@pulumi/eks 2.8.1 → 2.9.0-alpha.1727304793
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/addon.d.ts +61 -13
- package/addon.js +45 -18
- package/addon.js.map +1 -1
- package/cluster.d.ts +291 -585
- package/cluster.js +120 -947
- package/cluster.js.map +1 -1
- package/clusterCreationRoleProvider.d.ts +28 -0
- package/clusterCreationRoleProvider.js +47 -0
- package/clusterCreationRoleProvider.js.map +1 -0
- package/clusterMixins.d.ts +71 -0
- package/clusterMixins.js +107 -0
- package/clusterMixins.js.map +1 -0
- package/index.d.ts +31 -7
- package/index.js +80 -34
- package/index.js.map +1 -1
- package/managedNodeGroup.d.ts +221 -0
- package/managedNodeGroup.js +81 -0
- package/managedNodeGroup.js.map +1 -0
- package/nodeGroup.d.ts +273 -0
- package/nodeGroup.js +93 -0
- package/nodeGroup.js.map +1 -0
- package/nodeGroupSecurityGroup.d.ts +51 -0
- package/nodeGroupSecurityGroup.js +60 -0
- package/nodeGroupSecurityGroup.js.map +1 -0
- package/nodeGroupV2.d.ts +280 -0
- package/nodeGroupV2.js +90 -0
- package/nodeGroupV2.js.map +1 -0
- package/nodegroupMixins.d.ts +203 -0
- package/{securitygroup.js → nodegroupMixins.js} +25 -36
- package/nodegroupMixins.js.map +1 -0
- package/package.json +8 -36
- package/provider.d.ts +21 -0
- package/provider.js +38 -0
- package/provider.js.map +1 -0
- package/{storageclass.js → storageclassMixins.js} +1 -14
- package/storageclassMixins.js.map +1 -0
- package/types/enums/index.d.ts +170 -0
- package/types/enums/index.js +145 -0
- package/types/enums/index.js.map +1 -0
- package/types/index.d.ts +4 -0
- package/types/index.js +13 -0
- package/types/index.js.map +1 -0
- package/types/input.d.ts +745 -0
- package/types/input.js +30 -0
- package/types/input.js.map +1 -0
- package/types/output.d.ts +422 -0
- package/types/output.js +5 -0
- package/types/output.js.map +1 -0
- package/utilities.d.ts +8 -1
- package/utilities.js +90 -17
- package/utilities.js.map +1 -1
- package/vpcCniAddon.d.ts +175 -0
- package/vpcCniAddon.js +88 -0
- package/vpcCniAddon.js.map +1 -0
- package/LICENSE +0 -202
- package/README.md +0 -77
- package/authenticationMode.d.ts +0 -24
- package/authenticationMode.js +0 -172
- package/authenticationMode.js.map +0 -1
- package/authenticationMode.test.d.ts +0 -1
- package/authenticationMode.test.js +0 -208
- package/authenticationMode.test.js.map +0 -1
- package/cert-thumprint.d.ts +0 -16
- package/cert-thumprint.js +0 -113
- package/cert-thumprint.js.map +0 -1
- package/cmd/provider/addon.d.ts +0 -1
- package/cmd/provider/addon.js +0 -40
- package/cmd/provider/addon.js.map +0 -1
- package/cmd/provider/cluster.d.ts +0 -1
- package/cmd/provider/cluster.js +0 -71
- package/cmd/provider/cluster.js.map +0 -1
- package/cmd/provider/cni.d.ts +0 -2
- package/cmd/provider/cni.js +0 -291
- package/cmd/provider/cni.js.map +0 -1
- package/cmd/provider/index.d.ts +0 -1
- package/cmd/provider/index.js +0 -171
- package/cmd/provider/index.js.map +0 -1
- package/cmd/provider/nodegroup.d.ts +0 -1
- package/cmd/provider/nodegroup.js +0 -89
- package/cmd/provider/nodegroup.js.map +0 -1
- package/cmd/provider/randomSuffix.d.ts +0 -1
- package/cmd/provider/randomSuffix.js +0 -52
- package/cmd/provider/randomSuffix.js.map +0 -1
- package/cmd/provider/schema.json +0 -1909
- package/cmd/provider/securitygroup.d.ts +0 -1
- package/cmd/provider/securitygroup.js +0 -41
- package/cmd/provider/securitygroup.js.map +0 -1
- package/cni/README.md +0 -6
- package/cni/aws-k8s-cni.yaml +0 -602
- package/cni.d.ts +0 -177
- package/cni.js +0 -64
- package/cni.js.map +0 -1
- package/dashboard/heapster-rbac.yaml +0 -12
- package/dashboard/heapster.yaml +0 -46
- package/dashboard/influxdb.yaml +0 -40
- package/dashboard/kubernetes-dashboard.yaml +0 -167
- package/dashboard.d.ts +0 -5
- package/dashboard.js +0 -58
- package/dashboard.js.map +0 -1
- package/dependencies.d.ts +0 -2
- package/dependencies.js +0 -81
- package/dependencies.js.map +0 -1
- package/dependencies.test.d.ts +0 -1
- package/dependencies.test.js +0 -133
- package/dependencies.test.js.map +0 -1
- package/nodegroup.d.ts +0 -515
- package/nodegroup.js +0 -1152
- package/nodegroup.js.map +0 -1
- package/nodegroup.test.d.ts +0 -1
- package/nodegroup.test.js +0 -336
- package/nodegroup.test.js.map +0 -1
- package/package.json.dev +0 -67
- package/randomSuffix.d.ts +0 -1
- package/randomSuffix.js +0 -51
- package/randomSuffix.js.map +0 -1
- package/securitygroup.d.ts +0 -52
- package/securitygroup.js.map +0 -1
- package/servicerole.d.ts +0 -43
- package/servicerole.js +0 -72
- package/servicerole.js.map +0 -1
- package/storageclass.js.map +0 -1
- package/utils.d.ts +0 -23
- package/utils.js +0 -16
- package/utils.js.map +0 -1
- /package/{storageclass.d.ts → storageclassMixins.d.ts} +0 -0
package/authenticationMode.js
DELETED
|
@@ -1,172 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// Copyright 2016-2024, Pulumi Corporation.
|
|
3
|
-
//
|
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
-
// you may not use this file except in compliance with the License.
|
|
6
|
-
// You may obtain a copy of the License at
|
|
7
|
-
//
|
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
//
|
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
-
// See the License for the specific language governing permissions and
|
|
14
|
-
// limitations under the License.
|
|
15
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
-
exports.createAccessEntries = exports.createAwsAuthData = exports.supportsAccessEntries = exports.supportsConfigMap = exports.validateAuthenticationMode = exports.API = exports.API_AND_CONFIG_MAP = exports.CONFIG_MAP = void 0;
|
|
17
|
-
const aws = require("@pulumi/aws");
|
|
18
|
-
const pulumi = require("@pulumi/pulumi");
|
|
19
|
-
const jsyaml = require("js-yaml");
|
|
20
|
-
exports.CONFIG_MAP = "CONFIG_MAP";
|
|
21
|
-
exports.API_AND_CONFIG_MAP = "API_AND_CONFIG_MAP";
|
|
22
|
-
exports.API = "API";
|
|
23
|
-
function validateAuthenticationMode(rawArgs) {
|
|
24
|
-
const args = clusterOptionsShallowCopy(rawArgs);
|
|
25
|
-
if (args.authenticationMode &&
|
|
26
|
-
args.authenticationMode !== exports.CONFIG_MAP &&
|
|
27
|
-
args.authenticationMode !== exports.API_AND_CONFIG_MAP &&
|
|
28
|
-
args.authenticationMode !== exports.API) {
|
|
29
|
-
throw new Error(`Invalid value for authenticationMode: ${args.authenticationMode}. Allowed values are: ${exports.CONFIG_MAP}, ${exports.API_AND_CONFIG_MAP}, ${exports.API}.`);
|
|
30
|
-
}
|
|
31
|
-
if (!supportsConfigMap(args.authenticationMode)) {
|
|
32
|
-
const checkNonEmpty = (prop) => (pv) => {
|
|
33
|
-
if (pv !== undefined && pv.length !== 0) {
|
|
34
|
-
throw new Error(`The '${prop}' property does not support non-empty values when 'authenticationMode' is set to ` +
|
|
35
|
-
`'${args.authenticationMode}'.`);
|
|
36
|
-
}
|
|
37
|
-
};
|
|
38
|
-
args.roleMappings = validatedInput(args.roleMappings, checkNonEmpty("roleMappings"));
|
|
39
|
-
args.userMappings = validatedInput(args.userMappings, checkNonEmpty("userMappings"));
|
|
40
|
-
args.instanceRoles = validatedInput(args.instanceRoles, checkNonEmpty("instanceRoles"));
|
|
41
|
-
}
|
|
42
|
-
if (!supportsAccessEntries(args.authenticationMode)) {
|
|
43
|
-
const apiOnlyProperties = ["accessEntries"];
|
|
44
|
-
apiOnlyProperties.forEach((prop) => {
|
|
45
|
-
if (args[prop]) {
|
|
46
|
-
const errorMsg = args.authenticationMode != null
|
|
47
|
-
? `set to '${args.authenticationMode}'`
|
|
48
|
-
: "not set";
|
|
49
|
-
throw new Error(`The '${prop}' property is not supported when 'authenticationMode' is ${errorMsg}.`);
|
|
50
|
-
}
|
|
51
|
-
});
|
|
52
|
-
}
|
|
53
|
-
return args;
|
|
54
|
-
}
|
|
55
|
-
exports.validateAuthenticationMode = validateAuthenticationMode;
|
|
56
|
-
// Validate promptly if possible, otherwise validate in the Promise chain underlying the Output and ensure that the
|
|
57
|
-
// input is gated on the validation. Unfortunately since apply always unwraps, the validate function required here needs
|
|
58
|
-
// to be able to handle both unwrapped and normal forms.
|
|
59
|
-
function validatedInput(i, validate) {
|
|
60
|
-
if (i instanceof Promise) {
|
|
61
|
-
return pulumi.output(i).apply((value) => {
|
|
62
|
-
validate(value);
|
|
63
|
-
return i;
|
|
64
|
-
});
|
|
65
|
-
}
|
|
66
|
-
else if (pulumi.Output.isInstance(i)) {
|
|
67
|
-
return i.apply((value) => {
|
|
68
|
-
validate(value);
|
|
69
|
-
return i;
|
|
70
|
-
});
|
|
71
|
-
}
|
|
72
|
-
else if (i === undefined) {
|
|
73
|
-
validate(undefined);
|
|
74
|
-
return undefined;
|
|
75
|
-
}
|
|
76
|
-
else {
|
|
77
|
-
validate(i);
|
|
78
|
-
return i;
|
|
79
|
-
}
|
|
80
|
-
}
|
|
81
|
-
// Create a shallow copy of ClusterOptions.
|
|
82
|
-
function clusterOptionsShallowCopy(args) {
|
|
83
|
-
return Object.assign({}, args);
|
|
84
|
-
}
|
|
85
|
-
function supportsConfigMap(authenticationMode) {
|
|
86
|
-
// If authenticationMode is not provided, it defaults to CONFIG_MAP
|
|
87
|
-
return (!authenticationMode ||
|
|
88
|
-
authenticationMode === exports.CONFIG_MAP ||
|
|
89
|
-
authenticationMode === exports.API_AND_CONFIG_MAP);
|
|
90
|
-
}
|
|
91
|
-
exports.supportsConfigMap = supportsConfigMap;
|
|
92
|
-
function supportsAccessEntries(authenticationMode) {
|
|
93
|
-
return authenticationMode === exports.API || authenticationMode === exports.API_AND_CONFIG_MAP;
|
|
94
|
-
}
|
|
95
|
-
exports.supportsAccessEntries = supportsAccessEntries;
|
|
96
|
-
/**
|
|
97
|
-
* Creates the AWS authentication data for the aws-auth ConfigMap.
|
|
98
|
-
*
|
|
99
|
-
* @param instanceRoles - The instance roles to be mapped.
|
|
100
|
-
* @param roleMappings - The IAM role mappings to be included.
|
|
101
|
-
* @param userMappings - The IAM user mappings to be included.
