refactor delete iamserviceaccounts

eksctl-io · Jan 22, 2021 · a504080 · a504080
1 parent 474e468
commit a504080
Show file tree

Hide file tree

Showing 5 changed files with 208 additions and 21 deletions.
diff --git a/pkg/actions/iam/delete.go b/pkg/actions/iam/delete.go
@@ -0,0 +1,29 @@
+package iam
+
+import (
+	"fmt"
+
+	"github.com/kris-nova/logger"
+	"github.com/weaveworks/eksctl/pkg/ctl/cmdutils"
+	"github.com/weaveworks/eksctl/pkg/kubernetes"
+)
+
+func (m *Manager) Delete(serviceAccounts []string, plan, wait bool) error {
+	tasks, err := m.stackManager.NewTasksToDeleteIAMServiceAccounts(serviceAccounts, kubernetes.NewCachedClientSet(m.clientSet), wait)
+	if err != nil {
+		return err
+	}
+	tasks.PlanMode = plan
+
+	logger.Info(tasks.Describe())
+	if errs := tasks.DoAllSync(); len(errs) > 0 {
+		logger.Info("%d error(s) occurred and IAM Role stacks haven't been deleted properly, you may wish to check CloudFormation console", len(errs))
+		for _, err := range errs {
+			logger.Critical("%s\n", err.Error())
+		}
+		return fmt.Errorf("failed to delete iamserviceaccount(s)")
+	}
+
+	cmdutils.LogPlanModeWarning(plan && len(serviceAccounts) > 0)
+	return nil
+}
diff --git a/pkg/actions/iam/delete_test.go b/pkg/actions/iam/delete_test.go
@@ -0,0 +1,90 @@
+package iam_test
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/cloudformation"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	"github.com/weaveworks/eksctl/pkg/cfn/manager"
+	"github.com/weaveworks/eksctl/pkg/eks"
+
+	"github.com/weaveworks/eksctl/pkg/actions/iam"
+	"github.com/weaveworks/eksctl/pkg/actions/iam/fakes"
+	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
+	iamoidc "github.com/weaveworks/eksctl/pkg/iam/oidc"
+	"github.com/weaveworks/eksctl/pkg/testutils/mockprovider"
+)
+
+var _ = Describe("Delete", func() {
+
+	var (
+		iamManager       *iam.Manager
+		oidc             *iamoidc.OpenIDConnectManager
+		fakeStackManager *fakes.FakeStackManager
+		mockProvider     *mockprovider.MockProvider
+		serviceAccount   []*api.ClusterIAMServiceAccount
+	)
+
+	BeforeEach(func() {
+		serviceAccount = []*api.ClusterIAMServiceAccount{
+			{
+				ClusterIAMMeta: api.ClusterIAMMeta{
+					Name:      "test-sa",
+					Namespace: "default",
+				},
+				AttachPolicyARNs: []string{"arn-123"},
+			},
+		}
+		var err error
+
+		fakeStackManager = new(fakes.FakeStackManager)
+		mockProvider = mockprovider.NewMockProvider()
+
+		oidc, err = iamoidc.NewOpenIDConnectManager(nil, "456123987123", "https://oidc.eks.us-west-2.amazonaws.com/id/A39A2842863C47208955D753DE205E6E", "aws")
+		Expect(err).ToNot(HaveOccurred())
+		oidc.ProviderARN = "arn:aws:iam::456123987123:oidc-provider/oidc.eks.us-west-2.amazonaws.com/id/A39A2842863C47208955D753DE205E6E"
+		iamManager = iam.New("my-cluster", &eks.ClusterProvider{Provider: mockProvider}, fakeStackManager, oidc, nil)
+	})
+
+	When("the IAMServiceAccount exists", func() {
+		It("deletes it", func() {
+			fakeStackManager.ListStacksMatchingReturns([]*cloudformation.Stack{
+				{
+					StackName: aws.String("eksctl-my-cluster-addon-iamserviceaccount-default-test-sa"),
+				},
+			}, nil)
+
+			err := iamManager.Delete(serviceAccount, false)
+			Expect(err).NotTo(HaveOccurred())
+
+			Expect(fakeStackManager.ListStacksMatchingCallCount()).To(Equal(1))
+			Expect(fakeStackManager.ListStacksMatchingArgsForCall(0)).To(Equal("eksctl-.*-addon-iamserviceaccount"))
+			Expect(fakeStackManager.UpdateStackCallCount()).To(Equal(1))
+			fakeStackManager.UpdateStackArgsForCall(0)
+			stackName, changeSetName, description, templateData, _ := fakeStackManager.UpdateStackArgsForCall(0)
+			Expect(stackName).To(Equal("eksctl-my-cluster-addon-iamserviceaccount-default-test-sa"))
+			Expect(changeSetName).To(Equal("updating-policy"))
+			Expect(description).To(Equal("updating policies for IAMServiceAccount default/test-sa"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(string(templateData.(manager.TemplateBody))).To(ContainSubstring("arn-123"))
+			Expect(string(templateData.(manager.TemplateBody))).To(ContainSubstring(":sub\":\"system:serviceaccount:default:test-sa"))
+		})
+
+		//When("in plan mode", func() {
+		//	It("does not trigger a delete", func() {
+		//		fakeStackManager.ListStacksMatchingReturns([]*cloudformation.Stack{
+		//			{
+		//				StackName: aws.String("eksctl-my-cluster-addon-iamserviceaccount-default-test-sa"),
+		//			},
+		//		}, nil)
+		//
+		//		err := iamManager.UpdateIAMServiceAccounts(serviceAccount, true)
+		//		Expect(err).NotTo(HaveOccurred())
+		//
+		//		Expect(fakeStackManager.ListStacksMatchingCallCount()).To(Equal(1))
+		//		Expect(fakeStackManager.ListStacksMatchingArgsForCall(0)).To(Equal("eksctl-.*-addon-iamserviceaccount"))
+		//		Expect(fakeStackManager.UpdateStackCallCount()).To(Equal(0))
+		//	})
+		//})
+	})
+})
diff --git a/pkg/actions/iam/fakes/fake_stack_manager.go b/pkg/actions/iam/fakes/fake_stack_manager.go
diff --git a/pkg/actions/iam/iam.go b/pkg/actions/iam/iam.go
@@ -26,6 +26,8 @@ type StackManager interface {
 	ListStacksMatching(nameRegex string, statusFilters ...string) ([]*manager.Stack, error)
 	UpdateStack(stackName, changeSetName, description string, templateData manager.TemplateData, parameters map[string]string) error
 	NewTasksToCreateIAMServiceAccounts(serviceAccounts []*api.ClusterIAMServiceAccount, oidc *iamoidc.OpenIDConnectManager, clientSetGetter kubernetes.ClientSetGetter, replaceExistingRole bool) *tasks.TaskTree
+	NewTasksToDeleteIAMServiceAccounts(serviceAccountsToDelete []string, clientSetGetter kubernetes.ClientSetGetter, wait bool) (*tasks.TaskTree, error)
+
 	GetIAMServiceAccounts() ([]*api.ClusterIAMServiceAccount, error)
 }
 

diff --git a/pkg/ctl/delete/iamserviceaccount.go b/pkg/ctl/delete/iamserviceaccount.go
@@ -7,10 +7,10 @@ import (
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 
+	"github.com/weaveworks/eksctl/pkg/actions/iam"
 	api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5"
 	"github.com/weaveworks/eksctl/pkg/ctl/cmdutils"
 	"github.com/weaveworks/eksctl/pkg/ctl/cmdutils/filter"
-	"github.com/weaveworks/eksctl/pkg/kubernetes"
 	"github.com/weaveworks/eksctl/pkg/printers"
 )
 
@@ -45,7 +45,7 @@ func deleteIAMServiceAccountCmdWithRunFunc(cmd *cmdutils.Cmd, runFunc func(cmd *
 		fs.StringVar(&serviceAccount.Namespace, "namespace", "default", "namespace where to delete the iamserviceaccount")
 
 		cmdutils.AddIAMServiceAccountFilterFlags(fs, &cmd.Include, &cmd.Exclude)
-		fs.BoolVar(&onlyMissing, "only-missing", false, "Only delete nodegroups that are not defined in the given config file")
+		fs.BoolVar(&onlyMissing, "only-missing", false, "Only delete iamserviceaccounts that are not defined in the given config file")
 		cmdutils.AddApproveFlag(fs, cmd)
 		cmdutils.AddRegionFlag(fs, &cmd.ProviderConfig)
 		cmdutils.AddConfigFileFlag(fs, &cmd.ClusterConfigFile)
@@ -116,26 +116,9 @@ func doDeleteIAMServiceAccount(cmd *cmdutils.Cmd, serviceAccount *api.ClusterIAM
 
 	saSubset, _ := saFilter.MatchAll(cfg.IAM.ServiceAccounts)
 
-	tasks, err := stackManager.NewTasksToDeleteIAMServiceAccounts(saSubset.Has, kubernetes.NewCachedClientSet(clientSet), cmd.Wait)
-	if err != nil {
-		return err
-	}
-	tasks.PlanMode = cmd.Plan
+	iamServiceAccountManager := iam.New(cfg.Metadata.Name, ctl, stackManager, oidc, clientSet)
 
 	if err := printer.LogObj(logger.Debug, "cfg.json = \\\n%s\n", cfg); err != nil {
-		return err
 	}
-
-	logger.Info(tasks.Describe())
-	if errs := tasks.DoAllSync(); len(errs) > 0 {
-		logger.Info("%d error(s) occurred and IAM Role stacks haven't been deleted properly, you may wish to check CloudFormation console", len(errs))
-		for _, err := range errs {
-			logger.Critical("%s\n", err.Error())
-		}
-		return fmt.Errorf("failed to delete iamserviceaccount(s)")
-	}
-
-	cmdutils.LogPlanModeWarning(cmd.Plan && saSubset.Len() > 0)
-
-	return nil
+	return iamServiceAccountManager.Delete(saSubset.List(), cmd.Plan, cmd.Wait)
 }