aws

package
v0.1.39 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2024 License: Apache-2.0 Imports: 43 Imported by: 3

Documentation

Index

Constants

View Source 
const (
	DefaultCIDRBlock = "10.0.0.0/16"
)

Variables

This section is empty.

Functions

func BindOptions added in v0.1.38 

func BindOptions(opts *DelegatedAWSCredentialOptions, flags *pflag.FlagSet)

func DefaultProfileName 

func DefaultProfileName(infraID string) string

func NewCreateCLIRoleCommand added in v0.1.31 

func NewCreateCLIRoleCommand() *cobra.Command

func NewCreateCommand 

func NewCreateCommand() *cobra.Command

func NewCreateIAMCommand 

func NewCreateIAMCommand() *cobra.Command

func NewDestroyCommand 

func NewDestroyCommand() *cobra.Command

func NewDestroyIAMCommand 

func NewDestroyIAMCommand() *cobra.Command

func ZoneName 

func ZoneName(clusterName, prefix, baseDomain string) string

Types

type CreateCLIRoleOptions added in v0.1.31 

type CreateCLIRoleOptions struct {
	AWSCredentialsFile string
	RoleName           string
	AdditionalTags     map[string]string
}

func (*CreateCLIRoleOptions) ParseAdditionalTags added in v0.1.31 

func (o *CreateCLIRoleOptions) ParseAdditionalTags() ([]*iam.Tag, error)

func (*CreateCLIRoleOptions) Run added in v0.1.31 

func (o *CreateCLIRoleOptions) Run(ctx context.Context) error

type CreateIAMOptions 

type CreateIAMOptions struct {
	Region                          string
	AWSCredentialsOpts              awsutil.AWSCredentialsOptions
	OIDCStorageProviderS3BucketName string
	OIDCStorageProviderS3Region     string
	PublicZoneID                    string
	PrivateZoneID                   string
	LocalZoneID                     string
	InfraID                         string
	IssuerURL                       string
	OutputFile                      string
	KMSKeyARN                       string
	AdditionalTags                  []string

	CredentialsSecretData *util.CredentialsSecretData
	// contains filtered or unexported fields
}

func (*CreateIAMOptions) CreateIAM 

func (o *CreateIAMOptions) CreateIAM(ctx context.Context, client crclient.Client) (*CreateIAMOutput, error)

func (*CreateIAMOptions) CreateOIDCProvider added in v0.1.4 

func (o *CreateIAMOptions) CreateOIDCProvider(iamClient iamiface.IAMAPI) (string, error)

func (*CreateIAMOptions) CreateOIDCResources 

func (o *CreateIAMOptions) CreateOIDCResources(iamClient iamiface.IAMAPI) (*CreateIAMOutput, error)

inputs: none outputs rsa keypair

func (*CreateIAMOptions) CreateOIDCRole 

func (o *CreateIAMOptions) CreateOIDCRole(client iamiface.IAMAPI, name, trustPolicy, permPolicy string) (string, error)

CreateOIDCRole create an IAM Role with a trust policy for the OIDC provider

func (*CreateIAMOptions) CreateWorkerInstanceProfile 

func (o *CreateIAMOptions) CreateWorkerInstanceProfile(client iamiface.IAMAPI, profileName string) error

func (*CreateIAMOptions) Output added in v0.1.37 

func (o *CreateIAMOptions) Output(results *CreateIAMOutput) error

func (*CreateIAMOptions) ParseAdditionalTags added in v0.1.6 

func (o *CreateIAMOptions) ParseAdditionalTags() error

func (*CreateIAMOptions) Run 

func (o *CreateIAMOptions) Run(ctx context.Context, client crclient.Client) error

type CreateIAMOutput 

type CreateIAMOutput struct {
	Region             string              `json:"region"`
	ProfileName        string              `json:"profileName"`
	InfraID            string              `json:"infraID"`
	IssuerURL          string              `json:"issuerURL"`
	Roles              hyperv1.AWSRolesRef `json:"roles"`
	KMSKeyARN          string              `json:"kmsKeyARN"`
	KMSProviderRoleARN string              `json:"kmsProviderRoleARN"`
}

type CreateIAMRoleOptions added in v0.1.31 

type CreateIAMRoleOptions struct {
	RoleName          string
	TrustPolicy       string
	PermissionsPolicy string
	// contains filtered or unexported fields
}

func (*CreateIAMRoleOptions) CreateRoleWithInlinePolicy added in v0.1.31 

func (o *CreateIAMRoleOptions) CreateRoleWithInlinePolicy(ctx context.Context, client iamiface.IAMAPI) (string, error)

type CreateInfraOptions 

type CreateInfraOptions struct {
	AWSCredentialsOpts awsutil.AWSCredentialsOptions
	Region             string
	InfraID            string
	Name               string
	BaseDomain         string
	BaseDomainPrefix   string
	Zones              []string
	OutputFile         string
	AdditionalTags     []string
	EnableProxy        bool
	SSHKeyFile         string
	SingleNATGateway   bool

	CredentialsSecretData *util.CredentialsSecretData
	// contains filtered or unexported fields
}

func (*CreateInfraOptions) CreateDHCPOptions 

func (o *CreateInfraOptions) CreateDHCPOptions(l logr.Logger, client ec2iface.EC2API, vpcID string) error

func (*CreateInfraOptions) CreateInfra 

func (o *CreateInfraOptions) CreateInfra(ctx context.Context, l logr.Logger) (*CreateInfraOutput, error)

func (*CreateInfraOptions) CreateInternetGateway 

func (o *CreateInfraOptions) CreateInternetGateway(l logr.Logger, client ec2iface.EC2API, vpcID string) (string, error)

func (*CreateInfraOptions) CreateNATGateway 

func (o *CreateInfraOptions) CreateNATGateway(l logr.Logger, client ec2iface.EC2API, publicSubnetID, availabilityZone string) (string, error)

func (*CreateInfraOptions) CreatePrivateRouteTable 

func (o *CreateInfraOptions) CreatePrivateRouteTable(l logr.Logger, client ec2iface.EC2API, vpcID, natGatewayID, subnetID, zone string) (string, error)

func (*CreateInfraOptions) CreatePrivateSubnet 

func (o *CreateInfraOptions) CreatePrivateSubnet(l logr.Logger, client ec2iface.EC2API, vpcID string, zone string, cidr string) (string, error)

func (*CreateInfraOptions) CreatePrivateZone 

func (o *CreateInfraOptions) CreatePrivateZone(ctx context.Context, client route53iface.Route53API, name, vpcID string) (string, error)

func (*CreateInfraOptions) CreatePublicRouteTable 

func (o *CreateInfraOptions) CreatePublicRouteTable(l logr.Logger, client ec2iface.EC2API, vpcID, igwID string, subnetIDs []string) (string, error)

func (*CreateInfraOptions) CreatePublicSubnet 

func (o *CreateInfraOptions) CreatePublicSubnet(l logr.Logger, client ec2iface.EC2API, vpcID string, zone string, cidr string) (string, error)

func (*CreateInfraOptions) CreateSubnet 

func (o *CreateInfraOptions) CreateSubnet(l logr.Logger, client ec2iface.EC2API, vpcID, zone, cidr, name, scopeTag string) (string, error)

func (*CreateInfraOptions) CreateVPCS3Endpoint 

func (o *CreateInfraOptions) CreateVPCS3Endpoint(l logr.Logger, client ec2iface.EC2API, vpcID string, routeTableIds []*string) error

func (*CreateInfraOptions) LookupPublicZone 

func (o *CreateInfraOptions) LookupPublicZone(ctx context.Context, client route53iface.Route53API) (string, error)