|
|
102
|
-
* @returns The AWS authentication data for the aws-auth ConfigMap.
|
|
103
|
-
* @throws Error if the IAM role mappings or user mappings are invalid or cannot be serialized to YAML.
|
|
104
|
-
*/
|
|
105
|
-
function createAwsAuthData(instanceRoles, roleMappings, userMappings) {
|
|
106
|
-
const instanceRoleMappings = instanceRoles.apply((roles) => roles.map((role) => createInstanceRoleMapping(role.arn)));
|
|
107
|
-
const mapRoles = pulumi
|
|
108
|
-
.all([pulumi.output(roleMappings || []), instanceRoleMappings])
|
|
109
|
-
.apply(([mappings, instanceMappings]) => {
|
|
110
|
-
let mappingYaml = "";
|
|
111
|
-
try {
|
|
112
|
-
mappingYaml = jsyaml.dump([...mappings, ...instanceMappings].map((m) => ({
|
|
113
|
-
rolearn: m.roleArn,
|
|
114
|
-
username: m.username,
|
|
115
|
-
groups: m.groups,
|
|
116
|
-
})));
|
|
117
|
-
}
|
|
118
|
-
catch (e) {
|
|
119
|
-
throw new Error(`The IAM role mappings provided could not be properly serialized to YAML for the aws-auth ConfigMap`);
|
|
120
|
-
}
|
|
121
|
-
return mappingYaml;
|
|
122
|
-
});
|
|
123
|
-
const nodeAccessData = {
|
|
124
|
-
mapRoles: mapRoles,
|
|
125
|
-
};
|
|
126
|
-
if (userMappings) {
|
|
127
|
-
nodeAccessData.mapUsers = pulumi.output(userMappings).apply((mappings) => {
|
|
128
|
-
let mappingYaml = "";
|
|
129
|
-
try {
|
|
130
|
-
mappingYaml = jsyaml.dump(mappings.map((m) => ({
|
|
131
|
-
userarn: m.userArn,
|
|
132
|
-
username: m.username,
|
|
133
|
-
groups: m.groups,
|
|
134
|
-
})));
|
|
135
|
-
}
|
|
136
|
-
catch (e) {
|
|
137
|
-
throw new Error(`The IAM user mappings provided could not be properly serialized to YAML for the aws-auth ConfigMap`);
|
|
138
|
-
}
|
|
139
|
-
return mappingYaml;
|
|
140
|
-
});
|
|
141
|
-
}
|
|
142
|
-
return nodeAccessData;
|
|
143
|
-
}
|
|
144
|
-
exports.createAwsAuthData = createAwsAuthData;
|
|
145
|
-
function createAccessEntries(componentName, clusterName, accessEntries, opts) {
|
|
146
|
-
return Object.entries(accessEntries).map(([name, accessEntry]) => {
|
|
147
|
-
const entry = new aws.eks.AccessEntry(`${componentName}-${name}`, Object.assign(Object.assign({}, accessEntry), { clusterName, userName: accessEntry.username }), opts);
|
|
148
|
-
Object.entries(accessEntry.accessPolicies || {}).map(([associationName, association]) => {
|
|
149
|
-
const associationOutput = pulumi.output(association);
|
|
150
|
-
const policyAssociation = new aws.eks.AccessPolicyAssociation(`${componentName}-${name}-${associationName}`, {
|
|
151
|
-
accessScope: associationOutput.accessScope,
|
|
152
|
-
principalArn: accessEntry.principalArn,
|
|
153
|
-
policyArn: associationOutput.policyArn,
|
|
154
|
-
clusterName,
|
|
155
|
-
}, Object.assign(Object.assign({}, opts), { parent: entry, dependsOn: [entry] }));
|
|
156
|
-
});
|
|
157
|
-
return entry;
|
|
158
|
-
});
|
|
159
|
-
}
|
|
160
|
-
exports.createAccessEntries = createAccessEntries;
|
|
161
|
-
/**
|
|
162
|
-
* Enable access to the EKS cluster for worker nodes, by creating an
|
|
163
|
-
* instance role mapping to the k8s username and groups of aws-auth.
|
|
164
|
-
*/
|
|
165
|
-
function createInstanceRoleMapping(arn) {
|
|
166
|
-
return {
|
|
167
|
-
roleArn: arn,
|
|
168
|
-
username: "system:node:{{EC2PrivateDNSName}}",
|
|
169
|
-
groups: ["system:bootstrappers", "system:nodes"],
|
|
170
|
-
};
|
|
171
|
-
}
|
|
172
|
-
//# sourceMappingURL=authenticationMode.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"authenticationMode.js","sourceRoot":"","sources":["../authenticationMode.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAEjC,mCAAmC;AACnC,yCAAyC;AAEzC,kCAAkC;AAGrB,QAAA,UAAU,GAAG,YAAY,CAAC;AAC1B,QAAA,kBAAkB,GAAG,oBAAoB,CAAC;AAC1C,QAAA,GAAG,GAAG,KAAK,CAAC;AAEzB,SAAgB,0BAA0B,CAAC,OAAuB;IAC9D,MAAM,IAAI,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAChD,IACI,IAAI,CAAC,kBAAkB;QACvB,IAAI,CAAC,kBAAkB,KAAK,kBAAU;QACtC,IAAI,CAAC,kBAAkB,KAAK,0BAAkB;QAC9C,IAAI,CAAC,kBAAkB,KAAK,WAAG,EACjC;QACE,MAAM,IAAI,KAAK,CACX,yCAAyC,IAAI,CAAC,kBAAkB,yBAAyB,kBAAU,KAAK,0BAAkB,KAAK,WAAG,GAAG,CACxI,CAAC;KACL;IAED,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;QAC7C,MAAM,aAAa,GACf,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE;YACb,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE;gBACrC,MAAM,IAAI,KAAK,CACX,QAAQ,IAAI,mFAAmF;oBAC3F,IAAI,IAAI,CAAC,kBAAkB,IAAI,CACtC,CAAC;aACL;QACL,CAAC,CAAC;QAEN,IAAI,CAAC,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;KAC3F;IAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;QACjD,MAAM,iBAAiB,GAA6B,CAAC,eAAe,CAAC,CAAC;QACtE,iBAAiB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE;gBACZ,MAAM,QAAQ,GACV,IAAI,CAAC,kBAAkB,IAAI,IAAI;oBAC3B,CAAC,CAAC,WAAW,IAAI,CAAC,kBAAkB,GAAG;oBACvC,CAAC,CAAC,SAAS,CAAC;gBACpB,MAAM,IAAI,KAAK,CACX,QAAQ,IAAI,4DAA4D,QAAQ,GAAG,CACtF,CAAC;aACL;QACL,CAAC,CAAC,CAAC;KACN;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AA5CD,gEA4CC;AAED,mHAAmH;AACnH,wHAAwH;AACxH,wDAAwD;AACxD,SAAS,cAAc,CACnB,CAA8B,EAC9B,QAA2D;IAE3D,IAAI,CAAC,YAAY,OAAO,EAAE;QACtB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACpC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChB,OAAO,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;KACN;SAAM,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACpC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACrB,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChB,OAAO,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;KACN;SAAM,IAAI,CAAC,KAAK,SAAS,EAAE;QACxB,QAAQ,CAAC,SAAS,CAAC,CAAC;QACpB,OAAO,SAAS,CAAC;KACpB;SAAM;QACH,QAAQ,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,CAAC,CAAC;KACZ;AACL,CAAC;AAED,2CAA2C;AAC3C,SAAS,yBAAyB,CAAC,IAAoB;IACnD,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAgB,iBAAiB,CAAC,kBAAsC;IACpE,mEAAmE;IACnE,OAAO,CACH,CAAC,kBAAkB;QACnB,kBAAkB,KAAK,kBAAU;QACjC,kBAAkB,KAAK,0BAAkB,CAC5C,CAAC;AACN,CAAC;AAPD,8CAOC;AAED,SAAgB,qBAAqB,CAAC,kBAAsC;IACxE,OAAO,kBAAkB,KAAK,WAAG,IAAI,kBAAkB,KAAK,0BAAkB,CAAC;AACnF,CAAC;AAFD,sDAEC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAC7B,aAA4C,EAC5C,YAAmE,EACnE,YAAmE;IAEnE,MAAM,oBAAoB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACvD,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAC3D,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM;SAClB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,oBAAoB,CAAC,CAAC;SAC9D,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,EAAE;QACpC,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI;YACA,WAAW,GAAG,MAAM,CAAC,IAAI,CACrB,CAAC,GAAG,QAAQ,EAAE,GAAG,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3C,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;aACnB,CAAC,CAAC,CACN,CAAC;SACL;QAAC,OAAO,CAAC,EAAE;YACR,MAAM,IAAI,KAAK,CACX,oGAAoG,CACvG,CAAC;SACL;QACD,OAAO,WAAW,CAAC;IACvB,CAAC,CAAC,CAAC;IAEP,MAAM,cAAc,GAAQ;QACxB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IACF,IAAI,YAAY,EAAE;QACd,cAAc,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrE,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,IAAI;gBACA,WAAW,GAAG,MAAM,CAAC,IAAI,CACrB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjB,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;iBACnB,CAAC,CAAC,CACN,CAAC;aACL;YAAC,OAAO,CAAC,EAAE;gBACR,MAAM,IAAI,KAAK,CACX,oGAAoG,CACvG,CAAC;aACL;YACD,OAAO,WAAW,CAAC;QACvB,CAAC,CAAC,CAAC;KACN;IACD,OAAO,cAAc,CAAC;AAC1B,CAAC;AApDD,8CAoDC;AAED,SAAgB,mBAAmB,CAC/B,aAAqB,EACrB,WAAiC,EACjC,aAA6C,EAC7C,IAAkC;IAElC,OAAO,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE;QAC7D,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,CACjC,GAAG,aAAa,IAAI,IAAI,EAAE,kCAEnB,WAAW,KACd,WAAW,EACX,QAAQ,EAAE,WAAW,CAAC,QAAQ,KAElC,IAAI,CACP,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,WAAW,CAAC,EAAE,EAAE;YACpF,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACrD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,uBAAuB,CACzD,GAAG,aAAa,IAAI,IAAI,IAAI,eAAe,EAAE,EAC7C;gBACI,WAAW,EAAE,iBAAiB,CAAC,WAAW;gBAC1C,YAAY,EAAE,WAAW,CAAC,YAAY;gBACtC,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,WAAW;aACd,kCAEM,IAAI,KACP,MAAM,EAAE,KAAK,EACb,SAAS,EAAE,CAAC,KAAK,CAAC,IAEzB,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACjB,CAAC,CAAC,CAAC;AACP,CAAC;AArCD,kDAqCC;AAED;;;GAGG;AACH,SAAS,yBAAyB,CAAC,GAAyB;IACxD,OAAO;QACH,OAAO,EAAE,GAAG;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,MAAM,EAAE,CAAC,sBAAsB,EAAE,cAAc,CAAC;KACnD,CAAC;AACN,CAAC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,208 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// Copyright 2016-2024, Pulumi Corporation.
|
|
3
|
-
//
|
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
-
// you may not use this file except in compliance with the License.
|
|
6
|
-
// You may obtain a copy of the License at
|
|
7
|
-
//
|
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
//
|
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
-
// See the License for the specific language governing permissions and
|
|
14
|
-
// limitations under the License.
|
|
15
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
-
const authenticationMode_1 = require("./authenticationMode");
|
|
17
|
-
describe("validateAuthenticationMode", () => {
|
|
18
|
-
const testRole = { arn: "testRole" };
|
|
19
|
-
it("should throw an error for invalid authentication mode", () => {
|
|
20
|
-
const invalidMode = "INVALID_MODE";
|
|
21
|
-
const args = {
|
|
22
|
-
authenticationMode: invalidMode,
|
|
23
|
-
};
|
|
24
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("Invalid value for authenticationMode: INVALID_MODE. Allowed values are: CONFIG_MAP, API_AND_CONFIG_MAP, API.");
|
|
25
|
-
});
|
|
26
|
-
it("should throw an error for roleMappings when authentication mode is set to API", () => {
|
|
27
|
-
const args = {
|
|
28
|
-
authenticationMode: "API",
|
|
29
|
-
roleMappings: [
|
|
30
|
-
{
|
|
31
|
-
roleArn: "roleArn",
|
|
32
|
-
groups: ["test-group"],
|
|
33
|
-
username: "test-role",
|
|
34
|
-
},
|
|
35
|
-
],
|
|
36
|
-
};
|
|
37
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'roleMappings' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
|
|
38
|
-
});
|
|
39
|
-
it("should throw an error for userMappings when authentication mode is set to API", () => {
|
|
40
|
-
const args = {
|
|
41
|
-
authenticationMode: "API",
|
|
42
|
-
userMappings: [
|
|
43
|
-
{
|
|
44
|
-
userArn: "userArn",
|
|
45
|
-
groups: ["test-group"],
|
|
46
|
-
username: "test-role",
|
|
47
|
-
},
|
|
48
|
-
],
|
|
49
|
-
};
|
|
50
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'userMappings' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
|
|
51
|
-
});
|
|
52
|
-
it("should throw an error for instanceRoles when authentication mode is set to API", () => {
|
|
53
|
-
const args = {
|
|
54
|
-
authenticationMode: "API",
|
|
55
|
-
instanceRoles: [testRole],
|
|
56
|
-
};
|
|
57
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'instanceRoles' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
|
|
58
|
-
});
|
|
59
|
-
it("should not throw an error for instanceRoles=[] when authentication mode is set to API", () => {
|
|
60
|
-
const args = {
|
|
61
|
-
authenticationMode: "API",
|
|
62
|
-
instanceRoles: [],
|
|
63
|
-
};
|
|
64
|
-
// This should not throw exceptions:
|
|
65
|
-
(0, authenticationMode_1.validateAuthenticationMode)(args);
|
|
66
|
-
});
|
|
67
|
-
it("should throw an error for accessEntries when authentication mode is set to CONFIG_MAP", () => {
|
|
68
|
-
const args = {
|
|
69
|
-
authenticationMode: "CONFIG_MAP",
|
|
70
|
-
accessEntries: {
|
|
71
|
-
entry1: {
|
|
72
|
-
principalArn: "roleArn",
|
|
73
|
-
},
|
|
74
|
-
},
|
|
75
|
-
};
|
|
76
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'accessEntries' property is not supported when 'authenticationMode' is set to 'CONFIG_MAP'.");
|
|
77
|
-
});
|
|
78
|
-
it("should throw an error for accessEntries when authentication mode is not set", () => {
|
|
79
|
-
const args = {
|
|
80
|
-
accessEntries: {
|
|
81
|
-
entry1: {
|
|
82
|
-
principalArn: "roleArn",
|
|
83
|
-
},
|
|
84
|
-
},
|
|
85
|
-
};
|
|
86
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'accessEntries' property is not supported when 'authenticationMode' is not set.");
|
|
87
|
-
});
|
|
88
|
-
const cases = [
|
|
89
|
-
[
|
|
90
|
-
{
|
|
91
|
-
authenticationMode: "CONFIG_MAP",
|
|
92
|
-
roleMappings: [
|
|
93
|
-
{
|
|
94
|
-
roleArn: "roleArn",
|
|
95
|
-
groups: ["test-group"],
|
|
96
|
-
username: "test-role",
|
|
97
|
-
},
|
|
98
|
-
],
|
|
99
|
-
userMappings: [
|
|
100
|
-
{
|
|
101
|
-
userArn: "userArn",
|
|
102
|
-
groups: ["test-group"],
|
|
103
|
-
username: "test-role",
|
|
104
|
-
},
|
|
105
|
-
],
|
|
106
|
-
instanceRoles: [testRole],
|
|
107
|
-
},
|
|
108
|
-
],
|
|
109
|
-
[
|
|
110
|
-
{
|
|
111
|
-
authenticationMode: "API_AND_CONFIG_MAP",
|
|
112
|
-
roleMappings: [
|
|
113
|
-
{
|
|
114
|
-
roleArn: "roleArn",
|
|
115
|
-
groups: ["test-group"],
|
|
116
|
-
username: "test-role",
|
|
117
|
-
},
|
|
118
|
-
],
|
|
119
|
-
userMappings: [
|
|
120
|
-
{
|
|
121
|
-
userArn: "userArn",
|
|
122
|
-
groups: ["test-group"],
|
|
123
|
-
username: "test-role",
|
|
124
|
-
},
|
|
125
|
-
],
|
|
126
|
-
instanceRoles: [testRole],
|
|
127
|
-
accessEntries: {
|
|
128
|
-
entry1: {
|
|
129
|
-
principalArn: "roleArn",
|
|
130
|
-
},
|
|
131
|
-
},
|
|
132
|
-
},
|
|
133
|
-
],
|
|
134
|
-
[
|
|
135
|
-
{
|
|
136
|
-
authenticationMode: "API",
|
|
137
|
-
accessEntries: {
|
|
138
|
-
entry1: {
|
|
139
|
-
principalArn: "roleArn",
|
|
140
|
-
},
|
|
141
|
-
},
|
|
142
|
-
},
|
|
143
|
-
],
|
|
144
|
-
[
|
|
145
|
-
{
|
|
146
|
-
authenticationMode: "API",
|
|
147
|
-
},
|
|
148
|
-
],
|
|
149
|
-
[
|
|
150
|
-
{
|
|
151
|
-
authenticationMode: "CONFIG_MAP",
|
|
152
|
-
},
|
|
153
|
-
],
|
|
154
|
-
[
|
|
155
|
-
{
|
|
156
|
-
authenticationMode: "API_AND_CONFIG_MAP",
|
|
157
|
-
},
|
|
158
|
-
],
|
|
159
|
-
];
|
|
160
|
-
test.each(cases)("should not throw an error for valid authentication mode and properties", (args) => {
|
|
161
|
-
expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).not.toThrow();
|
|
162
|
-
});
|
|
163
|
-
});
|
|
164
|
-
describe("supportsConfigMap", () => {
|
|
165
|
-
it("should return true when authenticationMode is undefined", () => {
|
|
166
|
-
const authenticationMode = undefined;
|
|
167
|
-
const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
|
|
168
|
-
expect(result).toBe(true);
|
|
169
|
-
});
|
|
170
|
-
it("should return true when authenticationMode is CONFIG_MAP", () => {
|
|
171
|
-
const authenticationMode = "CONFIG_MAP";
|
|
172
|
-
const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
|
|
173
|
-
expect(result).toBe(true);
|
|
174
|
-
});
|
|
175
|
-
it("should return true when authenticationMode is API_AND_CONFIG_MAP", () => {
|
|
176
|
-
const authenticationMode = "API_AND_CONFIG_MAP";
|
|
177
|
-
const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
|
|
178
|
-
expect(result).toBe(true);
|
|
179
|
-
});
|
|
180
|
-
it("should return false when authenticationMode is API", () => {
|
|
181
|
-
const authenticationMode = "API";
