Add support for cluster id

cr: https://code.amazon.com/reviews/CR-70518881

Author: johnsonjnpan

awscli/customizations/eks/get_token.py

@@ -22,6 +22,7 @@
 
 from awscli.customizations.commands import BasicCommand
 from awscli.customizations.utils import uni_print
+from awscli.customizations.utils import validate_mutually_exclusive
 
 AUTH_SERVICE = "sts"
 AUTH_COMMAND = "GetCallerIdentity"
@@ -62,7 +63,7 @@
 
 TOKEN_PREFIX = 'k8s-aws-v1.'
 
-CLUSTER_NAME_HEADER = 'x-k8s-aws-id'
+K8S_AWS_ID_HEADER = 'x-k8s-aws-id'
 
 
 class GetTokenCommand(BasicCommand):
@@ -78,9 +79,9 @@ class GetTokenCommand(BasicCommand):
         {
             'name': 'cluster-name',
             'help_text': (
-                "Specify the name of the Amazon EKS cluster to create a token for."
+                "Specify the name of the Amazon EKS cluster to create a token for. (Note: for local clusters on AWS Outposts, please use --cluster-id parameter)"
             ),
-            'required': True,
+            'required': False,
         },
         {
             'name': 'role-arn',
@@ -89,6 +90,14 @@ class GetTokenCommand(BasicCommand):
             ),
             'required': False,
         },
+        {
+            'name': 'cluster-id',
+            # When EKS in-region cluster supports cluster-id, we will need to update this help text
+            'help_text': (
+                "Specify the id of the Amazon EKS cluster to create a token for. (Note: for local clusters on AWS Outposts only)"
+            ),
+            'required': False,
+        },
     ]
 
     def get_expiration_time(self):
@@ -102,7 +111,17 @@ def _run_main(self, parsed_args, parsed_globals):
         sts_client = client_factory.get_sts_client(
             region_name=parsed_globals.region, role_arn=parsed_args.role_arn
         )
-        token = TokenGenerator(sts_client).get_token(parsed_args.cluster_name)
+        
+        validate_mutually_exclusive(parsed_args, ['cluster_name'], ['cluster_id'])
+
+        if parsed_args.cluster_id:
+            identifier = parsed_args.cluster_id
+        elif parsed_args.cluster_name:
+            identifier = parsed_args.cluster_name
+        else:
+            return ValueError("Either parameter --cluster-name or --cluster-id must be specified.")
+
+        token = TokenGenerator(sts_client).get_token(identifier)
 
         # By default STS signs the url for 15 minutes so we are creating a
         # rfc3339 timestamp with expiration in 14 minutes as part of the token, which
@@ -189,18 +208,18 @@ class TokenGenerator(object):
     def __init__(self, sts_client):
         self._sts_client = sts_client
 
-    def get_token(self, cluster_name):
+    def get_token(self, k8s_aws_id):
         """Generate a presigned url token to pass to kubectl."""
-        url = self._get_presigned_url(cluster_name)
+        url = self._get_presigned_url(k8s_aws_id)
         token = TOKEN_PREFIX + base64.urlsafe_b64encode(
             url.encode('utf-8')
         ).decode('utf-8').rstrip('=')
         return token
 
-    def _get_presigned_url(self, cluster_name):
+    def _get_presigned_url(self, k8s_aws_id):
         return self._sts_client.generate_presigned_url(
             'get_caller_identity',
-            Params={'ClusterName': cluster_name},
+            Params={K8S_AWS_ID_HEADER: k8s_aws_id},
             ExpiresIn=URL_TIMEOUT,
             HttpMethod='GET',
         )
@@ -218,7 +237,7 @@ def get_sts_client(self, region_name=None, role_arn=None):
             client_kwargs['aws_secret_access_key'] = creds['SecretAccessKey']
             client_kwargs['aws_session_token'] = creds['SessionToken']
         sts = self._session.create_client('sts', **client_kwargs)
-        self._register_cluster_name_handlers(sts)
+        self._register_k8s_aws_id_handlers(sts)
         return sts
 
     def _get_role_credentials(self, region_name, role_arn):
@@ -227,22 +246,20 @@ def _get_role_credentials(self, region_name, role_arn):
             RoleArn=role_arn, RoleSessionName='EKSGetTokenAuth'
         )['Credentials']
 
-    def _register_cluster_name_handlers(self, sts_client):
+    def _register_k8s_aws_id_handlers(self, sts_client):
         sts_client.meta.events.register(
             'provide-client-params.sts.GetCallerIdentity',
-            self._retrieve_cluster_name,
+            self._retrieve_k8s_aws_id,
         )
         sts_client.meta.events.register(
             'before-sign.sts.GetCallerIdentity',
-            self._inject_cluster_name_header,
+            self._inject_k8s_aws_id_header,
         )
 
-    def _retrieve_cluster_name(self, params, context, **kwargs):
-        if 'ClusterName' in params:
-            context['eks_cluster'] = params.pop('ClusterName')
+    def _retrieve_k8s_aws_id(self, params, context, **kwargs):
+        if K8S_AWS_ID_HEADER in params:
+            context[K8S_AWS_ID_HEADER] = params.pop(K8S_AWS_ID_HEADER)
 
-    def _inject_cluster_name_header(self, request, **kwargs):
-        if 'eks_cluster' in request.context:
-            request.headers[CLUSTER_NAME_HEADER] = request.context[
-                'eks_cluster'
-            ]
+    def _inject_k8s_aws_id_header(self, request, **kwargs):
+        if K8S_AWS_ID_HEADER in request.context:
+            request.headers[K8S_AWS_ID_HEADER] = request.context[K8S_AWS_ID_HEADER]

awscli/customizations/eks/update_kubeconfig.py

@@ -288,8 +288,17 @@ def get_user_entry(self):
         Return a user entry generated using
         the previously obtained description.
         """
+        cluster_description = self._get_cluster_description()
+        region = cluster_description.get("arn").split(":")[3]
+        outpost_config = cluster_description.get("outpostConfig")
 
-        region = self._get_cluster_description().get("arn").split(":")[3]
+        if outpost_config is None:
+            cluster_identification_parameter = "--cluster-name"
+            cluster_identification_value = self._cluster_name
+        else:
+            # If cluster contains outpostConfig, use id for identification
+            cluster_identification_parameter = "--cluster-id"
+            cluster_identification_value = cluster_description.get("id")
 
         generated_user = OrderedDict([
             ("name", self._get_cluster_description().get("arn", "")),
@@ -302,8 +311,8 @@ def get_user_entry(self):
                             region,
                             "eks",
                             "get-token",
-                            "--cluster-name",
-                            self._cluster_name,
+                            cluster_identification_parameter,
+                            cluster_identification_value,
                         ]),
                     ("command", "aws"),
                 ]))

tests/functional/eks/test_util.py

@@ -62,6 +62,40 @@ def describe_cluster_response():
         }
     }
 
+def describe_cluster_response_outpost_cluster():
+    """Get an example describe_cluster call (For mocking)"""
+    return {
+        "cluster": {
+            "status": "ACTIVE",
+            "endpoint": "https://endpoint.amazonaws.com",
+            "name": EXAMPLE_NAME,
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpWR1Z6ZEdsdVp5QkVZWFJoRFFwVVpYTjBhVzVuSUVSaGRHRU5DbFJsYzNScGJtY2dSR0YwWVEwS2EzVmlaWEp1WlhSbGN6QWVGdzBLVkdWemRHbHVaeUJFWVhSaERRcFVaWE4wYVc1bklFUmhkR0ZWQkFNVERRcHJkV0psY201bGRHVnpNQUVpTUEwS1ZHVnpkR2x1WnlCRVlYUmhEUXBVWlhOMGFXNW5JRVJoZEdFTkNsUmxjM1JwYm1jZ1JHRjBZY3UvR1FnbmFTcDNZaHBDTWhGVVpYTjBhVzVuSUVSaGRHRXl3clZqeEpWNjNwNFVHRmpZdHdGR1drUldJVkV1VkdWemRHbHVaeUJFWVhSaGJzT0MxSVJiTDhPd0lpMVhiWGg2VkdWemRHbHVaeUJFWVhSaFpXVndTTk9VVUZKNmN5QWJaaFpnWVNkTUV3MEtGMVJsYzNScGJtY2dSR0YwWVFZRFZSMFBBUUVFQkFNQ0FsUmxjM1JwYm1jZ1JHRjBZUUV3RFFvR0NTcElEUXBVWlhOMGFXNW5JRVJoZEdGcEgxc1pPRTNMa3lrMU9DWUNHUloyTEZjM3paOCtHell3WEZSbGMzUnBibWNnUkdGMFlYMUR5NjFNMVlGV1AxWVRIMVJsYzNScGJtY2dSR0YwWVd0aE5oMVphM2dWUDBGaGNSWjdKaW9oZVc4N1JsUmxjM1JwYm1jZ1JHRjBZUVpIVHd4NE9IdzZmZz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t"
+            },
+            "roleArn": "arn:aws:iam::111222333444/eksRole",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-00000000000000000",
+                    "subnet-00000000000000001",
+                    "subnet-00000000000000002"
+                ],
+                "vpcId": "vpc-00000000000000000",
+                "securityGroupIds": [
+                    "sg-00000000000000000"
+                ]
+            },
+            "version": "1.10",
+            "arn": "arn:aws:eks:region:111222333444:cluster/" + EXAMPLE_NAME,
+            "createdAt": 1500000000.000,
+            "id": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
+            "outpostConfig": {
+                "outpostArns": [
+                    "arn:aws:outposts:us-west-2:111222333444:outpost/op-00000000000000000"
+                ],
+            }
+        }
+    }
+
 def describe_cluster_no_status_response():
     """Get an example describe_cluster call (For mocking)"""
     return {

tests/unit/customizations/eks/test_update_kubeconfig.py

@@ -30,6 +30,7 @@
 from awscli.customizations.eks.ordered_yaml import ordered_yaml_load
 from tests.functional.eks.test_util import get_testdata
 from tests.functional.eks.test_util import (describe_cluster_response,
+                                            describe_cluster_response_outpost_cluster,
                                             describe_cluster_no_status_response,
                                             describe_cluster_creating_response,
                                             describe_cluster_deleting_response)
@@ -185,6 +186,25 @@ def setUp(self):
             ]))
         ])
 
+        self._correct_user_entry_outpost_cluster = OrderedDict([
+            ("name", describe_cluster_response()["cluster"]["arn"]),
+            ("user", OrderedDict([
+                ("exec", OrderedDict([
+                    ("apiVersion", API_VERSION),
+                    ("args",
+                        [
+                            "--region",
+                            "region",
+                            "eks",
+                            "get-token",
+                            "--cluster-id",
+                            "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
+                        ]),
+                    ("command", "aws")
+                ]))
+            ]))
+        ])
+
         self._mock_client = mock.Mock()
         self._mock_client.describe_cluster.return_value =\
                                                     describe_cluster_response()
@@ -229,6 +249,16 @@ def test_get_user_entry(self):
         )
         self._session.create_client.assert_called_once_with("eks")
 
+    def test_get_user_entry_outpost_cluster(self):
+        self._mock_client.describe_cluster.return_value =\
+                                                    describe_cluster_response_outpost_cluster()
+        self.assertEqual(self._client.get_user_entry(),
+                         self._correct_user_entry_outpost_cluster)
+        self._mock_client.describe_cluster.assert_called_once_with(
+            name="ExampleCluster"
+        )
+        self._session.create_client.assert_called_once_with("eks") 
+
     def test_get_both(self):
         self.assertEqual(self._client.get_cluster_entry(),
                          self._correct_cluster_entry)