iam

package

v0.48.0 Latest Latest Go to latest Published: May 2, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/crossplane-contrib/provider-aws

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func BuildIAMTags(tags []v1beta1.Tag) []iamtypes.Tag
func CreatePatch(in *iamtypes.Role, target *v1beta1.RoleParameters) (*v1beta1.RoleParameters, error)
func DiffIAMTags(local map[string]string, remote []iamtypes.Tag) (add []iamtypes.Tag, remove []string, areTagsUpToDate bool)
func DiffIAMTagsWithUpdates(local []v1beta1.Tag, remote []iamtypes.Tag) (addOrUpdate []iamtypes.Tag, remove []string, areTagsUpToDate bool)
func GenerateCreateRoleInput(name string, p *v1beta1.RoleParameters) *iam.CreateRoleInput
func GenerateOIDCProviderObservation(observed iam.GetOpenIDConnectProviderOutput) svcapitypes.OpenIDConnectProviderObservation
func GenerateRole(in v1beta1.RoleParameters, role *iamtypes.Role) error
func GenerateRoleObservation(role iamtypes.Role) v1beta1.RoleExternalStatus
func IsErrorNotFound(err error) bool
func IsOIDCProviderUpToDate(in svcapitypes.OpenIDConnectProviderParameters, ...) bool
func IsPolicyDocumentUpToDate(in string, policy *string) (bool, string, error)
func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion) (bool, string, error)
func IsRoleUpToDate(in v1beta1.RoleParameters, observed iamtypes.Role) (bool, string, error)
func LateInitializeRole(in *v1beta1.RoleParameters, role *iamtypes.Role)
func LateInitializeUser(in *v1beta1.UserParameters, user *iamtypes.User)
func SliceDifference(current, desired []string) (add, remove []string)
func ValidatePolicyObject(policy string) error
type AccessClient
- func NewAccessClient(conf aws.Config) AccessClient
type GroupClient
- func NewGroupClient(cfg aws.Config) GroupClient
type GroupPolicyAttachmentClient
- func NewGroupPolicyAttachmentClient(cfg aws.Config) GroupPolicyAttachmentClient
type GroupUserMembershipClient
- func NewGroupUserMembershipClient(cfg aws.Config) GroupUserMembershipClient
type OpenIDConnectProviderClient
- func NewOpenIDConnectProviderClient(cfg aws.Config) OpenIDConnectProviderClient
type PolicyClient
- func NewPolicyClient(cfg aws.Config) PolicyClient
type PolicyDocument
type RoleClient
- func NewRoleClient(conf aws.Config) RoleClient
type RolePolicyAttachmentClient
- func NewRolePolicyAttachmentClient(conf aws.Config) RolePolicyAttachmentClient
type RolePolicyClient
- func NewRolePolicyClient(conf aws.Config) RolePolicyClient
type STSClient
- func NewSTSClient(cfg aws.Config) STSClient
type StatementEntry
type UserClient
- func NewUserClient(cfg aws.Config) UserClient
type UserPolicyAttachmentClient
- func NewUserPolicyAttachmentClient(cfg aws.Config) UserPolicyAttachmentClient

Constants ¶

View Source

const (
	// ErrRolePolicyNotFound is the aws exception when the policy cannot be found on the role
	ErrRolePolicyNotFound = "NoSuchEntity"
)

Variables ¶

This section is empty.

Functions ¶

func BuildIAMTags ¶

func BuildIAMTags(tags []v1beta1.Tag) []iamtypes.Tag

BuildIAMTags build a tag array with type that IAM client expects.

func CreatePatch ¶

func CreatePatch(in *iamtypes.Role, target *v1beta1.RoleParameters) (*v1beta1.RoleParameters, error)

CreatePatch creates a *v1beta1.RoleParameters that has only the changed values between the target *v1beta1.RoleParameters and the current *iamtypes.Role

func DiffIAMTags ¶

func DiffIAMTags(local map[string]string, remote []iamtypes.Tag) (add []iamtypes.Tag, remove []string, areTagsUpToDate bool)

DiffIAMTags returns the lists of tags that need to be removed and added according to current and desired states, also returns if desired state needs to be updated

func DiffIAMTagsWithUpdates ¶

func DiffIAMTagsWithUpdates(local []v1beta1.Tag, remote []iamtypes.Tag) (addOrUpdate []iamtypes.Tag, remove []string, areTagsUpToDate bool)

