/**
* Copyright 2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not
* use this file except in compliance with the License. A copy of the License
* is located at
*
* http://aws.amazon.com/apache2.0/
*
* or in the "LICENSE" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package awslabs.lab41;
import java.util.List;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.regions.Region;
import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient;
import com.amazonaws.services.identitymanagement.model.CreateRoleRequest;
import com.amazonaws.services.identitymanagement.model.DeleteRolePolicyRequest;
import com.amazonaws.services.identitymanagement.model.DeleteRoleRequest;
import com.amazonaws.services.identitymanagement.model.GetRoleRequest;
import com.amazonaws.services.identitymanagement.model.GetUserRequest;
import com.amazonaws.services.identitymanagement.model.ListRolePoliciesRequest;
import com.amazonaws.services.identitymanagement.model.ListRolePoliciesResult;
import com.amazonaws.services.identitymanagement.model.ListUsersRequest;
import com.amazonaws.services.identitymanagement.model.NoSuchEntityException;
import com.amazonaws.services.identitymanagement.model.PutRolePolicyRequest;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.CreateBucketRequest;
import com.amazonaws.services.s3.model.DeleteBucketRequest;
import com.amazonaws.services.s3.model.DeleteObjectRequest;
import com.amazonaws.services.s3.model.ListObjectsRequest;
import com.amazonaws.services.s3.model.ObjectListing;
import com.amazonaws.services.s3.model.S3ObjectSummary;
import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClient;
import com.amazonaws.services.securitytoken.model.AssumeRoleRequest;
import com.amazonaws.services.securitytoken.model.AssumeRoleResult;
import com.amazonaws.services.securitytoken.model.Credentials;
import com.amazonaws.services.sns.AmazonSNSClient;
import com.amazonaws.services.sns.model.ListTopicsRequest;
import com.amazonaws.services.sqs.AmazonSQSClient;
import com.amazonaws.services.sqs.model.ListQueuesRequest;
/**
* Project: Lab4.1
*/
public abstract class SolutionCode implements ILabCode, IOptionalLabCode {
@Override
public String prepMode_GetUserArn(AmazonIdentityManagementClient iamClient, String userName) {
String userArn = null;
// Construct a GetUserRequest object using the provided user name.
GetUserRequest getUserRequest = new GetUserRequest().withUserName(userName);
// Submit the request using the getUser method of the iamClient object.
userArn = iamClient.getUser(getUserRequest).getUser().getArn();
// Return the ARN representing the IAM user.
return userArn;
}
@Override
public String prepMode_CreateRole(AmazonIdentityManagementClient iamClient, String roleName, String policyText,
String trustRelationshipText) {
String roleArn = null;
// Construct a CreateRoleRequest object using the specified name and "assume role" policy. The policy is the trustRelationshipText parameter.
CreateRoleRequest createRoleRequest = new CreateRoleRequest().withAssumeRolePolicyDocument(trustRelationshipText).withRoleName(roleName);
// Submit the request using the createRole method of the iamClient object.
// Retrieve and store the role ARN from the request response.
roleArn = iamClient.createRole(createRoleRequest).getRole().getArn();
// Construct a PutRolePolicyRequest object using the provided policy for the new role. Use whatever policy name you like.
PutRolePolicyRequest putRolePolicyRequest = new PutRolePolicyRequest().withPolicyDocument(policyText).withPolicyName(roleName+"_policy").withRoleName(roleName);
// Submit the request using the putRolePolicy method of the iamClient object.
iamClient.putRolePolicy(putRolePolicyRequest);
// Return the ARN for the new role.
return roleArn;
}
@Override
public Credentials appMode_AssumeRole(AWSSecurityTokenServiceClient stsClient, String roleArn,
String roleSessionName) {
Credentials credentials;
// Construct an AssumeRoleRequest object using the provided role ARN and role session name.
AssumeRoleRequest assumeRoleRequest = new AssumeRoleRequest().withRoleSessionName(roleSessionName).withRoleArn(roleArn);
// Submit the requestusing the assumeRole method of the stsClient object.
