host

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2025 License: MPL-2.0 Imports: 17 Imported by: 0

README

Getting Started

Refer to Attributes and Secrets for more detail on configuration options for host catalogs and sets.

To create a host catalog (using default scope created by boundary dev):

boundary host-catalogs create plugin \
 -scope-id p_1234567890 \
 -name "Example Plugin-Based Host Catalog" \
 -description "Description for plugin-based host catalog" \
 -plugin-name aws \
 -attr region=REGION \
 -secret access_key_id='KEY' \
 -secret secret_access_key='SECRET'

To create a host set, filtering the host set based on tag keys foo or bar (either tag can be present), ensuring that any targets set to this host set only connect to external addresses in the 54.0.0.0/8 class A subnet:

boundary host-sets create plugin \
 -host-catalog-id HOST_CATALOG_ID \
 -name "Example Plugin-Based Host Set" \
 -description "Description for plugin-based host set" \
 -attr filters=tag-key=foo,bar \
 -preferred-endpoint "cidr:54.0.0.0/8"

As above, but instances must have both tags (both foo and bar must be present):

boundary host-sets create plugin \
 -host-catalog-id HOST_CATALOG_ID \
 -name "Example Plugin-Based Host Set" \
 -description "Description for plugin-based host set" \
 -attr filters=tag-key=foo \
 -attr filters=tag-key=bar \
 -preferred-endpoint "cidr:54.0.0.0/8"

As above, but matching on tag key named "development" with value "prod" or "dev" and launch date:

boundary host-sets create plugin \
 -host-catalog-id HOST_CATALOG_ID \
 -name "Example Plugin-Based Host Set" \
 -description "Description for plugin-based host set" \
 -attr filters=tag:development=prod,dev \
 -attr filters=launch-time=2022-01-04T* \
 -preferred-endpoint "cidr:54.0.0.0/8"

Required IAM Privileges

The following IAM privileges, at the very least, are required to be attached to a configured IAM user for this provider:

  • ec2:DescribeInstances, configured to * (DescribeInstances cannot be scoped to a resource ARN). Example policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:DescribeInstances"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
  • iam:GetUser, iam:CreateAccessKey, and iam:DeleteAccessKey, configured to the IAM user to allow credential rotation. Example policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "iam:DeleteAccessKey",
        "iam:GetUser",
        "iam:CreateAccessKey"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:iam::123456789012:user/JohnDoe"
    }
  ]
}

Attributes and Secrets

Host Catalog

The following attributes are valid on an AWS host catalog resource:

  • disable_credential_rotation (bool): If true, credential rotation will not be performed. See the Credential Rotation readme for more information.
  • region (string): The region to configure the host catalog for. All host sets in this catalog will be configured for this region.
  • role_arn (string): The AWS Role ARN used for AssumeRole authentication. If provided, disable_credential_rotation must be also set to `true.
  • role_external_id (string): The external id configured for the AssumeRole provider.
  • role_session_name (string): The session name configured for the AssumeRole provider.
  • role_tags (object): The key-value pair tags configured for the AssumeRole provider.

The following secrets are required on an AWS host catalog resource:

  • access_key_id (string): The access key ID for the IAM user to use with this host catalog.
  • secret_access_key (string): The secret access key for the IAM user to use with this host catalog.

See the Credential Rotation readme for more information.

Host Set

The following attributes are valid on an AWS host Set resource:

  • filters (array of strings): An array of string filters in the format key=val1,val2. The key corresponds to a filter option, and the value(s) are a comma-separated list. For a list of filter options, check out describe-instances in the AWS CLI reference.

Documentation

Index

Constants

View Source 
const (
	// ConstDescribeInstancesFilters is the key for the filter in the dynamic host set.
	ConstDescribeInstancesFilters = "filters"

	// ConstInstanceNameTagKey denotes the special AWS tag key that contains an EC2
	// instance's name. This field is to be matched literally.
	ConstInstanceNameTagKey = "Name"

	// ConstAwsDualStack is the key for the dualstack flag in the aws s3 client.
	ConstAwsDualStack = "dual_stack"
)

Variables

This section is empty.

Functions

func WithDualStack added in v0.4.1 

func WithDualStack(with bool) ec2Option

WithDualStack sets the dual stack resolver

Types

type CatalogAttributes 

type CatalogAttributes struct {
	*cred.CredentialAttributes

	// DualStack is used for configuring how the aws client will resolve requests.
	DualStack bool
}

CatalogAttributes is a Go-native representation of the Attributes map.

type EC2API added in v0.1.7 

type EC2API interface {
	DescribeInstances(context.Context, *ec2.DescribeInstancesInput, ...func(*ec2.Options)) (*ec2.DescribeInstancesOutput, error)
}

type HostPlugin 

type HostPlugin struct {
	pb.UnimplementedHostPluginServiceServer
	// contains filtered or unexported fields
}

HostPlugin implements the HostPluginServiceServer interface for the AWS host service plugin.

func (*HostPlugin) ListHosts 

func (p *HostPlugin) ListHosts(ctx context.Context, req *pb.ListHostsRequest) (*pb.ListHostsResponse, error)

ListHosts returns the list of ec2 hosts and their descriptions.

func (*HostPlugin) NormalizeSetData 

func (p *HostPlugin) NormalizeSetData(ctx context.Context, req *pb.NormalizeSetDataRequest) (*pb.NormalizeSetDataResponse, error)

NormalizeSetData currently ensures that "filters" is an array value, even though it's accepted as a string value for CLI UX reasons

func (*HostPlugin) OnCreateCatalog 

func (p *HostPlugin) OnCreateCatalog(ctx context.Context, req *pb.OnCreateCatalogRequest) (*pb.OnCreateCatalogResponse, error)

OnCreateCatalog is called when a dynamic host catalog is created.

func (*HostPlugin) OnCreateSet 

func (p *HostPlugin) OnCreateSet(ctx context.Context, req *pb.OnCreateSetRequest) (*pb.OnCreateSetResponse, error)

OnCreateSet is called when a dynamic host set is created.

func (*HostPlugin) OnDeleteCatalog 

func (p *HostPlugin) OnDeleteCatalog(ctx context.Context, req *pb.OnDeleteCatalogRequest) (*pb.OnDeleteCatalogResponse, error)

OnDeleteCatalog is called when a dynamic host catalog is deleted.

func (*HostPlugin) OnDeleteSet 

func (p *HostPlugin) OnDeleteSet(ctx context.Context, req *pb.OnDeleteSetRequest) (*pb.OnDeleteSetResponse, error)

OnDeleteSet is called when a dynamic host set is deleted.

func (*HostPlugin) OnUpdateCatalog 

func (p *HostPlugin) OnUpdateCatalog(ctx context.Context, req *pb.OnUpdateCatalogRequest) (*pb.OnUpdateCatalogResponse, error)

OnUpdateCatalog is called when a dynamic host catalog is updated.

func (*HostPlugin) OnUpdateSet 

func (p *HostPlugin) OnUpdateSet(ctx context.Context, req *pb.OnUpdateSetRequest) (*pb.OnUpdateSetResponse, error)

OnUpdateSet is called when a dynamic host set is updated.

type SetAttributes 

type SetAttributes struct {
	Filters []string
}

SetAttributes is a Go-native representation of the Attributes map that can be used for decoding the incoming map via mapstructure.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.