private void AssertSSOCredentialsAreEqual(SSOAWSCredentials expected, AWSCredentials actualAWSCredentials)
{
var actual = actualAWSCredentials as SSOAWSCredentials;
Assert.IsNotNull(actual);
Assert.AreEqual(expected.AccountId, actual.AccountId);
Assert.AreEqual(expected.Region, actual.Region);
Assert.AreEqual(expected.RoleName, actual.RoleName);
Assert.AreEqual(expected.StartUrl, actual.StartUrl);
Assert.AreEqual(expected.PreemptExpiryTime, actual.PreemptExpiryTime);
Assert.AreEqual(expected.Options.ClientName, actual.Options.ClientName);
Assert.AreEqual(expected.Options.SsoVerificationCallback, actual.Options.SsoVerificationCallback);
Assert.AreEqual(expected.Options.ProxySettings, actual.Options.ProxySettings);
}
private static AWSCredentials GetAWSCredentials(string profileName, ICredentialProfileSource profileSource,
CredentialProfileOptions options, RegionEndpoint stsRegion, bool nonCallbackOnly)
{
var profileType = CredentialProfileTypeDetector.DetectProfileType(options);
if (nonCallbackOnly && profileType.HasValue && IsCallbackRequired(profileType.Value))
{
if (profileType == CredentialProfileType.AssumeRoleExternalMFA ||
profileType == CredentialProfileType.AssumeRoleMFA)
{
var mfaMessage = profileName == null
? "The credential options represent AssumeRoleAWSCredentials that require an MFA. This is not allowed here. " +
"Please use credential options for AssumeRoleAWSCredentials that don't require an MFA, or a different type of credentials."
: String.Format(CultureInfo.InvariantCulture,
"The profile [{0}] is an assume role profile that requires an MFA. This type of profile is not allowed here. " +
"Please use an assume role profile that doesn't require an MFA, or a different type of profile.", profileName);
throw new InvalidOperationException(mfaMessage);
}
#if !BCL35
else if (profileType == CredentialProfileType.SSO && !SSOAWSCredentials.HasCachedAccessTokenAvailable(options.SsoStartUrl))
{
var ssoMessage = profileName == null
? $"The credential options represent {nameof(SSOAWSCredentials)}. This is not allowed here. " +
"Please use a different type of credentials."
: String.Format(CultureInfo.InvariantCulture,
"The profile [{0}] is an SSO profile. This type of profile is not allowed here. " +
"Please use a different type of profile.", profileName);
throw new InvalidOperationException(ssoMessage);
}
#endif
else if (profileType == CredentialProfileType.SAMLRoleUserIdentity)
{
var samlMessage = profileName == null
? "The credential options represent FederatedAWSCredentials that specify a user identity. This is not allowed here. " +
"Please use credential options for FederatedAWSCredentials without an explicit user identity, or a different type of credentials."
: String.Format(CultureInfo.InvariantCulture,
"The profile [{0}] is a SAML role profile that specifies a user identity. This type of profile is not allowed here. " +
"Please use a SAML role profile without an explicit user identity, or a different type of profile.", profileName);
throw new InvalidOperationException(samlMessage);
}
}
return(GetAWSCredentialsInternal(profileName, profileType, options, stsRegion, profileSource, true));
}
