aws

package

v0.33.0 Latest Latest Go to latest Published: Nov 18, 2025 License: Apache-2.0 Imports: 21 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/fluxcd/pkg

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func NewCredentialsProvider(ctx context.Context, opts ...auth.Option) aws.CredentialsProvider
func ValidateSTSEndpoint(endpoint string) error
type Credentials
- func (c *Credentials) GetDuration() time.Duration
type Implementation
type Provider

Constants ¶

View Source

const ProviderName = "aws"

ProviderName is the name of the AWS authentication provider.

Variables ¶

This section is empty.

Functions ¶

func NewCredentialsProvider ¶

func NewCredentialsProvider(ctx context.Context, opts ...auth.Option) aws.CredentialsProvider

NewCredentialsProvider creates a new credentials provider for the given options.

func ValidateSTSEndpoint ¶

func ValidateSTSEndpoint(endpoint string) error

ValidateSTSEndpoint checks if the provided STS endpoint is valid.

Global and regional endpoints:

https://docs.aws.amazon.com/general/latest/gr/sts.html

VPC endpoint examples:

https://vpce-002b7cc8966426bc6-njisq19r.sts.us-east-1.vpce.amazonaws.com
https://vpce-002b7cc8966426bc6-njisq19r-us-east-1a.sts.us-east-1.vpce.amazonaws.com

Types ¶

type Credentials ¶ added in v0.21.0

type Credentials struct{ types.Credentials }

Credentials is the AWS token.

func (*Credentials) GetDuration ¶ added in v0.21.0

func (c *Credentials) GetDuration() time.Duration

GetDuration implements auth.Token.

type Implementation ¶

type Implementation interface {
	LoadDefaultConfig(ctx context.Context, optFns ...func(*config.LoadOptions) error) (aws.Config, error)
	AssumeRoleWithWebIdentity(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, options sts.Options) (*sts.AssumeRoleWithWebIdentityOutput, error)
	GetAuthorizationToken(ctx context.Context, cfg aws.Config) (any, error)
	GetPublicAuthorizationToken(ctx context.Context, cfg aws.Config) (any, error)
	DescribeCluster(ctx context.Context, params *eks.DescribeClusterInput, options eks.Options) (*eks.DescribeClusterOutput, error)
	PresignGetCallerIdentity(ctx context.Context, optFn func(*sts.PresignOptions), options sts.Options) (*signerv4.PresignedHTTPRequest, error)
}

Implementation provides the required methods of the AWS libraries.

type Provider ¶

type Provider struct{ Implementation }

Provider implements the auth.Provider interface for AWS authentication.

func (Provider) GetAccessTokenOptionsForArtifactRepository ¶ added in v0.21.0

func (p Provider) GetAccessTokenOptionsForArtifactRepository(artifactRepository string) ([]auth.Option, error)

GetAccessTokenOptionsForArtifactRepository implements auth.Provider.

func (Provider) GetAccessTokenOptionsForCluster ¶ added in v0.21.0

func (Provider) GetAccessTokenOptionsForCluster(opts ...auth.Option) ([][]auth.Option, error)

GetAccessTokenOptionsForCluster implements auth.Provider.

func (Provider) GetAudiences ¶ added in v0.21.0

func (Provider) GetAudiences(context.Context, corev1.ServiceAccount) ([]string, error)

GetAudiences implements auth.Provider.

func (Provider) GetIdentity ¶

func (Provider) GetIdentity(serviceAccount corev1.ServiceAccount) (string, error)

GetIdentity implements auth.Provider.

func (Provider) GetName ¶

func (Provider) GetName() string

GetName implements auth.Provider.

func (Provider) NewArtifactRegistryCredentials ¶ added in v0.12.0

func (p Provider) NewArtifactRegistryCredentials(ctx context.Context, registryInput string,
	accessToken auth.Token, opts ...auth.Option) (*auth.ArtifactRegistryCredentials, error)

NewArtifactRegistryCredentials implements auth.Provider.

func (Provider) NewControllerToken ¶ added in v0.12.0

func (p Provider) NewControllerToken(ctx context.Context, opts ...auth.Option) (auth.Token, error)

NewControllerToken implements auth.Provider.

func (Provider) NewRESTConfig ¶ added in v0.21.0

func (p Provider) NewRESTConfig(ctx context.Context, accessTokens []auth.Token,
	opts ...auth.Option) (*auth.RESTConfig, error)

NewRESTConfig implements auth.Provider.

Reference: https://docs.aws.amazon.com/eks/latest/best-practices/identity-and-access-management.html#_controlling_access_to_eks_clusters

func (Provider) NewTokenForServiceAccount ¶

func (p Provider) NewTokenForServiceAccount(ctx context.Context, oidcToken string,
	serviceAccount corev1.ServiceAccount, opts ...auth.Option) (auth.Token, error)

NewTokenForServiceAccount implements auth.Provider.

func (Provider) ParseArtifactRepository ¶ added in v0.12.0

func (Provider) ParseArtifactRepository(artifactRepository string) (string, error)

ParseArtifactRepository implements auth.Provider. ParseArtifactRepository returns the ECR region, unless the registry is public.ecr.aws, in which case it returns public.ecr.aws.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL