Documentation
¶
Index ¶
- Constants
- func CheckEndpointAccess(ctx context.Context, config aws.Config) error
- func GenerateUpdateSystemdService(node *api.NodeConfig) ([]byte, error)
- func Install(ctx context.Context, tracker *tracker.Tracker, ...) error
- func NewSigningHelperDaemon(daemonManager daemon.DaemonManager, node *api.NodeConfig) daemon.Daemon
- func Uninstall() error
- func WriteAWSConfig(cfg AWSConfig) error
- type AWSConfig
- type AccessValidator
- type SigningHelperDaemon
- type SigningHelperSource
Constants ¶
View Source
const ( // DefaultAWSConfigPath is the path where the AWS config is written. DefaultAWSConfigPath = "/etc/aws/hybrid/config" // ProfileName is the profile used when writing the AWS config. ProfileName = "hybrid" )
View Source
const ( DaemonName = "aws_signing_helper_update" EksHybridAwsCredentialsPath = "/eks-hybrid/.aws/credentials" SigningHelperServiceFilePath = "/etc/systemd/system/aws_signing_helper_update.service" )
View Source
const SigningHelperBinPath = "/usr/local/bin/aws_signing_helper"
SigingHelperBinPath is the path that the signing helper is installed to.
Variables ¶
This section is empty.
Functions ¶
func GenerateUpdateSystemdService ¶
func GenerateUpdateSystemdService(node *api.NodeConfig) ([]byte, error)
GenerateUpdateSystemdService generates the systemd service config.
func NewSigningHelperDaemon ¶
func NewSigningHelperDaemon(daemonManager daemon.DaemonManager, node *api.NodeConfig) daemon.Daemon
func WriteAWSConfig ¶
WriteAWSConfig writes an AWS configuration file with contents appropriate for node config
Types ¶
type AWSConfig ¶
type AWSConfig struct {
// TrustAnchorARN is the ARN of the trust anchor for IAM Roles Anywhere.
TrustAnchorARN string
// ProfileARN is the ARN of the profile for IAM Roles Anywhere.
ProfileARN string
// RoleARN is the role to assume after auth.
RoleARN string
// Region is the region to target when authenticating.
Region string
// NodeName is the name of the node. Used to set session name on IAM
NodeName string
// ConfigPath is a path to a configuration file to be verified. Defaults to /etc/aws/hybrid/profile.
ConfigPath string
// SigningHelperBinPath is a pth to the aws iam roles anywhere signer helper. Defaults to /usr/local/bin/aws_signing_helper
SigningHelperBinPath string
// CertificatePath is the location on disk for the certificate used to authenticate with AWS.
CertificatePath string `json:"certificatePath,omitempty"`
// PrivateKeyPath is the location on disk for the certificate's private key.
PrivateKeyPath string `json:"privateKeyPath,omitempty"`
}
AWSConfig defines the data for configuring IAM Roles Anywhere AWS Configuration files.
type AccessValidator ¶
type AccessValidator struct {
// contains filtered or unexported fields
}
AccessValidator validates access to the AWS IAM Roles Anywhere API endpoint.
func NewAccessValidator ¶
func NewAccessValidator(aws aws.Config) AccessValidator
NewAccessValidator returns a new AccessValidator.
func (AccessValidator) Run ¶
func (a AccessValidator) Run(ctx context.Context, informer validation.Informer, _ *api.NodeConfig) error
type SigningHelperDaemon ¶
type SigningHelperDaemon struct {
// contains filtered or unexported fields
}
func (*SigningHelperDaemon) Configure ¶
func (s *SigningHelperDaemon) Configure() error
func (*SigningHelperDaemon) EnsureRunning ¶
func (s *SigningHelperDaemon) EnsureRunning(ctx context.Context) error
EnsureRunning enables and starts the aws_signing_helper unit.
func (*SigningHelperDaemon) Name ¶
func (s *SigningHelperDaemon) Name() string
Name returns the name of the daemon.
func (*SigningHelperDaemon) PostLaunch ¶
func (s *SigningHelperDaemon) PostLaunch() error
PostLaunch runs any additional step that needs to occur after the service daemon as been started.
func (*SigningHelperDaemon) Stop ¶
func (s *SigningHelperDaemon) Stop() error
Stop stops the aws_signing_helper unit only if it is loaded and running.
Source Files
Click to show internal directories.
Click to hide internal directories.