sigs.k8s.io/cluster-api-provider-aws@v1.5.5/iam/api/v1beta1/types.go (about) 1 /* 2 Copyright 2020 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 // +k8s:deepcopy-gen=package,register 18 // +k8s:defaulter-gen=TypeMeta 19 // +groupName=iam.aws.infrastructure.cluster.x-k8s.io 20 // +gencrdrefdocs:force 21 package v1beta1 22 23 import ( 24 "encoding/json" 25 26 "github.com/pkg/errors" 27 ) 28 29 type ( 30 // Effect defines an AWS IAM effect. 31 Effect string 32 33 // ConditionOperator defines an AWS condition operator. 34 ConditionOperator string 35 36 // PrincipalType defines an AWS principle type. 37 PrincipalType string 38 ) 39 40 const ( 41 42 // Any is the AWS IAM policy grammar wildcard. 43 Any = "*" 44 45 // CurrentVersion is the latest version of the AWS IAM policy grammar. 46 CurrentVersion = "2012-10-17" 47 48 // EffectAllow is the Allow effect in an AWS IAM policy statement entry. 49 EffectAllow Effect = "Allow" 50 51 // EffectDeny is the Deny effect in an AWS IAM policy statement entry. 52 EffectDeny Effect = "Deny" 53 54 // PrincipalAWS is the identity type covering AWS ARNs. 55 PrincipalAWS PrincipalType = "AWS" 56 57 // PrincipalFederated is the identity type covering federated identities. 58 PrincipalFederated PrincipalType = "Federated" 59 60 // PrincipalService is the identity type covering AWS services. 61 PrincipalService PrincipalType = "Service" 62 63 // StringEquals is an AWS IAM policy condition operator. 64 StringEquals ConditionOperator = "StringEquals" 65 66 // StringNotEquals is an AWS IAM policy condition operator. 67 StringNotEquals ConditionOperator = "StringNotEquals" 68 69 // StringEqualsIgnoreCase is an AWS IAM policy condition operator. 70 StringEqualsIgnoreCase ConditionOperator = "StringEqualsIgnoreCase" 71 72 // StringLike is an AWS IAM policy condition operator. 73 StringLike ConditionOperator = "StringLike" 74 75 // StringNotLike is an AWS IAM policy condition operator. 76 StringNotLike ConditionOperator = "StringNotLike" 77 78 // DefaultNameSuffix is the default suffix appended to all AWS IAM roles created by clusterawsadm. 79 DefaultNameSuffix = ".cluster-api-provider-aws.sigs.k8s.io" 80 ) 81 82 // PolicyDocument represents an AWS IAM policy document, and can be 83 // converted into JSON using "sigs.k8s.io/cluster-api-provider-aws/cmd/clusterawsadm/converters". 84 type PolicyDocument struct { 85 Version string 86 Statement Statements 87 ID string `json:"Id,omitempty"` 88 } 89 90 // StatementEntry represents each "statement" block in an AWS IAM policy document. 91 type StatementEntry struct { 92 Sid string `json:",omitempty"` 93 Principal Principals `json:",omitempty"` 94 NotPrincipal Principals `json:",omitempty"` 95 Effect Effect `json:"Effect"` 96 Action Actions `json:"Action"` 97 Resource Resources `json:",omitempty"` 98 Condition Conditions `json:"Condition,omitempty"` 99 } 100 101 // Statements is the list of StatementEntries. 102 type Statements []StatementEntry 103 104 // Principals is the map of all identities a statement entry refers to. 105 type Principals map[PrincipalType]PrincipalID 106 107 // Actions is the list of actions. 108 type Actions []string 109 110 // UnmarshalJSON is an Actions Unmarshaler. 111 func (actions *Actions) UnmarshalJSON(data []byte) error { 112 var ids []string 113 if err := json.Unmarshal(data, &ids); err == nil { 114 *actions = Actions(ids) 115 return nil 116 } 117 var id string 118 if err := json.Unmarshal(data, &id); err != nil { 119 return errors.Wrap(err, "couldn't unmarshal as either []string or string") 120 } 121 *actions = []string{id} 122 return nil 123 } 124 125 // Resources is the list of resources. 126 type Resources []string 127 128 // PrincipalID represents the list of all identities, such as ARNs. 129 type PrincipalID []string 130 131 // UnmarshalJSON defines an Unmarshaler for a PrincipalID. 132 func (identityID *PrincipalID) UnmarshalJSON(data []byte) error { 133 var ids []string 134 if err := json.Unmarshal(data, &ids); err == nil { 135 *identityID = PrincipalID(ids) 136 return nil 137 } 138 var id string 139 if err := json.Unmarshal(data, &id); err != nil { 140 return errors.Wrap(err, "couldn't unmarshal as either []string or string") 141 } 142 *identityID = []string{id} 143 return nil 144 } 145 146 // Conditions is the map of all conditions in the statement entry. 147 type Conditions map[ConditionOperator]interface{} 148 149 // DeepCopyInto copies the receiver, writing into out. in must be non-nil. 150 func (in Conditions) DeepCopyInto(out *Conditions) { 151 { 152 in := &in 153 *out = make(Conditions, len(*in)) 154 for key, val := range *in { 155 (*out)[key] = val 156 } 157 } 158 } 159 160 // DeepCopy copies the receiver, creating a new Conditions. 161 func (in Conditions) DeepCopy() Conditions { 162 if in == nil { 163 return nil 164 } 165 out := new(Conditions) 166 in.DeepCopyInto(out) 167 return *out 168 }