AssumeRoleResult assumeRoleResult = stsClient.assumeRole(assumeRoleRequest);
// Return the credentials from the request result.
credentials = assumeRoleResult.getCredentials();
return credentials;
}
@Override
public AmazonS3Client appMode_CreateS3Client(Credentials credentials, Region region) {
AmazonS3Client s3Client;
// Construct a BasicSessionCredentials object using the provided credentials.
BasicSessionCredentials sessionCredentials = new BasicSessionCredentials(
credentials.getAccessKeyId(),
credentials.getSecretAccessKey(),
credentials.getSessionToken());
// Construct an an AmazonS3Client object using the basic session credentials that you just created.
s3Client = new AmazonS3Client(sessionCredentials);
// Set the region of the S3 client object to the provided region.
s3Client.setRegion(region);
// Return the S3 client object.
return s3Client;
}
@Override
public void prepMode_RemoveRoles(AmazonIdentityManagementClient iamClient, String... roles) {
for (String roleName: roles)
{
try
{
iamClient.getRole(new GetRoleRequest().withRoleName(roleName));
System.out.println("Removing old role " + roleName);
// Remove existing policies
ListRolePoliciesResult listRolePoliciesResult = iamClient.listRolePolicies(new ListRolePoliciesRequest().withRoleName(roleName));
for (String policyName: listRolePoliciesResult.getPolicyNames())
{
DeleteRolePolicyRequest deleteRolePolicyRequest = new DeleteRolePolicyRequest().withPolicyName(policyName).withRoleName(roleName);
iamClient.deleteRolePolicy(deleteRolePolicyRequest);
}
iamClient.deleteRole(new DeleteRoleRequest().withRoleName(roleName));
}
catch (NoSuchEntityException nse)
{
// Role doesn't exist, so don't do anything.
// Gobble the exception and loop.
break;
}
}
}
@Override
public void prepMode_CreateBucket(AmazonS3Client s3Client, String bucketName, Region region) {
// Construct a CreateBucketRequest object that contains the provided bucket name.
// If the region is other than us-east-1, we need to specify a regional constraint.
CreateBucketRequest createBucketRequest;
if (region.getName().equals("us-east-1")) {
createBucketRequest = new CreateBucketRequest(bucketName);
}
else {
createBucketRequest = new CreateBucketRequest(bucketName, com.amazonaws.services.s3.model.Region.fromValue(region.getName()));
}
s3Client.createBucket(createBucketRequest);
}
@Override
public Boolean appMode_TestSnsAccess(Region region, BasicSessionCredentials credentials) {
try
{
AmazonSNSClient snsClient = new AmazonSNSClient(credentials);
snsClient.setRegion(region);
snsClient.listTopics(new ListTopicsRequest());
return true;
}
catch (Exception ex)
{
return false;
}
}
@Override
public Boolean appMode_TestSqsAccess(Region region, BasicSessionCredentials credentials) {
try
{
AmazonSQSClient sqsClient = new AmazonSQSClient (credentials);
sqsClient.setRegion(region);
sqsClient.listQueues(new ListQueuesRequest());
return true;
}
catch (Exception ex)
{
return false;
}
}
@Override
public Boolean appMode_TestIamAccess(Region region, BasicSessionCredentials credentials) {
try
{
AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient(credentials);
//iamClient.setRegion(region);
iamClient.listUsers(new ListUsersRequest());
return true;
}
catch (Exception ex)
{
return false;
}
}
@Override
public void removeLabBuckets(AmazonS3Client s3Client, List<String> bucketNames) {
for (String bucketName: bucketNames)
{
try
{
ObjectListing objectListing = s3Client.listObjects(new ListObjectsRequest().withBucketName(bucketName));
for (S3ObjectSummary s3ObjectSummary: objectListing.getObjectSummaries())
{
DeleteObjectRequest deleteObjectRequest = new DeleteObjectRequest(s3ObjectSummary.getBucketName(), s3ObjectSummary.getKey());
s3Client.deleteObject(deleteObjectRequest);
}
s3Client.deleteBucket(new DeleteBucketRequest(bucketName));
}
catch (AmazonS3Exception s3E)
{
if (!s3E.getErrorCode().equals("NoSuchBucket"))
{
// This error wasn't expected, so rethrow.
throw s3E;
}
}
}
}
}