Merge pull request #3982 from kubernetes-sigs/revert-3926-arn-us-gov

Revert "capa fix hardcoded role arn for aws iam authenticator"

Author: k8s-ci-robot

api/v1beta1/awscluster_conversion.go

@@ -17,41 +17,40 @@ limitations under the License.
 package v1beta1
 
 import (
-	infrav2 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
+	infrav1 "sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )
 
-// ConvertTo converts the v1beta1 AWSCluster receiver to a v1beta2 AWSCluster.
+// ConvertTo converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.
 func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
-	dst := dstRaw.(*infrav2.AWSCluster)
+	dst := dstRaw.(*infrav1.AWSCluster)
 
 	if err := Convert_v1beta1_AWSCluster_To_v1beta2_AWSCluster(src, dst, nil); err != nil {
 		return err
 	}
 	// Manually restore data.
-	restored := &infrav2.AWSCluster{}
+	restored := &infrav1.AWSCluster{}
 	if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
 		return err
 	}
 
 	if restored.Spec.ControlPlaneLoadBalancer != nil {
 		if dst.Spec.ControlPlaneLoadBalancer == nil {
-			dst.Spec.ControlPlaneLoadBalancer = &infrav2.AWSLoadBalancerSpec{}
+			dst.Spec.ControlPlaneLoadBalancer = &infrav1.AWSLoadBalancerSpec{}
 		}
 		restoreControlPlaneLoadBalancer(restored.Spec.ControlPlaneLoadBalancer, dst.Spec.ControlPlaneLoadBalancer)
 	}
 	restoreControlPlaneLoadBalancerStatus(&restored.Status.Network.APIServerELB, &dst.Status.Network.APIServerELB)
 
 	dst.Spec.S3Bucket = restored.Spec.S3Bucket
-	dst.Spec.Partition = restored.Spec.Partition
 
 	return nil
 }
 
 // restoreControlPlaneLoadBalancerStatus manually restores the control plane loadbalancer status data.
 // Assumes restored and dst are non-nil.
-func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav2.LoadBalancer) {
+func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav1.LoadBalancer) {
 	dst.ARN = restored.ARN
 	dst.LoadBalancerType = restored.LoadBalancerType
 	dst.ELBAttributes = restored.ELBAttributes
@@ -60,7 +59,7 @@ func restoreControlPlaneLoadBalancerStatus(restored, dst *infrav2.LoadBalancer)
 
 // restoreControlPlaneLoadBalancer manually restores the control plane loadbalancer data.
 // Assumes restored and dst are non-nil.
-func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec) {
+func restoreControlPlaneLoadBalancer(restored, dst *infrav1.AWSLoadBalancerSpec) {
 	dst.Name = restored.Name
 	dst.HealthCheckProtocol = restored.HealthCheckProtocol
 	dst.LoadBalancerType = restored.LoadBalancerType
@@ -70,7 +69,7 @@ func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec)
 
 // ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.
 func (r *AWSCluster) ConvertFrom(srcRaw conversion.Hub) error {
-	src := srcRaw.(*infrav2.AWSCluster)
+	src := srcRaw.(*infrav1.AWSCluster)
 
 	if err := Convert_v1beta2_AWSCluster_To_v1beta1_AWSCluster(src, r, nil); err != nil {
 		return err
@@ -86,14 +85,14 @@ func (r *AWSCluster) ConvertFrom(srcRaw conversion.Hub) error {
 
 // ConvertTo converts the v1beta1 AWSClusterList receiver to a v1beta2 AWSClusterList.
 func (src *AWSClusterList) ConvertTo(dstRaw conversion.Hub) error {
-	dst := dstRaw.(*infrav2.AWSClusterList)
+	dst := dstRaw.(*infrav1.AWSClusterList)
 
 	return Convert_v1beta1_AWSClusterList_To_v1beta2_AWSClusterList(src, dst, nil)
 }
 
 // ConvertFrom converts the v1beta2 AWSClusterList receiver to a v1beta1 AWSClusterList.
 func (r *AWSClusterList) ConvertFrom(srcRaw conversion.Hub) error {
-	src := srcRaw.(*infrav2.AWSClusterList)
+	src := srcRaw.(*infrav1.AWSClusterList)
 
 	return Convert_v1beta2_AWSClusterList_To_v1beta1_AWSClusterList(src, r, nil)
 }

api/v1beta1/zz_generated.conversion.go

@@ -39,10 +39,6 @@ type AWSClusterSpec struct {
 	// The AWS Region the cluster lives in.
 	Region string `json:"region,omitempty"`
 
