Disable access entry creation for self-managed nodes on clusters with CONFIG_MAP only

TiberiuGC · TiberiuGC · commit 7a3322351caf · 2024-04-02T14:58:52.000+03:00
diff --git a/pkg/apis/eksctl.io/v1alpha5/zz_generated.defaults.go b/pkg/apis/eksctl.io/v1alpha5/zz_generated.defaults.go
diff --git a/pkg/cfn/manager/create_tasks.go b/pkg/cfn/manager/create_tasks.go
@@ -8,6 +8,8 @@ import (
 	"github.com/pkg/errors"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	ekstypes "github.com/aws/aws-sdk-go-v2/service/eks/types"
+
 	"github.com/weaveworks/eksctl/pkg/actions/accessentry"
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
 	iamoidc "github.com/weaveworks/eksctl/pkg/iam/oidc"
@@ -24,7 +26,7 @@ const (
 // NewTasksToCreateCluster defines all tasks required to create a cluster along
 // with some nodegroups; see CreateAllNodeGroups for how onlyNodeGroupSubset works.
 func (c *StackCollection) NewTasksToCreateCluster(ctx context.Context, nodeGroups []*api.NodeGroup,
-	managedNodeGroups []*api.ManagedNodeGroup, accessEntries []api.AccessEntry, accessEntryCreator accessentry.CreatorInterface, postClusterCreationTasks ...tasks.Task) *tasks.TaskTree {
+	managedNodeGroups []*api.ManagedNodeGroup, accessConfig *api.AccessConfig, accessEntryCreator accessentry.CreatorInterface, postClusterCreationTasks ...tasks.Task) *tasks.TaskTree {
 	taskTree := tasks.TaskTree{Parallel: false}
 
 	taskTree.Append(&createClusterTask{
@@ -34,8 +36,8 @@ func (c *StackCollection) NewTasksToCreateCluster(ctx context.Context, nodeGroup
 		ctx:                  ctx,
 	})
 
-	if len(accessEntries) > 0 {
-		taskTree.Append(accessEntryCreator.CreateTasks(ctx, accessEntries))
+	if len(accessConfig.AccessEntries) > 0 {
+		taskTree.Append(accessEntryCreator.CreateTasks(ctx, accessConfig.AccessEntries))
 	}
 
 	appendNodeGroupTasksTo := func(taskTree *tasks.TaskTree) {
@@ -44,7 +46,8 @@ func (c *StackCollection) NewTasksToCreateCluster(ctx context.Context, nodeGroup
 			Parallel:  true,
 			IsSubTask: true,
 		}
-		if unmanagedNodeGroupTasks := c.NewUnmanagedNodeGroupTask(ctx, nodeGroups, false, false, false, vpcImporter); unmanagedNodeGroupTasks.Len() > 0 {
+		disableAccessEntryCreation := accessConfig.AuthenticationMode == ekstypes.AuthenticationModeConfigMap
+		if unmanagedNodeGroupTasks := c.NewUnmanagedNodeGroupTask(ctx, nodeGroups, false, false, disableAccessEntryCreation, vpcImporter); unmanagedNodeGroupTasks.Len() > 0 {
 			unmanagedNodeGroupTasks.IsSubTask = true
 			nodeGroupTasks.Append(unmanagedNodeGroupTasks)
 		}
diff --git a/pkg/cfn/manager/fakes/fake_stack_manager.go b/pkg/cfn/manager/fakes/fake_stack_manager.go
diff --git a/pkg/cfn/manager/interface.go b/pkg/cfn/manager/interface.go
@@ -89,7 +89,7 @@ type StackManager interface {
 	NewTasksToDeleteClusterWithNodeGroups(ctx context.Context, clusterStack *Stack, nodeGroupStacks []NodeGroupStack, clusterOperable bool, newOIDCManager NewOIDCManager, newTasksToDeleteAddonIAM NewTasksToDeleteAddonIAM, newTasksToDeletePodIdentityRole NewTasksToDeletePodIdentityRole, cluster *ekstypes.Cluster, clientSetGetter kubernetes.ClientSetGetter, wait, force bool, cleanup func(chan error, string) error) (*tasks.TaskTree, error)
 	NewTasksToCreateIAMServiceAccounts(serviceAccounts []*api.ClusterIAMServiceAccount, oidc *iamoidc.OpenIDConnectManager, clientSetGetter kubernetes.ClientSetGetter) *tasks.TaskTree
 	NewTaskToDeleteUnownedNodeGroup(ctx context.Context, clusterName, nodegroup string, nodeGroupDeleter NodeGroupDeleter, waitCondition *DeleteWaitCondition) tasks.Task
-	NewTasksToCreateCluster(ctx context.Context, nodeGroups []*api.NodeGroup, managedNodeGroups []*api.ManagedNodeGroup, accessEntries []api.AccessEntry, accessEntryCreator accessentry.CreatorInterface, postClusterCreationTasks ...tasks.Task) *tasks.TaskTree
+	NewTasksToCreateCluster(ctx context.Context, nodeGroups []*api.NodeGroup, managedNodeGroups []*api.ManagedNodeGroup, accessConfig *api.AccessConfig, accessEntryCreator accessentry.CreatorInterface, postClusterCreationTasks ...tasks.Task) *tasks.TaskTree
 	NewTasksToDeleteIAMServiceAccounts(ctx context.Context, serviceAccounts []string, clientSetGetter kubernetes.ClientSetGetter, wait bool) (*tasks.TaskTree, error)
 	NewTasksToDeleteNodeGroups(stacks []NodeGroupStack, shouldDelete func(_ string) bool, wait bool, cleanup func(chan error, string) error) (*tasks.TaskTree, error)
 	NewTasksToDeleteOIDCProviderWithIAMServiceAccounts(ctx context.Context, newOIDCManager NewOIDCManager, cluster *ekstypes.Cluster, clientSetGetter kubernetes.ClientSetGetter, force bool) (*tasks.TaskTree, error)
diff --git a/pkg/cfn/manager/tasks_test.go b/pkg/cfn/manager/tasks_test.go
@@ -75,6 +75,7 @@ var _ = Describe("StackCollection Tasks", func() {
 
 		It("should have nice description", func() {
 			fakeVPCImporter := new(vpcfakes.FakeImporter)
+			accessConfig := &api.AccessConfig{}
 			// TODO use DescribeTable
 
 			// The supportsManagedNodes argument has no effect on the Describe call, so the values are alternated
@@ -99,7 +100,7 @@ var _ = Describe("StackCollection Tasks", func() {
 				Expect(tasks.Describe()).To(Equal(`no tasks`))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), nil, nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), nil, accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", 
     2 parallel sub-tasks: { 
@@ -110,18 +111,18 @@ var _ = Describe("StackCollection Tasks", func() {
 `))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", create nodegroup "bar" 
 }
 `))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), nil, nil, nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), nil, nil, accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`1 task: { create cluster control plane "test-cluster" }`))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", 
     2 parallel sub-tasks: { 
@@ -138,7 +139,7 @@ var _ = Describe("StackCollection Tasks", func() {
 `))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroupsWithPropagatedTags("m1", "m2"), nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroupsWithPropagatedTags("m1", "m2"), accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", 
     2 parallel sub-tasks: { 
@@ -161,7 +162,7 @@ var _ = Describe("StackCollection Tasks", func() {
 `))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("foo"), makeManagedNodeGroups("m1"), nil, nil)
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("foo"), makeManagedNodeGroups("m1"), accessConfig, nil)
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", 
     2 parallel sub-tasks: { 
@@ -172,7 +173,7 @@ var _ = Describe("StackCollection Tasks", func() {
 `))
 			}
 			{
-				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, nil, nil, &task{id: 1})
+				tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, accessConfig, nil, &task{id: 1})
 				Expect(tasks.Describe()).To(Equal(`
 2 sequential tasks: { create cluster control plane "test-cluster", 
     2 sequential sub-tasks: { 
diff --git a/pkg/ctl/create/cluster.go b/pkg/ctl/create/cluster.go
@@ -360,7 +360,7 @@ func doCreateCluster(cmd *cmdutils.Cmd, ngFilter *filter.NodeGroupFilter, params
 		postClusterCreationTasks.Append(preNodegroupAddons)
 	}
 
-	taskTree := stackManager.NewTasksToCreateCluster(ctx, cfg.NodeGroups, cfg.ManagedNodeGroups, cfg.AccessConfig.AccessEntries, makeAccessEntryCreator(cfg.Metadata.Name, stackManager), postClusterCreationTasks)
+	taskTree := stackManager.NewTasksToCreateCluster(ctx, cfg.NodeGroups, cfg.ManagedNodeGroups, cfg.AccessConfig, makeAccessEntryCreator(cfg.Metadata.Name, stackManager), postClusterCreationTasks)
 
 	logger.Info(taskTree.Describe())
 	if errs := taskTree.DoAllSync(); len(errs) > 0 {

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,7 @@ var _ = Describe("StackCollection Tasks", func() {`
`75`	`75`
`76`	`76`	`It("should have nice description", func() {`
`77`	`77`	`fakeVPCImporter := new(vpcfakes.FakeImporter)`
	`78`	`+ accessConfig := &api.AccessConfig{}`
`78`	`79`	`// TODO use DescribeTable`
`79`	`80`
`80`	`81`	`// The supportsManagedNodes argument has no effect on the Describe call, so the values are alternated`
`@@ -99,7 +100,7 @@ var _ = Describe("StackCollection Tasks", func() {`
`99`	`100`	Expect(tasks.Describe()).To(Equal(`no tasks`))
`100`	`101`	`}`
`101`	`102`	`{`
`102`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), nil, nil, nil)`
	`103`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), nil, accessConfig, nil)`
`103`	`104`	Expect(tasks.Describe()).To(Equal(`
`104`	`105`	`2 sequential tasks: { create cluster control plane "test-cluster",`
`105`	`106`	`2 parallel sub-tasks: {`
`@@ -110,18 +111,18 @@ var _ = Describe("StackCollection Tasks", func() {`
`110`	`111`	`))
`111`	`112`	`}`
`112`	`113`	`{`
`113`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, nil, nil)`
	`114`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, accessConfig, nil)`
`114`	`115`	Expect(tasks.Describe()).To(Equal(`
`115`	`116`	`2 sequential tasks: { create cluster control plane "test-cluster", create nodegroup "bar"`
`116`	`117`	`}`
`117`	`118`	`))
`118`	`119`	`}`
`119`	`120`	`{`
`120`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), nil, nil, nil, nil)`
	`121`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), nil, nil, accessConfig, nil)`
`121`	`122`	Expect(tasks.Describe()).To(Equal(`1 task: { create cluster control plane "test-cluster" }`))
`122`	`123`	`}`
`123`	`124`	`{`
`124`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), nil, nil)`
	`125`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroups("m1", "m2"), accessConfig, nil)`
`125`	`126`	Expect(tasks.Describe()).To(Equal(`
`126`	`127`	`2 sequential tasks: { create cluster control plane "test-cluster",`
`127`	`128`	`2 parallel sub-tasks: {`
`@@ -138,7 +139,7 @@ var _ = Describe("StackCollection Tasks", func() {`
`138`	`139`	`))
`139`	`140`	`}`
`140`	`141`	`{`
`141`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroupsWithPropagatedTags("m1", "m2"), nil, nil)`
	`142`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar", "foo"), makeManagedNodeGroupsWithPropagatedTags("m1", "m2"), accessConfig, nil)`
`142`	`143`	Expect(tasks.Describe()).To(Equal(`
`143`	`144`	`2 sequential tasks: { create cluster control plane "test-cluster",`
`144`	`145`	`2 parallel sub-tasks: {`
`@@ -161,7 +162,7 @@ var _ = Describe("StackCollection Tasks", func() {`
`161`	`162`	`))
`162`	`163`	`}`
`163`	`164`	`{`
`164`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("foo"), makeManagedNodeGroups("m1"), nil, nil)`
	`165`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("foo"), makeManagedNodeGroups("m1"), accessConfig, nil)`
`165`	`166`	Expect(tasks.Describe()).To(Equal(`
`166`	`167`	`2 sequential tasks: { create cluster control plane "test-cluster",`
`167`	`168`	`2 parallel sub-tasks: {`
`@@ -172,7 +173,7 @@ var _ = Describe("StackCollection Tasks", func() {`
`172`	`173`	`))
`173`	`174`	`}`
`174`	`175`	`{`
`175`		`- tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, nil, nil, &task{id: 1})`
	`176`	`+ tasks := stackManager.NewTasksToCreateCluster(context.Background(), makeNodeGroups("bar"), nil, accessConfig, nil, &task{id: 1})`
`176`	`177`	Expect(tasks.Describe()).To(Equal(`
`177`	`178`	`2 sequential tasks: { create cluster control plane "test-cluster",`
`178`	`179`	`2 sequential sub-tasks: {`
Original file line number	Diff line number	Diff line change
`@@ -360,7 +360,7 @@ func doCreateCluster(cmd cmdutils.Cmd, ngFilter filter.NodeGroupFilter, params`
`360`	`360`	`postClusterCreationTasks.Append(preNodegroupAddons)`
`361`	`361`	`}`
`362`	`362`
`363`		`- taskTree := stackManager.NewTasksToCreateCluster(ctx, cfg.NodeGroups, cfg.ManagedNodeGroups, cfg.AccessConfig.AccessEntries, makeAccessEntryCreator(cfg.Metadata.Name, stackManager), postClusterCreationTasks)`
	`363`	`+ taskTree := stackManager.NewTasksToCreateCluster(ctx, cfg.NodeGroups, cfg.ManagedNodeGroups, cfg.AccessConfig, makeAccessEntryCreator(cfg.Metadata.Name, stackManager), postClusterCreationTasks)`
`364`	`364`
`365`	`365`	`logger.Info(taskTree.Describe())`
`366`	`366`	`if errs := taskTree.DoAllSync(); len(errs) > 0 {`