cloudformation

package
v0.0.0-...-a9f80de Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2021 License: MIT Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Finalizer is assigned to objects that have cloudformation state
	Finalizer = "cloudformatiton.finalizers.govsvc.uk"
	// AccessGroupLabel is a label used reference a target IAM role for StackPolicyAttacher
	AccessGroupLabel = "group.access.govsvc.uk"
)
View Source 
const (
	ECRLifecycleMoreThan     = "imageCountMoreThan"
	ECRLifecyclePolicyExpire = "expire"
)
View Source 
const CreateComplete = cloudformation.StackStatusCreateComplete
View Source 
const CreateFailed = cloudformation.StackStatusCreateFailed
View Source 
const CreateInProgress = cloudformation.StackStatusCreateInProgress
View Source 
const DeleteComplete = cloudformation.StackStatusDeleteComplete
View Source 
const DeleteFailed = cloudformation.StackStatusDeleteFailed
View Source 
const DeleteInProgress = cloudformation.StackStatusDeleteInProgress
View Source 
const ReviewInProgress = cloudformation.StackStatusReviewInProgress
View Source 
const RollbackComplete = cloudformation.StackStatusRollbackComplete
View Source 
const RollbackFailed = cloudformation.StackStatusRollbackFailed
View Source 
const RollbackInProgress = cloudformation.StackStatusRollbackInProgress
View Source 
const UpdateComplete = cloudformation.StackStatusUpdateComplete
View Source 
const UpdateInProgress = cloudformation.StackStatusUpdateInProgress
View Source 
const UpdateRollbackComplete = cloudformation.StackStatusUpdateRollbackComplete
View Source 
const UpdateRollbackCompleteCleanupInProgress = cloudformation.StackStatusUpdateRollbackCompleteCleanupInProgress
View Source 
const UpdateRollbackFailed = cloudformation.StackStatusUpdateRollbackFailed
View Source 
const UpdateRollbackInProgress = cloudformation.StackStatusRollbackInProgress

Variables

View Source 
var (

	// ErrStackNotFound returned when stack does not exist, or has been deleted
	ErrStackNotFound = fmt.Errorf("STACK_NOT_FOUND")
	// NoUpdatesErrMatch is string to match in error from aws to detect if nothing to update
	NoUpdatesErrMatch = "No updates"
	// NoExistErrMatch is a string to match if stack does not exist
	NoExistErrMatch = "does not exist"
)
View Source 
var (
	// DefaultReconcileDeadline is the default timeout for reconcile
	// context. DeadlineExceeded errors will be retried later.
	DefaultReconcileDeadline = time.Minute * 1
	// DefaultRequeueTimeout is the default time when a reconcile needs
	// requeuing after deadline is hit
	DefaultRequeueTimeout = time.Second * 10
	// DefaultPollingInterval is the frequency that cloudformation client
	// polls for state changes
	DefaultPollingInterval = time.Second * 20
	// DefaultReconcileSuccessRetryDelay is the default delay after a successful
	// Reconcile that Reconcile will be called again if RequeueOnSuccess is true
	DefaultReconcileSuccessRetryDelay = time.Hour * 1
	// ErrPrincipalNotFound is returned if no Principal (role record) can
	// be found to attach a policy to
	ErrPrincipalNotFound = fmt.Errorf("PRINCIPAL_NOT_FOUND")
	// ErrPrincipalNotReady is returned when a principal has not been fully
	// provisioned yet.
	ErrPrincipalNotReady = fmt.Errorf("PRINCIPAL_NOT_READY")
	// ErrPrincipalMultipleMatches is returned if a label selector matches
	// multiple principals, which is not currently supported
	ErrPrincipalMultipleMatches = fmt.Errorf("PRINCIPAL_MULTIPLE_MATCHES")
	// ErrMissingKind returned on config error
	ErrMissingKind = fmt.Errorf("MISSING_CONTROLLER_RESOURCE_KIND")
	// ErrMissingPrincipalKind returned on config error
	ErrMissingPrincipalKind = fmt.Errorf("MISSING_CONTROLLER_PRINCIPAL_KIND")
	// ErrMissingCloudformationClient returned if no cloudformation client setup
	ErrMissingCloudformationClient = fmt.Errorf("MISSING_CLOUDFORMATION_CLIENT")
	// ErrMissingAWSClient return on config error
	ErrMissingAWSClient = fmt.Errorf("MISSING_AWS_CLIENT")
)
View Source 
var GetAtt = goformation.GetAtt
View Source 
var Join = goformation.Join
View Source 
var NewTemplate = goformation.NewTemplate
View Source 
var Ref = goformation.Ref
View Source 
var Sub = goformation.Sub

Functions

func IsNoUpdateError 

func IsNoUpdateError(err error) bool

func IsNotFoundError 

func IsNotFoundError(err error) bool

Types

type AWSECRRepository 

type AWSECRRepository = goformationecr.Repository

type AWSECRRepository_LifecyclePolicy 

type AWSECRRepository_LifecyclePolicy = goformationecr.Repository_LifecyclePolicy

type AWSElastiCacheReplicationGroup 

type AWSElastiCacheReplicationGroup = goformationelasticache.ReplicationGroup

type AWSIAMPolicy 

type AWSIAMPolicy = goformationiam.Policy

type AWSIAMRole 

type AWSIAMRole = goformationiam.Role

type AWSRDSDBCluster 

type AWSRDSDBCluster = goformationrds.DBCluster

type AWSRDSDBClusterParameterGroup 

type AWSRDSDBClusterParameterGroup = goformationrds.DBClusterParameterGroup

type AWSRDSDBInstance 

type AWSRDSDBInstance = goformationrds.DBInstance

type AWSRDSDBParameterGroup 

type AWSRDSDBParameterGroup = goformationrds.DBParameterGroup

type AWSS3Bucket 

type AWSS3Bucket = goformations3.Bucket

type AWSSQSQueue 

type AWSSQSQueue = goformationsqs.Queue

type AWSSecretsManagerSecret 

type AWSSecretsManagerSecret = goformationsecretsmanager.Secret

type AWSSecretsManagerSecretTargetAttachment 

type AWSSecretsManagerSecretTargetAttachment = goformationsecretsmanager.SecretTargetAttachment

type AssumeRolePolicyDocument 

type AssumeRolePolicyDocument struct {
	Version   string
	Statement []AssumeRolePolicyStatement
}

func NewAssumeRolePolicyDocument 

func NewAssumeRolePolicyDocument(serviceOperatorRoleArn string) AssumeRolePolicyDocument

func NewAssumeRolePolicyDocumentWithServiceAccount 

func NewAssumeRolePolicyDocumentWithServiceAccount(serviceOperatorRoleArn string, federatedPrincipal string, federatedConditionKey string, federatedConditionValue string) AssumeRolePolicyDocument

type AssumeRolePolicyStatement 

type AssumeRolePolicyStatement struct {
	Effect    string
	Principal PolicyPrincipal
	Action    []string
	Condition PolicyCondition `json:"Condition,omitempty"`
}

type Client 

type Client struct {
	// ClusterName is used to prefix any generated names to avoid clashes
	ClusterName string
	// Client is the AWS SDK Client implementation to use
	Client sdk.Client
	// PollingInterval is the duration between calls to check state when waiting for apply/destroy to complete
	PollingInterval time.Duration
}

Client performs cloudformation operations on objects that implement the Stack interface

func (*Client) Apply 

func (r *Client) Apply(ctx context.Context, stack Stack, params ...*Parameter) (Outputs, error)

Apply reconciles the state of the remote cloudformation stack and blocks until the stack is no longer in an creating/applying state or a ctx timeout is hit Calls should be retried if DeadlineExceeded errors are hit Returns any outputs on successful apply. Will update stack with current status

func (*Client) Destroy 

func (r *Client) Destroy(ctx context.Context, stack Stack) error

Destroy will attempt to deprovision the cloudformation stack and block until complete or the ctx Deadline expires Calls should be retried if DeadlineExceeded errors are hit Will update stack with current status

func (*Client) Outputs 

func (r *Client) Outputs(ctx context.Context, stack Stack) (Outputs, error)

Outputs fetches the cloudformation outputs for the given stack Returns ErrStackNotFound if stack does not exist

type Controller 

type Controller struct {
	Scheme                     *runtime.Scheme        // Scheme is required for operations like gc
	Log                        logr.Logger            // Log will be used to report each reconcile
	KubernetesClient           client.Client          // KubernetesClient is required to talk to api
	CloudFormationClient       *Client                // CloudFormationClient is required to talk to aws
	Parameters                 []*Parameter           // Parameters are default params always passed to Apply
	Kind                       Stack                  // Kind is the kubernetes resource type to reconcile
	PrincipalListKind          object.PrincipalLister // PrincipalListKind is the type that will be used to lookup role data for StackPolicyAttacher
	ReconcileTimeout           time.Duration          // ReconcileTimeout is the max execution time on Reconcile before requeuing
	ReconcileTimeoutRetryDelay time.Duration          // ReconcileTimeoutRetryDelay is the delay before trying again after ReconcileTimeout is hit
	ReconcileErrorRetryDelay   time.Duration          // ReconcileErrorRetryDelay is the delay before trying again after Reconcile returns an error
	RequeueOnSuccess           bool                   // RequeueOnSuccess is a flag indicating whether to requeue a successful Reconcile request
	ReconcileSuccessRetryDelay time.Duration          // ReconcileSuccessRetryDelay is the delay before re-executing Reconcile on success
}

Controller implements kubernetes controller-runtime reconcile.Reconciler to reconcile a kubernetes resource type that implements the Stack interface using cloudformation.

It should be initialised with the Kind that it will reconcile (ie v1beta1.Postgres{}) any parameters that should always be passed to cloudformation during reconciliation. Setting parameters here is useful for variables that are based on the environment rather than the resource options, for example which region or vpc to deploy to may not be something you wish to make configurable via the resource, but rather globally on the manager

TODO: add example

func (*Controller) Reconcile 

func (r *Controller) Reconcile(req ctrl.Request) (res ctrl.Result, err error)

Reconcile synchronises state between the resource and a cloudformation stack

func (*Controller) SetupWithManager 

func (r *Controller) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager validates and registers this controller with the manager and api

type CreateStackInput 

type CreateStackInput = cloudformation.CreateStackInput

type DeleteStackInput 

type DeleteStackInput = cloudformation.DeleteStackInput

type DescribeStackEventsInput 

type DescribeStackEventsInput = cloudformation.DescribeStackEventsInput

type DescribeStacksInput 

type DescribeStacksInput = cloudformation.DescribeStacksInput

type DescribeStacksOutput 

type DescribeStacksOutput = cloudformation.DescribeStacksOutput

type ECRLifecyclePolicy 

type ECRLifecyclePolicy struct {
	Rules []ECRLifecyclePolicyRule `json:"rules,omitempty"`
}

type ECRLifecyclePolicyAction 

type ECRLifecyclePolicyAction struct {
	Type string `json:"type,omitempty"`
}

type ECRLifecyclePolicyRule 

type ECRLifecyclePolicyRule struct {
	RulePriority int64                       `json:"rulePriority"`
	Description  string                      `json:"description,omitempty"`
	Selection    ECRLifecyclePolicySelection `json:"selection,omitempty"`
	Action       ECRLifecyclePolicyAction    `json:"action,omitempty"`
}

type ECRLifecyclePolicySelection 

type ECRLifecyclePolicySelection struct {
	TagStatus   string `json:"tagStatus,omitempty"`
	CountType   string `json:"countType,omitempty"`
	CountNumber int    `json:"countNumber,omitempty"`
}

type GenerateSecretString 

type GenerateSecretString = goformationsecretsmanager.Secret_GenerateSecretString

type GetSecretValueInput 

type GetSecretValueInput = secretsmanager.GetSecretValueInput

type Output 

type Output = cloudformation.Output

type Outputs 

type Outputs map[string]string

Outputs is used as a more friendly version of cloudformation.Output

type Parameter 

type Parameter = cloudformation.Parameter

type PolicyCondition 

type PolicyCondition struct {
	StringEquals map[string]string `json:"StringEquals,omitempty"`
}

type PolicyDocument 

type PolicyDocument struct {
	Version   string
	Statement []PolicyStatement
}

func NewRolePolicyDocument 

func NewRolePolicyDocument(resources, actions []string) PolicyDocument

type PolicyPrincipal 

type PolicyPrincipal struct {
	AWS       []string `json:"AWS,omitempty"`
	Federated []string `json:"Federated,omitempty"`
}

type PolicyStatement 

type PolicyStatement struct {
	Effect   string
	Action   []string
	Resource []string
}

type ServiceAccountCreator 

type ServiceAccountCreator interface {
	Stack
	GetServiceAccountName() string
	GetServiceAccountAnnotations(outputs Outputs) map[string]string
}

ServiceAccountCreator names a ServiceAccount to be used to access created resources

type ServiceEntryCreator 

type ServiceEntryCreator interface {
	Stack
	GetServiceEntryName() string
	GetServiceEntrySpecs(outputs Outputs) ([]map[string]interface{}, error)
}

ServiceEntryCreator names a ServiceEntry to hold what are essentially egress firewall rules.

type Stack 

type Stack interface {
	GetStackName() string
	GetStackTemplate() (*Template, error)
	object.Service
}

Stack represents a type that can marshall itself to a cloudformation config for use with Client

type StackObjectEmptier 

type StackObjectEmptier interface {
	Stack
	Empty(ctx context.Context, client sdk.Client) error
}

type StackOutputWhitelister 

type StackOutputWhitelister interface {
	GetStackOutputWhitelist() []string
}

StackOutputWhitelister allows a type to return a list of Output keys whose values are safe to be displayed in the Status of the resource. This is useful for when you want to display some outputs without having them embedded into a Secret

type StackPolicyAttacher 

type StackPolicyAttacher interface {
	Stack
	GetStackRoleParameters(role string) ([]*Parameter, error)
}

StackPolicyAttacher adds an additional method to Stack for injecting a target role name into stack parameters that will be the receiver of policies provisioned by this stack. Role parameters are added at both Update and Create time. The role provided will already exist and may contain other existing policies which should not be altered.

type StackPolicyProvider 

type StackPolicyProvider interface {
	GetStackPolicy() aws.StackPolicyDocument
}

StackPolicyProvider allows a type to return a string representation of a CloudFormationStack policy to prevent unauthorised operations on a given stack.

type StackSecretContributor 

type StackSecretContributor interface {
	Stack
	GetTemplateSecrets(ctx context.Context, client sdk.Client, outputs Outputs) (map[string]string, error)
}

type StackSecretOutputter 

type StackSecretOutputter interface {
	Stack
	object.SecretNamer
}

StackSecretOutputter allows a type to return the name of a kubernetes Secret that will be populated with any cloudformation outputs. This is useful when the cloudformation stack returns sensitive information that must be consumed as configuration, for example a username, password and connection string for a database.

type State 

type State = cloudformation.Stack

Alias types from the various cloudformation packages so we can access relevant parts via this package for convenience

type StateEvent 

type StateEvent = cloudformation.StackEvent

type Tag 

type Tag = goformationtags.Tag

type Template 

type Template = goformation.Template

type UpdateStackInput 

type UpdateStackInput = cloudformation.UpdateStackInput

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.