Skip to content

Commit

Permalink
fix-tests
Browse files Browse the repository at this point in the history
  • Loading branch information
calvix committed Nov 2, 2023
1 parent 875368a commit 27aff14
Show file tree
Hide file tree
Showing 3 changed files with 162 additions and 2 deletions.
1 change: 1 addition & 0 deletions controllers/awsmachinetemplate_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,7 @@ var _ = Describe("AWSMachineTemplateReconciler", func() {
externalDnsRoleInfo,
certManagerRoleInfo,
ALBControllerRoleInfo,
ebsCsiDriverRoleInfo,
}

expectedIAMTags := []*iam.Tag{
Expand Down
160 changes: 160 additions & 0 deletions controllers/common_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -374,3 +374,163 @@ var ALBControllerRoleInfo = RoleInfo{

ReturnRoleArn: "arn:aws:iam::55554444:role/test-cluster-ALBController-Role",
}

var ebsCsiDriverRoleInfo = RoleInfo{
ExpectedName: "test-cluster-ebs-csi-driver",

ExpectedAssumeRolePolicyDocument: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::012345678901:oidc-provider/irsa.test.gaws.gigantic.io"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"irsa.test.gaws.gigantic.io:sub": "system:serviceaccount:kube-system:ebs-csi-driver-sa"
}
}
}
]
}
`,

ExpectedPolicyName: "control-plane-test-cluster-policy",
ExpectedPolicyDocument: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*"
],
"Condition": {
"StringEquals": {
"ec2:CreateAction": [
"CreateVolume",
"CreateSnapshot"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteTags"
],
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"aws:RequestTag/ebs.csi.aws.com/cluster": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"aws:RequestTag/CSIVolumeName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/CSIVolumeName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteSnapshot"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/CSIVolumeSnapshotName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteSnapshot"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
}
}
}
]
}`,

ReturnRoleArn: "arn:aws:iam::55554444:role/test-cluster-ebs-csi-driver",
}
3 changes: 1 addition & 2 deletions pkg/iam/ebs_csi_driver_template.go
Original file line number Diff line number Diff line change
Expand Up @@ -132,5 +132,4 @@ const EBSCSIDriverPolicyTemplate = `{
}
}
]
}
`
}`

0 comments on commit 27aff14

Please sign in to comment.