IOT credential: Make it configurable via Kconfig

 - Also moved AWS config options from examples to app_common Kconfig

Author: vikramdattu

esp_port/examples/app_common/Kconfig.projbuild

@@ -230,33 +230,73 @@ menu "Common Configs (Wi-Fi, SD-Card, Camera)"
 endmenu
 
 menu "AWS IoT Core Credentials"
+    config IOT_CORE_ENABLE_CREDENTIALS
+        bool "Enable AWS IoT Core credentials for authentication"
+        default y
+        help
+            Enable this option to use AWS IoT Core credentials for authentication.
+            When enabled, the application will use the AWS IoT Core credentials provider
+            to obtain temporary credentials for accessing AWS services.
+            If disabled, application should set access key instead
+
     config AWS_IOT_CORE_CREDENTIAL_ENDPOINT
         string "AWS IoT Core Credential Endpoint"
         default "credential-endpoint.credentials.iot.us-east-1.amazonaws.com"
+        depends on IOT_CORE_ENABLE_CREDENTIALS
         help
             AWS IoT Core credential endpoint to use for credential provider. This is the endpoint used for the AWS IoT credential provider.
 
     config AWS_IOT_CORE_CERT
         string "AWS IoT Core Certificate"
         default "/spiffs/certs/iot-certificate.pem.crt"
+        depends on IOT_CORE_ENABLE_CREDENTIALS
         help
             Path to the AWS IoT Core certificate file. This certificate is used for authenticating with AWS IoT Core.
 
     config AWS_IOT_CORE_PRIVATE_KEY
         string "AWS IoT Core Private Key"
         default "/spiffs/certs/iot-private.pem.key"
+        depends on IOT_CORE_ENABLE_CREDENTIALS
         help
             Path to the AWS IoT Core private key file. This key is used for authenticating with AWS IoT Core.
 
     config AWS_IOT_CORE_ROLE_ALIAS
         string "AWS IoT Core Role Alias"
         default "KVS-WebRTC-Role-Alias"
+        depends on IOT_CORE_ENABLE_CREDENTIALS
         help
             AWS IoT Core role alias to use for credential provider. This role alias is used to assume a role with the necessary permissions.
 
     config AWS_IOT_CORE_THING_NAME
         string "AWS IoT Core Thing Name"
         default "ESP32-WebRTC-Camera"
+        depends on IOT_CORE_ENABLE_CREDENTIALS
         help
             AWS IoT Core thing name. This identifies your device in AWS IoT Core.
+
+    config AWS_KVS_CHANNEL_NAME
+        string "KVS Channel Name"
+        default "ESP32Channel"
+        help
+            The name of the signaling channel to use for WebRTC communication.
+
+    config AWS_ACCESS_KEY_ID
+        string "AWS Access Key ID"
+        default ""
+        depends on !IOT_CORE_ENABLE_CREDENTIALS
+        help
+            AWS Access Key ID for KVS access. Used when not using IoT Core credentials.
+
+    config AWS_SECRET_ACCESS_KEY
+        string "AWS Secret Access Key"
+        default ""
+        depends on !IOT_CORE_ENABLE_CREDENTIALS
+        help
+            AWS Secret Access Key for KVS access. Used when not using IoT Core credentials.
+
+    config AWS_DEFAULT_REGION
+        string "AWS Region"
+        default "us-east-1"
+        help
+            AWS Region for KVS service.
 endmenu

esp_port/examples/app_common/include/sample_config.h

@@ -12,8 +12,6 @@ extern "C" {
 
 #include <com/amazonaws/kinesis/video/webrtcclient/Include.h>
 
-#define IOT_CORE_ENABLE_CREDENTIALS 1
-
 #define NUMBER_OF_H264_FRAME_FILES               60 //1500
 #define NUMBER_OF_H265_FRAME_FILES               1500
 #define NUMBER_OF_OPUS_FRAME_FILES               618

esp_port/examples/app_common/src/sample_config.c

@@ -1,7 +1,9 @@
 
 #include "sample_config.h"
 
-#ifdef IOT_CORE_ENABLE_CREDENTIALS
+#include "sdkconfig.h"
+
+#ifdef CONFIG_IOT_CORE_ENABLE_CREDENTIALS
 #include "iot_credential_provider.h"
 #endif
 
@@ -917,7 +919,7 @@ STATUS createSampleConfiguration(PCHAR channelName, SIGNALING_CHANNEL_ROLE_TYPE
 
     CHK(NULL != (pSampleConfiguration = (PSampleConfiguration) MEMCALLOC(1, SIZEOF(SampleConfiguration))), STATUS_NOT_ENOUGH_MEMORY);
 
-#ifdef IOT_CORE_ENABLE_CREDENTIALS
+#ifdef CONFIG_IOT_CORE_ENABLE_CREDENTIALS
     PCHAR pIotCoreCredentialEndPoint, pIotCoreCert, pIotCorePrivateKey, pIotCoreRoleAlias, pIotCoreCertificateId, pIotCoreThingName;
     CHK_ERR((pIotCoreCredentialEndPoint = GETENV(IOT_CORE_CREDENTIAL_ENDPOINT)) != NULL, STATUS_INVALID_OPERATION,
             "AWS_IOT_CORE_CREDENTIAL_ENDPOINT must be set");
@@ -967,9 +969,9 @@ STATUS createSampleConfiguration(PCHAR channelName, SIGNALING_CHANNEL_ROLE_TYPE
     // CHK_STATUS(lookForSslCert(&pSampleConfiguration));
     pSampleConfiguration->pCaCertPath = DEFAULT_KVS_CACERT_PATH;
 
-#ifdef IOT_CORE_ENABLE_CREDENTIALS
+#ifdef CONFIG_IOT_CORE_ENABLE_CREDENTIALS
     CHK_STATUS(createIotCredentialProvider(pIotCoreCredentialEndPoint, pIotCoreCert, pIotCorePrivateKey, pSampleConfiguration->pCaCertPath,
-                                              pIotCoreRoleAlias, pIotCoreThingName, &pSampleConfiguration->pCredentialProvider));
+                                        pIotCoreRoleAlias, pIotCoreThingName, &pSampleConfiguration->pCredentialProvider));
 #else
     CHK_STATUS(
         createStaticCredentialProvider(pAccessKey, 0, pSecretKey, 0, pSessionToken, 0, MAX_UINT64, &pSampleConfiguration->pCredentialProvider));
@@ -992,7 +994,7 @@ STATUS createSampleConfiguration(PCHAR channelName, SIGNALING_CHANNEL_ROLE_TYPE
 
     pSampleConfiguration->channelInfo.version = CHANNEL_INFO_CURRENT_VERSION;
     pSampleConfiguration->channelInfo.pChannelName = channelName;
-#ifdef IOT_CORE_ENABLE_CREDENTIALS
+#ifdef CONFIG_IOT_CORE_ENABLE_CREDENTIALS
     if ((pIotCoreCertificateId = GETENV(IOT_CORE_CERTIFICATE_ID)) != NULL) {
         pSampleConfiguration->channelInfo.pChannelName = pIotCoreCertificateId;
     }

esp_port/examples/webrtc_classic/main/Kconfig.projbuild

@@ -12,28 +12,4 @@ menu "WebRTC Example Configuration"
         help
             WiFi password (WPA or WPA2) for the example to use.
 
-    config AWS_KVS_CHANNEL_NAME
-        string "KVS Channel Name"
-        default "ESP32Channel"
-        help
-            The name of the signaling channel to use.
-
-    config AWS_ACCESS_KEY_ID
-        string "AWS Access Key ID"
-        default ""
-        help
-            AWS Access Key ID for KVS access.
-
-    config AWS_SECRET_ACCESS_KEY
-        string "AWS Secret Access Key"
-        default ""
-        help
-            AWS Secret Access Key for KVS access.
-
-    config AWS_DEFAULT_REGION
-        string "AWS Region"
-        default "us-west-2"
-        help
-            AWS Region for KVS service.
-
 endmenu

esp_port/examples/webrtc_classic/main/webrtc_main.c

@@ -202,10 +202,7 @@ void app_main(void)
     PCHAR pChannelName = CONFIG_AWS_KVS_CHANNEL_NAME;
 
     // Set AWS credentials
-    setenv("AWS_KVS_LOG_LEVEL", "1", 1);
-    setenv("AWS_DEFAULT_REGION", "us-east-1", 1);
-
-#if IOT_CORE_ENABLE_CREDENTIALS
+#ifdef CONFIG_IOT_CORE_ENABLE_CREDENTIALS
     setenv("AWS_IOT_CORE_CREDENTIAL_ENDPOINT", CONFIG_AWS_IOT_CORE_CREDENTIAL_ENDPOINT, 1);
     setenv("AWS_IOT_CORE_CERT", CONFIG_AWS_IOT_CORE_CERT, 1);
     setenv("AWS_IOT_CORE_PRIVATE_KEY", CONFIG_AWS_IOT_CORE_PRIVATE_KEY, 1);