aws-cdk-lib/aws-eks/lib/aws-auth.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.AwsAuth=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},k8s_manifest_1=()=>{var tmp=require("./k8s-manifest");return k8s_manifest_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp};class AwsAuth extends constructs_1().Construct{constructor(scope,id,props){super(scope,id),this.roleMappings=new Array,this.userMappings=new Array,this.accounts=new Array;try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,AwsAuth),error}if(!(props.cluster.authenticationMode!==cluster_1().AuthenticationMode.API))throw new Error("ConfigMap not supported in the AuthenticationMode");this.stack=core_1().Stack.of(this),new(k8s_manifest_1()).KubernetesManifest(this,"manifest",{cluster:props.cluster,overwrite:!0,manifest:[{apiVersion:"v1",kind:"ConfigMap",metadata:{name:"aws-auth",namespace:"kube-system"},data:{mapRoles:this.synthesizeMapRoles(),mapUsers:this.synthesizeMapUsers(),mapAccounts:this.synthesizeMapAccounts()}}]})}addMastersRole(role,username){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addMastersRole),error}this.addRoleMapping(role,{username,groups:["system:masters"]})}addRoleMapping(role,mapping){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IRole(role),jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthMapping(mapping)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRoleMapping),error}this.assertSameStack(role),this.roleMappings.push({role,mapping})}addUserMapping(user,mapping){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_iam_IUser(user),jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_AwsAuthMapping(mapping)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addUserMapping),error}this.assertSameStack(user),this.userMappings.push({user,mapping})}addAccount(accountId){this.accounts.push(accountId)}assertSameStack(construct){const thisStack=core_1().Stack.of(this);if(core_1().Stack.of(construct)!==thisStack)throw new Error(`${construct.node.path} should be defined in the scope of the ${thisStack.stackName} stack to prevent circular dependencies`)}synthesizeMapRoles(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.roleMappings.map(m=>({rolearn:m.role.roleArn,username:m.mapping.username??m.role.roleArn,groups:m.mapping.groups})))})}synthesizeMapUsers(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.userMappings.map(m=>({userarn:m.user.userArn,username:m.mapping.username??m.user.userArn,groups:m.mapping.groups})))})}synthesizeMapAccounts(){return core_1().Lazy.any({produce:()=>this.stack.toJsonString(this.accounts)})}}exports.AwsAuth=AwsAuth,_a=JSII_RTTI_SYMBOL_1,AwsAuth[_a]={fqn:"aws-cdk-lib.aws_eks.AwsAuth",version:"2.160.0"};