List of usage examples for com.amazonaws.services.identitymanagement.model Role getRoleName
public String getRoleName()
The friendly name that identifies the role.
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void populateRolesFromIAM() { AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials); try {// w w w . j a va 2 s. c o m ListRolesResult res = client.listRoles(); while (true) { for (Role role : res.getRoles()) { try { Entry groupEntry = getOrCreateRoleGroup(role); addRole(role, groupEntry); LOG.info("Added role " + role.getRoleName() + " at " + rolesDN); } catch (Throwable e) { LOG.error("Exception processing role " + role.getRoleName(), e); } } if (res.isTruncated()) { res = client.listRoles(new ListRolesRequest().withMarker(res.getMarker())); } else { break; } } } finally { client.shutdown(); } }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private Entry getOrCreateRoleGroup(Role role) throws Exception { Group group = new Group(role.getPath(), role.getRoleName(), role.getRoleId(), role.getArn(), role.getCreateDate());/* ww w . j a v a 2 s.c o m*/ return addGroup(group); }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private void addRole(Role role, Entry roleGroup) throws LdapException { Entry existingRole = getExistingRole(role); if (existingRole != null) { directory.getAdminSession().modify(existingRole.getDn(), new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "accessKey", role.getRoleId()), new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "gidNumber", roleGroup.get("gidNumber").getString())); if (!roleGroup.contains("memberUid", role.getRoleName())) { directory.getAdminSession().modify(roleGroup.getDn(), new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, "memberUid", role.getRoleName())); }//from www . ja v a2s . c o m return; } DefaultEntry ent = new DefaultEntry(directory.getSchemaManager(), directory.getDnFactory().create(String.format(ROLE_FMT, role.getRoleName()))); ent.put(SchemaConstants.OBJECT_CLASS_AT, "posixAccount", "shadowAccount", "iamaccount", "iamrole"); ent.put("accessKey", role.getRoleId()); ent.put("uid", role.getRoleName()); ent.put(SchemaConstants.ENTRY_CSN_AT, directory.getCSN().toString()); ent.put(SchemaConstants.ENTRY_UUID_AT, UUID.randomUUID().toString()); ent.put("cn", role.getRoleName()); ent.put("uidNumber", allocateUserID(role.getArn())); ent.put("gidNumber", roleGroup.get("gidNumber").getString()); ent.put("shadowLastChange", "10877"); ent.put("shadowExpire", "-1"); ent.put("shadowInactive", "-1"); ent.put("shadowFlag", "0"); ent.put("shadowWarning", "7"); ent.put("shadowMin", "0"); ent.put("shadowMax", "999999"); ent.put("loginshell", "/bin/bash"); ent.put("homedirectory", "/home/" + role.getRoleName()); add(ent); directory.getAdminSession().modify(roleGroup.getDn(), new DefaultModification(ModificationOperation.ADD_ATTRIBUTE, "memberUid", role.getRoleName())); }
From source file:com.denismo.aws.iam.LDAPIAMPoller.java
License:Apache License
private Entry getExistingRole(Role role) throws LdapException { LookupOperationContext lookupContext = new LookupOperationContext(directory.getAdminSession(), directory.getDnFactory().create(String.format(ROLE_FMT, role.getRoleName())), SchemaConstants.ALL_USER_ATTRIBUTES, SchemaConstants.ALL_OPERATIONAL_ATTRIBUTES); try {//from w ww . j a va 2 s . co m Entry roleEntry = directory.getPartitionNexus().lookup(lookupContext); if (roleEntry != null && roleEntry.hasObjectClass("iamaccount")) { return roleEntry; } } catch (LdapNoSuchObjectException e) { // Fallthrough } return null; }
From source file:com.haskins.cloudtrailviewer.dialog.resourcedetail.detailpanels.IamRoleDetail.java
License:Open Source License
private void buildUI(GetRoleResult detail) { this.add(primaryScrollPane, BorderLayout.CENTER); if (detail.getRole() != null) { Role role = detail.getRole(); if (role.getCreateDate() != null) { primaryTableModel.addRow(new Object[] { "Created", getDateString(role.getCreateDate()) }); }/*w w w . j a va 2s . c o m*/ if (role.getArn() != null) { primaryTableModel.addRow(new Object[] { "Arn", role.getArn() }); } if (role.getAssumeRolePolicyDocument() != null) { primaryTableModel .addRow(new Object[] { "Assume Role Policy Document", role.getAssumeRolePolicyDocument() }); } if (role.getPath() != null) { primaryTableModel.addRow(new Object[] { "Path", role.getPath() }); } if (role.getRoleId() != null) { primaryTableModel.addRow(new Object[] { "Role Id", role.getRoleId() }); } if (role.getRoleName() != null) { primaryTableModel.addRow(new Object[] { "Role Name", role.getRoleName() }); } } }
From source file:com.netflix.spinnaker.clouddriver.ecs.provider.agent.IamRoleCachingAgent.java
License:Apache License
Set<IamRole> fetchIamRoles(AmazonIdentityManagement iam, String accountName) {
Set<IamRole> cacheableRoles = new HashSet<>();
String marker = null;//from w w w.j a v a2 s . c om
do {
ListRolesRequest request = new ListRolesRequest();
if (marker != null) {
request.setMarker(marker);
}
ListRolesResult listRolesResult = iam.listRoles(request);
List<Role> roles = listRolesResult.getRoles();
for (Role role : roles) {
cacheableRoles.add(new IamRole(role.getArn(), role.getRoleName(), accountName,
iamPolicyReader.getTrustedEntities(role.getAssumeRolePolicyDocument())));
}
if (listRolesResult.isTruncated()) {
marker = listRolesResult.getMarker();
} else {
marker = null;
}
} while (marker != null && marker.length() != 0);
return cacheableRoles;
}
From source file:com.netflix.spinnaker.clouddriver.lambda.provider.agent.IamRoleCachingAgent.java
License:Apache License
private Set<IamRole> fetchIamRoles(AmazonIdentityManagement iam, String accountName) { Set<IamRole> cacheableRoles = new HashSet<>(); String marker = null;//from w w w.j ava 2 s. c o m do { ListRolesRequest request = new ListRolesRequest(); if (marker != null) { request.setMarker(marker); } ListRolesResult listRolesResult = iam.listRoles(request); List<Role> roles = listRolesResult.getRoles(); for (Role role : roles) { cacheableRoles.add(new IamRole(role.getArn(), role.getRoleName(), accountName, getTrustedEntities(role.getAssumeRolePolicyDocument()))); } if (listRolesResult.isTruncated()) { marker = listRolesResult.getMarker(); } else { marker = null; } } while (marker != null && marker.length() != 0); return cacheableRoles; }
From source file:de.is24.aws.instancemetadataserver.SecurityCredentialsController.java
License:Apache License
private Credentials assumeRole(Role role) { return awsClientFactory.awsSecurityTokenService() .assumeRole(//from www. j ava2 s. c om new AssumeRoleRequest().withRoleSessionName(role.getRoleName()).withRoleArn(role.getArn())) .getCredentials(); }