crossplane-contrib · MisterMX · Oct 4, 2024 · Oct 4, 2024
diff --git a/apis/eks/v1beta1/types.go b/apis/eks/v1beta1/types.go
@@ -45,9 +45,29 @@ const (
 	LogTypeScheduler         LogType = "scheduler"
 )
 
+// AuthenticationMode specifies the authentication mode of the cluster
+type AuthenticationMode string
+
+const (
+	AuthenticationModeApi             AuthenticationMode = "API"
+	AuthenticationModeApiAndConfigMap AuthenticationMode = "API_AND_CONFIG_MAP"
+	AuthenticationModeConfigMap       AuthenticationMode = "CONFIG_MAP"
+)
+
+type AccessConfig struct {
+	// The desired authentication mode for the cluster.
+	// +kubebuilder:validation:Enum=API;API_AND_CONFIG_MAP;CONFIG_MAP
+	// +optional
+	AuthenticationMode *AuthenticationMode `json:"authenticationMode,omitempty"`
+}
+
 // ClusterParameters define the desired state of an AWS Elastic Kubernetes
 // Service cluster.
 type ClusterParameters struct {
+	// The access configuration for the cluster.
+	// +optional
+	AccessConfig *AccessConfig `json:"accessConfig,omitempty"`
+
 	// TODO(muvaf): Region is a required field but in order to keep backward compatibility
 	// with old Provider type and not bear the cost of bumping to v1beta2, we're
 	// keeping it optional for now. Reconsider before v1beta2 or v1.

diff --git a/apis/eks/v1beta1/zz_generated.deepcopy.go b/apis/eks/v1beta1/zz_generated.deepcopy.go
diff --git a/package/crds/eks.aws.crossplane.io_clusters.yaml b/package/crds/eks.aws.crossplane.io_clusters.yaml
@@ -74,6 +74,17 @@ spec:
                   ClusterParameters define the desired state of an AWS Elastic Kubernetes
                   Service cluster.
                 properties:
+                  accessConfig:
+                    description: The access configuration for the cluster.
+                    properties:
+                      authenticationMode:
+                        description: The desired authentication mode for the cluster.
+                        enum:
+                        - API
+                        - API_AND_CONFIG_MAP
+                        - CONFIG_MAP
+                        type: string
+                    type: object
                   encryptionConfig:
                     description: The encryption configuration for the cluster.
                     items:

diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go
@@ -36,6 +36,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/tools/clientcmd"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	"k8s.io/utils/ptr"
 
 	"github.com/crossplane-contrib/provider-aws/apis/eks/v1beta1"
 	"github.com/crossplane-contrib/provider-aws/pkg/utils/jsonpatch"
@@ -231,6 +232,20 @@ func GenerateUpdateClusterConfigInputForVPC(name string, p *v1beta1.ClusterParam
 	return u
 }
 
+// GenerateUpdateClusterConfigInputForAccessConfig from ClusterParameters.
+func GenerateUpdateClusterConfigInputForAccessConfig(name string, p *v1beta1.ClusterParameters) *eks.UpdateClusterConfigInput {
+	u := &eks.UpdateClusterConfigInput{
+		Name: pointer.ToOrNilIfZeroValue(name),
+	}
+
+	if p.AccessConfig != nil && p.AccessConfig.AuthenticationMode != nil {
+		u.AccessConfig = &ekstypes.UpdateAccessConfigRequest{
+			AuthenticationMode: ekstypes.AuthenticationMode(string(*p.AccessConfig.AuthenticationMode)),
+		}
+	}
+	return u
+}
+
 // GenerateObservation is used to produce v1beta1.ClusterObservation from
 // ekstypes.Cluster.
 func GenerateObservation(cluster *ekstypes.Cluster) v1beta1.ClusterObservation {
@@ -345,6 +360,11 @@ func LateInitialize(in *v1beta1.ClusterParameters, cluster *ekstypes.Cluster) {
 			IPFamily:        v1beta1.IPFamily(cluster.KubernetesNetworkConfig.IpFamily),
 		}
 	}
+	if cluster.AccessConfig != nil {
+		in.AccessConfig = &v1beta1.AccessConfig{
+			AuthenticationMode: ptr.To(v1beta1.AuthenticationMode(string(cluster.AccessConfig.AuthenticationMode))),
+		}
+	}
 
 	in.RoleArn = pointer.LateInitializeValueFromPtr(in.RoleArn, cluster.RoleArn)
 	in.Version = pointer.LateInitialize(in.Version, cluster.Version)

diff --git a/pkg/clients/eks/eks_test.go b/pkg/clients/eks/eks_test.go
@@ -27,6 +27,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/ptr"
 
 	"github.com/crossplane-contrib/provider-aws/apis/eks/v1beta1"
 )
@@ -379,6 +380,70 @@ func TestGenerateUpdateClusterConfigInputForVPC(t *testing.T) {
 	}
 }
 
+func TestGenerateUpdateClusterConfigInputForAccessConfig(t *testing.T) {
+	type args struct {
+		name string
+		p    *v1beta1.ClusterParameters
+	}
+
+	cases := map[string]struct {
+		args args
+		want *eks.UpdateClusterConfigInput
+	}{
+		"AllFields": {
+			args: args{
+				name: clusterName,
+				p: &v1beta1.ClusterParameters{
+					EncryptionConfig: []v1beta1.EncryptionConfig{
+						{
+							Provider: v1beta1.Provider{
+								KeyArn: keyArn,
+							},
+							Resources: []string{"secrets"},
+						},
+					},
+					Logging: &v1beta1.Logging{
+						ClusterLogging: []v1beta1.LogSetup{
+							{
+								Enabled: &falseVal,
+								Types: []v1beta1.LogType{
+									v1beta1.LogTypeAPI,
+								},
+							},
+						},
+					},
+					ResourcesVpcConfig: v1beta1.VpcConfigRequest{
+						EndpointPrivateAccess: &trueVal,
+						EndpointPublicAccess:  &trueVal,
+						PublicAccessCidrs:     []string{"0.0.0.0/0"},
+					},
+					RoleArn: roleArn,
+					Tags:    map[string]string{"key": "val"},
+					Version: &version,
+					AccessConfig: &v1beta1.AccessConfig{
+						AuthenticationMode: ptr.To(v1beta1.AuthenticationModeApiAndConfigMap),
+					},
+				},
+			},
+			want: &eks.UpdateClusterConfigInput{
+				Name: &clusterName,
+				AccessConfig: &ekstypes.UpdateAccessConfigRequest{
+					AuthenticationMode: ekstypes.AuthenticationModeApiAndConfigMap,
+				},
+			},
+		},
+	}
+
+	for name, tc := range cases {
+		t.Run(name, func(t *testing.T) {
+			got := GenerateUpdateClusterConfigInputForAccessConfig(tc.args.name, tc.args.p)
+			if diff := cmp.Diff(tc.want, got, cmpopts.IgnoreTypes(document.NoSerde{})); diff != "" {
+				t.Errorf("r: -want, +got:\n%s", diff)
+			}
+		})
+	}
+}
+
 func TestGenerateObservation(t *testing.T) {
 	createTime := time.Now()
 	clusterArn := "my:arn"

diff --git a/pkg/controller/eks/cluster/cluster.go b/pkg/controller/eks/cluster/cluster.go
@@ -219,6 +219,10 @@ func (e *external) Update(ctx context.Context, mg resource.Managed) (managed.Ext
 		_, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForLogging(meta.GetExternalName(cr), patch))
 		return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateVersionFailed)
 	}
+	if patch.AccessConfig != nil {
+		_, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForAccessConfig(meta.GetExternalName(cr), patch))
+		return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateConfigFailed)
+	}
 	_, err = e.client.UpdateClusterConfig(ctx, eks.GenerateUpdateClusterConfigInputForVPC(meta.GetExternalName(cr), patch))
 	return managed.ExternalUpdate{}, errorutils.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateConfigFailed)
 }