Merge branch 'main' into parallel-drain

.github/workflows/exclude-file.txt

@@ -11,4 +11,4 @@ config.site_url
 eks.amazonaws.com
 raw.githubusercontent.com
 creating-and-managing-clusters
-schema.js
+schema.js

Makefile.docker

@@ -34,7 +34,7 @@ endif
 update-build-image-tag: ## Update the build image tag as referenced across the repo
 	build-image-manifest.sh > $(image_manifest_file)
 	git hash-object $(image_manifest_file) > $(build_image_tag_file)
-	sed $(sedi) -e "1s|\(BUILD_IMAGE=\).*|\1/$(build_image):$$(cat $(build_image_tag_file))|" Dockerfile
+	sed $(sedi) -e "1s|\(BUILD_IMAGE=\).*|\1$(build_image):$$(cat $(build_image_tag_file))|" Dockerfile
 	find .github/workflows -type f | xargs sed $(sedi) -e "s|\($(build_image):\).*|\1$$(cat $(build_image_tag_file))|"
 
 .PHONY: check-build-image-manifest-up-to-date

go.mod

@@ -8,7 +8,7 @@ go 1.17
 require (
 	github.com/Masterminds/semver/v3 v3.1.1
 	github.com/aws/amazon-ec2-instance-selector/v2 v2.0.4-0.20220124212200-2aee60ac608e
-	github.com/aws/aws-sdk-go v1.43.10
+	github.com/aws/aws-sdk-go v1.43.12
 	github.com/benjamintf1/unmarshalledmatchers v0.0.0-20190408201839-bb1c1f34eaea
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/bxcodec/faker v2.0.1+incompatible

go.sum

@@ -382,8 +382,8 @@ github.com/aws/aws-sdk-go v1.38.29/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2z
 github.com/aws/aws-sdk-go v1.38.49/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go v1.40.34/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.42.24/go.mod h1:gyRszuZ/icHmHAVE4gc/r+cfCmhA1AD+vqfWbgI+eHs=
-github.com/aws/aws-sdk-go v1.43.10 h1:lFX6gzTBltYBnlJBjd2DWRCmqn2CbTcs6PW99/Dme7k=
-github.com/aws/aws-sdk-go v1.43.10/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
+github.com/aws/aws-sdk-go v1.43.12 h1:wOdx6+reSDpUBFEuJDA6edCrojzy8rOtMzhS2rD9+7M=
+github.com/aws/aws-sdk-go v1.43.12/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/aws/aws-sdk-go-v2 v1.9.0/go.mod h1:cK/D0BBs0b/oWPIcX/Z/obahJK1TT7IPVjy53i/mX/4=
 github.com/aws/aws-sdk-go-v2 v1.11.2 h1:SDiCYqxdIYi6HgQfAWRhgdZrdnOuGyLDJVRSWLeHWvs=

integration/matchers/json.go

@@ -3,8 +3,7 @@ package matchers
 import (
 	"github.com/onsi/gomega/types"
 	"github.com/pkg/errors"
-
-	"github.com/weaveworks/eksctl/pkg/cfn/manager"
+	"github.com/weaveworks/eksctl/pkg/actions/nodegroup"
 
 	"encoding/json"
 )
@@ -28,9 +27,9 @@ func (matcher *jsonNodeGroupMatcher) Match(actual interface{}) (success bool, er
 	if !ok {
 		return false, errors.Wrapf(err, "BeNodeGroupsWithNamesWhich matcher expects a string")
 	}
-	ngSummaries := []manager.NodeGroupSummary{}
+	ngSummaries := []nodegroup.Summary{}
 	if err := json.Unmarshal([]byte(rawJSON), &ngSummaries); err != nil {
-		return false, errors.Wrapf(err, "BeNodeGroupsWithNamesWhich matcher expects a NodeGroupSummary JSON array")
+		return false, errors.Wrapf(err, "BeNodeGroupsWithNamesWhich matcher expects a Summary JSON array")
 	}
 	ngNames := extractNames(ngSummaries)
 	for _, m := range matcher.matchers {
@@ -43,7 +42,7 @@ func (matcher *jsonNodeGroupMatcher) Match(actual interface{}) (success bool, er
 	return true, nil
 }
 
-func extractNames(ngSummaries []manager.NodeGroupSummary) []string {
+func extractNames(ngSummaries []nodegroup.Summary) []string {
 	ngNames := make([]string, len(ngSummaries))
 	for i, ngSummary := range ngSummaries {
 		ngNames[i] = ngSummary.Name

integration/tests/fargate/fargate_test.go

@@ -148,39 +148,6 @@ var _ = Describe("(Integration) Fargate", func() {
 			deleteCluster(ft.clusterName)
 		})
 	})
-
-	Context("Creating a cluster with --fargate and --managed", func() {
-		ft := &fargateTest{}
-
-		BeforeEach(func() {
-			setup(ft, "--fargate", "--managed")
-		})
-
-		It("should support Fargate", func() {
-			testDefaultFargateProfile(ft.clusterName, ft.kubeTest)
-			testCreateFargateProfile(ft.clusterName, ft.kubeTest)
-		})
-
-		AfterEach(func() {
-			deleteCluster(ft.clusterName)
-		})
-	})
-
-	Context("Creating a cluster without --fargate", func() {
-		ft := &fargateTest{}
-
-		BeforeEach(func() {
-			setup(ft)
-		})
-
-		It("should allow creation of new Fargate profiles", func() {
-			testCreateFargateProfile(ft.clusterName, ft.kubeTest)
-		})
-
-		AfterEach(func() {
-			deleteCluster(ft.clusterName)
-		})
-	})
 })
 
 var _ = AfterSuite(func() {

integration/tests/kms/kms_test.go

@@ -0,0 +1,118 @@
+//go:build integration
+// +build integration
+
+package kms
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/kms"
+	. "github.com/weaveworks/eksctl/integration/runner"
+	"github.com/weaveworks/eksctl/integration/tests"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+	"github.com/weaveworks/eksctl/pkg/eks"
+	"github.com/weaveworks/eksctl/pkg/testutils"
+
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+)
+
+var params *tests.Params
+
+func init() {
+	// Call testing.Init() prior to tests.NewParams(), as otherwise -test.* will not be recognised. See also: https://golang.org/doc/go1.13#testing
+	testing.Init()
+	params = tests.NewParams("kms")
+}
+
+func TestEKSkms(t *testing.T) {
+	testutils.RegisterAndRun(t)
+}
+
+var _ = Describe("(Integration) [EKS kms test]", func() {
+	Context("Creating a cluster and enabling kms", func() {
+		var (
+			kmsKeyARN   *string
+			clusterName string
+			ctl         api.ClusterProvider
+		)
+
+		BeforeSuite(func() {
+			clusterName = params.NewClusterName("kms")
+			clusterConfig := api.NewClusterConfig()
+			clusterConfig.Metadata.Name = clusterName
+			clusterConfig.Metadata.Version = "latest"
+			clusterConfig.Metadata.Region = params.Region
+
+			data, err := json.Marshal(clusterConfig)
+			Expect(err).NotTo(HaveOccurred())
+
+			cmd := params.EksctlCreateCmd.
+				WithArgs(
+					"cluster",
+					"--config-file", "-",
+					"--verbose", "4",
+				).
+				WithoutArg("--region", params.Region).
+				WithStdin(bytes.NewReader(data))
+			Expect(cmd).To(RunSuccessfully())
+
+			clusterProvider, err := eks.New(&api.ProviderConfig{Region: params.Region}, clusterConfig)
+			Expect(err).NotTo(HaveOccurred())
+			ctl = clusterProvider.Provider
+
+			kmsClient := kms.New(ctl.ConfigProvider())
+			output, err := kmsClient.CreateKey(&kms.CreateKeyInput{
+				Description: aws.String(fmt.Sprintf("Key to test KMS encryption on EKS cluster %s", clusterName)),
+			})
+			Expect(err).NotTo(HaveOccurred())
+			kmsKeyARN = output.KeyMetadata.Arn
+		})
+
+		AfterSuite(func() {
+			cmd := params.EksctlDeleteCmd.WithArgs(
+				"cluster", clusterName,
+				"--verbose", "2",
+			)
+			Expect(cmd).To(RunSuccessfully())
+
+			kmsClient := kms.New(ctl.ConfigProvider())
+			_, err := kmsClient.ScheduleKeyDeletion(&kms.ScheduleKeyDeletionInput{
+				KeyId:               kmsKeyARN,
+				PendingWindowInDays: aws.Int64(7),
+			})
+			Expect(err).NotTo(HaveOccurred())
+		})
+
+		It("supports enabling KMS encryption", func() {
+			enableEncryptionCMD := func() Cmd {
+				return params.EksctlUtilsCmd.
+					WithTimeout(2*time.Hour).
+					WithArgs(
+						"enable-secrets-encryption",
+						"--cluster", clusterName,
+						"--key-arn", *kmsKeyARN,
+					)
+			}
+
+			By(fmt.Sprintf("enabling KMS encryption on the cluster using key %q", *kmsKeyARN))
+			cmd := enableEncryptionCMD()
+			Expect(cmd).To(RunSuccessfullyWithOutputStringLines(
+				ContainElement(ContainSubstring("initiated KMS encryption")),
+				ContainElement(ContainSubstring("KMS encryption applied to all Secret resources")),
+			))
+
+			By("ensuring `enable-secrets-encryption` works when KMS encryption is already enabled on the cluster")
+			cmd = enableEncryptionCMD()
+			Expect(cmd).To(RunSuccessfullyWithOutputStringLines(
+				ContainElement(ContainSubstring("KMS encryption is already enabled on the cluster")),
+				ContainElement(ContainSubstring("KMS encryption applied to all Secret resources")),
+			))
+		})
+	})
+})

integration/tests/unowned_cluster/unowned_cluster_test.go

@@ -15,7 +15,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	cfn "github.com/aws/aws-sdk-go/service/cloudformation"
 	awseks "github.com/aws/aws-sdk-go/service/eks"
-	"github.com/aws/aws-sdk-go/service/kms"
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	"github.com/onsi/gomega/gbytes"
@@ -47,7 +46,6 @@ var _ = Describe("(Integration) [non-eksctl cluster & nodegroup support]", func(
 		ctl                        api.ClusterProvider
 		configFile                 *os.File
 		cfg                        *api.ClusterConfig
-		kmsKeyARN                  *string
 	)
 
 	BeforeSuite(func() {
@@ -67,32 +65,17 @@ var _ = Describe("(Integration) [non-eksctl cluster & nodegroup support]", func(
 		var err error
 		configFile, err = os.CreateTemp("", "")
 		Expect(err).NotTo(HaveOccurred())
-
 		if !params.SkipCreate {
 			clusterProvider, err := eks.New(&api.ProviderConfig{Region: params.Region}, cfg)
 			Expect(err).NotTo(HaveOccurred())
 			ctl = clusterProvider.Provider
 			cfg.VPC = createClusterWithNodeGroup(params.ClusterName, stackName, mng1, version, ctl)
-
-			kmsClient := kms.New(ctl.ConfigProvider())
-			output, err := kmsClient.CreateKey(&kms.CreateKeyInput{
-				Description: aws.String(fmt.Sprintf("Key to test KMS encryption on EKS cluster %s", params.ClusterName)),
-			})
-			Expect(err).NotTo(HaveOccurred())
-			kmsKeyARN = output.KeyMetadata.Arn
 		}
 	})
 
 	AfterSuite(func() {
 		if !params.SkipCreate && !params.SkipDelete {
 			deleteStack(stackName, ctl)
-
-			kmsClient := kms.New(ctl.ConfigProvider())
-			_, err := kmsClient.ScheduleKeyDeletion(&kms.ScheduleKeyDeletionInput{
-				KeyId:               kmsKeyARN,
-				PendingWindowInDays: aws.Int64(7),
-			})
-			Expect(err).NotTo(HaveOccurred())
 		}
 		Expect(os.RemoveAll(configFile.Name())).To(Succeed())
 
@@ -104,19 +87,7 @@ var _ = Describe("(Integration) [non-eksctl cluster & nodegroup support]", func(
 				Name: ng1,
 			}},
 		}
-		// write config file so that the nodegroup creates have access to the vpc spec
-		configData, err := json.Marshal(&cfg)
-		Expect(err).NotTo(HaveOccurred())
-		Expect(os.WriteFile(configFile.Name(), configData, 0755)).To(Succeed())
-		cmd := params.EksctlCreateNodegroupCmd.
-			WithArgs(
-				"--config-file", configFile.Name(),
-				"--verbose", "2",
-			)
-		Expect(cmd).To(RunSuccessfully())
-	})
 
-	It("supports creating managed nodegroups", func() {
 		cfg.ManagedNodeGroups = []*api.ManagedNodeGroup{{
 			NodeGroupBase: &api.NodeGroupBase{
 				Name: mng2,
@@ -360,35 +331,6 @@ var _ = Describe("(Integration) [non-eksctl cluster & nodegroup support]", func(
 		Expect(cmd).To(RunSuccessfully())
 	})
 
-	It("supports enabling KMS encryption", func() {
-		if params.SkipCreate {
-			Skip("not enabling KMS encryption because params.SkipCreate is true")
-		}
-		enableEncryptionCMD := func() Cmd {
-			return params.EksctlUtilsCmd.
-				WithTimeout(2*time.Hour).
-				WithArgs(
-					"enable-secrets-encryption",
-					"--cluster", params.ClusterName,
-					"--key-arn", *kmsKeyARN,
-				)
-		}
-
-		By(fmt.Sprintf("enabling KMS encryption on the cluster using key %q", *kmsKeyARN))
-		cmd := enableEncryptionCMD()
-		Expect(cmd).To(RunSuccessfullyWithOutputStringLines(
-			ContainElement(ContainSubstring("initiated KMS encryption")),
-			ContainElement(ContainSubstring("KMS encryption applied to all Secret resources")),
-		))
-
-		By("ensuring `enable-secrets-encryption` works when KMS encryption is already enabled on the cluster")
-		cmd = enableEncryptionCMD()
-		Expect(cmd).To(RunSuccessfullyWithOutputStringLines(
-			ContainElement(ContainSubstring("KMS encryption is already enabled on the cluster")),
-			ContainElement(ContainSubstring("KMS encryption applied to all Secret resources")),
-		))
-	})
-
 	It("supports deleting clusters", func() {
 		if params.SkipDelete {
 			Skip("params.SkipDelete is true")