private Role CreateBuildRole()
{
Role role = IamUtil.CreateRole(
"WakerUpperBuild",
"codebuild.amazonaws.com",
"arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess");
// add permissions not covered by the managed policies
Output <GetPolicyDocumentResult> policyDocument = Output.Create(GetPolicyDocument.InvokeAsync(new GetPolicyDocumentArgs
{
Statements =
{
new GetPolicyDocumentStatementArgs
{
Resources ={ "*" },
Actions =
{
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
},
}
}
}));
RolePolicy policy = new RolePolicy("WakerUpperBuilder", new RolePolicyArgs
{
Role = role.Id,
Policy = policyDocument.Apply(p => p.Json),
});
return(role);
}
private static Role CreateLambdaRole(CustomResourceOptions options)
{
var lambdaRole = new Role("workerLambdaRole", new RoleArgs
{
Name = "WorkerLambdaRole",
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""lambda.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}"
}, options);
var logPolicy = new RolePolicy("workerLambdaLogPolicy", new RolePolicyArgs
{
Name = "Log",
Role = lambdaRole.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents""
],
""Resource"": ""arn:aws:logs:*:*:*""
}]
}"
}, options);
var snsPublishPolicy = new RolePolicy("workerSNSPublishPolicy", new RolePolicyArgs
{
Name = "SNSPublish",
Role = lambdaRole.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""sns:Publish""
],
""Resource"": ""arn:aws:sns:*:*:*""
}]
}"
}, options);
return(lambdaRole);
}
public void RemoveRolePolicy(string rolePolicyId)
{
RolePolicy policy = this.op.Retrieve <RolePolicy>("id", rolePolicyId);
if (policy != null)
{
this.op.Delete(policy);
}
}
public static Role CreateKinesisAnalyticsAppRole()
{
var role = new Role($"{Common.appName}-analytics-app-role", new RoleArgs
{
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""kinesisanalytics.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}",
Tags = Common.tags
});
var policy = new RolePolicy($"{Common.appName}-analytics-app-role-policy", new RolePolicyArgs
{
Role = role.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""kinesis:*""
],
""Resource"": ""*""
},{
""Effect"": ""Allow"",
""Action"": [
""firehose:*""
],
""Resource"": ""*""
},{
""Effect"": ""Allow"",
""Action"": [
""cloudwatch:*""
],
""Resource"": ""*""
},{
""Effect"": ""Allow"",
""Action"": [
""s3:*""
],
""Resource"": ""arn:aws:s3:::*""
}]
}"
});
return(role);
}
public virtual List <RolePolicy> GetUserRolePolicys(string userId, string applicationCode)
{
int num;
int num3;
if (this.ObjectOperator.Retrieve <User>("id", userId) == null)
{
throw new ObjectNotFoundException <User>("UE01-002", "User Not Found");
}
List <UserRole> userRoles = this._am.GetUserRoles(userId);
int count = userRoles.Count;
List <RolePolicy>[] listArray = new List <RolePolicy> [count];
for (num = 0; num < count; num++)
{
listArray[num] = this._am.GetRolePolicys(userRoles[num].RoleId);
}
List <Operation> operations = this._am.GetOperations(applicationCode);
int num4 = operations.Count;
RolePolicy[] source = new RolePolicy[num4];
for (num = 0; num < count; num++)
{
num3 = 0;
while (num3 < num4)
{
if ((source[num3] == null) || (source[num3].State == 0))
{
RolePolicy policy = this.FindRolePolicy(listArray[num], operations[num3].Code);
if (policy != null)
{
source[num3] = policy;
}
}
num3++;
}
}
List <RolePolicy> list3 = source.ToList <RolePolicy>();
for (num3 = 0; num3 < list3.Count; num3++)
{
if (list3[num3] == null)
{
list3.Remove(list3[num3]);
num3--;
}
}
return(list3);
}
public static Role CreateIotThingRole()
{
var role = new Role($"{Common.appName}-iot-thing-role", new RoleArgs
{
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""iot.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}",
Tags = Common.tags
});
var policy = new RolePolicy($"{Common.appName}-iot-thing-role-policy", new RolePolicyArgs
{
Role = role.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""iot:Connect""
],
""Resource"": ""arn:aws:iot:*:client/*""
},{
""Effect"": ""Allow"",
""Action"": [
""iot:Public""
],
""Resource"": ""arn:aws:iot:*:topic/*""
}]
}"
});
return(role);
}
public static Role CreateRedshiftRole()
{
var role = new Role($"{Common.appName}-redshift-role", new RoleArgs
{
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""redshift.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}",
Tags = Common.tags
});
var policy = new RolePolicy($"{Common.appName}-redshift-role-policy", new RolePolicyArgs
{
Role = role.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""s3:*""
],
""Resource"": ""*""
},{
""Effect"": ""Allow"",
""Action"": [
""glue:*""
],
""Resource"": ""*""
}]
}"
});
return(role);
}
public static Role CreateLambdaRole()
{
var lambdaRole = new Role("lambdaRole", new RoleArgs
{
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""lambda.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}",
});
var logPolicy = new RolePolicy("lambdaLogPolicy", new RolePolicyArgs
{
Role = lambdaRole.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents""
],
""Resource"": ""arn:aws:logs:*:*:*""
}]
}"
});
return(lambdaRole);
}
private Role CreateLambdaRole()
{
var lambdaRole = new Role(_logStackLambdaRoleName, new RoleArgs
{
AssumeRolePolicy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Principal\":{\"Service\":\"lambda.amazonaws.com\"},\"Effect\":\"Allow\",\"Sid\":\"\"}]}"
// @"{
// ""Version"": ""2020-08-11"",
// ""Statement"": [
// {
// ""Action"": ""sts:AssumeRole"",
// ""Principal"": {
// ""Service"": ""lambda.amazonaws.com""
// },
// ""Effect"": ""Allow"",
// ""Sid"": """"
// }
// ]
//}"
});
var logPolicy = new RolePolicy("lambdaLogPolicy", new RolePolicyArgs
{
Role = lambdaRole.Id,
Policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"logs:CreateLogGroup\",\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Resource\":\"arn:aws:logs:*:*:*\"}]}"
// @"{
// ""Version"": ""2020-08-11"",
// ""Statement"": [{
// ""Effect"": ""Allow"",
// ""Action"": [
// ""logs:CreateLogGroup"",
// ""logs:CreateLogStream"",
// ""logs:PutLogEvents""
// ],
// ""Resource"": ""arn:aws:logs:*:*:*""
// }]
//}"
});
return(lambdaRole);
}
public RoleResponse AddRole(RoleRequest request)
{
var role = new Role()
{
Name = request.Name,
RoleType = request.RoleType,
CreatedBy = "user",
CreatedDate = DateTime.UtcNow
};
foreach (var plicyId in request.PolicyIds)
{
var resouce = new RolePolicy()
{
PolicyId = plicyId, RoleId = role.RoleId
};
role.RolePolicies.Add(resouce);
}
_dbContext.Role.Add(role);
_dbContext.SaveChanges();
return(_mapper.Map <RoleResponse>(role));
}
public RolePolicy CreateRolePolicy(string roleId, string operationCode, int state)
{
if ((state != 0) && (state != 1))
{
throw new InvalidPolicyStateException("State must be 1 or 0.");
}
if (this.op.Retrieve <Role>("id", roleId) == null)
{
throw new ObjectNotFoundException <Role>("UE01-004", "Role Not Found");
}
if (this.op.Retrieve <Operation>("code", operationCode) == null)
{
throw new ObjectNotFoundException <Operation>("UE01-005", "Operation not found");
}
RolePolicy policy = new RolePolicy
{
RoleId = roleId,
OperationCode = operationCode,
State = state
};
this.op.Insert(policy);
return(policy);
}
public RoleResponse UpdateRole(RoleRequest request, int roleId)
{
try
{
var role = _dbContext.Role.SingleOrDefault(p => p.RoleId == roleId);
if (role == null)
{
throw new ArgumentException("Role Not found.");
}
role.Name = request.Name;
role.RoleType = request.RoleType;
role.LastModifiedBy = "user";
role.IsDeleted = request.IsDeleted;
role.LastModified = DateTime.UtcNow;
// remove existing resouces
var rolePolicies = _dbContext.RolePolicy.Where(p => p.RoleId == roleId);
_dbContext.RolePolicy.RemoveRange(rolePolicies);
foreach (var policyId in request.PolicyIds)
{
var rolePolicy = new RolePolicy()
{
PolicyId = policyId, RoleId = role.RoleId
};
role.RolePolicies.Add(rolePolicy);
}
_dbContext.Attach <Role>(role);
_dbContext.SaveChanges();
return(_mapper.Map <RoleResponse>(role));
}
catch (Exception)
{
throw;
}
}
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews().AddNewtonsoftJson();
