iam

package

v0.0.0-...-7a4df5e Latest Latest Go to latest Published: Dec 1, 2017 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stepin/kops

Documentation ¶

Index ¶

Constants
type Condition
type Policy
- func (p *Policy) AsJSON() (string, error)
type PolicyBuilder
type PolicyResource
- func (b *PolicyResource) GetDependencies(tasks map[string]fi.Task) []fi.Task
- func (b *PolicyResource) Open() (io.Reader, error)
type SID
type Statement
- func (l *Statement) Equal(r *Statement) bool
type StatementEffect

Constants ¶

View Source

const PolicyDefaultVersion = "2012-10-17"

PolicyDefaultVersion is the default version included in all policy documents

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Condition ¶

type Condition map[string]interface{}

Condition is a map of Conditions to be evaluated for a given IAM Statement

type Policy ¶

type Policy struct {
	Version   string
	Statement []*Statement
}

Policy Struct is a collection of fields that form a valid AWS policy document

func (*Policy) AsJSON ¶

func (p *Policy) AsJSON() (string, error)

AsJSON converts the policy document to JSON format (parsable by AWS)

type PolicyBuilder ¶

type PolicyBuilder struct {
	Cluster      *kops.Cluster
	HostedZoneID string
	KMSKeys      []string
	Region       string
	ResourceARN  *string
	Role         kops.InstanceGroupRole
}

PolicyBuilder struct defines all valid fields to be used when building the AWS IAM policy document for a given instance group role.

func (*PolicyBuilder) AddS3Permissions ¶

func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error)

AddS3Permissions updates an IAM Policy with statements granting tailored access to S3 assets, depending on the instance group role

func (*PolicyBuilder) BuildAWSPolicy ¶

func (b *PolicyBuilder) BuildAWSPolicy() (*Policy, error)

BuildAWSPolicy builds a set of IAM policy statements based on the instance group type and IAM Legacy flag within the Cluster Spec

func (*PolicyBuilder) BuildAWSPolicyBastion ¶

func (b *PolicyBuilder) BuildAWSPolicyBastion() (*Policy, error)

BuildAWSPolicyBastion generates a custom policy for a bastion host.

func (*PolicyBuilder) BuildAWSPolicyMaster ¶

func (b *PolicyBuilder) BuildAWSPolicyMaster() (*Policy, error)

BuildAWSPolicyMaster generates a custom policy for a Kubernetes master.

func (*PolicyBuilder) BuildAWSPolicyNode ¶

func (b *PolicyBuilder) BuildAWSPolicyNode() (*Policy, error)

BuildAWSPolicyNode generates a custom policy for a Kubernetes node.

func (*PolicyBuilder) IAMPrefix ¶

func (b *PolicyBuilder) IAMPrefix() string

IAMPrefix returns the prefix for AWS ARNs in the current region, for use with IAM it is arn:aws everywhere but in cn-north and us-gov-west-1

type PolicyResource ¶

type PolicyResource struct {
	Builder *PolicyBuilder
	DNSZone *awstasks.DNSZone
}

PolicyResource defines the PolicyBuilder and DNSZone to use when building the IAM policy document for a given instance group role

func (*PolicyResource) GetDependencies ¶

func (b *PolicyResource) GetDependencies(tasks map[string]fi.Task) []fi.Task

GetDependencies adds the DNSZone task to the list of dependencies if set

func (*PolicyResource) Open ¶

func (b *PolicyResource) Open() (io.Reader, error)

Open produces the AWS IAM policy for the given role

type SID ¶

type SID string

SID (Statement ID) is an optional identifier for the policy statement

type Statement ¶

type Statement struct {
	Sid       SID
	Effect    StatementEffect
	Action    stringorslice.StringOrSlice
	Resource  stringorslice.StringOrSlice
	Condition Condition `json:",omitempty"`
}

Statement is an AWS IAM Policy Statement Object: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#Statement

func (*Statement) Equal ¶

func (l *Statement) Equal(r *Statement) bool

Equal compares two IAM Statements and returns a bool TODO: Extend to support Condition Keys

type StatementEffect ¶

type StatementEffect string

StatementEffect is required and specifies what type of access the statement results in

const StatementEffectAllow StatementEffect = "Allow"

StatementEffectAllow allows access for the given resources in the statement (based on conditions)

const StatementEffectDeny StatementEffect = "Deny"

StatementEffectDeny allows access for the given resources in the statement (based on conditions)

Source Files ¶

View all Source files

iam_builder.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL