/
getAwsRole.go
171 lines (149 loc) · 6.29 KB
/
getAwsRole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***
package spacelift
import (
"context"
"reflect"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumix"
"github.com/spacelift-io/pulumi-spacelift/sdk/v2/go/spacelift/internal"
)
// `AwsRole` represents [cross-account IAM role delegation](https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html) between the Spacelift worker and an individual stack or module. If this is set, Spacelift will use AWS STS to assume the supplied IAM role and put its temporary credentials in the runtime environment.
//
// If you use private workers, you can also assume IAM role on the worker side using your own AWS credentials (e.g. from EC2 instance profile).
//
// Note: when assuming credentials for **shared worker**, Spacelift will use `$accountName@$stackID` or `$accountName@$moduleID` as [external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) and `$runID@$stackID@$accountName` truncated to 64 characters as [session ID](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole).
//
// ## Example Usage
//
// ```go
// package main
//
// import (
//
// "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
// "github.com/spacelift-io/pulumi-spacelift/sdk/v2/go/spacelift"
//
// )
//
// func main() {
// pulumi.Run(func(ctx *pulumi.Context) error {
// _, err := spacelift.LookupAwsRole(ctx, &spacelift.LookupAwsRoleArgs{
// ModuleId: pulumi.StringRef("k8s-module"),
// }, nil)
// if err != nil {
// return err
// }
// _, err = spacelift.LookupAwsRole(ctx, &spacelift.LookupAwsRoleArgs{
// StackId: pulumi.StringRef("k8s-core"),
// }, nil)
// if err != nil {
// return err
// }
// return nil
// })
// }
//
// ```
func LookupAwsRole(ctx *pulumi.Context, args *LookupAwsRoleArgs, opts ...pulumi.InvokeOption) (*LookupAwsRoleResult, error) {
opts = internal.PkgInvokeDefaultOpts(opts)
var rv LookupAwsRoleResult
err := ctx.Invoke("spacelift:index/getAwsRole:getAwsRole", args, &rv, opts...)
if err != nil {
return nil, err
}
return &rv, nil
}
// A collection of arguments for invoking getAwsRole.
type LookupAwsRoleArgs struct {
// ID of the module which assumes the AWS IAM role
ModuleId *string `pulumi:"moduleId"`
// ID of the stack which assumes the AWS IAM role
StackId *string `pulumi:"stackId"`
}
// A collection of values returned by getAwsRole.
type LookupAwsRoleResult struct {
// AWS IAM role session duration in seconds
DurationSeconds int `pulumi:"durationSeconds"`
// Custom external ID (works only for private workers).
ExternalId string `pulumi:"externalId"`
// Generate AWS credentials in the private worker
GenerateCredentialsInWorker bool `pulumi:"generateCredentialsInWorker"`
// The provider-assigned unique ID for this managed resource.
Id string `pulumi:"id"`
// ID of the module which assumes the AWS IAM role
ModuleId *string `pulumi:"moduleId"`
// ARN of the AWS IAM role to attach
RoleArn string `pulumi:"roleArn"`
// ID of the stack which assumes the AWS IAM role
StackId *string `pulumi:"stackId"`
}
func LookupAwsRoleOutput(ctx *pulumi.Context, args LookupAwsRoleOutputArgs, opts ...pulumi.InvokeOption) LookupAwsRoleResultOutput {
return pulumi.ToOutputWithContext(context.Background(), args).
ApplyT(func(v interface{}) (LookupAwsRoleResult, error) {
args := v.(LookupAwsRoleArgs)
r, err := LookupAwsRole(ctx, &args, opts...)
var s LookupAwsRoleResult
if r != nil {
s = *r
}
return s, err
}).(LookupAwsRoleResultOutput)
}
// A collection of arguments for invoking getAwsRole.
type LookupAwsRoleOutputArgs struct {
// ID of the module which assumes the AWS IAM role
ModuleId pulumi.StringPtrInput `pulumi:"moduleId"`
// ID of the stack which assumes the AWS IAM role
StackId pulumi.StringPtrInput `pulumi:"stackId"`
}
func (LookupAwsRoleOutputArgs) ElementType() reflect.Type {
return reflect.TypeOf((*LookupAwsRoleArgs)(nil)).Elem()
}
// A collection of values returned by getAwsRole.
type LookupAwsRoleResultOutput struct{ *pulumi.OutputState }
func (LookupAwsRoleResultOutput) ElementType() reflect.Type {
return reflect.TypeOf((*LookupAwsRoleResult)(nil)).Elem()
}
func (o LookupAwsRoleResultOutput) ToLookupAwsRoleResultOutput() LookupAwsRoleResultOutput {
return o
}
func (o LookupAwsRoleResultOutput) ToLookupAwsRoleResultOutputWithContext(ctx context.Context) LookupAwsRoleResultOutput {
return o
}
func (o LookupAwsRoleResultOutput) ToOutput(ctx context.Context) pulumix.Output[LookupAwsRoleResult] {
return pulumix.Output[LookupAwsRoleResult]{
OutputState: o.OutputState,
}
}
// AWS IAM role session duration in seconds
func (o LookupAwsRoleResultOutput) DurationSeconds() pulumi.IntOutput {
return o.ApplyT(func(v LookupAwsRoleResult) int { return v.DurationSeconds }).(pulumi.IntOutput)
}
// Custom external ID (works only for private workers).
func (o LookupAwsRoleResultOutput) ExternalId() pulumi.StringOutput {
return o.ApplyT(func(v LookupAwsRoleResult) string { return v.ExternalId }).(pulumi.StringOutput)
}
// Generate AWS credentials in the private worker
func (o LookupAwsRoleResultOutput) GenerateCredentialsInWorker() pulumi.BoolOutput {
return o.ApplyT(func(v LookupAwsRoleResult) bool { return v.GenerateCredentialsInWorker }).(pulumi.BoolOutput)
}
// The provider-assigned unique ID for this managed resource.
func (o LookupAwsRoleResultOutput) Id() pulumi.StringOutput {
return o.ApplyT(func(v LookupAwsRoleResult) string { return v.Id }).(pulumi.StringOutput)
}
// ID of the module which assumes the AWS IAM role
func (o LookupAwsRoleResultOutput) ModuleId() pulumi.StringPtrOutput {
return o.ApplyT(func(v LookupAwsRoleResult) *string { return v.ModuleId }).(pulumi.StringPtrOutput)
}
// ARN of the AWS IAM role to attach
func (o LookupAwsRoleResultOutput) RoleArn() pulumi.StringOutput {
return o.ApplyT(func(v LookupAwsRoleResult) string { return v.RoleArn }).(pulumi.StringOutput)
}
// ID of the stack which assumes the AWS IAM role
func (o LookupAwsRoleResultOutput) StackId() pulumi.StringPtrOutput {
return o.ApplyT(func(v LookupAwsRoleResult) *string { return v.StackId }).(pulumi.StringPtrOutput)
}
func init() {
pulumi.RegisterOutputType(LookupAwsRoleResultOutput{})
}