|
private AssumeRole ( |
||
| request | ||
| Результат | ||
private Credentials GetServiceCredentials()
{
if (_assumeRequest != null)
{
return(_stsClient.AssumeRole(_assumeRequest).Credentials);
}
return(_stsClient.AssumeRoleWithSAML(_assumeSamlRequest).Credentials);
}
public virtual Credentials AppMode_AssumeRole(AmazonSecurityTokenServiceClient stsClient, string roleArn,
string roleSessionName)
{
Credentials credentials = null;
var assumeRoleRequest = new AssumeRoleRequest
{
RoleArn = roleArn,
RoleSessionName = roleSessionName
};
bool retry;
int sleepSeconds = 3;
DateTime startTime = DateTime.Now;
do
{
try
{
AssumeRoleResponse assumeRoleResponse = stsClient.AssumeRole(assumeRoleRequest);
credentials = assumeRoleResponse.Credentials;
retry = false;
}
catch (AmazonServiceException ase)
{
if (ase.ErrorCode.Equals("AccessDenied"))
{
if (sleepSeconds > 20)
{
// If we've gotten here it's because we've retried a few times and are still getting the same error.
// Just rethrow the error to stop waiting. The exception will bubble up.
Console.WriteLine(" [Aborted AssumeRole Operation]");
retry = false;
}
else
{
// Write a period to the screen so we have a visual indication that we're in our retry logic.
Console.Write(".");
// Sleep before retrying.
Thread.Sleep(TimeSpan.FromSeconds(sleepSeconds));
// Increment the retry interval.
sleepSeconds = sleepSeconds*3;
retry = true;
}
}
else
{
throw;
}
}
} while (retry);
return credentials;
}
public Deployer(AwsConfiguration awsConfiguration)
{
_awsEndpoint = awsConfiguration.AwsEndpoint;
_bucket = awsConfiguration.Bucket;
_assumeRoleTrustDocument = awsConfiguration.AssumeRoleTrustDocument;
_iamRolePolicyDocument = awsConfiguration.IamRolePolicyDocument;
AWSCredentials credentials;
if (isArn(awsConfiguration.RoleName))
{
var securityTokenServiceClient = new AmazonSecurityTokenServiceClient(awsConfiguration.AwsEndpoint);
var assumeRoleResult = securityTokenServiceClient.AssumeRole(new AssumeRoleRequest
{
RoleArn = awsConfiguration.RoleName,
DurationSeconds = 3600,
RoleSessionName = "Net2User",
ExternalId = Guid.NewGuid().ToString()
});
Credentials stsCredentials = assumeRoleResult.Credentials;
SessionAWSCredentials sessionCredentials =
new SessionAWSCredentials(stsCredentials.AccessKeyId,
stsCredentials.SecretAccessKey,
stsCredentials.SessionToken);
credentials = sessionCredentials;
_role = new AssumedRole(assumeRoleResult.AssumedRoleUser);
}
else {
credentials = awsConfiguration.Credentials ?? new EnvironmentAWSCredentials();
}
_codeDeployClient = new AmazonCodeDeployClient(
credentials,
new AmazonCodeDeployConfig {
RegionEndpoint = awsConfiguration.AwsEndpoint,
ProxyHost = awsConfiguration.ProxyHost,
ProxyPort = awsConfiguration.ProxyPort
});
_cloudFormationClient = new AmazonCloudFormationClient(
credentials,
new AmazonCloudFormationConfig {
RegionEndpoint = awsConfiguration.AwsEndpoint,
ProxyHost = awsConfiguration.ProxyHost,
ProxyPort = awsConfiguration.ProxyPort
});
_s3Client = new AmazonS3Client(
credentials,
new AmazonS3Config {
RegionEndpoint = awsConfiguration.AwsEndpoint,
ProxyHost = awsConfiguration.ProxyHost,
ProxyPort = awsConfiguration.ProxyPort
});
_iamClient = new AmazonIdentityManagementServiceClient(
credentials,
new AmazonIdentityManagementServiceConfig {
RegionEndpoint = awsConfiguration.AwsEndpoint,
ProxyHost = awsConfiguration.ProxyHost,
ProxyPort = awsConfiguration.ProxyPort
});
_autoScalingClient = new AmazonAutoScalingClient(
credentials,
new AmazonAutoScalingConfig {
RegionEndpoint = awsConfiguration.AwsEndpoint,
ProxyHost = awsConfiguration.ProxyHost,
ProxyPort = awsConfiguration.ProxyPort
});
}
