private void AssertSSOCredentialsAreEqual(SSOAWSCredentials expected, AWSCredentials actualAWSCredentials)
        {
            var actual = actualAWSCredentials as SSOAWSCredentials;

            Assert.IsNotNull(actual);

            Assert.AreEqual(expected.AccountId, actual.AccountId);
            Assert.AreEqual(expected.Region, actual.Region);
            Assert.AreEqual(expected.RoleName, actual.RoleName);
            Assert.AreEqual(expected.StartUrl, actual.StartUrl);
            Assert.AreEqual(expected.PreemptExpiryTime, actual.PreemptExpiryTime);

            Assert.AreEqual(expected.Options.ClientName, actual.Options.ClientName);
            Assert.AreEqual(expected.Options.SsoVerificationCallback, actual.Options.SsoVerificationCallback);
            Assert.AreEqual(expected.Options.ProxySettings, actual.Options.ProxySettings);
        }
Ejemplo n.º 2
0
        private static AWSCredentials GetAWSCredentials(string profileName, ICredentialProfileSource profileSource,
                                                        CredentialProfileOptions options, RegionEndpoint stsRegion, bool nonCallbackOnly)
        {
            var profileType = CredentialProfileTypeDetector.DetectProfileType(options);

            if (nonCallbackOnly && profileType.HasValue && IsCallbackRequired(profileType.Value))
            {
                if (profileType == CredentialProfileType.AssumeRoleExternalMFA ||
                    profileType == CredentialProfileType.AssumeRoleMFA)
                {
                    var mfaMessage = profileName == null
                        ? "The credential options represent AssumeRoleAWSCredentials that require an MFA.  This is not allowed here.  " +
                                     "Please use credential options for AssumeRoleAWSCredentials that don't require an MFA, or a different type of credentials."
                        : String.Format(CultureInfo.InvariantCulture,
                                        "The profile [{0}] is an assume role profile that requires an MFA.  This type of profile is not allowed here.  " +
                                        "Please use an assume role profile that doesn't require an MFA, or a different type of profile.", profileName);
                    throw new InvalidOperationException(mfaMessage);
                }
#if !BCL35
                else if (profileType == CredentialProfileType.SSO && !SSOAWSCredentials.HasCachedAccessTokenAvailable(options.SsoStartUrl))
                {
                    var ssoMessage = profileName == null
                        ? $"The credential options represent {nameof(SSOAWSCredentials)}.  This is not allowed here.  " +
                                     "Please use a different type of credentials."
                        : String.Format(CultureInfo.InvariantCulture,
                                        "The profile [{0}] is an SSO profile.  This type of profile is not allowed here.  " +
                                        "Please use a different type of profile.", profileName);
                    throw new InvalidOperationException(ssoMessage);
                }
#endif
                else if (profileType == CredentialProfileType.SAMLRoleUserIdentity)
                {
                    var samlMessage = profileName == null
                        ? "The credential options represent FederatedAWSCredentials that specify a user identity.  This is not allowed here.  " +
                                      "Please use credential options for FederatedAWSCredentials without an explicit user identity, or a different type of credentials."
                        : String.Format(CultureInfo.InvariantCulture,
                                        "The profile [{0}] is a SAML role profile that specifies a user identity.  This type of profile is not allowed here.  " +
                                        "Please use a SAML role profile without an explicit user identity, or a different type of profile.", profileName);
                    throw new InvalidOperationException(samlMessage);
                }
            }
            return(GetAWSCredentialsInternal(profileName, profileType, options, stsRegion, profileSource, true));
        }