mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-10-19 21:59:54 +00:00
4f0bb2315b
With Amazon STS and kubernetes cluster is configured with OIDC identity provider, credentials to access Amazon KMS can be fetched using oidc-token(serviceaccount token). Each tenant/namespace needs to create a secret with aws region, role and CMK ARN. Ceph-CSI will assume the given role with oidc token and access aws KMS, with given CMK to encrypt/decrypt DEK which will stored in the image metdata. Refer: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html Resolves: #2879 Signed-off-by: Rakshith R <rar@redhat.com>
157 lines
5.2 KiB
Go
157 lines
5.2 KiB
Go
// Code generated by smithy-go-codegen DO NOT EDIT.
|
|
|
|
package sts
|
|
|
|
import (
|
|
"context"
|
|
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
|
|
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
|
|
"github.com/aws/smithy-go/middleware"
|
|
smithyhttp "github.com/aws/smithy-go/transport/http"
|
|
)
|
|
|
|
// Returns details about the IAM user or role whose credentials are used to call
|
|
// the operation. No permissions are required to perform this operation. If an
|
|
// administrator adds a policy to your IAM user or role that explicitly denies
|
|
// access to the sts:GetCallerIdentity action, you can still perform this
|
|
// operation. Permissions are not required because the same information is returned
|
|
// when an IAM user or role is denied access. To view an example response, see I Am
|
|
// Not Authorized to Perform: iam:DeleteVirtualMFADevice
|
|
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_access-denied-delete-mfa)
|
|
// in the IAM User Guide.
|
|
func (c *Client) GetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*Options)) (*GetCallerIdentityOutput, error) {
|
|
if params == nil {
|
|
params = &GetCallerIdentityInput{}
|
|
}
|
|
|
|
result, metadata, err := c.invokeOperation(ctx, "GetCallerIdentity", params, optFns, c.addOperationGetCallerIdentityMiddlewares)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
out := result.(*GetCallerIdentityOutput)
|
|
out.ResultMetadata = metadata
|
|
return out, nil
|
|
}
|
|
|
|
type GetCallerIdentityInput struct {
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
// Contains the response to a successful GetCallerIdentity request, including
|
|
// information about the entity making the request.
|
|
type GetCallerIdentityOutput struct {
|
|
|
|
// The Amazon Web Services account ID number of the account that owns or contains
|
|
// the calling entity.
|
|
Account *string
|
|
|
|
// The Amazon Web Services ARN associated with the calling entity.
|
|
Arn *string
|
|
|
|
// The unique identifier of the calling entity. The exact value depends on the type
|
|
// of entity that is making the call. The values returned are those listed in the
|
|
// aws:userid column in the Principal table
|
|
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#principaltable)
|
|
// found on the Policy Variables reference page in the IAM User Guide.
|
|
UserId *string
|
|
|
|
// Metadata pertaining to the operation's result.
|
|
ResultMetadata middleware.Metadata
|
|
|
|
noSmithyDocumentSerde
|
|
}
|
|
|
|
func (c *Client) addOperationGetCallerIdentityMiddlewares(stack *middleware.Stack, options Options) (err error) {
|
|
err = stack.Serialize.Add(&awsAwsquery_serializeOpGetCallerIdentity{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = stack.Deserialize.Add(&awsAwsquery_deserializeOpGetCallerIdentity{}, middleware.After)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if err = addSetLoggerMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResolveEndpointMiddleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRetryMiddlewares(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addClientUserAgent(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opGetCallerIdentity(options.Region), middleware.Before); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addResponseErrorMiddleware(stack); err != nil {
|
|
return err
|
|
}
|
|
if err = addRequestResponseLogging(stack, options); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func newServiceMetadataMiddleware_opGetCallerIdentity(region string) *awsmiddleware.RegisterServiceMetadata {
|
|
return &awsmiddleware.RegisterServiceMetadata{
|
|
Region: region,
|
|
ServiceID: ServiceID,
|
|
SigningName: "sts",
|
|
OperationName: "GetCallerIdentity",
|
|
}
|
|
}
|
|
|
|
// PresignGetCallerIdentity is used to generate a presigned HTTP Request which
|
|
// contains presigned URL, signed headers and HTTP method used.
|
|
func (c *PresignClient) PresignGetCallerIdentity(ctx context.Context, params *GetCallerIdentityInput, optFns ...func(*PresignOptions)) (*v4.PresignedHTTPRequest, error) {
|
|
if params == nil {
|
|
params = &GetCallerIdentityInput{}
|
|
}
|
|
options := c.options.copy()
|
|
for _, fn := range optFns {
|
|
fn(&options)
|
|
}
|
|
clientOptFns := append(options.ClientOptions, withNopHTTPClientAPIOption)
|
|
|
|
result, _, err := c.client.invokeOperation(ctx, "GetCallerIdentity", params, clientOptFns,
|
|
c.client.addOperationGetCallerIdentityMiddlewares,
|
|
presignConverter(options).convertToPresignMiddleware,
|
|
)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
out := result.(*v4.PresignedHTTPRequest)
|
|
return out, nil
|
|
}
|