public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
GetGroupPolicyResponse response = new GetGroupPolicyResponse();
context.Read();
int targetDepth = context.CurrentDepth;
while (context.ReadAtDepth(targetDepth))
{
if (context.IsStartElement)
{
if (context.TestExpression("GetGroupPolicyResult", 2))
{
UnmarshallResult(context, response);
continue;
}
if (context.TestExpression("ResponseMetadata", 2))
{
response.ResponseMetadata = ResponseMetadataUnmarshaller.Instance.Unmarshall(context);
}
}
}
return(response);
}
private static void UnmarshallResult(XmlUnmarshallerContext context, GetGroupPolicyResponse response)
{
int originalDepth = context.CurrentDepth;
int targetDepth = originalDepth + 1;
if (context.IsStartOfDocument)
{
targetDepth += 2;
}
while (context.Read())
{
if (context.IsStartElement || context.IsAttribute)
{
if (context.TestExpression("GroupName", targetDepth))
{
response.GroupName = StringUnmarshaller.GetInstance().Unmarshall(context);
continue;
}
if (context.TestExpression("PolicyName", targetDepth))
{
response.PolicyName = StringUnmarshaller.GetInstance().Unmarshall(context);
continue;
}
if (context.TestExpression("PolicyDocument", targetDepth))
{
response.PolicyDocument = StringUnmarshaller.GetInstance().Unmarshall(context);
continue;
}
}
else if (context.IsEndElement && context.CurrentDepth < originalDepth)
{
return;
}
}
return;
}
public void TestPutGetGroupPolicy()
{
string groupname = "sdk-testgroup-" + DateTime.Now.Ticks;
string policyName = "strong-password";
try
{
Client.CreateGroup(new CreateGroupRequest()
{
GroupName = groupname, Path = IAMUtil.TEST_PATH
});
Client.PutGroupPolicy(
new PutGroupPolicyRequest()
{
GroupName = groupname,
PolicyName = policyName,
PolicyDocument = TEST_ALLOW_POLICY
});
GetGroupPolicyResponse response =
Client.GetGroupPolicy(new GetGroupPolicyRequest()
{
GroupName = groupname, PolicyName = policyName
});
Assert.AreEqual(groupname, response.GroupName);
Assert.AreEqual(policyName, response.PolicyName);
Assert.AreEqual(TEST_ALLOW_POLICY, HttpUtility.UrlDecode(response.PolicyDocument));
}
finally
{
Client.DeleteGroupPolicy(new DeleteGroupPolicyRequest()
{
GroupName = groupname, PolicyName = policyName
});
}
}
public override AmazonWebServiceResponse Unmarshall(XmlUnmarshallerContext context)
{
GetGroupPolicyResponse response = new GetGroupPolicyResponse();
while (context.Read())
{
if (context.IsStartElement)
{
if (context.TestExpression("GetGroupPolicyResult", 2))
{
response.GetGroupPolicyResult = GetGroupPolicyResultUnmarshaller.GetInstance().Unmarshall(context);
continue;
}
if (context.TestExpression("ResponseMetadata", 2))
{
response.ResponseMetadata = ResponseMetadataUnmarshaller.GetInstance().Unmarshall(context);
}
}
}
return(response);
}
public void TestPrincipalPolicies()
{
string groupname = "sdk-testgroup-" + DateTime.Now.Ticks;
string policyName = "strong-password";
string policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [{
""Effect"": ""Allow"",
""Action"": ""dynamodb:*"",
""Resource"": ""arn:aws:dynamodb:us-east-1:123456789012:table/${aws:username}""
}]
}";
try
{
// create group
var groupArn = Client.CreateGroup(new CreateGroupRequest()
{
GroupName = groupname, Path = IAMUtil.TEST_PATH
}).Group.Arn;
// attach policy
Client.PutGroupPolicy(
new PutGroupPolicyRequest()
{
GroupName = groupname,
PolicyName = policyName,
PolicyDocument = policy
});
// test group policy
GetGroupPolicyResponse groupInfo =
Client.GetGroupPolicy(new GetGroupPolicyRequest()
{
GroupName = groupname, PolicyName = policyName
});
Assert.AreEqual(groupname, groupInfo.GroupName);
Assert.AreEqual(policyName, groupInfo.PolicyName);
Assert.AreEqual(policy, HttpUtility.UrlDecode(groupInfo.PolicyDocument));
// get context keys
var contextKeyNames = Client.GetContextKeysForPrincipalPolicy(new GetContextKeysForPrincipalPolicyRequest
{
PolicySourceArn = groupArn
}).ContextKeyNames;
Assert.IsNotNull(contextKeyNames);
Assert.AreEqual(1, contextKeyNames.Count);
Assert.IsTrue(contextKeyNames.Contains("aws:username"));
// simulate policy
var response = Client.SimulatePrincipalPolicy(new SimulatePrincipalPolicyRequest
{
PolicySourceArn = groupArn,
ActionNames = new List <string>
{
"dynamodb:PutItem"
},
ResourceArns = new List <string>
{
"arn:aws:dynamodb:us-east-1:123456789012:table/bob"
},
ContextEntries = new List <ContextEntry>
{
new ContextEntry
{
ContextKeyName = "aws:username",
ContextKeyType = ContextKeyTypeEnum.String,
ContextKeyValues = new List <string>
{
"bob"
}
}
}
});
var results = response.EvaluationResults;
Assert.IsNotNull(results);
Assert.AreEqual(1, results.Count);
var result = results.First();
Assert.AreEqual(PolicyEvaluationDecisionType.Allowed, result.EvalDecision);
response = Client.SimulatePrincipalPolicy(new SimulatePrincipalPolicyRequest
{
PolicySourceArn = groupArn,
ActionNames = new List <string>
{
"dynamodb:PutItem"
},
ResourceArns = new List <string>
{
"arn:aws:dynamodb:us-east-1:123456789012:table/bob"
},
ContextEntries = new List <ContextEntry>
{
new ContextEntry
{
ContextKeyName = "aws:username",
ContextKeyType = ContextKeyTypeEnum.String,
ContextKeyValues = new List <string>
{
"alice"
}
}
}
});
results = response.EvaluationResults;
Assert.IsNotNull(results);
Assert.AreEqual(1, results.Count);
result = results.First();
Assert.AreEqual(PolicyEvaluationDecisionType.ImplicitDeny, result.EvalDecision);
}
finally
{
Client.DeleteGroupPolicy(new DeleteGroupPolicyRequest()
{
GroupName = groupname, PolicyName = policyName
});
Client.DeleteGroup(new DeleteGroupRequest {
GroupName = groupname
});
}
}
