public static string CreateRoleIfNotExists(IAmazonIdentityManagementService iamClient, string roleName, string assumeRolePolicyDocument, bool waitForEventualConsistency = true)
{
AutoResetEvent ars = new AutoResetEvent(false);
Exception responseException = new Exception();
Role role = GetRoleIfExists(iamClient, roleName);
if (role != null && !string.IsNullOrEmpty(role.Arn))
{
return role.Arn;
}
iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = assumeRolePolicyDocument
}, (response) =>
{
responseException = response.Exception;
if (responseException == null)
{
role = response.Response.Role;
}
ars.Set();
}, new AsyncOptions { ExecuteCallbackOnMainThread = false });
ars.WaitOne();
Assert.IsNull(responseException);
if (waitForEventualConsistency)
{
// Wait for eventual consistency of IAM role:
Thread.Sleep(TimeSpan.FromSeconds(10));
}
return role.Arn;
}
public static string CreateRoleIfNotExists(IAmazonIdentityManagementService iamClient, string roleName, string assumeRolePolicyDocument, bool waitForEventualConsistency = true)
{
AutoResetEvent ars = new AutoResetEvent(false);
Exception responseException = new Exception();
Role role = GetRoleIfExists(iamClient, roleName);
if (role != null && !string.IsNullOrEmpty(role.Arn))
{
return(role.Arn);
}
iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = assumeRolePolicyDocument
}, (response) =>
{
responseException = response.Exception;
if (responseException == null)
{
role = response.Response.Role;
}
ars.Set();
}, new AsyncOptions {
ExecuteCallbackOnMainThread = false
});
ars.WaitOne();
Assert.IsNull(responseException);
if (waitForEventualConsistency)
{
// Wait for eventual consistency of IAM role:
Thread.Sleep(TimeSpan.FromSeconds(10));
}
return(role.Arn);
}
public async Task <Role> EnsureRoleExistsAsync(RoleName roleName)
{
var identityResponse =
await _securityTokenServiceClient.GetCallerIdentityAsync(new GetCallerIdentityRequest());
var accountArn = new AwsAccountArn(identityResponse.Account);
var request = CreateRoleRequest(accountArn, roleName);
try
{
var response = await _client.CreateRoleAsync(request);
if (response.HttpStatusCode != HttpStatusCode.OK)
{
var metadata = string.Join(", ",
response.ResponseMetadata.Metadata.Select(m => $"{m.Key}:{m.Value}"));
throw new Exception(
$"Error creating role: \"{roleName}\". Status code was {response.HttpStatusCode}, metadata: {metadata}");
}
return(response.Role);
}
catch (EntityAlreadyExistsException)
{
// Role exists we are happy
var getRoleRequest = new GetRoleRequest {
RoleName = roleName
};
var getRoleResponse = await _client.GetRoleAsync(getRoleRequest);
return(getRoleResponse.Role);
}
}
/// <summary>
/// Create the role if it's not there already.
/// Return true if it already existed.
/// </summary>
/// <returns></returns>
private async Task <bool> ValidateAndSetIamRoleArn(IAmazonIdentityManagementService iamClient)
{
var getRoleRequest = new GetRoleRequest
{
RoleName = ExecutionRoleName
};
try
{
ExecutionRoleArn = (await iamClient.GetRoleAsync(getRoleRequest)).Role.Arn;
return(true);
}
catch (NoSuchEntityException)
{
// create the role
var createRoleRequest = new CreateRoleRequest
{
RoleName = ExecutionRoleName,
Description = "Test role for CustomRuntimeTests.",
AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY
};
ExecutionRoleArn = (await iamClient.CreateRoleAsync(createRoleRequest)).Role.Arn;
// Wait for role to propagate.