DiffIAMTagsWithUpdates returns the lists of tags that need to be removed and added according to current and desired states; tags that have changed will be returned in the addOrUpdate return parameter, but not included in the `remove` return parameters it also returns if desired state needs to be updated

func GenerateCreateRoleInput ¶

func GenerateCreateRoleInput(name string, p *v1beta1.RoleParameters) *iam.CreateRoleInput

GenerateCreateRoleInput from RoleSpec

func GenerateOIDCProviderObservation ¶

func GenerateOIDCProviderObservation(observed iam.GetOpenIDConnectProviderOutput) svcapitypes.OpenIDConnectProviderObservation

GenerateOIDCProviderObservation is used to produce v1alpha1.OpenIDConnectProvider from iam.OpenIDConnectProvider

func GenerateRole ¶

func GenerateRole(in v1beta1.RoleParameters, role *iamtypes.Role) error

GenerateRole assigns the in RoleParamters to role.

func GenerateRoleObservation ¶

func GenerateRoleObservation(role iamtypes.Role) v1beta1.RoleExternalStatus

GenerateRoleObservation is used to produce RoleExternalStatus from iamtypes.Role

func IsErrorNotFound ¶

func IsErrorNotFound(err error) bool

IsErrorNotFound returns true if the error code indicates that the item was not found

func IsOIDCProviderUpToDate ¶

func IsOIDCProviderUpToDate(in svcapitypes.OpenIDConnectProviderParameters, observed iam.GetOpenIDConnectProviderOutput) bool

IsOIDCProviderUpToDate checks whether there is a change in any of the modifiable fields in OpenIDConnectProvider.

func IsPolicyDocumentUpToDate ¶ added in v0.46.0

func IsPolicyDocumentUpToDate(in string, policy *string) (bool, string, error)

IsPolicyDocumentUpToDate checks whether there is a change in any of the modifiable fields in policy.

func IsPolicyUpToDate ¶

func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion) (bool, string, error)

IsPolicyUpToDate checks whether there is a change in any of the modifiable fields in policy.

func IsRoleUpToDate ¶

func IsRoleUpToDate(in v1beta1.RoleParameters, observed iamtypes.Role) (bool, string, error)

IsRoleUpToDate checks whether there is a change in any of the modifiable fields in role.

func LateInitializeRole ¶

func LateInitializeRole(in *v1beta1.RoleParameters, role *iamtypes.Role)

LateInitializeRole fills the empty fields in *v1beta1.RoleParameters with the values seen in iamtypes.Role.

func LateInitializeUser ¶

func LateInitializeUser(in *v1beta1.UserParameters, user *iamtypes.User)

LateInitializeUser fills the empty fields in *v1alpha1.User with the values seen in iam.User.

func SliceDifference ¶

func SliceDifference(current, desired []string) (add, remove []string)

SliceDifference returns the elements to added and removed between the current and desired slices

func ValidatePolicyObject ¶ added in v0.46.0

func ValidatePolicyObject(policy string) error

ValidatePolicyObject tries to parse the raw policy into a Policy object.

Types ¶

type AccessClient ¶

type AccessClient interface {
	CreateAccessKey(ctx context.Context, input *iam.CreateAccessKeyInput, opts ...func(*iam.Options)) (*iam.CreateAccessKeyOutput, error)
	DeleteAccessKey(ctx context.Context, input *iam.DeleteAccessKeyInput, opts ...func(*iam.Options)) (*iam.DeleteAccessKeyOutput, error)
	ListAccessKeys(ctx context.Context, input *iam.ListAccessKeysInput, opts ...func(*iam.Options)) (*iam.ListAccessKeysOutput, error)
	UpdateAccessKey(ctx context.Context, input *iam.UpdateAccessKeyInput, opts ...func(*iam.Options)) (*iam.UpdateAccessKeyOutput, error)
}

AccessClient is the external client used for AccessKey Custom Resource

func NewAccessClient ¶

func NewAccessClient(conf aws.Config) AccessClient

NewAccessClient returns a new client using AWS credentials as JSON encoded data.

