public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { GetGroupPolicyResponse response = new GetGroupPolicyResponse(); context.Read(); int targetDepth = context.CurrentDepth; while (context.ReadAtDepth(targetDepth)) { if (context.IsStartElement) { if (context.TestExpression("GetGroupPolicyResult", 2)) { UnmarshallResult(context, response); continue; } if (context.TestExpression("ResponseMetadata", 2)) { response.ResponseMetadata = ResponseMetadataUnmarshaller.Instance.Unmarshall(context); } } } return(response); }
private static void UnmarshallResult(XmlUnmarshallerContext context, GetGroupPolicyResponse response) { int originalDepth = context.CurrentDepth; int targetDepth = originalDepth + 1; if (context.IsStartOfDocument) { targetDepth += 2; } while (context.Read()) { if (context.IsStartElement || context.IsAttribute) { if (context.TestExpression("GroupName", targetDepth)) { response.GroupName = StringUnmarshaller.GetInstance().Unmarshall(context); continue; } if (context.TestExpression("PolicyName", targetDepth)) { response.PolicyName = StringUnmarshaller.GetInstance().Unmarshall(context); continue; } if (context.TestExpression("PolicyDocument", targetDepth)) { response.PolicyDocument = StringUnmarshaller.GetInstance().Unmarshall(context); continue; } } else if (context.IsEndElement && context.CurrentDepth < originalDepth) { return; } } return; }
public void TestPutGetGroupPolicy() { string groupname = "sdk-testgroup-" + DateTime.Now.Ticks; string policyName = "strong-password"; try { Client.CreateGroup(new CreateGroupRequest() { GroupName = groupname, Path = IAMUtil.TEST_PATH }); Client.PutGroupPolicy( new PutGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName, PolicyDocument = TEST_ALLOW_POLICY }); GetGroupPolicyResponse response = Client.GetGroupPolicy(new GetGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName }); Assert.AreEqual(groupname, response.GroupName); Assert.AreEqual(policyName, response.PolicyName); Assert.AreEqual(TEST_ALLOW_POLICY, HttpUtility.UrlDecode(response.PolicyDocument)); } finally { Client.DeleteGroupPolicy(new DeleteGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName }); } }
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context) { GetGroupPolicyResponse response = new GetGroupPolicyResponse(); while (context.Read()) { if (context.IsStartElement) { if (context.TestExpression("GetGroupPolicyResult", 2)) { response.GetGroupPolicyResult = GetGroupPolicyResultUnmarshaller.GetInstance().Unmarshall(context); continue; } if (context.TestExpression("ResponseMetadata", 2)) { response.ResponseMetadata = ResponseMetadataUnmarshaller.GetInstance().Unmarshall(context); } } } return(response); }
public void TestPrincipalPolicies() { string groupname = "sdk-testgroup-" + DateTime.Now.Ticks; string policyName = "strong-password"; string policy = @"{ ""Version"": ""2012-10-17"", ""Statement"": [{ ""Effect"": ""Allow"", ""Action"": ""dynamodb:*"", ""Resource"": ""arn:aws:dynamodb:us-east-1:123456789012:table/${aws:username}"" }] }"; try { // create group var groupArn = Client.CreateGroup(new CreateGroupRequest() { GroupName = groupname, Path = IAMUtil.TEST_PATH }).Group.Arn; // attach policy Client.PutGroupPolicy( new PutGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName, PolicyDocument = policy }); // test group policy GetGroupPolicyResponse groupInfo = Client.GetGroupPolicy(new GetGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName }); Assert.AreEqual(groupname, groupInfo.GroupName); Assert.AreEqual(policyName, groupInfo.PolicyName); Assert.AreEqual(policy, HttpUtility.UrlDecode(groupInfo.PolicyDocument)); // get context keys var contextKeyNames = Client.GetContextKeysForPrincipalPolicy(new GetContextKeysForPrincipalPolicyRequest { PolicySourceArn = groupArn }).ContextKeyNames; Assert.IsNotNull(contextKeyNames); Assert.AreEqual(1, contextKeyNames.Count); Assert.IsTrue(contextKeyNames.Contains("aws:username")); // simulate policy var response = Client.SimulatePrincipalPolicy(new SimulatePrincipalPolicyRequest { PolicySourceArn = groupArn, ActionNames = new List <string> { "dynamodb:PutItem" }, ResourceArns = new List <string> { "arn:aws:dynamodb:us-east-1:123456789012:table/bob" }, ContextEntries = new List <ContextEntry> { new ContextEntry { ContextKeyName = "aws:username", ContextKeyType = ContextKeyTypeEnum.String, ContextKeyValues = new List <string> { "bob" } } } }); var results = response.EvaluationResults; Assert.IsNotNull(results); Assert.AreEqual(1, results.Count); var result = results.First(); Assert.AreEqual(PolicyEvaluationDecisionType.Allowed, result.EvalDecision); response = Client.SimulatePrincipalPolicy(new SimulatePrincipalPolicyRequest { PolicySourceArn = groupArn, ActionNames = new List <string> { "dynamodb:PutItem" }, ResourceArns = new List <string> { "arn:aws:dynamodb:us-east-1:123456789012:table/bob" }, ContextEntries = new List <ContextEntry> { new ContextEntry { ContextKeyName = "aws:username", ContextKeyType = ContextKeyTypeEnum.String, ContextKeyValues = new List <string> { "alice" } } } }); results = response.EvaluationResults; Assert.IsNotNull(results); Assert.AreEqual(1, results.Count); result = results.First(); Assert.AreEqual(PolicyEvaluationDecisionType.ImplicitDeny, result.EvalDecision); } finally { Client.DeleteGroupPolicy(new DeleteGroupPolicyRequest() { GroupName = groupname, PolicyName = policyName }); Client.DeleteGroup(new DeleteGroupRequest { GroupName = groupname }); } }