await Task.Delay(10000);
return(false);
}
}
public void CreateLambdaFunction(string functionName, string iamRoleName, out string iamRoleArn, out string functionArn)
{
var iamCreateResponse = iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = iamRoleName,
AssumeRolePolicyDocument = LAMBDA_ASSUME_ROLE_POLICY
}).Result;
iamRoleArn = iamCreateResponse.Role.Arn;
var statement = new Amazon.Auth.AccessControlPolicy.Statement(
Amazon.Auth.AccessControlPolicy.Statement.StatementEffect.Allow);
statement.Actions.Add(S3ActionIdentifiers.PutObject);
statement.Actions.Add(S3ActionIdentifiers.GetObject);
statement.Resources.Add(new Resource("*"));
var policy = new Amazon.Auth.AccessControlPolicy.Policy();
policy.Statements.Add(statement);
iamClient.PutRolePolicyAsync(new PutRolePolicyRequest
{
RoleName = iamRoleName,
PolicyName = "admin",
PolicyDocument = policy.ToJson()
}).Wait();
MemoryStream stream = GetScriptStream();
var uploadRequest = new CreateFunctionRequest
{
FunctionName = functionName,
Code = new FunctionCode
{
ZipFile = stream
},
Handler = "helloworld.handler",
//Mode = Mode.Event,
Runtime = Runtime.Nodejs,
Role = iamCreateResponse.Role.Arn
};
var uploadResponse = UtilityMethods.WaitUntilSuccess(() => Client.CreateFunctionAsync(uploadRequest).Result);
createdFunctionNames.Add(functionName);
Assert.IsTrue(uploadResponse.CodeSize > 0);
Assert.IsNotNull(uploadResponse.FunctionArn);
functionArn = uploadResponse.FunctionArn;
}
static async Task <(string roleArn, string roleName, Func <Task> roleCleanup)> CreateRole(
IAmazonIdentityManagementService iamClient,
string timestamp,
string name,
CancellationToken cancellationToken)
{
var assumeRolePolicyDocument = Policies.CreateLambdaAssumeRolePolicy().ToJson();
var roleName = $"Beetles_{name}_{timestamp}";
var policyName = $"Beetles_{name}_{timestamp}";
var role = await iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = assumeRolePolicyDocument
}, cancellationToken);
var roleArn = role.Role.Arn;
await iamClient.PutRolePolicyAsync(new PutRolePolicyRequest
{
PolicyName = policyName,
RoleName = role.Role.RoleName,
PolicyDocument = Policies.CreateLambdaCloudWatchLogsPolicy().ToJson()
}, cancellationToken);
return(roleArn, role.Role.RoleName, async() =>
{
await iamClient.DeleteRolePolicyAsync(new DeleteRolePolicyRequest
{
RoleName = role.Role.RoleName,
PolicyName = policyName
});
await iamClient.DeleteRoleAsync(new DeleteRoleRequest {
RoleName = role.Role.RoleName
});
});
}
private Amazon.IdentityManagement.Model.CreateRoleResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.CreateRoleRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "CreateRole");
try
{
#if DESKTOP
return(client.CreateRole(request));
#elif CORECLR
return(client.CreateRoleAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
public async Task <string> CreateIamRole(IAmazonIdentityManagementService iamClient, string roleName,
string region)
{
try
{
Console.WriteLine("Creating IAM Role");
CreateRoleResponse response = await iamClient.CreateRoleAsync(new CreateRoleRequest()
{
RoleName = roleName,
AssumeRolePolicyDocument =
string.Format(AwsResourceConstant.RolePolicyFormat, GetServiceName(region)),
Description = "Created via AWS Timestream sample"
});
Console.WriteLine($"The ARN of the role is : {response.Role.Arn}");
// Wait for the role to be available
Thread.Sleep(2000);
return(response.Role.Arn);
}
catch (EntityAlreadyExistsException)
{
Console.WriteLine("Role already exists");
GetRoleResponse getRoleResponse = await iamClient.GetRoleAsync(new GetRoleRequest()
{
RoleName = roleName
});
return(getRoleResponse.Role.Arn);
}
catch (Exception e)
{
Console.WriteLine($"IAM role creation failed: {e}");
throw;
}
}
public void TestPipelineOperations()
{
var inputBucket = UtilityMethods.CreateBucketAsync(s3Client).Result;
