private void AssertSSOCredentialsAreEqual(SSOAWSCredentials expected, AWSCredentials actualAWSCredentials) { var actual = actualAWSCredentials as SSOAWSCredentials; Assert.IsNotNull(actual); Assert.AreEqual(expected.AccountId, actual.AccountId); Assert.AreEqual(expected.Region, actual.Region); Assert.AreEqual(expected.RoleName, actual.RoleName); Assert.AreEqual(expected.StartUrl, actual.StartUrl); Assert.AreEqual(expected.PreemptExpiryTime, actual.PreemptExpiryTime); Assert.AreEqual(expected.Options.ClientName, actual.Options.ClientName); Assert.AreEqual(expected.Options.SsoVerificationCallback, actual.Options.SsoVerificationCallback); Assert.AreEqual(expected.Options.ProxySettings, actual.Options.ProxySettings); }
private static AWSCredentials GetAWSCredentials(string profileName, ICredentialProfileSource profileSource, CredentialProfileOptions options, RegionEndpoint stsRegion, bool nonCallbackOnly) { var profileType = CredentialProfileTypeDetector.DetectProfileType(options); if (nonCallbackOnly && profileType.HasValue && IsCallbackRequired(profileType.Value)) { if (profileType == CredentialProfileType.AssumeRoleExternalMFA || profileType == CredentialProfileType.AssumeRoleMFA) { var mfaMessage = profileName == null ? "The credential options represent AssumeRoleAWSCredentials that require an MFA. This is not allowed here. " + "Please use credential options for AssumeRoleAWSCredentials that don't require an MFA, or a different type of credentials." : String.Format(CultureInfo.InvariantCulture, "The profile [{0}] is an assume role profile that requires an MFA. This type of profile is not allowed here. " + "Please use an assume role profile that doesn't require an MFA, or a different type of profile.", profileName); throw new InvalidOperationException(mfaMessage); } #if !BCL35 else if (profileType == CredentialProfileType.SSO && !SSOAWSCredentials.HasCachedAccessTokenAvailable(options.SsoStartUrl)) { var ssoMessage = profileName == null ? $"The credential options represent {nameof(SSOAWSCredentials)}. This is not allowed here. " + "Please use a different type of credentials." : String.Format(CultureInfo.InvariantCulture, "The profile [{0}] is an SSO profile. This type of profile is not allowed here. " + "Please use a different type of profile.", profileName); throw new InvalidOperationException(ssoMessage); } #endif else if (profileType == CredentialProfileType.SAMLRoleUserIdentity) { var samlMessage = profileName == null ? "The credential options represent FederatedAWSCredentials that specify a user identity. This is not allowed here. " + "Please use credential options for FederatedAWSCredentials without an explicit user identity, or a different type of credentials." : String.Format(CultureInfo.InvariantCulture, "The profile [{0}] is a SAML role profile that specifies a user identity. This type of profile is not allowed here. " + "Please use a SAML role profile without an explicit user identity, or a different type of profile.", profileName); throw new InvalidOperationException(samlMessage); } } return(GetAWSCredentialsInternal(profileName, profileType, options, stsRegion, profileSource, true)); }