Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Adding aws cluster-arn validation to klusterlet CRD #347

Merged
merged 1 commit into from
Nov 26, 2024
Merged

✨ Adding aws cluster-arn validation to klusterlet CRD #347

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions crdsv1beta1/0001_00_operator.open-cluster-management.io_klusterlets.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,10 +204,12 @@ spec:
description: 'The arn of the hub cluster (ie: an EKS cluster). This will be required to pass information to hub, which hub will use to create IAM identities for this klusterlet. Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.'
type: string
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
managedClusterArn:
description: 'The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup. Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.'
type: string
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
registrationImagePullSpec:
description: RegistrationImagePullSpec represents the desired image configuration of registration agent. quay.io/open-cluster-management.io/registration:latest will be used if unspecified.
type: string
Expand Down
2 changes: 2 additions & 0 deletions operator/v1/0000_00_operator.open-cluster-management.io_klusterlets.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,13 +312,15 @@ spec:
The arn of the hub cluster (ie: an EKS cluster). This will be required to pass information to hub, which hub will use to create IAM identities for this klusterlet.
Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
type: string
managedClusterArn:
description: |-
The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub
as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup.
Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.
minLength: 1
pattern: ^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$
type: string
type: object
type: object
Expand Down
2 changes: 2 additions & 0 deletions operator/v1/types_klusterlet.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,12 +195,14 @@ type AwsIrsa struct {
// Example - arn:eks:us-west-2:12345678910:cluster/hub-cluster1.
// +required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$`
HubClusterArn string `json:"hubClusterArn"`
// The arn of the managed cluster (ie: an EKS cluster). This will be required to generate the md5hash which will be used as a suffix to create IAM role on hub
// as well as used by kluslerlet-agent, to assume role suffixed with the md5hash, on startup.
// Example - arn:eks:us-west-2:12345678910:cluster/managed-cluster1.
// +required
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:Pattern=`^arn:aws:eks:([a-zA-Z0-9-]+):(\d{12}):cluster/([a-zA-Z0-9-]+)$`
ManagedClusterArn string `json:"managedClusterArn"`
}

Expand Down
32 changes: 32 additions & 0 deletions test/integration/api/klusterlet_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,38 @@ var _ = Describe("Create Klusterlet API", func() {
Expect(err).NotTo(BeNil())
})
})

Context("Create with aws auth and invalid arn", func() {
It("should reject the klusterlet creation", func() {
klusterlet.Spec.RegistrationConfiguration = &operatorv1.RegistrationConfiguration{
RegistrationDriver: operatorv1.RegistrationDriver{
AuthType: "awsirsa",
AwsIrsa: &operatorv1.AwsIrsa{
ManagedClusterArn: "arn:aws:bks:us-west-2:123456789012:cluster/managed-cluster1",
HubClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1",
},
},
}
_, err := operatorClient.OperatorV1().Klusterlets().Create(context.TODO(), klusterlet, metav1.CreateOptions{})
Expect(err).NotTo(BeNil())
})
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for adding the test. Would you also add a valid arn to ensure the correct format can pass the validation.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added


Context("Create with aws auth and valid arn", func() {
It("should create successfully", func() {
klusterlet.Spec.RegistrationConfiguration = &operatorv1.RegistrationConfiguration{
RegistrationDriver: operatorv1.RegistrationDriver{
AuthType: "awsirsa",
AwsIrsa: &operatorv1.AwsIrsa{
ManagedClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/managed-cluster1",
HubClusterArn: "arn:aws:eks:us-west-2:123456789012:cluster/hub-cluster1",
},
},
}
_, err := operatorClient.OperatorV1().Klusterlets().Create(context.TODO(), klusterlet, metav1.CreateOptions{})
Expect(err).To(BeNil())
})
})
})

var _ = Describe("valid HubApiServerHostAlias", func() {
Expand Down
Loading