Documentation ¶
Index ¶
Constants ¶
const ( // ResourceTypeRole is the resource type of the role ARN ResourceTypeRole = "role" // ResourceTypeUser is the resource type of the user ARN ResourceTypeUser = "user" )
const (
// ResourceTypeAccount is the resource type of Accounts
ResourceTypeAccount = "account"
)
Variables ¶
var ( // ErrNeitherUserNorRole is the error returned when an identity is missing both UserARN // and RoleARN. ErrNeitherUserNorRole = errors.New("arn is neither user nor role") // ErrNoKubernetesIdentity is the error returned when an identity has neither a Kubernetes // username nor a list of groups. ErrNoKubernetesIdentity = errors.New("neither username nor group are set for iam identity") )
Functions ¶
Types ¶
type ARN ¶
ARN implements the pflag.Value interface for aws-sdk-go/aws/arn.ARN
func (*ARN) ResourceType ¶
ResourceType returns the type of the resource specified in the ARN. Typically, in the case of IAM, it is a role or a user
type AccountIdentity ¶ added in v0.71.0
type AccountIdentity struct { KubernetesAccount string `json:"account,omitempty"` KubernetesIdentity }
AccountIdentity represents a mapping from an IAM role to a kubernetes identity
func (AccountIdentity) ARN ¶ added in v0.71.0
func (a AccountIdentity) ARN() string
ARN returns the ARN of the iam mapping
func (AccountIdentity) Account ¶ added in v0.71.0
func (a AccountIdentity) Account() string
Account returns the Account of the iam mapping
func (AccountIdentity) Type ¶ added in v0.71.0
func (a AccountIdentity) Type() string
Type returns the resource type of the iam mapping
type Identity ¶
type Identity interface { ARN() string Type() string Username() string Groups() []string Account() string }
Identity represents an IAM identity and its corresponding Kubernetes identity
type KubernetesIdentity ¶
type KubernetesIdentity struct { KubernetesUsername string `json:"username,omitempty"` KubernetesGroups []string `json:"groups,omitempty"` }
KubernetesIdentity represents a kubernetes identity to be used in iam mappings
func (KubernetesIdentity) Groups ¶
func (k KubernetesIdentity) Groups() []string
Groups returns the Kubernetes groups
func (KubernetesIdentity) Username ¶
func (k KubernetesIdentity) Username() string
Username returns the Kubernetes username
type RoleIdentity ¶
type RoleIdentity struct { RoleARN string `json:"rolearn,omitempty"` KubernetesIdentity }
RoleIdentity represents a mapping from an IAM role to a kubernetes identity
func (RoleIdentity) Account ¶ added in v0.71.0
func (r RoleIdentity) Account() string
Account returns the Account of the iam mapping
func (RoleIdentity) Type ¶
func (r RoleIdentity) Type() string
Type returns the resource type of the iam mapping
type UserIdentity ¶
type UserIdentity struct { UserARN string `json:"userarn,omitempty"` KubernetesIdentity }
UserIdentity represents a mapping from an IAM user to a kubernetes identity
func (UserIdentity) Account ¶ added in v0.71.0
func (u UserIdentity) Account() string
Account returns the Account of the iam mapping
func (UserIdentity) Type ¶
func (u UserIdentity) Type() string
Type returns the resource type of the iam mapping