refactor aws iam auth in cli workflow

aws · Dec 6, 2024 · a209eaa · a209eaa
1 parent a53494e
commit a209eaa
Show file tree

Hide file tree

Showing 24 changed files with 213 additions and 174 deletions.
diff --git a/Makefile b/Makefile
@@ -560,14 +560,14 @@ mocks: ## Generate mocks
 	${MOCKGEN} -destination=pkg/providers/vsphere/setupuser/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/providers/vsphere/setupuser" GovcClient
 	${MOCKGEN} -destination=pkg/govmomi/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/govmomi" VSphereClient,VMOMIAuthorizationManager,VMOMIFinder,VMOMISessionBuilder,VMOMIFinderBuilder,VMOMIAuthorizationManagerBuilder
 	${MOCKGEN} -destination=pkg/filewriter/mocks/filewriter.go -package=mocks "github.com/aws/eks-anywhere/pkg/filewriter" FileWriter
-	${MOCKGEN} -destination=pkg/clustermanager/mocks/client_and_networking.go -package=mocks "github.com/aws/eks-anywhere/pkg/clustermanager" ClusterClient,AwsIamAuth,EKSAComponents,KubernetesClient,ClientFactory,ClusterApplier,CAPIClient
+	${MOCKGEN} -destination=pkg/clustermanager/mocks/client_and_networking.go -package=mocks "github.com/aws/eks-anywhere/pkg/clustermanager" ClusterClient,EKSAComponents,KubernetesClient,ClientFactory,ClusterApplier,CAPIClient
 	${MOCKGEN} -destination=pkg/gitops/flux/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/gitops/flux" FluxClient,KubeClient,GitOpsFluxClient,GitClient,Templater
 	${MOCKGEN} -destination=pkg/task/mocks/task.go -package=mocks "github.com/aws/eks-anywhere/pkg/task" Task
 	${MOCKGEN} -destination=pkg/bootstrapper/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/bootstrapper" KindClient,KubernetesClient
 	${MOCKGEN} -destination=pkg/bootstrapper/mocks/bootstrapper.go -package=mocks "github.com/aws/eks-anywhere/pkg/bootstrapper" ClusterClient
 	${MOCKGEN} -destination=pkg/git/providers/github/mocks/github.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/providers/github" GithubClient
 	${MOCKGEN} -destination=pkg/git/mocks/git.go -package=mocks "github.com/aws/eks-anywhere/pkg/git" Client,ProviderClient
-	${MOCKGEN} -destination=pkg/workflows/interfaces/mocks/clients.go -package=mocks "github.com/aws/eks-anywhere/pkg/workflows/interfaces" Bootstrapper,ClusterManager,GitOpsManager,Validator,CAPIManager,EksdInstaller,EksdUpgrader,PackageManager,ClusterUpgrader,ClusterCreator,ClientFactory,EksaInstaller,ClusterDeleter,ClusterMover
+	${MOCKGEN} -destination=pkg/workflows/interfaces/mocks/clients.go -package=mocks "github.com/aws/eks-anywhere/pkg/workflows/interfaces" Bootstrapper,ClusterManager,GitOpsManager,Validator,CAPIManager,EksdInstaller,EksdUpgrader,PackageManager,ClusterUpgrader,ClusterCreator,ClientFactory,EksaInstaller,ClusterDeleter,ClusterMover,AwsIamAuth
 	${MOCKGEN} -destination=pkg/git/gogithub/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/gogithub" Client
 	${MOCKGEN} -destination=pkg/git/gitclient/mocks/client.go -package=mocks "github.com/aws/eks-anywhere/pkg/git/gitclient" GoGit
 	${MOCKGEN} -destination=pkg/validations/mocks/docker.go -package=mocks "github.com/aws/eks-anywhere/pkg/validations" DockerExecutable

diff --git a/cmd/eksctl-anywhere/cmd/createcluster.go b/cmd/eksctl-anywhere/cmd/createcluster.go
@@ -249,6 +249,7 @@ func (cc *createClusterOptions) createCluster(cmd *cobra.Command, _ []string) er
 
 		err = wflw.Run(ctx)
 	} else if clusterConfig.IsManaged() {
+		opts := getCreateWorkloadWorkflowOpts(clusterSpec, deps)
 		createWorkloadCluster := workload.NewCreate(
 			deps.Provider,
 			deps.ClusterManager,
@@ -258,12 +259,13 @@ func (cc *createClusterOptions) createCluster(cmd *cobra.Command, _ []string) er
 			deps.PackageManager,
 			deps.ClusterCreator,
 			deps.UnAuthKubectlClient,
+			opts...,
 		)
 		err = createWorkloadCluster.Run(ctx, clusterSpec, createValidations)
 
 	} else if clusterSpec.Cluster.IsSelfManaged() {
 		logger.V(1).Info("Using the eksa controller to create the management cluster")
-
+		opts := getCreateManagementWorkflowOpts(clusterSpec, deps)
 		createMgmtCluster := management.NewCreate(
 			deps.Bootstrapper,
 			deps.UnAuthKubeClient,
@@ -276,6 +278,7 @@ func (cc *createClusterOptions) createCluster(cmd *cobra.Command, _ []string) er
 			deps.ClusterCreator,
 			deps.EksaInstaller,
 			deps.ClusterMover,
+			opts...,
 		)
 
 		err = createMgmtCluster.Run(ctx, clusterSpec, createValidations)

diff --git a/cmd/eksctl-anywhere/cmd/options.go b/cmd/eksctl-anywhere/cmd/options.go
@@ -27,6 +27,8 @@ import (
 	"github.com/aws/eks-anywhere/pkg/types"
 	"github.com/aws/eks-anywhere/pkg/validations"
 	"github.com/aws/eks-anywhere/pkg/version"
+	"github.com/aws/eks-anywhere/pkg/workflows/management"
+	"github.com/aws/eks-anywhere/pkg/workflows/workload"
 	releasev1 "github.com/aws/eks-anywhere/release/api/v1alpha1"
 )
 
@@ -382,3 +384,35 @@ func (c *clusterOptions) cloudStackDirectoriesToMount() ([]string, error) {
 	}
 	return dirs, nil
 }
+
+func getCreateManagementWorkflowOpts(clusterSpec *cluster.Spec, deps *dependencies.Dependencies) []management.CreateOpts {
+	opts := make([]management.CreateOpts, 0)
+	if clusterSpec.AWSIamConfig != nil {
+		opts = append(opts, management.WithIamAuth(deps.AwsIamAuth))
+	}
+	return opts
+}
+
+func getUpgradeManagementWorkflowOpts(clusterSpec *cluster.Spec, deps *dependencies.Dependencies) []management.UpgradeOpts {
+	opts := make([]management.UpgradeOpts, 0)
+	if clusterSpec.AWSIamConfig != nil {
+		opts = append(opts, management.WithIamAuthUpgrade(deps.AwsIamAuth))
+	}
+	return opts
+}
+
+func getCreateWorkloadWorkflowOpts(clusterSpec *cluster.Spec, deps *dependencies.Dependencies) []workload.CreateOpts {
+	opts := make([]workload.CreateOpts, 0)
+	if clusterSpec.AWSIamConfig != nil {
+		opts = append(opts, workload.WithIamAuth(deps.AwsIamAuth))
+	}
+	return opts
+}
+
+func getUpgradeWorkloadWorkflowOpts(clusterSpec *cluster.Spec, deps *dependencies.Dependencies) []workload.UpgradeOpts {
+	opts := make([]workload.UpgradeOpts, 0)
+	if clusterSpec.AWSIamConfig != nil {
+		opts = append(opts, workload.WithIamAuthUpgrade(deps.AwsIamAuth))
+	}
+	return opts
+}
diff --git a/cmd/eksctl-anywhere/cmd/upgradecluster.go b/cmd/eksctl-anywhere/cmd/upgradecluster.go
@@ -203,6 +203,7 @@ func (uc *upgradeClusterOptions) upgradeCluster(cmd *cobra.Command, args []strin
 	upgradeValidations := upgradevalidations.New(validationOpts)
 
