Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Config ¶
Config sets up the AWS config using assume roles
For this method to work, the service account the function is running with must be annotated with
annotations: eks.amazonaws.com/role-arn: YOUR_ROLE_ARN
func GetCredentialsFromSecret ¶
func GetCredentialsFromSecret(name, namespace, key string) (creds credsv2.StaticCredentialsProvider, err error)
func GetServiceEndpoint ¶
Types ¶
type ProviderConfigSpec ¶
type ProviderConfigSpec struct { Endpoint *endpoint `json:"endpoint"` Credentials *credentials `json:"credentials"` AssumeRoleChain []struct { RoleARN string `json:"roleARN"` } `json:"assumeRoleChain,omitempty"` S3UsePathStyle bool `json:"s3_use_path_style,omitempty"` SkipCredentialsValidation bool `json:"skip_credentials_validation,omitempty"` SkipRegionValidation bool `json:"skip_region_validation,omitempty"` SkipRequestingAccountID bool `json:"skip_requesting_account_id,omitempty"` SkipMetadataAPICheck bool `json:"skip_metadata_api_check,omitempty"` }
func GetProviderConfig ¶
func GetProviderConfig(providerConfigRef *string) (cfg *ProviderConfigSpec, err error)
GetAssumeRoleArn retrieves the current provider role arn from providerconfig
This requires the service account the function is running with to have additional permissions in order to obtain the `providerconfig`
In order to retrieve the providerconfig, the service account running this function must be bound to a role allowing:
rules: - apiGroups: - aws.upbound.io resources: - providerconfigs verbs: - get - apiGroups: - "" resources: - secrets verbs: - get
Click to show internal directories.
Click to hide internal directories.