debug debug

Author: LiangquanLi930

pkg/cloud/scope/cluster.go

@@ -77,11 +77,6 @@ func NewClusterScope(params ClusterScopeParams) (*ClusterScope, error) {
 		maxWaitActiveUpdateDelete:    params.MaxWaitActiveUpdateDelete,
 	}
 
-	serviceLimiters, err := sessionForClusterWithRegion(params.Client, clusterScope, params.AWSCluster.Spec.Region, params.Endpoints, params.Logger)
-	if err != nil {
-		return nil, errors.Errorf("failed to create aws session: %v", err)
-	}
-
 	sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, clusterScope, params.AWSCluster.Spec.Region, params.Endpoints, params.Logger)
 	if err != nil {
 		return nil, errors.Errorf("failed to create aws V2 session: %v", err)
@@ -94,8 +89,7 @@ func NewClusterScope(params ClusterScopeParams) (*ClusterScope, error) {
 
 	clusterScope.patchHelper = helper
 	clusterScope.session = *sessionv2
-	clusterScope.serviceLimiters = serviceLimiters
-	clusterScope.serviceLimitersV2 = serviceLimitersv2
+	clusterScope.serviceLimiters = serviceLimitersv2
 
 	return clusterScope, nil
 }
@@ -109,10 +103,9 @@ type ClusterScope struct {
 	Cluster    *clusterv1.Cluster
 	AWSCluster *infrav1.AWSCluster
 
-	session           awsv2.Config
-	serviceLimiters   throttle.ServiceLimiters
-	serviceLimitersV2 throttle.ServiceLimiters
-	controllerName    string
+	session         awsv2.Config
+	serviceLimiters throttle.ServiceLimiters
+	controllerName  string
 
 	tagUnmanagedNetworkResources bool
 	maxWaitActiveUpdateDelete    time.Duration

pkg/cloud/scope/fargate.go

@@ -70,11 +70,6 @@ func NewFargateProfileScope(params FargateProfileScopeParams) (*FargateProfileSc
 		controllerName: params.ControllerName,
 	}
 
-	serviceLimiters, err := sessionForClusterWithRegion(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
-	if err != nil {
-		return nil, errors.Errorf("failed to create aws session: %v", err)
-	}
-
 	sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
 	if err != nil {
 		return nil, errors.Errorf("failed to create aws v2 session: %v", err)
@@ -86,17 +81,16 @@ func NewFargateProfileScope(params FargateProfileScopeParams) (*FargateProfileSc
 	}
 
 	return &FargateProfileScope{
-		Logger:            *params.Logger,
-		Client:            params.Client,
-		Cluster:           params.Cluster,
-		ControlPlane:      params.ControlPlane,
-		FargateProfile:    params.FargateProfile,
-		patchHelper:       helper,
-		session:           *sessionv2,
-		serviceLimiters:   serviceLimiters,
-		serviceLimitersV2: serviceLimitersv2,
-		controllerName:    params.ControllerName,
-		enableIAM:         params.EnableIAM,
+		Logger:          *params.Logger,
+		Client:          params.Client,
+		Cluster:         params.Cluster,
+		ControlPlane:    params.ControlPlane,
+		FargateProfile:  params.FargateProfile,
+		patchHelper:     helper,
+		session:         *sessionv2,
+		serviceLimiters: serviceLimitersv2,
+		controllerName:  params.ControllerName,
+		enableIAM:       params.EnableIAM,
 	}, nil
 }
 
@@ -110,10 +104,9 @@ type FargateProfileScope struct {
 	ControlPlane   *ekscontrolplanev1.AWSManagedControlPlane
 	FargateProfile *expinfrav1.AWSFargateProfile
 
-	session           awsv2.Config
-	serviceLimiters   throttle.ServiceLimiters
-	serviceLimitersV2 throttle.ServiceLimiters
-	controllerName    string
+	session         awsv2.Config
+	serviceLimiters throttle.ServiceLimiters
+	controllerName  string
 
 	enableIAM bool
 }

pkg/cloud/scope/managedcontrolplane.go

@@ -98,19 +98,13 @@ func NewManagedControlPlaneScope(params ManagedControlPlaneScopeParams) (*Manage
 		enableIAM:                    params.EnableIAM,
 		tagUnmanagedNetworkResources: params.TagUnmanagedNetworkResources,
 	}
-	serviceLimiters, err := sessionForClusterWithRegion(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
-	if err != nil {
-		return nil, errors.Errorf("failed to create aws session: %v", err)
-	}
-
 	sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
 	if err != nil {
 		return nil, errors.Errorf("failed to create aws V2 session: %v", err)
 	}
 
 	managedScope.session = *sessionv2
-	managedScope.serviceLimiters = serviceLimiters
-	managedScope.serviceLimitersV2 = serviceLimitersv2
+	managedScope.serviceLimiters = serviceLimitersv2
 
 	helper, err := patch.NewHelper(params.ControlPlane, params.Client)
 	if err != nil {
@@ -131,10 +125,9 @@ type ManagedControlPlaneScope struct {
 	ControlPlane              *ekscontrolplanev1.AWSManagedControlPlane
 	MaxWaitActiveUpdateDelete time.Duration
 
-	session           awsv2.Config
-	serviceLimiters   throttle.ServiceLimiters
-	serviceLimitersV2 throttle.ServiceLimiters
-	controllerName    string
+	session         awsv2.Config
+	serviceLimiters throttle.ServiceLimiters
+	controllerName  string
 
 	enableIAM                    bool
 	allowAdditionalRoles         bool

pkg/cloud/scope/rosacontrolplane.go

@@ -72,11 +72,6 @@ func NewROSAControlPlaneScope(params ROSAControlPlaneScopeParams) (*ROSAControlP
 		controllerName: params.ControllerName,
 	}
 
-	serviceLimiters, err := sessionForClusterWithRegion(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
-	if err != nil {
-		return nil, errors.Errorf("failed to create aws session: %v", err)
-	}
-
 	sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, managedScope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
 	if err != nil {
 		return nil, errors.Errorf("failed to create aws V2 session: %v", err)
@@ -89,8 +84,7 @@ func NewROSAControlPlaneScope(params ROSAControlPlaneScopeParams) (*ROSAControlP
 
 	managedScope.patchHelper = helper
 	managedScope.session = *sessionv2
-	managedScope.serviceLimiters = serviceLimiters
-	managedScope.serviceLimitersV2 = serviceLimitersv2
+	managedScope.serviceLimiters = serviceLimitersv2
 
 	stsClient := params.NewStsClient(managedScope, managedScope, managedScope, managedScope.ControlPlane)
 	identity, err := stsClient.GetCallerIdentity(context.TODO(), &stsv2.GetCallerIdentityInput{})
@@ -111,11 +105,10 @@ type ROSAControlPlaneScope struct {
 	Cluster      *clusterv1.Cluster
 	ControlPlane *rosacontrolplanev1.ROSAControlPlane
 
-	session           awsv2.Config
-	serviceLimiters   throttle.ServiceLimiters
-	serviceLimitersV2 throttle.ServiceLimiters
-	controllerName    string
-	Identity          *stsv2.GetCallerIdentityOutput
+	session         awsv2.Config
+	serviceLimiters throttle.ServiceLimiters
+	controllerName  string
+	Identity        *stsv2.GetCallerIdentityOutput
 }
 
 // InfraCluster returns the AWSManagedControlPlane object.

pkg/cloud/scope/rosamachinepool.go

@@ -88,19 +88,13 @@ func NewRosaMachinePoolScope(params RosaMachinePoolScopeParams) (*RosaMachinePoo
 		controllerName:  params.ControllerName,
 	}
 
-	serviceLimiters, err := sessionForClusterWithRegion(params.Client, scope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
-	if err != nil {
-		return nil, errors.Errorf("failed to create aws session: %v", err)
-	}
-
 	sessionv2, serviceLimitersv2, err := sessionForClusterWithRegionV2(params.Client, scope, params.ControlPlane.Spec.Region, params.Endpoints, params.Logger)
 	if err != nil {
 		return nil, errors.Errorf("failed to create aws V2 session: %v", err)
 	}
 
 	scope.session = *sessionv2
-	scope.serviceLimiters = serviceLimiters
-	scope.serviceLimitersV2 = serviceLimitersv2
+	scope.serviceLimiters = serviceLimitersv2
 
 	return scope, nil
 }
@@ -119,9 +113,8 @@ type RosaMachinePoolScope struct {
 	RosaMachinePool *expinfrav1.ROSAMachinePool
 	MachinePool     *expclusterv1.MachinePool
 
-	session           awsv2.Config
-	serviceLimiters   throttle.ServiceLimiters
-	serviceLimitersV2 throttle.ServiceLimiters
+	session         awsv2.Config
+	serviceLimiters throttle.ServiceLimiters
 
 	controllerName string
 }

pkg/cloud/scope/session.go

@@ -29,7 +29,6 @@ import (
 	"github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi"
 	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
 	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/endpoints"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/google/go-cmp/cmp"
@@ -64,7 +63,6 @@ type ServiceEndpoint struct {
 
 var sessionCache sync.Map
 var sessionCacheV2 sync.Map
-var providerCache sync.Map
 var providerCacheV2 sync.Map
 
 type sessionCacheEntry struct {
@@ -137,89 +135,6 @@ func sessionForRegionV2(region string) (*awsv2.Config, throttle.ServiceLimiters,
 	return &ns, sl, nil
 }
 
