intermediate changes

ref:40ac71fae6ea311a73473cf4297ca93bf27559c3

1 files changed, 70 insertions, 1 deletions

diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp
index 24145e4d92..2f372ec82a 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/source/internal/AWSHttpResourceClient.cpp
@@ -35,6 +35,7 @@ static const char EC2_IMDS_TOKEN_HEADER[] = "x-aws-ec2-metadata-token";
 static const char RESOURCE_CLIENT_CONFIGURATION_ALLOCATION_TAG[] = "AWSHttpResourceClient";
 static const char EC2_METADATA_CLIENT_LOG_TAG[] = "EC2MetadataClient";
 static const char ECS_CREDENTIALS_CLIENT_LOG_TAG[] = "ECSCredentialsClient";
+static const char SSO_GET_ROLE_RESOURCE[] = "/federation/credentials";
 
 namespace Aws
 {
@@ -160,7 +161,7 @@ namespace Aws
 
                 if (!m_retryStrategy->ShouldRetry(error, retries))
                 {
-                    AWS_LOGSTREAM_ERROR(m_logtag.c_str(), "Can not retrive resource from " << httpRequest->GetURIString());
+                    AWS_LOGSTREAM_ERROR(m_logtag.c_str(), "Can not retrieve resource from " << httpRequest->GetURIString());
                     return {{}, response->GetHeaders(), error.GetResponseCode()};
                 }
                 auto sleepMillis = m_retryStrategy->CalculateDelayBeforeNextRetry(error, retries);
@@ -502,5 +503,73 @@ namespace Aws
             }
             return result;
         }
+
+        static const char SSO_RESOURCE_CLIENT_LOG_TAG[] = "SSOResourceClient";
+        SSOCredentialsClient::SSOCredentialsClient(const Aws::Client::ClientConfiguration& clientConfiguration)
+                : AWSHttpResourceClient(clientConfiguration, SSO_RESOURCE_CLIENT_LOG_TAG)
+        {
+            SetErrorMarshaller(Aws::MakeUnique<Aws::Client::JsonErrorMarshaller>(SSO_RESOURCE_CLIENT_LOG_TAG));
+
+            Aws::StringStream ss;
+            if (clientConfiguration.scheme == Aws::Http::Scheme::HTTP)
+            {
+                ss << "http://";
+            }
+            else
+            {
+                ss << "https://";
+            }
+
+            static const int CN_NORTH_1_HASH = Aws::Utils::HashingUtils::HashString(Aws::Region::CN_NORTH_1);
+            static const int CN_NORTHWEST_1_HASH = Aws::Utils::HashingUtils::HashString(Aws::Region::CN_NORTHWEST_1);
+            auto hash = Aws::Utils::HashingUtils::HashString(clientConfiguration.region.c_str());
+
+            AWS_LOGSTREAM_DEBUG(SSO_RESOURCE_CLIENT_LOG_TAG, "Preparing SSO client for region: " << clientConfiguration.region);
+
+            ss << "portal.sso." << clientConfiguration.region << ".amazonaws.com/federation/credentials";
+            if (hash == CN_NORTH_1_HASH || hash == CN_NORTHWEST_1_HASH)
+            {
+                ss << ".cn";
+            }
+            m_endpoint =  ss.str();
+
+            AWS_LOGSTREAM_INFO(SSO_RESOURCE_CLIENT_LOG_TAG, "Creating SSO ResourceClient with endpoint: " << m_endpoint);
+        }
+
+        SSOCredentialsClient::SSOGetRoleCredentialsResult SSOCredentialsClient::GetSSOCredentials(const SSOGetRoleCredentialsRequest &request)
+        {
+            Aws::StringStream ssUri;
+            ssUri << m_endpoint << SSO_GET_ROLE_RESOURCE;
+
+            std::shared_ptr<HttpRequest> httpRequest(CreateHttpRequest(m_endpoint, HttpMethod::HTTP_GET,
+                                                                       Aws::Utils::Stream::DefaultResponseStreamFactoryMethod));
+
+            httpRequest->SetHeaderValue("x-amz-sso_bearer_token", request.m_accessToken);
+
+            httpRequest->SetUserAgent(ComputeUserAgentString());
+
+            httpRequest->AddQueryStringParameter("account_id", Aws::Utils::StringUtils::URLEncode(request.m_ssoAccountId.c_str()));
+            httpRequest->AddQueryStringParameter("role_name", Aws::Utils::StringUtils::URLEncode(request.m_ssoRoleName.c_str()));
+
+            Aws::String credentialsStr = GetResourceWithAWSWebServiceResult(httpRequest).GetPayload();
+
+            Json::JsonValue credentialsDoc(credentialsStr);
+            AWS_LOGSTREAM_TRACE(SSO_RESOURCE_CLIENT_LOG_TAG, "Raw creds returned: " << credentialsStr);
+            Aws::Auth::AWSCredentials creds;
+            if (!credentialsDoc.WasParseSuccessful())
+            {
+                AWS_LOGSTREAM_ERROR(SSO_RESOURCE_CLIENT_LOG_TAG, "Failed to load credential from running. Error: " << credentialsStr);
+                return SSOGetRoleCredentialsResult{creds};
+            }
+            Utils::Json::JsonView credentialsView(credentialsDoc);
+            auto roleCredentials = credentialsView.GetObject("roleCredentials");
+            creds.SetAWSAccessKeyId(roleCredentials.GetString("accessKeyId"));
+            creds.SetAWSSecretKey(roleCredentials.GetString("secretAccessKey"));
+            creds.SetSessionToken(roleCredentials.GetString("sessionToken"));
+            creds.SetExpiration(roleCredentials.GetInt64("expiration"));
+            SSOCredentialsClient::SSOGetRoleCredentialsResult result;
+            result.creds = creds;
+            return result;
+        }
     }
 }