clients

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 29, 2024 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	URLConfigTypeStatic  = "Static"
	URLConfigTypeDynamic = "Dynamic"
)

Endpoint URL configuration types.

View Source 
const (
	// DefaultSection for INI files.
	DefaultSection = ini.DefaultSection
)
View Source 
const GlobalRegion = "aws-global"

GlobalRegion is the region name used for AWS services that do not have a notion of region.

Variables

View Source 
var GlobalCallerIdentityCache = NewCallerIdentityCache()

GlobalCallerIdentityCache is a global cache to be used by all controllers.

Functions

func AWSGetCallerIdentity 

func AWSGetCallerIdentity(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)

AWSGetCallerIdentity makes sends a request to AWS to get the caller identity.

func CredentialsIDSecret 

func CredentialsIDSecret(data []byte, profile string) (aws.Credentials, error)

CredentialsIDSecret retrieves AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the data which contains aws credentials under given profile Example: [default] aws_access_key_id = <YOUR_ACCESS_KEY_ID> aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>

func GetAWSConfigWithTracking added in v1.2.0 

func GetAWSConfigWithTracking(ctx context.Context, c client.Client, mg resource.Managed) (*aws.Config, error)

GetAWSConfigWithTracking obtains the provider config referenced by the specified managed resource and produces a config that can be used to authenticate to AWS and tracks the ProviderConfigUsage. Useful for obtaining AWS config for non-upjet based MR controllers.

func GetAWSConfigWithoutTracking added in v1.2.0 

func GetAWSConfigWithoutTracking(ctx context.Context, c client.Client, obj runtime.Object, pc *v1beta1.ProviderConfig) (*aws.Config, error)

GetAWSConfigWithoutTracking produces an AWS config from the specified v1beta1.ProviderConfig that can be used to authenticate to AWS. ProviderConfigUsage is not tracked when this function is called. The caller is responsible for tracking the usage if needed.

func GetAssumeRoleWithWebIdentityConfig 

func GetAssumeRoleWithWebIdentityConfig(ctx context.Context, cfg *aws.Config, webID v1beta1.AssumeRoleWithWebIdentityOptions, tokenFile string) (*aws.Config, error)

GetAssumeRoleWithWebIdentityConfig returns an aws.Config capable of doing AssumeRoleWithWebIdentity.

func GetAssumeRoleWithWebIdentityConfigViaTokenRetriever added in v1.1.0 

func GetAssumeRoleWithWebIdentityConfigViaTokenRetriever(ctx context.Context, cfg *aws.Config, webID v1beta1.AssumeRoleWithWebIdentityOptions, tokenRetriever stscreds.IdentityTokenRetriever) (*aws.Config, error)

GetAssumeRoleWithWebIdentityConfigViaTokenRetriever returns an aws.Config capable of doing AssumeRoleWithWebIdentity using the token obtained from the supplied stscreds.IdentityTokenRetriever.

func GetRoleChainConfig 

func GetRoleChainConfig(ctx context.Context, pcs *v1beta1.ProviderConfigSpec, cfg *aws.Config) (*aws.Config, error)

GetRoleChainConfig returns an aws.Config capable of doing role chaining with AssumeRoleWithWebIdentity & AssumeRoles.

func LateInitializeStringPtr 

func LateInitializeStringPtr(in *string, from *string) *string

LateInitializeStringPtr returns in if it's non-nil, otherwise returns from which is the backup for the cases in is nil.

func SelectTerraformSetup added in v0.32.0 

func SelectTerraformSetup(config *SetupConfig) terraform.SetupFn

func SetAssumeRoleOptions 

func SetAssumeRoleOptions(aro v1beta1.AssumeRoleOptions) func(*stscreds.AssumeRoleOptions)

SetAssumeRoleOptions sets options when Assuming an IAM Role

func SetResolver 

func SetResolver(pc *v1beta1.ProviderConfig, cfg *aws.Config) *aws.Config

SetResolver parses annotations from the managed resource and returns a configuration accordingly.

func SetWebIdentityRoleOptions 

func SetWebIdentityRoleOptions(opts v1beta1.AssumeRoleWithWebIdentityOptions) func(*stscreds.WebIdentityRoleOptions)

SetWebIdentityRoleOptions sets options when exchanging a WebIdentity Token for a Role

func UseDefault added in v0.24.0 

func UseDefault(ctx context.Context, region string) (*aws.Config, error)

UseDefault loads the default AWS config with the specified region.

func UseProviderSecret 

func UseProviderSecret(ctx context.Context, data []byte, profile, region string) (*aws.Config, error)

UseProviderSecret - AWS configuration which can be used to issue requests against AWS API

func UseUpbound added in v0.24.0 

func UseUpbound(ctx context.Context, region string, pcs *v1beta1.ProviderConfigSpec) (*aws.Config, error)

UseUpbound calls sts.AssumeRoleWithWebIdentity using the configuration supplied in ProviderConfig's spec.credentials.assumeRoleWithWebIdentity and the identity supplied by the injected Upbound OIDC token. NOTE(hasheddan): this is the same functionality used for generic web identity token role assumption, but uses fields under Upbound in the ProviderConfig spec and the dedicated Upbound token injection path. This allows for clear separation of intent by users when exercising the functionality, and allows for uniformity across ProviderConfigs from other providers.

func UseWebIdentityToken 

func UseWebIdentityToken(ctx context.Context, region string, pcs *v1beta1.ProviderConfigSpec, kube client.Client) (*aws.Config, error)

UseWebIdentityToken calls sts.AssumeRoleWithWebIdentity using the configuration supplied in ProviderConfig's spec.credentials.assumeRoleWithWebIdentity.

