iam

package
v0.62.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2021 License: Apache-2.0 Imports: 11 Imported by: 13

Documentation

Index

Constants

View Source 
const (
	// ResourceTypeRole is the resource type of the role ARN
	ResourceTypeRole = "role"
	// ResourceTypeUser is the resource type of the user ARN
	ResourceTypeUser = "user"
)

Variables

View Source 
var (
	// ErrNeitherUserNorRole is the error returned when an identity is missing both UserARN
	// and RoleARN.
	ErrNeitherUserNorRole = errors.New("arn is neither user nor role")

	// ErrNoKubernetesIdentity is the error returned when an identity has neither a Kubernetes
	// username nor a list of groups.
	ErrNoKubernetesIdentity = errors.New("neither username nor group are set for iam identity")
)

Functions

func ImportInstanceRoleFromProfileARN 

func ImportInstanceRoleFromProfileARN(iamAPI iamiface.IAMAPI, ng *api.NodeGroup, profileARN string) error

ImportInstanceRoleFromProfileARN fetches first role ARN from instance profile

func UseFromNodeGroup 

func UseFromNodeGroup(stack *cfn.Stack, ng *api.NodeGroup) error

UseFromNodeGroup retrieves the IAM configuration from an existing nodegroup based on stack outputs

Types

type ARN 

type ARN struct {
	arn.ARN
}

ARN implements the pflag.Value interface for aws-sdk-go/aws/arn.ARN

func Parse 

func Parse(s string) (ARN, error)

Parse wraps the aws-sdk-go/aws/arn.Parse function and instead returns a iam.ARN

func (*ARN) IsRole 

func (a *ARN) IsRole() bool

IsRole returns whether the arn represents a IAM role or not

func (*ARN) IsUser 

func (a *ARN) IsUser() bool

IsUser returns whether the arn represents a IAM user or not

func (*ARN) ResourceType 

func (a *ARN) ResourceType() string

ResourceType returns the type of the resource specified in the ARN. Typically, in the case of IAM, it is a role or a user

type Identity 

type Identity interface {
	ARN() string
	Type() string
	Username() string
	Groups() []string
}

Identity represents an IAM identity and its corresponding Kubernetes identity

func NewIdentity 

func NewIdentity(arn string, username string, groups []string) (Identity, error)

NewIdentity determines into which field the given arn goes and returns the new identity alongside any error resulting for checking its validity.

type KubernetesIdentity 

type KubernetesIdentity struct {
	KubernetesUsername string   `json:"username,omitempty"`
	KubernetesGroups   []string `json:"groups,omitempty"`
}

KubernetesIdentity represents a kubernetes identity to be used in iam mappings

func (KubernetesIdentity) Groups 

func (k KubernetesIdentity) Groups() []string

Groups returns the Kubernetes groups

func (KubernetesIdentity) Username 

func (k KubernetesIdentity) Username() string

Username returns the Kubernetes username

type RoleIdentity 

type RoleIdentity struct {
	RoleARN string `json:"rolearn,omitempty"`
	KubernetesIdentity
}

RoleIdentity represents a mapping from an IAM role to a kubernetes identity

func (RoleIdentity) ARN 

func (r RoleIdentity) ARN() string

ARN returns the ARN of the iam mapping

func (RoleIdentity) Type 

func (r RoleIdentity) Type() string

Type returns the resource type of the iam mapping

type UserIdentity 

type UserIdentity struct {
	UserARN string `json:"userarn,omitempty"`
	KubernetesIdentity
}

UserIdentity represents a mapping from an IAM user to a kubernetes identity

func (UserIdentity) ARN 

func (u UserIdentity) ARN() string

ARN returns the ARN of the iam mapping

func (UserIdentity) Type 

func (u UserIdentity) Type() string

Type returns the resource type of the iam mapping

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