Process Credentials Provider

Package.swift

@@ -279,7 +279,7 @@ packageTargets.append(contentsOf: [
         dependencies: ["AwsCommonRuntimeKit"],
         path: "Test/AwsCommonRuntimeKitTests",
         resources: [
-            .copy("Resources")
+            .process("Resources")
         ]
     ),
     .executableTarget(

Source/AwsCommonRuntimeKit/auth/credentials/CredentialsProvider.swift

@@ -170,6 +170,50 @@ extension CredentialsProvider.Source {
         }
     }
 
+    /// The process credentials provider sources credentials from running a command or process.
+    /// The command to run is sourced from a profile in the AWS config file, using the standard
+    /// profile selection rules. The profile key the command is read from is "credential_process."
+    /// E.g.:
+    ///  [default]
+    ///  credential_process=/opt/amazon/bin/my-credential-fetcher --argsA=abc
+    /// On successfully running the command, the output should be a json data with the following
+    /// format:
+    /// {
+    ///     "Version": 1,
+    ///     "AccessKeyId": "accesskey",
+    ///     "SecretAccessKey": "secretAccessKey"
+    ///     "SessionToken": "....",
+    ///     "Expiration": "2019-05-29T00:21:43Z"
+    /// }
+    /// Version here identifies the command output format version.
+    ///
+    /// - Parameters:
+    ///   - fileBasedConfiguration: The file based configuration to read the configuration from.
+    ///   - profileFileNameOverride: (Optional) Override of what profile to use to source credentials from ('default' by default)
+    ///   - shutdownCallback:  (Optional) shutdown callback
+    /// - Returns: `CredentialsProvider`
+    /// - Throws: CommonRuntimeError.crtError
+    public static func `process`(fileBasedConfiguration: FileBasedConfiguration,
+                                 profileFileNameOverride: String? = nil,
+                                 shutdownCallback: ShutdownCallback? = nil) -> Self {
+        Self {
+            let shutdownCallbackCore = ShutdownCallbackCore(shutdownCallback)
+            var processOptionsC = aws_credentials_provider_process_options()
+            processOptionsC.shutdown_options = shutdownCallbackCore.getRetainedCredentialProviderShutdownOptions()
+            processOptionsC.config_profile_collection_cached = fileBasedConfiguration.rawValue
+            guard let provider: UnsafeMutablePointer<aws_credentials_provider> = withByteCursorFromStrings(
+                    profileFileNameOverride, { profileCursor in
+                processOptionsC.profile_to_use = profileCursor
+                return aws_credentials_provider_new_process(allocator.rawValue, &processOptionsC)
+            })
+            else {
+                shutdownCallbackCore.release()
+                throw CommonRunTimeError.crtError(CRTError.makeFromLastError())
+            }
+            return provider
+        }
+    }
+
     /// Creates a credentials provider that sources credentials from ec2 instance metadata.
     ///
     /// - Parameters:

Test/AwsCommonRuntimeKitTests/Resources/example_profile.txt

@@ -1,8 +1,10 @@
 [default]
 aws_access_key_id = default_access_key_id
 aws_secret_access_key = default_secret_access_key
+credential_process = echo '{"Version": 1, "AccessKeyId": "AccessKey123", "SecretAccessKey": "SecretAccessKey123", "SessionToken": "SessionToken123","Expiration":"2020-02-25T06:03:31Z"}'
 s3 =
   max_concurrent_requests = 20
 [profile crt_user]
 aws_access_key_id = example_access_key_id
-aws_secret_access_key = example_secret_access_key
+aws_secret_access_key = example_secret_access_key
+

Test/AwsCommonRuntimeKitTests/auth/CredentialsProviderTests.swift

@@ -129,6 +129,21 @@ class CredentialsProviderTests: XCBaseTestCase {
         wait(for: [shutdownWasCalled], timeout: 15)
     }
 
+    func testCreateCredentialsProviderProcess() async throws {
+        do {
+            let provider = try CredentialsProvider(source: .process(
+                    fileBasedConfiguration: FileBasedConfiguration(
+                            configFilePath: Bundle.module.path(forResource: "example_profile", ofType: "txt")!),
+                    shutdownCallback: getShutdownCallback()))
+            let credentials = try await provider.getCredentials()
+            XCTAssertNotNil(credentials)
+            XCTAssertEqual("AccessKey123", credentials.getAccessKey())
+            XCTAssertEqual("SecretAccessKey123", credentials.getSecret())
+            XCTAssertEqual("SessionToken123", credentials.getSessionToken())
+        }
+        wait(for: [shutdownWasCalled], timeout: 15)
+    }
+
     func testCreateCredentialsProviderSSO() async throws {
         do {
             let provider = try CredentialsProvider(source: .sso(

Test/AwsCommonRuntimeKitTests/sdkutils/FileBasedConfigurationTests.swift

@@ -13,7 +13,7 @@ class FileBasedConfigurationTests: XCBaseTestCase {
         let fileBasedConfiguration = try FileBasedConfiguration(configFilePath: profilePath, credentialsFilePath: configPath)
         XCTAssertNotNil(fileBasedConfiguration)
         let defaultSection = fileBasedConfiguration.getSection(name: "default", sectionType: .profile)!
-        XCTAssertEqual(defaultSection.propertyCount, 3)
+        XCTAssertEqual(defaultSection.propertyCount, 4)
         let property = defaultSection.getProperty(name: "aws_access_key_id")!
         XCTAssertEqual("accessKey", property.value)