|
|
182
|
-
const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
|
|
183
|
-
expect(result).toBe(false);
|
|
184
|
-
});
|
|
185
|
-
});
|
|
186
|
-
describe("supportsAccessEntries", () => {
|
|
187
|
-
it("should return true when authenticationMode is API", () => {
|
|
188
|
-
const authenticationMode = "API";
|
|
189
|
-
const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
|
|
190
|
-
expect(result).toBe(true);
|
|
191
|
-
});
|
|
192
|
-
it("should return true when authenticationMode is API_AND_CONFIG_MAP", () => {
|
|
193
|
-
const authenticationMode = "API_AND_CONFIG_MAP";
|
|
194
|
-
const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
|
|
195
|
-
expect(result).toBe(true);
|
|
196
|
-
});
|
|
197
|
-
it("should return false when authenticationMode is CONFIG_MAP", () => {
|
|
198
|
-
const authenticationMode = "CONFIG_MAP";
|
|
199
|
-
const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
|
|
200
|
-
expect(result).toBe(false);
|
|
201
|
-
});
|
|
202
|
-
it("should return false when authenticationMode is undefined", () => {
|
|
203
|
-
const authenticationMode = undefined;
|
|
204
|
-
const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
|
|
205
|
-
expect(result).toBe(false);
|
|
206
|
-
});
|
|
207
|
-
});
|
|
208
|
-
//# sourceMappingURL=authenticationMode.test.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"authenticationMode.test.js","sourceRoot":"","sources":["../authenticationMode.test.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;AAEjC,6DAI8B;AAM9B,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IACxC,MAAM,QAAQ,GAAsB,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;IAExD,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC7D,MAAM,WAAW,GAAQ,cAAc,CAAC;QAExC,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,WAAW;SAClC,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,8GAA8G,CACjH,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACrF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,YAAY,EAAE;gBACV;oBACI,OAAO,EAAE,SAAS;oBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;oBACtB,QAAQ,EAAE,WAAW;iBACxB;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,0GAA0G,CAC7G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACrF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,YAAY,EAAE;gBACV;oBACI,OAAO,EAAE,SAAS;oBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;oBACtB,QAAQ,EAAE,WAAW;iBACxB;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,0GAA0G,CAC7G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gFAAgF,EAAE,GAAG,EAAE;QACtF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,aAAa,EAAE,CAAC,QAAQ,CAAC;SAC5B,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,2GAA2G,CAC9G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAC7F,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,aAAa,EAAE,EAAE;SACpB,CAAC;QAEF,oCAAoC;QACpC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAC7F,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,YAAY;YAChC,aAAa,EAAE;gBACX,MAAM,EAAE;oBACJ,YAAY,EAAE,SAAS;iBAC1B;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,iGAAiG,CACpG,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACnF,MAAM,IAAI,GAAG;YACT,aAAa,EAAE;gBACX,MAAM,EAAE;oBACJ,YAAY,EAAE,SAAS;iBAC1B;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,qFAAqF,CACxF,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAuB;QAC9B;YACI;gBACI,kBAAkB,EAAE,YAAY;gBAChC,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,aAAa,EAAE,CAAC,QAAQ,CAAC;aAC5B;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,oBAAoB;gBACxC,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,aAAa,EAAE,CAAC,QAAQ,CAAC;gBACzB,aAAa,EAAE;oBACX,MAAM,EAAE;wBACJ,YAAY,EAAE,SAAS;qBAC1B;iBACJ;aACJ;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,KAAK;gBACzB,aAAa,EAAE;oBACX,MAAM,EAAE;wBACJ,YAAY,EAAE,SAAS;qBAC1B;iBACJ;aACJ;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,KAAK;aAC5B;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,YAAY;aACnC;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,oBAAoB;aAC3C;SACJ;KACJ,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CACZ,wEAAwE,EACxE,CAAC,IAAI,EAAE,EAAE;QACL,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACjE,CAAC,CACJ,CAAC;AACN,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QAC/D,MAAM,kBAAkB,GAAG,SAAS,CAAC;QACrC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAChE,MAAM,kBAAkB,GAAG,YAAY,CAAC;QACxC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QACxE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;QAChD,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QACzD,MAAM,kBAAkB,GAAG,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QACxE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;QAChD,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACjE,MAAM,kBAAkB,GAAG,YAAY,CAAC;QACxC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAChE,MAAM,kBAAkB,GAAG,SAAS,CAAC;QACrC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
package/cert-thumprint.d.ts
DELETED
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
/// <reference types="node" />
|
|
2
|
-
import * as pulumi from "@pulumi/pulumi";
|
|
3
|
-
import * as http from "http";
|
|
4
|
-
/**
|
|
5
|
-
* Get the certificate thumprint of the issuing CA for the TLS enabled URL.
|
|
6
|
-
*
|
|
7
|
-
* This is used for OIDC provider configuration.
|
|
8
|
-
*
|
|
9
|
-
* See for more details:
|
|
10
|
-
* - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
|
|
11
|
-
* - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
|
|
12
|
-
* - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
|
|
13
|
-
* - https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c
|
|
14
|
-
* - https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/eks/#enabling-iam-roles-for-service-accounts
|
|
15
|
-
*/
|
|
16
|
-
export declare function getIssuerCAThumbprint(issuerUrl: pulumi.Input<string>, agent: http.Agent): pulumi.Output<string>;
|
package/cert-thumprint.js
DELETED
|
@@ -1,113 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// Copyright 2016-2019, Pulumi Corporation.
|
|
3
|
-
//
|
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
-
// you may not use this file except in compliance with the License.
|
|
6
|
-
// You may obtain a copy of the License at
|
|
7
|
-
//
|
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
//
|
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
-
// See the License for the specific language governing permissions and
|
|
14
|
-
// limitations under the License.
|
|
15
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
16
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
17
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
18
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
19
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
20
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
21
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
22
|
-
});
|
|
23
|
-
};
|
|
24
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
25
|
-
exports.getIssuerCAThumbprint = void 0;
|
|
26
|
-
const pulumi = require("@pulumi/pulumi");
|
|
27
|
-
const https = require("https");
|
|
28
|
-
const tls = require("tls");
|
|
29
|
-
const url = require("url");
|
|
30
|
-
const THUMBPRINT_MAX_RETRIES = 12;
|
|
31
|
-
const THUMBPRINT_SLEEP_MILLISECOND_INTERVAL = 5000;
|
|
32
|
-
/**
|
|
33
|
-
* Get the certificate thumprint of the issuing CA for the TLS enabled URL.
|
|
34
|
-
*
|
|
35
|
-
* This is used for OIDC provider configuration.
|
|
36
|
-
*
|
|
37
|
-
* See for more details:
|
|
38
|
-
* - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
|
|
39
|
-
* - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
|
|
40
|
-
* - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
|
|
41
|
-
* - https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c
|
|
42
|
-
* - https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/eks/#enabling-iam-roles-for-service-accounts
|
|
43
|
-
*/
|
|
44
|
-
function getIssuerCAThumbprint(issuerUrl, agent) {
|
|
45
|
-
return pulumi.output(issuerUrl).apply((issUrl) => {
|
|
46
|
-
return getThumbprint(issUrl, THUMBPRINT_MAX_RETRIES, THUMBPRINT_SLEEP_MILLISECOND_INTERVAL, agent);
|
|
47
|
-
});
|
|
48
|
-
}
|
|
49
|
-
exports.getIssuerCAThumbprint = getIssuerCAThumbprint;
|
|
50
|
-
// Thumbprint retrieval below adapted from https://git.io/JvGHB.
|
|
51
|
-
// Find the intermediate root CA cert in a chain of certs by traversing the
|
|
52
|
-
// chain starting from the end user cert, and moving up to it's issuer.
|
|
53
|
-
//
|
|
54
|
-
// See for more details: https://knowledge.digicert.com/solution/SO4261.html
|
|
55
|
-
function findIntRootCACertificate(certificate) {
|
|
56
|
-
var _a;
|
|
57
|
-
let cert = certificate;
|
|
58
|
-
let prevCert = cert === null || cert === void 0 ? void 0 : cert.issuerCertificate;
|
|
59
|
-
// The trusted root cert is the last cert in the chain, and it repeats itself as the issuer.
|
|
60
|
-
// The intermediate root CA cert is the second to last cert in the chain.
|
|
61
|
-
while ((cert === null || cert === void 0 ? void 0 : cert.fingerprint) !== ((_a = cert === null || cert === void 0 ? void 0 : cert.issuerCertificate) === null || _a === void 0 ? void 0 : _a.fingerprint)) {
|
|
62
|
-
prevCert = cert;
|
|
63
|
-
cert = cert.issuerCertificate;
|
|
64
|
-
}
|
|
65
|
-
return prevCert;
|
|
66
|
-
}
|
|
67
|
-
// See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
|
|
68
|
-
// > IAM requires the thumbprint for the root certificate authority (CA) that
|
|
69
|
-
// > signed the certificate used by the external identity provider (IdP). The
|
|
70
|
-
// > thumbprint is a signature for the CA's certificate that was used to issue
|
|
71
|
-
// > the certificate for the OIDC-compatible IdP.
|
|
72
|
-
function getThumbprint(issuerUrl, retriesLeft, interval, agent) {
|
|
73
|
-
return __awaiter(this, void 0, void 0, function* () {
|
|
74
|
-
// For up to 60 seconds (12 retries @ 5000 ms), try to contact the issuer URL.
|
|
75
|
-
try {
|
|
76
|
-
return yield new Promise((resolve, reject) => {
|
|
77
|
-
const options = Object.assign(Object.assign({}, url.parse(issuerUrl)), { agent: agent });
|
|
78
|
-
const req = https
|
|
79
|
-
.get(options)
|
|
80
|
-
.on("error", reject)
|
|
81
|
-
.on("socket", (socket) => {
|
|
82
|
-
if (!(socket instanceof tls.TLSSocket)) {
|
|
83
|
-
req.emit("error", new Error("socket is not of type TLSSocket"));
|
|
84
|
-
return;
|
|
85
|
-
}
|
|
86
|
-
socket.on("secureConnect", () => {
|
|
87
|
-
const certificate = socket.getPeerCertificate(true);
|
|
88
|
-
const fingerprint = findIntRootCACertificate(certificate).fingerprint;
|
|
89
|
-
// Check if certificate is valid
|
|
90
|
-
if (socket.authorized === false) {
|
|
91
|
-
req.emit("error", socket.authorizationError);
|
|
92
|
-
req.destroy();
|
|
93
|
-
return;
|
|
94
|
-
}
|
|
95
|
-
resolve(
|
|
96
|
-
// Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
|
|
97
|
-
fingerprint.split(":").join("").toLowerCase());
|
|
98
|
-
});
|
|
99
|
-
});
|
|
100
|
-
req.end();
|
|
101
|
-
});
|
|
102
|
-
}
|
|
103
|
-
catch (e) {
|
|
104
|
-
if (retriesLeft) {
|
|
105
|
-
pulumi.log.info(`Waiting for cert issuer URL(${THUMBPRINT_MAX_RETRIES - retriesLeft})`, undefined, undefined, true);
|
|
106
|
-
yield new Promise((resolve) => setTimeout(resolve, interval));
|
|
107
|
-
