Beispiel #1
0
        public async Task <UserType> DoAction(string RoleARN)
        {
            try
            {
                var creds        = SharedLibrary.Utilities.AssumeRole(RoleARN, RegionEndpoint.USEast1);
                var sessionCreds = new SessionAWSCredentials(creds.AccessKeyId, creds.SecretAccessKey, creds.SessionToken);

                Amazon.IdentityManagement.AmazonIdentityManagementServiceClient client = new Amazon.IdentityManagement.AmazonIdentityManagementServiceClient(sessionCreds);

                GetUserResponse getUserResult;
                bool            userFound = false;
                try
                {
                    getUserResult = await client.GetUserAsync(new GetUserRequest { UserName = Username });

                    userFound = getUserResult.User != null;
                }
                catch { }

                var newPassword = Utilities.RandomString(8);

                if (userFound)
                {
                    try
                    {
                        var getLoginProfileResult = await client.GetLoginProfileAsync(new GetLoginProfileRequest { UserName = Username });

                        if (getLoginProfileResult.LoginProfile != null)
                        {
                            var deleteLoginProfileResult = await client.DeleteLoginProfileAsync(new DeleteLoginProfileRequest { UserName = Username });
                        }
                    }
                    catch (Exception ex)
                    {
                        logger.Debug(ex.Message);
                    }
                    var listAccessKeysResult = client.ListAccessKeysAsync(new ListAccessKeysRequest {
                        UserName = Username
                    }).Result;

                    foreach (var accessKey in listAccessKeysResult.AccessKeyMetadata)
                    {
                        var deleteAccessKeyResult = client.DeleteAccessKeyAsync(new DeleteAccessKeyRequest {
                            AccessKeyId = accessKey.AccessKeyId, UserName = Username
                        }).Result;

                        if (deleteAccessKeyResult.HttpStatusCode == System.Net.HttpStatusCode.OK)
                        {
                            logger.Debug($"Deleted access key {accessKey.AccessKeyId} for user {Username}");
                        }
                    }
                }
                else
                {
                    var createUserResult = await client.CreateUserAsync(new CreateUserRequest { UserName = Username });
                }

                var attachPolicyResult = await client.AttachUserPolicyAsync(new AttachUserPolicyRequest { PolicyArn = "arn:aws:iam::aws:policy/AdministratorAccess", UserName = Username });


                var createLoginProfileResult = await client.CreateLoginProfileAsync(new CreateLoginProfileRequest { Password = newPassword, UserName = Username, PasswordResetRequired = true });

                var createAccessKeyResult = await client.CreateAccessKeyAsync(new CreateAccessKeyRequest { UserName = Username });



                UserType uType = new UserType
                {
                    Username        = Username,
                    Password        = newPassword,
                    AccessKeyId     = createAccessKeyResult.AccessKey.AccessKeyId,
                    SecretAccessKey = createAccessKeyResult.AccessKey.SecretAccessKey
                };

                return(uType);
            }
            catch (Exception ex)
            {
                logger.Error(ex.Message);
                throw;
            }
        }