Java AmazonIdentityManagementClient类代码示例

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Validates the configured IAM profile.
 *
 * @param configuration       the configuration to be validated
 * @param accumulator         the exception condition accumulator
 * @param localizationContext the localization context
 */
@VisibleForTesting
void checkIamProfileName(Configured configuration,
    PluginExceptionConditionAccumulator accumulator,
    LocalizationContext localizationContext) {

  String iamProfileName =
      configuration.getConfigurationValue(IAM_PROFILE_NAME, localizationContext);

  if (iamProfileName != null) {
    AmazonIdentityManagementClient iamClient = provider.getIdentityManagementClient();

    try {
      iamClient.getInstanceProfile(new GetInstanceProfileRequest()
          .withInstanceProfileName(iamProfileName));

    } catch (NoSuchEntityException e) {
      addError(accumulator, IAM_PROFILE_NAME, localizationContext,
          null, INVALID_IAM_PROFILE_NAME_MSG, iamProfileName);
    }
  }
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
GetCredentialReportResult getCredentialReportCSV(final String accountId) {
    final AmazonIdentityManagementClient client = getIAMClient(accountId);

    GenerateCredentialReportResult generationReport;
    int i = 0;
    do {
        Assert.state(i < MAX_RETRIES, "Maximum retries to generate credentials report exceeded");
        log.debug("Poll credentials report for account {}", accountId);
        try {
            MILLISECONDS.sleep(RETRY_TIMEOUT_MILLIS * i);
        } catch (final InterruptedException e) {
            throw new RuntimeException("Could not pull credentials report", e);
        }
        generationReport = client.generateCredentialReport();
        i++;

    } while (!COMPLETE.toString().equals(generationReport.getState()));

    return client.getCredentialReport();
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
    this.violationSinkMock = mock(ViolationSink.class);
    this.clientProviderMock = mock(ClientProvider.class);
    this.accountIdSupplierMock = mock(AccountIdSupplier.class);
    this.jobsPropertiesMock = mock(JobsProperties.class);
    this.mockAmazonIdentityManagementClient = mock(AmazonIdentityManagementClient.class);
    this.mockAwsApplications = mock(AwsApplications.class);

    mockListRolesResult = new ListRolesResult();
    mockListRolesResult.setRoles(asList(
            createRole("aws-service-role", AWS_SERVICE_POLICY_DOCUMENT),
            createRole("cross-account-role", CROSS_ACCOUNT_POLICY_DOCUMENT),
            createRole("same-account-role", SAME_ACCOUNT_POLICY_DOCUMENT),
            createRole("deleted-role-reference-role", DELETED_ROLE_POLICY_DOCUMENT),
            createRole("management-account-role", MANAGEMENT_POLICY_DOCUMENT)));

    when(clientProviderMock.getClient(any(), any(String.class), any(Region.class))).thenReturn(mockAmazonIdentityManagementClient);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Sets the "instanceProfile" and "serviceRole" properties according to the
 * set parameters.
 */
public void execute() {
    checkParams();
    AmazonIdentityManagementClient iamClient = getOrCreateClient(AmazonIdentityManagementClient.class);
    getProject()
            .setProperty(
                    "instanceProfileArn",
                    iamClient
                            .getInstanceProfile(
                                    new GetInstanceProfileRequest()
                                            .withInstanceProfileName(instanceProfile))
                            .getInstanceProfile().getArn());
    getProject()
            .setProperty(
                    "serviceRoleArn",
                    iamClient
                            .getRole(
                                    new GetRoleRequest()
                                            .withRoleName(serviceRole))
                            .getRole().getArn());

}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
public static void main(String... args) throws IOException {
    AWSCredentialsProvider credentials = CredentialsUtils.getAwsCredentials();

    AmazonS3 storage = new AmazonS3Client(credentials);
    storage.setRegion(Region.getRegion(Regions.EU_WEST_1));

    AmazonSQS queue = new AmazonSQSClient(credentials);
    queue.setRegion(Region.getRegion(Regions.EU_WEST_1));

    AmazonEC2 machines = new AmazonEC2Client(credentials);
    machines.setRegion(Region.getRegion(Regions.EU_WEST_1));

    AmazonIdentityManagement identityManagement = new AmazonIdentityManagementClient(credentials);
    identityManagement.setRegion(Region.getRegion(Regions.EU_WEST_1));

    if ("launch".equals(args[0])) {
        setup(storage, queue, machines, identityManagement);

        manageAnswers(queue);
    } else if ("run".equals(args[0])) {
        run(storage, queue);
    } else {
        System.out.println("Huh hoh! Don't know what you intended to do...");
    }
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
private static String getAWSAccountID() {
    try {
        String accessKey = AWS_ACCESS_KEY_ID;
        String secretKey = AWS_SECRET_KEY;

        if (Utilities.isEmpty(accessKey) || Utilities.isEmpty(secretKey)) {
            return null;
        }

        AWSCredentials creds = new BasicAWSCredentials(accessKey, secretKey);
        AmazonIdentityManagementClient iam = new AmazonIdentityManagementClient(creds);
        return iam.getUser().getUser().getArn().split(":")[4];
    } catch (AmazonClientException e) {
        throw new RuntimeException("Failed to get AWS account id", e);
    }
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
@BeforeMethod
public void setUp() {
    mockCredentials = mock(AWSCredentialsProvider.class);
    mockClient = mock(AmazonIdentityManagementClient.class);
    ClientConfiguration mockConfig = mock(ClientConfiguration.class);
    IAMPolicyManager policyManager = new IAMPolicyManager(mockClient, mockCredentials, mockConfig);

    // The mockito spy acts like original object but mocks out the getAccount() method. As the getAccount() calls
    // directly rather than via a client that we can pass in we need to mock this out using a spy.
    partiallyMockedPolicyManager = spy(policyManager);
    doReturn(ACCOUNT).when(partiallyMockedPolicyManager).getAccount();

    // Set up KMSEncryptor for testing the policy creation methods. This gets a bit complicated but we need to
    // mock all the AWS dependencies from the KMSManager before using it to create the KMSEncryptor. The getAliasArn
    // needs to be mocked out with a spy to stop the call to getAccount.
    mockKMSClient = mock(AWSKMSClient.class);
    KMSManager kmsManager = new KMSManager(mockKMSClient, mockCredentials, mockConfig, group);
    KMSManager partiallyMockedKMSManager = spy(kmsManager);
    doReturn(KMS_ALIAS_ARN).when(partiallyMockedKMSManager).getAliasArn();
    kmsEncryptor = new KMSEncryptor(partiallyMockedKMSManager, mockCredentials, mockConfig, group, mock(AwsCrypto.class), EncryptionStrength.AES_256);

    // Set up store for testing the policy creation methods. Mock out the getArn method with a spy to stop the
    // call to getAccount().
    mockDynamoDBClient = mock(AmazonDynamoDBClient.class);
    DynamoDB store = new DynamoDB(mockDynamoDBClient, mockCredentials, mockConfig, group, new ReentrantReadWriteLock());
    partiallyMockedStore = spy(store);
    doReturn(DYNAMODB_ARN).when(partiallyMockedStore).getArn();
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Method gets the aws accountId from the specified credentials.
 *
 * @param privateKeyId
 * @param privateKey
 * @return account ID
 */
private String getAccountId(String privateKeyId, String privateKey) {
    AWSCredentials awsCredentials = new BasicAWSCredentials(privateKeyId, privateKey);

    AWSStaticCredentialsProvider awsStaticCredentialsProvider = new AWSStaticCredentialsProvider(
            awsCredentials);

    AmazonIdentityManagementClientBuilder amazonIdentityManagementClientBuilder = AmazonIdentityManagementClientBuilder
            .standard()
            .withCredentials(awsStaticCredentialsProvider)
            .withRegion(Regions.DEFAULT_REGION);

    AmazonIdentityManagementClient iamClient = (AmazonIdentityManagementClient) amazonIdentityManagementClientBuilder
            .build();

    String userId = null;
    try {
        if ((iamClient.getUser() != null) && (iamClient.getUser().getUser() != null)
                && (iamClient.getUser().getUser().getArn() != null)) {

            String arn = iamClient.getUser().getUser().getArn();
            /*
             * arn:aws:service:region:account:resource -> so limiting the split to 6 words and
             * extracting the accountId which is 5th one in list. If the user is not authorized
             * to perform iam:GetUser on that resource,still error mesage will have accountId
             */
            userId = arn.split(":", 6)[4];
        }
    } catch (AmazonServiceException ex) {
        if (ex.getErrorCode().compareTo("AccessDenied") == 0) {
            String msg = ex.getMessage();
            userId = msg.split(":", 7)[5];
        } else {
            logSevere("Exception getting the accountId %s", ex);

        }
    }
    return userId;
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Binds all the Amazon services used.
 */
@Override
protected void configure() {
    final Region region = Region.getRegion(Regions.fromName(regionName));
    bind(AmazonEC2.class).toInstance(createAmazonClientInstance(AmazonEC2Client.class, region));
    bind(AmazonCloudFormation.class).toInstance(createAmazonClientInstance(AmazonCloudFormationClient.class, region));
    bind(AmazonIdentityManagement.class).toInstance(createAmazonClientInstance(AmazonIdentityManagementClient.class, region));
    bind(AWSKMS.class).toInstance(createAmazonClientInstance(AWSKMSClient.class, region));
    bind(AmazonS3.class).toInstance(createAmazonClientInstance(AmazonS3Client.class, region));
    bind(AmazonAutoScaling.class).toInstance(createAmazonClientInstance(AmazonAutoScalingClient.class, region));
    bind(AWSSecurityTokenService.class).toInstance(createAmazonClientInstance(AWSSecurityTokenServiceClient.class, region));
    bind(AWSLambda.class).toInstance(createAmazonClientInstance(AWSLambdaClient.class, region));
    bind(AmazonSNS.class).toInstance(createAmazonClientInstance(AmazonSNSClient.class, region));
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
@Override
public RolePolicies getRolePolicies(String roleName, Region region, String accountId) {
    final AmazonIdentityManagementClient iamClient = clientProvider
            .getClient(AmazonIdentityManagementClient.class, accountId, region);
    final Set<String> attachedPolicyNames = fetchAttachedPolicyNames(roleName, iamClient);
    final Set<String> inlinePolicyNames = fetchInlinePolicyNames(roleName, iamClient);
    // assuming that there is an inline policy with the same name as the role itself
    final String mainPolicy = inlinePolicyNames.contains(roleName) ? fetchMainPolicy(roleName, iamClient) : EMPTY_JSON;

