MCPcopy
hub / github.com/kubernetes/kops / AddEC2CreateAction

Method AddEC2CreateAction

pkg/model/iam/iam_builder.go:65–107  ·  view source on GitHub ↗
(actions, resources []string)

Source from the content-addressed store, hash-verified

63}
64
65func (p *Policy) AddEC2CreateAction(actions, resources []string) {
66 actualActions := []string{}
67 for _, action := range actions {
68 actualActions = append(actualActions, "ec2:"+action)
69 }
70 actualResources := []string{}
71 for _, resource := range resources {
72 actualResources = append(actualResources, fmt.Sprintf("arn:%s:ec2:*:*:%s/*", p.partition, resource))
73 }
74
75 p.clusterTaggedCreateAction.Insert(actualActions...)
76
77 p.Statement = append(p.Statement,
78 &Statement{
79 Effect: StatementEffectAllow,
80 Action: stringorset.String("ec2:CreateTags"),
81 Resource: stringorset.Set(actualResources),
82 Condition: Condition{
83 "StringEquals": map[string]interface{}{
84 "aws:RequestTag/KubernetesCluster": p.clusterName,
85 "ec2:CreateAction": actions,
86 },
87 },
88 },
89
90 &Statement{
91 Effect: StatementEffectAllow,
92 Action: stringorset.Set([]string{
93 "ec2:CreateTags",
94 "ec2:DeleteTags", // aws.go, tag.go
95 }),
96 Resource: stringorset.Set(actualResources),
97 Condition: Condition{
98 "Null": map[string]string{
99 "aws:RequestTag/KubernetesCluster": "true",
100 },
101 "StringEquals": map[string]string{
102 "aws:ResourceTag/KubernetesCluster": p.clusterName,
103 },
104 },
105 },
106 )
107}
108
109// AsJSON converts the policy document to JSON format (parsable by AWS)
110func (p *Policy) AsJSON() (string, error) {

Callers 3

AddCCMPermissionsFunction · 0.80

Calls 3

StringFunction · 0.92
SetFunction · 0.92
InsertMethod · 0.65

Tested by

no test coverage detected