public object Execute(ExecutorContext context)
{
var cmdletContext = context as CmdletContext;
// create request
var request = new Amazon.SecurityToken.Model.GetFederationTokenRequest();
if (cmdletContext.DurationInSeconds != null)
{
request.DurationSeconds = cmdletContext.DurationInSeconds.Value;
}
if (cmdletContext.Name != null)
{
request.Name = cmdletContext.Name;
}
if (cmdletContext.Policy != null)
{
request.Policy = cmdletContext.Policy;
}
if (cmdletContext.PolicyArn != null)
{
request.PolicyArns = cmdletContext.PolicyArn;
}
if (cmdletContext.Tag != null)
{
request.Tags = cmdletContext.Tag;
}
CmdletOutput output;
// issue call
var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint);
try
{
var response = CallAWSServiceOperation(client, request);
object pipelineOutput = null;
pipelineOutput = cmdletContext.Select(response, this);
output = new CmdletOutput
{
PipelineOutput = pipelineOutput,
ServiceResponse = response
};
}
catch (Exception e)
{
output = new CmdletOutput {
ErrorResponse = e
};
}
return(output);
}
/// <summary>
/// Initiates the asynchronous execution of the GetFederationToken operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.</param>
/// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
/// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
///
/// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking EndGetFederationToken
/// operation.</returns>
public IAsyncResult BeginGetFederationToken(GetFederationTokenRequest request, AsyncCallback callback, object state)
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance;
return BeginInvoke<GetFederationTokenRequest>(request, marshaller, unmarshaller,
callback, state);
}
/// <summary>
/// Returns a set of temporary security credentials (consisting of an access key ID, a
/// secret access key, and a security token) for a federated user. A typical use is in
/// a proxy application that gets temporary security credentials on behalf of distributed
/// applications inside a corporate network. Because you must call the <code>GetFederationToken</code>
/// action using the long-term security credentials of an IAM user, this call is appropriate
/// in contexts where those credentials can be safely stored, usually in a server-based
/// application.
///
/// <note>
/// <para>
/// If you are creating a mobile-based or browser-based app that can authenticate users
/// using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID
/// Connect-compatible identity provider, we recommend that you use <a href="http://aws.amazon.com/cognito/">Amazon
/// Cognito</a> or <code>AssumeRoleWithWebIdentity</code>. For more information, see <a
/// href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity">Federation
/// Through a Web-based Identity Provider</a>.
/// </para>
/// </note>
/// <para>
/// The <code>GetFederationToken</code> action must be called by using the long-term AWS
/// security credentials of an IAM user. You can also call <code>GetFederationToken</code>
/// using the security credentials of an AWS account (root), but this is not recommended.
/// Instead, we recommend that you create an IAM user for the purpose of the proxy application
/// and then attach a policy to the IAM user that limits federated users to only the actions
/// and resources they need access to. For more information, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html">IAM
/// Best Practices</a> in the <i>Using IAM</i>.
/// </para>
///
/// <para>
/// The temporary security credentials that are obtained by using the long-term credentials
/// of an IAM user are valid for the specified duration, between 900 seconds (15 minutes)
/// and 129600 seconds (36 hours). Temporary credentials that are obtained by using AWS
/// account (root) credentials have a maximum duration of 3600 seconds (1 hour)
/// </para>
///
/// <para>
/// <b>Permissions</b>
/// </para>
///
/// <para>
/// The permissions for the temporary security credentials returned by <code>GetFederationToken</code>
/// are determined by a combination of the following:
/// </para>
/// <ul> <li>The policy or policies that are attached to the IAM user whose credentials
/// are used to call <code>GetFederationToken</code>.</li> <li>The policy that is passed
/// as a parameter in the call.</li> </ul>
/// <para>
/// The passed policy is attached to the temporary security credentials that result from
/// the <code>GetFederationToken</code> API call--that is, to the <i>federated user</i>.
/// When the federated user makes an AWS request, AWS evaluates the policy attached to
/// the federated user in combination with the policy or policies attached to the IAM
/// user whose credentials were used to call <code>GetFederationToken</code>. AWS allows
/// the federated user's request only when both the federated user <i><b>and</b></i> the
/// IAM user are explicitly allowed to perform the requested action. The passed policy
/// cannot grant more permissions than those that are defined in the IAM user policy.
/// </para>
///
/// <para>
/// A typical use case is that the permissions of the IAM user whose credentials are used
/// to call <code>GetFederationToken</code> are designed to allow access to all the actions
/// and resources that any federated user will need. Then, for individual users, you pass
/// a policy to the operation that scopes down the permissions to a level that's appropriate
/// to that individual user, using a policy that allows only a subset of permissions that
/// are granted to the IAM user.
/// </para>
///
/// <para>
/// If you do not pass a policy, the resulting temporary security credentials have no
/// effective permissions. The only exception is when the temporary security credentials
/// are used to access a resource that has a resource-based policy that specifically allows
/// the federated user to access the resource.
/// </para>
///
/// <para>
/// For more information about how permissions work, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_getfederationtoken.html">Permissions
/// for GetFederationToken</a>. For information about using <code>GetFederationToken</code>
/// to create temporary security credentials, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken">GetFederationToken—Federation
/// Through a Custom Identity Broker</a>.
/// </para>
/// </summary>
/// <param name="request">Container for the necessary parameters to execute the GetFederationToken service method.</param>
///
/// <returns>The response from the GetFederationToken service method, as returned by SecurityTokenService.</returns>
/// <exception cref="Amazon.SecurityToken.Model.MalformedPolicyDocumentException">
/// The request was rejected because the policy document was malformed. The error message
/// describes the specific error.
/// </exception>
/// <exception cref="Amazon.SecurityToken.Model.PackedPolicyTooLargeException">
/// The request was rejected because the policy document was too large. The error message
/// describes how big the policy document is, in packed form, as a percentage of what
/// the API allows.
/// </exception>
public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request)
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance;
return Invoke<GetFederationTokenRequest,GetFederationTokenResponse>(request, marshaller, unmarshaller);
}
IAsyncResult invokeGetFederationToken(GetFederationTokenRequest getFederationTokenRequest, AsyncCallback callback, object state, bool synchronized)
{
IRequest irequest = new GetFederationTokenRequestMarshaller().Marshall(getFederationTokenRequest);
var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance();
AsyncResult result = new AsyncResult(irequest, callback, state, synchronized, signer, unmarshaller);
Invoke(result);
return result;
}
/// <summary>
/// <para>The GetFederationToken action returns a set of temporary credentials for a federated user with the user name and policy specified in
/// the request. The credentials consist of an Access Key ID, a Secret Access Key, and a security token. The credentials are valid for the
/// specified duration, between one and 36 hours.</para> <para>The federated user who holds these credentials has any permissions allowed by the
/// intersection of the specified policy and any resource or user policies that apply to the caller of the GetFederationToken API, and any
/// resource policies that apply to the federated user's Amazon Resource Name (ARN). For more information about how token permissions work, see
/// Controlling Permissions in Temporary Credentials in <i>Using AWS Identity and Access Management</i> . For information about using
/// GetFederationToken to create temporary credentials, see Creating Temporary Credentials to Enable Access for Federated Users in <i>Using AWS
/// Identity and Access Management</i> .</para>
/// </summary>
///
/// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on
/// AmazonSecurityTokenService.</param>
///
/// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns>
///
/// <exception cref="PackedPolicyTooLargeException"/>
/// <exception cref="MalformedPolicyDocumentException"/>
public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest getFederationTokenRequest)
{
IAsyncResult asyncResult = invokeGetFederationToken(getFederationTokenRequest, null, null, true);
return EndGetFederationToken(asyncResult);
}
/// <summary>
/// Initiates the asynchronous execution of the GetFederationToken operation.
/// <seealso cref="Amazon.SecurityToken.AmazonSecurityTokenService.GetFederationToken"/>
/// </summary>
///
/// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken operation on
/// AmazonSecurityTokenService.</param>
/// <param name="callback">An AsyncCallback delegate that is invoked when the operation completes.</param>
/// <param name="state">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
///
/// <returns>An IAsyncResult that can be used to poll or wait for results, or both; this value is also needed when invoking
/// EndGetFederationToken operation.</returns>
public IAsyncResult BeginGetFederationToken(GetFederationTokenRequest getFederationTokenRequest, AsyncCallback callback, object state)
{
return invokeGetFederationToken(getFederationTokenRequest, callback, state, false);
}
/// <summary>
/// Initiates the asynchronous execution of the GetFederationToken operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance;
return InvokeAsync<GetFederationTokenRequest,GetFederationTokenResponse>(request, marshaller,
unmarshaller, cancellationToken);
}
/// <summary>
/// Initiates the asynchronous execution of the GetFederationToken operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation on AmazonSecurityTokenServiceClient.</param>
/// <param name="callback">An Action delegate that is invoked when the operation completes.</param>
/// <param name="options">A user-defined state object that is passed to the callback procedure. Retrieve this object from within the callback
/// procedure using the AsyncState property.</param>
public void GetFederationTokenAsync(GetFederationTokenRequest request, AmazonServiceCallback<GetFederationTokenRequest, GetFederationTokenResponse> callback, AsyncOptions options = null)
{
options = options == null?new AsyncOptions():options;
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance;
Action<AmazonWebServiceRequest, AmazonWebServiceResponse, Exception, AsyncOptions> callbackHelper = null;
if(callback !=null )
callbackHelper = (AmazonWebServiceRequest req, AmazonWebServiceResponse res, Exception ex, AsyncOptions ao) => {
AmazonServiceResult<GetFederationTokenRequest,GetFederationTokenResponse> responseObject
= new AmazonServiceResult<GetFederationTokenRequest,GetFederationTokenResponse>((GetFederationTokenRequest)req, (GetFederationTokenResponse)res, ex , ao.State);
callback(responseObject);
};
