/// <summary>
/// Tries to load the specified profile data corresponding to profile type T from a named
/// profile in the SDK account store.
/// </summary>
/// <param name="profileName">The name of the profile holding the settings.</param>
/// <param name="profile">The loaded profile data.</param>
/// <returns>Returns true if the profile exists otherwise false is returned.</returns>
/// <remarks>
/// Currently supported profile types: AWSCredentialsProfile and SAMLRoleProfile.
/// </remarks>
public static bool TryGetProfile <T>(string profileName, out T profile) where T : ProfileSettingsBase
{
profile = null;
try
{
if (typeof(T) == typeof(AWSCredentialsProfile))
{
profile = AWSCredentialsProfile.LoadFrom(profileName) as T;
}
else if (typeof(T) == typeof(SAMLRoleProfile))
{
profile = SAMLRoleProfile.LoadFrom(profileName) as T;
}
else
{
throw new ArgumentException("Unrecognized profile type parameter", (typeof(T).FullName));
}
}
catch (Exception e)
{
Logger.GetLogger(typeof(ProfileManager)).Error(e, "Unable to load profile {0}, unknown profile, missing/invalid data or unrecognized profile type.", profileName);
}
return(profile != null);
}
/// <summary>
/// <para>
/// Registers a role-based profile to be used with SAML authentication. The profile contains
/// details of the role to be assumed when AWS credentials are requested based on the role and
/// a reference to a SAML endpoint profile containing details of the endpoint to be called to
/// authenticate the user.
/// </para>
/// <para>
/// If user identity information is not supplied then the identity of the logged-in user will
/// be used when authenticaton is performed against the endpoint referenced in the SAML endpoint
/// profile. If identity is provided, no password information is stored in the role profile and
/// the user must supply the password for the identity prior to authentication with the endpoint.
/// </para>
/// </summary>
/// <param name="profileName">Name to be assigned to the profile</param>
/// <param name="endpointName">
/// The name assigned to the endpoint settings, previously saved with RegisterSAMLEndpoint.
/// </param>
/// <param name="roleArn">
/// The arn of the role that the user wants to assume when using this profile. This
/// must be one of the set returned by the saml endpoint when the user authenticates.
/// </param>
/// <param name="userIdentity">
/// Optional. By default the identity of the logged-in user will be used when authentication
/// is performed - the user will not be prompted to supply a password. By supplying a custom
/// identity for this parameter, the user will be prompted to supply the password for the
/// identity prior to authentication.
/// </param>
public static void RegisterSAMLRoleProfile(string profileName,
string endpointName,
string roleArn,
string userIdentity)
{
SAMLRoleProfile.Persist(profileName, endpointName, roleArn, userIdentity);
}
/// <summary>
/// Loads and returns all available credential profiles registered in the store.
/// </summary>
/// <returns>Collection of profiles.</returns>
public static IEnumerable <ProfileSettingsBase> ListProfiles()
{
var profiles = new List <ProfileSettingsBase>();
var profileNames = ListProfileNames();
foreach (var profileName in profileNames)
{
try
{
if (SAMLRoleProfile.CanCreateFrom(profileName))
{
profiles.Add(SAMLRoleProfile.LoadFrom(profileName));
}
else if (AWSCredentialsProfile.CanCreateFrom(profileName))
{
profiles.Add(AWSCredentialsProfile.LoadFrom(profileName));
}
}
catch (Exception e)
{
Logger.GetLogger(typeof(ProfileManager)).Error(e, "Error loading AWS credential or SAML role profile '{0}'", profileName);
}
}
return(profiles);
}
