iam

package
v0.49.0-rc.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 2, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ErrRolePolicyNotFound is the aws exception when the policy cannot be found on the role
	ErrRolePolicyNotFound = "NoSuchEntity"
)

Variables

This section is empty.

Functions

func BuildIAMTags

func BuildIAMTags(tags []v1beta1.Tag) []iamtypes.Tag

BuildIAMTags build a tag array with type that IAM client expects.

func CreatePatch

func CreatePatch(in *iamtypes.Role, target *v1beta1.RoleParameters) (*v1beta1.RoleParameters, error)

CreatePatch creates a *v1beta1.RoleParameters that has only the changed values between the target *v1beta1.RoleParameters and the current *iamtypes.Role

func DiffIAMTags

func DiffIAMTags(local map[string]string, remote []iamtypes.Tag) (add []iamtypes.Tag, remove []string, areTagsUpToDate bool)

DiffIAMTags returns the lists of tags that need to be removed and added according to current and desired states, also returns if desired state needs to be updated

func DiffIAMTagsWithUpdates

func DiffIAMTagsWithUpdates(local []v1beta1.Tag, remote []iamtypes.Tag) (addOrUpdate []iamtypes.Tag, remove []string, areTagsUpToDate bool)

DiffIAMTagsWithUpdates returns the lists of tags that need to be removed and added according to current and desired states; tags that have changed will be returned in the addOrUpdate return parameter, but not included in the `remove` return parameters it also returns if desired state needs to be updated

func GenerateCreateRoleInput

func GenerateCreateRoleInput(name string, p *v1beta1.RoleParameters) *iam.CreateRoleInput

GenerateCreateRoleInput from RoleSpec

func GenerateOIDCProviderObservation

func GenerateOIDCProviderObservation(observed iam.GetOpenIDConnectProviderOutput) svcapitypes.OpenIDConnectProviderObservation

GenerateOIDCProviderObservation is used to produce v1alpha1.OpenIDConnectProvider from iam.OpenIDConnectProvider

func GenerateRole

func GenerateRole(in v1beta1.RoleParameters, role *iamtypes.Role) error

GenerateRole assigns the in RoleParamters to role.

func GenerateRoleObservation

func GenerateRoleObservation(role iamtypes.Role) v1beta1.RoleExternalStatus

GenerateRoleObservation is used to produce RoleExternalStatus from iamtypes.Role

func IsErrorNotFound

func IsErrorNotFound(err error) bool

IsErrorNotFound returns true if the error code indicates that the item was not found

func IsOIDCProviderUpToDate

IsOIDCProviderUpToDate checks whether there is a change in any of the modifiable fields in OpenIDConnectProvider.

func IsPolicyDocumentUpToDate added in v0.46.0

func IsPolicyDocumentUpToDate(in string, policy *string) (bool, string, error)

IsPolicyDocumentUpToDate checks whether there is a change in any of the modifiable fields in policy.

func IsPolicyUpToDate

func IsPolicyUpToDate(in v1beta1.PolicyParameters, policy iamtypes.PolicyVersion) (bool, string, error)

IsPolicyUpToDate checks whether there is a change in any of the modifiable fields in policy.

func IsRoleUpToDate

func IsRoleUpToDate(in v1beta1.RoleParameters, observed iamtypes.Role) (bool, string, error)

IsRoleUpToDate checks whether there is a change in any of the modifiable fields in role.

func LateInitializeRole

func LateInitializeRole(in *v1beta1.RoleParameters, role *iamtypes.Role)

LateInitializeRole fills the empty fields in *v1beta1.RoleParameters with the values seen in iamtypes.Role.

func LateInitializeUser

func LateInitializeUser(in *v1beta1.UserParameters, user *iamtypes.User)

LateInitializeUser fills the empty fields in *v1alpha1.User with the values seen in iam.User.

func SliceDifference

func SliceDifference(current, desired []string) (add, remove []string)

SliceDifference returns the elements to added and removed between the current and desired slices

func ValidatePolicyObject added in v0.46.0

func ValidatePolicyObject(policy string) error

ValidatePolicyObject tries to parse the raw policy into a Policy object.

Types

type AccessClient

type AccessClient interface {
	CreateAccessKey(ctx context.Context, input *iam.CreateAccessKeyInput, opts ...func(*iam.Options)) (*iam.CreateAccessKeyOutput, error)
	DeleteAccessKey(ctx context.Context, input *iam.DeleteAccessKeyInput, opts ...func(*iam.Options)) (*iam.DeleteAccessKeyOutput, error)
	ListAccessKeys(ctx context.Context, input *iam.ListAccessKeysInput, opts ...func(*iam.Options)) (*iam.ListAccessKeysOutput, error)
	UpdateAccessKey(ctx context.Context, input *iam.UpdateAccessKeyInput, opts ...func(*iam.Options)) (*iam.UpdateAccessKeyOutput, error)
}

AccessClient is the external client used for AccessKey Custom Resource

func NewAccessClient

func NewAccessClient(conf aws.Config) AccessClient

NewAccessClient returns a new client using AWS credentials as JSON encoded data.

type GroupClient

type GroupClient interface {
	GetGroup(ctx context.Context, input *iam.GetGroupInput, opts ...func(*iam.Options)) (*iam.GetGroupOutput, error)
	CreateGroup(ctx context.Context, input *iam.CreateGroupInput, opts ...func(*iam.Options)) (*iam.CreateGroupOutput, error)
	DeleteGroup(ctx context.Context, input *iam.DeleteGroupInput, opts ...func(*iam.Options)) (*iam.DeleteGroupOutput, error)
	UpdateGroup(ctx context.Context, input *iam.UpdateGroupInput, opts ...func(*iam.Options)) (*iam.UpdateGroupOutput, error)
}

GroupClient is the external client used for Group Custom Resource

func NewGroupClient

func NewGroupClient(cfg aws.Config) GroupClient

NewGroupClient returns a new client using AWS credentials as JSON encoded data.

type GroupPolicyAttachmentClient

type GroupPolicyAttachmentClient interface {
	AttachGroupPolicy(ctx context.Context, input *iam.AttachGroupPolicyInput, opts ...func(*iam.Options)) (*iam.AttachGroupPolicyOutput, error)
	ListAttachedGroupPolicies(ctx context.Context, input *iam.ListAttachedGroupPoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedGroupPoliciesOutput, error)
	DetachGroupPolicy(ctx context.Context, input *iam.DetachGroupPolicyInput, opts ...func(*iam.Options)) (*iam.DetachGroupPolicyOutput, error)
}

GroupPolicyAttachmentClient is the external client used for GroupPolicyAttachment Custom Resource

func NewGroupPolicyAttachmentClient

func NewGroupPolicyAttachmentClient(cfg aws.Config) GroupPolicyAttachmentClient

NewGroupPolicyAttachmentClient creates new RDS RDSClient with provided AWS Configurations/Credentials

type GroupUserMembershipClient

type GroupUserMembershipClient interface {
	AddUserToGroup(ctx context.Context, input *iam.AddUserToGroupInput, opts ...func(*iam.Options)) (*iam.AddUserToGroupOutput, error)
	RemoveUserFromGroup(ctx context.Context, input *iam.RemoveUserFromGroupInput, opts ...func(*iam.Options)) (*iam.RemoveUserFromGroupOutput, error)
	ListGroupsForUser(ctx context.Context, input *iam.ListGroupsForUserInput, opts ...func(*iam.Options)) (*iam.ListGroupsForUserOutput, error)
}

GroupUserMembershipClient is the external client used for GroupUserMembership Custom Resource

func NewGroupUserMembershipClient

func NewGroupUserMembershipClient(cfg aws.Config) GroupUserMembershipClient

NewGroupUserMembershipClient creates new RDS RDSClient with provided AWS Configurations/Credentials

type OpenIDConnectProviderClient

type OpenIDConnectProviderClient interface {
	GetOpenIDConnectProvider(ctx context.Context, input *iam.GetOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.GetOpenIDConnectProviderOutput, error)
	CreateOpenIDConnectProvider(ctx context.Context, input *iam.CreateOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.CreateOpenIDConnectProviderOutput, error)
	AddClientIDToOpenIDConnectProvider(ctx context.Context, input *iam.AddClientIDToOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.AddClientIDToOpenIDConnectProviderOutput, error)
	RemoveClientIDFromOpenIDConnectProvider(ctx context.Context, input *iam.RemoveClientIDFromOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.RemoveClientIDFromOpenIDConnectProviderOutput, error)
	UpdateOpenIDConnectProviderThumbprint(ctx context.Context, input *iam.UpdateOpenIDConnectProviderThumbprintInput, opts ...func(*iam.Options)) (*iam.UpdateOpenIDConnectProviderThumbprintOutput, error)
	DeleteOpenIDConnectProvider(ctx context.Context, input *iam.DeleteOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.DeleteOpenIDConnectProviderOutput, error)
	TagOpenIDConnectProvider(ctx context.Context, input *iam.TagOpenIDConnectProviderInput, opts ...func(*iam.Options)) (*iam.TagOpenIDConnectProviderOutput, error)
	UntagOpenIDConnectProvider(ctx context.Context, input *iam.UntagOpenIDConnectProviderInput, optFns ...func(*iam.Options)) (*iam.UntagOpenIDConnectProviderOutput, error)
	ListOpenIDConnectProviders(ctx context.Context, input *iam.ListOpenIDConnectProvidersInput, optFns ...func(*iam.Options)) (*iam.ListOpenIDConnectProvidersOutput, error)
	ListOpenIDConnectProviderTags(ctx context.Context, input *iam.ListOpenIDConnectProviderTagsInput, optFns ...func(*iam.Options)) (*iam.ListOpenIDConnectProviderTagsOutput, error)
}

