Skip to content

Commit

Permalink
feat: support paths in IAM roles
Browse files Browse the repository at this point in the history
  • Loading branch information
saurav-agarwalla authored and jigisha620 committed Dec 13, 2024
1 parent fe32aae commit daace77
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 1 deletion.
6 changes: 5 additions & 1 deletion pkg/providers/instanceprofile/instanceprofile.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package instanceprofile
import (
"context"
"fmt"
"strings"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/iam"
Expand Down Expand Up @@ -99,9 +100,12 @@ func (p *DefaultProvider) Create(ctx context.Context, m ResourceOwner) (string,
return "", fmt.Errorf("removing role %q for instance profile %q, %w", aws.ToString(instanceProfile.Roles[0].RoleName), profileName, err)
}
}
// If the role has a path, ignore the path and take the role name only since AddRoleToInstanceProfile
// does not support paths in the role name.
instanceProfileRoleName := lo.LastOr(strings.Split(m.InstanceProfileRole(), "/"), m.InstanceProfileRole())
if _, err = p.iamapi.AddRoleToInstanceProfile(ctx, &iam.AddRoleToInstanceProfileInput{
InstanceProfileName: aws.String(profileName),
RoleName: aws.String(m.InstanceProfileRole()),
RoleName: aws.String(instanceProfileRoleName),
}); err != nil {
return "", fmt.Errorf("adding role %q to instance profile %q, %w", m.InstanceProfileRole(), profileName, err)
}
Expand Down
21 changes: 21 additions & 0 deletions pkg/providers/instanceprofile/suite_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@ package instanceprofile_test

import (
"context"
"fmt"
"testing"

"github.com/aws/aws-sdk-go-v2/aws"

v1 "github.com/aws/karpenter-provider-aws/pkg/apis/v1"

"sigs.k8s.io/karpenter/pkg/test/v1alpha1"
Expand All @@ -35,6 +38,8 @@ import (
. "sigs.k8s.io/karpenter/pkg/utils/testing"
)

const nodeRole = "NodeRole"

var ctx context.Context
var stop context.CancelFunc
var env *coretest.Environment
Expand Down Expand Up @@ -100,4 +105,20 @@ var _ = Describe("InstanceProfileProvider", func() {
Expect(instanceProfile).ToNot(BeNil())
Expect(awsEnv.IAMAPI.InstanceProfiles[instanceProfile].Tags).To(HaveLen(0))
})
It("should support IAM roles without custom paths", func() {
nodeClass.Spec.Role = nodeRole
instanceProfile, err := awsEnv.InstanceProfileProvider.Create(ctx, &nodeClass)
Expect(err).To(BeNil())
Expect(instanceProfile).ToNot(BeNil())
Expect(awsEnv.IAMAPI.InstanceProfiles[instanceProfile].Roles).To(HaveLen(1))
Expect(aws.ToString(awsEnv.IAMAPI.InstanceProfiles[instanceProfile].Roles[0].RoleName)).To(Equal(nodeRole))
})
It("should support IAM roles with custom paths", func() {
nodeClass.Spec.Role = fmt.Sprintf("CustomPath/%s", nodeRole)
instanceProfile, err := awsEnv.InstanceProfileProvider.Create(ctx, &nodeClass)
Expect(err).To(BeNil())
Expect(instanceProfile).ToNot(BeNil())
Expect(awsEnv.IAMAPI.InstanceProfiles[instanceProfile].Roles).To(HaveLen(1))
Expect(aws.ToString(awsEnv.IAMAPI.InstanceProfiles[instanceProfile].Roles[0].RoleName)).To(Equal(nodeRole))
})
})

0 comments on commit daace77

Please sign in to comment.