Class AwsIam
- java.lang.Object
-
- com.salesforce.multicloudj.iam.driver.AbstractIam
-
- com.salesforce.multicloudj.iam.aws.AwsIam
-
- All Implemented Interfaces:
Provider,Identity,AutoCloseable
@AutoService(AbstractIam.class) public class AwsIam extends AbstractIam
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classAwsIam.Builder
-
Field Summary
Fields Modifier and Type Field Description static StringALLOWstatic StringARN_AWS_IAM_PREFIXstatic StringARN_PREFIXstatic StringAWS_ACCOUNT_ID_REGEXstatic com.fasterxml.jackson.databind.ObjectMapperOBJECT_MAPPERstatic StringPOLICY_VERSIONstatic StringROOT_SUFFIXstatic StringSERVICE_PRINCIPAL_SUFFIXstatic StringSTS_ASSUME_ROLE-
Fields inherited from class com.salesforce.multicloudj.iam.driver.AbstractIam
credentialsOverrider, region
-
-
Constructor Summary
Constructors Constructor Description AwsIam()AwsIam(AwsIam.Builder builder)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Provider.Builderbuilder()Creates and returns a new Builder instance for this provider.voidclose()protected voiddoAttachInlinePolicy(AttachInlinePolicyRequest request)Attaches an inline policy to an identity.protected StringdoCreateIdentity(CreateIdentityRequest request)Create IAM Role with optional Trust Configuration and Create Options.protected voiddoDeleteIdentity(DeleteIdentityRequest request)Delete IAM Role.protected List<String>doGetAttachedPolicies(GetAttachedPoliciesRequest request)Lists all inline policies attached to an IAM role.protected StringdoGetIdentity(GetIdentityRequest request)Get IAM Role.protected StringdoGetInlinePolicyDetails(GetInlinePolicyDetailsRequest request)Get inline policy document attached to an IAM role.protected voiddoRemovePolicy(RemovePolicyRequest request)Removes an inline policy from an IAM role.Class<? extends SubstrateSdkException>getException(Throwable t)Maps a given Throwable from the provider implementation to a specific SubstrateSdkException.-
Methods inherited from class com.salesforce.multicloudj.iam.driver.AbstractIam
attachInlinePolicy, createIdentity, deleteIdentity, getAttachedPolicies, getIdentity, getInlinePolicyDetails, getProviderId, removePolicy
-
-
-
-
Field Detail
-
POLICY_VERSION
public static final String POLICY_VERSION
- See Also:
- Constant Field Values
-
ALLOW
public static final String ALLOW
- See Also:
- Constant Field Values
-
STS_ASSUME_ROLE
public static final String STS_ASSUME_ROLE
- See Also:
- Constant Field Values
-
ARN_PREFIX
public static final String ARN_PREFIX
- See Also:
- Constant Field Values
-
AWS_ACCOUNT_ID_REGEX
public static final String AWS_ACCOUNT_ID_REGEX
- See Also:
- Constant Field Values
-
ARN_AWS_IAM_PREFIX
public static final String ARN_AWS_IAM_PREFIX
- See Also:
- Constant Field Values
-
ROOT_SUFFIX
public static final String ROOT_SUFFIX
- See Also:
- Constant Field Values
-
SERVICE_PRINCIPAL_SUFFIX
public static final String SERVICE_PRINCIPAL_SUFFIX
- See Also:
- Constant Field Values
-
OBJECT_MAPPER
public static final com.fasterxml.jackson.databind.ObjectMapper OBJECT_MAPPER
-
-
Constructor Detail
-
AwsIam
public AwsIam(AwsIam.Builder builder)
-
AwsIam
public AwsIam()
-
-
Method Detail
-
builder
public Provider.Builder builder()
Description copied from interface:ProviderCreates and returns a new Builder instance for this provider.- Returns:
- A Builder instance for constructing this provider.
-
getException
public Class<? extends SubstrateSdkException> getException(Throwable t)
Description copied from interface:ProviderMaps a given Throwable from the provider implementation to a specific SubstrateSdkException. This is used for exception handling abstraction.- Parameters:
t- The Throwable to be mapped.- Returns:
- The Class of the corresponding SubstrateSdkException.
-
doCreateIdentity
protected String doCreateIdentity(CreateIdentityRequest request)
Create IAM Role with optional Trust Configuration and Create Options.- Specified by:
doCreateIdentityin classAbstractIam- Parameters:
request- the request containing identity name, description, tenant ID, region, trust config, and options.- Returns:
- the IAM role ARN.
-
doAttachInlinePolicy
protected void doAttachInlinePolicy(AttachInlinePolicyRequest request)
Description copied from class:AbstractIamAttaches an inline policy to an identity. Provider-specific implementations should override this method.- Specified by:
doAttachInlinePolicyin classAbstractIam- Parameters:
request- the request containing policy document, tenant ID, region, and identity/role names
-
doGetInlinePolicyDetails
protected String doGetInlinePolicyDetails(GetInlinePolicyDetailsRequest request)
Get inline policy document attached to an IAM role.- Specified by:
doGetInlinePolicyDetailsin classAbstractIam- Parameters:
request- the request containing relevant fields from identity name, policy name, role name, tenant ID, and region- Returns:
- the inline policy document as a JSON string
-
doGetAttachedPolicies
protected List<String> doGetAttachedPolicies(GetAttachedPoliciesRequest request)
Lists all inline policies attached to an IAM role.- Specified by:
doGetAttachedPoliciesin classAbstractIam- Parameters:
request- the request; AWS uses roleName only (IAM role to list policies for)- Returns:
- a list of inline policy names attached to the role.
-
doRemovePolicy
protected void doRemovePolicy(RemovePolicyRequest request)
Removes an inline policy from an IAM role.- Specified by:
doRemovePolicyin classAbstractIam- Parameters:
request- the request containing identity name, policy name, tenant ID, and region.
-
doDeleteIdentity
protected void doDeleteIdentity(DeleteIdentityRequest request)
Delete IAM Role.- Specified by:
doDeleteIdentityin classAbstractIam- Parameters:
request- the request containing identity name, tenant ID, and region.
-
doGetIdentity
protected String doGetIdentity(GetIdentityRequest request)
Get IAM Role.- Specified by:
doGetIdentityin classAbstractIam- Parameters:
request- the request containing identity name, tenant ID, and region.- Returns:
- the IAM role ARN.
-
-