aws-cdk-lib/aws-eks-v2/lib/kubectl-provider.js

Version 2 of the AWS Cloud Development Kit library

"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.KubectlProvider=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var path=()=>{var tmp=require("path");return path=()=>tmp,tmp},constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},lambda=()=>{var tmp=require("../../aws-lambda");return lambda=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},cr=()=>{var tmp=require("../../custom-resources");return cr=()=>tmp,tmp},lambda_layer_awscli_1=()=>{var tmp=require("../../lambda-layer-awscli");return lambda_layer_awscli_1=()=>tmp,tmp};class KubectlProvider extends constructs_1().Construct{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks_v2.KubectlProvider",version:"2.248.0"};static getKubectlProvider(scope,cluster){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_v2_ICluster(cluster)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.getKubectlProvider),error}return cluster instanceof cluster_1().Cluster&&cluster._dependOnKubectlBarrier(scope),cluster.kubectlProvider}static fromKubectlProviderAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_v2_KubectlProviderAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromKubectlProviderAttributes),error}class Import extends constructs_1().Construct{serviceToken=attrs.serviceToken;role=attrs.role}return new Import(scope,id)}serviceToken;role;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_v2_KubectlProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KubectlProvider),error}const vpc=props.privateSubnets?props.cluster.vpc:void 0;let securityGroups;props.privateSubnets&&props.cluster.clusterSecurityGroup&&(securityGroups=[props.cluster.clusterSecurityGroup]);const privateSubnets=props.privateSubnets?{subnets:props.privateSubnets}:void 0,handler=new(lambda()).Function(this,"Handler",{timeout:core_1().Duration.minutes(15),description:"onEvent handler for EKS kubectl resource provider",memorySize:props.memory?.toMebibytes()??1024,environment:{AWS_STS_REGIONAL_ENDPOINTS:"regional",...props.environment},role:props.role,code:lambda().Code.fromAsset(path().join(__dirname,"..","..","custom-resource-handlers","dist","aws-eks-v2","kubectl-handler")),handler:"index.handler",runtime:lambda().Runtime.determineLatestPythonRuntime(this),vpc,securityGroups,vpcSubnets:privateSubnets});handler.addLayers(props.awscliLayer??new(lambda_layer_awscli_1()).AwsCliLayer(this,"AwsCliLayer")),handler.addLayers(props.kubectlLayer);const handlerRole=handler.role;handlerRole.addToPrincipalPolicy(new(iam()).PolicyStatement({actions:["eks:DescribeCluster"],resources:[props.cluster.clusterArn]})),handler.isBoundToVpc&&handlerRole.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")),handlerRole.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEC2ContainerRegistryReadOnly"));const hasEcrPublicCondition=new(core_1()).CfnCondition(handlerRole.node.scope,"HasEcrPublic",{expression:core_1().Fn.conditionEquals(core_1().Aws.PARTITION,"aws")}),conditionalPolicy=iam().ManagedPolicy.fromManagedPolicyArn(this,"ConditionalPolicyArn",core_1().Fn.conditionIf(hasEcrPublicCondition.logicalId,iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonElasticContainerRegistryPublicReadOnly").managedPolicyArn,core_1().Aws.NO_VALUE).toString());handlerRole.addManagedPolicy(iam().ManagedPolicy.fromManagedPolicyArn(this,"conditionalPolicy",conditionalPolicy.managedPolicyArn));const provider=new(cr()).Provider(this,"Provider",{onEventHandler:handler,vpc,vpcSubnets:privateSubnets,securityGroups});this.serviceToken=provider.serviceToken,this.role=handlerRole,props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy)}}exports.KubectlProvider=KubectlProvider;