Examples with AmazonIdentityManagementClient com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient used on opensource projects

Example 1 with AmazonIdentityManagementClient

use of com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient in project aws-iam-ldap-bridge by denismo.

the class LDAPIAMPoller method populateUsersFromIAM.

private void populateUsersFromIAM() {
    AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials);
    try {
        ListUsersResult res = client.listUsers();
        Set<String> allUsers = new HashSet<String>();
        while (true) {
            for (User user : res.getUsers()) {
                try {
                    Collection<Group> groups = client.listGroupsForUser(new ListGroupsForUserRequest(user.getUserName())).getGroups();
                    Group primaryGroup = groups.size() > 0 ? groups.iterator().next() : null;
                    if (primaryGroup == null) {
                        LOG.warn("Unable to determine primary group for " + user.getUserName());
                        continue;
                    }
                    Entry groupEntry = getExistingGroup(primaryGroup);
                    if (groupEntry == null) {
                        LOG.warn("Unable to retrieve matching group entry for group " + primaryGroup.getGroupName() + " user " + user.getUserName());
                        continue;
                    }
                    addUser(user, getUserAccessKey(client, user), groupEntry, groups);
                    updateGroups(groups, user);
                    allUsers.add(user.getUserName());
                    LOG.debug("Added user " + user.getUserName());
                } catch (Throwable e) {
                    LOG.error("Exception processing user " + user.getUserName(), e);
                }
            }
            if (res.isTruncated()) {
                res = client.listUsers(new ListUsersRequest().withMarker(res.getMarker()));
            } else {
                break;
            }
        }
        removeDeletedUsers(allUsers);
    } finally {
        client.shutdown();
    }
}

Example 2 with AmazonIdentityManagementClient

use of com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient in project aws-iam-ldap-bridge by denismo.

the class LDAPIAMPoller method populateRolesFromIAM.

private void populateRolesFromIAM() {
    AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials);
    try {
        ListRolesResult res = client.listRoles();
        while (true) {
            for (Role role : res.getRoles()) {
                try {
                    Entry groupEntry = getOrCreateRoleGroup(role);
                    addRole(role, groupEntry);
                    LOG.debug("Added role " + role.getRoleName() + " at " + rolesDN);
                } catch (Throwable e) {
                    LOG.error("Exception processing role " + role.getRoleName(), e);
                }
            }
            if (res.isTruncated()) {
                res = client.listRoles(new ListRolesRequest().withMarker(res.getMarker()));
            } else {
                break;
            }
        }
    } finally {
        client.shutdown();
    }
}

Example 3 with AmazonIdentityManagementClient

use of com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient in project aws-iam-ldap-bridge by denismo.

the class IAMSecretKeyValidator method verifyIAMPassword.

@Override
public boolean verifyIAMPassword(Entry user, String pw) throws LdapInvalidAttributeValueException, LdapAuthenticationException {
    boolean role = false;
    AWSCredentials creds;
    if (isRole(user)) {
        role = true;
        String[] parts = pw.split("\\|");
        if (parts == null || parts.length < 3)
            throw new LdapAuthenticationException();
        creds = new BasicSessionCredentials(parts[0], parts[1], parts[2]);
    } else {
        creds = new BasicAWSCredentials(user.get("accessKey").getString(), pw);
    }
    LOG.debug("Verifying {} {} with accessKey <hidden> and secretKey <hidden>", role ? "role" : "user", user.get("uid").getString());
    AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(creds);
    try {
        client.getAccountSummary();
    } catch (AmazonClientException e) {
        System.err.println(e.getMessage());
        return false;
    } finally {
        client.shutdown();
    }
    return true;
}

Example 4 with AmazonIdentityManagementClient

use of com.amazonaws.services.identitymanagement.AmazonIdentityManagementClient in project aws-iam-ldap-bridge by denismo.

the class LDAPIAMPoller method populateGroupsFromIAM.

private void populateGroupsFromIAM() {
    AmazonIdentityManagementClient client = new AmazonIdentityManagementClient(credentials);
    try {
        ListGroupsResult res = client.listGroups();
        Set<String> groupNames = new HashSet<String>();
        while (true) {
            for (Group group : res.getGroups()) {
                try {
                    addGroup(group);
                    groupNames.add(group.getGroupName());
                    LOG.debug("Added group " + group.getGroupName() + " at " + groupsDN);
                } catch (Throwable e) {
                    LOG.error("Exception processing group " + group.getGroupName(), e);
                }
            }
            if (res.isTruncated()) {
                res = client.listGroups(new ListGroupsRequest().withMarker(res.getMarker()));
            } else {
                break;
            }
        }
        removeDeletedGroups(groupNames);
    } finally {
        client.shutdown();
    }
}