Documentation ¶
Overview ¶
This file contains all the logic for caching aws.Config across all the (AWS) triggers. The first time when an aws.Config is requested, it's cached based on the authentication info (roleArn, Key&Secret, keda itself) and it's returned every time when an aws.Config is requested for the same authentication info. This is required because if we don't cache and share them, each scaler generates and refresh it's own token although all the tokens grants the same permissions
Index ¶
- Variables
- func ClearAwsConfig(awsAuthorization AuthorizationMetadata)
- func GetAwsConfig(ctx context.Context, awsRegion string, awsAuthorization AuthorizationMetadata) (*aws.Config, error)
- func NewSigV4RoundTripper(config *scalersconfig.ScalerConfig) (http.RoundTripper, error)
- type AuthorizationMetadata
Constants ¶
This section is empty.
Variables ¶
var ( // ErrAwsAMPNoAwsRegion is returned when "awsRegion" is missing from the config. ErrAwsAMPNoAwsRegion = errors.New("no awsRegion given") )
var ErrAwsNoAccessKey = errors.New("awsAccessKeyID not found")
ErrAwsNoAccessKey is returned when awsAccessKeyID is missing.
Functions ¶
func ClearAwsConfig ¶
func ClearAwsConfig(awsAuthorization AuthorizationMetadata)
ClearAwsConfig wraps the removal of the config from the cache
func GetAwsConfig ¶
func GetAwsConfig(ctx context.Context, awsRegion string, awsAuthorization AuthorizationMetadata) (*aws.Config, error)
GetAwsConfig returns an *aws.Config for a given AuthorizationMetadata If AuthorizationMetadata uses static credentials or `aws` auth, we recover the *aws.Config from the shared cache. If not, we generate a new entry on each request
func NewSigV4RoundTripper ¶
func NewSigV4RoundTripper(config *scalersconfig.ScalerConfig) (http.RoundTripper, error)
NewSigV4RoundTripper returns a new http.RoundTripper that will sign requests using Amazon's Signature Verification V4 signing procedure. The request will then be handed off to the next RoundTripper provided by next. If next is nil, http.DefaultTransport will be used.
Credentials for signing are retrieving used the default AWS credential chain. If credentials could not be found, an error will be returned.
Types ¶
type AuthorizationMetadata ¶
type AuthorizationMetadata struct { AwsRoleArn string AwsAccessKeyID string AwsSecretAccessKey string AwsSessionToken string // Deprecated PodIdentityOwner bool // Pod identity owner is confusing and it'll be removed when we get // rid of the old aws podIdentities (aws-eks and aws-kiam) as UsingPodIdentity // replaces it. For more context: // https://github.com/kedacore/keda/pull/5061/#discussion_r1441016441 UsingPodIdentity bool TriggerUniqueKey string }
func GetAwsAuthorization ¶
func GetAwsAuthorization(uniqueKey string, podIdentity kedav1alpha1.AuthPodIdentity, triggerMetadata, authParams, resolvedEnv map[string]string) (AuthorizationMetadata, error)
GetAwsAuthorization returns an AuthorizationMetadata based on trigger information