From 95ef236a01490679ab6252defe8692b18833378c Mon Sep 17 00:00:00 2001 From: guessi Date: Fri, 15 Jul 2022 22:47:31 +0800 Subject: [PATCH] chore(eks): extend support for clusterLogging disable Amazon EKS Loggings was first introduced in #18112 and added Fargate logging support in #20707. However, disabled loggings was not take into consideration at the very beginning of the design. With this PR, enabled clusterLogging support for enablement/disablement. Also, added test cases for no logging configured, partial logging configured, full logging configured. Fixes: #19898 --- .../lib/cluster-resource-handler/cluster.ts | 4 + .../@aws-cdk/aws-eks/lib/cluster-resource.ts | 2 +- packages/@aws-cdk/aws-eks/lib/cluster.ts | 18 +++- .../test/cluster-resource-provider.test.ts | 16 ++++ .../@aws-cdk/aws-eks/test/cluster.test.ts | 94 +++++++++++++++++++ .../aws-cdk-eks-cluster-test.template.json | 9 +- .../aws-cdk-eks-helm-test.template.json | 9 +- .../@aws-cdk/aws-eks/test/fargate.test.ts | 74 ++++++++++++++- 8 files changed, 220 insertions(+), 6 deletions(-) diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts index 0177a7e21b695..d7e66c7c79961 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource-handler/cluster.ts @@ -290,6 +290,10 @@ function parseProps(props: any): aws.EKS.CreateClusterRequest { parsed.logging.clusterLogging[0].enabled = parsed.logging.clusterLogging[0].enabled === 'true'; } + if (typeof (parsed.logging?.clusterLogging[1].enabled) === 'string') { + parsed.logging.clusterLogging[1].enabled = parsed.logging.clusterLogging[1].enabled === 'false'; + } + return parsed; } diff --git a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts index 755b89eec135c..28c6a5a2f51d7 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster-resource.ts @@ -25,7 +25,7 @@ export interface ClusterResourceProps { readonly onEventLayer?: lambda.ILayerVersion; readonly clusterHandlerSecurityGroup?: ec2.ISecurityGroup; readonly tags?: { [key: string]: string }; - readonly logging?: { [key: string]: [ { [key: string]: any } ] }; + readonly logging?: { [key: string]: [ { [key: string]: any }, { [key: string]: any } ] }; } /** diff --git a/packages/@aws-cdk/aws-eks/lib/cluster.ts b/packages/@aws-cdk/aws-eks/lib/cluster.ts index 5fd70cd5b1d45..481f0891c849d 100644 --- a/packages/@aws-cdk/aws-eks/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks/lib/cluster.ts @@ -1285,7 +1285,7 @@ export class Cluster extends ClusterBase { private readonly version: KubernetesVersion; - private readonly logging?: { [key: string]: [ { [key: string]: any } ] }; + private readonly logging?: { [key: string]: [ { [key: string]: any }, { [key: string]: any } ] }; /** * A dummy CloudFormation resource that is used as a wait barrier which @@ -1347,12 +1347,28 @@ export class Cluster extends ClusterBase { // Get subnetIds for all selected subnets const subnetIds = Array.from(new Set(flatten(selectedSubnetIdsPerGroup))); + // The value of clusterLoggingTypeDisabled should be invert of props.clusterLogging. + let clusterLoggingTypeDisabled: ClusterLoggingTypes[] = []; + + // Find out type(s) to disable. + Object.values(ClusterLoggingTypes).forEach(function (key) { + let clusterLoggingTypeEnabled = Object.values(props.clusterLogging ? Object.values(props.clusterLogging) : []); + if (!Object.values(clusterLoggingTypeEnabled).includes(key)) { + clusterLoggingTypeDisabled.push(key); + }; + }); + + // Leave it untouched as undefined if (props.clusterLogging === undefined). this.logging = props.clusterLogging ? { clusterLogging: [ { enabled: true, types: Object.values(props.clusterLogging), }, + { + enabled: false, + types: Object.values(clusterLoggingTypeDisabled), + }, ], } : undefined; diff --git a/packages/@aws-cdk/aws-eks/test/cluster-resource-provider.test.ts b/packages/@aws-cdk/aws-eks/test/cluster-resource-provider.test.ts index d7d7789bde0a5..7a486cc67600f 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster-resource-provider.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster-resource-provider.test.ts @@ -566,6 +566,10 @@ describe('cluster resource provider', () => { types: ['api'], enabled: true, }, + { + types: ['audit', 'authenticator', 'controllerManager', 'scheduler'], + enabled: false, + }, ], }, }, { @@ -581,6 +585,10 @@ describe('cluster resource provider', () => { types: ['api'], enabled: true, }, + { + types: ['audit', 'authenticator', 'controllerManager', 'scheduler'], + enabled: false, + }, ], }, }); @@ -622,6 +630,10 @@ describe('cluster resource provider', () => { types: ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'], enabled: true, }, + { + types: [], + enabled: false, + }, ], }, resourcesVpcConfig: { @@ -644,6 +656,10 @@ describe('cluster resource provider', () => { types: ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'], enabled: true, }, + { + types: [], + enabled: false, + }, ], }, resourcesVpcConfig: { diff --git a/packages/@aws-cdk/aws-eks/test/cluster.test.ts b/packages/@aws-cdk/aws-eks/test/cluster.test.ts index 1f6ba84fc20fa..8b797a954007f 100644 --- a/packages/@aws-cdk/aws-eks/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks/test/cluster.test.ts @@ -3156,4 +3156,98 @@ describe('cluster', () => { }, }); }); + + test('create a cluster without logging configure', () => { + // GIVEN + const { stack } = testFixture(); + + // WHEN + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + }); + + // THEN + Template.fromStack(stack).resourceCountIs('Custom::AWSCDK-EKS-Cluster::Config::logging', 0); + }); + + test('create a cluster with partial logging configure', () => { + // GIVEN + const { stack } = testFixture(); + + // WHEN + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + clusterLogging: [ + eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.SCHEDULER, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-Cluster', { + Config: { + logging: { + clusterLogging: [ + { + enabled: true, + types: [ + 'api', + 'authenticator', + 'scheduler', + ], + }, + { + enabled: false, + types: [ + 'audit', + 'controllerManager', + ], + }, + ], + }, + }, + }); + }); + + test('create a cluster with all logging configure', () => { + // GIVEN + const { stack } = testFixture(); + + // WHEN + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + clusterLogging: [ + eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUDIT, + eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.CONTROLLER_MANAGER, + eks.ClusterLoggingTypes.SCHEDULER, + ], + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-Cluster', { + Config: { + logging: { + clusterLogging: [ + { + enabled: true, + types: [ + 'api', + 'audit', + 'authenticator', + 'controllerManager', + 'scheduler', + ], + }, + { + enabled: false, + types: [], + }, + ], + }, + }, + }); + }); }); diff --git a/packages/@aws-cdk/aws-eks/test/eks-cluster.integ.snapshot/aws-cdk-eks-cluster-test.template.json b/packages/@aws-cdk/aws-eks/test/eks-cluster.integ.snapshot/aws-cdk-eks-cluster-test.template.json index 281bb1075114d..e82dac45c4b78 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-cluster.integ.snapshot/aws-cdk-eks-cluster-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-cluster.integ.snapshot/aws-cdk-eks-cluster-test.template.json @@ -825,6 +825,13 @@ "authenticator", "scheduler" ] + }, + { + "enabled": false, + "types": [ + "audit", + "controllerManager" + ] } ] } @@ -4032,4 +4039,4 @@ "Default": "/aws/service/bottlerocket/aws-k8s-1.21/x86_64/latest/image_id" } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json index 7d2bb8615cb6f..48a92cfb5667b 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-helm-asset.integ.snapshot/aws-cdk-eks-helm-test.template.json @@ -668,6 +668,13 @@ "authenticator", "scheduler" ] + }, + { + "enabled": false, + "types": [ + "audit", + "controllerManager" + ] } ] } @@ -1316,4 +1323,4 @@ "Description": "Artifact hash for asset \"3d78a5cdc39276c4ee8503417d4363951a0693b01cfd99ec9786feed456d012f\"" } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-eks/test/fargate.test.ts b/packages/@aws-cdk/aws-eks/test/fargate.test.ts index e028981ff7bf2..d0cff709da411 100644 --- a/packages/@aws-cdk/aws-eks/test/fargate.test.ts +++ b/packages/@aws-cdk/aws-eks/test/fargate.test.ts @@ -459,7 +459,62 @@ describe('fargate', () => { }); - test('supports cluster logging with FargateCluster', () => { + test('supports cluster logging without FargateCluster', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + + new eks.FargateCluster(stack, 'FargateCluster', { + version: CLUSTER_VERSION, + }); + + //THEN + Template.fromStack(stack).resourceCountIs('Custom::AWSCDK-EKS-Cluster::Config::logging', 0); + }); + + test('supports cluster partial logging enabled with FargateCluster', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + + new eks.FargateCluster(stack, 'FargateCluster', { + version: CLUSTER_VERSION, + clusterLogging: [ + eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.SCHEDULER, + ], + }); + + //THEN + Template.fromStack(stack).hasResourceProperties('Custom::AWSCDK-EKS-Cluster', { + Config: { + logging: { + clusterLogging: [ + { + enabled: true, + types: [ + 'api', + 'authenticator', + 'scheduler', + ], + }, + { + enabled: false, + types: [ + 'audit', + 'controllerManager', + ], + }, + ], + }, + }, + }); + }); + + test('supports cluster all logging enabled with FargateCluster', () => { // GIVEN const stack = new Stack(); @@ -469,7 +524,9 @@ describe('fargate', () => { version: CLUSTER_VERSION, clusterLogging: [ eks.ClusterLoggingTypes.API, + eks.ClusterLoggingTypes.AUDIT, eks.ClusterLoggingTypes.AUTHENTICATOR, + eks.ClusterLoggingTypes.CONTROLLER_MANAGER, eks.ClusterLoggingTypes.SCHEDULER, ], }); @@ -479,7 +536,20 @@ describe('fargate', () => { Config: { logging: { clusterLogging: [ - { enabled: true, types: ['api', 'authenticator', 'scheduler'] }, + { + enabled: true, + types: [ + 'api', + 'audit', + 'authenticator', + 'controllerManager', + 'scheduler', + ], + }, + { + enabled: false, + types: [], + }, ], }, },