Add test for role ARN, remove unneeded test

pkg/eks/client.go

@@ -27,10 +27,8 @@ type Client struct {
 	rawConfig *restclient.Config
 }
 
-// NewClient creates a new client config, if withEmbeddedToken is true
-// it will embed the STS token, otherwise it will use authenticator exec plugin
-// and ensures that AWS_PROFILE environment variable gets set also
-func (c *ClusterProvider) NewClient(spec *api.ClusterConfig, withEmbeddedToken bool) (*Client, error) {
+// NewClient creates a new client config by embedding the STS token
+func (c *ClusterProvider) NewClient(spec *api.ClusterConfig) (*Client, error) {
 	clientConfig, _, contextName := kubeconfig.New(spec, c.GetUsername(), "")
 
 	config := &Client{
@@ -99,7 +97,7 @@ func (c *ClusterProvider) NewStdClientSet(spec *api.ClusterConfig) (*kubernetes.
 }
 
 func (c *ClusterProvider) newClientSetWithEmbeddedToken(spec *api.ClusterConfig) (*Client, *kubernetes.Clientset, error) {
-	client, err := c.NewClient(spec, true)
+	client, err := c.NewClient(spec)
 	if err != nil {
 		return nil, nil, errors.Wrap(err, "creating Kubernetes client config with embedded token")
 	}

pkg/eks/client_test.go

@@ -1,13 +1,15 @@
 package eks_test
 
 import (
+	"fmt"
 	"strings"
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
 	. "github.com/weaveworks/eksctl/pkg/eks"
 	"github.com/weaveworks/eksctl/pkg/testutils/mockprovider"
+	"github.com/weaveworks/eksctl/pkg/utils/kubeconfig"
 )
 
 var _ = Describe("eks auth helpers", func() {
@@ -40,17 +42,14 @@ var _ = Describe("eks auth helpers", func() {
 					},
 				}
 
-				It("should create config with authenticator", func() {
-					clientConfig, err := ctl.NewClient(cfg, false)
-
-					Expect(err).To(Not(HaveOccurred()))
-
+				testAuthenticatorConfig := func(roleARN string) {
+					clientConfig := kubeconfig.NewForKubectl(cfg, ctl.GetUsername(), roleARN, ctl.Provider.Profile())
 					Expect(clientConfig).To(Not(BeNil()))
-					ctx := clientConfig.ContextName
+					ctx := clientConfig.CurrentContext
 					cluster := strings.Split(ctx, "@")[1]
 					Expect(ctx).To(Equal("iam-root-account@auth-test-cluster.eu-west-3.eksctl.io"))
 
-					k := clientConfig.Config
+					k := clientConfig
 
 					Expect(k.CurrentContext).To(Equal(ctx))
 
@@ -72,32 +71,29 @@ var _ = Describe("eks auth helpers", func() {
 
 					Expect(k.AuthInfos[ctx].Exec.Command).To(MatchRegexp("(heptio-authenticator-aws|aws-iam-authenticator)"))
 
-					Expect(strings.Join(k.AuthInfos[ctx].Exec.Args, " ")).To(Equal("token -i auth-test-cluster"))
+					expectedArgs := "token -i auth-test-cluster"
+					if roleARN != "" {
+						expectedArgs += fmt.Sprintf(" -r %s", roleARN)
+					}
+					Expect(strings.Join(k.AuthInfos[ctx].Exec.Args, " ")).To(Equal(expectedArgs))
 
 					Expect(k.Clusters).To(HaveKey(cluster))
 					Expect(k.Clusters).To(HaveLen(1))
 
 					Expect(k.Clusters[cluster].InsecureSkipTLSVerify).To(BeFalse())
 					Expect(k.Clusters[cluster].Server).To(Equal(cfg.Status.Endpoint))
 					Expect(k.Clusters[cluster].CertificateAuthorityData).To(Equal(cfg.Status.CertificateAuthorityData))
+				}
+
+				It("should create config with authenticator", func() {
+					testAuthenticatorConfig("")
+					testAuthenticatorConfig("arn:aws:iam::111111111111:role/eksctl")
 				})
 
 				It("should create config with embedded token", func() {
 					// TODO: cannot test this, as token generator uses STS directly, we cannot pass the interface
 					// we can probably fix the package itself
 				})
-
-				It("should create clientset", func() {
-					clientConfig, err := ctl.NewClient(cfg, false)
-
-					Expect(err).To(Not(HaveOccurred()))
-					Expect(clientConfig).To(Not(BeNil()))
-
-					clientSet, err := clientConfig.NewClientSet()
-
-					Expect(err).To(Not(HaveOccurred()))
-					Expect(clientSet).To(Not(BeNil()))
-				})
 			})
 		})
 	})