UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

84 lines (83 loc) 2.68 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import { Construct } from 'constructs'; import { ICluster } from './cluster'; import { AddToPrincipalPolicyResult, IPrincipal, IRole, PolicyStatement, PrincipalPolicyFragment } from '../../aws-iam'; /** * Options for `ServiceAccount` */ export interface ServiceAccountOptions { /** * The name of the service account. * * The name of a ServiceAccount object must be a valid DNS subdomain name. * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ * @default - If no name is given, it will use the id of the resource. */ readonly name?: string; /** * The namespace of the service account. * * All namespace names must be valid RFC 1123 DNS labels. * https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/#namespaces-and-dns * @default "default" */ readonly namespace?: string; /** * Additional annotations of the service account. * * @default - no additional annotations */ readonly annotations?: { [key: string]: string; }; /** * Additional labels of the service account. * * @default - no additional labels */ readonly labels?: { [key: string]: string; }; } /** * Properties for defining service accounts */ export interface ServiceAccountProps extends ServiceAccountOptions { /** * The cluster to apply the patch to. */ readonly cluster: ICluster; } /** * Service Account */ export declare class ServiceAccount extends Construct implements IPrincipal { /** * The role which is linked to the service account. */ readonly role: IRole; readonly assumeRoleAction: string; readonly grantPrincipal: IPrincipal; readonly policyFragment: PrincipalPolicyFragment; /** * The name of the service account. */ readonly serviceAccountName: string; /** * The namespace where the service account is located in. */ readonly serviceAccountNamespace: string; constructor(scope: Construct, id: string, props: ServiceAccountProps); addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult; /** * If the value is a DNS subdomain name as defined in RFC 1123, from K8s docs. * * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names */ private isValidDnsSubdomainName; /** * If the value follows DNS label standard as defined in RFC 1123, from K8s docs. * * https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-label-names */ private isValidDnsLabelName; }