/*
* Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
using System;
using System.Collections.Generic;
using System.Text;
namespace Amazon.Auth.AccessControlPolicy
{
///
/// A principal is an AWS account which is being allowed or denied access to a
/// resource through an access control policy. The principal is a property of the
/// Statement object, not directly the object.
///
/// The principal is A in the statement
/// "A has permission to do B to C where D applies."
///
///
/// In an access control policy statement, you can set the principal to all
/// authenticated AWS users through the member. This
/// is useful when you don't want to restrict access based on the identity of the
/// requester, but instead on other identifying characteristics such as the
/// requester's IP address.
///
///
public class Principal
{
///
/// Principal instance that includes all authenticated AWS users.
///
/// This is useful when you don't want to restrict access based on the
/// identity of the requester, but instead on other identifying
/// characteristics such as the requester's IP address.
///
///
public static readonly Principal AllUsers = new Principal("*");
///
/// The anonymous Principal.
///
public static readonly Principal Anonymous = new Principal(ANONYMOUS_PROVIDER, "*");
///
/// The default Principal provider for AWS accounts.
///
public const string AWS_PROVIDER = "AWS";
///
/// Principal provider for Canonical User IDs.
///
public const string CANONICAL_USER_PROVIDER = "CanonicalUser";
///
/// Principal provider for federated users (using a SAML identity provider)
///
public const string FEDERATED_PROVIDER = "Federated";
///
/// Principal provider for assume role policies that will be assumed by an AWS service
/// (e.g. "ec2.amazonaws.com").
///
public const string SERVICE_PROVIDER = "Service";
///
/// Dummy principal provider for anonynous.
///
public const string ANONYMOUS_PROVIDER = "__ANONYMOUS__";
private string id;
private string provider;
///
/// Constructs a new principal with the specified AWS account ID.
///
/// An AWS account ID.
public Principal(string accountId)
: this(AWS_PROVIDER, accountId)
{
if (accountId == null)
{
throw new ArgumentNullException("accountId");
}
}
///
/// Constructs a new principal with the specified provider and id
///
/// The provider of the principal
/// The unique ID of the Principal within the provider
public Principal(string provider, string id)
: this(provider, id, provider == AWS_PROVIDER)
{
}
///
/// Constructs a new principal with the specified provider and id
/// and optionally strips hyphens from the id
///
/// The provider of the principal
/// The unique ID of the Principal within the provider
/// Strip hyphen
public Principal(string provider, string id, bool stripHyphen)
{
this.provider = provider;
if (stripHyphen)
{
id = id.Replace("-", "");
}
this.id = id;
}
///
/// Gets and sets the provider for this principal, which indicates in what group of
/// users this principal resides.
///
public string Provider
{
get
{
return provider;
}
set
{
provider = value;
}
}
///
/// Gets the unique ID for this principal.
///
public string Id
{
get
{
return id;
}
}
}
}