K8s controller to manage the aws-auth configmap

aws-auth-manager

A kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD.

The aws-auth configmap is used to give RBAC access to IAM users and roles. Because it is a single object, it makes complicated to add and remove entries from multiple sources.

The aws-auth-manager provides the ability to define multiple AWSAuthItem objects that will be merged to create thew aws-auth configmap.

Example spec

apiVersion: aws.maruina.k8s/v1alpha1
kind: AWSAuthItem
metadata:
  name: example-one
spec:
  mapRoles:
    - rolearn: arn:aws:iam::111122223333:role/eksctl-my-cluster-nodegroup-standard-wo-NodeInstanceRole-1WP3NUE3O6UCF
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
  mapUsers:
    - userarn: arn:aws:iam::111122223333:user/admin
      username: admin
      groups:
        - system:masters
    - userarn: arn:aws:iam::111122223333:user/ops-user
      username: ops-user
      groups:
        - system:masters

TODO

  • Add validation webhook for roleArn and userArn
  • More test cases?
  • Helm chart
  • Release
Owner
Matteo Ruina
Engineer at @Skyscanner
Matteo Ruina
https://github.com/maruina/aws-auth-manager
Comments
  • Update module k8s.io/client-go to v1

    Update module k8s.io/client-go to v1

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/client-go | require | major | v0.22.4 -> v1.5.2 |

    Release Notes

    kubernetes/client-go

    v1.5.2

    Compare Source

    v1.5.1

    Compare Source

    v1.5.0

    Compare Source

    v1.4.0

    Compare Source

    Configuration

    πŸ“… Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

  • Update module k8s.io/client-go to v1

    Update module k8s.io/client-go to v1

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/client-go | require | major | v0.23.0 -> v1.5.2 |

    Release Notes

    kubernetes/client-go

    v1.5.2

    Compare Source

    v1.5.1

    Compare Source

    v1.5.0

    Compare Source

    v1.4.0

    Compare Source

    v0.23.1

    Compare Source

    Configuration

    πŸ“… Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

  • Update golang Docker tag to v1.17 - autoclosed

    Update golang Docker tag to v1.17 - autoclosed

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | golang | stage | minor | 1.16 -> 1.17 |

    Configuration

    πŸ“… Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

  • Update module github.com/onsi/gomega to v1.21.1

    Update module github.com/onsi/gomega to v1.21.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/onsi/gomega | require | minor | v1.20.2 -> v1.21.1 |

    Release Notes

    onsi/gomega

    v1.21.1

    Compare Source

    Features
    • Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]

    v1.21.0

    Compare Source

    1.21.0

    Features
    • Eventually and Consistently can take a context.Context [65c01bc] This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.
    • Introduces Eventually.Within.ProbeEvery with tests and documentation (#​591) [f633800]
    • New BeKeyOf matcher with documentation and unit tests (#​590) [fb586b3]

    Fixes

    • Cover the entire gmeasure suite with leak detection [8c54344]
    • Fix gmeasure leak [119d4ce]
    • Ignore new Ginkgo ProgressSignal goroutine in gleak [ba548e2]

    Maintenance

    • Fixes crashes on newer Ruby 3 installations by upgrading github-pages gem dependency (#​596) [12469a0]

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/aws/aws-sdk-go-v2 to v1.16.15

    Update module github.com/aws/aws-sdk-go-v2 to v1.16.15

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/aws/aws-sdk-go-v2 | require | patch | v1.16.14 -> v1.16.15 |

    Release Notes

    aws/aws-sdk-go-v2

    v1.16.15

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module sigs.k8s.io/controller-runtime to v0.13.0

    Update module sigs.k8s.io/controller-runtime to v0.13.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | sigs.k8s.io/controller-runtime | require | minor | v0.12.3 -> v0.13.0 |

    Release Notes

    kubernetes-sigs/controller-runtime

    v0.13.0

    Compare Source

    changes since v0.12.3

    :warning: Breaking Changes

    • Do not mutate the global warning handler (#​1944)
    • Add GetOptions as optional argument of client.Reader and all its implementation (#​1917)

    :sparkles: New Features

    :bug: Bug Fixes

    • Rearange EventBroadcaster log statement. (#​1974)
    • Fix log depth for DelegatingLogSink (#​1975)
    • Remove no-op clientgo reflector metrics (#​1946)
    • Fix webhook write response error for broken HTTP connection (#​1930)
    • Fix issue with starting multiple test envs (#​1910)
    • don't override global log in builder (#​1907)
    • skip mutation handler when received deletion verb (#​1765)
    • fix loading CRDs from multiple directories in envtests (#​1904)

    Thanks to all our contributors!

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/aws/aws-sdk-go-v2 to v1.16.14

    Update module github.com/aws/aws-sdk-go-v2 to v1.16.14

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/aws/aws-sdk-go-v2 | require | patch | v1.16.13 -> v1.16.14 |

    Release Notes

    aws/aws-sdk-go-v2

    v1.16.14

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/aws/aws-sdk-go-v2 to v1.16.13

    Update module github.com/aws/aws-sdk-go-v2 to v1.16.13

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/aws/aws-sdk-go-v2 | require | patch | v1.16.12 -> v1.16.13 |

    Release Notes

    aws/aws-sdk-go-v2

    v1.16.13

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/onsi/gomega to v1.20.2

    Update module github.com/onsi/gomega to v1.20.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/onsi/gomega | require | patch | v1.20.1 -> v1.20.2 |

    Release Notes

    onsi/gomega

    v1.20.2

    Compare Source

    1.20.2

    Fixes

    • label specs that rely on remote access; bump timeout on short-circuit test to make it less flaky [35eeadf]
    • gexec: allow more headroom for SIGABRT-related unit tests (#​581) [5b78f40]
    • Enable reading from a closed gbytes.Buffer (#​575) [061fd26]

    Maintenance

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/aws/aws-sdk-go-v2 to v1.16.12

    Update module github.com/aws/aws-sdk-go-v2 to v1.16.12

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/aws/aws-sdk-go-v2 | require | patch | v1.16.11 -> v1.16.12 |

    Release Notes

    aws/aws-sdk-go-v2

    v1.16.12

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/onsi/gomega to v1.20.1

    Update module github.com/onsi/gomega to v1.20.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/onsi/gomega | require | patch | v1.20.0 -> v1.20.1 |

    Release Notes

    onsi/gomega

    v1.20.1

    Compare Source

    1.20.1

    Fixes

    Maintenance

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update docker/build-push-action action to v3.2.0

    Update docker/build-push-action action to v3.2.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | docker/build-push-action | action | minor | v3.1.1 -> v3.2.0 |

    Release Notes

    docker/build-push-action

    v3.2.0

    Compare Source

    What's Changed

    Full Changelog: https://github.com/docker/build-push-action/compare/v3.1.1...v3.2.0

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update module github.com/onsi/gomega to v1.24.1

    Update module github.com/onsi/gomega to v1.24.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/onsi/gomega | require | minor | v1.21.1 -> v1.24.1 |

    Release Notes

    onsi/gomega

    v1.24.1

    Compare Source

    v1.24.0

    Compare Source

    1.24.0

    Features

    Introducting gcustom - a convenient mechanism for building custom matchers.

    This is an RC release for gcustom. The external API may be tweaked in response to feedback however it is expected to remain mostly stable.

    Maintenance
    • Update BeComparableTo documentation [756eaa0]

    v1.23.0

    Compare Source

    1.23.0

    Features

    • Custom formatting on a per-type basis can be provided using format.RegisterCustomFormatter() -- see the docs here

    • Substantial improvement have been made to StopTrying():

      • Users can now use StopTrying().Wrap(err) to wrap errors and StopTrying().Attach(description, object) to attach arbitrary objects to the StopTrying() error
      • StopTrying() is now always interpreted as a failure. If you are an early adopter of StopTrying() you may need to change your code as the prior version would match against the returned value even if StopTrying() was returned. Going forward the StopTrying() api should remain stable.
      • StopTrying() and StopTrying().Now() can both be used in matchers - not just polled functions.

    • TryAgainAfter(duration) is used like StopTrying() but instructs Eventually and Consistently that the poll should be tried again after the specified duration. This allows you to dynamically adjust the polling duration.

    • ctx can now be passed-in as the first argument to Eventually and Consistently.

    Maintenance

    v1.22.1

    Compare Source

    1.22.1

    Fixes

    • When passed a context and no explicit timeout, Eventually will only timeout when the context is cancelled [e5105cf]
    • Allow StopTrying() to be wrapped [bf3cba9]

    Maintenance

    v1.22.0

    Compare Source

    1.22.0

    Features

    Several improvements have been made to Eventually and Consistently in this and the most recent releases:

    • Eventually and Consistently can take a context.Context [65c01bc] This enables integration with Ginkgo 2.3.0's interruptible nodes and node timeouts.
    • Eventually and Consistently that are passed a SpecContext can provide reports when an interrupt occurs [0d063c9]
    • Eventually/Consistently will forward an attached context to functions that ask for one [e2091c5]
    • Eventually/Consistently supports passing arguments to functions via WithArguments() [a2dc7c3]
    • Eventually and Consistently can now be stopped early with StopTrying(message) and StopTrying(message).Now() [52976bb]

    These improvements are all documented in Gomega's docs

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update actions/setup-python action to v4.3.0

