Adding CRTProfileCredentialsProvider for CRT-based profile credential

src/aws-cpp-sdk-core/include/aws/core/auth/CRTProfileCredentialsProvider.h

@@ -0,0 +1,37 @@
+#pragma once
+
+#include <aws/core/Core_EXPORTS.h>
+#include <aws/core/auth/AWSCredentialsProvider.h>
+//#include <aws/core/auth/AWSCredentials.h>
+//#include <aws/crt/auth/Credentials.h>
+#include <memory>
+
+namespace Aws
+{
+    namespace Auth
+    {
+        /**
+         * CRT-based credentials provider that sources credentials from config files with full SEP compliance.
+         * Supports assume role, credential_source, role chaining, and all SEP scenarios.
+         */
+        class AWS_CORE_API CRTProfileCredentialsProvider : public AWSCredentialsProvider
+        {
+        public:
+            CRTProfileCredentialsProvider();
+            explicit CRTProfileCredentialsProvider(const char* profileName);
+            ~CRTProfileCredentialsProvider();
+
+            CRTProfileCredentialsProvider(const CRTProfileCredentialsProvider&) = delete;
+            CRTProfileCredentialsProvider& operator=(const CRTProfileCredentialsProvider&) = delete;
+
+            AWSCredentials GetAWSCredentials() override;
+
+        protected:
+            void Reload() override;
+
+        private:
+            class Impl;
+            std::shared_ptr<Impl> m_impl;
+        };
+    }
+}

src/aws-cpp-sdk-core/source/auth/CRTProfileCredentialsProvider.cpp

@@ -0,0 +1,78 @@
+#include <aws/core/auth/CRTProfileCredentialsProvider.h>
+#include <aws/core/Globals.h>
+#include <aws/core/platform/Environment.h>
+#include <condition_variable>
+#include <mutex>
+#include <aws/crt/auth/Credentials.h>
+
+using namespace Aws::Auth;
+
+class CRTProfileCredentialsProvider::Impl {
+public:
+    std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> m_crtProvider;
+};
+
+CRTProfileCredentialsProvider::CRTProfileCredentialsProvider()
+    : m_impl(Aws::MakeShared<Impl>("CRTProfileCredentialsProvider")){
+    Aws::Crt::Auth::CredentialsProviderProfileConfig config{};
+    config.Bootstrap = GetDefaultClientBootstrap();
+    auto profileName = Aws::Environment::GetEnv("AWS_PROFILE");
+    if(!profileName.empty()){
+        config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profileName.c_str());
+    }
+    m_impl->m_crtProvider = Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderProfile(config);
+}
+
+CRTProfileCredentialsProvider::CRTProfileCredentialsProvider(const char *profileName)
+    :m_impl(Aws::MakeShared<Impl>("CRTProfileCredentialsProvider")){
+    Aws::Crt::Auth::CredentialsProviderProfileConfig config{};
+    config.Bootstrap = GetDefaultClientBootstrap();
+    if (profileName) {
+        config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profileName);
+    }
+    m_impl->m_crtProvider = Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderProfile(config);
+}
+
+CRTProfileCredentialsProvider::~CRTProfileCredentialsProvider() = default;
+
+AWSCredentials CRTProfileCredentialsProvider::GetAWSCredentials() {
+    if (!m_impl || !m_impl->m_crtProvider) {
+        return AWSCredentials{};
+    }
+    AWSCredentials credentials;
+    std::mutex mtx;
+    std::condition_variable cv;
+    bool done = false;
+
+    m_impl->m_crtProvider->GetCredentials([&](std::shared_ptr<Aws::Crt::Auth::Credentials> crtCreds, int errorCode) {
+        {
+            std::lock_guard<std::mutex> lock(mtx);
+            if (errorCode == 0 && crtCreds) {
+                auto accessKey = crtCreds->GetAccessKeyId();
+                auto secretKey = crtCreds->GetSecretAccessKey();
+                auto sessionToken = crtCreds->GetSessionToken();
+
+                credentials.SetAWSAccessKeyId({reinterpret_cast<char*>(accessKey.ptr), accessKey.len});
+                credentials.SetAWSSecretKey({reinterpret_cast<char*>(secretKey.ptr), secretKey.len});
+                if (sessionToken.len > 0) {
+                    credentials.SetSessionToken({reinterpret_cast<char*>(sessionToken.ptr), sessionToken.len});
+                }
+                auto expiration = crtCreds->GetExpirationTimepointInSeconds();
+                if (expiration > 0) {
+                    credentials.SetExpiration(Aws::Utils::DateTime(static_cast<double>(expiration)));
+                }
+            }
+            done = true;
+        }
+        cv.notify_one();
+    });
+
+    std::unique_lock<std::mutex> lock(mtx);
+    cv.wait_for(lock,std::chrono::milliseconds(5000), [&done]() -> bool { return done;});
+    return credentials;
+}
+
+void CRTProfileCredentialsProvider::Reload() {}
+
+
+

tests/aws-cpp-sdk-core-tests/aws/auth/CRTProfileCredentialsProviderTest.cpp

@@ -0,0 +1,127 @@
+#include <aws/core/auth/CRTProfileCredentialsProvider.h>
+#include <aws/core/platform/Environment.h>
+#include <aws/core/platform/FileSystem.h>
+#include <aws/core/utils/FileSystemUtils.h>
+#include <aws/testing/AwsCppSdkGTestSuite.h>
+#include <fstream>
+
+using namespace Aws::Auth;
+
+class CRTProfileCredentialsProviderTest : public Aws::Testing::AwsCppSdkGTestSuite {
+protected:
+    void SetUp() override {
+        SaveEnv("AWS_CONFIG_FILE");
+        SaveEnv("AWS_SHARED_CREDENTIALS_FILE");
+        SaveEnv("AWS_PROFILE");
+
+        Aws::FileSystem::CreateDirectoryIfNotExists(GetTestDir().c_str());
+        m_configFile = GetTestDir() + "/config";
+        m_credsFile = GetTestDir() + "/credentials";
+
+        Aws::Environment::SetEnv("AWS_CONFIG_FILE", m_configFile.c_str(), 1);
+        Aws::Environment::SetEnv("AWS_SHARED_CREDENTIALS_FILE", m_credsFile.c_str(), 1);
+    }
+
+    void TearDown() override {
+        Aws::FileSystem::RemoveFileIfExists(m_configFile.c_str());
+        Aws::FileSystem::RemoveFileIfExists(m_credsFile.c_str());
+        RestoreEnv();
+    }
+
+    void SaveEnv(const char* name) {
+        m_savedEnv.emplace_back(name, Aws::Environment::GetEnv(name));
+    }
+
+    void RestoreEnv() {
+        for (const auto& pair : m_savedEnv) {
+            if (pair.second.empty()) {
+                Aws::Environment::UnSetEnv(pair.first);
+            } else {
+                Aws::Environment::SetEnv(pair.first, pair.second.c_str(), 1);
+            }
+        }
+    }
+
+    Aws::String GetTestDir() {
+        return Aws::FileSystem::GetHomeDirectory() + "/.aws_test_" + 
+               Aws::Utils::StringUtils::to_string(std::this_thread::get_id());
+    }
+
+    Aws::String m_configFile;
+    Aws::String m_credsFile;
+    Aws::Vector<std::pair<const char*, Aws::String>> m_savedEnv;
+};
+
+TEST_F(CRTProfileCredentialsProviderTest, LoadStaticCredentials) {
+    std::ofstream creds(m_credsFile.c_str());
+    creds << "[default]\n";
+    creds << "aws_access_key_id = AKIATEST123\n";
+    creds << "aws_secret_access_key = SecretKey456\n";
+    creds.close();
+
+    CRTProfileCredentialsProvider provider;
+    auto credentials = provider.GetAWSCredentials();
+
+    EXPECT_STREQ("AKIATEST123", credentials.GetAWSAccessKeyId().c_str());
+    EXPECT_STREQ("SecretKey456", credentials.GetAWSSecretKey().c_str());
+}
+
+TEST_F(CRTProfileCredentialsProviderTest, LoadNamedProfile) {
+    std::ofstream creds(m_credsFile.c_str());
+    creds << "[default]\n";
+    creds << "aws_access_key_id = DefaultKey\n";
+    creds << "aws_secret_access_key = DefaultSecret\n";
+    creds << "\n";
+    creds << "[test-profile]\n";
+    creds << "aws_access_key_id = TestKey\n";
+    creds << "aws_secret_access_key = TestSecret\n";
+    creds.close();
+
+    CRTProfileCredentialsProvider provider("test-profile");
+    auto credentials = provider.GetAWSCredentials();
+
+    EXPECT_STREQ("TestKey", credentials.GetAWSAccessKeyId().c_str());
+    EXPECT_STREQ("TestSecret", credentials.GetAWSSecretKey().c_str());
+}
+
+TEST_F(CRTProfileCredentialsProviderTest, LoadWithSessionToken) {
+    std::ofstream creds(m_credsFile.c_str());
+    creds << "[default]\n";
+    creds << "aws_access_key_id = AKIATEST\n";
+    creds << "aws_secret_access_key = SecretKey\n";
+    creds << "aws_session_token = SessionToken123\n";
+    creds.close();
+
+    CRTProfileCredentialsProvider provider;
+    auto credentials = provider.GetAWSCredentials();
+
+    EXPECT_STREQ("AKIATEST", credentials.GetAWSAccessKeyId().c_str());
+    EXPECT_STREQ("SecretKey", credentials.GetAWSSecretKey().c_str());
+    EXPECT_STREQ("SessionToken123", credentials.GetSessionToken().c_str());
+}
+
+TEST_F(CRTProfileCredentialsProviderTest, MissingProfileReturnsEmpty) {
+    std::ofstream creds(m_credsFile.c_str());
+    creds << "[default]\n";
+    creds << "aws_access_key_id = DefaultKey\n";
+    creds << "aws_secret_access_key = DefaultSecret\n";
+    creds.close();
+
+    CRTProfileCredentialsProvider provider("nonexistent");
+    auto credentials = provider.GetAWSCredentials();
+
+    EXPECT_TRUE(credentials.IsEmpty());
+}
+
+TEST_F(CRTProfileCredentialsProviderTest, ProcessCredentials) {
+    std::ofstream config(m_configFile.c_str());
+    config << "[default]\n";
+    config << "credential_process = echo '{\"Version\": 1, \"AccessKeyId\": \"ProcessKey\", \"SecretAccessKey\": \"ProcessSecret\"}'\n";
+    config.close();
+
+    CRTProfileCredentialsProvider provider;
+    auto credentials = provider.GetAWSCredentials();
+
+    EXPECT_STREQ("ProcessKey", credentials.GetAWSAccessKeyId().c_str());
+    EXPECT_STREQ("ProcessSecret", credentials.GetAWSSecretKey().c_str());
+}