diff options
Diffstat (limited to 'include/grpc++/credentials.h')
| -rw-r--r-- | include/grpc++/credentials.h | 115 |
1 files changed, 51 insertions, 64 deletions
diff --git a/include/grpc++/credentials.h b/include/grpc++/credentials.h index 12c1a2fc98..c677cc3e0a 100644 --- a/include/grpc++/credentials.h +++ b/include/grpc++/credentials.h @@ -39,29 +39,29 @@ #include <grpc++/config.h> -struct grpc_credentials; - namespace grpc { +class ChannelArguments; +class ChannelInterface; +class SecureCredentials; -// grpc_credentials wrapper class. Typical use in C++ applications is limited -// to creating an instance using CredentialsFactory, and passing it down -// during channel construction. - -class Credentials GRPC_FINAL { +class Credentials { public: - ~Credentials(); + virtual ~Credentials(); - // TODO(abhikumar): Specify a plugin API here to be implemented by - // credentials that do not have a corresponding implementation in C. + protected: + friend std::unique_ptr<Credentials> CompositeCredentials( + const std::unique_ptr<Credentials>& creds1, + const std::unique_ptr<Credentials>& creds2); - private: - explicit Credentials(grpc_credentials*); - grpc_credentials* GetRawCreds(); + virtual SecureCredentials* AsSecureCredentials() = 0; - friend class Channel; - friend class CredentialsFactory; + private: + friend std::shared_ptr<ChannelInterface> CreateChannel( + const grpc::string& target, const std::unique_ptr<Credentials>& creds, + const ChannelArguments& args); - grpc_credentials* creds_; + virtual std::shared_ptr<ChannelInterface> CreateChannel( + const grpc::string& target, const ChannelArguments& args) = 0; }; // Options used to build SslCredentials @@ -79,57 +79,44 @@ struct SslCredentialsOptions { grpc::string pem_cert_chain; }; -// Factory for building different types of Credentials -// The methods may return empty unique_ptr when credentials cannot be created. +// Factories for building different types of Credentials +// The functions may return empty unique_ptr when credentials cannot be created. // If a Credentials pointer is returned, it can still be invalid when used to // create a channel. A lame channel will be created then and all rpcs will // fail on it. -class CredentialsFactory { - public: - // Builds google credentials with reasonable defaults. - // WARNING: Do NOT use this credentials to connect to a non-google service as - // this could result in an oauth2 token leak. - static std::unique_ptr<Credentials> GoogleDefaultCredentials(); - - // Builds SSL Credentials given SSL specific options - static std::unique_ptr<Credentials> SslCredentials( - const SslCredentialsOptions& options); - - // Builds credentials for use when running in GCE - // WARNING: Do NOT use this credentials to connect to a non-google service as - // this could result in an oauth2 token leak. - static std::unique_ptr<Credentials> ComputeEngineCredentials(); - - // Builds service account credentials. - // WARNING: Do NOT use this credentials to connect to a non-google service as - // this could result in an oauth2 token leak. - // json_key is the JSON key string containing the client's private key. - // scope is a space-delimited list of the requested permissions. - // token_lifetime is the lifetime of each token acquired through this service - // account credentials. It should be positive and should not exceed - // grpc_max_auth_token_lifetime or will be cropped to this value. - static std::unique_ptr<Credentials> ServiceAccountCredentials( - const grpc::string& json_key, const grpc::string& scope, - std::chrono::seconds token_lifetime); - - // Builds JWT credentials. - // json_key is the JSON key string containing the client's private key. - // token_lifetime is the lifetime of each Json Web Token (JWT) created with - // this credentials. It should not exceed grpc_max_auth_token_lifetime or - // will be cropped to this value. - static std::unique_ptr<Credentials> JWTCredentials( - const grpc::string& json_key, std::chrono::seconds token_lifetime); - - // Builds IAM credentials. - static std::unique_ptr<Credentials> IAMCredentials( - const grpc::string& authorization_token, - const grpc::string& authority_selector); - - // Combines two credentials objects into a composite credentials - static std::unique_ptr<Credentials> CompositeCredentials( - const std::unique_ptr<Credentials>& creds1, - const std::unique_ptr<Credentials>& creds2); -}; + +// Builds credentials with reasonable defaults. +std::unique_ptr<Credentials> GoogleDefaultCredentials(); + +// Builds SSL Credentials given SSL specific options +std::unique_ptr<Credentials> SslCredentials( + const SslCredentialsOptions& options); + +// Builds credentials for use when running in GCE +std::unique_ptr<Credentials> ComputeEngineCredentials(); + +// Builds service account credentials. +// json_key is the JSON key string containing the client's private key. +// scope is a space-delimited list of the requested permissions. +// token_lifetime is the lifetime of each token acquired through this service +// account credentials. It should be positive and should not exceed +// grpc_max_auth_token_lifetime or will be cropped to this value. +std::unique_ptr<Credentials> ServiceAccountCredentials( + const grpc::string& json_key, const grpc::string& scope, + std::chrono::seconds token_lifetime); + +// Builds IAM credentials. +std::unique_ptr<Credentials> IAMCredentials( + const grpc::string& authorization_token, + const grpc::string& authority_selector); + +// Combines two credentials objects into a composite credentials +std::unique_ptr<Credentials> CompositeCredentials( + const std::unique_ptr<Credentials>& creds1, + const std::unique_ptr<Credentials>& creds2); + +// Credentials for an unencrypted, unauthenticated channel +std::unique_ptr<Credentials> InsecureCredentials(); } // namespace grpc |