Documentation ¶
Overview ¶
Package aws collects AWS-specific configuration.
Package aws collects AWS-specific configuration.
Index ¶
- Variables
- func DescribePublicIpv4Pool(ctx context.Context, session *session.Session, region string, poolID string) (*ec2.PublicIpv4Pool, error)
- func DescribeSecurityGroups(ctx context.Context, session *session.Session, securityGroupIDs []string, ...) ([]*ec2.SecurityGroup, error)
- func GetBaseDomain() (string, error)
- func GetPublicZone(sess *session.Session, name string) (*route53.HostedZone, error)
- func GetR53ClientCfg(sess *awss.Session, roleARN string) *aws.Config
- func GetSession() (*session.Session, error)
- func GetSessionWithOptions(optFuncs ...SessionOptions) (*session.Session, error)
- func IsForbidden(err error) bool
- func IsKnownPublicRegion(region string, architecture types.Architecture) bool
- func IsStaticCredentials(credsValue credentials.Value) bool
- func PermissionsList(required []PermissionGroup) ([]string, error)
- func Platform() (*aws.Platform, error)
- func PresignedS3URL(session *session.Session, region string, bucket string, object string) (string, error)
- func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig) error
- func ValidateCreds(ssn *session.Session, groups []PermissionGroup, region string) error
- func ValidateForProvisioning(client API, ic *types.InstallConfig, metadata *Metadata) error
- type API
- type Client
- func (c *Client) CreateHostedZone(ctx context.Context, input *HostedZoneInput) (*route53.HostedZone, error)
- func (c *Client) CreateOrUpdateRecord(ctx context.Context, ic *types.InstallConfig, target string, intTarget string, ...) error
- func (c *Client) GetBaseDomain(baseDomainName string) (*route53.HostedZone, error)
- func (c *Client) GetHostedZone(hostedZone string, cfg *aws.Config) (*route53.GetHostedZoneOutput, error)
- func (c *Client) GetSubDomainDNSRecords(hostedZone *route53.HostedZone, ic *types.InstallConfig, cfg *aws.Config) ([]string, error)
- func (c *Client) ValidateZoneRecords(zone *route53.HostedZone, zoneName string, zonePath *field.Path, ...) field.ErrorList
- type HostedZoneInput
- type InstanceType
- type Metadata
- func (m *Metadata) AllZones(ctx context.Context) (Zones, error)
- func (m *Metadata) AvailabilityZones(ctx context.Context) ([]string, error)
- func (m *Metadata) EdgeSubnets(ctx context.Context) (Subnets, error)
- func (m *Metadata) EdgeZones(ctx context.Context) ([]string, error)
- func (m *Metadata) InstanceTypes(ctx context.Context) (map[string]InstanceType, error)
- func (m *Metadata) PrivateSubnets(ctx context.Context) (Subnets, error)
- func (m *Metadata) PublicSubnets(ctx context.Context) (Subnets, error)
- func (m *Metadata) Session(ctx context.Context) (*session.Session, error)
- func (m *Metadata) SetZoneAttributes(ctx context.Context, zoneNames []string, zones Zones) error
- func (m *Metadata) VPC(ctx context.Context) (string, error)
- type PermissionGroup
- type SessionOptions
- type Subnet
- type SubnetGroups
- type Subnets
- type Zone
- type Zones
Constants ¶
This section is empty.
Variables ¶
var HostedZoneIDPerRegionNLBMap = map[string]string{ endpoints.AfSouth1RegionID: "Z203XCE67M25HM", endpoints.ApEast1RegionID: "Z12Y7K3UBGUAD1", endpoints.ApNortheast1RegionID: "Z31USIVHYNEOWT", endpoints.ApNortheast2RegionID: "ZIBE1TIR4HY56", endpoints.ApNortheast3RegionID: "Z1GWIQ4HH19I5X", endpoints.ApSouth1RegionID: "ZVDDRBQ08TROA", endpoints.ApSouth2RegionID: "Z0711778386UTO08407HT", endpoints.ApSoutheast1RegionID: "ZKVM4W9LS7TM", endpoints.ApSoutheast2RegionID: "ZCT6FZBF4DROD", endpoints.ApSoutheast3RegionID: "Z01971771FYVNCOVWJU1G", endpoints.ApSoutheast4RegionID: "Z01156963G8MIIL7X90IV", endpoints.CaCentral1RegionID: "Z2EPGBW3API2WT", endpoints.CnNorth1RegionID: "Z3QFB96KMJ7ED6", endpoints.CnNorthwest1RegionID: "ZQEIKTCZ8352D", endpoints.EuCentral1RegionID: "Z3F0SRJ5LGBH90", endpoints.EuCentral2RegionID: "Z02239872DOALSIDCX66S", endpoints.EuNorth1RegionID: "Z1UDT6IFJ4EJM", endpoints.EuSouth1RegionID: "Z23146JA1KNAFP", endpoints.EuSouth2RegionID: "Z1011216NVTVYADP1SSV", endpoints.EuWest1RegionID: "Z2IFOLAFXWLO4F", endpoints.EuWest2RegionID: "ZD4D7Y8KGAS4G", endpoints.EuWest3RegionID: "Z1CMS0P5QUZ6D5", endpoints.MeCentral1RegionID: "Z00282643NTTLPANJJG2P", endpoints.MeSouth1RegionID: "Z3QSRYVP46NYYV", endpoints.SaEast1RegionID: "ZTK26PT1VY4CU", endpoints.UsEast1RegionID: "Z26RNL4JYFTOTI", endpoints.UsEast2RegionID: "ZLMOA37VPKANP", endpoints.UsGovEast1RegionID: "Z1ZSMQQ6Q24QQ8", endpoints.UsGovWest1RegionID: "ZMG1MZ2THAWF1", endpoints.UsWest1RegionID: "Z24FKFUX50B4VW", endpoints.UsWest2RegionID: "Z18D5FSROUN65G", }
HostedZoneIDPerRegionNLBMap maps HostedZoneIDs from known regions.
Functions ¶
func DescribePublicIpv4Pool ¶ added in v0.90.0
func DescribePublicIpv4Pool(ctx context.Context, session *session.Session, region string, poolID string) (*ec2.PublicIpv4Pool, error)
DescribePublicIpv4Pool returns the ec2 public IPv4 Pool attributes from the given ID.
func DescribeSecurityGroups ¶ added in v0.9.153
func DescribeSecurityGroups(ctx context.Context, session *session.Session, securityGroupIDs []string, region string) ([]*ec2.SecurityGroup, error)
DescribeSecurityGroups returns the list of ec2 Security Groups that contain the group id and vpc id.
func GetBaseDomain ¶ added in v0.8.0
GetBaseDomain returns a base domain chosen from among the account's public routes.
func GetPublicZone ¶ added in v0.9.2
GetPublicZone returns a public route53 zone that matches the name.
func GetR53ClientCfg ¶ added in v0.9.153
GetR53ClientCfg creates a config for the route53 client by determining whether it is needed to obtain STS assume role credentials.
func GetSession ¶ added in v0.9.2
GetSession returns an AWS session by checking credentials and, if no creds are found, asks for them and stores them on disk in a config file
func GetSessionWithOptions ¶ added in v0.9.2
func GetSessionWithOptions(optFuncs ...SessionOptions) (*session.Session, error)
GetSessionWithOptions returns an AWS session by checking credentials and, if no creds are found, asks for them and stores them on disk in a config file
func IsForbidden ¶ added in v0.8.0
IsForbidden returns true if and only if the input error is an HTTP 403 error from the AWS API.
func IsKnownPublicRegion ¶ added in v0.9.2
func IsKnownPublicRegion(region string, architecture types.Architecture) bool
IsKnownPublicRegion returns true if a specified region is Known to the installer. A known region is the subset of public AWS regions where RHEL CoreOS images are published.
func IsStaticCredentials ¶ added in v0.9.2
func IsStaticCredentials(credsValue credentials.Value) bool
IsStaticCredentials returns whether the credentials value provider are static credentials safe for installer to transfer to cluster for use as-is.
func PermissionsList ¶ added in v0.90.0
func PermissionsList(required []PermissionGroup) ([]string, error)
PermissionsList compiles a list of permissions based on the permission groups provided.
func PresignedS3URL ¶ added in v0.9.2
func PresignedS3URL(session *session.Session, region string, bucket string, object string) (string, error)
PresignedS3URL returns a presigned S3 URL for a bucket/object pair
func ValidateCreds ¶ added in v0.9.2
func ValidateCreds(ssn *session.Session, groups []PermissionGroup, region string) error
ValidateCreds will try to create an AWS session, and also verify that the current credentials are sufficient to perform an installation, and that they can be used for cluster runtime as either capable of creating new credentials for components that interact with the cloud or being able to be passed through as-is to the components that need cloud credentials
func ValidateForProvisioning ¶ added in v0.9.2
func ValidateForProvisioning(client API, ic *types.InstallConfig, metadata *Metadata) error
ValidateForProvisioning validates if the install config is valid for provisioning the cluster.
Types ¶
type API ¶ added in v0.9.2
type API interface { GetHostedZone(hostedZone string, cfg *aws.Config) (*route53.GetHostedZoneOutput, error) ValidateZoneRecords(zone *route53.HostedZone, zoneName string, zonePath *field.Path, ic *types.InstallConfig, cfg *aws.Config) field.ErrorList GetBaseDomain(baseDomainName string) (*route53.HostedZone, error) GetSubDomainDNSRecords(hostedZone *route53.HostedZone, ic *types.InstallConfig, cfg *aws.Config) ([]string, error) }
API represents the calls made to the API.
type Client ¶ added in v0.9.2
type Client struct {
// contains filtered or unexported fields
}
Client makes calls to the AWS Route53 API.
func (*Client) CreateHostedZone ¶ added in v0.90.0
func (c *Client) CreateHostedZone(ctx context.Context, input *HostedZoneInput) (*route53.HostedZone, error)
CreateHostedZone creates a private hosted zone.
func (*Client) CreateOrUpdateRecord ¶ added in v0.90.0
func (c *Client) CreateOrUpdateRecord(ctx context.Context, ic *types.InstallConfig, target string, intTarget string, phzID string, aliasZoneID string) error
CreateOrUpdateRecord Creates or Updates the Route53 Record for the cluster endpoint.
func (*Client) GetBaseDomain ¶ added in v0.9.2
func (c *Client) GetBaseDomain(baseDomainName string) (*route53.HostedZone, error)
GetBaseDomain Gets the Domain Zone with the matching domain name from the session
func (*Client) GetHostedZone ¶ added in v0.9.2
func (c *Client) GetHostedZone(hostedZone string, cfg *aws.Config) (*route53.GetHostedZoneOutput, error)
GetHostedZone attempts to get the hosted zone from the AWS Route53 instance
func (*Client) GetSubDomainDNSRecords ¶ added in v0.9.2
func (c *Client) GetSubDomainDNSRecords(hostedZone *route53.HostedZone, ic *types.InstallConfig, cfg *aws.Config) ([]string, error)
GetSubDomainDNSRecords Validates the hostedZone against the cluster domain, and ensures that the cluster domain does not have a current record set for the hostedZone
func (*Client) ValidateZoneRecords ¶ added in v0.9.2
func (c *Client) ValidateZoneRecords(zone *route53.HostedZone, zoneName string, zonePath *field.Path, ic *types.InstallConfig, cfg *aws.Config) field.ErrorList
ValidateZoneRecords Attempts to validate each of the candidate HostedZones against the Config
type HostedZoneInput ¶ added in v0.90.0
type HostedZoneInput struct { Name string InfraID string VpcID string Region string Role string UserTags map[string]string }
HostedZoneInput defines the input parameters for hosted zone creation.
type InstanceType ¶ added in v0.9.2
InstanceType holds metadata for an instance type.
type Metadata ¶ added in v0.9.2
type Metadata struct { Region string `json:"region,omitempty"` Subnets []string `json:"subnets,omitempty"` Services []typesaws.ServiceEndpoint `json:"services,omitempty"` // contains filtered or unexported fields }
Metadata holds additional metadata for InstallConfig resources that does not need to be user-supplied (e.g. because it can be retrieved from external APIs).
func NewMetadata ¶ added in v0.9.2
func NewMetadata(region string, subnets []string, services []typesaws.ServiceEndpoint) *Metadata
NewMetadata initializes a new Metadata object.
func (*Metadata) AllZones ¶ added in v0.9.153
AllZones return all the zones and it's attributes available on the region.
func (*Metadata) AvailabilityZones ¶ added in v0.9.2
AvailabilityZones retrieves a list of availability zones for the configured region.
func (*Metadata) EdgeSubnets ¶ added in v0.9.2
EdgeSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be edge (i.e. Local Zone).
func (*Metadata) EdgeZones ¶ added in v0.9.153
EdgeZones retrieves a list of Local and Wavelength zones for the configured region.
func (*Metadata) InstanceTypes ¶ added in v0.9.2
InstanceTypes retrieves instance type metadata indexed by InstanceType for the configured region.
func (*Metadata) PrivateSubnets ¶ added in v0.9.2
PrivateSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be private (i.e. not public).
func (*Metadata) PublicSubnets ¶ added in v0.9.2
PublicSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be public (e.g. with suitable routing for hosting public load balancers).
func (*Metadata) Session ¶ added in v0.9.2
Session holds an AWS session which can be used for AWS API calls during asset generation.
func (*Metadata) SetZoneAttributes ¶ added in v0.9.153
SetZoneAttributes retrieves AWS Zone attributes and update required fields in zones.
type PermissionGroup ¶ added in v0.9.2
type PermissionGroup string
PermissionGroup is the group of permissions needed by cluster creation, operation, or teardown.
const ( // PermissionCreateBase is a base set of permissions required in all installs where the installer creates resources. PermissionCreateBase PermissionGroup = "create-base" // PermissionDeleteBase is a base set of permissions required in all installs where the installer deletes resources. PermissionDeleteBase PermissionGroup = "delete-base" // PermissionCreateNetworking is an additional set of permissions required when the installer creates networking resources. PermissionCreateNetworking PermissionGroup = "create-networking" // PermissionDeleteNetworking is a set of permissions required when the installer destroys networking resources. PermissionDeleteNetworking PermissionGroup = "delete-networking" PermissionDeleteSharedNetworking PermissionGroup = "delete-shared-networking" // PermissionCreateInstanceRole is a set of permissions required when the installer creates instance roles. PermissionCreateInstanceRole PermissionGroup = "create-instance-role" // cluster with user-supplied IAM roles for instances. PermissionDeleteSharedInstanceRole PermissionGroup = "delete-shared-instance-role" // PermissionCreateInstanceProfile is a set of permission required when the installer creates instance profiles. PermissionCreateInstanceProfile PermissionGroup = "create-instance-profile" // a cluster with user-supplied IAM instance profiles for instances. PermissionDeleteSharedInstanceProfile PermissionGroup = "delete-shared-instance-profile" // PermissionCreateHostedZone is a set of permissions required when the installer creates a route53 hosted zone. PermissionCreateHostedZone PermissionGroup = "create-hosted-zone" // PermissionDeleteHostedZone is a set of permissions required when the installer destroys a route53 hosted zone. PermissionDeleteHostedZone PermissionGroup = "delete-hosted-zone" // PermissionKMSEncryptionKeys is an additional set of permissions required when the installer uses user provided kms encryption keys. PermissionKMSEncryptionKeys PermissionGroup = "kms-encryption-keys" // PermissionPublicIpv4Pool is an additional set of permissions required when the installer uses public IPv4 pools. PermissionPublicIpv4Pool PermissionGroup = "public-ipv4-pool" // PermissionDeleteIgnitionObjects is a permission set required when `preserveBootstrapIgnition` is not set. PermissionDeleteIgnitionObjects PermissionGroup = "delete-ignition-objects" )
func RequiredPermissionGroups ¶ added in v0.90.0
func RequiredPermissionGroups(ic *types.InstallConfig) []PermissionGroup
RequiredPermissionGroups returns a set of required permissions for a given cluster configuration.
type SessionOptions ¶ added in v0.9.2
SessionOptions is a function that modifies the provided session.Option.
func WithRegion ¶ added in v0.9.2
func WithRegion(region string) SessionOptions
WithRegion configures the session.Option to set the AWS region.
func WithServiceEndpoints ¶ added in v0.9.2
func WithServiceEndpoints(region string, services []typesaws.ServiceEndpoint) SessionOptions
WithServiceEndpoints configures the session.Option to use provides services for AWS endpoints.
type Subnet ¶ added in v0.9.2
type Subnet struct { // ID is the subnet's Identifier. ID string // ARN is the subnet's Amazon Resource Name. ARN string // Zone is the subnet's availability zone. Zone *Zone // CIDR is the subnet's CIDR block. CIDR string // Public is the flag to define the subnet public. Public bool }
Subnet holds metadata for a subnet.
type SubnetGroups ¶ added in v0.9.2
SubnetGroups is the group of subnets used by installer.
type Zone ¶ added in v0.9.153
type Zone struct { // Name is the availability, local or wavelength zone name. Name string // ZoneType is the type of subnet's availability zone. // The valid values are availability-zone and local-zone. Type string // ZoneGroupName is the AWS zone group name. // For Availability Zones, this parameter has the same value as the Region name. // // For Local Zones, the name of the associated group, for example us-west-2-lax-1. GroupName string // ParentZoneName is the name of the zone that handles some of the Local Zone // control plane operations, such as API calls. ParentZoneName string // PreferredInstanceType is the offered instance type on the subnet's zone. // It's used for the edge pools which does not offer the same type across different zone groups. PreferredInstanceType string }
Zone stores the Availability or Local Zone attributes used to set machine attributes, and to feed VPC resources as a source for for terraform variables.