OpenIDConnectProviderClient is the external client used for IAM OpenIDConnectProvide Custom Resource

func NewOpenIDConnectProviderClient

func NewOpenIDConnectProviderClient(cfg aws.Config) OpenIDConnectProviderClient

NewOpenIDConnectProviderClient returns a new client using AWS credentials as JSON encoded data.

type PolicyClient

type PolicyClient interface {
	GetPolicy(ctx context.Context, input *iam.GetPolicyInput, opts ...func(*iam.Options)) (*iam.GetPolicyOutput, error)
	CreatePolicy(ctx context.Context, input *iam.CreatePolicyInput, opts ...func(*iam.Options)) (*iam.CreatePolicyOutput, error)
	DeletePolicy(ctx context.Context, input *iam.DeletePolicyInput, opts ...func(*iam.Options)) (*iam.DeletePolicyOutput, error)
	GetPolicyVersion(ctx context.Context, input *iam.GetPolicyVersionInput, opts ...func(*iam.Options)) (*iam.GetPolicyVersionOutput, error)
	CreatePolicyVersion(ctx context.Context, input *iam.CreatePolicyVersionInput, opts ...func(*iam.Options)) (*iam.CreatePolicyVersionOutput, error)
	ListPolicyVersions(ctx context.Context, input *iam.ListPolicyVersionsInput, opts ...func(*iam.Options)) (*iam.ListPolicyVersionsOutput, error)
	DeletePolicyVersion(ctx context.Context, input *iam.DeletePolicyVersionInput, opts ...func(*iam.Options)) (*iam.DeletePolicyVersionOutput, error)
	TagPolicy(ctx context.Context, input *iam.TagPolicyInput, opts ...func(*iam.Options)) (*iam.TagPolicyOutput, error)
	UntagPolicy(ctx context.Context, input *iam.UntagPolicyInput, opts ...func(*iam.Options)) (*iam.UntagPolicyOutput, error)
}

PolicyClient is the external client used for Policy Custom Resource

func NewPolicyClient

func NewPolicyClient(cfg aws.Config) PolicyClient

NewPolicyClient returns a new client using AWS credentials as JSON encoded data.

type PolicyDocument

type PolicyDocument struct {
	Version   string
	Statement []StatementEntry
}

PolicyDocument is the structure of IAM policy document

type RoleClient

type RoleClient interface {
	GetRole(ctx context.Context, input *iam.GetRoleInput, opts ...func(*iam.Options)) (*iam.GetRoleOutput, error)
	CreateRole(ctx context.Context, input *iam.CreateRoleInput, opts ...func(*iam.Options)) (*iam.CreateRoleOutput, error)
	DeleteRole(ctx context.Context, input *iam.DeleteRoleInput, opts ...func(*iam.Options)) (*iam.DeleteRoleOutput, error)
	UpdateRole(ctx context.Context, input *iam.UpdateRoleInput, opts ...func(*iam.Options)) (*iam.UpdateRoleOutput, error)
	PutRolePermissionsBoundary(ctx context.Context, params *iam.PutRolePermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.PutRolePermissionsBoundaryOutput, error)
	DeleteRolePermissionsBoundary(ctx context.Context, params *iam.DeleteRolePermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.DeleteRolePermissionsBoundaryOutput, error)
	UpdateAssumeRolePolicy(ctx context.Context, input *iam.UpdateAssumeRolePolicyInput, opts ...func(*iam.Options)) (*iam.UpdateAssumeRolePolicyOutput, error)
	TagRole(ctx context.Context, input *iam.TagRoleInput, opts ...func(*iam.Options)) (*iam.TagRoleOutput, error)
	UntagRole(ctx context.Context, input *iam.UntagRoleInput, opts ...func(*iam.Options)) (*iam.UntagRoleOutput, error)
}

RoleClient is the external client used for Role Custom Resource

func NewRoleClient

func NewRoleClient(conf aws.Config) RoleClient

NewRoleClient returns a new client using AWS credentials as JSON encoded data.

