aws

package
v1.2.40-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 30, 2024 License: Apache-2.0 Imports: 58 Imported by: 4

Documentation

Overview

Package aws is a generated GoMock package.

Index

Constants

View Source
const (
	AdminUserName        = "osdCcsAdmin"
	OsdCcsAdminStackName = "osdCcsAdminIAMUser"

	// Since CloudFormation stacks are region-dependent, we hard-code OCM's default region and
	// then use it to ensure that the user always gets the stack from the same region.
	DefaultRegion = "us-east-1"
	Inline        = "inline"
	Attached      = "attached"

	LocalZone      = "local-zone"
	WavelengthZone = "wavelength-zone"

	IAMServiceRegion = "us-east-1"
)

Name of the AWS user that will be used to create all the resources of the cluster:

View Source
const (
	OIDCClientIDOpenShift = "openshift"
	OIDCClientIDSTSAWS    = "sts.amazonaws.com"
)
View Source
const (
	InstallerAccountRole = "installer"

	InstallerAccountRoleType = "Installer"
	ControlPlaneAccountRole  = "instance_controlplane"

	ControlPlaneAccountRoleType = "Control plane"
	WorkerAccountRole           = "instance_worker"

	WorkerAccountRoleType = "Worker"

	SupportAccountRole = "support"

	SupportAccountRoleType = "Support"

	HCPInstallerRole = "installer"
	HCPWorkerRole    = "instance_worker"
	HCPSupportRole   = "support"

	OCMRole     = "OCM"
	OCMUserRole = "User"

	// AWS preferred suffix for ROSA related account roles - HCP only
	HCPSuffixPattern = "HCP-ROSA"

	IngressOperatorCloudCredentialsRoleType = "ingress_operator_cloud_credentials"

	TrueString = "true"
)
View Source
const (
	InstallerCoreKey        = "sts_installer_core_permission_policy"
	InstallerVPCKey         = "sts_installer_vpc_permission_policy"
	InstallerPrivateLinkKey = "sts_installer_privatelink_permission_policy"
)
View Source
const IAMServiceCode = "iam"
View Source
const ReadOnlyAnonUserPolicyTemplate = `` /* 220-byte string literal not displayed */
View Source
const (
	SecretsManager = "secretsmanager"
)

Variables

View Source
var ARNPath = regexp.MustCompile(`^\/[a-zA-Z0-9\/]*\/$`)
View Source
var AccountRoles = map[string]AccountRole{
	InstallerAccountRole:    {Name: "Installer", Flag: "role-arn"},
	ControlPlaneAccountRole: {Name: "ControlPlane", Flag: "controlplane-iam-role"},
	WorkerAccountRole:       {Name: "Worker", Flag: "worker-iam-role"},
	SupportAccountRole:      {Name: "Support", Flag: "support-role-arn"},
}
View Source
var DefaultPrefix = "ManagedOpenShift"
View Source
var HCPAccountRoles = map[string]AccountRole{
	HCPInstallerRole: {Name: fmt.Sprintf("%s-Installer", HCPSuffixPattern), Flag: "role-arn"},
	HCPSupportRole:   {Name: fmt.Sprintf("%s-Support", HCPSuffixPattern), Flag: "support-role-arn"},
	HCPWorkerRole:    {Name: fmt.Sprintf("%s-Worker", HCPSuffixPattern), Flag: "worker-iam-role"},
}
View Source
var JumpAccounts = map[string]string{
	"production":  "710019948333",
	"staging":     "644306948063",
	"integration": "896164604406",
	"local":       "765374464689",
	"local-proxy": "765374464689",
	"crc":         "765374464689",
}

JumpAccounts are the various of AWS accounts used for the installer jump role in the various OCM environments

View Source
var OCMAdminRolePolicyFile = "ocm_admin"
View Source
var OCMRolePolicyFile = "ocm"
View Source
var OCMUserRolePolicyFile = "ocm_user"
View Source
var PolicyArnRE = regexp.MustCompile(
	`^arn:aws[\w-]*:iam::(\d{12}|aws):policy(?:\/+[\w+=,.@-]+)+$`,
)
View Source
var RoleArnRE = regexp.MustCompile(
	`^arn:aws[\w-]*:iam::\d{12}:role(?:\/+[\w+=,.@-]+)+$`,
)

AWS accepted arn format: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html

View Source
var RoleNameRE = regexp.MustCompile(`^[\w+=,.@-]+$`)

AWS accepted role name: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-role.html

View Source
var UserNoProxyRE = regexp.MustCompile(
	`^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$|^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$|^(.?[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]$|^""$`,
)

the following regex defines five different patterns: first pattern is to validate IPv4 address second,is for IPv4 CIDR range validation third pattern is to validate domains and the fifth petterrn is to be able to remove the existing no-proxy value by typing empty string (""). nolint

View Source
var UserTagKeyRE = regexp.MustCompile(`^[\pL\pZ\pN_.:/=+\-@]{1,128}$`)

UserTagKeyRE , UserTagValueRE - https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html#tag-conventions

View Source
var UserTagValueRE = regexp.MustCompile(`^[\pL\pZ\pN_.:/=+\-@]{0,256}$`)

Functions

func ARNPathValidator added in v1.2.7

func ARNPathValidator(input interface{}) error

func ARNValidator added in v1.1.1

func ARNValidator(input interface{}) error

func BuildOperatorRoleCommands added in v1.1.12

func BuildOperatorRoleCommands(prefix string, partition string, accountID string, awsClient Client,
	defaultPolicyVersion string, credRequests map[string]*cmv1.STSOperator, policyPath string,
	cluster *cmv1.Cluster) []string

func BuildOperatorRolePolicies added in v1.2.0

func BuildOperatorRolePolicies(prefix string, accountID string, partition string, awsClient Client, commands []string,
	defaultPolicyVersion string, credRequests map[string]*cmv1.STSOperator, path string) []string

func ComputeOperatorRoleArn added in v1.2.16

func ComputeOperatorRoleArn(prefix string, operator *cmv1.STSOperator, creator *Creator, path string) string

func Ec2ResourceHasTag added in v1.2.37

func Ec2ResourceHasTag(tags []ec2types.Tag, tagName, tagValue string) bool

func FindOperatorRoleBySTSOperator added in v1.2.9

func FindOperatorRoleBySTSOperator(operatorRoles []*cmv1.OperatorIAMRole, operator *cmv1.STSOperator) string

func FindOperatorRoleNameBySTSOperator added in v1.2.12

func FindOperatorRoleNameBySTSOperator(cluster *cmv1.Cluster, operator *cmv1.STSOperator) (string, bool)

func GenerateAccountRolePolicyFiles added in v1.2.32

func GenerateAccountRolePolicyFiles(reporter *rprtr.Object, env string, policies map[string]*cmv1.AWSSTSPolicy,
	skipPermissionFiles bool, accountRoles map[string]AccountRole, partition string) error

func GenerateAddonPolicyDoc added in v1.2.4

func GenerateAddonPolicyDoc(partition string, cluster *cmv1.Cluster, accountID string, cr *cmv1.CredentialRequest,
	policyDetails string) (string, error)

func GenerateOperatorRolePolicyDoc added in v1.2.4

func GenerateOperatorRolePolicyDoc(partition string, cluster *cmv1.Cluster,
	accountID string, operator *cmv1.STSOperator, policyDetails string) (string, error)

func GenerateOperatorRolePolicyDocByOidcEndpointUrl added in v1.2.16

func GenerateOperatorRolePolicyDocByOidcEndpointUrl(partition string, oidcEndpointURL string,
	accountID string, operator *cmv1.STSOperator,
	policyDetails string) (string, error)

func GenerateOperatorRolePolicyFiles added in v1.2.32

func GenerateOperatorRolePolicyFiles(reporter *rprtr.Object, policies map[string]*cmv1.AWSSTSPolicy,
	credRequests map[string]*cmv1.STSOperator, sharedVpcRoleArn string, partition string) error

func GenerateRolePolicyDoc added in v1.1.12

func GenerateRolePolicyDoc(partition, oidcEndpointUrl,
	accountID, serviceAccounts, policyDetails string) (string, error)

func GetAccountRoleName added in v1.1.6

func GetAccountRoleName(cluster *cmv1.Cluster, accountRole string) (string, error)

func GetAccountRolePolicyKeys added in v1.2.15

func GetAccountRolePolicyKeys(roleType string) []string

GetAccountRolePolicyKeys returns the policy key for fetching the managed policy ARN

func GetAccountRolesArnsMap added in v1.2.9

func GetAccountRolesArnsMap(cluster *cmv1.Cluster) map[string]string

func GetAdminPolicyARN added in v1.2.9

func GetAdminPolicyARN(partition string, accountID string, name string, path string) string

func GetAdminPolicyName added in v1.2.9

func GetAdminPolicyName(name string) string

func GetFormattedFileName added in v1.2.0

func GetFormattedFileName(filename string) string

func GetInstallerAccountRoleName added in v1.2.9

func GetInstallerAccountRoleName(cluster *cmv1.Cluster) (string, error)

func GetJumpAccount added in v1.2.5

func GetJumpAccount(env string) string

func GetManagedPolicyARN added in v1.2.11

func GetManagedPolicyARN(policies map[string]*cmv1.AWSSTSPolicy, key string) (string, error)

func GetOCMRoleName added in v1.1.7

func GetOCMRoleName(prefix string, role string, postfix string) string

func GetOIDCProviderARN added in v1.2.5

func GetOIDCProviderARN(partition string, accountID string, providerURL string) string

func GetOperatorPolicyARN added in v1.1.6

func GetOperatorPolicyARN(partition string, accountID string,
	prefix string, namespace string, name string, path string) string

func GetOperatorPolicyKey added in v1.2.16

func GetOperatorPolicyKey(roleType string, hostedCP bool, sharedVpc bool) string

func GetOperatorPolicyName added in v1.2.9

func GetOperatorPolicyName(prefix string, namespace string, name string) string

func GetOperatorRolePolicyPrefixFromCluster added in v1.2.9

func GetOperatorRolePolicyPrefixFromCluster(cluster *cmv1.Cluster, awsClient Client) (string, error)

func GetPathFromARN added in v1.2.7

func GetPathFromARN(arnStr string) (string, error)

func GetPathFromAccountRole added in v1.2.9

func GetPathFromAccountRole(cluster *cmv1.Cluster, roleNameSuffix string) (string, error)

func GetPolicyARN added in v1.1.6

func GetPolicyARN(partition string, accountID string, name string, path string) string

func GetPolicyDetails added in v1.2.11

func GetPolicyDetails(policies map[string]*cmv1.AWSSTSPolicy, key string) string

GetPolicyDetails retrieves from the map the policy details for unmanaged and managed policies.

func GetPolicyName added in v1.1.6

func GetPolicyName(name string) string

func GetPrefixFromAccountRole added in v1.1.6

func GetPrefixFromAccountRole(cluster *cmv1.Cluster, roleNameSuffix string) (string, error)

func GetPrefixFromInstallerAccountRole added in v1.2.9

func GetPrefixFromInstallerAccountRole(cluster *cmv1.Cluster) (string, error)

func GetPrefixFromOperatorRole added in v1.2.3

func GetPrefixFromOperatorRole(cluster *cmv1.Cluster) string

func GetRegion

func GetRegion(region string) (string, error)

GetRegion will return a region selected by the user or given as a default to the AWS client. If the region given is empty, it will first attempt to use the default, and, failing that, will prompt for user input.

func GetResourceIdFromARN added in v1.2.7

func GetResourceIdFromARN(stringARN string) (string, error)

GetResourceIdFromARN function takes a full AWS ARN, parses it and extracts the last part of the resource field e.g. arn:partition:service:region:account-id:resource-type/<some-path>/resource-id an assumption is made that there is always a resource-type if resource-id is empty then error is returned

func GetResourceIdFromOidcProviderARN added in v1.2.23

func GetResourceIdFromOidcProviderARN(stringARN string) (string, error)

func GetResourceIdFromSecretArn added in v1.2.14

func GetResourceIdFromSecretArn(secretArn string) (string, error)

func GetRoleARN added in v1.1.6

func GetRoleARN(accountID string, name string, path string, partition string) string

func GetServiceQuota

func GetServiceQuota(serviceQuotas []servicequotastypes.ServiceQuota,
	quotaCode string) (servicequotastypes.ServiceQuota, error)

GetServiceQuota extract service quota for the list of service quotas

func GetTagValues added in v1.1.3

func GetTagValues(tagsValue []iamtypes.Tag) (roleType string, version string)

func GetTagsDelimiter added in v1.2.24

func GetTagsDelimiter(tags []string) string

func GetUserRoleName added in v1.1.6

func GetUserRoleName(prefix string, role string, userName string) string

func HasDuplicates added in v1.2.3

func HasDuplicates(valSlice []string) (string, bool)

func InterpolatePolicyDocument added in v1.2.3

func InterpolatePolicyDocument(partition string, doc string, replacements map[string]string) string

func IsHostedCP added in v1.2.23

func IsHostedCP(cluster *cmv1.Cluster) bool

func IsHostedCPManagedPolicies added in v1.2.16

func IsHostedCPManagedPolicies(cluster *cmv1.Cluster) bool

func IsOCMRole added in v1.1.10

func IsOCMRole(roleName *string) bool

func IsStandardNamedAccountRole added in v1.2.16

func IsStandardNamedAccountRole(accountRoleName, roleSuffix string) (bool, string)

func ListServiceQuotas

func ListServiceQuotas(client *awsClient, serviceCode string) ([]servicequotastypes.ServiceQuota, error)

ListServiceQuotas list available quotas for service

func MockOidcConfig added in v1.2.36

func MockOidcConfig(id string, issuerUrl string) (*cmv1.OidcConfig, error)

func ParseOption added in v1.2.28

func ParseOption(option string) string

Parse option expects the actual option as the first token followed by a space

func SecretManagerArnValidator added in v1.2.26

func SecretManagerArnValidator(input interface{}) error

func SetSecurityGroupOption added in v1.2.28

func SetSecurityGroupOption(securityGroup ec2types.SecurityGroup) string

SetSecurityGroupOption Creates a security group option using a predefined template.

func SetSubnetOption added in v1.2.4

func SetSubnetOption(subnet ec2types.Subnet) string

SetSubnetOption Creates a subnet option using a predefined template.

func SortRolesByLinkedRole added in v1.1.12

func SortRolesByLinkedRole(roles []Role)

func TrimRoleSuffix added in v1.2.3

func TrimRoleSuffix(orig, sufix string) string

Role names can be truncated if they are over 64 chars, so we need to make sure we aren't missing a truncated suffix

func UpgradeOperatorPolicies added in v1.1.12

func UpgradeOperatorPolicies(reporter *rprtr.Object, awsClient Client, partition string, accountID string,
	prefix string, policies map[string]string, defaultPolicyVersion string,
	credRequests map[string]*cmv1.STSOperator, path string) error

func UpgradeOperatorRolePolicies added in v1.2.9

func UpgradeOperatorRolePolicies(
	reporter *rprtr.Object,
	awsClient Client,
	partition string,
	accountID string,
	prefix string,
	policies map[string]*cmv1.AWSSTSPolicy,
	defaultPolicyVersion string,
	credRequests map[string]*cmv1.STSOperator,
	path string,
	cluster *cmv1.Cluster,
) error

func UserNoProxyDuplicateValidator added in v1.2.3

func UserNoProxyDuplicateValidator(input interface{}) error

func UserNoProxyValidator added in v1.2.3

func UserNoProxyValidator(input interface{}) error

func UserTagDuplicateValidator added in v1.1.2

func UserTagDuplicateValidator(input interface{}) error

func UserTagValidator added in v1.1.2

func UserTagValidator(input interface{}) error

Types

type AccessKey

type AccessKey struct {
	AccessKeyID     string
	SecretAccessKey string
}

type AccessKeyGetter added in v1.2.36

type AccessKeyGetter interface {
	GetAWSAccessKeys() (*AccessKey, error)
	GetLocalAWSAccessKeys() (*AccessKey, error)
}

type AccountRole added in v1.1.0

type AccountRole struct {
	Name string
	Flag string
}

type Client

type Client interface {
	CheckAdminUserNotExisting(userName string) (err error)
	CheckAdminUserExists(userName string) (err error)
	CheckStackReadyOrNotExisting(stackName string) (stackReady bool, stackStatus *string, err error)
	CheckRoleExists(roleName string) (bool, string, error)
	ValidateRoleARNAccountIDMatchCallerAccountID(roleARN string) error
	GetIAMCredentials() (aws.Credentials, error)
	GetRegion() string
	ValidateCredentials() (isValid bool, err error)
	EnsureOsdCcsAdminUser(stackName string, adminUserName string, awsRegion string) (bool, error)
	DeleteOsdCcsAdminUser(stackName string) error
	AccessKeyGetter
	GetCreator() (*Creator, error)
	ValidateSCP(*string, map[string]*cmv1.AWSSTSPolicy) (bool, error)
	ListSubnets(subnetIds ...string) ([]ec2types.Subnet, error)
	GetSubnetAvailabilityZone(subnetID string) (string, error)
	GetAvailabilityZoneType(availabilityZoneName string) (string, error)
	GetVPCSubnets(subnetID string) ([]ec2types.Subnet, error)
	GetVPCPrivateSubnets(subnetID string) ([]ec2types.Subnet, error)
	FilterVPCsPrivateSubnets(subnets []ec2types.Subnet) ([]ec2types.Subnet, error)
	ValidateQuota() (bool, error)
	TagUserRegion(username string, region string) error
	GetClusterRegionTagForUser(username string) (string, error)
	EnsureRole(name string, policy string, permissionsBoundary string,
		version string, tagList map[string]string, path string, managedPolicies bool) (string, error)
	ValidateRoleNameAvailable(name string) (err error)
	PutRolePolicy(roleName string, policyName string, policy string) error
	ForceEnsurePolicy(policyArn string, document string, version string, tagList map[string]string,
		path string) (string, error)
	EnsurePolicy(policyArn string, document string, version string, tagList map[string]string,
		path string) (string, error)
	AttachRolePolicy(roleName string, policyARN string) error
	CreateOpenIDConnectProvider(issuerURL string, thumbprint string, clusterID string) (string, error)
	DeleteOpenIDConnectProvider(providerURL string) error
	HasOpenIDConnectProvider(issuerURL string, partition string, accountID string) (bool, error)
	FindRoleARNs(roleType string, version string) ([]string, error)
	FindRoleARNsClassic(roleType string, version string) ([]string, error)
	FindRoleARNsHostedCp(roleType string, version string) ([]string, error)
	FindPolicyARN(operator Operator, version string) (string, error)
	ListUserRoles() ([]Role, error)
	ListOCMRoles() ([]Role, error)
	ListAccountRoles(version string) ([]Role, error)
	ListOperatorRoles(version string, clusterID string) (map[string][]OperatorRoleDetail, error)
	ListAttachedRolePolicies(roleName string) ([]string, error)
	ListOidcProviders(targetClusterId string, config *cmv1.OidcConfig) ([]OidcProviderOutput, error)
	GetRoleByARN(roleARN string) (iamtypes.Role, error)
	GetRoleByName(roleName string) (iamtypes.Role, error)
	DeleteOperatorRole(roles string, managedPolicies bool) error
	GetOperatorRolesFromAccountByClusterID(
		clusterID string,
		credRequests map[string]*cmv1.STSOperator,
	) ([]string, error)
	GetOperatorRolesFromAccountByPrefix(prefix string, credRequest map[string]*cmv1.STSOperator) ([]string, error)
	GetOperatorRolePolicies(roles []string) (map[string][]string, map[string][]string, error)
	GetAccountRolesForCurrentEnv(env string, accountID string) ([]Role, error)
	GetAccountRoleForCurrentEnv(env string, roleName string) (Role, error)
	GetAccountRoleForCurrentEnvWithPrefix(env string, rolePrefix string,
		accountRolesMap map[string]AccountRole) ([]Role, error)
	DeleteAccountRole(roleName string, prefix string, managedPolicies bool) error
	DeleteOCMRole(roleARN string, managedPolicies bool) error
	DeleteUserRole(roleName string) error
	GetAccountRolePolicies(roles []string, prefix string) (map[string][]PolicyDetail, map[string][]PolicyDetail, error)
	GetAttachedPolicy(role *string) ([]PolicyDetail, error)
	HasPermissionsBoundary(roleName string) (bool, error)
	GetOpenIDConnectProviderByClusterIdTag(clusterID string) (string, error)
	GetOpenIDConnectProviderByOidcEndpointUrl(oidcEndpointUrl string) (string, error)
	GetInstanceProfilesForRole(role string) ([]string, error)
	IsUpgradedNeededForAccountRolePolicies(rolePrefix string, version string) (bool, error)
	IsUpgradedNeededForAccountRolePoliciesUsingCluster(clusterID *cmv1.Cluster, version string) (bool, error)
	IsUpgradedNeededForOperatorRolePoliciesUsingCluster(
		cluster *cmv1.Cluster,
		partition string,
		accountID string,
		version string,
		credRequests map[string]*cmv1.STSOperator,
		operatorRolePolicyPrefix string,
	) (bool, error)
	IsUpgradedNeededForOperatorRolePoliciesUsingPrefix(
		rolePrefix string,
		partition string,
		accountID string,
		version string,
		credRequests map[string]*cmv1.STSOperator,
		path string,
	) (bool, error)
	UpdateTag(roleName string, defaultPolicyVersion string) error
	AddRoleTag(roleName string, key string, value string) error
	IsPolicyCompatible(policyArn string, version string) (bool, error)
	GetAccountRoleVersion(roleName string) (string, error)
	IsPolicyExists(policyARN string) (*iam.GetPolicyOutput, error)
	IsRolePolicyExists(roleName string, policyName string) (*iam.GetRolePolicyOutput, error)
	IsAdminRole(roleName string) (bool, error)
	DeleteInlineRolePolicies(roleName string) error
	IsUserRole(roleName *string) (bool, error)
	GetRoleARNPath(prefix string) (string, error)
	DescribeAvailabilityZones() ([]string, error)
	IsLocalAvailabilityZone(availabilityZoneName string) (bool, error)
	DetachRolePolicies(roleName string) error
	DetachRolePolicy(policyArn string, roleName string) error
	HasManagedPolicies(roleARN string) (bool, error)
	HasHostedCPPolicies(roleARN string) (bool, error)
	GetAccountRoleARN(prefix string, roleType string) (string, error)
	ValidateAccountRolesManagedPolicies(prefix string, policies map[string]*cmv1.AWSSTSPolicy) error
	ValidateHCPAccountRolesManagedPolicies(prefix string, policies map[string]*cmv1.AWSSTSPolicy) error
	ValidateOperatorRolesManagedPolicies(cluster *cmv1.Cluster, operatorRoles map[string]*cmv1.STSOperator,
		policies map[string]*cmv1.AWSSTSPolicy, hostedCPPolicies bool) error
	CreateS3Bucket(bucketName string, region string) error
	DeleteS3Bucket(bucketName string) error
	PutPublicReadObjectInS3Bucket(bucketName string, body io.ReadSeeker, key string) error
	CreateSecretInSecretsManager(name string, secret string) (string, error)
	DeleteSecretInSecretsManager(secretArn string) error
	ValidateAccountRoleVersionCompatibility(roleName string, roleType string, minVersion string) (bool, error)
	GetDefaultPolicyDocument(policyArn string) (string, error)
	GetAccountRoleByArn(roleArn string) (Role, error)
	GetSecurityGroupIds(vpcId string) ([]ec2types.SecurityGroup, error)
	FetchPublicSubnetMap(subnets []ec2types.Subnet) (map[string]bool, error)
	GetIAMServiceQuota(quotaCode string) (*servicequotas.GetServiceQuotaOutput, error)
	GetAccountRoleDefaultPolicy(roleName string, prefix string) (string, error)
	GetOperatorRoleDefaultPolicy(roleName string) (string, error)
}

Client defines a client interface

func CreateNewClientOrExit added in v1.1.10

func CreateNewClientOrExit(logger *logrus.Logger, reporter *reporter.Object) Client

func GetAWSClientForUserRegion added in v1.0.8

func GetAWSClientForUserRegion(reporter *rprtr.Object, logger *logrus.Logger,
	supportedRegions []string, useLocalCreds bool) Client

Currently user can rosa init using the region from their config or using --region When checking for cloud formation we need to check in the region used by the user

func New

func New(
	cfg aws.Config,
	logger *logrus.Logger,
	iamClient client.IamApiClient,
	ec2Client client.Ec2ApiClient,
	orgClient client.OrganizationsApiClient,
	s3Client client.S3ApiClient,
	smClient client.SecretsManagerApiClient,
	stsClient client.StsApiClient,
	cfClient client.CloudFormationApiClient,
	serviceQuotasClient client.ServiceQuotasApiClient,
	iamQuotaClient client.ServiceQuotasApiClient,
	awsAccessKeys *AccessKey,
	useLocalCredentials bool,

) Client

type ClientBuilder

type ClientBuilder struct {
	// contains filtered or unexported fields
}

ClientBuilder contains the information and logic needed to build a new AWS client.

func NewClient

func NewClient() *ClientBuilder

NewClient creates a builder that can then be used to configure and build a new AWS client.

func (*ClientBuilder) AccessKeys

func (b *ClientBuilder) AccessKeys(value *AccessKey) *ClientBuilder

func (*ClientBuilder) Build

func (b *ClientBuilder) Build() (Client, error)

Build uses the information stored in the builder to build a new AWS client.

func (*ClientBuilder) BuildSession added in v1.2.37

func (b *ClientBuilder) BuildSession() (aws.Config, error)

func (*ClientBuilder) BuildSessionWithOptions

func (b *ClientBuilder) BuildSessionWithOptions(logLevel aws.ClientLogMode) (aws.Config, error)

func (*ClientBuilder) BuildSessionWithOptionsCredentials

func (b *ClientBuilder) BuildSessionWithOptionsCredentials(value *AccessKey,
	logLevel aws.ClientLogMode) (aws.Config, error)

Create AWS session with a specific set of credentials

func (*ClientBuilder) Logger

func (b *ClientBuilder) Logger(value *logrus.Logger) *ClientBuilder

Logger sets the logger that the AWS client will use to send messages to the log.

func (*ClientBuilder) Region

func (b *ClientBuilder) Region(value string) *ClientBuilder

func (*ClientBuilder) UseLocalCredentials added in v1.2.25

func (b *ClientBuilder) UseLocalCredentials(value bool) *ClientBuilder

type Creator

type Creator struct {
	ARN        string
	AccountID  string
	IsSTS      bool
	IsGovcloud bool
	Partition  string
}

func CreatorForCallerIdentity added in v1.2.36

func CreatorForCallerIdentity(identity *sts.GetCallerIdentityOutput) (*Creator, error)

CreatorForCallerIdentity adapts an STS CallerIdentity to the ROSA *Creator

type MockAccessKeyGetter added in v1.2.36

type MockAccessKeyGetter struct {
	// contains filtered or unexported fields
}

MockAccessKeyGetter is a mock of AccessKeyGetter interface.

func NewMockAccessKeyGetter added in v1.2.36

func NewMockAccessKeyGetter(ctrl *gomock.Controller) *MockAccessKeyGetter

NewMockAccessKeyGetter creates a new mock instance.

func (*MockAccessKeyGetter) EXPECT added in v1.2.36

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockAccessKeyGetter) GetAWSAccessKeys added in v1.2.36

func (m *MockAccessKeyGetter) GetAWSAccessKeys() (*AccessKey, error)

GetAWSAccessKeys mocks base method.

func (*MockAccessKeyGetter) GetLocalAWSAccessKeys added in v1.2.36

func (m *MockAccessKeyGetter) GetLocalAWSAccessKeys() (*AccessKey, error)

GetLocalAWSAccessKeys mocks base method.

type MockAccessKeyGetterMockRecorder added in v1.2.36

type MockAccessKeyGetterMockRecorder struct {
	// contains filtered or unexported fields
}

MockAccessKeyGetterMockRecorder is the mock recorder for MockAccessKeyGetter.

func (*MockAccessKeyGetterMockRecorder) GetAWSAccessKeys added in v1.2.36

func (mr *MockAccessKeyGetterMockRecorder) GetAWSAccessKeys() *gomock.Call

GetAWSAccessKeys indicates an expected call of GetAWSAccessKeys.

func (*MockAccessKeyGetterMockRecorder) GetLocalAWSAccessKeys added in v1.2.36

func (mr *MockAccessKeyGetterMockRecorder) GetLocalAWSAccessKeys() *gomock.Call

GetLocalAWSAccessKeys indicates an expected call of GetLocalAWSAccessKeys.

type MockClient added in v1.2.36

type MockClient struct {
	// contains filtered or unexported fields
}

MockClient is a mock of Client interface.

func NewMockClient added in v1.2.36

func NewMockClient(ctrl *gomock.Controller) *MockClient

NewMockClient creates a new mock instance.

func (*MockClient) AddRoleTag added in v1.2.36

func (m *MockClient) AddRoleTag(roleName, key, value string) error

AddRoleTag mocks base method.

func (*MockClient) AttachRolePolicy added in v1.2.36

func (m *MockClient) AttachRolePolicy(roleName, policyARN string) error

AttachRolePolicy mocks base method.

func (*MockClient) CheckAdminUserExists added in v1.2.36

func (m *MockClient) CheckAdminUserExists(userName string) error

CheckAdminUserExists mocks base method.

func (*MockClient) CheckAdminUserNotExisting added in v1.2.36

func (m *MockClient) CheckAdminUserNotExisting(userName string) error

CheckAdminUserNotExisting mocks base method.

func (*MockClient) CheckRoleExists added in v1.2.36

func (m *MockClient) CheckRoleExists(roleName string) (bool, string, error)

CheckRoleExists mocks base method.

func (*MockClient) CheckStackReadyOrNotExisting added in v1.2.36

func (m *MockClient) CheckStackReadyOrNotExisting(stackName string) (bool, *string, error)

CheckStackReadyOrNotExisting mocks base method.

func (*MockClient) CreateOpenIDConnectProvider added in v1.2.36

func (m *MockClient) CreateOpenIDConnectProvider(issuerURL, thumbprint, clusterID string) (string, error)

CreateOpenIDConnectProvider mocks base method.

func (*MockClient) CreateS3Bucket added in v1.2.36

func (m *MockClient) CreateS3Bucket(bucketName, region string) error

CreateS3Bucket mocks base method.

func (*MockClient) CreateSecretInSecretsManager added in v1.2.36

func (m *MockClient) CreateSecretInSecretsManager(name, secret string) (string, error)

CreateSecretInSecretsManager mocks base method.

func (*MockClient) DeleteAccountRole added in v1.2.36

func (m *MockClient) DeleteAccountRole(roleName, prefix string, managedPolicies bool) error

DeleteAccountRole mocks base method.

