Skip to content

Commit

Permalink
Moving constants to individual files. Moved BR socket logic to BR con…
Browse files Browse the repository at this point in the history
…structor itself.
  • Loading branch information
junshun committed Mar 9, 2023
1 parent f414519 commit 5b8853c
Show file tree
Hide file tree
Showing 6 changed files with 66 additions and 71 deletions.
33 changes: 19 additions & 14 deletions credentialproviderpackage/cmd/aws-credential-provider/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package main

import (
_ "embed"
"io/fs"
"os"
"strings"

Expand All @@ -15,35 +14,41 @@ import (
"credential-provider/pkg/log"
)

const (
bottleRocket = "bottlerocket"
socketPath = "/run/api.sock"

// Aws Credentials
credSrcPath = "/secrets/aws-creds/config"
awsProfile = "eksa-packages"
credWatchData = "/secrets/aws-creds/..data"
credWatchPath = "/secrets/aws-creds/"
)

func main() {
var configurator cfg.Configurator
var err error
osType := strings.ToLower(os.Getenv("OS_TYPE"))
if osType == "" {
log.ErrorLogger.Println("Missing Environment Variable OS_TYPE")
os.Exit(1)
}
profile := os.Getenv("AWS_PROFILE")
if profile == "" {
profile = constants.Profile
profile = awsProfile
}
config := createCredentialProviderConfigOptions()
if osType == constants.BottleRocket {
socket, err := os.Stat(constants.SocketPath)
if osType == bottleRocket {
configurator, err = bottlerocket.NewBottleRocketConfigurator(socketPath)
if err != nil {
log.ErrorLogger.Fatal(err)
}
if socket.Mode().Type() == fs.ModeSocket {
configurator = bottlerocket.NewBottleRocketConfigurator(constants.SocketPath)

} else {
log.ErrorLogger.Fatalf("Unexpected type %s expected socket\n", socket.Mode().Type())
}
} else {
configurator = linux.NewLinuxConfigurator()
}

configurator.Initialize(config)
err := configurator.UpdateAWSCredentials(constants.CredSrcPath, profile)
err = configurator.UpdateAWSCredentials(credSrcPath, profile)
if err != nil {
log.ErrorLogger.Fatal(err)
}
Expand Down Expand Up @@ -78,8 +83,8 @@ func main() {
return
}
if event.Has(fsnotify.Create) {
if event.Name == constants.CredWatchData {
err = configurator.UpdateAWSCredentials(constants.CredSrcPath, profile)
if event.Name == credWatchData {
err = configurator.UpdateAWSCredentials(credSrcPath, profile)
if err != nil {
log.ErrorLogger.Fatal(err)
}
Expand All @@ -95,7 +100,7 @@ func main() {
}
}()

err = watcher.Add(constants.CredWatchPath)
err = watcher.Add(credWatchPath)
if err != nil {
log.ErrorLogger.Fatal(err)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@ import (
"encoding/base64"
"encoding/json"
"fmt"
"io/fs"
"io/ioutil"
"net"
"net/http"
"os"

"credential-provider/pkg/configurator"
"credential-provider/pkg/constants"
Expand All @@ -21,9 +23,9 @@ type bottleRocket struct {
}

type awsCred struct {
Aws Aws `json:"aws"`
Aws aws `json:"aws"`
}
type Aws struct {
type aws struct {
Config string `json:"config"`
Profile string `json:"profile"`
Region string `json:"region"`
Expand All @@ -46,7 +48,14 @@ type kubernetes struct {

var _ configurator.Configurator = (*bottleRocket)(nil)

func NewBottleRocketConfigurator(socketPath string) *bottleRocket {
func NewBottleRocketConfigurator(socketPath string) (*bottleRocket, error) {
socket, err := os.Stat(socketPath)
if err != nil {
return nil, err
}
if socket.Mode().Type() != fs.ModeSocket {
return nil, fmt.Errorf("Unexpected type %s expected socket\n", socket.Mode().Type())
}
return &bottleRocket{
client: http.Client{
Transport: &http.Transport{
Expand All @@ -55,7 +64,7 @@ func NewBottleRocketConfigurator(socketPath string) *bottleRocket {
},
},
},
}
}, nil
}

func (b *bottleRocket) Initialize(config constants.CredentialProviderConfigOptions) {
Expand Down Expand Up @@ -137,7 +146,7 @@ func (b *bottleRocket) sendSettingsSetRequest(payload []byte) error {
}

func createCredentialsPayload(content string, profile string) ([]byte, error) {
aws := Aws{
aws := aws{
Config: content,
Profile: profile,
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -320,8 +320,7 @@ func validatePatchRequest(w http.ResponseWriter, r *http.Request, t *testing.T,

func Test_bottleRocket_Initialize(t *testing.T) {
type args struct {
socketPath string
config constants.CredentialProviderConfigOptions
config constants.CredentialProviderConfigOptions
}
tests := []struct {
name string
Expand All @@ -332,7 +331,6 @@ func Test_bottleRocket_Initialize(t *testing.T) {
name: "simple initialization",
baseUrl: "http://localhost/",
args: args{
socketPath: "/test/path.sock",
config: constants.CredentialProviderConfigOptions{
ImagePatterns: []string{constants.DefaultImagePattern},
DefaultCacheDuration: constants.DefaultCacheDuration,
Expand All @@ -342,7 +340,7 @@ func Test_bottleRocket_Initialize(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
b := NewBottleRocketConfigurator(tt.args.socketPath)
b := &bottleRocket{}
b.Initialize(tt.args.config)
assert.Equal(t, tt.baseUrl, b.baseURL)
assert.Equal(t, tt.args.config, b.config)
Expand Down
34 changes: 23 additions & 11 deletions credentialproviderpackage/pkg/configurator/linux/linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,18 @@ import (
//go:embed templates/credential-provider-config.yaml
var credProviderTemplate string

const (
binPath = "/eksa-binaries/"
basePath = "/eksa-packages/"
credOutFile = "aws-creds"
mountedExtraArgs = "/node-files/kubelet-extra-args"
credProviderFile = "credential-provider-config.yaml"

// Binaries
ecrCredProviderBinary = "ecr-credential-provider"
iamRolesSigningBinary = "aws_signing_helper"
)

type linuxOS struct {
profile string
extraArgsPath string
Expand All @@ -32,8 +44,8 @@ var _ configurator.Configurator = (*linuxOS)(nil)
func NewLinuxConfigurator() *linuxOS {
return &linuxOS{
profile: "",
extraArgsPath: constants.MountedExtraArgs,
basePath: constants.BasePath,
extraArgsPath: mountedExtraArgs,
basePath: basePath,
}
}

Expand All @@ -43,7 +55,7 @@ func (c *linuxOS) Initialize(config constants.CredentialProviderConfigOptions) {

func (c *linuxOS) UpdateAWSCredentials(sourcePath string, profile string) error {
c.profile = profile
dstPath := c.basePath + constants.CredOutFile
dstPath := c.basePath + credOutFile

err := copyWithPermissons(sourcePath, dstPath, 0600)
return err
Expand Down Expand Up @@ -141,8 +153,8 @@ func copyWithPermissons(srcpath, dstpath string, permission os.FileMode) (err er
}

func copyBinaries() (string, error) {
srcPath := constants.BinPath + constants.ECRCredProviderBinary
dstPath := constants.BasePath + constants.ECRCredProviderBinary
srcPath := binPath + ecrCredProviderBinary
dstPath := basePath + ecrCredProviderBinary
err := copyWithPermissons(srcPath, dstPath, 0700)
if err != nil {
return "", err
Expand All @@ -153,8 +165,8 @@ func copyBinaries() (string, error) {
return "", err
}

srcPath = constants.BinPath + constants.IAMRolesSigningBinary
dstPath = constants.BasePath + constants.IAMRolesSigningBinary
srcPath = binPath + iamRolesSigningBinary
dstPath = basePath + iamRolesSigningBinary
err = copyWithPermissons(srcPath, dstPath, 0700)
if err != nil {
return "", err
Expand All @@ -164,19 +176,19 @@ func copyBinaries() (string, error) {
if err != nil {
return "", err
}
return fmt.Sprintf(" --image-credential-provider-bin-dir=%s", constants.BasePath), nil
return fmt.Sprintf(" --image-credential-provider-bin-dir=%s", basePath), nil
}

func (c *linuxOS) createConfig() (string, error) {
values := map[string]interface{}{
"profile": c.profile,
"config": constants.BasePath + constants.CredOutFile,
"home": constants.BasePath,
"config": basePath + credOutFile,
"home": basePath,
"imagePattern": c.config.ImagePatterns,
"cacheDuration": c.config.DefaultCacheDuration,
}

dstPath := c.basePath + constants.CredProviderFile
dstPath := c.basePath + credProviderFile

bytes, err := templater.Execute(credProviderTemplate, values)
if err != nil {
Expand Down
16 changes: 8 additions & 8 deletions credentialproviderpackage/pkg/configurator/linux/linux_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,10 @@ func Test_linuxOS_updateKubeletArguments(t *testing.T) {
},
},
args: args{line: ""},
outputConfigPath: dir + "/" + constants.CredProviderFile,
outputConfigPath: dir + "/" + credProviderFile,
configWantPath: "testdata/expected-config.yaml",
want: fmt.Sprintf(" --feature-gates=KubeletCredentialProviders=true "+
"--image-credential-provider-config=%s%s", dir, constants.CredProviderFile),
"--image-credential-provider-config=%s%s", dir, credProviderFile),
},
{
name: "test multiple match patterns",
Expand All @@ -62,10 +62,10 @@ func Test_linuxOS_updateKubeletArguments(t *testing.T) {
},
},
args: args{line: ""},
outputConfigPath: dir + "/" + constants.CredProviderFile,
outputConfigPath: dir + "/" + credProviderFile,
configWantPath: "testdata/expected-config-multiple-patterns.yaml",
want: fmt.Sprintf(" --feature-gates=KubeletCredentialProviders=true "+
"--image-credential-provider-config=%s%s", dir, constants.CredProviderFile),
"--image-credential-provider-config=%s%s", dir, credProviderFile),
},
{
name: "skip credential provider if already provided",
Expand All @@ -79,9 +79,9 @@ func Test_linuxOS_updateKubeletArguments(t *testing.T) {
},
},
args: args{line: " --feature-gates=KubeletCredentialProviders=true"},
outputConfigPath: dir + "/" + constants.CredProviderFile,
outputConfigPath: dir + "/" + credProviderFile,
configWantPath: "testdata/expected-config.yaml",
want: fmt.Sprintf(" --image-credential-provider-config=%s%s", dir, constants.CredProviderFile),
want: fmt.Sprintf(" --image-credential-provider-config=%s%s", dir, credProviderFile),
},
{
name: "skip both cred provider and feature gate if provided",
Expand All @@ -95,7 +95,7 @@ func Test_linuxOS_updateKubeletArguments(t *testing.T) {
},
},
args: args{line: " --feature-gates=KubeletCredentialProviders=false --image-credential-provider-config=blah"},
outputConfigPath: dir + "/" + constants.CredProviderFile,
outputConfigPath: dir + "/" + credProviderFile,
configWantPath: "",
want: "",
},
Expand Down Expand Up @@ -158,7 +158,7 @@ func Test_linuxOS_UpdateAWSCredentials(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
dstFile := tt.fields.basePath + constants.CredOutFile
dstFile := tt.fields.basePath + credOutFile
c := &linuxOS{
profile: tt.fields.profile,
extraArgsPath: tt.fields.extraArgsPath,
Expand Down
29 changes: 0 additions & 29 deletions credentialproviderpackage/pkg/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,35 +4,6 @@ const (
// Credential Provider constants
DefaultImagePattern = "*.dkr.ecr.*.amazonaws.com"
DefaultCacheDuration = "30m"
CredProviderFile = "credential-provider-config.yaml"

// Aws Credentials
CredSrcPath = "/secrets/aws-creds/config"
Profile = "eksa-packages"
CredWatchData = "/secrets/aws-creds/..data"
CredWatchPath = "/secrets/aws-creds/"

// BottleRocket
SocketPath = "/run/api.sock"

// Linux
BinPath = "/eksa-binaries/"
BasePath = "/eksa-packages/"
CredOutFile = "aws-creds"
MountedExtraArgs = "/node-files/kubelet-extra-args"

// Binaries
ECRCredProviderBinary = "ecr-credential-provider"
IAMRolesSigningBinary = "aws_signing_helper"
)

type OSType string

const (
AmazonLinux OSType = "amazonlinux"
Ubuntu = "ubuntu"
Redhat = "redhat"
BottleRocket = "bottlerocket"
)

type CredentialProviderConfigOptions struct {
Expand Down

0 comments on commit 5b8853c

Please sign in to comment.