Documentation ¶
Index ¶
- func IsAccessDeniedError(err error) bool
- type OpenIDConnectManager
- func (m *OpenIDConnectManager) CheckProviderExists(ctx context.Context) (bool, error)
- func (m *OpenIDConnectManager) CreateProvider(ctx context.Context) error
- func (m *OpenIDConnectManager) DeleteProvider(ctx context.Context) error
- func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocument() cft.MapOfInterfaces
- func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions(serviceAccountNamespace, serviceAccountName string) cft.MapOfInterfaces
- type UnsupportedOIDCError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsAccessDeniedError ¶ added in v0.102.0
IsAccessDeniedError returns true if err is an AccessDenied error.
Types ¶
type OpenIDConnectManager ¶
type OpenIDConnectManager struct { ProviderARN string // contains filtered or unexported fields }
OpenIDConnectManager hold information about IAM OIDC integration
func NewOpenIDConnectManager ¶
func NewOpenIDConnectManager(iamapi awsapi.IAM, accountID, issuer, partition string, tags map[string]string) (*OpenIDConnectManager, error)
NewOpenIDConnectManager constructs a new IAM OIDC manager instance. It returns an error if the issuer URL is invalid
func (*OpenIDConnectManager) CheckProviderExists ¶
func (m *OpenIDConnectManager) CheckProviderExists(ctx context.Context) (bool, error)
CheckProviderExists will return true when the provider exists, it may return errors if it was unable to call IAM API
func (*OpenIDConnectManager) CreateProvider ¶
func (m *OpenIDConnectManager) CreateProvider(ctx context.Context) error
CreateProvider will retrieve CA root certificate and compute its thumbprint for the by connecting to it and create the provider using IAM API
func (*OpenIDConnectManager) DeleteProvider ¶
func (m *OpenIDConnectManager) DeleteProvider(ctx context.Context) error
DeleteProvider will delete the provider using IAM API, it may return an error the API call fails
func (*OpenIDConnectManager) MakeAssumeRolePolicyDocument ¶
func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocument() cft.MapOfInterfaces
func (*OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions ¶
func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions(serviceAccountNamespace, serviceAccountName string) cft.MapOfInterfaces
MakeAssumeRolePolicyDocumentWithServiceAccountConditions constructs a trust policy document for the given provider
type UnsupportedOIDCError ¶ added in v0.102.0
type UnsupportedOIDCError struct {
Message string
}
UnsupportedOIDCError represents an unsupported OIDC error
func (*UnsupportedOIDCError) Error ¶ added in v0.102.0
func (u *UnsupportedOIDCError) Error() string