Documentation ¶
Index ¶
Constants ¶
const ( // Any is an IAM policy grammar wildcard Any = "*" // CurrentVersion is the latest version of the IAM policy grammar CurrentVersion = "2012-10-17" // EffectAllow is the Allow effect in an IAM policy statement entry EffectAllow = "Allow" // EffectDeny is the Deny effect in an IAM policy statement entry EffectDeny = "Deny" // IAMSuffix is a standard prefix for resources for Cluster API Provider AWS IAMSuffix = "cluster-api-provider-aws.sigs.k8s.io" // PrincipalAWS is the principal covering AWS arns. PrincipalAWS = "AWS" // PrincipalFederated is the principal covering federated identities. PrincipalFederated = "Federated" // PrincipalService is the principal covering AWS services. PrincipalService = "Service" )
Variables ¶
This section is empty.
Functions ¶
func NewManagedName ¶
NewManagedName creates an IAM acceptable name prefixed with this Cluster API implementation's prefix.
func ProcessPolicyDocument ¶
ProcessPolicyDocument replaces IAMConditions in serialised StatementEntry objects with Condition as per the AWS IAM policy schema as a work-around for https://github.com/awslabs/goformation/issues/157
Types ¶
type Conditions ¶
type Conditions map[string]interface{}
Conditions is the map of all conditions in the statement entry.
type PolicyDocument ¶
type PolicyDocument struct { Version string Statement Statements ID string `json:"id,omitempty"` }
PolicyDocument represents an AWS IAM policy document
func (*PolicyDocument) JSON ¶
func (p *PolicyDocument) JSON() (string, error)
JSON is the JSON output of the policy document
type PrincipalID ¶
type PrincipalID []string
PrincipalID represents the list of all principals, such as ARNs
type Principals ¶
type Principals map[string]PrincipalID
Principals is the map of all principals a statement entry refers to
type StatementEntry ¶
type StatementEntry struct { Sid string `json:",omitempty"` Principal Principals `json:",omitempty"` NotPrincipal Principals `json:",omitempty"` Effect string `json:"Effect"` Action Actions `json:"Action"` Resource Resources `json:",omitempty"` // Condition is currently called IAMConditions to pass through // GoFormation's template processing without being replaced // with an intrinsic function. If you use a Condition statement, // run the resultant stringified template through ProcessPolicyDocument // to change back IAMCondition to Condition. Condition Conditions `json:"IAMConditions,omitempty"` }
StatementEntry represents each "statement" block in an IAM policy document