(actions, resources []string)
| 63 | } |
| 64 | |
| 65 | func (p *Policy) AddEC2CreateAction(actions, resources []string) { |
| 66 | actualActions := []string{} |
| 67 | for _, action := range actions { |
| 68 | actualActions = append(actualActions, "ec2:"+action) |
| 69 | } |
| 70 | actualResources := []string{} |
| 71 | for _, resource := range resources { |
| 72 | actualResources = append(actualResources, fmt.Sprintf("arn:%s:ec2:*:*:%s/*", p.partition, resource)) |
| 73 | } |
| 74 | |
| 75 | p.clusterTaggedCreateAction.Insert(actualActions...) |
| 76 | |
| 77 | p.Statement = append(p.Statement, |
| 78 | &Statement{ |
| 79 | Effect: StatementEffectAllow, |
| 80 | Action: stringorset.String("ec2:CreateTags"), |
| 81 | Resource: stringorset.Set(actualResources), |
| 82 | Condition: Condition{ |
| 83 | "StringEquals": map[string]interface{}{ |
| 84 | "aws:RequestTag/KubernetesCluster": p.clusterName, |
| 85 | "ec2:CreateAction": actions, |
| 86 | }, |
| 87 | }, |
| 88 | }, |
| 89 | |
| 90 | &Statement{ |
| 91 | Effect: StatementEffectAllow, |
| 92 | Action: stringorset.Set([]string{ |
| 93 | "ec2:CreateTags", |
| 94 | "ec2:DeleteTags", // aws.go, tag.go |
| 95 | }), |
| 96 | Resource: stringorset.Set(actualResources), |
| 97 | Condition: Condition{ |
| 98 | "Null": map[string]string{ |
| 99 | "aws:RequestTag/KubernetesCluster": "true", |
| 100 | }, |
| 101 | "StringEquals": map[string]string{ |
| 102 | "aws:ResourceTag/KubernetesCluster": p.clusterName, |
| 103 | }, |
| 104 | }, |
| 105 | }, |
| 106 | ) |
| 107 | } |
| 108 | |
| 109 | // AsJSON converts the policy document to JSON format (parsable by AWS) |
| 110 | func (p *Policy) AsJSON() (string, error) { |
no test coverage detected