diff --git a/lib/cloud/clients.go b/lib/cloud/clients.go index ca1ca45a90ab5..3c7528e56da34 100644 --- a/lib/cloud/clients.go +++ b/lib/cloud/clients.go @@ -39,8 +39,6 @@ import ( "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/aws/request" awssession "github.com/aws/aws-sdk-go/aws/session" - "github.com/aws/aws-sdk-go/service/eks" - "github.com/aws/aws-sdk-go/service/eks/eksiface" "github.com/aws/aws-sdk-go/service/elasticache" "github.com/aws/aws-sdk-go/service/elasticache/elasticacheiface" "github.com/aws/aws-sdk-go/service/iam" @@ -596,14 +594,14 @@ func (c *cloudClients) GetAWSSTSClient(ctx context.Context, region string, opts return sts.New(session), nil } -// GetAWSEKSClient returns AWS EKS client for the specified region. -func (c *cloudClients) GetAWSEKSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (eksiface.EKSAPI, error) { - session, err := c.GetAWSSession(ctx, region, opts...) - if err != nil { - return nil, trace.Wrap(err) - } - return eks.New(session), nil -} +// // GetAWSEKSClient returns AWS EKS client for the specified region. +// func (c *cloudClients) GetAWSEKSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (eksiface.EKSAPI, error) { +// session, err := c.GetAWSSession(ctx, region, opts...) +// if err != nil { +// return nil, trace.Wrap(err) +// } +// return eks.New(session), nil +// } // GetAWSKMSClient returns AWS KMS client for the specified region. func (c *cloudClients) GetAWSKMSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (kmsiface.KMSAPI, error) { @@ -1029,22 +1027,22 @@ var _ Clients = (*TestCloudClients)(nil) // TestCloudClients are used in tests. type TestCloudClients struct { - RDS rdsiface.RDSAPI - RDSPerRegion map[string]rdsiface.RDSAPI - Redshift redshiftiface.RedshiftAPI - RedshiftServerless redshiftserverlessiface.RedshiftServerlessAPI - ElastiCache elasticacheiface.ElastiCacheAPI - OpenSearch opensearchserviceiface.OpenSearchServiceAPI - MemoryDB memorydbiface.MemoryDBAPI - SecretsManager secretsmanageriface.SecretsManagerAPI - IAM iamiface.IAMAPI - STS stsiface.STSAPI - GCPSQL gcp.SQLAdminClient - GCPGKE gcp.GKEClient - GCPProjects gcp.ProjectsClient - GCPInstances gcp.InstancesClient - InstanceMetadata imds.Client - EKS eksiface.EKSAPI + RDS rdsiface.RDSAPI + RDSPerRegion map[string]rdsiface.RDSAPI + Redshift redshiftiface.RedshiftAPI + RedshiftServerless redshiftserverlessiface.RedshiftServerlessAPI + ElastiCache elasticacheiface.ElastiCacheAPI + OpenSearch opensearchserviceiface.OpenSearchServiceAPI + MemoryDB memorydbiface.MemoryDBAPI + SecretsManager secretsmanageriface.SecretsManagerAPI + IAM iamiface.IAMAPI + STS stsiface.STSAPI + GCPSQL gcp.SQLAdminClient + GCPGKE gcp.GKEClient + GCPProjects gcp.ProjectsClient + GCPInstances gcp.InstancesClient + InstanceMetadata imds.Client + // EKS eksiface.EKSAPI KMS kmsiface.KMSAPI S3 s3iface.S3API AzureMySQL azure.DBServersClient @@ -1194,14 +1192,14 @@ func (c *TestCloudClients) GetAWSSTSClient(ctx context.Context, region string, o return c.STS, nil } -// GetAWSEKSClient returns AWS EKS client for the specified region. -func (c *TestCloudClients) GetAWSEKSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (eksiface.EKSAPI, error) { - _, err := c.GetAWSSession(ctx, region, opts...) - if err != nil { - return nil, trace.Wrap(err) - } - return c.EKS, nil -} +// // GetAWSEKSClient returns AWS EKS client for the specified region. +// func (c *TestCloudClients) GetAWSEKSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (eksiface.EKSAPI, error) { +// _, err := c.GetAWSSession(ctx, region, opts...) +// if err != nil { +// return nil, trace.Wrap(err) +// } +// return c.EKS, nil +// } // GetAWSKMSClient returns AWS KMS client for the specified region. func (c *TestCloudClients) GetAWSKMSClient(ctx context.Context, region string, opts ...AWSOptionsFn) (kmsiface.KMSAPI, error) { diff --git a/lib/cloud/mocks/aws.go b/lib/cloud/mocks/aws.go index a0230a758ff52..81246f1799fac 100644 --- a/lib/cloud/mocks/aws.go +++ b/lib/cloud/mocks/aws.go @@ -28,8 +28,6 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/request" - "github.com/aws/aws-sdk-go/service/eks" - "github.com/aws/aws-sdk-go/service/eks/eksiface" "github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/iam/iamiface" "github.com/aws/aws-sdk-go/service/sts" @@ -289,84 +287,84 @@ func (m *IAMErrorMock) PutUserPolicyWithContext(ctx aws.Context, input *iam.PutU return nil, trace.AccessDenied("unauthorized") } -// EKSMock is a mock EKS client. -type EKSMock struct { - eksiface.EKSAPI - Clusters []*eks.Cluster - AccessEntries []*eks.AccessEntry - AssociatedPolicies []*eks.AssociatedAccessPolicy - Notify chan struct{} -} - -func (e *EKSMock) DescribeClusterWithContext(_ aws.Context, req *eks.DescribeClusterInput, _ ...request.Option) (*eks.DescribeClusterOutput, error) { - defer func() { - if e.Notify != nil { - e.Notify <- struct{}{} - } - }() - for _, cluster := range e.Clusters { - if aws.StringValue(req.Name) == aws.StringValue(cluster.Name) { - return &eks.DescribeClusterOutput{Cluster: cluster}, nil - } - } - return nil, trace.NotFound("cluster %v not found", aws.StringValue(req.Name)) -} - -func (e *EKSMock) ListClustersPagesWithContext(_ aws.Context, _ *eks.ListClustersInput, f func(*eks.ListClustersOutput, bool) bool, _ ...request.Option) error { - defer func() { - if e.Notify != nil { - e.Notify <- struct{}{} - } - }() - clusters := make([]*string, 0, len(e.Clusters)) - for _, cluster := range e.Clusters { - clusters = append(clusters, cluster.Name) - } - f(&eks.ListClustersOutput{ - Clusters: clusters, - }, true) - return nil -} - -func (e *EKSMock) ListAccessEntriesPagesWithContext(_ aws.Context, _ *eks.ListAccessEntriesInput, f func(*eks.ListAccessEntriesOutput, bool) bool, _ ...request.Option) error { - defer func() { - if e.Notify != nil { - e.Notify <- struct{}{} - } - }() - accessEntries := make([]*string, 0, len(e.Clusters)) - for _, a := range e.AccessEntries { - accessEntries = append(accessEntries, a.PrincipalArn) - } - f(&eks.ListAccessEntriesOutput{ - AccessEntries: accessEntries, - }, true) - return nil -} - -func (e *EKSMock) DescribeAccessEntryWithContext(_ aws.Context, req *eks.DescribeAccessEntryInput, _ ...request.Option) (*eks.DescribeAccessEntryOutput, error) { - defer func() { - if e.Notify != nil { - e.Notify <- struct{}{} - } - }() - for _, a := range e.AccessEntries { - if aws.StringValue(req.PrincipalArn) == aws.StringValue(a.PrincipalArn) && aws.StringValue(a.ClusterName) == aws.StringValue(req.ClusterName) { - return &eks.DescribeAccessEntryOutput{AccessEntry: a}, nil - } - } - return nil, trace.NotFound("access entry %v not found", aws.StringValue(req.PrincipalArn)) -} - -func (e *EKSMock) ListAssociatedAccessPoliciesPagesWithContext(_ aws.Context, _ *eks.ListAssociatedAccessPoliciesInput, f func(*eks.ListAssociatedAccessPoliciesOutput, bool) bool, _ ...request.Option) error { - defer func() { - if e.Notify != nil { - e.Notify <- struct{}{} - } - }() - - f(&eks.ListAssociatedAccessPoliciesOutput{ - AssociatedAccessPolicies: e.AssociatedPolicies, - }, true) - return nil -} +// // EKSMock is a mock EKS client. +// type EKSMock struct { +// eksiface.EKSAPI +// Clusters []*eks.Cluster +// AccessEntries []*eks.AccessEntry +// AssociatedPolicies []*eks.AssociatedAccessPolicy +// Notify chan struct{} +// } + +// func (e *EKSMock) DescribeClusterWithContext(_ aws.Context, req *eks.DescribeClusterInput, _ ...request.Option) (*eks.DescribeClusterOutput, error) { +// defer func() { +// if e.Notify != nil { +// e.Notify <- struct{}{} +// } +// }() +// for _, cluster := range e.Clusters { +// if aws.StringValue(req.Name) == aws.StringValue(cluster.Name) { +// return &eks.DescribeClusterOutput{Cluster: cluster}, nil +// } +// } +// return nil, trace.NotFound("cluster %v not found", aws.StringValue(req.Name)) +// } + +// func (e *EKSMock) ListClustersPagesWithContext(_ aws.Context, _ *eks.ListClustersInput, f func(*eks.ListClustersOutput, bool) bool, _ ...request.Option) error { +// defer func() { +// if e.Notify != nil { +// e.Notify <- struct{}{} +// } +// }() +// clusters := make([]*string, 0, len(e.Clusters)) +// for _, cluster := range e.Clusters { +// clusters = append(clusters, cluster.Name) +// } +// f(&eks.ListClustersOutput{ +// Clusters: clusters, +// }, true) +// return nil +// } + +// func (e *EKSMock) ListAccessEntriesPagesWithContext(_ aws.Context, _ *eks.ListAccessEntriesInput, f func(*eks.ListAccessEntriesOutput, bool) bool, _ ...request.Option) error { +// defer func() { +// if e.Notify != nil { +// e.Notify <- struct{}{} +// } +// }() +// accessEntries := make([]*string, 0, len(e.Clusters)) +// for _, a := range e.AccessEntries { +// accessEntries = append(accessEntries, a.PrincipalArn) +// } +// f(&eks.ListAccessEntriesOutput{ +// AccessEntries: accessEntries, +// }, true) +// return nil +// } + +// func (e *EKSMock) DescribeAccessEntryWithContext(_ aws.Context, req *eks.DescribeAccessEntryInput, _ ...request.Option) (*eks.DescribeAccessEntryOutput, error) { +// defer func() { +// if e.Notify != nil { +// e.Notify <- struct{}{} +// } +// }() +// for _, a := range e.AccessEntries { +// if aws.StringValue(req.PrincipalArn) == aws.StringValue(a.PrincipalArn) && aws.StringValue(a.ClusterName) == aws.StringValue(req.ClusterName) { +// return &eks.DescribeAccessEntryOutput{AccessEntry: a}, nil +// } +// } +// return nil, trace.NotFound("access entry %v not found", aws.StringValue(req.PrincipalArn)) +// } + +// func (e *EKSMock) ListAssociatedAccessPoliciesPagesWithContext(_ aws.Context, _ *eks.ListAssociatedAccessPoliciesInput, f func(*eks.ListAssociatedAccessPoliciesOutput, bool) bool, _ ...request.Option) error { +// defer func() { +// if e.Notify != nil { +// e.Notify <- struct{}{} +// } +// }() + +// f(&eks.ListAssociatedAccessPoliciesOutput{ +// AssociatedAccessPolicies: e.AssociatedPolicies, +// }, true) +// return nil +// } diff --git a/lib/srv/discovery/discovery_test.go b/lib/srv/discovery/discovery_test.go index ceb7b84256ba1..37ea720c6e559 100644 --- a/lib/srv/discovery/discovery_test.go +++ b/lib/srv/discovery/discovery_test.go @@ -1538,14 +1538,14 @@ func TestDiscoveryServer_New(t *testing.T) { t.Parallel() testCases := []struct { desc string - cloudClients cloud.Clients + cloudClients fetchers.ClientGetter matchers Matchers errAssertion require.ErrorAssertionFunc discServerAssertion require.ValueAssertionFunc }{ { desc: "no matchers error", - cloudClients: &cloud.TestCloudClients{STS: &mocks.STSClientV1{}}, + cloudClients: &mockFetchersClients{}, matchers: Matchers{}, errAssertion: func(t require.TestingT, err error, i ...interface{}) { require.ErrorIs(t, err, &trace.BadParameterError{Message: "no matchers or discovery group configured for discovery"}) @@ -1554,7 +1554,7 @@ func TestDiscoveryServer_New(t *testing.T) { }, { desc: "success with EKS matcher", - cloudClients: &cloud.TestCloudClients{STS: &mocks.STSClientV1{}, EKS: &mocks.EKSMock{}}, + cloudClients: &mockFetchersClients{}, matchers: Matchers{ AWS: []types.AWSMatcher{ { @@ -1577,11 +1577,8 @@ func TestDiscoveryServer_New(t *testing.T) { }, }, { - desc: "EKS fetcher is skipped on initialization error (missing region)", - cloudClients: &cloud.TestCloudClients{ - STS: &mocks.STSClientV1{}, - EKS: &mocks.EKSMock{}, - }, + desc: "EKS fetcher is skipped on initialization error (missing region)", + cloudClients: &mockFetchersClients{}, matchers: Matchers{ AWS: []types.AWSMatcher{ { @@ -1622,7 +1619,7 @@ func TestDiscoveryServer_New(t *testing.T) { discServer, err := New( ctx, &Config{ - CloudClients: tt.cloudClients, + FetchersClients: tt.cloudClients, ClusterFeatures: func() proto.Features { return proto.Features{} }, AccessPoint: newFakeAccessPoint(), Matchers: tt.matchers,