 	if clusterConfig.IsSelfManaged() {
+		opts := getUpgradeManagementWorkflowOpts(clusterSpec, deps)
 		upgrade := management.NewUpgrade(
 			deps.UnAuthKubeClient,
 			deps.Provider,
@@ -214,11 +215,13 @@ func (uc *upgradeClusterOptions) upgradeCluster(cmd *cobra.Command, args []strin
 			deps.EksdInstaller,
 			deps.ClusterApplier,
 			deps.PackageManager,
+			opts...,
 		)
 
 		err = upgrade.Run(ctx, clusterSpec, managementCluster, upgradeValidations)
 
 	} else {
+		opts := getUpgradeWorkloadWorkflowOpts(clusterSpec, deps)
 		upgradeWorkloadCluster := workload.NewUpgrade(
 			deps.UnAuthKubeClient,
 			deps.Provider,
@@ -228,6 +231,7 @@ func (uc *upgradeClusterOptions) upgradeCluster(cmd *cobra.Command, args []strin
 			deps.ClusterApplier,
 			deps.EksdInstaller,
 			deps.PackageManager,
+			opts...,
 		)
 		err = upgradeWorkloadCluster.Run(ctx, workloadCluster, clusterSpec, upgradeValidations)
 	}

diff --git a/pkg/awsiamauth/installer.go b/pkg/awsiamauth/installer.go
@@ -81,7 +81,7 @@ func (i *Installer) InstallAWSIAMAuth(
 		return fmt.Errorf("applying aws-iam-authenticator manifest: %v", err)
 	}
 
-	if err = i.GenerateKubeconfig(ctx, management, workload, spec); err != nil {
+	if err = i.GenerateWorkloadKubeconfig(ctx, management, workload, spec); err != nil {
 		return err
 	}
 	return nil
@@ -118,8 +118,8 @@ func (i *Installer) generateInstallerKubeconfig(clusterSpec *cluster.Spec, serve
 	return i.templateBuilder.GenerateKubeconfig(clusterSpec, i.clusterID, serverURL, tlsCert)
 }
 
-// GenerateKubeconfig generates the AWS IAM auth kubeconfig.
-func (i *Installer) GenerateKubeconfig(
+// GenerateWorkloadKubeconfig generates the AWS IAM auth kubeconfig.
+func (i *Installer) GenerateWorkloadKubeconfig(
 	ctx context.Context,
 	management, workload *types.Cluster,
 	spec *cluster.Spec,
@@ -160,8 +160,8 @@ func (i *Installer) GenerateKubeconfig(
 	return nil
 }
 
-// GenerateManagementAWSIAMKubeconfig generates the AWS IAM auth kubeconfig.
-func (i *Installer) GenerateManagementAWSIAMKubeconfig(
+// GenerateManagementKubeconfig generates the AWS IAM auth kubeconfig.
+func (i *Installer) GenerateManagementKubeconfig(
 	ctx context.Context,
 	cluster *types.Cluster,
 ) error {

diff --git a/pkg/awsiamauth/installer_test.go b/pkg/awsiamauth/installer_test.go
@@ -355,7 +355,7 @@ func TestGenerateManagementAWSIAMKubeconfig(t *testing.T) {
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 	kwriter.EXPECT().WriteKubeconfigContent(ctx, cluster.Name, secretValue, fileWriter)
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -381,7 +381,7 @@ func TestGenerateManagementAWSIAMKubeconfigError(t *testing.T) {
 	kwriter := kubeconfigmocks.NewMockWriter(ctrl)
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err == nil {
 		t.Fatal(err)
 	}
@@ -410,7 +410,7 @@ func TestGenerateAWSIAMKubeconfigError(t *testing.T) {
 	installer := awsiamauth.NewInstaller(certs, clusterID, k8s, writer, kwriter)
 	kwriter.EXPECT().WriteKubeconfigContent(ctx, cluster.Name, secretValue, fileWriter).Return(errors.New("test"))
 
-	err := installer.GenerateManagementAWSIAMKubeconfig(context.Background(), cluster)
+	err := installer.GenerateManagementKubeconfig(context.Background(), cluster)
 	if err == nil {
 		t.Fatal(err)
 	}

diff --git a/pkg/clustermanager/cluster_manager.go b/pkg/clustermanager/cluster_manager.go
@@ -71,7 +71,6 @@ type ClusterManager struct {
 	retrier            *retrier.Retrier
 	writer             filewriter.FileWriter
 	diagnosticsFactory diagnostics.DiagnosticBundleFactory
-	awsIamAuth         AwsIamAuth
 
 	machineMaxWait                   time.Duration
 	machineBackoff                   time.Duration
@@ -100,14 +99,6 @@ type CAPIClient interface {
 	GetWorkloadKubeconfig(ctx context.Context, clusterName string, cluster *types.Cluster) ([]byte, error)
 }
 
-type AwsIamAuth interface {
-	CreateAndInstallAWSIAMAuthCASecret(ctx context.Context, managementCluster *types.Cluster, workloadClusterName string) error
-	InstallAWSIAMAuth(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
-	UpgradeAWSIAMAuth(ctx context.Context, cluster *types.Cluster, spec *cluster.Spec) error
-	GenerateKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error
-	GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error
-}
-
 // EKSAComponents allows to manage the eks-a components installation in a cluster.
 type EKSAComponents interface {
 	Install(ctx context.Context, log logr.Logger, cluster *types.Cluster, managementComponents *cluster.ManagementComponents, spec *cluster.Spec) error
@@ -122,7 +113,7 @@ func DefaultRetrier() *retrier.Retrier {
 }
 
 // New constructs a new ClusterManager.
-func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.FileWriter, diagnosticBundleFactory diagnostics.DiagnosticBundleFactory, awsIamAuth AwsIamAuth, eksaComponents EKSAComponents, opts ...ClusterManagerOpt) *ClusterManager {
+func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.FileWriter, diagnosticBundleFactory diagnostics.DiagnosticBundleFactory, eksaComponents EKSAComponents, opts ...ClusterManagerOpt) *ClusterManager {
 	c := &ClusterManager{
 		eksaComponents:                   eksaComponents,
 		ClientFactory:                    client,
@@ -133,7 +124,6 @@ func New(client ClientFactory, clusterClient ClusterClient, writer filewriter.Fi
 		machineMaxWait:                   DefaultMaxWaitPerMachine,
 		machineBackoff:                   machineBackoff,
 		machinesMinWait:                  defaultMachinesMinWait,
-		awsIamAuth:                       awsIamAuth,
 		controlPlaneWaitTimeout:          DefaultControlPlaneWait,
 		controlPlaneWaitAfterMoveTimeout: DefaultControlPlaneWaitAfterMove,
 		externalEtcdWaitTimeout:          DefaultEtcdWait,
@@ -395,11 +385,6 @@ func (c *ClusterManager) waitForDeployments(ctx context.Context, deploymentsByNa
 	return nil
 }
 
-// GenerateWorkloadAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateWorkloadAWSIAMKubeconfig(ctx context.Context, management, workload *types.Cluster, spec *cluster.Spec) error {
-	return c.awsIamAuth.GenerateKubeconfig(ctx, management, workload, spec)
-}
-
 func (c *ClusterManager) SaveLogsManagementCluster(ctx context.Context, spec *cluster.Spec, cluster *types.Cluster) error {
 	if cluster == nil {
 		return nil
@@ -835,11 +820,6 @@ func (c *ClusterManager) pauseReconcileForCluster(ctx context.Context, clusterCr
 	return nil
 }
 
-// GenerateManagementAWSIAMKubeconfig generates a kubeconfig for interacting with the cluster with aws-iam-authenticator client.
-func (c *ClusterManager) GenerateManagementAWSIAMKubeconfig(ctx context.Context, cluster *types.Cluster) error {
-	return c.awsIamAuth.GenerateManagementAWSIAMKubeconfig(ctx, cluster)
-}
-
 func (c *ClusterManager) GetCurrentClusterSpec(ctx context.Context, clus *types.Cluster, clusterName string) (*cluster.Spec, error) {
 	eksaCluster, err := c.clusterClient.GetEksaCluster(ctx, clus, clusterName)
 	if err != nil {

diff --git a/pkg/clustermanager/cluster_manager_test.go b/pkg/clustermanager/cluster_manager_test.go
@@ -1024,7 +1024,6 @@ func newTest(t *testing.T, opts ...clustermanager.ClusterManagerOpt) *testSetup
 
 type clusterManagerMocks struct {
 	writer             *mockswriter.MockFileWriter
-	awsIamAuth         *mocksmanager.MockAwsIamAuth
 	client             *mocksmanager.MockClusterClient
 	provider           *mocksprovider.MockProvider
 	diagnosticsBundle  *mocksdiagnostics.MockDiagnosticBundle
@@ -1036,7 +1035,6 @@ func newClusterManager(t *testing.T, opts ...clustermanager.ClusterManagerOpt) (
 	mockCtrl := gomock.NewController(t)
 	m := &clusterManagerMocks{
 		writer:             mockswriter.NewMockFileWriter(mockCtrl),
-		awsIamAuth:         mocksmanager.NewMockAwsIamAuth(mockCtrl),
 		client:             mocksmanager.NewMockClusterClient(mockCtrl),
 		provider:           mocksprovider.NewMockProvider(mockCtrl),
 		diagnosticsFactory: mocksdiagnostics.NewMockDiagnosticBundleFactory(mockCtrl),
@@ -1068,7 +1066,7 @@ func newClusterManager(t *testing.T, opts ...clustermanager.ClusterManagerOpt) (
 	fakeClient := test.NewFakeKubeClient(dc, oc, b, r, ac, gc, er)
 	cf := mocksmanager.NewMockClientFactory(mockCtrl)
 	cf.EXPECT().BuildClientFromKubeconfig("").Return(fakeClient, nil).AnyTimes()
-	c := clustermanager.New(cf, m.client, m.writer, m.diagnosticsFactory, m.awsIamAuth, m.eksaComponents, opts...)
+	c := clustermanager.New(cf, m.client, m.writer, m.diagnosticsFactory, m.eksaComponents, opts...)
 
 	return c, m
 }

diff --git a/pkg/clustermanager/cluster_manager_wb_test.go b/pkg/clustermanager/cluster_manager_wb_test.go
@@ -62,7 +62,7 @@ func TestClusterManager_totalTimeoutForMachinesReadyWait(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			c := New(nil, nil, nil, nil, nil, nil, tt.opts...)
+			c := New(nil, nil, nil, nil, nil, tt.opts...)
 			g := NewWithT(t)
 			g.Expect(c.totalTimeoutForMachinesReadyWait(tt.replicas)).To(Equal(tt.want))
 		})

diff --git a/pkg/clustermanager/mocks/client_and_networking.go b/pkg/clustermanager/mocks/client_and_networking.go
diff --git a/pkg/dependencies/factory.go b/pkg/dependencies/factory.go
@@ -1009,7 +1009,6 @@ func (f *Factory) WithClusterManager(clusterConfig *v1alpha1.Cluster, timeoutOpt
 			client,
 			f.dependencies.Writer,
 			f.dependencies.DignosticCollectorFactory,
-			f.dependencies.AwsIamAuth,
 			f.dependencies.EksaInstaller,
 			f.clusterManagerOpts(timeoutOpts)...,
 		)