return getThumbprint(issuerUrl, retriesLeft - 1, interval, agent);
|
|
108
|
-
}
|
|
109
|
-
}
|
|
110
|
-
throw new Error("Cannot retrieve the certificate fingerprint at the issuer URL: " + issuerUrl);
|
|
111
|
-
});
|
|
112
|
-
}
|
|
113
|
-
//# sourceMappingURL=cert-thumprint.js.map
|
package/cert-thumprint.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"cert-thumprint.js","sourceRoot":"","sources":["../cert-thumprint.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;;;;;;;;;;AAEjC,yCAAyC;AAEzC,+BAA+B;AAC/B,2BAA2B;AAC3B,2BAA2B;AAE3B,MAAM,sBAAsB,GAAW,EAAE,CAAC;AAC1C,MAAM,qCAAqC,GAAW,IAAI,CAAC;AAE3D;;;;;;;;;;;GAWG;AACH,SAAgB,qBAAqB,CACjC,SAA+B,EAC/B,KAAiB;IAEjB,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;QAC7C,OAAO,aAAa,CAChB,MAAM,EACN,sBAAsB,EACtB,qCAAqC,EACrC,KAAK,CACR,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC;AAZD,sDAYC;AAED,gEAAgE;AAEhE,2EAA2E;AAC3E,uEAAuE;AACvE,EAAE;AACF,4EAA4E;AAC5E,SAAS,wBAAwB,CAC7B,WAAwC;;IAExC,IAAI,IAAI,GAAG,WAAW,CAAC;IACvB,IAAI,QAAQ,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,CAAC;IAEvC,4FAA4F;IAC5F,yEAAyE;IACzE,OAAO,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,OAAK,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,0CAAE,WAAW,CAAA,EAAE;QAC/D,QAAQ,GAAG,IAAI,CAAC;QAChB,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC;KACjC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,+GAA+G;AAC/G,8EAA8E;AAC9E,8EAA8E;AAC9E,+EAA+E;AAC/E,kDAAkD;AAClD,SAAe,aAAa,CACxB,SAAiB,EACjB,WAAmB,EACnB,QAAgB,EAChB,KAAiB;;QAEjB,8EAA8E;QAC9E,IAAI;YACA,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACzC,MAAM,OAAO,mCACN,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,KACvB,KAAK,EAAE,KAAK,GACf,CAAC;gBACF,MAAM,GAAG,GAAG,KAAK;qBACZ,GAAG,CAAC,OAAO,CAAC;qBACZ,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;qBACnB,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;oBACrB,IAAI,CAAC,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,CAAC,EAAE;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;wBAChE,OAAO;qBACV;oBACD,MAAM,CAAC,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE;wBAC5B,MAAM,WAAW,GACb,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;wBACpC,MAAM,WAAW,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;wBACtE,gCAAgC;wBAChC,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,EAAE;4BAC7B,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;4BAC7C,GAAG,CAAC,OAAO,EAAE,CAAC;4BACd,OAAO;yBACV;wBACD,OAAO;wBACH,8GAA8G;wBAC9G,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAChD,CAAC;oBACN,CAAC,CAAC,CAAC;gBACP,CAAC,CAAC,CAAC;gBACP,GAAG,CAAC,GAAG,EAAE,CAAC;YACd,CAAC,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,IAAI,WAAW,EAAE;gBACb,MAAM,CAAC,GAAG,CAAC,IAAI,CACX,+BAA+B,sBAAsB,GAAG,WAAW,GAAG,EACtE,SAAS,EACT,SAAS,EACT,IAAI,CACP,CAAC;gBACF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC9D,OAAO,aAAa,CAAC,SAAS,EAAE,WAAW,GAAG,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;aACrE;SACJ;QACD,MAAM,IAAI,KAAK,CAAC,iEAAiE,GAAG,SAAS,CAAC,CAAC;IACnG,CAAC;CAAA"}
|
package/cmd/provider/addon.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
package/cmd/provider/addon.js
DELETED
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// Copyright 2016-2020, Pulumi Corporation.
|
|
3
|
-
//
|
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
-
// you may not use this file except in compliance with the License.
|
|
6
|
-
// You may obtain a copy of the License at
|
|
7
|
-
//
|
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
//
|
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
-
// See the License for the specific language governing permissions and
|
|
14
|
-
// limitations under the License.
|
|
15
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
-
exports.managedAddonProviderFactory = void 0;
|
|
17
|
-
const addon_1 = require("../../addon");
|
|
18
|
-
const managedAddonProvider = {
|
|
19
|
-
construct: (name, type, inputs, options) => {
|
|
20
|
-
try {
|
|
21
|
-
const addon = new addon_1.Addon(name, inputs, options);
|
|
22
|
-
return Promise.resolve({
|
|
23
|
-
urn: addon.urn,
|
|
24
|
-
state: {
|
|
25
|
-
addon: addon.addon,
|
|
26
|
-
},
|
|
27
|
-
});
|
|
28
|
-
}
|
|
29
|
-
catch (e) {
|
|
30
|
-
return Promise.reject(e);
|
|
31
|
-
}
|
|
32
|
-
},
|
|
33
|
-
version: "", // ignored
|
|
34
|
-
};
|
|
35
|
-
/** @internal */
|
|
36
|
-
function managedAddonProviderFactory() {
|
|
37
|
-
return managedAddonProvider;
|
|
38
|
-
}
|
|
39
|
-
exports.managedAddonProviderFactory = managedAddonProviderFactory;
|
|
40
|
-
//# sourceMappingURL=addon.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"addon.js","sourceRoot":"","sources":["../../../cmd/provider/addon.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAGjC,uCAAoC;AAEpC,MAAM,oBAAoB,GAA6B;IACnD,SAAS,EAAE,CACP,IAAY,EACZ,IAAY,EACZ,MAAqB,EACrB,OAAwC,EAC1C,EAAE;QACA,IAAI;YACA,MAAM,KAAK,GAAG,IAAI,aAAK,CAAC,IAAI,EAAO,MAAM,EAAE,OAAO,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC,OAAO,CAAC;gBACnB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE;oBACH,KAAK,EAAE,KAAK,CAAC,KAAK;iBACrB;aACJ,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;SAC5B;IACL,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,UAAU;CAC1B,CAAC;AAEF,gBAAgB;AAChB,SAAgB,2BAA2B;IACvC,OAAO,oBAAoB,CAAC;AAChC,CAAC;AAFD,kEAEC"}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|