2023-10-02 13:37:27 +00:00
|
|
|
using System.Collections.Concurrent;
|
2023-10-09 12:23:31 +00:00
|
|
|
using System.Net;
|
2023-10-16 09:27:19 +00:00
|
|
|
using Amazon.CognitoIdentityProvider;
|
2023-10-02 13:37:27 +00:00
|
|
|
using Amazon.IdentityManagement;
|
2023-10-09 12:23:31 +00:00
|
|
|
using Amazon.IdentityManagement.Model;
|
2023-10-02 13:37:27 +00:00
|
|
|
using Amazon.Runtime;
|
|
|
|
using InnovEnergy.Lib.S3Utils.DataTypes;
|
|
|
|
using InnovEnergy.Lib.Utils;
|
2023-10-16 09:27:19 +00:00
|
|
|
using S3Region = InnovEnergy.Lib.S3Utils.DataTypes.S3Region;
|
2023-10-02 13:37:27 +00:00
|
|
|
|
|
|
|
namespace InnovEnergy.Lib.S3Utils;
|
|
|
|
|
|
|
|
public static class Iam
|
|
|
|
{
|
|
|
|
|
|
|
|
// TODO
|
2023-10-09 12:23:31 +00:00
|
|
|
|
2023-10-02 13:37:27 +00:00
|
|
|
private static readonly ConcurrentDictionary<S3Region, AmazonIdentityManagementServiceClient> AimClientCache = new();
|
|
|
|
|
|
|
|
public static AmazonIdentityManagementServiceClient GetIamClient(this S3Url url ) => url.Bucket.GetIamClient();
|
|
|
|
public static AmazonIdentityManagementServiceClient GetIamClient(this S3Bucket bucket) => bucket.Region.GetIamClient();
|
|
|
|
public static AmazonIdentityManagementServiceClient GetIamClient(this S3Region region)
|
|
|
|
{
|
|
|
|
return AimClientCache.GetOrAdd(region, CreateIamClient); // Memoize
|
|
|
|
}
|
|
|
|
|
|
|
|
private static AmazonIdentityManagementServiceClient CreateIamClient(S3Region region) => new
|
|
|
|
(
|
|
|
|
credentials: new BasicAWSCredentials(region.Credentials.Key, region.Credentials.Secret),
|
2023-10-09 12:23:31 +00:00
|
|
|
clientConfig: new() { ServiceURL = region.Name.EnsureStartsWith("https://") }
|
2023-10-02 13:37:27 +00:00
|
|
|
);
|
|
|
|
|
2023-10-16 09:27:19 +00:00
|
|
|
public static async Task<Role> CreateRoleAsync(AmazonIdentityManagementServiceClient iamService,String userName)
|
2023-10-09 12:23:31 +00:00
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
var response = await iamService.CreateRoleAsync(new CreateRoleRequest() { RoleName = userName });
|
|
|
|
return response.Role;
|
2023-10-09 12:23:31 +00:00
|
|
|
}
|
2023-10-02 13:37:27 +00:00
|
|
|
|
2023-10-16 09:27:19 +00:00
|
|
|
public static async Task<Boolean> PutRolePolicyAsync(AmazonIdentityManagementServiceClient iamService, String userName, String policyName, String policyDocument)
|
2023-10-09 12:23:31 +00:00
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
var request = new PutRolePolicyRequest()
|
2023-10-09 12:23:31 +00:00
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
RoleName = userName,
|
2023-10-09 12:23:31 +00:00
|
|
|
PolicyName = policyName,
|
|
|
|
PolicyDocument = policyDocument
|
|
|
|
};
|
|
|
|
|
2023-10-16 09:27:19 +00:00
|
|
|
var response = await iamService.PutRolePolicyAsync(request);
|
2023-10-09 12:23:31 +00:00
|
|
|
return response.HttpStatusCode == System.Net.HttpStatusCode.OK;
|
|
|
|
}
|
2023-10-02 13:37:27 +00:00
|
|
|
|
2023-10-09 12:23:31 +00:00
|
|
|
public static async Task<AccessKey> CreateAccessKeyAsync(AmazonIdentityManagementServiceClient iamService, String userName)
|
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
// iamService.Role
|
2023-10-09 12:23:31 +00:00
|
|
|
var response = await iamService.CreateAccessKeyAsync(new CreateAccessKeyRequest
|
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
UserName= userName,
|
2023-10-09 12:23:31 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
return response.AccessKey;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2023-10-16 09:27:19 +00:00
|
|
|
public static async Task<Boolean> RoleExists(AmazonIdentityManagementServiceClient iamService, String roleName)
|
2023-10-09 12:23:31 +00:00
|
|
|
{
|
2023-10-16 09:27:19 +00:00
|
|
|
var response = await iamService.GetRoleAsync(new GetRoleRequest{RoleName = roleName});
|
2023-10-09 12:23:31 +00:00
|
|
|
return response.HttpStatusCode == HttpStatusCode.OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
public static async Task<Boolean> RevokeAccessKey(AmazonIdentityManagementServiceClient iamService, String userName)
|
|
|
|
{
|
|
|
|
var response = await iamService.DeleteAccessKeyAsync(new DeleteAccessKeyRequest{ AccessKeyId = userName });
|
|
|
|
return response.HttpStatusCode == HttpStatusCode.OK;
|
|
|
|
}
|
2023-10-02 13:37:27 +00:00
|
|
|
}
|