sigs.k8s.io/cluster-api-provider-aws@v1.5.5/pkg/eks/identityprovider/procedures.go (about) 1 /* 2 Copyright 2021 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package identityprovider 18 19 import ( 20 "context" 21 22 "github.com/aws/aws-sdk-go/aws" 23 "github.com/aws/aws-sdk-go/service/eks" 24 "github.com/pkg/errors" 25 26 "sigs.k8s.io/cluster-api-provider-aws/pkg/cloud/services/wait" 27 ) 28 29 var oidcType = aws.String("oidc") 30 31 type WaitIdentityProviderAssociatedProcedure struct { 32 plan *plan 33 } 34 35 func (w *WaitIdentityProviderAssociatedProcedure) Name() string { 36 return "wait_identity_provider_association" 37 } 38 39 func (w *WaitIdentityProviderAssociatedProcedure) Do(ctx context.Context) error { 40 if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) { 41 out, err := w.plan.eksClient.DescribeIdentityProviderConfigWithContext(ctx, &eks.DescribeIdentityProviderConfigInput{ 42 ClusterName: aws.String(w.plan.clusterName), 43 IdentityProviderConfig: &eks.IdentityProviderConfig{ 44 Name: aws.String(w.plan.currentIdentityProvider.IdentityProviderConfigName), 45 Type: oidcType, 46 }, 47 }) 48 49 if err != nil { 50 return false, err 51 } 52 53 if aws.StringValue(out.IdentityProviderConfig.Oidc.Status) == eks.ConfigStatusActive { 54 return true, nil 55 } 56 57 return false, nil 58 }); err != nil { 59 return errors.Wrap(err, "failed waiting for identity provider association to be ready") 60 } 61 62 return nil 63 } 64 65 type DisassociateIdentityProviderConfig struct { 66 plan *plan 67 } 68 69 func (d *DisassociateIdentityProviderConfig) Name() string { 70 return "dissociate_identity_provider" 71 } 72 73 func (d *DisassociateIdentityProviderConfig) Do(ctx context.Context) error { 74 if err := wait.WaitForWithRetryable(wait.NewBackoff(), func() (bool, error) { 75 _, err := d.plan.eksClient.DisassociateIdentityProviderConfigWithContext(ctx, &eks.DisassociateIdentityProviderConfigInput{ 76 ClusterName: aws.String(d.plan.clusterName), 77 IdentityProviderConfig: &eks.IdentityProviderConfig{ 78 Name: aws.String(d.plan.currentIdentityProvider.IdentityProviderConfigName), 79 Type: oidcType, 80 }, 81 }) 82 83 if err != nil { 84 return false, err 85 } 86 87 return true, nil 88 }); err != nil { 89 return errors.Wrap(err, "failing disassociating identity provider config") 90 } 91 92 return nil 93 } 94 95 type AssociateIdentityProviderProcedure struct { 96 plan *plan 97 } 98 99 func (a *AssociateIdentityProviderProcedure) Name() string { 100 return "associate_identity_provider" 101 } 102 103 func (a *AssociateIdentityProviderProcedure) Do(ctx context.Context) error { 104 oidc := a.plan.desiredIdentityProvider 105 input := &eks.AssociateIdentityProviderConfigInput{ 106 ClusterName: aws.String(a.plan.clusterName), 107 Oidc: &eks.OidcIdentityProviderConfigRequest{ 108 ClientId: aws.String(oidc.ClientID), 109 GroupsClaim: oidc.GroupsClaim, 110 GroupsPrefix: oidc.GroupsPrefix, 111 IdentityProviderConfigName: aws.String(oidc.IdentityProviderConfigName), 112 IssuerUrl: aws.String(oidc.IssuerURL), 113 RequiredClaims: oidc.RequiredClaims, 114 UsernameClaim: oidc.UsernameClaim, 115 UsernamePrefix: oidc.UsernamePrefix, 116 }, 117 } 118 119 if len(oidc.Tags) > 0 { 120 input.Tags = aws.StringMap(oidc.Tags) 121 } 122 123 _, err := a.plan.eksClient.AssociateIdentityProviderConfigWithContext(ctx, input) 124 if err != nil { 125 return errors.Wrap(err, "failed associating identity provider") 126 } 127 128 return nil 129 } 130 131 type UpdatedIdentityProviderTagsProcedure struct { 132 plan *plan 133 } 134 135 func (u *UpdatedIdentityProviderTagsProcedure) Name() string { 136 return "update_identity_provider_tags" 137 } 138 139 func (u *UpdatedIdentityProviderTagsProcedure) Do(ctx context.Context) error { 140 arn := u.plan.currentIdentityProvider.IdentityProviderConfigArn 141 _, err := u.plan.eksClient.TagResource(&eks.TagResourceInput{ 142 ResourceArn: arn, 143 Tags: aws.StringMap(u.plan.desiredIdentityProvider.Tags), 144 }) 145 146 if err != nil { 147 return errors.Wrap(err, "updating identity provider tags") 148 } 149 150 return nil 151 } 152 153 type RemoveIdentityProviderTagsProcedure struct { 154 plan *plan 155 } 156 157 func (r *RemoveIdentityProviderTagsProcedure) Name() string { 158 return "remove_identity_provider_tags" 159 } 160 161 func (r *RemoveIdentityProviderTagsProcedure) Do(ctx context.Context) error { 162 keys := make([]*string, 0, len(r.plan.currentIdentityProvider.Tags)) 163 164 for key := range r.plan.currentIdentityProvider.Tags { 165 keys = append(keys, aws.String(key)) 166 } 167 _, err := r.plan.eksClient.UntagResource(&eks.UntagResourceInput{ 168 ResourceArn: r.plan.currentIdentityProvider.IdentityProviderConfigArn, 169 TagKeys: keys, 170 }) 171 172 if err != nil { 173 return errors.Wrap(err, "untagging identity provider") 174 } 175 return nil 176 }