diff --git a/pkg/eks/client.go b/pkg/eks/client.go index 97e8de8eb8c..07e2663c5e5 100644 --- a/pkg/eks/client.go +++ b/pkg/eks/client.go @@ -27,10 +27,8 @@ type Client struct { rawConfig *restclient.Config } -// NewClient creates a new client config, if withEmbeddedToken is true -// it will embed the STS token, otherwise it will use authenticator exec plugin -// and ensures that AWS_PROFILE environment variable gets set also -func (c *ClusterProvider) NewClient(spec *api.ClusterConfig, withEmbeddedToken bool) (*Client, error) { +// NewClient creates a new client config by embedding the STS token +func (c *ClusterProvider) NewClient(spec *api.ClusterConfig) (*Client, error) { clientConfig, _, contextName := kubeconfig.New(spec, c.GetUsername(), "") config := &Client{ @@ -99,7 +97,7 @@ func (c *ClusterProvider) NewStdClientSet(spec *api.ClusterConfig) (*kubernetes. } func (c *ClusterProvider) newClientSetWithEmbeddedToken(spec *api.ClusterConfig) (*Client, *kubernetes.Clientset, error) { - client, err := c.NewClient(spec, true) + client, err := c.NewClient(spec) if err != nil { return nil, nil, errors.Wrap(err, "creating Kubernetes client config with embedded token") } diff --git a/pkg/eks/client_test.go b/pkg/eks/client_test.go index eaeff4b83e5..c745ef5dd93 100644 --- a/pkg/eks/client_test.go +++ b/pkg/eks/client_test.go @@ -1,6 +1,7 @@ package eks_test import ( + "fmt" "strings" . "github.com/onsi/ginkgo" @@ -8,6 +9,7 @@ import ( api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5" . "github.com/weaveworks/eksctl/pkg/eks" "github.com/weaveworks/eksctl/pkg/testutils/mockprovider" + "github.com/weaveworks/eksctl/pkg/utils/kubeconfig" ) var _ = Describe("eks auth helpers", func() { @@ -40,17 +42,14 @@ var _ = Describe("eks auth helpers", func() { }, } - It("should create config with authenticator", func() { - clientConfig, err := ctl.NewClient(cfg, false) - - Expect(err).To(Not(HaveOccurred())) - + testAuthenticatorConfig := func(roleARN string) { + clientConfig := kubeconfig.NewForKubectl(cfg, ctl.GetUsername(), roleARN, ctl.Provider.Profile()) Expect(clientConfig).To(Not(BeNil())) - ctx := clientConfig.ContextName + ctx := clientConfig.CurrentContext cluster := strings.Split(ctx, "@")[1] Expect(ctx).To(Equal("iam-root-account@auth-test-cluster.eu-west-3.eksctl.io")) - k := clientConfig.Config + k := clientConfig Expect(k.CurrentContext).To(Equal(ctx)) @@ -72,7 +71,11 @@ var _ = Describe("eks auth helpers", func() { Expect(k.AuthInfos[ctx].Exec.Command).To(MatchRegexp("(heptio-authenticator-aws|aws-iam-authenticator)")) - Expect(strings.Join(k.AuthInfos[ctx].Exec.Args, " ")).To(Equal("token -i auth-test-cluster")) + expectedArgs := "token -i auth-test-cluster" + if roleARN != "" { + expectedArgs += fmt.Sprintf(" -r %s", roleARN) + } + Expect(strings.Join(k.AuthInfos[ctx].Exec.Args, " ")).To(Equal(expectedArgs)) Expect(k.Clusters).To(HaveKey(cluster)) Expect(k.Clusters).To(HaveLen(1)) @@ -80,24 +83,17 @@ var _ = Describe("eks auth helpers", func() { Expect(k.Clusters[cluster].InsecureSkipTLSVerify).To(BeFalse()) Expect(k.Clusters[cluster].Server).To(Equal(cfg.Status.Endpoint)) Expect(k.Clusters[cluster].CertificateAuthorityData).To(Equal(cfg.Status.CertificateAuthorityData)) + } + + It("should create config with authenticator", func() { + testAuthenticatorConfig("") + testAuthenticatorConfig("arn:aws:iam::111111111111:role/eksctl") }) It("should create config with embedded token", func() { // TODO: cannot test this, as token generator uses STS directly, we cannot pass the interface // we can probably fix the package itself }) - - It("should create clientset", func() { - clientConfig, err := ctl.NewClient(cfg, false) - - Expect(err).To(Not(HaveOccurred())) - Expect(clientConfig).To(Not(BeNil())) - - clientSet, err := clientConfig.NewClientSet() - - Expect(err).To(Not(HaveOccurred())) - Expect(clientSet).To(Not(BeNil())) - }) }) }) })