type RolePolicyAttachmentClient

type RolePolicyAttachmentClient interface {
	AttachRolePolicy(ctx context.Context, input *iam.AttachRolePolicyInput, opts ...func(*iam.Options)) (*iam.AttachRolePolicyOutput, error)
	ListAttachedRolePolicies(ctx context.Context, input *iam.ListAttachedRolePoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedRolePoliciesOutput, error)
	DetachRolePolicy(ctx context.Context, input *iam.DetachRolePolicyInput, opts ...func(*iam.Options)) (*iam.DetachRolePolicyOutput, error)
}

RolePolicyAttachmentClient is the external client used for RolePolicyAttachment Custom Resource

func NewRolePolicyAttachmentClient

func NewRolePolicyAttachmentClient(conf aws.Config) RolePolicyAttachmentClient

NewRolePolicyAttachmentClient returns a new client given an aws config

type RolePolicyClient added in v0.46.0

type RolePolicyClient interface {
	GetRolePolicy(ctx context.Context, input *iam.GetRolePolicyInput, opts ...func(*iam.Options)) (*iam.GetRolePolicyOutput, error)
	PutRolePolicy(ctx context.Context, input *iam.PutRolePolicyInput, opts ...func(*iam.Options)) (*iam.PutRolePolicyOutput, error)
	DeleteRolePolicy(ctx context.Context, input *iam.DeleteRolePolicyInput, opts ...func(*iam.Options)) (*iam.DeleteRolePolicyOutput, error)
}

RolePolicyClient is the external client used for RolePolicy Custom Resource

func NewRolePolicyClient added in v0.46.0

func NewRolePolicyClient(conf aws.Config) RolePolicyClient

NewRolePolicyClient returns a new client using AWS credentials as JSON encoded data.

type STSClient

type STSClient interface {
	GetCallerIdentity(ctx context.Context, input *sts.GetCallerIdentityInput, opts ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}

STSClient is the external client used for STS

func NewSTSClient

func NewSTSClient(cfg aws.Config) STSClient

NewSTSClient creates a new STS Client.

type StatementEntry

type StatementEntry struct {
	Sid      string
	Effect   string
	Action   []string
	Resource []string
}

StatementEntry is used to define permission statements in a PolicyDocument

type UserClient

type UserClient interface {
	GetUser(ctx context.Context, input *iam.GetUserInput, opts ...func(*iam.Options)) (*iam.GetUserOutput, error)
	CreateUser(ctx context.Context, input *iam.CreateUserInput, opts ...func(*iam.Options)) (*iam.CreateUserOutput, error)
	DeleteUser(ctx context.Context, input *iam.DeleteUserInput, opts ...func(*iam.Options)) (*iam.DeleteUserOutput, error)
	UpdateUser(ctx context.Context, input *iam.UpdateUserInput, opts ...func(*iam.Options)) (*iam.UpdateUserOutput, error)
	PutUserPermissionsBoundary(ctx context.Context, params *iam.PutUserPermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.PutUserPermissionsBoundaryOutput, error)
	DeleteUserPermissionsBoundary(ctx context.Context, params *iam.DeleteUserPermissionsBoundaryInput, optFns ...func(*iam.Options)) (*iam.DeleteUserPermissionsBoundaryOutput, error)
	TagUser(ctx context.Context, params *iam.TagUserInput, opts ...func(*iam.Options)) (*iam.TagUserOutput, error)
	UntagUser(ctx context.Context, params *iam.UntagUserInput, opts ...func(*iam.Options)) (*iam.UntagUserOutput, error)
}

UserClient is the external client used for IAM User Custom Resource

func NewUserClient

func NewUserClient(cfg aws.Config) UserClient

NewUserClient returns a new client using AWS credentials as JSON encoded data.

type UserPolicyAttachmentClient

type UserPolicyAttachmentClient interface {
	AttachUserPolicy(ctx context.Context, input *iam.AttachUserPolicyInput, opts ...func(*iam.Options)) (*iam.AttachUserPolicyOutput, error)
	ListAttachedUserPolicies(ctx context.Context, input *iam.ListAttachedUserPoliciesInput, opts ...func(*iam.Options)) (*iam.ListAttachedUserPoliciesOutput, error)
	DetachUserPolicy(ctx context.Context, input *iam.DetachUserPolicyInput, opts ...func(*iam.Options)) (*iam.DetachUserPolicyOutput, error)
}

UserPolicyAttachmentClient is the external client used for UserPolicyAttachment Custom Resource

func NewUserPolicyAttachmentClient

func NewUserPolicyAttachmentClient(cfg aws.Config) UserPolicyAttachmentClient

NewUserPolicyAttachmentClient creates new RDS RDSClient with provided AWS Configurations/Credentials

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL