aws-sdk-eksauth 1.0.0

data/lib/aws-sdk-eksauth/endpoint_provider.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::EKSAuth
+  class EndpointProvider
+    def resolve_endpoint(parameters)
+      region = parameters.region
+      use_fips = parameters.use_fips
+      endpoint = parameters.endpoint
+      if Aws::Endpoints::Matchers.set?(endpoint)
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+        end
+        return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+      end
+      if Aws::Endpoints::Matchers.set?(region)
+        if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+            if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+              if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+                return Aws::Endpoints::Endpoint.new(url: "https://eks-auth-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+              end
+              raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+            end
+            return Aws::Endpoints::Endpoint.new(url: "https://eks-auth.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
+              return Aws::Endpoints::Endpoint.new(url: "https://eks-auth-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+            end
+            raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+          end
+          return Aws::Endpoints::Endpoint.new(url: "https://eks-auth.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+        end
+      end
+      raise ArgumentError, "Invalid Configuration: Missing Region"
+      raise ArgumentError, 'No endpoint could be resolved'
+
+    end
+  end
+end

data/lib/aws-sdk-eksauth/endpoints.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::EKSAuth
+  # @api private
+  module Endpoints
+
+    class AssumeRoleForPodIdentity
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::EKSAuth::EndpointParameters.new(
+          region: context.config.region,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
+  end
+end

data/lib/aws-sdk-eksauth/errors.rb

@@ -0,0 +1,182 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::EKSAuth
+
+  # When EKSAuth returns an error response, the Ruby SDK constructs and raises an error.
+  # These errors all extend Aws::EKSAuth::Errors::ServiceError < {Aws::Errors::ServiceError}
+  #
+  # You can rescue all EKSAuth errors using ServiceError:
+  #
+  #     begin
+  #       # do stuff
+  #     rescue Aws::EKSAuth::Errors::ServiceError
+  #       # rescues all EKSAuth API errors
+  #     end
+  #
+  #
+  # ## Request Context
+  # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
+  # information about the request that generated the error.
+  # See {Seahorse::Client::RequestContext} for more information.
+  #
+  # ## Error Classes
+  # * {AccessDeniedException}
+  # * {ExpiredTokenException}
+  # * {InternalServerException}
+  # * {InvalidParameterException}
+  # * {InvalidRequestException}
+  # * {InvalidTokenException}
+  # * {ResourceNotFoundException}
+  # * {ServiceUnavailableException}
+  # * {ThrottlingException}
+  #
+  # Additionally, error classes are dynamically generated for service errors based on the error code
+  # if they are not defined above.
+  module Errors
+
+    extend Aws::Errors::DynamicErrors
+
+    class AccessDeniedException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::AccessDeniedException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class ExpiredTokenException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::ExpiredTokenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class InternalServerException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::InternalServerException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class InvalidParameterException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::InvalidParameterException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class InvalidRequestException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::InvalidRequestException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class InvalidTokenException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::InvalidTokenException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class ResourceNotFoundException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::ResourceNotFoundException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class ServiceUnavailableException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::ServiceUnavailableException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+    class ThrottlingException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::EKSAuth::Types::ThrottlingException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
+  end
+end

