Documentation ¶
Index ¶
- Constants
- Variables
- func CompareIdentity(a, b Identity) bool
- func ImportInstanceRoleFromProfileARN(ctx context.Context, iamAPI awsapi.IAM, ng *api.NodeGroup, profileARN string) error
- func UseFromNodeGroup(stack *types.Stack, ng *api.NodeGroup) error
- type ARN
- type AccountIdentity
- type Identity
- type KubernetesIdentity
- type RoleIdentity
- type UserIdentity
Constants ¶
const ( // ResourceTypeRole is the resource type of the role ARN ResourceTypeRole = "role" // ResourceTypeUser is the resource type of the user ARN ResourceTypeUser = "user" )
const (
// ResourceTypeAccount is the resource type of Accounts
ResourceTypeAccount = "account"
)
Variables ¶
var ( // ErrNeitherUserNorRole is the error returned when an identity is missing both UserARN // and RoleARN. ErrNeitherUserNorRole = errors.New("arn is neither user nor role") // ErrNoKubernetesIdentity is the error returned when an identity has neither a Kubernetes // username nor a list of groups. ErrNoKubernetesIdentity = errors.New("neither username nor group are set for iam identity") )
Functions ¶
func CompareIdentity ¶
CompareIdentity takes 2 Identity values and checks to see if they are identitcal
Types ¶
type ARN ¶
ARN implements the pflag.Value interface for aws-sdk-go/aws/arn.ARN
func (*ARN) ResourceType ¶
ResourceType returns the type of the resource specified in the ARN. Typically, in the case of IAM, it is a role or a user
type AccountIdentity ¶
type AccountIdentity struct { KubernetesAccount string `json:"account,omitempty"` KubernetesIdentity }
AccountIdentity represents a mapping from an IAM role to a kubernetes identity
func (AccountIdentity) ARN ¶
func (a AccountIdentity) ARN() string
ARN returns the ARN of the iam mapping
func (AccountIdentity) Account ¶
func (a AccountIdentity) Account() string
Account returns the Account of the iam mapping
func (AccountIdentity) Type ¶
func (a AccountIdentity) Type() string
Type returns the resource type of the iam mapping
type Identity ¶
type Identity interface { ARN() string Type() string Username() string Groups() []string Account() string }
Identity represents an IAM identity and its corresponding Kubernetes identity
type KubernetesIdentity ¶
type KubernetesIdentity struct { KubernetesUsername string `json:"username,omitempty"` KubernetesGroups []string `json:"groups,omitempty"` }
KubernetesIdentity represents a kubernetes identity to be used in iam mappings
func (KubernetesIdentity) Groups ¶
func (k KubernetesIdentity) Groups() []string
Groups returns the Kubernetes groups
func (KubernetesIdentity) Username ¶
func (k KubernetesIdentity) Username() string
Username returns the Kubernetes username
type RoleIdentity ¶
type RoleIdentity struct { RoleARN string `json:"rolearn,omitempty"` KubernetesIdentity }
RoleIdentity represents a mapping from an IAM role to a kubernetes identity
func (RoleIdentity) Account ¶
func (r RoleIdentity) Account() string
Account returns the Account of the iam mapping
func (RoleIdentity) Type ¶
func (r RoleIdentity) Type() string
Type returns the resource type of the iam mapping
type UserIdentity ¶
type UserIdentity struct { UserARN string `json:"userarn,omitempty"` KubernetesIdentity }
UserIdentity represents a mapping from an IAM user to a kubernetes identity
func (UserIdentity) Account ¶
func (u UserIdentity) Account() string
Account returns the Account of the iam mapping
func (UserIdentity) Type ¶
func (u UserIdentity) Type() string
Type returns the resource type of the iam mapping