/// <summary> /// Parse an ARN to extract information on S3 outpost access point or bucket ARN /// and if it is not found or properly formatted, throw an exception /// </summary> /// <param name="arn">The ARN to be parsed into an S3 Outposts resource</param> /// <param name="config">Used to validate <paramref name="arn"/> </param> /// <returns>A <see cref="S3OutpostResource"/></returns> public static IS3Resource ParseOutpost(this Arn arn, AmazonS3ControlConfig config = null) { if (string.IsNullOrEmpty(arn.Resource)) { throw new AmazonClientException("ARN resource can not be null"); } if (!IsOutpostArn(arn)) { throw new AmazonClientException("ARN resource does not resemble an outpost access point"); } var parts = arn.Resource.Split(S3ArnUtils.ArnSplit, 5); if (parts.Length < 4 || (!string.Equals(parts[2], ResourceTypeAccessPoint) && !string.Equals(parts[2], ResourceTypeBucket))) { throw new AmazonClientException("Invalid ARN, outpost resource format is incorrect"); } if (arn.Region.EndsWith("-fips", StringComparison.OrdinalIgnoreCase)) { throw new AmazonClientException("Invalid ARN, FIPS region not allowed in ARN"); } return(new S3OutpostResource(arn) { OutpostId = parts[1], Type = (S3ResourceType)Enum.Parse(typeof(S3ResourceType), parts[2], true), Name = parts[3], Key = parts.Length > 4 ? parts[4] : null }); }
private AmazonS3ControlConfig CreateConfig(string serviceUrl, Flags flags) { var clientConfig = new AmazonS3ControlConfig { UseDualstackEndpoint = (flags & Flags.Dualstack) != 0, UseArnRegion = (flags & Flags.UseArnRegion) != 0, ServiceURL = serviceUrl }; return(clientConfig); }
protected IAmazonS3Control CreateClient(AWSCredentials credentials, RegionEndpoint region) { var config = new AmazonS3ControlConfig { RegionEndpoint = region }; Amazon.PowerShell.Utils.Common.PopulateConfig(this, config); this.CustomizeClientConfig(config); var client = new AmazonS3ControlClient(credentials, config); client.BeforeRequestEvent += RequestEventHandler; client.AfterResponseEvent += ResponseEventHandler; return(client); }
public void ArnIdSetFieldIdNotSet() { var outpostArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var getBucketRequest = new GetBucketRequest { Bucket = outpostArn }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]); }
public void ArnIdNotSetFieldIdSet() { var accessPoint = "myAccessPoint"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var getAccessPointRequest = new GetAccessPointRequest { Name = accessPoint, AccountId = "123456789012" }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]); }
public void OutpostsBucketInputUSWest2UseArnRegionFalse() { var outpostsBucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2 }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]); Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]); }
public void ListRegionalBucketsTest() { var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2 }; var listRegionalBucketsRequest = new ListRegionalBucketsRequest { OutpostId = "op-01234567890123456", AccountId = "123456789012" }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(listRegionalBucketsRequest, ListRegionalBucketsRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]); Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]); }
public void ListAccessPointsTest() { var bucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2 }; var listAccessPointsRequest = new ListAccessPointsRequest { Bucket = bucketArn }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(listAccessPointsRequest, ListAccessPointsRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]); Assert.AreEqual("123456789012", marshalledRequest.Headers["x-amz-account-id"]); }
public void ArnIdNotSetFieldIdNotSetException() { var outpostAccessPointName = "myAccessPoint"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var getBucketRequest = new GetBucketRequest { Bucket = outpostAccessPointName, }; var exception = Assert.ThrowsException <AmazonS3ControlException>(() => { S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("AccountId can only contain alphanumeric characters and dashes and must be between 1 and 63 characters long.", exception.Message); }
public void OutpostsAccessPointInputUSEast1UseArnRegionTrue() { var outpostsAccessPointArn = "arn:aws:s3-outposts:us-east-1:123456789012:outpost:op-01234567890123456:accesspoint:myaccesspoint"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2, UseArnRegion = true }; var getAccessPointRequest = new GetAccessPointRequest { Name = outpostsAccessPointArn }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-east-1.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]); Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]); }
public void OutpostsBucketInputUSGovEast1UseArnRegionTrueSystemFips() { var outpostsBucketArn = "arn:aws-us-gov:s3-outposts:us-gov-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.GetBySystemName("fips-us-gov-east-1"), UseArnRegion = true }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-gov-east-1.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers[HeaderKeys.XAmzOutpostId]); Assert.AreEqual("123456789012", marshalledRequest.Headers[HeaderKeys.XAmzAccountId]); }
public void CreateBucketTest() { var bucketName = "testBucket"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = false, RegionEndpoint = RegionEndpoint.USWest2 }; var createBucketRequest = new CreateBucketRequest { Bucket = bucketName, OutpostId = "op-01234567890123456" }; var marshalledRequest = S3ControlArnTestUtils.RunMockRequest(createBucketRequest, CreateBucketRequestMarshaller.Instance, s3ControlConfig); Assert.AreEqual(new Uri("https://s3-outposts.us-west-2.amazonaws.com"), marshalledRequest.Endpoint); Assert.AreEqual("op-01234567890123456", marshalledRequest.Headers["x-amz-outpost-id"]); }
public void OutpostsBucketInputUSWest2UseArnRegionTrueInvalidArnException(string outpostsBucketArn) { var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2, UseArnRegion = true }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid ARN, outpost resource format is incorrect", exception.Message); }
public void OutpostsBucketInputUSGovEast1UseArnRegionTrueFipsException() { var outpostsBucketArn = "arn:aws-us-gov:s3-outposts:fips-us-gov-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.GetBySystemName("fips-us-gov-east-1"), UseArnRegion = true }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid configuration Outpost Buckets do not support Fips- regions", exception.Message); }
public void OutpostsBucketInputUSEast1UseArnRegionFalseCrossRegionError() { var outpostsBucketArn = "arn:aws:s3-outposts:us-east-1:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2, UseArnRegion = false }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid configuration, cross region Outpost Bucket ARN", exception.Message); }
public void OutpostsAccessPointInputCNNorth1UseArnRegionTrueCrossPartitionError() { var outpostsAccessPointArn = "arn:aws-cn:s3-outposts:cn-north-1:123456789012:outpost:op-01234567890123456:accesspoint:myaccesspoint"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2, UseArnRegion = true }; var getAccessPointRequest = new GetAccessPointRequest { Name = outpostsAccessPointArn }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid configuration, cross partition Outpost Access Point ARN", exception.Message); }
public void ArnIdNotSetFieldIdNotSetInvalidArnException() { var accessPointName = "arn:aws:s3-outposts:us-west-2::outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var getAccessPointRequest = new GetAccessPointRequest { Name = accessPointName }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid ARN, Account ID not set", exception.Message); }
public void ArnIdSetFieldIdSetMismatchException() { var accessPointName = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var getAccessPointRequest = new GetAccessPointRequest { AccountId = "923456789012", Name = accessPointName }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getAccessPointRequest, GetAccessPointRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Account ID mismatch, the Account ID cannot be specified in an ARN and in the accountId field", exception.Message); }
public void OutpostsBucketInputUSWest2UseArnRegionTrueDualstackException() { var outpostsBucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var s3ControlConfig = new AmazonS3ControlConfig { RegionEndpoint = RegionEndpoint.USWest2, UseDualstackEndpoint = true, UseArnRegion = true }; var getBucketRequest = new GetBucketRequest { Bucket = outpostsBucketArn }; var exception = Assert.ThrowsException <AmazonClientException>(() => { S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, s3ControlConfig); }); Assert.AreEqual("Invalid configuration Outpost Buckets do not support dualstack", exception.Message); }
public void TestS3OutpostsSignerGetBucket() { var signer = new S3Signer(); var bucketArn = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket"; var getBucketRequest = new GetBucketRequest { Bucket = bucketArn }; var config = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var originalAuthService = config.AuthenticationServiceName; var iRequest = S3ControlArnTestUtils.RunMockRequest(getBucketRequest, GetBucketRequestMarshaller.Instance, config); signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", "")); Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader)); Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts")); Assert.IsTrue(config.AuthenticationServiceName == originalAuthService); }
public void TestS3OutpostsSignerCreateAccessPointWithArn() { var signer = new S3Signer(); var createAccessPointRequest = new CreateAccessPointRequest { Bucket = "arn:aws:s3-outposts:us-west-2:123456789012:outpost:op-01234567890123456:bucket:mybucket", Name = "myaccesspoint", }; var config = new AmazonS3ControlConfig { UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var originalAuthService = config.AuthenticationServiceName; var iRequest = S3ControlArnTestUtils.RunMockRequest(createAccessPointRequest, CreateAccessPointRequestMarshaller.Instance, config); signer.Sign(iRequest, config, new RequestMetrics(), "ACCESS", "SECRET"); Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader)); Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts")); Assert.IsTrue(config.AuthenticationServiceName == originalAuthService); }
public void TestS3OutpostsSignerCreateBucket() { var signer = new S3Signer(); var createBucketRequest = new CreateBucketRequest { Bucket = "test", OutpostId = "op-123456789012" }; var config = new AmazonS3ControlConfig { SignatureVersion = "4", UseArnRegion = true, RegionEndpoint = RegionEndpoint.USWest2 }; var originalAuthService = config.AuthenticationServiceName; var iRequest = S3ControlArnTestUtils.RunMockRequest(createBucketRequest, CreateBucketRequestMarshaller.Instance, config); signer.Sign(iRequest, config, new RequestMetrics(), new ImmutableCredentials("ACCESS", "SECRET", "")); Assert.IsTrue(iRequest.Headers.ContainsKey(HeaderKeys.AuthorizationHeader)); Assert.IsTrue((iRequest.Headers["Authorization"]).Contains("s3-outposts")); Assert.IsTrue(config.AuthenticationServiceName == originalAuthService); }
public void S3OutpostBucketARNTests(string bucketNameOrARNInput, string clientRegion, string additionalFlags, string useArnRegion, string expectedEndpoint, string expectedHeaders, string expectedSignedBy) { Console.WriteLine(string.Join(" | ", bucketNameOrARNInput, clientRegion, additionalFlags, useArnRegion, expectedEndpoint, expectedHeaders, expectedSignedBy)); Console.WriteLine(); // ARRANGE // expectedEndpoint can be overloaded with the expected error message var expectSuccess = expectedEndpoint.Contains("amazonaws.com"); // outputs to assert against: IRequest s3Request = null; Exception exception = null; var request = new GetBucketRequest { Bucket = bucketNameOrARNInput, AccountId = "123456789012" }; var config = new AmazonS3ControlConfig { RegionEndpoint = clientRegion == "" ? null : RegionEndpoint.GetBySystemName(clientRegion), UseArnRegion = useArnRegion == "" ? false : bool.Parse(useArnRegion) }; if (additionalFlags.Contains("dualstack")) { config.UseDualstackEndpoint = true; } if (additionalFlags.Contains("fips")) { config.UseFIPSEndpoint = true; } if (additionalFlags.Contains("accelerate") && !expectSuccess) { // S3 Control Config does not allow setting accelerate, so it will not generate the expected error return; } // ACT try { s3Request = S3ControlArnTestUtils.RunMockRequest(request, GetBucketRequestMarshaller.Instance, config); Console.WriteLine(s3Request.Endpoint.ToString()); Console.WriteLine(); } catch (Exception e) { exception = e; } // ASSERT if (expectSuccess) { Assert.IsNull(exception, exception?.Message + "\r\n" + exception?.StackTrace); Assert.IsNotNull(s3Request); AssertExtensions.UrlSuffixMatches(expectedEndpoint, s3Request.Endpoint); AssertExtensions.ContainsHeaders(SpecMarkdownTestDataHelper.ParseExpectedHeaders(expectedHeaders), s3Request.Headers); } else { Assert.IsNull(s3Request); Assert.IsNotNull(exception); // reminder, expectedEndpoint also contains expected error message. AssertExtensions.AssertAreSameWithEmbellishments(expectedEndpoint, exception.Message); } }
public static IRequest RunMockRequest(AmazonWebServiceRequest request, IMarshaller <IRequest, AmazonWebServiceRequest> marshaller, AmazonS3ControlConfig config) { var pipeline = new RuntimePipeline(new List <IPipelineHandler> { new NoopPipelineHandler(), new AmazonS3ControlPostMarshallHandler(), new Marshaller(), new AmazonS3ControlPreMarshallHandler() }); var requestContext = new RequestContext(config.LogMetrics, new AWS4Signer()) { ClientConfig = config, Marshaller = marshaller, OriginalRequest = request, Unmarshaller = null, IsAsync = false }; var executionContext = new ExecutionContext( requestContext, new ResponseContext() ); pipeline.InvokeSync(executionContext); return(requestContext.Request); }