From 887d764f23ad7f0618b2224425927a64ab1e0a00 Mon Sep 17 00:00:00 2001 From: Berk Dehrioglu Date: Thu, 21 Sep 2023 14:33:48 +0300 Subject: [PATCH] remove kiam leftovers --- .../awsmachinetemplate_controller_test.go | 34 ------------------- controllers/common_test.go | 21 ------------ pkg/iam/iam.go | 27 --------------- pkg/iam/route53_template.go | 7 ---- 4 files changed, 89 deletions(-) diff --git a/controllers/awsmachinetemplate_controller_test.go b/controllers/awsmachinetemplate_controller_test.go index d5d5351a..c75b8565 100644 --- a/controllers/awsmachinetemplate_controller_test.go +++ b/controllers/awsmachinetemplate_controller_test.go @@ -328,41 +328,7 @@ var _ = Describe("AWSMachineTemplateReconciler", func() { ReturnRoleArn: "arn:aws:iam::12345678:role/the-profile", }, - - // KIAM - { - ExpectedName: "test-cluster-IAMManager-Role", - - ExpectedAssumeRolePolicyDocument: `{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::12345678:role/the-profile" - }, - "Action": "sts:AssumeRole" - } - ] -} -`, - - ExpectedPolicyName: "control-plane-test-cluster-policy", - ExpectedPolicyDocument: `{ - "Version": "2012-10-17", - "Statement": { - "Action": "sts:AssumeRole", - "Resource": "*", - "Effect": "Allow" - } -} -`, - - ReturnRoleArn: "arn:aws:iam::999666333:role/test-cluster-IAMManager-Role", - }, - externalDnsRoleInfo, - certManagerRoleInfo, ALBControllerRoleInfo, } diff --git a/controllers/common_test.go b/controllers/common_test.go index 3c5dabfc..43a76770 100644 --- a/controllers/common_test.go +++ b/controllers/common_test.go @@ -14,13 +14,6 @@ var certManagerRoleInfo = RoleInfo{ ExpectedAssumeRolePolicyDocument: `{ "Version": "2012-10-17", "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::999666333:role/test-cluster-IAMManager-Role" - }, - "Action": "sts:AssumeRole" - }, { "Effect": "Allow", "Principal": { @@ -72,13 +65,6 @@ var externalDnsRoleInfo = RoleInfo{ ExpectedAssumeRolePolicyDocument: `{ "Version": "2012-10-17", "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::999666333:role/test-cluster-IAMManager-Role" - }, - "Action": "sts:AssumeRole" - }, { "Effect": "Allow", "Principal": { @@ -127,13 +113,6 @@ var ALBControllerRoleInfo = RoleInfo{ ExpectedAssumeRolePolicyDocument: `{ "Version": "2012-10-17", "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::999666333:role/test-cluster-IAMManager-Role" - }, - "Action": "sts:AssumeRole" - }, { "Effect": "Allow", "Principal": { diff --git a/pkg/iam/iam.go b/pkg/iam/iam.go index e147fa53..d27d8e4f 100644 --- a/pkg/iam/iam.go +++ b/pkg/iam/iam.go @@ -180,39 +180,12 @@ func (s *IAMService) generateRoute53RoleParams(roleTypeToReconcile string, awsAc return Route53RoleParams{}, err } - var principalRoleARN string - if s.principalRoleARN != "" { - principalRoleARN = s.principalRoleARN - } else { - i := &awsiam.GetRoleInput{ - RoleName: aws.String(roleName(KIAMRole, s.clusterName)), - } - - o, err := s.iamClient.GetRole(i) - if err != nil { - s.log.Error(err, "failed to fetch KIAM role") - return Route53RoleParams{}, err - } - - principalRoleARN = *o.Role.Arn - } - - if s.roleType == KIAMRole { - params := Route53RoleParams{ - EC2ServiceDomain: ec2ServiceDomain(s.region), - PrincipalRoleARN: principalRoleARN, - } - - return params, nil - } - params := Route53RoleParams{ EC2ServiceDomain: ec2ServiceDomain(s.region), AccountID: awsAccountID, CloudFrontDomain: cloudFrontDomain, Namespace: namespace, ServiceAccount: serviceAccount, - PrincipalRoleARN: principalRoleARN, } return params, nil diff --git a/pkg/iam/route53_template.go b/pkg/iam/route53_template.go index a801330a..2ad2bf76 100644 --- a/pkg/iam/route53_template.go +++ b/pkg/iam/route53_template.go @@ -3,13 +3,6 @@ package iam const trustIdentityPolicyKIAMAndIRSA = `{ "Version": "2012-10-17", "Statement": [ - { - "Effect": "Allow", - "Principal": { - "AWS": "{{.PrincipalRoleARN}}" - }, - "Action": "sts:AssumeRole" - }, { "Effect": "Allow", "Principal": {