-	// Partition is the AWS security partition being used. Defaults to "aws"
-	// +optional
-	Partition string `json:"partition,omitempty"`
-
 	// SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name)
 	// +optional
 	SSHKeyName *string `json:"sshKeyName,omitempty"`

api/v1beta2/awscluster_types.go

@@ -31,8 +31,6 @@ const (
 	DefaultStackName = "cluster-api-provider-aws-sigs-k8s-io"
 	// DefaultPartitionName is the default security partition for AWS ARNs.
 	DefaultPartitionName = "aws"
-	// PartitionNameUSGov is the default security partition for AWS ARNs.
-	PartitionNameUSGov = "aws-us-gov"
 	// DefaultKMSAliasPattern is the default KMS alias.
 	DefaultKMSAliasPattern = "cluster-api-provider-aws-*"
 	// DefaultS3BucketPrefix is the default S3 bucket prefix.

cmd/clusterawsadm/api/bootstrap/v1beta1/defaults.go

@@ -17,18 +17,12 @@ limitations under the License.
 package bootstrap
 
 import (
-	"strings"
-
 	bootstrapv1 "sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/bootstrap/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/eks"
 )
 
-func (t Template) fargateProfilePolicies(roleSpec *bootstrapv1.AWSIAMRoleSpec) []string {
-	var policies []string
-	policies = eks.FargateRolePolicies()
-	if strings.Contains(t.Spec.Partition, bootstrapv1.PartitionNameUSGov) {
-		policies = eks.FargateRolePoliciesUSGov()
-	}
+func fargateProfilePolicies(roleSpec *bootstrapv1.AWSIAMRoleSpec) []string {
+	policies := eks.FargateRolePolicies()
 	if roleSpec.ExtraPolicyAttachments != nil {
 		policies = append(policies, roleSpec.ExtraPolicyAttachments...)
 	}

cmd/clusterawsadm/cloudformation/bootstrap/fargate.go

@@ -16,20 +16,10 @@ limitations under the License.
 
 package bootstrap
 
-import (
-	"strings"
-
-	bootstrapv1 "sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/bootstrap/v1beta1"
-	"sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/eks"
-)
+import "sigs.k8s.io/cluster-api-provider-aws/v2/pkg/cloud/services/eks"
 
 func (t Template) eksMachinePoolPolicies() []string {
-	var policies []string
-
-	policies = eks.NodegroupRolePolicies()
-	if strings.Contains(t.Spec.Partition, bootstrapv1.PartitionNameUSGov) {
-		policies = eks.NodegroupRolePoliciesUSGov()
-	}
+	policies := eks.NodegroupRolePolicies()
 	if t.Spec.EKS.ManagedMachinePool.ExtraPolicyAttachments != nil {
 		policies = append(policies, t.Spec.EKS.ManagedMachinePool.ExtraPolicyAttachments...)
 	}

cmd/clusterawsadm/cloudformation/bootstrap/managed_nodegroup.go

@@ -200,7 +200,7 @@ func (t Template) RenderCloudFormation() *cloudformation.Template {
 		template.Resources[AWSIAMRoleEKSFargate] = &cfn_iam.Role{
 			RoleName:                 expinfrav1.DefaultEKSFargateRole,
 			AssumeRolePolicyDocument: AssumeRolePolicy(iamv1.PrincipalService, []string{eksiam.EKSFargateService}),
-			ManagedPolicyArns:        t.fargateProfilePolicies(t.Spec.EKS.Fargate),
+			ManagedPolicyArns:        fargateProfilePolicies(t.Spec.EKS.Fargate),
 			Tags:                     converters.MapToCloudFormationTags(t.Spec.EKS.Fargate.Tags),
 		}
 	}

cmd/clusterawsadm/cloudformation/bootstrap/template.go

@@ -1936,10 +1936,6 @@ spec:
                       prefixing.
                     type: string
                 type: object
-              partition:
-                description: Partition is the AWS security partition being used. Defaults
-                  to "aws"
-                type: string
               region:
                 description: The AWS Region the cluster lives in.
                 type: string

config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml

@@ -1241,10 +1241,6 @@ spec:
                         type: object
                     type: object
                 type: object
-              partition:
-                description: Partition is the AWS security partition being used. Defaults
-                  to "aws"
-                type: string
               region:
                 description: The AWS Region the cluster lives in.
                 type: string

config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusters.yaml

@@ -848,10 +848,6 @@ spec:
                                 type: object
                             type: object
                         type: object
-                      partition:
-                        description: Partition is the AWS security partition being
-                          used. Defaults to "aws"
-                        type: string
                       region:
                         description: The AWS Region the cluster lives in.
                         type: string