/// <summary>
/// Return the credentials for the profile if valid credentials can created.
/// </summary>
/// <param name="options">The options to get AWSCredentials for.</param>
/// <param name="profileSource">The profile source, for profiles that reference other profiles.</param>
/// <param name="credentials">The credentials for the profile.</param>
/// <returns>True if credentials can be created from the profile, false otherwise.</returns>
public static bool TryGetAWSCredentials(CredentialProfileOptions options, ICredentialProfileSource profileSource, out AWSCredentials credentials)
{
var profileType = CredentialProfileTypeDetector.DetectProfileType(options);
credentials = GetAWSCredentialsInternal(null, profileType, options, null, profileSource, false);
return(credentials != null);
}
private static AWSCredentials GetAWSCredentials(string profileName, ICredentialProfileSource profileSource,
CredentialProfileOptions options, RegionEndpoint stsRegion, bool nonCallbackOnly)
{
var profileType = CredentialProfileTypeDetector.DetectProfileType(options);
if (nonCallbackOnly && profileType.HasValue && IsCallbackRequired(profileType.Value))
{
if (profileType == CredentialProfileType.AssumeRoleExternalMFA ||
profileType == CredentialProfileType.AssumeRoleMFA)
{
var mfaMessage = profileName == null
? "The credential options represent AssumeRoleAWSCredentials that require an MFA. This is not allowed here. " +
"Please use credential options for AssumeRoleAWSCredentials that don't require an MFA, or a different type of credentials."
: String.Format(CultureInfo.InvariantCulture,
"The profile [{0}] is an assume role profile that requires an MFA. This type of profile is not allowed here. " +
"Please use an assume role profile that doesn't require an MFA, or a different type of profile.", profileName);
throw new InvalidOperationException(mfaMessage);
}
#if BCL
else if (profileType == CredentialProfileType.SAMLRoleUserIdentity)
{
var samlMessage = profileName == null
? "The credential options represent FederatedAWSCredentials that specify a user identity. This is not allowed here. " +
"Please use credential options for FederatedAWSCredentials without an explicit user identity, or a different type of credentials."
: String.Format(CultureInfo.InvariantCulture,
"The profile [{0}] is a SAML role profile that specifies a user identity. This type of profile is not allowed here. " +
"Please use a SAML role profile without an explicit user identity, or a different type of profile.", profileName);
throw new InvalidOperationException(samlMessage);
}
#endif
}
return(GetAWSCredentialsInternal(profileName, profileType, options, stsRegion, profileSource, true));
}
public void TestReadCompatibilityBasic()
{
using (var tester = new NetSDKCredentialsFileTestFixture())
{
// write with old ProfileManager
ProfileManager.RegisterProfile("BasicProfile", "AccessKey", "SecretKey");
// read with new NetSDKCredentialsFile
CredentialProfile profile;
Assert.IsTrue(tester.ProfileStore.TryGetProfile("BasicProfile", out profile));
Assert.IsNotNull(profile);
Assert.AreEqual("BasicProfile", profile.Name);
Assert.AreEqual("AccessKey", profile.Options.AccessKey);
Assert.AreEqual("SecretKey", profile.Options.SecretKey);
Assert.AreEqual(CredentialProfileType.Basic, CredentialProfileTypeDetector.DetectProfileType(profile.Options).Value);
}
}
public void TestReadCompatibilitySAML()
{
using (var tester = new NetSDKCredentialsFileTestFixture())
{
// write with old ProfileManager
ProfileManager.RegisterSAMLEndpoint("EndpointName", new Uri("https://somesamlendpoint/"), null);
ProfileManager.RegisterSAMLRoleProfile("SAMLProfile", "EndpointName", "RoleArn", "UserIdentity");
// read with new NetSDKCredentialsFile
CredentialProfile profile;
Assert.IsTrue(tester.ProfileStore.TryGetProfile("SAMLProfile", out profile));
Assert.IsNotNull(profile);
Assert.AreEqual("SAMLProfile", profile.Name);
Assert.AreEqual("EndpointName", profile.Options.EndpointName);
Assert.AreEqual("RoleArn", profile.Options.RoleArn);
Assert.AreEqual("UserIdentity", profile.Options.UserIdentity);
Assert.AreEqual(CredentialProfileType.SAMLRoleUserIdentity, CredentialProfileTypeDetector.DetectProfileType(profile.Options).Value);
}
}
public void DetectProfileTypeSsoWithOtherProperties()
{
Assert.AreEqual(CredentialProfileType.SSO,
CredentialProfileTypeDetector.DetectProfileType(SsoWithOtherPropertiesProfileOptions));
}
public void DetectProfileTypeSsoIncomplete()
{
Assert.AreEqual(CredentialProfileType.SSO,
CredentialProfileTypeDetector.DetectProfileType(SsoIncompleteProfileOptions));
}
public void DetectProfileTypeBasic()
{
Assert.AreEqual(CredentialProfileType.Basic,
CredentialProfileTypeDetector.DetectProfileType(BasicProfileOptions));
}