clients

package
v0.22.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 22, 2022 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	URLConfigTypeStatic  = "Static"
	URLConfigTypeDynamic = "Dynamic"
)

Endpoint URL configuration types.

View Source
const (
	// DefaultSection for INI files.
	DefaultSection = ini.DefaultSection
)
View Source
const GlobalRegion = "aws-global"

GlobalRegion is the region name used for AWS services that do not have a notion of region.

Variables

View Source
var GlobalCallerIdentityCache = NewCallerIdentityCache()

GlobalCallerIdentityCache is a global cache to be used by all controllers.

Functions

func AWSGetCallerIdentity

func AWSGetCallerIdentity(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)

AWSGetCallerIdentity makes sends a request to AWS to get the caller identity.

func CredentialsIDSecret

func CredentialsIDSecret(data []byte, profile string) (aws.Credentials, error)

CredentialsIDSecret retrieves AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the data which contains aws credentials under given profile Example: [default] aws_access_key_id = <YOUR_ACCESS_KEY_ID> aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>

func GetAWSConfig

func GetAWSConfig(ctx context.Context, c client.Client, mg resource.Managed) (*aws.Config, error)

GetAWSConfig to produce a config that can be used to authenticate to AWS.

func GetAssumeRoleWithWebIdentityConfig

func GetAssumeRoleWithWebIdentityConfig(ctx context.Context, cfg *aws.Config, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)

GetAssumeRoleWithWebIdentityConfig returns an aws.Config capable of doing AssumeRoleWithWebIdentity.

func GetRoleChainConfig

func GetRoleChainConfig(ctx context.Context, pcs *v1beta1.ProviderConfigSpec, cfg *aws.Config) (*aws.Config, error)

GetRoleChainConfig returns an aws.Config capable of doing role chaining with AssumeRoleWithWebIdentity & AssumeRoles.

func LateInitializeStringPtr

func LateInitializeStringPtr(in *string, from *string) *string

LateInitializeStringPtr returns in if it's non-nil, otherwise returns from which is the backup for the cases in is nil.

func SetAssumeRoleOptions

func SetAssumeRoleOptions(aro v1beta1.AssumeRoleOptions) func(*stscreds.AssumeRoleOptions)

SetAssumeRoleOptions sets options when Assuming an IAM Role

func SetResolver

func SetResolver(pc *v1beta1.ProviderConfig, cfg *aws.Config) *aws.Config

SetResolver parses annotations from the managed resource and returns a configuration accordingly.

func SetWebIdentityRoleOptions

func SetWebIdentityRoleOptions(opts v1beta1.AssumeRoleWithWebIdentityOptions) func(*stscreds.WebIdentityRoleOptions)

SetWebIdentityRoleOptions sets options when exchanging a WebIdentity Token for a Role

func TerraformSetupBuilder

func TerraformSetupBuilder(version, providerSource, providerVersion string) terraform.SetupFn

TerraformSetupBuilder returns Terraform setup with provider specific configuration like provider credentials used to connect to cloud APIs in the expected form of a Terraform provider.

func UsePodServiceAccount

func UsePodServiceAccount(ctx context.Context, region string) (*aws.Config, error)

UsePodServiceAccount assumes an IAM role configured via a ServiceAccount. https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html

func UseProviderSecret

func UseProviderSecret(ctx context.Context, data []byte, profile, region string) (*aws.Config, error)

UseProviderSecret - AWS configuration which can be used to issue requests against AWS API

func UseWebIdentityToken

func UseWebIdentityToken(ctx context.Context, region string, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)

UseWebIdentityToken calls sts.AssumeRoleWithWebIdentity using the configuration supplied in ProviderConfig's spec.credentianls.assumeRoleWithWebIdentity.

Types

type AuthMethod

type AuthMethod func(context.Context, []byte, string, string) (*aws.Config, error)

AuthMethod is a method of authenticating to the AWS API

type CallerIdentityCache

type CallerIdentityCache struct {
	// contains filtered or unexported fields
}

CallerIdentityCache holds GetCallerIdentityOutput objects in memory so that we don't need to make API calls to AWS in every reconciliation of every resource. It has a maximum size that when it's reached, the entry that has the oldest access time will be removed from the cache, i.e. FIFO on last access time. Note that there is no need to invalidate the values in the cache because they never change so we don't need concurrency-safety to prevent access to an invalidated entry.

func NewCallerIdentityCache

func NewCallerIdentityCache(opts ...CallerIdentityCacheOption) *CallerIdentityCache

NewCallerIdentityCache returns a new empty *CallerIdentityCache.

func (*CallerIdentityCache) GetCallerIdentity

func (c *CallerIdentityCache) GetCallerIdentity(ctx context.Context, cfg aws.Config, creds aws.Credentials) (*sts.GetCallerIdentityOutput, error)

GetCallerIdentity returns the identity of the caller.

type CallerIdentityCacheOption

type CallerIdentityCacheOption func(*CallerIdentityCache)

CallerIdentityCacheOption lets you configure *CallerIdentityCache.

func WithCache

func WithCache(cache map[string]*callerIdentityCacheEntry) CallerIdentityCacheOption

WithCache lets you bootstrap with your own cache.

func WithGetCallerIdentityFn

func WithGetCallerIdentityFn(f GetCallerIdentityFn) CallerIdentityCacheOption

WithGetCallerIdentityFn lets you override the default GetCallerIdentityFn.

func WithMaxSize

func WithMaxSize(n int) CallerIdentityCacheOption

WithMaxSize lets you override the default MaxSize.

type GetCallerIdentityFn

type GetCallerIdentityFn func(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)

GetCallerIdentityFn is the function type to call GetCallerIdentity API.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL