Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove dependency on STS v1 by removing the need to use aws-iam-authenticator for token generation #5016

Merged
merged 18 commits into from
Apr 4, 2022
Merged

Remove dependency on STS v1 by removing the need to use aws-iam-authenticator for token generation #5016

merged 18 commits into from
Apr 4, 2022

Conversation

Skarlso
Copy link
Contributor

@Skarlso Skarlso commented Mar 29, 2022
edited
Loading

Description

Closes #4993 by removing the aws-iam-authenticator dependency completely.

Added some removal of STSv1 as well, but did not yet rename STSV2. That will be in the next PR.

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@Skarlso Skarlso added the kind/feature New feature or request label Mar 29, 2022
Skarlso
Skarlso commented Mar 29, 2022
View reviewed changes
pkg/eks/api.go
@@ -213,15 +207,6 @@ func New(spec *api.ProviderConfig, clusterSpec *api.ClusterConfig) (*ClusterProv
provider.ec2 = ec2.New(s)
provider.elb = elb.New(s)
provider.elbv2 = elbv2.New(s)
provider.sts = sts.New(s,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This remove will make it easier for the V2 to be renamed in the coming PR.

@Skarlso
Copy link
Contributor Author

Skarlso commented Mar 29, 2022

Manual Test

2022-03-29 17:05:30 [ℹ]  node "ip-192-168-21-130.us-west-2.compute.internal" is ready
2022-03-29 17:05:31 [ℹ]  kubectl command should work with "/Users/skarlso/.kube/config", try 'kubectl get nodes'
2022-03-29 17:05:31 [✔]  EKS cluster "test-sts-refactor-1" in "us-west-2" region is ready
➜  simple-cluster
➜  simple-cluster k get nodes
NAME                                           STATUS   ROLES    AGE    VERSION
ip-192-168-21-130.us-west-2.compute.internal   Ready    <none>   114s   v1.21.5-eks-9017834

delete

2022-03-29 17:08:45 [ℹ]  waiting for CloudFormation stack "eksctl-test-sts-refactor-1-nodegroup-ng-1"
2022-03-29 17:09:02 [ℹ]  waiting for CloudFormation stack "eksctl-test-sts-refactor-1-nodegroup-ng-1"
2022-03-29 17:09:03 [ℹ]  will delete stack "eksctl-test-sts-refactor-1-cluster"
2022-03-29 17:09:04 [✔]  all cluster resources were deleted
➜  simple-cluster

@Skarlso Skarlso changed the title [WIP] Refactor sts Remove dependency on STS v1 by removing the need to use aws-iam-authenticator for token generation Mar 29, 2022
@Skarlso Skarlso marked this pull request as ready for review March 29, 2022 15:37
@Skarlso Skarlso requested a review from a team March 29, 2022 15:39
@Skarlso Skarlso added area/tech-debt Leftover improvements in code, testing and building skip-release-notes Causes PR not to show in release notes and removed kind/feature New feature or request labels Mar 29, 2022
Skarlso
Skarlso commented Mar 29, 2022
View reviewed changes
.golangci.yml
@@ -1,5 +1,7 @@
# options for analysis running
run:
go: '1.18'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apparently, this was needed for the ci to work properly.

@Skarlso Skarlso removed the request for review from a team March 30, 2022 06:59
@Skarlso Skarlso requested review from a team and removed request for a team March 30, 2022 08:04
Skarlso
Skarlso commented Mar 30, 2022
View reviewed changes
pkg/eks/api.go Show resolved Hide resolved
@Skarlso Skarlso requested a review from a team March 30, 2022 08:30
aclevername
aclevername reviewed Mar 30, 2022
View reviewed changes
pkg/eks/apiv2.go Outdated Show resolved Hide resolved
aclevername
aclevername reviewed Mar 30, 2022
View reviewed changes
pkg/eks/generator.go Outdated Show resolved Hide resolved
aclevername
aclevername approved these changes Mar 30, 2022
View reviewed changes
Copy link
Contributor

@aclevername aclevername left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😁 ! Worth waiting for 3 reviewers IMO as its a bit complex. Also worth an integration test run? Or does the change not affect how we do our auth in CI?

@Skarlso
Copy link
Contributor Author

Skarlso commented Mar 30, 2022
edited
Loading

Also worth an integration test run? Or does the change not affect how we do our auth in CI?

I ran a couple locally, it's basically like this... if it doesn't work on eksctl get cluster it basically will not work. :D If it does, it does, there is nothing else happening to the token that would make it not work on further calls. But I did run some tests to be sure that consecutive calls work. :) And that longer calls still work.

@Skarlso Skarlso requested a review from a team March 30, 2022 15:20
@cPu1
Copy link
Contributor

cPu1 commented Mar 31, 2022

@Skarlso can you fix the conflicts before I start reviewing?

@Skarlso
Copy link
Contributor Author

Skarlso commented Mar 31, 2022

@cPu1 done with the conflict. :)

cPu1
cPu1 reviewed Mar 31, 2022
View reviewed changes
pkg/eks/generator.go Outdated Show resolved Hide resolved
cPu1
cPu1 reviewed Mar 31, 2022
View reviewed changes
pkg/eks/services_v2.go Outdated Show resolved Hide resolved
cPu1
cPu1 reviewed Mar 31, 2022
View reviewed changes
pkg/eks/services_v2.go Outdated Show resolved Hide resolved
@Skarlso Skarlso enabled auto-merge (squash) April 4, 2022 08:24
@Skarlso Skarlso merged commit e7de320 into eksctl-io:main Apr 4, 2022
SlevinWasAlreadyTaken pushed a commit to SlevinWasAlreadyTaken/eksctl that referenced this pull request Apr 11, 2022
@Skarlso @SlevinWasAlreadyTaken
Remove dependency on STS v1 by removing the need to use aws-iam-authe…
9e17746 
…nticator for token generation (eksctl-io#5016)

* Removing STS

* Deleted the wrapper as it is no longer needed

* Created an Interface for the Presign function

* Extracted the generator and wrote a proper interface and mocks for the presign call

* Postfilled a unit test

* Added custom endpoint resolution

* Put back the endpoint mapping malaka

* Extract header function

* Adjusted to review and removed whitelisted header
@hspencer77 hspencer77 mentioned this pull request Jul 8, 2022
Closed
7 tasks
@Skarlso Skarlso mentioned this pull request Jul 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aclevername aclevername aclevername approved these changes

@cPu1 cPu1 cPu1 approved these changes

Assignees
No one assigned
Labels
area/tech-debt Leftover improvements in code, testing and building skip-release-notes Causes PR not to show in release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Eliminating usage of aws/aws-sdk-go (v1) STS is blocked on sigs.k8s.io/aws-iam-authenticator/pkg/token
3 participants
@Skarlso @cPu1 @aclevername