From cef55d2ee921fa2b5c5ddf5307feaf9ed4e40c8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Kesser?= Date: Fri, 12 Aug 2022 09:36:36 +0200 Subject: [PATCH 1/4] feat: Added test for secretEncryption in update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Kesser --- pkg/clients/eks/eks.go | 35 ++++++++++++++++++++++++++--------- pkg/controller/eks/cluster.go | 7 +++++++ 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go index 0c7b939b82..bcf4777f55 100644 --- a/pkg/clients/eks/eks.go +++ b/pkg/clients/eks/eks.go @@ -60,6 +60,7 @@ type Client interface { TagResource(ctx context.Context, input *eks.TagResourceInput, opts ...func(*eks.Options)) (*eks.TagResourceOutput, error) UntagResource(ctx context.Context, input *eks.UntagResourceInput, opts ...func(*eks.Options)) (*eks.UntagResourceOutput, error) UpdateClusterVersion(ctx context.Context, input *eks.UpdateClusterVersionInput, opts ...func(*eks.Options)) (*eks.UpdateClusterVersionOutput, error) + AssociateEncryptionConfig(ctx context.Context, params *eks.AssociateEncryptionConfigInput, optFns ...func(*eks.Options)) (*eks.AssociateEncryptionConfigOutput, error) DescribeNodegroup(ctx context.Context, input *eks.DescribeNodegroupInput, opts ...func(*eks.Options)) (*eks.DescribeNodegroupOutput, error) CreateNodegroup(ctx context.Context, input *eks.CreateNodegroupInput, opts ...func(*eks.Options)) (*eks.CreateNodegroupOutput, error) @@ -118,15 +119,16 @@ func GenerateCreateClusterInput(name string, p *v1beta1.ClusterParameters) *eks. } if len(p.EncryptionConfig) > 0 { - c.EncryptionConfig = make([]ekstypes.EncryptionConfig, len(p.EncryptionConfig)) - for i, conf := range p.EncryptionConfig { - c.EncryptionConfig[i] = ekstypes.EncryptionConfig{ - Provider: &ekstypes.Provider{ - KeyArn: awsclients.String(conf.Provider.KeyArn), - }, - Resources: conf.Resources, - } - } + // c.EncryptionConfig = make([]ekstypes.EncryptionConfig, len(p.EncryptionConfig)) + // for i, conf := range p.EncryptionConfig { + // c.EncryptionConfig[i] = ekstypes.EncryptionConfig{ + // Provider: &ekstypes.Provider{ + // KeyArn: awsclients.String(conf.Provider.KeyArn), + // }, + // Resources: conf.Resources, + // } + // } + c.EncryptionConfig = GenerateEncryptionConfig(p) } c.ResourcesVpcConfig = &ekstypes.VpcConfigRequest{ @@ -158,6 +160,21 @@ func GenerateCreateClusterInput(name string, p *v1beta1.ClusterParameters) *eks. return c } +func GenerateEncryptionConfig(parameters *v1beta1.ClusterParameters) []ekstypes.EncryptionConfig { + encryptionConfig := make([]ekstypes.EncryptionConfig, len(parameters.EncryptionConfig)) + if len(parameters.EncryptionConfig) > 0 { + for i, conf := range parameters.EncryptionConfig { + encryptionConfig[i] = ekstypes.EncryptionConfig{ + Provider: &ekstypes.Provider{ + KeyArn: awsclients.String(conf.Provider.KeyArn), + }, + Resources: conf.Resources, + } + } + } + return encryptionConfig +} + // CreatePatch creates a *v1beta1.ClusterParameters that has only the changed // values between the target *v1beta1.ClusterParameters and the current // *ekstypes.Cluster. diff --git a/pkg/controller/eks/cluster.go b/pkg/controller/eks/cluster.go index 44c8c76c67..9bdd254c70 100644 --- a/pkg/controller/eks/cluster.go +++ b/pkg/controller/eks/cluster.go @@ -189,6 +189,13 @@ func (e *external) Update(ctx context.Context, mg resource.Managed) (managed.Ext if err != nil { return managed.ExternalUpdate{}, awsclient.Wrap(err, errPatchCreationFailed) } + if patch.EncryptionConfig != nil { + _, err := e.client.AssociateEncryptionConfig(ctx, &awseks.AssociateEncryptionConfigInput{ + ClusterName: awsclient.String(meta.GetExternalName(cr)), + EncryptionConfig: eks.GenerateEncryptionConfig(&cr.Spec.ForProvider), + }) + return managed.ExternalUpdate{}, awsclient.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateVersionFailed) + } if patch.Version != nil { _, err := e.client.UpdateClusterVersion(ctx, &awseks.UpdateClusterVersionInput{Name: awsclient.String(meta.GetExternalName(cr)), Version: patch.Version}) return managed.ExternalUpdate{}, awsclient.Wrap(resource.Ignore(eks.IsErrorInUse, err), errUpdateVersionFailed) From d8754a4234418fef05fe5cb72d6d1974b1197600 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Kesser?= Date: Fri, 12 Aug 2022 12:55:20 +0200 Subject: [PATCH 2/4] feat: Updated mock files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Kesser --- pkg/clients/eks/fake/fake.go | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/pkg/clients/eks/fake/fake.go b/pkg/clients/eks/fake/fake.go index 3891a2c656..657aa71019 100644 --- a/pkg/clients/eks/fake/fake.go +++ b/pkg/clients/eks/fake/fake.go @@ -26,13 +26,14 @@ import ( // MockClient is a fake implementation of eks.Client. type MockClient struct { - MockCreateCluster func(ctx context.Context, input *eks.CreateClusterInput, opts []func(*eks.Options)) (*eks.CreateClusterOutput, error) - MockDescribeCluster func(ctx context.Context, input *eks.DescribeClusterInput, opts []func(*eks.Options)) (*eks.DescribeClusterOutput, error) - MockUpdateClusterConfig func(ctx context.Context, input *eks.UpdateClusterConfigInput, opts []func(*eks.Options)) (*eks.UpdateClusterConfigOutput, error) - MockDeleteCluster func(ctx context.Context, input *eks.DeleteClusterInput, opts []func(*eks.Options)) (*eks.DeleteClusterOutput, error) - MockTagResource func(ctx context.Context, input *eks.TagResourceInput, opts []func(*eks.Options)) (*eks.TagResourceOutput, error) - MockUntagResource func(ctx context.Context, input *eks.UntagResourceInput, opts []func(*eks.Options)) (*eks.UntagResourceOutput, error) - MockUpdateClusterVersion func(ctx context.Context, input *eks.UpdateClusterVersionInput, opts []func(*eks.Options)) (*eks.UpdateClusterVersionOutput, error) + MockCreateCluster func(ctx context.Context, input *eks.CreateClusterInput, opts []func(*eks.Options)) (*eks.CreateClusterOutput, error) + MockDescribeCluster func(ctx context.Context, input *eks.DescribeClusterInput, opts []func(*eks.Options)) (*eks.DescribeClusterOutput, error) + MockUpdateClusterConfig func(ctx context.Context, input *eks.UpdateClusterConfigInput, opts []func(*eks.Options)) (*eks.UpdateClusterConfigOutput, error) + MockDeleteCluster func(ctx context.Context, input *eks.DeleteClusterInput, opts []func(*eks.Options)) (*eks.DeleteClusterOutput, error) + MockTagResource func(ctx context.Context, input *eks.TagResourceInput, opts []func(*eks.Options)) (*eks.TagResourceOutput, error) + MockUntagResource func(ctx context.Context, input *eks.UntagResourceInput, opts []func(*eks.Options)) (*eks.UntagResourceOutput, error) + MockUpdateClusterVersion func(ctx context.Context, input *eks.UpdateClusterVersionInput, opts []func(*eks.Options)) (*eks.UpdateClusterVersionOutput, error) + MockAssociateEncryptionConfig func(ctx context.Context, input *eks.AssociateEncryptionConfigInput, opts []func(*eks.Options)) (*eks.AssociateEncryptionConfigOutput, error) MockDescribeNodegroup func(ctx context.Context, input *eks.DescribeNodegroupInput, opts []func(*eks.Options)) (*eks.DescribeNodegroupOutput, error) MockCreateNodegroup func(ctx context.Context, input *eks.CreateNodegroupInput, opts []func(*eks.Options)) (*eks.CreateNodegroupOutput, error) @@ -97,6 +98,12 @@ func (c *MockClient) UpdateClusterVersion(ctx context.Context, input *eks.Update return c.MockUpdateClusterVersion(ctx, input, opts) } +// AssociateEncryptionConfig calls the underlying +// MockAssociateEncryptionConfig method. +func (c *MockClient) AssociateEncryptionConfig(ctx context.Context, input *eks.AssociateEncryptionConfigInput, opts ...func(*eks.Options)) (*eks.AssociateEncryptionConfigOutput, error) { + return c.MockAssociateEncryptionConfig(ctx, input, opts) +} + // DescribeNodegroup calls the underlying MockDescribeNodegroup // method. func (c *MockClient) DescribeNodegroup(ctx context.Context, input *eks.DescribeNodegroupInput, opts ...func(*eks.Options)) (*eks.DescribeNodegroupOutput, error) { From a09515dac9ac427e1f4818c807d2a08f47a9a083 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Kesser?= Date: Thu, 25 Aug 2022 08:01:47 +0200 Subject: [PATCH 3/4] fix: Added comment for function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Kesser --- pkg/clients/eks/eks.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go index bcf4777f55..d087f1794c 100644 --- a/pkg/clients/eks/eks.go +++ b/pkg/clients/eks/eks.go @@ -160,6 +160,7 @@ func GenerateCreateClusterInput(name string, p *v1beta1.ClusterParameters) *eks. return c } +// GenerateEncryptionConfig creates the config needed to enable encryption func GenerateEncryptionConfig(parameters *v1beta1.ClusterParameters) []ekstypes.EncryptionConfig { encryptionConfig := make([]ekstypes.EncryptionConfig, len(parameters.EncryptionConfig)) if len(parameters.EncryptionConfig) > 0 { From 2f31addb3151578b7627d36ce27e7ec83344b8ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Kesser?= Date: Thu, 25 Aug 2022 08:10:08 +0200 Subject: [PATCH 4/4] fix: Removed commented code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Kesser --- pkg/clients/eks/eks.go | 9 --------- 1 file changed, 9 deletions(-) diff --git a/pkg/clients/eks/eks.go b/pkg/clients/eks/eks.go index d087f1794c..e57963e8dd 100644 --- a/pkg/clients/eks/eks.go +++ b/pkg/clients/eks/eks.go @@ -119,15 +119,6 @@ func GenerateCreateClusterInput(name string, p *v1beta1.ClusterParameters) *eks. } if len(p.EncryptionConfig) > 0 { - // c.EncryptionConfig = make([]ekstypes.EncryptionConfig, len(p.EncryptionConfig)) - // for i, conf := range p.EncryptionConfig { - // c.EncryptionConfig[i] = ekstypes.EncryptionConfig{ - // Provider: &ekstypes.Provider{ - // KeyArn: awsclients.String(conf.Provider.KeyArn), - // }, - // Resources: conf.Resources, - // } - // } c.EncryptionConfig = GenerateEncryptionConfig(p) }