/// <summary> /// <see cref="ICoreAmazonSTS"/> /// </summary> /// <param name="roleArn"></param> /// <param name="roleSessionName"></param> /// <param name="options"></param> /// <returns></returns> AssumeRoleImmutableCredentials ICoreAmazonSTS.CredentialsFromAssumeRoleAuthentication(string roleArn, string roleSessionName, AssumeRoleAWSCredentialsOptions options) { try { var request = new AssumeRoleRequest { RoleArn = roleArn, RoleSessionName = roleSessionName }; if (options != null) { request.ExternalId = options.ExternalId; request.SerialNumber = options.MfaSerialNumber; request.TokenCode = options.MfaTokenCode; request.Policy = options.Policy; if (options.DurationSeconds.HasValue) { request.DurationSeconds = options.DurationSeconds.Value; } } var response = AssumeRole(request); return(new AssumeRoleImmutableCredentials(response.Credentials.AccessKeyId, response.Credentials.SecretAccessKey, response.Credentials.SessionToken, response.Credentials.Expiration)); } catch (Exception e) { var msg = "Error calling AssumeRole for role " + roleArn; var exception = new AmazonClientException(msg, e); Logger.GetLogger(typeof(AmazonSecurityTokenServiceClient)).Error(exception, exception.Message); throw exception; } }
public void TestGetSessionWhenMakingNewSessionThrowsException() { var testException = new AmazonClientException(""); mockClient.Setup(x => x.SendCommandAsync(It.IsAny <SendCommandRequest>(), It.IsAny <CancellationToken>())) .Throws(testException); var driver = new PooledQldbDriver("ledgerName", mockClient.Object, 4, 1, 10, NullLogger.Instance); Assert.ThrowsException <AmazonClientException>(driver.GetSession); // Ensure semaphore released due to earlier exception. Will throw TimeoutException if not. Assert.ThrowsException <AmazonClientException>(driver.GetSession); // Start session twice. mockClient.Verify(x => x.SendCommandAsync(It.IsAny <SendCommandRequest>(), It.IsAny <CancellationToken>()), Times.Exactly(2)); }
/// <summary> /// <see cref="ICoreAmazonSTS_WebIdentity"/> /// </summary> /// <param name="webIdentityToken">The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider.</param> /// <param name="roleArn">The Amazon Resource Name (ARN) of the role to assume.</param> /// <param name="roleSessionName">An identifier for the assumed role session.</param> /// <param name="options">Options to be used in the call to AssumeRole.</param> /// <returns>Immutable AssumeRoleCredentials</returns> AssumeRoleImmutableCredentials ICoreAmazonSTS_WebIdentity.CredentialsFromAssumeRoleWithWebIdentityAuthentication(string webIdentityToken, string roleArn, string roleSessionName, AssumeRoleWithWebIdentityCredentialsOptions options) { var request = SetupAssumeRoleWithWebIdentityRequest(webIdentityToken, roleArn, roleSessionName, options); try { var response = AssumeRoleWithWebIdentity(request); return(new AssumeRoleImmutableCredentials(response.Credentials.AccessKeyId, response.Credentials.SecretAccessKey, response.Credentials.SessionToken, response.Credentials.Expiration)); } catch (Exception e) { var msg = "Error calling AssumeRole for role " + roleArn; var exception = new AmazonClientException(msg, e); Logger.GetLogger(typeof(AmazonSecurityTokenServiceClient)).Error(exception, exception.Message); throw exception; } }
private CredentialsRefreshState Authenticate(ICredentials userCredential, TimeSpan credentialDuration) { CredentialsRefreshState state; SAMLAssertion assertion; var configuredRegion = AWSConfigs.AWSRegion; var region = string.IsNullOrEmpty(configuredRegion) ? DefaultSTSClientRegion : RegionEndpoint.GetBySystemName(configuredRegion); try { assertion = new SAMLAuthenticationController().GetSAMLAssertion(ProfileData.EndpointSettings.Endpoint.ToString(), userCredential, ProfileData.EndpointSettings.AuthenticationType); } catch (Exception e) { throw new AuthenticationFailedException("Authentication failure, unable to obtain SAML assertion.", e); } try { using (var stsClient = new AmazonSecurityTokenServiceClient(new AnonymousAWSCredentials(), region)) { var credentials = assertion.GetRoleCredentials(stsClient, ProfileData.RoleArn, credentialDuration); state = new CredentialsRefreshState(credentials, DateTime.UtcNow + credentialDuration); } } catch (Exception e) { var wrappedException = new AmazonClientException("Credential generation failed following successful authentication.", e); var logger = Logger.GetLogger(typeof(StoredProfileSAMLCredentials)); logger.Error(wrappedException, wrappedException.Message); throw wrappedException; } return(state); }
public static void HandleAmazonClientExceptionException(AmazonClientException ace) { Console.WriteLine("AmazonClientException:"); Console.WriteLine(ace.Message); }