feat: add process credential provider

Sources/Core/AWSClientRuntime/Auth/CredentialsProviders/ProcessCredentialsProvider.swift

@@ -0,0 +1,50 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import AwsCommonRuntimeKit
+import ClientRuntime
+import Foundation
+
+/// The process credentials provider sources credentials from running a command or process.
+/// The command to run is sourced from a profile in the AWS config file, using the standard
+/// profile selection rules. The profile key the command is read from is "credential_process."
+/// E.g.:
+///  [default]
+///  credential_process=/opt/amazon/bin/my-credential-fetcher --argsA=abc
+/// On successfully running the command, the output should be a json data with the following
+/// format:
+/// {
+///     "Version": 1,
+///     "AccessKeyId": "accesskey",
+///     "SecretAccessKey": "secretAccessKey"
+///     "SessionToken": "....",
+///     "Expiration": "2019-05-29T00:21:43Z"
+/// }
+/// Version here identifies the command output format version.
+public struct ProcessCredentialsProvider: CredentialsSourcedByCRT {
+    let crtCredentialsProvider: CRTCredentialsProvider
+
+    /// Creates a credentials provider that gets credentials from running a command or process.
+    ///
+    /// - Parameters:
+    ///   - fileBasedConfiguration: The file based configuration to read the configuration from.
+    ///   - profileFileNameOverride: (Optional) Override of what profile to use to source credentials from ('default' by default)
+    public init(
+        profileName: String? = nil,
+        configFilePath: String? = nil,
+        credentialsFilePath: String? = nil
+    ) throws {
+        let fileBasedConfig = try CRTFileBasedConfiguration(
+            configFilePath: configFilePath,
+            credentialsFilePath: credentialsFilePath
+        )
+        self.crtCredentialsProvider = try CRTCredentialsProvider(source: .process(
+            fileBasedConfiguration: fileBasedConfig,
+            profileFileNameOverride: profileName
+        ))
+    }
+}

Tests/Core/AWSClientRuntimeTests/Auth/CredentialsProvidersTests/ProcessCredentialsProviderTests.swift

@@ -0,0 +1,46 @@
+//
+// Copyright Amazon.com Inc. or its affiliates.
+// All Rights Reserved.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+
+import ClientRuntime
+import Foundation
+import XCTest
+
+@_spi(FileBasedConfig) @testable import AWSClientRuntime
+
+// Test fails on CI build with macos-11, Xcode_13.2.1, platform=iOS Simulator but not on later versions
+// ProcessCredentialsProvider is not useful on iOS platform so this test will remain disabled for now
+#if !os(iOS)
+class ProcessCredentialsProviderTests: XCTestCase {
+    let configPath = Bundle.module.path(forResource: "config", ofType: nil)!
+    let credentialsPath = Bundle.module.path(forResource: "credentials", ofType: nil)!
+
+    func testGetCredentialsWithDefaultProfile() async {
+        let subject = try! ProcessCredentialsProvider(
+            configFilePath: configPath,
+            credentialsFilePath: credentialsPath
+        )
+        let credentials = try! await subject.getCredentials()
+
+        XCTAssertEqual("AccessKey123", credentials.accessKey)
+        XCTAssertEqual("SecretAccessKey123", credentials.secret)
+        XCTAssertEqual("SessionToken123", credentials.sessionToken)
+    }
+
+    func testGetCredentialsWithNamedProfileFromConfigFile() async {
+        let subject = try! ProcessCredentialsProvider(
+            profileName: "credentials-process-config-tests-profile",
+            configFilePath: configPath,
+            credentialsFilePath: credentialsPath
+        )
+        let credentials = try! await subject.getCredentials()
+
+        XCTAssertEqual("AccessKey123", credentials.accessKey)
+        XCTAssertEqual("SecretAccessKey123", credentials.secret)
+        XCTAssertEqual("SessionToken123", credentials.sessionToken)
+    }
+}
+#endif

Tests/Core/AWSClientRuntimeTests/Resources/config

@@ -1,7 +1,13 @@
 [default]
 aws_access_key_id = access_key_default_config
 aws_secret_access_key = secret_default_config
+credential_process = echo '{"Version": 1, "AccessKeyId": "AccessKey123", "SecretAccessKey": "SecretAccessKey123", "SessionToken": "SessionToken123","Expiration":"2020-02-25T06:03:31Z"}'
 
 [profile credentials-provider-config-tests-profile]
 aws_access_key_id = access_key_profile_config
 aws_secret_access_key = secret_profile_config
+
+[profile credentials-process-config-tests-profile]
+aws_access_key_id = access_key_profile_config
+aws_secret_access_key = secret_profile_config
+credential_process = echo '{"Version": 1, "AccessKeyId": "AccessKey123", "SecretAccessKey": "SecretAccessKey123", "SessionToken": "SessionToken123","Expiration":"2020-02-25T06:03:31Z"}'