aws

package
v0.1.54 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2025 License: Apache-2.0 Imports: 46 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	DefaultCIDRBlock = "10.0.0.0/16"
)

Variables

This section is empty.

Functions

func BindOptions added in v0.1.38 

func BindOptions(opts *DelegatedAWSCredentialOptions, flags *pflag.FlagSet)

func DefaultProfileName 

func DefaultProfileName(infraID string) string

func LookupZone added in v0.1.47 

func LookupZone(ctx context.Context, client route53iface.Route53API, name string, isPrivateZone bool) (string, error)

func NewCreateCLIRoleCommand added in v0.1.31 

func NewCreateCLIRoleCommand() *cobra.Command

func NewCreateCommand 

func NewCreateCommand() *cobra.Command

func NewCreateIAMCommand 

func NewCreateIAMCommand() *cobra.Command

func NewDestroyCommand 

func NewDestroyCommand() *cobra.Command

func NewDestroyIAMCommand 

func NewDestroyIAMCommand() *cobra.Command

func ZoneName 

func ZoneName(clusterName, prefix, baseDomain string) string

Types

type CreateCLIRoleOptions added in v0.1.31 

type CreateCLIRoleOptions struct {
	AWSCredentialsFile string
	RoleName           string
	AdditionalTags     map[string]string
}

func (*CreateCLIRoleOptions) ParseAdditionalTags added in v0.1.31 

func (o *CreateCLIRoleOptions) ParseAdditionalTags() ([]*iam.Tag, error)

func (*CreateCLIRoleOptions) Run added in v0.1.31 

func (o *CreateCLIRoleOptions) Run(ctx context.Context, logger logr.Logger) error

type CreateIAMOptions 

type CreateIAMOptions struct {
	Region                          string
	AWSCredentialsOpts              awsutil.AWSCredentialsOptions
	OIDCStorageProviderS3BucketName string
	OIDCStorageProviderS3Region     string
	PublicZoneID                    string
	PrivateZoneID                   string
	LocalZoneID                     string
	InfraID                         string
	IssuerURL                       string
	OutputFile                      string
	KMSKeyARN                       string
	AdditionalTags                  []string
	VPCOwnerCredentialsOpts         awsutil.AWSCredentialsOptions
	PrivateZonesInClusterAccount    bool

	CredentialsSecretData *util.CredentialsSecretData

	CreateKarpenterRoleARN bool
	// contains filtered or unexported fields
}

func (*CreateIAMOptions) CreateIAM 

func (o *CreateIAMOptions) CreateIAM(ctx context.Context, client crclient.Client, logger logr.Logger) (*CreateIAMOutput, error)

func (*CreateIAMOptions) CreateOIDCProvider added in v0.1.4 

func (o *CreateIAMOptions) CreateOIDCProvider(iamClient iamiface.IAMAPI, logger logr.Logger) (string, error)

func (*CreateIAMOptions) CreateOIDCResources 

func (o *CreateIAMOptions) CreateOIDCResources(iamClient iamiface.IAMAPI, logger logr.Logger, sharedVPC bool) (*CreateIAMOutput, error)

inputs: none outputs rsa keypair

func (*CreateIAMOptions) CreateOIDCRole 

func (o *CreateIAMOptions) CreateOIDCRole(client iamiface.IAMAPI, name, trustPolicy, permPolicy string, allowAssume bool, logger logr.Logger) (string, error)

CreateOIDCRole create an IAM Role with a trust policy for the OIDC provider

func (*CreateIAMOptions) CreateSharedVPCEndpointRole added in v0.1.52 

func (o *CreateIAMOptions) CreateSharedVPCEndpointRole(iamClient iamiface.IAMAPI, logger logr.Logger, controlPlaneRole string) (string, error)

func (*CreateIAMOptions) CreateSharedVPCRoute53Role added in v0.1.52 

func (o *CreateIAMOptions) CreateSharedVPCRoute53Role(iamClient iamiface.IAMAPI, logger logr.Logger, ingressRole, controlPlaneRole string) (string, error)

func (*CreateIAMOptions) CreateWorkerInstanceProfile 

func (o *CreateIAMOptions) CreateWorkerInstanceProfile(client iamiface.IAMAPI, profileName string, logger logr.Logger) error

func (*CreateIAMOptions) Output added in v0.1.37 

func (o *CreateIAMOptions) Output(results *CreateIAMOutput) error

func (*CreateIAMOptions) ParseAdditionalTags added in v0.1.6 

func (o *CreateIAMOptions) ParseAdditionalTags() error

func (*CreateIAMOptions) Run 

func (o *CreateIAMOptions) Run(ctx context.Context, client crclient.Client, logger logr.Logger) error

type CreateIAMOutput 

type CreateIAMOutput struct {
	Region             string              `json:"region"`
	ProfileName        string              `json:"profileName"`
	InfraID            string              `json:"infraID"`
	IssuerURL          string              `json:"issuerURL"`
	Roles              hyperv1.AWSRolesRef `json:"roles"`
	KMSKeyARN          string              `json:"kmsKeyARN"`
	KMSProviderRoleARN string              `json:"kmsProviderRoleARN"`

	SharedIngressRoleARN      string `json:"sharedIngressRoleARN,omitempty"`
	SharedControlPlaneRoleARN string `json:"sharedControlPlaneRoleARN,omitempty"`

	KarpenterRoleARN string `json:"karpenterRoleARN,omitempty"`
}

type CreateIAMRoleOptions added in v0.1.31 

type CreateIAMRoleOptions struct {
	RoleName          string
	TrustPolicy       string
	PermissionsPolicy string
	AllowAssume       bool
	// contains filtered or unexported fields
}

func (*CreateIAMRoleOptions) CreateRoleWithInlinePolicy added in v0.1.31 

func (o *CreateIAMRoleOptions) CreateRoleWithInlinePolicy(ctx context.Context, logger logr.Logger, client iamiface.IAMAPI) (string, error)

type CreateInfraOptions 

type CreateInfraOptions struct {
	AWSCredentialsOpts          awsutil.AWSCredentialsOptions
	Region                      string
	InfraID                     string
	Name                        string
	BaseDomain                  string
	BaseDomainPrefix            string
	Zones                       []string
	OutputFile                  string
	AdditionalTags              []string
	EnableProxy                 bool
	ProxyVPCEndpointServiceName string
	SSHKeyFile                  string
	SingleNATGateway            bool
	VPCCIDR                     string

	CredentialsSecretData *util.CredentialsSecretData

	VPCOwnerCredentialOpts       awsutil.AWSCredentialsOptions
	PrivateZonesInClusterAccount bool

	PublicOnly bool
	// contains filtered or unexported fields
}

func (*CreateInfraOptions) CreateDHCPOptions 

func (o *CreateInfraOptions) CreateDHCPOptions(l logr.Logger, client ec2iface.EC2API, vpcID string) error

func (*CreateInfraOptions) CreateInfra 

func (o *CreateInfraOptions) CreateInfra(ctx context.Context, l logr.Logger) (*CreateInfraOutput, error)

func (*CreateInfraOptions) CreateInternetGateway 

func (o *CreateInfraOptions) CreateInternetGateway(l logr.Logger, client ec2iface.EC2API, vpcID string) (string, error)

func (*CreateInfraOptions) CreateNATGateway 

func (o *CreateInfraOptions) CreateNATGateway(l logr.Logger, client ec2iface.EC2API, publicSubnetID, availabilityZone string) (string, error)

func (*CreateInfraOptions) CreatePrivateRouteTable 

func (o *CreateInfraOptions) CreatePrivateRouteTable(l logr.Logger, client ec2iface.EC2API, vpcID, natGatewayID, subnetID, zone string) (string, error)

func (*CreateInfraOptions) CreatePrivateSubnet 

func (o *CreateInfraOptions) CreatePrivateSubnet(l logr.Logger, client ec2iface.EC2API, vpcID string, zone string, cidr string) (string, error)

func (*CreateInfraOptions) CreatePrivateZone 

func (o *CreateInfraOptions) CreatePrivateZone(ctx context.Context, logger logr.Logger, client route53iface.Route53API, name, vpcID string, authorizeAssociation bool, vpcOwnerClient route53iface.Route53API, initialVPC string) (string, error)

func (*CreateInfraOptions) CreatePublicRouteTable 

func (o *CreateInfraOptions) CreatePublicRouteTable(l logr.Logger, client ec2iface.EC2API, vpcID, igwID string, subnetIDs []string) (string, error)

func (*CreateInfraOptions) CreatePublicSubnet 

func (o *CreateInfraOptions) CreatePublicSubnet(l logr.Logger, client ec2iface.EC2API, vpcID string, zone string, cidr string) (string, error)

func (*CreateInfraOptions) CreateSubnet 

func (o *CreateInfraOptions) CreateSubnet(l logr.Logger, client ec2iface.EC2API, vpcID, zone, cidr, name, scopeTag string, additionalTags []*ec2.Tag) (string, error)

func (*CreateInfraOptions) CreateVPCS3Endpoint 

func (o *CreateInfraOptions) CreateVPCS3Endpoint(l logr.Logger, client ec2iface.EC2API, vpcID string, routeTableIds []*string) error