var outputBucket = UtilityMethods.CreateBucketAsync(s3Client).Result;
var pipelineName = "sdktest-pipeline" + DateTime.Now.Ticks;
var roleName = "sdktest-ets-role" + DateTime.Now.Ticks;
var policyName = "Access_Policy";
try
{
// Create a role with trust policy
var role = iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = TrustPolicy
}).Result.Role;
// Set access policy
iamClient.PutRolePolicyAsync(new PutRolePolicyRequest
{
RoleName = roleName,
PolicyDocument = AccessPolicy,
PolicyName = policyName
}).Wait();
Client.ListPipelinesAsync().Wait();
// Create Pipeline
var pipeline = Client.CreatePipelineAsync(
new CreatePipelineRequest
{
Name = pipelineName,
InputBucket = inputBucket,
OutputBucket = outputBucket,
Notifications = new Notifications
{
Completed = string.Empty,
Error = string.Empty,
Progressing = string.Empty,
Warning = string.Empty
},
Role = role.Arn,
AwsKmsKeyArn = kmsKeyArn
}).Result.Pipeline;
Assert.IsNotNull(pipeline);
Assert.AreEqual(pipeline.Name, pipelineName);
UtilityMethods.Sleep(System.TimeSpan.FromSeconds(5));
// List Pipelines
var pipelines = Client.ListPipelinesAsync().Result.Pipelines;
Assert.IsTrue(pipelines.Count > 0);
pipelines.Contains(pipeline);
// Get Pipeline
var readPipelineResult = Client.ReadPipelineAsync(
new ReadPipelineRequest()
{
Id = pipeline.Id
}).Result;
Assert.AreEqual(readPipelineResult.Pipeline.Id, pipeline.Id);
// Update pipeline
Client.UpdatePipelineStatusAsync(
new UpdatePipelineStatusRequest
{
Id = pipeline.Id,
Status = "Paused"
}).Wait();
// Get pipeline
readPipelineResult = Client.ReadPipelineAsync(
new ReadPipelineRequest {
Id = pipeline.Id
}).Result;
Assert.AreEqual("Paused".ToLower(), readPipelineResult.Pipeline.Status.ToLower());
// List jobs
var jobs = Client.ListJobsByPipelineAsync(
new ListJobsByPipelineRequest
{
PipelineId = pipeline.Id,
Ascending = "true"
}).Result.Jobs;
// Remove pipeline
Client.DeletePipelineAsync(
new DeletePipelineRequest {
Id = pipeline.Id
}).Wait();
AssertExtensions.ExpectExceptionAsync <Amazon.ElasticTranscoder.Model.ResourceNotFoundException>(Client.ReadPipelineAsync(
new ReadPipelineRequest()
{
Id = pipeline.Id
})).Wait();
}
finally
{
s3Client.DeleteBucketAsync(new DeleteBucketRequest {
BucketName = inputBucket
}).Wait();
s3Client.DeleteBucketAsync(new DeleteBucketRequest {
BucketName = outputBucket
}).Wait();
iamClient.DeleteRolePolicyAsync(new DeleteRolePolicyRequest
{
RoleName = roleName,
PolicyName = policyName
}).Wait();
iamClient.DeleteRoleAsync(new DeleteRoleRequest
{
RoleName = roleName
}).Wait();
}
}
public static string CreateRole(IAmazonIdentityManagementService iamClient, string roleName, string assuleRolePolicy, params string[] managedPolicies)
{
if (managedPolicies != null && managedPolicies.Length > 0)
{
for (int i = 0; i < managedPolicies.Length; i++)
{
managedPolicies[i] = ExpandManagedPolicyName(iamClient, managedPolicies[i]);
}
}
string roleArn;
try
{
CreateRoleRequest request = new CreateRoleRequest
{
RoleName = roleName,
AssumeRolePolicyDocument = assuleRolePolicy
};
var response = iamClient.CreateRoleAsync(request).Result;
roleArn = response.Role.Arn;
}
catch (Exception e)
{
throw new ToolsException($"Error creating IAM Role: {e.Message}", ToolsException.CommonErrorCode.IAMCreateRole, e);
}
if (managedPolicies != null && managedPolicies.Length > 0)
{
try
{
foreach (var managedPolicy in managedPolicies)
{
var request = new AttachRolePolicyRequest
{
RoleName = roleName,
PolicyArn = managedPolicy
};
iamClient.AttachRolePolicyAsync(request).Wait();
}
}
catch (Exception e)
{
throw new ToolsException($"Error assigning managed IAM Policy: {e.Message}", ToolsException.CommonErrorCode.IAMAttachRole, e);
}
}
bool found = false;
do
{
// There is no way check if the role has propagated yet so to
// avoid error during deployment creation do a generous sleep.
Console.WriteLine("Waiting for new IAM Role to propagate to AWS regions");
long start = DateTime.Now.Ticks;
while (TimeSpan.FromTicks(DateTime.Now.Ticks - start).TotalSeconds < SLEEP_TIME_FOR_ROLE_PROPOGATION.TotalSeconds)
{
Thread.Sleep(TimeSpan.FromSeconds(1));
Console.Write(".");
Console.Out.Flush();
}
Console.WriteLine("\t Done");
try
{
var getResponse = iamClient.GetRoleAsync(new GetRoleRequest {
RoleName = roleName
}).Result;
if (getResponse.Role != null)
{
found = true;
}
}
catch (NoSuchEntityException)
{
}
catch (Exception e)
{
throw new ToolsException("Error confirming new role was created: " + e.Message, ToolsException.CommonErrorCode.IAMGetRole, e);
}
} while (!found);
return(roleArn);
}
public void OneTimeSetUp()
{
// Create S3 Bucket
BucketName = "sdk-dotnet-integ-test-bucket-firehose" + DateTime.Now.Ticks;
s3Client.PutBucketAsync(BucketName).Wait();
// Create IAM Role
RoleName = "NetFirehoseTestRole" + DateTime.Now.Ticks;
if (string.IsNullOrEmpty(TestAccountId))
{
Assert.Fail("TestAccountId must be specified to run these tests");
}
var iamCreateResponse = iamClient.CreateRoleAsync(new CreateRoleRequest
{
RoleName = RoleName,
AssumeRolePolicyDocument = string.Format(FirehoseAssumeRolePolicyDocumentFormat, TestAccountId)
}).Result;
string roleArn = iamCreateResponse.Role.Arn;
Assert.IsNotNull(roleArn);
// Attach Policy to Role
PolicyName = "NetFirehoseTestRolePolicy" + DateTime.Now.Ticks;
iamClient.PutRolePolicyAsync(new PutRolePolicyRequest()
{
PolicyDocument = string.Format(RolePolicyDocumentFormat, BucketName),
PolicyName = PolicyName,
RoleName = RoleName
}).Wait();
// Wait for eventual consistency of role.
UtilityMethods.Sleep(TimeSpan.FromSeconds(10));
// Create Firehose Delivery Stream
string bucketArn = "arn:aws:s3:::" + BucketName;
DeliveryStreamName = "dotnet-test-delivery-stream" + DateTime.Now.Ticks;
string deliveryStreamArn = Client.CreateDeliveryStreamAsync(new CreateDeliveryStreamRequest()
{
DeliveryStreamName = DeliveryStreamName,
S3DestinationConfiguration = new S3DestinationConfiguration()
{
BucketARN = bucketArn,
RoleARN = roleArn
}
}).Result.DeliveryStreamARN;
if (string.IsNullOrEmpty(deliveryStreamArn))
{
Assert.Fail("Expected a deliveryStreamArn value");
}
// Wait for Delivery Stream to be active
DeliveryStreamStatus streamStatus = DeliveryStreamStatus.CREATING;
var timeout = DateTime.Now.AddSeconds(120);
while (streamStatus != DeliveryStreamStatus.ACTIVE && DateTime.Now.Ticks < timeout.Ticks)
{
streamStatus = Client.DescribeDeliveryStreamAsync(new DescribeDeliveryStreamRequest()
{
DeliveryStreamName = DeliveryStreamName
}).Result.DeliveryStreamDescription.DeliveryStreamStatus;
Assert.AreNotEqual(streamStatus, DeliveryStreamStatus.DELETING);
UtilityMethods.Sleep(TimeSpan.FromSeconds(2));
}
Assert.AreNotEqual(streamStatus, DeliveryStreamStatus.CREATING, "Did not exit CREATING state within time limit.");
}
