Documentation ¶
Index ¶
- Constants
- Variables
- func AWSGetCallerIdentity(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)
- func CredentialsIDSecret(data []byte, profile string) (aws.Credentials, error)
- func GetAWSConfig(ctx context.Context, c client.Client, mg resource.Managed) (*aws.Config, error)
- func GetAssumeRoleWithWebIdentityConfig(ctx context.Context, cfg *aws.Config, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)
- func GetRoleChainConfig(ctx context.Context, pcs *v1beta1.ProviderConfigSpec, cfg *aws.Config) (*aws.Config, error)
- func LateInitializeStringPtr(in *string, from *string) *string
- func SetAssumeRoleOptions(aro v1beta1.AssumeRoleOptions) func(*stscreds.AssumeRoleOptions)
- func SetResolver(pc *v1beta1.ProviderConfig, cfg *aws.Config) *aws.Config
- func SetWebIdentityRoleOptions(opts v1beta1.AssumeRoleWithWebIdentityOptions) func(*stscreds.WebIdentityRoleOptions)
- func TerraformSetupBuilder(version, providerSource, providerVersion string) terraform.SetupFn
- func UsePodServiceAccount(ctx context.Context, region string) (*aws.Config, error)
- func UseProviderSecret(ctx context.Context, data []byte, profile, region string) (*aws.Config, error)
- func UseWebIdentityToken(ctx context.Context, region string, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)
- type AuthMethod
- type CallerIdentityCache
- type CallerIdentityCacheOption
- type GetCallerIdentityFn
Constants ¶
const ( URLConfigTypeStatic = "Static" URLConfigTypeDynamic = "Dynamic" )
Endpoint URL configuration types.
const ( // DefaultSection for INI files. DefaultSection = ini.DefaultSection )
const GlobalRegion = "aws-global"
GlobalRegion is the region name used for AWS services that do not have a notion of region.
Variables ¶
var GlobalCallerIdentityCache = NewCallerIdentityCache()
GlobalCallerIdentityCache is a global cache to be used by all controllers.
Functions ¶
func AWSGetCallerIdentity ¶
func AWSGetCallerIdentity(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)
AWSGetCallerIdentity makes sends a request to AWS to get the caller identity.
func CredentialsIDSecret ¶
func CredentialsIDSecret(data []byte, profile string) (aws.Credentials, error)
CredentialsIDSecret retrieves AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the data which contains aws credentials under given profile Example: [default] aws_access_key_id = <YOUR_ACCESS_KEY_ID> aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>
func GetAWSConfig ¶
GetAWSConfig to produce a config that can be used to authenticate to AWS.
func GetAssumeRoleWithWebIdentityConfig ¶
func GetAssumeRoleWithWebIdentityConfig(ctx context.Context, cfg *aws.Config, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)
GetAssumeRoleWithWebIdentityConfig returns an aws.Config capable of doing AssumeRoleWithWebIdentity.
func GetRoleChainConfig ¶
func GetRoleChainConfig(ctx context.Context, pcs *v1beta1.ProviderConfigSpec, cfg *aws.Config) (*aws.Config, error)
GetRoleChainConfig returns an aws.Config capable of doing role chaining with AssumeRoleWithWebIdentity & AssumeRoles.
func LateInitializeStringPtr ¶
LateInitializeStringPtr returns in if it's non-nil, otherwise returns from which is the backup for the cases in is nil.
func SetAssumeRoleOptions ¶
func SetAssumeRoleOptions(aro v1beta1.AssumeRoleOptions) func(*stscreds.AssumeRoleOptions)
SetAssumeRoleOptions sets options when Assuming an IAM Role
func SetResolver ¶
SetResolver parses annotations from the managed resource and returns a configuration accordingly.
func SetWebIdentityRoleOptions ¶
func SetWebIdentityRoleOptions(opts v1beta1.AssumeRoleWithWebIdentityOptions) func(*stscreds.WebIdentityRoleOptions)
SetWebIdentityRoleOptions sets options when exchanging a WebIdentity Token for a Role
func TerraformSetupBuilder ¶
TerraformSetupBuilder returns Terraform setup with provider specific configuration like provider credentials used to connect to cloud APIs in the expected form of a Terraform provider.
func UsePodServiceAccount ¶
UsePodServiceAccount assumes an IAM role configured via a ServiceAccount. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html
func UseProviderSecret ¶
func UseProviderSecret(ctx context.Context, data []byte, profile, region string) (*aws.Config, error)
UseProviderSecret - AWS configuration which can be used to issue requests against AWS API
func UseWebIdentityToken ¶
func UseWebIdentityToken(ctx context.Context, region string, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)
UseWebIdentityToken calls sts.AssumeRoleWithWebIdentity using the configuration supplied in ProviderConfig's spec.credentianls.assumeRoleWithWebIdentity.
Types ¶
type AuthMethod ¶
AuthMethod is a method of authenticating to the AWS API
type CallerIdentityCache ¶
type CallerIdentityCache struct {
// contains filtered or unexported fields
}
CallerIdentityCache holds GetCallerIdentityOutput objects in memory so that we don't need to make API calls to AWS in every reconciliation of every resource. It has a maximum size that when it's reached, the entry that has the oldest access time will be removed from the cache, i.e. FIFO on last access time. Note that there is no need to invalidate the values in the cache because they never change so we don't need concurrency-safety to prevent access to an invalidated entry.
func NewCallerIdentityCache ¶
func NewCallerIdentityCache(opts ...CallerIdentityCacheOption) *CallerIdentityCache
NewCallerIdentityCache returns a new empty *CallerIdentityCache.
func (*CallerIdentityCache) GetCallerIdentity ¶
func (c *CallerIdentityCache) GetCallerIdentity(ctx context.Context, cfg aws.Config, creds aws.Credentials) (*sts.GetCallerIdentityOutput, error)
GetCallerIdentity returns the identity of the caller.
type CallerIdentityCacheOption ¶
type CallerIdentityCacheOption func(*CallerIdentityCache)
CallerIdentityCacheOption lets you configure *CallerIdentityCache.
func WithCache ¶
func WithCache(cache map[string]*callerIdentityCacheEntry) CallerIdentityCacheOption
WithCache lets you bootstrap with your own cache.
func WithGetCallerIdentityFn ¶
func WithGetCallerIdentityFn(f GetCallerIdentityFn) CallerIdentityCacheOption
WithGetCallerIdentityFn lets you override the default GetCallerIdentityFn.
func WithMaxSize ¶
func WithMaxSize(n int) CallerIdentityCacheOption
WithMaxSize lets you override the default MaxSize.
type GetCallerIdentityFn ¶
type GetCallerIdentityFn func(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)
GetCallerIdentityFn is the function type to call GetCallerIdentity API.