Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateDefaultTags(clusterName, namespace, serviceAccountName string) map[string]string
- func GenerateRoleName(clusterName, namespace, serviceAccountName string) string
- func GenerateTrustPolicy(oidcProviderARN, namespace, serviceAccountName string) string
- func GenerateTrustPolicyMultiple(oidcProviderARN string, serviceAccounts []ServiceAccountIdentifier) string
- func GetRoleARN(accountID, roleName, path, partition string) string
- func NamespaceNameValidator(val interface{}) error
- func ServiceAccountNameValidator(val interface{}) error
- func ValidateNamespaceName(name string) error
- func ValidateServiceAccountName(name string) error
- type CreateOptions
- type ListOptions
- type ServiceAccountIdentifier
- type ServiceAccountRole
- type ValidateOptions
Constants ¶
const ( // ServiceAccountRoleType is the role type tag for service account roles ServiceAccountRoleType = "ServiceAccountRole" // RoleTypeTagKey is the tag key for the role type RoleTypeTagKey = "rosa_role_type" // ServiceAccountTagKey is the tag key for the service account name ServiceAccountTagKey = "rosa.openshift.io/service-account" // NamespaceTagKey is the tag key for the namespace NamespaceTagKey = "rosa.openshift.io/namespace" // ClusterTagKey is the tag key for the cluster name ClusterTagKey = "rosa.openshift.io/cluster" )
Variables ¶
var ( // ServiceAccountNameRE validates Kubernetes service account names ServiceAccountNameRE = regexp.MustCompile(`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$`) // NamespaceNameRE validates Kubernetes namespace names NamespaceNameRE = regexp.MustCompile(`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`) )
Functions ¶
func GenerateDefaultTags ¶
GenerateDefaultTags creates default tags for service account roles
func GenerateRoleName ¶
GenerateRoleName creates a standardized role name for a service account
func GenerateTrustPolicy ¶
GenerateTrustPolicy creates an OIDC trust policy for the service account
func GenerateTrustPolicyMultiple ¶
func GenerateTrustPolicyMultiple(oidcProviderARN string, serviceAccounts []ServiceAccountIdentifier) string
GenerateTrustPolicyMultiple creates an OIDC trust policy for multiple service accounts
func GetRoleARN ¶
GetRoleARN constructs the ARN for a role given the account ID, role name, path, and partition
func NamespaceNameValidator ¶
func NamespaceNameValidator(val interface{}) error
NamespaceNameValidator is an interactive validator for namespace names
func ServiceAccountNameValidator ¶
func ServiceAccountNameValidator(val interface{}) error
ServiceAccountNameValidator is an interactive validator for service account names
func ValidateNamespaceName ¶
ValidateNamespaceName validates a Kubernetes namespace name
func ValidateServiceAccountName ¶
ValidateServiceAccountName validates a Kubernetes service account name
Types ¶
type CreateOptions ¶
type CreateOptions struct {
ClusterName string
ServiceAccountName string
Namespace string
RoleName string
PolicyARNs []string
InlinePolicy string
PermissionsBoundary string
Path string
Tags map[string]string
}
CreateOptions contains options for creating a service account IAM role
type ListOptions ¶
ListOptions contains filtering options for listing service account roles
type ServiceAccountIdentifier ¶
ServiceAccountIdentifier represents a service account with its namespace
type ServiceAccountRole ¶
type ServiceAccountRole struct {
RoleName string `json:"roleName"`
RoleARN string `json:"roleArn"`
ClusterName string `json:"clusterName"`
ServiceAccountName string `json:"serviceAccountName"`
Namespace string `json:"namespace"`
PolicyARNs []string `json:"policyArns"`
InlinePolicy string `json:"inlinePolicy,omitempty"`
PermissionsBoundary string `json:"permissionsBoundary,omitempty"`
TrustPolicy string `json:"trustPolicy"`
}
ServiceAccountRole represents an IAM role associated with a Kubernetes service account
type ValidateOptions ¶
ValidateOptions contains validation configuration
Source Files