Documentation
¶
Index ¶
- Constants
- func CreateAWSClient(clusterID string) (aws.Client, error)
- func CreateAWSV2Config(ctx context.Context, clusterID string) (awsv2.Config, error)
- func GenerateAWSClientForCluster(awsProfile string, clusterID string) (aws.Client, error)
- func GenerateCCSClusterAWSClient(ocmClient *sdk.Connection, awsClient aws.Client, clusterID string, ...) (aws.Client, error)
- func GenerateJumpRoleCredentials(client aws.Client, awsAccountID, region, sessionName string) (*sts.Credentials, error)
- func GenerateNonCCSClusterAWSClient(ocmClient *sdk.Connection, awsClient aws.Client, clusterID string, ...) (aws.Client, error)
- func GenerateOrganizationAccountAccessCredentials(client aws.Client, accountId, sessionName, partition string) (*sts.Credentials, error)
- func GenerateRoleSessionName(client aws.Client) (string, error)
- func GenerateSupportRoleCredentials(client aws.Client, awsAccountID, region, sessionName, targetRole string) (*sts.Credentials, error)
- func GetAWSClientInputFromBackplane(clusterID string) (*aws.AwsClientInput, error)
Constants ¶
const ( RhSreCcsAccessRolename = "RH-SRE-CCS-Access" RhTechnicalSupportAccess = "RH-Technical-Support-Access" OrganizationAccountAccessRole = "OrganizationAccountAccessRole" ProdJumproleConfigKey = "prod_jumprole_account_id" StageJumproleConfigKey = "stage_jumprole_account_id" )
Variables ¶
This section is empty.
Functions ¶
func CreateAWSClient ¶
Creates an AWS client based on a clusterid Requires previous log on to the correct api server via ocm login and tunneling to the backplane
func CreateAWSV2Config ¶ added in v0.13.5
CreateAWSV2Config creates an aws-sdk-go-v2 config via Backplane given a cluster id
func GenerateAWSClientForCluster ¶
GenerateAWSClientForCluster generates an AWS client given an OCM cluster id and AWS profile name. If an AWS profile name is not specified, this function will also read the AWS_PROFILE environment variable or use the default AWS profile.
func GenerateJumpRoleCredentials ¶
func GenerateJumpRoleCredentials(client aws.Client, awsAccountID, region, sessionName string) (*sts.Credentials, error)
Preforms the Assume Role chain from IAM User to the Jump role This sequence stays within the Red Hat account boundary, so a failure here indicates an internal misconfiguration
func GenerateOrganizationAccountAccessCredentials ¶
func GenerateOrganizationAccountAccessCredentials(client aws.Client, accountId, sessionName, partition string) (*sts.Credentials, error)
Uses the provided IAM Client to try and assume OrganizationAccountAccessRole for the given AWS Account This only works when the provided client is a user from the root account of an organization and the AWS account provided is a linked accounts within that organization
func GenerateRoleSessionName ¶
Uses the current IAM ARN to generate a role name. This should end up being RH-SRE-$kerberosID
func GenerateSupportRoleCredentials ¶
func GenerateSupportRoleCredentials(client aws.Client, awsAccountID, region, sessionName, targetRole string) (*sts.Credentials, error)
Uses the provided IAM Client to perform the Assume Role chain needed to get to a cluster's Support Role
func GetAWSClientInputFromBackplane ¶ added in v0.13.5
func GetAWSClientInputFromBackplane(clusterID string) (*aws.AwsClientInput, error)
GetAWSClientInputFromBackplane sets up AWS credentials via backplane-api given a cluster id
Types ¶
This section is empty.
Source Files