type GroupClient ¶

type GroupClient interface {
	GetGroup(ctx context.Context, input *iam.GetGroupInput, opts ...func(*iam.Options)) (*iam.GetGroupOutput, error)
	CreateGroup(ctx context.Context, input *iam.CreateGroupInput, opts ...func(*iam.Options)) (*iam.CreateGroupOutput, error)
	DeleteGroup(ctx context.Context, input *iam.DeleteGroupInput, opts ...func(*iam.Options)) (*iam.DeleteGroupOutput, error)
	UpdateGroup(ctx context.Context, input *iam.UpdateGroupInput, opts ...func(*iam.Options)) (*iam.UpdateGroupOutput, error)
}

GroupClient is the external client used for Group Custom Resource

func NewGroupClient ¶

func NewGroupClient(cfg aws.Config) GroupClient

NewGroupClient returns a new client using AWS credentials as JSON encoded data.

type GroupPolicyAttachmentClient ¶

type GroupPolicyAttachmentClient interface {
	AttachGroupPolicy(ctx context.Context, input *iam.AttachGroupPolicyInput, opts ...func(*iam.Options)) (*iam.AttachGroupPolicyOutput, error)
	ListAttachedGroupPolicies(ctx context.Context, input *iam.ListAttachedGroupPoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedGroupPoliciesOutput, error)
	DetachGroupPolicy(ctx context.Context, input *iam.DetachGroupPolicyInput, opts ...func(*iam.Options)) (*iam.DetachGroupPolicyOutput, error)
}

GroupPolicyAttachmentClient is the external client used for GroupPolicyAttachment Custom Resource

func NewGroupPolicyAttachmentClient ¶

func NewGroupPolicyAttachmentClient(cfg aws.Config) GroupPolicyAttachmentClient

NewGroupPolicyAttachmentClient creates new RDS RDSClient with provided AWS Configurations/Credentials

type GroupUserMembershipClient ¶

type GroupUserMembershipClient interface {
	AddUserToGroup(ctx context.Context, input *iam.AddUserToGroupInput, opts ...func(*iam.Options)) (*iam.AddUserToGroupOutput, error)
	RemoveUserFromGroup(ctx context.Context, input *iam.RemoveUserFromGroupInput, opts ...func(*iam.Options)) (*iam.RemoveUserFromGroupOutput, error)
	ListGroupsForUser(ctx context.Context, input *iam.ListGroupsForUserInput, opts ...func(*iam.Options)) (*iam.ListGroupsForUserOutput, error)
}

GroupUserMembershipClient is the external client used for GroupUserMembership Custom Resource

func NewGroupUserMembershipClient ¶

func NewGroupUserMembershipClient(cfg aws.Config) GroupUserMembershipClient

NewGroupUserMembershipClient creates new RDS RDSClient with provided AWS Configurations/Credentials

type OpenIDConnectProviderClient ¶

type OpenIDConnectProviderClient interface {
	GetOpenIDConnectProvider(ctx context.Context, input *iam.GetOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.GetOpenIDConnectProviderOutput, error)
	CreateOpenIDConnectProvider(ctx context.Context, input *iam.CreateOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.CreateOpenIDConnectProviderOutput, error)
	AddClientIDToOpenIDConnectProvider(ctx context.Context, input *iam.AddClientIDToOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.AddClientIDToOpenIDConnectProviderOutput, error)
	RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, input *iam.RemoveClientIDFromOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.RemoveClientIDFromOpenIDConnectProviderOutput, error)
	UpdateOpenIDConnectProviderThumbprint(ctx context.Context, input *iam.UpdateOpenIDConnectProviderThumbprintInput, opts ...func(*iam.Options)) (*iam.UpdateOpenIDConnectProviderThumbprintOutput, error)
	DeleteOpenIDConnectProvider(ctx context.Context, input *iam.DeleteOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.DeleteOpenIDConnectProviderOutput, error)
	TagOpenIDConnectProvider(ctx context.Context, input *iam.TagOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.TagOpenIDConnectProviderOutput, error)
	UntagOpenIDConnectProvider(ctx context.Context, input *iam.UntagOpenIDConnectProviderInput, optFns ...func(*iam.Options)) (*iam.UntagOpenIDConnectProviderOutput, error)
	ListOpenIDConnectProviders(ctx context.Context, input *iam.ListOpenIDConnectProvidersInput, optFns ...func(*iam.Options)) (*iam.ListOpenIDConnectProvidersOutput, error)
	ListOpenIDConnectProviderTags(ctx context.Context, input *iam.ListOpenIDConnectProviderTagsInput, optFns ...func(*iam.Options)) (*iam.ListOpenIDConnectProviderTagsOutput, error)
}

OpenIDConnectProviderClient is the external client used for IAM OpenIDConnectProvide Custom Resource

func NewOpenIDConnectProviderClient ¶

func NewOpenIDConnectProviderClient(cfg aws.Config) OpenIDConnectProviderClient

NewOpenIDConnectProviderClient returns a new client using AWS credentials as JSON encoded data.

type PolicyClient ¶

type PolicyClient interface {
	GetPolicy(ctx context.Context, input *iam.GetPolicyInput, opts ...func(*iam.Options)) (*iam.GetPolicyOutput, error)
	CreatePolicy(ctx context.Context, input *iam.CreatePolicyInput, opts ...func(*iam.Options)) (*iam.CreatePolicyOutput, error)
	DeletePolicy(ctx context.Context, input *iam.DeletePolicyInput, opts ...func(*iam.Options)) (*iam.DeletePolicyOutput, error)
	GetPolicyVersion(ctx context.Context, input *iam.GetPolicyVersionInput, opts ...func(*iam.Options)) (*iam.GetPolicyVersionOutput, error)
	CreatePolicyVersion(ctx context.Context, input *iam.CreatePolicyVersionInput, opts ...func(*iam.Options)) (*iam.CreatePolicyVersionOutput, error)
	ListPolicyVersions(ctx context.Context, input *iam.ListPolicyVersionsInput, opts ...func(*iam.Options)) (*iam.ListPolicyVersionsOutput, error)
	DeletePolicyVersion(ctx context.Context, input *iam.DeletePolicyVersionInput, opts ...func(*iam.Options)) (*iam.DeletePolicyVersionOutput, error)
	TagPolicy(ctx context.Context, input *iam.TagPolicyInput, opts ...func(*iam.Options)) (*iam.TagPolicyOutput, error)
	UntagPolicy(ctx context.Context, input *iam.UntagPolicyInput, opts ...func(*iam.Options)) (*iam.UntagPolicyOutput, error)
}

PolicyClient is the external client used for Policy Custom Resource

func NewPolicyClient ¶

func NewPolicyClient(cfg aws.Config) PolicyClient

NewPolicyClient returns a new client using AWS credentials as JSON encoded data.

type PolicyDocument ¶

type PolicyDocument struct {
	Version   string
	Statement []StatementEntry
}

PolicyDocument is the structure of IAM policy document

type RoleClient ¶

type RoleClient interface {
	GetRole(ctx context.Context, input *iam.GetRoleInput, opts ...func(*iam.Options)) (*iam.GetRoleOutput, error)
	CreateRole(ctx context.Context, input *iam.CreateRoleInput, opts ...func(*iam.Options)) (*iam.CreateRoleOutput, error)
	DeleteRole(ctx context.Context, input *iam.DeleteRoleInput, opts ...func(*iam.Options)) (*iam.DeleteRoleOutput, error)
	UpdateRole(ctx context.Context, input *iam.UpdateRoleInput, opts ...func(*iam.Options)) (*iam.UpdateRoleOutput, error)
	PutRolePermissionsBoundary(ctx context.Context, params *iam.PutRolePermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.PutRolePermissionsBoundaryOutput, error)
	DeleteRolePermissionsBoundary(ctx context.Context, params *iam.DeleteRolePermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.DeleteRolePermissionsBoundaryOutput, error)
	UpdateAssumeRolePolicy(ctx context.Context, input *iam.UpdateAssumeRolePolicyInput, opts ...func(*iam.Options)) (*iam.UpdateAssumeRolePolicyOutput, error)
	TagRole(ctx context.Context, input *iam.TagRoleInput, opts ...func(*iam.Options)) (*iam.TagRoleOutput, error)
	UntagRole(ctx context.Context, input *iam.UntagRoleInput, opts ...func(*iam.Options)) (*iam.UntagRoleOutput, error)
}

RoleClient is the external client used for Role Custom Resource

func NewRoleClient ¶

func NewRoleClient(conf aws.Config) RoleClient

NewRoleClient returns a new client using AWS credentials as JSON encoded data.

type RolePolicyAttachmentClient ¶

type RolePolicyAttachmentClient interface {
	AttachRolePolicy(ctx context.Context, input *iam.AttachRolePolicyInput, opts ...func(*iam.Options)) (*iam.AttachRolePolicyOutput, error)
	ListAttachedRolePolicies(ctx context.Context, input *iam.ListAttachedRolePoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedRolePoliciesOutput, error)
	DetachRolePolicy(ctx context.Context, input *iam.DetachRolePolicyInput, opts ...func(*iam.Options)) (*iam.DetachRolePolicyOutput, error)
}