    Update actions/setup-python action to v4.3.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/setup-python | action | minor | v4.2.0 -> v4.3.0 |

    Release Notes

    actions/setup-python

    v4.3.0

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update actions/checkout action to v3.1.0

    Update actions/checkout action to v3.1.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/checkout | action | minor | v3.0.2 -> v3.1.0 |

    Release Notes

    actions/checkout

    v3.1.0

    Compare Source

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update helm/chart-testing-action action to v2.3.1

    Update helm/chart-testing-action action to v2.3.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | helm/chart-testing-action | action | patch | v2.3.0 -> v2.3.1 |

    Release Notes

    helm/chart-testing-action

    v2.3.1

    Compare Source

    What's Changed

    Full Changelog: https://github.com/helm/chart-testing-action/compare/v2.3.0...v2.3.1

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

  • Update helm/kind-action action to v1.4.0

    Update helm/kind-action action to v1.4.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | helm/kind-action | action | minor | v1.3.0 -> v1.4.0 |

    Release Notes

    helm/kind-action

    v1.4.0

    Compare Source

    What's Changed

    Full Changelog: https://github.com/helm/kind-action/compare/v1.3.0...v1.4.0

    Configuration

    πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

Related tags
Authentication & OAuth aws-auth-manager
vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault.

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

Jul 30, 2021
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

Nov 17, 2021
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support
 Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Sep 29, 2022
The boss of http auth.
 The boss of http auth.

Authboss Authboss is a modular authentication system for the web. It has several modules that represent authentication and authorization features that

Jan 6, 2023
Validate Django auth session in Golang

GoDjangoSession Valid for django 3.0.5 Usage: package main import ( "encoding/base64" "fmt" "session/auth" "github.com/Kuzyashin/GoDjangoSession"

Aug 23, 2022
Golang Mongodb Jwt Auth Example Using Echo
 Golang Mongodb Jwt Auth Example Using Echo

Golang Mongodb Jwt Auth Example Using Echo Golang Mongodb Rest Api Example Using Echo Prerequisites Golang 1.16.x Docker 19.03+ Docker Compose 1.25+ I

Nov 30, 2022
Durudex Auth Service

⚑️ Durudex Auth Service Durudex Auth Service ?? Prerequisites Go 1.17 migrate grpc βš™οΈ Build & Run Create an .env file in the root directory and add th

Dec 13, 2022
Figma Auth service for Haiku Animator

Figma Auth service for Haiku Animator In order to use Haiku Animator's Figma integration, a service must be running to perform OAuth2 token exchange.

Dec 4, 2022
Golang Kalkancrypt Wrapper - simple digital signature auth service
 Golang Kalkancrypt Wrapper - simple digital signature auth service

Golang Kalkancrypt Wrapper WIP ⭐ Star on GitHub β€” it motivates me a lot! Overview Golang Kalkancrypt Wrapper - это простой Π²Π΅Π±-сСрвис для Π°ΡƒΡ‚Π΅Π½Ρ‚ΠΈΡ„ΠΈΠΊΠ°Ρ†

Dec 1, 2022
Run multiple auth functions by relation

Relation Run multiple auth functions by relation. Signatures func New(relation string, conditions ...func(c *fiber.Ctx) bool) fiber.Handler Import imp

Oct 31, 2021
Auth Middleware for session & white-listed routing

Auth Middleware for session & white-listed routing

Nov 4, 2021
Auth Go microservice for managing authentication sessions

cryptomath-go-auth Auth Go microservice for managing authentication sessions. Install dependencies $ make deps Build $ make vendor $ make build Databa

Mar 4, 2022
HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Nov 9, 2022
Auth microservice for PRPO subject at UNI LJ

prpo-auth microservice This repository contains a source code for user management microservice used in a demo project developed under PRPO subject at

Jan 7, 2022
JWT Auth in Golang

Credits This package used github.com/dgrijalva/jwt-go underhood and it heavily based on this post: http://www.inanzzz.com/index.php/post/kdl9/creating

Dec 12, 2021
Nsq http auth service for golang

nsq-auth nsq http auth service ./nsq-auth -h Usage: 2021/12/25 17:10:56 Usage:

Nov 21, 2022
Go Trakt Device Auth Library
 Go Trakt Device Auth Library

A Go library to allow an end user to authorize a third-party Trakt application access to their account using the device method.

Oct 10, 2022
Auth: a simple signup api for golang

auth This is a simple signup api You can access the db.go file and change the database credentials to your local postgres credentials. To run it prope

Oct 4, 2022
Goal: Develop a Go start auth starter without Gin framework

Goal: Develop a Go start auth starter without Gin framework and learn along the

Feb 1, 2022