data/lib/aws-sdk-eksauth/plugins/endpoints.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+
+module Aws::EKSAuth
+  module Plugins
+    class Endpoints < Seahorse::Client::Plugin
+      option(
+        :endpoint_provider,
+        doc_type: 'Aws::EKSAuth::EndpointProvider',
+        docstring: 'The endpoint provider used to resolve endpoints. Any '\
+                   'object that responds to `#resolve_endpoint(parameters)` '\
+                   'where `parameters` is a Struct similar to '\
+                   '`Aws::EKSAuth::EndpointParameters`'
+      ) do |cfg|
+        Aws::EKSAuth::EndpointProvider.new
+      end
+
+      # @api private
+      class Handler < Seahorse::Client::Handler
+        def call(context)
+          # If endpoint was discovered, do not resolve or apply the endpoint.
+          unless context[:discovered_endpoint]
+            params = parameters_for_operation(context)
+            endpoint = context.config.endpoint_provider.resolve_endpoint(params)
+
+            context.http_request.endpoint = endpoint.url
+            apply_endpoint_headers(context, endpoint.headers)
+          end
+
+          context[:endpoint_params] = params
+          context[:auth_scheme] =
+            Aws::Endpoints.resolve_auth_scheme(context, endpoint)
+
+          @handler.call(context)
+        end
+
+        private
+
+        def apply_endpoint_headers(context, headers)
+          headers.each do |key, values|
+            value = values
+              .compact
+              .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
+              .join(',')
+
+            context.http_request.headers[key] = value
+          end
+        end
+
+        def parameters_for_operation(context)
+          case context.operation_name
+          when :assume_role_for_pod_identity
+            Aws::EKSAuth::Endpoints::AssumeRoleForPodIdentity.build(context)
+          end
+        end
+      end
+
+      def add_handlers(handlers, _config)
+        handlers.add(Handler, step: :build, priority: 75)
+      end
+    end
+  end
+end

data/lib/aws-sdk-eksauth/resource.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::EKSAuth
+
+  class Resource
+
+    # @param options ({})
+    # @option options [Client] :client
+    def initialize(options = {})
+      @client = options[:client] || Client.new(options)
+    end
+
+    # @return [Client]
+    def client
+      @client
+    end
+
+  end
+end