// In production, the React files will be served from this directory
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "ClientApp/build";
});
ConfigureDatabase(services);
IConfigurationSection appConfig = Configuration.GetSection("AppConfig");
services.Configure <AppConfig>(appConfig);
RegisterDI.Register(services);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = Configuration.GetSection("AppConfig:JwtIssuer").Get <string>(),
ValidAudience = Configuration.GetSection("AppConfig:JwtAudience").Get <string>(),
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(Configuration.GetSection("AppConfig:Secret").Get <string>())
),
};
});
services.AddAuthorization(config =>
{
config.AddPolicy(RolePolicy.User, RolePolicy.UserPolicy());
config.AddPolicy(RolePolicy.ProductOwner, RolePolicy.ProductOwnerPolicy());
});
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "Issue Tracker",
Description = "Issue Tracker API for Issue Tracker Web",
Contact = new OpenApiContact
{
Name = "Mufid Jamaluddin",
Email = "*****@*****.**",
},
});
string xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
string xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
}
public async Task <bool> UpdateRolePolicyAsync(string realm, string clientId, RolePolicy policy)
{
var response = await GetBaseUrl(realm)
.AppendPathSegment($"/admin/realms/{realm}/clients/{clientId}/authz/resource-server/policy")
.AppendPathSegment(policy.Type == PolicyType.Role ? "/role" : string.Empty)
.AppendPathSegment($"/{policy.Id}")
.PutJsonAsync(policy)
.ConfigureAwait(false);
return(response.IsSuccessStatusCode);
}
public async Task <RolePolicy> CreateRolePolicyAsync(string realm, string clientId, RolePolicy policy)
{
var response = await GetBaseUrl(realm)
.AppendPathSegment($"/admin/realms/{realm}/clients/{clientId}/authz/resource-server/policy")
.AppendPathSegment(policy.Type == PolicyType.Role ? "/role" : string.Empty)
.PostJsonAsync(policy)
.ReceiveJson <RolePolicy>()
.ConfigureAwait(false);
return(response);
}
public AwsStack()
{
var config = new Pulumi.Config();
var deployTo = config.Require("DeployTo");
var tags = new InputMap <string>
{
{ "User:Project", Pulumi.Deployment.Instance.ProjectName },
{ "User:Stack", Pulumi.Deployment.Instance.StackName }
};
// Create an AWS resource (S3 Bucket)
var dataBucket = new Bucket(
$"ne-rpc-demo-data-{deployTo}",
new BucketArgs
{
Tags = tags
}
);
// Create a role to run the lambda
var lambdaRole = new Role("lambdaRole", new RoleArgs
{
AssumeRolePolicy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Action"": ""sts:AssumeRole"",
""Principal"": {
""Service"": ""lambda.amazonaws.com""
},
""Effect"": ""Allow"",
""Sid"": """"
}
]
}"
}
);
var logPolicy = new RolePolicy("lambdaLogPolicy", new RolePolicyArgs
{
Role = lambdaRole.Id,
Policy =
@"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": [
""logs:CreateLogGroup"",
""logs:CreateLogStream"",
""logs:PutLogEvents""
],
""Resource"": ""arn:aws:logs:*:*:*""
}]
}"
});
var bucketPolicy = new RolePolicy("lambdaBucketPolicy", new RolePolicyArgs
{
Role = lambdaRole.Id,
Policy =
Output.Format($@"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
""Effect"": ""Allow"",
""Action"": [
""s3:*""
],
""Resource"": ""{dataBucket.Arn}""
}},
{{
""Effect"": ""Allow"",
""Action"": [
""s3:*""
],
""Resource"": ""{dataBucket.Arn}/*""
}}
]
}}")
});
var quoteFetch = new Function(
"quote-fetch-lambda",
new FunctionArgs
{
Runtime = "dotnetcore3.1",
Code = new FileArchive("../aws-lambda/publish"),
Handler = "aws-lambda::Recumbent.Demo.Aws.AwsLambda::FunctionHandler",
Environment = new FunctionEnvironmentArgs
{
Variables = new InputMap <string>
{
{ "QuoteServerHost", "https://vn651r8t22.execute-api.eu-west-2.amazonaws.com/Prod" },
{ "DataBucket", dataBucket.Id },
}
},
Role = lambdaRole.Arn,
Timeout = 60,
Tags = tags
}
);
// Export useful things
this.DataBucketName = dataBucket.Id;
this.DataBucketArn = dataBucket.Arn;
this.FunctionInvokeArn = quoteFetch.InvokeArn;
}