awsclient

Documentation

Index

• func NewSessionFromSecret(secret *corev1.Secret, region string) (*session.Session, error)
• type AssumeRoleCredentialsSource
• type Client
  • func New(kubeClient client.Client, options Options) (Client, error)
  • func NewClient(kubeClient client.Client, secretName, namespace, region string) (Client, error)
  • func NewClientFromSecret(secret *corev1.Secret, region string) (Client, error)
• type CredentialsSource
• type Options
• type SecretCredentialsSource

Functions

func NewSessionFromSecret

func NewSessionFromSecret(secret *corev1.Secret, region string) (*session.Session, error)

NewSessionFromSecret creates a new AWS session using the configuration in the secret. If the secret was nil, it initializes a new session using configuration of the envionment.

Types

type AssumeRoleCredentialsSource

type AssumeRoleCredentialsSource struct {
	SecretRef corev1.SecretReference
	Role      *hivev1aws.AssumeRole
}

AssumeRole credentials source uses AWS session configured using credentials in the SecretRef, and then uses that to assume the role provided in Role. AWS client is created using the assumed credentials. If the secret in SecretRef is empty, environment is used to create AWS session. This source is used only when the RoleARN is not empty in Role.

type Client

type Client interface {
	// EC2
	DescribeAvailabilityZones(*ec2.DescribeAvailabilityZonesInput) (*ec2.DescribeAvailabilityZonesOutput, error)
	DescribeSubnets(*ec2.DescribeSubnetsInput) (*ec2.DescribeSubnetsOutput, error)
	DescribeRouteTables(*ec2.DescribeRouteTablesInput) (*ec2.DescribeRouteTablesOutput, error)
	DescribeInstances(*ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error)
	StopInstances(*ec2.StopInstancesInput) (*ec2.StopInstancesOutput, error)
	TerminateInstances(*ec2.TerminateInstancesInput) (*ec2.TerminateInstancesOutput, error)
	StartInstances(*ec2.StartInstancesInput) (*ec2.StartInstancesOutput, error)
	CreateVpcEndpointServiceConfiguration(*ec2.CreateVpcEndpointServiceConfigurationInput) (*ec2.CreateVpcEndpointServiceConfigurationOutput, error)
	DescribeVpcEndpointServiceConfigurations(*ec2.DescribeVpcEndpointServiceConfigurationsInput) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error)
	ModifyVpcEndpointServiceConfiguration(*ec2.ModifyVpcEndpointServiceConfigurationInput) (*ec2.ModifyVpcEndpointServiceConfigurationOutput, error)
	DeleteVpcEndpointServiceConfigurations(*ec2.DeleteVpcEndpointServiceConfigurationsInput) (*ec2.DeleteVpcEndpointServiceConfigurationsOutput, error)
	DescribeVpcEndpointServicePermissions(*ec2.DescribeVpcEndpointServicePermissionsInput) (*ec2.DescribeVpcEndpointServicePermissionsOutput, error)
	ModifyVpcEndpointServicePermissions(*ec2.ModifyVpcEndpointServicePermissionsInput) (*ec2.ModifyVpcEndpointServicePermissionsOutput, error)
	DescribeVpcEndpointServices(*ec2.DescribeVpcEndpointServicesInput) (*ec2.DescribeVpcEndpointServicesOutput, error)
	DescribeVpcEndpoints(*ec2.DescribeVpcEndpointsInput) (*ec2.DescribeVpcEndpointsOutput, error)
	DescribeNetworkInterfaces(input *ec2.DescribeNetworkInterfacesInput) (*ec2.DescribeNetworkInterfacesOutput, error)
	CreateVpcEndpoint(*ec2.CreateVpcEndpointInput) (*ec2.CreateVpcEndpointOutput, error)
	DeleteVpcEndpoints(*ec2.DeleteVpcEndpointsInput) (*ec2.DeleteVpcEndpointsOutput, error)

	// ELBV2
	DescribeLoadBalancers(*elbv2.DescribeLoadBalancersInput) (*elbv2.DescribeLoadBalancersOutput, error)

	// S3 Manager
	Upload(*s3manager.UploadInput) (*s3manager.UploadOutput, error)

	// Custom
	GetS3API() s3iface.S3API

	// Route53
	CreateHostedZone(input *route53.CreateHostedZoneInput) (*route53.CreateHostedZoneOutput, error)
	GetHostedZone(*route53.GetHostedZoneInput) (*route53.GetHostedZoneOutput, error)
	ListTagsForResource(*route53.ListTagsForResourceInput) (*route53.ListTagsForResourceOutput, error)
	ChangeTagsForResource(input *route53.ChangeTagsForResourceInput) (*route53.ChangeTagsForResourceOutput, error)
	DeleteHostedZone(input *route53.DeleteHostedZoneInput) (*route53.DeleteHostedZoneOutput, error)
	ListResourceRecordSets(input *route53.ListResourceRecordSetsInput) (*route53.ListResourceRecordSetsOutput, error)
	ListHostedZonesByName(input *route53.ListHostedZonesByNameInput) (*route53.ListHostedZonesByNameOutput, error)
	ListHostedZonesByVPC(input *route53.ListHostedZonesByVPCInput) (*route53.ListHostedZonesByVPCOutput, error)
	ChangeResourceRecordSets(*route53.ChangeResourceRecordSetsInput) (*route53.ChangeResourceRecordSetsOutput, error)
	CreateVPCAssociationAuthorization(*route53.CreateVPCAssociationAuthorizationInput) (*route53.CreateVPCAssociationAuthorizationOutput, error)
	DeleteVPCAssociationAuthorization(*route53.DeleteVPCAssociationAuthorizationInput) (*route53.DeleteVPCAssociationAuthorizationOutput, error)
	AssociateVPCWithHostedZone(*route53.AssociateVPCWithHostedZoneInput) (*route53.AssociateVPCWithHostedZoneOutput, error)
	DisassociateVPCFromHostedZone(input *route53.DisassociateVPCFromHostedZoneInput) (*route53.DisassociateVPCFromHostedZoneOutput, error)
	// ResourceTagging
	GetResourcesPages(input *resourcegroupstaggingapi.GetResourcesInput, fn func(*resourcegroupstaggingapi.GetResourcesOutput, bool) bool) error

	// STS
	GetCallerIdentity(input *sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error)
}

Client is a wrapper object for actual AWS SDK clients to allow for easier testing.

func New

func New(kubeClient client.Client, options Options) (Client, error)

New creates an AWS client using the provided options. kubeClient is used whenever a k8s resource like secret needs to be fetched. Look at doc for Options for various configurations.

Some examples are,

1. Configure an AWS client using credentials in Secret for ClusterDeployment. ```go options := Options{ Region: cd.Spec.Platform.AWS.Region, CredentialsSource: CredentialsSource{ Secret: &SecretCredentialsSource{ Namespace: cd.Namespace, Ref: cd.Spec.Platform.AWS.CredentialsSecretRef, }, }, } client, err := New(kubeClient, options) ```
2. Configure an AWS client using Assume role chain for ClusterDeployment. ```go options := Options{ Region: cd.Spec.Platform.AWS.Region, CredentialsSource: CredentialsSource{ AssumeRole: &AssumeRoleCredentialsSource{ SecretRef: corev1.SecretReference{ Name: AWSServiceProviderSecretName, Namespace: AWSServiceProviderSecretNS, }, Role: cd.Spec.Platform.AWS.CredentialsAssumeRole, }, }, } client, err := New(kubeClient, options) ```

func NewClient

func NewClient(kubeClient client.Client, secretName, namespace, region string) (Client, error)

NewClient creates our client wrapper object for the actual AWS clients we use. For authentication the underlying clients will use either the cluster AWS credentials secret if defined (i.e. in the root cluster), otherwise the IAM profile of the master where the actuator will run. (target clusters)

Pass a nil client, and empty secret name and namespace to load credentials from the standard AWS environment variables.

func NewClientFromSecret

func NewClientFromSecret(secret *corev1.Secret, region string) (Client, error)

NewClientFromSecret creates our client wrapper object for the actual AWS clients we use. For authentication the underlying clients will use either the cluster AWS credentials secret if defined (i.e. in the root cluster), otherwise the IAM profile of the master where the actuator will run. (target clusters)

Pass a nil secret to load credentials from the standard AWS environment variables.

type CredentialsSource

type CredentialsSource struct {
	// Secret credentials source loads the credentials from a secret.
	// It supports static credentials in the secret provided by aws_access_key_id,
	// and aws_access_secret key. It also supports loading credentials from AWS
	// cli config provided in aws_config key.
	// This source is used only when the Secret name is not empty.
	Secret *SecretCredentialsSource

	// AssumeRole credentials source uses AWS session configured using credentials
	// in the SecretRef, and then uses that to assume the role provided in Role.
	// AWS client is created using the assumed credentials.
	// If the secret in SecretRef is empty, environment is used to create AWS session.
	// This source is used only when the RoleARN is not empty in Role.
	AssumeRole *AssumeRoleCredentialsSource
}

CredentialsSource defines how the credentials will be loaded. It supports various methods of sourcing credentials. But if none of the supported sources are configured such that they can be used, credentials are loaded from the environment. If multiple sources are configured, the first source is used.

type Options

type Options struct {
	// Region helps create the clients with correct endpoints.
	Region string

	// CredentialsSource defines how the credentials will be loaded.
	// It supports various methods of sourcing credentials. But if none
	// of the supported sources are configured such that they can be used,
	// credentials are loaded from the environment.
	// If multiple sources are configured, the first source is used.
	CredentialsSource CredentialsSource
}

Options provides the means to control how a client is created and what configuration values will be loaded.

type SecretCredentialsSource

type SecretCredentialsSource struct {
	Namespace string
	Ref       *corev1.LocalObjectReference
}

Secret credentials source loads the credentials from a secret. It supports static credentials in the secret provided by aws_access_key_id, and aws_access_secret key. It also supports loading credentials from AWS cli config provided in aws_config key. This source is used only when the Secret name is not empty.