aws

package
v1.4.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2024 License: Apache-2.0 Imports: 38 Imported by: 108

Documentation

Overview

Package aws collects AWS-specific configuration.

Package aws collects AWS-specific configuration.

Index

Constants

This section is empty.

Variables

View Source
var HostedZoneIDPerRegionNLBMap = map[string]string{
	endpoints.AfSouth1RegionID:     "Z203XCE67M25HM",
	endpoints.ApEast1RegionID:      "Z12Y7K3UBGUAD1",
	endpoints.ApNortheast1RegionID: "Z31USIVHYNEOWT",
	endpoints.ApNortheast2RegionID: "ZIBE1TIR4HY56",
	endpoints.ApNortheast3RegionID: "Z1GWIQ4HH19I5X",
	endpoints.ApSouth1RegionID:     "ZVDDRBQ08TROA",
	endpoints.ApSouth2RegionID:     "Z0711778386UTO08407HT",
	endpoints.ApSoutheast1RegionID: "ZKVM4W9LS7TM",
	endpoints.ApSoutheast2RegionID: "ZCT6FZBF4DROD",
	endpoints.ApSoutheast3RegionID: "Z01971771FYVNCOVWJU1G",
	endpoints.ApSoutheast4RegionID: "Z01156963G8MIIL7X90IV",
	endpoints.CaCentral1RegionID:   "Z2EPGBW3API2WT",
	endpoints.CnNorth1RegionID:     "Z3QFB96KMJ7ED6",
	endpoints.CnNorthwest1RegionID: "ZQEIKTCZ8352D",
	endpoints.EuCentral1RegionID:   "Z3F0SRJ5LGBH90",
	endpoints.EuCentral2RegionID:   "Z02239872DOALSIDCX66S",
	endpoints.EuNorth1RegionID:     "Z1UDT6IFJ4EJM",
	endpoints.EuSouth1RegionID:     "Z23146JA1KNAFP",
	endpoints.EuSouth2RegionID:     "Z1011216NVTVYADP1SSV",
	endpoints.EuWest1RegionID:      "Z2IFOLAFXWLO4F",
	endpoints.EuWest2RegionID:      "ZD4D7Y8KGAS4G",
	endpoints.EuWest3RegionID:      "Z1CMS0P5QUZ6D5",
	endpoints.MeCentral1RegionID:   "Z00282643NTTLPANJJG2P",
	endpoints.MeSouth1RegionID:     "Z3QSRYVP46NYYV",
	endpoints.SaEast1RegionID:      "ZTK26PT1VY4CU",
	endpoints.UsEast1RegionID:      "Z26RNL4JYFTOTI",
	endpoints.UsEast2RegionID:      "ZLMOA37VPKANP",
	endpoints.UsGovEast1RegionID:   "Z1ZSMQQ6Q24QQ8",
	endpoints.UsGovWest1RegionID:   "ZMG1MZ2THAWF1",
	endpoints.UsWest1RegionID:      "Z24FKFUX50B4VW",
	endpoints.UsWest2RegionID:      "Z18D5FSROUN65G",
}

HostedZoneIDPerRegionNLBMap maps HostedZoneIDs from known regions.

Functions

func DescribePublicIpv4Pool added in v0.90.0

func DescribePublicIpv4Pool(ctx context.Context, session *session.Session, region string, poolID string) (*ec2.PublicIpv4Pool, error)

DescribePublicIpv4Pool returns the ec2 public IPv4 Pool attributes from the given ID.

func DescribeSecurityGroups added in v0.9.153

func DescribeSecurityGroups(ctx context.Context, session *session.Session, securityGroupIDs []string, region string) ([]*ec2.SecurityGroup, error)

DescribeSecurityGroups returns the list of ec2 Security Groups that contain the group id and vpc id.

func GetBaseDomain added in v0.8.0

func GetBaseDomain() (string, error)

GetBaseDomain returns a base domain chosen from among the account's public routes.

func GetPublicZone added in v0.9.2

func GetPublicZone(sess *session.Session, name string) (*route53.HostedZone, error)

GetPublicZone returns a public route53 zone that matches the name.

func GetR53ClientCfg added in v0.9.153

func GetR53ClientCfg(sess *awss.Session, roleARN string) *aws.Config

GetR53ClientCfg creates a config for the route53 client by determining whether it is needed to obtain STS assume role credentials.

func GetSession added in v0.9.2

func GetSession() (*session.Session, error)

GetSession returns an AWS session by checking credentials and, if no creds are found, asks for them and stores them on disk in a config file

func GetSessionWithOptions added in v0.9.2

func GetSessionWithOptions(optFuncs ...SessionOptions) (*session.Session, error)

GetSessionWithOptions returns an AWS session by checking credentials and, if no creds are found, asks for them and stores them on disk in a config file

func IsForbidden added in v0.8.0

func IsForbidden(err error) bool

IsForbidden returns true if and only if the input error is an HTTP 403 error from the AWS API.

func IsKnownPublicRegion added in v0.9.2

func IsKnownPublicRegion(region string, architecture types.Architecture) bool

IsKnownPublicRegion returns true if a specified region is Known to the installer. A known region is the subset of public AWS regions where RHEL CoreOS images are published.

func IsStaticCredentials added in v0.9.2

func IsStaticCredentials(credsValue credentials.Value) bool

IsStaticCredentials returns whether the credentials value provider are static credentials safe for installer to transfer to cluster for use as-is.

func PermissionsList added in v0.90.0

func PermissionsList(required []PermissionGroup) ([]string, error)

PermissionsList compiles a list of permissions based on the permission groups provided.

func Platform

func Platform() (*aws.Platform, error)

Platform collects AWS-specific configuration.

func PresignedS3URL added in v0.9.2

func PresignedS3URL(session *session.Session, region string, bucket string, object string) (string, error)

PresignedS3URL returns a presigned S3 URL for a bucket/object pair

func Validate added in v0.9.2

func Validate(ctx context.Context, meta *Metadata, config *types.InstallConfig) error

Validate executes platform-specific validation.

func ValidateCreds added in v0.9.2

func ValidateCreds(ssn *session.Session, groups []PermissionGroup, region string) error

ValidateCreds will try to create an AWS session, and also verify that the current credentials are sufficient to perform an installation, and that they can be used for cluster runtime as either capable of creating new credentials for components that interact with the cloud or being able to be passed through as-is to the components that need cloud credentials

func ValidateForProvisioning added in v0.9.2

func ValidateForProvisioning(client API, ic *types.InstallConfig, metadata *Metadata) error

ValidateForProvisioning validates if the install config is valid for provisioning the cluster.

Types

type API added in v0.9.2

type API interface {
	GetHostedZone(hostedZone string, cfg *aws.Config) (*route53.GetHostedZoneOutput, error)
	ValidateZoneRecords(zone *route53.HostedZone, zoneName string, zonePath *field.Path, ic *types.InstallConfig, cfg *aws.Config) field.ErrorList
	GetBaseDomain(baseDomainName string) (*route53.HostedZone, error)
	GetSubDomainDNSRecords(hostedZone *route53.HostedZone, ic *types.InstallConfig, cfg *aws.Config) ([]string, error)
}

API represents the calls made to the API.

type Client added in v0.9.2

type Client struct {
	// contains filtered or unexported fields
}

Client makes calls to the AWS Route53 API.

func NewClient added in v0.9.2

func NewClient(ssn *awss.Session) *Client

NewClient initializes a client with a session.

func (*Client) CreateHostedZone added in v0.90.0

func (c *Client) CreateHostedZone(ctx context.Context, input *HostedZoneInput) (*route53.HostedZone, error)

CreateHostedZone creates a private hosted zone.

func (*Client) CreateOrUpdateRecord added in v0.90.0

func (c *Client) CreateOrUpdateRecord(ctx context.Context, ic *types.InstallConfig, target string, intTarget string, phzID string, aliasZoneID string) error

CreateOrUpdateRecord Creates or Updates the Route53 Record for the cluster endpoint.

func (*Client) GetBaseDomain added in v0.9.2

func (c *Client) GetBaseDomain(baseDomainName string) (*route53.HostedZone, error)

GetBaseDomain Gets the Domain Zone with the matching domain name from the session

func (*Client) GetHostedZone added in v0.9.2

func (c *Client) GetHostedZone(hostedZone string, cfg *aws.Config) (*route53.GetHostedZoneOutput, error)

GetHostedZone attempts to get the hosted zone from the AWS Route53 instance

func (*Client) GetSubDomainDNSRecords added in v0.9.2

func (c *Client) GetSubDomainDNSRecords(hostedZone *route53.HostedZone, ic *types.InstallConfig, cfg *aws.Config) ([]string, error)

GetSubDomainDNSRecords Validates the hostedZone against the cluster domain, and ensures that the cluster domain does not have a current record set for the hostedZone

func (*Client) ValidateZoneRecords added in v0.9.2

func (c *Client) ValidateZoneRecords(zone *route53.HostedZone, zoneName string, zonePath *field.Path, ic *types.InstallConfig, cfg *aws.Config) field.ErrorList

ValidateZoneRecords Attempts to validate each of the candidate HostedZones against the Config

type HostedZoneInput added in v0.90.0

type HostedZoneInput struct {
	Name     string
	InfraID  string
	VpcID    string
	Region   string
	Role     string
	UserTags map[string]string
}

HostedZoneInput defines the input parameters for hosted zone creation.

type InstanceType added in v0.9.2

type InstanceType struct {
	DefaultVCpus int64
	MemInMiB     int64
	Arches       []string
}

InstanceType holds metadata for an instance type.

type Metadata added in v0.9.2

type Metadata struct {
	Region   string                     `json:"region,omitempty"`
	Subnets  []string                   `json:"subnets,omitempty"`
	Services []typesaws.ServiceEndpoint `json:"services,omitempty"`
	// contains filtered or unexported fields
}

Metadata holds additional metadata for InstallConfig resources that does not need to be user-supplied (e.g. because it can be retrieved from external APIs).

func NewMetadata added in v0.9.2

func NewMetadata(region string, subnets []string, services []typesaws.ServiceEndpoint) *Metadata

NewMetadata initializes a new Metadata object.

func (*Metadata) AllZones added in v0.9.153

func (m *Metadata) AllZones(ctx context.Context) (Zones, error)

AllZones return all the zones and it's attributes available on the region.

func (*Metadata) AvailabilityZones added in v0.9.2

func (m *Metadata) AvailabilityZones(ctx context.Context) ([]string, error)

AvailabilityZones retrieves a list of availability zones for the configured region.

func (*Metadata) EdgeSubnets added in v0.9.2

func (m *Metadata) EdgeSubnets(ctx context.Context) (Subnets, error)

EdgeSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be edge (i.e. Local Zone).

func (*Metadata) EdgeZones added in v0.9.153

func (m *Metadata) EdgeZones(ctx context.Context) ([]string, error)

EdgeZones retrieves a list of Local and Wavelength zones for the configured region.

func (*Metadata) InstanceTypes added in v0.9.2

func (m *Metadata) InstanceTypes(ctx context.Context) (map[string]InstanceType, error)

InstanceTypes retrieves instance type metadata indexed by InstanceType for the configured region.

func (*Metadata) PrivateSubnets added in v0.9.2

func (m *Metadata) PrivateSubnets(ctx context.Context) (Subnets, error)

PrivateSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be private (i.e. not public).

func (*Metadata) PublicSubnets added in v0.9.2

func (m *Metadata) PublicSubnets(ctx context.Context) (Subnets, error)

PublicSubnets retrieves subnet metadata indexed by subnet ID, for subnets that the cloud-provider logic considers to be public (e.g. with suitable routing for hosting public load balancers).

func (*Metadata) Session added in v0.9.2

func (m *Metadata) Session(ctx context.Context) (*session.Session, error)

Session holds an AWS session which can be used for AWS API calls during asset generation.

func (*Metadata) SetZoneAttributes added in v0.9.153

func (m *Metadata) SetZoneAttributes(ctx context.Context, zoneNames []string, zones Zones) error

SetZoneAttributes retrieves AWS Zone attributes and update required fields in zones.

func (*Metadata) VPC added in v0.9.2

func (m *Metadata) VPC(ctx context.Context) (string, error)

VPC retrieves the VPC ID containing PublicSubnets and PrivateSubnets.

type PermissionGroup added in v0.9.2

type PermissionGroup string

PermissionGroup is the group of permissions needed by cluster creation, operation, or teardown.

const (
	// PermissionCreateBase is a base set of permissions required in all installs where the installer creates resources.
	PermissionCreateBase PermissionGroup = "create-base"

	// PermissionDeleteBase is a base set of permissions required in all installs where the installer deletes resources.
	PermissionDeleteBase PermissionGroup = "delete-base"

	// PermissionCreateNetworking is an additional set of permissions required when the installer creates networking resources.
	PermissionCreateNetworking PermissionGroup = "create-networking"

	// PermissionDeleteNetworking is a set of permissions required when the installer destroys networking resources.
	PermissionDeleteNetworking PermissionGroup = "delete-networking"

	// PermissionDeleteSharedNetworking is a set of permissions required when the installer destroys resources from a shared-network cluster.
	PermissionDeleteSharedNetworking PermissionGroup = "delete-shared-networking"

	// PermissionCreateInstanceRole is a set of permissions required when the installer creates instance roles.
	PermissionCreateInstanceRole PermissionGroup = "create-instance-role"

	// PermissionDeleteSharedInstanceRole is a set of permissions required when the installer destroys resources from a
	// cluster with user-supplied IAM roles for instances.
	PermissionDeleteSharedInstanceRole PermissionGroup = "delete-shared-instance-role"

	// PermissionCreateInstanceProfile is a set of permission required when the installer creates instance profiles.
	PermissionCreateInstanceProfile PermissionGroup = "create-instance-profile"

	// PermissionDeleteSharedInstanceProfile is a set of permissions required when the installer destroys resources from
	// a cluster with user-supplied IAM instance profiles for instances.
	PermissionDeleteSharedInstanceProfile PermissionGroup = "delete-shared-instance-profile"

	// PermissionCreateHostedZone is a set of permissions required when the installer creates a route53 hosted zone.
	PermissionCreateHostedZone PermissionGroup = "create-hosted-zone"

	// PermissionDeleteHostedZone is a set of permissions required when the installer destroys a route53 hosted zone.
	PermissionDeleteHostedZone PermissionGroup = "delete-hosted-zone"

	// PermissionKMSEncryptionKeys is an additional set of permissions required when the installer uses user provided kms encryption keys.
	PermissionKMSEncryptionKeys PermissionGroup = "kms-encryption-keys"

	// PermissionPublicIpv4Pool is an additional set of permissions required when the installer uses public IPv4 pools.
	PermissionPublicIpv4Pool PermissionGroup = "public-ipv4-pool"

	// PermissionDeleteIgnitionObjects is a permission set required when `preserveBootstrapIgnition` is not set.
	PermissionDeleteIgnitionObjects PermissionGroup = "delete-ignition-objects"
)

func RequiredPermissionGroups added in v0.90.0

func RequiredPermissionGroups(ic *types.InstallConfig) []PermissionGroup

RequiredPermissionGroups returns a set of required permissions for a given cluster configuration.

type SessionOptions added in v0.9.2

type SessionOptions func(sess *session.Options)

SessionOptions is a function that modifies the provided session.Option.

func WithRegion added in v0.9.2

func WithRegion(region string) SessionOptions

WithRegion configures the session.Option to set the AWS region.

func WithServiceEndpoints added in v0.9.2

func WithServiceEndpoints(region string, services []typesaws.ServiceEndpoint) SessionOptions

WithServiceEndpoints configures the session.Option to use provides services for AWS endpoints.

type Subnet added in v0.9.2

type Subnet struct {
	// ID is the subnet's Identifier.
	ID string

	// ARN is the subnet's Amazon Resource Name.
	ARN string

	// Zone is the subnet's availability zone.
	Zone *Zone

	// CIDR is the subnet's CIDR block.
	CIDR string

	// Public is the flag to define the subnet public.
	Public bool
}

Subnet holds metadata for a subnet.

type SubnetGroups added in v0.9.2

type SubnetGroups struct {
	Public  Subnets
	Private Subnets
	Edge    Subnets
	VPC     string
}

SubnetGroups is the group of subnets used by installer.

type Subnets added in v0.9.2

type Subnets map[string]Subnet

Subnets is the map for the Subnet metadata indexed by zone.

type Zone added in v0.9.153

type Zone struct {

	// Name is the availability, local or wavelength zone name.
	Name string

	// ZoneType is the type of subnet's availability zone.
	// The valid values are availability-zone and local-zone.
	Type string

	// ZoneGroupName is the AWS zone group name.
	// For Availability Zones, this parameter has the same value as the Region name.
	//
	// For Local Zones, the name of the associated group, for example us-west-2-lax-1.
	GroupName string

	// ParentZoneName is the name of the zone that handles some of the Local Zone
	// control plane operations, such as API calls.
	ParentZoneName string

	// PreferredInstanceType is the offered instance type on the subnet's zone.
	// It's used for the edge pools which does not offer the same type across different zone groups.
	PreferredInstanceType string
}

Zone stores the Availability or Local Zone attributes used to set machine attributes, and to feed VPC resources as a source for for terraform variables.

type Zones added in v0.9.153

type Zones map[string]*Zone

Zones stores the map of Zone attributes indexed by Zone Name.

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL