Move iam to awsmodel

2021-04-30 11:49:10 +03:00 · 2021-04-30 11:49:10 +03:00 · fcba0043d0
parent 4dfe58de7a
commit fcba0043d0
5 changed files with 20 additions and 11 deletions
--- a/pkg/model/awsmodel/iam.go
+++ b/pkg/model/awsmodel/iam.go
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package model
+package awsmodel

 import (
 	"fmt"
@ -25,6 +25,7 @@ import (
 	"k8s.io/klog/v2"
 	"k8s.io/kops/pkg/apis/kops"
 	"k8s.io/kops/pkg/dns"
+	"k8s.io/kops/pkg/model"
 	"k8s.io/kops/pkg/model/iam"
 	"k8s.io/kops/pkg/util/stringorslice"
 	"k8s.io/kops/upup/pkg/fi"
@ -33,8 +34,7 @@ import (

 // IAMModelBuilder configures IAM objects
 type IAMModelBuilder struct {
-	*KopsModelContext
-
+	*AWSModelContext
 	Lifecycle *fi.Lifecycle
 	Cluster   *kops.Cluster
 }
@ -91,7 +91,7 @@ func (b *IAMModelBuilder) Build(c *fi.ModelBuilderContext) error {
 			return err
 		}

-		iamName, err := findCustomAuthNameFromArn(profileARN)
+		iamName, err := model.FindCustomAuthNameFromArn(profileARN)
 		if err != nil {
 			return fmt.Errorf("unable to parse instance profile name from arn %q: %v", profileARN, err)
 		}
--- a/pkg/model/awsmodel/iam_test.go
+++ b/pkg/model/awsmodel/iam_test.go
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package model
+package awsmodel

 import (
 	"testing"
--- a/pkg/model/names.go
+++ b/pkg/model/names.go
@ -153,8 +153,8 @@ func (b *KopsModelContext) IAMName(role kops.InstanceGroupRole) string {

 var roleNamRegExp = regexp.MustCompile(`([^/]+$)`)

-// findCustomAuthNameFromArn parses the name of a instance profile from the arn
-func findCustomAuthNameFromArn(arn string) (string, error) {
+// FindCustomAuthNameFromArn parses the name of a instance profile from the arn
+func FindCustomAuthNameFromArn(arn string) (string, error) {
 	if arn == "" {
 		return "", fmt.Errorf("unable to parse role arn as it is not set")
 	}
@ -168,7 +168,7 @@ func findCustomAuthNameFromArn(arn string) (string, error) {

 func (b *KopsModelContext) LinkToIAMInstanceProfile(ig *kops.InstanceGroup) (*awstasks.IAMInstanceProfile, error) {
 	if ig.Spec.IAM != nil && ig.Spec.IAM.Profile != nil {
-		name, err := findCustomAuthNameFromArn(fi.StringValue(ig.Spec.IAM.Profile))
+		name, err := FindCustomAuthNameFromArn(fi.StringValue(ig.Spec.IAM.Profile))
 		return &awstasks.IAMInstanceProfile{Name: &name}, err
 	}
 	name := b.IAMName(ig.Spec.Role)
--- a/upup/pkg/fi/cloudup/apply_cluster.go
+++ b/upup/pkg/fi/cloudup/apply_cluster.go
@ -554,7 +554,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error {
 				&model.FirewallModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle},
 				&awsmodel.SSHKeyModelBuilder{AWSModelContext: awsModelContext, Lifecycle: &securityLifecycle},
 				&awsmodel.NetworkModelBuilder{AWSModelContext: awsModelContext, Lifecycle: &networkLifecycle},
-				&model.IAMModelBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle, Cluster: cluster},
+				&awsmodel.IAMModelBuilder{AWSModelContext: awsModelContext, Lifecycle: &securityLifecycle, Cluster: cluster},
 				&awsmodel.OIDCProviderBuilder{KopsModelContext: modelContext, Lifecycle: &securityLifecycle, KeyStore: keyStore},
 			)

--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder/bootstrapchannelbuilder.go
@ -18,6 +18,7 @@ package bootstrapchannelbuilder

 import (
 	"fmt"
+	"k8s.io/kops/pkg/model/awsmodel"
 	"strings"

 	"k8s.io/klog/v2"
@ -422,9 +423,13 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann

 		// Generate dns-controller ServiceAccount IAM permissions
 		if b.UseServiceAccountIAM() {
+			awsModelContext := &awsmodel.AWSModelContext{
+				KopsModelContext: b.KopsModelContext,
+			}
+
 			serviceAccountRoles := []iam.Subject{&dnscontroller.ServiceAccount{}}
 			for _, serviceAccountRole := range serviceAccountRoles {
-				iamModelBuilder := &model.IAMModelBuilder{KopsModelContext: b.KopsModelContext, Lifecycle: b.Lifecycle, Cluster: b.Cluster}
+				iamModelBuilder := &awsmodel.IAMModelBuilder{AWSModelContext: awsModelContext, Lifecycle: b.Lifecycle, Cluster: b.Cluster}

 				err := iamModelBuilder.BuildServiceAccountRoleTasks(serviceAccountRole, c)
 				if err != nil {
@ -580,9 +585,13 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann

 		// Generate aws-load-balancer-controller ServiceAccount IAM permissions
 		if b.UseServiceAccountIAM() {
+			awsModelContext := &awsmodel.AWSModelContext{
+				KopsModelContext: b.KopsModelContext,
+			}
+
 			serviceAccountRoles := []iam.Subject{&awsloadbalancercontroller.ServiceAccount{}}
 			for _, serviceAccountRole := range serviceAccountRoles {
-				iamModelBuilder := &model.IAMModelBuilder{KopsModelContext: b.KopsModelContext, Lifecycle: b.Lifecycle, Cluster: b.Cluster}
+				iamModelBuilder := &awsmodel.IAMModelBuilder{AWSModelContext: awsModelContext, Lifecycle: b.Lifecycle, Cluster: b.Cluster}

 				err := iamModelBuilder.BuildServiceAccountRoleTasks(serviceAccountRole, c)
 				if err != nil {