func (*CreateInfraOptions) LookupPublicZone 

func (o *CreateInfraOptions) LookupPublicZone(ctx context.Context, logger logr.Logger, client route53iface.Route53API) (string, error)

func (*CreateInfraOptions) Output added in v0.1.37 

func (o *CreateInfraOptions) Output(result *CreateInfraOutput) error

func (*CreateInfraOptions) Run 

func (o *CreateInfraOptions) Run(ctx context.Context, l logr.Logger) error

type CreateInfraOutput 

type CreateInfraOutput struct {
	Region           string                   `json:"region"`
	Zone             string                   `json:"zone"`
	InfraID          string                   `json:"infraID"`
	MachineCIDR      string                   `json:"machineCIDR"`
	VPCID            string                   `json:"vpcID"`
	Zones            []*CreateInfraOutputZone `json:"zones"`
	Name             string                   `json:"Name"`
	BaseDomain       string                   `json:"baseDomain"`
	BaseDomainPrefix string                   `json:"baseDomainPrefix"`
	PublicZoneID     string                   `json:"publicZoneID"`
	PrivateZoneID    string                   `json:"privateZoneID"`
	LocalZoneID      string                   `json:"localZoneID"`
	ProxyAddr        string                   `json:"proxyAddr"`
	PublicOnly       bool                     `json:"publicOnly"`

	// Fields related to shared VPCs
	VPCCreatorAccountID string `json:"vpcCreatorAccountID"`
	ClusterAccountID    string `json:"clusterAccountID"`
}

type CreateInfraOutputZone 

type CreateInfraOutputZone struct {
	Name     string `json:"name"`
	SubnetID string `json:"subnetID"`
}

type DelegatedAWSCredentialOptions added in v0.1.38 

type DelegatedAWSCredentialOptions struct {
	AWSCredentialsOpts *awsutil.AWSCredentialsOptions

	AWSEbsCsiDriverControllerCredentialsFile    string
	CloudControllerCredentialsFile              string
	CloudNetworkConfigControllerCredentialsFile string
	ControlPlaneOperatorCredentialsFile         string
	NodePoolCredentialsFile                     string
	OpenshiftImageRegistryCredentialsFile       string
}

func DefaultDelegatedAWSCredentialOptions added in v0.1.38 

func DefaultDelegatedAWSCredentialOptions() *DelegatedAWSCredentialOptions

func (*DelegatedAWSCredentialOptions) Validate added in v0.1.38 

func (o *DelegatedAWSCredentialOptions) Validate() error

type DelegatingClient added in v0.1.38 

type DelegatingClient struct {
	ec2iface.EC2API
	elbiface.ELBAPI
	elbv2iface.ELBV2API
	route53iface.Route53API
	s3iface.S3API
}

DelegatingClient embeds clients for AWS services we have privileges to use with guest cluster component roles.

func NewDelegatingClient added in v0.1.38 

func NewDelegatingClient(
	awsEbsCsiDriverControllerCredentialsFile string,
	cloudControllerCredentialsFile string,
	cloudNetworkConfigControllerCredentialsFile string,
	controlPlaneOperatorCredentialsFile string,
	nodePoolCredentialsFile string,
	openshiftImageRegistryCredentialsFile string,
) (*DelegatingClient, error)

NewDelegatingClient creates a new set of AWS service clients that delegate individual calls to the right credentials.

type DestroyIAMOptions 

type DestroyIAMOptions struct {
	Region             string
	AWSCredentialsOpts awsutil.AWSCredentialsOptions
	InfraID            string
	Log                logr.Logger

	VPCOwnerCredentialsOpts      awsutil.AWSCredentialsOptions
	PrivateZonesInClusterAccount bool

	CredentialsSecretData *util.CredentialsSecretData
}

func (*DestroyIAMOptions) DestroyIAM 

func (o *DestroyIAMOptions) DestroyIAM(ctx context.Context) error

func (*DestroyIAMOptions) DestroyOIDCResources 

func (o *DestroyIAMOptions) DestroyOIDCResources(ctx context.Context, iamClient iamiface.IAMAPI) error

func (*DestroyIAMOptions) DestroyOIDCRole 

func (o *DestroyIAMOptions) DestroyOIDCRole(client iamiface.IAMAPI, name string, includeAssumePolicy bool) error

