Documentation
¶
Index ¶
- Constants
- func BuildServiceEndpoint(baseEndpoint, subdomain string) string
- func CheckVirtualCloudHealth() error
- func GetAllAwsRegions() ([]string, error)
- func GetAvailabilityZones(region string) ([]string, error)
- func GetRandomRegion(approvedRegions, forbiddenRegions []string) (string, error)
- func GetRandomRegionForService(serviceName string) (string, error)
- func GetRandomStableRegion(approvedRegions, forbiddenRegions []string) (string, error)
- func GetRegionsForService(serviceName string) ([]string, error)
- func GetVirtualCloudEndpoint(service string) (string, bool)
- func NewAuthenticatedSession(region string) (*aws.Config, error)
- func NewAuthenticatedSessionFromDefaultCredentials(region string) (*aws.Config, error)
- func NewAuthenticatedSessionFromInfraspecCloudToken(region, token string) (*aws.Config, error)
- func NewAuthenticatedSessionFromRole(region, roleARN string) (*aws.Config, error)
- func NewAuthenticatedSessionWithDefaultRegion() (*aws.Config, error)
- func NewEc2FullClient(region string) (*ec2.Client, error)
- func NewEc2FullClientWithDefaultRegion() (*ec2.Client, error)
- func NewRdsClient(region string) (*rds.Client, error)
- func NewRdsClientWithDefaultRegion() (*rds.Client, error)
- type CredentialsError
- type EC2API
- type MockEC2Client
- func (m *MockEC2Client) DescribeAvailabilityZones(ctx context.Context, params *ec2.DescribeAvailabilityZonesInput, ...) (*ec2.DescribeAvailabilityZonesOutput, error)
- func (m *MockEC2Client) DescribeRegions(ctx context.Context, params *ec2.DescribeRegionsInput, ...) (*ec2.DescribeRegionsOutput, error)
- type MockSSMClient
- type SSMAPI
Constants ¶
const ( AuthAssumeRoleEnvVar = "INFRASPEC_IAM_ROLE" // OS environment variable name through which Assume Role ARN may be passed for authentication // InfraspecCloudAccessKeyID is the access key ID used when authenticating with an InfraSpec Cloud token InfraspecCloudAccessKeyID = "infraspec-api" InfraspecCloudDefaultEndpointURL = "https://infraspec.sh" )
const ( // HealthCheckTimeout is the maximum time to wait for the health check HealthCheckTimeout = 5 * time.Second // HealthCheckPath is the path to the health check endpoint HealthCheckPath = "/_health" )
Variables ¶
This section is empty.
Functions ¶
func BuildServiceEndpoint ¶ added in v0.1.0
BuildServiceEndpoint constructs a service-specific endpoint URL by adding a subdomain to the base endpoint. For example:
- Base: "https://infraspec.sh" + Subdomain: "s3" = "https://s3.infraspec.sh"
- Base: "https://infraspec.sh" + Subdomain: "dynamodb" = "https://dynamodb.infraspec.sh"
- Base: "http://localhost:8000" + Subdomain: "s3" = "http://localhost:8000" (no subdomain for localhost)
- Base: "http://127.0.0.1:8000" + Subdomain: "sts" = "http://127.0.0.1:8000" (no subdomain for 127.0.0.1)
func CheckVirtualCloudHealth ¶ added in v0.1.0
func CheckVirtualCloudHealth() error
CheckVirtualCloudHealth verifies that the InfraSpec Virtual Cloud API is accessible. It skips the check if endpoints are overridden for localhost testing. Returns nil if the health check passes or if it should be skipped, otherwise returns an error.
func GetAllAwsRegions ¶
GetAllAwsRegions gets the list of AWS regions available in this account.
func GetAvailabilityZones ¶
GetAvailabilityZones gets the Availability Zones for a given AWS region. Note that for certain regions (e.g. us-east-1), different AWS accounts have access to different availability zones.
func GetRandomRegion ¶
GetRandomRegion gets a randomly chosen AWS region. If approvedRegions is not empty, this will be a region from the approvedRegions list; otherwise, this method will fetch the latest list of regions from the AWS APIs and pick one of those. If forbiddenRegions is not empty, this method will make sure the returned region is not in the forbiddenRegions list.
func GetRandomRegionForService ¶
GetRandomRegionForService retrieves a list of AWS regions in which a service is available Then returns one region randomly from the list
func GetRandomStableRegion ¶
GetRandomStableRegion gets a randomly chosen AWS region that is considered stable. Like GetRandomRegion, you can further restrict the stable region list using approvedRegions and forbiddenRegions. We consider stable regions to be those that have been around for at least 1 year. Note that regions in the approvedRegions list that are not considered stable are ignored.
func GetRegionsForService ¶
GetRegionsForService gets all AWS regions in which a service is available and returns errors. See https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-global-infrastructure.html
func GetVirtualCloudEndpoint ¶ added in v0.1.0
GetVirtualCloudEndpoint returns the endpoint URL to use for the given AWS service when InfraSpec Virtual Cloud mode is enabled. The function looks for a service-specific environment variable (e.g. AWS_ENDPOINT_URL_RDS) and falls back to AWS_ENDPOINT_URL, finally defaulting to the InfraSpec Cloud endpoint with service-specific subdomain.
If service is empty, returns the base endpoint URL without subdomain construction. Otherwise, constructs a service-specific subdomain endpoint (e.g. https://dynamodb.infraspec.sh).
func NewAuthenticatedSession ¶
NewAuthenticatedSession creates an AWS Config following to standard AWS authentication workflow. If an InfraSpec Cloud token is configured, it uses that token as the secret access key with "infraspec-api" as the access key ID. If `INFRASPEC_IAM_ROLE` environment variable is set, it assumes IAM role specified in it. Otherwise, uses default credentials.
func NewAuthenticatedSessionFromDefaultCredentials ¶
NewAuthenticatedSessionFromDefaultCredentials gets an AWS Config, checking that the user has credentials properly configured in their environment.
func NewAuthenticatedSessionFromInfraspecCloudToken ¶ added in v0.1.0
func NewAuthenticatedSessionFromRole ¶
NewAuthenticatedSessionFromRole returns a new AWS Config after assuming the role whose ARN is provided in roleARN. If the credentials are not properly configured in the underlying environment, an error is returned.
func NewAuthenticatedSessionWithDefaultRegion ¶ added in v0.1.0
NewAuthenticatedSessionWithDefaultRegion creates an AWS Config with the default region.
func NewEc2FullClient ¶ added in v0.1.1
NewEc2FullClient creates a full EC2 client (not limited to EC2API interface).
func NewEc2FullClientWithDefaultRegion ¶ added in v0.1.1
NewEc2FullClientWithDefaultRegion creates an EC2 client with the default region.
func NewRdsClient ¶
NewRdsClient creates an RDS client.
func NewRdsClientWithDefaultRegion ¶
NewRdsClientWithDefaultRegion creates an RDS client with the default region.
Types ¶
type CredentialsError ¶
type CredentialsError struct {
UnderlyingErr error
}
CredentialsError is an error that occurs because AWS credentials can't be found.
func (CredentialsError) Error ¶
func (err CredentialsError) Error() string
type EC2API ¶ added in v0.1.0
type EC2API interface {
DescribeRegions(ctx context.Context, params *ec2.DescribeRegionsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeRegionsOutput, error)
DescribeAvailabilityZones(ctx context.Context, params *ec2.DescribeAvailabilityZonesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeAvailabilityZonesOutput, error)
}
EC2API is an interface that matches the methods we use from ec2.Client
func NewEc2Client ¶
NewEc2Client creates an EC2 client that implements EC2API interface.
type MockEC2Client ¶ added in v0.1.0
type MockEC2Client struct {
// contains filtered or unexported fields
}
MockEC2Client implements EC2API using golden files
func NewMockEC2Client ¶ added in v0.1.0
func NewMockEC2Client(region string) *MockEC2Client
NewMockEC2Client creates a new mock EC2 client
func (*MockEC2Client) DescribeAvailabilityZones ¶ added in v0.1.0
func (m *MockEC2Client) DescribeAvailabilityZones(ctx context.Context, params *ec2.DescribeAvailabilityZonesInput, optFns ...func(*ec2.Options)) (*ec2.DescribeAvailabilityZonesOutput, error)
DescribeAvailabilityZones loads availability zones from golden file
func (*MockEC2Client) DescribeRegions ¶ added in v0.1.0
func (m *MockEC2Client) DescribeRegions(ctx context.Context, params *ec2.DescribeRegionsInput, optFns ...func(*ec2.Options)) (*ec2.DescribeRegionsOutput, error)
DescribeRegions loads regions from golden file
type MockSSMClient ¶ added in v0.1.0
type MockSSMClient struct {
// contains filtered or unexported fields
}
MockSSMClient implements SSMAPI using golden files
func NewMockSSMClient ¶ added in v0.1.0
func NewMockSSMClient(region string) *MockSSMClient
NewMockSSMClient creates a new mock SSM client
func (*MockSSMClient) GetParametersByPath ¶ added in v0.1.0
func (m *MockSSMClient) GetParametersByPath(ctx context.Context, params *ssm.GetParametersByPathInput, optFns ...func(*ssm.Options)) (*ssm.GetParametersByPathOutput, error)
GetParametersByPath loads SSM parameters from golden file
type SSMAPI ¶ added in v0.1.0
type SSMAPI interface {
GetParametersByPath(ctx context.Context, params *ssm.GetParametersByPathInput, optFns ...func(*ssm.Options)) (*ssm.GetParametersByPathOutput, error)
}
SSMAPI is an interface that matches the methods we use from ssm.Client
func NewSsmClient ¶
NewSsmClient creates an SSM client.
Source Files