public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.IdentityManagement.Model.PutRolePolicyRequest(); if (cmdletContext.PolicyDocument != null) { request.PolicyDocument = cmdletContext.PolicyDocument; } if (cmdletContext.PolicyName != null) { request.PolicyName = cmdletContext.PolicyName; } if (cmdletContext.RoleName != null) { request.RoleName = cmdletContext.RoleName; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return(output); }
/// <summary> /// Initiates the asynchronous execution of the PutRolePolicy operation. /// <seealso cref="Amazon.IdentityManagement.IAmazonIdentityManagementService"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the PutRolePolicy operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public Task<PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.Instance; return InvokeAsync<PutRolePolicyRequest,PutRolePolicyResponse>(request, marshaller, unmarshaller, cancellationToken); }
internal PutRolePolicyResponse PutRolePolicy(PutRolePolicyRequest request) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.Instance; return Invoke<PutRolePolicyRequest,PutRolePolicyResponse>(request, marshaller, unmarshaller); }
IAsyncResult invokePutRolePolicy(PutRolePolicyRequest putRolePolicyRequest, AsyncCallback callback, object state, bool synchronized) { IRequest irequest = new PutRolePolicyRequestMarshaller().Marshall(putRolePolicyRequest); var unmarshaller = PutRolePolicyResponseUnmarshaller.GetInstance(); AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller); Invoke(result); return result; }
/// <summary> /// <para>Adds (or updates) a policy document associated with the specified role. For information about policies, refer to Overview of Policies /// in <i>Using AWS Identity and Access Management</i> .</para> <para>For information about limits on the number of policies you can associate /// with a role, see Limitations on IAM Entities in <i>Using AWS Identity and Access Management</i> .</para> <para><b>NOTE:</b>Because policy /// documents can be large, you should use POST rather than GET when calling PutRolePolicy. For information about setting up signatures and /// authorization through the API, go to Signing AWS API Requests in the AWS General Reference. For general information about using the Query /// API with IAM, go to Making Query Requests in Using IAM.</para> /// </summary> /// /// <param name="putRolePolicyRequest">Container for the necessary parameters to execute the PutRolePolicy service method on /// AmazonIdentityManagementService.</param> /// /// <exception cref="MalformedPolicyDocumentException"/> /// <exception cref="NoSuchEntityException"/> /// <exception cref="LimitExceededException"/> public PutRolePolicyResponse PutRolePolicy(PutRolePolicyRequest putRolePolicyRequest) { IAsyncResult asyncResult = invokePutRolePolicy(putRolePolicyRequest, null, null, true); return EndPutRolePolicy(asyncResult); }
/// <summary> /// Initiates the asynchronous execution of the PutRolePolicy operation. /// <seealso cref="Amazon.IdentityManagement.AmazonIdentityManagementService.PutRolePolicy"/> /// </summary> /// /// <param name="putRolePolicyRequest">Container for the necessary parameters to execute the PutRolePolicy operation on /// AmazonIdentityManagementService.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public IAsyncResult BeginPutRolePolicy(PutRolePolicyRequest putRolePolicyRequest, AsyncCallback callback, object state) { return invokePutRolePolicy(putRolePolicyRequest, callback, state, false); }
/// <summary> /// Initiates the asynchronous execution of the PutRolePolicy operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the PutRolePolicy operation on AmazonIdentityManagementServiceClient.</param> /// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param> /// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> /// /// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndPutRolePolicy /// operation.</returns> public IAsyncResult BeginPutRolePolicy(PutRolePolicyRequest request, AsyncCallback callback, object state) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.Instance; return BeginInvoke<PutRolePolicyRequest>(request, marshaller, unmarshaller, callback, state); }
/// <summary> /// Initiates the asynchronous execution of the PutRolePolicy operation. /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the PutRolePolicy operation on AmazonIdentityManagementServiceClient.</param> /// <param name="callback">An Action delegate that is invoked when the operation completes.</param> /// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback /// procedure using the AsyncState property.</param> public void PutRolePolicyAsync(PutRolePolicyRequest request, AmazonServiceCallback<PutRolePolicyRequest, PutRolePolicyResponse> callback, AsyncOptions options = null) { options = options == null?new AsyncOptions():options; var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.Instance; Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null; if(callback !=null ) callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => { AmazonServiceResult<PutRolePolicyRequest,PutRolePolicyResponse> responseObject = new AmazonServiceResult<PutRolePolicyRequest,PutRolePolicyResponse>((PutRolePolicyRequest)req, (PutRolePolicyResponse)res, ex , ao.State); callback(responseObject); }; BeginInvoke<PutRolePolicyRequest>(request, marshaller, unmarshaller, options, callbackHelper); }
/// <summary> /// Initiates the asynchronous execution of the PutRolePolicy operation. /// <seealso cref="Amazon.IdentityManagement.IAmazonIdentityManagementService.PutRolePolicy"/> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the PutRolePolicy operation.</param> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> /// <returns>The task object representing the asynchronous operation.</returns> public async Task<PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest request, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.GetInstance(); var response = await Invoke<IRequest, PutRolePolicyRequest, PutRolePolicyResponse>(request, marshaller, unmarshaller, signer, cancellationToken) .ConfigureAwait(continueOnCapturedContext: false); return response; }
/// <summary> /// <para>Adds (or updates) a policy document associated with the specified role. For information about policies, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html">Overview of Policies</a> in <i>Using AWS Identity /// and Access Management</i> .</para> <para>For information about limits on the policies you can associate with a role, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in <i>Using /// AWS Identity and Access Management</i> .</para> <para><b>NOTE:</b>Because policy documents can be large, you should use POST rather than GET /// when calling PutRolePolicy. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in /// the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in Using IAM.</para> /// </summary> /// /// <param name="request">Container for the necessary parameters to execute the PutRolePolicy service method on /// AmazonIdentityManagementService.</param> /// /// <exception cref="T:Amazon.IdentityManagement.Model.MalformedPolicyDocumentException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.NoSuchEntityException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.LimitExceededException" /> public PutRolePolicyResponse PutRolePolicy(PutRolePolicyRequest request) { var task = PutRolePolicyAsync(request); try { return task.Result; } catch(AggregateException e) { throw e.InnerException; } }
private Amazon.IdentityManagement.Model.PutRolePolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.PutRolePolicyRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "PutRolePolicy"); try { #if DESKTOP return(client.PutRolePolicy(request)); #elif CORECLR return(client.PutRolePolicyAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
/// <summary> /// <para>Adds (or updates) a policy document associated with the specified role. For information about policies, go to <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?PoliciesOverview.html">Overview of Policies</a> in <i>Using AWS Identity /// and Access Management</i> .</para> <para>For information about limits on the policies you can associate with a role, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/index.html?LimitationsOnEntities.html">Limitations on IAM Entities</a> in <i>Using /// AWS Identity and Access Management</i> .</para> <para><b>NOTE:</b>Because policy documents can be large, you should use POST rather than GET /// when calling PutRolePolicy. For information about setting up signatures and authorization through the API, go to Signing AWS API Requests in /// the AWS General Reference. For general information about using the Query API with IAM, go to Making Query Requests in Using IAM.</para> /// </summary> /// /// <param name="putRolePolicyRequest">Container for the necessary parameters to execute the PutRolePolicy service method on /// AmazonIdentityManagementService.</param> /// /// <exception cref="T:Amazon.IdentityManagement.Model.MalformedPolicyDocumentException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.NoSuchEntityException" /> /// <exception cref="T:Amazon.IdentityManagement.Model.LimitExceededException" /> /// <param name="cancellationToken"> /// A cancellation token that can be used by other objects or threads to receive notice of cancellation. /// </param> public Task<PutRolePolicyResponse> PutRolePolicyAsync(PutRolePolicyRequest putRolePolicyRequest, CancellationToken cancellationToken = default(CancellationToken)) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.GetInstance(); return Invoke<IRequest, PutRolePolicyRequest, PutRolePolicyResponse>(putRolePolicyRequest, marshaller, unmarshaller, signer, cancellationToken); }
internal PutRolePolicyResponse PutRolePolicy(PutRolePolicyRequest request) { var task = PutRolePolicyAsync(request); try { return task.Result; } catch(AggregateException e) { ExceptionDispatchInfo.Capture(e.InnerException).Throw(); return null; } }
public virtual string PrepMode_CreateRole(AmazonIdentityManagementServiceClient iamClient, string roleName, string policyText, string trustRelationshipText) { var roleArn = String.Empty; // Use the CreateRoleRequest object to define the role. The AssumeRolePolicyDocument property should be // set to the value of the trustRelationshipText parameter. var createRoleRequest = new CreateRoleRequest { AssumeRolePolicyDocument = trustRelationshipText, RoleName = roleName }; roleArn = iamClient.CreateRole(createRoleRequest).Role.Arn; // Use the PutRolePolicyRequest object to define the request. Select whatever policy name you would like. // The PolicyDocument property is there the policy is described. var putRolePolicyRequest = new PutRolePolicyRequest { RoleName = roleName, PolicyName = String.Format("{0}_policy", roleName), PolicyDocument = policyText }; iamClient.PutRolePolicy(putRolePolicyRequest); return roleArn; }
IAsyncResult invokePutRolePolicy(PutRolePolicyRequest request, AsyncCallback callback, object state, bool synchronized) { var marshaller = new PutRolePolicyRequestMarshaller(); var unmarshaller = PutRolePolicyResponseUnmarshaller.Instance; return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer); }
public static void Test(string identityProvider) { // Login with credentials to create the role // credentials are defined in app.config var iamClient = new AmazonIdentityManagementServiceClient(); string providerURL = null, providerAppIdName = null, providerUserIdName = null, providerAppId = null; switch (identityProvider) { case "Facebook": providerURL = "graph.facebook.com"; providerAppIdName = "app_id"; providerUserIdName = "id"; break; case "Google": providerURL = "accounts.google.com"; providerAppIdName = "aud"; providerUserIdName = "sub"; break; case "Amazon": providerURL = "www.amazon.com"; providerAppIdName = "app_id"; providerUserIdName = "user_id"; break; } //identity provider specific AppId is loaded from app.config (e.g) // FacebookProviderAppId. GoogleProviderAppId, AmazonProviderAppId providerAppId = ConfigurationManager.AppSettings[identityProvider + "ProviderAppId"]; // Since the string is passed to String.Format, '{' & '}' has to be escaped. // Policy document specifies who can invoke AssumeRoleWithWebIdentity string trustPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"": ""Allow"", ""Principal"": {{ ""Federated"": ""{1}"" }}, ""Action"": ""sts:AssumeRoleWithWebIdentity"", ""Condition"": {{ ""StringEquals"": {{""{1}:{2}"": ""{3}""}} }} }} ] }}"; // Defines what permissions to grant when AssumeRoleWithWebIdentity is called string accessPolicyTemplate = @"{{ ""Version"": ""2012-10-17"", ""Statement"": [ {{ ""Effect"":""Allow"", ""Action"":[""s3:GetObject"", ""s3:PutObject"", ""s3:DeleteObject""], ""Resource"": [ ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}"", ""arn:aws:s3:::federationtestbucket/{0}/${{{1}:{4}}}/*"" ] }} ] }}"; // Create Trust policy CreateRoleRequest createRoleRequest = new CreateRoleRequest { RoleName = "federationtestrole", AssumeRolePolicyDocument = string.Format(trustPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId) }; Console.WriteLine("\nTrust Policy Document:\n{0}\n", createRoleRequest.AssumeRolePolicyDocument); CreateRoleResponse createRoleResponse = iamClient.CreateRole(createRoleRequest); // Create Access policy (Permissions) PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole", PolicyDocument = string.Format(accessPolicyTemplate, identityProvider, providerURL, providerAppIdName, providerAppId, providerUserIdName) }; Console.WriteLine("\nAccess Policy Document (Permissions):\n{0}\n", putRolePolicyRequest.PolicyDocument); PutRolePolicyResponse putRolePolicyResponse = iamClient.PutRolePolicy( putRolePolicyRequest); // Sleep for the policy to replicate System.Threading.Thread.Sleep(5000); AmazonS3Config config = new AmazonS3Config { ServiceURL = "s3.amazonaws.com", RegionEndpoint = Amazon.RegionEndpoint.USEast1 }; Federation federationTest = new Federation(); AssumeRoleWithWebIdentityResponse assumeRoleWithWebIdentityResponse = null; switch (identityProvider) { case "Facebook": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingFacebook( providerAppId, createRoleResponse.Role.Arn); break; case "Google": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingGoogle( providerAppId, createRoleResponse.Role.Arn); //Uncomment to perform two step process //assumeRoleWithWebIdentityResponse = // federationTest.GetTemporaryCredentialUsingGoogle( // providerAppId, // ConfigurationManager.AppSettings["GoogleProviderAppIdSecret"], // createRoleResponse.Role.Arn); break; case "Amazon": assumeRoleWithWebIdentityResponse = federationTest.GetTemporaryCredentialUsingAmazon( ConfigurationManager.AppSettings["AmazonProviderClientId"], createRoleResponse.Role.Arn); break; } S3Test s3Test = new S3Test(); s3Test.CreateS3Bucket("federationtestbucket", identityProvider + "/" + assumeRoleWithWebIdentityResponse.SubjectFromWebIdentityToken, assumeRoleWithWebIdentityResponse.Credentials, config); DeleteRolePolicyResponse deleteRolePolicyResponse = iamClient.DeleteRolePolicy(new DeleteRolePolicyRequest { PolicyName = "federationtestrole-rolepolicy", RoleName = "federationtestrole" }); DeleteRoleResponse deleteRoleResponse = iamClient.DeleteRole(new DeleteRoleRequest { RoleName = "federationtestrole" }); }