Class AccessEntry
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<AccessEntry.Builder,
AccessEntry>
An access entry allows an IAM principal (user or role) to access your cluster. Access entries can replace the need to
maintain the aws-auth
ConfigMap
for authentication. For more information about access
entries, see Access entries in the
Amazon EKS User Guide.
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal String
The ARN of the access entry.static AccessEntry.Builder
builder()
final String
The name of your cluster.final Instant
The Unix epoch timestamp at object creation.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final int
hashCode()
final boolean
For responses, this returns true if the service returned a value for the KubernetesGroups property.final boolean
hasTags()
For responses, this returns true if the service returned a value for the Tags property.Aname
that you've specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.final Instant
The Unix epoch timestamp for the last modification to the object.final String
The ARN of the IAM principal for the access entry.static Class
<? extends AccessEntry.Builder> tags()
Metadata that assists with categorization and organization.Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final String
type()
The type of the access entry.final String
username()
Thename
of a user that can authenticate to your cluster.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
clusterName
The name of your cluster.
- Returns:
- The name of your cluster.
-
principalArn
The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN, the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN is the same for the recreated IAM principal, the
roleID
oruserID
(you can see this with the Security Token ServiceGetCallerIdentity
API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal'sroleID
oruserID
for an access entry, Amazon EKS stores it with the access entry.- Returns:
- The ARN of the IAM principal for the access entry. If you ever delete the IAM principal with this ARN,
the access entry isn't automatically deleted. We recommend that you delete the access entry with an ARN
for an IAM principal that you delete. If you don't delete the access entry and ever recreate the IAM
principal, even if it has the same ARN, the access entry won't work. This is because even though the ARN
is the same for the recreated IAM principal, the
roleID
oruserID
(you can see this with the Security Token ServiceGetCallerIdentity
API) is different for the recreated IAM principal than it was for the original IAM principal. Even though you don't see the IAM principal'sroleID
oruserID
for an access entry, Amazon EKS stores it with the access entry.
-
hasKubernetesGroups
public final boolean hasKubernetesGroups()For responses, this returns true if the service returned a value for the KubernetesGroups property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
kubernetesGroups
A
name
that you've specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasKubernetesGroups()
method.- Returns:
- A
name
that you've specified in a KubernetesRoleBinding
orClusterRoleBinding
object so that Kubernetes authorizes theprincipalARN
access to cluster objects.
-
accessEntryArn
The ARN of the access entry.
- Returns:
- The ARN of the access entry.
-
createdAt
The Unix epoch timestamp at object creation.
- Returns:
- The Unix epoch timestamp at object creation.
-
modifiedAt
The Unix epoch timestamp for the last modification to the object.
- Returns:
- The Unix epoch timestamp for the last modification to the object.
-
hasTags
public final boolean hasTags()For responses, this returns true if the service returned a value for the Tags property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
tags
Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasTags()
method.- Returns:
- Metadata that assists with categorization and organization. Each tag consists of a key and an optional value. You define both. Tags don't propagate to any other cluster or Amazon Web Services resources.
-
username
The
name
of a user that can authenticate to your cluster.- Returns:
- The
name
of a user that can authenticate to your cluster.
-
type
The type of the access entry.
- Returns:
- The type of the access entry.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<AccessEntry.Builder,
AccessEntry> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-