func (*CreateInfraOptions) Output added in v0.1.37 

func (o *CreateInfraOptions) Output(result *CreateInfraOutput) error

func (*CreateInfraOptions) Run 

func (o *CreateInfraOptions) Run(ctx context.Context, l logr.Logger) error

type CreateInfraOutput 

type CreateInfraOutput struct {
	Region           string                   `json:"region"`
	Zone             string                   `json:"zone"`
	InfraID          string                   `json:"infraID"`
	MachineCIDR      string                   `json:"machineCIDR"`
	VPCID            string                   `json:"vpcID"`
	Zones            []*CreateInfraOutputZone `json:"zones"`
	Name             string                   `json:"Name"`
	BaseDomain       string                   `json:"baseDomain"`
	BaseDomainPrefix string                   `json:"baseDomainPrefix"`
	PublicZoneID     string                   `json:"publicZoneID"`
	PrivateZoneID    string                   `json:"privateZoneID"`
	LocalZoneID      string                   `json:"localZoneID"`
	ProxyAddr        string                   `json:"proxyAddr"`
}

type CreateInfraOutputZone 

type CreateInfraOutputZone struct {
	Name     string `json:"name"`
	SubnetID string `json:"subnetID"`
}

type DelegatedAWSCredentialOptions added in v0.1.38 

type DelegatedAWSCredentialOptions struct {
	AWSCredentialsOpts *awsutil.AWSCredentialsOptions

	AWSEbsCsiDriverControllerCredentialsFile    string
	CloudControllerCredentialsFile              string
	CloudNetworkConfigControllerCredentialsFile string
	ControlPlaneOperatorCredentialsFile         string
	NodePoolCredentialsFile                     string
	OpenshiftImageRegistryCredentialsFile       string
}

func DefaultDelegatedAWSCredentialOptions added in v0.1.38 

func DefaultDelegatedAWSCredentialOptions() *DelegatedAWSCredentialOptions

func (*DelegatedAWSCredentialOptions) Validate added in v0.1.38 

func (o *DelegatedAWSCredentialOptions) Validate() error

type DelegatingClient added in v0.1.38 

type DelegatingClient struct {
	ec2iface.EC2API
	elbiface.ELBAPI
	elbv2iface.ELBV2API
	route53iface.Route53API
	s3iface.S3API
}

DelegatingClient embeds clients for AWS services we have privileges to use with guest cluster component roles.

func NewDelegatingClient added in v0.1.38 

func NewDelegatingClient(
	awsEbsCsiDriverControllerCredentialsFile string,
	cloudControllerCredentialsFile string,
	cloudNetworkConfigControllerCredentialsFile string,
	controlPlaneOperatorCredentialsFile string,
	nodePoolCredentialsFile string,
	openshiftImageRegistryCredentialsFile string,
) (*DelegatingClient, error)

NewDelegatingClient creates a new set of AWS service clients that delegate individual calls to the right credentials.

type DestroyIAMOptions 

type DestroyIAMOptions struct {
	Region             string
	AWSCredentialsOpts awsutil.AWSCredentialsOptions
	InfraID            string
	Log                logr.Logger

	CredentialsSecretData *util.CredentialsSecretData
}

func (*DestroyIAMOptions) DestroyIAM 

func (o *DestroyIAMOptions) DestroyIAM(ctx context.Context) error

func (*DestroyIAMOptions) DestroyOIDCResources 

func (o *DestroyIAMOptions) DestroyOIDCResources(ctx context.Context, iamClient iamiface.IAMAPI) error

func (*DestroyIAMOptions) DestroyOIDCRole 

func (o *DestroyIAMOptions) DestroyOIDCRole(client iamiface.IAMAPI, name string) error

CreateOIDCRole create an IAM Role with a trust policy for the OIDC provider

func (*DestroyIAMOptions) DestroyWorkerInstanceProfile 

func (o *DestroyIAMOptions) DestroyWorkerInstanceProfile(client iamiface.IAMAPI) error

func (*DestroyIAMOptions) Run 

func (o *DestroyIAMOptions) Run(ctx context.Context) error

type DestroyInfraOptions 

type DestroyInfraOptions struct {
	Region              string
	InfraID             string
	AWSCredentialsOpts  *DelegatedAWSCredentialOptions
	Name                string
	BaseDomain          string
	BaseDomainPrefix    string
	AwsInfraGracePeriod time.Duration
	Log                 logr.Logger

	CredentialsSecretData *util.CredentialsSecretData

	AWSEbsCsiDriverControllerCredentialsFile    string
	CloudControllerCredentialsFile              string
	CloudNetworkConfigControllerCredentialsFile string
	ControlPlaneOperatorCredentialsFile         string
	NodePoolCredentialsFile                     string
	OpenshiftImageRegistryCredentialsFile       string
}

func (*DestroyInfraOptions) CleanupPublicZone 

func (o *DestroyInfraOptions) CleanupPublicZone(ctx context.Context, client route53iface.Route53API) error

func (*DestroyInfraOptions) DestroyDHCPOptions 

func (o *DestroyInfraOptions) DestroyDHCPOptions(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyDNS 

func (o *DestroyInfraOptions) DestroyDNS(ctx context.Context, client route53iface.Route53API) []error

func (*DestroyInfraOptions) DestroyEIPs 

func (o *DestroyInfraOptions) DestroyEIPs(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyInfra 

func (o *DestroyInfraOptions) DestroyInfra(ctx context.Context) error

func (*DestroyInfraOptions) DestroyInternetGateways 

func (o *DestroyInfraOptions) DestroyInternetGateways(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyNATGateways 

func (o *DestroyInfraOptions) DestroyNATGateways(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyPrivateZones 

func (o *DestroyInfraOptions) DestroyPrivateZones(ctx context.Context, client route53iface.Route53API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyRouteTables 

func (o *DestroyInfraOptions) DestroyRouteTables(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyS3Buckets 

func (o *DestroyInfraOptions) DestroyS3Buckets(ctx context.Context, client s3iface.S3API) []error

func (*DestroyInfraOptions) DestroySecurityGroups 

func (o *DestroyInfraOptions) DestroySecurityGroups(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroySubnets 

func (o *DestroyInfraOptions) DestroySubnets(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyV1ELBs 

func (o *DestroyInfraOptions) DestroyV1ELBs(ctx context.Context, client elbiface.ELBAPI, vpcID *string) []error

func (*DestroyInfraOptions) DestroyV2ELBs 

func (o *DestroyInfraOptions) DestroyV2ELBs(ctx context.Context, client elbv2iface.ELBV2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyVPCEndpointServices 

func (o *DestroyInfraOptions) DestroyVPCEndpointServices(ctx context.Context, client ec2iface.EC2API) []error

func (*DestroyInfraOptions) DestroyVPCEndpoints 

func (o *DestroyInfraOptions) DestroyVPCEndpoints(ctx context.Context, client ec2iface.EC2API, vpcID *string) []error

func (*DestroyInfraOptions) DestroyVPCs 

func (o *DestroyInfraOptions) DestroyVPCs(ctx context.Context, ec2client ec2iface.EC2API, elbclient elbiface.ELBAPI, elbv2client elbv2iface.ELBV2API, route53client route53iface.Route53API) []error

func (*DestroyInfraOptions) Run 

func (o *DestroyInfraOptions) Run(ctx context.Context) error

func (*DestroyInfraOptions) Validate added in v0.1.38 

func (o *DestroyInfraOptions) Validate() error

type EndpointsByService added in v0.1.38 

type EndpointsByService map[string][]string

type ServicesByDelegate added in v0.1.38 

type ServicesByDelegate map[string]EndpointsByService

func APIsByDelegatedServices added in v0.1.38 

func APIsByDelegatedServices() (ServicesByDelegate, error)

APIsByDelegatedServices uses the known policies and their bindings to cluster components in order to create a mapping of AWS services to delegates for each cluster component, recording the APIs that each component has access to with their limited credentials.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.