/// <summary>
/// Gets a client to be used for AssumeRoleWithWebIdentity requests.
/// </summary>
/// <returns>The STS client.</returns>
protected virtual ICoreAmazonSTS_WebIdentity CreateClient()
{
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion) ? _defaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion);
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (_options?.ProxySettings != null)
{
stsConfig.SetWebProxy(_options.ProxySettings);
}
return(ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS_WebIdentity>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME, new AnonymousAWSCredentials(), region));
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.AssumeRoleAWSCredentials.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
}
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration)
{
CredentialsRefreshState state;
var configuredRegion = !string.IsNullOrEmpty(ProfileData.Region) ? ProfileData.Region : AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion)
? DefaultSTSClientRegion
: RegionEndpoint.GetBySystemName(configuredRegion);
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (_proxySettings != null)
{
stsConfig.SetWebProxy(_proxySettings);
}
coreSTSClient
= ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(ServiceClientHelpers.STS_ASSEMBLY_NAME,
ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(),
stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials
= coreSTSClient.CredentialsFromSAMLAuthentication(ProfileData.EndpointSettings.Endpoint.ToString(),
ProfileData.EndpointSettings.AuthenticationType,
ProfileData.RoleArn,
credentialDuration,
userCredential);
ProfileData.PersistSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(StoredProfileFederatedCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}
/// <summary>
/// Attempts to get a service client at runtime which cannot be made a project reference.
/// </summary>
private T CreateClient <T>(string serviceClassName, string serviceConfigName, string parentAssemblyName) where T : class
{
try
{
var serviceConfig = ServiceClientHelpers.CreateServiceConfig(
parentAssemblyName,
serviceConfigName);
serviceConfig.RegionEndpoint = RegionEndpoint.GetBySystemName(Region);
if (Options?.ProxySettings != null)
{
serviceConfig.SetWebProxy(Options.ProxySettings);
}
var serviceClient = ServiceClientHelpers.CreateServiceFromAssembly <T>(
parentAssemblyName,
serviceClassName,
new AnonymousAWSCredentials(), serviceConfig) as T;
return(serviceClient);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use {1}.",
parentAssemblyName,
GetType().AssemblyQualifiedName);
var exception = new InvalidOperationException(msg, e);
_logger.Error(exception, exception.Message);
throw exception;
}
}
protected override CredentialsRefreshState GenerateNewCredentials()
{
var configuredRegion = AWSConfigs.AWSRegion;
var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion);
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options != null && Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME, SourceCredentials, stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use Amazon.Runtime.AssumeRoleAWSCredentials.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
var exception = new InvalidOperationException(msg, e);
Logger.GetLogger(typeof(AssumeRoleAWSCredentials)).Error(exception, exception.Message);
throw exception;
}
var credentials = coreSTSClient.CredentialsFromAssumeRoleAuthentication(RoleArn, RoleSessionName, Options);
_logger.InfoFormat("New credentials created for assume role that expire at {0}", credentials.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture));
return(new CredentialsRefreshState(credentials, credentials.Expiration));
}
/// <summary>
/// Deletes the artifacts associated with an import task using the bucket name
/// and key prefix to the artifacts in Amazon S3. No check is performed to
/// determine whether the associated conversion task is in progress.
/// </summary>
/// <param name="region">
/// The region containing the bucket where the image file artifacts were stored
/// </param>
/// <param name="bucketName">The name of the bucket containing the artifacts</param>
/// <param name="keyPrefix">The common key prefix of the artifacts</param>
/// <param name="progressCallback">Optional progress callback</param>
/// <remarks>
/// An Amazon S3 client will be constructed using the specified region and
/// default profile credentials.
/// </remarks>
public static void DeleteImageArtifacts(RegionEndpoint region,
string bucketName,
string keyPrefix,
CleanupProgressCallback progressCallback)
{
DeleteImageArtifacts(ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonS3>(ServiceClientHelpers.S3_ASSEMBLY_NAME, ServiceClientHelpers.S3_SERVICE_CLASS_NAME, region), bucketName, keyPrefix, progressCallback);
}
/// <summary>
/// Deletes the artifacts associated with an import task using a presigned
/// url to address the manifest for the import. No check is performed to
/// determine whether the associated conversion task is in progress.
/// </summary>
/// <param name="awsCredentials">
/// Credentials to use to instantiate the Amazon EC2 and Amazon S3 clients needed to
/// complete the operation.
