Skip to content

Commit

Permalink
Merge pull request #10488 from rifelpet/iam-role-tag
Browse files Browse the repository at this point in the history 
AWS IAM Role Tagging
  • Loading branch information
@k8s-ci-robot
k8s-ci-robot committed Dec 30, 2020
2 parents 99804b1 + 5406744 commit 22a9a13
Show file tree
Hide file tree
Showing 46 changed files with 948 additions and 37 deletions.
1 change: 1 addition & 0 deletions cloudmock/aws/mockiam/iamrole.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func (m *MockIAM) CreateRole(request *iam.CreateRoleInput) (*iam.CreateRoleOutpu
},
RoleName: request.RoleName,
RoleId: &roleID,
Tags: request.Tags,
}

if m.Roles == nil {
Expand Down
1 change: 1 addition & 0 deletions pkg/model/iam.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ func (b *IAMModelBuilder) buildIAMRole(role iam.Subject, iamName string, c *fi.M
Lifecycle: b.Lifecycle,

RolePolicyDocument: rolePolicy,
Tags: b.CloudTags(iamName, false),
}

if isServiceAccount {
Expand Down
15 changes: 15 additions & 0 deletions tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -380,16 +380,31 @@ resource "aws_iam_role_policy" "nodes-bastionuserdata-example-com" {
resource "aws_iam_role" "bastions-bastionuserdata-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_bastions.bastionuserdata.example.com_policy")
name = "bastions.bastionuserdata.example.com"
tags = {
"KubernetesCluster" = "bastionuserdata.example.com"
"Name" = "bastions.bastionuserdata.example.com"
"kubernetes.io/cluster/bastionuserdata.example.com" = "owned"
}
}

resource "aws_iam_role" "masters-bastionuserdata-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.bastionuserdata.example.com_policy")
name = "masters.bastionuserdata.example.com"
tags = {
"KubernetesCluster" = "bastionuserdata.example.com"
"Name" = "masters.bastionuserdata.example.com"
"kubernetes.io/cluster/bastionuserdata.example.com" = "owned"
}
}

resource "aws_iam_role" "nodes-bastionuserdata-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.bastionuserdata.example.com_policy")
name = "nodes.bastionuserdata.example.com"
tags = {
"KubernetesCluster" = "bastionuserdata.example.com"
"Name" = "nodes.bastionuserdata.example.com"
"kubernetes.io/cluster/bastionuserdata.example.com" = "owned"
}
}

resource "aws_internet_gateway" "bastionuserdata-example-com" {
Expand Down
48 changes: 46 additions & 2 deletions tests/integration/update_cluster/complex/cloudformation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1577,7 +1577,29 @@
],
"Version": "2012-10-17"
},
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries"
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "complex.example.com"
},
{
"Key": "Name",
"Value": "masters.complex.example.com"
},
{
"Key": "Owner",
"Value": "John Doe"
},
{
"Key": "foo/bar",
"Value": "fib+baz"
},
{
"Key": "kubernetes.io/cluster/complex.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodescomplexexamplecom": {
Expand All @@ -1596,7 +1618,29 @@
],
"Version": "2012-10-17"
},
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries"
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "complex.example.com"
},
{
"Key": "Name",
"Value": "nodes.complex.example.com"
},
{
"Key": "Owner",
"Value": "John Doe"
},
{
"Key": "foo/bar",
"Value": "fib+baz"
},
{
"Key": "kubernetes.io/cluster/complex.example.com",
"Value": "owned"
}
]
}
},
"AWSRoute53RecordSetapicomplexexamplecom": {
Expand Down
14 changes: 14 additions & 0 deletions tests/integration/update_cluster/complex/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,12 +256,26 @@ resource "aws_iam_role" "masters-complex-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.complex.example.com_policy")
name = "masters.complex.example.com"
permissions_boundary = "arn:aws:iam:00000000000:policy/boundaries"
tags = {
"KubernetesCluster" = "complex.example.com"
"Name" = "masters.complex.example.com"
"Owner" = "John Doe"
"foo/bar" = "fib+baz"
"kubernetes.io/cluster/complex.example.com" = "owned"
}
}

resource "aws_iam_role" "nodes-complex-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.complex.example.com_policy")
name = "nodes.complex.example.com"
permissions_boundary = "arn:aws:iam:00000000000:policy/boundaries"
tags = {
"KubernetesCluster" = "complex.example.com"
"Name" = "nodes.complex.example.com"
"Owner" = "John Doe"
"foo/bar" = "fib+baz"
"kubernetes.io/cluster/complex.example.com" = "owned"
}
}

resource "aws_internet_gateway" "complex-example-com" {
Expand Down
10 changes: 10 additions & 0 deletions tests/integration/update_cluster/compress/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,11 +229,21 @@ resource "aws_iam_role_policy" "nodes-compress-example-com" {
resource "aws_iam_role" "masters-compress-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.compress.example.com_policy")
name = "masters.compress.example.com"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "masters.compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}

resource "aws_iam_role" "nodes-compress-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.compress.example.com_policy")
name = "nodes.compress.example.com"
tags = {
"KubernetesCluster" = "compress.example.com"
"Name" = "nodes.compress.example.com"
"kubernetes.io/cluster/compress.example.com" = "owned"
}
}

resource "aws_internet_gateway" "compress-example-com" {
Expand Down
32 changes: 30 additions & 2 deletions tests/integration/update_cluster/containerd-custom/cloudformation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1073,7 +1073,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "masters.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodescontainerdexamplecom": {
Expand All @@ -1091,7 +1105,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
}
}
Expand Down
32 changes: 30 additions & 2 deletions tests/integration/update_cluster/containerd/cloudformation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1073,7 +1073,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "masters.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodescontainerdexamplecom": {
Expand All @@ -1091,7 +1105,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
}
}
Expand Down
32 changes: 30 additions & 2 deletions tests/integration/update_cluster/docker-custom/cloudformation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1059,7 +1059,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "docker.example.com"
},
{
"Key": "Name",
"Value": "masters.docker.example.com"
},
{
"Key": "kubernetes.io/cluster/docker.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodesdockerexamplecom": {
Expand All @@ -1077,7 +1091,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "docker.example.com"
},
{
"Key": "Name",
"Value": "nodes.docker.example.com"
},
{
"Key": "kubernetes.io/cluster/docker.example.com",
"Value": "owned"
}
]
}
}
}
Expand Down
10 changes: 10 additions & 0 deletions tests/integration/update_cluster/existing_sg/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -420,11 +420,21 @@ resource "aws_iam_role_policy" "nodes-existingsg-example-com" {
resource "aws_iam_role" "masters-existingsg-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.existingsg.example.com_policy")
name = "masters.existingsg.example.com"
tags = {
"KubernetesCluster" = "existingsg.example.com"
"Name" = "masters.existingsg.example.com"
"kubernetes.io/cluster/existingsg.example.com" = "owned"
}
}

resource "aws_iam_role" "nodes-existingsg-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.existingsg.example.com_policy")
name = "nodes.existingsg.example.com"
tags = {
"KubernetesCluster" = "existingsg.example.com"
"Name" = "nodes.existingsg.example.com"
"kubernetes.io/cluster/existingsg.example.com" = "owned"
}
}

resource "aws_internet_gateway" "existingsg-example-com" {
Expand Down
32 changes: 30 additions & 2 deletions tests/integration/update_cluster/externallb/cloudformation.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1074,7 +1074,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "externallb.example.com"
},
{
"Key": "Name",
"Value": "masters.externallb.example.com"
},
{
"Key": "kubernetes.io/cluster/externallb.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodesexternallbexamplecom": {
Expand All @@ -1092,7 +1106,21 @@
}
],
"Version": "2012-10-17"
}
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "externallb.example.com"
},
{
"Key": "Name",
"Value": "nodes.externallb.example.com"
},
{
"Key": "kubernetes.io/cluster/externallb.example.com",
"Value": "owned"
}
]
}
}
}
Expand Down
10 changes: 10 additions & 0 deletions tests/integration/update_cluster/externallb/kubernetes.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,11 +233,21 @@ resource "aws_iam_role_policy" "nodes-externallb-example-com" {
resource "aws_iam_role" "masters-externallb-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.externallb.example.com_policy")
name = "masters.externallb.example.com"
tags = {
"KubernetesCluster" = "externallb.example.com"
"Name" = "masters.externallb.example.com"
"kubernetes.io/cluster/externallb.example.com" = "owned"
}
}

resource "aws_iam_role" "nodes-externallb-example-com" {
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.externallb.example.com_policy")
name = "nodes.externallb.example.com"
tags = {
"KubernetesCluster" = "externallb.example.com"
"Name" = "nodes.externallb.example.com"
"kubernetes.io/cluster/externallb.example.com" = "owned"
}
}

resource "aws_internet_gateway" "externallb-example-com" {
Expand Down
Loading

0 comments on commit 22a9a13

Please sign in to comment.