AWS SDK for C++  1.7.224
AWS SDK for C++
AccessManagementClient.h
Go to the documentation of this file.
1 /*
2 * Copyright 2010-2017 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License").
5 * You may not use this file except in compliance with the License.
6 * A copy of the License is located at
7 *
8 * http://aws.amazon.com/apache2.0
9 *
10 * or in the "license" file accompanying this file. This file is distributed
11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 * express or implied. See the License for the specific language governing
13 * permissions and limitations under the License.
14 */
15 #pragma once
16 
18 
21 
22 #include <functional>
23 
24 namespace Aws
25 {
26 namespace CognitoIdentity
27 {
28 
30 
31 } // namespace CognitoIdentity;
32 
33 namespace IAM
34 {
35 
36 class IAMClient;
37 
38 namespace Model
39 {
40 class Group;
41 class Policy;
42 class Role;
43 class User;
44 
45 } // Model
46 } // namespace IAM
47 
48 namespace AccessManagement
49 {
50 
51 enum class QueryResult
52 {
53  YES,
54  NO,
55  FAILURE
56 };
57 
59 {
62 };
63 
65 {
66  public:
67 
68  AccessManagementClient(std::shared_ptr< Aws::IAM::IAMClient >& iamClient, std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient >& cognitoClient);
70 
71  using PolicyGeneratorFunction = std::function< Aws::String(void) >;
72 
73  // Misc
74  static Aws::String ExtractAccountIdFromArn(const Aws::String& arn);
75 
76  // Compound Operation API for IAM
77  bool GetOrCreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
78  bool GetOrCreatePolicy(const Aws::String& policyName, const PolicyGeneratorFunction& policyGenerator, Aws::IAM::Model::Policy& policyData);
79  bool GetOrCreateRole (const Aws::String& roleName, const PolicyGeneratorFunction& assumedPolicyGenerator, Aws::IAM::Model::Role& roleData);
80  bool GetOrCreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
81  Aws::String GetAccountId();
82 
83  bool AttachPolicyToGroupIfNot(const Aws::IAM::Model::Policy& policyData, const Aws::String& groupName);
84  bool AttachPolicyToRoleIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& roleName);
85  bool AttachPolicyToUserIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& userName);
86 
87  bool AddUserToGroupIfNot(const Aws::String& userName, const Aws::String& groupName);
88 
89  bool VerifyOrCreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
90 
91  // Compound Operation API for Cognito
92  bool GetOrCreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
93 
94  bool BindRoleToIdentityPoolIfNot(const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
95 
96 
97  // Simple IAM API
98  // State query
99  QueryResult GetGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
100  QueryResult GetPolicy(const Aws::String& policyName, Aws::IAM::Model::Policy& policyData);
101  QueryResult GetRole (const Aws::String& roleName, Aws::IAM::Model::Role& roleData);
102  QueryResult GetUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
103 
104  // Creation
105  bool CreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
106  bool CreatePolicy(const Aws::String& policyName, const Aws::String& policyDocument, Aws::IAM::Model::Policy& policyData);
107  bool CreateRole (const Aws::String& roleName, const Aws::String& assumedPolicyDocument, Aws::IAM::Model::Role& roleData);
108  bool CreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
109 
110  // Policy-Principal Relations
111  bool AttachPolicyToGroup(const Aws::String& policyArn, const Aws::String& groupName);
112  bool AttachPolicyToRole (const Aws::String& policyArn, const Aws::String& roleName);
113  bool AttachPolicyToUser (const Aws::String& policyArn, const Aws::String& userName);
114 
115  bool DetachPolicyFromGroup(const Aws::String& policyArn, const Aws::String& groupName);
116  bool DetachPolicyFromRole (const Aws::String& policyArn, const Aws::String& roleName);
117  bool DetachPolicyFromUser (const Aws::String& policyArn, const Aws::String& userName);
118 
119  QueryResult IsPolicyAttachedToGroup(const Aws::String& policyName, const Aws::String& groupName);
120  QueryResult IsPolicyAttachedToRole (const Aws::String& policyName, const Aws::String& roleName);
121  QueryResult IsPolicyAttachedToUser (const Aws::String& policyName, const Aws::String& userName);
122 
123  // User-Group Relations
124  QueryResult IsUserInGroup(const Aws::String& userName, const Aws::String& groupName);
125  bool AddUserToGroup (const Aws::String& userName, const Aws::String& groupName);
126  bool RemoveUserFromGroup (const Aws::String& userName, const Aws::String& groupName);
127 
128  // Deletion
129  bool DeleteGroup (const Aws::String& groupName);
130  bool DeletePolicy(const Aws::String& policyName);
131  bool DeleteRole (const Aws::String& roleName);
132  bool DeleteUser (const Aws::String& userName);
133 
134  bool DoesCredentialsFileExist (const Aws::String& credentialsFilename);
135  bool CreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
136 
137  //
138  // Cognito integration
139  QueryResult GetIdentityPool (const Aws::String& poolName, Aws::String& identityPoolId);
140  bool CreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
141  bool DeleteIdentityPool(const Aws::String& poolName);
142 
143 
144  QueryResult IsRoleBoundToIdentityPool(const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
145  bool BindRoleToIdentityPool (const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
146 
147  private:
148 
149  bool RemoveUsersFromGroup(const Aws::String& groupName);
150  bool DetachPoliciesFromGroup(const Aws::String& groupName);
151  bool DeleteInlinePoliciesFromGroup(const Aws::String& groupName);
152 
153  bool DeleteAccessKeysForUser(const Aws::String& userName);
154  bool RemoveUserFromGroups(const Aws::String& userName);
155  bool RemoveCertificatesFromUser(const Aws::String& userName);
156  bool RemovePasswordFromUser(const Aws::String& userName);
157  bool DeleteInlinePoliciesFromUser(const Aws::String& userName);
158  bool RemoveMFAFromUser(const Aws::String& userName);
159  bool DetachPoliciesFromUser(const Aws::String& userName);
160 
161  bool RemovePolicyFromEntities(const Aws::String& policyArn);
162 
163  bool RemoveRoleFromInstanceProfiles(const Aws::String& roleName);
164  bool DeleteInlinePoliciesFromRole(const Aws::String& roleName);
165  bool DetachPoliciesFromRole(const Aws::String& roleName);
166 
167  std::shared_ptr< Aws::IAM::IAMClient > m_iamClient;
168  std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient > m_cognitoClient;
169 
170 };
171 
172 
173 
174 
175 } // namespace AccessManagement
176 } // namespace Aws
std::function< Aws::String(void) > PolicyGeneratorFunction
std::basic_string< char, std::char_traits< char >, Aws::Allocator< char > > String
Definition: AWSString.h:107
#define AWS_ACCESS_MANAGEMENT_API