cmd/infra/aws: generate a delegating AWS client

When we run a cleanup task using the myriad credentials that cluster components have, we need to delegate each call to an AWS service API to the correct credential that has permissions to use it. We can generate the delegating client directly from our policy documents to allow us to keep consumer code from having to know that there are many different clients operating under the hood in this mode. Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
openshift · Jun 2, 2024 · 268540d · 268540d
1 parent 30c0d58
commit 268540d
Show file tree

Hide file tree

Showing 4 changed files with 1,037 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -140,14 +140,18 @@ api-docs: $(GENAPIDOCS)
 	hack/gen-api-docs.sh $(GENAPIDOCS) $(DIR)
 
 .PHONY: clients
-clients:
+clients: delegating_client
 	GO=GO111MODULE=on GOFLAGS=-mod=readonly hack/update-codegen.sh
 
-
 .PHONY: release
 release:
 	go run ./hack/tools/release/notes.go --from=${FROM} --to=${TO} --token=${TOKEN}
 
+.PHONY: delegating_client
+delegating_client:
+	go run ./cmd/infra/aws/delegatingclientgenerator/main.go > ./cmd/infra/aws/delegating_client.txt
+	mv ./cmd/infra/aws/delegating_client.{txt,go}
+
 .PHONY: app-sre-saas-template
 app-sre-saas-template: hypershift
 	bin/hypershift install \