iam

package
v0.151.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 28, 2023 License: Apache-2.0 Imports: 13 Imported by: 12

Documentation

Index

Constants

View Source
const (
	// ResourceTypeRole is the resource type of the role ARN
	ResourceTypeRole = "role"
	// ResourceTypeUser is the resource type of the user ARN
	ResourceTypeUser = "user"
)
View Source
const (
	// ResourceTypeAccount is the resource type of Accounts
	ResourceTypeAccount = "account"
)

Variables

View Source
var (
	// ErrNeitherUserNorRole is the error returned when an identity is missing both UserARN
	// and RoleARN.
	ErrNeitherUserNorRole = errors.New("arn is neither user nor role")

	// ErrNoKubernetesIdentity is the error returned when an identity has neither a Kubernetes
	// username nor a list of groups.
	ErrNoKubernetesIdentity = errors.New("neither username nor group are set for iam identity")
)

Functions

func CompareIdentity added in v0.93.0

func CompareIdentity(a, b Identity) bool

CompareIdentity takes 2 Identity values and checks to see if they are identitcal

func ImportInstanceRoleFromProfileARN

func ImportInstanceRoleFromProfileARN(ctx context.Context, iamAPI awsapi.IAM, ng *api.NodeGroup, profileARN string) error

ImportInstanceRoleFromProfileARN fetches first role ARN from instance profile.

func UseFromNodeGroup

func UseFromNodeGroup(stack *types.Stack, ng *api.NodeGroup) error

UseFromNodeGroup retrieves the IAM configuration from an existing nodegroup based on stack outputs

Types

type ARN

type ARN struct {
	arn.ARN
}

ARN implements the pflag.Value interface for aws-sdk-go/aws/arn.ARN

func Parse

func Parse(s string) (ARN, error)

Parse wraps the aws-sdk-go/aws/arn.Parse function and instead returns a iam.ARN

func (*ARN) IsRole

func (a *ARN) IsRole() bool

IsRole returns whether the arn represents a IAM role or not

func (*ARN) IsUser

func (a *ARN) IsUser() bool

IsUser returns whether the arn represents a IAM user or not

func (*ARN) ResourceType

func (a *ARN) ResourceType() string

ResourceType returns the type of the resource specified in the ARN. Typically, in the case of IAM, it is a role or a user

type AccountIdentity added in v0.71.0

type AccountIdentity struct {
	KubernetesAccount string `json:"account,omitempty"`
	KubernetesIdentity
}

AccountIdentity represents a mapping from an IAM role to a kubernetes identity

func (AccountIdentity) ARN added in v0.71.0

func (a AccountIdentity) ARN() string

ARN returns the ARN of the iam mapping

func (AccountIdentity) Account added in v0.71.0

func (a AccountIdentity) Account() string

Account returns the Account of the iam mapping

func (AccountIdentity) Type added in v0.71.0

func (a AccountIdentity) Type() string

Type returns the resource type of the iam mapping

type Identity

type Identity interface {
	ARN() string
	Type() string
	Username() string
	Groups() []string
	Account() string
}

Identity represents an IAM identity and its corresponding Kubernetes identity

func NewIdentity

func NewIdentity(arn string, username string, groups []string) (Identity, error)

NewIdentity determines into which field the given arn goes and returns the new identity alongside any error resulting for checking its validity.

type KubernetesIdentity

type KubernetesIdentity struct {
	KubernetesUsername string   `json:"username,omitempty"`
	KubernetesGroups   []string `json:"groups,omitempty"`
}

KubernetesIdentity represents a kubernetes identity to be used in iam mappings

func (KubernetesIdentity) Groups

func (k KubernetesIdentity) Groups() []string

Groups returns the Kubernetes groups

func (KubernetesIdentity) Username

func (k KubernetesIdentity) Username() string

Username returns the Kubernetes username

type RoleIdentity

type RoleIdentity struct {
	RoleARN string `json:"rolearn,omitempty"`
	KubernetesIdentity
}

RoleIdentity represents a mapping from an IAM role to a kubernetes identity

func (RoleIdentity) ARN

func (r RoleIdentity) ARN() string

ARN returns the ARN of the iam mapping

func (RoleIdentity) Account added in v0.71.0

func (r RoleIdentity) Account() string

Account returns the Account of the iam mapping

func (RoleIdentity) Type

func (r RoleIdentity) Type() string

Type returns the resource type of the iam mapping

type UserIdentity

type UserIdentity struct {
	UserARN string `json:"userarn,omitempty"`
	KubernetesIdentity
}

UserIdentity represents a mapping from an IAM user to a kubernetes identity

func (UserIdentity) ARN

func (u UserIdentity) ARN() string

ARN returns the ARN of the iam mapping

func (UserIdentity) Account added in v0.71.0

func (u UserIdentity) Account() string

Account returns the Account of the iam mapping

func (UserIdentity) Type

func (u UserIdentity) Type() string

Type returns the resource type of the iam mapping

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL