Skip to content

Commit

Permalink
add unit tests
Browse files Browse the repository at this point in the history
  • Loading branch information
TiberiuGC committed Apr 25, 2024
1 parent 34a9255 commit d02d66e
Show file tree
Hide file tree
Showing 6 changed files with 487 additions and 77 deletions.
120 changes: 120 additions & 0 deletions pkg/actions/accessentry/fakes/fake_getter.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 6 additions & 0 deletions pkg/actions/accessentry/getter.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,12 @@ import (
"github.com/weaveworks/eksctl/pkg/awsapi"
)

//go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 -generate
//counterfeiter:generate -o fakes/fake_getter.go . GetterInterface
type GetterInterface interface {
Get(ctx context.Context, principalARN api.ARN) ([]Summary, error)
}

type Getter struct {
clusterName string
eksAPI awsapi.EKS
Expand Down
39 changes: 16 additions & 23 deletions pkg/actions/accessentry/migrator.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ type Migrator struct {
eksAPI awsapi.EKS
iamAPI awsapi.IAM
clientSet kubernetes.Interface
aeCreator Creator
aeCreator CreatorInterface
aeGetter GetterInterface
curAuthMode ekstypes.AuthenticationMode
tgAuthMode ekstypes.AuthenticationMode
}
Expand All @@ -45,7 +46,8 @@ func NewMigrator(
eksAPI awsapi.EKS,
iamAPI awsapi.IAM,
clientSet kubernetes.Interface,
aeCreator Creator,
aeCreator CreatorInterface,
aeGetter GetterInterface,
curAuthMode ekstypes.AuthenticationMode,
tgAuthMode ekstypes.AuthenticationMode,
) *Migrator {
Expand All @@ -55,6 +57,7 @@ func NewMigrator(
iamAPI: iamAPI,
clientSet: clientSet,
aeCreator: aeCreator,
aeGetter: aeGetter,
curAuthMode: curAuthMode,
tgAuthMode: tgAuthMode,
}
Expand Down Expand Up @@ -84,21 +87,17 @@ func (m *Migrator) MigrateToAccessEntry(ctx context.Context, options MigrationOp
})
}

cmEntries, err := m.doGetIAMIdentityMappings(ctx)
if err != nil {
return err
}

curAccessEntries, err := m.doGetAccessEntries(ctx)
curAccessEntries, err := m.aeGetter.Get(ctx, api.ARN{})
if err != nil && m.curAuthMode != ekstypes.AuthenticationModeConfigMap {
return err
return fmt.Errorf("fetching existing access entries: %w", err)
}

newAccessEntries, skipAPImode, err := doFilterAccessEntries(cmEntries, curAccessEntries)
cmEntries, err := m.doGetIAMIdentityMappings(ctx)
if err != nil {
return err
}

newAccessEntries, skipAPImode := doFilterAccessEntries(cmEntries, curAccessEntries)
if len(newAccessEntries) > 0 {
aeTasks := m.aeCreator.CreateTasks(ctx, newAccessEntries)
aeTasks.IsSubTask = true
Expand Down Expand Up @@ -162,11 +161,6 @@ func (m *Migrator) doUpdateAuthenticationMode(ctx context.Context, authMode ekst
}
}

func (m *Migrator) doGetAccessEntries(ctx context.Context) ([]Summary, error) {
aeGetter := NewGetter(m.clusterName, m.eksAPI)
return aeGetter.Get(ctx, api.ARN{})
}

func (m *Migrator) doGetIAMIdentityMappings(ctx context.Context) ([]iam.Identity, error) {
acm, err := authconfigmap.NewFromClientSet(m.clientSet)
if err != nil {
Expand Down Expand Up @@ -197,7 +191,7 @@ func (m *Migrator) doGetIAMIdentityMappings(ctx context.Context) ([]iam.Identity
getRoleOutput, err := m.iamAPI.GetRole(ctx, &awsiam.GetRoleInput{RoleName: &cmeName})
if err != nil {
if errors.As(err, &noSuchEntity) {
return nil, fmt.Errorf("role %s does not exists, either delete the iamidentitymapping using \"eksctl delete iamidentitymapping --cluster %s --arn %s\" or create the role in AWS", cmeName, m.clusterName, cme.ARN())
return nil, fmt.Errorf("role %q does not exists, either delete the iamidentitymapping using \"eksctl delete iamidentitymapping --cluster %s --arn %s\" or create the role in AWS", cmeName, m.clusterName, cme.ARN())
}
return nil, err
}
Expand All @@ -218,7 +212,7 @@ func (m *Migrator) doGetIAMIdentityMappings(ctx context.Context) ([]iam.Identity
getUserOutput, err := m.iamAPI.GetUser(ctx, &awsiam.GetUserInput{UserName: &cmeName})
if err != nil {
if errors.As(err, &noSuchEntity) {
return nil, fmt.Errorf("user \"%s\" does not exists, either delete the iamidentitymapping using \"eksctl delete iamidentitymapping --cluster %s --arn %s\" or create the user in AWS", cmeName, m.clusterName, cme.ARN())
return nil, fmt.Errorf("user %q does not exists, either delete the iamidentitymapping using \"eksctl delete iamidentitymapping --cluster %s --arn %s\" or create the user in AWS", cmeName, m.clusterName, cme.ARN())
}
return nil, err
}
Expand All @@ -231,7 +225,7 @@ func (m *Migrator) doGetIAMIdentityMappings(ctx context.Context) ([]iam.Identity
return cmEntries, nil
}

func doFilterAccessEntries(cmEntries []iam.Identity, accessEntries []Summary) ([]api.AccessEntry, bool, error) {
func doFilterAccessEntries(cmEntries []iam.Identity, accessEntries []Summary) ([]api.AccessEntry, bool) {

skipAPImode := false
var toDoEntries []api.AccessEntry
Expand Down Expand Up @@ -268,7 +262,7 @@ func doFilterAccessEntries(cmEntries []iam.Identity, accessEntries []Summary) ([
skipAPImode = true
}
case iam.ResourceTypeAccount:
logger.Warning("found account iamidentitymapping \"%s\", can not create access entry", cme.Account())
logger.Warning("found account iamidentitymapping %q, cannot create access entry, skipping", cme.Account())
skipAPImode = true
}
} else {
Expand All @@ -277,7 +271,7 @@ func doFilterAccessEntries(cmEntries []iam.Identity, accessEntries []Summary) ([
}
}

return toDoEntries, skipAPImode, nil
return toDoEntries, skipAPImode
}

func doBuildNodeRoleAccessEntry(cme iam.Identity) *api.AccessEntry {
Expand All @@ -295,7 +289,7 @@ func doBuildNodeRoleAccessEntry(cme iam.Identity) *api.AccessEntry {
Type: "EC2_LINUX",
}
}
// For windows Nodes
// For Windows Nodes
return &api.AccessEntry{
PrincipalARN: api.MustParseARN(cme.ARN()),
Type: "EC2_WINDOWS",
Expand Down Expand Up @@ -327,7 +321,7 @@ func doBuildAccessEntry(cme iam.Identity) *api.AccessEntry {
}

if containsSys { // Check if any GroupName start with "system:"" in name
logger.Warning("at least one group name associated with %s starts with \"system:\", can not create access entry, skipping", cme.ARN())
logger.Warning("at least one group name associated with %q starts with \"system:\", can not create access entry, skipping", cme.ARN())
return nil
}

Expand All @@ -343,5 +337,4 @@ func doBuildAccessEntry(cme iam.Identity) *api.AccessEntry {
func doDeleteAWSAuthConfigMap(ctx context.Context, clientset kubernetes.Interface, namespace, name string) error {
logger.Info("deleting %q ConfigMap as it is no longer needed in API mode", name)
return clientset.CoreV1().ConfigMaps(namespace).Delete(ctx, name, metav1.DeleteOptions{})

}
Loading

0 comments on commit d02d66e

Please sign in to comment.