type AccessDeniedException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
You don't have permissions to perform the requested operation. The IAM principal making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM User Guide.
func (s *AccessDeniedException) Code() string
Code returns the exception type name.
func (s *AccessDeniedException) Error() string
func (s AccessDeniedException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AccessDeniedException) Message() string
Message returns the exception's message.
func (s *AccessDeniedException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *AccessDeniedException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *AccessDeniedException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s AccessDeniedException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AssumeRoleForPodIdentityInput struct { // The name of the cluster for the request. // // ClusterName is a required field ClusterName *string `location:"uri" locationName:"clusterName" min:"1" type:"string" required:"true"` // The token of the Kubernetes service account for the pod. // // Token is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AssumeRoleForPodIdentityInput's // String and GoString methods. // // Token is a required field Token *string `locationName:"token" min:"1" type:"string" required:"true" sensitive:"true"` // contains filtered or unexported fields }
func (s AssumeRoleForPodIdentityInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssumeRoleForPodIdentityInput) SetClusterName(v string) *AssumeRoleForPodIdentityInput
SetClusterName sets the ClusterName field's value.
func (s *AssumeRoleForPodIdentityInput) SetToken(v string) *AssumeRoleForPodIdentityInput
SetToken sets the Token field's value.
func (s AssumeRoleForPodIdentityInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssumeRoleForPodIdentityInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AssumeRoleForPodIdentityOutput struct { // An object with the permanent IAM role identity and the temporary session // name. // // The ARN of the IAM role that the temporary credentials authenticate to. // // The session name of the temporary session requested to STS. The value is // a unique identifier that contains the role ID, a colon (:), and the role // session name of the role that is being assumed. The role ID is generated // by IAM when the role is created. The role session name part of the value // follows this format: eks-clustername-podname-random UUID // // AssumedRoleUser is a required field AssumedRoleUser *AssumedRoleUser `locationName:"assumedRoleUser" type:"structure" required:"true"` // The identity that is allowed to use the credentials. This value is always // pods.eks.amazonaws.com. // // Audience is a required field Audience *string `locationName:"audience" type:"string" required:"true"` // The Amazon Web Services Signature Version 4 type of temporary credentials. // // Credentials is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by AssumeRoleForPodIdentityOutput's // String and GoString methods. // // Credentials is a required field Credentials *Credentials `locationName:"credentials" type:"structure" required:"true" sensitive:"true"` // The Amazon Resource Name (ARN) and ID of the EKS Pod Identity association. // // PodIdentityAssociation is a required field PodIdentityAssociation *PodIdentityAssociation `locationName:"podIdentityAssociation" type:"structure" required:"true"` // The name of the Kubernetes service account inside the cluster to associate // the IAM credentials with. // // Subject is a required field Subject *Subject `locationName:"subject" type:"structure" required:"true"` // contains filtered or unexported fields }
func (s AssumeRoleForPodIdentityOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssumeRoleForPodIdentityOutput) SetAssumedRoleUser(v *AssumedRoleUser) *AssumeRoleForPodIdentityOutput
SetAssumedRoleUser sets the AssumedRoleUser field's value.
func (s *AssumeRoleForPodIdentityOutput) SetAudience(v string) *AssumeRoleForPodIdentityOutput
SetAudience sets the Audience field's value.
func (s *AssumeRoleForPodIdentityOutput) SetCredentials(v *Credentials) *AssumeRoleForPodIdentityOutput
SetCredentials sets the Credentials field's value.
func (s *AssumeRoleForPodIdentityOutput) SetPodIdentityAssociation(v *PodIdentityAssociation) *AssumeRoleForPodIdentityOutput
SetPodIdentityAssociation sets the PodIdentityAssociation field's value.
func (s *AssumeRoleForPodIdentityOutput) SetSubject(v *Subject) *AssumeRoleForPodIdentityOutput
SetSubject sets the Subject field's value.
func (s AssumeRoleForPodIdentityOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AssumedRoleUser struct { // The ARN of the IAM role that the temporary credentials authenticate to. // // Arn is a required field Arn *string `locationName:"arn" type:"string" required:"true"` // The session name of the temporary session requested to STS. The value is // a unique identifier that contains the role ID, a colon (:), and the role // session name of the role that is being assumed. The role ID is generated // by IAM when the role is created. The role session name part of the value // follows this format: eks-clustername-podname-random UUID // // AssumeRoleId is a required field AssumeRoleId *string `locationName:"assumeRoleId" type:"string" required:"true"` // contains filtered or unexported fields }
An object with the permanent IAM role identity and the temporary session name.
func (s AssumedRoleUser) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssumedRoleUser) SetArn(v string) *AssumedRoleUser
SetArn sets the Arn field's value.
func (s *AssumedRoleUser) SetAssumeRoleId(v string) *AssumedRoleUser
SetAssumeRoleId sets the AssumeRoleId field's value.
func (s AssumedRoleUser) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Credentials struct { // The access key ID that identifies the temporary security credentials. // // AccessKeyId is a required field AccessKeyId *string `locationName:"accessKeyId" type:"string" required:"true"` // The Unix epoch timestamp in seconds when the current credentials expire. // // Expiration is a required field Expiration *time.Time `locationName:"expiration" type:"timestamp" required:"true"` // The secret access key that applications inside the pods use to sign requests. // // SecretAccessKey is a required field SecretAccessKey *string `locationName:"secretAccessKey" type:"string" required:"true"` // The token that applications inside the pods must pass to any service API // to use the temporary credentials. // // SessionToken is a required field SessionToken *string `locationName:"sessionToken" type:"string" required:"true"` // contains filtered or unexported fields }
The Amazon Web Services Signature Version 4 type of temporary credentials.
func (s Credentials) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Credentials) SetAccessKeyId(v string) *Credentials
SetAccessKeyId sets the AccessKeyId field's value.
func (s *Credentials) SetExpiration(v time.Time) *Credentials
SetExpiration sets the Expiration field's value.
func (s *Credentials) SetSecretAccessKey(v string) *Credentials
SetSecretAccessKey sets the SecretAccessKey field's value.
func (s *Credentials) SetSessionToken(v string) *Credentials
SetSessionToken sets the SessionToken field's value.
func (s Credentials) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type EKSAuth struct { *client.Client }
EKSAuth provides the API operation methods for making requests to Amazon EKS Auth. See this package's package overview docs for details on the service.
EKSAuth methods are safe to use concurrently. It is not safe to modify mutate any of the struct's properties though.
func New(p client.ConfigProvider, cfgs ...*aws.Config) *EKSAuth
New creates a new instance of the EKSAuth client with a session. If additional configuration is needed for the client instance use the optional aws.Config parameter to add your extra config.
Example:
mySession := session.Must(session.NewSession()) // Create a EKSAuth client from just a session. svc := eksauth.New(mySession) // Create a EKSAuth client with additional configuration svc := eksauth.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func (c *EKSAuth) AssumeRoleForPodIdentity(input *AssumeRoleForPodIdentityInput) (*AssumeRoleForPodIdentityOutput, error)
AssumeRoleForPodIdentity API operation for Amazon EKS Auth.
The Amazon EKS Auth API and the AssumeRoleForPodIdentity action are only used by the EKS Pod Identity Agent.
We recommend that applications use the Amazon Web Services SDKs to connect to Amazon Web Services services; if credentials from an EKS Pod Identity association are available in the pod, the latest versions of the SDKs use them automatically.
Returns awserr.Error for service API and SDK errors. Use runtime type assertions with awserr.Error's Code and Message methods to get detailed information about the error.
See the AWS API reference guide for Amazon EKS Auth's API operation AssumeRoleForPodIdentity for usage and error information.
Returned Error Types:
ThrottlingException The request was denied because your request rate is too high. Reduce the frequency of requests.
InvalidRequestException This exception is thrown if the request contains a semantic error. The precise meaning will depend on the API, and will be documented in the error message.
AccessDeniedException You don't have permissions to perform the requested operation. The IAM principal making the request must have at least one IAM permissions policy attached that grants the required permissions. For more information, see Access management (https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the IAM User Guide.
InternalServerException These errors are usually caused by a server-side issue.
InvalidTokenException The specified Kubernetes service account token is invalid.
InvalidParameterException The specified parameter is invalid. Review the available parameters for the API request.
ExpiredTokenException The specified Kubernetes service account token is expired.
ResourceNotFoundException The specified resource could not be found.
ServiceUnavailableException The service is unavailable. Back off and retry the operation.
func (c *EKSAuth) AssumeRoleForPodIdentityRequest(input *AssumeRoleForPodIdentityInput) (req *request.Request, output *AssumeRoleForPodIdentityOutput)
AssumeRoleForPodIdentityRequest generates a "aws/request.Request" representing the client's request for the AssumeRoleForPodIdentity operation. The "output" return value will be populated with the request's response once the request completes successfully.
Use "Send" method on the returned Request to send the API call to the service. the "output" return value is not valid until after Send returns without error.
See AssumeRoleForPodIdentity for more information on using the AssumeRoleForPodIdentity API call, and error handling.
This method is useful when you want to inject custom logic or configuration into the SDK's request lifecycle. Such as custom headers, or retry logic.
// Example sending a request using the AssumeRoleForPodIdentityRequest method. req, resp := client.AssumeRoleForPodIdentityRequest(params) err := req.Send() if err == nil { // resp is now filled fmt.Println(resp) }
func (c *EKSAuth) AssumeRoleForPodIdentityWithContext(ctx aws.Context, input *AssumeRoleForPodIdentityInput, opts ...request.Option) (*AssumeRoleForPodIdentityOutput, error)
AssumeRoleForPodIdentityWithContext is the same as AssumeRoleForPodIdentity with the addition of the ability to pass a context and additional request options.
See AssumeRoleForPodIdentity for details on how to use this API operation.