Types

type AWSCredentialsProviderCache added in v1.3.0 

type AWSCredentialsProviderCache struct {
	// contains filtered or unexported fields
}

AWSCredentialsProviderCache holds aws.CredentialsProvider objects in memory so that we don't need to make API calls to AWS in every reconciliation of 

every resource. It has a maximum size that when it's reached, the entry
that has the oldest access time will be removed from the cache,
i.e. FIFO on last access time.

Note that there is no need to invalidate the values in the cache because they never change, so we don't need concurrency-safety to prevent access to an invalidated entry.

func NewAWSCredentialsProviderCache added in v1.3.0 

func NewAWSCredentialsProviderCache(opts ...AWSCredentialsProviderCacheOption) *AWSCredentialsProviderCache

NewAWSCredentialsProviderCache returns a new empty *AWSCredentialsProviderCache with the default GetAWSConfig method.

func (*AWSCredentialsProviderCache) RetrieveCredentials added in v1.3.0 

func (c *AWSCredentialsProviderCache) RetrieveCredentials(ctx context.Context, pc *v1beta1.ProviderConfig, region string, credsProvider aws.CredentialsProvider, accountIDFn AccountIDFn) (Credentials, error)

RetrieveCredentials returns a Credentials either from the credential cache. If the authentication scheme is IRSA and the supplied aws.CredentialsProvider implementation is an aws.CredentialsCache, then the retrieved credentials and the account ID are cached for future requests. Otherwise, this function returns the AWS credentials by calling the downstream aws.CredentialsProvider.Retrieve, and for now, does *not* call the given AccountIDFn because in that case, a separate identity cache should be used to retrieve the caller identity.

type AWSCredentialsProviderCacheOption added in v1.3.0 

type AWSCredentialsProviderCacheOption func(cache *AWSCredentialsProviderCache)

AWSCredentialsProviderCacheOption lets you configure a *GlobalAWSCredentialsProviderCache.

func WithCacheLogger added in v1.3.0 

func WithCacheLogger(l logging.Logger) AWSCredentialsProviderCacheOption

WithCacheLogger lets you configure the logger for the cache.

func WithCacheMaxSize added in v1.3.0 

func WithCacheMaxSize(n int) AWSCredentialsProviderCacheOption

WithCacheMaxSize lets you override the default MaxSize for AWS CredentialsProvider cache.

func WithCacheStore added in v1.3.0 

func WithCacheStore(cache map[string]*awsCredentialsProviderCacheEntry) AWSCredentialsProviderCacheOption

WithCacheStore lets you bootstrap AWS CredentialsProvider Cache with your own cache.

type AccountIDFn added in v1.3.0 

type AccountIDFn func(ctx context.Context) (string, error)

AccountIDFn is a function for retrieving the account ID.

type AuthMethod 

type AuthMethod func(context.Context, []byte, string, string) (*aws.Config, error)

AuthMethod is a method of authenticating to the AWS API

type CallerIdentityCache 

type CallerIdentityCache struct {
	// contains filtered or unexported fields
}

CallerIdentityCache holds GetCallerIdentityOutput objects in memory so that we don't need to make API calls to AWS in every reconciliation of every resource. It has a maximum size that when it's reached, the entry that has the oldest access time will be removed from the cache, i.e. FIFO on last access time. Note that there is no need to invalidate the values in the cache because they never change so we don't need concurrency-safety to prevent access to an invalidated entry.

func NewCallerIdentityCache 

func NewCallerIdentityCache(opts ...CallerIdentityCacheOption) *CallerIdentityCache

NewCallerIdentityCache returns a new empty *CallerIdentityCache.

func (*CallerIdentityCache) GetCallerIdentity 

func (c *CallerIdentityCache) GetCallerIdentity(ctx context.Context, cfg aws.Config, creds aws.Credentials) (*sts.GetCallerIdentityOutput, error)

GetCallerIdentity returns the identity of the caller.

type CallerIdentityCacheOption 

type CallerIdentityCacheOption func(*CallerIdentityCache)

CallerIdentityCacheOption lets you configure *CallerIdentityCache.

func WithCache 

func WithCache(cache map[string]*callerIdentityCacheEntry) CallerIdentityCacheOption

WithCache lets you bootstrap with your own cache.

func WithGetCallerIdentityFn 

func WithGetCallerIdentityFn(f GetCallerIdentityFn) CallerIdentityCacheOption

WithGetCallerIdentityFn lets you override the default GetCallerIdentityFn.

func WithMaxSize 

func WithMaxSize(n int) CallerIdentityCacheOption

WithMaxSize lets you override the default MaxSize.

type Credentials added in v1.3.0 

type Credentials struct {
	// contains filtered or unexported fields
}

Credentials holds the aws.Credentials and the associated AWS account ID for these credentials. It's possible that the account ID is not resolved and only the aws.Credentials are available in a successful result.

type GetCallerIdentityFn 

type GetCallerIdentityFn func(ctx context.Context, cfg aws.Config) (*sts.GetCallerIdentityOutput, error)

GetCallerIdentityFn is the function type to call GetCallerIdentity API.

type SetupConfig added in v0.32.0 

type SetupConfig struct {
	TerraformProvider *schema.Provider
	Logger            logging.Logger
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.