func (*MockClient) DeleteInlineRolePolicies added in v1.2.36

func (m *MockClient) DeleteInlineRolePolicies(roleName string) error

DeleteInlineRolePolicies mocks base method.

func (*MockClient) DeleteOCMRole added in v1.2.36

func (m *MockClient) DeleteOCMRole(roleARN string, managedPolicies bool) error

DeleteOCMRole mocks base method.

func (*MockClient) DeleteOpenIDConnectProvider added in v1.2.36

func (m *MockClient) DeleteOpenIDConnectProvider(providerURL string) error

DeleteOpenIDConnectProvider mocks base method.

func (*MockClient) DeleteOperatorRole added in v1.2.36

func (m *MockClient) DeleteOperatorRole(roles string, managedPolicies bool) error

DeleteOperatorRole mocks base method.

func (*MockClient) DeleteOsdCcsAdminUser added in v1.2.36

func (m *MockClient) DeleteOsdCcsAdminUser(stackName string) error

DeleteOsdCcsAdminUser mocks base method.

func (*MockClient) DeleteS3Bucket added in v1.2.36

func (m *MockClient) DeleteS3Bucket(bucketName string) error

DeleteS3Bucket mocks base method.

func (*MockClient) DeleteSecretInSecretsManager added in v1.2.36

func (m *MockClient) DeleteSecretInSecretsManager(secretArn string) error

DeleteSecretInSecretsManager mocks base method.

func (*MockClient) DeleteUserRole added in v1.2.36

func (m *MockClient) DeleteUserRole(roleName string) error

DeleteUserRole mocks base method.

func (*MockClient) DescribeAvailabilityZones added in v1.2.36

func (m *MockClient) DescribeAvailabilityZones() ([]string, error)

DescribeAvailabilityZones mocks base method.

func (*MockClient) DetachRolePolicies added in v1.2.36

func (m *MockClient) DetachRolePolicies(roleName string) error

DetachRolePolicies mocks base method.

func (*MockClient) DetachRolePolicy added in v1.2.39

func (m *MockClient) DetachRolePolicy(policyArn, roleName string) error

DetachRolePolicy mocks base method.

func (*MockClient) EXPECT added in v1.2.36

func (m *MockClient) EXPECT() *MockClientMockRecorder

EXPECT returns an object that allows the caller to indicate expected use.

func (*MockClient) EnsureOsdCcsAdminUser added in v1.2.36

func (m *MockClient) EnsureOsdCcsAdminUser(stackName, adminUserName, awsRegion string) (bool, error)

EnsureOsdCcsAdminUser mocks base method.

func (*MockClient) EnsurePolicy added in v1.2.36

func (m *MockClient) EnsurePolicy(policyArn, document, version string, tagList map[string]string, path string) (string, error)

EnsurePolicy mocks base method.

func (*MockClient) EnsureRole added in v1.2.36

func (m *MockClient) EnsureRole(name, policy, permissionsBoundary, version string, tagList map[string]string, path string, managedPolicies bool) (string, error)

EnsureRole mocks base method.

func (*MockClient) FetchPublicSubnetMap added in v1.2.36

func (m *MockClient) FetchPublicSubnetMap(subnets []types.Subnet) (map[string]bool, error)

FetchPublicSubnetMap mocks base method.

func (*MockClient) FilterVPCsPrivateSubnets added in v1.2.36

func (m *MockClient) FilterVPCsPrivateSubnets(subnets []types.Subnet) ([]types.Subnet, error)

FilterVPCsPrivateSubnets mocks base method.

func (*MockClient) FindPolicyARN added in v1.2.36

func (m *MockClient) FindPolicyARN(operator Operator, version string) (string, error)

FindPolicyARN mocks base method.

func (*MockClient) FindRoleARNs added in v1.2.36

func (m *MockClient) FindRoleARNs(roleType, version string) ([]string, error)

FindRoleARNs mocks base method.

func (*MockClient) FindRoleARNsClassic added in v1.2.36

func (m *MockClient) FindRoleARNsClassic(roleType, version string) ([]string, error)

FindRoleARNsClassic mocks base method.

func (*MockClient) FindRoleARNsHostedCp added in v1.2.36

func (m *MockClient) FindRoleARNsHostedCp(roleType, version string) ([]string, error)

FindRoleARNsHostedCp mocks base method.

func (*MockClient) ForceEnsurePolicy added in v1.2.36

func (m *MockClient) ForceEnsurePolicy(policyArn, document, version string, tagList map[string]string, path string) (string, error)

ForceEnsurePolicy mocks base method.

func (*MockClient) GetAWSAccessKeys added in v1.2.36

func (m *MockClient) GetAWSAccessKeys() (*AccessKey, error)

GetAWSAccessKeys mocks base method.

func (*MockClient) GetAccountRoleARN added in v1.2.36

func (m *MockClient) GetAccountRoleARN(prefix, roleType string) (string, error)

GetAccountRoleARN mocks base method.

func (*MockClient) GetAccountRoleByArn added in v1.2.36

func (m *MockClient) GetAccountRoleByArn(roleArn string) (Role, error)

GetAccountRoleByArn mocks base method.

func (*MockClient) GetAccountRoleDefaultPolicy added in v1.2.40

func (m *MockClient) GetAccountRoleDefaultPolicy(roleName, prefix string) (string, error)

GetAccountRoleDefaultPolicy mocks base method.

func (*MockClient) GetAccountRoleForCurrentEnv added in v1.2.36

func (m *MockClient) GetAccountRoleForCurrentEnv(env, roleName string) (Role, error)

GetAccountRoleForCurrentEnv mocks base method.

func (*MockClient) GetAccountRoleForCurrentEnvWithPrefix added in v1.2.36

func (m *MockClient) GetAccountRoleForCurrentEnvWithPrefix(env, rolePrefix string, accountRolesMap map[string]AccountRole) ([]Role, error)

GetAccountRoleForCurrentEnvWithPrefix mocks base method.

func (*MockClient) GetAccountRolePolicies added in v1.2.36

func (m *MockClient) GetAccountRolePolicies(roles []string, prefix string) (map[string][]PolicyDetail, map[string][]PolicyDetail, error)

GetAccountRolePolicies mocks base method.

func (*MockClient) GetAccountRoleVersion added in v1.2.36

func (m *MockClient) GetAccountRoleVersion(roleName string) (string, error)

GetAccountRoleVersion mocks base method.

func (*MockClient) GetAccountRolesForCurrentEnv added in v1.2.36

func (m *MockClient) GetAccountRolesForCurrentEnv(env, accountID string) ([]Role, error)

GetAccountRolesForCurrentEnv mocks base method.

func (*MockClient) GetAttachedPolicy added in v1.2.36

func (m *MockClient) GetAttachedPolicy(role *string) ([]PolicyDetail, error)

GetAttachedPolicy mocks base method.

func (*MockClient) GetAvailabilityZoneType added in v1.2.37

func (m *MockClient) GetAvailabilityZoneType(availabilityZoneName string) (string, error)

GetAvailabilityZoneType mocks base method.

func (*MockClient) GetClusterRegionTagForUser added in v1.2.36

func (m *MockClient) GetClusterRegionTagForUser(username string) (string, error)

GetClusterRegionTagForUser mocks base method.

func (*MockClient) GetCreator added in v1.2.36

func (m *MockClient) GetCreator() (*Creator, error)

GetCreator mocks base method.

func (*MockClient) GetDefaultPolicyDocument added in v1.2.36

func (m *MockClient) GetDefaultPolicyDocument(policyArn string) (string, error)

GetDefaultPolicyDocument mocks base method.

func (*MockClient) GetIAMCredentials added in v1.2.36

func (m *MockClient) GetIAMCredentials() (aws.Credentials, error)

GetIAMCredentials mocks base method.

func (*MockClient) GetIAMServiceQuota added in v1.2.39

func (m *MockClient) GetIAMServiceQuota(quotaCode string) (*servicequotas.GetServiceQuotaOutput, error)

GetIAMServiceQuota mocks base method.

func (*MockClient) GetInstanceProfilesForRole added in v1.2.36

func (m *MockClient) GetInstanceProfilesForRole(role string) ([]string, error)

GetInstanceProfilesForRole mocks base method.

func (*MockClient) GetLocalAWSAccessKeys added in v1.2.36

func (m *MockClient) GetLocalAWSAccessKeys() (*AccessKey, error)

GetLocalAWSAccessKeys mocks base method.

func (*MockClient) GetOpenIDConnectProviderByClusterIdTag added in v1.2.36

func (m *MockClient) GetOpenIDConnectProviderByClusterIdTag(clusterID string) (string, error)

GetOpenIDConnectProviderByClusterIdTag mocks base method.

func (*MockClient) GetOpenIDConnectProviderByOidcEndpointUrl added in v1.2.36

func (m *MockClient) GetOpenIDConnectProviderByOidcEndpointUrl(oidcEndpointUrl string) (string, error)

GetOpenIDConnectProviderByOidcEndpointUrl mocks base method.

func (*MockClient) GetOperatorRoleDefaultPolicy added in v1.2.40

func (m *MockClient) GetOperatorRoleDefaultPolicy(roleName string) (string, error)

GetOperatorRoleDefaultPolicy mocks base method.

func (*MockClient) GetOperatorRolePolicies added in v1.2.40

func (m *MockClient) GetOperatorRolePolicies(roles []string) (map[string][]string, map[string][]string, error)

GetOperatorRolePolicies mocks base method.

func (*MockClient) GetOperatorRolesFromAccountByClusterID added in v1.2.36

func (m *MockClient) GetOperatorRolesFromAccountByClusterID(clusterID string, credRequests map[string]*v1.STSOperator) ([]string, error)

GetOperatorRolesFromAccountByClusterID mocks base method.

func (*MockClient) GetOperatorRolesFromAccountByPrefix added in v1.2.36

func (m *MockClient) GetOperatorRolesFromAccountByPrefix(prefix string, credRequest map[string]*v1.STSOperator) ([]string, error)

GetOperatorRolesFromAccountByPrefix mocks base method.

func (*MockClient) GetRegion added in v1.2.36

func (m *MockClient) GetRegion() string

GetRegion mocks base method.

func (*MockClient) GetRoleARNPath added in v1.2.36

func (m *MockClient) GetRoleARNPath(prefix string) (string, error)

GetRoleARNPath mocks base method.

func (*MockClient) GetRoleByARN added in v1.2.36

func (m *MockClient) GetRoleByARN(roleARN string) (types0.Role, error)

GetRoleByARN mocks base method.

func (*MockClient) GetRoleByName added in v1.2.39

func (m *MockClient) GetRoleByName(roleName string) (types0.Role, error)

GetRoleByName mocks base method.

func (*MockClient) GetSecurityGroupIds added in v1.2.36

func (m *MockClient) GetSecurityGroupIds(vpcId string) ([]types.SecurityGroup, error)

GetSecurityGroupIds mocks base method.

func (*MockClient) GetSubnetAvailabilityZone added in v1.2.36

func (m *MockClient) GetSubnetAvailabilityZone(subnetID string) (string, error)

GetSubnetAvailabilityZone mocks base method.

func (*MockClient) GetVPCPrivateSubnets added in v1.2.36

func (m *MockClient) GetVPCPrivateSubnets(subnetID string) ([]types.Subnet, error)

GetVPCPrivateSubnets mocks base method.

func (*MockClient) GetVPCSubnets added in v1.2.36

func (m *MockClient) GetVPCSubnets(subnetID string) ([]types.Subnet, error)

GetVPCSubnets mocks base method.

func (*MockClient) HasHostedCPPolicies added in v1.2.36

func (m *MockClient) HasHostedCPPolicies(roleARN string) (bool, error)

HasHostedCPPolicies mocks base method.

func (*MockClient) HasManagedPolicies added in v1.2.36

func (m *MockClient) HasManagedPolicies(roleARN string) (bool, error)

HasManagedPolicies mocks base method.

func (*MockClient) HasOpenIDConnectProvider added in v1.2.36

func (m *MockClient) HasOpenIDConnectProvider(issuerURL, partition, accountID string) (bool, error)

HasOpenIDConnectProvider mocks base method.

func (*MockClient) HasPermissionsBoundary added in v1.2.36

func (m *MockClient) HasPermissionsBoundary(roleName string) (bool, error)

HasPermissionsBoundary mocks base method.

func (*MockClient) IsAdminRole added in v1.2.36

func (m *MockClient) IsAdminRole(roleName string) (bool, error)

IsAdminRole mocks base method.

func (*MockClient) IsLocalAvailabilityZone added in v1.2.36

func (m *MockClient) IsLocalAvailabilityZone(availabilityZoneName string) (bool, error)

IsLocalAvailabilityZone mocks base method.

func (*MockClient) IsPolicyCompatible added in v1.2.36

func (m *MockClient) IsPolicyCompatible(policyArn, version string) (bool, error)

IsPolicyCompatible mocks base method.

func (*MockClient) IsPolicyExists added in v1.2.36

func (m *MockClient) IsPolicyExists(policyARN string) (*iam.GetPolicyOutput, error)

IsPolicyExists mocks base method.

func (*MockClient) IsRolePolicyExists added in v1.2.36

func (m *MockClient) IsRolePolicyExists(roleName, policyName string) (*iam.GetRolePolicyOutput, error)

IsRolePolicyExists mocks base method.

func (*MockClient) IsUpgradedNeededForAccountRolePolicies added in v1.2.36

func (m *MockClient) IsUpgradedNeededForAccountRolePolicies(rolePrefix, version string) (bool, error)

IsUpgradedNeededForAccountRolePolicies mocks base method.

func (*MockClient) IsUpgradedNeededForAccountRolePoliciesUsingCluster added in v1.2.36

func (m *MockClient) IsUpgradedNeededForAccountRolePoliciesUsingCluster(clusterID *v1.Cluster, version string) (bool, error)

IsUpgradedNeededForAccountRolePoliciesUsingCluster mocks base method.

func (*MockClient) IsUpgradedNeededForOperatorRolePoliciesUsingCluster added in v1.2.36

func (m *MockClient) IsUpgradedNeededForOperatorRolePoliciesUsingCluster(cluster *v1.Cluster, partition, accountID, version string, credRequests map[string]*v1.STSOperator, operatorRolePolicyPrefix string) (bool, error)

IsUpgradedNeededForOperatorRolePoliciesUsingCluster mocks base method.

func (*MockClient) IsUpgradedNeededForOperatorRolePoliciesUsingPrefix added in v1.2.36

func (m *MockClient) IsUpgradedNeededForOperatorRolePoliciesUsingPrefix(rolePrefix, partition, accountID, version string, credRequests map[string]*v1.STSOperator, path string) (bool, error)

IsUpgradedNeededForOperatorRolePoliciesUsingPrefix mocks base method.

func (*MockClient) IsUserRole added in v1.2.36

func (m *MockClient) IsUserRole(roleName *string) (bool, error)

IsUserRole mocks base method.

func (*MockClient) ListAccountRoles added in v1.2.36

func (m *MockClient) ListAccountRoles(version string) ([]Role, error)

ListAccountRoles mocks base method.

func (*MockClient) ListAttachedRolePolicies added in v1.2.40

func (m *MockClient) ListAttachedRolePolicies(roleName string) ([]string, error)

ListAttachedRolePolicies mocks base method.

func (*MockClient) ListOCMRoles added in v1.2.36

func (m *MockClient) ListOCMRoles() ([]Role, error)

ListOCMRoles mocks base method.

func (*MockClient) ListOidcProviders added in v1.2.36

func (m *MockClient) ListOidcProviders(targetClusterId string, config *v1.OidcConfig) ([]OidcProviderOutput, error)

ListOidcProviders mocks base method.

func (*MockClient) ListOperatorRoles added in v1.2.36

func (m *MockClient) ListOperatorRoles(version, clusterID string) (map[string][]OperatorRoleDetail, error)

ListOperatorRoles mocks base method.

func (*MockClient) ListSubnets added in v1.2.36

func (m *MockClient) ListSubnets(subnetIds ...string) ([]types.Subnet, error)

ListSubnets mocks base method.

func (*MockClient) ListUserRoles added in v1.2.36

func (m *MockClient) ListUserRoles() ([]Role, error)

ListUserRoles mocks base method.

func (*MockClient) PutPublicReadObjectInS3Bucket added in v1.2.36

func (m *MockClient) PutPublicReadObjectInS3Bucket(bucketName string, body io.ReadSeeker, key string) error

PutPublicReadObjectInS3Bucket mocks base method.

func (*MockClient) PutRolePolicy added in v1.2.36

func (m *MockClient) PutRolePolicy(roleName, policyName, policy string) error

PutRolePolicy mocks base method.

func (*MockClient) TagUserRegion added in v1.2.36

func (m *MockClient) TagUserRegion(username, region string) error

TagUserRegion mocks base method.

func (*MockClient) UpdateTag added in v1.2.36

func (m *MockClient) UpdateTag(roleName, defaultPolicyVersion string) error

UpdateTag mocks base method.

func (*MockClient) ValidateAccountRoleVersionCompatibility added in v1.2.36

func (m *MockClient) ValidateAccountRoleVersionCompatibility(roleName, roleType, minVersion string) (bool, error)

ValidateAccountRoleVersionCompatibility mocks base method.

func (*MockClient) ValidateAccountRolesManagedPolicies added in v1.2.36

func (m *MockClient) ValidateAccountRolesManagedPolicies(prefix string, policies map[string]*v1.AWSSTSPolicy) error

ValidateAccountRolesManagedPolicies mocks base method.

func (*MockClient) ValidateCredentials added in v1.2.36

func (m *MockClient) ValidateCredentials() (bool, error)

ValidateCredentials mocks base method.

func (*MockClient) ValidateHCPAccountRolesManagedPolicies added in v1.2.36

func (m *MockClient) ValidateHCPAccountRolesManagedPolicies(prefix string, policies map[string]*v1.AWSSTSPolicy) error

ValidateHCPAccountRolesManagedPolicies mocks base method.

func (*MockClient) ValidateOperatorRolesManagedPolicies added in v1.2.36

func (m *MockClient) ValidateOperatorRolesManagedPolicies(cluster *v1.Cluster, operatorRoles map[string]*v1.STSOperator, policies map[string]*v1.AWSSTSPolicy, hostedCPPolicies bool) error

ValidateOperatorRolesManagedPolicies mocks base method.

func (*MockClient) ValidateQuota added in v1.2.36

func (m *MockClient) ValidateQuota() (bool, error)

ValidateQuota mocks base method.

func (*MockClient) ValidateRoleARNAccountIDMatchCallerAccountID added in v1.2.36

func (m *MockClient) ValidateRoleARNAccountIDMatchCallerAccountID(roleARN string) error

ValidateRoleARNAccountIDMatchCallerAccountID mocks base method.

func (*MockClient) ValidateRoleNameAvailable added in v1.2.36

func (m *MockClient) ValidateRoleNameAvailable(name string) error

ValidateRoleNameAvailable mocks base method.

func (*MockClient) ValidateSCP added in v1.2.36

func (m *MockClient) ValidateSCP(arg0 *string, arg1 map[string]*v1.AWSSTSPolicy) (bool, error)

ValidateSCP mocks base method.

type MockClientMockRecorder added in v1.2.36

type MockClientMockRecorder struct {
	// contains filtered or unexported fields
}

MockClientMockRecorder is the mock recorder for MockClient.

func (*MockClientMockRecorder) AddRoleTag added in v1.2.36

func (mr *MockClientMockRecorder) AddRoleTag(roleName, key, value any) *gomock.Call

AddRoleTag indicates an expected call of AddRoleTag.

func (*MockClientMockRecorder) AttachRolePolicy added in v1.2.36

func (mr *MockClientMockRecorder) AttachRolePolicy(roleName, policyARN any) *gomock.Call

AttachRolePolicy indicates an expected call of AttachRolePolicy.

func (*MockClientMockRecorder) CheckAdminUserExists added in v1.2.36

func (mr *MockClientMockRecorder) CheckAdminUserExists(userName any) *gomock.Call

CheckAdminUserExists indicates an expected call of CheckAdminUserExists.

func (*MockClientMockRecorder) CheckAdminUserNotExisting added in v1.2.36

func (mr *MockClientMockRecorder) CheckAdminUserNotExisting(userName any) *gomock.Call

CheckAdminUserNotExisting indicates an expected call of CheckAdminUserNotExisting.

func (*MockClientMockRecorder) CheckRoleExists added in v1.2.36

func (mr *MockClientMockRecorder) CheckRoleExists(roleName any) *gomock.Call

CheckRoleExists indicates an expected call of CheckRoleExists.

func (*MockClientMockRecorder) CheckStackReadyOrNotExisting added in v1.2.36

func (mr *MockClientMockRecorder) CheckStackReadyOrNotExisting(stackName any) *gomock.Call

