Merge pull request #3252 from pydctw/fix-multitenacy-doc-code

k8s-ci-robot · web-flow · commit f56c24f596a3 · 2022-02-23T22:17:34.000-08:00
Update multitenancy doc
diff --git a/docs/book/src/topics/multitenancy.md b/docs/book/src/topics/multitenancy.md
@@ -158,7 +158,6 @@ spec:
   roleARN: arn:aws:iam::11122233344:role/multi-tenancy-role
   sessionName: multi-tenancy-role-session
   sourceidentityRef:
-    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: AWSClusterControllerIdentity
     name: default
 ---
@@ -172,18 +171,15 @@ spec:
   roleARN: arn:aws:iam::11122233355:role/multi-tenancy-nested-role
   sessionName: multi-tenancy-nested-role-session
   sourceidentityRef:
-    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: AWSClusterRoleIdentity
     name: multi-tenancy-role
 ```
 
-## Secure Access to Identitys
-`allowedNamespaces` field is used to grant access to the namespaces to use Identitys.
+## Secure Access to Identities
+`allowedNamespaces` field is used to grant access to the namespaces to use Identities.
 Only AWSClusters that are created in one of the Identity's allowed namespaces can use that Identity.
 `allowedNamespaces` are defined by providing either a list of namespaces or label selector to select namespaces.
 
-Note that the `capa-eks-control-plane-system` namespace will need to be included in the allow namespace list and/or have labels added to allow access to identities used by AWSClusters.
-
 ### Examples
 
 An empty `allowedNamespaces` indicates that the Identity can be used by all namespaces.
@@ -245,7 +241,7 @@ allowedNamespaces:
   selector: {}
 ```
 
-**Important** The default behaviour of an empty label selector is to match all objects, however here we do not follow that behavior to avoid unintended access to the identitys.
+**Important** The default behaviour of an empty label selector is to match all objects, however here we do not follow that behavior to avoid unintended access to the identities.
 This is consistent with core cluster API selectors, e.g., Machine and ClusterResourceSet selectors. The result of matchLabels and matchExpressions are ANDed.
 
 
diff --git a/exp/controlleridentitycreator/awscontrolleridentity_controller_test.go b/exp/controlleridentitycreator/awscontrolleridentity_controller_test.go
@@ -29,8 +29,8 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
 )
 
-func TestAWSInstanceStateController(t *testing.T) {
-	t.Run("should maintain list of cluster queue URLs and reconcile failing machines", func(t *testing.T) {
+func TestAWSControllerIdentityController(t *testing.T) {
+	t.Run("should create AWSClusterControllerIdentity when identityRef is not specified", func(t *testing.T) {
 		g := NewWithT(t)
 		ctx := context.Background()
 

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,8 @@ import (`
`29`	`29`	`infrav1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"`
`30`	`30`	`)`
`31`	`31`
`32`		`-func TestAWSInstanceStateController(t *testing.T) {`
`33`		`- t.Run("should maintain list of cluster queue URLs and reconcile failing machines", func(t *testing.T) {`
	`32`	`+func TestAWSControllerIdentityController(t *testing.T) {`
	`33`	`+ t.Run("should create AWSClusterControllerIdentity when identityRef is not specified", func(t *testing.T) {`
`34`	`34`	`g := NewWithT(t)`
`35`	`35`	`ctx := context.Background()`
`36`	`36`