refactor get iamserviceaccounts

pkg/actions/iam/get.go

@@ -0,0 +1,43 @@
+package iam
+
+import (
+	"github.com/pkg/errors"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+)
+
+func (m *Manager) Get(namespace, name string) ([]*api.ClusterIAMServiceAccount, error) {
+	remoteServiceAccounts, err := m.stackManager.GetIAMServiceAccounts()
+	if err != nil {
+		return nil, errors.Wrap(err, "getting iamserviceaccounts")
+	}
+
+	if namespace != "" {
+		remoteServiceAccounts = filterByNamespace(remoteServiceAccounts, namespace)
+	}
+
+	if name != "" {
+		remoteServiceAccounts = filterByName(remoteServiceAccounts, name)
+	}
+
+	return remoteServiceAccounts, nil
+}
+
+func filterByNamespace(serviceAccounts []*api.ClusterIAMServiceAccount, namespace string) []*api.ClusterIAMServiceAccount {
+	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
+	for _, sa := range serviceAccounts {
+		if sa.Namespace == namespace {
+			serviceAccountsMatching = append(serviceAccountsMatching, sa)
+		}
+	}
+	return serviceAccountsMatching
+}
+
+func filterByName(serviceAccounts []*api.ClusterIAMServiceAccount, name string) []*api.ClusterIAMServiceAccount {
+	var serviceAccountsMatching []*api.ClusterIAMServiceAccount
+	for _, sa := range serviceAccounts {
+		if sa.Name == name {
+			serviceAccountsMatching = append(serviceAccountsMatching, sa)
+		}
+	}
+	return serviceAccountsMatching
+}

pkg/actions/iam/get_test.go

@@ -0,0 +1,172 @@
+package iam_test
+
+import (
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"github.com/weaveworks/eksctl/pkg/eks"
+
+	"github.com/weaveworks/eksctl/pkg/actions/iam"
+	"github.com/weaveworks/eksctl/pkg/actions/iam/fakes"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+)
+
+var _ = Describe("Get", func() {
+
+	var (
+		iamManager       *iam.Manager
+		fakeStackManager *fakes.FakeStackManager
+	)
+
+	BeforeEach(func() {
+		fakeStackManager = new(fakes.FakeStackManager)
+
+		iamManager = iam.New("my-cluster", &eks.ClusterProvider{}, fakeStackManager, nil, nil)
+	})
+
+	When("no options are specified", func() {
+		It("returns all service accounts", func() {
+			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa-2",
+						Namespace: "not-default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}, nil)
+
+			serviceAccounts, err := iamManager.Get("", "")
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
+			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa-2",
+						Namespace: "not-default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}))
+		})
+	})
+
+	When("name option is specified", func() {
+		It("returns only the service account matching the name", func() {
+			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa-2",
+						Namespace: "not-default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}, nil)
+
+			serviceAccounts, err := iamManager.Get("", "test-sa")
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
+			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}))
+		})
+	})
+
+	When("namespace option is specified", func() {
+		It("returns only the service account matching the name", func() {
+			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa-2",
+						Namespace: "not-default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}, nil)
+
+			serviceAccounts, err := iamManager.Get("not-default", "")
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
+			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa-2",
+						Namespace: "not-default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}))
+		})
+	})
+
+	When("name and namespace option is specified", func() {
+		It("returns only the service account matching the name", func() {
+			fakeStackManager.GetIAMServiceAccountsReturns([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "some-other-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}, nil)
+
+			serviceAccounts, err := iamManager.Get("default", "test-sa")
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(fakeStackManager.GetIAMServiceAccountsCallCount()).To(Equal(1))
+			Expect(serviceAccounts).To(Equal([]*api.ClusterIAMServiceAccount{
+				{
+					ClusterIAMMeta: api.ClusterIAMMeta{
+						Name:      "test-sa",
+						Namespace: "default",
+					},
+					AttachPolicyARNs: []string{"arn-123"},
+				},
+			}))
+		})
+	})
+})

pkg/actions/iam/iam.go

@@ -26,6 +26,7 @@ type StackManager interface {
 	ListStacksMatching(nameRegex string, statusFilters ...string) ([]*manager.Stack, error)
 	UpdateStack(stackName, changeSetName, description string, templateData manager.TemplateData, parameters map[string]string) error
 	NewTasksToCreateIAMServiceAccounts(serviceAccounts []*api.ClusterIAMServiceAccount, oidc *iamoidc.OpenIDConnectManager, clientSetGetter kubernetes.ClientSetGetter, replaceExistingRole bool) *tasks.TaskTree
+	GetIAMServiceAccounts() ([]*api.ClusterIAMServiceAccount, error)
 }
 
 func New(clusterName string, clusterProvider *eks.ClusterProvider, stackManager StackManager, oidcManager *iamoidc.OpenIDConnectManager, clientSet kubeclient.Interface) *Manager {

pkg/ctl/cmdutils/configfile.go

@@ -608,7 +608,7 @@ func NewCreateIAMServiceAccountLoader(cmd *Cmd, saFilter *filter.IAMServiceAccou
 }
 
 // NewGetIAMServiceAccountLoader will load config or use flags for 'eksctl get iamserviceaccount'
-func NewGetIAMServiceAccountLoader(cmd *Cmd, sa *api.ClusterIAMServiceAccount) ClusterConfigLoader {
+func NewGetIAMServiceAccountLoader(cmd *Cmd) ClusterConfigLoader {
 	l := newCommonClusterConfigLoader(cmd)
 
 	l.validateWithConfigFile = func() error {
@@ -619,20 +619,10 @@ func NewGetIAMServiceAccountLoader(cmd *Cmd, sa *api.ClusterIAMServiceAccount) C
 	}
 
 	l.validateWithoutConfigFile = func() error {
-		sa.AttachPolicyARNs = []string{""} // force to pass general validation
-
 		if l.ClusterConfig.Metadata.Name == "" {
 			return ErrMustBeSet(ClusterNameFlag(cmd))
 		}
 
-		if l.NameArg != "" {
-			sa.Name = l.NameArg
-		}
-
-		if sa.Name == "" {
-			l.ClusterConfig.IAM.ServiceAccounts = nil
-		}
-
 		l.Plan = false
 
 		return nil