CheckStackReadyOrNotExisting indicates an expected call of CheckStackReadyOrNotExisting.

func (*MockClientMockRecorder) CreateOpenIDConnectProvider added in v1.2.36

func (mr *MockClientMockRecorder) CreateOpenIDConnectProvider(issuerURL, thumbprint, clusterID any) *gomock.Call

CreateOpenIDConnectProvider indicates an expected call of CreateOpenIDConnectProvider.

func (*MockClientMockRecorder) CreateS3Bucket added in v1.2.36

func (mr *MockClientMockRecorder) CreateS3Bucket(bucketName, region any) *gomock.Call

CreateS3Bucket indicates an expected call of CreateS3Bucket.

func (*MockClientMockRecorder) CreateSecretInSecretsManager added in v1.2.36

func (mr *MockClientMockRecorder) CreateSecretInSecretsManager(name, secret any) *gomock.Call

CreateSecretInSecretsManager indicates an expected call of CreateSecretInSecretsManager.

func (*MockClientMockRecorder) DeleteAccountRole added in v1.2.36

func (mr *MockClientMockRecorder) DeleteAccountRole(roleName, prefix, managedPolicies any) *gomock.Call

DeleteAccountRole indicates an expected call of DeleteAccountRole.

func (*MockClientMockRecorder) DeleteInlineRolePolicies added in v1.2.36

func (mr *MockClientMockRecorder) DeleteInlineRolePolicies(roleName any) *gomock.Call

DeleteInlineRolePolicies indicates an expected call of DeleteInlineRolePolicies.

func (*MockClientMockRecorder) DeleteOCMRole added in v1.2.36

func (mr *MockClientMockRecorder) DeleteOCMRole(roleARN, managedPolicies any) *gomock.Call

DeleteOCMRole indicates an expected call of DeleteOCMRole.

func (*MockClientMockRecorder) DeleteOpenIDConnectProvider added in v1.2.36

func (mr *MockClientMockRecorder) DeleteOpenIDConnectProvider(providerURL any) *gomock.Call

DeleteOpenIDConnectProvider indicates an expected call of DeleteOpenIDConnectProvider.

func (*MockClientMockRecorder) DeleteOperatorRole added in v1.2.36

func (mr *MockClientMockRecorder) DeleteOperatorRole(roles, managedPolicies any) *gomock.Call

DeleteOperatorRole indicates an expected call of DeleteOperatorRole.

func (*MockClientMockRecorder) DeleteOsdCcsAdminUser added in v1.2.36

func (mr *MockClientMockRecorder) DeleteOsdCcsAdminUser(stackName any) *gomock.Call

DeleteOsdCcsAdminUser indicates an expected call of DeleteOsdCcsAdminUser.

func (*MockClientMockRecorder) DeleteS3Bucket added in v1.2.36

func (mr *MockClientMockRecorder) DeleteS3Bucket(bucketName any) *gomock.Call

DeleteS3Bucket indicates an expected call of DeleteS3Bucket.

func (*MockClientMockRecorder) DeleteSecretInSecretsManager added in v1.2.36

func (mr *MockClientMockRecorder) DeleteSecretInSecretsManager(secretArn any) *gomock.Call

DeleteSecretInSecretsManager indicates an expected call of DeleteSecretInSecretsManager.

func (*MockClientMockRecorder) DeleteUserRole added in v1.2.36

func (mr *MockClientMockRecorder) DeleteUserRole(roleName any) *gomock.Call

DeleteUserRole indicates an expected call of DeleteUserRole.

func (*MockClientMockRecorder) DescribeAvailabilityZones added in v1.2.36

func (mr *MockClientMockRecorder) DescribeAvailabilityZones() *gomock.Call

DescribeAvailabilityZones indicates an expected call of DescribeAvailabilityZones.

func (*MockClientMockRecorder) DetachRolePolicies added in v1.2.36

func (mr *MockClientMockRecorder) DetachRolePolicies(roleName any) *gomock.Call

DetachRolePolicies indicates an expected call of DetachRolePolicies.

func (*MockClientMockRecorder) DetachRolePolicy added in v1.2.39

func (mr *MockClientMockRecorder) DetachRolePolicy(policyArn, roleName any) *gomock.Call

DetachRolePolicy indicates an expected call of DetachRolePolicy.

func (*MockClientMockRecorder) EnsureOsdCcsAdminUser added in v1.2.36

func (mr *MockClientMockRecorder) EnsureOsdCcsAdminUser(stackName, adminUserName, awsRegion any) *gomock.Call

EnsureOsdCcsAdminUser indicates an expected call of EnsureOsdCcsAdminUser.

func (*MockClientMockRecorder) EnsurePolicy added in v1.2.36

func (mr *MockClientMockRecorder) EnsurePolicy(policyArn, document, version, tagList, path any) *gomock.Call

EnsurePolicy indicates an expected call of EnsurePolicy.

func (*MockClientMockRecorder) EnsureRole added in v1.2.36

func (mr *MockClientMockRecorder) EnsureRole(name, policy, permissionsBoundary, version, tagList, path, managedPolicies any) *gomock.Call

EnsureRole indicates an expected call of EnsureRole.

func (*MockClientMockRecorder) FetchPublicSubnetMap added in v1.2.36

func (mr *MockClientMockRecorder) FetchPublicSubnetMap(subnets any) *gomock.Call

FetchPublicSubnetMap indicates an expected call of FetchPublicSubnetMap.

func (*MockClientMockRecorder) FilterVPCsPrivateSubnets added in v1.2.36

func (mr *MockClientMockRecorder) FilterVPCsPrivateSubnets(subnets any) *gomock.Call

FilterVPCsPrivateSubnets indicates an expected call of FilterVPCsPrivateSubnets.

func (*MockClientMockRecorder) FindPolicyARN added in v1.2.36

func (mr *MockClientMockRecorder) FindPolicyARN(operator, version any) *gomock.Call

FindPolicyARN indicates an expected call of FindPolicyARN.

func (*MockClientMockRecorder) FindRoleARNs added in v1.2.36

func (mr *MockClientMockRecorder) FindRoleARNs(roleType, version any) *gomock.Call

FindRoleARNs indicates an expected call of FindRoleARNs.

func (*MockClientMockRecorder) FindRoleARNsClassic added in v1.2.36

func (mr *MockClientMockRecorder) FindRoleARNsClassic(roleType, version any) *gomock.Call

FindRoleARNsClassic indicates an expected call of FindRoleARNsClassic.

func (*MockClientMockRecorder) FindRoleARNsHostedCp added in v1.2.36

func (mr *MockClientMockRecorder) FindRoleARNsHostedCp(roleType, version any) *gomock.Call

FindRoleARNsHostedCp indicates an expected call of FindRoleARNsHostedCp.

func (*MockClientMockRecorder) ForceEnsurePolicy added in v1.2.36

func (mr *MockClientMockRecorder) ForceEnsurePolicy(policyArn, document, version, tagList, path any) *gomock.Call

ForceEnsurePolicy indicates an expected call of ForceEnsurePolicy.

func (*MockClientMockRecorder) GetAWSAccessKeys added in v1.2.36

func (mr *MockClientMockRecorder) GetAWSAccessKeys() *gomock.Call

GetAWSAccessKeys indicates an expected call of GetAWSAccessKeys.

func (*MockClientMockRecorder) GetAccountRoleARN added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRoleARN(prefix, roleType any) *gomock.Call

GetAccountRoleARN indicates an expected call of GetAccountRoleARN.

func (*MockClientMockRecorder) GetAccountRoleByArn added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRoleByArn(roleArn any) *gomock.Call

GetAccountRoleByArn indicates an expected call of GetAccountRoleByArn.

func (*MockClientMockRecorder) GetAccountRoleDefaultPolicy added in v1.2.40

func (mr *MockClientMockRecorder) GetAccountRoleDefaultPolicy(roleName, prefix any) *gomock.Call

GetAccountRoleDefaultPolicy indicates an expected call of GetAccountRoleDefaultPolicy.

func (*MockClientMockRecorder) GetAccountRoleForCurrentEnv added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRoleForCurrentEnv(env, roleName any) *gomock.Call

GetAccountRoleForCurrentEnv indicates an expected call of GetAccountRoleForCurrentEnv.

func (*MockClientMockRecorder) GetAccountRoleForCurrentEnvWithPrefix added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRoleForCurrentEnvWithPrefix(env, rolePrefix, accountRolesMap any) *gomock.Call

GetAccountRoleForCurrentEnvWithPrefix indicates an expected call of GetAccountRoleForCurrentEnvWithPrefix.

func (*MockClientMockRecorder) GetAccountRolePolicies added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRolePolicies(roles, prefix any) *gomock.Call

GetAccountRolePolicies indicates an expected call of GetAccountRolePolicies.

func (*MockClientMockRecorder) GetAccountRoleVersion added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRoleVersion(roleName any) *gomock.Call

GetAccountRoleVersion indicates an expected call of GetAccountRoleVersion.

func (*MockClientMockRecorder) GetAccountRolesForCurrentEnv added in v1.2.36

func (mr *MockClientMockRecorder) GetAccountRolesForCurrentEnv(env, accountID any) *gomock.Call

GetAccountRolesForCurrentEnv indicates an expected call of GetAccountRolesForCurrentEnv.

func (*MockClientMockRecorder) GetAttachedPolicy added in v1.2.36

func (mr *MockClientMockRecorder) GetAttachedPolicy(role any) *gomock.Call

GetAttachedPolicy indicates an expected call of GetAttachedPolicy.

func (*MockClientMockRecorder) GetAvailabilityZoneType added in v1.2.37

func (mr *MockClientMockRecorder) GetAvailabilityZoneType(availabilityZoneName any) *gomock.Call

GetAvailabilityZoneType indicates an expected call of GetAvailabilityZoneType.

func (*MockClientMockRecorder) GetClusterRegionTagForUser added in v1.2.36

func (mr *MockClientMockRecorder) GetClusterRegionTagForUser(username any) *gomock.Call

GetClusterRegionTagForUser indicates an expected call of GetClusterRegionTagForUser.

func (*MockClientMockRecorder) GetCreator added in v1.2.36

func (mr *MockClientMockRecorder) GetCreator() *gomock.Call

GetCreator indicates an expected call of GetCreator.

func (*MockClientMockRecorder) GetDefaultPolicyDocument added in v1.2.36

func (mr *MockClientMockRecorder) GetDefaultPolicyDocument(policyArn any) *gomock.Call

GetDefaultPolicyDocument indicates an expected call of GetDefaultPolicyDocument.

func (*MockClientMockRecorder) GetIAMCredentials added in v1.2.36

func (mr *MockClientMockRecorder) GetIAMCredentials() *gomock.Call

GetIAMCredentials indicates an expected call of GetIAMCredentials.

func (*MockClientMockRecorder) GetIAMServiceQuota added in v1.2.39

func (mr *MockClientMockRecorder) GetIAMServiceQuota(quotaCode any) *gomock.Call

GetIAMServiceQuota indicates an expected call of GetIAMServiceQuota.

func (*MockClientMockRecorder) GetInstanceProfilesForRole added in v1.2.36

func (mr *MockClientMockRecorder) GetInstanceProfilesForRole(role any) *gomock.Call

GetInstanceProfilesForRole indicates an expected call of GetInstanceProfilesForRole.

func (*MockClientMockRecorder) GetLocalAWSAccessKeys added in v1.2.36

func (mr *MockClientMockRecorder) GetLocalAWSAccessKeys() *gomock.Call

GetLocalAWSAccessKeys indicates an expected call of GetLocalAWSAccessKeys.

func (*MockClientMockRecorder) GetOpenIDConnectProviderByClusterIdTag added in v1.2.36

func (mr *MockClientMockRecorder) GetOpenIDConnectProviderByClusterIdTag(clusterID any) *gomock.Call

GetOpenIDConnectProviderByClusterIdTag indicates an expected call of GetOpenIDConnectProviderByClusterIdTag.

func (*MockClientMockRecorder) GetOpenIDConnectProviderByOidcEndpointUrl added in v1.2.36

func (mr *MockClientMockRecorder) GetOpenIDConnectProviderByOidcEndpointUrl(oidcEndpointUrl any) *gomock.Call

GetOpenIDConnectProviderByOidcEndpointUrl indicates an expected call of GetOpenIDConnectProviderByOidcEndpointUrl.

func (*MockClientMockRecorder) GetOperatorRoleDefaultPolicy added in v1.2.40

func (mr *MockClientMockRecorder) GetOperatorRoleDefaultPolicy(roleName any) *gomock.Call

GetOperatorRoleDefaultPolicy indicates an expected call of GetOperatorRoleDefaultPolicy.

func (*MockClientMockRecorder) GetOperatorRolePolicies added in v1.2.40

func (mr *MockClientMockRecorder) GetOperatorRolePolicies(roles any) *gomock.Call

GetOperatorRolePolicies indicates an expected call of GetOperatorRolePolicies.

func (*MockClientMockRecorder) GetOperatorRolesFromAccountByClusterID added in v1.2.36

func (mr *MockClientMockRecorder) GetOperatorRolesFromAccountByClusterID(clusterID, credRequests any) *gomock.Call

GetOperatorRolesFromAccountByClusterID indicates an expected call of GetOperatorRolesFromAccountByClusterID.

func (*MockClientMockRecorder) GetOperatorRolesFromAccountByPrefix added in v1.2.36

func (mr *MockClientMockRecorder) GetOperatorRolesFromAccountByPrefix(prefix, credRequest any) *gomock.Call

GetOperatorRolesFromAccountByPrefix indicates an expected call of GetOperatorRolesFromAccountByPrefix.

func (*MockClientMockRecorder) GetRegion added in v1.2.36

func (mr *MockClientMockRecorder) GetRegion() *gomock.Call

GetRegion indicates an expected call of GetRegion.

func (*MockClientMockRecorder) GetRoleARNPath added in v1.2.36

func (mr *MockClientMockRecorder) GetRoleARNPath(prefix any) *gomock.Call

GetRoleARNPath indicates an expected call of GetRoleARNPath.

func (*MockClientMockRecorder) GetRoleByARN added in v1.2.36

func (mr *MockClientMockRecorder) GetRoleByARN(roleARN any) *gomock.Call

GetRoleByARN indicates an expected call of GetRoleByARN.

func (*MockClientMockRecorder) GetRoleByName added in v1.2.39

func (mr *MockClientMockRecorder) GetRoleByName(roleName any) *gomock.Call

GetRoleByName indicates an expected call of GetRoleByName.

func (*MockClientMockRecorder) GetSecurityGroupIds added in v1.2.36

func (mr *MockClientMockRecorder) GetSecurityGroupIds(vpcId any) *gomock.Call

GetSecurityGroupIds indicates an expected call of GetSecurityGroupIds.

func (*MockClientMockRecorder) GetSubnetAvailabilityZone added in v1.2.36

func (mr *MockClientMockRecorder) GetSubnetAvailabilityZone(subnetID any) *gomock.Call

GetSubnetAvailabilityZone indicates an expected call of GetSubnetAvailabilityZone.

func (*MockClientMockRecorder) GetVPCPrivateSubnets added in v1.2.36

func (mr *MockClientMockRecorder) GetVPCPrivateSubnets(subnetID any) *gomock.Call

GetVPCPrivateSubnets indicates an expected call of GetVPCPrivateSubnets.

func (*MockClientMockRecorder) GetVPCSubnets added in v1.2.36

func (mr *MockClientMockRecorder) GetVPCSubnets(subnetID any) *gomock.Call

GetVPCSubnets indicates an expected call of GetVPCSubnets.

func (*MockClientMockRecorder) HasHostedCPPolicies added in v1.2.36

func (mr *MockClientMockRecorder) HasHostedCPPolicies(roleARN any) *gomock.Call

HasHostedCPPolicies indicates an expected call of HasHostedCPPolicies.

func (*MockClientMockRecorder) HasManagedPolicies added in v1.2.36

func (mr *MockClientMockRecorder) HasManagedPolicies(roleARN any) *gomock.Call

HasManagedPolicies indicates an expected call of HasManagedPolicies.

func (*MockClientMockRecorder) HasOpenIDConnectProvider added in v1.2.36

func (mr *MockClientMockRecorder) HasOpenIDConnectProvider(issuerURL, partition, accountID any) *gomock.Call

HasOpenIDConnectProvider indicates an expected call of HasOpenIDConnectProvider.

func (*MockClientMockRecorder) HasPermissionsBoundary added in v1.2.36

func (mr *MockClientMockRecorder) HasPermissionsBoundary(roleName any) *gomock.Call

HasPermissionsBoundary indicates an expected call of HasPermissionsBoundary.

func (*MockClientMockRecorder) IsAdminRole added in v1.2.36

func (mr *MockClientMockRecorder) IsAdminRole(roleName any) *gomock.Call

IsAdminRole indicates an expected call of IsAdminRole.

func (*MockClientMockRecorder) IsLocalAvailabilityZone added in v1.2.36

func (mr *MockClientMockRecorder) IsLocalAvailabilityZone(availabilityZoneName any) *gomock.Call

IsLocalAvailabilityZone indicates an expected call of IsLocalAvailabilityZone.

func (*MockClientMockRecorder) IsPolicyCompatible added in v1.2.36

func (mr *MockClientMockRecorder) IsPolicyCompatible(policyArn, version any) *gomock.Call

IsPolicyCompatible indicates an expected call of IsPolicyCompatible.

func (*MockClientMockRecorder) IsPolicyExists added in v1.2.36

func (mr *MockClientMockRecorder) IsPolicyExists(policyARN any) *gomock.Call

IsPolicyExists indicates an expected call of IsPolicyExists.

func (*MockClientMockRecorder) IsRolePolicyExists added in v1.2.36

func (mr *MockClientMockRecorder) IsRolePolicyExists(roleName, policyName any) *gomock.Call

IsRolePolicyExists indicates an expected call of IsRolePolicyExists.

func (*MockClientMockRecorder) IsUpgradedNeededForAccountRolePolicies added in v1.2.36

func (mr *MockClientMockRecorder) IsUpgradedNeededForAccountRolePolicies(rolePrefix, version any) *gomock.Call

IsUpgradedNeededForAccountRolePolicies indicates an expected call of IsUpgradedNeededForAccountRolePolicies.

func (*MockClientMockRecorder) IsUpgradedNeededForAccountRolePoliciesUsingCluster added in v1.2.36

func (mr *MockClientMockRecorder) IsUpgradedNeededForAccountRolePoliciesUsingCluster(clusterID, version any) *gomock.Call

IsUpgradedNeededForAccountRolePoliciesUsingCluster indicates an expected call of IsUpgradedNeededForAccountRolePoliciesUsingCluster.

func (*MockClientMockRecorder) IsUpgradedNeededForOperatorRolePoliciesUsingCluster added in v1.2.36

func (mr *MockClientMockRecorder) IsUpgradedNeededForOperatorRolePoliciesUsingCluster(cluster, partition, accountID, version, credRequests, operatorRolePolicyPrefix any) *gomock.Call

IsUpgradedNeededForOperatorRolePoliciesUsingCluster indicates an expected call of IsUpgradedNeededForOperatorRolePoliciesUsingCluster.

func (*MockClientMockRecorder) IsUpgradedNeededForOperatorRolePoliciesUsingPrefix added in v1.2.36

func (mr *MockClientMockRecorder) IsUpgradedNeededForOperatorRolePoliciesUsingPrefix(rolePrefix, partition, accountID, version, credRequests, path any) *gomock.Call

IsUpgradedNeededForOperatorRolePoliciesUsingPrefix indicates an expected call of IsUpgradedNeededForOperatorRolePoliciesUsingPrefix.

func (*MockClientMockRecorder) IsUserRole added in v1.2.36

func (mr *MockClientMockRecorder) IsUserRole(roleName any) *gomock.Call

IsUserRole indicates an expected call of IsUserRole.

func (*MockClientMockRecorder) ListAccountRoles added in v1.2.36

func (mr *MockClientMockRecorder) ListAccountRoles(version any) *gomock.Call

ListAccountRoles indicates an expected call of ListAccountRoles.

func (*MockClientMockRecorder) ListAttachedRolePolicies added in v1.2.40

func (mr *MockClientMockRecorder) ListAttachedRolePolicies(roleName any) *gomock.Call

ListAttachedRolePolicies indicates an expected call of ListAttachedRolePolicies.

func (*MockClientMockRecorder) ListOCMRoles added in v1.2.36

func (mr *MockClientMockRecorder) ListOCMRoles() *gomock.Call

ListOCMRoles indicates an expected call of ListOCMRoles.

func (*MockClientMockRecorder) ListOidcProviders added in v1.2.36

func (mr *MockClientMockRecorder) ListOidcProviders(targetClusterId, config any) *gomock.Call

ListOidcProviders indicates an expected call of ListOidcProviders.

func (*MockClientMockRecorder) ListOperatorRoles added in v1.2.36

func (mr *MockClientMockRecorder) ListOperatorRoles(version, clusterID any) *gomock.Call

ListOperatorRoles indicates an expected call of ListOperatorRoles.

func (*MockClientMockRecorder) ListSubnets added in v1.2.36

func (mr *MockClientMockRecorder) ListSubnets(subnetIds ...any) *gomock.Call

ListSubnets indicates an expected call of ListSubnets.

func (*MockClientMockRecorder) ListUserRoles added in v1.2.36

func (mr *MockClientMockRecorder) ListUserRoles() *gomock.Call

ListUserRoles indicates an expected call of ListUserRoles.

func (*MockClientMockRecorder) PutPublicReadObjectInS3Bucket added in v1.2.36

func (mr *MockClientMockRecorder) PutPublicReadObjectInS3Bucket(bucketName, body, key any) *gomock.Call

PutPublicReadObjectInS3Bucket indicates an expected call of PutPublicReadObjectInS3Bucket.

func (*MockClientMockRecorder) PutRolePolicy added in v1.2.36

func (mr *MockClientMockRecorder) PutRolePolicy(roleName, policyName, policy any) *gomock.Call

PutRolePolicy indicates an expected call of PutRolePolicy.

func (*MockClientMockRecorder) TagUserRegion added in v1.2.36

func (mr *MockClientMockRecorder) TagUserRegion(username, region any) *gomock.Call

TagUserRegion indicates an expected call of TagUserRegion.

func (*MockClientMockRecorder) UpdateTag added in v1.2.36

func (mr *MockClientMockRecorder) UpdateTag(roleName, defaultPolicyVersion any) *gomock.Call

UpdateTag indicates an expected call of UpdateTag.

func (*MockClientMockRecorder) ValidateAccountRoleVersionCompatibility added in v1.2.36

func (mr *MockClientMockRecorder) ValidateAccountRoleVersionCompatibility(roleName, roleType, minVersion any) *gomock.Call

ValidateAccountRoleVersionCompatibility indicates an expected call of ValidateAccountRoleVersionCompatibility.

func (*MockClientMockRecorder) ValidateAccountRolesManagedPolicies added in v1.2.36

func (mr *MockClientMockRecorder) ValidateAccountRolesManagedPolicies(prefix, policies any) *gomock.Call

ValidateAccountRolesManagedPolicies indicates an expected call of ValidateAccountRolesManagedPolicies.

func (*MockClientMockRecorder) ValidateCredentials added in v1.2.36

func (mr *MockClientMockRecorder) ValidateCredentials() *gomock.Call

ValidateCredentials indicates an expected call of ValidateCredentials.

func (*MockClientMockRecorder) ValidateHCPAccountRolesManagedPolicies added in v1.2.36

func (mr *MockClientMockRecorder) ValidateHCPAccountRolesManagedPolicies(prefix, policies any) *gomock.Call

ValidateHCPAccountRolesManagedPolicies indicates an expected call of ValidateHCPAccountRolesManagedPolicies.

func (*MockClientMockRecorder) ValidateOperatorRolesManagedPolicies added in v1.2.36

func (mr *MockClientMockRecorder) ValidateOperatorRolesManagedPolicies(cluster, operatorRoles, policies, hostedCPPolicies any) *gomock.Call

ValidateOperatorRolesManagedPolicies indicates an expected call of ValidateOperatorRolesManagedPolicies.

func (*MockClientMockRecorder) ValidateQuota added in v1.2.36

func (mr *MockClientMockRecorder) ValidateQuota() *gomock.Call

ValidateQuota indicates an expected call of ValidateQuota.

func (*MockClientMockRecorder) ValidateRoleARNAccountIDMatchCallerAccountID added in v1.2.36

func (mr *MockClientMockRecorder) ValidateRoleARNAccountIDMatchCallerAccountID(roleARN any) *gomock.Call

ValidateRoleARNAccountIDMatchCallerAccountID indicates an expected call of ValidateRoleARNAccountIDMatchCallerAccountID.

func (*MockClientMockRecorder) ValidateRoleNameAvailable added in v1.2.36

func (mr *MockClientMockRecorder) ValidateRoleNameAvailable(name any) *gomock.Call

ValidateRoleNameAvailable indicates an expected call of ValidateRoleNameAvailable.

func (*MockClientMockRecorder) ValidateSCP added in v1.2.36

func (mr *MockClientMockRecorder) ValidateSCP(arg0, arg1 any) *gomock.Call

ValidateSCP indicates an expected call of ValidateSCP.

type OidcProviderOutput added in v1.2.23

type OidcProviderOutput struct {
	Arn       string
	ClusterId string
}

type Operator added in v1.1.0

type Operator struct {
	Name                string
	Namespace           string
	RoleARN             string
	ServiceAccountNames []string
	MinVersion          string
}

type OperatorRoleDetail added in v1.2.26

type OperatorRoleDetail struct {
	OperatorName      string   `json:"Name,omitempty"`
	OperatorNamespace string   `json:"Namespace,omitempty"`
	Version           string   `json:"Version,omitempty"`
	RoleName          string   `json:"RoleName,omitempty"`
	RoleARN           string   `json:"RoleARN,omitempty"`
	ClusterID         string   `json:"ClusterID,omitempty"`
	AttachedPolicies  []string `json:"Policy,omitempty"`
	ManagedPolicy     bool     `json:"ManagedPolicy,omitempty"`
}

type Policy added in v1.1.3

type Policy struct {
	PolicyName     string         `json:"PolicyName,omitempty"`
	PolicyDocument PolicyDocument `json:"PolicyDocument,omitempty"`
}

type PolicyDetail added in v1.1.5

type PolicyDetail struct {
	PolicyName string
	PolicyArn  string
	PolicyType string
}

func FindAllAttachedPolicyDetails added in v1.2.9

func FindAllAttachedPolicyDetails(policiesDetails []PolicyDetail) []PolicyDetail

func FindFirstAttachedPolicy added in v1.2.9

func FindFirstAttachedPolicy(policiesDetails []PolicyDetail) PolicyDetail

type PolicyDocument

type PolicyDocument struct {
	ID string `json:"Id,omitempty"`
	// Specify the version of the policy language that you want to use.
	// As a best practice, use the latest 2012-10-17 version.
	Version string `json:"Version,omitempty"`
	// Use this main policy element as a container for the following elements.
	// You can include more than one statement in a policy.
	Statement []PolicyStatement `json:"Statement"`
}

PolicyDocument models an AWS IAM policy document

func NewPolicyDocument added in v1.2.3

func NewPolicyDocument() *PolicyDocument

func ParsePolicyDocument added in v1.2.3

func ParsePolicyDocument(doc string) (*PolicyDocument, error)

func (*PolicyDocument) AllowActions added in v1.2.3

func (p *PolicyDocument) AllowActions(actions ...string)

AllowActions adds a statement to a policy allowing the provided actions for all Resources. If you need a more compilex statement it is better to construct it manually.

func (*PolicyDocument) GetAllowedActions added in v1.2.3

func (p *PolicyDocument) GetAllowedActions() []string

func (*PolicyDocument) IsActionAllowed added in v1.2.3

func (p *PolicyDocument) IsActionAllowed(wanted string) bool

IsActionAllowed checks if any of the statements in the document allows the wanted action. It does not take into account Resource or Principal constraints on the action.

func (PolicyDocument) String added in v1.2.3

func (p PolicyDocument) String() string

type PolicyStatement

type PolicyStatement struct {
	// Include an optional statement ID to differentiate between your statements.
	Sid string `json:"Sid,omitempty"`
	// Use `Allow` or `Deny` to indicate whether the policy allows or denies access.
	Effect string `json:"Effect"`
	// If you create a resource-based policy, you must indicate the account, user, role, or
	// federated user to which you would like to allow or deny access. If you are creating an
	// IAM permissions policy to attach to a user or role, you cannot include this element.
	// The principal is implied as that user or role.
	Principal *PolicyStatementPrincipal `json:"Principal,omitempty"`
	// Include a list of actions that the policy allows or denies.
	// (i.e. ec2:StartInstances, iam:ChangePassword)
	Action interface{} `json:"Action,omitempty"`
	// If you create an IAM permissions policy, you must specify a list of resources to which
	// the actions apply. If you create a resource-based policy, this element is optional. If
	// you do not include this element, then the resource to which the action applies is the
	// resource to which the policy is attached.
	Resource interface{} `json:"Resource,omitempty"`
}

PolicyStatement models an AWS policy statement entry.

func (*PolicyStatement) GetAWSPrincipals added in v1.2.3

func (p *PolicyStatement) GetAWSPrincipals() []string

type PolicyStatementPrincipal added in v1.1.0

type PolicyStatementPrincipal struct {
	// A service principal is an identifier that is used to grant permissions to a service.
	// The identifier for a service principal includes the service name, and is usually in the
	// following format: service-name.amazonaws.com
	Service []string `json:"Service,omitempty"`
	// You can specify an individual IAM role ARN (or array of role ARNs) as the principal.
	// In IAM roles, the Principal element in the role's trust policy specifies who can assume the role.
	// When you specify more than one principal in the element, you grant permissions to each principal.
	AWS interface{} `json:"AWS,omitempty"`
	// A federated principal uses a web identity token or SAML federation
	Federated string `json:"Federated,omitempty"`
}

type Role added in v1.1.3

type Role struct {
	RoleType      string `json:"RoleType,omitempty"`
	Version       string `json:"Version,omitempty"`
	RolePrefix    string `json:"RolePrefix,omitempty"`
	RoleName      string `json:"RoleName,omitempty"`
	RoleARN       string `json:"RoleARN,omitempty"`
	Linked        string `json:"Linked,omitempty"`
	Admin         string `json:"Admin,omitempty"`
	ManagedPolicy bool   `json:"ManagedPolicy,omitempty"`
	ClusterID     string `json:"ClusterID,omitempty"`
}

type SimulateParams

type SimulateParams struct {
	Region string
}

SimulateParams captures any additional details that should be used when simulating permissions.

type Subnet added in v1.2.28

type Subnet struct {
	AvailabilityZone string
	OwnerID          string
}

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL