#ifndef _RS_IAM_HELPER_H_ #define _RS_IAM_HELPER_H_ #ifdef WIN32 #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers // Windows Header Files: #include #endif // WIN32 #include #include #include #include "RsCredentials.h" #include "RsSettings.h" #include "RsLogger.h" #include "../rsiam.h" #define REDSHIFT_IAM #ifdef WIN32 #include "win_port.h" #endif // WIN32 #ifdef LINUX #include "linux_port.h" #endif /// The connection key used for static AuthType. static const rs_string IAM_AUTH_TYPE_STATIC("Static"); /// The connection key used for profile AuthType. static const rs_string IAM_AUTH_TYPE_PROFILE("Profile"); /// The connection key used for instance profile AuthType. static const rs_string IAM_AUTH_TYPE_INSTANCE_PROFILE("InstanceProfile"); /// The connection key used for plugin AuthType. static const rs_string IAM_AUTH_TYPE_PLUGIN("Plugin"); /// The name for the "require" SSL authorization option. static const rs_string SSL_AUTH_REQUIRE("require"); /// The name for the "verify-ca" SSL authorization option. static const rs_string SSL_AUTH_VERIFY_CA("verify-ca"); /// The name for the "verify-full" SSL authorization option. static const rs_string SSL_AUTH_VERIFY_FULL("verify-full"); using namespace RedshiftODBC; class RsIamHelper { public: /// IAM authentication caches, DbUser, DbPassword, expiration time. static RsCredentials s_iamCredentials; /// The cached connection settings for Iam authentication use. static RsSettings s_rsSettings; // The critical section used for locking cached IAM settings // when getting and setting values. static MUTEX_HANDLE s_iam_helper_criticalSection; // Entry point function from ODBC connection call for IAM static void IamAuthentication(bool isIAMAuth, RS_IAM_CONN_PROPS_INFO *pIamProps, RS_PROXY_CONN_PROPS_INFO *pHttpsProps, RsSettings& settings, RsLogger *logger); // Entry point function from ODBC connection call for Native Auth static void NativePluginAuthentication(bool isIAMAuth, RS_IAM_CONN_PROPS_INFO *pIamProps, RS_PROXY_CONN_PROPS_INFO *pHttpsProps, RsSettings& settings, RsLogger *logger); static char * ReadAuthProfile( bool isIAMAuth, RS_IAM_CONN_PROPS_INFO *pIamProps, RS_PROXY_CONN_PROPS_INFO *pHttpsProps, RsLogger *logger); private: /// @brief Check whether if the cached IAM credentials are still valid /// /// @param in_settings Connection Settings /// /// @return true if the cached IAM credentials are valid, else false static bool IsValidIamCachedSettings(const RsSettings& in_settings, RsLogger *logger, bool isNativeAuth); /// @brief Get cached IAM credentials (if valid) and store it. /// /// @param io_iamCredentials Output Iam Credentials /// @param in_settings Connection Settings /// /// @return true if the cached IAM credentials are valid, else false static bool GetIamCachedSettings( RsCredentials& out_iamCredentials, const RsSettings& in_settings, RsLogger *logger, bool isNativeAuth); /// @brief Set cached IAM credentials (if valid) and store it. /// /// @param in_iamCredentials Input Iam credentials /// @param in_settings Connection Settings static void SetIamCachedSettings( const RsCredentials& in_iamCredentials, const RsSettings& in_settings, RsLogger *logger); /// @brief Update the connection setting, giving the credentials retrieved from Iam authentication /// /// @param in_credentials credentials retrieved from Iam authentication static void UpdateConnectionSettingsWithCredentials( const RsCredentials& in_credentials, RsSettings& settings, bool isNativeAuth); /// @brief Set the connection's IAM related settings on PGOSettings /// /// @param in_connectionSettings Connection settings generated by a call to /// UpdateConnectionSettings(). static void SetIamSettings( bool isIAMAuth, RS_IAM_CONN_PROPS_INFO *pIamProps, RS_PROXY_CONN_PROPS_INFO *pHttpsProps, RsSettings& settings, RsLogger *logger); /// @brief Get the users's key used to cache IAM credentials /// /// @param in_settings Connection Settings /// /// @return The constucted key used to store and retrieve cached IAM credentials. static rs_string GetCacheKey(const RsSettings& in_settings, RsLogger *logger); }; #endif