-
Notifications
You must be signed in to change notification settings - Fork 415
/
mapper.go
63 lines (50 loc) · 1.31 KB
/
mapper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package configmap
import (
"strings"
"sigs.k8s.io/aws-iam-authenticator/pkg/config"
"sigs.k8s.io/aws-iam-authenticator/pkg/mapper"
)
type ConfigMapMapper struct {
*MapStore
}
var _ mapper.Mapper = &ConfigMapMapper{}
var EKSYaml = false
func NewConfigMapMapper(cfg config.Config) (*ConfigMapMapper, error) {
EKSYaml = cfg.EKSYaml
ms, err := New(cfg.Master, cfg.Kubeconfig)
if err != nil {
return nil, err
}
return &ConfigMapMapper{ms}, nil
}
func (m *ConfigMapMapper) Name() string {
return mapper.ModeEKSConfigMap
}
func (m *ConfigMapMapper) Start(stopCh <-chan struct{}) error {
m.startLoadConfigMap(stopCh)
return nil
}
func (m *ConfigMapMapper) Map(canonicalARN string) (*config.IdentityMapping, error) {
canonicalARN = strings.ToLower(canonicalARN)
rm, err := m.RoleMapping(canonicalARN)
// TODO: Check for non Role/UserNotFound errors
if err == nil {
return &config.IdentityMapping{
IdentityARN: canonicalARN,
Username: rm.Username,
Groups: rm.Groups,
}, nil
}
um, err := m.UserMapping(canonicalARN)
if err == nil {
return &config.IdentityMapping{
IdentityARN: canonicalARN,
Username: um.Username,
Groups: um.Groups,
}, nil
}
return nil, mapper.ErrNotMapped
}
func (m *ConfigMapMapper) IsAccountAllowed(accountID string) bool {
return m.AWSAccount(accountID)
}