/// </param>
/// <param name="region">
/// The region containing the bucket where the image file artifacts were stored
/// </param>
/// <param name="manifestUrl">
/// Presigned URL to the import manifest file
/// </param>
/// <param name="progressCallback">Optional progress callback</param>
public static void DeleteImageArtifacts(AWSCredentials awsCredentials,
RegionEndpoint region,
string manifestUrl,
CleanupProgressCallback progressCallback)
{
DeleteImageArtifacts(ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonS3>(ServiceClientHelpers.S3_ASSEMBLY_NAME, ServiceClientHelpers.S3_SERVICE_CLASS_NAME, awsCredentials, region),
manifestUrl,
progressCallback);
}
internal ICoreAmazonS3 GetClient(RegionEndpoint region)
{
ICoreAmazonS3 output;
if (!this.clientsByRegion.TryGetValue(region.SystemName, out output))
{
output = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonS3>(ServiceClientHelpers.S3_ASSEMBLY_NAME, ServiceClientHelpers.S3_SERVICE_CLASS_NAME, this.ddbClient);
this.clientsByRegion.Add(region.SystemName, output);
}
return(output);
}
/// <summary>
/// Deletes the image file artifacts associated with the specified conversion task.
/// If the task is still active, ignoreActiveTask must be set true to enable artifact
/// deletion, which will cause the task to fail. Use this option at your own risk.
/// </summary>
/// <param name="region">
/// The region containing the bucket where the image file artifacts were stored
/// </param>
/// <param name="conversionTaskId">
/// The ID of the conversion task that used the image file
/// </param>
/// <param name="ignoreActiveTask">
/// If true the artifacts are deleted even if the conversion task is still in progress
/// </param>
/// <param name="progressCallback">Optional progress callback</param>
/// <remarks>
/// Amazon EC2 and S3 clients will be constructed using the specified region and
/// default credentials.
/// </remarks>
public static void DeleteImageArtifacts(RegionEndpoint region,
string conversionTaskId,
bool ignoreActiveTask,
CleanupProgressCallback progressCallback)
{
DeleteImageArtifacts(new AmazonEC2Client(region),
ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonS3>(ServiceClientHelpers.S3_ASSEMBLY_NAME, ServiceClientHelpers.S3_SERVICE_CLASS_NAME, region),
conversionTaskId,
ignoreActiveTask,
progressCallback);
}
private CredentialsRefreshState Authenticate(ICredentials userCredential)
{
CredentialsRefreshState state;
var region = Options.STSRegion;
if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
{
region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
}
else
{
region = DefaultSTSClientRegion;
}
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(), stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
var samlCoreSTSClient
#if NETSTANDARD
= coreSTSClient as ICoreAmazonSTS_SAML;
if (coreSTSClient == null)
{
throw new NotImplementedException("The currently loaded version of AWSSDK.SecurityToken doesn't support SAML authentication.");
}
private static ICoreAmazonKMS CreateFromExistingClient(AmazonServiceClient existingClient, string feature)
{
ICoreAmazonKMS coreKMSClient = null;
try
{
coreKMSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonKMS>(
ServiceClientHelpers.KMS_ASSEMBLY_NAME, ServiceClientHelpers.KMS_SERVICE_CLASS_NAME,
existingClient);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Error instantiating {0} from assembly {1}. " +
"The assembly and class must be available at runtime in order to use {2}.",
ServiceClientHelpers.KMS_SERVICE_CLASS_NAME, ServiceClientHelpers.KMS_ASSEMBLY_NAME, feature);
throw new InvalidOperationException(msg, e);
}
return(coreKMSClient);
}
private CredentialsRefreshState Authenticate(ICredentials userCredential)
{
CredentialsRefreshState state;
var region = Options.STSRegion;
if (region == null && !string.IsNullOrEmpty(AWSConfigs.AWSRegion))
{
region = RegionEndpoint.GetBySystemName(AWSConfigs.AWSRegion);
}
else
{
region = DefaultSTSClientRegion;
}
ICoreAmazonSTS coreSTSClient = null;
try
{
var stsConfig = ServiceClientHelpers.CreateServiceConfig(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
stsConfig.RegionEndpoint = region;
if (Options.ProxySettings != null)
{
stsConfig.SetWebProxy(Options.ProxySettings);
}
coreSTSClient = ServiceClientHelpers.CreateServiceFromAssembly <ICoreAmazonSTS>(
ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CLASS_NAME,
new AnonymousAWSCredentials(), stsConfig);
}
catch (Exception e)
{
var msg = string.Format(CultureInfo.CurrentCulture,
"Assembly {0} could not be found or loaded. This assembly must be available at runtime to use this profile class.",
ServiceClientHelpers.STS_ASSEMBLY_NAME);
throw new InvalidOperationException(msg, e);
}
try
{
var credentials = coreSTSClient.CredentialsFromSAMLAuthentication(SAMLEndpoint.EndpointUri.ToString(),
SAMLEndpoint.AuthenticationType.ToString(), RoleArn, MaximumCredentialTimespan, userCredential);
RegisterRoleSession(credentials);
state = new CredentialsRefreshState(credentials, credentials.Expires);
}
catch (Exception e)
{
var wrappedException = new AmazonClientException("Credential generation from SAML authentication failed.", e);
var logger = Logger.GetLogger(typeof(FederatedAWSCredentials));
logger.Error(wrappedException, wrappedException.Message);
throw wrappedException;
}
return(state);
}