Esempio n. 1
0
        private Amazon.SecurityToken.Model.Credentials GetStsCredentials(AssumeRoleWithWebIdentityRequest assumeRequest)
        {
            var ars = new AutoResetEvent(false);

            Amazon.SecurityToken.Model.Credentials credentials = null;
            Exception exception = null;

            sts.AssumeRoleWithWebIdentityAsync(assumeRequest, (assumeResult) =>
            {
                if (assumeResult.Exception != null)
                {
                    exception = assumeResult.Exception;
                }
                else
                {
                    credentials = assumeResult.Response.Credentials;
                }

                ars.Set();
            });
            ars.WaitOne();

            if (exception != null)
            {
                throw exception;
            }

            return(credentials);
        }
Esempio n. 2
0
        protected override CredentialsRefreshState GenerateNewCredentials()
        {
            var configuredRegion = AWSConfigs.AWSRegion;
            var region           = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion);

            Amazon.SecurityToken.Model.Credentials cc = null;
            try
            {
                var stsConfig = ServiceClientHelpers.CreateServiceConfig(ServiceClientHelpers.STS_ASSEMBLY_NAME, ServiceClientHelpers.STS_SERVICE_CONFIG_NAME);
                stsConfig.RegionEndpoint = region;

                var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials());

                OidcToken oidcToken = SourceCredentials.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience(TargetAudience).WithTokenFormat(OidcTokenFormat.Standard)).Result;

                TargetAssumeRoleRequest.WebIdentityToken = oidcToken.GetAccessTokenAsync().Result;

                AssumeRoleWithWebIdentityResponse sessionTokenResponse = stsClient.AssumeRoleWithWebIdentityAsync(TargetAssumeRoleRequest).Result;

                cc = sessionTokenResponse.Credentials;
                _logger.InfoFormat("New credentials created for assume role that expire at {0}", cc.Expiration.ToString("yyyy-MM-ddTHH:mm:ss.fffffffK", CultureInfo.InvariantCulture));
                return(new CredentialsRefreshState(new ImmutableCredentials(cc.AccessKeyId, cc.SecretAccessKey, cc.SessionToken), cc.Expiration));
            }
            catch (Exception e)
            {
                var msg       = "Error exchanging Google OIDC token for AWS STS ";
                var exception = new InvalidOperationException(msg, e);
                Logger.GetLogger(typeof(GoogleCompatCredentials)).Error(exception, exception.Message);
                throw exception;
            }
        }
Esempio n. 3
0
        public void CreateS3Bucket(string bucketName, string key, Credentials credentials, AmazonS3Config config)
        {
            var s3Client = new AmazonS3Client(credentials.AccessKeyId, credentials.SecretAccessKey, credentials.SessionToken, config);

            string content = "Hello World2!";

            // Put an object in the user's "folder".
            s3Client.PutObject(new PutObjectRequest
            {
                BucketName = bucketName,
                Key = key,
                ContentBody = content
            });

            Console.WriteLine("Updated key={0} with content={1}", key, content);
        }
        private CredentialsRefreshState GetCredentialsForRole(string roleArn)
        {
            string text = GetIdentityId(RefreshIdentityOptions.Refresh);
            GetOpenIdTokenRequest getOpenIdTokenRequest = new GetOpenIdTokenRequest
            {
                IdentityId = text
            };

            if (Logins.Count > 0)
            {
                getOpenIdTokenRequest.Logins = Logins;
            }
            bool flag = false;
            GetOpenIdTokenResponse getOpenIdTokenResponse = null;

            try
            {
                getOpenIdTokenResponse = GetOpenId(getOpenIdTokenRequest);
            }
            catch (AmazonCognitoIdentityException e)
            {
                if (!ShouldRetry(e))
                {
                    throw;
                }
                flag = true;
            }
            if (flag)
            {
                return(GetCredentialsForRole(roleArn));
            }
            string token = getOpenIdTokenResponse.Token;

            UpdateIdentity(getOpenIdTokenResponse.IdentityId);
            AssumeRoleWithWebIdentityRequest assumeRequest = new AssumeRoleWithWebIdentityRequest
            {
                WebIdentityToken = token,
                RoleArn          = roleArn,
                RoleSessionName  = "NetProviderSession",
                DurationSeconds  = DefaultDurationSeconds
            };

            Amazon.SecurityToken.Model.Credentials stsCredentials = GetStsCredentials(assumeRequest);
            return(new CredentialsRefreshState(stsCredentials.GetCredentials(), stsCredentials.Expiration));
        }
 public GetFederationTokenResult WithCredentials(Credentials credentials)
 {
     this.credentials = credentials;
     return this;
 }
 public AssumeRoleWithWebIdentityResult WithCredentials(Credentials credentials)
 {
     this.credentials = credentials;
     return this;
 }
        public virtual AmazonS3Client AppMode_CreateS3Client(Credentials credentials, RegionEndpoint regionEndpoint)
        {
            AmazonS3Client s3Client;
            var sessionCredentials = new SessionAWSCredentials(
                credentials.AccessKeyId,
                credentials.SecretAccessKey,
                credentials.SessionToken);

            s3Client = new AmazonS3Client(sessionCredentials, regionEndpoint);

            return s3Client;
        }
 public AssumeRoleWithWebIdentityResult WithCredentials(Credentials credentials)
 {
     this.credentials = credentials;
     return(this);
 }
 public GetSessionTokenResult WithCredentials(Credentials credentials)
 {
     this.credentials = credentials;
     return(this);
 }
Esempio n. 10
0
 /// <summary>
 ///     Create session/temporary credentials using the provided credentials (previously returned from the AssumeRole
 ///     method), and use the session credentials to create an S3 client object.
 /// </summary>
 /// <param name="credentials">The credentials to use for creating session credentials.</param>
 /// <param name="regionEndpoint">The region endpoint to use for the client.</param>
 /// <returns>The S3 client object.</returns>
 public override AmazonS3Client AppMode_CreateS3Client(Credentials credentials, RegionEndpoint regionEndpoint)
 {
     //TODO: Replace this call to the base class with your own method implementation.
     return base.AppMode_CreateS3Client(credentials, regionEndpoint);
 }