public async Task CreateWithRoleArn_CreatesClientWithCredentials()
{
var roleArn = "test arn";
var instance = CreateInstance();
var credentials = new SessionAWSCredentials("key", "secret", "token");
StsClient.AssumeRoleAsync(Arg.Any <AssumeRoleRequest>()).Returns(new AssumeRoleResponse
{
Credentials = new Credentials
{
AccessKeyId = credentials.GetCredentials().AccessKey,
SecretAccessKey = credentials.GetCredentials().SecretKey,
SessionToken = credentials.GetCredentials().Token,
}
});
var result = await instance.Create(roleArn);
await StsFactory.Received().Create();
await StsClient.Received().AssumeRoleAsync(
Arg.Is <AssumeRoleRequest>(req => req.RoleArn == roleArn && req.RoleSessionName != null)
);
TestUtils.AssertClientHasCredentials((AmazonServiceClient)result, credentials);
}
public AWSLambdaAPI(SessionAWSCredentials sessionAWSCredentials)
{
this.sessionAWSCredentials = sessionAWSCredentials;
var credentials = sessionAWSCredentials.GetCredentials();
basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey);
amazonLambdaClient = new AmazonLambdaClient(sessionAWSCredentials);
}
public AWSStepFunctionsAPI(SessionAWSCredentials sessionAWSCredentials)
{
this.sessionAWSCredentials = sessionAWSCredentials;
var credentials = sessionAWSCredentials.GetCredentials();
basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey);
amazonStepFunctionsClient = new AmazonStepFunctionsClient(sessionAWSCredentials);
}
/// <summary>
/// provide support for resolving AthenaAPI from AWS environment
/// </summary>
/// <param name="sessionAWSCredentials"></param>
public AWSAthenaAPI(SessionAWSCredentials sessionAWSCredentials)
{
this.sessionAWSCredentials = sessionAWSCredentials;
var credentials = sessionAWSCredentials.GetCredentials();
basicAWSCredentials = new BasicAWSCredentials(credentials.AccessKey, credentials.SecretKey);
amazonAthenaClient = new AmazonAthenaClient(sessionAWSCredentials);
DefaultOutputLocation = Environment.GetEnvironmentVariable("AWSAthenaDefaultOutputLocation");
}
protected override void ProcessRecord()
{
try
{
AWSSAMLUtils awsSamlUtils = new AWSSAMLUtils();
SessionAWSCredentials awsSessionCredentials = null;
ICredentials userCredentials = GetUserCredentials(useCurrentCredentials);
Uri uri = new Uri(identityProviderUrl);
NetworkCredential networkCredentials = userCredentials.GetCredential(uri, "");
if (CredentialCache.DefaultCredentials != userCredentials)
{
ImpersonateUser(networkCredentials.UserName, networkCredentials.Password, networkCredentials.Domain);
}
string samlAssertion = awsSamlUtils.GetSamlAssertion(identityProviderUrl);
string[] awsSamlRoles = awsSamlUtils.GetAwsSamlRoles(samlAssertion);
UnImpersonateUser();
string awsSamlRole = null;
if (roleIndex < awsSamlRoles.Length)
{
awsSamlRole = awsSamlRoles[roleIndex];
}
else if (!string.IsNullOrEmpty(role))
{
awsSamlRole = awsSamlRoles.FirstOrDefault(p => p.Contains(role));
if (awsSamlRole == null)
{
throw new ArgumentException(string.Format("role {0} not found in list of available roles: {1}", role, string.Join(", ", awsSamlRoles)));
}
}
else
{
awsSamlRole = AskUserForAwsSamlRole(awsSamlRoles);
}
awsSessionCredentials = awsSamlUtils.GetSamlRoleCredentails(samlAssertion, awsSamlRole);
SetPowershellSamlProfile(awsSessionCredentials.GetCredentials());
}
catch
{
throw;
}
}
public AWSCredentialsFactoryTestCredentialSourceFixture(CredentialProfileOptions options, SessionAWSCredentials sessionCredentials, bool disable = false)
{
credentialSourceType = (CredentialSourceType)Enum.Parse(typeof(CredentialSourceType), options.CredentialSource, true);
switch (credentialSourceType)
{
case CredentialSourceType.Environment:
ImmutableCredentials credentials = sessionCredentials.GetCredentials();
originalAWSAccessKeyIdValue = SetEnvironmentVariable(AWS_ACCESS_KEY_ID_ENVIRONMENT_VARIABLE, credentials.AccessKey);
originalAWSSecretAccessKeyValue = SetEnvironmentVariable(AWS_SECRET_ACCESS_KEY_ENVIRONMENT_VARIABLE, credentials.SecretKey);
originalAWSSessionTokenValue = SetEnvironmentVariable(AWS_SESSION_TOKEN_ENVIRONMENT_VARIABLE, credentials.Token);
break;
case CredentialSourceType.Ec2InstanceMetadata:
originalAWSMetadataDisabled = SetEnvironmentVariable(EC2InstanceMetadata.AWS_EC2_METADATA_DISABLED, disable ? "true" : "false");
break;
case CredentialSourceType.EcsContainer:
originalContainerURIEnvVariableValue = SetEnvironmentVariable(ECSTaskCredentials.ContainerCredentialsURIEnvVariable, disable ? null : MOCK_ECSContainer_URIEnvVariableValue);
break;
}
}
protected override void ProcessRecord()
{
try
{
AWSSAMLUtils awsSamlUtils = new AWSSAMLUtils();
SessionAWSCredentials awsSessionCredentials = null;
ICredentials userCredentials = AskUserForCredentials(useCurrentCredentials);
Uri uri = new Uri(identityProviderUrl);
NetworkCredential networkCredentials = userCredentials.GetCredential(uri, "");
if (CredentialCache.DefaultCredentials != userCredentials)
{
ImpersonateUser(networkCredentials.UserName, networkCredentials.Password, networkCredentials.Domain);
}
string samlAssertion = awsSamlUtils.GetSamlAssertion(identityProviderUrl);
string[] awsSamlRoles = awsSamlUtils.GetAwsSamlRoles(samlAssertion);
UnImpersonateUser();
string awsSamlRole = null;
if (roleIndex < awsSamlRoles.Length)
{
awsSamlRole = awsSamlRoles[roleIndex];
}
else
{
awsSamlRole = AskUserForAwsSamlRole(awsSamlRoles);
}
awsSessionCredentials = awsSamlUtils.GetSamlRoleCredentails(samlAssertion, awsSamlRole);
SetPowershellSamlProfile(awsSessionCredentials.GetCredentials());
}
catch
{
throw;
}
}