AWS SDK for C++  1.8.100
AWS SDK for C++
AccessManagementClient.h
Go to the documentation of this file.
1 
5 #pragma once
6 
8 
11 
12 #include <functional>
13 
14 namespace Aws
15 {
16 namespace CognitoIdentity
17 {
18 
20 
21 } // namespace CognitoIdentity;
22 
23 namespace IAM
24 {
25 
26 class IAMClient;
27 
28 namespace Model
29 {
30 class Group;
31 class Policy;
32 class Role;
33 class User;
34 
35 } // Model
36 } // namespace IAM
37 
38 namespace AccessManagement
39 {
40 
41 enum class QueryResult
42 {
43  YES,
44  NO,
45  FAILURE
46 };
47 
49 {
52 };
53 
55 {
56  public:
57 
58  AccessManagementClient(std::shared_ptr< Aws::IAM::IAMClient >& iamClient, std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient >& cognitoClient);
60 
61  using PolicyGeneratorFunction = std::function< Aws::String(void) >;
62 
63  // Misc
64  static Aws::String ExtractAccountIdFromArn(const Aws::String& arn);
65 
66  // Compound Operation API for IAM
67  bool GetOrCreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
68  bool GetOrCreatePolicy(const Aws::String& policyName, const PolicyGeneratorFunction& policyGenerator, Aws::IAM::Model::Policy& policyData);
69  bool GetOrCreateRole (const Aws::String& roleName, const PolicyGeneratorFunction& assumedPolicyGenerator, Aws::IAM::Model::Role& roleData);
70  bool GetOrCreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
71  Aws::String GetAccountId();
72 
73  bool AttachPolicyToGroupIfNot(const Aws::IAM::Model::Policy& policyData, const Aws::String& groupName);
74  bool AttachPolicyToRoleIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& roleName);
75  bool AttachPolicyToUserIfNot (const Aws::IAM::Model::Policy& policyData, const Aws::String& userName);
76 
77  bool AddUserToGroupIfNot(const Aws::String& userName, const Aws::String& groupName);
78 
79  bool VerifyOrCreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
80 
81  // Compound Operation API for Cognito
82  bool GetOrCreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
83 
84  bool BindRoleToIdentityPoolIfNot(const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
85 
86 
87  // Simple IAM API
88  // State query
89  QueryResult GetGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
90  QueryResult GetPolicy(const Aws::String& policyName, Aws::IAM::Model::Policy& policyData);
91  QueryResult GetRole (const Aws::String& roleName, Aws::IAM::Model::Role& roleData);
92  QueryResult GetUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
93 
94  // Creation
95  bool CreateGroup (const Aws::String& groupName, Aws::IAM::Model::Group& groupData);
96  bool CreatePolicy(const Aws::String& policyName, const Aws::String& policyDocument, Aws::IAM::Model::Policy& policyData);
97  bool CreateRole (const Aws::String& roleName, const Aws::String& assumedPolicyDocument, Aws::IAM::Model::Role& roleData);
98  bool CreateUser (const Aws::String& userName, Aws::IAM::Model::User& userData);
99 
100  // Policy-Principal Relations
101  bool AttachPolicyToGroup(const Aws::String& policyArn, const Aws::String& groupName);
102  bool AttachPolicyToRole (const Aws::String& policyArn, const Aws::String& roleName);
103  bool AttachPolicyToUser (const Aws::String& policyArn, const Aws::String& userName);
104 
105  bool DetachPolicyFromGroup(const Aws::String& policyArn, const Aws::String& groupName);
106  bool DetachPolicyFromRole (const Aws::String& policyArn, const Aws::String& roleName);
107  bool DetachPolicyFromUser (const Aws::String& policyArn, const Aws::String& userName);
108 
109  QueryResult IsPolicyAttachedToGroup(const Aws::String& policyName, const Aws::String& groupName);
110  QueryResult IsPolicyAttachedToRole (const Aws::String& policyName, const Aws::String& roleName);
111  QueryResult IsPolicyAttachedToUser (const Aws::String& policyName, const Aws::String& userName);
112 
113  // User-Group Relations
114  QueryResult IsUserInGroup(const Aws::String& userName, const Aws::String& groupName);
115  bool AddUserToGroup (const Aws::String& userName, const Aws::String& groupName);
116  bool RemoveUserFromGroup (const Aws::String& userName, const Aws::String& groupName);
117 
118  // Deletion
119  bool DeleteGroup (const Aws::String& groupName);
120  bool DeletePolicy(const Aws::String& policyName);
121  bool DeleteRole (const Aws::String& roleName);
122  bool DeleteUser (const Aws::String& userName);
123 
124  bool DoesCredentialsFileExist (const Aws::String& credentialsFilename);
125  bool CreateCredentialsFileForUser(const Aws::String& credentialsFilename, const Aws::String& userName);
126 
127  //
128  // Cognito integration
129  QueryResult GetIdentityPool (const Aws::String& poolName, Aws::String& identityPoolId);
130  bool CreateIdentityPool(const Aws::String& poolName, bool allowUnauthenticated, Aws::String& identityPoolId);
131  bool DeleteIdentityPool(const Aws::String& poolName);
132 
133 
134  QueryResult IsRoleBoundToIdentityPool(const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
135  bool BindRoleToIdentityPool (const Aws::String& identityPoolId, const Aws::String& roleArn, IdentityPoolRoleBindingType roleKey);
136 
137  private:
138 
139  bool RemoveUsersFromGroup(const Aws::String& groupName);
140  bool DetachPoliciesFromGroup(const Aws::String& groupName);
141  bool DeleteInlinePoliciesFromGroup(const Aws::String& groupName);
142 
143  bool DeleteAccessKeysForUser(const Aws::String& userName);
144  bool RemoveUserFromGroups(const Aws::String& userName);
145  bool RemoveCertificatesFromUser(const Aws::String& userName);
146  bool RemovePasswordFromUser(const Aws::String& userName);
147  bool DeleteInlinePoliciesFromUser(const Aws::String& userName);
148  bool RemoveMFAFromUser(const Aws::String& userName);
149  bool DetachPoliciesFromUser(const Aws::String& userName);
150 
151  bool RemovePolicyFromEntities(const Aws::String& policyArn);
152 
153  bool RemoveRoleFromInstanceProfiles(const Aws::String& roleName);
154  bool DeleteInlinePoliciesFromRole(const Aws::String& roleName);
155  bool DetachPoliciesFromRole(const Aws::String& roleName);
156 
157  std::shared_ptr< Aws::IAM::IAMClient > m_iamClient;
158  std::shared_ptr< Aws::CognitoIdentity::CognitoIdentityClient > m_cognitoClient;
159 
160 };
161 
162 
163 
164 
165 } // namespace AccessManagement
166 } // namespace Aws
std::function< Aws::String(void) > PolicyGeneratorFunction
std::basic_string< char, std::char_traits< char >, Aws::Allocator< char > > String
Definition: AWSString.h:97
#define AWS_ACCESS_MANAGEMENT_API