Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewSessionFromSecret ¶ added in v1.1.1
NewSessionFromSecret creates a new AWS session using the configuration in the secret. If the secret was nil, it initializes a new session using configuration of the envionment.
Types ¶
type AssumeRoleCredentialsSource ¶ added in v1.1.1
type AssumeRoleCredentialsSource struct { SecretRef corev1.SecretReference Role *hivev1aws.AssumeRole }
AssumeRole credentials source uses AWS session configured using credentials in the SecretRef, and then uses that to assume the role provided in Role. AWS client is created using the assumed credentials. If the secret in SecretRef is empty, environment is used to create AWS session. This source is used only when the RoleARN is not empty in Role.
type Client ¶
type Client interface { // EC2 DescribeAvailabilityZones(*ec2.DescribeAvailabilityZonesInput) (*ec2.DescribeAvailabilityZonesOutput, error) DescribeSubnets(*ec2.DescribeSubnetsInput) (*ec2.DescribeSubnetsOutput, error) DescribeRouteTables(*ec2.DescribeRouteTablesInput) (*ec2.DescribeRouteTablesOutput, error) DescribeInstances(*ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error) StopInstances(*ec2.StopInstancesInput) (*ec2.StopInstancesOutput, error) StartInstances(*ec2.StartInstancesInput) (*ec2.StartInstancesOutput, error) CreateVpcEndpointServiceConfiguration(*ec2.CreateVpcEndpointServiceConfigurationInput) (*ec2.CreateVpcEndpointServiceConfigurationOutput, error) DescribeVpcEndpointServiceConfigurations(*ec2.DescribeVpcEndpointServiceConfigurationsInput) (*ec2.DescribeVpcEndpointServiceConfigurationsOutput, error) ModifyVpcEndpointServiceConfiguration(*ec2.ModifyVpcEndpointServiceConfigurationInput) (*ec2.ModifyVpcEndpointServiceConfigurationOutput, error) DeleteVpcEndpointServiceConfigurations(*ec2.DeleteVpcEndpointServiceConfigurationsInput) (*ec2.DeleteVpcEndpointServiceConfigurationsOutput, error) DescribeVpcEndpointServicePermissions(*ec2.DescribeVpcEndpointServicePermissionsInput) (*ec2.DescribeVpcEndpointServicePermissionsOutput, error) ModifyVpcEndpointServicePermissions(*ec2.ModifyVpcEndpointServicePermissionsInput) (*ec2.ModifyVpcEndpointServicePermissionsOutput, error) DescribeVpcEndpointServices(*ec2.DescribeVpcEndpointServicesInput) (*ec2.DescribeVpcEndpointServicesOutput, error) DescribeVpcEndpoints(*ec2.DescribeVpcEndpointsInput) (*ec2.DescribeVpcEndpointsOutput, error) CreateVpcEndpoint(*ec2.CreateVpcEndpointInput) (*ec2.CreateVpcEndpointOutput, error) DeleteVpcEndpoints(*ec2.DeleteVpcEndpointsInput) (*ec2.DeleteVpcEndpointsOutput, error) // ELBV2 DescribeLoadBalancers(*elbv2.DescribeLoadBalancersInput) (*elbv2.DescribeLoadBalancersOutput, error) // S3 Manager Upload(*s3manager.UploadInput) (*s3manager.UploadOutput, error) // Custom GetS3API() s3iface.S3API // Route53 CreateHostedZone(input *route53.CreateHostedZoneInput) (*route53.CreateHostedZoneOutput, error) GetHostedZone(*route53.GetHostedZoneInput) (*route53.GetHostedZoneOutput, error) ListTagsForResource(*route53.ListTagsForResourceInput) (*route53.ListTagsForResourceOutput, error) ChangeTagsForResource(input *route53.ChangeTagsForResourceInput) (*route53.ChangeTagsForResourceOutput, error) DeleteHostedZone(input *route53.DeleteHostedZoneInput) (*route53.DeleteHostedZoneOutput, error) ListResourceRecordSets(input *route53.ListResourceRecordSetsInput) (*route53.ListResourceRecordSetsOutput, error) ListHostedZonesByName(input *route53.ListHostedZonesByNameInput) (*route53.ListHostedZonesByNameOutput, error) ListHostedZonesByVPC(input *route53.ListHostedZonesByVPCInput) (*route53.ListHostedZonesByVPCOutput, error) ChangeResourceRecordSets(*route53.ChangeResourceRecordSetsInput) (*route53.ChangeResourceRecordSetsOutput, error) CreateVPCAssociationAuthorization(*route53.CreateVPCAssociationAuthorizationInput) (*route53.CreateVPCAssociationAuthorizationOutput, error) DeleteVPCAssociationAuthorization(*route53.DeleteVPCAssociationAuthorizationInput) (*route53.DeleteVPCAssociationAuthorizationOutput, error) AssociateVPCWithHostedZone(*route53.AssociateVPCWithHostedZoneInput) (*route53.AssociateVPCWithHostedZoneOutput, error) DisassociateVPCFromHostedZone(input *route53.DisassociateVPCFromHostedZoneInput) (*route53.DisassociateVPCFromHostedZoneOutput, error) // ResourceTagging GetResourcesPages(input *resourcegroupstaggingapi.GetResourcesInput, fn func(*resourcegroupstaggingapi.GetResourcesOutput, bool) bool) error // STS GetCallerIdentity(input *sts.GetCallerIdentityInput) (*sts.GetCallerIdentityOutput, error) }
Client is a wrapper object for actual AWS SDK clients to allow for easier testing.
