accountclaim

Documentation

Index

• Constants
• func CanAccountBeClaimedByAccountClaim(account *awsv1alpha1.Account, accountclaim *awsv1alpha1.AccountClaim) bool
• func CreateOrFindOU(reqLogger logr.Logger, client awsclient.Client, ouName string, baseID string) (string, error)
• func DeleteBucketContent(awsClient awsclient.Client, bucketName string) error
• func IsSameAccountPoolNames(first string, second string, defaultAccountPool string) bool
• func MoveAccount(reqLogger logr.Logger, client awsclient.Client, account *awsv1alpha1.Account, ...) error
• func MoveAccountToOU(r *AccountClaimReconciler, reqLogger logr.Logger, awsClient awsclient.Client, ...) error
• type AccountClaimReconciler
  • func NewAccountClaimReconciler(client client.Client, scheme *runtime.Scheme, ...) *AccountClaimReconciler
  • func (r *AccountClaimReconciler) CleanUpAwsAccountVpcEndpointServiceConfigurations(reqLogger logr.Logger, awsClient awsclient.Client, ...) error
  • func (r *AccountClaimReconciler) CleanUpIAMRoleAndPolicies(reqLogger logr.Logger, awsClient awsclient.Client, roleName string) error
  • func (r *AccountClaimReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error)
  • func (r *AccountClaimReconciler) SetupWithManager(mgr ctrl.Manager) error
• type Policy

Constants

const (
	// AccountClaimed indicates the account has been claimed in the accountClaim status
	AccountClaimed = "AccountClaimed"
	// AccountUnclaimed indicates the account has not been claimed in the accountClaim status
	AccountUnclaimed = "AccountUnclaimed"
)

const (
	// AccountReady indicates account creation is ready
	AccountReady = "Ready"
	// AccountFailed indicates account reuse has failed
	AccountFailed = "Failed"
)

Functions

func CanAccountBeClaimedByAccountClaim

func CanAccountBeClaimedByAccountClaim(account *awsv1alpha1.Account, accountclaim *awsv1alpha1.AccountClaim) bool

CanAccountBeClaimedByAccountClaim returns true when the account matches the given accountclaim. This is the case when the account is currently unclaimed and ready and additionally, one of the following applies: * The account has never been used before and therefore has it's LegalEntityID unset, or * The account has been used before and has the same legalEntityID as the accountclaim In all other cases, this Function returns false.

func CreateOrFindOU

func CreateOrFindOU(reqLogger logr.Logger, client awsclient.Client, ouName string, baseID string) (string, error)

CreateOrFindOU will create or find an existing OU and return its ID

func DeleteBucketContent

func DeleteBucketContent(awsClient awsclient.Client, bucketName string) error

DeleteBucketContent deletes any content in a bucket if it is not empty

func IsSameAccountPoolNames

func IsSameAccountPoolNames(first string, second string, defaultAccountPool string) bool

IsSameAccountPoolNames is used to determine if two accountpool names reference the same accountpool, given a defaultAccountPool name. When referencing an accountpool using the empty string as the name, the aao uses the default accounpool instead. So we can not just check, weather the two pool names match, we also first need to subsitute "" with the default accountpool name, before comparing the strings. This function does exactly that.

Note that it returns false when no default accountpool is given

func MoveAccount

func MoveAccount(reqLogger logr.Logger, client awsclient.Client, account *awsv1alpha1.Account, ouID string, parentID string) error

MoveAccount will take an account and move it into the specified OU

func MoveAccountToOU

func MoveAccountToOU(r *AccountClaimReconciler, reqLogger logr.Logger, awsClient awsclient.Client, accountClaim *awsv1alpha1.AccountClaim, account *awsv1alpha1.Account) error

MoveAccountToOU takes care of all the logic surrounding moving an account into an OU

Types

type AccountClaimReconciler

type AccountClaimReconciler struct {
	client.Client
	Scheme *runtime.Scheme
	// contains filtered or unexported fields
}

AccountClaimReconciler reconciles a AccountClaim object

func NewAccountClaimReconciler

func NewAccountClaimReconciler(client client.Client, scheme *runtime.Scheme, awsClientBuilder awsclient.IBuilder) *AccountClaimReconciler

NewReconcileAccountClaim initializes ReconcileAccountClaim

func (*AccountClaimReconciler) CleanUpAwsAccountVpcEndpointServiceConfigurations

func (r *AccountClaimReconciler) CleanUpAwsAccountVpcEndpointServiceConfigurations(reqLogger logr.Logger, awsClient awsclient.Client, awsNotifications chan string, awsErrors chan string) error

func (*AccountClaimReconciler) CleanUpIAMRoleAndPolicies

func (r *AccountClaimReconciler) CleanUpIAMRoleAndPolicies(reqLogger logr.Logger, awsClient awsclient.Client, roleName string) error

CleanUpIAMRoleAndPolicies is responsible for cleaning up existing IAM roles and their associated policies.

func (*AccountClaimReconciler) Reconcile

func (r *AccountClaimReconciler) Reconcile(ctx context.Context, request ctrl.Request) (ctrl.Result, error)

Reconcile reads that state of the cluster for a AccountClaim object and makes changes based on the state read and what is in the AccountClaim.Spec The Controller will requeue the Request to be processed again if the returned error is non-nil or Result.Requeue is true, otherwise upon completion it will remove the work from the queue.

func (*AccountClaimReconciler) SetupWithManager

func (r *AccountClaimReconciler) SetupWithManager(mgr ctrl.Manager) error

SetupWithManager sets up the controller with the Manager.

type Policy

type Policy struct {
	Version   string `json:"Version"`
	Statement []struct {
		Sid      string   `json:"Sid"`
		Effect   string   `json:"Effect"`
		Action   []string `json:"Action"`
		Resource []string `json:"Resource"`
	} `json:"Statement"`
}