-func sessionForClusterWithRegion(k8sClient client.Client, clusterScoper cloud.SessionMetadata, region string, endpoint []ServiceEndpoint, log logger.Wrapper) (throttle.ServiceLimiters, error) {
-	log = log.WithName("identity")
-	log.Trace("Creating an AWS Session")
-
-	resolver := func(service, region string, optFns ...func(*endpoints.Options)) (endpoints.ResolvedEndpoint, error) {
-		for _, s := range endpoint {
-			if service == s.ServiceID {
-				return endpoints.ResolvedEndpoint{
-					URL:           s.URL,
-					SigningRegion: s.SigningRegion,
-				}, nil
-			}
-		}
-		return endpoints.DefaultResolver().EndpointFor(service, region, optFns...)
-	}
-
-	providers, err := getProvidersForCluster(context.Background(), k8sClient, clusterScoper, region, log)
-	if err != nil {
-		// could not get providers and retrieve the credentials
-		conditions.MarkFalse(clusterScoper.InfraCluster(), infrav1.PrincipalCredentialRetrievedCondition, infrav1.PrincipalCredentialRetrievalFailedReason, clusterv1.ConditionSeverityError, "%s", err.Error())
-		return nil, errors.Wrap(err, "Failed to get providers for cluster")
-	}
-
-	isChanged := false
-	awsProviders := make([]credentials.Provider, len(providers))
-	for i, provider := range providers {
-		// load an existing matching providers from the cache if such a providers exists
-		providerHash, err := provider.Hash()
-		if err != nil {
-			return nil, errors.Wrap(err, "Failed to calculate provider hash")
-		}
-		cachedProvider, ok := providerCache.Load(providerHash)
-		if ok {
-			provider = cachedProvider.(identity.AWSPrincipalTypeProvider)
-		} else {
-			isChanged = true
-			// add this provider to the cache
-			providerCache.Store(providerHash, provider)
-		}
-		awsProviders[i] = provider.(credentials.Provider)
-	}
-
-	if !isChanged {
-		if s, ok := sessionCache.Load(getSessionName(region, clusterScoper)); ok {
-			entry := s.(*sessionCacheEntry)
-			return entry.serviceLimiters, nil
-		}
-	}
-	awsConfig := &aws.Config{
-		Region:           aws.String(region),
-		EndpointResolver: endpoints.ResolverFunc(resolver),
-	}
-
-	if len(providers) > 0 {
-		// Check if identity credentials can be retrieved. One reason this will fail is that source identity is not authorized for assume role.
-		_, err := providers[0].Retrieve()
-		if err != nil {
-			conditions.MarkUnknown(clusterScoper.InfraCluster(), infrav1.PrincipalCredentialRetrievedCondition, infrav1.CredentialProviderBuildFailedReason, "%s", err.Error())
-
-			// delete the existing session from cache. Otherwise, we give back a defective session on next method invocation with same cluster scope
-			sessionCache.Delete(getSessionName(region, clusterScoper))
-
-			return nil, errors.Wrap(err, "Failed to retrieve identity credentials")
-		}
-		awsConfig = awsConfig.WithCredentials(credentials.NewChainCredentials(awsProviders))
-	}
-
-	conditions.MarkTrue(clusterScoper.InfraCluster(), infrav1.PrincipalCredentialRetrievedCondition)
-
-	ns, err := session.NewSession(awsConfig)
-	if err != nil {
-		return nil, errors.Wrap(err, "Failed to create a new AWS session")
-	}
-	sl := newServiceLimiters()
-	sessionCache.Store(getSessionName(region, clusterScoper), &sessionCacheEntry{
-		session:         ns,
-		serviceLimiters: sl,
-		sessionV2:       nil,
-	})
-
-	return sl, nil
-}
-
 func sessionForClusterWithRegionV2(k8sClient client.Client, clusterScoper cloud.SessionMetadata, region string, _ []ServiceEndpoint, log logger.Wrapper) (*awsv2.Config, throttle.ServiceLimiters, error) {
 	log = log.WithName("identity")
 	log.Trace("Creating an AWS Session")

test/e2e/shared/suite.go

@@ -158,6 +158,10 @@ func Node1BeforeSuite(e2eCtx *E2EContext) []byte {
 	e2eCtx.Environment.BootstrapAccessKey = newUserAccessKey(context.TODO(), e2eCtx.AWSSessionV2, bootstrapTemplate.Spec.BootstrapUser.UserName)
 	e2eCtx.BootstrapUserAWSSession = NewAWSSessionWithKey(e2eCtx.Environment.BootstrapAccessKey)
 	e2eCtx.BootstrapUserAWSSessionV2 = NewAWSSessionWithKeyV2(e2eCtx.Environment.BootstrapAccessKey)
+
+	By("Waiting for access key to propagate...")
+	time.Sleep(10 * time.Second)
+
 	Expect(ensureTestImageUploaded(e2eCtx)).NotTo(HaveOccurred())
 
 	// Image ID is needed when using a CI Kubernetes version. This is used in conformance test and upgrade to main test.