List of usage examples for com.amazonaws.services.identitymanagement AmazonIdentityManagementClient shutdown
@Override
public void shutdown()
From source file:ch.cyberduck.core.iam.AmazonIdentityConfiguration.java
License:Open Source License
@Override public void delete(final String username, final LoginCallback prompt) throws BackgroundException { if (log.isInfoEnabled()) { log.info(String.format("Delete user %s", username)); }/* w w w . ja va2 s.c o m*/ this.authenticated(new Authenticated<Void>() { @Override public Void call() throws BackgroundException { PreferencesFactory.get().deleteProperty(String.format("%s%s", prefix, username)); // Create new IAM credentials final AmazonIdentityManagementClient client = new AmazonIdentityManagementClient( new com.amazonaws.auth.AWSCredentials() { @Override public String getAWSAccessKeyId() { return host.getCredentials().getUsername(); } @Override public String getAWSSecretKey() { return host.getCredentials().getPassword(); } }, configuration); try { final ListAccessKeysResult keys = client .listAccessKeys(new ListAccessKeysRequest().withUserName(username)); for (AccessKeyMetadata key : keys.getAccessKeyMetadata()) { if (log.isDebugEnabled()) { log.debug(String.format("Delete access key %s for user %s", key, username)); } client.deleteAccessKey(new DeleteAccessKeyRequest(username, key.getAccessKeyId())); } final ListUserPoliciesResult policies = client .listUserPolicies(new ListUserPoliciesRequest(username)); for (String policy : policies.getPolicyNames()) { if (log.isDebugEnabled()) { log.debug(String.format("Delete policy %s for user %s", policy, username)); } client.deleteUserPolicy(new DeleteUserPolicyRequest(username, policy)); } client.deleteUser(new DeleteUserRequest(username)); } catch (NoSuchEntityException e) { log.warn(String.format("User %s already removed", username)); } catch (AmazonClientException e) { throw new AmazonServiceExceptionMappingService().map("Cannot write user configuration", e); } finally { client.shutdown(); } return null; } }, prompt); }
From source file:ch.cyberduck.core.iam.AmazonIdentityConfiguration.java
License:Open Source License
@Override public void create(final String username, final String policy, final LoginCallback prompt) throws BackgroundException { if (log.isInfoEnabled()) { log.info(String.format("Create user %s with policy %s", username, policy)); }/* w w w . j a va 2 s . c o m*/ this.authenticated(new Authenticated<Void>() { @Override public Void call() throws BackgroundException { // Create new IAM credentials final AmazonIdentityManagementClient client = new AmazonIdentityManagementClient( new com.amazonaws.auth.AWSCredentials() { @Override public String getAWSAccessKeyId() { return host.getCredentials().getUsername(); } @Override public String getAWSSecretKey() { return host.getCredentials().getPassword(); } }, configuration); try { // Create new IAM credentials User user; try { user = client.createUser(new CreateUserRequest().withUserName(username)).getUser(); } catch (EntityAlreadyExistsException e) { user = client.getUser(new GetUserRequest().withUserName(username)).getUser(); } final CreateAccessKeyResult key = client .createAccessKey(new CreateAccessKeyRequest().withUserName(user.getUserName())); if (log.isDebugEnabled()) { log.debug(String.format("Created access key %s for user %s", key, username)); } // Write policy document to get read access client.putUserPolicy(new PutUserPolicyRequest(user.getUserName(), "Policy", policy)); // Map virtual user name to IAM access key final String id = key.getAccessKey().getAccessKeyId(); if (log.isInfoEnabled()) { log.info(String.format("Map user %s to access key %s", String.format("%s%s", prefix, username), id)); } PreferencesFactory.get().setProperty(String.format("%s%s", prefix, username), id); // Save secret PasswordStoreFactory.get().addPassword(host.getProtocol().getScheme(), host.getPort(), host.getHostname(), id, key.getAccessKey().getSecretAccessKey()); } catch (AmazonClientException e) { throw new AmazonServiceExceptionMappingService().map("Cannot write user configuration", e); } finally { client.shutdown(); } return null; } }, prompt); }
From source file:com.denismo.aws.iam.IAMPasswordValidator.java
License:Apache License
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/*from w w w.java 2 s. co m*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.denismo.aws.iam.IAMSecretKeyValidator.java
License:Apache License
@Override public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException { boolean role = false; AWSCredentials creds;/* www . j a v a2 s .com*/ if (isRole(user)) { role = true; String[] parts = pw.split("\\|"); if (parts == null || parts.length < 3) throw new LdapAuthenticationException(); creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]); } else { creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw); } LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString()); AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds); try { client.getAccountSummary(); } catch (AmazonClientException e) { System.err.println(e.getMessage()); return false; } finally { client.shutdown(); } return true; }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateRolesFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {//from w w w . jav a 2 s .co m ListRolesResult res = client.listRoles(); while (true) { for (Role role : res.getRoles()) { try { Entry groupEntry = getOrCreateRoleGroup(role); addRole(role, groupEntry); LOG.info("Added role " + role.getRoleName() + " at " + rolesDN); } catch (Throwable e) { LOG.error("Exception processing role " + role.getRoleName(), e); } } if (res.isTruncated()) { res = client.listRoles(new ListRolesRequest().withMarker(res.getMarker())); } else { break; } } } finally { client.shutdown(); } }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateGroupsFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {/* w w w. j av a 2 s . c om*/ ListGroupsResult res = client.listGroups(); Set<String> groupNames = new HashSet<String>(); while (true) { for (Group group : res.getGroups()) { try { addGroup(group); groupNames.add(group.getGroupName()); LOG.info("Added group " + group.getGroupName() + " at " + groupsDN); } catch (Throwable e) { LOG.error("Exception processing group " + group.getGroupName(), e); } } if (res.isTruncated()) { res = client.listGroups(new ListGroupsRequest().withMarker(res.getMarker())); } else { break; } } removeDeletedGroups(groupNames); } finally { client.shutdown(); } }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateUsersFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {/* ww w .ja v a 2 s.c om*/ ListUsersResult res = client.listUsers(); Set<String> allUsers = new HashSet<String>(); while (true) { for (User user : res.getUsers()) { try { Collection<Group> groups = client .listGroupsForUser(new ListGroupsForUserRequest(user.getUserName())).getGroups(); Group primaryGroup = groups.size() > 0 ? groups.iterator().next() : null; if (primaryGroup == null) { LOG.warn("Unable to determine primary group for " + user.getUserName()); continue; } Entry groupEntry = getExistingGroup(primaryGroup); if (groupEntry == null) { LOG.warn("Unable to retrieve matching group entry for group " + primaryGroup.getGroupName() + " user " + user.getUserName()); continue; } addUser(user, getUserAccessKey(client, user), groupEntry); updateGroups(groups, user); allUsers.add(user.getUserName()); LOG.info("Added user " + user.getUserName()); } catch (Throwable e) { LOG.error("Exception processing user " + user.getUserName(), e); } } if (res.isTruncated()) { res = client.listUsers(new ListUsersRequest().withMarker(res.getMarker())); } else { break; } } removeDeletedUsers(allUsers); } finally { client.shutdown(); } }