/
irsa.go
56 lines (50 loc) · 1.24 KB
/
irsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package irsa
import (
"github.com/awslabs/eksdemo/pkg/cmd"
"github.com/awslabs/eksdemo/pkg/eksctl"
"github.com/awslabs/eksdemo/pkg/resource"
"github.com/awslabs/eksdemo/pkg/template"
)
func NewResource() *resource.Resource {
res := &resource.Resource{
Command: cmd.Command{
Name: "irsa",
Description: "IAM Role for a Service Account",
Args: []string{"SERVICEACCOUNT"},
},
Manager: &eksctl.ResourceManager{
Resource: "iamserviceaccount",
ConfigTemplate: &template.TextTemplate{
Template: eksctl.EksctlHeader + eksctlIamHeader + EksctlTemplate,
},
ApproveCreate: true,
ApproveDelete: true,
},
}
return addOptions(res)
}
func NewResourceWithOptions(options *IrsaOptions) *resource.Resource {
res := NewResource()
res.Options = options
return res
}
const eksctlIamHeader = `
iam:
withOIDC: true
serviceAccounts:`
const EksctlTemplate = `
- metadata:
name: {{ .ServiceAccount }}
namespace: {{ .Namespace }}
roleName: {{ .RoleName }}
roleOnly: true
{{- if .PolicyType | .IsPolicyDocument }}
attachPolicy:
{{- .PolicyDocTemplate.Render . | indent 6 }}
{{- end }}
{{- if .PolicyType | .IsPolicyARN }}
attachPolicyARNs:
{{- range .Policy }}
- {{ . }}
{{- end }}
{{- end }}`