Support file type of subject token source (#275)

yoshidan · Jun 10, 2024 · 3592656 · 3592656
1 parent e4c7391
commit 3592656
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 1 deletion.
diff --git a/foundation/auth/src/token_source/external_account_source/error.rs b/foundation/auth/src/token_source/external_account_source/error.rs
@@ -35,6 +35,9 @@ pub enum Error {
     #[error(transparent)]
     TimeFormatError(#[from] time::error::Format),
 
+    #[error(transparent)]
+    IoError(#[from] tokio::io::Error),
+
     #[error("Missing Region URL")]
     MissingRegionURL,
 

diff --git a/foundation/auth/src/token_source/external_account_source/file_credential_source.rs b/foundation/auth/src/token_source/external_account_source/file_credential_source.rs
@@ -0,0 +1,39 @@
+use async_trait::async_trait;
+
+use crate::credentials::Format;
+
+use super::{error::Error, subject_token_source::SubjectTokenSource};
+
+pub struct FileCredentialSource {
+    file: String,
+    format: Option<Format>,
+}
+
+impl FileCredentialSource {
+    pub fn new(file: String, format: Option<Format>) -> Self {
+        Self { file, format }
+    }
+
+    async fn read_credential(&self) -> Result<String, Error> {
+        let content = tokio::fs::read_to_string(&self.file).await?;
+        match self.format.as_ref().map(|f| f.tp.as_str()).unwrap_or("") {
+            "json" => {
+                let data: serde_json::Value = serde_json::from_str(&content)?;
+                if let Some(token) = data[&self.format.as_ref().unwrap().subject_token_field_name].as_str() {
+                    Ok(token.to_string())
+                } else {
+                    Err(Error::MissingSubjectTokenFieldName)
+                }
+            }
+            "text" | "" => Ok(content),
+            _ => Err(Error::UnsupportedFormatType),
+        }
+    }
+}
+
+#[async_trait]
+impl SubjectTokenSource for FileCredentialSource {
+    async fn subject_token(&self) -> Result<String, Error> {
+        self.read_credential().await
+    }
+}
diff --git a/foundation/auth/src/token_source/external_account_source/mod.rs b/foundation/auth/src/token_source/external_account_source/mod.rs
@@ -14,6 +14,7 @@ use crate::token_source::{default_http_client, InternalToken, TokenSource};
 
 mod aws_subject_token_source;
 pub mod error;
+mod file_credential_source;
 mod subject_token_source;
 mod url_subject_token_source;
 
@@ -107,8 +108,11 @@ async fn subject_token_source(
     } else if let Some(_) = source.url {
         let ts = url_subject_token_source::UrlSubjectTokenSource::new(source).await?;
         Ok(Box::new(ts))
+    } else if let Some(file) = source.file {
+        let ts = file_credential_source::FileCredentialSource::new(file, source.format);
+        Ok(Box::new(ts))
     } else {
-        // TODO: support file and executable type
+        // TODO: support executable type
         Err(Error::UnsupportedSubjectTokenSource)
     }
 }