From a53494efbcfbc9aaff68edff9549354a057c4a96 Mon Sep 17 00:00:00 2001 From: Tanvir Tatla Date: Fri, 6 Dec 2024 14:51:49 -0800 Subject: [PATCH] fix iam kubeconfig generation in workload clusters (#9048) --- pkg/clustermanager/cluster_manager.go | 8 +++--- pkg/workflows/interfaces/interfaces.go | 9 ++++++- pkg/workflows/interfaces/mocks/clients.go | 26 ++++++++++++++----- pkg/workflows/management/create_test.go | 2 +- .../management/write_cluster_config.go | 2 +- pkg/workflows/workload/create_test.go | 4 +-- pkg/workflows/workload/upgrade_test.go | 4 +-- pkg/workflows/workload/writeclusterconfig.go | 2 +- 8 files changed, 39 insertions(+), 18 deletions(-) diff --git a/pkg/clustermanager/cluster_manager.go b/pkg/clustermanager/cluster_manager.go index a0ec614c7b5d..1d7ba538c181 100644 --- a/pkg/clustermanager/cluster_manager.go +++ b/pkg/clustermanager/cluster_manager.go @@ -395,8 +395,8 @@ func (c *ClusterManager) waitForDeployments(ctx context.Context, deploymentsByNa return nil } -// GenerateIamAuthKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client. -func (c *ClusterManager) GenerateIamAuthKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error { +// GenerateWorkloadAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client. +func (c *ClusterManager) GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error { return c.awsIamAuth.GenerateKubeconfig(ctx, management, workload, spec) } @@ -835,8 +835,8 @@ func (c *ClusterManager) pauseReconcileForCluster(ctx context.Context, clusterCr return nil } -// GenerateAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client. -func (c *ClusterManager) GenerateAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error { +// GenerateManagementAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client. +func (c *ClusterManager) GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error { return c.awsIamAuth.GenerateManagementAWSIAMKubeconfig(ctx, cluster) } diff --git a/pkg/workflows/interfaces/interfaces.go b/pkg/workflows/interfaces/interfaces.go index 182765cc4720..5105a1b1ec1d 100644 --- a/pkg/workflows/interfaces/interfaces.go +++ b/pkg/workflows/interfaces/interfaces.go @@ -41,7 +41,8 @@ type ClusterManager interface { GetCurrentClusterSpec(ctx context.Context, cluster *types.Cluster, clusterName string) (*cluster.Spec, error) Upgrade(ctx context.Context, cluster *types.Cluster, currentManagementComponents, newManagementComponents *cluster.ManagementComponents, newSpec *cluster.Spec) (*types.ChangeDiff, error) CreateRegistryCredSecret(ctx context.Context, mgmt *types.Cluster) error - GenerateAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error + GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error + GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error ResumeEKSAControllerReconcile(ctx context.Context, cluster *types.Cluster, clusterSpec *cluster.Spec, provider providers.Provider) error AllowDeleteWhilePaused(ctx context.Context, cluster *types.Cluster, clusterSpec *cluster.Spec) error } @@ -107,3 +108,9 @@ type ClusterDeleter interface { type ClusterMover interface { Move(ctx context.Context, spec *cluster.Spec, srcClient, dstClient kubernetes.Client) error } + +// AwsIamAuth is responsible for managing iam kubeconfigs. +type AwsIamAuth interface { + GenerateKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error + GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error +} diff --git a/pkg/workflows/interfaces/mocks/clients.go b/pkg/workflows/interfaces/mocks/clients.go index bdb7d47c53cf..3ed23a428178 100644 --- a/pkg/workflows/interfaces/mocks/clients.go +++ b/pkg/workflows/interfaces/mocks/clients.go @@ -197,18 +197,32 @@ func (mr *MockClusterManagerMockRecorder) CreateRegistryCredSecret(arg0, arg1 in return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateRegistryCredSecret", reflect.TypeOf((*MockClusterManager)(nil).CreateRegistryCredSecret), arg0, arg1) } -// GenerateAWSIAMKubeconfig mocks base method. -func (m *MockClusterManager) GenerateAWSIAMKubeconfig(arg0 context.Context, arg1 *types.Cluster) error { +// GenerateManagementAWSIAMKubeconfig mocks base method. +func (m *MockClusterManager) GenerateManagementAWSIAMKubeconfig(arg0 context.Context, arg1 *types.Cluster) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "GenerateAWSIAMKubeconfig", arg0, arg1) + ret := m.ctrl.Call(m, "GenerateManagementAWSIAMKubeconfig", arg0, arg1) ret0, _ := ret[0].(error) return ret0 } -// GenerateAWSIAMKubeconfig indicates an expected call of GenerateAWSIAMKubeconfig. -func (mr *MockClusterManagerMockRecorder) GenerateAWSIAMKubeconfig(arg0, arg1 interface{}) *gomock.Call { +// GenerateManagementAWSIAMKubeconfig indicates an expected call of GenerateManagementAWSIAMKubeconfig. +func (mr *MockClusterManagerMockRecorder) GenerateManagementAWSIAMKubeconfig(arg0, arg1 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GenerateAWSIAMKubeconfig", reflect.TypeOf((*MockClusterManager)(nil).GenerateAWSIAMKubeconfig), arg0, arg1) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GenerateManagementAWSIAMKubeconfig", reflect.TypeOf((*MockClusterManager)(nil).GenerateManagementAWSIAMKubeconfig), arg0, arg1) +} + +// GenerateWorkloadAWSIAMKubeconfig mocks base method. +func (m *MockClusterManager) GenerateWorkloadAWSIAMKubeconfig(arg0 context.Context, arg1, arg2 *types.Cluster, arg3 *cluster.Spec) error { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GenerateWorkloadAWSIAMKubeconfig", arg0, arg1, arg2, arg3) + ret0, _ := ret[0].(error) + return ret0 +} + +// GenerateWorkloadAWSIAMKubeconfig indicates an expected call of GenerateWorkloadAWSIAMKubeconfig. +func (mr *MockClusterManagerMockRecorder) GenerateWorkloadAWSIAMKubeconfig(arg0, arg1, arg2, arg3 interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GenerateWorkloadAWSIAMKubeconfig", reflect.TypeOf((*MockClusterManager)(nil).GenerateWorkloadAWSIAMKubeconfig), arg0, arg1, arg2, arg3) } // GetCurrentClusterSpec mocks base method. diff --git a/pkg/workflows/management/create_test.go b/pkg/workflows/management/create_test.go index 010319aaacb3..2c6e3abbeae5 100644 --- a/pkg/workflows/management/create_test.go +++ b/pkg/workflows/management/create_test.go @@ -908,7 +908,7 @@ func TestCreateWriteConfigAWSIAMFailure(t *testing.T) { test.expectDatacenterConfig() test.expectMachineConfigs() - test.clusterManager.EXPECT().GenerateAWSIAMKubeconfig(test.ctx, test.workloadCluster).Return(errors.New("test")) + test.clusterManager.EXPECT().GenerateManagementAWSIAMKubeconfig(test.ctx, test.workloadCluster).Return(errors.New("test")) test.clusterManager.EXPECT().SaveLogsManagementCluster( test.ctx, test.clusterSpec, test.bootstrapCluster, diff --git a/pkg/workflows/management/write_cluster_config.go b/pkg/workflows/management/write_cluster_config.go index 2904c9b39a01..e0790e4172b3 100644 --- a/pkg/workflows/management/write_cluster_config.go +++ b/pkg/workflows/management/write_cluster_config.go @@ -52,7 +52,7 @@ func (s *writeCreateClusterConfig) Run(ctx context.Context, commandContext *task if commandContext.ClusterSpec.AWSIamConfig != nil { logger.Info("Generating the aws iam kubeconfig file") - err = commandContext.ClusterManager.GenerateAWSIAMKubeconfig(ctx, commandContext.WorkloadCluster) + err = commandContext.ClusterManager.GenerateManagementAWSIAMKubeconfig(ctx, commandContext.WorkloadCluster) if err != nil { commandContext.SetError(err) return &workflows.CollectDiagnosticsTask{} diff --git a/pkg/workflows/workload/create_test.go b/pkg/workflows/workload/create_test.go index 5005ca2b5d32..c67c8e200f26 100644 --- a/pkg/workflows/workload/create_test.go +++ b/pkg/workflows/workload/create_test.go @@ -176,8 +176,8 @@ func (c *createTestSetup) expectInstallGitOpsManager(err error) { } func (c *createTestSetup) expectAWSIAMAuthKubeconfig(err error) { - c.clusterManager.EXPECT().GenerateAWSIAMKubeconfig( - c.ctx, c.clusterSpec.ManagementCluster).Return(err) + c.clusterManager.EXPECT().GenerateWorkloadAWSIAMKubeconfig( + c.ctx, c.clusterSpec.ManagementCluster, c.workloadCluster, c.clusterSpec).Return(err) } func (c *createTestSetup) expectWrite() { diff --git a/pkg/workflows/workload/upgrade_test.go b/pkg/workflows/workload/upgrade_test.go index 00764b9804b8..ea51a00dba4c 100644 --- a/pkg/workflows/workload/upgrade_test.go +++ b/pkg/workflows/workload/upgrade_test.go @@ -136,8 +136,8 @@ func (c *upgradeTestSetup) expectWriteWorkloadClusterConfig(err error) { } func (c *upgradeTestSetup) expectWithoutAWSIAMAuthKubeconfig(err error) { - c.clusterManager.EXPECT().GenerateAWSIAMKubeconfig( - c.ctx, c.clusterSpec.ManagementCluster).Return(err).Times(0) + c.clusterManager.EXPECT().GenerateWorkloadAWSIAMKubeconfig( + c.ctx, c.clusterSpec.ManagementCluster, c.workloadCluster, c.clusterSpec).Return(err).Times(0) } func (c *upgradeTestSetup) expectDatacenterConfig() { diff --git a/pkg/workflows/workload/writeclusterconfig.go b/pkg/workflows/workload/writeclusterconfig.go index 5cc563b3d180..f51e83baa0be 100644 --- a/pkg/workflows/workload/writeclusterconfig.go +++ b/pkg/workflows/workload/writeclusterconfig.go @@ -23,7 +23,7 @@ func (s *writeClusterConfig) Run(ctx context.Context, commandContext *task.Comma // Generate AWS IAM kubeconfig only for cluster creation step if commandContext.CurrentClusterSpec == nil && commandContext.ClusterSpec.AWSIamConfig != nil { logger.Info("Generating the aws iam kubeconfig file") - err = commandContext.ClusterManager.GenerateAWSIAMKubeconfig(ctx, commandContext.ManagementCluster) + err = commandContext.ClusterManager.GenerateWorkloadAWSIAMKubeconfig(ctx, commandContext.ManagementCluster, commandContext.WorkloadCluster, commandContext.ClusterSpec) if err != nil { commandContext.SetError(err) logger.Error(err, "Generating the aws iam kubeconfig file")