rename actual roles

Signed-off-by: Katyanna Moura <[email protected]>

Author: katyanna

cluster/cluster.yaml

@@ -273,7 +273,7 @@ Resources:
       AddonName: eks-pod-identity-agent
       ClusterName: !Ref EKSCluster
   {{ if eq .Cluster.Environment "e2e" }}
-  E2EEKSIAMTestRoleUnprivileged:
+  E2EEKSIAMTestRoleReadOnly:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
@@ -285,26 +285,26 @@ Resources:
             AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
         Version: 2012-10-17
       Path: /
-      RoleName: "{{.Cluster.LocalID}}-e2e-eks-iam-test-unprivileged-role"
+      RoleName: "{{.Cluster.LocalID}/-e2e-eks-iam-test-read-only-role"
     Type: 'AWS::IAM::Role'
-  E2EEKSIAMTestAccessEntryUnprivileged:
+  E2EEKSIAMTestAccessEntryReadOnly:
     Type: "AWS::EKS::AccessEntry"
     Properties:
       AccessPolicies:
       - AccessScope:
           Type: "cluster"
         PolicyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
       ClusterName: !Ref EKSCluster
-      PrincipalArn: !GetAtt E2EEKSIAMTestRoleUnprivileged.Arn
+      PrincipalArn: !GetAtt E2EEKSIAMTestRoleReadOnly.Arn
       Username: !Join
           - ''
           - - !Sub 'arn:aws:sts::${AWS::AccountId}:assumed-role/'
-            - !Ref E2EEKSIAMTestRoleUnprivileged
+            - !Ref E2EEKSIAMTestRoleReadOnly
             - '/{{`{{SessionName}}`}}'
       KubernetesGroups:
       - zalando:readonly
       Type: "STANDARD"
-  E2EEKSIAMTestRolePrivileged:
+  E2EEKSIAMTestRoleAdministrator:
     Properties:
       AssumeRolePolicyDocument:
         Statement:
@@ -316,21 +316,21 @@ Resources:
             AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
         Version: 2012-10-17
       Path: /
-      RoleName: "{{.Cluster.LocalID}}-e2e-eks-iam-test-privileged-role"
+      RoleName: "{{.Cluster.LocalID}}-e2e-eks-iam-test-administrator-role"
     Type: 'AWS::IAM::Role'
-  E2EEKSIAMTestAccessEntryPrivileged:
+  E2EEKSIAMTestAccessEntryAdministrator:
     Type: "AWS::EKS::AccessEntry"
     Properties:
       AccessPolicies:
       - AccessScope:
           Type: "cluster"
         PolicyArn: "arn:aws:eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy"
       ClusterName: !Ref EKSCluster
-      PrincipalArn: !GetAtt E2EEKSIAMTestRolePrivileged.Arn
+      PrincipalArn: !GetAtt E2EEKSIAMTestRoleAdministrator.Arn
       Username: !Join
           - ''
           - - !Sub 'arn:aws:sts::${AWS::AccountId}:assumed-role/'
-            - !Ref E2EEKSIAMTestRolePrivileged
+            - !Ref E2EEKSIAMTestRoleAdministrator
             - '/{{`{{SessionName}}`}}'
       KubernetesGroups:
       - zalando:administrator

test/e2e/authorization.go

@@ -964,7 +964,7 @@ var _ = g.Describe("Authorization via admission-controller [RBAC] [Zalando]", fu
 
 // getAdminClient returns a client with the `zalando:administrator` group.
 func getAdminClient(cluster *types.Cluster, awsAccountID string) (*kubernetes.Clientset, error) {
-	return newClientWithRole(cluster, fmt.Sprintf("arn:aws:iam::%s:role/%s-e2e-eks-iam-test-privileged-role", awsAccountID, aws.ToString(cluster.Name)))
+	return newClientWithRole(cluster, fmt.Sprintf("arn:aws:iam::%s:role/%s-e2e-eks-iam-test-administrator-role", awsAccountID, aws.ToString(cluster.Name)))
 }
 
 // getCollaboratorClient returns a client with the `zalando:collaborator` group.
@@ -979,7 +979,7 @@ func getEngineerClient(cluster *types.Cluster, awsAccountID string) (*kubernetes
 
 // getReadOnlyClient returns a client with the `zalando:readonly` group.
 func getReadOnlyClient(cluster *types.Cluster, awsAccountID string) (*kubernetes.Clientset, error) {
-	return newClientWithRole(cluster, fmt.Sprintf("arn:aws:iam::%s:role/%s-e2e-eks-iam-test-unprivileged-role", awsAccountID, aws.ToString(cluster.Name)))
+	return newClientWithRole(cluster, fmt.Sprintf("arn:aws:iam::%s:role/%s-e2e-eks-iam-test-read-only-role", awsAccountID, aws.ToString(cluster.Name)))
 }
 
 // getPostgresAdministratorClient returns a client with the `zalando:postgres-admin` group.