RolePolicyAttachmentClient is the external client used for RolePolicyAttachment Custom Resource

func NewRolePolicyAttachmentClient ¶

func NewRolePolicyAttachmentClient(conf aws.Config) RolePolicyAttachmentClient

NewRolePolicyAttachmentClient returns a new client given an aws config

type RolePolicyClient ¶ added in v0.46.0

type RolePolicyClient interface {
	GetRolePolicy(ctx context.Context, input *iam.GetRolePolicyInput, opts ...func(*iam.Options)) (*iam.GetRolePolicyOutput, error)
	PutRolePolicy(ctx context.Context, input *iam.PutRolePolicyInput, opts ...func(*iam.Options)) (*iam.PutRolePolicyOutput, error)
	DeleteRolePolicy(ctx context.Context, input *iam.DeleteRolePolicyInput, opts ...func(*iam.Options)) (*iam.DeleteRolePolicyOutput, error)
}

RolePolicyClient is the external client used for RolePolicy Custom Resource

func NewRolePolicyClient ¶ added in v0.46.0

func NewRolePolicyClient(conf aws.Config) RolePolicyClient

NewRolePolicyClient returns a new client using AWS credentials as JSON encoded data.

type STSClient ¶

type STSClient interface {
	GetCallerIdentity(ctx context.Context, input *sts.GetCallerIdentityInput, opts ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}

STSClient is the external client used for STS

func NewSTSClient ¶

func NewSTSClient(cfg aws.Config) STSClient

NewSTSClient creates a new STS Client.

type StatementEntry ¶

type StatementEntry struct {
	Sid      string
	Effect   string
	Action   []string
	Resource []string
}

StatementEntry is used to define permission statements in a PolicyDocument

type UserClient ¶

type UserClient interface {
	GetUser(ctx context.Context, input *iam.GetUserInput, opts ...func(*iam.Options)) (*iam.GetUserOutput, error)
	CreateUser(ctx context.Context, input *iam.CreateUserInput, opts ...func(*iam.Options)) (*iam.CreateUserOutput, error)
	DeleteUser(ctx context.Context, input *iam.DeleteUserInput, opts ...func(*iam.Options)) (*iam.DeleteUserOutput, error)
	UpdateUser(ctx context.Context, input *iam.UpdateUserInput, opts ...func(*iam.Options)) (*iam.UpdateUserOutput, error)
	PutUserPermissionsBoundary(ctx context.Context, params *iam.PutUserPermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.PutUserPermissionsBoundaryOutput, error)
	DeleteUserPermissionsBoundary(ctx context.Context, params *iam.DeleteUserPermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.DeleteUserPermissionsBoundaryOutput, error)
	TagUser(ctx context.Context, params *iam.TagUserInput, opts ...func(*iam.Options)) (*iam.TagUserOutput, error)
	UntagUser(ctx context.Context, params *iam.UntagUserInput, opts ...func(*iam.Options)) (*iam.UntagUserOutput, error)
}

UserClient is the external client used for IAM User Custom Resource

func NewUserClient ¶

func NewUserClient(cfg aws.Config) UserClient

NewUserClient returns a new client using AWS credentials as JSON encoded data.

type UserPolicyAttachmentClient ¶

type UserPolicyAttachmentClient interface {
	AttachUserPolicy(ctx context.Context, input *iam.AttachUserPolicyInput, opts ...func(*iam.Options)) (*iam.AttachUserPolicyOutput, error)
	ListAttachedUserPolicies(ctx context.Context, input *iam.ListAttachedUserPoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedUserPoliciesOutput, error)
	DetachUserPolicy(ctx context.Context, input *iam.DetachUserPolicyInput, opts ...func(*iam.Options)) (*iam.DetachUserPolicyOutput, error)
}

UserPolicyAttachmentClient is the external client used for UserPolicyAttachment Custom Resource

func NewUserPolicyAttachmentClient ¶

func NewUserPolicyAttachmentClient(cfg aws.Config) UserPolicyAttachmentClient

NewUserPolicyAttachmentClient creates new RDS RDSClient with provided AWS Configurations/Credentials

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
convert
fake

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL