omnissm

package
v0.0.0-...-d228a98 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2025 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const AmazonSSMAgentServiceName = "amazon-ssm-agent"
View Source 
const ClientVersion = "1.2.0"
View Source 
const DefaultSSMServiceRole = "service-role/AmazonEC2RunCommandRoleForManagedInstances"

Variables

This section is empty.

Functions

func MergeConfig 

func MergeConfig(config *Config, other *Config)

func SetupTracing 

func SetupTracing(o *OmniSSM)

Types

type Client 

type Client struct {
	*http.Client

	ManagedId string
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(url string) (*Client, error)

New returns a new client for the registrations API

func (*Client) Register 

func (c *Client) Register() error

Register requests an activation from the registrations API and attempts to register the current instance with SSM. A new activation will be created should an existing one not be found in the registrations table.

func (*Client) Update 

func (c *Client) Update() error

Update attempts to update the ManagedId in the registrations table

type Config 

type Config struct {
	*aws.Config

	Context context.Context

	// A whitelist of accounts allowed to register with SSM
	AccountWhitelist []string `yaml:"accountWhitelist"`

	// This or AssumeRoles must be specified.
	AssumeRoleName string `yaml:"assumeRole"`

	// A mapping of IAM roles to assume with the provided accounts
	AssumeRoles map[string]string `yaml:"assumeRoles"`

	// The IAM role used when the SSM agent registers with the SSM service
	InstanceRole string `yaml:"instanceRole"`

	// Sets the number of retries attempted for AWS API calls. Defaults to 0
	// if not specified.
	MaxRetries int `yaml:"maxRetries"`

	// If provided, SSM API requests that are throttled will be sent to this
	// queue. Should be used in conjunction with MaxRetries since the
	// throttling that takes place should retry several times before attempting
	// to queue the request.
	QueueName string `yaml:"queueName"`

	// The DynamodDb table used for storing instance regisrations.
	RegistrationsTable string `yaml:"registrationsTable"`

	// The SNS topic published to when resources are registered (optional).
	ResourceRegisteredSNSTopic string `yaml:"resourceRegisteredSNSTopic"`

	// The SNS topic published to when resources are deleted (optional).
	ResourceDeletedSNSTopic string `yaml:"resourceDeletedSNSTopic"`

	// The name of tags that should be added to SSM tags if they are tagged on
	// the EC2 instance.
	ResourceTags []string `yaml:"resourceTags"`

	// The IAM role used for downloading Oversized ConfigurationItems from S3.
	S3DownloadRole string `yaml:"s3DownloadRole"`

	// The IAM role used for publishing to the Resource Deleted SNS topic (optional).
	SNSPublishRole string `yaml:"snsPublishRole"`

	// This is set by AWS when a Lambda instance is configured to use x-ray.
	// This is optional and x-ray is currently only supported when using lambda.
	XRayTracingEnabled string `yaml:"xrayTracingEnabled"`

	// The number of days to wait to clean up registered ssm instances that have a
	// PingStatus of ConnectionLost
	CleanupAfterDays float64 `yaml:"cleanupAfterDays"`

	// Version constraints for allowable client requests during registration. If
	// constraints are empty, all versions are allowed. Version string should
	// conform with github.com/hashicorp/go-version format, i.e. comma-separated
	// rules like ">= 1.1.0, < 2.0.0"
	ClientVersionConstraints string `yaml:"clientVersionConstraints"`

	// The name of a JSON file containing an ImageWhitelist structure. If the
	// value is not an empty string, the registration handler will attempt to
	// read the named file on lambda startup and construct a whitelist of valid
	// image IDs for each AccountId/RegionName pair. Instances presenting an
	// identity document with an image ID not present in the whitelist will not
	// be allowed to register.
	AMIWhitelistFile string `yaml:"amiWhitelistFile"`
	// contains filtered or unexported fields
}

func NewConfig 

func NewConfig() *Config

func ReadConfig 

func ReadConfig(path string) (*Config, error)

ReadConfig loads configuration values from a yaml file. The priority of the sources is the following: 1. flags 2. environment variables 3. config file 4. defaults

func ReadConfigFromEnv 

func ReadConfigFromEnv() *Config

func (*Config) HasAssumeRole 

func (c *Config) HasAssumeRole(accountId string) (roleArn string, ok bool)

func (*Config) HasResourceTag 

func (c *Config) HasResourceTag(tagName string) (ok bool)

func (*Config) IsAuthorized 

func (c *Config) IsAuthorized(accountId string) (ok bool)

func (*Config) RequestVersionValid 

func (c *Config) RequestVersionValid(vs string) bool

type DeferredActionMessage 

type DeferredActionMessage struct {
	Type  DeferredActionType
	Value interface{}
}

func (*DeferredActionMessage) MarshalJSON 

func (d *DeferredActionMessage) MarshalJSON() ([]byte, error)

func (*DeferredActionMessage) UnmarshalJSON 

func (d *DeferredActionMessage) UnmarshalJSON(data []byte) error

type DeferredActionType 

type DeferredActionType int
const (
	InvalidActionType DeferredActionType = iota
	AddTagsToResource
	RequestActivation
	DeregisterInstance
	PutInventory
	PutRegistrationEntry
	DeleteRegistrationEntry
)

type ImageWhitelist 

type ImageWhitelist struct {
	Images []struct {
		AccountId   string `json:"AccountId"`
		RegionName  string `json:"RegionName"`
		ImageId     string `json:"ImageId"`
		ReleaseDate string `json:"ReleaseDate"`
	} `json:"Images"`
}

type OmniSSM 

type OmniSSM struct {
	*Config
	*Registrations
	*s3.S3
	*sns.SNS
	*sqs.SQS
	*ssm.SSM
}

func New 

func New(config *Config) (*OmniSSM, error)

func (*OmniSSM) DeregisterInstance 

func (o *OmniSSM) DeregisterInstance(ctx context.Context, entry *RegistrationEntry) error

func (*OmniSSM) RequestActivation 

func (o *OmniSSM) RequestActivation(ctx context.Context, req *RegistrationRequest) (*RegistrationResponse, error)

type QueryIndexInput 

type QueryIndexInput struct {
	IndexName, AttrName, Value string
}

type RegistrationEntry 

type RegistrationEntry struct {
	Id         string    `json:"id,omitempty"`
	CreatedAt  time.Time `json:"CreatedAt"`
	ManagedId  string    `json:"ManagedId"`
	AccountId  string    `json:"AccountId"`
	Region     string    `json:"Region"`
	InstanceId string    `json:"InstanceId"`

	// IsTagged and IsInventoried are logically bool types, but must be
	// represented as integers to allow for a LSI to be created in DynamoDB, as
	// DynamoDB disallows creating a LSI on a Bool type. The value is false
	// when equal to 0 and true when greater than 0.
	IsTagged      int `json:"IsTagged"`
	IsInventoried int `json:"IsInventoried"`

	ClientVersion string `json:"ClientVersion,omitempty"`

	// ActivationId/ActivationCode for registering with SSM
	ssm.Activation
}

type RegistrationRequest 

type RegistrationRequest struct {
	Provider      string `json:"provider"`
	Document      string `json:"document"`
	Signature     string `json:"signature"`
	ManagedId     string `json:"managedId,omitempty"`
	ClientVersion string `json:"clientVersion,omitempty"`
	// contains filtered or unexported fields
}

func (*RegistrationRequest) Identity 

func (r *RegistrationRequest) Identity() *ec2metadata.Document

func (*RegistrationRequest) UnmarshalJSON 

func (r *RegistrationRequest) UnmarshalJSON(data []byte) error

func (*RegistrationRequest) Verify 

func (r *RegistrationRequest) Verify() error

type RegistrationResponse 

type RegistrationResponse struct {
	RegistrationEntry

	Region string `json:"region,omitempty"`
	// contains filtered or unexported fields
}

func (*RegistrationResponse) Existing 

func (r *RegistrationResponse) Existing() bool

Used for logging

func (*RegistrationResponse) MarshalJSON 

func (r *RegistrationResponse) MarshalJSON() ([]byte, error)

type Registrations 

type Registrations struct {
	dynamodbiface.DynamoDBAPI
	// contains filtered or unexported fields
}

func NewRegistrations 

func NewRegistrations(config *RegistrationsConfig) *Registrations

func (*Registrations) Delete 

func (r *Registrations) Delete(ctx context.Context, id string) error

func (*Registrations) Get 

func (r *Registrations) Get(ctx context.Context, id string) (*RegistrationEntry, error, bool)

func (*Registrations) GetByManagedId 

func (r *Registrations) GetByManagedId(ctx context.Context, managedId string) (*RegistrationEntry, error, bool)

func (*Registrations) Put 

func (r *Registrations) Put(ctx context.Context, entry *RegistrationEntry) error

func (*Registrations) QueryIndexes 

func (r *Registrations) QueryIndexes(ctx context.Context, inputs ...QueryIndexInput) ([]*RegistrationEntry, error)

func (*Registrations) Scan 

func (r *Registrations) Scan(ctx context.Context) ([]*RegistrationEntry, error)

func (*Registrations) Update 

func (r *Registrations) Update(ctx context.Context, entry *RegistrationEntry) error

type RegistrationsConfig 

type RegistrationsConfig struct {
	*aws.Config

	TableName string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.