BeginInvoke<GetFederationTokenRequest>(request, marshaller, unmarshaller, options, callbackHelper);
}
private Amazon.SecurityToken.Model.GetFederationTokenResponse CallAWSServiceOperation(IAmazonSecurityTokenService client, Amazon.SecurityToken.Model.GetFederationTokenRequest request)
{
Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Security Token Service (STS)", "GetFederationToken");
try
{
#if DESKTOP
return(client.GetFederationToken(request));
#elif CORECLR
return(client.GetFederationTokenAsync(request).GetAwaiter().GetResult());
#else
#error "Unknown build edition"
#endif
}
catch (AmazonServiceException exc)
{
var webException = exc.InnerException as System.Net.WebException;
if (webException != null)
{
throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException);
}
throw;
}
}
IAsyncResult invokeGetFederationToken(GetFederationTokenRequest request, AsyncCallback callback, object state, bool synchronized)
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.Instance;
return Invoke(request, callback, state, synchronized, marshaller, unmarshaller, signer);
}
/// <summary>
/// <para> Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a
/// federated user. A typical use is in a proxy application that is getting temporary security credentials on behalf of distributed applications
/// inside a corporate network. Because you must call the <c>GetFederationToken</c> action using the long-term security credentials of an IAM
/// user, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. </para>
/// <para> <b>Note:</b> Do not use this call in mobile applications or client-based web applications that directly get temporary security
/// credentials. For those types of applications, use <c>AssumeRoleWithWebIdentity</c> . </para> <para>The <c>GetFederationToken</c> action must
/// be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are
/// valid for the specified duration, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by using
/// account credentials have a maximum duration of 3600 seconds (1 hour). </para> <para>Optionally, you can pass an AWS IAM access policy to
/// this operation. The temporary security credentials that are returned by the operation have the permissions that are associated with the
/// entity that is making the <c>GetFederationToken</c> call, except for any permissions explicitly denied by the policy you pass. This gives
/// you a way to further restrict the permissions for the federated user. These policies and any applicable resource-based policies are
/// evaluated when calls to AWS are made using the temporary security credentials. </para> <para> For more information about how permissions
/// work, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/TokenPermissions.html">Controlling Permissions in Temporary
/// Credentials</a> in <i>Using Temporary Security Credentials</i> . For information about using <c>GetFederationToken</c> to create temporary
/// security credentials, see <a href="http://docs.aws.amazon.com/IAM/latest/UserGuide/CreatingFedTokens.html">Creating Temporary Credentials
/// to Enable Access for Federated Users</a> in <i>Using Temporary Security Credentials</i> . </para>
/// </summary>
///
/// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on
/// AmazonSecurityTokenService.</param>
///
/// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns>
///
/// <exception cref="T:Amazon.SecurityToken.Model.PackedPolicyTooLargeException" />
/// <exception cref="T:Amazon.SecurityToken.Model.MalformedPolicyDocumentException" />
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
public Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest getFederationTokenRequest, CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance();
return Invoke<IRequest, GetFederationTokenRequest, GetFederationTokenResponse>(getFederationTokenRequest, marshaller, unmarshaller, signer, cancellationToken);
}
internal GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request)
{
var task = GetFederationTokenAsync(request);
try
{
return task.Result;
}
catch(AggregateException e)
{
throw e.InnerException;
}
}
internal GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest request)
{
var task = GetFederationTokenAsync(request);
try
{
return task.Result;
}
catch(AggregateException e)
{
ExceptionDispatchInfo.Capture(e.InnerException).Throw();
return null;
}
}
/// <summary>
/// Initiates the asynchronous execution of the GetFederationToken operation.
/// <seealso cref="Amazon.SecurityToken.IAmazonSecurityTokenService.GetFederationToken"/>
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the GetFederationToken operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public async Task<GetFederationTokenResponse> GetFederationTokenAsync(GetFederationTokenRequest request, CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new GetFederationTokenRequestMarshaller();
var unmarshaller = GetFederationTokenResponseUnmarshaller.GetInstance();
var response = await Invoke<IRequest, GetFederationTokenRequest, GetFederationTokenResponse>(request, marshaller, unmarshaller, signer, cancellationToken)
.ConfigureAwait(continueOnCapturedContext: false);
return response;
}
/// <summary>
/// </summary>
///
/// <param name="getFederationTokenRequest">Container for the necessary parameters to execute the GetFederationToken service method on
/// AmazonSecurityTokenService.</param>
///
/// <returns>The response from the GetFederationToken service method, as returned by AmazonSecurityTokenService.</returns>
///
/// <exception cref="PackedPolicyTooLargeException"/>
/// <exception cref="MalformedPolicyDocumentException"/>
public GetFederationTokenResponse GetFederationToken(GetFederationTokenRequest getFederationTokenRequest)
{
IRequest<GetFederationTokenRequest> request = new GetFederationTokenRequestMarshaller().Marshall(getFederationTokenRequest);
GetFederationTokenResponse response = Invoke<GetFederationTokenRequest, GetFederationTokenResponse> (request, this.signer, GetFederationTokenResponseUnmarshaller.GetInstance());
return response;
}
