/******************************************************************************* * Copyright 2012-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Licensed under the Apache License, Version 2.0 (the "License"). You may not use * this file except in compliance with the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. * ***************************************************************************** * * AWS Tools for Windows (TM) PowerShell (TM) * */ using System; using System.Collections.Generic; using System.Linq; using System.Management.Automation; using System.Text; using Amazon.PowerShell.Common; using Amazon.Runtime; using Amazon.IdentityManagement; using Amazon.IdentityManagement.Model; namespace Amazon.PowerShell.Cmdlets.IAM { /// <summary> /// Adds or updates an inline policy document that is embedded in the specified IAM user. /// /// /// <para> /// An IAM user can also have a managed policy attached to it. To attach a managed policy /// to a user, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachUserPolicy.html"><code>AttachUserPolicy</code></a>. To create a new managed policy, use <a href="https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html"><code>CreatePolicy</code></a>. For information about policies, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html">Managed /// policies and inline policies</a> in the <i>IAM User Guide</i>. /// </para><para> /// For information about the maximum number of inline policies that you can embed in /// a user, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html">IAM /// and STS quotas</a> in the <i>IAM User Guide</i>. /// </para><note><para> /// Because policy documents can be large, you should use POST rather than GET when calling /// <code>PutUserPolicy</code>. For general information about using the Query API with /// IAM, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html">Making /// query requests</a> in the <i>IAM User Guide</i>. /// </para></note> /// </summary> [Cmdlet("Write", "IAMUserPolicy", SupportsShouldProcess = true, ConfirmImpact = ConfirmImpact.Medium)] [OutputType("None")] [AWSCmdlet("Calls the AWS Identity and Access Management PutUserPolicy API operation.", Operation = new[] {"PutUserPolicy"}, SelectReturnType = typeof(Amazon.IdentityManagement.Model.PutUserPolicyResponse))] [AWSCmdletOutput("None or Amazon.IdentityManagement.Model.PutUserPolicyResponse", "This cmdlet does not generate any output." + "The service response (type Amazon.IdentityManagement.Model.PutUserPolicyResponse) can be referenced from properties attached to the cmdlet entry in the $AWSHistory stack." )] public partial class WriteIAMUserPolicyCmdlet : AmazonIdentityManagementServiceClientCmdlet, IExecutor { #region Parameter PolicyDocument /// <summary> /// <para> /// <para>The policy document.</para><para>You must provide policies in JSON format in IAM. However, for CloudFormation templates /// formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation /// always converts a YAML policy to JSON format before submitting it to IAM.</para><para>The <a href="http://wikipedia.org/wiki/regex">regex pattern</a> used to validate this /// parameter is a string of characters consisting of the following:</para><ul><li><para>Any printable ASCII character ranging from the space character (<code>\u0020</code>) /// through the end of the ASCII character range</para></li><li><para>The printable characters in the Basic Latin and Latin-1 Supplement character set (through /// <code>\u00FF</code>)</para></li><li><para>The special characters tab (<code>\u0009</code>), line feed (<code>\u000A</code>), /// and carriage return (<code>\u000D</code>)</para></li></ul> /// </para> /// </summary> #if !MODULAR [System.Management.Automation.Parameter(Position = 2, ValueFromPipelineByPropertyName = true)] #else [System.Management.Automation.Parameter(Position = 2, ValueFromPipelineByPropertyName = true, Mandatory = true)] [System.Management.Automation.AllowEmptyString] [System.Management.Automation.AllowNull] #endif [Amazon.PowerShell.Common.AWSRequiredParameter] public System.String PolicyDocument { get; set; } #endregion #region Parameter PolicyName /// <summary> /// <para> /// <para>The name of the policy document.</para><para>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex /// pattern</a>) a string of characters consisting of upper and lowercase alphanumeric /// characters with no spaces. You can also include any of the following characters: _+=,.@-</para> /// </para> /// </summary> #if !MODULAR [System.Management.Automation.Parameter(Position = 1, ValueFromPipelineByPropertyName = true)] #else [System.Management.Automation.Parameter(Position = 1, ValueFromPipelineByPropertyName = true, Mandatory = true)] [System.Management.Automation.AllowEmptyString] [System.Management.Automation.AllowNull] #endif [Amazon.PowerShell.Common.AWSRequiredParameter] public System.String PolicyName { get; set; } #endregion #region Parameter UserName /// <summary> /// <para> /// <para>The name of the user to associate the policy with.</para><para>This parameter allows (through its <a href="http://wikipedia.org/wiki/regex">regex /// pattern</a>) a string of characters consisting of upper and lowercase alphanumeric /// characters with no spaces. You can also include any of the following characters: _+=,.@-</para> /// </para> /// </summary> #if !MODULAR [System.Management.Automation.Parameter(Position = 0, ValueFromPipelineByPropertyName = true, ValueFromPipeline = true)] #else [System.Management.Automation.Parameter(Position = 0, ValueFromPipelineByPropertyName = true, ValueFromPipeline = true, Mandatory = true)] [System.Management.Automation.AllowEmptyString] [System.Management.Automation.AllowNull] #endif [Amazon.PowerShell.Common.AWSRequiredParameter] public System.String UserName { get; set; } #endregion #region Parameter Select /// <summary> /// Use the -Select parameter to control the cmdlet output. The cmdlet doesn't have a return value by default. /// Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.IdentityManagement.Model.PutUserPolicyResponse). /// Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value. /// </summary> [System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)] public string Select { get; set; } = "*"; #endregion #region Parameter PassThru /// <summary> /// Changes the cmdlet behavior to return the value passed to the UserName parameter. /// The -PassThru parameter is deprecated, use -Select '^UserName' instead. This parameter will be removed in a future version. /// </summary> [System.Obsolete("The -PassThru parameter is deprecated, use -Select '^UserName' instead. This parameter will be removed in a future version.")] [System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)] public SwitchParameter PassThru { get; set; } #endregion #region Parameter Force /// <summary> /// This parameter overrides confirmation prompts to force /// the cmdlet to continue its operation. This parameter should always /// be used with caution. /// </summary> [System.Management.Automation.Parameter(ValueFromPipelineByPropertyName = true)] public SwitchParameter Force { get; set; } #endregion protected override void ProcessRecord() { this._AWSSignerType = "v4"; base.ProcessRecord(); var resourceIdentifiersText = FormatParameterValuesForConfirmationMsg(nameof(this.UserName), MyInvocation.BoundParameters); if (!ConfirmShouldProceed(this.Force.IsPresent, resourceIdentifiersText, "Write-IAMUserPolicy (PutUserPolicy)")) { return; } var context = new CmdletContext(); // allow for manipulation of parameters prior to loading into context PreExecutionContextLoad(context); #pragma warning disable CS0618, CS0612 //A class member was marked with the Obsolete attribute if (ParameterWasBound(nameof(this.Select))) { context.Select = CreateSelectDelegate<Amazon.IdentityManagement.Model.PutUserPolicyResponse, WriteIAMUserPolicyCmdlet>(Select) ?? throw new System.ArgumentException("Invalid value for -Select parameter.", nameof(this.Select)); if (this.PassThru.IsPresent) { throw new System.ArgumentException("-PassThru cannot be used when -Select is specified.", nameof(this.Select)); } } else if (this.PassThru.IsPresent) { context.Select = (response, cmdlet) => this.UserName; } #pragma warning restore CS0618, CS0612 //A class member was marked with the Obsolete attribute context.PolicyDocument = this.PolicyDocument; #if MODULAR if (this.PolicyDocument == null && ParameterWasBound(nameof(this.PolicyDocument))) { WriteWarning("You are passing $null as a value for parameter PolicyDocument which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues."); } #endif context.PolicyName = this.PolicyName; #if MODULAR if (this.PolicyName == null && ParameterWasBound(nameof(this.PolicyName))) { WriteWarning("You are passing $null as a value for parameter PolicyName which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues."); } #endif context.UserName = this.UserName; #if MODULAR if (this.UserName == null && ParameterWasBound(nameof(this.UserName))) { WriteWarning("You are passing $null as a value for parameter UserName which is marked as required. In case you believe this parameter was incorrectly marked as required, report this by opening an issue at https://github.com/aws/aws-tools-for-powershell/issues."); } #endif // allow further manipulation of loaded context prior to processing PostExecutionContextLoad(context); var output = Execute(context) as CmdletOutput; ProcessOutput(output); } #region IExecutor Members public object Execute(ExecutorContext context) { var cmdletContext = context as CmdletContext; // create request var request = new Amazon.IdentityManagement.Model.PutUserPolicyRequest(); if (cmdletContext.PolicyDocument != null) { request.PolicyDocument = cmdletContext.PolicyDocument; } if (cmdletContext.PolicyName != null) { request.PolicyName = cmdletContext.PolicyName; } if (cmdletContext.UserName != null) { request.UserName = cmdletContext.UserName; } CmdletOutput output; // issue call var client = Client ?? CreateClient(_CurrentCredentials, _RegionEndpoint); try { var response = CallAWSServiceOperation(client, request); object pipelineOutput = null; pipelineOutput = cmdletContext.Select(response, this); output = new CmdletOutput { PipelineOutput = pipelineOutput, ServiceResponse = response }; } catch (Exception e) { output = new CmdletOutput { ErrorResponse = e }; } return output; } public ExecutorContext CreateContext() { return new CmdletContext(); } #endregion #region AWS Service Operation Call private Amazon.IdentityManagement.Model.PutUserPolicyResponse CallAWSServiceOperation(IAmazonIdentityManagementService client, Amazon.IdentityManagement.Model.PutUserPolicyRequest request) { Utils.Common.WriteVerboseEndpointMessage(this, client.Config, "AWS Identity and Access Management", "PutUserPolicy"); try { #if DESKTOP return client.PutUserPolicy(request); #elif CORECLR return client.PutUserPolicyAsync(request).GetAwaiter().GetResult(); #else #error "Unknown build edition" #endif } catch (AmazonServiceException exc) { var webException = exc.InnerException as System.Net.WebException; if (webException != null) { throw new Exception(Utils.Common.FormatNameResolutionFailureMessage(client.Config, webException.Message), webException); } throw; } } #endregion internal partial class CmdletContext : ExecutorContext { public System.String PolicyDocument { get; set; } public System.String PolicyName { get; set; } public System.String UserName { get; set; } public System.Func<Amazon.IdentityManagement.Model.PutUserPolicyResponse, WriteIAMUserPolicyCmdlet, object> Select { get; set; } = (response, cmdlet) => null; } } }