Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Config ¶
Config sets up the AWS config using assume roles
For this method to work, the service account the function is running with must be annotated with
annotations: eks.amazonaws.com/role-arn: YOUR_ROLE_ARN
func GetCredentialsFromSecret ¶
func GetCredentialsFromSecret(name, namespace, key string) (creds credsv2.StaticCredentialsProvider, err error)
func GetServiceEndpoint ¶
Types ¶
type ProviderConfigSpec ¶
type ProviderConfigSpec struct {
Endpoint *endpoint `json:"endpoint"`
Credentials *credentials `json:"credentials"`
AssumeRoleChain []struct {
RoleARN string `json:"roleARN"`
} `json:"assumeRoleChain,omitempty"`
S3UsePathStyle bool `json:"s3_use_path_style,omitempty"`
SkipCredentialsValidation bool `json:"skip_credentials_validation,omitempty"`
SkipRegionValidation bool `json:"skip_region_validation,omitempty"`
SkipRequestingAccountID bool `json:"skip_requesting_account_id,omitempty"`
SkipMetadataAPICheck bool `json:"skip_metadata_api_check,omitempty"`
}
func GetProviderConfig ¶
func GetProviderConfig(providerConfigRef *string) (cfg *ProviderConfigSpec, err error)
GetAssumeRoleArn retrieves the current provider role arn from providerconfig
This requires the service account the function is running with to have additional permissions in order to obtain the `providerconfig`
In order to retrieve the providerconfig, the service account running this function must be bound to a role allowing:
rules: - apiGroups: - aws.upbound.io resources: - providerconfigs verbs: - get - apiGroups: - "" resources: - secrets verbs: - get
Source Files
Click to show internal directories.
Click to hide internal directories.