diff --git a/controllers/awsmachinepool_controller.go b/controllers/awsmachinepool_controller.go index 03a22587..1f498b19 100644 --- a/controllers/awsmachinepool_controller.go +++ b/controllers/awsmachinepool_controller.go @@ -96,14 +96,12 @@ func (r *AWSMachinePoolReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{}, errors.WithStack(err) } - mainRoleName := awsMachinePool.Spec.AWSLaunchTemplate.IamInstanceProfile - var iamService *iam.IAMService { c := iam.IAMServiceConfig{ AWSSession: awsClientSession, ClusterName: clusterName, - MainRoleName: mainRoleName, + MainRoleName: awsMachinePool.Spec.AWSLaunchTemplate.IamInstanceProfile, Log: logger, RoleType: iam.NodesRole, Region: awsCluster.Spec.Region, @@ -117,96 +115,64 @@ func (r *AWSMachinePoolReconciler) Reconcile(ctx context.Context, req ctrl.Reque } if awsMachinePool.DeletionTimestamp != nil { - roleUsed, err := isRoleUsedElsewhere(ctx, r.Client, mainRoleName) + return r.reconcileDelete(ctx, awsMachinePool, iamService, logger) + } + return r.reconcileNormal(ctx, awsMachinePool, iamService, logger) +} + +func (r *AWSMachinePoolReconciler) reconcileDelete(ctx context.Context, awsMachinePool *expcapa.AWSMachinePool, iamService *iam.IAMService, logger logr.Logger) (ctrl.Result, error) { + roleUsed, err := isRoleUsedElsewhere(ctx, r.Client, awsMachinePool.Spec.AWSLaunchTemplate.IamInstanceProfile) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) + } + + if !roleUsed { + err = iamService.DeleteRole() if err != nil { return ctrl.Result{}, errors.WithStack(err) } + } - if !roleUsed { - err = iamService.DeleteRole() - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } + // remove finalizer from AWSMachinePool + if controllerutil.ContainsFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) { + patchHelper, err := patch.NewHelper(awsMachinePool, r.Client) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) } - - // remove finalizer from AWSCluster - { - awsCluster, err := key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachinePool.GetNamespace()) - if err != nil { - logger.Error(err, "failed to get awsCluster") - return ctrl.Result{}, errors.WithStack(err) - } - if controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.NodesRole)) { - patchHelper, err := patch.NewHelper(awsCluster, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.RemoveFinalizer(awsCluster, key.FinalizerName(iam.NodesRole)) - err = patchHelper.Patch(ctx, awsCluster) - if err != nil { - logger.Error(err, "failed to remove finalizer on AWSCluster") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully removed finalizer from AWSCluster", "finalizer_name", iam.NodesRole) - } + controllerutil.RemoveFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) + err = patchHelper.Patch(ctx, awsMachinePool) + if err != nil { + logger.Error(err, "failed to remove finalizer from AWSMachinePool") + return ctrl.Result{}, errors.WithStack(err) } + logger.Info("successfully removed finalizer from AWSMachinePool", "finalizer_name", iam.NodesRole) + } - // remove finalizer from AWSMachinePool - if controllerutil.ContainsFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) { - patchHelper, err := patch.NewHelper(awsMachinePool, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.RemoveFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) - err = patchHelper.Patch(ctx, awsMachinePool) - if err != nil { - logger.Error(err, "failed to remove finalizer from AWSMachinePool") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully removed finalizer from AWSMachinePool", "finalizer_name", iam.NodesRole) - } - } else { - // add finalizer to AWSMachinePool - if !controllerutil.ContainsFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) { - patchHelper, err := patch.NewHelper(awsMachinePool, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.AddFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) - err = patchHelper.Patch(ctx, awsMachinePool) - if err != nil { - logger.Error(err, "failed to add finalizer on AWSMachinePool") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully added finalizer to AWSMachinePool", "finalizer_name", iam.NodesRole) - } + return ctrl.Result{ + Requeue: true, + RequeueAfter: time.Minute * 5, + }, nil +} - // add finalizer to AWSCluster - { - awsCluster, err := key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachinePool.GetNamespace()) - if err != nil { - logger.Error(err, "failed to get awsCluster") - return ctrl.Result{}, errors.WithStack(err) - } - if !controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.NodesRole)) { - patchHelper, err := patch.NewHelper(awsCluster, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.AddFinalizer(awsCluster, key.FinalizerName(iam.NodesRole)) - err = patchHelper.Patch(ctx, awsCluster) - if err != nil { - logger.Error(err, "failed to add finalizer on AWSCluster") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully added finalizer to AWSCluster", "finalizer_name", iam.NodesRole) - } +func (r *AWSMachinePoolReconciler) reconcileNormal(ctx context.Context, awsMachinePool *expcapa.AWSMachinePool, iamService *iam.IAMService, logger logr.Logger) (ctrl.Result, error) { + // add finalizer to AWSMachinePool + if !controllerutil.ContainsFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) { + patchHelper, err := patch.NewHelper(awsMachinePool, r.Client) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) } - - err = iamService.ReconcileRole() + controllerutil.AddFinalizer(awsMachinePool, key.FinalizerName(iam.NodesRole)) + err = patchHelper.Patch(ctx, awsMachinePool) if err != nil { + logger.Error(err, "failed to add finalizer on AWSMachinePool") return ctrl.Result{}, errors.WithStack(err) } + logger.Info("successfully added finalizer to AWSMachinePool", "finalizer_name", iam.NodesRole) + } + + err := iamService.ReconcileRole() + if err != nil { + return ctrl.Result{}, errors.WithStack(err) } return ctrl.Result{ diff --git a/controllers/awsmachinetemplate_controller.go b/controllers/awsmachinetemplate_controller.go index 97d7bb39..73e0967e 100644 --- a/controllers/awsmachinetemplate_controller.go +++ b/controllers/awsmachinetemplate_controller.go @@ -115,14 +115,12 @@ func (r *AWSMachineTemplateReconciler) Reconcile(ctx context.Context, req ctrl.R return ctrl.Result{}, err } - mainRoleName := awsMachineTemplate.Spec.Template.Spec.IAMInstanceProfile - var iamService *iam.IAMService { c := iam.IAMServiceConfig{ AWSSession: awsClientSession, ClusterName: clusterName, - MainRoleName: mainRoleName, + MainRoleName: awsMachineTemplate.Spec.Template.Spec.IAMInstanceProfile, Log: logger, RoleType: role, Region: awsCluster.Spec.Region, @@ -136,201 +134,217 @@ func (r *AWSMachineTemplateReconciler) Reconcile(ctx context.Context, req ctrl.R } if awsMachineTemplate.DeletionTimestamp != nil { - roleUsed, err := isRoleUsedElsewhere(ctx, r.Client, mainRoleName) - if err != nil { - return ctrl.Result{}, err - } + return r.reconcileDelete(ctx, iamService, awsMachineTemplate, logger, clusterName, req.Namespace, role) + } + return r.reconcileNormal(ctx, iamService, awsMachineTemplate, logger, clusterName, req.Namespace, role) - if !roleUsed { - err = iamService.DeleteRole() - if err != nil { - return ctrl.Result{}, err - } - if role == iam.ControlPlaneRole { - if r.EnableKiamRole { - err = iamService.DeleteKiamRole() - if err != nil { - return ctrl.Result{}, err - } - } +} - if r.EnableRoute53Role { - err = iamService.DeleteRoute53Role() - if err != nil { - return ctrl.Result{}, err - } - } - } - } - // remove finalizer from AWSCluster - { - awsCluster, err := key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachineTemplate.GetNamespace()) - if err != nil { - logger.Error(err, "failed to get awsCluster") - return ctrl.Result{}, err - } +func (r *AWSMachineTemplateReconciler) reconcileDelete(ctx context.Context, iamService *iam.IAMService, awsMachineTemplate *capa.AWSMachineTemplate, logger logr.Logger, clusterName, namespace, role string) (ctrl.Result, error) { + roleUsed, err := isRoleUsedElsewhere(ctx, r.Client, awsMachineTemplate.Spec.Template.Spec.IAMInstanceProfile) + if err != nil { + return ctrl.Result{}, err + } - if controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(awsCluster, r.Client) + if !roleUsed { + err = iamService.DeleteRole() + if err != nil { + return ctrl.Result{}, err + } + if role == iam.ControlPlaneRole { + if r.EnableKiamRole { + err = iamService.DeleteKiamRole() if err != nil { return ctrl.Result{}, err } - controllerutil.RemoveFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, awsCluster) + } + + if r.EnableRoute53Role { + err = iamService.DeleteRoute53Role() if err != nil { - logger.Error(err, "failed to remove finalizer on AWSCluster") return ctrl.Result{}, err } - logger.Info("successfully removed finalizer from AWSCluster", "finalizer_name", iam.ControlPlaneRole) } } + } + // remove finalizer from AWSCluster + { + awsCluster, err := key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachineTemplate.GetNamespace()) + if err != nil { + logger.Error(err, "failed to get awsCluster") + return ctrl.Result{}, err + } - // remove finalizer from AWSMachineTemplate - if controllerutil.ContainsFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(awsMachineTemplate, r.Client) + if controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(awsCluster, r.Client) if err != nil { - return ctrl.Result{}, errors.WithStack(err) + return ctrl.Result{}, err } - controllerutil.RemoveFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, awsMachineTemplate) + controllerutil.RemoveFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, awsCluster) if err != nil { - logger.Error(err, "failed to remove finalizer from AWSMachineTemplate") - return ctrl.Result{}, errors.WithStack(err) + logger.Error(err, "failed to remove finalizer on AWSCluster") + return ctrl.Result{}, err } - logger.Info("successfully removed finalizer from AWSMachineTemplate", "finalizer_name", iam.ControlPlaneRole) + logger.Info("successfully removed finalizer from AWSCluster", "finalizer_name", iam.ControlPlaneRole) } + } - cm := &corev1.ConfigMap{} - err = r.Get( - ctx, - types.NamespacedName{ - Namespace: req.NamespacedName.Namespace, - Name: fmt.Sprintf("%s-%s", clusterName, "cluster-values"), - }, - cm) + // remove finalizer from AWSMachineTemplate + if controllerutil.ContainsFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(awsMachineTemplate, r.Client) if err != nil { - logger.Error(err, "Failed to get the cluster-values configmap for cluster") return ctrl.Result{}, errors.WithStack(err) } + controllerutil.RemoveFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, awsMachineTemplate) + if err != nil { + logger.Error(err, "failed to remove finalizer from AWSMachineTemplate") + return ctrl.Result{}, errors.WithStack(err) + } + logger.Info("successfully removed finalizer from AWSMachineTemplate", "finalizer_name", iam.ControlPlaneRole) + } - if controllerutil.ContainsFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(cm, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.RemoveFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, cm) - if err != nil { - logger.Error(err, "failed to remove finalizer from configmap") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully removed finalizer from configmap", "finalizer_name", iam.ControlPlaneRole) + cm := &corev1.ConfigMap{} + err = r.Get( + ctx, + types.NamespacedName{ + Namespace: namespace, + Name: fmt.Sprintf("%s-%s", clusterName, "cluster-values"), + }, + cm) + if err != nil { + logger.Error(err, "Failed to get the cluster-values configmap for cluster") + return ctrl.Result{}, errors.WithStack(err) + } + + if controllerutil.ContainsFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(cm, r.Client) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) } - } else { - // add finalizer to AWSMachineTemplate - if !controllerutil.ContainsFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(awsMachineTemplate, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.AddFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, awsMachineTemplate) + controllerutil.RemoveFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, cm) + if err != nil { + logger.Error(err, "failed to remove finalizer from configmap") + return ctrl.Result{}, errors.WithStack(err) + } + logger.Info("successfully removed finalizer from configmap", "finalizer_name", iam.ControlPlaneRole) + } + + return ctrl.Result{ + Requeue: true, + RequeueAfter: time.Minute * 5, + }, nil +} + +func (r *AWSMachineTemplateReconciler) reconcileNormal(ctx context.Context, iamService *iam.IAMService, awsMachineTemplate *capa.AWSMachineTemplate, logger logr.Logger, clusterName, namespace, role string) (ctrl.Result, error) { + // add finalizer to AWSMachineTemplate + if !controllerutil.ContainsFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(awsMachineTemplate, r.Client) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) + } + controllerutil.AddFinalizer(awsMachineTemplate, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, awsMachineTemplate) + if err != nil { + logger.Error(err, "failed to add finalizer on AWSMachineTemplate") + return ctrl.Result{}, errors.WithStack(err) + } + logger.Info("successfully added finalizer to AWSMachineTemplate", "finalizer_name", iam.ControlPlaneRole) + } + var awsCluster *capa.AWSCluster + var err error + // add finalizer to AWSCluster + { + awsCluster, err = key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachineTemplate.GetNamespace()) + if err != nil { + logger.Error(err, "failed to get awsCluster") + return ctrl.Result{}, errors.WithStack(err) + } + if !controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(awsCluster, r.Client) if err != nil { - logger.Error(err, "failed to add finalizer on AWSMachineTemplate") return ctrl.Result{}, errors.WithStack(err) } - logger.Info("successfully added finalizer to AWSMachineTemplate", "finalizer_name", iam.ControlPlaneRole) - } - var awsCluster *capa.AWSCluster - // add finalizer to AWSCluster - { - awsCluster, err = key.GetAWSClusterByName(ctx, r.Client, clusterName, awsMachineTemplate.GetNamespace()) + controllerutil.AddFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, awsCluster) if err != nil { - logger.Error(err, "failed to get awsCluster") + logger.Error(err, "failed to add finalizer on AWSCluster") return ctrl.Result{}, errors.WithStack(err) } - if !controllerutil.ContainsFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(awsCluster, r.Client) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } - controllerutil.AddFinalizer(awsCluster, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, awsCluster) - if err != nil { - logger.Error(err, "failed to add finalizer on AWSCluster") - return ctrl.Result{}, errors.WithStack(err) - } - logger.Info("successfully added finalizer to AWSCluster", "finalizer_name", iam.ControlPlaneRole) - } + logger.Info("successfully added finalizer to AWSCluster", "finalizer_name", iam.ControlPlaneRole) } + } - cm := &corev1.ConfigMap{} - err = r.Get( - ctx, - types.NamespacedName{ - Namespace: req.NamespacedName.Namespace, - Name: fmt.Sprintf("%s-%s", clusterName, "cluster-values"), - }, - cm) + cm := &corev1.ConfigMap{} + err = r.Get( + ctx, + types.NamespacedName{ + Namespace: namespace, + Name: fmt.Sprintf("%s-%s", clusterName, "cluster-values"), + }, + cm) + if err != nil { + logger.Error(err, "Failed to get the cluster-values configmap for cluster") + return ctrl.Result{}, errors.WithStack(err) + } + + if controllerutil.ContainsFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) { + patchHelper, err := patch.NewHelper(cm, r.Client) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) + } + controllerutil.RemoveFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) + err = patchHelper.Patch(ctx, cm) if err != nil { - logger.Error(err, "Failed to get the cluster-values configmap for cluster") + logger.Error(err, "failed to remove finalizer from configmap") return ctrl.Result{}, errors.WithStack(err) } + logger.Info("successfully removed finalizer from configmap", "finalizer_name", iam.ControlPlaneRole) + } - if controllerutil.ContainsFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) { - patchHelper, err := patch.NewHelper(cm, r.Client) + err = iamService.ReconcileRole() + if err != nil { + return ctrl.Result{}, err + } + if role == iam.ControlPlaneRole { + if r.EnableKiamRole { + err = iamService.ReconcileKiamRole() if err != nil { + // IAM role for control plane may have been created already, but not known to IAM yet + // (returns `MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::[...]:role/control-plane-[...]"`). + // That will succeed after requeueing. return ctrl.Result{}, errors.WithStack(err) } - controllerutil.RemoveFinalizer(cm, key.FinalizerName(iam.ControlPlaneRole)) - err = patchHelper.Patch(ctx, cm) + } + // route53 role depends on KIAM role + if r.EnableKiamRole && r.EnableRoute53Role { + logger.Info("reconciling IRSA roles") + identityRefName := awsCluster.Spec.IdentityRef.Name + awsClusterRoleIdentity, err := key.GetAWSClusterRoleIdentity(ctx, r.Client, identityRefName) if err != nil { - logger.Error(err, "failed to remove finalizer from configmap") + logger.Error(err, "could not get AWSClusterRoleIdentity") return ctrl.Result{}, errors.WithStack(err) } - logger.Info("successfully removed finalizer from configmap", "finalizer_name", iam.ControlPlaneRole) - } - err = iamService.ReconcileRole() - if err != nil { - return ctrl.Result{}, err - } - if role == iam.ControlPlaneRole { - if r.EnableKiamRole { - err = iamService.ReconcileKiamRole() - if err != nil { - // IAM role for control plane may have been created already, but not known to IAM yet - // (returns `MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::[...]:role/control-plane-[...]"`). - // That will succeed after requeueing. - return ctrl.Result{}, errors.WithStack(err) - } + accountID, err := key.GetAWSAccountID(awsClusterRoleIdentity) + if err != nil { + logger.Error(err, "Could not get account ID") + return ctrl.Result{}, errors.WithStack(err) } - // route53 role depends on KIAM role - if r.EnableKiamRole && r.EnableRoute53Role { - awsClusterRoleIdentity, err := key.GetAWSClusterRoleIdentity(ctx, r.Client, awsCluster.Spec.IdentityRef.Name) - if err != nil { - logger.Error(err, "could not get AWSClusterRoleIdentity") - return ctrl.Result{}, errors.WithStack(err) - } - - accountID, err := getAWSAccountID(awsClusterRoleIdentity) - if err != nil { - logger.Error(err, "Could not get account ID") - return ctrl.Result{}, errors.WithStack(err) - } - baseDomain, err := key.GetBaseDomain(ctx, r.Client, clusterName, req.Namespace) - if err != nil { - logger.Error(err, "Could not get base domain") - return ctrl.Result{}, errors.WithStack(err) - } + baseDomain, err := key.GetBaseDomain(ctx, r.Client, clusterName, namespace) + if err != nil { + logger.Error(err, "Could not get base domain") + return ctrl.Result{}, errors.WithStack(err) + } - cloudFrontDomain := key.CloudFrontAlias(baseDomain) + cloudFrontDomain := key.CloudFrontAlias(baseDomain) - err = iamService.ReconcileRolesForIRSA(accountID, cloudFrontDomain) - if err != nil { - return ctrl.Result{}, errors.WithStack(err) - } + err = iamService.ReconcileRolesForIRSA(accountID, cloudFrontDomain) + if err != nil { + return ctrl.Result{}, errors.WithStack(err) } } } diff --git a/controllers/awsmanagedcontrolplane_controller.go b/controllers/awsmanagedcontrolplane_controller.go index a49cf80e..1977e8a7 100644 --- a/controllers/awsmanagedcontrolplane_controller.go +++ b/controllers/awsmanagedcontrolplane_controller.go @@ -136,7 +136,7 @@ func (r *AWSManagedControlPlaneReconciler) Reconcile(ctx context.Context, req ct logger.Info("successfully added finalizer to AWSManagedControlPlane", "finalizer_name", iam.IRSARole) } - accountID, err := getAWSAccountID(awsClusterRoleIdentity) + accountID, err := key.GetAWSAccountID(awsClusterRoleIdentity) if err != nil { logger.Error(err, "Could not get account ID") return ctrl.Result{}, microerror.Mask(err) diff --git a/controllers/common_test.go b/controllers/common_test.go index f660b349..3c5dabfc 100644 --- a/controllers/common_test.go +++ b/controllers/common_test.go @@ -8,8 +8,6 @@ type RoleInfo struct { ReturnRoleArn string } -const irsaRoleName = "irsa-role-test-cluster-policy" - var certManagerRoleInfo = RoleInfo{ ExpectedName: "test-cluster-CertManager-Role", diff --git a/main.go b/main.go index d71c6ede..edfa5515 100644 --- a/main.go +++ b/main.go @@ -142,28 +142,6 @@ func main() { os.Exit(1) } - if enableIRSARole { - setupLog.Info("IRSA is enabled") - - awsClientAWSCluster, err := awsclient.New(awsclient.AWSClientConfig{ - CtrlClient: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Secrets"), - }) - if err != nil { - setupLog.Error(err, "unable to create aws client for controller", "controller", "Secrets") - os.Exit(1) - } - if err = (&controllers.AWSClusterReconciler{ - Client: mgr.GetClient(), - Log: ctrl.Log.WithName("controllers").WithName("Secrets"), - AWSClient: awsClientAWSCluster, - IAMClientFactory: iamClientFactory, - }).SetupWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create controller", "controller", "Secret") - os.Exit(1) - } - } - if err = (&controllers.AWSManagedControlPlaneReconciler{ Client: mgr.GetClient(), Log: ctrl.Log.WithName("controllers").WithName("AWSManagedControlPlane"), diff --git a/pkg/key/key.go b/pkg/key/key.go index f916e533..ef46fe6b 100644 --- a/pkg/key/key.go +++ b/pkg/key/key.go @@ -3,6 +3,8 @@ package key import ( "context" "fmt" + "regexp" + "strings" corev1 "k8s.io/api/core/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -147,3 +149,21 @@ func GetBaseDomain(ctx context.Context, ctrlClient client.Client, clusterName, n return baseDomain, nil } + +func GetAWSAccountID(awsClusterRoleIdentity *capa.AWSClusterRoleIdentity) (string, error) { + arn := awsClusterRoleIdentity.Spec.RoleArn + if arn == "" || len(strings.TrimSpace(arn)) < 1 { + err := fmt.Errorf("unable to extract ARN from AWSClusterRoleIdentity %s", awsClusterRoleIdentity.Name) + return "", err + } + + re := regexp.MustCompile(`[-]?\d[\d,]*[\.]?[\d{2}]*`) + accountID := re.FindAllString(arn, 1)[0] + + if accountID == "" || len(strings.TrimSpace(accountID)) < 1 { + err := fmt.Errorf("unable to extract AWS account ID from ARN %s", arn) + return "", err + } + + return accountID, nil +}