Documentation
¶
Index ¶
- type OpenIDConnectManager
- func (m *OpenIDConnectManager) CheckProviderExists(ctx context.Context) (bool, error)
- func (m *OpenIDConnectManager) CreateProvider(ctx context.Context) error
- func (m *OpenIDConnectManager) DeleteProvider(ctx context.Context) error
- func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocument() cft.MapOfInterfaces
- func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions(serviceAccountNamespace, serviceAccountName string) cft.MapOfInterfaces
- func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditionsAllowingWildcard(serviceAccountNamespace, subjectPattern string) cft.MapOfInterfaces
- type UnsupportedOIDCError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OpenIDConnectManager ¶
type OpenIDConnectManager struct {
ProviderARN string
// contains filtered or unexported fields
}
OpenIDConnectManager hold information about IAM OIDC integration
func NewOpenIDConnectManager ¶
func NewOpenIDConnectManager(iamapi awsapi.IAM, accountID, issuer, partition string, tags map[string]string) (*OpenIDConnectManager, error)
NewOpenIDConnectManager constructs a new IAM OIDC manager instance. It returns an error if the issuer URL is invalid
func (*OpenIDConnectManager) CheckProviderExists ¶
func (m *OpenIDConnectManager) CheckProviderExists(ctx context.Context) (bool, error)
CheckProviderExists will return true when the provider exists, it may return errors if it was unable to call IAM API
func (*OpenIDConnectManager) CreateProvider ¶
func (m *OpenIDConnectManager) CreateProvider(ctx context.Context) error
CreateProvider will retrieve CA root certificate and compute its thumbprint for the by connecting to it and create the provider using IAM API
func (*OpenIDConnectManager) DeleteProvider ¶
func (m *OpenIDConnectManager) DeleteProvider(ctx context.Context) error
DeleteProvider will delete the provider using IAM API, it may return an error the API call fails
func (*OpenIDConnectManager) MakeAssumeRolePolicyDocument ¶
func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocument() cft.MapOfInterfaces
func (*OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions ¶
func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditions(serviceAccountNamespace, serviceAccountName string) cft.MapOfInterfaces
MakeAssumeRolePolicyDocumentWithServiceAccountConditions constructs a trust policy document for the given provider
func (*OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditionsAllowingWildcard ¶ added in v0.222.0
func (m *OpenIDConnectManager) MakeAssumeRolePolicyDocumentWithServiceAccountConditionsAllowingWildcard(serviceAccountNamespace, subjectPattern string) cft.MapOfInterfaces
MakeAssumeRolePolicyDocumentWithServiceAccountConditionsAllowingWildcard constructs a trust policy document that allows wildcard pattern matching in the subject condition. The subjectPattern should be in the format "system:serviceaccount:namespace:name-pattern" where name-pattern can include wildcards like "*".
type UnsupportedOIDCError ¶ added in v0.102.0
type UnsupportedOIDCError struct {
Message string
}
UnsupportedOIDCError represents an unsupported OIDC error
func (*UnsupportedOIDCError) Error ¶ added in v0.102.0
func (u *UnsupportedOIDCError) Error() string
Source Files