File Coverage

blib/lib/Signer/AWSv4/EKS.pm
Criterion Covered Total %
statement 16 16 100.0
branch 2 2 100.0
condition n/a
subroutine 6 6 100.0
pod 0 2 0.0
total 24 26 92.3


line stmt bran cond sub pod time code
1             package Signer::AWSv4::EKS;
2 1     1   77280 use Moo;
  1         12953  
  1         7  
3             extends 'Signer::AWSv4';
4 1     1   2212 use Types::Standard qw/Str/;
  1         82634  
  1         14  
5              
6 1     1   1658 use JSON::MaybeXS qw//;
  1         6428  
  1         44  
7 1     1   699 use MIME::Base64 qw//;
  1         796  
  1         523  
8              
9             has prefix => (is => 'ro', init_arg => undef, isa => Str, default => 'k8s-aws-v1');
10             has sts_url => (is => 'ro', init_arg => undef, isa => Str, default => 'https://sts.amazonaws.com/');
11              
12             has cluster_id => (is => 'ro', isa => Str, required => 1);
13              
14             has '+expires' => (default => 60);
15             has '+region' => (default => 'us-east-1');
16             has '+service' => (default => 'sts');
17             has '+method' => (default => 'GET');
18             has '+uri' => (default => '/');
19              
20             sub build_params {
21 2     2 0 20 my $self = shift;
22             {
23 2 100       39 'Action' => 'GetCallerIdentity',
24             'Version' => '2011-06-15',
25             'X-Amz-Algorithm' => $self->aws_algorithm,
26             'X-Amz-Credential' => $self->access_key . "/" . $self->credential_scope,
27             'X-Amz-Date' => $self->date_timestamp,
28             'X-Amz-Expires' => $self->expires,
29             'X-Amz-SignedHeaders' => $self->signed_header_list,
30             (defined $self->session_token) ? ('X-Amz-Security-Token' => $self->session_token) : (),
31             }
32             }
33              
34             sub build_headers {
35 2     2 0 18 my $self = shift;
36             {
37 2         36 Host => 'sts.amazonaws.com',
38             'x-k8s-aws-id' => $self->cluster_id,
39             }
40             }
41              
42             has qstring_64 => (is => 'ro', isa => Str, init_arg => undef, lazy => 1, default => sub {
43             my $self = shift;
44             MIME::Base64::encode_base64url($self->signed_qstring);
45             });
46              
47             has token => (is => 'ro', isa => Str, init_arg => undef, lazy => 1, default => sub {
48             my $self = shift;
49             $self->prefix . '.' . MIME::Base64::encode_base64url($self->sts_url) . '_' . $self->qstring_64;
50             });
51              
52             has k8s_json => (is => 'ro', isa => Str, init_arg => undef, lazy => 1, default => sub {
53             my $self = shift;
54             JSON::MaybeXS::encode_json({
55             kind => 'ExecCredential',
56             apiVersion => 'client.authentication.k8s.io/v1alpha1',
57             spec => {},
58             status => {
59             token => $self->token,
60             }
61             });
62             });
63              
64             1;
65             ### main pod documentation begin ###
66              
67             =encoding UTF-8
68              
69             =head1 NAME
70              
71             Signer::AWSv4::EKS - Generate tokens for logging in to EKS Kubernetes clusters
72              
73             =head1 SYNOPSIS
74              
75             use Signer::AWSv4::EKS;
76             my $signer = Signer::AWSv4::EKS->new(
77             access_key => 'AKIAIOSFODNN7EXAMPLE',
78             secret_key => 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
79             cluster_id => 'eks_cluster_name',
80             );
81             my $token = $signer->signed_qstring;
82              
83             =head1 DESCRIPTION
84              
85             Generate tokens for logging in to EKS Kubernetes clusters. This implements the same algorithm that the Heptio autheticator does. L
86              
87             =head1 Request Attributes
88              
89             This module adds one required attributee in the constructor for obtaining a token
90              
91             =head2 cluster_id String
92              
93             The name of the EKS cluster in AWS
94              
95             =head1 Signature Attributes
96              
97             =head2 token
98              
99             The authentication token to be passed to the Kubernetes cluster (via Authorization header or kubectl --token)
100              
101             =head2 k8s_json
102              
103             This wraps the token in the appropiate JSON output for using the token as kubectl pluggable
104             authentication module
105              
106             =head1 SEE ALSO
107              
108             L
109              
110             =head1 BUGS and SOURCE
111              
112             The source code is located here: L
113              
114             Please report bugs to: L
115              
116             =head1 AUTHOR
117              
118             Jose Luis Martinez
119             CAPSiDE
120             jlmartinez@capside.com
121              
122             =head1 COPYRIGHT and LICENSE
123              
124             Copyright (c) 2018 by CAPSiDE
125              
126             This code is distributed under the Apache 2 License. The full text of the license can be found in the LICENSE file included with this module.
127              
128             =cut