sigs.k8s.io/cluster-api-provider-aws@v1.5.5/api/v1alpha4/awsiam_types.go

sigs.k8s.io/cluster-api-provider-aws@v1.5.5/api/v1alpha4/awsiam_types.go (about)

     1  /*
     2  Copyright 2020 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8  	http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package v1alpha4
    18  
    19  import (
    20  	"encoding/json"
    21  
    22  	"github.com/pkg/errors"
    23  )
    24  
    25  type (
    26  	// Effect defines an AWS IAM effect.
    27  	Effect string
    28  
    29  	// ConditionOperator defines an AWS condition operator.
    30  	ConditionOperator string
    31  
    32  	// PrincipalType defines an AWS principle type.
    33  	PrincipalType string
    34  )
    35  
    36  const (
    37  
    38  	// Any is the AWS IAM policy grammar wildcard.
    39  	Any = "*"
    40  
    41  	// CurrentVersion is the latest version of the AWS IAM policy grammar.
    42  	CurrentVersion = "2012-10-17"
    43  
    44  	// EffectAllow is the Allow effect in an AWS IAM policy statement entry.
    45  	EffectAllow Effect = "Allow"
    46  
    47  	// EffectDeny is the Deny effect in an AWS IAM policy statement entry.
    48  	EffectDeny Effect = "Deny"
    49  
    50  	// PrincipalAWS is the identity type covering AWS ARNs.
    51  	PrincipalAWS PrincipalType = "AWS"
    52  
    53  	// PrincipalFederated is the identity type covering federated identities.
    54  	PrincipalFederated PrincipalType = "Federated"
    55  
    56  	// PrincipalService is the identity type covering AWS services.
    57  	PrincipalService PrincipalType = "Service"
    58  
    59  	// StringEquals is an AWS IAM policy condition operator.
    60  	StringEquals ConditionOperator = "StringEquals"
    61  
    62  	// StringNotEquals is an AWS IAM policy condition operator.
    63  	StringNotEquals ConditionOperator = "StringNotEquals"
    64  
    65  	// StringEqualsIgnoreCase is an AWS IAM policy condition operator.
    66  	StringEqualsIgnoreCase ConditionOperator = "StringEqualsIgnoreCase"
    67  
    68  	// StringLike is an AWS IAM policy condition operator.
    69  	StringLike ConditionOperator = "StringLike"
    70  
    71  	// StringNotLike is an AWS IAM policy condition operator.
    72  	StringNotLike ConditionOperator = "StringNotLike"
    73  )
    74  
    75  // PolicyDocument represents an AWS IAM policy document, and can be
    76  // converted into JSON using "sigs.k8s.io/cluster-api-provider-aws/cmd/clusterawsadm/converters".
    77  type PolicyDocument struct {
    78  	Version   string
    79  	Statement Statements
    80  	ID        string `json:"Id,omitempty"`
    81  }
    82  
    83  // StatementEntry represents each "statement" block in an AWS IAM policy document.
    84  type StatementEntry struct {
    85  	Sid          string     `json:",omitempty"`
    86  	Principal    Principals `json:",omitempty"`
    87  	NotPrincipal Principals `json:",omitempty"`
    88  	Effect       Effect     `json:"Effect"`
    89  	Action       Actions    `json:"Action"`
    90  	Resource     Resources  `json:",omitempty"`
    91  	Condition    Conditions `json:"Condition,omitempty"`
    92  }
    93  
    94  // Statements is the list of StatementEntries.
    95  type Statements []StatementEntry
    96  
    97  // Principals is the map of all identities a statement entry refers to.
    98  type Principals map[PrincipalType]PrincipalID
    99  
   100  // Actions is the list of actions.
   101  type Actions []string
   102  
   103  // UnmarshalJSON is an Actions Unmarshaler.
   104  func (actions *Actions) UnmarshalJSON(data []byte) error {
   105  	var ids []string
   106  	if err := json.Unmarshal(data, &ids); err == nil {
   107  		*actions = Actions(ids)
   108  		return nil
   109  	}
   110  	var id string
   111  	if err := json.Unmarshal(data, &id); err != nil {
   112  		return errors.Wrap(err, "couldn't unmarshal as either []string or string")
   113  	}
   114  	*actions = []string{id}
   115  	return nil
   116  }
   117  
   118  // Resources is the list of resources.
   119  type Resources []string
   120  
   121  // PrincipalID represents the list of all identities, such as ARNs.
   122  type PrincipalID []string
   123  
   124  // UnmarshalJSON defines an Unmarshaler for a PrincipalID.
   125  func (identityID *PrincipalID) UnmarshalJSON(data []byte) error {
   126  	var ids []string
   127  	if err := json.Unmarshal(data, &ids); err == nil {
   128  		*identityID = PrincipalID(ids)
   129  		return nil
   130  	}
   131  	var id string
   132  	if err := json.Unmarshal(data, &id); err != nil {
   133  		return errors.Wrap(err, "couldn't unmarshal as either []string or string")
   134  	}
   135  	*identityID = []string{id}
   136  	return nil
   137  }
   138  
   139  // Conditions is the map of all conditions in the statement entry.
   140  type Conditions map[ConditionOperator]interface{}
   141  
   142  // DeepCopyInto copies the receiver, writing into out. in must be non-nil.
   143  func (in Conditions) DeepCopyInto(out *Conditions) {
   144  	{
   145  		in := &in
   146  		*out = make(Conditions, len(*in))
   147  		for key, val := range *in {
   148  			(*out)[key] = val
   149  		}
   150  	}
   151  }
   152  
   153  // DeepCopy copies the receiver, creating a new Conditions.
   154  func (in Conditions) DeepCopy() Conditions {
   155  	if in == nil {
   156  		return nil
   157  	}
   158  	out := new(Conditions)
   159  	in.DeepCopyInto(out)
   160  	return *out
   161  }