public async Task EmittedFactories_PerformAssumeRole_IfArnGiven(
string roleArn,
AssumeRoleResponse response,
Credentials credentials,
IAmazonSecurityTokenService stsClient
)
{
response.Credentials = credentials;
stsClient.AssumeRoleAsync(Any <AssumeRoleRequest>()).Returns(response);
using var generation = await project.GenerateAssembly();
var(assembly, _) = generation;
var factoryType = assembly.GetType("Lambdajection.CompilationTests.AmazonFactories.Handler+LambdajectionConfigurator+S3Factory");
var factory = (IAwsFactory <IAmazonS3>)Activator.CreateInstance(factoryType !, new object[] { stsClient }) !;
var result = await factory.Create(roleArn);
var credentialsProperty = typeof(AmazonServiceClient).GetProperty("Credentials", BindingFlags.NonPublic | BindingFlags.Instance) !;
var actualCredentials = credentialsProperty.GetMethod !.Invoke(result, Array.Empty <object>());
actualCredentials.Should().BeSameAs(credentials);
await stsClient.Received().AssumeRoleAsync(Is <AssumeRoleRequest>(req =>
req.RoleArn == roleArn
));
}
public AWSCredentials GetTenantCredential()
{
string claimType = "custom:tenant-id";
string tierType = "custom:tier";
var tenantId = _claims.Claims.Where(c => c.Type == claimType).FirstOrDefault().Value;
var membership = (MembershipTier)Enum.Parse(typeof(MembershipTier), _claims.Claims
.Where(c => c.Type == tierType).FirstOrDefault().Value);
string template = GetMembershipBasedPolicy(membership);
string dynamicPolicy = template
.Replace("###tenant-id###", tenantId)
.Replace("###table-arn###", "arn:aws:dynamodb:ap-southeast-2:123456789123:table/Animals");
AssumeRoleRequest request = new AssumeRoleRequest();
request.DurationSeconds = 900;
request.RoleArn = "arn:aws:iam::123456789123:role/MyPetApp-SecurityModuleRole";
request.RoleSessionName = $"MyPetApp-Session-{tenantId}";
request.Policy = dynamicPolicy;
return(_sts.AssumeRoleAsync(request).Result.Credentials);
}
private Amazon.SecurityToken.Model.AssumeRoleResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.AssumeRoleRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service (STS)", "AssumeRole");
try
{
#if DESKTOP
return(client.AssumeRole(request));
#elif CORECLR
return(client.AssumeRoleAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
public void SetUpStsClient()
{
StsClient.ClearReceivedCalls();
StsClient.AssumeRoleAsync(Arg.Any <AssumeRoleRequest>()).Returns(new AssumeRoleResponse());
}