credentials

package

v1.0.10 Latest Latest Go to latest Published: Aug 6, 2025 License: Apache-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aws/eks-hybrid

Links

Documentation ¶

Index ¶

func IsIAMRolesAnywhere(name creds.CredentialProvider) bool
func IsSsm(name creds.CredentialProvider) bool
type Certificate
type IamRolesAnywhereProvider
type Infrastructure
- func Setup(ctx context.Context, logger logr.Logger, config aws.Config, ...) (*Infrastructure, error)
- func (p *Infrastructure) Teardown(ctx context.Context) error
type SsmProvider
type Stack
- func (s *Stack) Delete(ctx context.Context, logger logr.Logger, output *StackOutput) error
- func (s *Stack) Deploy(ctx context.Context, logger logr.Logger) (*StackOutput, error)
type StackOutput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsIAMRolesAnywhere ¶ added in v1.0.2

func IsIAMRolesAnywhere(name creds.CredentialProvider) bool

IsIAMRolesAnywhere returns true if the given CredentialProvider is IAM Roles Anywhere.

func IsSsm ¶ added in v1.0.4

func IsSsm(name creds.CredentialProvider) bool

IsSsm returns true if the given CredentialProvider is SSM.

Types ¶

type Certificate ¶

type Certificate struct {
	Cert    *x509.Certificate `json:"cert"`
	CertPEM []byte            `json:"certPEM"`
	Key     *ecdsa.PrivateKey `json:"key"`
	KeyPEM  []byte            `json:"keyPEM"`
}

func CreateCA ¶

func CreateCA() (*Certificate, error)

func CreateCertificateForNode ¶

func CreateCertificateForNode(ca *x509.Certificate, caPrivKey any, nodeName string) (*Certificate, error)

CreateCertificateForNode creates a new certificate with the nodeName as the Subject's CN.

func ParseCertificate ¶

func ParseCertificate(certPEM, keyPEM []byte) (*Certificate, error)

type IamRolesAnywhereProvider ¶

type IamRolesAnywhereProvider struct {
	TrustAnchorARN string
	ProfileARN     string
	RoleARN        string
	CA             *Certificate
}

func (*IamRolesAnywhereProvider) FilesForNode ¶

func (i *IamRolesAnywhereProvider) FilesForNode(node e2e.NodeSpec) ([]e2e.File, error)

func (*IamRolesAnywhereProvider) Name ¶

func (i *IamRolesAnywhereProvider) Name() creds.CredentialProvider

func (*IamRolesAnywhereProvider) NodeadmConfig ¶

func (i *IamRolesAnywhereProvider) NodeadmConfig(ctx context.Context, node e2e.NodeSpec) (*api.NodeConfig, error)

func (*IamRolesAnywhereProvider) VerifyUninstall ¶

func (i *IamRolesAnywhereProvider) VerifyUninstall(ctx context.Context, instanceId string) error

type Infrastructure ¶

type Infrastructure struct {
	StackOutput
	RolesAnywhereCA *Certificate
	// contains filtered or unexported fields
}

Infrastructure represents the necessary infrastructure for credentials providers to be used by nodeadm.

func Setup ¶

func Setup(ctx context.Context, logger logr.Logger, config aws.Config, clusterName, endpoint string) (*Infrastructure, error)

Setup creates the necessary infrastructure for credentials providers to be used by nodeadm. Endpoint is used by EKS client and will use default endpoint if an empty string is passed.

func (*Infrastructure) Teardown ¶

func (p *Infrastructure) Teardown(ctx context.Context) error

type SsmProvider ¶

type SsmProvider struct {
	SSM  *ssm.Client
	Role string
}

func (*SsmProvider) FilesForNode ¶

func (s *SsmProvider) FilesForNode(_ e2e.NodeSpec) ([]e2e.File, error)

func (*SsmProvider) Name ¶

func (s *SsmProvider) Name() creds.CredentialProvider

func (*SsmProvider) NodeadmConfig ¶

func (s *SsmProvider) NodeadmConfig(ctx context.Context, node e2e.NodeSpec) (*api.NodeConfig, error)

func (*SsmProvider) VerifyUninstall ¶

func (s *SsmProvider) VerifyUninstall(ctx context.Context, instanceId string) error

type Stack ¶

type Stack struct {
	ClusterName            string
	Name                   string
	ClusterArn             string
	CFN                    *cloudformation.Client
	IAM                    *iam.Client
	EKS                    *eks.Client
	IAMRolesAnywhereCACert []byte
}

func (*Stack) Delete ¶

func (s *Stack) Delete(ctx context.Context, logger logr.Logger, output *StackOutput) error

func (*Stack) Deploy ¶

func (s *Stack) Deploy(ctx context.Context, logger logr.Logger) (*StackOutput, error)

type StackOutput ¶

type StackOutput struct {
	EC2Role            string `json:"EC2Role"`
	InstanceProfileARN string `json:"instanceProfileARN"`
	SSMNodeRoleName    string `json:"ssmNodeRoleName"`
	SSMNodeRoleARN     string `json:"ssmNodeRoleARN"`
	IRANodeRoleName    string `json:"iraNodeRoleName"`
	IRANodeRoleARN     string `json:"iraNodeRoleARN"`
	IRATrustAnchorARN  string `json:"iraTrustAnchorARN"`
	IRAProfileARN      string `json:"iraProfileARN"`
	ManagedNodeRoleArn string `json:"managedNodeRoleArn"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL