Merge pull request #4292 from faiq/faiq/remove-set-role

k8s-ci-robot · web-flow · commit 75ccd55047e2 · 2023-05-25T09:14:51.000-07:00
fix: remove set nodes role
diff --git a/pkg/cloud/services/iamauth/reconcile.go b/pkg/cloud/services/iamauth/reconcile.go
@@ -30,7 +30,6 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 	ekscontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2"
 	expinfrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2"
-	iamv1 "sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	expclusterv1 "sigs.k8s.io/cluster-api/exp/api/v1beta1"
 )
@@ -105,11 +104,7 @@ func (s *Service) getARNForRole(role string) (string, error) {
 }
 
 func (s *Service) getRolesForWorkers(ctx context.Context) (map[string]struct{}, error) {
-	// previously this was the default role always added to the IAM authenticator config
-	// we'll keep this to not break existing behavior for users
-	allRoles := map[string]struct{}{
-		fmt.Sprintf("nodes%s", iamv1.DefaultNameSuffix): {},
-	}
+	allRoles := map[string]struct{}{}
 	if err := s.getRolesForMachineDeployments(ctx, allRoles); err != nil {
 		return nil, fmt.Errorf("failed to get roles from machine deployments %w", err)
 	}
diff --git a/test/e2e/suites/managed/cluster.go b/test/e2e/suites/managed/cluster.go
@@ -101,10 +101,13 @@ func ManagedClusterSpec(ctx context.Context, inputGetter func() ManagedClusterSp
 	verifySecretExists(ctx, fmt.Sprintf("%s-kubeconfig", input.ClusterName), input.Namespace.Name, bootstrapClient)
 	verifySecretExists(ctx, fmt.Sprintf("%s-user-kubeconfig", input.ClusterName), input.Namespace.Name, bootstrapClient)
 
-	ginkgo.By("Checking that aws-iam-authenticator config map exists")
-	workloadClusterProxy := input.BootstrapClusterProxy.GetWorkloadCluster(ctx, input.Namespace.Name, input.ClusterName)
-	workloadClient := workloadClusterProxy.GetClient()
-	verifyConfigMapExists(ctx, "aws-auth", metav1.NamespaceSystem, workloadClient)
+	// this will not be created unless there are worker machines or set by IAMAuthenticatorConfig on the managed control plane spec
+	if input.WorkerMachineCount > 0 {
+		ginkgo.By("Checking that aws-iam-authenticator config map exists")
+		workloadClusterProxy := input.BootstrapClusterProxy.GetWorkloadCluster(ctx, input.Namespace.Name, input.ClusterName)
+		workloadClient := workloadClusterProxy.GetClient()
+		verifyConfigMapExists(ctx, "aws-auth", metav1.NamespaceSystem, workloadClient)
+	}
 }
 
 // DeleteClusterSpecInput is the input to DeleteClusterSpec.
diff --git a/test/e2e/suites/managed/eks_ipv6_test.go b/test/e2e/suites/managed/eks_ipv6_test.go
@@ -72,7 +72,7 @@ var _ = ginkgo.Describe("[managed] [general] [ipv6] EKS cluster tests", func() {
 				ClusterName:              clusterName,
 				Flavour:                  EKSIPv6ClusterFlavor,
 				ControlPlaneMachineCount: 1, //NOTE: this cannot be zero as clusterctl returns an error
-				WorkerMachineCount:       1,
+				WorkerMachineCount:       0,
 			}
 		})
 
diff --git a/test/e2e/suites/managed/upgrade_test.go b/test/e2e/suites/managed/upgrade_test.go
@@ -70,7 +70,7 @@ var _ = ginkgo.Describe("EKS Cluster upgrade test", func() {
 				ClusterName:              clusterName,
 				Flavour:                  EKSControlPlaneOnlyFlavor, // TODO (richardcase) - change in the future when upgrades to machinepools work
 				ControlPlaneMachineCount: 1,                         // NOTE: this cannot be zero as clusterctl returns an error
-				WorkerMachineCount:       1,
+				WorkerMachineCount:       0,
 				KubernetesVersion:        initialVersion,
 			}
 		})

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,6 @@ import (`
`30`	`30`	`infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"`
`31`	`31`	`ekscontrolplanev1 "sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2"`
`32`	`32`	`expinfrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2"`
`33`		`- iamv1 "sigs.k8s.io/cluster-api-provider-aws/v2/iam/api/v1beta1"`
`34`	`33`	`clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"`
`35`	`34`	`expclusterv1 "sigs.k8s.io/cluster-api/exp/api/v1beta1"`
`36`	`35`	`)`
`@@ -105,11 +104,7 @@ func (s *Service) getARNForRole(role string) (string, error) {`
`105`	`104`	`}`
`106`	`105`
`107`	`106`	`func (s *Service) getRolesForWorkers(ctx context.Context) (map[string]struct{}, error) {`
`108`		`- // previously this was the default role always added to the IAM authenticator config`
`109`		`- // we'll keep this to not break existing behavior for users`
`110`		`- allRoles := map[string]struct{}{`
`111`		`- fmt.Sprintf("nodes%s", iamv1.DefaultNameSuffix): {},`
`112`		`- }`
	`107`	`+ allRoles := map[string]struct{}{}`
`113`	`108`	`if err := s.getRolesForMachineDeployments(ctx, allRoles); err != nil {`
`114`	`109`	`return nil, fmt.Errorf("failed to get roles from machine deployments %w", err)`
`115`	`110`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ var _ = ginkgo.Describe("[managed] [general] [ipv6] EKS cluster tests", func() {`
`72`	`72`	`ClusterName: clusterName,`
`73`	`73`	`Flavour: EKSIPv6ClusterFlavor,`
`74`	`74`	`ControlPlaneMachineCount: 1, //NOTE: this cannot be zero as clusterctl returns an error`
`75`		`- WorkerMachineCount: 1,`
	`75`	`+ WorkerMachineCount: 0,`
`76`	`76`	`}`
`77`	`77`	`})`
`78`	`78`
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ var _ = ginkgo.Describe("EKS Cluster upgrade test", func() {`
`70`	`70`	`ClusterName: clusterName,`
`71`	`71`	`Flavour: EKSControlPlaneOnlyFlavor, // TODO (richardcase) - change in the future when upgrades to machinepools work`
`72`	`72`	`ControlPlaneMachineCount: 1, // NOTE: this cannot be zero as clusterctl returns an error`
`73`		`- WorkerMachineCount: 1,`
	`73`	`+ WorkerMachineCount: 0,`
`74`	`74`	`KubernetesVersion: initialVersion,`
`75`	`75`	`}`
`76`	`76`	`})`