iam

package

v2.5.2 Latest Latest Go to latest Published: Jun 14, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes-sigs/cluster-api-provider-aws

Links

Open Source Insights

Documentation ¶

Overview ¶

Package iam provides a service for managing IAM roles and policies.

Index ¶

Constants
func ControlPlaneTrustRelationship(enableFargate bool) *iamv1.PolicyDocument
func FargateTrustRelationship() *iamv1.PolicyDocument
func NodegroupTrustRelationship() *iamv1.PolicyDocument
func RoleTags(key string, additionalTags infrav1.Tags) []*iam.Tag
type IAMService

Constants ¶

View Source

const (
	// EKSFargateService is the service to trust for fargate pod execution roles.
	EKSFargateService = "eks-fargate-pods.amazonaws.com"
)

Variables ¶

This section is empty.

Functions ¶

func ControlPlaneTrustRelationship ¶

func ControlPlaneTrustRelationship(enableFargate bool) *iamv1.PolicyDocument

ControlPlaneTrustRelationship will generate a ControlPlane PolicyDocument.

func FargateTrustRelationship ¶

func FargateTrustRelationship() *iamv1.PolicyDocument

FargateTrustRelationship will generate a Fargate PolicyDocument.

func NodegroupTrustRelationship ¶

func NodegroupTrustRelationship() *iamv1.PolicyDocument

NodegroupTrustRelationship will generate a Nodegroup PolicyDocument.

func RoleTags ¶

func RoleTags(key string, additionalTags infrav1.Tags) []*iam.Tag

RoleTags returns the tags for the given role.

Types ¶

type IAMService ¶

type IAMService struct {
	logger.Wrapper
	IAMClient iamiface.IAMAPI
	Client    *http.Client
}

IAMService defines the specs for an IAM service.

func (*IAMService) CreateOIDCProvider ¶

func (s *IAMService) CreateOIDCProvider(cluster *eks.Cluster) (string, error)

CreateOIDCProvider will create an OIDC provider.

func (*IAMService) CreateRole ¶

func (s *IAMService) CreateRole(
	roleName string,
	key string,
	trustRelationship *iamv1.PolicyDocument,
	additionalTags infrav1.Tags,
) (*iam.Role, error)

CreateRole will create a role from the IAMService.

func (*IAMService) DeleteOIDCProvider ¶

func (s *IAMService) DeleteOIDCProvider(arn *string) error

DeleteOIDCProvider will delete an OIDC provider.

func (*IAMService) DeleteRole ¶

func (s *IAMService) DeleteRole(name string) error

DeleteRole will delete a role from the IAMService.

func (*IAMService) EnsurePoliciesAttached ¶

func (s *IAMService) EnsurePoliciesAttached(role *iam.Role, policies []*string) (bool, error)

EnsurePoliciesAttached will ensure the IAMService has policies attached.

func (*IAMService) EnsureTagsAndPolicy ¶

func (s *IAMService) EnsureTagsAndPolicy(
	role *iam.Role,
	key string,
	trustRelationship *iamv1.PolicyDocument,
	additionalTags infrav1.Tags,
) (bool, error)

EnsureTagsAndPolicy will ensure any tags and policies against the IAMService.

func (*IAMService) FindAndVerifyOIDCProvider ¶

func (s *IAMService) FindAndVerifyOIDCProvider(cluster *eks.Cluster) (string, error)

FindAndVerifyOIDCProvider will try to find an OIDC provider. It will return an error if the found provider does not match the cluster spec.

func (*IAMService) GetIAMRole ¶

func (s *IAMService) GetIAMRole(name string) (*iam.Role, error)

GetIAMRole will return the IAM role for the IAMService.

func (*IAMService) IsUnmanaged ¶

func (s *IAMService) IsUnmanaged(role *iam.Role, key string) bool

IsUnmanaged will check if a given role and tag are unmanaged against the IAMService.

Source Files ¶

View all Source files

iam.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL