public static string CreateRoleIfNotExists(IAmazonIdentityManagementService iamClient, string roleName, string assumeRolePolicyDocument, bool waitForEventualConsistency = true) { AutoResetEvent ars = new AutoResetEvent(false); Exception responseException = new Exception(); Role role = GetRoleIfExists(iamClient, roleName); if (role != null && !string.IsNullOrEmpty(role.Arn)) { return role.Arn; } iamClient.CreateRoleAsync(new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = assumeRolePolicyDocument }, (response) => { responseException = response.Exception; if (responseException == null) { role = response.Response.Role; } ars.Set(); }, new AsyncOptions { ExecuteCallbackOnMainThread = false }); ars.WaitOne(); Assert.IsNull(responseException); if (waitForEventualConsistency) { // Wait for eventual consistency of IAM role: Thread.Sleep(TimeSpan.FromSeconds(10)); } return role.Arn; }
public static void Initialize() { LambdaClient = new AmazonLambdaClient(TestRunner.Credentials, TestRunner.RegionEndpoint); IAMClient = new AmazonIdentityManagementServiceClient(TestRunner.Credentials, TestRunner.RegionEndpoint); RoleArn = UtilityMethods.CreateRoleIfNotExists(IAMClient, RoleName, UtilityMethods.LambdaAssumeRolePolicyDocument); UtilityMethods.CreatePolicyIfNotExists(IAMClient, RolePolicyName, RolePolicyDocument, RoleName); foreach (string[] functionInfo in FunctionNames) { CreateFunction(functionInfo[0], functionInfo[1], functionInfo[2]); } }
public async Task<Group> RetrieveGroup( string identifier, IAmazonIdentityManagementService proxy) { if (null == identifier) { throw new ArgumentException(AnchoringByIdentifierBehavior.ArgumentNameIdentifier); } if (null == proxy) { throw new ArgumentNullException(AnchoringByIdentifierBehavior.ArgumentNameProxy); } ListGroupsRequest request = new ListGroupsRequest(); request.MaxItems = AnchoringByIdentifierBehavior.SizeListPage; while (true) { ListGroupsResponse response = await proxy.ListGroupsAsync(request); if (null == response.Groups || !response.Groups.Any()) { return null; } Group group = response .Groups .SingleOrDefault( (Group item) => string.Equals(item.GroupId, identifier, StringComparison.OrdinalIgnoreCase)); if (group != null) { return group; } if (string.IsNullOrWhiteSpace(response.Marker)) { return null; } if (string.Equals(request.Marker, response.Marker, StringComparison.OrdinalIgnoreCase)) { return null; } request.Marker = response.Marker; } }
public async Task<Group> RetrieveGroup( string identifier, IAmazonIdentityManagementService proxy) { if (null == identifier) { throw new ArgumentException(AnchoringByNameBehavior.ArgumentNameIdentifier); } if (null == proxy) { throw new ArgumentNullException(AnchoringByNameBehavior.ArgumentNameProxy); } GetGroupRequest request = new GetGroupRequest(identifier); GetGroupResult response = await proxy.GetGroupAsync(request); Group result = response.Group; return result; }
public async Task<User> RetrieveUser( string identifier, IAmazonIdentityManagementService proxy) { if (null == identifier) { throw new ArgumentException(AnchoringByNameBehavior.ArgumentNameIdentifier); } if (null == proxy) { throw new ArgumentNullException(AnchoringByNameBehavior.ArgumentNameProxy); } GetUserRequest request = new GetUserRequest() { UserName = identifier }; GetUserResult response = await proxy.GetUserAsync(request); User result = response.User; return result; }
public static Role GetRoleIfExists(IAmazonIdentityManagementService iamClient, string roleName) { AutoResetEvent ars = new AutoResetEvent(false); Exception responseException = new Exception(); // Get role arn if it exists. Role iamRole = null; iamClient.GetRoleAsync(new GetRoleRequest() { RoleName = roleName }, (response) => { responseException = response.Exception; if (responseException == null) { iamRole = response.Response.Role; } ars.Set(); }, new AsyncOptions { ExecuteCallbackOnMainThread = false }); ars.WaitOne(); if (responseException == null) { Assert.IsNotNull(iamRole); } else { Assert.IsInstanceOf(typeof(NoSuchEntityException), responseException); } return iamRole; }
internal IdentityManagementPaginatorFactory(IAmazonIdentityManagementService client) { this.client = client; }
public static void CreatePolicyIfNotExists(IAmazonIdentityManagementService iamClient, string policyName, string policyDocument, string roleName) { if (DoesRoleHavePolicy(iamClient, policyName, roleName)) { return; } AutoResetEvent ars = new AutoResetEvent(false); Exception responseException = new Exception(); iamClient.PutRolePolicyAsync(new PutRolePolicyRequest() { PolicyName = policyName, PolicyDocument = policyDocument, RoleName = roleName }, (response) => { responseException = response.Exception; ars.Set(); }, new AsyncOptions { ExecuteCallbackOnMainThread = false }); ars.WaitOne(); Assert.IsNull(responseException); }
public static string CreateRole(IAmazonIdentityManagementService iamClient, string roleName, string assumeRolePolicy, params string[] managedPolicies) { if (managedPolicies != null && managedPolicies.Length > 0) { for (int i = 0; i < managedPolicies.Length; i++) { managedPolicies[i] = ExpandManagedPolicyName(iamClient, managedPolicies[i]); } } string roleArn; try { CreateRoleRequest request = new CreateRoleRequest { RoleName = roleName, AssumeRolePolicyDocument = assumeRolePolicy }; var response = iamClient.CreateRoleAsync(request).Result; roleArn = response.Role.Arn; } catch (Exception e) { throw new ToolsException($"Error creating IAM Role: {e.Message}", ToolsException.CommonErrorCode.IAMCreateRole, e); } if (managedPolicies != null && managedPolicies.Length > 0) { try { foreach (var managedPolicy in managedPolicies) { var request = new AttachRolePolicyRequest { RoleName = roleName, PolicyArn = managedPolicy }; iamClient.AttachRolePolicyAsync(request).Wait(); } } catch (Exception e) { throw new ToolsException($"Error assigning managed IAM Policy: {e.Message}", ToolsException.CommonErrorCode.IAMAttachRole, e); } } bool found = false; do { // There is no way check if the role has propagated yet so to // avoid error during deployment creation do a generous sleep. Console.WriteLine("Waiting for new IAM Role to propagate to AWS regions"); long start = DateTime.Now.Ticks; while (TimeSpan.FromTicks(DateTime.Now.Ticks - start).TotalSeconds < SLEEP_TIME_FOR_ROLE_PROPOGATION.TotalSeconds) { Thread.Sleep(TimeSpan.FromSeconds(1)); Console.Write("."); Console.Out.Flush(); } Console.WriteLine("\t Done"); try { var getResponse = iamClient.GetRoleAsync(new GetRoleRequest { RoleName = roleName }).Result; if (getResponse.Role != null) { found = true; } } catch (NoSuchEntityException) { } catch (Exception e) { throw new ToolsException("Error confirming new role was created: " + e.Message, ToolsException.CommonErrorCode.IAMGetRole, e); } } while (!found); return(roleArn); }
public IdentityService(IAmazonIdentityManagementService iamClient, IArnParser arnParser) { _iamClient = iamClient; _arnParser = arnParser; }
private async Task<Amazon.IdentityManagement.Model.User> RetrieveUser( string resourceIdentifier, IAmazonIdentityManagementService proxy) { if (null == resourceIdentifier) { throw new ArgumentException(AmazonWebServicesProvider.ArgumentNameResourceIdentifier); } if (null == proxy) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameProxy); } Amazon.IdentityManagement.Model.User result = await this.AnchoringBehavior.RetrieveUser(resourceIdentifier, proxy); return result; }
private async Task RemoveMember( string groupName, string memberIdentifier, IAmazonIdentityManagementService proxy, string correlationIdentifier) { if (string.IsNullOrWhiteSpace(groupName)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameGroupName); } if (string.IsNullOrWhiteSpace(memberIdentifier)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameMemberIdentifier); } if (null == proxy) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameProxy); } if (string.IsNullOrWhiteSpace(correlationIdentifier)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameCorrelationIdentifier); } Amazon.IdentityManagement.Model.User memberUser = await this.RetrieveUser(memberIdentifier, proxy); if (null == memberUser) { string warning = string.Format( CultureInfo.InvariantCulture, AmazonProvisioningAgentResources.WarningEntryNotFoundTemplate, typeof(Amazon.IdentityManagement.Model.User).Name, memberIdentifier); ProvisioningAgentMonitor.Instance.Warn(warning, correlationIdentifier); return; } RemoveUserFromGroupRequest request = new RemoveUserFromGroupRequest(groupName, memberUser.UserName); await proxy.RemoveUserFromGroupAsync(request); }
private Amazon.IdentityManagement.Model.GetServiceLastAccessedDetailsWithEntitiesResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.GetServiceLastAccessedDetailsWithEntitiesRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "GetServiceLastAccessedDetailsWithEntities"); try { #if DESKTOP return(client.GetServiceLastAccessedDetailsWithEntities(request)); #elif CORECLR return(client.GetServiceLastAccessedDetailsWithEntitiesAsync(request).GetAwaiter().GetResult()); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } }
internal ListSSHPublicKeysPaginator(IAmazonIdentityManagementService client, ListSSHPublicKeysRequest request) { this._client = client; this._request = request; }
internal SimulateCustomPolicyPaginator(IAmazonIdentityManagementService client, SimulateCustomPolicyRequest request) { this._client = client; this._request = request; }
internal ListPoliciesPaginator(IAmazonIdentityManagementService client, ListPoliciesRequest request) { this._client = client; this._request = request; }
internal ListInstanceProfilesForRolePaginator(IAmazonIdentityManagementService client, ListInstanceProfilesForRoleRequest request) { this._client = client; this._request = request; }
public static async Task <IList <InstanceProfile> > FindExistingInstanceProfilesAsync(IAmazonIdentityManagementService iamClient, int maxRoles) { var profiles = new List <InstanceProfile>(); ListInstanceProfilesRequest request = new ListInstanceProfilesRequest(); ListInstanceProfilesResponse response = null; do { if (response != null) { request.Marker = response.Marker; } response = await iamClient.ListInstanceProfilesAsync(request).ConfigureAwait(false); foreach (var profile in response.InstanceProfiles) { profiles.Add(profile); } } while (response.IsTruncated && profiles.Count < maxRoles); return(profiles); }
private async Task AddMember( string groupName, Member member, IAmazonIdentityManagementService proxy, string correlationIdentifier) { if (string.IsNullOrWhiteSpace(groupName)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameGroupName); } if (null == member) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameMember); } if (string.IsNullOrWhiteSpace(member.Value)) { throw new ArgumentException(ProvisioningAgentResources.ExceptionInvalidMember); } if (null == proxy) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameProxy); } if (string.IsNullOrWhiteSpace(correlationIdentifier)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameCorrelationIdentifier); } await this.AddMember(groupName, member.Value, proxy, correlationIdentifier); }
private async Task AddMembers( string groupName, IEnumerable<Member> members, IAmazonIdentityManagementService proxy, string correlationIdentifier) { if (string.IsNullOrWhiteSpace(groupName)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameGroupName); } if (null == members) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameMembers); } if (null == proxy) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameProxy); } if (string.IsNullOrWhiteSpace(correlationIdentifier)) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameCorrelationIdentifier); } foreach (Member member in members) { await this.AddMember(groupName, member, proxy, correlationIdentifier); } }
/// <summary> /// Default constructor. This constructor is used by Lambda to construct the instance. When invoked in a Lambda environment /// the AWS credentials will come from the IAM role associated with the function and the AWS region will be set to the /// region the Lambda function is executed in. /// </summary> public Function() { S3Client = new AmazonS3Client(); SnsClient = new AmazonSimpleNotificationServiceClient(); IamClient = new AmazonIdentityManagementServiceClient(); }
private async Task<Group> RetrieveGroup( string resourceIdentifier, IAmazonIdentityManagementService proxy) { if (string.IsNullOrWhiteSpace(resourceIdentifier)) { throw new ArgumentException(AmazonWebServicesProvider.ArgumentNameResourceIdentifier); } if (null == proxy) { throw new ArgumentNullException(AmazonWebServicesProvider.ArgumentNameProxy); } Group result = await this.AnchoringBehavior.RetrieveGroup(resourceIdentifier, proxy); return result; }
protected Func <Task <Settings> > CreateSettingsInitializer( CommandLineApplication cmd, bool requireAwsProfile = true ) { CommandOption awsProfileOption = null; CommandOption awsRegionOption = null; // add misc options var tierOption = cmd.Option("--tier|-T <NAME>", "(optional) Name of deployment tier (default: LAMBDASHARP_TIER environment variable)", CommandOptionType.SingleValue); if (requireAwsProfile) { awsProfileOption = cmd.Option("--aws-profile|-P <NAME>", "(optional) Use a specific AWS profile from the AWS credentials file", CommandOptionType.SingleValue); awsRegionOption = cmd.Option("--aws-region <NAME>", "(optional) Use a specific AWS region (default: read from AWS profile)", CommandOptionType.SingleValue); } // add hidden testing options var awsAccountIdOption = cmd.Option("--aws-account-id <VALUE>", "(test only) Override AWS account Id (default: read from AWS profile)", CommandOptionType.SingleValue); var awsUserArnOption = cmd.Option("--aws-user-arn <ARN>", "(test only) Override AWS user ARN (default: read from AWS profile)", CommandOptionType.SingleValue); var toolVersionOption = cmd.Option("--cli-version <VALUE>", "(test only) LambdaSharp CLI version for profile", CommandOptionType.SingleValue); var deploymentBucketNameOption = cmd.Option("--deployment-bucket-name <NAME>", "(test only) S3 Bucket name used to deploy modules (default: read from LambdaSharp CLI configuration)", CommandOptionType.SingleValue); var tierVersionOption = cmd.Option("--tier-version <VERSION>", "(test only) LambdaSharp tier version (default: read from deployment tier)", CommandOptionType.SingleValue); var promptsAsErrorsOption = cmd.Option("--prompts-as-errors", "(optional) Missing parameters cause an error instead of a prompts (use for CI/CD to avoid unattended prompts)", CommandOptionType.NoValue); awsAccountIdOption.ShowInHelpText = false; awsUserArnOption.ShowInHelpText = false; toolVersionOption.ShowInHelpText = false; deploymentBucketNameOption.ShowInHelpText = false; tierVersionOption.ShowInHelpText = false; return(async() => { // check if experimental caching feature is enabled Settings.AllowCaching = string.Equals((Environment.GetEnvironmentVariable("LAMBDASHARP_FEATURE_CACHING") ?? "false"), "true", StringComparison.OrdinalIgnoreCase); // initialize deployment tier string tier = tierOption.Value() ?? Environment.GetEnvironmentVariable("LAMBDASHARP_TIER") ?? ""; // initialize AWS profile try { AwsAccountInfo awsAccount = null; IAmazonSimpleSystemsManagement ssmClient = null; IAmazonCloudFormation cfnClient = null; IAmazonKeyManagementService kmsClient = null; IAmazonS3 s3Client = null; IAmazonAPIGateway apiGatewayClient = null; IAmazonIdentityManagementService iamClient = null; IAmazonLambda lambdaClient = null; if (requireAwsProfile) { awsAccount = await InitializeAwsProfile( awsProfileOption.Value(), awsAccountIdOption.Value(), awsRegionOption.Value(), awsUserArnOption.Value() ); if (awsAccount == null) { return null; } // create AWS clients ssmClient = new AmazonSimpleSystemsManagementClient(AWSConfigs.RegionEndpoint); cfnClient = new AmazonCloudFormationClient(AWSConfigs.RegionEndpoint); kmsClient = new AmazonKeyManagementServiceClient(AWSConfigs.RegionEndpoint); s3Client = new AmazonS3Client(AWSConfigs.RegionEndpoint); apiGatewayClient = new AmazonAPIGatewayClient(AWSConfigs.RegionEndpoint); iamClient = new AmazonIdentityManagementServiceClient(AWSConfigs.RegionEndpoint); lambdaClient = new AmazonLambdaClient(AWSConfigs.RegionEndpoint); } if (HasErrors) { return null; } // initialize LambdaSharp deployment values var tierVersion = tierVersionOption.Value(); var deploymentBucketName = deploymentBucketNameOption.Value(); // initialize LambdaSharp testing values VersionInfo toolVersion = null; if (toolVersionOption.HasValue()) { toolVersion = VersionInfo.Parse(toolVersionOption.Value()); } // create a settings instance for each module filename return new Settings(toolVersion ?? Version) { TierVersion = (tierVersion != null) ? VersionInfo.Parse(tierVersion) : null, Tier = tier, AwsRegion = awsAccount?.Region, AwsAccountId = awsAccount?.AccountId, AwsUserArn = awsAccount?.UserArn, DeploymentBucketName = deploymentBucketName, SsmClient = ssmClient, CfnClient = cfnClient, KmsClient = kmsClient, S3Client = s3Client, ApiGatewayClient = apiGatewayClient, IamClient = iamClient, LambdaClient = lambdaClient, PromptsAsErrors = promptsAsErrorsOption.HasValue() }; } catch (AmazonClientException e) when(e.Message == "No RegionEndpoint or ServiceURL configured") { LogError("AWS profile is missing a region specifier"); return null; } }); }
public static void ClassInitialize(TestContext testContext) { lambdaClient = new AmazonLambdaClient(); iamClient = new AmazonIdentityManagementServiceClient(); }
public static bool DoesRoleHavePolicy(IAmazonIdentityManagementService iamClient, string policyName, string roleName) { AutoResetEvent ars = new AutoResetEvent(false); Exception responseException = new Exception(); List<string> policyNames = null; iamClient.ListRolePoliciesAsync(new ListRolePoliciesRequest() { RoleName = roleName, }, (response) => { responseException = response.Exception; if (responseException == null) { policyNames = response.Response.PolicyNames; } ars.Set(); }, new AsyncOptions { ExecuteCallbackOnMainThread = false }); ars.WaitOne(); Assert.IsNull(responseException); Assert.IsNotNull(policyNames); return policyNames.Contains(policyName); }
public static void ClassInitialize(TestContext testContext) { iamClient = new AmazonIdentityManagementServiceClient(); s3Client = new AmazonS3Client(); }
public ExcelUploadService(IAmazonS3 s3Client, IAmazonDynamoDB dynamoDbClient, ILogger <ExcelUploadService> logger, IAmazonIdentityManagementService iamService) { S3Client = s3Client; DynamoDbClient = dynamoDbClient; IAMService = iamService; Logger = logger; }