bes Updated for version 3.20.13
NgapS3Credentials.cc
1// -*- mode: c++; c-basic-offset:4 -*-
2
3// This file is part of the Hyrax data server.
4
5// Copyright (c) 2020 OPeNDAP, Inc.
6// Author: Nathan Potter <ndp@opendap.org>
7//
8// This library is free software; you can redistribute it and/or
9// modify it under the terms of the GNU Lesser General Public
10// License as published by the Free Software Foundation; either
11// version 2.1 of the License, or (at your option) any later version.
12//
13// This library is distributed in the hope that it will be useful,
14// but WITHOUT ANY WARRANTY; without even the implied warranty of
15// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16// Lesser General Public License for more details.
17//
18// You should have received a copy of the GNU Lesser General Public
19// License along with this library; if not, write to the Free Software
20// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21//
22// You can contact OPeNDAP, Inc. at PO Box 112, Saunderstown, RI. 02874-0112.
23
24#include "rapidjson/document.h"
25#include "rapidjson/writer.h"
26#include "rapidjson/stringbuffer.h"
27
28#include <BESError.h>
29#include <BESDebug.h>
30
31#include "CurlUtils.h"
32
33#include "NgapS3Credentials.h"
34#include "DmrppNames.h"
35
36using std::string;
37using std::endl;
38
39#define AWS_ACCESS_KEY_ID_KEY "accessKeyId"
40#define AWS_SECRET_ACCESS_KEY_KEY "secretAccessKey"
41#define AWS_SESSION_TOKEN_KEY "sessionToken"
42#define AWS_EXPIRATION_KEY "expiration"
43
44#define prolog std::string("NgapS3Credentials::").append(__func__).append("() - ")
45
46// Scope: public members of AccessCredentials
47const string NgapS3Credentials::AWS_SESSION_TOKEN = "aws_session_token";
48const string NgapS3Credentials::AWS_TOKEN_EXPIRATION = "aws_token_expiration";
49const string NgapS3Credentials::BES_CONF_S3_ENDPOINT_KEY = "NGAP.S3.distribution.endpoint.url";
50const string NgapS3Credentials::BES_CONF_REFRESH_KEY = "NGAP.S3.refresh.margin";
51const string NgapS3Credentials::BES_CONF_URL_BASE = "NGAP.s3.url.base";
52
53
54bool NgapS3Credentials::is_s3_cred() { return true; }
55
56string NgapS3Credentials::get(const std::string &key) {
57 if (needs_refresh()) {
59 }
60 return AccessCredentials::get(key);
61}
62
70
71 string accessKeyId, secretAccessKey, sessionToken, expiration;
72
73 BESDEBUG(MODULE, prolog << "distribution_api_endpoint: " << distribution_api_endpoint << endl);
74
75 rapidjson::Document d = curl::http_get_as_json(distribution_api_endpoint);
76 BESDEBUG(MODULE, prolog << "S3 Credentials:" << endl);
77
78 rapidjson::Value &val = d[AWS_ACCESS_KEY_ID_KEY];
79 accessKeyId = val.GetString();
80 add(ID_KEY, accessKeyId);
81 BESDEBUG(MODULE, prolog << AWS_ACCESS_KEY_ID_KEY << ": " << accessKeyId << endl);
82
83 val = d[AWS_SECRET_ACCESS_KEY_KEY];
84 secretAccessKey = val.GetString();
85 add(KEY_KEY, secretAccessKey);
86 BESDEBUG(MODULE, prolog << AWS_SECRET_ACCESS_KEY_KEY << ": " << secretAccessKey << endl);
87
88 val = d[AWS_SESSION_TOKEN_KEY];
89 sessionToken = val.GetString();
90 add(AWS_SESSION_TOKEN, sessionToken);
91 BESDEBUG(MODULE, prolog << AWS_SESSION_TOKEN_KEY << ": " << sessionToken << endl);
92
93 val = d[AWS_EXPIRATION_KEY];
94 expiration = val.GetString();
95 add(AWS_TOKEN_EXPIRATION, expiration);
96 BESDEBUG(MODULE, prolog << AWS_EXPIRATION_KEY << ": " << expiration << endl);
97
98 // parse the time string into a something useful -------------------------------------------------------
99 struct tm tm;
100 // 2020-02-18 13:49:30+00:00
101 strptime(expiration.c_str(), "%Y-%m-%d %H:%M:%S%z", &tm);
102 d_expiration_time = mktime(&tm); // t is now your desired time_t
103 BESDEBUG(MODULE, prolog << "expiration(time_t): " << d_expiration_time << endl);
104
105}
106
107
108
void add(const std::string &key, const std::string &value)
Add the key and value pair.
virtual std::string get(const std::string &key)
std::string get(const std::string &key)
virtual bool is_s3_cred()
Do the URL, ID, Key amd Region items make up an S3 Credential?