func New ¶ added in v1.1.1
New creates an AWS client using the provided options. kubeClient is used whenever a k8s resource like secret needs to be fetched. Look at doc for Options for various configurations.
Some examples are,
- Configure an AWS client using credentials in Secret for ClusterDeployment. ```go options := Options{ Region: cd.Spec.Platform.AWS.Region, CredentialsSource: CredentialsSource{ Secret: &SecretCredentialsSource{ Namespace: cd.Namespace, Ref: cd.Spec.Platform.AWS.CredentialsSecretRef, }, }, } client, err := New(kubeClient, options) ```
- Configure an AWS client using Assume role chain for ClusterDeployment. ```go options := Options{ Region: cd.Spec.Platform.AWS.Region, CredentialsSource: CredentialsSource{ AssumeRole: &AssumeRoleCredentialsSource{ SecretRef: corev1.SecretReference{ Name: AWSServiceProviderSecretName, Namespace: AWSServiceProviderSecretNS, }, Role: cd.Spec.Platform.AWS.CredentialsAssumeRole, }, }, } client, err := New(kubeClient, options) ```
func NewClient ¶
NewClient creates our client wrapper object for the actual AWS clients we use. For authentication the underlying clients will use either the cluster AWS credentials secret if defined (i.e. in the root cluster), otherwise the IAM profile of the master where the actuator will run. (target clusters)
Pass a nil client, and empty secret name and namespace to load credentials from the standard AWS environment variables.
func NewClientFromSecret ¶
NewClientFromSecret creates our client wrapper object for the actual AWS clients we use. For authentication the underlying clients will use either the cluster AWS credentials secret if defined (i.e. in the root cluster), otherwise the IAM profile of the master where the actuator will run. (target clusters)
Pass a nil secret to load credentials from the standard AWS environment variables.
type CredentialsSource ¶ added in v1.1.1
type CredentialsSource struct { // Secret credentials source loads the credentials from a secret. // It supports static credentials in the secret provided by aws_access_key_id, // and aws_access_secret key. It also supports loading credentials from AWS // cli config provided in aws_config key. // This source is used only when the Secret name is not empty. Secret *SecretCredentialsSource // AssumeRole credentials source uses AWS session configured using credentials // in the SecretRef, and then uses that to assume the role provided in Role. // AWS client is created using the assumed credentials. // If the secret in SecretRef is empty, environment is used to create AWS session. // This source is used only when the RoleARN is not empty in Role. AssumeRole *AssumeRoleCredentialsSource }
CredentialsSource defines how the credentials will be loaded. It supports various methods of sourcing credentials. But if none of the supported sources are configured such that they can be used, credentials are loaded from the environment. If multiple sources are configured, the first source is used.
type Options ¶ added in v1.1.1
type Options struct { // Region helps create the clients with correct endpoints. Region string // CredentialsSource defines how the credentials will be loaded. // It supports various methods of sourcing credentials. But if none // of the supported sources are configured such that they can be used, // credentials are loaded from the environment. // If multiple sources are configured, the first source is used. CredentialsSource CredentialsSource }
Options provides the means to control how a client is created and what configuration values will be loaded.
type SecretCredentialsSource ¶ added in v1.1.1
type SecretCredentialsSource struct { Namespace string Ref *corev1.LocalObjectReference }
Secret credentials source loads the credentials from a secret. It supports static credentials in the secret provided by aws_access_key_id, and aws_access_secret key. It also supports loading credentials from AWS cli config provided in aws_config key. This source is used only when the Secret name is not empty.