/// <summary>
/// Parse an ARN to extract information on S3 outpost access point or bucket ARN
/// and if it is not found or properly formatted, throw an exception
/// </summary>
/// <param name="arn">The ARN to be parsed into an S3 Outposts resource</param>
/// <param name="config">Used to validate <paramref name="arn"/> </param>
/// <returns>A <see cref="S3OutpostResource"/></returns>
public static IS3Resource ParseOutpost(this Arn arn, AmazonS3ControlConfig config = null)
{
if (string.IsNullOrEmpty(arn.Resource))
{
throw new AmazonClientException("ARN resource can not be null");
}
if (!IsOutpostArn(arn))
{
throw new AmazonClientException("ARN resource does not resemble an outpost access point");
}
var parts = arn.Resource.Split(S3ArnUtils.ArnSplit, 5);
if (parts.Length < 4 || (!string.Equals(parts[2], ResourceTypeAccessPoint) && !string.Equals(parts[2], ResourceTypeBucket)))
{
throw new AmazonClientException("Invalid ARN, outpost resource format is incorrect");
}
if (arn.Region.EndsWith("-fips", StringComparison.OrdinalIgnoreCase))
{
throw new AmazonClientException("Invalid ARN, FIPS region not allowed in ARN");
}
return(new S3OutpostResource(arn)
{
OutpostId = parts[1],
Type = (S3ResourceType)Enum.Parse(typeof(S3ResourceType), parts[2], true),
Name = parts[3],
Key = parts.Length > 4 ? parts[4] : null
});
}
private AmazonS3ControlConfig CreateConfig(string serviceUrl, Flags flags)
{
var clientConfig = new AmazonS3ControlConfig
{
UseDualstackEndpoint = (flags & Flags.Dualstack) != 0,
UseArnRegion = (flags & Flags.UseArnRegion) != 0,
ServiceURL = serviceUrl
};
return(clientConfig);
}
protected IAmazonS3Control CreateClient(AWSCredentials credentials, RegionEndpoint region)
{
var config = new AmazonS3ControlConfig {
RegionEndpoint = region
};
Amazon.PowerShell.Utils.Common.PopulateConfig(this, config);
this.CustomizeClientConfig(config);
var client = new AmazonS3ControlClient(credentials, config);
client.BeforeRequestEvent += RequestEventHandler;
client.AfterResponseEvent += ResponseEventHandler;
return(client);
}
public void ArnIdSetFieldIdNotSet()
{
var outpostArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostArn
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]);
}
public void ArnIdNotSetFieldIdSet()
{
var accessPoint = "myAccessPoint";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var getAccessPointRequest = new GetAccessPointRequest
{
Name = accessPoint,
AccountId = "123456789012"
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]);
}
public void OutpostsBucketInputUSWest2UseArnRegionFalse()
{
var outpostsBucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]);
Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]);
}
public void ListRegionalBucketsTest()
{
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2
};
var listRegionalBucketsRequest = new ListRegionalBucketsRequest
{
OutpostId = "op-01234567890123456",
AccountId = "123456789012"
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(listRegionalBucketsRequest, ListRegionalBucketsRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]);
Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]);
}
public void ListAccessPointsTest()
{
var bucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2
};
var listAccessPointsRequest = new ListAccessPointsRequest
{
Bucket = bucketArn
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(listAccessPointsRequest, ListAccessPointsRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]);
Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]);
}
public void ArnIdNotSetFieldIdNotSetException()
{
var outpostAccessPointName = "myAccessPoint";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostAccessPointName,
};
var exception = Assert.ThrowsException <AmazonS3ControlException>(() => {
S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("AccountId can only contain alphanumeric characters and dashes and must be between 1 and 63 characters long.", exception.Message);
}
public void OutpostsAccessPointInputUSEast1UseArnRegionTrue()
{
var outpostsAccessPointArn = "arn:aws:s3-outposts:us-east-1:123456789012:outpost:op-01234567890123456:accesspoint:myaccesspoint";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2,
UseArnRegion = true
};
var getAccessPointRequest = new GetAccessPointRequest
{
Name = outpostsAccessPointArn
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-east-1.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]);
Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]);
}
public void OutpostsBucketInputUSGovEast1UseArnRegionTrueSystemFips()
{
var outpostsBucketArn = "arn:aws-us-gov:s3-outposts:us-gov-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.GetBySystemName("fips-us-gov-east-1"),
UseArnRegion = true
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-gov-east-1.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]);
Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]);
}
public void CreateBucketTest()
{
var bucketName = "testBucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = false,
RegionEndpoint = RegionEndpoint.USWest2
};
var createBucketRequest = new CreateBucketRequest
{
Bucket = bucketName,
OutpostId = "op-01234567890123456"
};
var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(createBucketRequest, CreateBucketRequestMarshaller.Instance, s3ControlConfig);
Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint);
Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]);
}
public void OutpostsBucketInputUSWest2UseArnRegionTrueInvalidArnException(string outpostsBucketArn)
{
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2,
UseArnRegion = true
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid ARN, outpost resource format is incorrect", exception.Message);
}
public void OutpostsBucketInputUSGovEast1UseArnRegionTrueFipsException()
{
var outpostsBucketArn = "arn:aws-us-gov:s3-outposts:fips-us-gov-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.GetBySystemName("fips-us-gov-east-1"),
UseArnRegion = true
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid configuration Outpost Buckets do not support Fips- regions", exception.Message);
}
public void OutpostsBucketInputUSEast1UseArnRegionFalseCrossRegionError()
{
var outpostsBucketArn = "arn:aws:s3-outposts:us-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2,
UseArnRegion = false
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid configuration, cross region Outpost Bucket ARN", exception.Message);
}
public void OutpostsAccessPointInputCNNorth1UseArnRegionTrueCrossPartitionError()
{
var outpostsAccessPointArn = "arn:aws-cn:s3-outposts:cn-north-1:123456789012:outpost:op-01234567890123456:accesspoint:myaccesspoint";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2,
UseArnRegion = true
};
var getAccessPointRequest = new GetAccessPointRequest
{
Name = outpostsAccessPointArn
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid configuration, cross partition Outpost Access Point ARN", exception.Message);
}
public void ArnIdNotSetFieldIdNotSetInvalidArnException()
{
var accessPointName = "arn:aws:s3-outposts:us-west-2::outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var getAccessPointRequest = new GetAccessPointRequest
{
Name = accessPointName
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid ARN, Account ID not set", exception.Message);
}
public void ArnIdSetFieldIdSetMismatchException()
{
var accessPointName = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var getAccessPointRequest = new GetAccessPointRequest
{
AccountId = "923456789012",
Name = accessPointName
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Account ID mismatch, the Account ID cannot be specified in an ARN and in the accountId field", exception.Message);
}
public void OutpostsBucketInputUSWest2UseArnRegionTrueDualstackException()
{
var outpostsBucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var s3ControlConfig = new AmazonS3ControlConfig
{
RegionEndpoint = RegionEndpoint.USWest2,
UseDualstackEndpoint = true,
UseArnRegion = true
};
var getBucketRequest = new GetBucketRequest
{
Bucket = outpostsBucketArn
};
var exception = Assert.ThrowsException <AmazonClientException>(() =>
{
S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig);
});
Assert.AreEqual("Invalid configuration Outpost Buckets do not support dualstack", exception.Message);
}
public void TestS3OutpostsSignerGetBucket()
{
var signer = new S3Signer();
var bucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket";
var getBucketRequest = new GetBucketRequest
{
Bucket = bucketArn
};
var config = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}
public void TestS3OutpostsSignerCreateAccessPointWithArn()
{
var signer = new S3Signer();
var createAccessPointRequest = new CreateAccessPointRequest
{
Bucket = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket",
Name = "myaccesspoint",
};
var config = new AmazonS3ControlConfig
{
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(createAccessPointRequest, CreateAccessPointRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), "ACCESS", "SECRET");
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}
public void TestS3OutpostsSignerCreateBucket()
{
var signer = new S3Signer();
var createBucketRequest = new CreateBucketRequest
{
Bucket = "test",
OutpostId = "op-123456789012"
};
var config = new AmazonS3ControlConfig
{
SignatureVersion = "4",
UseArnRegion = true,
RegionEndpoint = RegionEndpoint.USWest2
};
var originalAuthService = config.AuthenticationServiceName;
var iRequest = S3ControlArnTestUtils.RunMockRequest(createBucketRequest, CreateBucketRequestMarshaller.Instance, config);
signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", ""));
Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader));
Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts"));
Assert.IsTrue(config.AuthenticationServiceName == originalAuthService);
}
public void S3OutpostBucketARNTests(string bucketNameOrARNInput, string clientRegion, string additionalFlags, string useArnRegion, string expectedEndpoint, string expectedHeaders, string expectedSignedBy)
{
Console.WriteLine(string.Join(" | ", bucketNameOrARNInput, clientRegion, additionalFlags, useArnRegion, expectedEndpoint, expectedHeaders, expectedSignedBy));
Console.WriteLine();
// ARRANGE
// expectedEndpoint can be overloaded with the expected error message
var expectSuccess = expectedEndpoint.Contains("amazonaws.com");
// outputs to assert against:
IRequest s3Request = null;
Exception exception = null;
var request = new GetBucketRequest
{
Bucket = bucketNameOrARNInput,
AccountId = "123456789012"
};
var config = new AmazonS3ControlConfig
{
RegionEndpoint = clientRegion == "" ? null : RegionEndpoint.GetBySystemName(clientRegion),
UseArnRegion = useArnRegion == "" ? false : bool.Parse(useArnRegion)
};
if (additionalFlags.Contains("dualstack"))
{
config.UseDualstackEndpoint = true;
}
if (additionalFlags.Contains("fips"))
{
config.UseFIPSEndpoint = true;
}
if (additionalFlags.Contains("accelerate") && !expectSuccess)
{
// S3 Control Config does not allow setting accelerate, so it will not generate the expected error
return;
}
// ACT
try
{
s3Request = S3ControlArnTestUtils.RunMockRequest(request, GetBucketRequestMarshaller.Instance, config);
Console.WriteLine(s3Request.Endpoint.ToString());
Console.WriteLine();
}
catch (Exception e)
{
exception = e;
}
// ASSERT
if (expectSuccess)
{
Assert.IsNull(exception, exception?.Message + "\r\n" + exception?.StackTrace);
Assert.IsNotNull(s3Request);
AssertExtensions.UrlSuffixMatches(expectedEndpoint, s3Request.Endpoint);
AssertExtensions.ContainsHeaders(SpecMarkdownTestDataHelper.ParseExpectedHeaders(expectedHeaders), s3Request.Headers);
}
else
{
Assert.IsNull(s3Request);
Assert.IsNotNull(exception);
// reminder, expectedEndpoint also contains expected error message.
AssertExtensions.AssertAreSameWithEmbellishments(expectedEndpoint, exception.Message);
}
}
public static IRequest RunMockRequest(AmazonWebServiceRequest request, IMarshaller <IRequest, AmazonWebServiceRequest> marshaller, AmazonS3ControlConfig config)
{
var pipeline = new RuntimePipeline(new List <IPipelineHandler>
{
new NoopPipelineHandler(),
new AmazonS3ControlPostMarshallHandler(),
new Marshaller(),
new AmazonS3ControlPreMarshallHandler()
});
var requestContext = new RequestContext(config.LogMetrics, new AWS4Signer())
{
ClientConfig = config,
Marshaller = marshaller,
OriginalRequest = request,
Unmarshaller = null,
IsAsync = false
};
var executionContext = new ExecutionContext(
requestContext,
new ResponseContext()
);
pipeline.InvokeSync(executionContext);
return(requestContext.Request);
}
