Skip to content

Commit

Permalink
Adding cluster-arn validation to klusterlet CRD (#347)
Browse files Browse the repository at this point in the history
Signed-off-by: Erica Jin <132393634+EricaJ6@users.noreply.github.com>
  • Loading branch information
jaswalkiranavtar authored Nov 26, 2024
1 parent cb7ce98 commit d07397a
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -204,10 +204,12 @@ spec:
description: 'The arn of the hub cluster (ie: an EKS cluster). This will be required to pass information to hub, which hub will use to create IAM identities for this klusterlet. Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.'
type: string
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
managedClusterArn:
description: 'The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup. Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.'
type: string
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
registrationImagePullSpec:
description: RegistrationImagePullSpec represents the desired image configuration of registration agent. quay.io/open-cluster-management.io/registration:latest will be used if unspecified.
type: string
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -312,13 +312,15 @@ spec:
The arn of the hub cluster (ie: an EKS cluster). This will be required to pass information to hub, which hub will use to create IAM identities for this klusterlet.
Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
type: string
managedClusterArn:
description: |-
The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub
as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup.
Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
type: string
type: object
type: object
Expand Down
2 changes: 2 additions & 0 deletions operator/v1/types_klusterlet.go
Original file line number Diff line number Diff line change
Expand Up @@ -195,12 +195,14 @@ type AwsIrsa struct {
// Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.
// +required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$`
HubClusterArn string `json:"hubClusterArn"`
// The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub
// as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup.
// Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.
// +required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$`
ManagedClusterArn string `json:"managedClusterArn"`
}

Expand Down
32 changes: 32 additions & 0 deletions test/integration/api/klusterlet_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,38 @@ var _ = Describe("Create Klusterlet API", func() {
Expect(err).NotTo(BeNil())
})
})

Context("Create with aws auth and invalid arn", func() {
It("should reject the klusterlet creation", func() {
klusterlet.Spec.RegistrationConfiguration = &operatorv1.RegistrationConfiguration{
RegistrationDriver: operatorv1.RegistrationDriver{
AuthType: "awsirsa",
AwsIrsa: &operatorv1.AwsIrsa{
ManagedClusterArn: "arn:aws:bks:us-west-2:123456789012:cluster/managed-cluster1",
HubClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1",
},
},
}
_, err := operatorClient.OperatorV1().Klusterlets().Create(context.TODO(), klusterlet, metav1.CreateOptions{})
Expect(err).NotTo(BeNil())
})
})

Context("Create with aws auth and valid arn", func() {
It("should create successfully", func() {
klusterlet.Spec.RegistrationConfiguration = &operatorv1.RegistrationConfiguration{
RegistrationDriver: operatorv1.RegistrationDriver{
AuthType: "awsirsa",
AwsIrsa: &operatorv1.AwsIrsa{
ManagedClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/managed-cluster1",
HubClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1",
},
},
}
_, err := operatorClient.OperatorV1().Klusterlets().Create(context.TODO(), klusterlet, metav1.CreateOptions{})
Expect(err).To(BeNil())
})
})
})

var _ = Describe("valid HubApiServerHostAlias", func() {
Expand Down

0 comments on commit d07397a

Please sign in to comment.