From 1cf1124ad87bee9da9ab2518a159ea96d9b4b6ca Mon Sep 17 00:00:00 2001 From: Simon Wakenhut Date: Fri, 4 Oct 2024 08:53:11 +0200 Subject: [PATCH] feat(eks): Add accessConfig Signed-off-by: Simon Wakenhut --- apis/eks/v1beta1/types.go | 20 ++++++ apis/eks/v1beta1/zz_generated.deepcopy.go | 25 +++++++ .../crds/eks.aws.crossplane.io_clusters.yaml | 11 ++++ pkg/clients/eks/eks.go | 20 ++++++ pkg/clients/eks/eks_test.go | 65 +++++++++++++++++++ pkg/controller/eks/cluster/cluster.go | 4 ++ 6 files changed, 145 insertions(+) diff --git a/apis/eks/v1beta1/types.go b/apis/eks/v1beta1/types.go index e706868032..516d712f92 100644 --- a/apis/eks/v1beta1/types.go +++ b/apis/eks/v1beta1/types.go @@ -45,9 +45,29 @@ const ( LogTypeScheduler LogType = "scheduler" ) +// AuthenticationMode specifies the authentication mode of the cluster +type AuthenticationMode string + +const ( + AuthenticationModeApi AuthenticationMode = "API" + AuthenticationModeApiAndConfigMap AuthenticationMode = "API_AND_CONFIG_MAP" + AuthenticationModeConfigMap AuthenticationMode = "CONFIG_MAP" +) + +type AccessConfig struct { + // The desired authentication mode for the cluster. + // +kubebuilder:validation:Enum=API;API_AND_CONFIG_MAP;CONFIG_MAP + // +optional + AuthenticationMode *AuthenticationMode `json:"authenticationMode,omitempty"` +} + // ClusterParameters define the desired state of an AWS Elastic Kubernetes // Service cluster. type ClusterParameters struct { + // The access configuration for the cluster. + // +optional + AccessConfig *AccessConfig `json:"accessConfig,omitempty"` + // TODO(muvaf): Region is a required field but in order to keep backward compatibility // with old Provider type and not bear the cost of bumping to v1beta2, we're // keeping it optional for now. Reconsider before v1beta2 or v1. diff --git a/apis/eks/v1beta1/zz_generated.deepcopy.go b/apis/eks/v1beta1/zz_generated.deepcopy.go index 3fe379c349..a851d1394f 100644 --- a/apis/eks/v1beta1/zz_generated.deepcopy.go +++ b/apis/eks/v1beta1/zz_generated.deepcopy.go @@ -25,6 +25,26 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AccessConfig) DeepCopyInto(out *AccessConfig) { + *out = *in + if in.AuthenticationMode != nil { + in, out := &in.AuthenticationMode, &out.AuthenticationMode + *out = new(AuthenticationMode) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConfig. +func (in *AccessConfig) DeepCopy() *AccessConfig { + if in == nil { + return nil + } + out := new(AccessConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Cluster) DeepCopyInto(out *Cluster) { *out = *in @@ -110,6 +130,11 @@ func (in *ClusterObservation) DeepCopy() *ClusterObservation { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterParameters) DeepCopyInto(out *ClusterParameters) { *out = *in + if in.AccessConfig != nil { + in, out := &in.AccessConfig, &out.AccessConfig + *out = new(AccessConfig) + (*in).DeepCopyInto(*out) + } if in.Region != nil { in, out := &in.Region, &out.Region *out = new(string) diff --git a/package/crds/eks.aws.crossplane.io_clusters.yaml b/package/crds/eks.aws.crossplane.io_clusters.yaml index 4d54913314..7cb8d9c006 100644 --- a/package/crds/eks.aws.crossplane.io_clusters.yaml +++ b/package/crds/eks.aws.crossplane.io_clusters.yaml @@ -74,6 +74,17 @@ spec: ClusterParameters define the desired state of an AWS Elastic Kubernetes Service cluster. properties: + accessConfig: + description: The access configuration for the cluster. + properties: + authenticationMode: + description: The desired authentication mode for the cluster. + enum: + - API + - API_AND_CONFIG_MAP + - CONFIG_MAP + type: string + type: object encryptionConfig: description: The encryption configuration for the cluster. items: diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go index 85c5792d5a..8029a35440 100644 --- a/pkg/clients/eks/eks.go +++ b/pkg/clients/eks/eks.go @@ -36,6 +36,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + "k8s.io/utils/ptr" "github.com/crossplane-contrib/provider-aws/apis/eks/v1beta1" "github.com/crossplane-contrib/provider-aws/pkg/utils/jsonpatch" @@ -231,6 +232,20 @@ func GenerateUpdateClusterConfigInputForVPC(name string, p *v1beta1.ClusterParam return u } +// GenerateUpdateClusterConfigInputForAccessConfig from ClusterParameters. +func GenerateUpdateClusterConfigInputForAccessConfig(name string, p *v1beta1.ClusterParameters) *eks.UpdateClusterConfigInput { + u := &eks.UpdateClusterConfigInput{ + Name: pointer.ToOrNilIfZeroValue(name), + } + + if p.AccessConfig != nil && p.AccessConfig.AuthenticationMode != nil { + u.AccessConfig = &ekstypes.UpdateAccessConfigRequest{ + AuthenticationMode: ekstypes.AuthenticationMode(string(*p.AccessConfig.AuthenticationMode)), + } + } + return u +} + // GenerateObservation is used to produce v1beta1.ClusterObservation from // ekstypes.Cluster. func GenerateObservation(cluster *ekstypes.Cluster) v1beta1.ClusterObservation { @@ -345,6 +360,11 @@ func LateInitialize(in *v1beta1.ClusterParameters, cluster *ekstypes.Cluster) { IPFamily: v1beta1.IPFamily(cluster.KubernetesNetworkConfig.IpFamily), } } + if cluster.AccessConfig != nil { + in.AccessConfig = &v1beta1.AccessConfig{ + AuthenticationMode: ptr.To(v1beta1.AuthenticationMode(string(cluster.AccessConfig.AuthenticationMode))), + } + } in.RoleArn = pointer.LateInitializeValueFromPtr(in.RoleArn, cluster.RoleArn) in.Version = pointer.LateInitialize(in.Version, cluster.Version) diff --git a/pkg/clients/eks/eks_test.go b/pkg/clients/eks/eks_test.go index b744df29a8..b794d96821 100644 --- a/pkg/clients/eks/eks_test.go +++ b/pkg/clients/eks/eks_test.go @@ -27,6 +27,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "github.com/crossplane-contrib/provider-aws/apis/eks/v1beta1" ) @@ -379,6 +380,70 @@ func TestGenerateUpdateClusterConfigInputForVPC(t *testing.T) { } } +func TestGenerateUpdateClusterConfigInputForAccessConfig(t *testing.T) { + type args struct { + name string + p *v1beta1.ClusterParameters + } + + cases := map[string]struct { + args args + want *eks.UpdateClusterConfigInput + }{ + "AllFields": { + args: args{ + name: clusterName, + p: &v1beta1.ClusterParameters{ + EncryptionConfig: []v1beta1.EncryptionConfig{ + { + Provider: v1beta1.Provider{ + KeyArn: keyArn, + }, + Resources: []string{"secrets"}, + }, + }, + Logging: &v1beta1.Logging{ + ClusterLogging: []v1beta1.LogSetup{ + { + Enabled: &falseVal, + Types: []v1beta1.LogType{ + v1beta1.LogTypeAPI, + }, + }, + }, + }, + ResourcesVpcConfig: v1beta1.VpcConfigRequest{ + EndpointPrivateAccess: &trueVal, + EndpointPublicAccess: &trueVal, + PublicAccessCidrs: []string{"0.0.0.0/0"}, + }, + RoleArn: roleArn, + Tags: map[string]string{"key": "val"}, + Version: &version, + AccessConfig: &v1beta1.AccessConfig{ + AuthenticationMode: ptr.To(v1beta1.AuthenticationModeApiAndConfigMap), + }, + }, + }, + want: &eks.UpdateClusterConfigInput{ + Name: &clusterName, + AccessConfig: &ekstypes.UpdateAccessConfigRequest{ + AuthenticationMode: ekstypes.AuthenticationModeApiAndConfigMap, + }, + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + got := GenerateUpdateClusterConfigInputForAccessConfig(tc.args.name, tc.args.p) + if diff := cmp.Diff(tc.want, got, cmpopts.IgnoreTypes(document.NoSerde{})); diff != "" { + t.Errorf("r: -want, +got:\n%s", diff) + } + }) + } +} + func TestGenerateObservation(t *testing.T) { createTime := time.Now() clusterArn := "my:arn" diff --git a/pkg/controller/eks/cluster/cluster.go b/pkg/controller/eks/cluster/cluster.go index d17f5a9629..e18e2e8dc2 100644 --- a/pkg/controller/eks/cluster/cluster.go +++ b/pkg/controller/eks/cluster/cluster.go @@ -219,6 +219,10 @@ func (e *external) Update(ctx context.Context, mg resource.Managed) (managed.Ext _, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForLogging(meta.GetExternalName(cr), patch)) return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateVersionFailed) } + if patch.AccessConfig != nil { + _, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForAccessConfig(meta.GetExternalName(cr), patch)) + return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateConfigFailed) + } _, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForVPC(meta.GetExternalName(cr), patch)) return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateConfigFailed) }