data/lib/aws-sdk-eksauth/types.rb

@@ -0,0 +1,310 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+module Aws::EKSAuth
+  module Types
+
+    # You don't have permissions to perform the requested operation. The
+    # IAM principal making the request must have at least one IAM
+    # permissions policy attached that grants the required permissions. For
+    # more information, see [Access management][1] in the *IAM User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/AccessDeniedException AWS API Documentation
+    #
+    class AccessDeniedException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] cluster_name
+    #   The name of the cluster for the request.
+    #   @return [String]
+    #
+    # @!attribute [rw] token
+    #   The token of the Kubernetes service account for the pod.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/AssumeRoleForPodIdentityRequest AWS API Documentation
+    #
+    class AssumeRoleForPodIdentityRequest < Struct.new(
+      :cluster_name,
+      :token)
+      SENSITIVE = [:token]
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] subject
+    #   The name of the Kubernetes service account inside the cluster to
+    #   associate the IAM credentials with.
+    #   @return [Types::Subject]
+    #
+    # @!attribute [rw] audience
+    #   The identity that is allowed to use the credentials. This value is
+    #   always `pods.eks.amazonaws.com`.
+    #   @return [String]
+    #
+    # @!attribute [rw] pod_identity_association
+    #   The Amazon Resource Name (ARN) and ID of the EKS Pod Identity
+    #   association.
+    #   @return [Types::PodIdentityAssociation]
+    #
+    # @!attribute [rw] assumed_role_user
+    #   An object with the permanent IAM role identity and the temporary
+    #   session name.
+    #
+    #   The ARN of the IAM role that the temporary credentials authenticate
+    #   to.
+    #
+    #   The session name of the temporary session requested to STS. The
+    #   value is a unique identifier that contains the role ID, a colon
+    #   (`:`), and the role session name of the role that is being assumed.
+    #   The role ID is generated by IAM when the role is created. The role
+    #   session name part of the value follows this format:
+    #   `eks-clustername-podname-random UUID `
+    #   @return [Types::AssumedRoleUser]
+    #
+    # @!attribute [rw] credentials
+    #   The *Amazon Web Services Signature Version 4* type of temporary
+    #   credentials.
+    #   @return [Types::Credentials]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/AssumeRoleForPodIdentityResponse AWS API Documentation
+    #
+    class AssumeRoleForPodIdentityResponse < Struct.new(
+      :subject,
+      :audience,
+      :pod_identity_association,
+      :assumed_role_user,
+      :credentials)
+      SENSITIVE = [:credentials]
+      include Aws::Structure
+    end
+
+    # An object with the permanent IAM role identity and the temporary
+    # session name.
+    #
+    # @!attribute [rw] arn
+    #   The ARN of the IAM role that the temporary credentials authenticate
+    #   to.
+    #   @return [String]
+    #
+    # @!attribute [rw] assume_role_id
+    #   The session name of the temporary session requested to STS. The
+    #   value is a unique identifier that contains the role ID, a colon
+    #   (`:`), and the role session name of the role that is being assumed.
+    #   The role ID is generated by IAM when the role is created. The role
+    #   session name part of the value follows this format:
+    #   `eks-clustername-podname-random UUID `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/AssumedRoleUser AWS API Documentation
+    #
+    class AssumedRoleUser < Struct.new(
+      :arn,
+      :assume_role_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The *Amazon Web Services Signature Version 4* type of temporary
+    # credentials.
+    #
+    # @!attribute [rw] session_token
+    #   The token that applications inside the pods must pass to any service
+    #   API to use the temporary credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] secret_access_key
+    #   The secret access key that applications inside the pods use to sign
+    #   requests.
+    #   @return [String]
+    #
+    # @!attribute [rw] access_key_id
+    #   The access key ID that identifies the temporary security
+    #   credentials.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiration
+    #   The Unix epoch timestamp in seconds when the current credentials
+    #   expire.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/Credentials AWS API Documentation
+    #
+    class Credentials < Struct.new(
+      :session_token,
+      :secret_access_key,
+      :access_key_id,
+      :expiration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified Kubernetes service account token is expired.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/ExpiredTokenException AWS API Documentation
+    #
+    class ExpiredTokenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # These errors are usually caused by a server-side issue.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/InternalServerException AWS API Documentation
+    #
+    class InternalServerException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified parameter is invalid. Review the available parameters
+    # for the API request.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/InvalidParameterException AWS API Documentation
+    #
+    class InvalidParameterException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This exception is thrown if the request contains a semantic error. The
+    # precise meaning will depend on the API, and will be documented in the
+    # error message.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/InvalidRequestException AWS API Documentation
+    #
+    class InvalidRequestException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified Kubernetes service account token is invalid.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/InvalidTokenException AWS API Documentation
+    #
+    class InvalidTokenException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Amazon EKS Pod Identity associations provide the ability to manage
+    # credentials for your applications, similar to the way that Amazon EC2
+    # instance profiles provide credentials to Amazon EC2 instances.
+    #
+    # @!attribute [rw] association_arn
+    #   The Amazon Resource Name (ARN) of the EKS Pod Identity association.
+    #   @return [String]
+    #
+    # @!attribute [rw] association_id
+    #   The ID of the association.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/PodIdentityAssociation AWS API Documentation
+    #
+    class PodIdentityAssociation < Struct.new(
+      :association_arn,
+      :association_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The specified resource could not be found.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/ResourceNotFoundException AWS API Documentation
+    #
+    class ResourceNotFoundException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The service is unavailable. Back off and retry the operation.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/ServiceUnavailableException AWS API Documentation
+    #
+    class ServiceUnavailableException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An object containing the name of the Kubernetes service account inside
+    # the cluster to associate the IAM credentials with.
+    #
+    # @!attribute [rw] namespace
+    #   The name of the Kubernetes namespace inside the cluster to create
+    #   the association in. The service account and the pods that use the
+    #   service account must be in this namespace.
+    #   @return [String]
+    #
+    # @!attribute [rw] service_account
+    #   The name of the Kubernetes service account inside the cluster to
+    #   associate the IAM credentials with.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/Subject AWS API Documentation
+    #
+    class Subject < Struct.new(
+      :namespace,
+      :service_account)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The request was denied because your request rate is too high. Reduce
+    # the frequency of requests.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/eks-auth-2023-11-26/ThrottlingException AWS API Documentation
+    #
+    class ThrottlingException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+  end
+end

data/lib/aws-sdk-eksauth/waiters.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+# WARNING ABOUT GENERATED CODE
+#
+# This file is generated. See the contributing guide for more information:
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
+#
+# WARNING ABOUT GENERATED CODE
+
+require 'aws-sdk-core/waiters'
+
+module Aws::EKSAuth
+  module Waiters
+  end
+end