CreateOIDCRole create an IAM Role with a trust policy for the OIDC provider

func (*DestroyIAMOptions) DestroySharedVPCRoles added in v0.1.49 

func (o *DestroyIAMOptions) DestroySharedVPCRoles(ctx context.Context, iamClient, vpcOwnerIAMClient iamiface.IAMAPI) error

func (*DestroyIAMOptions) DestroyWorkerInstanceProfile 

func (o *DestroyIAMOptions) DestroyWorkerInstanceProfile(client iamiface.IAMAPI) error

func (*DestroyIAMOptions) Run 

func (o *DestroyIAMOptions) Run(ctx context.Context) error

type DestroyInfraOptions 

type DestroyInfraOptions struct {
	Region              string
	InfraID             string
	AWSCredentialsOpts  *DelegatedAWSCredentialOptions
	Name                string
	BaseDomain          string
	BaseDomainPrefix    string
	AwsInfraGracePeriod time.Duration
	Log                 logr.Logger

	CredentialsSecretData *util.CredentialsSecretData

	AWSEbsCsiDriverControllerCredentialsFile    string
	CloudControllerCredentialsFile              string
	CloudNetworkConfigControllerCredentialsFile string
	ControlPlaneOperatorCredentialsFile         string
	NodePoolCredentialsFile                     string
	OpenshiftImageRegistryCredentialsFile       string

	VPCOwnerCredentialsOpts      awsutil.AWSCredentialsOptions
	PrivateZonesInClusterAccount bool
}

func (*DestroyInfraOptions) CleanupPublicZone 

func (o *DestroyInfraOptions) CleanupPublicZone(ctx context.Context, client route53iface.Route53API) error

func (*DestroyInfraOptions) DestroyDHCPOptions 

func (o *DestroyInfraOptions) DestroyDHCPOptions(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyDNS 

func (o *DestroyInfraOptions) DestroyDNS(ctx context.Context, client route53iface.Route53API) []error

func (*DestroyInfraOptions) DestroyEIPs 

func (o *DestroyInfraOptions) DestroyEIPs(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyInfra 

func (o *DestroyInfraOptions) DestroyInfra(ctx context.Context) error

func (*DestroyInfraOptions) DestroyInternetGateways 

func (o *DestroyInfraOptions) DestroyInternetGateways(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyNATGateways 

func (o *DestroyInfraOptions) DestroyNATGateways(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyPrivateZones 

func (o *DestroyInfraOptions) DestroyPrivateZones(ctx context.Context, listClient, recordsClient route53iface.Route53API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyRouteTables 

func (o *DestroyInfraOptions) DestroyRouteTables(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyS3Buckets 

func (o *DestroyInfraOptions) DestroyS3Buckets(ctx context.Context, client s3iface.S3API) []error

func (*DestroyInfraOptions) DestroySecurityGroups 

func (o *DestroyInfraOptions) DestroySecurityGroups(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroySubnets 

func (o *DestroyInfraOptions) DestroySubnets(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyV1ELBs 

func (o *DestroyInfraOptions) DestroyV1ELBs(ctx context.Context, client elbiface.ELBAPI, vpcID *string) []error

func (*DestroyInfraOptions) DestroyV2ELBs 

func (o *DestroyInfraOptions) DestroyV2ELBs(ctx context.Context, client elbv2iface.ELBV2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyVPCEndpointServices 

func (o *DestroyInfraOptions) DestroyVPCEndpointServices(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyVPCEndpoints 

func (o *DestroyInfraOptions) DestroyVPCEndpoints(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyVPCShare added in v0.1.49 

func (o *DestroyInfraOptions) DestroyVPCShare(ctx context.Context, client ramiface.RAMAPI) []error

func (*DestroyInfraOptions) DestroyVPCs 

func (o *DestroyInfraOptions) DestroyVPCs(ctx context.Context,
	ec2client ec2iface.EC2API,
	vpcOwnerEC2Client ec2iface.EC2API,
	elbclient elbiface.ELBAPI,
	elbv2client elbv2iface.ELBV2API,
	route53listClient route53iface.Route53API,
	route53client route53iface.Route53API,
	ramClient ramiface.RAMAPI) []error

func (*DestroyInfraOptions) Run 

func (o *DestroyInfraOptions) Run(ctx context.Context) error

func (*DestroyInfraOptions) Validate added in v0.1.38 

func (o *DestroyInfraOptions) Validate() error

type EndpointsByService added in v0.1.38 

type EndpointsByService map[string][]string

type ServicesByDelegate added in v0.1.38 

type ServicesByDelegate map[string]EndpointsByService

func APIsByDelegatedServices added in v0.1.38 

func APIsByDelegatedServices() (ServicesByDelegate, error)

APIsByDelegatedServices uses the known policies and their bindings to cluster components in order to create a mapping of AWS services to delegates for each cluster component, recording the APIs that each component has access to with their limited credentials.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.