    return new RolePolicies(attachedPolicyNames, inlinePolicyNames, mainPolicy);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
private String fetchMainPolicy(String roleName, AmazonIdentityManagementClient iamClient) {
    return Optional.of(new GetRolePolicyRequest().withRoleName(roleName).withPolicyName(roleName))
            .map(iamClient::getRolePolicy)
            .map(GetRolePolicyResult::getPolicyDocument)
            .map(PolicyProviderImpl::urlDecode)
            .orElse(EMPTY_JSON);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
private Set<String> fetchInlinePolicyNames(String roleName, AmazonIdentityManagementClient iamClient) {
    return Optional.of(new ListRolePoliciesRequest().withRoleName(roleName))
            .map(iamClient::listRolePolicies)
            .map(ListRolePoliciesResult::getPolicyNames)
            .map(nameList -> nameList.stream().collect(toSet()))
            .orElseGet(Collections::emptySet);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
private Set<String> fetchAttachedPolicyNames(String roleName, AmazonIdentityManagementClient iamClient) {
    return Optional.of(new ListAttachedRolePoliciesRequest().withRoleName(roleName))
            .map(iamClient::listAttachedRolePolicies)
            .map(ListAttachedRolePoliciesResult::getAttachedPolicies)
            .map(attachedPolicies -> attachedPolicies.stream().map(AttachedPolicy::getPolicyName).collect(toSet()))
            .orElseGet(Collections::emptySet);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Read AWS account ID
 */
public void retrieveAccountIdFromAwsAPI() {
	String accountId = "";

	try {
		AmazonIdentityManagementClient iamClient = new AmazonIdentityManagementClient(getCredentials());
		LOG.info("Current AWS user: " + iamClient.getUser().getUser().getUserId());
		accountId = iamClient.getUser().getUser().getArn();
	} catch (AmazonServiceException e) {
		if (e.getErrorCode().compareTo("AccessDenied") == 0) {
			String arn = null;
			String msg = e.getMessage();
			// User:
			// arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob
			// is not authorized to perform: iam:GetUser on
			// resource:
			// arn:aws:iam::123456789012:user/division_abc/subdivision_xyz/Bob
			// arn:aws:sts::123456789012:assumed-role/Shibboleth-PowerUser/username
			int arnIdx = msg.indexOf("arn:aws");
			if (arnIdx != -1) {
				int arnSpace = msg.indexOf(" ", arnIdx);
				arn = msg.substring(arnIdx, arnSpace);

				// Remove "arn:aws:sts::"
				arn = arn.substring(13, 13 + 12);
			}
			accountId = arn;
		}

		if ((accountId == null) || (accountId.length() == 0)) {
			LOG.warn("Cannot lookup account id: " + e.getMessage());
		}
	} catch (Exception ex) {
		LOG.error("Cannot lookup account id: " + ex.getMessage());
	}

	setAccountId(accountId);
}
 

import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient; //导入依赖的package包/类
/**
 * Via the default provider chain (i.e., global keys for this Jenkins instance),  return the account ID for the
 * currently authenticated user.
 * @param proxyHost hostname of the proxy to use (if any)
 * @param proxyPort port of the proxy to use (if any)
 * @return 12-digit account id
 */
public static String getAccountId(String proxyHost, int proxyPort) {

    String arn = "";
    try {
        ClientConfiguration clientCfg = new ClientConfiguration();
        if (proxyHost != null && proxyPort > 0 ) {
            clientCfg.setProxyHost(proxyHost);
            clientCfg.setProxyPort(proxyPort);
        }
        AmazonIdentityManagementClient iam = new AmazonIdentityManagementClient(clientCfg);
        GetUserResult user = iam.getUser();
        arn = user.getUser().getArn();
    } catch (AmazonServiceException e) {
        if (e.getErrorCode().compareTo("AccessDenied") == 0) {
            String msg = e.getMessage();
            int arnIdx = msg.indexOf("arn:aws");
            if (arnIdx != -1) {
                int arnSpace = msg.indexOf(" ", arnIdx);
                arn = msg.substring(arnIdx, arnSpace);
            }
        }
    }

    String accountId = arn.split(":")[ARN_ACCOUNT_ID_INDEX];
    return accountId;
}