Refactor iamserviceaccounts (#3135)

eksctl-io · Feb 1, 2021 · 1645925 · 1645925
1 parent 6ed4a99
commit 1645925
Show file tree

Hide file tree

Showing 22 changed files with 517 additions and 206 deletions.
diff --git a/pkg/actions/iam/create.go → pkg/actions/irsa/create.go b/pkg/actions/iam/create.go → pkg/actions/irsa/create.go
@@ -1,18 +1,17 @@
-package iam
+package irsa
 
 import (
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
-	"github.com/weaveworks/eksctl/pkg/ctl/cmdutils"
 	"github.com/weaveworks/eksctl/pkg/kubernetes"
 )
 
 func (a *Manager) CreateIAMServiceAccount(iamServiceAccounts []*api.ClusterIAMServiceAccount, plan bool) error {
-	taskTree := a.stackManager.NewTasksToCreateIAMServiceAccounts(iamServiceAccounts, a.oidcManager, kubernetes.NewCachedClientSet(a.clientSet), false)
+	taskTree := a.stackManager.NewTasksToCreateIAMServiceAccounts(iamServiceAccounts, a.oidcManager, kubernetes.NewCachedClientSet(a.clientSet))
 	taskTree.PlanMode = plan
 
 	err := doTasks(taskTree)
 
-	cmdutils.LogPlanModeWarning(plan && len(iamServiceAccounts) > 0)
+	logPlanModeWarning(plan && len(iamServiceAccounts) > 0)
 
 	return err
 }
diff --git a/pkg/actions/irsa/delete.go b/pkg/actions/irsa/delete.go
@@ -0,0 +1,28 @@
+package irsa
+
+import (
+	"fmt"
+
+	"github.com/kris-nova/logger"
+	"github.com/weaveworks/eksctl/pkg/kubernetes"
+)
+
+func (m *Manager) Delete(shouldDelete func(string) bool, plan, wait bool) error {
+	taskTree, err := m.stackManager.NewTasksToDeleteIAMServiceAccounts(shouldDelete, kubernetes.NewCachedClientSet(m.clientSet), wait)
+	if err != nil {
+		return err
+	}
+	taskTree.PlanMode = plan
+
+	logger.Info(taskTree.Describe())
+	if errs := taskTree.DoAllSync(); len(errs) > 0 {
+		logger.Info("%d error(s) occurred and IAM Role stacks haven't been deleted properly, you may wish to check CloudFormation console", len(errs))
+		for _, err := range errs {
+			logger.Critical("%s\n", err.Error())
+		}
+		return fmt.Errorf("failed to delete iamserviceaccount(s)")
+	}
+
+	logPlanModeWarning(plan && taskTree.Len() > 0)
+	return nil
+}
diff --git a/pkg/actions/iam/fakes/fake_stack_manager.go → pkg/actions/irsa/fakes/fake_stack_manager.go b/pkg/actions/iam/fakes/fake_stack_manager.go → pkg/actions/irsa/fakes/fake_stack_manager.go
diff --git a/pkg/actions/irsa/get.go b/pkg/actions/irsa/get.go
@@ -0,0 +1,43 @@
+package irsa
+
+import (
+	"github.com/pkg/errors"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+)
+
+func (m *Manager) Get(namespace, name string) ([]*api.ClusterIAMServiceAccount, error) {
+	remoteServiceAccounts, err := m.stackManager.GetIAMServiceAccounts()
+	if err != nil {
+		return nil, errors.Wrap(err, "getting iamserviceaccounts")
+	}
+
+	if namespace != "" {
+		remoteServiceAccounts = filterByNamespace(remoteServiceAccounts, namespace)
+	}
+
+	if name != "" {
+		remoteServiceAccounts = filterByName(remoteServiceAccounts, name)
+	}
+
+	return remoteServiceAccounts, nil
+}
+
+func filterByNamespace(serviceAccounts []*api.ClusterIAMServiceAccount, namespace string) []*api.ClusterIAMServiceAccount {
+	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
+	for _, sa := range serviceAccounts {
+		if sa.Namespace == namespace {
+			serviceAccountsMatching = append(serviceAccountsMatching, sa)
+		}
+	}
+	return serviceAccountsMatching
+}
+
+func filterByName(serviceAccounts []*api.ClusterIAMServiceAccount, name string) []*api.ClusterIAMServiceAccount {
+	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
+	for _, sa := range serviceAccounts {
+		if sa.Name == name {
+			serviceAccountsMatching = append(serviceAccountsMatching, sa)
+		}
+	}
+	return serviceAccountsMatching
+}