K8s controller to manage the aws-auth configmap

Overview

aws-auth-manager

A kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD.

The aws-auth configmap is used to give RBAC access to IAM users and roles. Because it is a single object, it makes complicated to add and remove entries from multiple sources.

The aws-auth-manager provides the ability to define multiple AWSAuthItem objects that will be merged to create thew aws-auth configmap.

Example spec

apiVersion: aws.maruina.k8s/v1alpha1
kind: AWSAuthItem
metadata:
  name: example-one
spec:
  mapRoles:
    - rolearn: arn:aws:iam::111122223333:role/eksctl-my-cluster-nodegroup-standard-wo-NodeInstanceRole-1WP3NUE3O6UCF
      username: system:node:{{EC2PrivateDNSName}}
      groups:
        - system:bootstrappers
        - system:nodes
  mapUsers:
    - userarn: arn:aws:iam::111122223333:user/admin
      username: admin
      groups:
        - system:masters
    - userarn: arn:aws:iam::111122223333:user/ops-user
      username: ops-user
      groups:
        - system:masters

TODO

  • Add validation webhook for roleArn and userArn
  • More test cases?
  • Helm chart
  • Release
Issues
  • Update module k8s.io/client-go to v1

    Update module k8s.io/client-go to v1

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/client-go | require | major | v0.22.4 -> v1.5.2 |


    Release Notes

    kubernetes/client-go

    v1.5.2

    Compare Source

    v1.5.1

    Compare Source

    v1.5.0

    Compare Source

    v1.4.0

    Compare Source


    Configuration

    📅 Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 3
  • Update module k8s.io/client-go to v1

    Update module k8s.io/client-go to v1

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/client-go | require | major | v0.23.0 -> v1.5.2 |


    Release Notes

    kubernetes/client-go

    v1.5.2

    Compare Source

    v1.5.1

    Compare Source

    v1.5.0

    Compare Source

    v1.4.0

    Compare Source

    v0.23.1

    Compare Source


    Configuration

    📅 Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 2
  • Update golang Docker tag to v1.17 - autoclosed

    Update golang Docker tag to v1.17 - autoclosed

    WhiteSource Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | golang | stage | minor | 1.16 -> 1.17 |


    Configuration

    📅 Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by WhiteSource Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 1
  • Update azure/setup-helm action to v2.2

    Update azure/setup-helm action to v2.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | azure/setup-helm | action | minor | v2.1 -> v2.2 |


    Release Notes

    azure/setup-helm

    v2.2

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update module sigs.k8s.io/controller-runtime to v0.12.2

    Update module sigs.k8s.io/controller-runtime to v0.12.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | sigs.k8s.io/controller-runtime | require | patch | v0.12.1 -> v0.12.2 |


    Release Notes

    kubernetes-sigs/controller-runtime

    v0.12.2

    Compare Source

    changes since v0.12.1

    :sparkles: New Features

    • Allow TLS to be entirely configured on webhook server (#​1914)

    :bug: Bug Fixes

    • Fix webhook write response error for broken HTTP connection (#​1931)
    • Fix issue with starting multiple test envs (#​1913)
    • don't override global log in builder (#​1911)

    Thanks to all our contributors!


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update kubernetes packages to v0.24.2

    Update kubernetes packages to v0.24.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/api | require | patch | v0.24.1 -> v0.24.2 | | k8s.io/apimachinery | require | patch | v0.24.1 -> v0.24.2 | | k8s.io/client-go | require | patch | v0.24.1 -> v0.24.2 |


    Release Notes

    kubernetes/api

    v0.24.2

    Compare Source

    kubernetes/client-go

    v0.24.2

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about these updates again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update helm/kind-action action to v1.3.0

    Update helm/kind-action action to v1.3.0

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | helm/kind-action | action | minor | v1.2.0 -> v1.3.0 |


    Release Notes

    helm/kind-action

    v1.3.0

    Compare Source

    What's Changed

    New Contributors

    Full Changelog: https://github.com/helm/kind-action/compare/v1.2.0...v1.3.0


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update actions/setup-python action to v4

    Update actions/setup-python action to v4

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | actions/setup-python | action | major | v3.1.2 -> v4.0.0 |


    Release Notes

    actions/setup-python

    v4.0.0

    Compare Source

    What's Changed
    • Support for python-version-file input: #​336

    Example of usage:

    - uses: actions/[email protected]
      with:
        python-version-file: '.python-version' # Read python version from a file
    - run: python my_script.py
    

    There is no default python version for this setup-python major version, the action requires to specify either python-version input or python-version-file input. If the python-version input is not specified the action will try to read required version from file from python-version-file input.

    • Use pypyX.Y for PyPy python-version input: #​349

    Example of usage:

    - uses: actions/[email protected]
      with:
        python-version: 'pypy3.9' # pypy-X.Y kept for backward compatibility
    - run: python my_script.py
    
    • RUNNER_TOOL_CACHE environment variable is equal AGENT_TOOLSDIRECTORY: #​338

    • Bugfix: create missing pypyX.Y symlinks: #​347

    • PKG_CONFIG_PATH environment variable: #​400

    • Added python-path output: #​405 python-path output contains Python executable path.

    • Updated zeit/ncc to vercel/ncc package: #​393

    • Bugfix: fixed output for prerelease version of poetry: #​409

    • Made pythonLocation environment variable consistent for Python and PyPy: #​418

    • Bugfix for 3.x-dev syntax: #​417

    • Other improvements: #​318 #​396 #​384 #​387 #​388


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update module github.com/aws/aws-sdk-go-v2 to v1.16.5

    Update module github.com/aws/aws-sdk-go-v2 to v1.16.5

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/aws/aws-sdk-go-v2 | require | patch | v1.16.4 -> v1.16.5 |


    Release Notes

    aws/aws-sdk-go-v2

    v1.16.5

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update kubernetes packages to v0.24.1

    Update kubernetes packages to v0.24.1

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | k8s.io/api | require | patch | v0.24.0 -> v0.24.1 | | k8s.io/apimachinery | require | patch | v0.24.0 -> v0.24.1 | | k8s.io/client-go | require | patch | v0.24.0 -> v0.24.1 |


    Release Notes

    kubernetes/api

    v0.24.1

    Compare Source

    kubernetes/apimachinery

    v0.24.1

    Compare Source

    kubernetes/client-go

    v0.24.1

    Compare Source


    Configuration

    📅 Schedule: At any time (no schedule defined).

    🚦 Automerge: Enabled.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about these updates again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update docker/setup-qemu-action action to v2

    Update docker/setup-qemu-action action to v2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | docker/setup-qemu-action | action | major | v1 -> v2 |


    Release Notes

    docker/setup-qemu-action

    v2

    Compare Source


    Configuration

    📅 Schedule: At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update azure/setup-helm action to v3

    Update azure/setup-helm action to v3

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | azure/setup-helm | action | major | v2.2 -> v3.0 |


    Release Notes

    azure/setup-helm

    v3.0

    Compare Source

    Node16 release of this action


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Update module github.com/fluxcd/pkg/apis/meta to v0.14.2

    Update module github.com/fluxcd/pkg/apis/meta to v0.14.2

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | github.com/fluxcd/pkg/apis/meta | require | minor | v0.10.2 -> v0.14.2 |


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled due to failing status checks.

    Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, click this checkbox.

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • Dependency Dashboard

    Dependency Dashboard

    This issue provides visibility into Renovate updates and their statuses. Learn more

    Open

    These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

    Ignored or Blocked

    These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

    Detected dependencies

    dockerfile
    Dockerfile
    • golang 1.17
    • gcr.io/distroless/static nonroot
    github-actions
    .github/workflows/code-quality.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • github/codeql-action v2
    • github/codeql-action v2
    .github/workflows/lint.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • golangci/golangci-lint-action v3.2.0
    .github/workflows/release-artifacts.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • docker/metadata-action v4
    • docker/login-action v2.0.0
    • docker/build-push-action v3.0.0
    .github/workflows/release-notes.yaml
    • release-drafter/release-drafter v5
    .github/workflows/test-build.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • helm/kind-action v1.3.0
    .github/workflows/test-docker-build.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • docker/setup-qemu-action v2
    • docker/setup-buildx-action v2
    • docker/metadata-action v4
    • docker/login-action v2.0.0
    • docker/build-push-action v3.0.0
    .github/workflows/test-e2e.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    .github/workflows/test-helm.yaml
    • actions/checkout v3.0.2
    • actions/setup-go v3
    • azure/setup-helm v2.2
    • actions/setup-python v4.0.0
    • helm/chart-testing-action v2.2.1
    • helm/kind-action v1.3.0
    • actions/checkout v3.0.2
    • jnorwood/helm-docs v1.10.0
    gomod
    go.mod
    • github.com/aws/aws-sdk-go-v2 v1.16.5
    • github.com/fluxcd/pkg/apis/meta v0.10.2
    • github.com/onsi/ginkgo v1.16.5
    • github.com/onsi/gomega v1.19.0
    • k8s.io/api v0.24.2
    • k8s.io/apimachinery v0.24.2
    • k8s.io/client-go v0.24.2
    • sigs.k8s.io/controller-runtime v0.12.2
    • sigs.k8s.io/yaml v1.3.0
    helm-values
    charts/aws-auth-manager/values.yaml
    • ghcr.io/maruina/aws-auth-manager
    kustomize
    config/manager/kustomization.yaml
    • ghcr.io/maruina/aws-auth-manager latest

    • [ ] Check this box to trigger a request for Renovate to run again on this repository
    opened by renovate[bot] 0
Owner
Matteo Ruina
Engineer at @Skyscanner
Matteo Ruina
vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault.

vault-plugin-auth-usertotp is an auth method plugin for HashiCorp Vault. Create user accounts, add TOTP tokens (user supplied pin + totp), and have peace of mind using 2FA.

null 0 Jul 30, 2021
Gets Firebase auth tokens (for development purposes only)Gets Firebase auth tokens

Firebase Token Gets Firebase auth tokens (for development purposes only) Getting started Create Firebase project Setup Firebase authentication Setup G

MousyBusiness 1 Nov 17, 2021
Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Quan Hoang 33 Jun 3, 2022
The boss of http auth.

Authboss Authboss is a modular authentication system for the web. It has several modules that represent authentication and authorization features that

Volatile Technologies Inc. 3.1k Jun 29, 2022
Validate Django auth session in Golang

GoDjangoSession Valid for django 3.0.5 Usage: package main import ( "encoding/base64" "fmt" "session/auth" "github.com/Kuzyashin/GoDjangoSession"

Alexey Kuzyashin 26 Feb 13, 2022
Golang Mongodb Jwt Auth Example Using Echo

Golang Mongodb Jwt Auth Example Using Echo Golang Mongodb Rest Api Example Using Echo Prerequisites Golang 1.16.x Docker 19.03+ Docker Compose 1.25+ I

Şuayb Şimşek 7 Jun 10, 2022
Durudex Auth Service

⚡️ Durudex Auth Service Durudex Auth Service ?? Prerequisites Go 1.17 migrate grpc ⚙️ Build & Run Create an .env file in the root directory and add th

null 11 May 18, 2022
Figma Auth service for Haiku Animator

Figma Auth service for Haiku Animator In order to use Haiku Animator's Figma integration, a service must be running to perform OAuth2 token exchange.

Haiku 3 Feb 28, 2022
Golang Kalkancrypt Wrapper - simple digital signature auth service

Golang Kalkancrypt Wrapper WIP ⭐ Star on GitHub — it motivates me a lot! Overview Golang Kalkancrypt Wrapper - это простой веб-сервис для аутентификац

Abylaikhan Zulbukharov 53 Jun 22, 2022
Run multiple auth functions by relation

Relation Run multiple auth functions by relation. Signatures func New(relation string, conditions ...func(c *fiber.Ctx) bool) fiber.Handler Import imp

Eren BALCI 4 Oct 31, 2021
Auth Middleware for session & white-listed routing

Auth Middleware for session & white-listed routing

Joe Gasewicz 2 Nov 4, 2021
Auth Go microservice for managing authentication sessions

cryptomath-go-auth Auth Go microservice for managing authentication sessions. Install dependencies $ make deps Build $ make vendor $ make build Databa

Crypto Math 0 Mar 4, 2022
HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Saba Sahban 12 May 12, 2022
Auth microservice for PRPO subject at UNI LJ

prpo-auth microservice This repository contains a source code for user management microservice used in a demo project developed under PRPO subject at

Žiga Patačko Koderman 0 Jan 7, 2022
JWT Auth in Golang

Credits This package used github.com/dgrijalva/jwt-go underhood and it heavily based on this post: http://www.inanzzz.com/index.php/post/kdl9/creating

Pablo Fuentes 0 Dec 12, 2021
Nsq http auth service for golang

nsq-auth nsq http auth service ./nsq-auth -h Usage: 2021/12/25 17:10:56 Usage:

纸喵 10 Jun 9, 2022
Go Trakt Device Auth Library

A Go library to allow an end user to authorize a third-party Trakt application access to their account using the device method.

Brenek Harrison 0 Jan 7, 2022
Auth: a simple signup api for golang

auth This is a simple signup api You can access the db.go file and change the database credentials to your local postgres credentials. To run it prope

Gabriel Cervante 0 Jan 16, 2022
Goal: Develop a Go start auth starter without Gin framework

Goal: Develop a Go start auth starter without Gin framework and learn along the

Kai Hendry 2 Feb 1, 2022