@pulumi/eks 2.8.1 → 3.0.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (125) hide show
  1. package/addon.d.ts +61 -13
  2. package/addon.js +45 -18
  3. package/addon.js.map +1 -1
  4. package/cluster.d.ts +291 -585
  5. package/cluster.js +120 -947
  6. package/cluster.js.map +1 -1
  7. package/clusterCreationRoleProvider.d.ts +28 -0
  8. package/clusterCreationRoleProvider.js +47 -0
  9. package/clusterCreationRoleProvider.js.map +1 -0
  10. package/clusterMixins.d.ts +71 -0
  11. package/clusterMixins.js +107 -0
  12. package/clusterMixins.js.map +1 -0
  13. package/index.d.ts +31 -7
  14. package/index.js +80 -34
  15. package/index.js.map +1 -1
  16. package/managedNodeGroup.d.ts +221 -0
  17. package/managedNodeGroup.js +81 -0
  18. package/managedNodeGroup.js.map +1 -0
  19. package/nodeGroup.d.ts +273 -0
  20. package/nodeGroup.js +93 -0
  21. package/nodeGroup.js.map +1 -0
  22. package/nodeGroupSecurityGroup.d.ts +51 -0
  23. package/nodeGroupSecurityGroup.js +60 -0
  24. package/nodeGroupSecurityGroup.js.map +1 -0
  25. package/nodeGroupV2.d.ts +280 -0
  26. package/nodeGroupV2.js +90 -0
  27. package/nodeGroupV2.js.map +1 -0
  28. package/nodegroupMixins.d.ts +203 -0
  29. package/{securitygroup.js → nodegroupMixins.js} +25 -36
  30. package/nodegroupMixins.js.map +1 -0
  31. package/package.json +8 -36
  32. package/provider.d.ts +21 -0
  33. package/provider.js +38 -0
  34. package/provider.js.map +1 -0
  35. package/{storageclass.js → storageclassMixins.js} +1 -14
  36. package/storageclassMixins.js.map +1 -0
  37. package/types/enums/index.d.ts +170 -0
  38. package/types/enums/index.js +145 -0
  39. package/types/enums/index.js.map +1 -0
  40. package/types/index.d.ts +4 -0
  41. package/types/index.js +13 -0
  42. package/types/index.js.map +1 -0
  43. package/types/input.d.ts +745 -0
  44. package/types/input.js +30 -0
  45. package/types/input.js.map +1 -0
  46. package/types/output.d.ts +422 -0
  47. package/types/output.js +5 -0
  48. package/types/output.js.map +1 -0
  49. package/utilities.d.ts +8 -1
  50. package/utilities.js +90 -17
  51. package/utilities.js.map +1 -1
  52. package/vpcCniAddon.d.ts +175 -0
  53. package/vpcCniAddon.js +88 -0
  54. package/vpcCniAddon.js.map +1 -0
  55. package/LICENSE +0 -202
  56. package/README.md +0 -77
  57. package/authenticationMode.d.ts +0 -24
  58. package/authenticationMode.js +0 -172
  59. package/authenticationMode.js.map +0 -1
  60. package/authenticationMode.test.d.ts +0 -1
  61. package/authenticationMode.test.js +0 -208
  62. package/authenticationMode.test.js.map +0 -1
  63. package/cert-thumprint.d.ts +0 -16
  64. package/cert-thumprint.js +0 -113
  65. package/cert-thumprint.js.map +0 -1
  66. package/cmd/provider/addon.d.ts +0 -1
  67. package/cmd/provider/addon.js +0 -40
  68. package/cmd/provider/addon.js.map +0 -1
  69. package/cmd/provider/cluster.d.ts +0 -1
  70. package/cmd/provider/cluster.js +0 -71
  71. package/cmd/provider/cluster.js.map +0 -1
  72. package/cmd/provider/cni.d.ts +0 -2
  73. package/cmd/provider/cni.js +0 -291
  74. package/cmd/provider/cni.js.map +0 -1
  75. package/cmd/provider/index.d.ts +0 -1
  76. package/cmd/provider/index.js +0 -171
  77. package/cmd/provider/index.js.map +0 -1
  78. package/cmd/provider/nodegroup.d.ts +0 -1
  79. package/cmd/provider/nodegroup.js +0 -89
  80. package/cmd/provider/nodegroup.js.map +0 -1
  81. package/cmd/provider/randomSuffix.d.ts +0 -1
  82. package/cmd/provider/randomSuffix.js +0 -52
  83. package/cmd/provider/randomSuffix.js.map +0 -1
  84. package/cmd/provider/schema.json +0 -1909
  85. package/cmd/provider/securitygroup.d.ts +0 -1
  86. package/cmd/provider/securitygroup.js +0 -41
  87. package/cmd/provider/securitygroup.js.map +0 -1
  88. package/cni/README.md +0 -6
  89. package/cni/aws-k8s-cni.yaml +0 -602
  90. package/cni.d.ts +0 -177
  91. package/cni.js +0 -64
  92. package/cni.js.map +0 -1
  93. package/dashboard/heapster-rbac.yaml +0 -12
  94. package/dashboard/heapster.yaml +0 -46
  95. package/dashboard/influxdb.yaml +0 -40
  96. package/dashboard/kubernetes-dashboard.yaml +0 -167
  97. package/dashboard.d.ts +0 -5
  98. package/dashboard.js +0 -58
  99. package/dashboard.js.map +0 -1
  100. package/dependencies.d.ts +0 -2
  101. package/dependencies.js +0 -81
  102. package/dependencies.js.map +0 -1
  103. package/dependencies.test.d.ts +0 -1
  104. package/dependencies.test.js +0 -133
  105. package/dependencies.test.js.map +0 -1
  106. package/nodegroup.d.ts +0 -515
  107. package/nodegroup.js +0 -1152
  108. package/nodegroup.js.map +0 -1
  109. package/nodegroup.test.d.ts +0 -1
  110. package/nodegroup.test.js +0 -336
  111. package/nodegroup.test.js.map +0 -1
  112. package/package.json.dev +0 -67
  113. package/randomSuffix.d.ts +0 -1
  114. package/randomSuffix.js +0 -51
  115. package/randomSuffix.js.map +0 -1
  116. package/securitygroup.d.ts +0 -52
  117. package/securitygroup.js.map +0 -1
  118. package/servicerole.d.ts +0 -43
  119. package/servicerole.js +0 -72
  120. package/servicerole.js.map +0 -1
  121. package/storageclass.js.map +0 -1
  122. package/utils.d.ts +0 -23
  123. package/utils.js +0 -16
  124. package/utils.js.map +0 -1
  125. /package/{storageclass.d.ts → storageclassMixins.d.ts} +0 -0
@@ -1,172 +0,0 @@
1
- "use strict";
2
- // Copyright 2016-2024, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- Object.defineProperty(exports, "__esModule", { value: true });
16
- exports.createAccessEntries = exports.createAwsAuthData = exports.supportsAccessEntries = exports.supportsConfigMap = exports.validateAuthenticationMode = exports.API = exports.API_AND_CONFIG_MAP = exports.CONFIG_MAP = void 0;
17
- const aws = require("@pulumi/aws");
18
- const pulumi = require("@pulumi/pulumi");
19
- const jsyaml = require("js-yaml");
20
- exports.CONFIG_MAP = "CONFIG_MAP";
21
- exports.API_AND_CONFIG_MAP = "API_AND_CONFIG_MAP";
22
- exports.API = "API";
23
- function validateAuthenticationMode(rawArgs) {
24
- const args = clusterOptionsShallowCopy(rawArgs);
25
- if (args.authenticationMode &&
26
- args.authenticationMode !== exports.CONFIG_MAP &&
27
- args.authenticationMode !== exports.API_AND_CONFIG_MAP &&
28
- args.authenticationMode !== exports.API) {
29
- throw new Error(`Invalid value for authenticationMode: ${args.authenticationMode}. Allowed values are: ${exports.CONFIG_MAP}, ${exports.API_AND_CONFIG_MAP}, ${exports.API}.`);
30
- }
31
- if (!supportsConfigMap(args.authenticationMode)) {
32
- const checkNonEmpty = (prop) => (pv) => {
33
- if (pv !== undefined && pv.length !== 0) {
34
- throw new Error(`The '${prop}' property does not support non-empty values when 'authenticationMode' is set to ` +
35
- `'${args.authenticationMode}'.`);
36
- }
37
- };
38
- args.roleMappings = validatedInput(args.roleMappings, checkNonEmpty("roleMappings"));
39
- args.userMappings = validatedInput(args.userMappings, checkNonEmpty("userMappings"));
40
- args.instanceRoles = validatedInput(args.instanceRoles, checkNonEmpty("instanceRoles"));
41
- }
42
- if (!supportsAccessEntries(args.authenticationMode)) {
43
- const apiOnlyProperties = ["accessEntries"];
44
- apiOnlyProperties.forEach((prop) => {
45
- if (args[prop]) {
46
- const errorMsg = args.authenticationMode != null
47
- ? `set to '${args.authenticationMode}'`
48
- : "not set";
49
- throw new Error(`The '${prop}' property is not supported when 'authenticationMode' is ${errorMsg}.`);
50
- }
51
- });
52
- }
53
- return args;
54
- }
55
- exports.validateAuthenticationMode = validateAuthenticationMode;
56
- // Validate promptly if possible, otherwise validate in the Promise chain underlying the Output and ensure that the
57
- // input is gated on the validation. Unfortunately since apply always unwraps, the validate function required here needs
58
- // to be able to handle both unwrapped and normal forms.
59
- function validatedInput(i, validate) {
60
- if (i instanceof Promise) {
61
- return pulumi.output(i).apply((value) => {
62
- validate(value);
63
- return i;
64
- });
65
- }
66
- else if (pulumi.Output.isInstance(i)) {
67
- return i.apply((value) => {
68
- validate(value);
69
- return i;
70
- });
71
- }
72
- else if (i === undefined) {
73
- validate(undefined);
74
- return undefined;
75
- }
76
- else {
77
- validate(i);
78
- return i;
79
- }
80
- }
81
- // Create a shallow copy of ClusterOptions.
82
- function clusterOptionsShallowCopy(args) {
83
- return Object.assign({}, args);
84
- }
85
- function supportsConfigMap(authenticationMode) {
86
- // If authenticationMode is not provided, it defaults to CONFIG_MAP
87
- return (!authenticationMode ||
88
- authenticationMode === exports.CONFIG_MAP ||
89
- authenticationMode === exports.API_AND_CONFIG_MAP);
90
- }
91
- exports.supportsConfigMap = supportsConfigMap;
92
- function supportsAccessEntries(authenticationMode) {
93
- return authenticationMode === exports.API || authenticationMode === exports.API_AND_CONFIG_MAP;
94
- }
95
- exports.supportsAccessEntries = supportsAccessEntries;
96
- /**
97
- * Creates the AWS authentication data for the aws-auth ConfigMap.
98
- *
99
- * @param instanceRoles - The instance roles to be mapped.
100
- * @param roleMappings - The IAM role mappings to be included.
101
- * @param userMappings - The IAM user mappings to be included.
102
- * @returns The AWS authentication data for the aws-auth ConfigMap.
103
- * @throws Error if the IAM role mappings or user mappings are invalid or cannot be serialized to YAML.
104
- */
105
- function createAwsAuthData(instanceRoles, roleMappings, userMappings) {
106
- const instanceRoleMappings = instanceRoles.apply((roles) => roles.map((role) => createInstanceRoleMapping(role.arn)));
107
- const mapRoles = pulumi
108
- .all([pulumi.output(roleMappings || []), instanceRoleMappings])
109
- .apply(([mappings, instanceMappings]) => {
110
- let mappingYaml = "";
111
- try {
112
- mappingYaml = jsyaml.dump([...mappings, ...instanceMappings].map((m) => ({
113
- rolearn: m.roleArn,
114
- username: m.username,
115
- groups: m.groups,
116
- })));
117
- }
118
- catch (e) {
119
- throw new Error(`The IAM role mappings provided could not be properly serialized to YAML for the aws-auth ConfigMap`);
120
- }
121
- return mappingYaml;
122
- });
123
- const nodeAccessData = {
124
- mapRoles: mapRoles,
125
- };
126
- if (userMappings) {
127
- nodeAccessData.mapUsers = pulumi.output(userMappings).apply((mappings) => {
128
- let mappingYaml = "";
129
- try {
130
- mappingYaml = jsyaml.dump(mappings.map((m) => ({
131
- userarn: m.userArn,
132
- username: m.username,
133
- groups: m.groups,
134
- })));
135
- }
136
- catch (e) {
137
- throw new Error(`The IAM user mappings provided could not be properly serialized to YAML for the aws-auth ConfigMap`);
138
- }
139
- return mappingYaml;
140
- });
141
- }
142
- return nodeAccessData;
143
- }
144
- exports.createAwsAuthData = createAwsAuthData;
145
- function createAccessEntries(componentName, clusterName, accessEntries, opts) {
146
- return Object.entries(accessEntries).map(([name, accessEntry]) => {
147
- const entry = new aws.eks.AccessEntry(`${componentName}-${name}`, Object.assign(Object.assign({}, accessEntry), { clusterName, userName: accessEntry.username }), opts);
148
- Object.entries(accessEntry.accessPolicies || {}).map(([associationName, association]) => {
149
- const associationOutput = pulumi.output(association);
150
- const policyAssociation = new aws.eks.AccessPolicyAssociation(`${componentName}-${name}-${associationName}`, {
151
- accessScope: associationOutput.accessScope,
152
- principalArn: accessEntry.principalArn,
153
- policyArn: associationOutput.policyArn,
154
- clusterName,
155
- }, Object.assign(Object.assign({}, opts), { parent: entry, dependsOn: [entry] }));
156
- });
157
- return entry;
158
- });
159
- }
160
- exports.createAccessEntries = createAccessEntries;
161
- /**
162
- * Enable access to the EKS cluster for worker nodes, by creating an
163
- * instance role mapping to the k8s username and groups of aws-auth.
164
- */
165
- function createInstanceRoleMapping(arn) {
166
- return {
167
- roleArn: arn,
168
- username: "system:node:{{EC2PrivateDNSName}}",
169
- groups: ["system:bootstrappers", "system:nodes"],
170
- };
171
- }
172
- //# sourceMappingURL=authenticationMode.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"authenticationMode.js","sourceRoot":"","sources":["../authenticationMode.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAEjC,mCAAmC;AACnC,yCAAyC;AAEzC,kCAAkC;AAGrB,QAAA,UAAU,GAAG,YAAY,CAAC;AAC1B,QAAA,kBAAkB,GAAG,oBAAoB,CAAC;AAC1C,QAAA,GAAG,GAAG,KAAK,CAAC;AAEzB,SAAgB,0BAA0B,CAAC,OAAuB;IAC9D,MAAM,IAAI,GAAG,yBAAyB,CAAC,OAAO,CAAC,CAAC;IAChD,IACI,IAAI,CAAC,kBAAkB;QACvB,IAAI,CAAC,kBAAkB,KAAK,kBAAU;QACtC,IAAI,CAAC,kBAAkB,KAAK,0BAAkB;QAC9C,IAAI,CAAC,kBAAkB,KAAK,WAAG,EACjC;QACE,MAAM,IAAI,KAAK,CACX,yCAAyC,IAAI,CAAC,kBAAkB,yBAAyB,kBAAU,KAAK,0BAAkB,KAAK,WAAG,GAAG,CACxI,CAAC;KACL;IAED,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;QAC7C,MAAM,aAAa,GACf,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE;YACb,IAAI,EAAE,KAAK,SAAS,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE;gBACrC,MAAM,IAAI,KAAK,CACX,QAAQ,IAAI,mFAAmF;oBAC3F,IAAI,IAAI,CAAC,kBAAkB,IAAI,CACtC,CAAC;aACL;QACL,CAAC,CAAC;QAEN,IAAI,CAAC,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,YAAY,GAAG,cAAc,CAAC,IAAI,CAAC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC,CAAC;QACrF,IAAI,CAAC,aAAa,GAAG,cAAc,CAAC,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,eAAe,CAAC,CAAC,CAAC;KAC3F;IAED,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE;QACjD,MAAM,iBAAiB,GAA6B,CAAC,eAAe,CAAC,CAAC;QACtE,iBAAiB,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/B,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE;gBACZ,MAAM,QAAQ,GACV,IAAI,CAAC,kBAAkB,IAAI,IAAI;oBAC3B,CAAC,CAAC,WAAW,IAAI,CAAC,kBAAkB,GAAG;oBACvC,CAAC,CAAC,SAAS,CAAC;gBACpB,MAAM,IAAI,KAAK,CACX,QAAQ,IAAI,4DAA4D,QAAQ,GAAG,CACtF,CAAC;aACL;QACL,CAAC,CAAC,CAAC;KACN;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AA5CD,gEA4CC;AAED,mHAAmH;AACnH,wHAAwH;AACxH,wDAAwD;AACxD,SAAS,cAAc,CACnB,CAA8B,EAC9B,QAA2D;IAE3D,IAAI,CAAC,YAAY,OAAO,EAAE;QACtB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACpC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChB,OAAO,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;KACN;SAAM,IAAI,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACpC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;YACrB,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChB,OAAO,CAAC,CAAC;QACb,CAAC,CAAC,CAAC;KACN;SAAM,IAAI,CAAC,KAAK,SAAS,EAAE;QACxB,QAAQ,CAAC,SAAS,CAAC,CAAC;QACpB,OAAO,SAAS,CAAC;KACpB;SAAM;QACH,QAAQ,CAAC,CAAC,CAAC,CAAC;QACZ,OAAO,CAAC,CAAC;KACZ;AACL,CAAC;AAED,2CAA2C;AAC3C,SAAS,yBAAyB,CAAC,IAAoB;IACnD,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;AACnC,CAAC;AAED,SAAgB,iBAAiB,CAAC,kBAAsC;IACpE,mEAAmE;IACnE,OAAO,CACH,CAAC,kBAAkB;QACnB,kBAAkB,KAAK,kBAAU;QACjC,kBAAkB,KAAK,0BAAkB,CAC5C,CAAC;AACN,CAAC;AAPD,8CAOC;AAED,SAAgB,qBAAqB,CAAC,kBAAsC;IACxE,OAAO,kBAAkB,KAAK,WAAG,IAAI,kBAAkB,KAAK,0BAAkB,CAAC;AACnF,CAAC;AAFD,sDAEC;AAED;;;;;;;;GAQG;AACH,SAAgB,iBAAiB,CAC7B,aAA4C,EAC5C,YAAmE,EACnE,YAAmE;IAEnE,MAAM,oBAAoB,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACvD,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,yBAAyB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAC3D,CAAC;IAEF,MAAM,QAAQ,GAAG,MAAM;SAClB,GAAG,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,oBAAoB,CAAC,CAAC;SAC9D,KAAK,CAAC,CAAC,CAAC,QAAQ,EAAE,gBAAgB,CAAC,EAAE,EAAE;QACpC,IAAI,WAAW,GAAG,EAAE,CAAC;QACrB,IAAI;YACA,WAAW,GAAG,MAAM,CAAC,IAAI,CACrB,CAAC,GAAG,QAAQ,EAAE,GAAG,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC3C,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;aACnB,CAAC,CAAC,CACN,CAAC;SACL;QAAC,OAAO,CAAC,EAAE;YACR,MAAM,IAAI,KAAK,CACX,oGAAoG,CACvG,CAAC;SACL;QACD,OAAO,WAAW,CAAC;IACvB,CAAC,CAAC,CAAC;IAEP,MAAM,cAAc,GAAQ;QACxB,QAAQ,EAAE,QAAQ;KACrB,CAAC;IACF,IAAI,YAAY,EAAE;QACd,cAAc,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,EAAE;YACrE,IAAI,WAAW,GAAG,EAAE,CAAC;YACrB,IAAI;gBACA,WAAW,GAAG,MAAM,CAAC,IAAI,CACrB,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACjB,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,MAAM,EAAE,CAAC,CAAC,MAAM;iBACnB,CAAC,CAAC,CACN,CAAC;aACL;YAAC,OAAO,CAAC,EAAE;gBACR,MAAM,IAAI,KAAK,CACX,oGAAoG,CACvG,CAAC;aACL;YACD,OAAO,WAAW,CAAC;QACvB,CAAC,CAAC,CAAC;KACN;IACD,OAAO,cAAc,CAAC;AAC1B,CAAC;AApDD,8CAoDC;AAED,SAAgB,mBAAmB,CAC/B,aAAqB,EACrB,WAAiC,EACjC,aAA6C,EAC7C,IAAkC;IAElC,OAAO,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE;QAC7D,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,WAAW,CACjC,GAAG,aAAa,IAAI,IAAI,EAAE,kCAEnB,WAAW,KACd,WAAW,EACX,QAAQ,EAAE,WAAW,CAAC,QAAQ,KAElC,IAAI,CACP,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,eAAe,EAAE,WAAW,CAAC,EAAE,EAAE;YACpF,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;YACrD,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,uBAAuB,CACzD,GAAG,aAAa,IAAI,IAAI,IAAI,eAAe,EAAE,EAC7C;gBACI,WAAW,EAAE,iBAAiB,CAAC,WAAW;gBAC1C,YAAY,EAAE,WAAW,CAAC,YAAY;gBACtC,SAAS,EAAE,iBAAiB,CAAC,SAAS;gBACtC,WAAW;aACd,kCAEM,IAAI,KACP,MAAM,EAAE,KAAK,EACb,SAAS,EAAE,CAAC,KAAK,CAAC,IAEzB,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,OAAO,KAAK,CAAC;IACjB,CAAC,CAAC,CAAC;AACP,CAAC;AArCD,kDAqCC;AAED;;;GAGG;AACH,SAAS,yBAAyB,CAAC,GAAyB;IACxD,OAAO;QACH,OAAO,EAAE,GAAG;QACZ,QAAQ,EAAE,mCAAmC;QAC7C,MAAM,EAAE,CAAC,sBAAsB,EAAE,cAAc,CAAC;KACnD,CAAC;AACN,CAAC"}
@@ -1 +0,0 @@
1
- export {};
@@ -1,208 +0,0 @@
1
- "use strict";
2
- // Copyright 2016-2024, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- Object.defineProperty(exports, "__esModule", { value: true });
16
- const authenticationMode_1 = require("./authenticationMode");
17
- describe("validateAuthenticationMode", () => {
18
- const testRole = { arn: "testRole" };
19
- it("should throw an error for invalid authentication mode", () => {
20
- const invalidMode = "INVALID_MODE";
21
- const args = {
22
- authenticationMode: invalidMode,
23
- };
24
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("Invalid value for authenticationMode: INVALID_MODE. Allowed values are: CONFIG_MAP, API_AND_CONFIG_MAP, API.");
25
- });
26
- it("should throw an error for roleMappings when authentication mode is set to API", () => {
27
- const args = {
28
- authenticationMode: "API",
29
- roleMappings: [
30
- {
31
- roleArn: "roleArn",
32
- groups: ["test-group"],
33
- username: "test-role",
34
- },
35
- ],
36
- };
37
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'roleMappings' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
38
- });
39
- it("should throw an error for userMappings when authentication mode is set to API", () => {
40
- const args = {
41
- authenticationMode: "API",
42
- userMappings: [
43
- {
44
- userArn: "userArn",
45
- groups: ["test-group"],
46
- username: "test-role",
47
- },
48
- ],
49
- };
50
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'userMappings' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
51
- });
52
- it("should throw an error for instanceRoles when authentication mode is set to API", () => {
53
- const args = {
54
- authenticationMode: "API",
55
- instanceRoles: [testRole],
56
- };
57
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'instanceRoles' property does not support non-empty values when 'authenticationMode' is set to 'API'.");
58
- });
59
- it("should not throw an error for instanceRoles=[] when authentication mode is set to API", () => {
60
- const args = {
61
- authenticationMode: "API",
62
- instanceRoles: [],
63
- };
64
- // This should not throw exceptions:
65
- (0, authenticationMode_1.validateAuthenticationMode)(args);
66
- });
67
- it("should throw an error for accessEntries when authentication mode is set to CONFIG_MAP", () => {
68
- const args = {
69
- authenticationMode: "CONFIG_MAP",
70
- accessEntries: {
71
- entry1: {
72
- principalArn: "roleArn",
73
- },
74
- },
75
- };
76
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'accessEntries' property is not supported when 'authenticationMode' is set to 'CONFIG_MAP'.");
77
- });
78
- it("should throw an error for accessEntries when authentication mode is not set", () => {
79
- const args = {
80
- accessEntries: {
81
- entry1: {
82
- principalArn: "roleArn",
83
- },
84
- },
85
- };
86
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).toThrowError("The 'accessEntries' property is not supported when 'authenticationMode' is not set.");
87
- });
88
- const cases = [
89
- [
90
- {
91
- authenticationMode: "CONFIG_MAP",
92
- roleMappings: [
93
- {
94
- roleArn: "roleArn",
95
- groups: ["test-group"],
96
- username: "test-role",
97
- },
98
- ],
99
- userMappings: [
100
- {
101
- userArn: "userArn",
102
- groups: ["test-group"],
103
- username: "test-role",
104
- },
105
- ],
106
- instanceRoles: [testRole],
107
- },
108
- ],
109
- [
110
- {
111
- authenticationMode: "API_AND_CONFIG_MAP",
112
- roleMappings: [
113
- {
114
- roleArn: "roleArn",
115
- groups: ["test-group"],
116
- username: "test-role",
117
- },
118
- ],
119
- userMappings: [
120
- {
121
- userArn: "userArn",
122
- groups: ["test-group"],
123
- username: "test-role",
124
- },
125
- ],
126
- instanceRoles: [testRole],
127
- accessEntries: {
128
- entry1: {
129
- principalArn: "roleArn",
130
- },
131
- },
132
- },
133
- ],
134
- [
135
- {
136
- authenticationMode: "API",
137
- accessEntries: {
138
- entry1: {
139
- principalArn: "roleArn",
140
- },
141
- },
142
- },
143
- ],
144
- [
145
- {
146
- authenticationMode: "API",
147
- },
148
- ],
149
- [
150
- {
151
- authenticationMode: "CONFIG_MAP",
152
- },
153
- ],
154
- [
155
- {
156
- authenticationMode: "API_AND_CONFIG_MAP",
157
- },
158
- ],
159
- ];
160
- test.each(cases)("should not throw an error for valid authentication mode and properties", (args) => {
161
- expect(() => (0, authenticationMode_1.validateAuthenticationMode)(args)).not.toThrow();
162
- });
163
- });
164
- describe("supportsConfigMap", () => {
165
- it("should return true when authenticationMode is undefined", () => {
166
- const authenticationMode = undefined;
167
- const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
168
- expect(result).toBe(true);
169
- });
170
- it("should return true when authenticationMode is CONFIG_MAP", () => {
171
- const authenticationMode = "CONFIG_MAP";
172
- const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
173
- expect(result).toBe(true);
174
- });
175
- it("should return true when authenticationMode is API_AND_CONFIG_MAP", () => {
176
- const authenticationMode = "API_AND_CONFIG_MAP";
177
- const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
178
- expect(result).toBe(true);
179
- });
180
- it("should return false when authenticationMode is API", () => {
181
- const authenticationMode = "API";
182
- const result = (0, authenticationMode_1.supportsConfigMap)(authenticationMode);
183
- expect(result).toBe(false);
184
- });
185
- });
186
- describe("supportsAccessEntries", () => {
187
- it("should return true when authenticationMode is API", () => {
188
- const authenticationMode = "API";
189
- const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
190
- expect(result).toBe(true);
191
- });
192
- it("should return true when authenticationMode is API_AND_CONFIG_MAP", () => {
193
- const authenticationMode = "API_AND_CONFIG_MAP";
194
- const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
195
- expect(result).toBe(true);
196
- });
197
- it("should return false when authenticationMode is CONFIG_MAP", () => {
198
- const authenticationMode = "CONFIG_MAP";
199
- const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
200
- expect(result).toBe(false);
201
- });
202
- it("should return false when authenticationMode is undefined", () => {
203
- const authenticationMode = undefined;
204
- const result = (0, authenticationMode_1.supportsAccessEntries)(authenticationMode);
205
- expect(result).toBe(false);
206
- });
207
- });
208
- //# sourceMappingURL=authenticationMode.test.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"authenticationMode.test.js","sourceRoot":"","sources":["../authenticationMode.test.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;AAEjC,6DAI8B;AAM9B,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;IACxC,MAAM,QAAQ,GAAsB,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;IAExD,EAAE,CAAC,uDAAuD,EAAE,GAAG,EAAE;QAC7D,MAAM,WAAW,GAAQ,cAAc,CAAC;QAExC,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,WAAW;SAClC,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,8GAA8G,CACjH,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACrF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,YAAY,EAAE;gBACV;oBACI,OAAO,EAAE,SAAS;oBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;oBACtB,QAAQ,EAAE,WAAW;iBACxB;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,0GAA0G,CAC7G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+EAA+E,EAAE,GAAG,EAAE;QACrF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,YAAY,EAAE;gBACV;oBACI,OAAO,EAAE,SAAS;oBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;oBACtB,QAAQ,EAAE,WAAW;iBACxB;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,0GAA0G,CAC7G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gFAAgF,EAAE,GAAG,EAAE;QACtF,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,aAAa,EAAE,CAAC,QAAQ,CAAC;SAC5B,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,2GAA2G,CAC9G,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAC7F,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,KAAK;YACzB,aAAa,EAAE,EAAE;SACpB,CAAC;QAEF,oCAAoC;QACpC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uFAAuF,EAAE,GAAG,EAAE;QAC7F,MAAM,IAAI,GAAmB;YACzB,kBAAkB,EAAE,YAAY;YAChC,aAAa,EAAE;gBACX,MAAM,EAAE;oBACJ,YAAY,EAAE,SAAS;iBAC1B;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,iGAAiG,CACpG,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6EAA6E,EAAE,GAAG,EAAE;QACnF,MAAM,IAAI,GAAG;YACT,aAAa,EAAE;gBACX,MAAM,EAAE;oBACJ,YAAY,EAAE,SAAS;iBAC1B;aACJ;SACJ,CAAC;QAEF,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,YAAY,CACvD,qFAAqF,CACxF,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAuB;QAC9B;YACI;gBACI,kBAAkB,EAAE,YAAY;gBAChC,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,aAAa,EAAE,CAAC,QAAQ,CAAC;aAC5B;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,oBAAoB;gBACxC,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,YAAY,EAAE;oBACV;wBACI,OAAO,EAAE,SAAS;wBAClB,MAAM,EAAE,CAAC,YAAY,CAAC;wBACtB,QAAQ,EAAE,WAAW;qBACxB;iBACJ;gBACD,aAAa,EAAE,CAAC,QAAQ,CAAC;gBACzB,aAAa,EAAE;oBACX,MAAM,EAAE;wBACJ,YAAY,EAAE,SAAS;qBAC1B;iBACJ;aACJ;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,KAAK;gBACzB,aAAa,EAAE;oBACX,MAAM,EAAE;wBACJ,YAAY,EAAE,SAAS;qBAC1B;iBACJ;aACJ;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,KAAK;aAC5B;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,YAAY;aACnC;SACJ;QACD;YACI;gBACI,kBAAkB,EAAE,oBAAoB;aAC3C;SACJ;KACJ,CAAC;IAEF,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CACZ,wEAAwE,EACxE,CAAC,IAAI,EAAE,EAAE;QACL,MAAM,CAAC,GAAG,EAAE,CAAC,IAAA,+CAA0B,EAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC;IACjE,CAAC,CACJ,CAAC;AACN,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IAC/B,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QAC/D,MAAM,kBAAkB,GAAG,SAAS,CAAC;QACrC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAChE,MAAM,kBAAkB,GAAG,YAAY,CAAC;QACxC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QACxE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;QAChD,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC1D,MAAM,kBAAkB,GAAG,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,IAAA,sCAAiB,EAAC,kBAAkB,CAAC,CAAC;QACrD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;QACzD,MAAM,kBAAkB,GAAG,KAAK,CAAC;QACjC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QACxE,MAAM,kBAAkB,GAAG,oBAAoB,CAAC;QAChD,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACjE,MAAM,kBAAkB,GAAG,YAAY,CAAC;QACxC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAChE,MAAM,kBAAkB,GAAG,SAAS,CAAC;QACrC,MAAM,MAAM,GAAG,IAAA,0CAAqB,EAAC,kBAAkB,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
@@ -1,16 +0,0 @@
1
- /// <reference types="node" />
2
- import * as pulumi from "@pulumi/pulumi";
3
- import * as http from "http";
4
- /**
5
- * Get the certificate thumprint of the issuing CA for the TLS enabled URL.
6
- *
7
- * This is used for OIDC provider configuration.
8
- *
9
- * See for more details:
10
- * - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
11
- * - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
12
- * - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
13
- * - https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c
14
- * - https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/eks/#enabling-iam-roles-for-service-accounts
15
- */
16
- export declare function getIssuerCAThumbprint(issuerUrl: pulumi.Input<string>, agent: http.Agent): pulumi.Output<string>;
package/cert-thumprint.js DELETED
@@ -1,113 +0,0 @@
1
- "use strict";
2
- // Copyright 2016-2019, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
16
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
17
- return new (P || (P = Promise))(function (resolve, reject) {
18
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
19
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
20
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
21
- step((generator = generator.apply(thisArg, _arguments || [])).next());
22
- });
23
- };
24
- Object.defineProperty(exports, "__esModule", { value: true });
25
- exports.getIssuerCAThumbprint = void 0;
26
- const pulumi = require("@pulumi/pulumi");
27
- const https = require("https");
28
- const tls = require("tls");
29
- const url = require("url");
30
- const THUMBPRINT_MAX_RETRIES = 12;
31
- const THUMBPRINT_SLEEP_MILLISECOND_INTERVAL = 5000;
32
- /**
33
- * Get the certificate thumprint of the issuing CA for the TLS enabled URL.
34
- *
35
- * This is used for OIDC provider configuration.
36
- *
37
- * See for more details:
38
- * - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
39
- * - https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html
40
- * - https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/
41
- * - https://medium.com/@marcincuber/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c
42
- * - https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/eks/#enabling-iam-roles-for-service-accounts
43
- */
44
- function getIssuerCAThumbprint(issuerUrl, agent) {
45
- return pulumi.output(issuerUrl).apply((issUrl) => {
46
- return getThumbprint(issUrl, THUMBPRINT_MAX_RETRIES, THUMBPRINT_SLEEP_MILLISECOND_INTERVAL, agent);
47
- });
48
- }
49
- exports.getIssuerCAThumbprint = getIssuerCAThumbprint;
50
- // Thumbprint retrieval below adapted from https://git.io/JvGHB.
51
- // Find the intermediate root CA cert in a chain of certs by traversing the
52
- // chain starting from the end user cert, and moving up to it's issuer.
53
- //
54
- // See for more details: https://knowledge.digicert.com/solution/SO4261.html
55
- function findIntRootCACertificate(certificate) {
56
- var _a;
57
- let cert = certificate;
58
- let prevCert = cert === null || cert === void 0 ? void 0 : cert.issuerCertificate;
59
- // The trusted root cert is the last cert in the chain, and it repeats itself as the issuer.
60
- // The intermediate root CA cert is the second to last cert in the chain.
61
- while ((cert === null || cert === void 0 ? void 0 : cert.fingerprint) !== ((_a = cert === null || cert === void 0 ? void 0 : cert.issuerCertificate) === null || _a === void 0 ? void 0 : _a.fingerprint)) {
62
- prevCert = cert;
63
- cert = cert.issuerCertificate;
64
- }
65
- return prevCert;
66
- }
67
- // See: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
68
- // > IAM requires the thumbprint for the root certificate authority (CA) that
69
- // > signed the certificate used by the external identity provider (IdP). The
70
- // > thumbprint is a signature for the CA's certificate that was used to issue
71
- // > the certificate for the OIDC-compatible IdP.
72
- function getThumbprint(issuerUrl, retriesLeft, interval, agent) {
73
- return __awaiter(this, void 0, void 0, function* () {
74
- // For up to 60 seconds (12 retries @ 5000 ms), try to contact the issuer URL.
75
- try {
76
- return yield new Promise((resolve, reject) => {
77
- const options = Object.assign(Object.assign({}, url.parse(issuerUrl)), { agent: agent });
78
- const req = https
79
- .get(options)
80
- .on("error", reject)
81
- .on("socket", (socket) => {
82
- if (!(socket instanceof tls.TLSSocket)) {
83
- req.emit("error", new Error("socket is not of type TLSSocket"));
84
- return;
85
- }
86
- socket.on("secureConnect", () => {
87
- const certificate = socket.getPeerCertificate(true);
88
- const fingerprint = findIntRootCACertificate(certificate).fingerprint;
89
- // Check if certificate is valid
90
- if (socket.authorized === false) {
91
- req.emit("error", socket.authorizationError);
92
- req.destroy();
93
- return;
94
- }
95
- resolve(
96
- // Ref: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html
97
- fingerprint.split(":").join("").toLowerCase());
98
- });
99
- });
100
- req.end();
101
- });
102
- }
103
- catch (e) {
104
- if (retriesLeft) {
105
- pulumi.log.info(`Waiting for cert issuer URL(${THUMBPRINT_MAX_RETRIES - retriesLeft})`, undefined, undefined, true);
106
- yield new Promise((resolve) => setTimeout(resolve, interval));
107
- return getThumbprint(issuerUrl, retriesLeft - 1, interval, agent);
108
- }
109
- }
110
- throw new Error("Cannot retrieve the certificate fingerprint at the issuer URL: " + issuerUrl);
111
- });
112
- }
113
- //# sourceMappingURL=cert-thumprint.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"cert-thumprint.js","sourceRoot":"","sources":["../cert-thumprint.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;;;;;;;;;;AAEjC,yCAAyC;AAEzC,+BAA+B;AAC/B,2BAA2B;AAC3B,2BAA2B;AAE3B,MAAM,sBAAsB,GAAW,EAAE,CAAC;AAC1C,MAAM,qCAAqC,GAAW,IAAI,CAAC;AAE3D;;;;;;;;;;;GAWG;AACH,SAAgB,qBAAqB,CACjC,SAA+B,EAC/B,KAAiB;IAEjB,OAAO,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM,EAAE,EAAE;QAC7C,OAAO,aAAa,CAChB,MAAM,EACN,sBAAsB,EACtB,qCAAqC,EACrC,KAAK,CACR,CAAC;IACN,CAAC,CAAC,CAAC;AACP,CAAC;AAZD,sDAYC;AAED,gEAAgE;AAEhE,2EAA2E;AAC3E,uEAAuE;AACvE,EAAE;AACF,4EAA4E;AAC5E,SAAS,wBAAwB,CAC7B,WAAwC;;IAExC,IAAI,IAAI,GAAG,WAAW,CAAC;IACvB,IAAI,QAAQ,GAAG,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,CAAC;IAEvC,4FAA4F;IAC5F,yEAAyE;IACzE,OAAO,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,WAAW,OAAK,MAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,iBAAiB,0CAAE,WAAW,CAAA,EAAE;QAC/D,QAAQ,GAAG,IAAI,CAAC;QAChB,IAAI,GAAG,IAAI,CAAC,iBAAiB,CAAC;KACjC;IACD,OAAO,QAAQ,CAAC;AACpB,CAAC;AAED,+GAA+G;AAC/G,8EAA8E;AAC9E,8EAA8E;AAC9E,+EAA+E;AAC/E,kDAAkD;AAClD,SAAe,aAAa,CACxB,SAAiB,EACjB,WAAmB,EACnB,QAAgB,EAChB,KAAiB;;QAEjB,8EAA8E;QAC9E,IAAI;YACA,OAAO,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACzC,MAAM,OAAO,mCACN,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,KACvB,KAAK,EAAE,KAAK,GACf,CAAC;gBACF,MAAM,GAAG,GAAG,KAAK;qBACZ,GAAG,CAAC,OAAO,CAAC;qBACZ,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;qBACnB,EAAE,CAAC,QAAQ,EAAE,CAAC,MAAM,EAAE,EAAE;oBACrB,IAAI,CAAC,CAAC,MAAM,YAAY,GAAG,CAAC,SAAS,CAAC,EAAE;wBACpC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC,CAAC;wBAChE,OAAO;qBACV;oBACD,MAAM,CAAC,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE;wBAC5B,MAAM,WAAW,GACb,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;wBACpC,MAAM,WAAW,GAAG,wBAAwB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;wBACtE,gCAAgC;wBAChC,IAAI,MAAM,CAAC,UAAU,KAAK,KAAK,EAAE;4BAC7B,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,kBAAkB,CAAC,CAAC;4BAC7C,GAAG,CAAC,OAAO,EAAE,CAAC;4BACd,OAAO;yBACV;wBACD,OAAO;wBACH,8GAA8G;wBAC9G,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAChD,CAAC;oBACN,CAAC,CAAC,CAAC;gBACP,CAAC,CAAC,CAAC;gBACP,GAAG,CAAC,GAAG,EAAE,CAAC;YACd,CAAC,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,IAAI,WAAW,EAAE;gBACb,MAAM,CAAC,GAAG,CAAC,IAAI,CACX,+BAA+B,sBAAsB,GAAG,WAAW,GAAG,EACtE,SAAS,EACT,SAAS,EACT,IAAI,CACP,CAAC;gBACF,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;gBAC9D,OAAO,aAAa,CAAC,SAAS,EAAE,WAAW,GAAG,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;aACrE;SACJ;QACD,MAAM,IAAI,KAAK,CAAC,iEAAiE,GAAG,SAAS,CAAC,CAAC;IACnG,CAAC;CAAA"}
@@ -1 +0,0 @@
1
- export {};
@@ -1,40 +0,0 @@
1
- "use strict";
2
- // Copyright 2016-2020, Pulumi Corporation.
3
- //
4
- // Licensed under the Apache License, Version 2.0 (the "License");
5
- // you may not use this file except in compliance with the License.
6
- // You may obtain a copy of the License at
7
- //
8
- // http://www.apache.org/licenses/LICENSE-2.0
9
- //
10
- // Unless required by applicable law or agreed to in writing, software
11
- // distributed under the License is distributed on an "AS IS" BASIS,
12
- // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
- // See the License for the specific language governing permissions and
14
- // limitations under the License.
15
- Object.defineProperty(exports, "__esModule", { value: true });
16
- exports.managedAddonProviderFactory = void 0;
17
- const addon_1 = require("../../addon");
18
- const managedAddonProvider = {
19
- construct: (name, type, inputs, options) => {
20
- try {
21
- const addon = new addon_1.Addon(name, inputs, options);
22
- return Promise.resolve({
23
- urn: addon.urn,
24
- state: {
25
- addon: addon.addon,
26
- },
27
- });
28
- }
29
- catch (e) {
30
- return Promise.reject(e);
31
- }
32
- },
33
- version: "", // ignored
34
- };
35
- /** @internal */
36
- function managedAddonProviderFactory() {
37
- return managedAddonProvider;
38
- }
39
- exports.managedAddonProviderFactory = managedAddonProviderFactory;
40
- //# sourceMappingURL=addon.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"addon.js","sourceRoot":"","sources":["../../../cmd/provider/addon.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAGjC,uCAAoC;AAEpC,MAAM,oBAAoB,GAA6B;IACnD,SAAS,EAAE,CACP,IAAY,EACZ,IAAY,EACZ,MAAqB,EACrB,OAAwC,EAC1C,EAAE;QACA,IAAI;YACA,MAAM,KAAK,GAAG,IAAI,aAAK,CAAC,IAAI,EAAO,MAAM,EAAE,OAAO,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC,OAAO,CAAC;gBACnB,GAAG,EAAE,KAAK,CAAC,GAAG;gBACd,KAAK,EAAE;oBACH,KAAK,EAAE,KAAK,CAAC,KAAK;iBACrB;aACJ,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;SAC5B;IACL,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,UAAU;CAC1B,CAAC;AAEF,gBAAgB;AAChB,SAAgB,2BAA2B;IACvC,OAAO,oBAAoB,CAAC;AAChC,CAAC;AAFD,kEAEC"}
@@ -1 +0,0 @@
1
- export {};