 struct grpc_call;
37 
38 namespace grpc_impl {
39 
40 class ChannelCredentials;
41 class CallCredentials;
44 
45 std::shared_ptr<Channel> CreateCustomChannelImpl(
46  const grpc::string& target,
47  const std::shared_ptr<ChannelCredentials>& creds,
48  const ChannelArguments& args);
49 
50 namespace experimental {
51 std::shared_ptr<Channel> CreateCustomChannelWithInterceptors(
52  const grpc::string& target,
53  const std::shared_ptr<ChannelCredentials>& creds,
54  const ChannelArguments& args,
55  std::vector<
56  std::unique_ptr<grpc::experimental::ClientInterceptorFactoryInterface>>
57  interceptor_creators);
58 }
59 
67  public:
70 
71  protected:
72  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
73  const std::shared_ptr<ChannelCredentials>& channel_creds,
74  const std::shared_ptr<CallCredentials>& call_creds);
75 
77 
78  private:
79  friend std::shared_ptr<Channel> CreateCustomChannelImpl(
80  const grpc::string& target,
81  const std::shared_ptr<ChannelCredentials>& creds,
82  const ChannelArguments& args);
83 
84  friend std::shared_ptr<Channel>
86  const grpc::string& target,
87  const std::shared_ptr<ChannelCredentials>& creds,
88  const ChannelArguments& args,
89  std::vector<std::unique_ptr<
91  interceptor_creators);
92 
93  virtual std::shared_ptr<Channel> CreateChannelImpl(
94  const grpc::string& target, const ChannelArguments& args) = 0;
95 
96  // This function should have been a pure virtual function, but it is
97  // implemented as a virtual function so that it does not break API.
98  virtual std::shared_ptr<Channel> CreateChannelWithInterceptors(
99  const grpc::string& /*target*/, const ChannelArguments& /*args*/,
100  std::vector<std::unique_ptr<
102  /*interceptor_creators*/) {
103  return nullptr;
104  }
105 };
106 
112  public:
115 
117  virtual bool ApplyToCall(grpc_call* call) = 0;
118 
119  protected:
120  friend std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
121  const std::shared_ptr<ChannelCredentials>& channel_creds,
122  const std::shared_ptr<CallCredentials>& call_creds);
123 
124  friend std::shared_ptr<CallCredentials> CompositeCallCredentials(
125  const std::shared_ptr<CallCredentials>& creds1,
126  const std::shared_ptr<CallCredentials>& creds2);
127 
129 };
130 
139 
143 
148 };
149 
150 // Factories for building different types of Credentials The functions may
151 // return empty shared_ptr when credentials cannot be created. If a
152 // Credentials pointer is returned, it can still be invalid when used to create
153 // a channel. A lame channel will be created then and all rpcs will fail on it.
154 
161 std::shared_ptr<ChannelCredentials> GoogleDefaultCredentials();
162 
164 std::shared_ptr<ChannelCredentials> SslCredentials(
165  const SslCredentialsOptions& options);
166 
173 std::shared_ptr<CallCredentials> GoogleComputeEngineCredentials();
174 
175 constexpr long kMaxAuthTokenLifetimeSecs = 3600;
176 
182 std::shared_ptr<CallCredentials> ServiceAccountJWTAccessCredentials(
183  const grpc::string& json_key,
184  long token_lifetime_seconds = grpc_impl::kMaxAuthTokenLifetimeSecs);
185 
194 std::shared_ptr<CallCredentials> GoogleRefreshTokenCredentials(
195  const grpc::string& json_refresh_token);
196 
205 std::shared_ptr<CallCredentials> AccessTokenCredentials(
206  const grpc::string& access_token);
207 
214 std::shared_ptr<CallCredentials> GoogleIAMCredentials(
215  const grpc::string& authorization_token,
216  const grpc::string& authority_selector);
217 
220 std::shared_ptr<ChannelCredentials> CompositeChannelCredentials(
221  const std::shared_ptr<ChannelCredentials>& channel_creds,
222  const std::shared_ptr<CallCredentials>& call_creds);
223 
225 std::shared_ptr<CallCredentials> CompositeCallCredentials(
226  const std::shared_ptr<CallCredentials>& creds1,
227  const std::shared_ptr<CallCredentials>& creds2);
228 
230 std::shared_ptr<ChannelCredentials> InsecureChannelCredentials();
231 
234  public:
236 
239  virtual bool IsBlocking() const { return true; }
240 
242  virtual const char* GetType() const { return ""; }
243 
250  grpc::string_ref service_url, grpc::string_ref method_name,
251  const grpc::AuthContext& channel_auth_context,
252  std::multimap<grpc::string, grpc::string>* metadata) = 0;
253 };
254 
255 std::shared_ptr<CallCredentials> MetadataCredentialsFromPlugin(
256  std::unique_ptr<MetadataCredentialsPlugin> plugin);
257 
258 namespace experimental {
259 
267  grpc::string resource; // Optional.
268  grpc::string audience; // Optional.
269  grpc::string scope; // Optional.
275 };
276 
314  StsCredentialsOptions* options);
315 
320 
321 std::shared_ptr<CallCredentials> StsCredentials(
322  const StsCredentialsOptions& options);
323 
329  std::vector<grpc::string> target_service_accounts;
330 };
331 
333 std::shared_ptr<ChannelCredentials> AltsCredentials(
334  const AltsCredentialsOptions& options);
335 
337 std::shared_ptr<ChannelCredentials> LocalCredentials(
339 
341 std::shared_ptr<ChannelCredentials> TlsCredentials(
342  const TlsCredentialsOptions& options);
343 
344 } // namespace experimental
345 } // namespace grpc_impl
346 
347 #endif // GRPCPP_SECURITY_CREDENTIALS_IMPL_H
Class encapsulating the Authentication Information.
Definition: auth_context.h:65
Classes that require gRPC to be initialized should inherit from this class.
Definition: grpc_library.h:38
Did it work? If it didn't, why?
Definition: status.h:31
This class is a non owning reference to a string.
Definition: string_ref.h:41
A call credentials object encapsulates the state needed by a client to authenticate with a server for...
Definition: credentials_impl.h:111
friend std::shared_ptr< CallCredentials > CompositeCallCredentials(const std::shared_ptr< CallCredentials > &creds1, const std::shared_ptr< CallCredentials > &creds2)
Combines two call credentials objects into a composite call credentials.
Definition: credentials.h:84
virtual bool ApplyToCall(grpc_call *call)=0
Apply this instance's credentials to call.
virtual SecureCallCredentials * AsSecureCredentials()=0
friend std::shared_ptr< ChannelCredentials > CompositeChannelCredentials(const std::shared_ptr< ChannelCredentials > &channel_creds, const std::shared_ptr< CallCredentials > &call_creds)
Combines a channel credentials and a call credentials into a composite channel credentials.
Definition: credentials.h:77
Options for channel creation.
Definition: channel_arguments_impl.h:43
A channel credentials object encapsulates all the state needed by a client to authenticate with a ser...
Definition: credentials_impl.h:66
virtual SecureChannelCredentials * AsSecureCredentials()=0
friend std::shared_ptr< Channel > CreateCustomChannelImpl(const grpc::string &target, const std::shared_ptr< ChannelCredentials > &creds, const ChannelArguments &args)
friend std::shared_ptr< ChannelCredentials > CompositeChannelCredentials(const std::shared_ptr< ChannelCredentials > &channel_creds, const std::shared_ptr< CallCredentials > &call_creds)
Combines a channel credentials and a call credentials into a composite channel credentials.
Definition: credentials.h:77
User defined metadata credentials.
Definition: credentials_impl.h:233
virtual bool IsBlocking() const
If this method returns true, the Process function will be scheduled in a different thread from the on...
Definition: credentials_impl.h:239
virtual ~MetadataCredentialsPlugin()
Definition: credentials_impl.h:235
virtual const char * GetType() const
Type of credentials this plugin is implementing.
Definition: credentials_impl.h:242
virtual grpc::Status GetMetadata(grpc::string_ref service_url, grpc::string_ref method_name, const grpc::AuthContext &channel_auth_context, std::multimap< grpc::string, grpc::string > *metadata)=0
Gets the auth metatada produced by this plugin.
TLS credentials options, wrapper for grpc_tls_credentials_options.
Definition: tls_credentials_options.h:286
grpc_local_connect_type
Type of local connections for which local channel/server credentials will be applied.
Definition: grpc_security_constants.h:112
struct grpc_call grpc_call
A Call represents an RPC.
Definition: grpc_types.h:70
std::shared_ptr< CallCredentials > StsCredentials(const StsCredentialsOptions &options)
std::shared_ptr< ChannelCredentials > AltsCredentials(const AltsCredentialsOptions &options)
Builds ALTS Credentials given ALTS specific options.
std::shared_ptr< ChannelCredentials > TlsCredentials(const TlsCredentialsOptions &options)
Builds TLS Credentials given TLS options.
std::shared_ptr< ChannelCredentials > LocalCredentials(grpc_local_connect_type type)
Builds Local Credentials.
grpc::Status StsCredentialsOptionsFromJson(const grpc::string &json_string, StsCredentialsOptions *options)
Creates STS Options from a JSON string.
std::shared_ptr<::grpc::Channel > CreateCustomChannelWithInterceptors(const grpc::string &target, const std::shared_ptr< grpc::ChannelCredentials > &creds, const ::grpc::ChannelArguments &args, std::vector< std::unique_ptr< grpc::experimental::ClientInterceptorFactoryInterface >> interceptor_creators)
Create a new custom Channel pointing to target with interceptors being invoked per call.
grpc::Status StsCredentialsOptionsFromEnv(StsCredentialsOptions *options)
Creates STS credentials options from the $STS_CREDENTIALS environment variable.
An Alarm posts the user-provided tag to its associated completion queue or invokes the user-provided ...
Definition: alarm_impl.h:33
std::shared_ptr<::grpc::Channel > CreateCustomChannelImpl(const grpc::string &target, const std::shared_ptr<::grpc::ChannelCredentials > &creds, const ::grpc::ChannelArguments &args)
Create a new custom Channel pointing to target.
std::shared_ptr< ChannelCredentials > InsecureChannelCredentials()
Credentials for an unencrypted, unauthenticated channel.
std::shared_ptr< CallCredentials > CompositeCallCredentials(const std::shared_ptr< CallCredentials > &creds1, const std::shared_ptr< CallCredentials > &creds2)
Combines two call credentials objects into a composite call credentials.
Definition: credentials.h:84
std::shared_ptr< CallCredentials > AccessTokenCredentials(const grpc::string &access_token)
Builds access token credentials.
constexpr long kMaxAuthTokenLifetimeSecs
Definition: credentials_impl.h:175
std::shared_ptr< ChannelCredentials > CompositeChannelCredentials(const std::shared_ptr< ChannelCredentials > &channel_creds, const std::shared_ptr< CallCredentials > &call_creds)
Combines a channel credentials and a call credentials into a composite channel credentials.
Definition: credentials.h:77
std::shared_ptr< ChannelCredentials > GoogleDefaultCredentials()
Builds credentials with reasonable defaults.
std::shared_ptr< CallCredentials > GoogleComputeEngineCredentials()
Builds credentials for use when running in GCE.
std::shared_ptr< CallCredentials > GoogleIAMCredentials(const grpc::string &authorization_token, const grpc::string &authority_selector)
Builds IAM credentials.
std::shared_ptr< ChannelCredentials > SslCredentials(const SslCredentialsOptions &options)
Builds SSL Credentials given SSL specific options.
std::shared_ptr< CallCredentials > GoogleRefreshTokenCredentials(const grpc::string &json_refresh_token)
Builds refresh token credentials.
std::shared_ptr< CallCredentials > ServiceAccountJWTAccessCredentials(const grpc::string &json_key, long token_lifetime_seconds=grpc_impl::kMaxAuthTokenLifetimeSecs)
Builds Service Account JWT Access credentials.
std::shared_ptr< CallCredentials > MetadataCredentialsFromPlugin(std::unique_ptr< MetadataCredentialsPlugin > plugin)
::grpc_impl::SecureChannelCredentials SecureChannelCredentials
Definition: credentials.h:30
::grpc_impl::CallCredentials CallCredentials
Definition: credentials.h:27
::grpc_impl::ChannelCredentials ChannelCredentials
Definition: credentials.h:26
std::string string
Definition: config.h:35
::grpc_impl::SecureCallCredentials SecureCallCredentials
Definition: credentials.h:29
Options used to build SslCredentials.
Definition: credentials_impl.h:132
grpc::string pem_root_certs
The buffer containing the PEM encoding of the server root certificates.
Definition: credentials_impl.h:138
grpc::string pem_private_key
The buffer containing the PEM encoding of the client's private key.
Definition: credentials_impl.h:142
grpc::string pem_cert_chain
The buffer containing the PEM encoding of the client's certificate chain.
Definition: credentials_impl.h:147
Options used to build AltsCredentials.
Definition: credentials_impl.h:325
std::vector< grpc::string > target_service_accounts
service accounts of target endpoint that will be acceptable by the client.
Definition: credentials_impl.h:329
Options for creating STS Oauth Token Exchange credentials following the IETF draft https://tools....
Definition: credentials_impl.h:265
grpc::string token_exchange_service_uri
Definition: credentials_impl.h:266
grpc::string scope
Definition: credentials_impl.h:269
grpc::string resource
Definition: credentials_impl.h:267
grpc::string actor_token_path
Definition: credentials_impl.h:273
grpc::string audience
Definition: credentials_impl.h:268
grpc::string subject_token_type
Definition: credentials_impl.h:272
grpc::string actor_token_type
Definition: credentials_impl.h:274
grpc::string subject_token_path
Definition: credentials_impl.h:271
grpc::string requested_token_type
Definition: credentials_impl.h:270