aws-cdk-lib/aws-eks/lib/kubectl-provider.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__setModuleDefault=exports&&exports.__setModuleDefault||(Object.create?(function(o,v){Object.defineProperty(o,"default",{enumerable:!0,value:v})}):function(o,v){o.default=v}),__importStar=exports&&exports.__importStar||(function(){var ownKeys=function(o){return ownKeys=Object.getOwnPropertyNames||function(o2){var ar=[];for(var k in o2)Object.prototype.hasOwnProperty.call(o2,k)&&(ar[ar.length]=k);return ar},ownKeys(o)};return function(mod){if(mod&&mod.__esModule)return mod;var result={};if(mod!=null)for(var k=ownKeys(mod),i=0;i<k.length;i++)k[i]!=="default"&&__createBinding(result,mod,k[i]);return __setModuleDefault(result,mod),result}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.KubectlProvider=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},cluster_1=()=>{var tmp=require("./cluster");return cluster_1=()=>tmp,tmp},iam=()=>{var tmp=__importStar(require("../../aws-iam"));return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},kubectl_provider_generated_1=()=>{var tmp=require("../../custom-resource-handlers/dist/aws-eks/kubectl-provider.generated");return kubectl_provider_generated_1=()=>tmp,tmp},cr=()=>{var tmp=__importStar(require("../../custom-resources"));return cr=()=>tmp,tmp},lambda_layer_awscli_1=()=>{var tmp=require("../../lambda-layer-awscli");return lambda_layer_awscli_1=()=>tmp,tmp};class KubectlProvider extends core_1().NestedStack{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_eks.KubectlProvider",version:"2.260.0"};static getOrCreate(scope,cluster){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_ICluster(cluster)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.getOrCreate),error}if(cluster instanceof cluster_1().Cluster)return cluster._attachKubectlResourceScope(scope);if(cluster.kubectlProvider)return cluster.kubectlProvider;const uid=`${core_1().Names.nodeUniqueId(cluster.node)}-KubectlProvider`,stack=core_1().Stack.of(scope);let provider=stack.node.tryFindChild(uid);return provider||(provider=new KubectlProvider(stack,uid,{cluster})),provider}static fromKubectlProviderAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_KubectlProviderAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromKubectlProviderAttributes),error}return new ImportedKubectlProvider(scope,id,attrs)}serviceToken;roleArn;handlerRole;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_eks_KubectlProviderProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,KubectlProvider),error}const cluster=props.cluster;if(!cluster.kubectlRole)throw new(core_1()).ValidationError((0,literal_string_1().lit)`KubectlroleDefined`,'"kubectlRole" is not defined, cannot issue kubectl commands against this cluster',this);if(cluster.kubectlPrivateSubnets&&!cluster.kubectlSecurityGroup)throw new(core_1()).ValidationError((0,literal_string_1().lit)`KubectlSecurityGroupRequiredKubectl`,'"kubectlSecurityGroup" is required if "kubectlSubnets" is specified',this);const memorySize=cluster.kubectlMemory?cluster.kubectlMemory.toMebibytes():1024,handler=new(kubectl_provider_generated_1()).KubectlFunction(this,"Handler",{timeout:core_1().Duration.minutes(15),description:"onEvent handler for EKS kubectl resource provider",memorySize,environment:{AWS_STS_REGIONAL_ENDPOINTS:"regional",...cluster.kubectlEnvironment},role:cluster.kubectlLambdaRole?cluster.kubectlLambdaRole:void 0,vpc:cluster.kubectlPrivateSubnets?cluster.vpc:void 0,securityGroups:cluster.kubectlPrivateSubnets&&cluster.kubectlSecurityGroup?[cluster.kubectlSecurityGroup]:void 0,vpcSubnets:cluster.kubectlPrivateSubnets?{subnets:cluster.kubectlPrivateSubnets}:void 0});handler.addLayers(props.cluster.awscliLayer??new(lambda_layer_awscli_1()).AwsCliLayer(this,"AwsCliLayer")),props.cluster.kubectlLayer&&handler.addLayers(props.cluster.kubectlLayer),this.handlerRole=handler.role,this.handlerRole.addToPrincipalPolicy(new(iam()).PolicyStatement({actions:["eks:DescribeCluster"],resources:[cluster.clusterArn]})),handler.isBoundToVpc&&handler.role?.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaVPCAccessExecutionRole")),this.handlerRole.addManagedPolicy(iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonEC2ContainerRegistryPullOnly"));const hasEcrPublicCondition=new(core_1()).CfnCondition(this.handlerRole.node.scope,"HasEcrPublic",{expression:core_1().Fn.conditionEquals(core_1().Aws.PARTITION,"aws")}),conditionalPolicy=iam().ManagedPolicy.fromManagedPolicyArn(this,"ConditionalPolicyArn",core_1().Fn.conditionIf(hasEcrPublicCondition.logicalId,iam().ManagedPolicy.fromAwsManagedPolicyName("AmazonElasticContainerRegistryPublicReadOnly").managedPolicyArn,core_1().Aws.NO_VALUE).toString());this.handlerRole.addManagedPolicy(iam().ManagedPolicy.fromManagedPolicyArn(this,"conditionalPolicy",conditionalPolicy.managedPolicyArn)),cluster.kubectlRole.grant(this.handlerRole,"sts:AssumeRole");const provider=new(cr()).Provider(this,"Provider",{onEventHandler:handler,vpc:cluster.kubectlPrivateSubnets?cluster.vpc:void 0,vpcSubnets:cluster.kubectlPrivateSubnets?{subnets:cluster.kubectlPrivateSubnets}:void 0,securityGroups:cluster.kubectlPrivateSubnets&&cluster.kubectlSecurityGroup?[cluster.kubectlSecurityGroup]:void 0});props.removalPolicy&&core_1().RemovalPolicies.of(this).apply(props.removalPolicy),this.serviceToken=provider.serviceToken,this.roleArn=cluster.kubectlRole.roleArn}}exports.KubectlProvider=KubectlProvider;class ImportedKubectlProvider extends constructs_1().Construct{serviceToken;roleArn;handlerRole;constructor(scope,id,props){super(scope,id),this.serviceToken=props.functionArn,this.roleArn=props.kubectlRoleArn,this.handlerRole=props.handlerRole}}