The context must be non-nil and will be used for request cancellation. If the context is nil a panic will occur. In the future the SDK may create sub-contexts for http.Requests. See https://golang.org/pkg/context/ for more information on using Contexts.
type ExpiredTokenException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The specified Kubernetes service account token is expired.
func (s *ExpiredTokenException) Code() string
Code returns the exception type name.
func (s *ExpiredTokenException) Error() string
func (s ExpiredTokenException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ExpiredTokenException) Message() string
Message returns the exception's message.
func (s *ExpiredTokenException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ExpiredTokenException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ExpiredTokenException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ExpiredTokenException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type InternalServerException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
These errors are usually caused by a server-side issue.
func (s *InternalServerException) Code() string
Code returns the exception type name.
func (s *InternalServerException) Error() string
func (s InternalServerException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *InternalServerException) Message() string
Message returns the exception's message.
func (s *InternalServerException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *InternalServerException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s InternalServerException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type InvalidParameterException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The specified parameter is invalid. Review the available parameters for the API request.
func (s *InvalidParameterException) Code() string
Code returns the exception type name.
func (s *InvalidParameterException) Error() string
func (s InvalidParameterException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *InvalidParameterException) Message() string
Message returns the exception's message.
func (s *InvalidParameterException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidParameterException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *InvalidParameterException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s InvalidParameterException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type InvalidRequestException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
This exception is thrown if the request contains a semantic error. The precise meaning will depend on the API, and will be documented in the error message.
func (s *InvalidRequestException) Code() string
Code returns the exception type name.
func (s *InvalidRequestException) Error() string
func (s InvalidRequestException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *InvalidRequestException) Message() string
Message returns the exception's message.
func (s *InvalidRequestException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidRequestException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *InvalidRequestException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s InvalidRequestException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type InvalidTokenException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The specified Kubernetes service account token is invalid.
func (s *InvalidTokenException) Code() string
Code returns the exception type name.
func (s *InvalidTokenException) Error() string
func (s InvalidTokenException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *InvalidTokenException) Message() string
Message returns the exception's message.
func (s *InvalidTokenException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidTokenException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *InvalidTokenException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s InvalidTokenException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PodIdentityAssociation struct { // The Amazon Resource Name (ARN) of the EKS Pod Identity association. // // AssociationArn is a required field AssociationArn *string `locationName:"associationArn" type:"string" required:"true"` // The ID of the association. // // AssociationId is a required field AssociationId *string `locationName:"associationId" type:"string" required:"true"` // contains filtered or unexported fields }
Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances.
func (s PodIdentityAssociation) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PodIdentityAssociation) SetAssociationArn(v string) *PodIdentityAssociation
SetAssociationArn sets the AssociationArn field's value.
func (s *PodIdentityAssociation) SetAssociationId(v string) *PodIdentityAssociation
SetAssociationId sets the AssociationId field's value.
func (s PodIdentityAssociation) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ResourceNotFoundException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The specified resource could not be found.
func (s *ResourceNotFoundException) Code() string
Code returns the exception type name.
func (s *ResourceNotFoundException) Error() string
func (s ResourceNotFoundException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResourceNotFoundException) Message() string
Message returns the exception's message.
func (s *ResourceNotFoundException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ResourceNotFoundException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ServiceUnavailableException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The service is unavailable. Back off and retry the operation.
func (s *ServiceUnavailableException) Code() string
Code returns the exception type name.
func (s *ServiceUnavailableException) Error() string
func (s ServiceUnavailableException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ServiceUnavailableException) Message() string
Message returns the exception's message.
func (s *ServiceUnavailableException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ServiceUnavailableException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ServiceUnavailableException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ServiceUnavailableException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Subject struct { // The name of the Kubernetes namespace inside the cluster to create the association // in. The service account and the pods that use the service account must be // in this namespace. // // Namespace is a required field Namespace *string `locationName:"namespace" type:"string" required:"true"` // The name of the Kubernetes service account inside the cluster to associate // the IAM credentials with. // // ServiceAccount is a required field ServiceAccount *string `locationName:"serviceAccount" type:"string" required:"true"` // contains filtered or unexported fields }
An object containing the name of the Kubernetes service account inside the cluster to associate the IAM credentials with.
func (s Subject) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Subject) SetNamespace(v string) *Subject
SetNamespace sets the Namespace field's value.
func (s *Subject) SetServiceAccount(v string) *Subject
SetServiceAccount sets the ServiceAccount field's value.
func (s Subject) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ThrottlingException struct { RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` Message_ *string `locationName:"message" type:"string"` // contains filtered or unexported fields }
The request was denied because your request rate is too high. Reduce the frequency of requests.
func (s *ThrottlingException) Code() string
Code returns the exception type name.
func (s *ThrottlingException) Error() string
func (s ThrottlingException) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ThrottlingException) Message() string
Message returns the exception's message.
func (s *ThrottlingException) OrigErr() error
OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) RequestID() string
RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) StatusCode() int
Status code returns the HTTP status code for the request's response error.
func (s ThrottlingException) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".