Documentation
¶
Index ¶
- type AwsClient
- type AwsClientFactory
- type AwsIamAPI
- type AwsIamClient
- func (a *AwsIamClient) AttachRolePolicy(ctx context.Context, roleName, policyArn *string) error
- func (a *AwsIamClient) CreateOIDCProvider(ctx context.Context, providerUrl string) error
- func (a *AwsIamClient) DeleteIRSARole(ctx context.Context, r RoleManager) error
- func (a *AwsIamClient) DeleteOIDCProvider(ctx context.Context, accountId, issuerHostPath string) error
- func (a *AwsIamClient) DetachRolePolicy(ctx context.Context, roleName, policyArn *string) error
- func (a *AwsIamClient) UpdateIRSARole(ctx context.Context, issuerMeta issuer.OIDCIssuerMeta, r RoleManager) error
- type AwsS3API
- type AwsS3Client
- func (a *AwsS3Client) BucketName() string
- func (a *AwsS3Client) CheckObjectExists(ctx context.Context, key string) (bool, error)
- func (a *AwsS3Client) CreateBucketPublic(ctx context.Context) error
- func (a *AwsS3Client) CreateObjectPublic(ctx context.Context, input ObjectInput) error
- func (a *AwsS3Client) CreateObjectsPublic(ctx context.Context, inputs []ObjectInput) error
- func (a *AwsS3Client) DeleteBucket(ctx context.Context) error
- func (a *AwsS3Client) DeleteObjects(ctx context.Context, objectKeys []string) error
- func (a *AwsS3Client) PutObjectPublic(ctx context.Context, input ObjectInput) error
- func (a *AwsS3Client) PutObjectsPublic(ctx context.Context, inputs []ObjectInput) error
- func (a *AwsS3Client) Region() string
- type AwsStsAPI
- type AwsStsClient
- type ObjectInput
- type RoleManager
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsClient ¶
type AwsClient interface {
IamClient() *AwsIamClient
StsClient() *AwsStsClient
S3Client(region, bucketName string) *AwsS3Client
}
type AwsClientFactory ¶
type AwsClientFactory struct {
// contains filtered or unexported fields
}
func NewAwsClientFactory ¶
func NewAwsClientFactory(ctx context.Context) (*AwsClientFactory, error)
func (*AwsClientFactory) IamClient ¶
func (a *AwsClientFactory) IamClient() *AwsIamClient
func (*AwsClientFactory) S3Client ¶
func (a *AwsClientFactory) S3Client(region, bucketName string) *AwsS3Client
func (*AwsClientFactory) StsClient ¶
func (a *AwsClientFactory) StsClient() *AwsStsClient
type AwsIamAPI ¶
type AwsIamAPI interface {
CreateOpenIDConnectProvider(ctx context.Context, params *iam.CreateOpenIDConnectProviderInput, optFns ...func(*iam.Options)) (*iam.CreateOpenIDConnectProviderOutput, error)
DeleteOpenIDConnectProvider(ctx context.Context, params *iam.DeleteOpenIDConnectProviderInput, optFns ...func(*iam.Options)) (*iam.DeleteOpenIDConnectProviderOutput, error)
CreateRole(ctx context.Context, params *iam.CreateRoleInput, optFns ...func(*iam.Options)) (*iam.CreateRoleOutput, error)
UpdateAssumeRolePolicy(ctx context.Context, params *iam.UpdateAssumeRolePolicyInput, optFns ...func(*iam.Options)) (*iam.UpdateAssumeRolePolicyOutput, error)
ListAttachedRolePolicies(ctx context.Context, params *iam.ListAttachedRolePoliciesInput, optFns ...func(*iam.Options)) (*iam.ListAttachedRolePoliciesOutput, error)
AttachRolePolicy(ctx context.Context, params *iam.AttachRolePolicyInput, optFns ...func(*iam.Options)) (*iam.AttachRolePolicyOutput, error)
DeleteRole(ctx context.Context, params *iam.DeleteRoleInput, optFns ...func(*iam.Options)) (*iam.DeleteRoleOutput, error)
DetachRolePolicy(ctx context.Context, params *iam.DetachRolePolicyInput, optFns ...func(*iam.Options)) (*iam.DetachRolePolicyOutput, error)
}
type AwsIamClient ¶
type AwsIamClient struct {
Client AwsIamAPI
}
func (*AwsIamClient) AttachRolePolicy ¶
func (a *AwsIamClient) AttachRolePolicy(ctx context.Context, roleName, policyArn *string) error
AttachRolePolicy attaches specidied policy
func (*AwsIamClient) CreateOIDCProvider ¶
func (a *AwsIamClient) CreateOIDCProvider(ctx context.Context, providerUrl string) error
CreateOIDCProvider creates an OpenID Connect (OIDC) provider in AWS IAM.
func (*AwsIamClient) DeleteIRSARole ¶
func (a *AwsIamClient) DeleteIRSARole(ctx context.Context, r RoleManager) error
DeleteIRSARole detaches specified policies from the IAM role and deletes the IAM role
func (*AwsIamClient) DeleteOIDCProvider ¶
func (a *AwsIamClient) DeleteOIDCProvider(ctx context.Context, accountId, issuerHostPath string) error
DeleteOIDCProvider deletes an OpenID Connect (OIDC) provider in AWS IAM.
func (*AwsIamClient) DetachRolePolicy ¶
func (a *AwsIamClient) DetachRolePolicy(ctx context.Context, roleName, policyArn *string) error
DetachRolePolicy detaches specified policies from the IAM role
func (*AwsIamClient) UpdateIRSARole ¶
func (a *AwsIamClient) UpdateIRSARole(ctx context.Context, issuerMeta issuer.OIDCIssuerMeta, r RoleManager) error
UpdateIRSARole creates an IAM role with the specified trust policy and attaches specified policies to it
type AwsS3API ¶
type AwsS3API interface {
CreateBucket(ctx context.Context, params *s3.CreateBucketInput, optFns ...func(*s3.Options)) (*s3.CreateBucketOutput, error)
DeletePublicAccessBlock(ctx context.Context, params *s3.DeletePublicAccessBlockInput, optFns ...func(*s3.Options)) (*s3.DeletePublicAccessBlockOutput, error)
DeleteBucket(ctx context.Context, params *s3.DeleteBucketInput, optFns ...func(*s3.Options)) (*s3.DeleteBucketOutput, error)
DeleteObjects(ctx context.Context, params *s3.DeleteObjectsInput, optFns ...func(*s3.Options)) (*s3.DeleteObjectsOutput, error)
HeadObject(ctx context.Context, params *s3.HeadObjectInput, optFns ...func(*s3.Options)) (*s3.HeadObjectOutput, error)
PutObject(ctx context.Context, params *s3.PutObjectInput, optFns ...func(*s3.Options)) (*s3.PutObjectOutput, error)
PutBucketOwnershipControls(ctx context.Context, params *s3.PutBucketOwnershipControlsInput, optFns ...func(*s3.Options)) (*s3.PutBucketOwnershipControlsOutput, error)
}
type AwsS3Client ¶
type AwsS3Client struct {
Client AwsS3API
// contains filtered or unexported fields
}
func (*AwsS3Client) BucketName ¶
func (a *AwsS3Client) BucketName() string
func (*AwsS3Client) CheckObjectExists ¶
CheckObjectExists checks if a specific object exists in the given bucket.
func (*AwsS3Client) CreateBucketPublic ¶
func (a *AwsS3Client) CreateBucketPublic(ctx context.Context) error
CreateBucketPublic creates a new S3 bucket with public access settings in the specified region. The function configures the bucket to have its ownership controlled by the bucket creator.
func (*AwsS3Client) CreateObjectPublic ¶
func (a *AwsS3Client) CreateObjectPublic(ctx context.Context, input ObjectInput) error
CreateObjectPublic creates a file to an S3 bucket and sets its access level to public read. This means the file can be read by anyone on the internet.
func (*AwsS3Client) CreateObjectsPublic ¶
func (a *AwsS3Client) CreateObjectsPublic(ctx context.Context, inputs []ObjectInput) error
func (*AwsS3Client) DeleteBucket ¶
func (a *AwsS3Client) DeleteBucket(ctx context.Context) error
DeleteBucket attempts to delete the specified bucket. If the bucket contains any objects, the deletion will not be forced to prevent accidental data loss.
func (*AwsS3Client) DeleteObjects ¶
func (a *AwsS3Client) DeleteObjects(ctx context.Context, objectKeys []string) error
DeleteObjects removes a list of objects from a specified bucket.
func (*AwsS3Client) PutObjectPublic ¶
func (a *AwsS3Client) PutObjectPublic(ctx context.Context, input ObjectInput) error
PutObjectPublic uploads a file to an S3 bucket and sets its access level to public read. This means the file can be read by anyone on the internet.
func (*AwsS3Client) PutObjectsPublic ¶
func (a *AwsS3Client) PutObjectsPublic(ctx context.Context, inputs []ObjectInput) error
func (*AwsS3Client) Region ¶
func (a *AwsS3Client) Region() string
type AwsStsAPI ¶
type AwsStsAPI interface {
GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
}
type AwsStsClient ¶
type AwsStsClient struct {
Client AwsStsAPI
}
func (*AwsStsClient) GetAccountId ¶
func (a *AwsStsClient) GetAccountId() (string, error)
type ObjectInput ¶
type RoleManager ¶
type RoleManager struct {
// RoleName represents the name of the IAM role
RoleName string
// ServiceAccount represents the ServiceAccount Name and namespaces associated with the role
ServiceAccount irsav1alpha1.IRSAServiceAccount
// Policies represents the list of policies to be attached to the role
Policies []string
// AccountId represents the AWS Account Id
AccountId string
}
RoleManager represents the details needed to manage IAM roles
func (*RoleManager) ExtractNewPolicies ¶
func (r *RoleManager) ExtractNewPolicies(l *iam.ListAttachedRolePoliciesOutput) []string
ExtractNewPolicies returns the names of the policies that are in the current settings (r.Policies) but are not yet attached to the role.
func (*RoleManager) ExtractStalePolicies ¶
func (r *RoleManager) ExtractStalePolicies(l *iam.ListAttachedRolePoliciesOutput) []string
ExtractStalePolicies returns the ARNs of the policies that are attached to the role but are not in the current settings (r.Policies).
func (*RoleManager) PolicyArn ¶
func (r *RoleManager) PolicyArn(policy string) *string
PolicyArn returns the full ARN of a given policy name. If the policy name already has the full ARN, it returns it as is.
Source Files
Click to show internal directories.
Click to hide internal directories.