-
Notifications
You must be signed in to change notification settings - Fork 1.4k
/
iamserviceaccount.go
109 lines (82 loc) · 3.22 KB
/
iamserviceaccount.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package update
import (
"errors"
"github.com/weaveworks/eksctl/pkg/actions/irsa"
"github.com/kris-nova/logger"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
"github.com/weaveworks/eksctl/pkg/ctl/cmdutils"
"github.com/weaveworks/eksctl/pkg/ctl/cmdutils/filter"
"github.com/weaveworks/eksctl/pkg/printers"
)
func updateIAMServiceAccountCmd(cmd *cmdutils.Cmd) {
updateIAMServiceAccountCmdWithRunFunc(cmd, func(cmd *cmdutils.Cmd) error {
return doUpdateIAMServiceAccount(cmd)
})
}
func updateIAMServiceAccountCmdWithRunFunc(cmd *cmdutils.Cmd, runFunc func(cmd *cmdutils.Cmd) error) {
cfg := api.NewClusterConfig()
cmd.ClusterConfig = cfg
serviceAccount := &api.ClusterIAMServiceAccount{}
cfg.IAM.WithOIDC = api.Enabled()
cfg.IAM.ServiceAccounts = append(cfg.IAM.ServiceAccounts, serviceAccount)
cmd.SetDescription("iamserviceaccount", "Update an iamserviceaccount", "")
cmd.CobraCommand.RunE = func(_ *cobra.Command, args []string) error {
cmd.NameArg = cmdutils.GetNameArg(args)
return runFunc(cmd)
}
cmd.FlagSetGroup.InFlagSet("General", func(fs *pflag.FlagSet) {
fs.StringVar(&cfg.Metadata.Name, "cluster", "", "name of the EKS cluster")
fs.StringVar(&serviceAccount.Name, "name", "", "name of the iamserviceaccount to update")
fs.StringVar(&serviceAccount.Namespace, "namespace", "default", "namespace where to update the iamserviceaccount")
fs.StringSliceVar(&serviceAccount.AttachPolicyARNs, "attach-policy-arn", []string{}, "ARN of the policy where to update the iamserviceaccount")
cmdutils.AddIAMServiceAccountFilterFlags(fs, &cmd.Include, &cmd.Exclude)
cmdutils.AddApproveFlag(fs, cmd)
cmdutils.AddRegionFlag(fs, &cmd.ProviderConfig)
cmdutils.AddConfigFileFlag(fs, &cmd.ClusterConfigFile)
cmdutils.AddTimeoutFlag(fs, &cmd.ProviderConfig.WaitTimeout)
})
cmdutils.AddCommonFlagsForAWS(cmd.FlagSetGroup, &cmd.ProviderConfig, true)
}
func doUpdateIAMServiceAccount(cmd *cmdutils.Cmd) error {
saFilter := filter.NewIAMServiceAccountFilter()
if err := cmdutils.NewCreateIAMServiceAccountLoader(cmd, saFilter).Load(); err != nil {
return err
}
cfg := cmd.ClusterConfig
meta := cmd.ClusterConfig.Metadata
printer := printers.NewJSONPrinter()
ctl, err := cmd.NewCtl()
if err != nil {
return err
}
cmdutils.LogRegionAndVersionInfo(meta)
if err := ctl.CheckAuth(); err != nil {
return err
}
if ok, err := ctl.CanOperate(cfg); !ok {
return err
}
clientSet, err := ctl.NewStdClientSet(cfg)
if err != nil {
return err
}
oidc, err := ctl.NewOpenIDConnectManager(cfg)
if err != nil {
return err
}
providerExists, err := oidc.CheckProviderExists()
if err != nil {
return err
}
if !providerExists {
logger.Warning("no IAM OIDC provider associated with cluster, try 'eksctl utils associate-iam-oidc-provider --region=%s --cluster=%s'", meta.Region, meta.Name)
return errors.New("unable to update iamserviceaccount(s) without IAM OIDC provider enabled")
}
stackManager := ctl.NewStackManager(cfg)
if err := printer.LogObj(logger.Debug, "cfg.json = \\\n%s\n", cfg); err != nil {
return err
}
return irsa.New(cfg.Metadata.Name, stackManager, oidc, clientSet).UpdateIAMServiceAccounts(cfg.IAM.ServiceAccounts, cmd.Plan)
}